last executing test programs:

3m32.741485294s ago: executing program 4 (id=2940):
bind$inet6(0xffffffffffffffff, &(0x7f0000000000)={0xa, 0x4e24, 0x80, @rand_addr=' \x01\x00', 0x8}, 0x1c) (async)
r0 = syz_usb_connect$hid(0x5, 0x36, &(0x7f00000000c0)=ANY=[@ANYBLOB="120100000000004032151d0100000000000109022400010000100209040000020300000009210020000122040009058103"], 0x0)
syz_usb_control_io(r0, 0x0, 0x0) (async)
r1 = getpgid(0xffffffffffffffff)
prctl$PR_SCHED_CORE(0x3e, 0x2, r1, 0x0, &(0x7f0000000100)) (async)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r2, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) (async)
sendmsg$NFT_BATCH(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a94000000060a090400000000000000000200000068000480000180080001006c6f6700580001800a0001006d617463680000004800028008000240000000002d000300346384ea362eefeec3c408bf3afba7aea68ac4de901d71dbb01843fcb3eaa0221283bd05c74e4430580000000a0001006c696d69740000000900010073797a30000000000900020073797a3200000000140000001100010000000000000000000000000ae1509e9c5c44ad17f66df4f6decebd1e3e7a8d0ab3b328902a2d4512366b9e67e0609420c66e40a1ec7fc588ff6826ebf9eaebfae1dee4cba20a053133a8098d330ef1a52db10f9c31ddecc062d3adf47f6c428b539637cacdbaad3e4ebb06492609c34d0458c3f1b15aeec2b7ec9942cc6229e97745d8952d47d5d26c634e496a0ee651b9c201b95b0d216e1d93e099c8187b2f18d2cf0cc093ec9c563e82c138276cec0200000055a8"], 0xbc}}, 0x0)
syz_usb_control_io$hid(r0, &(0x7f0000000040)={0x24, 0x0, 0x0, &(0x7f0000000000)=ANY=[@ANYBLOB='\x00\"(\x00'], 0x0}, 0x0)

3m29.005056242s ago: executing program 4 (id=2947):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
close(r3)
socket$nl_xfrm(0x10, 0x3, 0x6)
r4 = bpf$PROG_LOAD(0x5, 0x0, 0x0)
r5 = openat$vicodec0(0xffffffffffffff9c, &(0x7f0000000100), 0x2, 0x0)
ioctl$VIDIOC_ENUMAUDOUT(r5, 0xc0345642, &(0x7f0000000140)={0x8, "6416ac8cdac02b48f71fbb94ad76b0f728ea6b8a673cea9837200f1593ffec73", 0x2, 0x1})
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000300)={&(0x7f0000000000)='kfree\x00', r4}, 0x18)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$ethtool(&(0x7f00000000c0), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000100)={'ipvlan0\x00'})
ioctl$KVM_SET_MEMORY_ATTRIBUTES(r3, 0x4020aed2, &(0x7f0000000040)={0x0, 0x399000, 0x8})
r7 = syz_open_dev$vim2m(&(0x7f0000000380), 0x80000003, 0x2)
ioctl$vim2m_VIDIOC_S_FMT(r7, 0xc0d05605, &(0x7f00000000c0)={0x1, @pix_mp={0x0, 0x0, 0x34324142, 0x0, 0x0, [{}, {}, {}, {0x4}, {}, {0x6}, {0x0, 0x1}]}})
ioctl$KVM_GET_VCPU_EVENTS(r2, 0x8040ae9f, &(0x7f0000000000))
r8 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCETHTOOL(r8, 0x8946, &(0x7f0000000500)={'syz_tun\x00', &(0x7f00000002c0)=@ethtool_link_settings={0x4d, 0x400, 0xf, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, [0xfffffffc, 0x0, 0x4, 0x0, 0xfffffffe, 0xfffffffd, 0x1]}})

3m27.996161826s ago: executing program 4 (id=2950):
r0 = socket$inet6(0xa, 0x2, 0x0)
setsockopt$inet6_MCAST_JOIN_GROUP(r0, 0x29, 0x2a, &(0x7f0000000140)={0x0, {{0xa, 0x0, 0x0, @mcast2}}}, 0x88)
setsockopt$inet6_MCAST_MSFILTER(r0, 0x29, 0x30, &(0x7f0000000b00)={0xb, {{0xa, 0x0, 0x0, @mcast2}}, 0x0, 0x2, [{{0xa, 0x0, 0x0, @remote}}, {{0xa, 0xfffc, 0x0, @remote}}]}, 0x190)

3m27.294437286s ago: executing program 4 (id=2954):
syz_usb_connect(0x5, 0x2d, &(0x7f0000000080)=ANY=[@ANYBLOB="120100000cb768405e0483020b9901e4020109021b000100000000090400fb015c291d00090509"], 0x0)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x102}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs={0x0, 0x0, 0xfffffffe}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, 0x0, 0x0, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r4 = open_tree(0xffffffffffffffff, 0x0, 0x89901)
move_mount(r4, 0x0, r4, 0x0, 0x262)
r5 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000080)=[{0x6, 0x0, 0x0, 0x7fff0000}]})
r6 = fanotify_init(0x200, 0x0)
fanotify_mark(r6, 0x1, 0x40000032, r5, 0x0)
r7 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000e40), 0x40080, 0x0)
ioctl$TIOCPKT(r7, 0x5420, &(0x7f00000000c0)=0x1)
ioctl$TCSETS(r7, 0x5402, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, "fe94b89fc43c3328eae0cae1f5eba329e6f216"})
syz_open_dev$sndpcmp(&(0x7f0000000000), 0x3, 0x4000)

3m23.106169422s ago: executing program 4 (id=2967):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
prlimit64(0x0, 0xe, 0x0, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0xffffffffffffff1a, &(0x7f0000000200)=0x400000bce)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
chown(0x0, 0x0, 0x0)
sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, 0x0}, 0x40050)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f0000000b00)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000000c0)=@newtaction={0x6c, 0x30, 0x1, 0x70bd26, 0x25dfdbfd, {}, [{0x58, 0x1, [@m_nat={0x54, 0x1, 0x0, 0x0, {{0x8}, {0x2c, 0x2, 0x0, 0x1, [@TCA_NAT_PARMS={0xfffffffffffffd9f, 0x1, {{0x9e, 0x3, 0x20000000, 0x8, 0x9}, @empty, @multicast1, 0xff}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x3, 0x3}}}}]}]}, 0x6c}, 0x1, 0x0, 0x0, 0x4004001}, 0x2400c800)
setsockopt$TIPC_GROUP_JOIN(0xffffffffffffffff, 0x10f, 0x87, &(0x7f00000002c0)={0x42, 0xfffffffe}, 0x10)
socket$tipc(0x1e, 0x2, 0x0)
eventfd2(0x0, 0x0)
ioctl$KVM_HYPERV_EVENTFD(0xffffffffffffffff, 0x4018aebd, 0x0)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.net/syz0\x00', 0x1ff)
r2 = socket$inet6(0xa, 0x2, 0x0)
setsockopt$inet6_MCAST_JOIN_GROUP(r2, 0x29, 0x2a, &(0x7f0000000140)={0x0, {{0xa, 0x0, 0x0, @mcast2}}}, 0x88)
setsockopt$inet6_MCAST_MSFILTER(r2, 0x29, 0x30, &(0x7f0000000b00)={0xb, {{0xa, 0x0, 0x0, @mcast2}}, 0x0, 0x2, [{{0xa, 0x0, 0x0, @remote}}, {{0xa, 0xfffc, 0x0, @remote}}]}, 0x190)
syz_emit_ethernet(0x52, &(0x7f00000005c0)=ANY=[@ANYBLOB="bbbbbbbbbbbbaaaaaaaaaa0086dd60003a0400073a00fe8000000000000000000000000000bbff020000000000000000000000000001"], 0x0)
r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
r4 = openat$cgroup_netprio_ifpriomap(r3, &(0x7f0000000080), 0x2, 0x0)
sendfile(r4, r4, 0x0, 0x200)
ioctl$KVM_HYPERV_EVENTFD(0xffffffffffffffff, 0x4018aebd, 0x0)

3m21.062698586s ago: executing program 4 (id=2971):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000640)={0x1e, 0x4, &(0x7f0000000040)=@framed={{}, [@func={0x85, 0x0, 0x1, 0x0, 0xfffffffffffffffa}]}, &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x24}, 0x94)
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a58000000060a0b040000000000000000020000002c00048028000180080001006f7366001c0002800800034000e90001080001400000000305240200020000000900010073797a30000000000900020073797a32"], 0x80}}, 0x0)
r1 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r1, &(0x7f00000001c0)={0x26, 'aead\x00', 0x0, 0x0, 'gcm(aes)\x00'}, 0x4c)
setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, &(0x7f0000000300)="c99b57381801238c09d05c164a534308", 0x10)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$mptcp(&(0x7f00000010c0), 0xffffffffffffffff)
sendmsg$MPTCP_PM_CMD_ADD_ADDR(r2, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000040)=ANY=[@ANYBLOB='8\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="010000000000000000000700000024000180060005004e2300000600010002000000080003"], 0x38}, 0x1, 0x0, 0x0, 0x4000011}, 0x0)
r4 = accept4(r1, 0x0, 0x0, 0x0)
recvmmsg(r4, &(0x7f0000004c00)=[{{0x0, 0x0, &(0x7f0000000240)}, 0x2ca998c3}], 0x4000032, 0x40000021, 0x0)
sendmsg$nl_generic(r4, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000280)=ANY=[], 0x1c}, 0x1, 0x0, 0x0, 0x4051}, 0x20008001)
recvmsg$can_raw(r4, &(0x7f00000002c0)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000340)=""/194, 0xc2}], 0x1}, 0x1)
bind$inet6(r2, &(0x7f0000000080)={0xa, 0x4e20, 0x3ff, @mcast1, 0x2}, 0x1c)
r5 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0)
r7 = ioctl$KVM_CREATE_VCPU(r6, 0xae41, 0x2)
r8 = dup(r7)
ioctl$KVM_SET_MSRS(r8, 0xc008ae88, &(0x7f00000002c0)=ANY=[@ANYBLOB="82000000000000008502"])

3m5.567902144s ago: executing program 32 (id=2971):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000640)={0x1e, 0x4, &(0x7f0000000040)=@framed={{}, [@func={0x85, 0x0, 0x1, 0x0, 0xfffffffffffffffa}]}, &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x24}, 0x94)
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a58000000060a0b040000000000000000020000002c00048028000180080001006f7366001c0002800800034000e90001080001400000000305240200020000000900010073797a30000000000900020073797a32"], 0x80}}, 0x0)
r1 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r1, &(0x7f00000001c0)={0x26, 'aead\x00', 0x0, 0x0, 'gcm(aes)\x00'}, 0x4c)
setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, &(0x7f0000000300)="c99b57381801238c09d05c164a534308", 0x10)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$mptcp(&(0x7f00000010c0), 0xffffffffffffffff)
sendmsg$MPTCP_PM_CMD_ADD_ADDR(r2, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000040)=ANY=[@ANYBLOB='8\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="010000000000000000000700000024000180060005004e2300000600010002000000080003"], 0x38}, 0x1, 0x0, 0x0, 0x4000011}, 0x0)
r4 = accept4(r1, 0x0, 0x0, 0x0)
recvmmsg(r4, &(0x7f0000004c00)=[{{0x0, 0x0, &(0x7f0000000240)}, 0x2ca998c3}], 0x4000032, 0x40000021, 0x0)
sendmsg$nl_generic(r4, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000280)=ANY=[], 0x1c}, 0x1, 0x0, 0x0, 0x4051}, 0x20008001)
recvmsg$can_raw(r4, &(0x7f00000002c0)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000340)=""/194, 0xc2}], 0x1}, 0x1)
bind$inet6(r2, &(0x7f0000000080)={0xa, 0x4e20, 0x3ff, @mcast1, 0x2}, 0x1c)
r5 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0)
r7 = ioctl$KVM_CREATE_VCPU(r6, 0xae41, 0x2)
r8 = dup(r7)
ioctl$KVM_SET_MSRS(r8, 0xc008ae88, &(0x7f00000002c0)=ANY=[@ANYBLOB="82000000000000008502"])

21.421958399s ago: executing program 0 (id=3418):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000000), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000001c0)={'wlan0\x00', <r2=>0x0})
r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r3, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r4 = socket(0x400000000010, 0x3, 0x0)
r5 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r6=>0x0})
sendmsg$nl_route_sched(r4, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xfffffffd, {0x0, 0x0, 0x0, r6, {0x0, 0x1}, {0xffff, 0xffff}, {0xffe0, 0x9}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8}}]}, 0x38}}, 0x0)
sendmsg$nl_route_sched(r4, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000600)=@newtfilter={0x6c, 0x2c, 0xd27, 0x30bd29, 0x25dfdbfd, {0x0, 0x0, 0x0, r6, {0x8, 0xfff3}, {}, {0x7, 0x300}}, [@filter_kind_options=@f_basic={{0xa}, {0x3c, 0x2, [@TCA_BASIC_EMATCHES={0x38, 0x2, 0x0, 0x1, [@TCA_EMATCH_TREE_LIST={0x2c, 0x2, 0x0, 0x1, [@TCF_EM_U32={0x1c, 0x1, 0x0, 0x0, {{0x9, 0x3, 0x401}, {0x9, 0x8, 0x8, 0x40}}}, @TCF_EM_CONTAINER={0xc, 0x2, 0x0, 0x0, {{0x0, 0x0, 0x2e}}}]}, @TCA_EMATCH_TREE_HDR={0x8, 0x1, {0x7}}]}]}}]}, 0x6c}, 0x1, 0x0, 0x0, 0x10}, 0x0)
sendmsg$NL80211_CMD_FRAME(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000fc0)={&(0x7f0000000600)=ANY=[@ANYBLOB='@\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="010014000000000000000200000008000300", @ANYRES32=r2, @ANYBLOB="0c00990000000000000000000800a000ea15000008009f0003000000080026000816"], 0x40}}, 0x0)
r7 = bpf$MAP_CREATE(0x0, &(0x7f0000000080)=ANY=[@ANYRESDEC=r0, @ANYRES64=r2, @ANYRES8], 0x50)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r7}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x21, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000000)='workqueue_queue_work\x00'}, 0x10)
bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000180)={r7, 0x58, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, <r8=>0x0}}, 0x10)
r9 = bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f00000002c0)=0xffffffffffffffff, 0x4)
bpf$MAP_CREATE(0x0, &(0x7f0000000300)=@bloom_filter={0x1e, 0xfffffff7, 0x6, 0x7, 0x22020, r7, 0x4aab7728, '\x00', r8, r9, 0x2, 0x2, 0x1, 0x8}, 0x50)
sendmsg$NL80211_CMD_CRIT_PROTOCOL_STOP(0xffffffffffffffff, &(0x7f00000004c0)={&(0x7f0000000380)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f0000000400)={&(0x7f00000003c0)={0x1c, r1, 0x100, 0x70bd28, 0x25dfdbfd, {{}, {@val={0x8, 0x3, r2}, @void}}, [""]}, 0x1c}}, 0x10004000)
r10 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0xa, 0x5, 0x1, 0x5}, 0x50)
close(r10)

19.537550992s ago: executing program 0 (id=3423):
mknod(0x0, 0x8001420, 0x0)
openat$comedi(0xffffffffffffff9c, 0x0, 0x101000, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x87}, 0x0)
sched_setscheduler(0x0, 0x2, 0x0)
syz_open_dev$MSR(&(0x7f00000001c0), 0x8000002000000, 0x0)
socket$netlink(0x10, 0x3, 0x0)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x10)
prlimit64(0x0, 0x1, &(0x7f0000000140)={0x26da8e97, 0x100}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000240)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
r2 = syz_usb_connect$hid(0x3, 0x0, 0x0, 0x0)
syz_usb_control_io$hid(r2, 0x0, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r4, 0x0, 0x0, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r5, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000640)={{0x14}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x201, 0x0, 0x0, {0x1}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWFLOWTABLE={0x44, 0x16, 0xa, 0x401, 0x0, 0x0, {0x1}, [@NFTA_FLOWTABLE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_FLOWTABLE_NAME={0x9, 0x2, 'syz0\x00'}, @NFTA_FLOWTABLE_HOOK={0x18, 0x3, 0x0, 0x1, [@NFTA_FLOWTABLE_HOOK_NUM={0x8}, @NFTA_FLOWTABLE_HOOK_PRIORITY={0x8}, @NFTA_FLOWTABLE_HOOK_DEVS={0x4}]}]}, @NFT_MSG_DELFLOWTABLE={0x30, 0x18, 0xa, 0x101, 0xb00, 0x0, {0x1}, [@NFTA_FLOWTABLE_NAME={0x9, 0x2, 'syz0\x00'}, @NFTA_FLOWTABLE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_FLOWTABLE_HOOK={0x4}]}], {0x14, 0x10}}, 0xbc}}, 0x0)

17.205152708s ago: executing program 3 (id=3429):
syz_usb_connect$uac1(0x5, 0x0, 0x0, 0x0)
openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r0 = socket$netlink(0x10, 0x3, 0x0)
r1 = socket(0x10, 0x803, 0x0)
sendmsg$IPVS_CMD_SET_INFO(r1, &(0x7f0000000b00)={0x0, 0x0, &(0x7f0000000ac0)={0x0, 0x14}}, 0x0)
getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, <r2=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=ANY=[@ANYRES64=r2, @ANYRES32=r2, @ANYBLOB="01000000000000001c0012000c000100626f6e64000000000c0002000800010006"], 0x3c}}, 0x0)
sendmsg$nl_route(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f00000007c0)=ANY=[@ANYRESOCT, @ANYRES32=0x0, @ANYBLOB="0000000000000000140012800a000100767863616e0000000400028008000a00", @ANYRES32=r2, @ANYBLOB], 0x3c}, 0x1, 0x0, 0x0, 0x40000}, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
r3 = socket(0x1, 0x803, 0x0)
getsockname$packet(r3, 0x0, 0x0)
getsockname$packet(r3, 0x0, &(0x7f00000001c0))
sendmsg$IPCTNL_MSG_CT_GET(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x8946, &(0x7f00000002c0)={'veth0_to_team\x00', &(0x7f0000000000)=@ethtool_cmd={0x2c, 0x4, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x3]}})
ioctl$sock_inet_SIOCSIFFLAGS(0xffffffffffffffff, 0x8914, &(0x7f0000000040)={'veth0_to_team\x00', 0x800})
bind$unix(0xffffffffffffffff, 0x0, 0x0)
r4 = socket$nl_route(0x10, 0x3, 0x0)
r5 = socket(0x1, 0x803, 0x0)
getsockname$packet(r5, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14)
sendmsg$nl_route(r4, &(0x7f0000000240)={0x0, 0x0, 0x0}, 0x0)
r6 = fcntl$dupfd(0xffffffffffffffff, 0x406, 0xffffffffffffffff)
epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, r6, &(0x7f0000000000)={0x60000000})
r7 = bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000340)={0xffffffffffffffff, 0xfffffffb}, 0xc)
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f00000005c0)={0x1, <r8=>0xffffffffffffffff}, 0x4)
bpf$PROG_LOAD_XDP(0x5, &(0x7f00000003c0)={0x6, 0x10, &(0x7f0000000800)=ANY=[@ANYBLOB="18000000afe70000000000000300000018110000", @ANYRES32, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf09000000000000550901000000000095000000000000008510000000000000b7080000000000007b8af8ff0000000ab7080000070000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa40000008b13bf65886bc55cad6a923a0ffd2e5e00000007040000f0ffffffb70200000800000018230000", @ANYRES32=r4, @ANYBLOB="0000000000000000b70500000800000085000000a50000009500000000000000bf91000000000000b7020000010000008500000085000000b7000000000000009500000000000000"], &(0x7f0000000180)='GPL\x00', 0x5, 0xf9, &(0x7f00000004c0)=""/249, 0x41100, 0x40, '\x00', 0x0, 0x25, r6, 0x8, 0x0, 0x0, 0x10, &(0x7f0000000280)={0x2, 0x8, 0x7, 0x34}, 0x10, 0x0, 0x0, 0xa, &(0x7f0000000600)=[r7, r8], &(0x7f0000000640)=[{0x1, 0x4, 0x3, 0x3}, {0x0, 0x5, 0x5, 0x2}, {0x5, 0x3, 0x6, 0xb}, {0x5, 0x1, 0x5, 0xc}, {0x3, 0x5, 0x6, 0x2}, {0x4, 0x2, 0xa, 0x8}, {0x4, 0x4, 0x1, 0x8}, {0x1, 0x1, 0x2, 0xa}, {0x3, 0x1, 0x6, 0x4}, {0x5, 0x3, 0x4, 0x7}], 0x10, 0x7}, 0x94)
socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff)

16.29070325s ago: executing program 2 (id=3431):
ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x8946, 0x0)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000380)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f00000001c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0, 0x0, 0x80}, 0x18)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
syz_open_procfs(0x0, &(0x7f0000001280)='net/ip_tables_matches\x00')
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
ioctl$KDGKBSENT(0xffffffffffffffff, 0x5602, 0x0)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x4)
mount(&(0x7f0000000000)=@nullb, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000040)='erofs\x00', 0x8002, 0x0)

16.266463298s ago: executing program 0 (id=3432):
bpf$MAP_CREATE(0x0, &(0x7f0000000540)=ANY=[@ANYBLOB="1e000000020000001303000081a0000018550200", @ANYRES32=0x0, @ANYRES32, @ANYBLOB="0100000000000000010000000f00"/28], 0x50)
close(0x3)
ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000400)=ANY=[@ANYRES8], 0x50)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f0000000080)='sched_switch\x00'}, 0x18)
ioctl$EVIOCSFF(0xffffffffffffffff, 0x40304580, &(0x7f0000000240)={0x57, 0xffff, 0x0, {0x7, 0x1}, {0x50, 0x2}, @period={0x59, 0x7, 0xc1f, 0x6773, 0x8000, {0x9, 0x9, 0x1, 0x1}, 0x0, 0x0}})
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f00000001c0)=0x8)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x6770c000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000003c0)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f0000000340)=@abs={0x0, 0x0, 0x4e20}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = add_key$keyring(&(0x7f0000000280), &(0x7f00000000c0)={'syz', 0x0}, 0x0, 0x0, 0xffffffffffffffff)
add_key(&(0x7f0000000440)='asymmetric\x00', 0x0, &(0x7f0000000000)='0', 0x1, r3)
inotify_add_watch(0xffffffffffffffff, &(0x7f0000000000)='./control\x00', 0x40000000)
r4 = inotify_init1(0x0)
inotify_add_watch(r4, &(0x7f0000000080)='./control\x00', 0x100004a0)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
r6 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_GET_STATS_CPU(r6, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000040)={0x14, 0x4, 0x1, 0x101, 0x0, 0x0, {0x1, 0x0, 0x8}}, 0x14}, 0x1, 0x0, 0x0, 0x200048e0}, 0x4)
sendmsg$NFNL_MSG_CTHELPER_GET(r6, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="1400000001090103000000000096887e0131697f2dd3cf2bd4e6dd00000007000004"], 0x14}, 0x1, 0x0, 0x0, 0x44891}, 0x4004000)
r7 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000a00), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r5, 0x8933, &(0x7f0000000480)={'wlan0\x00', <r8=>0x0})
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x1, 0x5502000000000000}, 0x0)
sendmsg$NL80211_CMD_SET_COALESCE(r5, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000b00)={&(0x7f0000000040)=ANY=[@ANYRES16=r7, @ANYBLOB="010000000100000000008200000008000300", @ANYRES32=r8, @ANYBLOB], 0x28}}, 0x0)
io_setup(0x2, &(0x7f0000000500))

16.198550246s ago: executing program 1 (id=3433):
syz_usb_connect$hid(0x5, 0x0, 0x0, 0x0)
r0 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
listen(r0, 0x3)
socket$nl_netfilter(0x10, 0x3, 0xc)
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
lsm_set_self_attr(0x68, &(0x7f0000000800)={0x68, 0x4b, 0x20}, 0x20, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f0000000300)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sendmsg(r3, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0)
ioctl$vim2m_VIDIOC_REQBUFS(0xffffffffffffffff, 0xc0145608, &(0x7f00000000c0)={0x1, 0x2, 0x1})
connect$inet6(r1, &(0x7f0000000180)={0xa, 0x4001, 0x0, @dev={0xfe, 0x80, '\x00', 0x1b}, 0xd}, 0x1c)
write$binfmt_script(r1, &(0x7f0000000200), 0xfffffd9d)
semctl$IPC_INFO(0x0, 0x1, 0x3, &(0x7f0000000200)=""/96)

16.178745258s ago: executing program 3 (id=3434):
socket$nl_route(0x10, 0x3, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x11, 0x0, 0x0, 0x0, 0xfffffffd, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x2b, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r0 = open(&(0x7f0000000380)='./bus\x00', 0x40, 0x0)
openat$rfkill(0xffffff9c, &(0x7f00000000c0), 0xcc81, 0x0)
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x4)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15)
creat(&(0x7f0000000200)='./bus\x00', 0x84)
r1 = syz_clone(0x1022000, 0x0, 0xfffffffffffffc76, 0x0, 0x0, 0x0)
r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
r3 = openat$cgroup_procs(r2, &(0x7f0000000180)='cgroup.procs\x00', 0x2, 0x0)
write$cgroup_pid(r3, &(0x7f0000000080)=r1, 0x12)
ioctl$SNDRV_CTL_IOCTL_ELEM_REPLACE(r0, 0xc1105518, &(0x7f00000005c0)={{0x1, 0x6, 0x400, 0xfffffffe, 'syz1\x00', 0x2}, 0x1, 0x4, 0x8000, r1, 0x8, 0x6, 'syz0\x00', &(0x7f0000000080)=['wlan1\x00', '@\x00', '\xff\xff\xff\xff\xff\xff', '\x00', '!\x00', ':%-#)$f%\x00', '[})', '-{\x00'], 0x20})
openat$cuse(0xffffffffffffff9c, &(0x7f0000000280), 0x2, 0x0)
write$FUSE_NOTIFY_STORE(r0, &(0x7f0000000100)=ANY=[], 0x2b)
syz_open_dev$loop(&(0x7f0000000000), 0x401, 0x88143)
open(&(0x7f0000000180)='./bus\x00', 0x14507e, 0x0)
ioctl$SIOCSIFHWADDR(0xffffffffffffffff, 0x8b14, &(0x7f0000000100)={'wlan1\x00', @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0xe}})
r4 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0), 0x121400, 0x0)
r5 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000040)=ANY=[@ANYBLOB="12010000000000106a053103000000000001090224000100008000090400101c0300010009210000000122f80409058103"], 0x0)
syz_usb_control_io$hid(r5, 0x0, 0x0)
syz_usb_control_io$hid(r5, &(0x7f0000000340)={0x24, 0x0, 0x0, &(0x7f0000000140)=ANY=[@ANYBLOB="00220508"], 0x0}, 0x0)
r6 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
syz_open_dev$usbfs(&(0x7f0000000040), 0x100000000, 0x10000)
r7 = ioctl$KVM_CREATE_VCPU(r6, 0xae41, 0x0)
r8 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r8, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000004c0)=ANY=[@ANYBLOB="fc000000190001000000000000000000e0000001000000000000000000000000fe8000000000000000000000000000aa4e220000000000000a00000000000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="00000000000000000104000000000000feffffffffffffff030000000000000000000000000000000000000000000000000000000000000001000000000000000000000000000000000000000000000000000000000000020000000000000000000000000000000001000000000000004400050020010000000000000000000000000002000000002b"], 0xfc}}, 0x200408c0)
syz_emit_ethernet(0x4e, &(0x7f0000000780)={@broadcast, @empty, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, '\x00 \x00', 0x18, 0x3a, 0xff, @ipv4={'\x00', '\xff\xff', @private=0xa010100}, @local, {[], @mld={0x187, 0x0, 0x0, 0x0, 0x0, @local}}}}}}, 0x0)
ioctl$KVM_SET_MSRS(r7, 0x4008ae89, &(0x7f0000000000)=ANY=[@ANYBLOB="010000000000000049"])
timer_create(0x0, 0x0, &(0x7f0000bbdffc))
userfaultfd(0x801)

14.505415209s ago: executing program 5 (id=3436):
mlock(&(0x7f0000000000/0x800000)=nil, 0x800000)
r0 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x50)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0x11, 0xf, &(0x7f0000000000)=ANY=[@ANYBLOB="1800000000000100000000000100000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b702000014000000b7030000000010008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000010000008500000084000000b70000000000000095"], &(0x7f0000000280)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x10, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000340)={&(0x7f0000000300)='mm_page_free_batched\x00', r1, 0x0, 0x6ef1}, 0x18)
mremap(&(0x7f000040b000/0x1000)=nil, 0xa8000, 0x4000, 0x3, &(0x7f00004b3000/0x4000)=nil)

14.369653743s ago: executing program 2 (id=3437):
syz_usb_control_io(0xffffffffffffffff, 0x0, 0x0)
syz_usb_control_io$hid(0xffffffffffffffff, &(0x7f00000002c0)={0x24, 0x0, 0x0, &(0x7f0000000600)=ANY=[@ANYBLOB="002212"], 0x0}, 0x0)
syz_usb_ep_write(0xffffffffffffffff, 0x81, 0x0, 0x0)
openat$ttyS3(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
socket(0x40000000015, 0x5, 0x0)
socket$packet(0x11, 0x3, 0x300)
socket$nl_generic(0x10, 0x3, 0x10)
pselect6(0x0, 0x0, 0x0, &(0x7f00000002c0)={0x3ff, 0x0, 0x0, 0x9, 0x0, 0x0, 0x7fffffff}, 0x0, 0x0)
syz_open_dev$sndctrl(&(0x7f0000001440), 0x0, 0x0)
r1 = socket(0x2, 0x80805, 0x0)
r2 = socket$xdp(0x2c, 0x3, 0x0)
setsockopt$XDP_RX_RING(r2, 0x11b, 0x2, &(0x7f0000000040)=0x20, 0x4)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000440))
setsockopt$XDP_UMEM_FILL_RING(r2, 0x11b, 0x5, &(0x7f0000000140)=0x4000, 0x4)
bind$xdp(r2, &(0x7f0000000100), 0x10)
r3 = socket$netlink(0x10, 0x3, 0x400000000000004)
writev(r3, &(0x7f0000019440)=[{&(0x7f0000000200)="480000001400190d7ebdeb75fd0d8c562c84d8c033ed7a80ffe0090f000060000000a2bc5603ca00000f7f89000000200000004a2471083ec6991778581acb6c0101ff0000000309", 0x48}], 0x1)
getsockopt$inet_sctp_SCTP_EVENTS(r1, 0x84, 0xb, 0x0, &(0x7f0000000340))

14.072158251s ago: executing program 0 (id=3438):
socket$inet_tcp(0x2, 0x1, 0x0)
r0 = socket$inet6(0xa, 0x80002, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000680)=ANY=[], 0x48)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
setsockopt$sock_linger(r0, 0x1, 0x3c, &(0x7f0000000100)={0x200000000000001}, 0x8)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
getpid()
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
mq_notify(0xffffffffffffffff, 0x0)
r3 = socket$inet6_sctp(0xa, 0x1, 0x84)
r4 = socket$nl_xfrm(0x10, 0x3, 0x6)
r5 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r5, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000280)=ANY=[@ANYBLOB="fc00000019000100000000000000000000000000000000000000000000000000fc01000000000000000000000000000000000000000000000a00000000000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000010000000000000000000000000000000b93760000000000000000000000000000000000000000000200000000000000010000000000000044000500ac141400000000000000000000000000000000003c00000000000000000000000000000000000000000000000000000001"], 0xfc}, 0x1, 0x0, 0x0, 0x24008040}, 0x20040000)
sendmsg$nl_xfrm(r4, 0x0, 0x8044)
sendto$inet6(r3, &(0x7f0000000240)="8a", 0x1, 0x51, &(0x7f0000000080)={0xa, 0x3, 0x1, @local, 0x9}, 0x1c)
prlimit64(0x0, 0xe, &(0x7f00000000c0)={0x8, 0x8b}, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x3, 0x4, &(0x7f00000005c0)=ANY=[], &(0x7f0000000140)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(0xffffffffffffffff, 0x4018620d, &(0x7f00000000c0)={0x73622a85, 0x110b, 0x8000000000002})
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x2)
connect$inet6(r0, &(0x7f0000000040)={0xa, 0x4e24, 0x5, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', 0x7}, 0x1c)

12.685339096s ago: executing program 3 (id=3439):
r0 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000000), 0x42, 0x0)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='cpuset.memory_pressure_enabled\x00', 0x275a, 0x0)
write$UHID_CREATE2(r1, &(0x7f00000001c0)=ANY=[], 0x118)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x5, 0x12, r1, 0x0)
ioctl$SNDCTL_DSP_SETTRIGGER(r0, 0x40045010, &(0x7f0000000040)=0xe3)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000000), 0xa0000, 0x0)
sendmsg$nl_generic(r2, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000340)={0x18, 0x31, 0x103, 0x0, 0x25dfdbfc, {0x1, 0x7c}, [@typed={0x8, 0xc6, 0x0, 0x0, @fd=r3}]}, 0x1c}}, 0x0)

12.50587683s ago: executing program 2 (id=3440):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240), 0x28801, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0), 0x42280, 0x0)
close(r3)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018010000", @ANYRES32, @ANYBLOB="0000000000000000b70800000000396f7b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000002400000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x38, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r5 = openat$vicodec0(0xffffffffffffff9c, &(0x7f0000000100), 0x2, 0x0)
ioctl$VIDIOC_ENUMAUDOUT(r5, 0xc0345642, &(0x7f0000000140)={0x8, "6416ac8cdac02b48f71fbb94ad76b0f728ea6b8a673cea9837200f1593ffec73", 0x2, 0x1})
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000300)={&(0x7f0000000000)='kfree\x00', r4}, 0x18)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$ethtool(&(0x7f00000000c0), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000100)={'ipvlan0\x00'})
ioctl$KVM_SET_MEMORY_ATTRIBUTES(r3, 0x4020aed2, &(0x7f0000000040)={0x0, 0x399000, 0x8})
r7 = syz_open_dev$vim2m(&(0x7f0000000380), 0x80000003, 0x2)
ioctl$vim2m_VIDIOC_S_FMT(r7, 0xc0d05605, &(0x7f00000000c0)={0x1, @pix_mp={0x0, 0x0, 0x34324142, 0x0, 0x0, [{}, {}, {}, {0x4}, {}, {0x6}, {0x0, 0x1}]}})
ioctl$KVM_GET_VCPU_EVENTS(r1, 0x8040ae9f, &(0x7f0000000000))
r8 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCETHTOOL(r8, 0x8946, &(0x7f0000000500)={'syz_tun\x00', &(0x7f00000002c0)=@ethtool_link_settings={0x4d, 0x400, 0xf, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, [0xfffffffc, 0x0, 0x4, 0x0, 0xfffffffe, 0xfffffffd, 0x1]}})

12.222875414s ago: executing program 3 (id=3441):
semget$private(0x0, 0x1, 0x202)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFULNL_MSG_CONFIG(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f00000009c0)=ANY=[@ANYBLOB="2400000001040102000000c9fd0000000000000008000340000100000500010001"], 0x24}, 0x1, 0x0, 0x0, 0x4000000}, 0x0)
sendmsg$NFULNL_MSG_CONFIG(r1, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000000)=ANY=[@ANYBLOB="20000000010405000000000000000000070000000a0002003292c3971d"], 0x20}, 0x1, 0x0, 0x0, 0x8000}, 0x2000004)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbee2, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r4 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r4, &(0x7f0000000600)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(camellia)\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r4, 0x117, 0x1, &(0x7f0000c18000)="ad56b6c5910fae9d6dcd3292ea54c7b6ef915d564c90c200", 0x18)
r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpu.stat\x00', 0x275a, 0x0)
write$UHID_CREATE2(r5, &(0x7f0000000180)=ANY=[], 0x118)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x5, 0x12, r5, 0x0)
r6 = accept4(r4, 0x0, 0x0, 0x0)
syz_genetlink_get_family_id$ethtool(&(0x7f00000004c0), r6)

11.13360824s ago: executing program 5 (id=3442):
semctl$IPC_INFO(0x0, 0x1, 0x3, 0x0) (fail_nth: 1)

11.060403687s ago: executing program 3 (id=3443):
r0 = socket$inet6(0xa, 0x2, 0x0)
setsockopt$inet6_int(r0, 0x29, 0x2, 0x0, 0x0)
recvmmsg(r0, 0x0, 0x0, 0x2, 0x0)
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0)
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000000480)={0xffffffffffffffff, 0x0, 0x25, 0x2, @val=@uprobe_multi={0x0, 0x0, 0x0, 0x6, 0x0, 0x1}}, 0x40)
r1 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000015c0), 0x2, 0x0)
ioctl$VHOST_SET_VRING_BASE(r1, 0xaf01, 0x0)
r2 = eventfd(0xfffffff9)
ioctl$VHOST_SET_LOG_FD(r1, 0x4004af07, &(0x7f0000000240)=r2)
ioctl$VHOST_SET_VRING_KICK(r1, 0x4008af20, &(0x7f0000000040)={0x1, r2})
ioctl$VHOST_SET_VRING_ADDR(r1, 0x4028af11, &(0x7f0000000140)={0x0, 0x0, 0x0, &(0x7f0000000500)=""/67, 0x0})
ioctl$VHOST_SET_VRING_ADDR(r1, 0x4028af11, &(0x7f0000000280)={0x1, 0x1, &(0x7f0000000380)=""/246, &(0x7f00000000c0)=""/87, &(0x7f0000000480)=""/70, 0x100000})
ioctl$VHOST_SET_MEM_TABLE(r1, 0x4008af03, &(0x7f0000000680))
ioctl$VHOST_SET_VRING_ERR(r1, 0x4008af22, &(0x7f00000002c0)={0x1, r2})
ioctl$VHOST_VSOCK_SET_RUNNING(r1, 0x4004af61, &(0x7f0000000000)=0x1)
prlimit64(0x0, 0xe, &(0x7f00000007c0)={0xb, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0)
r3 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r3, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)

10.905028247s ago: executing program 1 (id=3444):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="170000000000000004000000ff"], 0x48)
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
setsockopt$netlink_NETLINK_DROP_MEMBERSHIP(r2, 0x10e, 0x2, &(0x7f0000000000)=0x2, 0x4)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(0xffffffffffffffff, 0x84, 0x6f, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000f80)}, &(0x7f0000000180)=0x10)
getsockopt$inet_sctp_SCTP_SOCKOPT_PEELOFF(0xffffffffffffffff, 0x84, 0x66, &(0x7f0000000ac0)={0x0, 0xd0}, &(0x7f0000000b00)=0x8)
bind$inet(r1, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x5, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x1)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
ioctl$BLKTRACESETUP(r1, 0xc0481273, &(0x7f0000000240)={'\x00', 0x1, 0x5, 0x1, 0x6, 0x2, <r3=>0x0})
sched_setaffinity(r3, 0x8, &(0x7f0000000000)=0x2)
r4 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r4, &(0x7f0000032680)=""/102392, 0x18ff8)
prlimit64(0x0, 0xe, &(0x7f00000007c0)={0x7, 0x88}, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r5 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000040)='contention_end\x00', r5}, 0x10)
r6 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000040)='/sys/kernel/debug/binder/transactions\x00', 0x0, 0x0)
read$FUSE(r6, &(0x7f0000000480)={0x2020}, 0x2020)
r7 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)={0x2, 0x4, 0x8, 0x1, 0x80, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0x0}, 0x48)
r8 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x10, &(0x7f0000000800)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r7, @ANYBLOB="0000000000000000b70500000100000085000000b600000095"], &(0x7f00000007c0)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000700)={&(0x7f00000006c0)='percpu_alloc_percpu\x00', r8}, 0x10)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000080)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x43}, 0x94)
r9 = bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x6, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f00000003c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000340)={r9, 0x2000002, 0xe, 0x0, &(0x7f0000000200)="df33c9f7b9a60000000000000000", 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x50)

9.813167456s ago: executing program 5 (id=3445):
r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000080), 0x802, 0x0)
ioctl$UI_GET_VERSION(r0, 0x8004552d, &(0x7f0000000100))
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x2, 0x31, 0xffffffffffffffff, 0x0)
r1 = syz_open_procfs(0x0, &(0x7f0000000000)='pagemap\x00')
pread64(r1, &(0x7f0000001240)=""/102400, 0x19000, 0x1000000000)
r2 = socket$inet_smc(0x2b, 0x1, 0x0)
setsockopt$sock_int(r2, 0x1, 0x8, &(0x7f00000000c0)=0xffffffff, 0x4)
r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8)
r4 = fcntl$getown(r3, 0x9)
ptrace$PTRACE_SETSIGMASK(0x420b, r4, 0x8, &(0x7f00000000c0)={[0x9]})
sendmsg$nl_generic(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x8}, 0xc, &(0x7f0000000180)={&(0x7f0000000400)={0x1364, 0x21, 0x200, 0x70bd2a, 0x25dfdbff, {0x17}, [@nested={0x20, 0x6e, 0x0, 0x1, [@typed={0x8, 0x101, 0x0, 0x0, @pid=r4}, @typed={0xc, 0xf6, 0x0, 0x0, @u64=0x200}, @typed={0x4, 0x9c}, @nested={0x4, 0xbf}]}, @nested={0x22e, 0x4, 0x0, 0x1, [@nested={0x4, 0xeb}, @nested={0x4, 0xef}, @nested={0x4, 0x91}, @generic="9bea1000d2fb6f6263ae51497f04ac957cf0284b9146cc23624b", @generic="5ac4017709681cf6d9c71f74f0b26dc4708314eca7d74a69d1b0125095d8f346ef693d3251c8dd7cbb5c0c94343a2e5b952ff1334e90d684285289345a61af972eb7fee82877f9ce9e0a410acb1720545dd6afe745efac638c49d4adc561307b5d4183203266ad03cf5036a039a96a308be6a4e852751b52255ce634733114b62f2c594431ecaea6ce68abf72cfd1e9efb2403bb98d18dd15c08bfdd72774420a3f0747ce6a96a6277afd48a41b2230c67d63802", @generic="4c6a69e480202abd13bfee8ec5c7bc65cc3ae5f94c3e546ccd34a37d5b78c461b55ee59873d638507c81f528bd2914c64bd76669b668cc3867c0402146d04e88012c688df6a5cc26981b6cecd4dd4ed285ee03bbbd479074060ad738b4bd54ac255b032147fdd867e815b746d83eaeeb6496dfafac394ed4e8f03a81e429d0f36c0eed45660fe82ae1895bf17d00b46c220c6e2afebeeb63788f2f0040f2b2ef165347cb6a0f5660636ddf4635", @nested={0x4, 0x129}, @generic="63f3adaf3aa3759a1fb7d3ba279e33fff8cbca26f02924df09734e1a126983b9f5733972a8134ecb642e7bd06614db6b9289e09d6ccce631d254a147cd3e4ea4b4070935ce6041d8962312a05db4f9079f560bfd800d8895825d980b34d03f2439e890eb5bb6ee530a48ed22dc06fcd9e190961ae7ab22cc121ecb1f3449357eec26beec16a143e2430480", @typed={0xc, 0x4e, 0x0, 0x0, @u64=0x3}, @typed={0x8, 0x8a, 0x0, 0x0, @u32=0x6}]}, @generic="691734259f8ca128c976dfaf666b730494b07f6f9b8734abf74e574e37c31a0ad66cf42aa2efdb", @nested={0x10d5, 0xc4, 0x0, 0x1, [@nested={0x4, 0x146}, @generic="3c90a60aa80ea9c9de73bbbb1d7c1ad1e682cbee0cde91cb0dae7c8fa4b5e9bf1ec99644758cb75ed2a6b4ec0de9833462f12c195afc745176693eceb0caaa973bb8dd9bb06c76b1590d6ffa92f1ba72b21a7acfd04acf5930057f190377489c8f28d43a6fe3d12f910f365dbc0b8e40e0ab88a88118d232e47bb7d0c91feb006b7d7d197c99018557ff0275eb407b0120dd9d2968a7b9072a8bf090436454ec26f2680c68567818f3b6cd4632a630041bf0b9bbe766d00181ad764179", @nested={0x4, 0x14}, @typed={0x4, 0x9d}, @typed={0x8, 0x13f, 0x0, 0x0, @fd=r0}, @generic="73ed9d625f1a8fb5f8033b51a7ba7d2bcf576867f6c0def0839b7af2b42f77d034b7aaee1806baf1aa957544635e553404cd00bab994856530882d5a0a9df74328abbd5bb6dd799ddaf9a0adc01469f8c54b170dc3d438ca0c8f536e2ccec71f80bfa167fdb9134239c63bf8cf4da082caf924777e50f3542852f94f0ef7cba76b852bd141bdd32cd3ff82d6847412596c4f49e2f1855a3e8d39ac75ae98aa3cb23c58cad1e332a3a4f5deb7f0c18fe8cde9857ad2db001ce693aabd3a95348eeada7e2d375d82b2f9a12efb9edac89850ae17c96ea3e7a037a471fcb63cf5ee6584de4581764a5bca7cf04f9bc154718b4821560ad0606aca84022e9dc886b7a7109005bbd4f865a9d4875aaed365889db7f21ee583b8d46daeba000a2a5294f4c579b7c78844f8206e3a5b101f336a40d06cb0ef3a75880cd1fe8c7889fee1d52c96769a69fbf0d9341cddda79397e77d3a20cb204153cb8e5cf0ca1eab758d3369c0bc51b3c67582b66341378147b0db08f17ade858d17ec96d46a0def76a613db5e095fb6bc43baa1de75cec8896b41a01ba76f6a7924b9d96c64b102c712b130335efda088fa07f65c6d0ab0cfbb31c7b267b9b8dcade5cd379685c374142da59800dc39672ce010d798e84648dbfef5a9830afa61e412175686a81acf8295fe4748579312781e22c1a7dce0f28d3e13bae0fa1624ac748fa09cb35c2d9c88a4b96414b4b618ba7222b9745818ee2320021481f29e58c9c3d93c2044b7d7c538538508cb3bcf05e6776e871fa5415a23cbb31e32f8700df1e9ff992577143a9b8600a5d2b18faa554df680e64fb530fc83624c994e35175f6daa21f35ac6c1536022741ba0e3ff43676c71e1586b03c9e92cba40cc003d21e1b648b484932b89ea71e67da0367f40ed1a5f612fb3761f86e741a609c4c69052885532fb0427275b798ef93828ceb4a56dbb409f1bc4220c60a28a5151ef4ed929497ca8dbb548378df8fddc6911a54a3c709df013a6752d7d10118bec4c8511b70592cd013eac19b5604dc791ec3f7f9dd7dda19477342d5f9e0b8bf612d58dbb3270ac2652bab0d9142440640a500eaca5a1d8fc34e051d71426732f535655cc0ccd46b69615f387ecad12286ba97db6e8b9c9c2b931df3dc382ceb61615a1db2dd5f60d8f3e8be327c3ffa04f02eb9614d03e3ba6400c3306ac8f59cfdd4f1a8efc60c0be314830b1c2e3eb8d8cfa4ad07a8d2645e341b85df1628bcfaf441a01ab30a4c29f3651b109c2c2e3d2d2e3b97f589199e688ee293f0e7d46680865ba3d8e828ced792d86f0a39d16947dfa2bed2a784e47e28bcae2c4b675bf7ec40920ddc28594ee5e2478ffd408529010aa812d73e4b6c316138615c90fe60f581be73403eef48e7d23dc55369e2afad08f8f0e0eb14a53892fe972717b48a430a09ee052c4aa931b0026f583ec6f32886c023bedee05126a81f0c2363141f6846029c606a1ccf13e108b4363402aef3e12559935bc3fa90e824e81344fb23025d1b83c6fc1007a26d0d60adcd8d7cd8ecc206324114a2f75f94c60642fefafaee2327cc6d05fa420e7ccc539dbe296b372a7da93e0c045da23401badbf56c92a9f9852426e99784a8399b06862470dcb29b6ec8ad88e525494a989c0c4ddd27c093093932d2ff73ec0eabeb8c2846e995bf9e2bf7f105fc5b6c535baec743e9fed76b3ebdbae7a56a76bd6b409dd2bf0b5618bd19c7ec1989ee0893d05ea08d8c52f24490ddf38a983c3bc8509ed005ec94baaba1365ebd0233d911bd6e0a340037a9325261cc3e2726802312620a65f813fbab484c11b45a55178e4c2c5887c0504dde12615931b686e59d3db8b7e7722604d6c8bcf4a014f9c778fe851e1e4d0df56d7e1d5f5195c49e07d63bf501803735ca3a3ee6018225cdc1db26682ffff7846b5dec213439a49b07ac42e9c5540bb3eb1a73236c8476afc188031bea370b95e70a9e4483277457877572d0da1d4696b1b843dd73bdd424fc68e04123ba11fb47bc954617a188449c8d3a063e74c476c39d32962fddb40448e9611aeed85bcbaa0f0c74111989ab0b347e6cf1f1a7aacf9cf1d66d84809e796634df73d9be6065e60d2c072a261b37d1fd8cdc2582db0ce3f86bd61d89230f2ed1252ba8c47ce37a79c8362d0c6caa7b044eadf3d2de2e17d18989ed5372e77f0a4f4bf705f023049732f4fbe9525713762e6230d3288c2a7e92bb6917e2769c9dae39a6e56643c610a4c7ddd94d305bae3226173deee0822455f24f2cecb6bb617f000a6e3d6115e3709603f27e0c87ce4fefef22b5624caf13ca5346c7fe1bccab30c7f16c1d07e986047438ace3c437f7fc0f919ff1aa052e2ca810879b8398752ef6a00d92c2bfe64b811d82f28ae5b82ee5c0443c5c5e8da6ac688e879b8735f4629c91e4c99774a5acaa07a20712cc521856040ab6146916451b448601a01016eb77cbd0b933767ea62087259ed610910e48870dedcb327552c2c22784ae254d6f2fbb0edfe36b57e4c975b03875babaeb47ef73d4807624a380681a72beed4d845e119ce9fe76f300aabfb28551c95aa110c209ebf0b1bbe3047d22b6b403bbb52318b8691d082bf7a5df32146da39acd6191087924cda6fab7eb0a9f66e3325ec17040414f627d18d04fff18c6c67713061986ae2798caeb1b80cb39e05610403d01c7c4a6e0c95039e305b7d3b31d56ccc734dafc8a9afd3cb1ab68e356440a05fe1e0e0a56c4f147175ed77999f5662b6b48d0a8c169704ede5e19f314b8256a2ca2297d93c74b476f3bca844c89001587ac58ec04f81b5b6b90a522fc045dae3d0fa8fb98918a9ca3b9f9d27b2e5c8128841496a73353cb1df006e0facaa20a8f43a334e3d4fe965e50628aed9912e6f359417512490ce8115e1153639216b7f2ff8048918fae4f8c9c99deb0dff42e2dad8dc06bfb749f2425e664c4a2190276a91617f8dbe2fe3b4e204390293d912ffcb1d5f326b51bb50e0439984b5e49440c82425bfab36761660eed13d6053cf08712cbd84fd08bb8ce096711be7d042a1e1de01b93b43e729341674387e368c92c4657614ae032af80a2650c5903bc0f8d447fc468744b6d0c599a096e82f8e5804263fca6f0ddfdd3bf567aa464a38d802b403ec45bee5b662d69e204dbdacc79513d47e60d13468b0775b4147b6c338f95def17931c83f30c89c1f0b96fd9fe715d72840a1123727526f0071cf6a13eb44fae12850d6bea7d5bf0ee08ae747eca230db8f3c8d1dfad8977f4f36a3cbbcf0b61abff3138a1871dea57ce91bc1a913e95fd7abf2d58d3daaf49b56c0ffe7e1033e121cfbc4c2fcf7f6d3eba00f6375498d4a9da426c0fc45900059f9a00edf1d2cd8ef2bcbee83bff484934ebd198cf867fe7b1c82d425fc3b983416d9d98588bed8fa903d3d20d3c2b3cf400e150fce9cfe98316129474522f8aafb2133494e8259efc065c3ed4500d9bb95c589b21226bf1f5f550c733ccd672ff23927d0a4e015763fdc169986ce8eaa7e2a3ba7c40a2adfdcba944683792242dda1901f3207981ff118fd5ebb930ae042a10e8c2079efb5e273a7131ee02910941cadf26b9b1988b9700fa1ec65669d3bb2e493056352762e34d79bea77334ab789706a35f727d6acc8e87e25217f65bd4f23a9f5ae351a5fa4303b6de3032a262b6aa4ac7aea734eaccf5fb8d8511c7f44147e883692dd39eccaa2f7c199dd7be4b298591d8be1fcf5894be9dfa2e74c52e183f16638c10089dd41e7520a3b854e3d621d88154d07b81bb2d5db2fc762c46699f08432781eb624a2e576dbb545ea242d08a97efdd47f826cd86e608ad9f7d3083d753874a5cf6afd86915e22ffa148cb0d0cd92681c663fa8713d3a420794bf2a8f4b1a02e0ee67eab454b92d59d481cc357be685270fbfc890b5c8b0c09e7e7817ce8cacf71ba636a1597c7efd0e58d5088ed3a22efcc421d8c6221f6155e10ee118cf7868c30651b90c90a2bbbde24d1cabf41d29561407def530d1630daaeb11c053a1d37d05e33399cec984de5019b6ee0fd59906ccc5a797901ca0e4042cced1cfdab75ff3f602aa8bc306a880e60b187689ce1c189b0d74c80256787e374e85918fff6cd20ca391646b20943979eb05a4c4c19fabce6633b26fd2e6227c2f433082395f5c5a77132f0c749a669d803a02e3ce0b31b99b8617cc4a9606dba52472323947cc7fdd8c75a2ae8d6f0351564633f935229f20a24ade0182e40330b88f5a956eb60351f47e97df9fed4b181ee42dd6c2eba405e158ba0eaac16b9c2f0f0c97cb7401e82b557ad4053366ada6ca930935f006344d02c8d7882f8b310a84c8f2e63091085bc555a1ee503f10388cbd39c26b633a93b47346663a22ffcaa9bfb66dbe5b9a03130afa7500db5493cf6531a958bf13e1adf8da6d9057a8a23c37101a48bad848a0e1d7700abdee675d66dba16eba4c6c7e36e14fd8d72b227b69d737cac01e321040996d1bcdb9bbf05e1e775f242499ed495d5b33846d3cbbaf17c54689fe98e615168d30ea2ac6882b5f3f5ae9ef98eb134dbc72fa06ae0da1a0783aadd3296dc617742b98b46334319acdf65a79fbf14ad0c6bc8576ed765ed1dd43a7bfd46aafb1e7b4cc9495990aec408c13b65e7aaaee493ef58e3f90df8020f14301c135a76c517b5c038bfc46f4be890af7f0d8f4e814890aba34e11789a90e691c166cfced5448f058c372a13f329ea1ce329dccea5108ef8a2a3b6daba1ad1fc7f3b10e47c8327faee64fd0bf66265f0162c3e39968fd18a9e140b680e7d00a0890509af73332a8e68c545b33d44c1170fa681247b88eebd6addfc629d20327c6dd0f29e4d39cf5831f3fa4bfeb4fa9b54f13834e44483d8e0d6dc3cb145a92cde3536217bd74ea626d1254a5d48afe218eb586f91aaa0fbbfa914f8b43255d846b5bf1bbdea27e027d37cbbdc91348229b2bb43e85bb6a2e45f323ae6cda99ebee6721df0a30979b2bb237ee8d9bb9eb62344d95d453d41fd527d25a48ab0326d55aef4554d6cf2f91136eeac1da8cc9298d704d633d207075ce358eb13e56976d9387725717ea610068ea5cbc482f0b66f47e8fc16779b8d82e080ff535f0a64cda7d6cd79c110e7e4812309745b2f110bdcfb91933de9eadf2e79c33681e8a66dda7e8dcdfaabf647459ec80ee04470b59382316be73a37b4547416475446d464009f0a7f79f24536b198885454dbb7b5055902ef69cb02cdef6027e46e9bcd84a0e084f1facd15d729f7d23c37e746bec2ddfa8152d9caea4226eee8f6346c2708d0703d8986709517cf0f9fd61ca02924d4194b5cda08dd70f038889218a42dbc5115a4365262ea401ab0d90ff33c927c48d129eadd446cac9fd35079a42c1874acac6be8e9a98007701b5228aac11f8a89bb84eed6d3d32c3e7157fada636ff94f468fbe183b4b75903851bb85298b8644e3edc9ec7d75f4ac79053f7f37616a656448e0c1f51d31a489c08fc4f10f7b8b69bdd2a509f4dd83331da577426b81a112465375a8ae4e7a6253e501f636bc5bc71d789dfa08bfe02faea0a2ab408368c7c170737162c8489e01633770b033a6b098771b96fc106bb35a50d317c89982dd29ea5830ffd8e5c38dd484c80cbe376f567c98e120403775d2ddc0ed506d35102410ba9e109d806ab00005daed4b84585ffaf3646cf8b4ef411b44ec92c8710ee8a38ece02296fa53323e609dc62a196987d17283f27f15f5905ee2873b3f7201f"]}]}, 0x1364}}, 0x4040011)
setsockopt$inet_tcp_TCP_REPAIR(r2, 0x6, 0x13, &(0x7f0000000040)=0x1, 0x4)
setsockopt$inet_tcp_TCP_REPAIR_QUEUE(r2, 0x6, 0x14, &(0x7f00000003c0)=0x1, 0xfc9c)
r5 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./bus\x00', 0x289c2, 0x21)
fcntl$setlease(r5, 0x400, 0x1)
mbind(&(0x7f0000ffe000/0x1000)=nil, 0x1000, 0x6, &(0x7f0000000000)=0xa636, 0x9, 0x1)
mbind(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x6, &(0x7f0000000040)=0x5, 0x6, 0x0)
fremovexattr(r5, &(0x7f0000000040)=@known='system.posix_acl_default\x00')
sendmsg$OSF_MSG_ADD(r5, &(0x7f0000000280)={&(0x7f0000000200)={0x10, 0x0, 0x0, 0x800}, 0xc, &(0x7f0000000240)={&(0x7f0000001780)={0xe0c, 0x0, 0x5, 0x801, 0x0, 0x0, {0x3, 0x0, 0x5}, [{{0x254, 0x1, {{0x0, 0x5}, 0x4, 0x9b, 0x39, 0x7, 0x3, 'syz1\x00', "a9abc9038b8213634e9cd3da663592a5e8902d87da343dc386146567264c2378", "a8ae8aa7fa9b0f268279e69c00605c9f4c2bfd982cb6eb1e1461d40326c52db7", [{0x40, 0x4d9d, {0x0, 0xbe8}}, {0x9, 0x5, {0x1, 0x7}}, {0x2, 0x7, {0x9083c32151d710f8, 0x5}}, {0x9, 0x200, {0x2}}, {0x4, 0xfff, {0x3, 0x1}}, {0x8, 0x0, {0x1, 0x8001}}, {0x9, 0x1, {0x2, 0x3}}, {0x5, 0x8, {0x2, 0x8}}, {0x421, 0xd448, {0x0, 0x5}}, {0x3, 0xb7f, {0x0, 0xb149}}, {0x4, 0x9, {0x3, 0x2}}, {0x8, 0x8, {0x1, 0x401}}, {0x3ff, 0x40, {0x1, 0x4}}, {0x100, 0x9b, {0x0, 0x9}}, {0x0, 0x8, {0x3, 0x7}}, {0x3, 0x0, {0x3, 0x7}}, {0x8, 0x7, {0x2, 0x9}}, {0xb, 0x3, {0x1, 0x1}}, {0x0, 0x9, {0x2}}, {0x9, 0x6, {0x5, 0x8}}, {0xd, 0x3, {0xc64f2d5a035e8361, 0x97ff}}, {0x4, 0x401, {0x2, 0x4a}}, {0xfff8, 0xfffb, {0x3, 0x3}}, {0x2, 0xfffa, {0x2, 0xf}}, {0x7, 0x800, {0x1, 0x80000001}}, {0x0, 0x5, {0x0, 0x2}}, {0xffff, 0x9, {0x1}}, {0x1, 0x58, {0x3, 0x2c}}, {0xa5b9, 0xfffd, {0x2, 0xe31c}}, {0x101, 0x8, {0x3, 0x5}}, {0x3, 0x4, {0x3, 0x17}}, {0x8001, 0x7, {0x2, 0x1}}, {0x7ff, 0x175f, {0x2, 0x9}}, {0x18b8, 0xff, {0x1, 0x2}}, {0x40, 0x80, {0x1, 0x1}}, {0x3, 0x0, {0x1, 0x5}}, {0x71d, 0x40, {0x1, 0xd}}, {0x1, 0x40, {0x1, 0x8}}, {0x7ff, 0xff, {0x2, 0x2}}, {0xa, 0x1, {0x1, 0xf}}]}}}, {{0x254, 0x1, {{0x1, 0x2}, 0x99, 0x5e, 0x200, 0x3, 0x1b, 'syz1\x00', "248a59bcfebc1ea9cb58d5a8f3da1e7e88034e281ed47a7ffd79c8897a359814", "8e8d1b86f902172868014fc24de88c1e6dc827c98eef2f110900877aaaff4f2c", [{0x2, 0x2, {0x0, 0x7}}, {0x1, 0x2, {0x0, 0x1}}, {0xf, 0x1, {0x2, 0x5}}, {0x0, 0xfc3, {0x1, 0x5}}, {0x0, 0x2, {0x1, 0x40000000}}, {0x9, 0x9, {0x2, 0x81}}, {0x1c93, 0x6, {0x0, 0x3}}, {0x4cbf, 0x400, {0x3, 0x10000}}, {0x100, 0x8, {0x3, 0x4929}}, {0x339, 0x28, {0x1, 0x4}}, {0xfff9, 0x8, {0x0, 0x2}}, {0x1, 0x7, {0x2, 0xdc}}, {0x8, 0xfff7, {0x0, 0x10}}, {0xd, 0x6, {0x3}}, {0x4, 0x0, {0x1, 0x2}}, {0x6, 0x5, {0x1}}, {0x7, 0x8, {0x2, 0x1}}, {0x5, 0xa, {0x2, 0x1}}, {0x3, 0x0, {0x3, 0x80}}, {0xfff, 0x81, {0x3, 0xcf}}, {0x994, 0xfffd, {0x3, 0x7}}, {0xfffd, 0x2e, {0x1, 0x7fff}}, {0xa, 0xfff, {0x1, 0x8000}}, {0x401, 0x9, {0x3, 0x9}}, {0xfffa, 0x3e5, {0x3, 0xfffffff7}}, {0xa, 0x8, {0x1, 0x8}}, {0x401, 0x3, {0x2, 0x34}}, {0xbb, 0x552, {0x3, 0x24d43aa3}}, {0x7, 0x6a, {0x0, 0xbfd}}, {0x6, 0x9, {0x2, 0x3}}, {0x1c0, 0x1, {0x0, 0x3ff}}, {0x3, 0x8, {0x0, 0x8}}, {0x3, 0x8, {0x0, 0x4}}, {0x5, 0x6, {0x0, 0x5}}, {0xb, 0x2, {0x2, 0x9}}, {0x4, 0xf1, {0x2, 0x12b}}, {0x3, 0x3, {0x3, 0x7ff}}, {0xffff, 0x80, {0x0, 0x9}}, {0xa, 0xf679, {0x1, 0xfffffff8}}, {0x1, 0x2, {0x3, 0xffffffff}}]}}}, {{0x254, 0x1, {{0x3, 0x1}, 0x10, 0x7f, 0x8, 0x81, 0x15, 'syz1\x00', "9ea780ba5f00767e8385f855d589e139767d2a69d92c4b90065c2f23c88d3634", "9bae0549dff42c9b54b18f8daf42275e3be2a646739ba802b5b003ad773e9b93", [{0x9, 0x0, {0x0, 0x53}}, {0x2, 0x0, {0x1, 0x2}}, {0x5, 0x5, {0x0, 0x30}}, {0x4}, {0x2, 0x2, {0x1, 0x5}}, {0x0, 0x5}, {0x5, 0x1, {0x2, 0x1}}, {0x7, 0x2000, {0x2}}, {0x0, 0x1, {0x0, 0x5}}, {0x0, 0x8, {0x3, 0x1000}}, {0x1000, 0x1, {0x0, 0x4}}, {0x3, 0x6, {0x1, 0x7fff}}, {0x1, 0xfff8}, {0x7fff, 0x5, {0x0, 0x6}}, {0x40, 0x9, {0x1}}, {0x3ff, 0x401, {0x1, 0x200}}, {0x5, 0x73e1, {0x3, 0x6}}, {0x62, 0xd82c, {0x1, 0xa635}}, {0x470, 0x8, {0x1, 0xfffffff8}}, {0x1, 0x6c, {0x1, 0x9}}, {0x2, 0xfffd, {0x3, 0x5}}, {0x22, 0x5a3e, {0x0, 0x3}}, {0x8, 0x6, {0x2, 0x54f}}, {0x2, 0xff00, {0x3, 0xaaa}}, {0x7, 0x0, {0x0, 0x4}}, {0x7, 0x1, {0x0, 0x80000000}}, {0xf6e, 0x8, {0x0, 0x8}}, {0x0, 0x3, {0x2, 0x3b63}}, {0xc, 0x6, {0x2, 0x4}}, {0xc, 0x80, {0x0, 0x10001}}, {0xfffe, 0x7fff, {0x0, 0x8}}, {0x9, 0x401, {0x1, 0x8}}, {0x7, 0x7, {0x0, 0x4}}, {0x6, 0x8, {0x3, 0x2}}, {0x0, 0xc, {0x3, 0x6}}, {0x28, 0x8801, {0x1, 0x7f}}, {0x4, 0x7, {0x0, 0x2}}, {0x7fff, 0x4, {0x0, 0x4}}, {0x81, 0x1, {0x3, 0x1ff}}, {0x0, 0x1, {0x3, 0x2}}]}}}, {{0x254, 0x1, {{0x2, 0x5}, 0xf, 0xd, 0x1, 0x6, 0x2, 'syz0\x00', "e79cc3d9b16f2fea4aca4c6246a270882851564585f6f6c433df784a21eab9b1", "adc477fe4c5d8986233ecfc17c89017e2f7dfd793a9357f9f9d5f944019f3166", [{0x6, 0x9315, {0x3, 0x9}}, {0x5aa5, 0x52, {0x2, 0x9}}, {0x0, 0xfffb, {0x0, 0x8}}, {0x3, 0x1, {0x1, 0x8}}, {0x5, 0x6, {0x0, 0x3}}, {0x6, 0x1, {0x2, 0x7}}, {0x7, 0x0, {0x2, 0x4}}, {0x1, 0x1, {0x2, 0x91}}, {0x800, 0x8, {0x0, 0x2}}, {0x51, 0x9, {0x0, 0x7fffffff}}, {0x6, 0x3ff, {0x3, 0x70}}, {0x8000, 0x9, {0x3, 0x2}}, {0x7, 0x10, {0x2, 0x211}}, {0xe, 0x5, {0x0, 0x3ff}}, {0x6, 0x6, {0x2, 0x8}}, {0x401, 0x3, {0x1, 0x587}}, {0x8, 0x2, {0x0, 0x5}}, {0x0, 0x7, {0x2, 0x401}}, {0x1, 0x8eb7, {0x1, 0x9}}, {0x0, 0x1, {0x2, 0x2}}, {0x5, 0x101, {0x2, 0x1}}, {0x1, 0x8c6, {0x1, 0x4}}, {0x6, 0x5, {0x1, 0x401}}, {0x1, 0x4, {0x2, 0x6}}, {0x6, 0x9, {0x1, 0xffff}}, {0x7, 0xffff, {0x0, 0x8}}, {0x40, 0x8, {0x0, 0x7f}}, {0x2, 0xe, {0x0, 0xfffffffd}}, {0x0, 0x9, {0x2, 0x6}}, {0x1000, 0x3, {0x2, 0x1}}, {0x2, 0xc, {0x3, 0xfffffffa}}, {0x8266, 0x7}, {0xff80, 0x4, {0x2, 0x1ff}}, {0x9, 0x401, {0x3, 0x1}}, {0xf, 0x7, {0x1, 0x400000}}, {0x1, 0x1, {0x2, 0xd}}, {0x0, 0xdb, {0x2, 0x8c88}}, {0x0, 0x1ff, {0x3, 0x4}}, {0x80, 0x6, {0x3, 0x14000000}}, {0x6, 0xffff, {0x0, 0x9}}]}}}, {{0x254, 0x1, {{0x1, 0xfffffffe}, 0x1, 0x7, 0xfffa, 0x0, 0x0, 'syz0\x00', "66255ace6f095d7cef5c119e2b806cfe2e9d1b133c4f66dcc3f6820aa1ef4764", "f9358c56aa908115c7fbebf456dad67f2ca792551af1d9621b89305ac959de8a", [{0x8, 0xfffc, {0x2, 0x7}}, {0x81, 0x9, {0x2, 0x8}}, {0x2, 0x1077, {0x3, 0x3}}, {0x7, 0x3, {0x1, 0x80}}, {0x8, 0x6fcd, {0x1, 0xfa}}, {0x9, 0x6, {0x3, 0x6}}, {0xd, 0x81, {0x2, 0x7}}, {0xfffe, 0x8, {0x1, 0x8}}, {0x4, 0x1, {0x1, 0x7a}}, {0x200, 0x6, {0x0, 0x7ff}}, {0x81, 0x1, {0x2, 0x3}}, {0x952, 0xa07, {0x3, 0x3}}, {0x2, 0x0, {0x0, 0x1}}, {0x1, 0x1, {0x2, 0x8}}, {0x101, 0x9, {0x1, 0x3}}, {0x7, 0x6, {0x1, 0x7}}, {0x0, 0xfffa, {0x1, 0xe569}}, {0xe535, 0xe, {0x2, 0x5}}, {0x4, 0xfffb, {0x1, 0x4}}, {0x0, 0x8, {0x2, 0x8}}, {0xf7b8, 0x5, {0x3, 0xf9a}}, {0x4, 0x2, {0x3, 0x6}}, {0x3, 0x0, {0x2, 0x9}}, {0x8001, 0x7, {0x1, 0xfff}}, {0xfffa, 0x7ff, {0x2, 0x4}}, {0xff01, 0x1, {0x2, 0x4}}, {0x6, 0x8867, {0x3, 0x9b6}}, {0x100, 0x0, {0x1, 0x7}}, {0xa, 0xa, {0x3, 0x7f}}, {0x2, 0x1, {0x2, 0x1}}, {0x267, 0x9, {0x1, 0x3}}, {0x9, 0x8, {0x4, 0x8}}, {0x9, 0x2148, {0x1}}, {0xc, 0x2100, {0x3, 0x5}}, {0x5, 0x356, {0x1, 0x3}}, {0x5, 0x3e, {0x1, 0x5}}, {0x3, 0x3, {0x0, 0xe60}}, {0xcfb, 0xe, {0x2, 0x6}}, {0x7, 0x1, {0x2}}, {0x0, 0xffff, {0x0, 0x9}}]}}}, {{0x254, 0x1, {{0x0, 0x4}, 0x6, 0x7, 0xa, 0x97, 0x18, 'syz0\x00', "8cda73793448290b8a42222e644d3940254055cb760839068e400e636b1e724b", "0988952da2e7d8f25b025b1a344e4989f76807dac34ada51d531e5f2936a4fcf", [{0x1, 0x1, {0x2, 0x5}}, {0xff, 0xe, {0x0, 0xffff}}, {0x2, 0xaea4, {0x3, 0x1}}, {0x200, 0x401, {0x2, 0x3}}, {0x5, 0x5, {0x0, 0x7}}, {0x79, 0x9, {0x1, 0x5}}, {0x3, 0x7, {0x0, 0xfffffffd}}, {0x0, 0xd89, {0x2}}, {0x2, 0x2, {0x3, 0x9}}, {0x8000, 0x0, {0x3, 0x8}}, {0x12b3, 0xec, {0x0, 0x47}}, {0x9, 0xa, {0x2, 0x3ff}}, {0x5, 0x3, {0x2, 0x5863}}, {0x5, 0x98, {0x0, 0xfffffff8}}, {0x3a, 0x8, {0x3, 0xf65}}, {0x1, 0x7, {0x3, 0x1}}, {0x1, 0x3, {0x2, 0x4}}, {0x1, 0x7, {0x2, 0x81}}, {0x3, 0x8000, {0x0, 0xf}}, {0x6, 0x7, {0x1, 0x2c7}}, {0x3, 0x4, {0x0, 0x2}}, {0x1937, 0x7, {0x2, 0xd9}}, {0x1, 0x6, {0x1, 0x80000000}}, {0xff, 0xd9, {0x1, 0x7}}, {0xfff4, 0xff, {0x0, 0x25}}, {0x2, 0x6, {0x3, 0x3}}, {0x2, 0x7686, {0x3, 0x84b}}, {0x8, 0x5, {0x0, 0x83f1}}, {0x0, 0x7ff, {0x3, 0xf}}, {0xfff, 0xaa66, {0x2, 0x200}}, {0x8, 0x6, {0x3, 0x4}}, {0x7, 0x1, {0x1, 0x80}}, {0x1, 0x8, {0x1, 0xe9a}}, {0xa257, 0x7, {0x1, 0xfffffffb}}, {0xd, 0x6379, {0x3, 0x1}}, {0xce9d, 0x100, {0x1, 0xac}}, {0x1, 0xfff3, {0x2, 0x7}}, {0x3, 0x7fff, {0x3, 0xffff7fff}}, {0x5, 0xc, {0x2, 0x5736}}, {0x303, 0xe, {0x3, 0xffffffa9}}]}}}]}, 0xe0c}, 0x1, 0x0, 0x0, 0x20004000}, 0x4)
connect$inet(r2, &(0x7f0000000000)={0x2, 0x4e2b, @local}, 0x10)
r6 = semget(0x1, 0x0, 0x10)
semctl$IPC_INFO(r6, 0x2, 0x3, 0x0)

6.87003621s ago: executing program 1 (id=3446):
r0 = socket$inet6(0xa, 0x2, 0x0)
setsockopt$inet6_int(r0, 0x29, 0x2, 0x0, 0x0)
recvmmsg(r0, 0x0, 0x0, 0x2, 0x0)
socket$inet6_sctp(0xa, 0x801, 0x84)
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0)
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000000480)={0xffffffffffffffff, 0x0, 0x25, 0x2, @val=@uprobe_multi={0x0, 0x0, 0x0, 0x6, 0x0, 0x1}}, 0x40)
r1 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000015c0), 0x2, 0x0)
ioctl$VHOST_SET_VRING_BASE(r1, 0xaf01, 0x0)
r2 = eventfd(0xfffffff9)
ioctl$VHOST_SET_LOG_FD(r1, 0x4004af07, &(0x7f0000000240)=r2)
ioctl$VHOST_SET_VRING_KICK(r1, 0x4008af20, &(0x7f0000000040)={0x1, r2})
ioctl$VHOST_SET_VRING_ADDR(r1, 0x4028af11, &(0x7f0000000140)={0x0, 0x0, 0x0, &(0x7f0000000500)=""/67, 0x0})
ioctl$VHOST_SET_VRING_ADDR(r1, 0x4028af11, &(0x7f0000000280)={0x1, 0x1, &(0x7f0000000380)=""/246, &(0x7f00000000c0)=""/87, &(0x7f0000000480)=""/70, 0x100000})
ioctl$VHOST_SET_MEM_TABLE(r1, 0x4008af03, &(0x7f0000000680))
ioctl$VHOST_SET_VRING_ERR(r1, 0x4008af22, &(0x7f00000002c0)={0x1, r2})
ioctl$VHOST_VSOCK_SET_RUNNING(r1, 0x4004af61, &(0x7f0000000000)=0x1)
prlimit64(0x0, 0xe, &(0x7f00000007c0)={0xb, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0)
r3 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r3, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)

5.194661574s ago: executing program 3 (id=3447):
r0 = syz_usb_connect(0x1, 0x24, &(0x7f0000000100)=ANY=[@ANYBLOB="120100004f92b90857152077ebb7000000010902120001000000000904"], 0x0)
syz_usb_control_io(r0, 0x0, &(0x7f0000000800)={0x84, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000280)={0x40, 0x13, 0x6, @dev={'\xaa\xaa\xaa\xaa\xaa', 0xe}}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io(r0, 0x0, &(0x7f0000000340)={0x84, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000001600)={0x40, 0x19, 0x2, "b3f0"}, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$hid(r0, 0x0, &(0x7f0000000600)={0x2c, &(0x7f00000008c0)=ANY=[@ANYBLOB="00080200000071"], 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$cdc_ecm(r0, 0x0, 0x0)
syz_usb_control_io$printer(r0, 0x0, 0x0)
syz_usb_control_io$uac1(r0, 0x0, 0x0)
syz_usb_control_io$printer(r0, 0x0, 0x0)
r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r2 = socket$inet6(0xa, 0x4, 0xc)
r3 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000180), 0xffffffffffffffff)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$IPVS_CMD_DEL_SERVICE(r4, &(0x7f0000000280)={&(0x7f0000000140), 0xc, &(0x7f0000000300)={&(0x7f0000000340)=ANY=[@ANYBLOB="14000000", @ANYRES16=r3, @ANYBLOB="10002bbd70000df1df2503000000"], 0x14}, 0x1, 0x0, 0x0, 0x4010}, 0x4000)
r5 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000100), 0x161281, 0x0)
r6 = openat$ptp0(0xffffffffffffff9c, &(0x7f0000000000), 0x949902, 0x0)
ioctl$PTP_PEROUT_REQUEST2(r6, 0x40383d0c, &(0x7f00000000c0)={{0x4, 0xac}, {0x4, 0xfffffffc}, 0x200001, 0x6})
ioctl$VT_OPENQRY(r5, 0x5600, &(0x7f00000002c0))
write$binfmt_aout(r5, &(0x7f0000000200)=ANY=[], 0xff2e)
write$binfmt_script(r5, 0x0, 0x0)
r7 = syz_open_dev$loop(&(0x7f0000000080), 0x47ffffa, 0x122c42)
ioctl$LOOP_GET_STATUS(r7, 0x4c03, 0x0)
ioctl$TIOCVHANGUP(r5, 0x5437, 0x0)
setsockopt$inet6_int(r2, 0x29, 0x16, &(0x7f00000001c0)=0x7f, 0x4)
close(r2)
mount(0x0, &(0x7f0000000040)='.\x00', &(0x7f0000000080)='ecryptfs\x00', 0x10005, 0x0)
syz_genetlink_get_family_id$netlbl_mgmt(&(0x7f0000000200), r1)
r8 = userfaultfd(0x80801)
ioctl$UFFDIO_API(r8, 0xc018aa3f, &(0x7f00000000c0))
ioctl$UFFDIO_WAKE(r8, 0x8010aa02, &(0x7f0000000080)={&(0x7f0000ffa000/0x2000)=nil, 0x2000})
sendmsg$NLBL_MGMT_C_ADDDEF(r1, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000240)=ANY=[], 0x4c}, 0x1, 0x0, 0x0, 0x20024004}, 0x24044000)

4.781534357s ago: executing program 5 (id=3448):
mkdirat(0xffffffffffffffff, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x1)
sched_setaffinity(0x0, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
gettid()
futex(&(0x7f0000000100)=0x2, 0xb, 0x2, 0x0, &(0x7f00000004c0)=0x1, 0x2)
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1c0)
openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0xa8442, 0x0)
r1 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$kcm(r1, &(0x7f0000000080)={0x0, 0xfe, &(0x7f00000001c0)=[{&(0x7f00000007c0)="d8feff00180081054e81f782db4cb904021d0800fe00fe05e8fe55a10a0015000600142603600e1208000f007f370301a8001600a40002400f000100035c0461c1d67f6f94007134cf6edb8000a007a290457f0189b316277ce06bbace8017cbec4c2ee5a7cef4090014d6d930dfe1d9d322fe7c9f8775730d16a4683f5aeb4edbb57a5025ccca9e00350db798262f3d40fad95667e006dcdf63951f215c3f8b6ad2cba0e2375ee535e3bb9ad809d5e1cace81ed0bffece0b42a9ecbee5de6ccd40dd6e4edef3d93452a92954b43370e9703920723f9a941", 0xd8}], 0x1}, 0x20000800)

3.105390913s ago: executing program 2 (id=3449):
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000080)={0x0, 0xffffffffffffffff, 0x0, 0x2c, &(0x7f0000000000)='/proc/sys/\x00\x00ync_\x00le\xf44.\xab:nN\xd4\xa2\x88\x00\xd1l,\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00'}, 0x30)
r0 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000300), 0x2, 0x0)
ioctl$VHOST_SET_VRING_BASE(r0, 0xaf01, 0x0)
r1 = eventfd(0xffffffff)
ioctl$VHOST_SET_LOG_FD(r0, 0x4004af07, &(0x7f0000000240)=r1)
ioctl$VHOST_SET_VRING_KICK(r0, 0x4008af20, &(0x7f0000000040)={0x1, r1})
ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f0000000140)={0x0, 0x0, 0x0, &(0x7f0000000500)=""/67, 0x0})
syz_usbip_server_init(0x3)
ioctl$VHOST_SET_MEM_TABLE(r0, 0x4008af03, &(0x7f0000000680))
ioctl$VHOST_VSOCK_SET_RUNNING(r0, 0x4004af61, &(0x7f0000000000)=0x1)
getdents(0xffffffffffffffff, 0x0, 0x58)

2.917894338s ago: executing program 5 (id=3450):
r0 = socket(0xa, 0x2, 0x0)
getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000caaffb)={0x0, <r1=>0x0}, &(0x7f0000cab000)=0xa)
setresuid(0x0, r1, 0x0)
r2 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000040)=ANY=[@ANYRES64=r1], 0x0)
io_uring_enter(0xffffffffffffffff, 0x847ba, 0x0, 0xe, 0x0, 0x0)
syz_open_dev$I2C(&(0x7f0000000d80), 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x1, 0x1b, 0x0, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8)
r4 = openat$comedi(0xffffffffffffff9c, &(0x7f0000000140)='/dev/comedi4\x00', 0x2, 0x0)
ioctl$COMEDI_INSN(r4, 0x8028640c, &(0x7f0000000000)={0xc000003, 0xf, &(0x7f0000000180)=[0x7, 0x9, 0xf909, 0x899d, 0x80, 0xfffffffb, 0x7, 0x10, 0xfffffe01, 0x1, 0x4, 0x2, 0x6, 0x8811, 0x0], 0x1, 0x4000007})
r5 = syz_open_dev$sndpcmp(&(0x7f0000000040), 0x1, 0x80000)
r6 = syz_open_procfs(0x0, &(0x7f0000000580)='net/fib_trie\x00')
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r7 = syz_open_dev$MSR(&(0x7f00000001c0), 0x8000002000000, 0x0)
read$msr(r7, &(0x7f0000019680)=""/102392, 0x18ff8)
bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x6, 0xc, &(0x7f0000000440)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0)
pread64(r6, &(0x7f0000019180)=""/102355, 0x18fd3, 0xc2a)
ioctl$SNDRV_PCM_IOCTL_TTSTAMP(r5, 0x40044103, &(0x7f0000000080))
syz_usb_control_io$hid(r2, 0x0, 0x0)
syz_usb_control_io$hid(r2, &(0x7f00000001c0)={0x24, 0x0, 0x0, &(0x7f0000000000)={0x0, 0x22, 0x23, {[@local=@item_012={0x1, 0x2, 0x7, "e9"}, @main=@item_4={0x3, 0x0, 0xb, "1ce93ee9"}, @global=@item_4={0x3, 0x1, 0x1, '\f\x00'}, @global=@item_4={0x3, 0x1, 0x9, "be2e018c"}, @global=@item_4={0x3, 0x1, 0x3, "0900be00"}, @main=@item_4={0x3, 0x0, 0x8}, @local=@item_012={0x2, 0x2, 0xe, "37cc"}, @main=@item_4={0x3, 0x0, 0x8, "31654111"}]}}, 0x0}, 0x0)

2.824658004s ago: executing program 0 (id=3451):
syz_usb_control_io(0xffffffffffffffff, 0x0, 0x0)
syz_usb_control_io$hid(0xffffffffffffffff, &(0x7f00000002c0)={0x24, 0x0, 0x0, &(0x7f0000000600)=ANY=[@ANYBLOB="002212"], 0x0}, 0x0)
syz_usb_ep_write(0xffffffffffffffff, 0x81, 0x0, 0x0)
openat$ttyS3(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
socket(0x40000000015, 0x5, 0x0)
socket$packet(0x11, 0x3, 0x300)
socket$nl_generic(0x10, 0x3, 0x10)
pselect6(0x0, 0x0, 0x0, &(0x7f00000002c0)={0x3ff, 0x0, 0x0, 0x9, 0x0, 0x0, 0x7fffffff}, 0x0, 0x0)
syz_open_dev$sndctrl(&(0x7f0000001440), 0x0, 0x0)
r1 = socket(0x2, 0x80805, 0x0)
r2 = socket$xdp(0x2c, 0x3, 0x0)
setsockopt$XDP_RX_RING(r2, 0x11b, 0x2, &(0x7f0000000040)=0x20, 0x4)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000440))
setsockopt$XDP_UMEM_FILL_RING(r2, 0x11b, 0x5, &(0x7f0000000140)=0x4000, 0x4)
bind$xdp(r2, &(0x7f0000000100), 0x10)
r3 = socket$netlink(0x10, 0x3, 0x400000000000004)
writev(r3, &(0x7f0000019440)=[{&(0x7f0000000200)="480000001400190d7ebdeb75fd0d8c562c84d8c033ed7a80ffe0090f000060000000a2bc5603ca00000f7f89000000200000004a2471083ec6991778581acb6c0101ff0000000309", 0x48}], 0x1)
getsockopt$inet_sctp_SCTP_EVENTS(r1, 0x84, 0xb, 0x0, &(0x7f0000000340))

2.776130461s ago: executing program 1 (id=3452):
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000007c0)=@newtaction={0x6c, 0x30, 0x9, 0x0, 0x0, {}, [{0x58, 0x1, [@m_mpls={0x54, 0x1, 0x0, 0x0, {{0x9}, {0x28, 0x2, 0x0, 0x1, [@TCA_MPLS_PARMS={0x1c, 0x2, {{}, 0x3}}, @TCA_MPLS_TC={0x5}]}, {0x4, 0x4}, {0xc}, {0xc}}}]}]}, 0x6c}}, 0x0)
r1 = socket$vsock_stream(0x28, 0x1, 0x0)
bind$vsock_stream(r1, &(0x7f0000000440), 0x10)
listen(r1, 0x5)
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000500)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x50)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x7, &(0x7f0000000240)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b702000003000200850000008600000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={&(0x7f00000006c0)='sched_switch\x00', r3}, 0x10)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r4 = openat$tun(0xffffffffffffff9c, &(0x7f00000004c0), 0x81, 0x0)
ioctl$TUNSETQUEUE(r4, 0x400454d9, &(0x7f0000000780)={'wlan1\x00'})
r5 = socket$vsock_stream(0x28, 0x1, 0x0)
connect$vsock_stream(r5, &(0x7f0000000100)={0x28, 0x0, 0x0, @local}, 0x10)
sendto$packet(r5, &(0x7f0000000600)="5f0efc3e1792a50972d2eb21bdff9ca4ac804c2847fe7bf05ddc63ff512d40746877", 0x22, 0x0, 0x0, 0x0)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x1, &(0x7f00000000c0)=[{0x6, 0x0, 0x0, 0x7fff7ffc}]})
close_range(r5, 0xffffffffffffffff, 0x0)

1.430424081s ago: executing program 2 (id=3453):
r0 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x4000, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000, 0x0, r0, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x5}, 0x50)
bpf$PROG_LOAD(0x5, &(0x7f0000000400)={0xd, 0x4, &(0x7f00000003c0)=ANY=[@ANYBLOB="1800000000000000000000000000001d7118a9000000000095"], &(0x7f0000000300)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0xb787b14416c6952f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bind$bt_hci(r0, &(0x7f00000002c0)={0x1f, 0x2, 0x1}, 0x6)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
syz_open_dev$vim2m(0x0, 0x800, 0x2)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r1 = getpid()
clock_nanosleep(0xb, 0x0, &(0x7f00000000c0)={0x0, 0x989680}, 0x0)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
syz_open_procfs(r1, &(0x7f0000000340)='net/vlan/config\x00')
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r4 = openat$null(0xffffffffffffff9c, &(0x7f0000000180), 0x101000, 0x0)
r5 = syz_genetlink_get_family_id$nl80211(&(0x7f00000002c0), 0xffffffffffffffff)
sendmsg$NL80211_CMD_SET_WIPHY(r4, &(0x7f0000000400)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x40000000}, 0xc, &(0x7f00000003c0)={&(0x7f0000000300)=ANY=[@ANYBLOB="28000005", @ANYRES16=r5, @ANYBLOB="04002bbd7000fcdbdf2502000000140002006272696467655f736c6176655f300000"], 0x28}, 0x1, 0x0, 0x0, 0x801}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r6 = openat$vmci(0xffffffffffffff9c, &(0x7f0000000740), 0x2, 0x0)
ioctl$IOCTL_VMCI_VERSION2(r6, 0x7a7, &(0x7f0000000080)=0xb0000)
ioctl$IOCTL_VMCI_INIT_CONTEXT(r6, 0x7a0, &(0x7f0000000000)={@my=0x0})
ioctl$IOCTL_VMCI_NOTIFICATIONS_RECEIVE(r6, 0x7a6, &(0x7f0000000040)={0xb89b, 0x3, 0x2, 0x2, 0x0, 0x2})
ioctl$IOCTL_VMCI_NOTIFY_RESOURCE(r6, 0x7a5, 0x0)
r7 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)=ANY=[@ANYBLOB="4c00000010004b0400f4ed00000000007a000000", @ANYRES32=0x0, @ANYBLOB="00000000000000002c0012800b00010062726964676500001c000280080004"], 0x4c}}, 0x0)
sendmsg$nl_generic(r7, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000040)=ANY=[@ANYBLOB="f80000003e000701feffffff00000000017c0000040042800c00018006000600800a0000d1000280cb00148008000d"], 0xf8}, 0x1, 0x0, 0x0, 0x4048011}, 0xc000)

1.107926058s ago: executing program 1 (id=3454):
semget$private(0x0, 0x1, 0x202)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFULNL_MSG_CONFIG(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f00000009c0)=ANY=[@ANYBLOB="2400000001040102000000c9fd0000000000000008000340000100000500010001"], 0x24}, 0x1, 0x0, 0x0, 0x4000000}, 0x0)
sendmsg$NFULNL_MSG_CONFIG(r1, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000000)=ANY=[@ANYBLOB="20000000010405000000000000000000070000000a0002003292c3971d"], 0x20}, 0x1, 0x0, 0x0, 0x8000}, 0x2000004)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbee2, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r4 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r4, &(0x7f0000000600)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(camellia)\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r4, 0x117, 0x1, &(0x7f0000c18000)="ad56b6c5910fae9d6dcd3292ea54c7b6ef915d564c90c200", 0x18)
r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpu.stat\x00', 0x275a, 0x0)
write$UHID_CREATE2(r5, &(0x7f0000000180)=ANY=[], 0x118)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x5, 0x12, r5, 0x0)
r6 = accept4(r4, 0x0, 0x0, 0x0)
syz_genetlink_get_family_id$ethtool(&(0x7f00000004c0), r6)

1.061327452s ago: executing program 5 (id=3455):
r0 = syz_usb_connect(0x5, 0x2d, &(0x7f0000000080)=ANY=[@ANYBLOB="120100000cb768405e0483020b9901e4020109021b000100000000090400fb015c291d00090509"], 0x0)
syz_open_dev$sndpcmp(&(0x7f0000000000), 0x3, 0x183a00)
socket$nl_generic(0x10, 0x3, 0x10)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000440), 0x141800, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f0000000300)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x0, 0x0)
recvmmsg(r1, &(0x7f0000001a40)=[{{&(0x7f0000001ac0)=@x25={0x9, @remote}, 0x80, &(0x7f0000000200)=[{&(0x7f0000000540)=""/214, 0xd6}], 0x1, &(0x7f0000000640)=""/158, 0x9e}, 0x3}, {{&(0x7f0000000700)=@l2={0x1f, 0x0, @fixed}, 0x80, &(0x7f00000019c0)=[{&(0x7f0000000780)=""/4096, 0x1000}, {&(0x7f0000001780)=""/110, 0xfffffffffffffdaf}, {&(0x7f0000001800)=""/188, 0xbc}, {&(0x7f0000000280)=""/16, 0x10}, {&(0x7f00000018c0)=""/246, 0xf6}], 0x5}, 0xa5f}], 0x2, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x5, 0x0, 0x0, 0xb49, 0x9, 0x8, 0x7, 0x81}, 0x0)
socket$packet(0x11, 0x2, 0x300)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000100)={0x1, &(0x7f0000000140)=[{0x6, 0x0, 0x0, 0x7fff0000}]})
r3 = bpf$MAP_CREATE(0x100000000000000, &(0x7f0000000440)=@base={0x12, 0x40, 0x8, 0x1, 0x0, 0x1}, 0x48)
r4 = socket$inet6_udp(0xa, 0x2, 0x0)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f00000002c0)={r3, &(0x7f0000000140), &(0x7f0000000240)=@udp6=r4}, 0x20)
r5 = socket$inet_udp(0x2, 0x2, 0x0)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f00000001c0)={r3, &(0x7f0000000080), &(0x7f0000000180)=@udp=r5}, 0x20)
syz_open_procfs(0x0, &(0x7f00000000c0)='wchan\x00')
r6 = socket$inet_tcp(0x2, 0x1, 0x0)
landlock_create_ruleset(&(0x7f0000000040)={0x0, 0x3, 0x1}, 0x18, 0x0)
r7 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x8001, 0x0)
r8 = ioctl$KVM_CREATE_VM(r7, 0xae01, 0x0)
r9 = ioctl$KVM_CREATE_VCPU(r8, 0xae41, 0x0)
ioctl$KVM_RUN(r9, 0xae80, 0x0)
ioctl$KVM_SET_MSRS(r9, 0x4008ae89, &(0x7f0000000140)={0x2, 0x0, [{0x10, 0x0, 0xfffffffffffffff0}, {0x10, 0x0, 0x3fb}]})
bind$inet(r6, 0x0, 0x0)
syz_usb_disconnect(r0)
r10 = fsopen(&(0x7f00000003c0)='tracefs\x00', 0x1)
syz_usb_disconnect(r0)
close_range(r10, 0xffffffffffffffff, 0x0)

983.164287ms ago: executing program 0 (id=3456):
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0)
r1 = socket$packet(0x11, 0x2, 0x300)
setsockopt$packet_fanout(r1, 0x107, 0x12, &(0x7f0000000040)={0x0, 0x6}, 0x4)
setsockopt$packet_fanout_data(r1, 0x107, 0x16, &(0x7f0000000100)={0x2, &(0x7f0000000180)=[{0x50, 0x0, 0x5, 0x2}, {0x6, 0x0, 0x2, 0xffffffff}]}, 0x10)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201})
r2 = socket$kcm(0x2, 0xa, 0x2)
ioctl$SIOCSIFHWADDR(r2, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local})
write$tun(r0, &(0x7f0000009f00)={@val={0x1c, 0xf5}, @val={0x0, 0x0, 0x2, 0x0, 0x0, 0x8}, @mpls={[], @ipv6=@gre_packet={0x7, 0x6, "bf82ec", 0xf98, 0x2f, 0x0, @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, @empty, {[], {{0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x880b, 0x0, 0x2}, {0x1, 0x0, 0x1}, {0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x86dd, [], "446500c8e62a7dde5f1b711028f496c1d53d033cf02b981fb79f9752414a1e2955037397b63713d17dbb805ff20ef7086d9525e8af9a43c3e9623e7d2dc9487b1e44c43b8eaf38535ce76e29a74bc7438a231f93e27199644616e5fdbc5de373127756691b73ef0c3555c914d1b4db46acbc3a17691ac83b849d2978cb708156cea367d13fc159cbfec093c98b667f80b06232ce7dd0e02de3c3ad31b388ce1f755730c3cb4c469a83c597503018eacfe648c475750f9a20f1211265870c10e784278e63567ad23295d88060b84f0a4eee7cd68c28c2ef91e59a3cbfd468a26b63883624e81cce7665769e9730f96ea4624021722367d06b66ef803ff2770b0f83735d4861a30004d4727ae95c9ddd09a030a7bf4bd206c91e3ba8b68de94d66163d52a48f51d3850e236762c3c614db06de4db932176c7f60eea1dc90cd76b9c18348b5d9f2ca68b28e7cef5147c77b370d99a09b413f02f46ee8c827175a855130e811b517605e2301c838b60625adca07b4c211951ca3992cd574e3d880b858eef24e0d3c733edc26312d34f7fa0ea60b758d1ac95c6d2d920117aaced8230cf84b5951b3c6743a040fc8d93e75a2bb07e5af7c7e90ff73a9938c7a260468b600b4d0f13323a6a64d1db52cf12e4dea44e2d091b1c940d922d82b633a6b91078cc151e015f87af50d78ca909419f1f53738c674fe3241466ba169e583feec4f696613e13495aab3581ec2dbffbdd8912086c05d0798157807363e0c032afa6e839c66fd5ff1a5381f9b354c4ac274a82d05cd741582feff6a095691cc0fda2e113244cabd08934a221318a08c89d852432210c721d0c24ce6ef8c7c96d60be037d680ca18209f1d657f10bdbed92fc2556dd83d4d3717fdbb530a82d42f7ab03d9f6bf92567995e198cc882dbe0ed4e7dd6a2e951005ca11aa45ef77d7319526a47043d531db9559bbca963721263472b8c2ecaeb180d8a1f01cb26bcb28719127000226c8ac6553dbe6540556db025f0171deab96fa743cfc5e925ad47fdf152162291ea7dc7016ceb6492e2ba1bf43a5a3e22c143dc3ea33f2b535fb48f4826fa0412bb98b606ddbcd181d053e43513dedc227c5586ccc6bea5ceece641001f84dd3b303a2eeef867ee8e175219774510c428edf0d63f75df6f9deeb625fcdf52eeea428be8749d023a50ff71721a4f8355ab9b296e82cb610690ac9c0c4bb08b83b3c726a434c7d04c29599f763c88f72152d1e23edac51c0cfa0a25f06d15f9fc2a10d3453b651d16d097b03659fdf6d28366a4c787fff51c96f994a2719633b095b3bab2eb1d0af5a6bef8ab26ec0be2467d5511283d64e4c1bdf764942f3d41462b493b0e5357b8d24b6a7d8fced482963f0f23f32bb1a13dc00ec59e173f245a5df84cce75fcfae020bbed0867e030ecee57aa5a028495336b06c7143f93acf2e9367de04d6c196ac8016f962ed67782a3bb0c609a6936f885380ae5e9e3d0104623fbd4e97bea96fd3ad086e2ef158e05701350c724cb29f9a95aa53897f1d92167e6e4b73f7004b7e0ab5d35a5c7ec1d83d1541506e8be4eecc0db8162648a4146dcc7a08d3d054d852e2dd170e88b4cdd9eac6a05dc4f54540df9d8eef48143761a5e76fb6856bc7ecd1d73e26e11ac0ed2b044bbaee2e071df478b42c18f8bf9efe99b1896a91fd1e6e593a7fbd265750699daaa878b7ccad8e3fc6cd6fb661c7277a74e21a29bedbab901087b8e7d4247f6615eda8d01c61aba2f39cea8fdd86d3c7ff3347d1eae5c4375ba29765ab9996772d3f47753390d584f6b1d8309a8ac4617ace70845ce4df2a06e5e970af6c19ce21992d51c501b82072ff9e30c6a11491effa98c65355efbfc07ce8a7fee67cb99d2a097defa2b239c0481000ccc71803c2cb6aee4159d940076bab31cfda58a23e292cfb84628d25839b88385d48aaf10e787b8123321d4b95d85e1dfc812a286465c29eb8e854db1aeac18c57bcc96145993f4a26dcb530a9c17e1711ab58f3de598570de27bad7061cdb19d95826fb37f0bae54528c2ecae1ee5cb9fa7bbb4ba2a843452b1c9671175bc3f80aaacd6926d3e12af20660da1ebfa7dda4f73893b4492cc88b5bcfb2fe328b62c37dac14782f723e371f18b101bd344dc4606c329c892d11c01ff376264fdc300da5b771677ab26fff5ffa6332b29bd81bd0eaaafb6da5ffa9637d30e2b489e0450415f39bebde3f9ae0e95689c538f2305e3cfbc03d6a9a2bd4763b21612c82ccbcdcc894b3c052cb029203ccf06f57b7277404d25f21b4ab2add28ac68a3e999def3f73d4d5bd128dd57a8cfbb5c3e9134251946e00cf11d180bb88a6dcc04db9cfb1d70dd5963bc14683dc73db189d8cb93badf828d9dfc1203eafb76394958ff6dcfade95037b83fb152374eeb356fe998769b3d599a142d0d912f6c30a295c21c4888a7f5c87358ee075aa2a8a097b614d34676283538ecdf4fce9f021df8026d33fb0b05ab95a8ceb2210fdf9a3473c267c35b0fe41d7fab5b7291482d3caefc85c945a8fef8a5b39b72f9b45237a67f61f9f3f67c48e25b67392d18b84b927838cc9e0892ba626486ab7132cc283c6673ce28eca45a540f232531c311606dde2f2f3d5b18f76f4a306498bce61c332fafbc0b06f9602452fe2150fa1704fd3e20ecdaa4f0029ecb4c87437299aa36c10c891269abecaae486a1b3c8c64fdb5324c3d246424f1815138614edba6ba636cebe08bb548ee0b06dbec74a7efb5808bf718d66a33b91127aa4ae9237efe32350627da297608a98ea0bbad3bfbf1ef97ffe53508dbce8e76b17104cf8b5384862a4b193844dc10a9cb37368236c2dca6d663a1995018cf67c67b0111dd3874053cc5218e8264218307fd2ac741da426427372af61704c4a8d4acf4b43a9f7fa9e2d0c8bd41b8e17caf635f1befc0410a635da1ee983a9bc7a26e10bbdaf84262c81f86694ed891563b836d3f54ad451dea2406624c4730511e0597e8872cd9f7ab85c4f1c38eae6718041c8c98bd4a5972a6e7b06595b8884b0bc2815e8eea83a8e91da4d5380cead001124b89ebf295df76852048bd5016e4bdaa6f8258bd614622e6d7117c5543674b297b976476eca817e5a875620e37d5d2d1f01a5705dda1e924211cd19b9bfe248972c16e2da609dbd4eca75b73368a667f965f4e5383f5f0b446da5c8a071d8e3142795b156b940fe155099b6fed2d965fc40ef00e8a9eff4d815a80476f2f2a0fa691c4157ee3d1d8ad128d795507f6b081b5db51bc27fcd0cc38f7ddd79f97a72e006c540834623d4ff2c0996716c9fd5887511d8561c5d0f57d563f98b1929ff03c01db8223887a3fc3dbb3b367298d108680d3c153ab22484a46fcf78a32987bb376e5268c0605b47c2eb85586a3593ff700a369e8a20ebc3e8b5c2c2b1c97474a8602674d8972394b0b806791e32de4cf40433f885e40cad589bf926a00feb066503bb0552be4764e161f6b9ce3199b4eda6f72ad58878bbaba91e04cd584523ffe4904ab4c38244af9965410255e14262d8ee647207683a74593dd41b6f2e4840480afb12a54d9485badb2786c69d80cecb7f15c1fb52a4304923bd9924e3f899f7c05a37569713a7bb7f1ba085d8e94d3f91b96bdfb4ea5cc0c2a00a522ac73a56351915d05ac9ac76e8f58a467327194e28e534daa722c137a54ae4d4c242b63f7e3f9135f310e3ccdf603c2a46d28b01718475516fca3f55ecbb091f0ceeac8f4faf87e91494d0eefd1947ee6c30b3310d80744b3576d5d9b57c8d5cf3900480b16b78a90a6f6ca52fe8a3bc8623f8cf8da86c3f2b111ec51bbeb0f227282146e3d638ec09d0215eacd9801f975ed4057d7362a1da7f4fc7d376fa97fb2488923d2199518ed116342dcfc0f66d2d11a71e1fdb8f11d6c57e476552270e80028c35e6ccc50bf41075c889afc26753d4175c6c298017645adaf150da1d8014c73c9601931c83a9c414c781eab9258968f7d1dfec7a67652c617a616338b2eecb279f2f76baa929a18f28690703b81fac729695245a3d00914de8c1d89f6d08d8700868e44a2a40d8bf097fafe115b2439fe96e33694b9c155abfd20136946214e2efaea1ff2298a2d4a66b26113a6aa3c751cf7d94ada312ad68f793b9cf72f6f4b454a3484b617f6c4a221b63e468a1dcd7cdc98800e0d265304811a2c04741b0f1c5300f3c68cc5afc8e5682fa90365d5b1d885c70ad40f0d74f0307dbcecd266d3dd4bde89c6ad5203dab8e976b2fbf30c84285147787d8f6df98356a168d381bf7b6ff23c18fcbf76698307303853584bacad873648f099b69989ac9cd56901daf2b70e4f8c65093c08273d26dbabe676b8a0cd72f52e31994d930dd246df94186a26fbf17fe91a27db7457b15c6ba8c1236def51e83de6444d8354cf967b76ea93b72efc3ba6d756e87761f3bd35885c96336ee5b8afb7ca3a393d9afa903f921c5cb7df35894755f57d91fe1a2a59b5b8e56ea7f586475b1be51d975c1d9e1679fd75d5a1afaa2f23d07e1e8c11ed9e92e4b6b0c9925b62ff7dea69ba8201b6803bd98e4acb1c66c7357754b48b2356716a0d97bbeb91506ad6370a720860de2079cf1409c3e091e3e6f388fffdaa6e2890933be762051ad999f1e9bece02aa8714cf4811cb6c0999c1f5963e51be18837e1104287ab8aa858c0599549690cbda7d4a994c33be31b882ff89dd2d3037f5005f034c099c78e577d985bfff8e000bc18deed6380b2da8a465eefcc8b181d15b446849545f7f4a4c5c57da1fba058d742d205934c68130640892110c423982953d7499dacbe4f8c088be778695a19e5e7e0b370527c675dc91c41a77be2e69b2d30aa54d3f6d9980ac7eb0941d51116387f8b0e80ce7db4767086e8576f05c2dcd7efa703bb7b92ab0fba59ca86bd33598c43cba2a565100c90e93b918e4fd24f5aae3e6c84c7a207ba892d3861d76739387b5064243c18e8cd146e72558a76b44003ee04359dd80de22e83b42e4a2bd46bb32ac1426d117e08bf78c3aef430722cc7e74cffd13b5c669a13d7e01197734add9c8439e12a52508ff2a48794191781ea849a8be62364fec5c44011d83d39a25b09e0d7731ceee8c71a30c02286d18f65c659604b0ff55dec27e783cf1c3975d54f8dac902518c84bb326b66b314ba6610f2fb500aecf0edfb12d734e090e4b9d9a316c40c35f7545a6dfd5e426bd16339789e656983aee893ae80285555a442f3cf650ae1e131f8ea595530cf00b56036a73c4a7b30170d83d5701aa77b29f925d1d7243f1b2e7e313de93eaf422b5173f48"}, {0x8, 0x88be, 0x3, {{0x3, 0x1, 0x5f, 0x1, 0x1, 0x2, 0x0, 0x4}, 0x1, {0x2}}}, {0x8, 0x22eb, 0x4, {{0x5, 0x2, 0x6, 0x1, 0x0, 0x1, 0x3, 0xe}, 0x2, {0x7f, 0x3, 0x2, 0x9, 0x1, 0x0, 0x1, 0x1}}}, {0x8, 0x6558, 0x4, "66648d6a71d213957267fae251a299222351af712e6721c4100e3c2f44e840b11f76f524201905d2359af61bd4ae10b0f83949ec966eac5b305dc1c23f3e23511e37e7076cae501248dd009f654cb85671a8c67b368dd6e7ab7806f75289f210c9b57db0463bd656f5cbc9d7b69de707cd4f72cd20d4cffdfe3b0597872e02bd0ef36b3819f5eec740ea02168f8af5c2fe4e44be"}}}}}}, 0xfce)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0)
r3 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r3, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
r4 = openat$fb0(0xffffffffffffff9c, &(0x7f0000000000), 0x402, 0x0)
r5 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
ioctl$TIOCSETD(r5, 0x545d, &(0x7f0000000200)=0x3)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000007, 0x38011, r4, 0x0)
r6 = getpid()
process_vm_readv(r6, &(0x7f0000008400)=[{&(0x7f0000000300)=""/54, 0x7ffff000}, {&(0x7f0000006180)=""/152, 0x98}], 0x2, &(0x7f0000008640)=[{&(0x7f0000008480)=""/95, 0x7ffff000}], 0x286, 0x0)

151.291271ms ago: executing program 2 (id=3457):
bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x1, 0xe, &(0x7f00000004c0)=ANY=[@ANYBLOB="b702000000000000bfa30000000000000703000000feffff7a0af0fff8ffff1971a4f0ff00000000b7060000080000001e6400000000000045040400010000001704000001000a00b7040000000100006a0af2fe00000000850000001a000000b7000000000000009500000000000000455781a5feee5e1ce784909b849d5550adf200000000000000b61d69f2ffdaa10350e11cb97c8ad51bcda0c4ee6d9674c77404ceb9971e43405d621ffbc9a4fd39b0631f6dde53a9a53608c10556e5734eb84049761471ce540c772e2d9f8004e26f7fcc059c062234d5595f6dba87b81d0806fb0289ce67a66afd9ac3d09e29a9d542ca9d85a5c9c88474895d679838def0a83a733dc6a39b63a5ed69d32394c53361d7480884bd8048a967d9b912ef9f1dcc4ff8546fee53f5b2e7b91c61ced1ebad000000000000e8122a793c080a882add4e1179bd4a44f231b6d753a7be428ba953df4aece69311687f4122073a236c3ad198e3f3a532efa04137d452ff47d2638da3261c8362bb7c7824be6195a66d2e17e122040e11e3bd4a69fc6e8d9f7043e09b9e10dc7777bfae5884e4ba1e9cc4a2bbe99e30816127f46a1aae33d4d63d716c0975e1ce4a655362e7062ff6ab3934555c0184021b829472adefa06d3482c7b2711b98eabdca89b77efd13e6dba4a431ce47910000118093b6cabaa17a57727474e1785ee234835088445aa4a9b677d3d342640e328504aea02a2d727e62b7f097a02dbf8fe1d704765de7482040b2fc3000000000000000008947baeaaf954aff687deaa2f80492461d273ee26d8115cbca081a14cba24788779291745083fccdddc90d7af35c528df8000000d8d79c79ddca066da478c197d4a550470557bc99cca336bd88cd28a5ee651627e3a6fbf6ea53b95ddb64c69c7d8d2f4baddc239828760459564124bad68209d2a1d16ad085886c017679cfcda8b1e152ac1e2bcc5ede5b5687aa418abfa29acd7339e73b2cd185c9eb5fb34fccd20ffa155b16c0c309ed6f6663677df37de0ec0d0f548b273940be5d1fe0bae14d1a76bf741330dacd9cc19c0163bcc93059e8d2d1bfa928e2ba458ecd989cb3581a3f270ad48255ac0dad4923e3e36629589ff6b0ceb3438e4b432dd454c04be2d538aaf60c9f7a7281d32142f2fdbc3d37e5a072b5d7f0a349f1a75f01b5c203d4bdde6ff12de9a37f7fb9a16059ad97e2edefb5e0b0326bd25f6fd1d108efa9d30a9883815654486fe42cf2f676cdbb91f7582ab314be"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000340), 0xfffffffffffffe19}, 0x42)
r0 = socket(0x11, 0x3, 0x0)
setsockopt$XDP_UMEM_REG(0xffffffffffffffff, 0x11b, 0x4, 0x0, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f00000005c0)={'gre0\x00', <r2=>0x0})
bind$packet(r0, &(0x7f0000000180)={0x11, 0x0, r2, 0x1, 0x0, 0x6, @remote}, 0x14)
sendmsg$IPSET_CMD_CREATE(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000480)={0x84, 0x2, 0x6, 0x201, 0xe4340000, 0x0, {}, [@IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}, @IPSET_ATTR_DATA={0x4c, 0x7, 0x0, 0x1, [@IPSET_ATTR_NETMASK={0x5, 0x14, 0x8}, @IPSET_ATTR_CADT_FLAGS={0x8, 0x8, 0x1, 0x0, 0x10}, @IPSET_ATTR_PORT_TO={0x6, 0x5, 0x1, 0x0, 0x4e23}, @IPSET_ATTR_CIDR={0x5, 0x3, 0x1}, @IPSET_ATTR_CIDR={0x5, 0x3, 0xa5}, @IPSET_ATTR_IP={0x18, 0x1, 0x0, 0x1, @IPSET_ATTR_IPADDR_IPV6={0x14, 0x2, 0x1, 0x0, @rand_addr=' \x01\x00'}}, @IPSET_ATTR_CIDR={0x5, 0x3, 0x40}]}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0x2}]}, 0x84}}, 0x2)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000380)={0x18, 0x4, 0x0, &(0x7f0000000140)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x20, '\x00', 0x0, 0x2}, 0x94)
r3 = add_key$user(&(0x7f00000002c0), &(0x7f0000000300)={'syz', 0x0}, &(0x7f0000000280)="d25a9850a9d77f1068", 0x9, 0xfffffffffffffffe)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000018c0)={&(0x7f00000000c0)=ANY=[@ANYBLOB="480000001000050400"/18, @ANYBLOB="ebffffffffffffff28"], 0x48}, 0x1, 0x0, 0x0, 0x4000011}, 0x0)
r4 = add_key$user(&(0x7f00000003c0), &(0x7f0000000440), &(0x7f00000000c0), 0xc9, 0xfffffffffffffffd)
keyctl$dh_compute(0x17, &(0x7f0000000140)={r3, r4, r3}, &(0x7f00000000c0)=""/83, 0xfffffffffffffe4f, 0x0)
r5 = openat$kvm(0xffffffffffffff9c, 0x0, 0x20042, 0x0)
add_key$user(&(0x7f0000000080), 0x0, 0x0, 0x0, 0x0)
r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0)
r7 = dup(r6)
ioctl$KVM_SET_USER_MEMORY_REGION(r6, 0x4020ae46, &(0x7f0000000840)={0x1fe, 0x2, 0x2000, 0x1000, &(0x7f0000003000/0x1000)=nil})
r8 = ioctl$KVM_CREATE_VCPU(r7, 0xae41, 0x2)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r8, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000040)=[@text64={0x40, 0x0}], 0x1, 0x11, 0x0, 0x0)
syz_kvm_setup_cpu$x86(r6, r8, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000200)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_RUN(r8, 0xae80, 0x0)

0s ago: executing program 1 (id=3458):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
prlimit64(0x0, 0xe, 0x0, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0xffffffffffffff1a, &(0x7f0000000200)=0x400000bce)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
chown(0x0, 0x0, 0x0)
sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, 0x0}, 0x40050)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f0000000b00)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000000c0)=@newtaction={0x6c, 0x30, 0x1, 0x70bd26, 0x25dfdbfd, {}, [{0x58, 0x1, [@m_nat={0x54, 0x1, 0x0, 0x0, {{0x8}, {0x2c, 0x2, 0x0, 0x1, [@TCA_NAT_PARMS={0xfffffffffffffd9f, 0x1, {{0x9e, 0x3, 0x20000000, 0x8, 0x9}, @empty, @multicast1, 0xff}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x3, 0x3}}}}]}]}, 0x6c}, 0x1, 0x0, 0x0, 0x4004001}, 0x2400c800)
setsockopt$TIPC_GROUP_JOIN(0xffffffffffffffff, 0x10f, 0x87, &(0x7f00000002c0)={0x42, 0xfffffffe}, 0x10)
socket$tipc(0x1e, 0x2, 0x0)
ioctl$KVM_HYPERV_EVENTFD(0xffffffffffffffff, 0x4018aebd, 0x0)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.net/syz0\x00', 0x1ff)
r2 = socket$inet6(0xa, 0x2, 0x0)
setsockopt$inet6_MCAST_JOIN_GROUP(r2, 0x29, 0x2a, &(0x7f0000000140)={0x0, {{0xa, 0x0, 0x0, @mcast2}}}, 0x88)
setsockopt$inet6_MCAST_MSFILTER(r2, 0x29, 0x30, &(0x7f0000000b00)={0xb, {{0xa, 0x0, 0x0, @mcast2}}, 0x0, 0x2, [{{0xa, 0x0, 0x0, @remote}}, {{0xa, 0xfffc, 0x0, @remote}}]}, 0x190)
syz_emit_ethernet(0x52, &(0x7f00000005c0)=ANY=[@ANYBLOB="bbbbbbbbbbbbaaaaaaaaaa0086dd60003a0400073a00fe8000000000000000000000000000bbff020000000000000000000000000001"], 0x0)
r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
r4 = openat$cgroup_netprio_ifpriomap(r3, &(0x7f0000000080), 0x2, 0x0)
sendfile(r4, r4, 0x0, 0x200)
ioctl$KVM_HYPERV_EVENTFD(0xffffffffffffffff, 0x4018aebd, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x1)

kernel console output (not intermixed with test programs):

3] team0: Port device team_slave_1 added
[ 1140.143539][ T5843] Bluetooth: hci3: command tx timeout
[ 1140.662293][T16485] comedi comedi1: s526: I/O port conflict (0xffffffffffffffff,64)
[ 1140.856703][T16423] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 1140.865528][T16423] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1140.923789][T16423] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 1141.089903][T16479] netlink: 40 bytes leftover after parsing attributes in process `syz.0.3015'.
[ 1141.538664][T16486] netlink: 40 bytes leftover after parsing attributes in process `syz.1.3017'.
[ 1141.818207][T16423] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 1142.073580][T16423] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1142.094361][T16496] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(5)
[ 1142.106037][T16496] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed)
[ 1142.113903][T16423] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 1142.156199][T16496] vhci_hcd vhci_hcd.0: Device attached
[ 1142.169828][T16492] netlink: 40 bytes leftover after parsing attributes in process `syz.2.3018'.
[ 1142.181587][T16502] netlink: 'syz.0.3020': attribute type 64 has an invalid length.
[ 1142.189567][T16502] netlink: 32 bytes leftover after parsing attributes in process `syz.0.3020'.
[ 1142.213796][T16499] vhci_hcd: connection closed
[ 1142.214252][ T6871] vhci_hcd: stop threads
[ 1142.223490][ T6871] vhci_hcd: release socket
[ 1142.228035][ T6871] vhci_hcd: disconnect device
[ 1142.738420][T16508] trusted_key: encrypted_key: insufficient parameters specified
[ 1144.977365][T16352] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1145.630586][T16352] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1145.799491][T16423] hsr_slave_0: entered promiscuous mode
[ 1145.812056][T16423] hsr_slave_1: entered promiscuous mode
[ 1145.822336][T16423] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[ 1145.848771][T16423] Cannot create hsr debugfs directory
[ 1146.516947][T16352] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1147.570148][T16542] netlink: 40 bytes leftover after parsing attributes in process `syz.3.3029'.
[ 1148.095032][T16352] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1148.166226][T16550] netlink: 40 bytes leftover after parsing attributes in process `syz.0.3031'.
[ 1148.423932][T16561] netlink: 12 bytes leftover after parsing attributes in process `syz.3.3034'.
[ 1148.539729][T16352] bridge_slave_1: left allmulticast mode
[ 1148.546143][T16352] bridge_slave_1: left promiscuous mode
[ 1148.552108][T16352] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1148.572334][T16352] bridge_slave_0: left allmulticast mode
[ 1148.578266][T16352] bridge_slave_0: left promiscuous mode
[ 1148.584746][T16352] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1150.872921][T16584] openvswitch: netlink: VXLAN extension message has 2 unknown bytes.
[ 1151.458130][T16586] trusted_key: encrypted_key: insufficient parameters specified
[ 1151.710494][T16352] bridge0 (unregistering): left promiscuous mode
[ 1151.928579][T15547] usb 1-1: new high-speed USB device number 74 using dummy_hcd
[ 1152.047891][T16352] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 1152.059802][T16352] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 1152.072245][T16352] bond0 (unregistering): Released all slaves
[ 1152.103788][T15547] usb 1-1: Using ep0 maxpacket: 32
[ 1152.118701][T15547] usb 1-1: New USB device found, idVendor=041e, idProduct=400b, bcdDevice=3e.e7
[ 1152.140260][T16590] FAULT_INJECTION: forcing a failure.
[ 1152.140260][T16590] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1152.162344][T15547] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1152.177711][T16590] CPU: 0 UID: 0 PID: 16590 Comm: syz.3.3042 Not tainted 6.16.0-rc6-syzkaller-00253-g4871b7cb27f4 #0 PREEMPT(full) 
[ 1152.177742][T16590] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 1152.177754][T16590] Call Trace:
[ 1152.177763][T16590]  <TASK>
[ 1152.177773][T16590]  dump_stack_lvl+0x189/0x250
[ 1152.177801][T16590]  ? __pfx____ratelimit+0x10/0x10
[ 1152.177823][T16590]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1152.177846][T16590]  ? __pfx__printk+0x10/0x10
[ 1152.177872][T16590]  ? __might_fault+0xb0/0x130
[ 1152.177905][T16590]  should_fail_ex+0x414/0x560
[ 1152.177949][T16590]  _copy_from_user+0x2d/0xb0
[ 1152.177993][T16590]  ioctl_standard_iw_point+0x59d/0xd40
[ 1152.178043][T16590]  ? __pfx_cfg80211_wext_siwencode+0x10/0x10
[ 1152.178068][T16590]  ? __pfx_ioctl_standard_iw_point+0x10/0x10
[ 1152.178097][T16590]  ? __pfx___mutex_lock+0x10/0x10
[ 1152.178126][T16590]  ? full_name_hash+0x92/0xe0
[ 1152.178153][T16590]  ? __pfx_cfg80211_wext_siwencode+0x10/0x10
[ 1152.178178][T16590]  ioctl_standard_call+0xaf/0x1b0
[ 1152.178207][T16590]  ? __pfx_cfg80211_wext_siwencode+0x10/0x10
[ 1152.178229][T16590]  wext_ioctl_dispatch+0xee/0x410
[ 1152.178253][T16590]  ? __pfx_ioctl_standard_call+0x10/0x10
[ 1152.178282][T16590]  wext_handle_ioctl+0x100/0x1c0
[ 1152.178312][T16590]  ? __pfx_wext_handle_ioctl+0x10/0x10
[ 1152.178334][T16590]  ? __lock_acquire+0xab9/0xd20
[ 1152.178358][T16590]  ? __asan_memset+0x22/0x50
[ 1152.178386][T16590]  ? smack_file_ioctl+0x24a/0x340
[ 1152.178425][T16590]  sock_ioctl+0x15f/0x790
[ 1152.178449][T16590]  ? __pfx_sock_ioctl+0x10/0x10
[ 1152.178471][T16590]  ? __fget_files+0x2a/0x420
[ 1152.178493][T16590]  ? __fget_files+0x3a0/0x420
[ 1152.178514][T16590]  ? __fget_files+0x2a/0x420
[ 1152.178539][T16590]  ? bpf_lsm_file_ioctl+0x9/0x20
[ 1152.178562][T16590]  ? __pfx_sock_ioctl+0x10/0x10
[ 1152.178582][T16590]  __se_sys_ioctl+0xf9/0x170
[ 1152.178615][T16590]  do_syscall_64+0xfa/0x3b0
[ 1152.178635][T16590]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1152.178655][T16590]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1152.178676][T16590]  ? clear_bhb_loop+0x60/0xb0
[ 1152.178701][T16590]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1152.178721][T16590] RIP: 0033:0x7fe220d8e9a9
[ 1152.178739][T16590] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1152.178761][T16590] RSP: 002b:00007fe221c05038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1152.178782][T16590] RAX: ffffffffffffffda RBX: 00007fe220fb5fa0 RCX: 00007fe220d8e9a9
[ 1152.178797][T16590] RDX: 0000200000000040 RSI: 0000000000008b2a RDI: 0000000000000004
[ 1152.178811][T16590] RBP: 00007fe221c05090 R08: 0000000000000000 R09: 0000000000000000
[ 1152.178824][T16590] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1152.178836][T16590] R13: 0000000000000000 R14: 00007fe220fb5fa0 R15: 00007ffde20a83e8
[ 1152.178868][T16590]  </TASK>
[ 1152.194575][T15547] usb 1-1: config 0 descriptor??
[ 1152.411143][T16423] netdevsim netdevsim5 netdevsim0: renamed from eth0
[ 1152.558815][T16423] netdevsim netdevsim5 netdevsim1: renamed from eth1
[ 1152.581101][T16423] netdevsim netdevsim5 netdevsim2: renamed from eth2
[ 1152.611839][T16423] netdevsim netdevsim5 netdevsim3: renamed from eth3
[ 1152.987821][T16596] netlink: 40 bytes leftover after parsing attributes in process `syz.3.3043'.
[ 1153.006427][T15547] gspca_main: sunplus-2.14.0 probing 041e:400b
[ 1153.405687][T16423] 8021q: adding VLAN 0 to HW filter on device bond0
[ 1153.449542][T16423] 8021q: adding VLAN 0 to HW filter on device team0
[ 1153.465911][   T37] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1153.473188][   T37] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1153.540944][ T3484] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1153.548404][ T3484] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1153.560638][T16613] netlink: 'syz.2.3047': attribute type 4 has an invalid length.
[ 1153.610196][T16613] netlink: 'syz.2.3047': attribute type 4 has an invalid length.
[ 1153.623634][   T10] usb 4-1: new high-speed USB device number 12 using dummy_hcd
[ 1153.787256][   T10] usb 4-1: Using ep0 maxpacket: 32
[ 1153.802162][   T10] usb 4-1: config 0 interface 0 has no altsetting 0
[ 1153.812907][   T10] usb 4-1: New USB device found, idVendor=16d0, idProduct=10b8, bcdDevice=de.8e
[ 1153.829319][   T10] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1153.853602][   T10] usb 4-1: Product: syz
[ 1153.853893][T16617] overlayfs: failed to resolve './bus': -2
[ 1153.857807][   T10] usb 4-1: Manufacturer: syz
[ 1153.857827][   T10] usb 4-1: SerialNumber: syz
[ 1153.906084][   T10] usb 4-1: config 0 descriptor??
[ 1154.029624][T16423] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 1154.134923][   T10] gs_usb 4-1:0.0: Couldn't send data format (err=-71)
[ 1154.141767][   T10] gs_usb 4-1:0.0: probe with driver gs_usb failed with error -71
[ 1154.166408][   T10] usb 4-1: USB disconnect, device number 12
[ 1154.234010][T15547] gspca_sunplus: reg_w_riv err -71
[ 1154.239388][T15547] sunplus 1-1:0.0: probe with driver sunplus failed with error -71
[ 1154.260113][T15547] usb 1-1: USB disconnect, device number 74
[ 1154.371000][T16423] veth0_vlan: entered promiscuous mode
[ 1154.390472][T16423] veth1_vlan: entered promiscuous mode
[ 1154.420379][T16423] veth0_macvtap: entered promiscuous mode
[ 1154.432031][T16423] veth1_macvtap: entered promiscuous mode
[ 1154.450786][T16423] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 1154.467622][T16423] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 1154.482471][T16423] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 1154.493249][T16423] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 1154.502457][T16423] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 1154.511634][T16423] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 1154.593928][ T6866] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1154.601992][ T6866] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1154.632676][ T6866] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1154.641541][ T6866] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1155.046801][T16635] openvswitch: netlink: VXLAN extension message has 2 unknown bytes.
[ 1157.216607][T16646] netlink: 28 bytes leftover after parsing attributes in process `syz.2.3053'.
[ 1157.481290][T16646] netlink: 14 bytes leftover after parsing attributes in process `syz.2.3053'.
[ 1158.690881][T16657] netlink: zone id is out of range
[ 1158.712267][T16657] netlink: zone id is out of range
[ 1158.719787][T16657] netlink: zone id is out of range
[ 1158.743206][T16657] netlink: zone id is out of range
[ 1158.755915][T16663] fuseblk: Bad value for 'user_id'
[ 1158.761101][T16663] fuseblk: Bad value for 'user_id'
[ 1158.781032][T16657] netlink: zone id is out of range
[ 1158.794377][T16657] netlink: zone id is out of range
[ 1158.799587][T16657] netlink: zone id is out of range
[ 1158.823313][T16657] netlink: zone id is out of range
[ 1158.849800][T16657] netlink: zone id is out of range
[ 1158.868027][T16657] netlink: zone id is out of range
[ 1158.980106][T16646] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 1159.036528][T16646] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 1159.163229][T16646] bond0 (unregistering): Released all slaves
[ 1159.859697][T16669] trusted_key: encrypted_key: insufficient parameters specified
[ 1161.885822][T16682] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(5)
[ 1161.892405][T16682] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed)
[ 1161.973887][T16682] vhci_hcd vhci_hcd.0: Device attached
[ 1162.226407][ T5954] usb 39-1: new high-speed USB device number 2 using vhci_hcd
[ 1162.913656][T16684] vhci_hcd: connection reset by peer
[ 1162.977492][ T3484] vhci_hcd: stop threads
[ 1162.982371][ T3484] vhci_hcd: release socket
[ 1162.993054][ T3484] vhci_hcd: disconnect device
[ 1166.564136][T16704] FAULT_INJECTION: forcing a failure.
[ 1166.564136][T16704] name failslab, interval 1, probability 0, space 0, times 0
[ 1166.706379][T16707] No such timeout policy "syz0"
[ 1167.524617][T16704] CPU: 0 UID: 0 PID: 16704 Comm: syz.5.3066 Not tainted 6.16.0-rc6-syzkaller-00253-g4871b7cb27f4 #0 PREEMPT(full) 
[ 1167.524649][T16704] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 1167.524662][T16704] Call Trace:
[ 1167.524671][T16704]  <TASK>
[ 1167.524680][T16704]  dump_stack_lvl+0x189/0x250
[ 1167.524709][T16704]  ? __pfx____ratelimit+0x10/0x10
[ 1167.524730][T16704]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1167.524754][T16704]  ? __pfx__printk+0x10/0x10
[ 1167.524782][T16704]  ? __pfx___might_resched+0x10/0x10
[ 1167.524804][T16704]  ? fs_reclaim_acquire+0x7d/0x100
[ 1167.524833][T16704]  should_fail_ex+0x414/0x560
[ 1167.524858][T16704]  ? __pfx_proc_alloc_inode+0x10/0x10
[ 1167.524883][T16704]  should_failslab+0xa8/0x100
[ 1167.524906][T16704]  ? __pfx_proc_alloc_inode+0x10/0x10
[ 1167.524930][T16704]  kmem_cache_alloc_lru_noprof+0x78/0x3d0
[ 1167.524951][T16704]  ? proc_alloc_inode+0x2a/0xc0
[ 1167.524980][T16704]  ? __pfx_proc_alloc_inode+0x10/0x10
[ 1167.525004][T16704]  proc_alloc_inode+0x2a/0xc0
[ 1167.525039][T16704]  alloc_inode+0x6a/0x1b0
[ 1167.525063][T16704]  new_inode+0x22/0x170
[ 1167.525090][T16704]  proc_pid_make_inode+0x21/0x130
[ 1167.525124][T16704]  proc_pident_instantiate+0x6d/0x2b0
[ 1167.525163][T16704]  proc_pident_lookup+0x1b3/0x290
[ 1167.525191][T16704]  path_openat+0x10fe/0x3830
[ 1167.525219][T16704]  ? arch_stack_walk+0xfc/0x150
[ 1167.525278][T16704]  ? __pfx_path_openat+0x10/0x10
[ 1167.525305][T16704]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1167.525347][T16704]  do_filp_open+0x1fa/0x410
[ 1167.525374][T16704]  ? __lock_acquire+0xab9/0xd20
[ 1167.525395][T16704]  ? __pfx_do_filp_open+0x10/0x10
[ 1167.525435][T16704]  ? __pfx_kfree_link+0x10/0x10
[ 1167.525467][T16704]  ? _raw_spin_unlock+0x28/0x50
[ 1167.525497][T16704]  ? alloc_fd+0x64c/0x6c0
[ 1167.525531][T16704]  do_sys_openat2+0x121/0x1c0
[ 1167.525561][T16704]  ? __pfx_do_sys_openat2+0x10/0x10
[ 1167.525589][T16704]  ? ksys_write+0x22a/0x250
[ 1167.525612][T16704]  ? __pfx_ksys_write+0x10/0x10
[ 1167.525629][T16704]  ? rcu_is_watching+0x15/0xb0
[ 1167.525655][T16704]  __x64_sys_openat+0x138/0x170
[ 1167.525687][T16704]  do_syscall_64+0xfa/0x3b0
[ 1167.525708][T16704]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1167.525729][T16704]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1167.525749][T16704]  ? clear_bhb_loop+0x60/0xb0
[ 1167.525774][T16704]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1167.525794][T16704] RIP: 0033:0x7faed218d310
[ 1167.525813][T16704] Code: 48 89 44 24 20 75 93 44 89 54 24 0c e8 49 94 02 00 44 8b 54 24 0c 89 da 48 89 ee 41 89 c0 bf 9c ff ff ff b8 01 01 00 00 0f 05 <48> 3d 00 f0 ff ff 77 38 44 89 c7 89 44 24 0c e8 9c 94 02 00 8b 44
[ 1167.525832][T16704] RSP: 002b:00007faed2ffdf10 EFLAGS: 00000293 ORIG_RAX: 0000000000000101
[ 1167.525861][T16704] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007faed218d310
[ 1167.525875][T16704] RDX: 0000000000000002 RSI: 00007faed2ffdfa0 RDI: 00000000ffffff9c
[ 1167.525889][T16704] RBP: 00007faed2ffdfa0 R08: 0000000000000000 R09: 0000000000000000
[ 1167.525902][T16704] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000001
[ 1167.525915][T16704] R13: 0000000000000000 R14: 00007faed23b6080 R15: 00007ffd4f88b508
[ 1167.525947][T16704]  </TASK>
[ 1168.153589][ T5954] vhci_hcd: vhci_device speed not set
[ 1168.224900][T16722] netlink: 68 bytes leftover after parsing attributes in process `syz.3.3069'.
[ 1168.591151][T16730] 9pnet_fd: Insufficient options for proto=fd
[ 1168.634206][T16729] bridge0: port 3(gretap0) entered blocking state
[ 1168.641681][T16732] netlink: 12 bytes leftover after parsing attributes in process `syz.1.3076'.
[ 1168.679444][T16729] bridge0: port 3(gretap0) entered disabled state
[ 1168.698900][T16729] gretap0: entered allmulticast mode
[ 1168.725857][T16729] gretap0: entered promiscuous mode
[ 1168.734985][T16733] netlink: 28 bytes leftover after parsing attributes in process `syz.1.3076'.
[ 1168.905207][T16733] 8021q: adding VLAN 0 to HW filter on device bond1
[ 1168.937581][T16736] vhci_hcd vhci_hcd.0: pdev(2) rhport(0) sockfd(5)
[ 1168.944165][T16736] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed)
[ 1168.977511][T16736] vhci_hcd vhci_hcd.0: Device attached
[ 1169.010671][T16738] vhci_hcd: connection closed
[ 1169.028072][T16351] vhci_hcd: stop threads
[ 1169.050599][T16351] vhci_hcd: release socket
[ 1169.055799][T16351] vhci_hcd: disconnect device
[ 1171.377620][T16754] hub 1-0:1.0: USB hub found
[ 1171.384438][T16754] hub 1-0:1.0: 1 port detected
[ 1172.420186][T16761] trusted_key: encrypted_key: insufficient parameters specified
[ 1172.601390][T16766] netlink: 892 bytes leftover after parsing attributes in process `syz.5.3084'.
[ 1173.877931][T16774] syz.2.3090: attempt to access beyond end of device
[ 1173.877931][T16774] nbd2: rw=0, sector=0, nr_sectors = 1 limit=0
[ 1173.914930][T16774] efs: cannot read volume header
[ 1174.868737][T16793] FAULT_INJECTION: forcing a failure.
[ 1174.868737][T16793] name failslab, interval 1, probability 0, space 0, times 0
[ 1174.902352][T16793] CPU: 0 UID: 0 PID: 16793 Comm: syz.1.3094 Not tainted 6.16.0-rc6-syzkaller-00253-g4871b7cb27f4 #0 PREEMPT(full) 
[ 1174.902387][T16793] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 1174.902400][T16793] Call Trace:
[ 1174.902410][T16793]  <TASK>
[ 1174.902420][T16793]  dump_stack_lvl+0x189/0x250
[ 1174.902451][T16793]  ? __pfx____ratelimit+0x10/0x10
[ 1174.902482][T16793]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1174.902506][T16793]  ? __pfx__printk+0x10/0x10
[ 1174.902541][T16793]  ? __pfx___might_resched+0x10/0x10
[ 1174.902569][T16793]  should_fail_ex+0x414/0x560
[ 1174.902598][T16793]  should_failslab+0xa8/0x100
[ 1174.902624][T16793]  kmem_cache_alloc_node_noprof+0x76/0x3c0
[ 1174.902647][T16793]  ? __alloc_skb+0x112/0x2d0
[ 1174.902680][T16793]  __alloc_skb+0x112/0x2d0
[ 1174.902714][T16793]  netlink_dump+0x1b1/0xe60
[ 1174.902757][T16793]  ? __pfx_netlink_dump+0x10/0x10
[ 1174.902812][T16793]  ? genl_start+0x499/0x6c0
[ 1174.902841][T16793]  __netlink_dump_start+0x5cb/0x7e0
[ 1174.902877][T16793]  genl_family_rcv_msg_dumpit+0x1e7/0x2c0
[ 1174.902904][T16793]  ? __pfx_genl_family_rcv_msg_dumpit+0x10/0x10
[ 1174.902933][T16793]  ? rcu_is_watching+0x15/0xb0
[ 1174.902955][T16793]  ? __pfx_genl_start+0x10/0x10
[ 1174.902973][T16793]  ? __pfx_genl_dumpit+0x10/0x10
[ 1174.902991][T16793]  ? __pfx_genl_done+0x10/0x10
[ 1174.903015][T16793]  ? bpf_lsm_capable+0x9/0x20
[ 1174.903041][T16793]  ? security_capable+0x7e/0x2e0
[ 1174.903074][T16793]  genl_rcv_msg+0x5da/0x790
[ 1174.903102][T16793]  ? __pfx_genl_rcv_msg+0x10/0x10
[ 1174.903121][T16793]  ? ref_tracker_free+0x63a/0x7d0
[ 1174.903143][T16793]  ? __pfx_gtp_genl_dump_pdp+0x10/0x10
[ 1174.903171][T16793]  ? __pfx_ref_tracker_free+0x10/0x10
[ 1174.903205][T16793]  netlink_rcv_skb+0x208/0x470
[ 1174.903234][T16793]  ? __pfx_genl_rcv_msg+0x10/0x10
[ 1174.903258][T16793]  ? __pfx_netlink_rcv_skb+0x10/0x10
[ 1174.903325][T16793]  ? down_read+0x1ad/0x2e0
[ 1174.903353][T16793]  genl_rcv+0x28/0x40
[ 1174.903372][T16793]  netlink_unicast+0x75c/0x8e0
[ 1174.903410][T16793]  netlink_sendmsg+0x805/0xb30
[ 1174.903451][T16793]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 1174.903496][T16793]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[ 1174.903518][T16793]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 1174.903549][T16793]  __sock_sendmsg+0x21c/0x270
[ 1174.903577][T16793]  ____sys_sendmsg+0x505/0x830
[ 1174.903615][T16793]  ? __pfx_____sys_sendmsg+0x10/0x10
[ 1174.903658][T16793]  ? import_iovec+0x74/0xa0
[ 1174.903692][T16793]  ___sys_sendmsg+0x21f/0x2a0
[ 1174.903727][T16793]  ? __pfx____sys_sendmsg+0x10/0x10
[ 1174.903812][T16793]  ? __fget_files+0x2a/0x420
[ 1174.903835][T16793]  ? __fget_files+0x3a0/0x420
[ 1174.903870][T16793]  __x64_sys_sendmsg+0x19b/0x260
[ 1174.903904][T16793]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[ 1174.903945][T16793]  ? __pfx_ksys_write+0x10/0x10
[ 1174.903963][T16793]  ? rcu_is_watching+0x15/0xb0
[ 1174.903991][T16793]  ? do_syscall_64+0xbe/0x3b0
[ 1174.904018][T16793]  do_syscall_64+0xfa/0x3b0
[ 1174.904039][T16793]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1174.904060][T16793]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1174.904080][T16793]  ? clear_bhb_loop+0x60/0xb0
[ 1174.904105][T16793]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1174.904125][T16793] RIP: 0033:0x7f61e598e9a9
[ 1174.904144][T16793] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1174.904162][T16793] RSP: 002b:00007f61e67a3038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 1174.904184][T16793] RAX: ffffffffffffffda RBX: 00007f61e5bb5fa0 RCX: 00007f61e598e9a9
[ 1174.904199][T16793] RDX: 0000000024008040 RSI: 0000200000002880 RDI: 0000000000000003
[ 1174.904213][T16793] RBP: 00007f61e67a3090 R08: 0000000000000000 R09: 0000000000000000
[ 1174.904227][T16793] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1174.904239][T16793] R13: 0000000000000000 R14: 00007f61e5bb5fa0 R15: 00007ffdaa79d7d8
[ 1174.904272][T16793]  </TASK>
[ 1174.963776][T15154] usb 3-1: new high-speed USB device number 13 using dummy_hcd
[ 1176.633768][T15154] usb 3-1: Using ep0 maxpacket: 16
[ 1176.643747][T15154] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0xD has an invalid bInterval 0, changing to 7
[ 1176.675935][T15154] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0xD has invalid wMaxPacketSize 0
[ 1176.945097][T15154] usb 3-1: New USB device found, idVendor=4752, idProduct=0011, bcdDevice=32.4f
[ 1177.308760][ T1300] ieee802154 phy0 wpan0: encryption failed: -22
[ 1177.316223][ T1300] ieee802154 phy1 wpan1: encryption failed: -22
[ 1177.472124][T15154] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1177.846049][T15154] usb 3-1: Product: syz
[ 1177.850283][T15154] usb 3-1: Manufacturer: syz
[ 1177.854977][T15154] usb 3-1: SerialNumber: syz
[ 1177.934464][T15154] usb 3-1: config 0 descriptor??
[ 1177.955313][T15154] usb 3-1: can't set config #0, error -71
[ 1177.991228][T15154] usb 3-1: USB disconnect, device number 13
[ 1179.966969][T16827] netlink: 'syz.0.3103': attribute type 10 has an invalid length.
[ 1180.532158][T16835] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3105'.
[ 1180.679338][T16819] 8021q: adding VLAN 0 to HW filter on device bond2
[ 1180.746451][T16819] bridge0: port 3(bond2) entered blocking state
[ 1180.755219][T16819] bridge0: port 3(bond2) entered disabled state
[ 1180.777567][T16819] bond2: entered allmulticast mode
[ 1180.845660][T16819] bond2: entered promiscuous mode
[ 1181.013307][T16827] team0: Device lo is loopback device. Loopback devices can't be added as a team port
[ 1181.053980][T16827] net_ratelimit: 404 callbacks suppressed
[ 1181.053999][T16827] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[ 1185.971191][T16870] netlink: 40 bytes leftover after parsing attributes in process `syz.1.3116'.
[ 1189.183534][T15154] usb 4-1: new high-speed USB device number 13 using dummy_hcd
[ 1190.705275][T15154] usb 4-1: config 0 interface 0 altsetting 251 endpoint 0x9 has invalid wMaxPacketSize 0
[ 1191.191115][T15154] usb 4-1: config 0 interface 0 has no altsetting 0
[ 1191.200596][T15154] usb 4-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b
[ 1191.210009][T15154] usb 4-1: New USB device strings: Mfr=1, Product=228, SerialNumber=2
[ 1191.218331][T15154] usb 4-1: Product: syz
[ 1191.222505][T15154] usb 4-1: Manufacturer: syz
[ 1191.232429][T15154] usb 4-1: SerialNumber: syz
[ 1191.241326][T15154] usb 4-1: config 0 descriptor??
[ 1191.252134][T15154] usb 4-1: selecting invalid altsetting 0
[ 1191.289767][T16906] netlink: 68 bytes leftover after parsing attributes in process `syz.5.3125'.
[ 1194.054219][ T5899] usb 4-1: USB disconnect, device number 13
[ 1194.285991][T16923] FAULT_INJECTION: forcing a failure.
[ 1194.285991][T16923] name failslab, interval 1, probability 0, space 0, times 0
[ 1194.308916][T16923] CPU: 0 UID: 0 PID: 16923 Comm: syz.3.3130 Not tainted 6.16.0-rc6-syzkaller-00253-g4871b7cb27f4 #0 PREEMPT(full) 
[ 1194.308949][T16923] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 1194.308962][T16923] Call Trace:
[ 1194.308972][T16923]  <TASK>
[ 1194.308982][T16923]  dump_stack_lvl+0x189/0x250
[ 1194.309021][T16923]  ? __pfx____ratelimit+0x10/0x10
[ 1194.309044][T16923]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1194.309068][T16923]  ? __pfx__printk+0x10/0x10
[ 1194.309098][T16923]  ? __pfx___might_resched+0x10/0x10
[ 1194.309122][T16923]  ? fs_reclaim_acquire+0x7d/0x100
[ 1194.309154][T16923]  should_fail_ex+0x414/0x560
[ 1194.309182][T16923]  should_failslab+0xa8/0x100
[ 1194.309208][T16923]  __kmalloc_cache_noprof+0x70/0x3d0
[ 1194.309230][T16923]  ? alloc_fs_context+0x61/0x7d0
[ 1194.309259][T16923]  alloc_fs_context+0x61/0x7d0
[ 1194.309294][T16923]  __se_sys_fspick+0x19d/0x3d0
[ 1194.309325][T16923]  ? __pfx___se_sys_fspick+0x10/0x10
[ 1194.309350][T16923]  ? rcu_is_watching+0x15/0xb0
[ 1194.309379][T16923]  ? do_syscall_64+0xbe/0x3b0
[ 1194.309407][T16923]  do_syscall_64+0xfa/0x3b0
[ 1194.309429][T16923]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1194.309451][T16923]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1194.309471][T16923]  ? clear_bhb_loop+0x60/0xb0
[ 1194.309493][T16923]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1194.309508][T16923] RIP: 0033:0x7fe220d8e9a9
[ 1194.309522][T16923] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1194.309535][T16923] RSP: 002b:00007fe221be4038 EFLAGS: 00000246 ORIG_RAX: 00000000000001b1
[ 1194.309551][T16923] RAX: ffffffffffffffda RBX: 00007fe220fb6080 RCX: 00007fe220d8e9a9
[ 1194.309563][T16923] RDX: 0000000000000000 RSI: 0000200000000240 RDI: ffffffffffffff9c
[ 1194.309573][T16923] RBP: 00007fe221be4090 R08: 0000000000000000 R09: 0000000000000000
[ 1194.309583][T16923] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1194.309592][T16923] R13: 0000000000000000 R14: 00007fe220fb6080 R15: 00007ffde20a83e8
[ 1194.309615][T16923]  </TASK>
[ 1195.448407][T16943] batadv_slave_1: entered promiscuous mode
[ 1195.733735][T15547] usb 4-1: new high-speed USB device number 14 using dummy_hcd
[ 1196.049419][T15547] usb 4-1: config 0 has no interfaces?
[ 1196.080384][T15547] usb 4-1: New USB device found, idVendor=13e5, idProduct=0001, bcdDevice=4e.53
[ 1196.090371][T15547] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1196.105947][T15547] usb 4-1: config 0 descriptor??
[ 1197.735565][ T5891] dvb-usb: did not find the firmware file 'dvb-usb-az6027-03.fw' (status -110). You can use <kernel_dir>/scripts/get_dvb_firmware to get the firmware
[ 1197.761227][ T5891] dvb_usb_az6027 2-1:0.0: probe with driver dvb_usb_az6027 failed with error -110
[ 1197.773658][ T5891] usb 2-1: USB disconnect, device number 72
[ 1197.962053][T16958] IPv6: Can't replace route, no match found
[ 1199.431314][T16961] netlink: 12 bytes leftover after parsing attributes in process `syz.2.3139'.
[ 1200.226875][T16954] batadv_slave_1: left promiscuous mode
[ 1200.356837][T15154] usb 4-1: USB disconnect, device number 14
[ 1200.763915][ T5891] usb 3-1: new high-speed USB device number 14 using dummy_hcd
[ 1200.873539][T15547] usb 6-1: new high-speed USB device number 2 using dummy_hcd
[ 1201.736317][ T5891] usb 3-1: config 0 has an invalid interface number: 69 but max is 0
[ 1201.744899][ T5891] usb 3-1: config 0 has no interface number 0
[ 1201.751062][ T5891] usb 3-1: config 0 interface 69 altsetting 0 bulk endpoint 0x8 has invalid maxpacket 1023
[ 1201.763637][ T5891] usb 3-1: config 0 interface 69 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[ 1201.777760][ T5891] usb 3-1: New USB device found, idVendor=0c4b, idProduct=0100, bcdDevice=d7.ca
[ 1201.787188][ T5891] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1201.813456][ T5891] usb 3-1: Product: syz
[ 1201.817967][ T5891] usb 3-1: Manufacturer: syz
[ 1201.822613][ T5891] usb 3-1: SerialNumber: syz
[ 1201.837835][T15547] usb 6-1: config 0 interface 0 altsetting 251 endpoint 0x9 has invalid wMaxPacketSize 0
[ 1201.889427][T15547] usb 6-1: config 0 interface 0 has no altsetting 0
[ 1201.905791][ T5891] usb 3-1: config 0 descriptor??
[ 1201.924097][T16961] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22
[ 1201.933344][ T5891] cyberjack 3-1:0.69: Reiner SCT Cyberjack USB card reader converter detected
[ 1201.965036][T15547] usb 6-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b
[ 1201.983448][T15547] usb 6-1: New USB device strings: Mfr=1, Product=228, SerialNumber=2
[ 1202.002075][ T5891] usb 3-1: Reiner SCT Cyberjack USB card reader converter now attached to ttyUSB0
[ 1202.020786][T15547] usb 6-1: Product: syz
[ 1202.041899][T15547] usb 6-1: Manufacturer: syz
[ 1202.041925][T15547] usb 6-1: SerialNumber: syz
[ 1202.052353][T15547] usb 6-1: config 0 descriptor??
[ 1202.060539][T15547] usb 6-1: selecting invalid altsetting 0
[ 1202.445570][T16629] usb 3-1: USB disconnect, device number 14
[ 1202.466578][T16991] FAULT_INJECTION: forcing a failure.
[ 1202.466578][T16991] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1202.480829][T16629] cyberjack ttyUSB0: Reiner SCT Cyberjack USB card reader converter now disconnected from ttyUSB0
[ 1202.508989][T16629] cyberjack 3-1:0.69: device disconnected
[ 1202.515278][T16991] CPU: 0 UID: 0 PID: 16991 Comm: syz.0.3147 Not tainted 6.16.0-rc6-syzkaller-00253-g4871b7cb27f4 #0 PREEMPT(full) 
[ 1202.515308][T16991] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 1202.515321][T16991] Call Trace:
[ 1202.515330][T16991]  <TASK>
[ 1202.515340][T16991]  dump_stack_lvl+0x189/0x250
[ 1202.515368][T16991]  ? __pfx____ratelimit+0x10/0x10
[ 1202.515391][T16991]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1202.515413][T16991]  ? __pfx__printk+0x10/0x10
[ 1202.515453][T16991]  should_fail_ex+0x414/0x560
[ 1202.515480][T16991]  _copy_to_user+0x31/0xb0
[ 1202.515511][T16991]  simple_read_from_buffer+0xe1/0x170
[ 1202.515539][T16991]  proc_fail_nth_read+0x1df/0x250
[ 1202.515569][T16991]  ? __pfx_proc_fail_nth_read+0x10/0x10
[ 1202.515597][T16991]  ? rw_verify_area+0x258/0x650
[ 1202.515628][T16991]  ? __pfx_proc_fail_nth_read+0x10/0x10
[ 1202.515665][T16991]  vfs_read+0x1fd/0x980
[ 1202.515719][T16991]  ? __pfx___mutex_lock+0x10/0x10
[ 1202.515742][T16991]  ? __pfx_vfs_read+0x10/0x10
[ 1202.515775][T16991]  ? __fget_files+0x2a/0x420
[ 1202.515803][T16991]  ? __fget_files+0x3a0/0x420
[ 1202.515843][T16991]  ? __fget_files+0x2a/0x420
[ 1202.515875][T16991]  ksys_read+0x145/0x250
[ 1202.515898][T16991]  ? __pfx_ksys_read+0x10/0x10
[ 1202.515923][T16991]  ? do_syscall_64+0xbe/0x3b0
[ 1202.515949][T16991]  do_syscall_64+0xfa/0x3b0
[ 1202.515970][T16991]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1202.515991][T16991]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1202.516012][T16991]  ? clear_bhb_loop+0x60/0xb0
[ 1202.516037][T16991]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1202.516057][T16991] RIP: 0033:0x7fd98398d3bc
[ 1202.516076][T16991] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[ 1202.516094][T16991] RSP: 002b:00007fd984784030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[ 1202.516124][T16991] RAX: ffffffffffffffda RBX: 00007fd983bb5fa0 RCX: 00007fd98398d3bc
[ 1202.516139][T16991] RDX: 000000000000000f RSI: 00007fd9847840a0 RDI: 0000000000000003
[ 1202.516153][T16991] RBP: 00007fd984784090 R08: 0000000000000000 R09: 0000000000000000
[ 1202.516167][T16991] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1202.516179][T16991] R13: 0000000000000001 R14: 00007fd983bb5fa0 R15: 00007fff71f4fde8
[ 1202.516213][T16991]  </TASK>
[ 1202.921292][T16996] erofs (device nullb0): cannot find valid erofs superblock
[ 1203.544953][T17000] openvswitch: netlink: VXLAN extension message has 2 unknown bytes.
[ 1203.925737][T17001] xt_hashlimit: size too large, truncated to 1048576
[ 1204.138489][T17006] openvswitch: netlink: Either Ethernet header or EtherType is required.
[ 1204.485560][T15547] usb 6-1: USB disconnect, device number 2
[ 1205.148308][T17025] input: syz1 as /devices/virtual/input/input20
[ 1205.374117][T17030] netlink: 64 bytes leftover after parsing attributes in process `syz.5.3161'.
[ 1205.619433][T17033] netlink: 40 bytes leftover after parsing attributes in process `syz.3.3162'.
[ 1205.923739][T15547] usb 6-1: new high-speed USB device number 3 using dummy_hcd
[ 1206.176188][T15547] usb 6-1: Using ep0 maxpacket: 32
[ 1206.191530][T17037] overlay: filesystem on ./file1 not supported
[ 1206.208116][T15547] usb 6-1: config 0 interface 0 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[ 1206.281942][T15547] usb 6-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xE3, changing to 0x83
[ 1206.329041][T15547] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x83 has an invalid bInterval 230, changing to 11
[ 1206.381562][T15547] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x83 has invalid maxpacket 33399, setting to 1024
[ 1206.413176][T15547] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0xB has invalid wMaxPacketSize 0
[ 1206.436009][T15547] usb 6-1: config 0 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 0
[ 1206.488716][T15547] usb 6-1: config 0 interface 0 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 2
[ 1206.513773][T15100] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[ 1206.526295][T15100] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[ 1206.535285][T15100] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[ 1206.548220][T15100] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[ 1206.556286][T15100] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[ 1206.602200][T15547] usb 6-1: New USB device found, idVendor=072f, idProduct=2200, bcdDevice=3f.bf
[ 1206.611994][T15547] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1206.620391][T15547] usb 6-1: Product: syz
[ 1206.624939][T15547] usb 6-1: Manufacturer: syz
[ 1206.629694][T15547] usb 6-1: SerialNumber: syz
[ 1206.646969][T15547] usb 6-1: config 0 descriptor??
[ 1206.655127][T15547] pn533_usb 6-1:0.0: NFC: Could not find bulk-in or bulk-out endpoint
[ 1206.770156][T17042] lo speed is unknown, defaulting to 1000
[ 1206.871980][   T10] usb 6-1: USB disconnect, device number 3
[ 1206.965023][T17062] input: syz1 as /devices/virtual/input/input21
[ 1207.108852][T17062] FAULT_INJECTION: forcing a failure.
[ 1207.108852][T17062] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1207.180139][T17062] CPU: 1 UID: 0 PID: 17062 Comm: syz.3.3165 Not tainted 6.16.0-rc6-syzkaller-00253-g4871b7cb27f4 #0 PREEMPT(full) 
[ 1207.180172][T17062] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 1207.180186][T17062] Call Trace:
[ 1207.180195][T17062]  <TASK>
[ 1207.180205][T17062]  dump_stack_lvl+0x189/0x250
[ 1207.180234][T17062]  ? __pfx____ratelimit+0x10/0x10
[ 1207.180256][T17062]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1207.180281][T17062]  ? __pfx__printk+0x10/0x10
[ 1207.180308][T17062]  ? __might_fault+0xb0/0x130
[ 1207.180342][T17062]  should_fail_ex+0x414/0x560
[ 1207.180369][T17062]  _copy_from_user+0x2d/0xb0
[ 1207.180399][T17062]  input_event_from_user+0xb2/0x280
[ 1207.180423][T17062]  ? __pfx_input_event_from_user+0x10/0x10
[ 1207.180451][T17062]  ? input_event+0x8c/0xc0
[ 1207.180480][T17062]  uinput_write+0x279/0xfc0
[ 1207.180513][T17062]  ? __pfx_uinput_write+0x10/0x10
[ 1207.180538][T17062]  ? bpf_lsm_file_permission+0x9/0x20
[ 1207.180562][T17062]  ? security_file_permission+0x75/0x290
[ 1207.180587][T17062]  ? rw_verify_area+0x258/0x650
[ 1207.180618][T17062]  ? __pfx_uinput_write+0x10/0x10
[ 1207.180643][T17062]  vfs_write+0x27b/0xa90
[ 1207.180672][T17062]  ? __pfx_vfs_write+0x10/0x10
[ 1207.180694][T17062]  ? __fget_files+0x2a/0x420
[ 1207.180721][T17062]  ? __fget_files+0x2a/0x420
[ 1207.180743][T17062]  ? __fget_files+0x3a0/0x420
[ 1207.180765][T17062]  ? __fget_files+0x2a/0x420
[ 1207.180799][T17062]  ksys_write+0x145/0x250
[ 1207.180822][T17062]  ? __pfx_ksys_write+0x10/0x10
[ 1207.180839][T17062]  ? rcu_is_watching+0x15/0xb0
[ 1207.180868][T17062]  ? do_syscall_64+0xbe/0x3b0
[ 1207.180896][T17062]  do_syscall_64+0xfa/0x3b0
[ 1207.180920][T17062]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1207.180940][T17062]  ? asm_sysvec_apic_timer_interrupt+0x1a/0x20
[ 1207.180962][T17062]  ? clear_bhb_loop+0x60/0xb0
[ 1207.180988][T17062]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1207.181008][T17062] RIP: 0033:0x7fe220d8e9a9
[ 1207.181034][T17062] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1207.181053][T17062] RSP: 002b:00007fe221c05038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[ 1207.181075][T17062] RAX: ffffffffffffffda RBX: 00007fe220fb5fa0 RCX: 00007fe220d8e9a9
[ 1207.181091][T17062] RDX: 000000000000fe4f RSI: 0000200000000000 RDI: 0000000000000003
[ 1207.181105][T17062] RBP: 00007fe221c05090 R08: 0000000000000000 R09: 0000000000000000
[ 1207.181119][T17062] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1207.181136][T17062] R13: 0000000000000000 R14: 00007fe220fb5fa0 R15: 00007ffde20a83e8
[ 1207.181169][T17062]  </TASK>
[ 1207.950005][T17042] chnl_net:caif_netlink_parms(): no params data found
[ 1208.613708][T15100] Bluetooth: hci0: command tx timeout
[ 1208.680115][T17102] FAULT_INJECTION: forcing a failure.
[ 1208.680115][T17102] name failslab, interval 1, probability 0, space 0, times 0
[ 1208.803644][T17102] CPU: 1 UID: 0 PID: 17102 Comm: syz.2.3173 Not tainted 6.16.0-rc6-syzkaller-00253-g4871b7cb27f4 #0 PREEMPT(full) 
[ 1208.803678][T17102] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 1208.803692][T17102] Call Trace:
[ 1208.803701][T17102]  <TASK>
[ 1208.803711][T17102]  dump_stack_lvl+0x189/0x250
[ 1208.803739][T17102]  ? __pfx____ratelimit+0x10/0x10
[ 1208.803762][T17102]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1208.803785][T17102]  ? __pfx__printk+0x10/0x10
[ 1208.803817][T17102]  ? __pfx___might_resched+0x10/0x10
[ 1208.803846][T17102]  should_fail_ex+0x414/0x560
[ 1208.803873][T17102]  should_failslab+0xa8/0x100
[ 1208.803898][T17102]  kmem_cache_alloc_noprof+0x73/0x3c0
[ 1208.803926][T17102]  ? mas_alloc_nodes+0x2e9/0x8e0
[ 1208.803951][T17102]  mas_alloc_nodes+0x2e9/0x8e0
[ 1208.803979][T17102]  mas_preallocate+0x3ad/0x6f0
[ 1208.804019][T17102]  ? __pfx_mas_preallocate+0x10/0x10
[ 1208.804064][T17102]  ? __mas_set_range+0x12f/0x3c0
[ 1208.804101][T17102]  __split_vma+0x2fa/0xa00
[ 1208.804140][T17102]  ? __pfx___split_vma+0x10/0x10
[ 1208.804168][T17102]  ? sched_clock_cpu+0x74/0x430
[ 1208.804197][T17102]  ? __switch_to+0xd74/0x1600
[ 1208.804231][T17102]  ? __lock_acquire+0xab9/0xd20
[ 1208.804253][T17102]  vms_gather_munmap_vmas+0x2de/0x12b0
[ 1208.804298][T17102]  ? mtree_range_walk+0x6a7/0x840
[ 1208.804333][T17102]  ? __pfx_vms_gather_munmap_vmas+0x10/0x10
[ 1208.804383][T17102]  mmap_region+0x678/0x1f30
[ 1208.804429][T17102]  ? rcu_is_watching+0x15/0xb0
[ 1208.804451][T17102]  ? trace_sched_exit_tp+0x38/0x120
[ 1208.804481][T17102]  ? __pfx_mmap_region+0x10/0x10
[ 1208.804507][T17102]  ? __schedule+0x16c0/0x4cb0
[ 1208.804557][T17102]  ? kvm_sched_clock_read+0x11/0x20
[ 1208.804575][T17102]  ? preempt_schedule_irq+0xb5/0x150
[ 1208.804595][T17102]  ? sched_clock_cpu+0x74/0x430
[ 1208.804662][T17102]  ? irqentry_exit+0x74/0x90
[ 1208.804684][T17102]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1208.804722][T17102]  ? __sanitizer_cov_trace_switch+0x7/0x130
[ 1208.804752][T17102]  ? shmem_mapping+0xd/0x50
[ 1208.804778][T17102]  ? memfd_check_seals_mmap+0xc5/0x200
[ 1208.804809][T17102]  do_mmap+0xc45/0x10d0
[ 1208.804855][T17102]  ? __pfx_do_mmap+0x10/0x10
[ 1208.804883][T17102]  ? down_write_killable+0x178/0x230
[ 1208.804916][T17102]  ? ksys_write+0x1cb/0x250
[ 1208.804936][T17102]  ? __pfx_down_write_killable+0x10/0x10
[ 1208.804972][T17102]  vm_mmap_pgoff+0x31b/0x4c0
[ 1208.805009][T17102]  ? __pfx_vm_mmap_pgoff+0x10/0x10
[ 1208.805038][T17102]  ? __fget_files+0x2a/0x420
[ 1208.805066][T17102]  ? __fget_files+0x3a0/0x420
[ 1208.805089][T17102]  ? __fget_files+0x2a/0x420
[ 1208.805116][T17102]  ksys_mmap_pgoff+0x51f/0x760
[ 1208.805142][T17102]  do_syscall_64+0xfa/0x3b0
[ 1208.805163][T17102]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1208.805185][T17102]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1208.805205][T17102]  ? clear_bhb_loop+0x60/0xb0
[ 1208.805230][T17102]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1208.805251][T17102] RIP: 0033:0x7ff20858e9a9
[ 1208.805271][T17102] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1208.805288][T17102] RSP: 002b:00007ff2093f4038 EFLAGS: 00000246 ORIG_RAX: 0000000000000009
[ 1208.805312][T17102] RAX: ffffffffffffffda RBX: 00007ff2087b5fa0 RCX: 00007ff20858e9a9
[ 1208.805327][T17102] RDX: 0000000002000009 RSI: 0000000000004000 RDI: 0000200000ffb000
[ 1208.805341][T17102] RBP: 00007ff2093f4090 R08: 0000000000000003 R09: 0000000035940000
[ 1208.805355][T17102] R10: 0000000000000011 R11: 0000000000000246 R12: 0000000000000001
[ 1208.805369][T17102] R13: 0000000000000000 R14: 00007ff2087b5fa0 R15: 00007ffd989e3b18
[ 1208.805401][T17102]  </TASK>
[ 1208.861583][T17104] fuse: Bad value for 'rootmode'
[ 1209.368315][T17106] openvswitch: netlink: VXLAN extension message has 2 unknown bytes.
[ 1209.829163][T17042] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1209.835759][T17118] netlink: 212376 bytes leftover after parsing attributes in process `syz.1.3178'.
[ 1209.837155][T17042] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1209.853216][T17042] bridge_slave_0: entered allmulticast mode
[ 1209.861575][T17042] bridge_slave_0: entered promiscuous mode
[ 1209.870356][T17042] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1209.878574][T17042] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1209.887494][T17042] bridge_slave_1: entered allmulticast mode
[ 1209.901496][T17042] bridge_slave_1: entered promiscuous mode
[ 1209.943592][   T10] usb 4-1: new high-speed USB device number 15 using dummy_hcd
[ 1209.965524][T17042] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1209.983113][T17042] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1210.040330][T17042] team0: Port device team_slave_0 added
[ 1210.057336][T17042] team0: Port device team_slave_1 added
[ 1210.224742][T17042] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 1210.225455][   T10] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1210.231987][T17042] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1210.244071][   T10] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1210.353653][   T46] usb 2-1: new high-speed USB device number 73 using dummy_hcd
[ 1210.891599][   T10] usb 4-1: New USB device found, idVendor=1e7d, idProduct=2cf6, bcdDevice= 0.00
[ 1210.901223][   T10] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1210.913494][T15100] Bluetooth: hci0: command tx timeout
[ 1210.923311][T17042] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 1210.942668][T17042] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 1210.950686][T17042] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1210.960555][   T10] usb 4-1: config 0 descriptor??
[ 1210.984601][T17042] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 1211.133585][   T46] usb 2-1: Using ep0 maxpacket: 8
[ 1211.157408][   T46] usb 2-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[ 1211.189175][   T46] usb 2-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[ 1211.217024][   T46] usb 2-1: config 16 interface 0 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[ 1211.229022][   T46] usb 2-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[ 1211.244156][   T46] usb 2-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[ 1211.253718][   T46] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1211.269076][T17042] hsr_slave_0: entered promiscuous mode
[ 1211.276041][T17042] hsr_slave_1: entered promiscuous mode
[ 1211.282571][T17042] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[ 1211.290876][T17042] Cannot create hsr debugfs directory
[ 1211.301969][   T46] usbtmc 2-1:16.0: bulk endpoints not found
[ 1211.497336][T17134] input: syz1 as /devices/virtual/input/input22
[ 1211.535553][   T10] pyra 0003:1E7D:2CF6.000F: unknown main item tag 0x0
[ 1211.573091][   T10] pyra 0003:1E7D:2CF6.000F: unknown main item tag 0x0
[ 1211.591446][   T10] pyra 0003:1E7D:2CF6.000F: unknown main item tag 0x0
[ 1211.599755][T17134] netlink: 'syz.5.3184': attribute type 1 has an invalid length.
[ 1211.617656][   T10] pyra 0003:1E7D:2CF6.000F: unknown main item tag 0x0
[ 1211.641778][   T10] pyra 0003:1E7D:2CF6.000F: unknown main item tag 0x0
[ 1211.655145][   T10] pyra 0003:1E7D:2CF6.000F: unknown main item tag 0x0
[ 1211.674672][   T10] pyra 0003:1E7D:2CF6.000F: unknown main item tag 0x0
[ 1211.678259][T17042] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1211.759537][   T10] pyra 0003:1E7D:2CF6.000F: hidraw0: USB HID v0.00 Device [HID 1e7d:2cf6] on usb-dummy_hcd.3-1/input0
[ 1212.042415][T17141] netdevsim netdevsim5 netdevsim0: set [1, 1] type 2 family 0 port 20000 - 0
[ 1212.052099][T17141] netdevsim netdevsim5 netdevsim1: set [1, 1] type 2 family 0 port 20000 - 0
[ 1212.064239][T17141] netdevsim netdevsim5 netdevsim2: set [1, 1] type 2 family 0 port 20000 - 0
[ 1212.073645][T17141] netdevsim netdevsim5 netdevsim3: set [1, 1] type 2 family 0 port 20000 - 0
[ 1212.196256][   T10] pyra 0003:1E7D:2CF6.000F: couldn't init struct pyra_device
[ 1212.201879][T17141] bond1: (slave geneve2): making interface the new active one
[ 1212.213789][T17141] bond1: (slave geneve2): Enslaving as an active interface with an up link
[ 1212.222707][   T10] pyra 0003:1E7D:2CF6.000F: couldn't install mouse
[ 1212.249414][T17144] netlink: 40 bytes leftover after parsing attributes in process `syz.2.3186'.
[ 1212.262950][   T10] pyra 0003:1E7D:2CF6.000F: probe with driver pyra failed with error -5
[ 1212.506383][T17042] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1212.653628][T17042] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1212.887177][T17153] netlink: 40 bytes leftover after parsing attributes in process `syz.5.3187'.
[ 1212.965143][T15100] Bluetooth: hci0: command tx timeout
[ 1213.586426][T17158] netlink: 96 bytes leftover after parsing attributes in process `syz.2.3188'.
[ 1213.595084][   T10] usb 2-1: USB disconnect, device number 73
[ 1213.976635][T13632] usb 4-1: USB disconnect, device number 15
[ 1214.116194][T17164] openvswitch: netlink: VXLAN extension message has 2 unknown bytes.
[ 1214.154278][T17042] netdevsim netdevsim0 netdevsim0: renamed from eth0
[ 1214.356518][T17042] netdevsim netdevsim0 netdevsim1: renamed from eth1
[ 1214.372314][T17169] netlink: 24 bytes leftover after parsing attributes in process `syz.5.3192'.
[ 1215.023802][T15100] Bluetooth: hci0: command tx timeout
[ 1215.044179][T17042] netdevsim netdevsim0 netdevsim2: renamed from eth2
[ 1215.068113][T17042] netdevsim netdevsim0 netdevsim3: renamed from eth3
[ 1215.580278][T17190] netlink: 40 bytes leftover after parsing attributes in process `syz.1.3197'.
[ 1215.766128][T17042] 8021q: adding VLAN 0 to HW filter on device bond0
[ 1215.941767][T17042] 8021q: adding VLAN 0 to HW filter on device team0
[ 1216.255433][T17195] erofs (device nullb0): cannot find valid erofs superblock
[ 1216.265691][T14895] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1216.272888][T14895] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1216.325023][ T6069] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1216.332233][ T6069] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1217.362266][T17206] cgroup: fork rejected by pids controller in /syz1
[ 1217.733004][T17042] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 1217.920186][T17042] veth0_vlan: entered promiscuous mode
[ 1217.979467][T17042] veth1_vlan: entered promiscuous mode
[ 1218.057944][T17324] openvswitch: netlink: VXLAN extension message has 2 unknown bytes.
[ 1218.091453][T17042] veth0_macvtap: entered promiscuous mode
[ 1218.121560][T17042] veth1_macvtap: entered promiscuous mode
[ 1218.168132][T17042] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 1218.204577][T17042] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 1218.242548][T17042] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 1218.262039][T17042] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 1218.281189][T17042] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 1218.303414][T17042] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 1218.555191][ T6069] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1218.587467][ T6069] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1218.680170][T17085] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1218.751426][T17085] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1218.819351][T17333] netlink: 40 bytes leftover after parsing attributes in process `syz.3.3210'.
[ 1221.067494][T17348] FAULT_INJECTION: forcing a failure.
[ 1221.067494][T17348] name failslab, interval 1, probability 0, space 0, times 0
[ 1221.201997][T17348] CPU: 1 UID: 0 PID: 17348 Comm: syz.5.3213 Not tainted 6.16.0-rc6-syzkaller-00253-g4871b7cb27f4 #0 PREEMPT(full) 
[ 1221.202032][T17348] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 1221.202045][T17348] Call Trace:
[ 1221.202055][T17348]  <TASK>
[ 1221.202065][T17348]  dump_stack_lvl+0x189/0x250
[ 1221.202093][T17348]  ? __pfx____ratelimit+0x10/0x10
[ 1221.202114][T17348]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1221.202135][T17348]  ? __pfx__printk+0x10/0x10
[ 1221.202166][T17348]  ? __pfx___might_resched+0x10/0x10
[ 1221.202191][T17348]  should_fail_ex+0x414/0x560
[ 1221.202216][T17348]  should_failslab+0xa8/0x100
[ 1221.202239][T17348]  __kmalloc_node_track_caller_noprof+0xcc/0x4e0
[ 1221.202259][T17348]  ? ethnl_default_set_doit+0x524/0xa20
[ 1221.202292][T17348]  kmemdup_noprof+0x2b/0x70
[ 1221.202318][T17348]  ethnl_default_set_doit+0x524/0xa20
[ 1221.202355][T17348]  ? __pfx_ethnl_default_set_doit+0x10/0x10
[ 1221.202386][T17348]  ? genl_family_rcv_msg_attrs_parse+0x1c9/0x2a0
[ 1221.202414][T17348]  genl_family_rcv_msg_doit+0x215/0x300
[ 1221.202442][T17348]  ? __pfx_genl_family_rcv_msg_doit+0x10/0x10
[ 1221.202474][T17348]  ? bpf_lsm_capable+0x9/0x20
[ 1221.202497][T17348]  ? security_capable+0x7e/0x2e0
[ 1221.202527][T17348]  genl_rcv_msg+0x60e/0x790
[ 1221.202553][T17348]  ? __pfx_genl_rcv_msg+0x10/0x10
[ 1221.202569][T17348]  ? ref_tracker_free+0x63a/0x7d0
[ 1221.202588][T17348]  ? __pfx_ethnl_default_set_doit+0x10/0x10
[ 1221.202616][T17348]  ? __pfx_ref_tracker_free+0x10/0x10
[ 1221.202648][T17348]  netlink_rcv_skb+0x208/0x470
[ 1221.202675][T17348]  ? __pfx_genl_rcv_msg+0x10/0x10
[ 1221.202695][T17348]  ? __pfx_netlink_rcv_skb+0x10/0x10
[ 1221.202737][T17348]  ? down_read+0x1ad/0x2e0
[ 1221.202762][T17348]  genl_rcv+0x28/0x40
[ 1221.202778][T17348]  netlink_unicast+0x75c/0x8e0
[ 1221.202817][T17348]  netlink_sendmsg+0x805/0xb30
[ 1221.202852][T17348]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 1221.202886][T17348]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[ 1221.202911][T17348]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 1221.202936][T17348]  __sock_sendmsg+0x21c/0x270
[ 1221.202961][T17348]  ____sys_sendmsg+0x505/0x830
[ 1221.202994][T17348]  ? __pfx_____sys_sendmsg+0x10/0x10
[ 1221.203030][T17348]  ? import_iovec+0x74/0xa0
[ 1221.203060][T17348]  ___sys_sendmsg+0x21f/0x2a0
[ 1221.203089][T17348]  ? __pfx____sys_sendmsg+0x10/0x10
[ 1221.203154][T17348]  ? __fget_files+0x2a/0x420
[ 1221.203174][T17348]  ? __fget_files+0x3a0/0x420
[ 1221.203205][T17348]  __x64_sys_sendmsg+0x19b/0x260
[ 1221.203235][T17348]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[ 1221.203279][T17348]  ? __pfx_ksys_write+0x10/0x10
[ 1221.203295][T17348]  ? rcu_is_watching+0x15/0xb0
[ 1221.203321][T17348]  ? do_syscall_64+0xbe/0x3b0
[ 1221.203345][T17348]  do_syscall_64+0xfa/0x3b0
[ 1221.203369][T17348]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1221.203390][T17348]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1221.203410][T17348]  ? clear_bhb_loop+0x60/0xb0
[ 1221.203436][T17348]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1221.203455][T17348] RIP: 0033:0x7faed218e9a9
[ 1221.203474][T17348] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1221.203492][T17348] RSP: 002b:00007faed301f038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 1221.203514][T17348] RAX: ffffffffffffffda RBX: 00007faed23b5fa0 RCX: 00007faed218e9a9
[ 1221.203529][T17348] RDX: 0000000000000000 RSI: 0000200000000540 RDI: 0000000000000003
[ 1221.203543][T17348] RBP: 00007faed301f090 R08: 0000000000000000 R09: 0000000000000000
[ 1221.203556][T17348] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1221.203568][T17348] R13: 0000000000000000 R14: 00007faed23b5fa0 R15: 00007ffd4f88b508
[ 1221.203599][T17348]  </TASK>
[ 1221.631512][ T5843] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[ 1221.648420][ T5843] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[ 1221.657389][ T5843] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[ 1221.667282][ T5843] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[ 1221.678673][ T5843] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[ 1221.721947][T17356] lo speed is unknown, defaulting to 1000
[ 1221.820445][T17362] tc_dump_action: action bad kind
[ 1221.836558][T17363] binder: BINDER_SET_CONTEXT_MGR already set
[ 1221.872177][T17363] binder: 17342:17363 ioctl 4018620d 200000000040 returned -16
[ 1221.903993][T16629] usb 1-1: new high-speed USB device number 75 using dummy_hcd
[ 1221.913466][T15547] usb 3-1: new high-speed USB device number 15 using dummy_hcd
[ 1221.962945][T17363] netlink: 12 bytes leftover after parsing attributes in process `syz.3.3212'.
[ 1222.076022][T16629] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[ 1222.086594][T13632] usb 6-1: new high-speed USB device number 4 using dummy_hcd
[ 1222.097684][T15547] usb 3-1: New USB device found, idVendor=04fc, idProduct=504a, bcdDevice=43.02
[ 1222.099225][T16629] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 3
[ 1222.107270][T15547] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1222.129811][T17356] chnl_net:caif_netlink_parms(): no params data found
[ 1222.133419][T15547] usb 3-1: Product: syz
[ 1222.140991][T15547] usb 3-1: Manufacturer: syz
[ 1222.159232][T15547] usb 3-1: SerialNumber: syz
[ 1222.165254][T16629] usb 1-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00
[ 1222.174989][T15547] usb 3-1: config 0 descriptor??
[ 1222.183497][T16629] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3
[ 1222.193818][T15547] gspca_main: sunplus-2.14.0 probing 04fc:504a
[ 1222.212155][T16629] usb 1-1: SerialNumber: syz
[ 1222.287459][T13632] usb 6-1: unable to read config index 0 descriptor/start: -61
[ 1222.296277][T13632] usb 6-1: can't read configurations, error -61
[ 1222.362912][T17356] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1222.384534][T17356] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1222.401762][T17356] bridge_slave_0: entered allmulticast mode
[ 1222.410718][T17356] bridge_slave_0: entered promiscuous mode
[ 1222.430302][T17356] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1222.656323][T13632] usb 6-1: new high-speed USB device number 5 using dummy_hcd
[ 1222.665655][T17356] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1222.673079][T17356] bridge_slave_1: entered allmulticast mode
[ 1222.691053][T17356] bridge_slave_1: entered promiscuous mode
[ 1222.863700][T17372] netlink: 68 bytes leftover after parsing attributes in process `syz.0.3215'.
[ 1223.456462][T15547] gspca_sunplus: reg_w_riv err -110
[ 1223.461962][T15547] sunplus 3-1:0.0: probe with driver sunplus failed with error -110
[ 1223.501314][T15547] usb 3-1: USB disconnect, device number 15
[ 1223.537985][T17371] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3215'.
[ 1223.548299][T17371] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3215'.
[ 1223.557301][T17371] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3215'.
[ 1223.566314][T17371] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3215'.
[ 1223.575816][T17371] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3215'.
[ 1223.584751][T17371] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3215'.
[ 1223.593760][T17371] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3215'.
[ 1223.608433][T13632] usb 6-1: unable to read config index 0 descriptor/start: -61
[ 1223.625949][T13632] usb 6-1: can't read configurations, error -61
[ 1223.640868][T13632] usb usb6-port1: attempt power cycle
[ 1223.666569][T17356] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1223.685171][T17356] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1223.732614][T17374] netlink: zone id is out of range
[ 1223.738052][T17374] netlink: zone id is out of range
[ 1223.743295][T17374] netlink: zone id is out of range
[ 1223.751572][T17374] netlink: zone id is out of range
[ 1223.757142][T17374] netlink: zone id is out of range
[ 1223.762587][T17374] netlink: zone id is out of range
[ 1223.767987][T17374] netlink: zone id is out of range
[ 1223.775091][T17374] netlink: zone id is out of range
[ 1223.780546][T17374] netlink: zone id is out of range
[ 1223.786345][T17356] team0: Port device team_slave_0 added
[ 1223.787620][T17374] netlink: zone id is out of range
[ 1223.798677][T17356] team0: Port device team_slave_1 added
[ 1223.813899][ T5843] Bluetooth: hci1: command tx timeout
[ 1223.861503][T17356] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 1223.873235][T17356] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1223.907820][T17356] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 1223.923788][T17356] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 1223.930913][T17356] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1223.969483][T17356] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 1223.993568][T13632] usb 6-1: new high-speed USB device number 6 using dummy_hcd
[ 1224.018744][T13632] usb 6-1: unable to read config index 0 descriptor/start: -61
[ 1224.035962][T13632] usb 6-1: can't read configurations, error -61
[ 1224.131717][T17356] hsr_slave_0: entered promiscuous mode
[ 1224.156567][T17356] hsr_slave_1: entered promiscuous mode
[ 1224.168387][T17356] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[ 1224.176488][T13632] usb 6-1: new high-speed USB device number 7 using dummy_hcd
[ 1224.184261][T17356] Cannot create hsr debugfs directory
[ 1224.207142][T13632] usb 6-1: unable to read config index 0 descriptor/start: -61
[ 1224.229106][T13632] usb 6-1: can't read configurations, error -61
[ 1224.240084][T13632] usb usb6-port1: unable to enumerate USB device
[ 1224.870484][T17388] __nla_validate_parse: 47 callbacks suppressed
[ 1224.870503][T17388] netlink: 40 bytes leftover after parsing attributes in process `syz.2.3222'.
[ 1225.218777][T17392] erofs (device nullb0): cannot find valid erofs superblock
[ 1225.333945][T16629] usb 1-1: 0:2 : does not exist
[ 1225.372946][T16629] usb 1-1: unit 5 not found!
[ 1225.442829][T16629] usb 1-1: USB disconnect, device number 75
[ 1225.965086][T15100] Bluetooth: hci1: command tx timeout
[ 1225.994983][T17356] netdevsim netdevsim1 netdevsim3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[ 1226.051820][T17356] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1226.896681][T17400] vivid-004: kernel_thread() failed
[ 1227.132783][T17356] netdevsim netdevsim1 netdevsim2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[ 1227.134847][T17408] FAULT_INJECTION: forcing a failure.
[ 1227.134847][T17408] name failslab, interval 1, probability 0, space 0, times 0
[ 1227.146397][T17356] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1227.188161][T17408] CPU: 0 UID: 0 PID: 17408 Comm: syz.5.3227 Not tainted 6.16.0-rc6-syzkaller-00253-g4871b7cb27f4 #0 PREEMPT(full) 
[ 1227.188191][T17408] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 1227.188203][T17408] Call Trace:
[ 1227.188212][T17408]  <TASK>
[ 1227.188222][T17408]  dump_stack_lvl+0x189/0x250
[ 1227.188258][T17408]  ? __pfx____ratelimit+0x10/0x10
[ 1227.188279][T17408]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1227.188302][T17408]  ? __pfx__printk+0x10/0x10
[ 1227.188332][T17408]  ? __pfx___might_resched+0x10/0x10
[ 1227.188352][T17408]  ? fs_reclaim_acquire+0x7d/0x100
[ 1227.188381][T17408]  should_fail_ex+0x414/0x560
[ 1227.188407][T17408]  should_failslab+0xa8/0x100
[ 1227.188430][T17408]  kmem_cache_alloc_noprof+0x73/0x3c0
[ 1227.188449][T17408]  ? getname_flags+0xb8/0x540
[ 1227.188477][T17408]  getname_flags+0xb8/0x540
[ 1227.188505][T17408]  do_sys_openat2+0xbc/0x1c0
[ 1227.188536][T17408]  ? __pfx_do_sys_openat2+0x10/0x10
[ 1227.188562][T17408]  ? ksys_write+0x22a/0x250
[ 1227.188583][T17408]  ? __pfx_ksys_write+0x10/0x10
[ 1227.188600][T17408]  ? rcu_is_watching+0x15/0xb0
[ 1227.188626][T17408]  __x64_sys_openat+0x138/0x170
[ 1227.188658][T17408]  do_syscall_64+0xfa/0x3b0
[ 1227.188678][T17408]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1227.188698][T17408]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1227.188719][T17408]  ? clear_bhb_loop+0x60/0xb0
[ 1227.188743][T17408]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1227.188763][T17408] RIP: 0033:0x7faed218d310
[ 1227.188780][T17408] Code: 48 89 44 24 20 75 93 44 89 54 24 0c e8 49 94 02 00 44 8b 54 24 0c 89 da 48 89 ee 41 89 c0 bf 9c ff ff ff b8 01 01 00 00 0f 05 <48> 3d 00 f0 ff ff 77 38 44 89 c7 89 44 24 0c e8 9c 94 02 00 8b 44
[ 1227.188798][T17408] RSP: 002b:00007faed301eb70 EFLAGS: 00000293 ORIG_RAX: 0000000000000101
[ 1227.188819][T17408] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007faed218d310
[ 1227.188834][T17408] RDX: 0000000000000000 RSI: 00007faed301ec10 RDI: 00000000ffffff9c
[ 1227.188846][T17408] RBP: 00007faed301ec10 R08: 0000000000000000 R09: 00236964696d6d64
[ 1227.188860][T17408] R10: 0000000000000000 R11: 0000000000000293 R12: cccccccccccccccd
[ 1227.188878][T17408] R13: 0000000000000000 R14: 00007faed23b5fa0 R15: 00007ffd4f88b508
[ 1227.188910][T17408]  </TASK>
[ 1227.484477][T17356] netdevsim netdevsim1 netdevsim1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[ 1227.502441][T17356] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1227.829665][T17356] bond0: (slave netdevsim0): Releasing backup interface
[ 1227.846847][T17356] netdevsim netdevsim1 netdevsim0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[ 1228.080797][ T5843] Bluetooth: hci1: command tx timeout
[ 1228.435690][T17356] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1228.837776][T17431] netlink: 40 bytes leftover after parsing attributes in process `syz.3.3234'.
[ 1229.993040][T17356] netdevsim netdevsim1 netdevsim0: renamed from eth0
[ 1230.077619][T17356] netdevsim netdevsim1 netdevsim1: renamed from eth1
[ 1230.167602][T17356] netdevsim netdevsim1 netdevsim2: renamed from eth2
[ 1230.193627][ T5843] Bluetooth: hci1: command tx timeout
[ 1231.124136][T17455] netlink: 68 bytes leftover after parsing attributes in process `syz.3.3236'.
[ 1231.212943][T17356] netdevsim netdevsim1 netdevsim3: renamed from eth3
[ 1232.605411][T17471] erofs (device nullb0): cannot find valid erofs superblock
[ 1232.744351][T17356] 8021q: adding VLAN 0 to HW filter on device bond0
[ 1232.791428][T17356] 8021q: adding VLAN 0 to HW filter on device team0
[ 1232.841320][T14895] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1232.848552][T14895] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1232.883402][T14895] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1232.890680][T14895] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1233.466972][T17356] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 1233.592298][T17356] veth0_vlan: entered promiscuous mode
[ 1233.636603][T17356] veth1_vlan: entered promiscuous mode
[ 1233.736298][T17356] veth0_macvtap: entered promiscuous mode
[ 1233.781095][T17356] veth1_macvtap: entered promiscuous mode
[ 1233.847215][T17356] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 1233.895795][T17356] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 1233.927514][T17356] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 1233.965720][T17356] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 1234.003645][T17356] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 1234.023221][T17356] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 1234.069305][T17485] netlink: 'syz.5.3245': attribute type 2 has an invalid length.
[ 1234.088537][T17485] netlink: 4 bytes leftover after parsing attributes in process `syz.5.3245'.
[ 1234.341781][T17490] netlink: 40 bytes leftover after parsing attributes in process `syz.2.3246'.
[ 1234.961528][T14229] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1234.991297][T14229] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1235.265147][T17068] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1235.292450][T17068] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1235.376169][T17497] trusted_key: encrypted_key: insufficient parameters specified
[ 1236.303839][ T5891] usb 2-1: new full-speed USB device number 74 using dummy_hcd
[ 1236.385224][T17507] FAULT_INJECTION: forcing a failure.
[ 1236.385224][T17507] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1236.433571][T17507] CPU: 1 UID: 0 PID: 17507 Comm: syz.5.3250 Not tainted 6.16.0-rc6-syzkaller-00253-g4871b7cb27f4 #0 PREEMPT(full) 
[ 1236.433601][T17507] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 1236.433614][T17507] Call Trace:
[ 1236.433623][T17507]  <TASK>
[ 1236.433632][T17507]  dump_stack_lvl+0x189/0x250
[ 1236.433660][T17507]  ? __pfx____ratelimit+0x10/0x10
[ 1236.433680][T17507]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1236.433701][T17507]  ? __pfx__printk+0x10/0x10
[ 1236.433741][T17507]  should_fail_ex+0x414/0x560
[ 1236.433767][T17507]  _copy_to_user+0x31/0xb0
[ 1236.433796][T17507]  simple_read_from_buffer+0xe1/0x170
[ 1236.433862][T17507]  proc_fail_nth_read+0x1df/0x250
[ 1236.433901][T17507]  ? __pfx_proc_fail_nth_read+0x10/0x10
[ 1236.433929][T17507]  ? rw_verify_area+0x258/0x650
[ 1236.433958][T17507]  ? __pfx_proc_fail_nth_read+0x10/0x10
[ 1236.433984][T17507]  vfs_read+0x1fd/0x980
[ 1236.434018][T17507]  ? __pfx___mutex_lock+0x10/0x10
[ 1236.434040][T17507]  ? __pfx_vfs_read+0x10/0x10
[ 1236.434071][T17507]  ? __fget_files+0x2a/0x420
[ 1236.434105][T17507]  ? __fget_files+0x3a0/0x420
[ 1236.434126][T17507]  ? __fget_files+0x2a/0x420
[ 1236.434157][T17507]  ksys_read+0x145/0x250
[ 1236.434178][T17507]  ? __pfx_ksys_read+0x10/0x10
[ 1236.434201][T17507]  ? do_syscall_64+0xbe/0x3b0
[ 1236.434226][T17507]  do_syscall_64+0xfa/0x3b0
[ 1236.434245][T17507]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1236.434265][T17507]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1236.434284][T17507]  ? clear_bhb_loop+0x60/0xb0
[ 1236.434307][T17507]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1236.434326][T17507] RIP: 0033:0x7faed218d3bc
[ 1236.434345][T17507] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[ 1236.434361][T17507] RSP: 002b:00007faed301f030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[ 1236.434381][T17507] RAX: ffffffffffffffda RBX: 00007faed23b5fa0 RCX: 00007faed218d3bc
[ 1236.434395][T17507] RDX: 000000000000000f RSI: 00007faed301f0a0 RDI: 0000000000000003
[ 1236.434408][T17507] RBP: 00007faed301f090 R08: 0000000000000000 R09: 0000000000000000
[ 1236.434420][T17507] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1236.434431][T17507] R13: 0000000000000001 R14: 00007faed23b5fa0 R15: 00007ffd4f88b508
[ 1236.434497][T17507]  </TASK>
[ 1237.074686][ T5891] usb 2-1: config 0 has an invalid interface number: 11 but max is 0
[ 1237.139799][ T5891] usb 2-1: config 0 has no interface number 0
[ 1237.198934][ T5891] usb 2-1: config 0 interface 11 altsetting 253 endpoint 0x7 has invalid maxpacket 1024, setting to 64
[ 1237.294278][ T5891] usb 2-1: config 0 interface 11 altsetting 253 has an endpoint descriptor with address 0xA6, changing to 0x86
[ 1237.706505][ T5891] usb 2-1: config 0 interface 11 altsetting 253 endpoint 0x86 has an invalid bInterval 0, changing to 10
[ 1237.718240][ T5891] usb 2-1: config 0 interface 11 altsetting 253 endpoint 0x86 has invalid wMaxPacketSize 0
[ 1237.732813][ T5891] usb 2-1: config 0 interface 11 has no altsetting 0
[ 1237.740035][ T5891] usb 2-1: New USB device found, idVendor=06cd, idProduct=010f, bcdDevice=d5.1b
[ 1237.749400][ T5891] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1237.776158][ T5891] usb 2-1: config 0 descriptor??
[ 1237.787008][T17503] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22
[ 1237.796667][ T5891] keyspan 2-1:0.11: Keyspan 2 port adapter converter detected
[ 1237.820100][ T5891] keyspan 2-1:0.11: found no endpoint descriptor for endpoint 87
[ 1237.845510][ T5891] keyspan 2-1:0.11: found no endpoint descriptor for endpoint 81
[ 1237.872843][ T5891] keyspan 2-1:0.11: found no endpoint descriptor for endpoint 82
[ 1238.078553][ T5891] keyspan 2-1:0.11: found no endpoint descriptor for endpoint 1
[ 1238.106677][ T5891] keyspan 2-1:0.11: found no endpoint descriptor for endpoint 2
[ 1238.724155][ T1300] ieee802154 phy0 wpan0: encryption failed: -22
[ 1238.730643][ T1300] ieee802154 phy1 wpan1: encryption failed: -22
[ 1238.880041][ T5891] keyspan 2-1:0.11: found no endpoint descriptor for endpoint 85
[ 1238.941402][ T5891] keyspan 2-1:0.11: found no endpoint descriptor for endpoint 5
[ 1238.984143][ T5891] usb 2-1: Keyspan 2 port adapter converter now attached to ttyUSB0
[ 1239.058953][ T5891] keyspan 2-1:0.11: found no endpoint descriptor for endpoint 83
[ 1239.186373][ T5891] keyspan 2-1:0.11: found no endpoint descriptor for endpoint 84
[ 1239.239515][ T5891] keyspan 2-1:0.11: found no endpoint descriptor for endpoint 3
[ 1239.247557][ T5891] keyspan 2-1:0.11: found no endpoint descriptor for endpoint 4
[ 1239.261881][ T5891] keyspan 2-1:0.11: found no endpoint descriptor for endpoint 6
[ 1239.322565][ T5891] usb 2-1: Keyspan 2 port adapter converter now attached to ttyUSB1
[ 1239.350785][ T5891] usb 2-1: USB disconnect, device number 74
[ 1239.384914][ T5891] keyspan_2 ttyUSB0: Keyspan 2 port adapter converter now disconnected from ttyUSB0
[ 1239.431249][ T5891] keyspan_2 ttyUSB1: Keyspan 2 port adapter converter now disconnected from ttyUSB1
[ 1239.463813][ T5891] keyspan 2-1:0.11: device disconnected
[ 1240.800380][T17540] erofs (device nullb0): cannot find valid erofs superblock
[ 1241.343766][ T5954] usb 3-1: new high-speed USB device number 16 using dummy_hcd
[ 1241.413912][   T46] usb 4-1: new high-speed USB device number 16 using dummy_hcd
[ 1241.509818][T17548] net_ratelimit: 2 callbacks suppressed
[ 1241.509840][T17548] openvswitch: netlink: Actions may not be safe on all matching packets
[ 1241.533537][ T5954] usb 3-1: Using ep0 maxpacket: 16
[ 1241.540587][ T5954] usb 3-1: config index 0 descriptor too short (expected 59154, got 18)
[ 1241.553493][ T5954] usb 3-1: config 0 has no interfaces?
[ 1241.577188][ T5954] usb 3-1: New USB device found, idVendor=061d, idProduct=c020, bcdDevice=9c.15
[ 1241.583945][   T46] usb 4-1: Using ep0 maxpacket: 16
[ 1241.603434][ T5954] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1241.611477][ T5954] usb 3-1: Product: syz
[ 1241.617371][   T46] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0
[ 1241.633490][ T5954] usb 3-1: Manufacturer: syz
[ 1241.637695][   T46] usb 4-1: config 0 interface 0 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 0
[ 1241.638161][ T5954] usb 3-1: SerialNumber: syz
[ 1241.668740][   T46] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x3 has invalid wMaxPacketSize 0
[ 1241.694413][ T5954] usb 3-1: config 0 descriptor??
[ 1241.700124][   T46] usb 4-1: config 0 interface 0 altsetting 0 bulk endpoint 0x3 has invalid maxpacket 0
[ 1241.728671][   T46] usb 4-1: New USB device found, idVendor=1286, idProduct=2046, bcdDevice=b4.5b
[ 1241.730269][T17552] Cannot find add_set index 1 as target
[ 1241.922410][   T46] usb 4-1: New USB device strings: Mfr=1, Product=130, SerialNumber=3
[ 1241.937452][ T6171] usb 3-1: USB disconnect, device number 16
[ 1241.950864][   T46] usb 4-1: Product: syz
[ 1241.971276][   T46] usb 4-1: Manufacturer: syz
[ 1241.981251][   T46] usb 4-1: SerialNumber: syz
[ 1242.002713][   T46] usb 4-1: config 0 descriptor??
[ 1242.030270][   T46] usb 4-1: NFC: intf ffff888068dc8000 id ffffffff8eb3f5a0
[ 1242.094046][   T46] nfcmrvl 4-1:0.0: NFC: registered with nci successfully
[ 1242.310083][   T46] usb 4-1: USB disconnect, device number 16
[ 1242.341757][   T46] usb 4-1: NFC: intf ffff888068dc8000
[ 1243.946906][T17576] netlink: 32 bytes leftover after parsing attributes in process `syz.1.3265'.
[ 1244.243208][T17580] netlink: 40 bytes leftover after parsing attributes in process `syz.0.3268'.
[ 1245.417493][T17587] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1246.065467][T17600] erofs (device nullb0): cannot find valid erofs superblock
[ 1246.633502][ T5954] usb 1-1: new high-speed USB device number 76 using dummy_hcd
[ 1246.801332][ T5954] usb 1-1: config 0 has an invalid interface number: 188 but max is 0
[ 1246.828892][ T5954] usb 1-1: config 0 has no interface number 0
[ 1246.844105][ T5954] usb 1-1: config 0 interface 188 has no altsetting 0
[ 1246.868768][ T5954] usb 1-1: New USB device found, idVendor=0483, idProduct=3747, bcdDevice=dc.ab
[ 1246.938277][ T5954] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1247.273025][ T5954] usb 1-1: config 0 descriptor??
[ 1247.298168][ T5954] ftdi_sio 1-1:0.188: FTDI USB Serial Device converter detected
[ 1247.319646][ T5954] ftdi_sio ttyUSB0: unknown device type: 0xdcab
[ 1247.946103][   T46] usb 1-1: USB disconnect, device number 76
[ 1247.956926][   T46] ftdi_sio 1-1:0.188: device disconnected
[ 1248.063457][ T5899] usb 2-1: new high-speed USB device number 75 using dummy_hcd
[ 1248.111304][T17614] FAULT_INJECTION: forcing a failure.
[ 1248.111304][T17614] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1248.131654][T17614] CPU: 1 UID: 0 PID: 17614 Comm: syz.2.3279 Not tainted 6.16.0-rc6-syzkaller-00253-g4871b7cb27f4 #0 PREEMPT(full) 
[ 1248.131689][T17614] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 1248.131703][T17614] Call Trace:
[ 1248.131712][T17614]  <TASK>
[ 1248.131723][T17614]  dump_stack_lvl+0x189/0x250
[ 1248.131745][T17614]  ? __pfx____ratelimit+0x10/0x10
[ 1248.131762][T17614]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1248.131779][T17614]  ? __pfx__printk+0x10/0x10
[ 1248.131798][T17614]  ? __might_fault+0xb0/0x130
[ 1248.131829][T17614]  should_fail_ex+0x414/0x560
[ 1248.131848][T17614]  _copy_from_user+0x2d/0xb0
[ 1248.131870][T17614]  core_sys_select+0x4b7/0xa20
[ 1248.131895][T17614]  ? __pfx_core_sys_select+0x10/0x10
[ 1248.131929][T17614]  ? __pfx_set_user_sigmask+0x10/0x10
[ 1248.131954][T17614]  __se_sys_pselect6+0x27a/0x300
[ 1248.131974][T17614]  ? __pfx___se_sys_pselect6+0x10/0x10
[ 1248.131989][T17614]  ? __pfx_ksys_write+0x10/0x10
[ 1248.132004][T17614]  ? __secure_computing+0xe2/0x2a0
[ 1248.132021][T17614]  ? __x64_sys_pselect6+0x21/0xf0
[ 1248.132039][T17614]  do_syscall_64+0xfa/0x3b0
[ 1248.132054][T17614]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1248.132069][T17614]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1248.132084][T17614]  ? clear_bhb_loop+0x60/0xb0
[ 1248.132102][T17614]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1248.132116][T17614] RIP: 0033:0x7ff20858e9a9
[ 1248.132131][T17614] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1248.132143][T17614] RSP: 002b:00007ff2093f4038 EFLAGS: 00000246 ORIG_RAX: 000000000000010e
[ 1248.132160][T17614] RAX: ffffffffffffffda RBX: 00007ff2087b5fa0 RCX: 00007ff20858e9a9
[ 1248.132171][T17614] RDX: 0000000000000000 RSI: 0000200000000600 RDI: 0000000000000040
[ 1248.132181][T17614] RBP: 00007ff2093f4090 R08: 0000000000000000 R09: 0000000000000000
[ 1248.132190][T17614] R10: 0000200000000680 R11: 0000000000000246 R12: 0000000000000001
[ 1248.132200][T17614] R13: 0000000000000000 R14: 00007ff2087b5fa0 R15: 00007ffd989e3b18
[ 1248.132223][T17614]  </TASK>
[ 1248.233479][ T5899] usb 2-1: Using ep0 maxpacket: 16
[ 1248.372414][ T5899] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0
[ 1248.385497][ T5899] usb 2-1: config 0 interface 0 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 0
[ 1248.399401][T17618] netlink: 28 bytes leftover after parsing attributes in process `syz.2.3281'.
[ 1248.433085][ T5899] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x3 has invalid wMaxPacketSize 0
[ 1248.443670][ T5899] usb 2-1: config 0 interface 0 altsetting 0 bulk endpoint 0x3 has invalid maxpacket 0
[ 1248.992722][ T5899] usb 2-1: New USB device found, idVendor=1286, idProduct=2046, bcdDevice=b4.5b
[ 1249.012875][ T5899] usb 2-1: New USB device strings: Mfr=1, Product=130, SerialNumber=3
[ 1249.033989][ T5899] usb 2-1: Product: syz
[ 1249.038290][ T5899] usb 2-1: Manufacturer: syz
[ 1249.103676][ T5899] usb 2-1: SerialNumber: syz
[ 1249.111320][ T5899] usb 2-1: config 0 descriptor??
[ 1249.126720][ T5899] usb 2-1: NFC: intf ffff88807ddd3000 id ffffffff8eb3f5a0
[ 1249.141841][T17624] FAULT_INJECTION: forcing a failure.
[ 1249.141841][T17624] name failslab, interval 1, probability 0, space 0, times 0
[ 1249.176993][T17624] CPU: 0 UID: 0 PID: 17624 Comm: syz.3.3283 Not tainted 6.16.0-rc6-syzkaller-00253-g4871b7cb27f4 #0 PREEMPT(full) 
[ 1249.177024][T17624] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 1249.177037][T17624] Call Trace:
[ 1249.177046][T17624]  <TASK>
[ 1249.177055][T17624]  dump_stack_lvl+0x189/0x250
[ 1249.177102][T17624]  ? __pfx____ratelimit+0x10/0x10
[ 1249.177124][T17624]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1249.177148][T17624]  ? __pfx__printk+0x10/0x10
[ 1249.177181][T17624]  ? __pfx___might_resched+0x10/0x10
[ 1249.177204][T17624]  ? fs_reclaim_acquire+0x7d/0x100
[ 1249.177235][T17624]  should_fail_ex+0x414/0x560
[ 1249.177262][T17624]  should_failslab+0xa8/0x100
[ 1249.177288][T17624]  __kmalloc_cache_noprof+0x70/0x3d0
[ 1249.177308][T17624]  ? ovl_encode_real_fh+0xcf/0x360
[ 1249.177340][T17624]  ovl_encode_real_fh+0xcf/0x360
[ 1249.177370][T17624]  ? __pfx_ovl_encode_real_fh+0x10/0x10
[ 1249.177417][T17624]  ovl_lookup_index+0xf5/0x790
[ 1249.177454][T17624]  ? ovl_lookup_layer+0x377/0x450
[ 1249.177482][T17624]  ? __pfx_ovl_lookup_index+0x10/0x10
[ 1249.177524][T17624]  ? trace_kmalloc+0x1f/0xd0
[ 1249.177542][T17624]  ? ovl_lookup+0x5f7/0x1bc0
[ 1249.177574][T17624]  ovl_lookup+0x13f1/0x1bc0
[ 1249.177636][T17624]  ? d_alloc_parallel+0x13d0/0x14e0
[ 1249.177682][T17624]  ? __pfx_ovl_lookup+0x10/0x10
[ 1249.177711][T17624]  ? __lock_acquire+0xab9/0xd20
[ 1249.177732][T17624]  ? __pfx_d_alloc_parallel+0x10/0x10
[ 1249.177778][T17624]  ? __raw_spin_lock_init+0x45/0x100
[ 1249.177808][T17624]  ? __init_waitqueue_head+0xa9/0x150
[ 1249.177840][T17624]  __lookup_slow+0x294/0x3d0
[ 1249.177871][T17624]  ? __pfx___lookup_slow+0x10/0x10
[ 1249.177904][T17624]  ? bpf_lsm_inode_permission+0x9/0x20
[ 1249.177924][T17624]  ? security_inode_permission+0xb7/0x310
[ 1249.177963][T17624]  ? down_read+0x1ad/0x2e0
[ 1249.177991][T17624]  lookup_slow+0x53/0x70
[ 1249.178020][T17624]  walk_component+0x2d2/0x400
[ 1249.178043][T17624]  ? path_lookupat+0x156/0x430
[ 1249.178071][T17624]  path_lookupat+0x163/0x430
[ 1249.178105][T17624]  filename_lookup+0x212/0x570
[ 1249.178138][T17624]  ? __pfx_filename_lookup+0x10/0x10
[ 1249.178190][T17624]  ? strncpy_from_user+0x150/0x290
[ 1249.178227][T17624]  ? getname_flags+0x1e5/0x540
[ 1249.178255][T17624]  user_path_at+0x3a/0x60
[ 1249.178284][T17624]  do_fchownat+0x105/0x270
[ 1249.178312][T17624]  ? __pfx_do_fchownat+0x10/0x10
[ 1249.178337][T17624]  ? __pfx_ksys_write+0x10/0x10
[ 1249.178353][T17624]  ? rcu_is_watching+0x15/0xb0
[ 1249.178384][T17624]  __x64_sys_chown+0x82/0xa0
[ 1249.178410][T17624]  do_syscall_64+0xfa/0x3b0
[ 1249.178430][T17624]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1249.178450][T17624]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1249.178471][T17624]  ? clear_bhb_loop+0x60/0xb0
[ 1249.178496][T17624]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1249.178527][T17624] RIP: 0033:0x7fe220d8e9a9
[ 1249.178547][T17624] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1249.178583][T17624] RSP: 002b:00007fe221c05038 EFLAGS: 00000246 ORIG_RAX: 000000000000005c
[ 1249.178606][T17624] RAX: ffffffffffffffda RBX: 00007fe220fb5fa0 RCX: 00007fe220d8e9a9
[ 1249.178622][T17624] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 00002000000000c0
[ 1249.178635][T17624] RBP: 00007fe221c05090 R08: 0000000000000000 R09: 0000000000000000
[ 1249.178649][T17624] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1249.178663][T17624] R13: 0000000000000000 R14: 00007fe220fb5fa0 R15: 00007ffde20a83e8
[ 1249.178697][T17624]  </TASK>
[ 1249.537485][ T5899] nfcmrvl 2-1:0.0: NFC: registered with nci successfully
[ 1249.707446][T17642] FAULT_INJECTION: forcing a failure.
[ 1249.707446][T17642] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1249.708633][ T6171] usb 2-1: USB disconnect, device number 75
[ 1249.721632][T17642] CPU: 0 UID: 0 PID: 17642 Comm: syz.0.3287 Not tainted 6.16.0-rc6-syzkaller-00253-g4871b7cb27f4 #0 PREEMPT(full) 
[ 1249.721667][T17642] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 1249.721682][T17642] Call Trace:
[ 1249.721692][T17642]  <TASK>
[ 1249.721703][T17642]  dump_stack_lvl+0x189/0x250
[ 1249.721747][T17642]  ? __pfx____ratelimit+0x10/0x10
[ 1249.721773][T17642]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1249.721800][T17642]  ? __pfx__printk+0x10/0x10
[ 1249.721830][T17642]  ? __might_fault+0xb0/0x130
[ 1249.721870][T17642]  should_fail_ex+0x414/0x560
[ 1249.721899][T17642]  _copy_from_iter+0x1db/0x16f0
[ 1249.721934][T17642]  ? rcu_is_watching+0x15/0xb0
[ 1249.721962][T17642]  ? kmem_cache_alloc_node_noprof+0x217/0x3c0
[ 1249.721989][T17642]  ? __pfx__copy_from_iter+0x10/0x10
[ 1249.722019][T17642]  ? __build_skb_around+0x257/0x3e0
[ 1249.722056][T17642]  ? netlink_sendmsg+0x642/0xb30
[ 1249.722086][T17642]  ? skb_put+0x11b/0x210
[ 1249.722122][T17642]  netlink_sendmsg+0x6b2/0xb30
[ 1249.722166][T17642]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 1249.722208][T17642]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[ 1249.722232][T17642]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 1249.722266][T17642]  __sock_sendmsg+0x21c/0x270
[ 1249.722296][T17642]  ____sys_sendmsg+0x505/0x830
[ 1249.722339][T17642]  ? __pfx_____sys_sendmsg+0x10/0x10
[ 1249.722385][T17642]  ? import_iovec+0x74/0xa0
[ 1249.722421][T17642]  ___sys_sendmsg+0x21f/0x2a0
[ 1249.722459][T17642]  ? __pfx____sys_sendmsg+0x10/0x10
[ 1249.722536][T17642]  ? __fget_files+0x2a/0x420
[ 1249.722561][T17642]  ? __fget_files+0x3a0/0x420
[ 1249.722600][T17642]  __x64_sys_sendmsg+0x19b/0x260
[ 1249.722639][T17642]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[ 1249.722685][T17642]  ? __pfx_ksys_write+0x10/0x10
[ 1249.722707][T17642]  ? rcu_is_watching+0x15/0xb0
[ 1249.722746][T17642]  ? do_syscall_64+0xbe/0x3b0
[ 1249.722776][T17642]  do_syscall_64+0xfa/0x3b0
[ 1249.722800][T17642]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1249.722825][T17642]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1249.722849][T17642]  ? clear_bhb_loop+0x60/0xb0
[ 1249.722889][T17642]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1249.722912][T17642] RIP: 0033:0x7f5bf418e9a9
[ 1249.722935][T17642] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1249.722957][T17642] RSP: 002b:00007f5bf4f3d038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 1249.722980][T17642] RAX: ffffffffffffffda RBX: 00007f5bf43b5fa0 RCX: 00007f5bf418e9a9
[ 1249.722998][T17642] RDX: 0000000000008000 RSI: 00002000000006c0 RDI: 0000000000000003
[ 1249.723013][T17642] RBP: 00007f5bf4f3d090 R08: 0000000000000000 R09: 0000000000000000
[ 1249.723028][T17642] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1249.723041][T17642] R13: 0000000000000000 R14: 00007f5bf43b5fa0 R15: 00007fff74b15908
[ 1249.723084][T17642]  </TASK>
[ 1249.775370][T17644] x_tables: ip6_tables: policy.0 match: invalid size 312 (kernel) != (user) 8
[ 1249.953525][ T6171] usb 2-1: NFC: intf ffff88807ddd3000
[ 1250.329284][T17658] openvswitch: netlink: IPv4 tunnel dst address is zero
[ 1251.741863][T17676] vhci_hcd vhci_hcd.0: pdev(2) rhport(0) sockfd(5)
[ 1251.748457][T17676] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed)
[ 1251.772809][T17676] vhci_hcd vhci_hcd.0: Device attached
[ 1251.812332][T17678] vhci_hcd: connection closed
[ 1251.905592][ T3484] vhci_hcd: stop threads
[ 1251.918984][ T3484] vhci_hcd: release socket
[ 1251.927888][ T3484] vhci_hcd: disconnect device
[ 1251.976756][T13632] vhci_hcd: vhci_device speed not set
[ 1252.390340][T17690] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1252.759620][T17703] FAULT_INJECTION: forcing a failure.
[ 1252.759620][T17703] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1252.779842][ T5843] Bluetooth: hci2: ACL packet for unknown connection handle 200
[ 1252.817163][T17703] CPU: 0 UID: 0 PID: 17703 Comm: syz.5.3305 Not tainted 6.16.0-rc6-syzkaller-00253-g4871b7cb27f4 #0 PREEMPT(full) 
[ 1252.817185][T17703] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 1252.817194][T17703] Call Trace:
[ 1252.817201][T17703]  <TASK>
[ 1252.817208][T17703]  dump_stack_lvl+0x189/0x250
[ 1252.817236][T17703]  ? __pfx____ratelimit+0x10/0x10
[ 1252.817251][T17703]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1252.817266][T17703]  ? __pfx__printk+0x10/0x10
[ 1252.817284][T17703]  ? __might_fault+0xb0/0x130
[ 1252.817307][T17703]  should_fail_ex+0x414/0x560
[ 1252.817325][T17703]  _copy_from_user+0x2d/0xb0
[ 1252.817344][T17703]  kstrtouint_from_user+0xc4/0x170
[ 1252.817362][T17703]  ? __pfx_kstrtouint_from_user+0x10/0x10
[ 1252.817389][T17703]  proc_fail_nth_write+0x88/0x240
[ 1252.817406][T17703]  ? __pfx_proc_fail_nth_write+0x10/0x10
[ 1252.817426][T17703]  ? __pfx_proc_fail_nth_write+0x10/0x10
[ 1252.817443][T17703]  vfs_write+0x27b/0xa90
[ 1252.817463][T17703]  ? __pfx_vfs_write+0x10/0x10
[ 1252.817478][T17703]  ? __fget_files+0x2a/0x420
[ 1252.817496][T17703]  ? __fget_files+0x3a0/0x420
[ 1252.817511][T17703]  ? __fget_files+0x2a/0x420
[ 1252.817532][T17703]  ksys_write+0x145/0x250
[ 1252.817547][T17703]  ? __pfx_ksys_write+0x10/0x10
[ 1252.817559][T17703]  ? rcu_is_watching+0x15/0xb0
[ 1252.817578][T17703]  ? do_syscall_64+0xbe/0x3b0
[ 1252.817595][T17703]  do_syscall_64+0xfa/0x3b0
[ 1252.817609][T17703]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1252.817623][T17703]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1252.817637][T17703]  ? clear_bhb_loop+0x60/0xb0
[ 1252.817653][T17703]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1252.817667][T17703] RIP: 0033:0x7faed218d45f
[ 1252.817679][T17703] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48
[ 1252.817691][T17703] RSP: 002b:00007faed301f030 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[ 1252.817705][T17703] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007faed218d45f
[ 1252.817715][T17703] RDX: 0000000000000001 RSI: 00007faed301f0a0 RDI: 0000000000000007
[ 1252.817724][T17703] RBP: 00007faed301f090 R08: 0000000000000000 R09: 0000000000000000
[ 1252.817732][T17703] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000001
[ 1252.817741][T17703] R13: 0000000000000000 R14: 00007faed23b5fa0 R15: 00007ffd4f88b508
[ 1252.817763][T17703]  </TASK>
[ 1254.950487][T17726] FAULT_INJECTION: forcing a failure.
[ 1254.950487][T17726] name failslab, interval 1, probability 0, space 0, times 0
[ 1255.181611][T17726] CPU: 1 UID: 0 PID: 17726 Comm: syz.1.3311 Not tainted 6.16.0-rc6-syzkaller-00253-g4871b7cb27f4 #0 PREEMPT(full) 
[ 1255.181646][T17726] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 1255.181660][T17726] Call Trace:
[ 1255.181669][T17726]  <TASK>
[ 1255.181680][T17726]  dump_stack_lvl+0x189/0x250
[ 1255.181709][T17726]  ? __pfx____ratelimit+0x10/0x10
[ 1255.181732][T17726]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1255.181756][T17726]  ? __pfx__printk+0x10/0x10
[ 1255.181786][T17726]  ? __pfx___might_resched+0x10/0x10
[ 1255.181810][T17726]  ? fs_reclaim_acquire+0x7d/0x100
[ 1255.181841][T17726]  should_fail_ex+0x414/0x560
[ 1255.181868][T17726]  should_failslab+0xa8/0x100
[ 1255.181894][T17726]  kmem_cache_alloc_node_noprof+0x76/0x3c0
[ 1255.181916][T17726]  ? __alloc_skb+0x112/0x2d0
[ 1255.181949][T17726]  __alloc_skb+0x112/0x2d0
[ 1255.181982][T17726]  alloc_skb_with_frags+0xca/0x890
[ 1255.182010][T17726]  ? __switch_to+0xd74/0x1600
[ 1255.182043][T17726]  ? __lock_acquire+0xab9/0xd20
[ 1255.182070][T17726]  sock_alloc_send_pskb+0x857/0x990
[ 1255.182091][T17726]  ? trace_irq_disable+0x37/0x110
[ 1255.182140][T17726]  ? __pfx_sock_alloc_send_pskb+0x10/0x10
[ 1255.182170][T17726]  ? packet_sendmsg+0x333e/0x5060
[ 1255.182212][T17726]  packet_sendmsg+0x3383/0x5060
[ 1255.182259][T17726]  ? __pfx___schedule+0x10/0x10
[ 1255.182304][T17726]  ? sched_clock+0x3f/0x60
[ 1255.182344][T17726]  ? rcu_is_watching+0x15/0xb0
[ 1255.182368][T17726]  ? trace_irq_disable+0x37/0x110
[ 1255.182397][T17726]  ? preempt_schedule_irq+0xde/0x150
[ 1255.182418][T17726]  ? __pfx_preempt_schedule_irq+0x10/0x10
[ 1255.182440][T17726]  ? __lock_acquire+0xab9/0xd20
[ 1255.182460][T17726]  ? __pfx_packet_sendmsg+0x10/0x10
[ 1255.182494][T17726]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1255.182521][T17726]  ? __pfx_packet_sendmsg+0x10/0x10
[ 1255.182550][T17726]  ? __pfx_packet_sendmsg+0x10/0x10
[ 1255.182585][T17726]  ? __pfx_packet_sendmsg+0x10/0x10
[ 1255.182616][T17726]  __sock_sendmsg+0x21c/0x270
[ 1255.182643][T17726]  __sys_sendto+0x3bd/0x520
[ 1255.182674][T17726]  ? __pfx___sys_sendto+0x10/0x10
[ 1255.182700][T17726]  ? __mutex_unlock_slowpath+0x1cd/0x700
[ 1255.182760][T17726]  ? rcu_is_watching+0x15/0xb0
[ 1255.182788][T17726]  __x64_sys_sendto+0xde/0x100
[ 1255.182821][T17726]  do_syscall_64+0xfa/0x3b0
[ 1255.182845][T17726]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1255.182865][T17726]  ? asm_sysvec_reschedule_ipi+0x1a/0x20
[ 1255.182886][T17726]  ? clear_bhb_loop+0x60/0xb0
[ 1255.182912][T17726]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1255.182934][T17726] RIP: 0033:0x7f359718e9a9
[ 1255.182953][T17726] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1255.182971][T17726] RSP: 002b:00007f35980b5038 EFLAGS: 00000246 ORIG_RAX: 000000000000002c
[ 1255.182994][T17726] RAX: ffffffffffffffda RBX: 00007f35973b5fa0 RCX: 00007f359718e9a9
[ 1255.183010][T17726] RDX: 0000000000000004 RSI: 0000200000000000 RDI: 0000000000000003
[ 1255.183024][T17726] RBP: 00007f35980b5090 R08: 0000200000000080 R09: 0000000000000014
[ 1255.183038][T17726] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1255.183051][T17726] R13: 0000000000000000 R14: 00007f35973b5fa0 R15: 00007ffca3e50ad8
[ 1255.183084][T17726]  </TASK>
[ 1255.881333][T17737] batman_adv: batadv0: adding TT local entry aa:aa:aa:aa:aa:2a to non-existent VLAN 1280
[ 1255.906211][T17738] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(5)
[ 1255.912809][T17738] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed)
[ 1255.943534][T17738] vhci_hcd vhci_hcd.0: Device attached
[ 1255.962645][T17740] vhci_hcd: connection closed
[ 1256.183177][ T6869] vhci_hcd: stop threads
[ 1256.192691][ T6869] vhci_hcd: release socket
[ 1256.223599][ T6869] vhci_hcd: disconnect device
[ 1256.377731][T15100] Bluetooth: hci3: command 0x0406 tx timeout
[ 1257.319372][T17759] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3322'.
[ 1258.613645][ T6171] usb 1-1: new high-speed USB device number 77 using dummy_hcd
[ 1258.783431][ T6171] usb 1-1: Using ep0 maxpacket: 8
[ 1258.795142][ T6171] usb 1-1: unable to get BOS descriptor or descriptor too short
[ 1258.926884][ T5899] usb 4-1: new high-speed USB device number 17 using dummy_hcd
[ 1259.237450][ T6171] usb 1-1: config 3 has an invalid interface number: 182 but max is 0
[ 1259.243422][T13632] usb 6-1: new high-speed USB device number 8 using dummy_hcd
[ 1259.273848][T17786] netlink: 40 bytes leftover after parsing attributes in process `syz.2.3331'.
[ 1259.286570][ T6171] usb 1-1: config 3 has an invalid descriptor of length 0, skipping remainder of the config
[ 1259.323561][ T6171] usb 1-1: config 3 has no interface number 0
[ 1259.333785][ T6171] usb 1-1: config 3 interface 182 altsetting 8 has an endpoint descriptor with address 0xC1, changing to 0x81
[ 1259.373583][ T6171] usb 1-1: config 3 interface 182 altsetting 8 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1259.395246][ T5899] usb 4-1: Using ep0 maxpacket: 16
[ 1259.402189][ T5899] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[ 1259.426780][ T6171] usb 1-1: config 3 interface 182 altsetting 8 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1259.439437][T13632] usb 6-1: config 0 interface 0 altsetting 251 endpoint 0x9 has invalid wMaxPacketSize 0
[ 1259.453570][ T5899] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 3
[ 1259.467591][T13632] usb 6-1: config 0 interface 0 has no altsetting 0
[ 1259.492887][ T6171] usb 1-1: config 3 interface 182 altsetting 8 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[ 1259.498864][T13632] usb 6-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b
[ 1259.525526][ T5899] usb 4-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[ 1259.540369][ T6171] usb 1-1: config 3 interface 182 has no altsetting 0
[ 1259.555851][ T5899] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1259.578290][ T6171] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a0, bcdDevice=90.57
[ 1259.587416][T13632] usb 6-1: New USB device strings: Mfr=1, Product=228, SerialNumber=2
[ 1259.587442][T13632] usb 6-1: Product: syz
[ 1259.603798][ T5899] usb 4-1: Product: syz
[ 1259.608012][ T5899] usb 4-1: Manufacturer: syz
[ 1259.643655][ T5899] usb 4-1: SerialNumber: syz
[ 1259.646224][ T6171] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1259.648791][T13632] usb 6-1: Manufacturer: syz
[ 1259.671314][ T6171] usb 1-1: Product: syz
[ 1259.684127][ T6171] usb 1-1: Manufacturer: syz
[ 1259.702755][ T6171] usb 1-1: SerialNumber: syz
[ 1259.708213][T13632] usb 6-1: SerialNumber: syz
[ 1259.751093][T13632] usb 6-1: config 0 descriptor??
[ 1259.895681][T17782] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1259.924145][T17782] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1259.944374][T17773] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1260.222617][T17773] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1260.256824][T17793] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1261.051176][ T6171] usbtest 1-1:3.182: couldn't get endpoints, -71
[ 1261.058198][ T6171] usbtest 1-1:3.182: probe with driver usbtest failed with error -71
[ 1261.075485][ T6171] usb 1-1: USB disconnect, device number 77
[ 1261.092615][T17793] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1262.058807][T17810] program syz.2.3336 is using a deprecated SCSI ioctl, please convert it to SG_IO
[ 1262.191010][ T5899] usb 4-1: 0:2 : does not exist
[ 1262.493540][ T6171] usb 3-1: new high-speed USB device number 17 using dummy_hcd
[ 1262.522899][ T5899] usb 4-1: 5:0: failed to get current value for ch 0 (-22)
[ 1262.576661][T13632] usb 6-1: selecting invalid altsetting 0
[ 1262.584609][ T5899] usb 4-1: USB disconnect, device number 17
[ 1262.631419][T13632] usb 6-1: USB disconnect, device number 8
[ 1262.793612][ T6171] usb 3-1: Using ep0 maxpacket: 16
[ 1262.800543][ T6171] usb 3-1: config 0 interface 0 altsetting 2 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1262.810638][ T6171] usb 3-1: config 0 interface 0 has no altsetting 0
[ 1262.824011][ T6171] usb 3-1: New USB device found, idVendor=060b, idProduct=500a, bcdDevice= 0.00
[ 1262.833128][ T6171] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1263.250060][ T6171] usb 3-1: config 0 descriptor??
[ 1263.711321][T17810] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1263.836515][T17810] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1263.917560][T13632] usb 6-1: new high-speed USB device number 9 using dummy_hcd
[ 1264.034009][ T6171] usbhid 3-1:0.0: can't add hid device: -71
[ 1264.050832][ T6171] usbhid 3-1:0.0: probe with driver usbhid failed with error -71
[ 1264.064857][ T6171] usb 3-1: USB disconnect, device number 17
[ 1264.213468][T13632] usb 6-1: Using ep0 maxpacket: 32
[ 1264.237035][T13632] usb 6-1: config index 0 descriptor too short (expected 35577, got 27)
[ 1264.264219][T13632] usb 6-1: config 1 has too many interfaces: 92, using maximum allowed: 32
[ 1264.304853][T17836] netlink: 40 bytes leftover after parsing attributes in process `syz.0.3343'.
[ 1264.327619][ T5891] usb 2-1: new high-speed USB device number 76 using dummy_hcd
[ 1264.354093][T13632] usb 6-1: config 1 has 1 interface, different from the descriptor's value: 92
[ 1264.414965][T13632] usb 6-1: config 1 has no interface number 0
[ 1264.838002][T13632] usb 6-1: config 1 interface 1 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0
[ 1264.853223][T13632] usb 6-1: config 1 interface 1 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 17
[ 1264.868343][T13632] usb 6-1: New USB device found, idVendor=0e41, idProduct=5051, bcdDevice=d5.e8
[ 1264.889891][T17834] vhci_hcd vhci_hcd.0: pdev(2) rhport(0) sockfd(5)
[ 1264.896482][T17834] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed)
[ 1264.927360][T13632] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1264.981561][T17842] netlink: 60 bytes leftover after parsing attributes in process `syz.3.3344'.
[ 1264.991316][T17834] vhci_hcd vhci_hcd.0: Device attached
[ 1265.006448][T13632] snd_usb_pod 6-1:1.1: Line 6 Pocket POD found
[ 1265.055126][ T5891] usb 2-1: Using ep0 maxpacket: 32
[ 1265.082243][T17839] vhci_hcd: connection closed
[ 1265.085281][T14229] vhci_hcd: stop threads
[ 1265.106045][ T5891] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1265.140226][ T5891] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1265.151252][T14229] vhci_hcd: release socket
[ 1265.169040][T14229] vhci_hcd: disconnect device
[ 1265.188418][ T5891] usb 2-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40
[ 1265.209258][T17815] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1265.234157][ T5891] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1265.245260][T17815] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1265.266687][T13632] snd_usb_pod 6-1:1.1: invalid control EP
[ 1265.272481][T13632] snd_usb_pod 6-1:1.1: cannot start listening: -22
[ 1265.294867][ T5891] usb 2-1: config 0 descriptor??
[ 1265.310841][T13632] snd_usb_pod 6-1:1.1: Line 6 Pocket POD now disconnected
[ 1265.312810][ T5891] hub 2-1:0.0: USB hub found
[ 1265.352297][T13632] snd_usb_pod 6-1:1.1: probe with driver snd_usb_pod failed with error -22
[ 1265.469817][T13632] usb 6-1: USB disconnect, device number 9
[ 1265.556839][ T5891] hub 2-1:0.0: config failed, can't read hub descriptor (err -90)
[ 1265.723523][ T6171] usb 1-1: new high-speed USB device number 78 using dummy_hcd
[ 1266.102085][ T6171] usb 1-1: config 0 interface 0 altsetting 251 endpoint 0x9 has invalid wMaxPacketSize 0
[ 1266.513159][ T6171] usb 1-1: config 0 interface 0 has no altsetting 0
[ 1266.676572][ T5891] usbhid 2-1:0.0: can't add hid device: -71
[ 1266.682653][ T5891] usbhid 2-1:0.0: probe with driver usbhid failed with error -71
[ 1266.713622][ T6171] usb 1-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b
[ 1266.744861][ T5891] usb 2-1: USB disconnect, device number 76
[ 1266.758890][ T6171] usb 1-1: New USB device strings: Mfr=1, Product=228, SerialNumber=2
[ 1266.790534][ T6171] usb 1-1: Product: syz
[ 1266.803700][ T6171] usb 1-1: Manufacturer: syz
[ 1266.808508][ T6171] usb 1-1: SerialNumber: syz
[ 1266.834675][ T6171] usb 1-1: config 0 descriptor??
[ 1266.868686][T17864] /dev/nullb0: Can't open blockdev
[ 1266.877751][ T6171] usb 1-1: selecting invalid altsetting 0
[ 1266.909645][T17868] bridge0: entered promiscuous mode
[ 1266.917107][T17868] macvlan2: entered promiscuous mode
[ 1266.978048][T17868] macvlan3: entered promiscuous mode
[ 1267.454279][ T5891] usb 6-1: new high-speed USB device number 10 using dummy_hcd
[ 1268.322264][ T5891] usb 6-1: config 0 interface 0 altsetting 251 endpoint 0x9 has invalid wMaxPacketSize 0
[ 1268.332489][ T5891] usb 6-1: config 0 interface 0 has no altsetting 0
[ 1268.342246][ T5891] usb 6-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b
[ 1268.352010][ T5891] usb 6-1: New USB device strings: Mfr=1, Product=228, SerialNumber=2
[ 1268.360432][ T5891] usb 6-1: Product: syz
[ 1268.364727][ T5891] usb 6-1: Manufacturer: syz
[ 1268.882651][ T5891] usb 6-1: SerialNumber: syz
[ 1268.890537][ T5891] usb 6-1: config 0 descriptor??
[ 1268.901795][ T5891] usb 6-1: selecting invalid altsetting 0
[ 1269.050300][T15547] usb 1-1: USB disconnect, device number 78
[ 1269.393176][ T6171] usb 6-1: USB disconnect, device number 10
[ 1269.524859][T17888] netlink: 'syz.0.3357': attribute type 1 has an invalid length.
[ 1269.933793][T15547] usb 1-1: new high-speed USB device number 79 using dummy_hcd
[ 1270.633451][T15547] usb 1-1: Using ep0 maxpacket: 32
[ 1270.701211][T15547] usb 1-1: config index 0 descriptor too short (expected 50356, got 796)
[ 1270.730540][T15547] usb 1-1: config 41 has too many interfaces: 195, using maximum allowed: 32
[ 1270.762154][T15547] usb 1-1: config 41 has an invalid descriptor of length 0, skipping remainder of the config
[ 1270.772847][T17898] x_tables: duplicate underflow at hook 4
[ 1270.803594][T15547] usb 1-1: config 41 has 0 interfaces, different from the descriptor's value: 195
[ 1270.826366][T15547] usb 1-1: New USB device found, idVendor=d024, idProduct=5e5a, bcdDevice=16.a9
[ 1270.839312][T15547] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1270.875928][T15547] usb 1-1: Product: syz
[ 1270.890505][T15547] usb 1-1: Manufacturer: syz
[ 1270.900146][T15547] usb 1-1: SerialNumber: syz
[ 1270.910219][T17900] vhci_hcd vhci_hcd.0: pdev(2) rhport(0) sockfd(5)
[ 1270.916772][T17900] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed)
[ 1270.947062][T17900] vhci_hcd vhci_hcd.0: Device attached
[ 1271.060152][T17902] vhci_hcd: connection closed
[ 1271.062044][T14895] vhci_hcd: stop threads
[ 1271.100193][T14895] vhci_hcd: release socket
[ 1271.110475][T14895] vhci_hcd: disconnect device
[ 1271.123578][T13632] vhci_hcd: vhci_device speed not set
[ 1271.187622][T15547] usb 1-1: USB disconnect, device number 79
[ 1271.439640][T17909] FAULT_INJECTION: forcing a failure.
[ 1271.439640][T17909] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1271.459670][T17909] CPU: 0 UID: 0 PID: 17909 Comm: syz.3.3363 Not tainted 6.16.0-rc6-syzkaller-00253-g4871b7cb27f4 #0 PREEMPT(full) 
[ 1271.459703][T17909] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 1271.459717][T17909] Call Trace:
[ 1271.459726][T17909]  <TASK>
[ 1271.459737][T17909]  dump_stack_lvl+0x189/0x250
[ 1271.459767][T17909]  ? __pfx____ratelimit+0x10/0x10
[ 1271.459789][T17909]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1271.459827][T17909]  ? __pfx__printk+0x10/0x10
[ 1271.459867][T17909]  should_fail_ex+0x414/0x560
[ 1271.459895][T17909]  _copy_to_user+0x31/0xb0
[ 1271.459927][T17909]  simple_read_from_buffer+0xe1/0x170
[ 1271.459954][T17909]  proc_fail_nth_read+0x1df/0x250
[ 1271.459983][T17909]  ? __pfx_proc_fail_nth_read+0x10/0x10
[ 1271.460013][T17909]  ? rw_verify_area+0x258/0x650
[ 1271.460044][T17909]  ? __pfx_proc_fail_nth_read+0x10/0x10
[ 1271.460071][T17909]  vfs_read+0x1fd/0x980
[ 1271.460107][T17909]  ? __pfx___mutex_lock+0x10/0x10
[ 1271.460131][T17909]  ? __pfx_vfs_read+0x10/0x10
[ 1271.460164][T17909]  ? __fget_files+0x2a/0x420
[ 1271.460193][T17909]  ? __fget_files+0x3a0/0x420
[ 1271.460214][T17909]  ? __fget_files+0x2a/0x420
[ 1271.460247][T17909]  ksys_read+0x145/0x250
[ 1271.460269][T17909]  ? __pfx_ksys_read+0x10/0x10
[ 1271.460294][T17909]  ? do_syscall_64+0xbe/0x3b0
[ 1271.460321][T17909]  do_syscall_64+0xfa/0x3b0
[ 1271.460342][T17909]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1271.460362][T17909]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1271.460383][T17909]  ? clear_bhb_loop+0x60/0xb0
[ 1271.460409][T17909]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1271.460429][T17909] RIP: 0033:0x7fe220d8d3bc
[ 1271.460448][T17909] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[ 1271.460466][T17909] RSP: 002b:00007fe221c05030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[ 1271.460488][T17909] RAX: ffffffffffffffda RBX: 00007fe220fb5fa0 RCX: 00007fe220d8d3bc
[ 1271.460504][T17909] RDX: 000000000000000f RSI: 00007fe221c050a0 RDI: 0000000000000005
[ 1271.460517][T17909] RBP: 00007fe221c05090 R08: 0000000000000000 R09: 0000000000000000
[ 1271.460530][T17909] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1271.460543][T17909] R13: 0000000000000000 R14: 00007fe220fb5fa0 R15: 00007ffde20a83e8
[ 1271.460576][T17909]  </TASK>
[ 1272.828387][T17932] netlink: 40 bytes leftover after parsing attributes in process `syz.2.3367'.
[ 1272.853487][T13632] usb 6-1: new high-speed USB device number 11 using dummy_hcd
[ 1273.417148][T13632] usb 6-1: Using ep0 maxpacket: 8
[ 1273.464625][T13632] usb 6-1: config 0 has an invalid interface number: 1 but max is 0
[ 1273.478789][T13632] usb 6-1: config 0 has no interface number 0
[ 1273.493470][T13632] usb 6-1: config 0 interface 1 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[ 1273.562574][T13632] usb 6-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22
[ 1273.604230][T13632] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1273.654678][T13632] usb 6-1: config 0 descriptor??
[ 1273.704664][T13632] iowarrior 6-1:0.1: IOWarrior product=0x1512, serial= interface=1 now attached to iowarrior0
[ 1273.871990][   T30] audit: type=1326 audit(1752951133.117:317): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17926 comm="syz.5.3369" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7faed218e9a9 code=0x0
[ 1273.962089][T17942] FAULT_INJECTION: forcing a failure.
[ 1273.962089][T17942] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1273.991335][T17942] CPU: 1 UID: 0 PID: 17942 Comm: syz.3.3372 Not tainted 6.16.0-rc6-syzkaller-00253-g4871b7cb27f4 #0 PREEMPT(full) 
[ 1273.991364][T17942] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 1273.991377][T17942] Call Trace:
[ 1273.991385][T17942]  <TASK>
[ 1273.991394][T17942]  dump_stack_lvl+0x189/0x250
[ 1273.991421][T17942]  ? __pfx____ratelimit+0x10/0x10
[ 1273.991441][T17942]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1273.991463][T17942]  ? __pfx__printk+0x10/0x10
[ 1273.991487][T17942]  ? __might_fault+0xb0/0x130
[ 1273.991517][T17942]  should_fail_ex+0x414/0x560
[ 1273.991542][T17942]  _copy_from_iter+0x1db/0x16f0
[ 1273.991578][T17942]  ? __pfx__copy_from_iter+0x10/0x10
[ 1273.991601][T17942]  ? __pfx_smack_socket_sendmsg+0x10/0x10
[ 1273.991640][T17942]  ? skb_put+0x11b/0x210
[ 1273.991687][T17942]  hci_sock_sendmsg+0x422/0xef0
[ 1273.991724][T17942]  ? __pfx_hci_sock_sendmsg+0x10/0x10
[ 1273.991758][T17942]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[ 1273.991780][T17942]  ? __pfx_hci_sock_sendmsg+0x10/0x10
[ 1273.991810][T17942]  __sock_sendmsg+0x21c/0x270
[ 1273.991838][T17942]  sock_write_iter+0x258/0x330
[ 1273.991862][T17942]  ? __pfx_sock_write_iter+0x10/0x10
[ 1273.991897][T17942]  ? bpf_lsm_file_permission+0x9/0x20
[ 1273.991920][T17942]  ? security_file_permission+0x75/0x290
[ 1273.991953][T17942]  vfs_write+0x548/0xa90
[ 1273.991978][T17942]  ? __pfx_sock_write_iter+0x10/0x10
[ 1273.992000][T17942]  ? __pfx_vfs_write+0x10/0x10
[ 1273.992031][T17942]  ? __fget_files+0x2a/0x420
[ 1273.992060][T17942]  ksys_write+0x145/0x250
[ 1273.992077][T17942]  ? __pfx_ksys_write+0x10/0x10
[ 1273.992089][T17942]  ? rcu_is_watching+0x15/0xb0
[ 1273.992110][T17942]  ? do_syscall_64+0xbe/0x3b0
[ 1273.992130][T17942]  do_syscall_64+0xfa/0x3b0
[ 1273.992145][T17942]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1273.992160][T17942]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1273.992175][T17942]  ? clear_bhb_loop+0x60/0xb0
[ 1273.992194][T17942]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1273.992208][T17942] RIP: 0033:0x7fe220d8e9a9
[ 1273.992222][T17942] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1273.992236][T17942] RSP: 002b:00007fe221c05038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[ 1273.992253][T17942] RAX: ffffffffffffffda RBX: 00007fe220fb5fa0 RCX: 00007fe220d8e9a9
[ 1273.992264][T17942] RDX: 0000000000000007 RSI: 0000200000000340 RDI: 0000000000000006
[ 1273.992274][T17942] RBP: 00007fe221c05090 R08: 0000000000000000 R09: 0000000000000000
[ 1273.992284][T17942] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1273.992293][T17942] R13: 0000000000000000 R14: 00007fe220fb5fa0 R15: 00007ffde20a83e8
[ 1273.992316][T17942]  </TASK>
[ 1274.258057][T17945] erofs (device nullb0): cannot find valid erofs superblock
[ 1274.467525][T17936] Bluetooth: hci5: Opcode 0x0c1a failed: -4
[ 1274.473569][T17936] Bluetooth: hci5: Error when powering off device on rfkill (-4)
[ 1274.619066][T17936] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[ 1274.625363][T17936] Bluetooth: hci2: Error when powering off device on rfkill (-4)
[ 1274.646484][T17936] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[ 1274.652491][T17936] Bluetooth: hci3: Error when powering off device on rfkill (-4)
[ 1274.686275][T17936] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[ 1274.692236][T17936] Bluetooth: hci0: Error when powering off device on rfkill (-4)
[ 1274.716892][T17936] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[ 1274.722885][T17936] Bluetooth: hci1: Error when powering off device on rfkill (-4)
[ 1275.188379][T17963] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(5)
[ 1275.194964][T17963] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed)
[ 1275.209484][T17963] vhci_hcd vhci_hcd.0: Device attached
[ 1275.217697][T17967] vhci_hcd: connection closed
[ 1275.218734][T16351] vhci_hcd: stop threads
[ 1275.237852][T16351] vhci_hcd: release socket
[ 1275.275135][T16351] vhci_hcd: disconnect device
[ 1275.557424][ T5891] usb 6-1: USB disconnect, device number 11
[ 1275.656554][T17977] netlink: 40 bytes leftover after parsing attributes in process `syz.0.3381'.
[ 1276.219825][T17979] Bluetooth: MGMT ver 1.23
[ 1276.367904][T17989] FAULT_INJECTION: forcing a failure.
[ 1276.367904][T17989] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1276.397486][T17989] CPU: 0 UID: 0 PID: 17989 Comm: syz.0.3385 Not tainted 6.16.0-rc6-syzkaller-00253-g4871b7cb27f4 #0 PREEMPT(full) 
[ 1276.397520][T17989] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 1276.397534][T17989] Call Trace:
[ 1276.397544][T17989]  <TASK>
[ 1276.397554][T17989]  dump_stack_lvl+0x189/0x250
[ 1276.397583][T17989]  ? __pfx____ratelimit+0x10/0x10
[ 1276.397605][T17989]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1276.397629][T17989]  ? __pfx__printk+0x10/0x10
[ 1276.397677][T17989]  should_fail_ex+0x414/0x560
[ 1276.397705][T17989]  _copy_to_user+0x31/0xb0
[ 1276.397737][T17989]  simple_read_from_buffer+0xe1/0x170
[ 1276.397766][T17989]  proc_fail_nth_read+0x1df/0x250
[ 1276.397796][T17989]  ? __pfx_proc_fail_nth_read+0x10/0x10
[ 1276.397826][T17989]  ? rw_verify_area+0x258/0x650
[ 1276.397857][T17989]  ? __pfx_proc_fail_nth_read+0x10/0x10
[ 1276.397885][T17989]  vfs_read+0x1fd/0x980
[ 1276.397923][T17989]  ? __pfx___mutex_lock+0x10/0x10
[ 1276.397947][T17989]  ? __pfx_vfs_read+0x10/0x10
[ 1276.397980][T17989]  ? __fget_files+0x2a/0x420
[ 1276.398010][T17989]  ? __fget_files+0x3a0/0x420
[ 1276.398033][T17989]  ? __fget_files+0x2a/0x420
[ 1276.398066][T17989]  ksys_read+0x145/0x250
[ 1276.398090][T17989]  ? __pfx_ksys_read+0x10/0x10
[ 1276.398107][T17989]  ? rcu_is_watching+0x15/0xb0
[ 1276.398136][T17989]  ? do_syscall_64+0xbe/0x3b0
[ 1276.398164][T17989]  do_syscall_64+0xfa/0x3b0
[ 1276.398186][T17989]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1276.398207][T17989]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1276.398229][T17989]  ? clear_bhb_loop+0x60/0xb0
[ 1276.398255][T17989]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1276.398276][T17989] RIP: 0033:0x7f5bf418d3bc
[ 1276.398296][T17989] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[ 1276.398315][T17989] RSP: 002b:00007f5bf4f3d030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[ 1276.398337][T17989] RAX: ffffffffffffffda RBX: 00007f5bf43b5fa0 RCX: 00007f5bf418d3bc
[ 1276.398352][T17989] RDX: 000000000000000f RSI: 00007f5bf4f3d0a0 RDI: 0000000000000003
[ 1276.398365][T17989] RBP: 00007f5bf4f3d090 R08: 0000000000000000 R09: 0000000000000000
[ 1276.398378][T17989] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1276.398391][T17989] R13: 0000000000000001 R14: 00007f5bf43b5fa0 R15: 00007fff74b15908
[ 1276.398424][T17989]  </TASK>
[ 1276.658569][T17988] netlink: 16 bytes leftover after parsing attributes in process `syz.2.3386'.
[ 1276.921430][ T5891] usb 4-1: new high-speed USB device number 18 using dummy_hcd
[ 1276.921811][T17997] netlink: 40 bytes leftover after parsing attributes in process `syz.2.3389'.
[ 1277.043793][ T6171] usb 1-1: new high-speed USB device number 80 using dummy_hcd
[ 1277.130089][ T5891] usb 4-1: config 0 interface 0 altsetting 251 endpoint 0x9 has invalid wMaxPacketSize 0
[ 1277.174801][ T5891] usb 4-1: config 0 interface 0 has no altsetting 0
[ 1277.215023][ T6171] usb 1-1: device descriptor read/64, error -71
[ 1277.275926][ T5891] usb 4-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b
[ 1277.297985][ T5891] usb 4-1: New USB device strings: Mfr=1, Product=228, SerialNumber=2
[ 1277.323119][ T5891] usb 4-1: Product: syz
[ 1277.335064][ T5891] usb 4-1: Manufacturer: syz
[ 1277.340613][ T5891] usb 4-1: SerialNumber: syz
[ 1277.441079][ T5891] usb 4-1: config 0 descriptor??
[ 1277.466218][ T5891] usb 4-1: selecting invalid altsetting 0
[ 1277.493530][ T6171] usb 1-1: new high-speed USB device number 81 using dummy_hcd
[ 1277.643860][ T6171] usb 1-1: device descriptor read/64, error -71
[ 1277.774006][ T6171] usb usb1-port1: attempt power cycle
[ 1277.823516][ T5891] usb 6-1: new high-speed USB device number 12 using dummy_hcd
[ 1278.013775][ T5891] usb 6-1: Using ep0 maxpacket: 8
[ 1278.053955][   T46] usb 2-1: new high-speed USB device number 77 using dummy_hcd
[ 1278.500254][ T6171] usb 1-1: new high-speed USB device number 82 using dummy_hcd
[ 1278.873518][   T46] usb 2-1: Using ep0 maxpacket: 16
[ 1280.423510][ T6171] usb 1-1: device not accepting address 82, error -71
[ 1283.085872][T18018] netlink: 40 bytes leftover after parsing attributes in process `syz.0.3395'.
[ 1283.208199][ T5899] usb 4-1: USB disconnect, device number 18
[ 1283.361882][   T46] usb 2-1: device descriptor read/all, error -71
[ 1283.714369][ T5891] usb 6-1: unable to read config index 0 descriptor/start: -71
[ 1283.722024][ T5891] usb 6-1: can't read configurations, error -71
[ 1284.106700][T18031] netlink: 'syz.2.3399': attribute type 8 has an invalid length.
[ 1286.549618][T13632] libceph: connect (1)[c::]:6789 error -101
[ 1286.559797][T13632] libceph: mon0 (1)[c::]:6789 connect error
[ 1286.691466][T18049] FAULT_INJECTION: forcing a failure.
[ 1286.691466][T18049] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1286.708903][T18049] CPU: 0 UID: 0 PID: 18049 Comm: syz.5.3403 Not tainted 6.16.0-rc6-syzkaller-00253-g4871b7cb27f4 #0 PREEMPT(full) 
[ 1286.708937][T18049] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 1286.708951][T18049] Call Trace:
[ 1286.708960][T18049]  <TASK>
[ 1286.708970][T18049]  dump_stack_lvl+0x189/0x250
[ 1286.708999][T18049]  ? __pfx____ratelimit+0x10/0x10
[ 1286.709021][T18049]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1286.709045][T18049]  ? __pfx__printk+0x10/0x10
[ 1286.709085][T18049]  should_fail_ex+0x414/0x560
[ 1286.709112][T18049]  _copy_to_user+0x31/0xb0
[ 1286.709143][T18049]  simple_read_from_buffer+0xe1/0x170
[ 1286.709171][T18049]  proc_fail_nth_read+0x1df/0x250
[ 1286.709201][T18049]  ? __pfx_proc_fail_nth_read+0x10/0x10
[ 1286.709230][T18049]  ? rw_verify_area+0x258/0x650
[ 1286.709260][T18049]  ? __pfx_proc_fail_nth_read+0x10/0x10
[ 1286.709288][T18049]  vfs_read+0x1fd/0x980
[ 1286.709326][T18049]  ? __pfx___mutex_lock+0x10/0x10
[ 1286.709351][T18049]  ? __pfx_vfs_read+0x10/0x10
[ 1286.709385][T18049]  ? __fget_files+0x2a/0x420
[ 1286.709413][T18049]  ? __fget_files+0x3a0/0x420
[ 1286.709435][T18049]  ? __fget_files+0x2a/0x420
[ 1286.709469][T18049]  ksys_read+0x145/0x250
[ 1286.709486][T18049]  ? __pfx_filldir64+0x10/0x10
[ 1286.709508][T18049]  ? __pfx_ksys_read+0x10/0x10
[ 1286.709524][T18049]  ? rcu_is_watching+0x15/0xb0
[ 1286.709554][T18049]  ? do_syscall_64+0xbe/0x3b0
[ 1286.709581][T18049]  do_syscall_64+0xfa/0x3b0
[ 1286.709603][T18049]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1286.709624][T18049]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1286.709645][T18049]  ? clear_bhb_loop+0x60/0xb0
[ 1286.709683][T18049]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1286.709704][T18049] RIP: 0033:0x7faed218d3bc
[ 1286.709724][T18049] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[ 1286.709742][T18049] RSP: 002b:00007faed301f030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[ 1286.709765][T18049] RAX: ffffffffffffffda RBX: 00007faed23b5fa0 RCX: 00007faed218d3bc
[ 1286.709781][T18049] RDX: 000000000000000f RSI: 00007faed301f0a0 RDI: 0000000000000004
[ 1286.709794][T18049] RBP: 00007faed301f090 R08: 0000000000000000 R09: 0000000000000000
[ 1286.709808][T18049] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1286.709821][T18049] R13: 0000000000000000 R14: 00007faed23b5fa0 R15: 00007ffd4f88b508
[ 1286.709856][T18049]  </TASK>
[ 1286.838612][T18051] netlink: 268 bytes leftover after parsing attributes in process `syz.3.3404'.
[ 1286.976493][T13632] libceph: connect (1)[c::]:6789 error -101
[ 1286.982545][T13632] libceph: mon0 (1)[c::]:6789 connect error
[ 1287.545097][T15256] libceph: connect (1)[c::]:6789 error -101
[ 1287.568915][T15256] libceph: mon0 (1)[c::]:6789 connect error
[ 1287.583292][T18040] ceph: No mds server is up or the cluster is laggy
[ 1290.053586][ T5899] usb 1-1: new high-speed USB device number 84 using dummy_hcd
[ 1290.272407][ T5899] usb 1-1: config 0 interface 0 altsetting 251 endpoint 0x9 has invalid wMaxPacketSize 0
[ 1290.318230][ T5899] usb 1-1: config 0 interface 0 has no altsetting 0
[ 1290.366619][ T5899] usb 1-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b
[ 1290.424542][ T5899] usb 1-1: New USB device strings: Mfr=1, Product=228, SerialNumber=2
[ 1290.486421][ T5899] usb 1-1: Product: syz
[ 1290.532890][T18078] net veth1_virt_wifi 
€Â: renamed from virt_wifi0
[ 1290.542857][ T5899] usb 1-1: Manufacturer: syz
[ 1290.570359][ T5899] usb 1-1: SerialNumber: syz
[ 1290.675994][ T5899] usb 1-1: config 0 descriptor??
[ 1290.872783][ T5899] usb 1-1: selecting invalid altsetting 0
[ 1291.222835][ T5899] usb 1-1: USB disconnect, device number 84
[ 1291.410326][T18087] netlink: 56 bytes leftover after parsing attributes in process `syz.5.3416'.
[ 1292.618572][T18096] netlink: 'syz.2.3419': attribute type 29 has an invalid length.
[ 1293.380194][T18108] netlink: 12 bytes leftover after parsing attributes in process `syz.1.3422'.
[ 1293.434807][T18112] netlink: 12 bytes leftover after parsing attributes in process `syz.1.3422'.
[ 1298.156098][T18160] erofs (device nullb0): cannot find valid erofs superblock
[ 1298.662737][T13632] usb 4-1: new high-speed USB device number 19 using dummy_hcd
[ 1299.627170][T13632] usb 4-1: device descriptor read/64, error -71
[ 1300.138443][ T1300] ieee802154 phy0 wpan0: encryption failed: -22
[ 1300.145252][ T1300] ieee802154 phy1 wpan1: encryption failed: -22
[ 1302.052398][T18194] FAULT_INJECTION: forcing a failure.
[ 1302.052398][T18194] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1302.092584][T18194] CPU: 0 UID: 0 PID: 18194 Comm: syz.5.3442 Not tainted 6.16.0-rc6-syzkaller-00253-g4871b7cb27f4 #0 PREEMPT(full) 
[ 1302.092619][T18194] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 1302.092634][T18194] Call Trace:
[ 1302.092644][T18194]  <TASK>
[ 1302.092654][T18194]  dump_stack_lvl+0x189/0x250
[ 1302.092683][T18194]  ? __pfx____ratelimit+0x10/0x10
[ 1302.092717][T18194]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1302.092742][T18194]  ? __pfx__printk+0x10/0x10
[ 1302.092784][T18194]  should_fail_ex+0x414/0x560
[ 1302.092812][T18194]  _copy_to_user+0x31/0xb0
[ 1302.092844][T18194]  semctl_info+0x2d3/0x460
[ 1302.092873][T18194]  ? __pfx_semctl_info+0x10/0x10
[ 1302.092902][T18194]  ? __pfx_vfs_write+0x10/0x10
[ 1302.092934][T18194]  __se_sys_semctl+0x2af/0x3a0
[ 1302.092961][T18194]  ? __pfx___se_sys_semctl+0x10/0x10
[ 1302.092994][T18194]  ? __pfx_ksys_write+0x10/0x10
[ 1302.093021][T18194]  ? do_syscall_64+0xbe/0x3b0
[ 1302.093048][T18194]  do_syscall_64+0xfa/0x3b0
[ 1302.093070][T18194]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1302.093091][T18194]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1302.093112][T18194]  ? clear_bhb_loop+0x60/0xb0
[ 1302.093139][T18194]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1302.093160][T18194] RIP: 0033:0x7faed218e9a9
[ 1302.093179][T18194] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1302.093197][T18194] RSP: 002b:00007faed301f038 EFLAGS: 00000246 ORIG_RAX: 0000000000000042
[ 1302.093220][T18194] RAX: ffffffffffffffda RBX: 00007faed23b5fa0 RCX: 00007faed218e9a9
[ 1302.093236][T18194] RDX: 0000000000000003 RSI: 0000000000000001 RDI: 0000000000000000
[ 1302.093249][T18194] RBP: 00007faed301f090 R08: 0000000000000000 R09: 0000000000000000
[ 1302.093263][T18194] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1302.093276][T18194] R13: 0000000000000001 R14: 00007faed23b5fa0 R15: 00007ffd4f88b508
[ 1302.093311][T18194]  </TASK>
[ 1309.933267][T18212] vhci_hcd vhci_hcd.0: pdev(2) rhport(0) sockfd(5)
[ 1309.939866][T18212] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed)
[ 1309.973621][T18212] vhci_hcd vhci_hcd.0: Device attached
[ 1310.043363][T18214] vhci_hcd: connection closed
[ 1310.043877][ T6877] vhci_hcd: stop threads
[ 1310.053017][ T6877] vhci_hcd: release socket
[ 1310.063447][T15256] usb 4-1: new low-speed USB device number 21 using dummy_hcd
[ 1310.094521][ T6877] vhci_hcd: disconnect device
[ 1310.153778][ T5899] vhci_hcd: vhci_device speed not set
[ 1310.239067][T15256] usb 4-1: New USB device found, idVendor=1557, idProduct=7720, bcdDevice=b7.eb
[ 1310.252316][T15256] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1310.349440][T15256] usb 4-1: config 0 descriptor??
[ 1312.271944][T18232] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[ 1312.743410][T13632] usb 6-1: new high-speed USB device number 14 using dummy_hcd
[ 1313.002187][T13632] usb 6-1: config 0 interface 0 altsetting 251 endpoint 0x9 has invalid wMaxPacketSize 0
[ 1313.119188][T13632] usb 6-1: config 0 interface 0 has no altsetting 0
[ 1313.344943][T13632] usb 6-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b
[ 1313.510027][T13632] usb 6-1: New USB device strings: Mfr=1, Product=228, SerialNumber=2
[ 1313.665565][T13632] usb 6-1: Product: syz
[ 1313.744248][T13632] usb 6-1: Manufacturer: syz
[ 1313.822073][T13632] usb 6-1: SerialNumber: syz
[ 1314.300939][T13632] usb 6-1: config 0 descriptor??
[ 1315.494437][   T31] INFO: task kworker/u8:6:16352 blocked for more than 144 seconds.
[ 1315.753995][   T31]       Not tainted 6.16.0-rc6-syzkaller-00253-g4871b7cb27f4 #0
[ 1315.756047][T18246] netlink: 40 bytes leftover after parsing attributes in process `syz.1.3458'.
[ 1315.771359][   T31] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[ 1315.771448][   T31] task:kworker/u8:6    state:D stack:23448 pid:16352 tgid:16352 ppid:2      task_flags:0x4208060 flags:0x00004000
[ 1315.771713][   T31] Workqueue: netns cleanup_net
[ 1315.771809][   T31] Call Trace:
[ 1315.771847][   T31]  <TASK>
[ 1315.771946][   T31]  __schedule+0x16a2/0x4cb0
[ 1315.782571][T13632] usb 6-1: selecting invalid altsetting 0
[ 1315.792940][   T31]  ? schedule+0x165/0x360
[ 1315.821305][   T31]  ? __pfx___schedule+0x10/0x10
[ 1315.826526][   T31]  ? schedule+0x91/0x360
[ 1315.830966][   T31]  schedule+0x165/0x360
[ 1315.835348][   T31]  afs_cell_purge+0x3d9/0x540
[ 1315.840261][   T31]  ? __pfx_afs_cell_purge+0x10/0x10
[ 1315.845677][   T31]  ? __pfx_var_wake_function+0x10/0x10
[ 1315.852032][   T31]  ? afs_net+0x45/0x270
[ 1315.856845][   T31]  ? afs_net+0x45/0x270
[ 1315.861631][   T31]  afs_net_exit+0x50/0x100
[ 1315.880682][   T31]  ops_undo_list+0x49a/0x990
[ 1315.886175][   T31]  ? __pfx_ops_undo_list+0x10/0x10
[ 1315.892593][   T31]  cleanup_net+0x4c5/0x800
[ 1316.239095][   T31]  ? __pfx_cleanup_net+0x10/0x10
[ 1316.343190][   T31]  ? _raw_spin_unlock_irq+0x23/0x50
[ 1316.376130][   T31]  ? process_scheduled_works+0x9ef/0x17b0
[ 1316.412688][   T31]  ? process_scheduled_works+0x9ef/0x17b0
[ 1316.438226][   T31]  process_scheduled_works+0xade/0x17b0
[ 1316.448772][   T31]  ? __pfx_process_scheduled_works+0x10/0x10
[ 1316.457460][   T31]  worker_thread+0x8a0/0xda0
[ 1316.462226][   T31]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[ 1316.476039][   T31]  ? __kthread_parkme+0x7b/0x200
[ 1316.485761][   T31]  kthread+0x711/0x8a0
[ 1316.486017][T15256] asix 4-1:0.0 (unnamed net_device) (uninitialized): Failed to write reg index 0x0000: -71
[ 1316.489976][   T31]  ? __pfx_worker_thread+0x10/0x10
[ 1316.512593][   T31]  ? __pfx_kthread+0x10/0x10
[ 1316.512858][T13632] usb 6-1: USB disconnect, device number 14
[ 1316.517457][   T31]  ? _raw_spin_unlock_irq+0x23/0x50
[ 1316.536019][   T31]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1316.551540][   T31]  ? __pfx_kthread+0x10/0x10
[ 1316.553673][T15256] asix 4-1:0.0 (unnamed net_device) (uninitialized): Failed to send software reset: ffffffb9
[ 1316.562642][   T31]  ret_from_fork+0x3fc/0x770
[ 1316.567865][T15256] asix 4-1:0.0: probe with driver asix failed with error -71
[ 1316.572759][   T31]  ? __pfx_ret_from_fork+0x10/0x10
[ 1316.589714][T15256] usb 4-1: USB disconnect, device number 21
[ 1316.594887][   T31]  ? __switch_to_asm+0x39/0x70
[ 1316.601081][   T31]  ? __switch_to_asm+0x33/0x70
[ 1316.611075][   T31]  ? __pfx_kthread+0x10/0x10
[ 1316.616130][   T31]  ret_from_fork_asm+0x1a/0x30
[ 1316.621076][   T31]  </TASK>
[ 1316.628590][   T31] 
[ 1316.628590][   T31] Showing all locks held in the system:
[ 1316.647887][   T31] 1 lock held by khungtaskd/31:
[ 1316.655296][   T31]  #0: ffffffff8e13f0e0 (rcu_read_lock){....}-{1:3}, at: debug_show_all_locks+0x2e/0x180
[ 1316.667127][   T31] 2 locks held by getty/5596:
[ 1316.671859][   T31]  #0: ffff8880354910a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x25/0x70
[ 1316.683010][   T31]  #1: ffffc9000333b2f0 (&ldata->atomic_read_lock){+.+.}-{4:4}, at: n_tty_read+0x43e/0x1400
[ 1316.693433][   T31] 3 locks held by kworker/0:2/13632:
[ 1316.710081][   T31]  #0: ffff888021aea548 ((wq_completion)usb_hub_wq){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0
[ 1316.721583][   T31]  #1: ffffc900047bfbc0 ((work_completion)(&hub->events)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0
[ 1316.737517][   T31]  #2: ffff8881447cd198 (&dev->mutex){....}-{4:4}, at: hub_event+0x184/0x4a00
[ 1316.747639][   T31] 3 locks held by kworker/0:4/15256:
[ 1316.752962][   T31]  #0: ffff888021aea548 ((wq_completion)usb_hub_wq){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0
[ 1316.768115][   T31]  #1: ffff8880b8623f08 (&per_cpu_ptr(group->pcpu, cpu)->seq){-.-.}-{0:0}, at: psi_task_switch+0x318/0x6d0
[ 1316.779959][   T31]  #2: ffffffff99ce5760 (&obj_hash[i].lock){-.-.}-{2:2}, at: debug_object_deactivate+0x9a/0x250
[ 1316.791125][   T31] 3 locks held by kworker/u8:6/16352:
[ 1316.796798][   T31]  #0: ffff88801b2fb948 ((wq_completion)netns){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0
[ 1316.807919][   T31]  #1: ffffc9000fab7bc0 (net_cleanup_work){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0
[ 1316.818662][   T31]  #2: ffffffff8f4fcd10 (pernet_ops_rwsem){++++}-{4:4}, at: cleanup_net+0xf7/0x800
[ 1316.829203][   T31] 3 locks held by kworker/u8:7/17068:
[ 1316.836600][   T31]  #0: ffff88801a489148 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0
[ 1316.848362][   T31]  #1: ffffc9000b417bc0 ((linkwatch_work).work){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0
[ 1316.859728][   T31]  #2: ffffffff8f509908 (rtnl_mutex){+.+.}-{4:4}, at: linkwatch_event+0xe/0x60
[ 1316.869236][   T31] 2 locks held by syz.0.3456/18231:
[ 1316.874710][   T31]  #0: ffffffff8f509908 (rtnl_mutex){+.+.}-{4:4}, at: tun_chr_close+0x3e/0x1c0
[ 1316.884081][   T31]  #1: ffffffff8e144bf8 (rcu_state.exp_mutex){+.+.}-{4:4}, at: synchronize_rcu_expedited+0x2f6/0x730
[ 1316.906901][   T31] 
[ 1316.912134][   T31] =============================================
[ 1316.912134][   T31] 
[ 1316.920701][   T31] NMI backtrace for cpu 1
[ 1316.920720][   T31] CPU: 1 UID: 0 PID: 31 Comm: khungtaskd Not tainted 6.16.0-rc6-syzkaller-00253-g4871b7cb27f4 #0 PREEMPT(full) 
[ 1316.920744][   T31] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 1316.920758][   T31] Call Trace:
[ 1316.920767][   T31]  <TASK>
[ 1316.920776][   T31]  dump_stack_lvl+0x189/0x250
[ 1316.920803][   T31]  ? __wake_up_klogd+0xd9/0x110
[ 1316.920834][   T31]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1316.920858][   T31]  ? __pfx__printk+0x10/0x10
[ 1316.920898][   T31]  nmi_cpu_backtrace+0x39e/0x3d0
[ 1316.920930][   T31]  ? __pfx_nmi_cpu_backtrace+0x10/0x10
[ 1316.920957][   T31]  ? _printk+0xcf/0x120
[ 1316.920988][   T31]  ? __pfx__printk+0x10/0x10
[ 1316.921016][   T31]  ? __pfx_nmi_raise_cpu_backtrace+0x10/0x10
[ 1316.921050][   T31]  nmi_trigger_cpumask_backtrace+0x17a/0x300
[ 1316.921084][   T31]  watchdog+0xfee/0x1030
[ 1316.921117][   T31]  ? watchdog+0x1de/0x1030
[ 1316.921156][   T31]  kthread+0x711/0x8a0
[ 1316.921186][   T31]  ? __pfx_watchdog+0x10/0x10
[ 1316.921215][   T31]  ? __pfx_kthread+0x10/0x10
[ 1316.921244][   T31]  ? _raw_spin_unlock_irq+0x23/0x50
[ 1316.921275][   T31]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1316.921301][   T31]  ? __pfx_kthread+0x10/0x10
[ 1316.921328][   T31]  ret_from_fork+0x3fc/0x770
[ 1316.921352][   T31]  ? __pfx_ret_from_fork+0x10/0x10
[ 1316.921379][   T31]  ? __switch_to_asm+0x39/0x70
[ 1316.921403][   T31]  ? __switch_to_asm+0x33/0x70
[ 1316.921427][   T31]  ? __pfx_kthread+0x10/0x10
[ 1316.921455][   T31]  ret_from_fork_asm+0x1a/0x30
[ 1316.921498][   T31]  </TASK>
[ 1316.921506][   T31] Sending NMI from CPU 1 to CPUs 0:
[ 1317.083213][    C0] NMI backtrace for cpu 0
[ 1317.083232][    C0] CPU: 0 UID: 0 PID: 0 Comm: swapper/0 Not tainted 6.16.0-rc6-syzkaller-00253-g4871b7cb27f4 #0 PREEMPT(full) 
[ 1317.083254][    C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 1317.083266][    C0] RIP: 0010:pv_native_safe_halt+0x13/0x20
[ 1317.083306][    C0] Code: 93 de 02 00 cc cc cc 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 66 90 0f 00 2d d3 cd 21 00 f3 0f 1e fa fb f4 <c3> cc cc cc cc cc cc cc cc cc cc cc cc 90 90 90 90 90 90 90 90 90
[ 1317.083324][    C0] RSP: 0018:ffffffff8de07d80 EFLAGS: 000002c2
[ 1317.083342][    C0] RAX: 4ea656e670a5ba00 RBX: ffffffff81976938 RCX: 4ea656e670a5ba00
[ 1317.083356][    C0] RDX: 0000000000000001 RSI: ffffffff8d982766 RDI: ffffffff8be1b8c0
[ 1317.083370][    C0] RBP: ffffffff8de07ea8 R08: ffff8880b8632f5b R09: 1ffff110170c65eb
[ 1317.083384][    C0] R10: dffffc0000000000 R11: ffffed10170c65ec R12: ffffffff8fa0acf0
[ 1317.083398][    C0] R13: 0000000000000000 R14: 0000000000000000 R15: 1ffffffff1bd2a50
[ 1317.083410][    C0] FS:  0000000000000000(0000) GS:ffff888125c59000(0000) knlGS:0000000000000000
[ 1317.083425][    C0] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 1317.083438][    C0] CR2: 00005555639f15c8 CR3: 0000000077c18000 CR4: 00000000003526f0
[ 1317.083454][    C0] Call Trace:
[ 1317.083463][    C0]  <TASK>
[ 1317.083470][    C0]  default_idle+0x13/0x20
[ 1317.083492][    C0]  default_idle_call+0x74/0xb0
[ 1317.083514][    C0]  do_idle+0x1e8/0x510
[ 1317.083537][    C0]  ? __pfx_do_idle+0x10/0x10
[ 1317.083564][    C0]  cpu_startup_entry+0x44/0x60
[ 1317.083584][    C0]  rest_init+0x2de/0x300
[ 1317.083604][    C0]  ? __pfx_x86_late_time_init+0x10/0x10
[ 1317.083637][    C0]  start_kernel+0x47d/0x500
[ 1317.083658][    C0]  x86_64_start_reservations+0x24/0x30
[ 1317.083682][    C0]  x86_64_start_kernel+0x143/0x1c0
[ 1317.083705][    C0]  common_startup_64+0x13e/0x147
[ 1317.083737][    C0]  </TASK>
[ 1317.084674][   T31] Kernel panic - not syncing: hung_task: blocked tasks
[ 1317.084700][   T31] CPU: 1 UID: 0 PID: 31 Comm: khungtaskd Not tainted 6.16.0-rc6-syzkaller-00253-g4871b7cb27f4 #0 PREEMPT(full) 
[ 1317.084731][   T31] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 1317.084747][   T31] Call Trace:
[ 1317.084758][   T31]  <TASK>
[ 1317.084770][   T31]  dump_stack_lvl+0x99/0x250
[ 1317.084802][   T31]  ? __asan_memcpy+0x40/0x70
[ 1317.084836][   T31]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1317.084864][   T31]  ? __pfx__printk+0x10/0x10
[ 1317.084911][   T31]  panic+0x2db/0x790
[ 1317.084945][   T31]  ? __pfx_panic+0x10/0x10
[ 1317.084970][   T31]  ? __pfx_delay_tsc+0x10/0x10
[ 1317.085001][   T31]  ? nmi_backtrace_stall_check+0x433/0x440
[ 1317.085035][   T31]  ? preempt_schedule_thunk+0x16/0x30
[ 1317.085073][   T31]  ? nmi_trigger_cpumask_backtrace+0x2b6/0x300
[ 1317.085118][   T31]  watchdog+0x102d/0x1030
[ 1317.085157][   T31]  ? watchdog+0x1de/0x1030
[ 1317.085202][   T31]  kthread+0x711/0x8a0
[ 1317.085239][   T31]  ? __pfx_watchdog+0x10/0x10
[ 1317.085273][   T31]  ? __pfx_kthread+0x10/0x10
[ 1317.085308][   T31]  ? _raw_spin_unlock_irq+0x23/0x50
[ 1317.085347][   T31]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1317.085378][   T31]  ? __pfx_kthread+0x10/0x10
[ 1317.085410][   T31]  ret_from_fork+0x3fc/0x770
[ 1317.085438][   T31]  ? __pfx_ret_from_fork+0x10/0x10
[ 1317.085470][   T31]  ? __switch_to_asm+0x39/0x70
[ 1317.085498][   T31]  ? __switch_to_asm+0x33/0x70
[ 1317.085526][   T31]  ? __pfx_kthread+0x10/0x10
[ 1317.085560][   T31]  ret_from_fork_asm+0x1a/0x30
[ 1317.085608][   T31]  </TASK>
[ 1317.418693][   T31] Kernel Offset: disabled
[ 1317.423034][   T31] Rebooting in 86400 seconds..