last executing test programs:

9m26.647523133s ago: executing program 3 (id=4):
socket$netlink(0x10, 0x3, 0x0)
r0 = socket(0x10, 0x803, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000040), 0xffffffffffffffff)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
r3 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r3, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
sendmsg$NL80211_CMD_START_SCHED_SCAN(0xffffffffffffffff, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x40810}, 0xc0)
socket$igmp6(0xa, 0x3, 0x2)
sendmsg$IPVS_CMD_ZERO(r1, &(0x7f0000001240)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000080)={0x14, r2, 0x1, 0x0, 0x8004}, 0x14}}, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000))
syz_open_dev$ttys(0xc, 0x2, 0x0)
r4 = fsopen(&(0x7f00000000c0)='cgroup2\x00', 0x0)
fsconfig$FSCONFIG_SET_BINARY(r4, 0x6, 0x0, 0x0, 0x0)
r5 = fsmount(r4, 0x0, 0x0)
r6 = openat$cgroup(r5, &(0x7f0000000100)='syz0\x00', 0x200002, 0x0)
r7 = openat$cgroup_subtree(r6, &(0x7f0000000000), 0x2, 0x0)
write$cgroup_subtree(r7, &(0x7f0000000040)={[{0x2b, 'cpuset'}]}, 0x8)
openat$nci(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
sendmsg$IPVS_CMD_SET_INFO(r0, &(0x7f0000000b00)={0x0, 0x0, &(0x7f0000000ac0)={0x0, 0x14}}, 0x0)
getsockname$packet(r0, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)

9m25.213246053s ago: executing program 3 (id=6):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8e}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x0, 0x0)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0/file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
poll(0x0, 0x0, 0x5)
r3 = bpf$MAP_CREATE(0x0, 0x0, 0x48)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000002c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000100000000000000fe00181100", @ANYRES32=r3, @ANYBLOB="0000000000000000b708000000000e007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000002085000000010000"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x28, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000280)='kmem_cache_free\x00', r4, 0x0, 0xfffffffffffffffc}, 0x18)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000780)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x20, 0x7ffc1ffb}]})
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='sched_switch\x00'}, 0x10)
fsopen(&(0x7f0000000100)='configfs\x00', 0x0)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000380), 0xffffffffffffffff)

9m23.103916905s ago: executing program 3 (id=8):
socket$netlink(0x10, 0x3, 0x0)
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
close(r0)
socket$inet6_mptcp(0xa, 0x1, 0x106)
bind$inet6(r0, &(0x7f0000000040)={0xa, 0x4e22, 0x0, @empty}, 0x1c)
socket$inet(0x2, 0x3, 0x1)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20020008008f}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000002100)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f0000000180)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
openat$comedi(0xffffffffffffff9c, &(0x7f0000000040)='/dev/comedi4\x00', 0x181001, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f00000002c0)=0x4)
r4 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0xb, &(0x7f0000000380)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020000000000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000300)='rcu_utilization\x00', r4}, 0x10)
open_by_handle_at(r4, 0x0, 0x60380)
r5 = openat$ttyS3(0xffffffffffffff9c, &(0x7f00000001c0), 0x680, 0x0)
ioctl$TIOCSSOFTCAR(r5, 0x5453, 0x0)
ioctl$TIOCMGET(r5, 0x5415, 0x0)
listen(r0, 0x9)
r6 = socket$inet_mptcp(0x2, 0x1, 0x106)
connect$inet(r6, &(0x7f0000000000)={0x2, 0x4e22, @empty}, 0x10)
preadv(0xffffffffffffffff, &(0x7f0000000240)=[{&(0x7f0000002140)=""/102386, 0x18ff2}], 0x1, 0x2, 0x0)
r7 = syz_open_dev$vbi(&(0x7f0000000000), 0x1, 0x2)
ioctl$VIDIOC_CREATE_BUFS(r7, 0xc100565c, &(0x7f00000013c0)={0x3, 0x2, 0x2, {0x5, @vbi={0xb5, 0x4, 0x3, 0x0, [0x0, 0x18000000], [0x8200, 0x1]}}, 0xe})

9m21.318048685s ago: executing program 3 (id=10):
socket$nl_generic(0x10, 0x3, 0x10)
r0 = socket$inet(0x2b, 0x801, 0x0)
ioctl$int_in(0xffffffffffffffff, 0x5452, &(0x7f0000000080)=0x9)
poll(&(0x7f0000000000)=[{r0, 0x4000}], 0x1, 0xff16)
r1 = syz_open_dev$video(&(0x7f0000000440), 0x8, 0x0)
ioctl$VIDIOC_S_SELECTION(r1, 0xc040565f, &(0x7f0000000940)={0xa, 0x100, 0x1, {0x6, 0x1000, 0x4, 0x868}})
socket$netlink(0x10, 0x3, 0x1)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r2, &(0x7f000000c2c0)={0x0, 0x0, 0x0}, 0x0)
sendmsg$NFT_BATCH(r2, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x5, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000100)=0x2)
sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r3, &(0x7f0000002000)=""/102400, 0x19000)
getpid()
r4 = openat$ptmx(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$TCSETS(r4, 0x40045431, 0x0)
sendmsg$IPSET_CMD_CREATE(r2, 0x0, 0x20040442)
r5 = socket$inet6_mptcp(0xa, 0x1, 0x106)
setsockopt$inet6_tcp_TCP_CONGESTION(r5, 0x6, 0xd, &(0x7f00000000c0)='dctcp\x00', 0x6)
bind$inet6(r5, &(0x7f0000000000)={0xa, 0x3, 0x0, @loopback}, 0x1c)
connect$inet6(r5, &(0x7f0000000040)={0xa, 0x3, 0x0, @loopback}, 0x1c)

9m13.567940771s ago: executing program 3 (id=15):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
close(r0)
socket$inet6_mptcp(0xa, 0x1, 0x106)
bind$inet6(r0, &(0x7f0000000040)={0xa, 0x4e22, 0x0, @empty}, 0x1c)
socket$inet(0x2, 0x3, 0x1)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20020008008f}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000002100)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f0000000180)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r4 = openat$comedi(0xffffffffffffff9c, &(0x7f0000000040)='/dev/comedi4\x00', 0x181001, 0x0)
ioctl$COMEDI_INSN(r4, 0x8028640c, &(0x7f0000000080)={0xc000003, 0xf, &(0x7f0000000580)=[0x1a, 0x4, 0x11, 0xffff, 0x9, 0x1ed, 0x2, 0x3, 0x1, 0x4, 0x70, 0x2, 0xfffffff7, 0x1ac, 0xfffffff8], 0x0, 0x4})
sched_setscheduler(0x0, 0x1, &(0x7f00000002c0)=0x4)
r5 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0xb, 0x0, &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000300)='rcu_utilization\x00', r5}, 0x10)
open_by_handle_at(r5, &(0x7f0000000340)=ANY=[@ANYBLOB], 0x60380)
r6 = openat$ttyS3(0xffffffffffffff9c, &(0x7f00000001c0), 0x680, 0x0)
ioctl$TIOCSSOFTCAR(r6, 0x5453, 0x0)
ioctl$TIOCMGET(r6, 0x5415, 0x0)
listen(r0, 0x9)
r7 = socket$inet_mptcp(0x2, 0x1, 0x106)
connect$inet(r7, &(0x7f0000000000)={0x2, 0x4e22, @empty}, 0x10)
preadv(0xffffffffffffffff, &(0x7f0000000240)=[{0x0}], 0x1, 0x2, 0x0)
r8 = syz_open_dev$vbi(&(0x7f0000000000), 0x1, 0x2)
ioctl$VIDIOC_CREATE_BUFS(r8, 0xc100565c, &(0x7f00000013c0)={0x3, 0x2, 0x2, {0x5, @vbi={0xb5, 0x4, 0x3, 0x0, [0x0, 0x18000000], [0x8200, 0x1]}}, 0xe})

9m12.310454552s ago: executing program 3 (id=17):
prlimit64(0x0, 0xe, &(0x7f00000007c0)={0x8, 0x88}, 0x0)
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x19, 0x4, 0x8, 0x208}, 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, &(0x7f00000002c0)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000002007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000001000000850000000700000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000600)={&(0x7f00000005c0)='sys_enter\x00', r1}, 0x10)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000280)={{r0, <r2=>0xffffffffffffffff}, &(0x7f0000000080), &(0x7f0000000200)=r1}, 0x20)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000340)={{r2}, &(0x7f0000000180)=0x20000, &(0x7f00000001c0)=r1}, 0x20)
bpf$BPF_BTF_LOAD(0x12, 0x0, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
syz_open_dev$MSR(0x0, 0x7, 0x0)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
r3 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r3, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
socket$nl_route(0x10, 0x3, 0x0)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$wireguard(&(0x7f0000000040), 0xffffffffffffffff)
ioctl$ifreq_SIOCGIFINDEX_wireguard(r4, 0x8933, &(0x7f0000000080)={'wg2\x00', <r6=>0x0})
sendmsg$WG_CMD_SET_DEVICE(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000580)=ANY=[@ANYBLOB="48020000", @ANYRES16=r5, @ANYBLOB="010000000000000000000100000024000300a05ca84f6c9c8e3853e2fd7a70ae0fb20fa152600cb00845174f08076f8d78430800050000000000f80108808c000080200004000a00000000000000fe800000000000000000000000000000000000001400040002000000e0000001000000000000000024000100dbffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff200004000a00000000000000fe880000000000000000000000000001000000000800030000000000060005000000000068010080fc00098070000080060001000200000008000200ac1414bb0500030000000000060001000a0000004c000200ff0100000000000000000000000000010500030000000000060001000200000008000200000000000500030000000000060001000200000008000200ac141400050003000000000088000080060001000200000008000200e00000020500030000000000060001000a00000014000200fc0100000000000000000000000000000500030000000000060001000a00000014000200fe8000000000000000000000000000002f00030000000000060001000a0000001400020000000000000000000000ffffac1414000500030000000000240002002767b524f45e9dfaf001c414581741c92349c3b6661d9864680582bd184ef1a6200004000a00000000000000fc0100000000000000000000000000010000000024000100dbffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff080007000000000008000100", @ANYRES32=r6], 0x248}}, 0x0)
clock_gettime(0x0, 0x0)
pselect6(0x40, &(0x7f00000001c0)={0x3ffc0, 0x1656, 0x401, 0x5, 0xfffffffffffffff7, 0x7, 0x8d1, 0x3}, &(0x7f0000000200)={0xb66, 0x9, 0x3, 0x401, 0x4, 0x5b9d, 0x5, 0x4}, 0x0, 0x0, &(0x7f0000000480)={&(0x7f0000000440)={[0x4]}, 0x8})
r7 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
sendmsg$netlink(r7, &(0x7f0000000040)={0x0, 0x2f, &(0x7f0000002580)=[{&(0x7f0000000000)=ANY=[@ANYBLOB="140000002500010000000000f100000006"], 0x14}], 0x1, 0x0, 0x0, 0x400048c0}, 0x0)
madvise(&(0x7f0000ff9000/0x4000)=nil, 0x4000, 0x4)

8m57.081331852s ago: executing program 32 (id=17):
prlimit64(0x0, 0xe, &(0x7f00000007c0)={0x8, 0x88}, 0x0)
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x19, 0x4, 0x8, 0x208}, 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, &(0x7f00000002c0)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000002007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000001000000850000000700000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000600)={&(0x7f00000005c0)='sys_enter\x00', r1}, 0x10)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000280)={{r0, <r2=>0xffffffffffffffff}, &(0x7f0000000080), &(0x7f0000000200)=r1}, 0x20)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000340)={{r2}, &(0x7f0000000180)=0x20000, &(0x7f00000001c0)=r1}, 0x20)
bpf$BPF_BTF_LOAD(0x12, 0x0, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
syz_open_dev$MSR(0x0, 0x7, 0x0)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
r3 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r3, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
socket$nl_route(0x10, 0x3, 0x0)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$wireguard(&(0x7f0000000040), 0xffffffffffffffff)
ioctl$ifreq_SIOCGIFINDEX_wireguard(r4, 0x8933, &(0x7f0000000080)={'wg2\x00', <r6=>0x0})
sendmsg$WG_CMD_SET_DEVICE(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000580)=ANY=[@ANYBLOB="48020000", @ANYRES16=r5, @ANYBLOB="010000000000000000000100000024000300a05ca84f6c9c8e3853e2fd7a70ae0fb20fa152600cb00845174f08076f8d78430800050000000000f80108808c000080200004000a00000000000000fe800000000000000000000000000000000000001400040002000000e0000001000000000000000024000100dbffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff200004000a00000000000000fe880000000000000000000000000001000000000800030000000000060005000000000068010080fc00098070000080060001000200000008000200ac1414bb0500030000000000060001000a0000004c000200ff0100000000000000000000000000010500030000000000060001000200000008000200000000000500030000000000060001000200000008000200ac141400050003000000000088000080060001000200000008000200e00000020500030000000000060001000a00000014000200fc0100000000000000000000000000000500030000000000060001000a00000014000200fe8000000000000000000000000000002f00030000000000060001000a0000001400020000000000000000000000ffffac1414000500030000000000240002002767b524f45e9dfaf001c414581741c92349c3b6661d9864680582bd184ef1a6200004000a00000000000000fc0100000000000000000000000000010000000024000100dbffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff080007000000000008000100", @ANYRES32=r6], 0x248}}, 0x0)
clock_gettime(0x0, 0x0)
pselect6(0x40, &(0x7f00000001c0)={0x3ffc0, 0x1656, 0x401, 0x5, 0xfffffffffffffff7, 0x7, 0x8d1, 0x3}, &(0x7f0000000200)={0xb66, 0x9, 0x3, 0x401, 0x4, 0x5b9d, 0x5, 0x4}, 0x0, 0x0, &(0x7f0000000480)={&(0x7f0000000440)={[0x4]}, 0x8})
r7 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
sendmsg$netlink(r7, &(0x7f0000000040)={0x0, 0x2f, &(0x7f0000002580)=[{&(0x7f0000000000)=ANY=[@ANYBLOB="140000002500010000000000f100000006"], 0x14}], 0x1, 0x0, 0x0, 0x400048c0}, 0x0)
madvise(&(0x7f0000ff9000/0x4000)=nil, 0x4000, 0x4)

12.569231701s ago: executing program 4 (id=1093):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeed, 0x8031, 0xffffffffffffffff, 0xf6d0d000)
mremap(&(0x7f0000000000/0x9000)=nil, 0x600002, 0x600002, 0x7, &(0x7f0000a00000/0x600000)=nil)
munmap(&(0x7f0000002000/0x1000)=nil, 0x1000)
setsockopt$SO_TIMESTAMP(0xffffffffffffffff, 0x1, 0x3f, 0x0, 0x0)

12.311182692s ago: executing program 0 (id=1094):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20008b}, 0x0)
prlimit64(0x0, 0xe, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000180)=0x1400200bce)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x1)
r0 = syz_open_dev$MSR(&(0x7f0000000200), 0x0, 0x0)
read$msr(r0, &(0x7f0000002700)=""/102392, 0x18ff8)
write$cgroup_subtree(0xffffffffffffffff, &(0x7f00000002c0)=ANY=[], 0x6)
r1 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$UI_SET_EVBIT(r1, 0x40045564, 0x1)
ioctl$UI_SET_EVBIT(r1, 0x40045564, 0x5)
r2 = socket(0x1e, 0x4, 0x0)
setsockopt$packet_tx_ring(r2, 0x10f, 0x87, &(0x7f0000000140)=@req3={0x7813, 0x3, 0x0, 0x81, 0x1ff, 0x1, 0x1}, 0x1c)
recvmmsg$unix(r2, &(0x7f0000002240)=[{{0x0, 0x0, &(0x7f0000000840)=[{&(0x7f0000000940)=""/4096, 0x1000}], 0x1}}, {{0x0, 0x0, &(0x7f0000000380)=[{&(0x7f0000003100)=""/4096, 0x1000}], 0x1}}], 0x2, 0x400000a0, 0x0)
sendmmsg(r2, &(0x7f00000030c0)=[{{0x0, 0xa9cc7003, &(0x7f0000000400)=[{&(0x7f00000000c0)="ee", 0x101d0}], 0x1}}], 0x400000000000181, 0x9200000000000000)

11.124159671s ago: executing program 4 (id=1098):
socket$rxrpc(0x21, 0x2, 0xa)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
r1 = syz_open_dev$media(&(0x7f0000000080), 0x10001, 0x0)
ioctl$MEDIA_IOC_REQUEST_ALLOC(r1, 0x80047c05, 0x0)
writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
r2 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000080), 0x121001, 0x0)
ioctl$TUNSETOFFLOAD(r2, 0xc004743e, 0x110e22fff6)
socket$xdp(0x2c, 0x3, 0x0)
pselect6(0x40, &(0x7f00000001c0)={0x0, 0x0, 0x9, 0xfffffffffffffffd, 0x0, 0xfffffffffffffffe}, 0x0, &(0x7f00000002c0)={0x3fe, 0x5, 0x3, 0x9, 0x8, 0x45ff, 0x7ffffffc, 0x40000000000}, 0x0, 0x0)

10.583189806s ago: executing program 2 (id=1099):
socket$packet(0x11, 0x3, 0x300)
bpf$PROG_LOAD(0x5, &(0x7f0000001000)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x20, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x9, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000240)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e21}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="07000000040000000800000001"], 0x48)
r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x8, &(0x7f0000000740)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r3, @ANYBLOB="0000000000000000b703000000030000850000001b000000b70000000000000095"], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f0000000080)='sched_switch\x00', r4}, 0x18)
fcntl$lock(0xffffffffffffffff, 0x26, &(0x7f0000000000)={0x1})
syz_open_procfs(0x0, 0x0)
r5 = socket(0x10, 0x2, 0x0)
ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(r5, 0x89f1, &(0x7f0000000000)={'ip6tnl0\x00', &(0x7f0000000080)={'syztnl2\x00', 0x0, 0x0, 0x8, 0xc, 0xffffff97, 0x11, @local, @loopback={0x12, 0x460c6}, 0x8, 0x0, 0x1, 0xfffffffc}})
sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0xc806, 0x0, 0x0)
r6 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route(r6, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000380)=ANY=[@ANYBLOB], 0x40}, 0x1, 0x0, 0x0, 0x44000}, 0x54)
bpf$MAP_CREATE(0x0, 0x0, 0x50)
ioctl$SNDRV_TIMER_IOCTL_SELECT(0xffffffffffffffff, 0x40345410, &(0x7f00000083c0)={{0x1}})

10.04486992s ago: executing program 1 (id=1100):
socket$inet6(0xa, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0xfffffffffffff7fe}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000100)=0x5)
socketpair(0x1, 0x100000005, 0x0, &(0x7f0000000000))
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$MSR(&(0x7f00000007c0), 0x0, 0x0)
read$msr(r0, &(0x7f00000270c0)=""/102368, 0x18fe0)
r1 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0)
syz_open_dev$I2C(0x0, 0x0, 0x0)
pselect6(0x40, &(0x7f00000001c0)={0x8, 0x9, 0xeeb5, 0x1, 0x8, 0x6, 0x400, 0x7fffffffffffffff}, &(0x7f0000000200)={0x80000001, 0x200, 0x9, 0x4, 0x34e, 0x1, 0x4, 0xffffffff}, &(0x7f0000000240)={0x9, 0x3, 0xc1f6, 0x4, 0x7, 0x9, 0x6, 0x4}, 0x0, &(0x7f0000000340)={&(0x7f0000000300)={[0xfbd]}, 0x8})
setsockopt$netlink_NETLINK_ADD_MEMBERSHIP(0xffffffffffffffff, 0x10e, 0x1, &(0x7f0000000400)=0x1, 0x4)
r2 = socket$inet6(0xa, 0x1, 0x0)
setsockopt$inet6_IPV6_XFRM_POLICY(r2, 0x29, 0x23, &(0x7f0000000040)={{{@in=@multicast1, @in6=@mcast2, 0x4e25, 0x0, 0x0, 0x0, 0x2}, {0x2, 0x53, 0xfff, 0x8, 0xfffffffffffffffc, 0x1e6, 0x2, 0x8004}, {0x7ffffffffffffffe, 0x0, 0xfffffffffffffffe, 0x5}, 0x0, 0x0, 0x1, 0x0, 0x1, 0x2}, {{@in6=@private0, 0x0, 0x32}, 0xa, @in6=@private2={0xfc, 0x2, '\x00', 0x1}, 0x1, 0x4, 0x2, 0x0, 0x2, 0x2, 0x9}}, 0xe8)
connect$inet6(r2, &(0x7f0000000000)={0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @dev}}, 0x1c)
r3 = openat$ptmx(0xffffffffffffff9c, 0x0, 0x8002, 0x0)
ioctl$TIOCSETD(r3, 0x5423, &(0x7f0000000000)=0x15)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000780)={r1, 0x0, 0x0}, 0x10)
r4 = openat$fb0(0xffffffffffffff9c, &(0x7f0000000000), 0x180300, 0x0)
ioctl$FBIOPUT_VSCREENINFO(r4, 0x4601, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0xe, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB], 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sk_skb=0x26}, 0x94)
setsockopt$ax25_SO_BINDTODEVICE(0xffffffffffffffff, 0x101, 0x19, &(0x7f0000000180)=@netrom={'nr', 0x0}, 0x10)
mq_open(&(0x7f0000000580)='!\x7f\x00\xca\x00\x00\x00\f\x00vt\x00\x01E!\x05\x99\xb7|`', 0x40, 0x31, &(0x7f0000000480)={0x18, 0x3, 0x7, 0x200000004})
ioctl$FS_IOC_GETFLAGS(r0, 0x80086601, 0x0)

8.545288368s ago: executing program 1 (id=1101):
bpf$MAP_CREATE(0x0, 0x0, 0x48)
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000380)=ANY=[@ANYBLOB="4c00000002060108000034e40000000000000000050001000600000005000400000000000900020073797a3100000080050005000200000011000300686173683a69702c706f7274"], 0x4c}}, 0x2)
sendmsg$IPSET_CMD_ADD(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000300)={0x54, 0x9, 0x6, 0x201, 0x0, 0x0, {0x2}, [@IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_DATA={0x2c, 0x7, 0x0, 0x1, [@IPSET_ATTR_IP={0xc, 0x1, 0x0, 0x1, @IPSET_ATTR_IPADDR_IPV4={0x8, 0x1, 0x1, 0x0, @broadcast}}, @IPSET_ATTR_PROTO={0x5, 0x7, 0x84}, @IPSET_ATTR_PORT={0x6, 0x4, 0x1, 0x0, 0x4e22}, @IPSET_ATTR_IP_TO={0xc, 0x2, 0x0, 0x1, @IPSET_ATTR_IPADDR_IPV4={0x8, 0x1, 0x1, 0x0, @loopback}}]}]}, 0x54}, 0x1, 0x0, 0x0, 0x10000082}, 0x80)

8.497544585s ago: executing program 2 (id=1102):
ioctl$SIOCSIFMTU(0xffffffffffffffff, 0x541b, 0x0)
mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x0, 0x50, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0)
fsetxattr$security_capability(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x1)
madvise(&(0x7f0000a93000/0x4000)=nil, 0x4000, 0x80000000e)
mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil)
mlock(&(0x7f0000000000/0x800000)=nil, 0x800000)
mremap(&(0x7f000054e000/0x1000)=nil, 0x1000, 0x3000, 0x3, &(0x7f000022c000/0x3000)=nil)
r2 = syz_open_dev$sg(&(0x7f00000060c0), 0x0, 0x0)
ioctl$SG_IO(r2, 0x2285, &(0x7f00000033c0)={0x53, 0x0, 0x88, 0xfa, @scatter={0x0, 0x0, 0x0}, &(0x7f0000001200)="000000000000f00cce65ecf1d5f5b6ba14c3fd07970f1df0fe9b07b4732b28468712d34340ac59660fe1af6196d88720970262b765f618142cb7c67d9f0ffb60d22ef237cf28f20eca87c8a69e4ecbd142b9a9e1a6c3bec1587ff1bc19fc59c0f7e98277e52791c8e86d284442b64c5ce9a73fc85f92e4c8a3970584bae3f37bb2fde86d122e6e76", &(0x7f00000001c0)=""/4095, 0x0, 0x0, 0x800000, 0x0})
io_uring_enter(0xffffffffffffffff, 0xeb6, 0x26f7, 0x1c, &(0x7f0000000100)={[0x1]}, 0x8)
remap_file_pages(&(0x7f0000800000/0x800000)=nil, 0x800000, 0x0, 0x0, 0x0)
setsockopt$MRT6_INIT(0xffffffffffffffff, 0x29, 0xc8, &(0x7f00000011c0), 0x4)
bpf$PROG_LOAD(0x5, &(0x7f00000054c0)={0x4, 0x16, &(0x7f0000000180)=ANY=[@ANYBLOB="611230000000000061134c0000000000bf2000000000000015000200071b1750bd030100000000009500000000000000bc26080000000000bf67000000000000070300000fff0700670200000300000016060a000ee600f0bf050000000000000f650000000000006507f4ff02000000070700004c0040001f75000000000000bf54000000000000070500000300f9ffad430100000000009500000000000000050000000000000095000000000000004d9bd591d568253e9988431ec068e3a82983d58719d72183f2cb7f43dd55788be820b236dcb695dbfd737cbf719506d2d6b05fe7030586"], &(0x7f0000000100)='GPL\x00'}, 0x48)
socket$nl_xfrm(0x10, 0x3, 0x6)
ioctl$TIOCGSID(0xffffffffffffffff, 0x5429, &(0x7f0000000000)=<r3=>0x0)
sched_getattr(r3, &(0x7f0000000040)={0x38}, 0x38, 0x0)
setsockopt$MRT6_INIT(0xffffffffffffffff, 0x29, 0xc8, &(0x7f0000000340), 0x4)
r4 = openat(0xffffffffffffff9c, &(0x7f0000000200)='./cgroup\x00', 0x0, 0x0)
getdents64(r4, 0x0, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000080)=ANY=[@ANYBLOB="4800000000370400000000fdffffff000000", @ANYRES32, @ANYBLOB="0b32050000000000280012800e0001006970366772657461700000001400028008000400eb720000060010004e230000"], 0x48}, 0x1, 0x0, 0x0, 0x48800}, 0x4000010)
io_uring_setup(0x37ae, &(0x7f00000003c0)={0x0, 0x800000, 0x0, 0x2, 0x22a})

8.349971773s ago: executing program 4 (id=1103):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
bind$inet6(r0, &(0x7f0000d84000)={0xa, 0x2, 0x0, @loopback, 0x7}, 0x1c)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sendmsg(r2, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x8000)
syz_genetlink_get_family_id$l2tp(&(0x7f0000000080), 0xffffffffffffffff)
setsockopt$inet6_tcp_int(r0, 0x6, 0x2000000000000022, &(0x7f0000000200)=0x1, 0x4)
sendto$inet6(r0, &(0x7f0000000040), 0x0, 0x20000045, &(0x7f00000001c0)={0xa, 0x2, 0x396, @empty}, 0x1c)
pipe(&(0x7f0000000040)={0xffffffffffffffff, <r3=>0xffffffffffffffff})
fcntl$setstatus(r3, 0x4, 0x42800)
close(0x3)
r4 = socket$alg(0x26, 0x5, 0x0)
setsockopt$ALG_SET_KEY(r4, 0x117, 0x1, &(0x7f0000002300)="8332dc80f0d9e1551a26bddb19fafb8b59c1c47a41aaca2c34765a0f4c00c2ca59f37acb52d527f6e8ec616edb24c090a772e78e5d82994bee32c4da07a75bcd44fbfb9a34db358def5dd0b6aaa0bf6e13dc2190871cb8db948f1fbe55289560247c5dc4a45d63a06d90bdfcec9ed20e4f977d9f452153c842e9330c799c3bb623ffeb21116a62f527f36c4ccb34d8b71a6a2be00131deb6fcec097b8098cdf4767a39feddf014c223464e98a22b2275c2b7356853d7ae171e29ff77d3ec5641bca482d2e8191cfaa55c54839a833822e77c44d3bd3dd5a9d5dd3c71c21b1bb449a4bec50fb0c68f227257caaa7eb894a669e3942e345e204daa13aed5cfaede408bce81a192a1c7331aa9b651f127856677d69d326f2b0aee016dde112ee0ce55d0e4e6a37cb0e5ef8005476a977b7a2bacd9ac844f10d1518e6c2cdb4f4a60f59131f6dc200c7acfb031e578e25ccdba4280911faf559ed337605079f68cb7ad450f1a8965493103a0d5921e18c1ae0b6caf99f4e4672c5464f3e28dfc0b3392b4e062594c9a21866f85f18634f5d89a037703ac337156cb98eae7fac8e22e118b8c2b6470a0b4cba046cac7b0a794c96a38f83fbe1230535433a225a9326cfaf398a7a453feed4cc88b6fd9b8287b3dbf742f0c1c672e07be41185a791e3400b6c09ba8b1ba249f07f726496f48f9fef2df32a9051bf1693b59f3268e7496905a5df6bc2314d10c73ee2d283ca795b4d6b6da4839ab18bf5540031316d2bd6f41e51d32b1bc2ca0e9688ee45cc4f217dadb07f9508ee0a3bf16db4e453b9394cb9f8f04f1ab8653b87193157f06f698f0774bf3b992d904235a4fe9d72ddfff96c3706b01046fc490137a4b7482e57871c051c554927ea75eaf2292e0e31ba28638016f1bda4f18b5d2ce074e8db2a679433de4f39789534a4a8c99e10139d4959eabdee2c061b49b4e9487ba36f50b321b13481d4c3444ea5e9cf25d11cc11272edd56a25e7fc011502040f7b881037793ddc9f71b40d780d4050c146e4b7b29e085996e128f21730a0c4d3330399f2b97c1cd8668b611a88377bf1664be7438f0bc22bec73e37b8d3fc1f4804364dc6c2b0cd6b3b32fb0bebc21a7e7d633a36a89ef46433507513d8da864c38b93ab415a25b075a9109dc5b2aaaff100d97d5a0ebb7bfdfb152fb8ac05907dae1fc785fcdc46212f83066664663c45e4682667118dd9480c6f4add9ab40105c9357d533f5df960cf370326f25a82c43d7b65d5863cd763a81feada619b90e5b0ec77b32bd517fed2cde85e2ad1e51af8244d8701f5ef06d67398530c26ff6aebb7c5426be5a3380939915ecc88b1472e33b1a4da579924f4fd4197c7db5b40c1c38c0c123c1bdcfb3e3b3f3de1d4b2a4a36e3daec2a6319a2b05d725a3901ed084ff22c8db80bc4dd270c5a05d52f6141c42b56fc326d3b335757724b2866ab2e29ad312f7a34ee1b926b5af8a651b4fe2ae66d6704cb5887fb867bc47a42f9ba23ae66b4ba5c933b0fb62c3253a5813870fa4fbd54152cf9990103a49af2f90fff760749f1d2b049ecaceeb04fce9d6a3c596e1cf0d8341e6c1f948f830a59121c3841b95289ad401b35b0edc212ceccd53cf366a69cc2adddd8c053826c1e5ab1926451b45b56de411589f55ef4a1f0d9670b36aefd0640e54f18f82c24484773bb2363d9f0ca728a93d4199a9dd6ae523fc492c05fa24524ad8f383d0df9ea55fb6c13fa0b10f6ae833c0f5d98cfaea271c2303f9c0de869b582fa2caafed0c47921bedfc1ed6cedfaea0c3c3b3bc19eee9e0a6f796d787976a0e2bf0b246c74e03e9f197ea27f1eb6f465a93a32bc56588a87d2d9b3af2ce38b9bf05fd3b876bdc4375e200c3008cf8b88d9e98e74e30434ff22cdebb5af19c3796584de206407bc1c44bccc3ea21d79c2bbfeb16e48f0322907b911e802bfa90df95305eb31ff0a3c872c0b2f2a57e1ae0e006e9448c4d6361e85da2253f3103739fbcc0980eade4e6e012ecc8a39026a53927ab630517d1c10940da9dacbd5e3fc39d69e683934d099c1f536a74c967bbc8a6acaaee4d401f759b6bf1f643f152af6312d848535a429cd53137794d2386580e5b048ad5f3989348d0fa4559df61eb9a6972ad52e14b02cc9eb6d4c63a14cdc2d43a834997faf4d2826f11dbd5a02ebf7b816c5acf93eef0d068e663e2cf631ef6087c185b83168ce76999b33a919b5566b7d177c4c45a18d97631fc2a9e71aaa099b50aaef9a77c2bc8e7a2ac589c7f2de671091ec0be7ab13c10a1e98a8c7c5a34bbb03ee8a80f024961568a228662ddb1b791fad5ef6d4a4535db8505fae512fd29f660e08e0b406b6a61c5cf008ba9243ae799192b1c1e9d8802663ddbb343c04d0a832649afbc8ce8ddd9d5d4da27a2c379b6feec1ddf956c87b24b29aa413f7d75625a9cddf61553bdb1986169d8702f09e268aa499d1f4d0510228f9c2066977ebdc41eb7a31eb38e754a584db9642acff1395e013ce242e4afceabfaa80fe360cdd11b66dae3b854490c59523a0ffcc98726f7ac0b3bac63757f7d89949f7db576d58e13531b41d9f7b3af01c455cf3d580c3415f7dfad5aa9141e864f9dc3f48bbe8528af64de51aef54e5eb6e83bc0f8ab087e4afb778866601c48890cc051b00667960248962ecdea4cd3339838a5a1c6d2c000eda8a7a11dc5b238333a501f18612a50088dff8a8af3366c8ed96d6c42e1510bcd6412ef5457f7c9e9677ae9c5e7d6670039cf98ce7bbdb9843c0ecedef31d99de5474f999b0ebbea6a5f61a32800a9dfb9ffd67477b785d5120214dd51b4fd0ab937e9e919f5aae54cd926bcac65c7edc504088bfdf40243f148c65ade6fb8046aeea23be71f3a0be8c0c810a7a289ed9afa124735c15e12ba3206a59e07ec15fad101011b305fd285d3cd8fcc263ae017f9dc614e28051ecf2d7f803aacf4adc6865504fc1fa064f3bc2c5fb5505003d297cbc94ae87f8fce0b54f8e8b13ef742b08767cb812994a31c3bbfd7d9aed6cc75d28951f87c9f5579fe59f0737fee8bc88ee310932dbafb09438b853ba299aa0d3394c733c6a09bb0f2469314a908204a88e0c3593c01189885703cf1d29f370007b7bc385de4af2863ba840990277a2134a153ad5f275347af766edf556fb24dea7800c9e9d7648a0cc099fda4fc3d71503623c9e7577478101dbe05bbb3b0d593daf1d487ee94c56bb86e6e4e9f6deb68e546313006139a7a2bf4d9378691488bff8889996643842fb7d1859bdfb6161ec4e1d9d455ea1057b0737e694250d6eb8717b8b762c224fa583466f72eb068fb045a112f6f96bb09c06cb4dde0e5addbfb88d7b6e311f2d0c13fc81f75321c93b688f5687ec5dbe865ae56607a7d87414cfcee2228613b8fab39978c689d03cdca61eb42747aade6573a26a5340c2a44c9d32cd88aadd08906cde4b89d6f559f757c2c2ca3e0e36bda991d0af6ee3b39dcc6afc8c0be282236f820a08a17be67087c45c82aeaca29c933e42e198a6700d86e86e6e2b2ae641da36eee30fa2d5fc6d3234c1d7d657c93d23efe2ddc351a00698992d5ee4a3d3f32cec291f5dfcad9596e731e654361ca36d5de513b677850a122c974c70088695cce771ccee0e1270e447404c6a42857b87a6555df8c8a967b66afe758feeda9647088227a3abf057cc29e033be8e1a7bdfb53bd33b8f4f8f95d5420b75c15e83024b847cf87e9c21ac2e39fa3da027864c9b5b96f4463c978e60723b0cc80866d9b6b5a4b7e885c7c5bc1a7fc2ecb5bd17477a36279651cf2670911a2f92d20032fd36bba622f40e97491cc46da303e571de88b353b1eea5dfcbbfbae34db548cd7144da675a2055eef446bddfae7fa0fa7f76dffea47b901f9e41ea3e923193db3d3bae2194a106c9c41e1ecf539e9584608983e2ec127f99ac3e7cd6fab0fa77b471e786515dd5aa68baa6d74bb7a30046ef992fc978711b7532246c9fde6d3c6fd59737008cbfd004a1dbc7677f649b13d296ab859e1f0f81bd88ed264c1555d77a2c62fc3ae6062be235f681babaf202439f70e14b1d903b032c9a7a14f150b9bc1a89b9e3b2a2a6368bb32870ac167ab4a8f5b87714cb4292623d392d4fd00a86bcf8d0845a34d3cf133087cf404d6debc3037059f1434be83ccf686ffc1c9a2280c5d7ec02d21d79fccacba99d4e10fb819965db7189f58a2be169c700777931aa8c9f2a7dfc67b80d6979a8aabed5191d4e7c19ff48017a5a76ca621919c0f9471cdb5a9a4436e5ecb89405e3fe2e7dfe426e21e3d4526efb276fc06cd11e377eddda33e53263da3cb394a442db272355ab241dc8d22664ad28fabb39bd18e86b7fa0514ccdae13ded6f9331ca02e087c174497652e4e3fdcb20931a6437e13857c97e2c043d15983d0a663700538a54d8e12f2c37f238ac6e9da84d7a71b21918c2e86e204d2215752b71d724f45dd72821ec3f5df49f2a69439ce3d83884792b718295b5c0b8efca4c2b4a4f635587f85a2484ab523495f021b2e1658df958f6f03c8162b337f96cad9e44fb1586d5e10056771d82428efce294ebbe8d29de400258777afb3efc7dc18e0039bc30025e0b926b8ee7e92b4d571d072617479d105c443efbb52813d372c777950940710ed6e9a710ae541058f8aa448d124da2421467cb93ce116dc9e3b45424b59c19b30cc7013b0e22ecd8a78ed71c42ff18abfdb7a0cbd18e4344ba89ba5a923e8e70ffb4070db1f884261089d0e49ebcc2a00b84b51394c5cff30509ec606cd0206618f078c7c825e307e91a0eb3487102b9eebf89d2c29da5212917d852e86b4516b04af925737068df7311449d214ed14731ece93fa8115ba1e03ae5951662ef328452738dd09947c22f0e80a7c7051cb7bb0884e7697694fe0bcd610289c7f0670aa2168512e500a10dfdb44f97d72f717f3b80a180ebfec184ec555369d8b939c773a52ca42162cf0f958c01e2280090675036b8cbd81c34ca4c22dd04d378d415fb5973b938f40a5a72894138324dcf8c9717c9e84e21bc13927e269dcb66389fcc7f6beb71d0846653bbcbb8d044e2a6b3a6c8b68ff88372313ac46ed4d3006c9cab20e27735afeadb1b576a27b05c25a8594a7c10c30e676fc8b2cc7ea1e9822ac2fb3a837845ef0cd7fe44e4bdfd0a57449e056cf01d512e47c0257dccb4faca4cac390c7035ccddb3aae16f22401cc416d406b05dd872a4dc477ea90f4591a73fce22a5dd7c35fb9e1c774eb9b9b1b157b1a369d65229670fd3321bdefde7e840771f16e532a65947d3b4a3dfb34f78c263a7285b2b12e421a8ad6eff505ebe997540ab54425d68c58ed7e3032abc5d2966e494ecaffa5ae5ef566a205bb4ebfc88ed60c93e", 0xef1)
r5 = fanotify_init(0x200, 0x0)
r6 = memfd_create(&(0x7f0000000180)='-B\xd5NI\xc5j\x9appp\xf0\b\x84\xa2m\x00\v\x18\x004\xa6Ey\xdb\xd1\xa7\xb1S\xf1:)\x00\xca\xd7Uw\x00\xbc\xfa2\xb3\xbb\x8d\xac\xac\xbe\xe1}knh#\xcf)\x0f\xc8\xc0\"\x9cc\x10d\xee\xa9\x8b\x06\x97k\xde\xc5\xe96\xddU)\xc98M\xcd\xfb\xcc\x82n=\x7f=\xcdJx\xaa\xcf~\xb90a\xa9\xb2\x04\x1d\xa1\xce\x8b\x19\xea\xef\xe3\x00\x00\x00\x00\x00\x00\x00\x00', 0x0)
r7 = dup(r6)
fanotify_mark(r5, 0x1, 0x48001059, r7, 0x0)
keyctl$read(0xb, 0x0, &(0x7f0000001300)=""/4096, 0xffffffffffffffd2)
setsockopt$inet6_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000300)='yeah\x00', 0x5)
unshare(0x68040200)
socket$nl_xfrm(0x10, 0x3, 0x6)
syz_usb_connect(0x1, 0x2d, &(0x7f0000000000)=ANY=[@ANYBLOB="1201000009a65d0860040800dee2010203010902", @ANYBLOB="94"], &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x1, [{0x0, 0x0}]})
r8 = socket$nl_sock_diag(0x10, 0x3, 0x4)
sendmsg$TCPDIAG_GETSOCK(r8, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000540)={0x50, 0x12, 0x335a7a0c1b413af7, 0x70bd24, 0x25dfdbfe, {0x11, 0x9, 0x81, 0xf, {0x4e22, 0x4e20, [0x5, 0x801c, 0x52], [0x8001, 0x1, 0xffff0bc4, 0x8], 0x0, [0x1, 0x2]}, 0x400, 0x3ff}, [@INET_DIAG_REQ_BYTECODE={0x4}]}, 0x50}, 0x1, 0x0, 0x0, 0x44}, 0x40000c0)

8.280450554s ago: executing program 5 (id=1104):
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
syz_open_procfs(0x0, 0x0)
r4 = syz_genetlink_get_family_id$netlbl_mgmt(&(0x7f0000000080), r0)
sendmsg$NLBL_MGMT_C_LISTALL(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000200)=ANY=[@ANYBLOB="14000000", @ANYRES16=r4, @ANYBLOB="030b28bd70f1ffdbdf2503"], 0x14}, 0x1, 0x0, 0x0, 0x4000}, 0x20040880)

8.153032307s ago: executing program 1 (id=1105):
openat$vcs(0xffffffffffffff9c, 0x0, 0x20000, 0x0)
openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000580)='/sys/kernel/debug/binder/state\x00', 0x0, 0x0)
prlimit64(0x0, 0xe, 0x0, 0x0)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000140)={0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2f, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)
sched_setscheduler(0x0, 0x1, &(0x7f0000000640)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x1, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x536, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r3 = syz_open_procfs$namespace(0x0, &(0x7f0000000080)='ns/mnt\x00')
ioctl$sock_inet6_SIOCSIFDSTADDR(0xffffffffffffffff, 0x8918, 0x0)
ioctl$VIDIOC_QUERYBUF(0xffffffffffffffff, 0xc0585609, &(0x7f00000005c0)=@multiplanar_mmap={0x81, 0x4, 0x4, 0x2000, 0x80, {}, {0x2, 0x2, 0x4, 0x7, 0x2, 0x4, "4360c0ba"}, 0x3, 0x1, {0x0}, 0x9})
ioctl$BTRFS_IOC_RM_DEV(r3, 0x5000940b, 0x0)
ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000040)=0x8)

7.888428863s ago: executing program 0 (id=1106):
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
set_mempolicy(0x8006, &(0x7f0000000040)=0xfff, 0x5)
mlock(&(0x7f0000000000/0x800000)=nil, 0x800000)

7.08575494s ago: executing program 5 (id=1107):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
ioctl$TUNSETSTEERINGEBPF(r0, 0x800454e0, 0x0)
r1 = socket(0x10, 0x3, 0x0)
bind$alg(0xffffffffffffffff, &(0x7f0000000380)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-cast5-avx\x00'}, 0x58)
setsockopt$ALG_SET_KEY(0xffffffffffffffff, 0x117, 0x1, 0x0, 0x0)
mmap(&(0x7f0000200000/0x4000)=nil, 0x4000, 0x200000c, 0x200000006c832, 0xffffffffffffffff, 0x0)
r2 = accept4(0xffffffffffffffff, 0x0, 0x0, 0x800)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x102}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r3 = getpid()
sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
connect$unix(r4, &(0x7f0000000180)=@abs={0x0, 0x0, 0x4e20}, 0x6e)
sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
sendmmsg$alg(r2, &(0x7f0000000040)=[{0x0, 0x0, 0x0, 0x0, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800)
recvmsg(r2, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x51}], 0x1}, 0x0)
ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(r1, 0x89f1, &(0x7f0000000280)={'ip6tnl0\x00', &(0x7f0000000900)={'syztnl2\x00', 0x0, 0x4, 0x7b, 0x9b, 0x9, 0x41, @remote, @local, 0x7800, 0x40, 0x7, 0xffffffff}})

5.164230481s ago: executing program 2 (id=1108):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeed, 0x8031, 0xffffffffffffffff, 0xf6d0d000)
mremap(&(0x7f0000000000/0x9000)=nil, 0x600002, 0x600002, 0x7, &(0x7f0000a00000/0x600000)=nil)
munmap(&(0x7f0000002000/0x1000)=nil, 0x1000)
setsockopt$SO_TIMESTAMP(0xffffffffffffffff, 0x1, 0x3f, 0x0, 0x0)

4.688595878s ago: executing program 2 (id=1109):
r0 = socket$inet(0x2, 0x4000000000000001, 0x0)
setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f00000004c0)=0x79, 0x4)
bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @local}, 0x10)
setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000140)={0x1, &(0x7f0000000280)=[{0x6, 0x0, 0x0, 0xe3}]}, 0x10)
sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10)
setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000100)='bbr\x00', 0x4)
sendmmsg$inet(r0, &(0x7f0000001e40)=[{{0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000180)="c96cae8b33b3e0d11e1bede3f06bd5e78ab39f58d542a60a7c688a151f9f77d722e174a40b2bbcaaf5524fdd36f95ef4957424bc3fce6d8b820e59a3052739e66a5679d916cd747d09ab6adbc1c58fcb5c9a3aafa1dc4c03f3ef49776197f0aacbb0ff51cbefae63b85907072e87e654131227c76a0e0cdca22d52116d788f88ce676fc975d50bb9e94d2dbbd09246734ff47bdff63593d5f777", 0x9a}, {&(0x7f0000000ac0)="89e4192d92359cb3ee294530ae76ad6dc4ff20cc3ccc9d41018dd482ad1f395d4e38bd22b6fcae05c49fbdfdf66ae2994f191e9222effcb97205d0aaed4b29919f9e3bab7fdb276ca29501903c98de0b0cc8afca563f94fe69b6927ae594d1b53ad9f4a9f9f5c84a518d37939c84a5bd15048115ac421e9c56866ab6f91b0e8181d8999dd86c0177a971a39bf35b38eb0504bf70c02cc307c62d6f06c80b146153ca56a182831696c8cf46d2b065744e6dd4415ceff773e8d3a45aacc4fd8972cbe77878ce48d531066ec9e4790196e4a17b08ea09d4d3febf6721a44390383c7261e9e09f20c23f95e9c04d3c10220f3962d98b2bd98d5c3e50169a4c0c99f29c7a336489c26259957c4bdeae1c8cdf60d817db09336f680bbe954dc05669c9d48cb0a0488ed2385d935a7166b3187189e08d421903d546126289651db812f9c8754c0dc6f24a22ca988a2ac131cc52d724bb086a53a94e515e09fef354e9ca0daacaa347e96b3efd7c5c4063f6eb0cf55f08ff942780e6846d78410057ca2b845e69eeda4066de60a033e2f3c7e47b2f0c0c4c7da98b1d658c620f70dbe6eb8b5dd90216caa82c91db4c0f7ea02df5d5f8d6815d2d7868e6a6053f31a4fbe8732a1310ca7a79814177a981e5ab68dfeba4fe46ed4c51819be1308f73455e311f511ce4360cc7c24836c9b895ee5ce93cc42dd88f02d91b479c1748339024343700cce897087bbaae4fbd8e2ad5da016265ef097043acaf87504dde24216c805b40cf4d6edf2ae6564182acdf06580dde3fb66ab01625ffadc22f1ac7b97b9dec871edd96e86af127be1ef27548917a49476ce87f1719173369caf69d35d25637f0514e3e06069877968eb874a1c1adc92e760670e42b6cccd2fe0a5f9c543a44b382befc422d4486416b6fabe2f11944a3f08cded6fad9e3304a202d1c58841a6ab78b28a4162db2671d9ea74ee6f3b33a282f42abc911e3245531a34f5567cfcaa1cf762677c9f61d3aa2c4d76210edf440bf53e816d008ab2ea29cf42de9b88442d6b2eec4fbf23f7d23eaab316335dfc2dc10f9148df0b83d92c3a94fb0b49365af5ba599a1ea8e6fc7aea8df9208795cbbdf0af04f5f08fc828cb347a6e9daddbe514675b31e5134c7dfbb060dfc632ad82141ddea4e77e6c63c1843ca6fc820558b7355bae86e106c2be9c9b500c5134ab62444a8423d596bfe0e3b2df47dabf5abe271ae947f4878132915332e4fcc5b81ad6f12570de44f0fdd6a96397acebf95421c88ff274365be770edd1bd1f69bc2d2883fa70fa68828bddcb98f90b0b77e28f9c4726e5b0c52fa6f30a8d57321dfd2f2678bbc6511f39019f49d7dde6f19adeac78e4064b8288f5b4ac7d8ca35f7f70dfb376f5f3af98f02e76e57e21a00bac677703c8e2169816f5cf6c4d1bf803e0b2987544eeeffd197bcc10fe1d9a7b826a6693dc8bb32f19f25a88a15c3dcd30e7f48f0cda06ca99152bd1c892735598c32c6098ae12ef493334be720cb0ba3c710954fe0a80c3dec255f194761e5e904262118307bb49901808f9ca1af58648e9d57ffb744fd4f1d01b5ccaeaa5231def3f800cb8341d9109d93e3871c395892f8ffe25d6d9a7faa7073fd9c3b3aac94c554dab9c35667eb49d5f0e47fd6bb41ca4b2f420b1e3915fa653aaf8d842cc4b0fec5011bd0ba372601fb7930ce98402d2e3d64f8422550a621fa23b128e66b6afe1a74dab2b53de22214844e53441ab7998d4ac3557cca9ffe4997c778243c943ca2de0b1deba8468a5fe3c0f1fa93a9a7bb5dbc3ec2058ac7ad4ffa64966bbd90a5f3f53de5c44af6e93f248471ca09cabe6e6c0a87586ff04a5a8cea539d049d82929277cfba7e46fddcdc0f4c2995def4ac27d65bde4bb88dbed3b9cf9eb9501273ca533da1220422f6585bfa77f5df5faaf3250349b514f44bfd55f106792bc7c766eddde2267a12888db542803efcf48357368880fa7771a2d962ae0bb14934a93d28a18da7d39ed6be7d1897e33d3ba0f6db99325a12f64670f22c762a395c9c6ef4e8ef15c0798465b1c9d406ed5731002a0ce72ca4adf125124046d5ac76b6782257587ff6ed55a55f98f8c377e36983b81c4b775cf0d41a9070cd1adeddf2083b635ae671f4e559990164e3a3e32a07c9faa438d73b1662e9eabf061703c7afb7adf2ae5f3acf2fcd57fef779f6b6e68656da61c8d45858d26f3858492e7797fb65d21f47ba805283f74fd473fcbd8b217ab628d62917dd96d5c49ad16d1616a946b8d4108a4d3f11c4f9260d9e01729beaf96231e6fb9d1181a1e032a71adde4c529f14029b728d163714e69f968340f7e2f9f420339bee64275474787d6b14cc9bbcbe1973cad7c29bfa1002adcb67b15c6edc01b00bca7823eb8fb6db7548fdd1ac1f7b3a69ed481c9cd2af0a09abd12e9a4e26e23d69790bdcd07b8da72da3ba97b0f2bc92a7da43845b70ae351f7ccc7cc7d92288f51f45e4d9d31a6bfeaa36621674170aad5d23a194921e81142505ec02020816a855eb162a9a5fefbc10121a534516be5fa2a17ed437cfb09d5085413a883ebf81538c2fd11edd0689bc339fc754d22ac9dec26d1e594f2cd14c605d069df81f876bf8c8b775108db76cac14088b9ea08d72a7f6c552e2954d8afd07f826085b2d67c828acb01943e576035f04c710a7f0edc8b6b9fa11325643d35193c9bb5a17c6e670ed0fc8be003c9fd769c1fe0480b10d7533cf3aeac0d2a157459a06af57d1ae20fb373f430f41c37cb0fb6745bb61f771e18a661dd58d9932eb543b0fb90dafbf495f1568e77a03864b66bfcd91918ceb9c28a1011fa5a3521ecb2042bd98955827a61480cf285739a6b5451a5a7e8d79b883e2782591dfe7817adb263d64bfc7375e68fdcf931661e39a48632335a659eb9daa52907a92dc55225767e2541ffc463faf51d612d874a01fe284b900dfc3ae07a718985e73a96ed4a67b31c6b0605afd89c2d306fac76c44f381bf9dba32f6ea259d1d51b02987b9e1bd3f39730976f1ddee002cb5d30ba518f5209d473fc8182e71a9531c1fec4a5caddef4734d49a16380f8a375c7cd4bced3999cb43da0b8d87ad5ab9f2d39fb4fc761ecfaaa9c0520a57f3c5fe25fea7df7bba7640f0aeb5e5901bee7f69b10a5485dc57ffa9c5328346a282cad3576d6b815e012865edfd25660ca63f7b67f029e31b8e601640983b5cdbb62616b9285f8054982a56ac5618c321b87234b66b10f827e6a1d3094093b75f73dff52cbe4b86e49f19266416804defe3d5488d5d7a1ec2f0276c57944c8064b1243df01c50f3225e87b7cf474becea28f905dd298e793fee5b996b86395c2cec08a1d85df43d855784502797e9de7d8f2fcd9745b9bd7aab3d4cd46d9e1ad3f6c137e9e78316fe0b8474146b27b3e857de06b3a64aa48bcbd185ea51eb83dece2e374be75167c915191a688ce34dd59008c65b56b463f82556bb2c1468fe771bfa7a8c8abcd4a09e3b00d7eaa7e207c34480858359b5f83d010cf143f43df050decbdabc8a636167c39e4ad957e883d79c066f0d0fe7f0c610f96178de2930091ddb9b483835f3f2e29c09ef454987f02a80b7241edd9b37a8dec9a1860ce0598481ea2ac6c7189f04b9796a1dec90f3a29438ddb9dc61e093ae18bba4f7ed28478cb48936943690aae9f668a647db99d210eff547297d78e0011817533d715ec365592ecf3662178ae4d8930992792b64204f8ac0cb8981caf936b674e210e4ad69711d78ed18df4af7267a96a6c300bb145c5f65a857fdd0e86e098888e170a2df05dbf1dab28706b1ff5bda716a18641b81b39b6ed3d01bc8f205b914bc8207cc159472ae3e9c55c55d86e53e1a7ab47519a85eb06bd135ab1eb6cbaaad64f3fed214d5628a6c39828ed95e896fb24fa370a49979aa963c5db583e8e21fe05470c35c46a8b334a11b87e92638e222ddbd9097be57059e9ba2ee1447380e8516292796a0d953db285793af32a1fa5fc2358b3fb0a21e1848caecfdb0c06e5bc6fa02a45f18dd8a4581ac3e21b09e2da3af7cde6c522296a6eb8232c481fe01b08b394f759cc2a7ce8d5731db74f6e49379d06a27f71c04ea93246b4a6806582091de9b11a56aa3a82f10b60463c6e62c3ac7ec3b3ade404ba28c73fbfa57e83dac30ad538706dfb59f2fb9f673b1db768009935530c90d21713839b7075d73ba3d7976f020c55721425fdce437a3ec4f9e12ce52ec5a7ce82a32fba0b934dbb19e5c9cbf5cbbef454916466ab3018c6ba6a41cb9612e5cf123d4795c3c579eea9a8bc20c638fc3b1a5ea99d0be7227a6b0c778c03fce09efce2ff0e79e54dc9d6a474d6b5ff5419f738c96f64efc53069bac804c981654e71a9a87ed23f2d92b9df216a2120ae1b693a344e534970a623607118c4fdeed84a6fa8a6752babb093ef7b5135f440432b0dac87b4c72298167af582c10d46b85982fde3dbbcd7a657ea496313f9621be64fe4257db5ca8ed596e98777286fe52c0eab4aef18b0d72e1c4fe8072cb8829420a32bbd6942af92da177d7d000e7e0ceb782f667d27440d0aed9c9b74754f1fa0441cb3132c29309c73a417aa2905158f9d4bef41b5155c1bb8abb6acba4730fa4c9a164b9f0ef0efec245165a8bd7b3539fcf4b24a36c708296f76be8340ef07faeeac655bcb96c4e2630df34aa8ba4aaa4ae8d417af4bc443926ffdb23cf4c54152e02180852b613a5fdd7312becbd2a5740a4b3ef52d9b082e3d70550d776f4f9115cd5417c9c428b8f4da8463f6c168c260514ec7a25924dba3f837f090b9020c34974987999d6b60d18fee0a721c4220189d18852a9fe503180ecfdc21947617f371b90b0f1bd54394f57deecaa62af02c63622a2f0fecdb054fdcb80fefe0c654d1e2fbdefbf3050a3087274ac74cfb3b9d844b6327c17139978ce7538ff93f7ed4b65ee103ad6d0e6bb32e816654faad28a535372a5d8e0ac1d4abf610efd3785da488c1cadf7c599aa1746ff839fc4f94cf79d1fbb51494cf60f2b076c491380269b237603d7c6c1780aa6462a36b6473a10f933e23f47f63755edeb808edb52799018078a9625807bc3", 0xe26}], 0x2}}], 0x1, 0x40)
setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000000480)=0x1df9, 0x4)
sendto$inet(r0, &(0x7f0000000580)="17", 0x1d4c, 0x10048095, 0x0, 0x0)

4.509371211s ago: executing program 0 (id=1110):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0xfffffdca, &(0x7f0000000200)=0x400000bce)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
mount(0x0, &(0x7f0000000080)='./file0\x00', 0x0, 0x10, 0x0)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x4000004)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$gtp(0x0, r1)
llistxattr(&(0x7f0000000080)='./cgroup\x00', &(0x7f00000000c0)=""/34, 0x22)

4.474244138s ago: executing program 5 (id=1111):
r0 = openat(0xffffffffffffff9c, 0x0, 0x141042, 0x0)
ioctl$BTRFS_IOC_DEV_INFO(r0, 0xd000941e, &(0x7f0000000d80)={0x0, "d08f415bfe095f6c70d8644c40cb0865"})
mmap(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x6, 0x4002011, 0xffffffffffffffff, 0x0)
ftruncate(0xffffffffffffffff, 0x201f)
r1 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000780)='/proc/asound/seq/clients\x00', 0x0, 0x0)
r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x18, 0x3, &(0x7f0000000080)=ANY=[@ANYBLOB="18000000e0ff0000000000000000000095"], &(0x7f0000000000)='syzkaller\x00', 0xa, 0x0, 0x0, 0x0, 0x26}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000040)='contention_end\x00', r2}, 0x10)
r3 = syz_pidfd_open(0x0, 0x0)
setns(r3, 0x24020000)
read$FUSE(r1, &(0x7f0000002800)={0x2020}, 0x2020)

3.839863663s ago: executing program 1 (id=1112):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="0e00000004000000080000000b"], 0x50)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000500)={0x11, 0x14, &(0x7f0000000280)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020646c2100000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000002300000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000000)='contention_end\x00', r1, 0xe4}, 0x18)
bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x6, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="1802"], 0x0, 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
close(r2)
r3 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
ioctl$TUNSETOFFLOAD(r3, 0xc004743e, 0x110e22fff6)
ioctl$TUNGETVNETLE(r2, 0x4010744d, &(0x7f0000000180))

3.781087648s ago: executing program 5 (id=1113):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f00000004c0)='dctcp\x00', 0x6)
bind$inet6(r0, &(0x7f0000000080)={0xa, 0x2, 0x200, @loopback, 0x7}, 0x1c)
setsockopt$inet6_tcp_int(r0, 0x6, 0x2000000000000022, &(0x7f0000000200)=0x1, 0x4)
sendto$inet6(r0, &(0x7f0000000280)="32780f64", 0x4, 0x20000045, &(0x7f00000001c0)={0xa, 0x2, 0xffff, @loopback, 0x3}, 0x1c)
setsockopt$inet6_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000380)='bic\x00', 0x4)
shutdown(r0, 0x1)

3.66509957s ago: executing program 0 (id=1114):
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x0, 0x0, &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x12, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r0}, 0x18)
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
mount$overlay(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000180), 0x0, &(0x7f00000001c0)={[{@lowerdir={'lowerdir', 0x3d, './file0'}, 0x3a}], [], 0x2f})

3.664386175s ago: executing program 2 (id=1115):
write$binfmt_script(0xffffffffffffffff, &(0x7f0000000b40)={'#! ', '', [{}]}, 0x5)
prlimit64(0x0, 0xe, &(0x7f00000007c0)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
sendmsg$IPCTNL_MSG_CT_NEW(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000440)=ANY=[@ANYBLOB], 0x70}}, 0x0)
close(r1)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000380)=[{0x6, 0x0, 0x0, 0x7ffffffc}]})
fspick(0xffffffffffffffff, 0x0, 0x1)
r2 = socket$inet6_mptcp(0xa, 0x1, 0x106)
bind$inet6(r1, &(0x7f0000000040)={0xa, 0x4e22, 0x0, @empty, 0x1}, 0x1c)
listen(r2, 0xfffffffc)
r3 = socket$inet_mptcp(0x2, 0x1, 0x106)
connect$inet(r3, &(0x7f0000000000)={0x2, 0x4e22, @empty}, 0x10)
sendmsg$inet(r3, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000140)=[{&(0x7f00000006c0)="9e5139ba6f09278b6d148376c3e54c668c07be7b435b67a4ecbff6d40359063bf69bfff351f9ca467035476b8aa460537f9780cb549bc32a0f74ac94a30aa2540318c7cf", 0x44}], 0x1}, 0x40c4)
r4 = accept(r1, 0x0, 0x0)
sendmsg$TEAM_CMD_OPTIONS_SET(r4, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000140)=ANY=[], 0xfffffdef}}, 0x801)
mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x2000002, 0x200000005c832, 0xffffffffffffffff, 0x0)
recvfrom(r3, &(0x7f0000000180)=""/60, 0xfffffffffffffecb, 0x4100, 0x0, 0x0)
syz_init_net_socket$rose(0xb, 0x5, 0x0)

3.369199411s ago: executing program 5 (id=1116):
setresuid(0x0, 0xee01, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000240)={0x1, 0x4, &(0x7f00000008c0)=ANY=[@ANYBLOB="b7050000000000006110440000000000dc0500002000000095000000000000009abb1723bf24203831c9545b21c751ee4024f479cbe4b89f9808837203000000000000c2d182c7a3221481f5009edaf5f5ac058299e10e790a198f42a715b99fb3d2a73dd025848710155ad1efd7d991408000000000000085a0db0401fa29e075b7ab0408a0d8cfceeb23465bb027ee1151c02af21d8f9aa57e673a6724441d08087aff070eda8abef22b3a806c8226f5a2886c93bd29b37252ba4a6e9cc5f69e75680c431aa855e487ae513abd6c4ee973fce29a26018ed5e0780f8778a602a3533a3dac7da4fe491edf3abfa7bf871c58848ac46ada6776bd9b85df01e626026a59ddfa7a9c879acbfb0bf426785dec7d8611dc850df49ed8633bdb83dd505fb20649f53841a0e200c91f5bf1bb186ed87efc7b6f8859d029c8376ca19265e281fea0a6fd2222f8850c8445758503ede0ce1b3f73ecd8989e8c53c5e679b13802bddf80f3b1d07d6d68bfa12ab34697d40ac1150a842f8bb381344b994c19642a10eb30845a993daaa8bd4aebc595475feb3475d8e802498382e73edb98fcf2df96ab3c870490c4"], &(0x7f00000002c0)='syzkaller\x00', 0x5, 0xfd90, &(0x7f0000000300)=""/195, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x1f3, 0x10, &(0x7f0000000080), 0xfffffffffffffc79}, 0x48)

3.368350977s ago: executing program 4 (id=1117):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000400)='/sys/kernel/debug/binder/failed_transaction_log\x00', 0x0, 0x0)
read$FUSE(r3, &(0x7f0000001fc0)={0x2020}, 0x2020)
r4 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r4, 0x4018620d, &(0x7f0000000100))
r5 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000140)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r5, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=[@increfs], 0x0, 0x0, 0x0})
r6 = dup3(r5, r4, 0x0)
r7 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs/binder0\x00', 0x0, 0x0)
mmap$binder(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1, 0x11, r7, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r7, 0x4018620d, &(0x7f0000004a80)={0x73622a85, 0x100, 0x1})
ioctl$BINDER_WRITE_READ(r6, 0xc0306201, &(0x7f00000004c0)={0x8, 0x0, &(0x7f0000000000)=[@acquire], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r6, 0xc0306201, &(0x7f00000001c0)={0x4c, 0x0, &(0x7f0000000fc0)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x58, 0x18, &(0x7f0000000500)={@flat=@weak_binder={0x77622a85, 0x100a, 0x8000000000}, @fda={0x66646185, 0xa, 0x2, 0x19}, @fda={0x66646185, 0x7, 0x2, 0x2b}}, &(0x7f0000000200)={0x2e, 0x18, 0x38}}}], 0x0, 0x0, 0x0})
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r8 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000700), 0xffffffffffffffff)
recvmmsg(0xffffffffffffffff, &(0x7f0000001a00)=[{{0x0, 0x0, &(0x7f0000000480)=[{&(0x7f0000000540)=""/143, 0x8f}, {&(0x7f00000000c0)=""/183, 0xb7}, {0x0}, {&(0x7f0000000600)=""/200, 0xc8}, {&(0x7f0000001f00)=""/4078, 0xfee}], 0x5}, 0xc}, {{0x0, 0x0, 0x0}, 0x5}], 0x2, 0x40010080, 0x0)
sendmsg$ETHTOOL_MSG_STRSET_GET(0xffffffffffffffff, &(0x7f0000000780)={0x0, 0x0, &(0x7f0000000740)={&(0x7f0000000080)=ANY=[@ANYBLOB="18000000", @ANYRES16=r8, @ANYBLOB="030704707900000000000100040004000180"], 0x18}}, 0x0)
socket(0x40000000015, 0x5, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000040)={0x8, 0x8b}, 0x0)
ioctl$FS_IOC_RESVSP(0xffffffffffffffff, 0x40305828, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x8010002})

2.381118708s ago: executing program 1 (id=1118):
symlinkat(0x0, 0xffffffffffffff9c, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
r0 = socket$inet(0x2, 0x3, 0x2)
setsockopt$inet_mreqsrc(r0, 0x0, 0x27, 0x0, 0x0)
setsockopt$inet_mreqn(r0, 0x0, 0x27, &(0x7f0000000100)={@multicast2, @local}, 0xc)
r1 = socket$nl_route(0x10, 0x3, 0x0)
socket$inet_tcp(0x2, 0x1, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000200)=ANY=[@ANYBLOB="200000001100010100"/20, @ANYRES32], 0x20}}, 0x20008040)

2.377125129s ago: executing program 0 (id=1119):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_GET_BYINDEX(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000040)=ANY=[@ANYBLOB="240000000f06010200004000000000000100000a050001000700000006000b"], 0x24}, 0x1, 0x0, 0x0, 0x8000}, 0x40000)

1.484937931s ago: executing program 4 (id=1120):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeed, 0x8031, 0xffffffffffffffff, 0xf6d0d000)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
munmap(&(0x7f0000002000/0x1000)=nil, 0x1000)
setsockopt$SO_TIMESTAMP(0xffffffffffffffff, 0x1, 0x3f, 0x0, 0x0)

621.228633ms ago: executing program 5 (id=1121):
r0 = syz_open_dev$vim2m(&(0x7f0000000000), 0x9, 0x2)
r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$nbd(&(0x7f0000000000), 0xffffffffffffffff)
r3 = syz_open_dev$ndb(&(0x7f0000000000), 0x0, 0x200)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000040)={<r4=>0xffffffffffffffff})
ioctl$NBD_SET_SOCK(r3, 0xab00, r4)
socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(0xffffffffffffffff, 0x0, 0x0)
r5 = dup3(r3, r0, 0x80000)
bpf$BPF_PROG_DETACH(0x9, 0x0, 0x20)
ioctl$NBD_DO_IT(r5, 0xab03)
sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000100)={0x1c, r2, 0x1, 0x70bd2b, 0x6, {}, [@NBD_ATTR_INDEX={0x8, 0x1, 0x0}]}, 0x1c}, 0x1, 0x0, 0x0, 0x8004}, 0x0)

138.919306ms ago: executing program 4 (id=1122):
ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000540)={'wlan1\x00'})
r0 = syz_open_dev$cec(&(0x7f0000000200), 0x0, 0x200)
r1 = open_tree(0xffffffffffffffff, &(0x7f0000000640)='\x00', 0x9000)
ioctl$sock_ipv6_tunnel_SIOCCHGTUNNEL(r1, 0x89f3, 0x0)
ioctl$CEC_ADAP_S_LOG_ADDRS(r0, 0xc05c6104, 0x0)
socket$inet_icmp_raw(0x2, 0x3, 0x1)
sendmsg$DEVLINK_CMD_TRAP_SET(0xffffffffffffffff, 0x0, 0x4000001)
syz_open_procfs(0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000000c0)=0xa)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000780)={&(0x7f00000001c0)=@getchain={0x24, 0x66, 0x4, 0x70bd29, 0x25dfdbfc, {0x0, 0x0, 0x0, 0x0, {0xb, 0xffe0}, {0x8, 0xfff1}, {0xfff1, 0xffe0}}}, 0x24}, 0x1, 0x0, 0x0, 0x4000}, 0x44080)
r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000340)=ANY=[@ANYBLOB='\n\x00\x00\x00\t\x00\x00\x00\a\x00\x00\x00\b\x00\x00'], 0x50)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000), &(0x7f0000000300), 0xb0b, r3}, 0x38)

77.75335ms ago: executing program 1 (id=1123):
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0)
r2 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r2, 0x84, 0x9, &(0x7f0000000580)={0x0, @in={{0x2, 0x0, @empty}}, 0x0, 0x0, 0x400, 0x0, 0xb2}, 0x9c)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r2, 0x84, 0x9, &(0x7f0000000200)={0x0, @in6={{0xa, 0x0, 0x0, @empty}}, 0x0, 0x0, 0x0, 0x0, 0x8a}, 0x9c)
bind$inet6(r2, &(0x7f00004b8fe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c)
sendto$inet6(r2, &(0x7f0000847fff)='X', 0x34000, 0x0, &(0x7f000005ffe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c)
shutdown(r2, 0x2)

27.544164ms ago: executing program 2 (id=1124):
writev(0xffffffffffffffff, &(0x7f00000003c0)=[{&(0x7f0000000380)="390000001300034700bb65e1c3e4ffff01000000010000005600000025000000190004000400000007fdd411efc40800040000000000000000", 0x39}], 0x1)
setsockopt$inet6_IPV6_RTHDR(0xffffffffffffffff, 0x29, 0x39, 0x0, 0x18)
mkdir(&(0x7f0000000000)='./cgroup/../file0\x00', 0x0)
r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
mkdir(&(0x7f0000000000)='./cgroup/../file0/file0\x00', 0x0)
ioctl$RTC_ALM_SET(0xffffffffffffffff, 0x8008700b, 0x0)
socket(0x10, 0x803, 0x0)
r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
r2 = openat$cgroup_procs(r1, &(0x7f0000000380)='cgroup.procs\x00', 0x2, 0x0)
write$cgroup_pid(r2, &(0x7f0000000040), 0x12)
r3 = openat$cgroup_subtree(r0, &(0x7f0000000200), 0x2, 0x0)
write$cgroup_subtree(r3, &(0x7f0000000040)={[{0x2b, 'pids'}]}, 0x6)

0s ago: executing program 0 (id=1125):
socket$isdn(0x22, 0x3, 0x3)
syz_genetlink_get_family_id$devlink(&(0x7f00000002c0), 0xffffffffffffffff)
r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, 0x0)
bpf$PROG_BIND_MAP(0x23, 0x0, 0x0)
syz_usb_connect(0x0, 0x0, 0x0, 0x0)
bpf$MAP_CREATE(0x0, 0x0, 0x48)
fanotify_mark(0xffffffffffffffff, 0x90, 0x40100000, 0xffffffffffffffff, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYRES32=r0], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1a, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x2)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
r2 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$kcm(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000140)}], 0x1, 0x0, 0x0, 0x2663}, 0x0)
r3 = socket$netlink(0x10, 0x3, 0x0)
r4 = socket$igmp(0x2, 0x3, 0x2)
setsockopt$MRT_INIT(r4, 0x0, 0xc8, &(0x7f0000000000), 0x4)
setsockopt$MRT_ADD_VIF(r4, 0x0, 0xca, &(0x7f0000000540)={0x11, 0x1, 0xc, 0x8001, @vifc_lcl_ifindex, @local}, 0x10)
setsockopt$MRT_DONE(r4, 0x0, 0xc9, 0x0, 0x0)
sendmmsg(r3, 0x0, 0x0, 0x0)
ioctl$TIOCGSID(0xffffffffffffffff, 0x5429, &(0x7f0000000200)=<r5=>0x0)
ptrace(0x11, r5)
read$msr(r1, &(0x7f00000003c0)=""/87, 0x57)
ioctl$SECCOMP_IOCTL_NOTIF_RECV(0xffffffffffffffff, 0xc0502100, 0x0)
socket(0x10, 0x3, 0x0)

kernel console output (not intermixed with test programs):

e+0x145/0x250
[  386.485327][ T8441]  ? __pfx_ksys_write+0x10/0x10
[  386.485343][ T8441]  ? rcu_is_watching+0x15/0xb0
[  386.485372][ T8441]  ? do_syscall_64+0xbe/0x3b0
[  386.485401][ T8441]  do_syscall_64+0xfa/0x3b0
[  386.485424][ T8441]  ? lockdep_hardirqs_on+0x9c/0x150
[  386.485446][ T8441]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  386.485481][ T8441]  ? clear_bhb_loop+0x60/0xb0
[  386.485508][ T8441]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  386.485528][ T8441] RIP: 0033:0x7fd34cf8ebe9
[  386.485546][ T8441] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  386.485564][ T8441] RSP: 002b:00007fd34b1f6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  386.485587][ T8441] RAX: ffffffffffffffda RBX: 00007fd34d1b5fa0 RCX: 00007fd34cf8ebe9
[  386.485603][ T8441] RDX: 0000000000000030 RSI: 00002000000002c0 RDI: 0000000000000003
[  386.485616][ T8441] RBP: 00007fd34b1f6090 R08: 0000000000000000 R09: 0000000000000000
[  386.485630][ T8441] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  386.485643][ T8441] R13: 00007fd34d1b6038 R14: 00007fd34d1b5fa0 R15: 00007ffdda4675b8
[  386.485678][ T8441]  </TASK>
[  387.005053][ T8446] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  387.034780][ T8446] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  387.229330][ T5917] usb 2-1: new high-speed USB device number 9 using dummy_hcd
[  387.768224][ T5917] usb 2-1: unable to get BOS descriptor or descriptor too short
[  388.109583][ T5917] usb 2-1: config 1 has 2 interfaces, different from the descriptor's value: 3
[  388.118790][ T5917] usb 2-1: config 1 has no interface number 1
[  388.127663][ T5917] usb 2-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  388.137122][ T5917] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  388.147344][ T5917] usb 2-1: Product: syz
[  388.179962][ T5917] usb 2-1: Manufacturer: syz
[  388.200778][ T5917] usb 2-1: SerialNumber: syz
[  388.441969][ T5917] usb 2-1: 2:1 : unknown format tag 0x1000 is detected.  processed as MPEG.
[  388.475196][ T5917] usb 2-1: found format II with max.bitrate = 26774, frame size=2
[  388.518207][ T5917] usb 2-1: 2:1 : unknown format tag 0x1000 is detected.  processed as MPEG.
[  388.580424][ T5917] usb 2-1: found format II with max.bitrate = 26774, frame size=2
[  389.089480][ T5917] usb 2-1: failed to enable PITCH for EP 0x82
[  389.295333][ T5917] usb 2-1: USB disconnect, device number 9
[  392.108610][ T8492] netlink: 'syz.5.551': attribute type 1 has an invalid length.
[  392.694698][ T8492] 8021q: adding VLAN 0 to HW filter on device bond3
[  394.280470][ T5949] usb 1-1: new low-speed USB device number 6 using dummy_hcd
[  394.954644][ T5949] usb 1-1: config 32 has 1 interface, different from the descriptor's value: 2
[  394.979342][ T5949] usb 1-1: config 32 interface 0 altsetting 0 has an endpoint descriptor with address 0x98, changing to 0x88
[  395.064078][ T5949] usb 1-1: config 32 interface 0 altsetting 0 endpoint 0x88 is Bulk; changing to Interrupt
[  395.389989][ T5949] usb 1-1: New USB device found, idVendor=19b5, idProduct=0021, bcdDevice=98.c7
[  395.410099][ T5949] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  395.570305][ T8515] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22
[  395.953233][ T5949] usb 1-1: string descriptor 0 read error: -71
[  396.118711][ T5949] usb 1-1: USB disconnect, device number 6
[  398.572983][ T8560] FAULT_INJECTION: forcing a failure.
[  398.572983][ T8560] name failslab, interval 1, probability 0, space 0, times 0
[  398.585856][ T8560] CPU: 0 UID: 0 PID: 8560 Comm: syz.1.565 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) 
[  398.585884][ T8560] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  398.585898][ T8560] Call Trace:
[  398.585908][ T8560]  <TASK>
[  398.585917][ T8560]  dump_stack_lvl+0x189/0x250
[  398.585948][ T8560]  ? __pfx____ratelimit+0x10/0x10
[  398.585973][ T8560]  ? __pfx_dump_stack_lvl+0x10/0x10
[  398.585998][ T8560]  ? __pfx__printk+0x10/0x10
[  398.586033][ T8560]  ? __pfx___might_resched+0x10/0x10
[  398.586063][ T8560]  should_fail_ex+0x414/0x560
[  398.586091][ T8560]  should_failslab+0xa8/0x100
[  398.586118][ T8560]  __kmalloc_cache_node_noprof+0x73/0x3d0
[  398.586141][ T8560]  ? __get_vm_area_node+0x13f/0x300
[  398.586169][ T8560]  __get_vm_area_node+0x13f/0x300
[  398.586197][ T8560]  __vmalloc_node_range_noprof+0x301/0x12f0
[  398.586223][ T8560]  ? bpf_prog_alloc_no_stats+0x4a/0x4b0
[  398.586277][ T8560]  ? trace_sched_exit_tp+0x38/0x120
[  398.586310][ T8560]  ? __schedule+0x16c8/0x4c90
[  398.586339][ T8560]  ? __pfx___vmalloc_node_range_noprof+0x10/0x10
[  398.586377][ T8560]  ? bpf_prog_alloc_no_stats+0x4a/0x4b0
[  398.586409][ T8560]  __vmalloc_noprof+0xb1/0xf0
[  398.586433][ T8560]  ? bpf_prog_alloc_no_stats+0x4a/0x4b0
[  398.586471][ T8560]  bpf_prog_alloc_no_stats+0x4a/0x4b0
[  398.586511][ T8560]  bpf_prog_alloc+0x3c/0x1a0
[  398.586548][ T8560]  bpf_prog_load+0x735/0x1930
[  398.586595][ T8560]  ? __pfx_bpf_prog_load+0x10/0x10
[  398.586655][ T8560]  ? __sys_bpf+0x206/0x860
[  398.586686][ T8560]  ? bpf_lsm_bpf+0x9/0x20
[  398.586711][ T8560]  ? security_bpf+0x7e/0x300
[  398.586740][ T8560]  __sys_bpf+0x5f1/0x860
[  398.586775][ T8560]  ? __pfx___sys_bpf+0x10/0x10
[  398.586821][ T8560]  ? ksys_write+0x22a/0x250
[  398.586844][ T8560]  ? __pfx_ksys_write+0x10/0x10
[  398.586873][ T8560]  __x64_sys_bpf+0x7c/0x90
[  398.586904][ T8560]  do_syscall_64+0xfa/0x3b0
[  398.586931][ T8560]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  398.586951][ T8560]  ? asm_sysvec_reschedule_ipi+0x1a/0x20
[  398.586973][ T8560]  ? clear_bhb_loop+0x60/0xb0
[  398.587000][ T8560]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  398.587021][ T8560] RIP: 0033:0x7fbd1998ebe9
[  398.587041][ T8560] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  398.587060][ T8560] RSP: 002b:00007fbd1a7ad038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[  398.587083][ T8560] RAX: ffffffffffffffda RBX: 00007fbd19bb6180 RCX: 00007fbd1998ebe9
[  398.587100][ T8560] RDX: 00000000000000be RSI: 0000200000000300 RDI: 0000000000000005
[  398.587114][ T8560] RBP: 00007fbd1a7ad090 R08: 0000000000000000 R09: 0000000000000000
[  398.587128][ T8560] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  398.587141][ T8560] R13: 00007fbd19bb6218 R14: 00007fbd19bb6180 R15: 00007ffd85f2fb58
[  398.587175][ T8560]  </TASK>
[  398.587211][ T8560] syz.1.565: vmalloc error: size 4096, vm_struct allocation failed, mode:0x500dc0(GFP_USER|__GFP_ZERO|__GFP_ACCOUNT), nodemask=(null),cpuset=/,mems_allowed=0-1
[  398.889013][ T8560] CPU: 0 UID: 0 PID: 8560 Comm: syz.1.565 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) 
[  398.889041][ T8560] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  398.889055][ T8560] Call Trace:
[  398.889064][ T8560]  <TASK>
[  398.889073][ T8560]  dump_stack_lvl+0x189/0x250
[  398.889102][ T8560]  ? __pfx_rcu_read_unlock_special+0x10/0x10
[  398.889136][ T8560]  ? __pfx_dump_stack_lvl+0x10/0x10
[  398.889160][ T8560]  ? __pfx__printk+0x10/0x10
[  398.889192][ T8560]  ? cpuset_print_current_mems_allowed+0x1f/0x360
[  398.889217][ T8560]  ? cpuset_print_current_mems_allowed+0x1f/0x360
[  398.889250][ T8560]  warn_alloc+0x214/0x310
[  398.889282][ T8560]  ? __pfx_warn_alloc+0x10/0x10
[  398.889309][ T8560]  ? __get_vm_area_node+0x13f/0x300
[  398.889335][ T8560]  ? __get_vm_area_node+0x2b5/0x300
[  398.889376][ T8560]  __vmalloc_node_range_noprof+0x326/0x12f0
[  398.889419][ T8560]  ? trace_sched_exit_tp+0x38/0x120
[  398.889451][ T8560]  ? __schedule+0x16c8/0x4c90
[  398.889478][ T8560]  ? __pfx___vmalloc_node_range_noprof+0x10/0x10
[  398.889539][ T8560]  ? bpf_prog_alloc_no_stats+0x4a/0x4b0
[  398.889572][ T8560]  __vmalloc_noprof+0xb1/0xf0
[  398.889606][ T8560]  ? bpf_prog_alloc_no_stats+0x4a/0x4b0
[  398.889644][ T8560]  bpf_prog_alloc_no_stats+0x4a/0x4b0
[  398.889684][ T8560]  bpf_prog_alloc+0x3c/0x1a0
[  398.889721][ T8560]  bpf_prog_load+0x735/0x1930
[  398.889767][ T8560]  ? __pfx_bpf_prog_load+0x10/0x10
[  398.889821][ T8560]  ? __sys_bpf+0x206/0x860
[  398.889853][ T8560]  ? bpf_lsm_bpf+0x9/0x20
[  398.889878][ T8560]  ? security_bpf+0x7e/0x300
[  398.889908][ T8560]  __sys_bpf+0x5f1/0x860
[  398.889942][ T8560]  ? __pfx___sys_bpf+0x10/0x10
[  398.889988][ T8560]  ? ksys_write+0x22a/0x250
[  398.890012][ T8560]  ? __pfx_ksys_write+0x10/0x10
[  398.890041][ T8560]  __x64_sys_bpf+0x7c/0x90
[  398.890071][ T8560]  do_syscall_64+0xfa/0x3b0
[  398.890098][ T8560]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  398.890119][ T8560]  ? asm_sysvec_reschedule_ipi+0x1a/0x20
[  398.890141][ T8560]  ? clear_bhb_loop+0x60/0xb0
[  398.890168][ T8560]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  398.890190][ T8560] RIP: 0033:0x7fbd1998ebe9
[  398.890210][ T8560] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  398.890229][ T8560] RSP: 002b:00007fbd1a7ad038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[  398.890252][ T8560] RAX: ffffffffffffffda RBX: 00007fbd19bb6180 RCX: 00007fbd1998ebe9
[  398.890268][ T8560] RDX: 00000000000000be RSI: 0000200000000300 RDI: 0000000000000005
[  398.890282][ T8560] RBP: 00007fbd1a7ad090 R08: 0000000000000000 R09: 0000000000000000
[  398.890296][ T8560] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  398.890310][ T8560] R13: 00007fbd19bb6218 R14: 00007fbd19bb6180 R15: 00007ffd85f2fb58
[  398.890343][ T8560]  </TASK>
[  399.166377][ T8560] Mem-Info:
[  399.169573][ T8560] active_anon:273 inactive_anon:11644 isolated_anon:0
[  399.169573][ T8560]  active_file:5878 inactive_file:36129 isolated_file:0
[  399.169573][ T8560]  unevictable:2816 dirty:239 writeback:0
[  399.169573][ T8560]  slab_reclaimable:10197 slab_unreclaimable:98899
[  399.169573][ T8560]  mapped:36506 shmem:6299 pagetables:1398
[  399.169573][ T8560]  sec_pagetables:0 bounce:0
[  399.169573][ T8560]  kernel_misc_reclaimable:0
[  399.169573][ T8560]  free:1318045 free_pcp:15307 free_cma:0
[  399.216162][ T8560] Node 0 active_anon:1092kB inactive_anon:46576kB active_file:23312kB inactive_file:144516kB unevictable:9728kB isolated(anon):0kB isolated(file):0kB mapped:146024kB dirty:956kB writeback:0kB shmem:23660kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:6144kB writeback_tmp:0kB kernel_stack:12656kB pagetables:5444kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB
[  399.250165][ T8560] Node 1 active_anon:0kB inactive_anon:0kB active_file:200kB inactive_file:0kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:0kB writeback:0kB shmem:1536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:48kB pagetables:148kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB
[  399.282209][ T8560] Node 0 DMA free:15360kB boost:0kB min:204kB low:252kB high:300kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[  399.311463][ T8560] lowmem_reserve[]: 0 2500 2502 2502 2502
[  399.317329][ T8560] Node 0 DMA32 free:1360304kB boost:0kB min:34264kB low:42828kB high:51392kB reserved_highatomic:0KB free_highatomic:0KB active_anon:1088kB inactive_anon:46536kB active_file:21536kB inactive_file:144448kB unevictable:9728kB writepending:956kB present:3129332kB managed:2560996kB mlocked:8192kB bounce:0kB free_pcp:40440kB local_pcp:16840kB free_cma:0kB
[  399.350193][ T8560] lowmem_reserve[]: 0 0 1 1 1
[  399.354922][ T8560] Node 0 Normal free:8kB boost:0kB min:24kB low:28kB high:32kB reserved_highatomic:0KB free_highatomic:0KB active_anon:4kB inactive_anon:40kB active_file:1776kB inactive_file:68kB unevictable:0kB writepending:0kB present:1048580kB managed:1904kB mlocked:0kB bounce:0kB free_pcp:8kB local_pcp:0kB free_cma:0kB
[  399.384949][ T8560] lowmem_reserve[]: 0 0 0 0 0
[  399.389736][ T8560] Node 1 Normal free:3896508kB boost:0kB min:55612kB low:69512kB high:83412kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:200kB inactive_file:0kB unevictable:1536kB writepending:0kB present:4194300kB managed:4111164kB mlocked:0kB bounce:0kB free_pcp:20772kB local_pcp:9152kB free_cma:0kB
[  399.421078][ T8560] lowmem_reserve[]: 0 0 0 0 0
[  399.425817][ T8560] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB
[  399.438566][ T8560] Node 0 DMA32: 716*4kB (UME) 282*8kB (UM) 151*16kB (UME) 46*32kB (U) 24*64kB (UME) 21*128kB (UE) 28*256kB (UM) 17*512kB (ME) 6*1024kB (UME) 5*2048kB (ME) 321*4096kB (M) = 1360304kB
[  399.456820][ T8560] Node 0 Normal: 0*4kB 1*8kB (M) 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 8kB
[  399.529462][ T8560] Node 1 Normal: 187*4kB (UE) 48*8kB (UME) 43*16kB (UME) 87*32kB (UME) 25*64kB (UME) 9*128kB (UME) 4*256kB (UM) 4*512kB (UME) 3*1024kB (UM) 2*2048kB (UE) 947*4096kB (M) = 3896508kB
[  399.547938][ T8560] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[  399.557587][ T8560] Node 0 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB
[  399.568449][ T8560] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[  399.578179][ T8560] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB
[  399.587564][ T8560] 48304 total pagecache pages
[  399.592302][ T8560] 2 pages in swap cache
[  399.596489][ T8560] Free swap  = 124988kB
[  399.601179][ T8560] Total swap = 124996kB
[  399.605366][ T8560] 2097051 pages RAM
[  399.609234][ T8560] 0 pages HighMem/MovableOnly
[  399.613937][ T8560] 424695 pages reserved
[  399.618118][ T8560] 0 pages cma reserved
[  401.553494][ T8580] FAULT_INJECTION: forcing a failure.
[  401.553494][ T8580] name failslab, interval 1, probability 0, space 0, times 0
[  401.566427][ T8580] CPU: 0 UID: 0 PID: 8580 Comm: syz.0.568 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) 
[  401.566457][ T8580] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  401.566476][ T8580] Call Trace:
[  401.566485][ T8580]  <TASK>
[  401.566495][ T8580]  dump_stack_lvl+0x189/0x250
[  401.566527][ T8580]  ? __pfx____ratelimit+0x10/0x10
[  401.566551][ T8580]  ? __pfx_dump_stack_lvl+0x10/0x10
[  401.566577][ T8580]  ? __pfx__printk+0x10/0x10
[  401.566612][ T8580]  ? __pfx___might_resched+0x10/0x10
[  401.566642][ T8580]  should_fail_ex+0x414/0x560
[  401.566671][ T8580]  should_failslab+0xa8/0x100
[  401.566698][ T8580]  __kmalloc_cache_node_noprof+0x73/0x3d0
[  401.566722][ T8580]  ? __get_vm_area_node+0x13f/0x300
[  401.566750][ T8580]  __get_vm_area_node+0x13f/0x300
[  401.566779][ T8580]  __vmalloc_node_range_noprof+0x301/0x12f0
[  401.566809][ T8580]  ? bpf_prog_alloc_no_stats+0x4a/0x4b0
[  401.566854][ T8580]  ? lockdep_hardirqs_on+0x9c/0x150
[  401.566891][ T8580]  ? rcu_is_watching+0x15/0xb0
[  401.566918][ T8580]  ? __pfx___vmalloc_node_range_noprof+0x10/0x10
[  401.566941][ T8580]  ? preempt_schedule_irq+0xde/0x150
[  401.566963][ T8580]  ? __pfx_preempt_schedule_irq+0x10/0x10
[  401.566996][ T8580]  ? bpf_prog_alloc_no_stats+0x4a/0x4b0
[  401.567032][ T8580]  __vmalloc_noprof+0xb1/0xf0
[  401.567057][ T8580]  ? bpf_prog_alloc_no_stats+0x4a/0x4b0
[  401.567094][ T8580]  bpf_prog_alloc_no_stats+0x4a/0x4b0
[  401.567134][ T8580]  bpf_prog_alloc+0x3c/0x1a0
[  401.567178][ T8580]  bpf_prog_load+0x735/0x1930
[  401.567225][ T8580]  ? __pfx_bpf_prog_load+0x10/0x10
[  401.567284][ T8580]  ? bpf_lsm_bpf+0x9/0x20
[  401.567312][ T8580]  ? security_bpf+0x7e/0x300
[  401.567342][ T8580]  __sys_bpf+0x5f1/0x860
[  401.567377][ T8580]  ? __pfx___sys_bpf+0x10/0x10
[  401.567422][ T8580]  ? ksys_write+0x22a/0x250
[  401.567446][ T8580]  ? __pfx_ksys_write+0x10/0x10
[  401.567476][ T8580]  __x64_sys_bpf+0x7c/0x90
[  401.567506][ T8580]  do_syscall_64+0xfa/0x3b0
[  401.567533][ T8580]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  401.567554][ T8580]  ? asm_sysvec_reschedule_ipi+0x1a/0x20
[  401.567581][ T8580]  ? clear_bhb_loop+0x60/0xb0
[  401.567607][ T8580]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  401.567630][ T8580] RIP: 0033:0x7fc49df8ebe9
[  401.567650][ T8580] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  401.567669][ T8580] RSP: 002b:00007fc49ee9a038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[  401.567691][ T8580] RAX: ffffffffffffffda RBX: 00007fc49e1b6180 RCX: 00007fc49df8ebe9
[  401.567708][ T8580] RDX: 0000000000000094 RSI: 0000200000000840 RDI: 0000000000000005
[  401.567722][ T8580] RBP: 00007fc49ee9a090 R08: 0000000000000000 R09: 0000000000000000
[  401.567736][ T8580] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  401.567749][ T8580] R13: 00007fc49e1b6218 R14: 00007fc49e1b6180 R15: 00007ffffafca008
[  401.567783][ T8580]  </TASK>
[  402.905158][ T8583] workqueue: Failed to create a rescuer kthread for wq "nfc2_nci_cmd_wq": -EINTR
[  404.026114][ T8596] FAULT_INJECTION: forcing a failure.
[  404.026114][ T8596] name failslab, interval 1, probability 0, space 0, times 0
[  404.079507][ T8596] CPU: 1 UID: 0 PID: 8596 Comm: syz.5.573 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) 
[  404.079535][ T8596] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  404.079548][ T8596] Call Trace:
[  404.079556][ T8596]  <TASK>
[  404.079565][ T8596]  dump_stack_lvl+0x189/0x250
[  404.079595][ T8596]  ? __pfx____ratelimit+0x10/0x10
[  404.079619][ T8596]  ? __pfx_dump_stack_lvl+0x10/0x10
[  404.079644][ T8596]  ? __pfx__printk+0x10/0x10
[  404.079679][ T8596]  ? __pfx___might_resched+0x10/0x10
[  404.079708][ T8596]  should_fail_ex+0x414/0x560
[  404.079736][ T8596]  should_failslab+0xa8/0x100
[  404.079763][ T8596]  kmem_cache_alloc_node_noprof+0x76/0x3c0
[  404.079787][ T8596]  ? __alloc_skb+0x112/0x2d0
[  404.079822][ T8596]  __alloc_skb+0x112/0x2d0
[  404.079857][ T8596]  netlink_sendmsg+0x5c6/0xb30
[  404.079900][ T8596]  ? __pfx_netlink_sendmsg+0x10/0x10
[  404.079940][ T8596]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  404.079962][ T8596]  ? __pfx_netlink_sendmsg+0x10/0x10
[  404.079995][ T8596]  __sock_sendmsg+0x21c/0x270
[  404.080025][ T8596]  ____sys_sendmsg+0x505/0x830
[  404.080069][ T8596]  ? __pfx_____sys_sendmsg+0x10/0x10
[  404.080127][ T8596]  ? import_iovec+0x74/0xa0
[  404.080160][ T8596]  ___sys_sendmsg+0x21f/0x2a0
[  404.080195][ T8596]  ? __pfx____sys_sendmsg+0x10/0x10
[  404.080294][ T8596]  ? __fget_files+0x2a/0x420
[  404.080319][ T8596]  ? __fget_files+0x3a0/0x420
[  404.080356][ T8596]  __x64_sys_sendmsg+0x19b/0x260
[  404.080393][ T8596]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  404.080439][ T8596]  ? __pfx_ksys_write+0x10/0x10
[  404.080456][ T8596]  ? rcu_is_watching+0x15/0xb0
[  404.080486][ T8596]  ? do_syscall_64+0xbe/0x3b0
[  404.080515][ T8596]  do_syscall_64+0xfa/0x3b0
[  404.080538][ T8596]  ? lockdep_hardirqs_on+0x9c/0x150
[  404.080561][ T8596]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  404.080583][ T8596]  ? clear_bhb_loop+0x60/0xb0
[  404.080610][ T8596]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  404.080631][ T8596] RIP: 0033:0x7f94dcd8ebe9
[  404.080650][ T8596] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  404.080669][ T8596] RSP: 002b:00007f94ddcce038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  404.080692][ T8596] RAX: ffffffffffffffda RBX: 00007f94dcfb5fa0 RCX: 00007f94dcd8ebe9
[  404.080709][ T8596] RDX: 0000000000000840 RSI: 0000200000001ac0 RDI: 0000000000000004
[  404.080723][ T8596] RBP: 00007f94ddcce090 R08: 0000000000000000 R09: 0000000000000000
[  404.080737][ T8596] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  404.080750][ T8596] R13: 00007f94dcfb6038 R14: 00007f94dcfb5fa0 R15: 00007ffcad9feb98
[  404.080784][ T8596]  </TASK>
[  404.458823][ T8607] netlink: 20 bytes leftover after parsing attributes in process `syz.4.576'.
[  407.287758][ T8642] netlink: 'syz.4.582': attribute type 2 has an invalid length.
[  407.295638][ T8642] netlink: 199836 bytes leftover after parsing attributes in process `syz.4.582'.
[  407.304970][ T8642] nbd: must specify a device to reconfigure
[  407.324127][ T8642] xt_TPROXY: Can be used only with -p tcp or -p udp
[  408.522182][ T8660] syzkaller0: default qdisc (pfifo_fast) fail, fallback to noqueue
[  408.531825][ T8660] syzkaller0: entered promiscuous mode
[  408.543811][ T8660] syzkaller0: entered allmulticast mode
[  409.989453][ T5849] Bluetooth: hci5: command 0x040f tx timeout
[  410.705258][ T8661] Bluetooth: hci0: Opcode 0x0c1a failed: -110
[  410.712256][ T8661] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[  410.718413][ T8661] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[  410.725410][ T5155] Bluetooth: hci0: command 0x0c1a tx timeout
[  410.735595][ T8661] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[  410.742141][ T8661] Bluetooth: hci5: Opcode 0x0c1a failed: -4
[  411.564463][ T8679] netlink: 'syz.4.592': attribute type 1 has an invalid length.
[  411.768390][ T8685] bond1: (slave gretap1): making interface the new active one
[  411.777815][ T8685] bond1: (slave gretap1): Enslaving as an active interface with an up link
[  412.205299][ T8703] netlink: 64 bytes leftover after parsing attributes in process `syz.5.594'.
[  412.831640][ T5841] Bluetooth: hci5: command 0x040f tx timeout
[  412.837882][ T5155] Bluetooth: hci4: command 0x0c1a tx timeout
[  412.838004][ T5849] Bluetooth: hci1: command 0x0c1a tx timeout
[  412.844062][ T5841] Bluetooth: hci2: command 0x0c1a tx timeout
[  412.967056][ T8708] netlink: 'syz.1.597': attribute type 2 has an invalid length.
[  412.976054][ T8708] netlink: 199836 bytes leftover after parsing attributes in process `syz.1.597'.
[  412.985680][ T8708] nbd: must specify a device to reconfigure
[  413.006585][ T8708] xt_TPROXY: Can be used only with -p tcp or -p udp
[  415.608312][ T8735] FAULT_INJECTION: forcing a failure.
[  415.608312][ T8735] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  415.730944][ T8735] CPU: 0 UID: 0 PID: 8735 Comm: syz.2.605 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) 
[  415.730976][ T8735] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  415.730990][ T8735] Call Trace:
[  415.730999][ T8735]  <TASK>
[  415.731009][ T8735]  dump_stack_lvl+0x189/0x250
[  415.731039][ T8735]  ? __pfx____ratelimit+0x10/0x10
[  415.731064][ T8735]  ? __pfx_dump_stack_lvl+0x10/0x10
[  415.731089][ T8735]  ? __pfx__printk+0x10/0x10
[  415.731118][ T8735]  ? __might_fault+0xb0/0x130
[  415.731154][ T8735]  should_fail_ex+0x414/0x560
[  415.731188][ T8735]  _copy_from_user+0x2d/0xb0
[  415.731221][ T8735]  kstrtouint_from_user+0xc4/0x170
[  415.731251][ T8735]  ? __pfx_kstrtouint_from_user+0x10/0x10
[  415.731296][ T8735]  proc_fail_nth_write+0x88/0x240
[  415.731325][ T8735]  ? __pfx_proc_fail_nth_write+0x10/0x10
[  415.731359][ T8735]  ? __pfx_proc_fail_nth_write+0x10/0x10
[  415.731389][ T8735]  vfs_write+0x27e/0xa90
[  415.731421][ T8735]  ? __pfx_vfs_write+0x10/0x10
[  415.731443][ T8735]  ? __fget_files+0x2a/0x420
[  415.731474][ T8735]  ? __fget_files+0x3a0/0x420
[  415.731498][ T8735]  ? __fget_files+0x2a/0x420
[  415.731540][ T8735]  ksys_write+0x145/0x250
[  415.731561][ T8735]  ? __fget_files+0x3a0/0x420
[  415.731587][ T8735]  ? __pfx_ksys_write+0x10/0x10
[  415.731615][ T8735]  ? do_syscall_64+0xbe/0x3b0
[  415.731645][ T8735]  do_syscall_64+0xfa/0x3b0
[  415.731668][ T8735]  ? lockdep_hardirqs_on+0x9c/0x150
[  415.731691][ T8735]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  415.731714][ T8735]  ? clear_bhb_loop+0x60/0xb0
[  415.731741][ T8735]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  415.731762][ T8735] RIP: 0033:0x7fd34cf8d69f
[  415.731781][ T8735] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48
[  415.731801][ T8735] RSP: 002b:00007fd34b1d5030 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[  415.731825][ T8735] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007fd34cf8d69f
[  415.731841][ T8735] RDX: 0000000000000001 RSI: 00007fd34b1d50a0 RDI: 0000000000000003
[  415.731854][ T8735] RBP: 00007fd34b1d5090 R08: 0000000000000000 R09: 0000000000000000
[  415.731868][ T8735] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000001
[  415.731881][ T8735] R13: 00007fd34d1b6128 R14: 00007fd34d1b6090 R15: 00007ffdda4675b8
[  415.731916][ T8735]  </TASK>
[  418.254716][ T8754] syzkaller0: default qdisc (pfifo_fast) fail, fallback to noqueue
[  418.341415][ T8754] syzkaller0: entered promiscuous mode
[  418.427027][ T8754] syzkaller0: entered allmulticast mode
[  418.677071][ T8782] netlink: 'syz.2.614': attribute type 10 has an invalid length.
[  418.756331][ T8782] netlink: 40 bytes leftover after parsing attributes in process `syz.2.614'.
[  418.795659][ T8782] team0: entered promiscuous mode
[  418.828967][ T8782] team_slave_0: entered promiscuous mode
[  418.850532][ T8782] team_slave_1: entered promiscuous mode
[  418.860584][ T8782] team0: entered allmulticast mode
[  418.869634][ T8782] team_slave_0: entered allmulticast mode
[  418.876799][ T8782] team_slave_1: entered allmulticast mode
[  418.893579][ T8782] bridge0: port 3(team0) entered blocking state
[  418.903931][ T8782] bridge0: port 3(team0) entered disabled state
[  418.926313][ T8782] bridge0: port 3(team0) entered blocking state
[  418.933093][ T8782] bridge0: port 3(team0) entered forwarding state
[  418.949294][ T5155] Bluetooth: hci5: command 0x040f tx timeout
[  419.450748][ T8756] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[  419.471976][ T8756] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[  419.505008][ T8756] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[  419.532950][ T8756] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[  419.540343][ T8756] Bluetooth: hci5: Opcode 0x0c1a failed: -4
[  420.549584][ T5841] Bluetooth: hci0: command 0x0c1a tx timeout
[  421.509403][ T5155] Bluetooth: hci1: command 0x0c1a tx timeout
[  421.515793][ T5841] Bluetooth: hci2: command 0x0c1a tx timeout
[  421.592131][ T5155] Bluetooth: hci4: command 0x0c1a tx timeout
[  421.598387][ T5841] Bluetooth: hci5: command 0x040f tx timeout
[  421.999699][ T8819] netlink: 'syz.5.622': attribute type 2 has an invalid length.
[  422.007428][ T8819] netlink: 199836 bytes leftover after parsing attributes in process `syz.5.622'.
[  422.020612][ T8819] nbd: must specify a device to reconfigure
[  422.063331][ T8819] xt_TPROXY: Can be used only with -p tcp or -p udp
[  424.039558][ T5917] usb 2-1: new high-speed USB device number 10 using dummy_hcd
[  424.751654][ T5917] usb 2-1: Using ep0 maxpacket: 32
[  425.440025][ T5917] usb 2-1: config 0 has an invalid interface number: 219 but max is 0
[  426.345647][ T5917] usb 2-1: config 0 has no interface number 0
[  426.387209][ T5917] usb 2-1: too many endpoints for config 0 interface 219 altsetting 76: 188, using maximum allowed: 30
[  426.409988][ T5917] usb 2-1: config 0 interface 219 altsetting 76 has 0 endpoint descriptors, different from the interface descriptor's value: 188
[  426.424482][ T5917] usb 2-1: config 0 interface 219 has no altsetting 0
[  426.440762][ T5917] usb 2-1: New USB device found, idVendor=055f, idProduct=d001, bcdDevice=88.92
[  426.464288][ T5917] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  426.476173][ T5917] usb 2-1: config 0 descriptor??
[  426.728993][ T5917] usb 2-1: string descriptor 0 read error: -71
[  426.753503][ T5917] gspca_main: nw80x-2.14.0 probing 055f:d001
[  426.791698][ T5917] gspca_nw80x: reg_w err -71
[  426.796472][ T5917] nw80x 2-1:0.219: probe with driver nw80x failed with error -71
[  426.847824][ T5917] usb 2-1: USB disconnect, device number 10
[  427.058842][ T8856] syzkaller0: default qdisc (pfifo_fast) fail, fallback to noqueue
[  427.070517][ T8856] syzkaller0: entered promiscuous mode
[  427.077812][ T8856] syzkaller0: entered allmulticast mode
[  428.455296][ T8872] syz.5.634: attempt to access beyond end of device
[  428.455296][ T8872] nbd5: rw=0, sector=64, nr_sectors = 1 limit=0
[  428.473442][ T8872] syz.5.634: attempt to access beyond end of device
[  428.473442][ T8872] nbd5: rw=0, sector=256, nr_sectors = 1 limit=0
[  428.487251][ T8872] UDF-fs: error (device nbd5): udf_read_tagged: read failed, block=256, location=256
[  428.778206][ T8872] syz.5.634: attempt to access beyond end of device
[  428.778206][ T8872] nbd5: rw=0, sector=512, nr_sectors = 1 limit=0
[  428.794252][ T8872] UDF-fs: error (device nbd5): udf_read_tagged: read failed, block=512, location=512
[  428.845331][ T8872] syz.5.634: attempt to access beyond end of device
[  428.845331][ T8872] nbd5: rw=0, sector=64, nr_sectors = 2 limit=0
[  428.870332][ T8872] syz.5.634: attempt to access beyond end of device
[  428.870332][ T8872] nbd5: rw=0, sector=512, nr_sectors = 2 limit=0
[  428.886132][ T8872] UDF-fs: error (device nbd5): udf_read_tagged: read failed, block=256, location=256
[  428.900857][ T8872] syz.5.634: attempt to access beyond end of device
[  428.900857][ T8872] nbd5: rw=0, sector=1024, nr_sectors = 2 limit=0
[  428.917065][ T8872] UDF-fs: error (device nbd5): udf_read_tagged: read failed, block=512, location=512
[  428.927625][ T8872] syz.5.634: attempt to access beyond end of device
[  428.927625][ T8872] nbd5: rw=0, sector=64, nr_sectors = 4 limit=0
[  428.940747][ T8872] syz.5.634: attempt to access beyond end of device
[  428.940747][ T8872] nbd5: rw=0, sector=1024, nr_sectors = 4 limit=0
[  428.956131][ T8872] UDF-fs: error (device nbd5): udf_read_tagged: read failed, block=256, location=256
[  428.965845][ T8872] syz.5.634: attempt to access beyond end of device
[  428.965845][ T8872] nbd5: rw=0, sector=2048, nr_sectors = 4 limit=0
[  428.978884][ T8872] UDF-fs: error (device nbd5): udf_read_tagged: read failed, block=512, location=512
[  428.990112][ T8872] syz.5.634: attempt to access beyond end of device
[  428.990112][ T8872] nbd5: rw=0, sector=64, nr_sectors = 8 limit=0
[  429.003058][ T8872] UDF-fs: error (device nbd5): udf_read_tagged: read failed, block=256, location=256
[  429.013626][ T8872] UDF-fs: error (device nbd5): udf_read_tagged: read failed, block=512, location=512
[  429.023139][ T8872] UDF-fs: warning (device nbd5): udf_fill_super: No partition found (1)
[  429.032800][ T5155] Bluetooth: hci5: command 0x040f tx timeout
[  429.378404][ T8858] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[  429.388207][ T8858] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[  429.397371][ T8858] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[  429.403743][ T8858] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[  429.412802][ T8858] Bluetooth: hci5: Opcode 0x0c1a failed: -4
[  430.273695][ T5841] Bluetooth: hci0: command 0x0c1a tx timeout
[  431.125144][ T8889] tunl0: Caught tx_queue_len zero misconfig
[  431.519778][ T5841] Bluetooth: hci5: command 0x040f tx timeout
[  431.526231][ T5841] Bluetooth: hci4: command 0x0c1a tx timeout
[  431.534978][ T5841] Bluetooth: hci2: command 0x0c1a tx timeout
[  431.541313][ T5841] Bluetooth: hci1: command 0x0c1a tx timeout
[  433.267001][ T8906] FAULT_INJECTION: forcing a failure.
[  433.267001][ T8906] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  433.282036][ T8906] CPU: 1 UID: 0 PID: 8906 Comm: syz.2.643 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) 
[  433.282067][ T8906] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  433.282082][ T8906] Call Trace:
[  433.282092][ T8906]  <TASK>
[  433.282102][ T8906]  dump_stack_lvl+0x189/0x250
[  433.282132][ T8906]  ? __pfx____ratelimit+0x10/0x10
[  433.282156][ T8906]  ? __pfx_dump_stack_lvl+0x10/0x10
[  433.282179][ T8906]  ? __pfx__printk+0x10/0x10
[  433.282208][ T8906]  ? __might_fault+0xb0/0x130
[  433.282242][ T8906]  should_fail_ex+0x414/0x560
[  433.282290][ T8906]  _copy_from_user+0x2d/0xb0
[  433.282322][ T8906]  memdup_user+0x5e/0xd0
[  433.282352][ T8906]  strndup_user+0x68/0xd0
[  433.282381][ T8906]  __se_sys_mount+0x9c/0x410
[  433.282408][ T8906]  ? ksys_write+0x22a/0x250
[  433.282432][ T8906]  ? __pfx___se_sys_mount+0x10/0x10
[  433.282465][ T8906]  ? rcu_is_watching+0x15/0xb0
[  433.282495][ T8906]  ? do_syscall_64+0xbe/0x3b0
[  433.282518][ T8906]  ? __x64_sys_mount+0x20/0xc0
[  433.282546][ T8906]  do_syscall_64+0xfa/0x3b0
[  433.282570][ T8906]  ? lockdep_hardirqs_on+0x9c/0x150
[  433.282593][ T8906]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  433.282615][ T8906]  ? clear_bhb_loop+0x60/0xb0
[  433.282642][ T8906]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  433.282669][ T8906] RIP: 0033:0x7fd34cf8ebe9
[  433.282688][ T8906] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  433.282707][ T8906] RSP: 002b:00007fd34b170038 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[  433.282731][ T8906] RAX: ffffffffffffffda RBX: 00007fd34d1b6090 RCX: 00007fd34cf8ebe9
[  433.282747][ T8906] RDX: 0000200000000080 RSI: 0000200000000400 RDI: 0000000000000000
[  433.282762][ T8906] RBP: 00007fd34b170090 R08: 0000000000000000 R09: 0000000000000000
[  433.282776][ T8906] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  433.282789][ T8906] R13: 00007fd34d1b6128 R14: 00007fd34d1b6090 R15: 00007ffdda4675b8
[  433.282824][ T8906]  </TASK>
[  433.974905][ T8910] libceph: resolve '.
[  433.974905][ T8910] #)|.زf͹Ç�²a×ïÅ2sˆoÖw¿úÕ?£'Ê%Ð�KAq‰f»�CÖê¨Âz¿e­Sb3L)Hyúo¤¶ÿÿÿÿÿÿÿ÷ǤÜYšM�¤¨ìó¤h‡E$
[  433.974905][ T8910] ' (ret=-3): failed
[  435.364341][ T8929] netlink: 'syz.5.648': attribute type 21 has an invalid length.
[  435.372256][ T8929] netlink: 128 bytes leftover after parsing attributes in process `syz.5.648'.
[  435.381411][ T8929] netlink: 'syz.5.648': attribute type 5 has an invalid length.
[  435.389092][ T8929] netlink: 3 bytes leftover after parsing attributes in process `syz.5.648'.
[  438.135319][ T8952] netlink: 'syz.5.654': attribute type 1 has an invalid length.
[  438.362579][ T8952] 8021q: adding VLAN 0 to HW filter on device bond4
[  439.231621][ T8960] syzkaller0: default qdisc (pfifo_fast) fail, fallback to noqueue
[  439.254170][ T8960] syzkaller0: entered promiscuous mode
[  439.265284][ T8960] syzkaller0: entered allmulticast mode
[  439.325410][ T8946] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[  439.346249][ T8946] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[  439.354856][ T8946] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[  439.363824][ T8946] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[  439.384814][ T8946] Bluetooth: hci5: Opcode 0x0c1a failed: -4
[  439.617584][ T8973] FAULT_INJECTION: forcing a failure.
[  439.617584][ T8973] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  440.507280][ T8973] CPU: 0 UID: 0 PID: 8973 Comm: syz.1.651 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) 
[  440.507310][ T8973] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  440.507323][ T8973] Call Trace:
[  440.507332][ T8973]  <TASK>
[  440.507342][ T8973]  dump_stack_lvl+0x189/0x250
[  440.507374][ T8973]  ? __pfx____ratelimit+0x10/0x10
[  440.507392][ T8973]  ? __pfx_dump_stack_lvl+0x10/0x10
[  440.507410][ T8973]  ? __pfx__printk+0x10/0x10
[  440.507430][ T8973]  ? __might_fault+0xb0/0x130
[  440.507453][ T8973]  should_fail_ex+0x414/0x560
[  440.507473][ T8973]  _copy_from_user+0x2d/0xb0
[  440.507495][ T8973]  ___sys_sendmsg+0x158/0x2a0
[  440.507522][ T8973]  ? __pfx____sys_sendmsg+0x10/0x10
[  440.507582][ T8973]  ? __fget_files+0x2a/0x420
[  440.507599][ T8973]  ? __fget_files+0x3a0/0x420
[  440.507624][ T8973]  __sys_sendmmsg+0x227/0x430
[  440.507653][ T8973]  ? __pfx___sys_sendmmsg+0x10/0x10
[  440.507675][ T8973]  ? __mutex_unlock_slowpath+0x1cd/0x700
[  440.507713][ T8973]  ? ksys_write+0x22a/0x250
[  440.507729][ T8973]  ? __pfx_ksys_write+0x10/0x10
[  440.507741][ T8973]  ? rcu_is_watching+0x15/0xb0
[  440.507764][ T8973]  __x64_sys_sendmmsg+0xa0/0xc0
[  440.507790][ T8973]  do_syscall_64+0xfa/0x3b0
[  440.507806][ T8973]  ? lockdep_hardirqs_on+0x9c/0x150
[  440.507824][ T8973]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  440.507839][ T8973]  ? clear_bhb_loop+0x60/0xb0
[  440.507858][ T8973]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  440.507872][ T8973] RIP: 0033:0x7fbd1998ebe9
[  440.507887][ T8973] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  440.507901][ T8973] RSP: 002b:00007fbd1a7ad038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[  440.507917][ T8973] RAX: ffffffffffffffda RBX: 00007fbd19bb6180 RCX: 00007fbd1998ebe9
[  440.507929][ T8973] RDX: 0400000000000172 RSI: 0000200000003cc0 RDI: 0000000000000006
[  440.507940][ T8973] RBP: 00007fbd1a7ad090 R08: 0000000000000000 R09: 0000000000000000
[  440.507949][ T8973] R10: 0000000004001c00 R11: 0000000000000246 R12: 0000000000000001
[  440.507959][ T8973] R13: 00007fbd19bb6218 R14: 00007fbd19bb6180 R15: 00007ffd85f2fb58
[  440.507982][ T8973]  </TASK>
[  441.205489][ T8979] fuse: Unknown parameter 'ÿÿÿÿÿÿÿÿÿÿÿÿ0000000000000000000000000000000000000000007'
[  443.533782][ T5841] Bluetooth: hci0: command 0x0c1a tx timeout
[  443.539935][ T5841] Bluetooth: hci5: command 0x040f tx timeout
[  443.545976][ T5841] Bluetooth: hci4: command 0x0c1a tx timeout
[  443.552081][ T5155] Bluetooth: hci1: command 0x0c1a tx timeout
[  443.558100][ T5155] Bluetooth: hci2: command 0x0c1a tx timeout
[  445.329964][ T1301] ieee802154 phy0 wpan0: encryption failed: -22
[  445.337312][ T1301] ieee802154 phy1 wpan1: encryption failed: -22
[  446.307531][ T9004] loop2: detected capacity change from 0 to 7
[  446.900205][ T9004] Dev loop2: unable to read RDB block 7
[  446.906047][ T9004]  loop2: unable to read partition table
[  446.959276][ T5925] usb 2-1: new high-speed USB device number 11 using dummy_hcd
[  447.003232][ T9004] loop2: partition table beyond EOD, truncated
[  447.082842][ T9004] loop_reread_partitions: partition scan of loop2 (þ被xü—ŸÑà– ) failed (rc=-5)
[  447.349552][ T5925] usb 2-1: config 0 has an invalid interface number: 33 but max is 0
[  447.357724][ T5925] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  447.463073][ T5925] usb 2-1: config 0 has no interface number 0
[  447.481071][ T5925] usb 2-1: config 0 interface 33 altsetting 0 bulk endpoint 0x4 has invalid maxpacket 1023
[  447.534859][ T5925] usb 2-1: config 0 interface 33 altsetting 0 endpoint 0x7 has invalid maxpacket 2560, setting to 1024
[  447.593395][ T5925] usb 2-1: config 0 interface 33 altsetting 0 bulk endpoint 0x7 has invalid maxpacket 1024
[  447.732635][ T5925] usb 2-1: New USB device found, idVendor=2040, idProduct=4901, bcdDevice=68.64
[  447.773109][ T5925] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  447.808744][ T5925] usb 2-1: Product: syz
[  447.825562][ T5925] usb 2-1: Manufacturer: syz
[  447.843858][ T5925] usb 2-1: SerialNumber: syz
[  447.878529][ T5925] usb 2-1: config 0 descriptor??
[  447.894696][ T9010] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22
[  447.907797][ T5925] hdpvr 2-1:0.33: Could not find bulk-in endpoint
[  447.931964][ T5925] hdpvr 2-1:0.33: probe with driver hdpvr failed with error -12
[  447.962098][ T9024] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  452.476385][ T5964] usb 2-1: USB disconnect, device number 11
[  452.649226][ T8706] Bluetooth: hci0: command 0x0c1a tx timeout
[  452.873699][ T9063] netlink: 'syz.4.684': attribute type 2 has an invalid length.
[  452.881663][ T9063] netlink: 199836 bytes leftover after parsing attributes in process `syz.4.684'.
[  452.890998][ T9063] nbd: must specify a device to reconfigure
[  452.899072][ T9063] xt_TPROXY: Can be used only with -p tcp or -p udp
[  452.916796][ T9061] FAULT_INJECTION: forcing a failure.
[  452.916796][ T9061] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  452.930398][ T9061] CPU: 0 UID: 0 PID: 9061 Comm: syz.5.683 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) 
[  452.930428][ T9061] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  452.930442][ T9061] Call Trace:
[  452.930451][ T9061]  <TASK>
[  452.930460][ T9061]  dump_stack_lvl+0x189/0x250
[  452.930492][ T9061]  ? __pfx____ratelimit+0x10/0x10
[  452.930516][ T9061]  ? __pfx_dump_stack_lvl+0x10/0x10
[  452.930541][ T9061]  ? __pfx__printk+0x10/0x10
[  452.930579][ T9061]  ? rb_read_data_buffer+0x4e8/0x580
[  452.930615][ T9061]  should_fail_ex+0x414/0x560
[  452.930644][ T9061]  strncpy_from_user+0x36/0x290
[  452.930684][ T9061]  strncpy_from_user_nofault+0x72/0x150
[  452.930713][ T9061]  bpf_bprintf_prepare+0xb9b/0x1410
[  452.930767][ T9061]  ? __pfx_bpf_bprintf_prepare+0x10/0x10
[  452.930806][ T9061]  ? bpf_trace_printk+0xc1/0x190
[  452.930835][ T9061]  bpf_trace_printk+0xdb/0x190
[  452.930856][ T9061]  ? __lock_acquire+0xab9/0xd20
[  452.930879][ T9061]  ? __pfx_bpf_trace_printk+0x10/0x10
[  452.930905][ T9061]  ? bpf_trace_run2+0x186/0x4b0
[  452.930953][ T9061]  bpf_prog_7c77c7e0f6645ad8+0x3e/0x44
[  452.930974][ T9061]  bpf_trace_run2+0x284/0x4b0
[  452.931004][ T9061]  ? bpf_trace_run2+0x186/0x4b0
[  452.931035][ T9061]  ? __pfx_bpf_trace_run2+0x10/0x10
[  452.931065][ T9061]  ? register_lock_class+0x51/0x320
[  452.931103][ T9061]  ? __bpf_trace_contention_begin+0xcd/0x130
[  452.931135][ T9061]  __bpf_trace_contention_begin+0xdc/0x130
[  452.931162][ T9061]  ? __pfx___bpf_trace_contention_begin+0x10/0x10
[  452.931189][ T9061]  ? xsk_getsockopt+0x2e7/0x870
[  452.931226][ T9061]  ? xsk_getsockopt+0x2e7/0x870
[  452.931272][ T9061]  trace_contention_begin+0xf4/0x120
[  452.931300][ T9061]  __mutex_lock+0x193/0xe80
[  452.931329][ T9061]  ? __lock_acquire+0xab9/0xd20
[  452.931355][ T9061]  ? xsk_getsockopt+0x2e7/0x870
[  452.931392][ T9061]  ? __pfx___mutex_lock+0x10/0x10
[  452.931414][ T9061]  ? __might_fault+0xb0/0x130
[  452.931458][ T9061]  xsk_getsockopt+0x2e7/0x870
[  452.931499][ T9061]  ? __pfx_xsk_getsockopt+0x10/0x10
[  452.931541][ T9061]  ? __lock_acquire+0xab9/0xd20
[  452.931574][ T9061]  ? __might_fault+0xb0/0x130
[  452.931615][ T9061]  ? __pfx_xsk_getsockopt+0x10/0x10
[  452.931651][ T9061]  do_sock_getsockopt+0x36f/0x450
[  452.931689][ T9061]  ? __pfx_do_sock_getsockopt+0x10/0x10
[  452.931721][ T9061]  ? do_syscall_64+0x20/0x3b0
[  452.931745][ T9061]  ? __fget_files+0x3a0/0x420
[  452.931775][ T9061]  ? __fget_files+0x2a/0x420
[  452.931809][ T9061]  __x64_sys_getsockopt+0x1a5/0x250
[  452.931841][ T9061]  ? do_syscall_64+0x20/0x3b0
[  452.931867][ T9061]  ? do_syscall_64+0x20/0x3b0
[  452.931896][ T9061]  do_syscall_64+0xfa/0x3b0
[  452.931920][ T9061]  ? lockdep_hardirqs_on+0x9c/0x150
[  452.931942][ T9061]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  452.931964][ T9061]  ? clear_bhb_loop+0x60/0xb0
[  452.931992][ T9061]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  452.932012][ T9061] RIP: 0033:0x7f94dcd8ebe9
[  452.932032][ T9061] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  452.932051][ T9061] RSP: 002b:00007f94ddcce038 EFLAGS: 00000246 ORIG_RAX: 0000000000000037
[  452.932075][ T9061] RAX: ffffffffffffffda RBX: 00007f94dcfb5fa0 RCX: 00007f94dcd8ebe9
[  452.932091][ T9061] RDX: 0000000000000007 RSI: 000000000000011b RDI: 0000000000000005
[  452.932104][ T9061] RBP: 00007f94ddcce090 R08: 00002000000021c0 R09: 0000000000000000
[  452.932119][ T9061] R10: 0000200000002180 R11: 0000000000000246 R12: 0000000000000001
[  452.932132][ T9061] R13: 00007f94dcfb6038 R14: 00007f94dcfb5fa0 R15: 00007ffcad9feb98
[  452.932167][ T9061]  </TASK>
[  453.719484][ T5964] usb 6-1: new low-speed USB device number 3 using dummy_hcd
[  453.905388][ T5964] usb 6-1: unable to get BOS descriptor or descriptor too short
[  453.924614][ T5964] usb 6-1: config 7 has an invalid interface number: 199 but max is 0
[  453.951749][ T5964] usb 6-1: config 7 has no interface number 0
[  453.958045][ T5964] usb 6-1: config 7 interface 199 altsetting 1 endpoint 0x3 has an invalid bInterval 0, changing to 4
[  454.277598][ T5964] usb 6-1: config 7 interface 199 altsetting 1 endpoint 0x3 has invalid maxpacket 32, setting to 0
[  454.295623][ T5964] usb 6-1: No eUSB2 isoc ep 3 companion for config 7 interface 199 altsetting 1
[  454.514092][ T5964] usb 6-1: config 7 interface 199 altsetting 1 endpoint 0xD has invalid maxpacket 1023, setting to 8
[  454.568069][ T5964] usb 6-1: config 7 interface 199 has no altsetting 0
[  455.121084][ T5964] usb 6-1: string descriptor 0 read error: -22
[  455.121230][ T5964] usb 6-1: New USB device found, idVendor=0c45, idProduct=6282, bcdDevice=cb.17
[  455.121258][ T5964] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  455.166622][ T5964] gspca_main: gspca_sn9c20x-2.14.0 probing 0c45:6282
[  455.699039][ T5964] gspca_sn9c20x: Write register 1000 failed -110
[  455.699070][ T5964] gspca_sn9c20x: Device initialization failed
[  455.699122][ T5964] gspca_sn9c20x 6-1:7.199: probe with driver gspca_sn9c20x failed with error -110
[  455.703993][ T9077] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  456.291967][ T5949] usb 1-1: new high-speed USB device number 7 using dummy_hcd
[  456.449808][ T5949] usb 1-1: Using ep0 maxpacket: 32
[  456.461272][ T5949] usb 1-1: config 0 has an invalid interface number: 184 but max is 0
[  456.469799][ T5949] usb 1-1: config 0 has no interface number 0
[  456.476177][ T5949] usb 1-1: config 0 interface 184 has no altsetting 0
[  456.524678][ T5949] usb 1-1: New USB device found, idVendor=0424, idProduct=7500, bcdDevice=69.ee
[  456.544613][ T5949] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  456.611813][ T5949] usb 1-1: Product: syz
[  456.618988][ T5949] usb 1-1: Manufacturer: syz
[  456.625045][ T5949] usb 1-1: SerialNumber: syz
[  456.637050][ T5949] usb 1-1: config 0 descriptor??
[  456.645890][ T5949] smsc75xx v1.0.0
[  457.390751][ T5949] smsc75xx 1-1:0.184 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000040: -32
[  457.425052][ T5949] smsc75xx 1-1:0.184 (unnamed net_device) (uninitialized): Error reading E2P_CMD
[  458.056516][ T5949] smsc75xx 1-1:0.184 (unnamed net_device) (uninitialized): Failed to write reg index 0x00000010: -71
[  458.068276][ T5949] smsc75xx 1-1:0.184 (unnamed net_device) (uninitialized): Failed to write HW_CFG: -71
[  458.103713][ T5949] smsc75xx 1-1:0.184 (unnamed net_device) (uninitialized): smsc75xx_reset error -71
[  458.128530][ T5949] smsc75xx 1-1:0.184: probe with driver smsc75xx failed with error -71
[  458.262816][ T5949] usb 1-1: USB disconnect, device number 7
[  458.602949][ T5949] usb 6-1: USB disconnect, device number 3
[  458.920748][ T9124] netlink: 'syz.5.699': attribute type 2 has an invalid length.
[  458.928478][ T9124] netlink: 199836 bytes leftover after parsing attributes in process `syz.5.699'.
[  458.937847][ T9124] nbd: must specify a device to reconfigure
[  458.945715][ T9124] xt_TPROXY: Can be used only with -p tcp or -p udp
[  459.287217][ T9126] netlink: 20 bytes leftover after parsing attributes in process `syz.0.700'.
[  460.199509][ T5964] usb 6-1: new full-speed USB device number 4 using dummy_hcd
[  460.431590][ T5964] usb 6-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  460.607430][ T5964] usb 6-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  460.704193][ T5964] usb 6-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  460.748424][ T5964] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  461.045881][ T5964] usb 6-1: usb_control_msg returned -32
[  461.076302][ T5964] usbtmc 6-1:16.0: can't read capabilities
[  461.886731][ T9141] netlink: 'syz.0.705': attribute type 10 has an invalid length.
[  463.459949][ T5925] usb 6-1: USB disconnect, device number 4
[  463.831850][ T9165] netlink: 32 bytes leftover after parsing attributes in process `syz.5.711'.
[  464.499360][ T5963] usb 1-1: new high-speed USB device number 8 using dummy_hcd
[  464.567894][ T9176] FAULT_INJECTION: forcing a failure.
[  464.567894][ T9176] name failslab, interval 1, probability 0, space 0, times 0
[  464.580721][ T9176] CPU: 0 UID: 0 PID: 9176 Comm: syz.5.712 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) 
[  464.580741][ T9176] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  464.580752][ T9176] Call Trace:
[  464.580758][ T9176]  <TASK>
[  464.580764][ T9176]  dump_stack_lvl+0x189/0x250
[  464.580786][ T9176]  ? __pfx____ratelimit+0x10/0x10
[  464.580803][ T9176]  ? __pfx_dump_stack_lvl+0x10/0x10
[  464.580820][ T9176]  ? __pfx__printk+0x10/0x10
[  464.580844][ T9176]  ? __pfx___might_resched+0x10/0x10
[  464.580865][ T9176]  should_fail_ex+0x414/0x560
[  464.580884][ T9176]  should_failslab+0xa8/0x100
[  464.580903][ T9176]  kmem_cache_alloc_node_noprof+0x76/0x3c0
[  464.580926][ T9176]  ? __alloc_skb+0x112/0x2d0
[  464.580952][ T9176]  __alloc_skb+0x112/0x2d0
[  464.580976][ T9176]  netlink_sendmsg+0x5c6/0xb30
[  464.581006][ T9176]  ? __pfx_netlink_sendmsg+0x10/0x10
[  464.581035][ T9176]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  464.581050][ T9176]  ? __pfx_netlink_sendmsg+0x10/0x10
[  464.581073][ T9176]  __sock_sendmsg+0x21c/0x270
[  464.581093][ T9176]  ____sys_sendmsg+0x505/0x830
[  464.581121][ T9176]  ? __pfx_____sys_sendmsg+0x10/0x10
[  464.581152][ T9176]  ? import_iovec+0x74/0xa0
[  464.581176][ T9176]  ___sys_sendmsg+0x21f/0x2a0
[  464.581202][ T9176]  ? __pfx____sys_sendmsg+0x10/0x10
[  464.581252][ T9176]  ? __fget_files+0x2a/0x420
[  464.581269][ T9176]  ? __fget_files+0x3a0/0x420
[  464.581293][ T9176]  __x64_sys_sendmsg+0x19b/0x260
[  464.581320][ T9176]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  464.581351][ T9176]  ? __pfx_ksys_write+0x10/0x10
[  464.581363][ T9176]  ? rcu_is_watching+0x15/0xb0
[  464.581385][ T9176]  ? do_syscall_64+0xbe/0x3b0
[  464.581405][ T9176]  do_syscall_64+0xfa/0x3b0
[  464.581421][ T9176]  ? lockdep_hardirqs_on+0x9c/0x150
[  464.581437][ T9176]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  464.581452][ T9176]  ? clear_bhb_loop+0x60/0xb0
[  464.581471][ T9176]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  464.581485][ T9176] RIP: 0033:0x7f94dcd8ebe9
[  464.581500][ T9176] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  464.581513][ T9176] RSP: 002b:00007f94ddcce038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  464.581529][ T9176] RAX: ffffffffffffffda RBX: 00007f94dcfb5fa0 RCX: 00007f94dcd8ebe9
[  464.581541][ T9176] RDX: 0000000000040050 RSI: 0000200000000000 RDI: 0000000000000004
[  464.581551][ T9176] RBP: 00007f94ddcce090 R08: 0000000000000000 R09: 0000000000000000
[  464.581561][ T9176] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  464.581570][ T9176] R13: 00007f94dcfb6038 R14: 00007f94dcfb5fa0 R15: 00007ffcad9feb98
[  464.581594][ T9176]  </TASK>
[  465.101336][ T9178] netlink: 'syz.4.714': attribute type 10 has an invalid length.
[  465.164205][ T5963] usb 1-1: Using ep0 maxpacket: 32
[  465.233922][ T5963] usb 1-1: config 0 has an invalid interface number: 51 but max is 0
[  465.268945][ T9178] bond0: (slave wlan1): Enslaving as an active interface with an up link
[  465.276244][ T5963] usb 1-1: config 0 has no interface number 0
[  465.311217][ T5963] usb 1-1: config 0 interface 51 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0
[  465.343251][ T5963] usb 1-1: config 0 interface 51 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 0
[  465.394068][ T5963] usb 1-1: New USB device found, idVendor=061d, idProduct=c150, bcdDevice=ce.6f
[  465.417649][ T5963] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  465.475495][ T5963] usb 1-1: Product: syz
[  465.485676][ T5963] usb 1-1: Manufacturer: syz
[  465.499370][ T5963] usb 1-1: SerialNumber: syz
[  465.532193][ T5963] usb 1-1: config 0 descriptor??
[  465.556907][ T5963] quatech2 1-1:0.51: Quatech 2nd gen USB to Serial Driver converter detected
[  466.469595][ T9198] FAULT_INJECTION: forcing a failure.
[  466.469595][ T9198] name failslab, interval 1, probability 0, space 0, times 0
[  466.535241][ T5963] usb 1-1: qt2_attach - failed to power on unit: -71
[  466.542483][ T5963] quatech2 1-1:0.51: probe with driver quatech2 failed with error -71
[  466.564305][ T9198] CPU: 1 UID: 0 PID: 9198 Comm: syz.1.716 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) 
[  466.564337][ T9198] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  466.564351][ T9198] Call Trace:
[  466.564360][ T9198]  <TASK>
[  466.564369][ T9198]  dump_stack_lvl+0x189/0x250
[  466.564399][ T9198]  ? __pfx____ratelimit+0x10/0x10
[  466.564424][ T9198]  ? __pfx_dump_stack_lvl+0x10/0x10
[  466.564449][ T9198]  ? __pfx__printk+0x10/0x10
[  466.564483][ T9198]  ? __pfx___might_resched+0x10/0x10
[  466.564507][ T9198]  ? fs_reclaim_acquire+0x7d/0x100
[  466.564538][ T9198]  should_fail_ex+0x414/0x560
[  466.564565][ T9198]  ? __pfx_sock_alloc_inode+0x10/0x10
[  466.564591][ T9198]  should_failslab+0xa8/0x100
[  466.564616][ T9198]  ? __pfx_sock_alloc_inode+0x10/0x10
[  466.564639][ T9198]  kmem_cache_alloc_lru_noprof+0x78/0x3d0
[  466.564662][ T9198]  ? sock_alloc_inode+0x28/0xc0
[  466.564691][ T9198]  ? __pfx_sock_alloc_inode+0x10/0x10
[  466.564715][ T9198]  sock_alloc_inode+0x28/0xc0
[  466.564739][ T9198]  alloc_inode+0x67/0x1b0
[  466.564765][ T9198]  __sock_create+0x12d/0x9f0
[  466.564803][ T9198]  __sys_socket+0xd7/0x1b0
[  466.564835][ T9198]  __x64_sys_socket+0x7a/0x90
[  466.564864][ T9198]  do_syscall_64+0xfa/0x3b0
[  466.564888][ T9198]  ? lockdep_hardirqs_on+0x9c/0x150
[  466.564911][ T9198]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  466.564933][ T9198]  ? clear_bhb_loop+0x60/0xb0
[  466.564960][ T9198]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  466.564982][ T9198] RIP: 0033:0x7fbd19990b07
[  466.565002][ T9198] Code: f0 ff ff 77 06 c3 0f 1f 44 00 00 48 c7 c2 a8 ff ff ff f7 d8 64 89 02 b8 ff ff ff ff c3 66 0f 1f 44 00 00 b8 29 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  466.565021][ T9198] RSP: 002b:00007fbd1a7ccfa8 EFLAGS: 00000286 ORIG_RAX: 0000000000000029
[  466.565045][ T9198] RAX: ffffffffffffffda RBX: 00007fbd19bb6090 RCX: 00007fbd19990b07
[  466.565061][ T9198] RDX: 0000000000000010 RSI: 0000000000000003 RDI: 0000000000000010
[  466.565074][ T9198] RBP: 00000000ffffffff R08: 0000000000000000 R09: 0000000000000000
[  466.565088][ T9198] R10: 0000200000000140 R11: 0000000000000286 R12: 0000000000000001
[  466.565116][ T9198] R13: 00007fbd19bb6128 R14: 00007fbd19bb6090 R15: 00007ffd85f2fb58
[  466.565150][ T9198]  </TASK>
[  466.565161][ T9198] socket: no more sockets
[  466.599670][ T5963] usb 1-1: USB disconnect, device number 8
[  468.499266][ T5964] usb 2-1: new high-speed USB device number 12 using dummy_hcd
[  468.799323][ T5964] usb 2-1: Using ep0 maxpacket: 16
[  468.859359][ T5964] usb 2-1: New USB device found, idVendor=061d, idProduct=c020, bcdDevice=9c.15
[  468.868762][ T5964] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  468.885437][ T5964] usb 2-1: Product: syz
[  468.894039][ T5964] usb 2-1: Manufacturer: syz
[  468.909647][ T5964] usb 2-1: SerialNumber: syz
[  468.960450][ T5964] usb 2-1: config 0 descriptor??
[  468.995233][ T5964] ssu100 2-1:0.0: Quatech SSU-100 USB to Serial Driver converter detected
[  470.066406][ T5964] ssu100 2-1:0.0: probe with driver ssu100 failed with error -71
[  470.119107][ T5964] usb 2-1: USB disconnect, device number 12
[  472.863134][ T9243] syzkaller0: default qdisc (pfifo_fast) fail, fallback to noqueue
[  473.517909][ T5155] Bluetooth: hci5: command 0x040f tx timeout
[  473.562374][ T9243] syzkaller0: entered promiscuous mode
[  473.612075][ T9243] syzkaller0: entered allmulticast mode
[  473.860221][ T9276] FAULT_INJECTION: forcing a failure.
[  473.860221][ T9276] name failslab, interval 1, probability 0, space 0, times 0
[  473.920891][ T9276] CPU: 0 UID: 0 PID: 9276 Comm: syz.0.730 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) 
[  473.920923][ T9276] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  473.920937][ T9276] Call Trace:
[  473.920946][ T9276]  <TASK>
[  473.920956][ T9276]  dump_stack_lvl+0x189/0x250
[  473.920985][ T9276]  ? __pfx____ratelimit+0x10/0x10
[  473.921009][ T9276]  ? __pfx_dump_stack_lvl+0x10/0x10
[  473.921034][ T9276]  ? __pfx__printk+0x10/0x10
[  473.921069][ T9276]  ? __pfx___might_resched+0x10/0x10
[  473.921099][ T9276]  should_fail_ex+0x414/0x560
[  473.921128][ T9276]  should_failslab+0xa8/0x100
[  473.921153][ T9276]  kmem_cache_alloc_node_noprof+0x76/0x3c0
[  473.921177][ T9276]  ? __alloc_skb+0x112/0x2d0
[  473.921213][ T9276]  __alloc_skb+0x112/0x2d0
[  473.921249][ T9276]  netlink_sendmsg+0x5c6/0xb30
[  473.921292][ T9276]  ? __pfx_netlink_sendmsg+0x10/0x10
[  473.921333][ T9276]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  473.921354][ T9276]  ? __pfx_netlink_sendmsg+0x10/0x10
[  473.921386][ T9276]  __sock_sendmsg+0x21c/0x270
[  473.921417][ T9276]  ____sys_sendmsg+0x505/0x830
[  473.921457][ T9276]  ? __pfx_____sys_sendmsg+0x10/0x10
[  473.921501][ T9276]  ? import_iovec+0x74/0xa0
[  473.921536][ T9276]  ___sys_sendmsg+0x21f/0x2a0
[  473.921574][ T9276]  ? __pfx____sys_sendmsg+0x10/0x10
[  473.921656][ T9276]  ? __fget_files+0x2a/0x420
[  473.921681][ T9276]  ? __fget_files+0x3a0/0x420
[  473.921717][ T9276]  __x64_sys_sendmsg+0x19b/0x260
[  473.921755][ T9276]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  473.921800][ T9276]  ? __pfx_ksys_write+0x10/0x10
[  473.921818][ T9276]  ? rcu_is_watching+0x15/0xb0
[  473.921848][ T9276]  ? do_syscall_64+0xbe/0x3b0
[  473.921877][ T9276]  do_syscall_64+0xfa/0x3b0
[  473.921900][ T9276]  ? lockdep_hardirqs_on+0x9c/0x150
[  473.921923][ T9276]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  473.921944][ T9276]  ? clear_bhb_loop+0x60/0xb0
[  473.921971][ T9276]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  473.921992][ T9276] RIP: 0033:0x7fc49df8ebe9
[  473.922011][ T9276] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  473.922030][ T9276] RSP: 002b:00007fc49eedc038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  473.922054][ T9276] RAX: ffffffffffffffda RBX: 00007fc49e1b5fa0 RCX: 00007fc49df8ebe9
[  473.922070][ T9276] RDX: 0000000000000000 RSI: 0000200000001040 RDI: 0000000000000003
[  473.922084][ T9276] RBP: 00007fc49eedc090 R08: 0000000000000000 R09: 0000000000000000
[  473.922097][ T9276] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  473.922111][ T9276] R13: 00007fc49e1b6038 R14: 00007fc49e1b5fa0 R15: 00007ffffafca008
[  473.922145][ T9276]  </TASK>
[  475.720740][ T9245] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[  475.729996][ T9245] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[  476.011277][ T5155] Bluetooth: hci1: command 0x0c1a tx timeout
[  476.279299][ T9245] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[  476.285615][ T9245] Bluetooth: hci5: Opcode 0x0c1a failed: -4
[  477.761398][ T5155] Bluetooth: hci2: command 0x0c1a tx timeout
[  477.795695][ T9313] netlink: 64 bytes leftover after parsing attributes in process `syz.5.742'.
[  477.806420][ T9313] netlink: 4 bytes leftover after parsing attributes in process `syz.5.742'.
[  478.149708][ T5155] Bluetooth: hci4: command 0x0c1a tx timeout
[  478.309709][ T5155] Bluetooth: hci5: command 0x040f tx timeout
[  479.179333][ T9326] FAULT_INJECTION: forcing a failure.
[  479.179333][ T9326] name failslab, interval 1, probability 0, space 0, times 0
[  479.234419][ T9326] CPU: 0 UID: 0 PID: 9326 Comm: syz.5.748 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) 
[  479.234449][ T9326] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  479.234463][ T9326] Call Trace:
[  479.234471][ T9326]  <TASK>
[  479.234479][ T9326]  dump_stack_lvl+0x189/0x250
[  479.234508][ T9326]  ? __pfx____ratelimit+0x10/0x10
[  479.234532][ T9326]  ? __pfx_dump_stack_lvl+0x10/0x10
[  479.234556][ T9326]  ? __pfx__printk+0x10/0x10
[  479.234589][ T9326]  ? __pfx___might_resched+0x10/0x10
[  479.234611][ T9326]  ? fs_reclaim_acquire+0x7d/0x100
[  479.234642][ T9326]  should_fail_ex+0x414/0x560
[  479.234670][ T9326]  should_failslab+0xa8/0x100
[  479.234694][ T9326]  kmem_cache_alloc_noprof+0x73/0x3c0
[  479.234715][ T9326]  ? security_inode_alloc+0x39/0x330
[  479.234752][ T9326]  security_inode_alloc+0x39/0x330
[  479.234784][ T9326]  inode_init_always_gfp+0x9ed/0xdc0
[  479.234815][ T9326]  ? __pfx_sock_alloc_inode+0x10/0x10
[  479.234840][ T9326]  alloc_inode+0x82/0x1b0
[  479.234865][ T9326]  __sock_create+0x12d/0x9f0
[  479.234902][ T9326]  __sys_socket+0xd7/0x1b0
[  479.234934][ T9326]  __x64_sys_socket+0x7a/0x90
[  479.234963][ T9326]  do_syscall_64+0xfa/0x3b0
[  479.234989][ T9326]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  479.235010][ T9326]  ? asm_sysvec_reschedule_ipi+0x1a/0x20
[  479.235032][ T9326]  ? clear_bhb_loop+0x60/0xb0
[  479.235057][ T9326]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  479.235078][ T9326] RIP: 0033:0x7f94dcd8ebe9
[  479.235097][ T9326] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  479.235116][ T9326] RSP: 002b:00007f94ddcce038 EFLAGS: 00000246 ORIG_RAX: 0000000000000029
[  479.235139][ T9326] RAX: ffffffffffffffda RBX: 00007f94dcfb5fa0 RCX: 00007f94dcd8ebe9
[  479.235154][ T9326] RDX: 0000000000000300 RSI: 0000000000000002 RDI: 0000000000000011
[  479.235167][ T9326] RBP: 00007f94ddcce090 R08: 0000000000000000 R09: 0000000000000000
[  479.235180][ T9326] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  479.235192][ T9326] R13: 00007f94dcfb6038 R14: 00007f94dcfb5fa0 R15: 00007ffcad9feb98
[  479.235226][ T9326]  </TASK>
[  479.236304][ T9326] socket: no more sockets
[  480.589282][ T5925] usb 6-1: new high-speed USB device number 5 using dummy_hcd
[  480.761282][ T9346] bond_slave_0: entered promiscuous mode
[  480.767302][ T9346] bond_slave_1: entered promiscuous mode
[  480.808051][ T5925] usb 6-1: New USB device found, idVendor=1a86, idProduct=7522, bcdDevice=35.36
[  480.812366][ T9346] vlan3: entered promiscuous mode
[  480.823787][ T9346] bond0: entered promiscuous mode
[  480.829539][ T9346] mac80211_hwsim hwsim11 wlan1: entered promiscuous mode
[  480.835119][ T5925] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  480.864642][ T5925] usb 6-1: Product: syz
[  480.888044][ T5925] usb 6-1: Manufacturer: syz
[  481.077742][ T5925] usb 6-1: SerialNumber: syz
[  481.156905][ T5925] usb 6-1: config 0 descriptor??
[  481.188627][ T5925] ch341 6-1:0.0: ch341-uart converter detected
[  481.474361][ T5925] usb 6-1: failed to receive control message: -121
[  481.489388][ T5925] ch341-uart ttyUSB0: probe with driver ch341-uart failed with error -121
[  481.890559][ T5925] usb 6-1: USB disconnect, device number 5
[  482.173386][ T9364] netlink: 'syz.0.757': attribute type 2 has an invalid length.
[  482.181333][ T9364] netlink: 199836 bytes leftover after parsing attributes in process `syz.0.757'.
[  482.191240][ T9364] nbd: must specify a device to reconfigure
[  482.201522][ T9364] xt_TPROXY: Can be used only with -p tcp or -p udp
[  482.236018][ T5925] ch341 6-1:0.0: device disconnected
[  483.763642][ T9377] FAULT_INJECTION: forcing a failure.
[  483.763642][ T9377] name failslab, interval 1, probability 0, space 0, times 0
[  483.785891][ T9377] CPU: 0 UID: 0 PID: 9377 Comm: syz.5.762 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) 
[  483.785921][ T9377] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  483.785936][ T9377] Call Trace:
[  483.785943][ T9377]  <TASK>
[  483.785953][ T9377]  dump_stack_lvl+0x189/0x250
[  483.785983][ T9377]  ? __pfx____ratelimit+0x10/0x10
[  483.786007][ T9377]  ? __pfx_dump_stack_lvl+0x10/0x10
[  483.786032][ T9377]  ? __pfx__printk+0x10/0x10
[  483.786066][ T9377]  ? __pfx___might_resched+0x10/0x10
[  483.786096][ T9377]  should_fail_ex+0x414/0x560
[  483.786124][ T9377]  should_failslab+0xa8/0x100
[  483.786150][ T9377]  kmem_cache_alloc_node_noprof+0x76/0x3c0
[  483.786173][ T9377]  ? __alloc_skb+0x112/0x2d0
[  483.786208][ T9377]  __alloc_skb+0x112/0x2d0
[  483.786243][ T9377]  netlink_sendmsg+0x5c6/0xb30
[  483.786286][ T9377]  ? __pfx_netlink_sendmsg+0x10/0x10
[  483.786325][ T9377]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  483.786349][ T9377]  ? __pfx_netlink_sendmsg+0x10/0x10
[  483.786379][ T9377]  __sock_sendmsg+0x21c/0x270
[  483.786406][ T9377]  ____sys_sendmsg+0x505/0x830
[  483.786445][ T9377]  ? __pfx_____sys_sendmsg+0x10/0x10
[  483.786485][ T9377]  ? import_iovec+0x74/0xa0
[  483.786521][ T9377]  ___sys_sendmsg+0x21f/0x2a0
[  483.786559][ T9377]  ? __pfx____sys_sendmsg+0x10/0x10
[  483.786632][ T9377]  ? __fget_files+0x2a/0x420
[  483.786656][ T9377]  ? __fget_files+0x3a0/0x420
[  483.786701][ T9377]  __x64_sys_sendmsg+0x19b/0x260
[  483.786738][ T9377]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  483.786784][ T9377]  ? __pfx_ksys_write+0x10/0x10
[  483.786802][ T9377]  ? rcu_is_watching+0x15/0xb0
[  483.786831][ T9377]  ? do_syscall_64+0xbe/0x3b0
[  483.786859][ T9377]  do_syscall_64+0xfa/0x3b0
[  483.786882][ T9377]  ? lockdep_hardirqs_on+0x9c/0x150
[  483.786905][ T9377]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  483.786928][ T9377]  ? clear_bhb_loop+0x60/0xb0
[  483.786954][ T9377]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  483.786976][ T9377] RIP: 0033:0x7f94dcd8ebe9
[  483.786996][ T9377] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  483.787016][ T9377] RSP: 002b:00007f94ddcce038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  483.787039][ T9377] RAX: ffffffffffffffda RBX: 00007f94dcfb5fa0 RCX: 00007f94dcd8ebe9
[  483.787056][ T9377] RDX: 000000002000d850 RSI: 0000200000006040 RDI: 0000000000000004
[  483.787070][ T9377] RBP: 00007f94ddcce090 R08: 0000000000000000 R09: 0000000000000000
[  483.787085][ T9377] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  483.787098][ T9377] R13: 00007f94dcfb6038 R14: 00007f94dcfb5fa0 R15: 00007ffcad9feb98
[  483.787132][ T9377]  </TASK>
[  484.077083][ T9375] netlink: 'syz.2.761': attribute type 10 has an invalid length.
[  484.200837][ T9375] bond0: (slave 
): Enslaving as an active interface with an up link
[  485.914610][ T9403] netlink: 56 bytes leftover after parsing attributes in process `syz.2.768'.
[  486.320067][ T5949] usb 3-1: new high-speed USB device number 5 using dummy_hcd
[  486.774500][ T5949] usb 3-1: Using ep0 maxpacket: 32
[  486.806078][ T5949] usb 3-1: unable to get BOS descriptor or descriptor too short
[  486.826472][ T5949] usb 3-1: config 2 has an invalid interface number: 189 but max is 0
[  486.843066][ T5949] usb 3-1: config 2 has no interface number 0
[  486.863070][ T5949] usb 3-1: config 2 interface 189 altsetting 11 has an invalid endpoint descriptor of length 3, skipping
[  486.999931][ T5949] usb 3-1: config 2 interface 189 has no altsetting 0
[  487.309876][ T5949] usb 3-1: New USB device found, idVendor=041e, idProduct=3f19, bcdDevice=9b.52
[  487.424304][ T5949] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  487.523463][ T5949] usb 3-1: Product: syz
[  487.527777][ T5949] usb 3-1: Manufacturer: syz
[  487.543634][ T5949] usb 3-1: SerialNumber: syz
[  488.976096][ T5949] usb 3-1: unknown interface protocol 0x3b, assuming v1
[  489.048568][ T5949] usb 3-1: 189:2 : does not exist
[  489.182644][ T5949] usb 3-1: USB disconnect, device number 5
[  489.201335][ T9437] bio_check_eod: 2 callbacks suppressed
[  489.201355][ T9437] syz.2.776: attempt to access beyond end of device
[  489.201355][ T9437] nbd2: rw=0, sector=64, nr_sectors = 1 limit=0
[  489.391701][ T9437] syz.2.776: attempt to access beyond end of device
[  489.391701][ T9437] nbd2: rw=0, sector=256, nr_sectors = 1 limit=0
[  489.466406][ T6181] udevd[6181]: error opening ATTR{/sys/devices/platform/dummy_hcd.2/usb3/3-1/3-1:2.189/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  490.039465][ T9437] UDF-fs: error (device nbd2): udf_read_tagged: read failed, block=256, location=256
[  490.205096][ T9437] syz.2.776: attempt to access beyond end of device
[  490.205096][ T9437] nbd2: rw=0, sector=512, nr_sectors = 1 limit=0
[  491.315288][ T9437] UDF-fs: error (device nbd2): udf_read_tagged: read failed, block=512, location=512
[  491.610766][ T9437] syz.2.776: attempt to access beyond end of device
[  491.610766][ T9437] nbd2: rw=0, sector=64, nr_sectors = 2 limit=0
[  491.872238][ T9437] syz.2.776: attempt to access beyond end of device
[  491.872238][ T9437] nbd2: rw=0, sector=512, nr_sectors = 2 limit=0
[  492.124240][ T9437] UDF-fs: error (device nbd2): udf_read_tagged: read failed, block=256, location=256
[  492.703557][ T9437] syz.2.776: attempt to access beyond end of device
[  492.703557][ T9437] nbd2: rw=0, sector=1024, nr_sectors = 2 limit=0
[  492.813437][ T9437] UDF-fs: error (device nbd2): udf_read_tagged: read failed, block=512, location=512
[  492.890085][ T9437] syz.2.776: attempt to access beyond end of device
[  492.890085][ T9437] nbd2: rw=0, sector=64, nr_sectors = 4 limit=0
[  492.949932][ T9437] syz.2.776: attempt to access beyond end of device
[  492.949932][ T9437] nbd2: rw=0, sector=1024, nr_sectors = 4 limit=0
[  493.061597][ T9437] UDF-fs: error (device nbd2): udf_read_tagged: read failed, block=256, location=256
[  493.134426][ T9437] syz.2.776: attempt to access beyond end of device
[  493.134426][ T9437] nbd2: rw=0, sector=2048, nr_sectors = 4 limit=0
[  493.179333][ T9437] UDF-fs: error (device nbd2): udf_read_tagged: read failed, block=512, location=512
[  493.206356][ T9437] syz.2.776: attempt to access beyond end of device
[  493.206356][ T9437] nbd2: rw=0, sector=64, nr_sectors = 8 limit=0
[  493.357676][ T9437] UDF-fs: error (device nbd2): udf_read_tagged: read failed, block=256, location=256
[  493.407038][ T9437] UDF-fs: error (device nbd2): udf_read_tagged: read failed, block=512, location=512
[  493.503045][ T9468] UDF-fs: error (device nbd0): udf_read_tagged: read failed, block=256, location=256
[  493.516681][ T9468] UDF-fs: error (device nbd0): udf_read_tagged: read failed, block=512, location=512
[  493.540752][ T9468] UDF-fs: error (device nbd0): udf_read_tagged: read failed, block=256, location=256
[  493.554201][ T9468] UDF-fs: error (device nbd0): udf_read_tagged: read failed, block=512, location=512
[  493.575591][ T9468] UDF-fs: error (device nbd0): udf_read_tagged: read failed, block=256, location=256
[  493.587774][ T9468] UDF-fs: error (device nbd0): udf_read_tagged: read failed, block=512, location=512
[  493.607430][ T9468] UDF-fs: error (device nbd0): udf_read_tagged: read failed, block=256, location=256
[  493.619434][ T9468] UDF-fs: error (device nbd0): udf_read_tagged: read failed, block=512, location=512
[  493.629224][ T9468] UDF-fs: warning (device nbd0): udf_fill_super: No partition found (1)
[  494.160075][ T9437] UDF-fs: warning (device nbd2): udf_fill_super: No partition found (1)
[  494.190107][ T9467] FAULT_INJECTION: forcing a failure.
[  494.190107][ T9467] name failslab, interval 1, probability 0, space 0, times 0
[  494.255780][ T9467] CPU: 0 UID: 0 PID: 9467 Comm: syz.4.783 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) 
[  494.255803][ T9467] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  494.255813][ T9467] Call Trace:
[  494.255819][ T9467]  <TASK>
[  494.255826][ T9467]  dump_stack_lvl+0x189/0x250
[  494.255848][ T9467]  ? __pfx____ratelimit+0x10/0x10
[  494.255865][ T9467]  ? __pfx_dump_stack_lvl+0x10/0x10
[  494.255882][ T9467]  ? __pfx__printk+0x10/0x10
[  494.255906][ T9467]  ? __pfx___might_resched+0x10/0x10
[  494.255927][ T9467]  should_fail_ex+0x414/0x560
[  494.255947][ T9467]  should_failslab+0xa8/0x100
[  494.255965][ T9467]  kmem_cache_alloc_node_noprof+0x76/0x3c0
[  494.255982][ T9467]  ? __alloc_skb+0x112/0x2d0
[  494.256007][ T9467]  __alloc_skb+0x112/0x2d0
[  494.256031][ T9467]  netlink_sendmsg+0x5c6/0xb30
[  494.256061][ T9467]  ? __pfx_netlink_sendmsg+0x10/0x10
[  494.256089][ T9467]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  494.256104][ T9467]  ? __pfx_netlink_sendmsg+0x10/0x10
[  494.256127][ T9467]  __sock_sendmsg+0x21c/0x270
[  494.256148][ T9467]  ____sys_sendmsg+0x505/0x830
[  494.256175][ T9467]  ? __pfx_____sys_sendmsg+0x10/0x10
[  494.256206][ T9467]  ? import_iovec+0x74/0xa0
[  494.256231][ T9467]  ___sys_sendmsg+0x21f/0x2a0
[  494.256266][ T9467]  ? __pfx____sys_sendmsg+0x10/0x10
[  494.256317][ T9467]  ? __fget_files+0x2a/0x420
[  494.256334][ T9467]  ? __fget_files+0x3a0/0x420
[  494.256359][ T9467]  __x64_sys_sendmsg+0x19b/0x260
[  494.256385][ T9467]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  494.256417][ T9467]  ? __pfx_ksys_write+0x10/0x10
[  494.256430][ T9467]  ? rcu_is_watching+0x15/0xb0
[  494.256450][ T9467]  ? do_syscall_64+0xbe/0x3b0
[  494.256471][ T9467]  do_syscall_64+0xfa/0x3b0
[  494.256487][ T9467]  ? lockdep_hardirqs_on+0x9c/0x150
[  494.256503][ T9467]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  494.256518][ T9467]  ? clear_bhb_loop+0x60/0xb0
[  494.256536][ T9467]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  494.256551][ T9467] RIP: 0033:0x7f18ec98ebe9
[  494.256565][ T9467] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  494.256578][ T9467] RSP: 002b:00007f18ed857038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  494.256595][ T9467] RAX: ffffffffffffffda RBX: 00007f18ecbb5fa0 RCX: 00007f18ec98ebe9
[  494.256607][ T9467] RDX: 0000000000000080 RSI: 00002000000002c0 RDI: 0000000000000003
[  494.256617][ T9467] RBP: 00007f18ed857090 R08: 0000000000000000 R09: 0000000000000000
[  494.256626][ T9467] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  494.256636][ T9467] R13: 00007f18ecbb6038 R14: 00007f18ecbb5fa0 R15: 00007ffc162a98c8
[  494.256659][ T9467]  </TASK>
[  495.226485][ T9484] xt_TPROXY: Can be used only with -p tcp or -p udp
[  495.831850][ T9490] FAULT_INJECTION: forcing a failure.
[  495.831850][ T9490] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  495.944172][ T9490] CPU: 1 UID: 0 PID: 9490 Comm: syz.5.787 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) 
[  495.944202][ T9490] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  495.944214][ T9490] Call Trace:
[  495.944223][ T9490]  <TASK>
[  495.944233][ T9490]  dump_stack_lvl+0x189/0x250
[  495.944262][ T9490]  ? __pfx____ratelimit+0x10/0x10
[  495.944285][ T9490]  ? __pfx_dump_stack_lvl+0x10/0x10
[  495.944309][ T9490]  ? __pfx__printk+0x10/0x10
[  495.944337][ T9490]  ? __might_fault+0xb0/0x130
[  495.944371][ T9490]  should_fail_ex+0x414/0x560
[  495.944400][ T9490]  _copy_from_user+0x2d/0xb0
[  495.944431][ T9490]  kstrtouint_from_user+0xc4/0x170
[  495.944459][ T9490]  ? __pfx_kstrtouint_from_user+0x10/0x10
[  495.944503][ T9490]  proc_fail_nth_write+0x88/0x240
[  495.944530][ T9490]  ? __pfx_proc_fail_nth_write+0x10/0x10
[  495.944563][ T9490]  ? __pfx_proc_fail_nth_write+0x10/0x10
[  495.944591][ T9490]  vfs_write+0x27e/0xa90
[  495.944622][ T9490]  ? __pfx_vfs_write+0x10/0x10
[  495.944645][ T9490]  ? __fget_files+0x2a/0x420
[  495.944675][ T9490]  ? __fget_files+0x3a0/0x420
[  495.944698][ T9490]  ? __fget_files+0x2a/0x420
[  495.944733][ T9490]  ksys_write+0x145/0x250
[  495.944752][ T9490]  ? __fget_files+0x3a0/0x420
[  495.944778][ T9490]  ? __pfx_ksys_write+0x10/0x10
[  495.944813][ T9490]  ? do_syscall_64+0xbe/0x3b0
[  495.944844][ T9490]  do_syscall_64+0xfa/0x3b0
[  495.944867][ T9490]  ? lockdep_hardirqs_on+0x9c/0x150
[  495.944890][ T9490]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  495.944912][ T9490]  ? clear_bhb_loop+0x60/0xb0
[  495.944939][ T9490]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  495.944960][ T9490] RIP: 0033:0x7f94dcd8d69f
[  495.944979][ T9490] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48
[  495.944998][ T9490] RSP: 002b:00007f94ddcce030 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[  495.945021][ T9490] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f94dcd8d69f
[  495.945036][ T9490] RDX: 0000000000000001 RSI: 00007f94ddcce0a0 RDI: 000000000000000b
[  495.945049][ T9490] RBP: 00007f94ddcce090 R08: 0000000000000000 R09: 0000000000000000
[  495.945062][ T9490] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000001
[  495.945075][ T9490] R13: 00007f94dcfb6038 R14: 00007f94dcfb5fa0 R15: 00007ffcad9feb98
[  495.945110][ T9490]  </TASK>
[  496.926329][ T9513] team_slave_0: entered promiscuous mode
[  496.932372][ T9513] team_slave_1: entered promiscuous mode
[  496.938746][ T9513] vlan3: entered promiscuous mode
[  496.965620][ T9513] team0: entered promiscuous mode
[  496.972534][ T9519] bio_check_eod: 14 callbacks suppressed
[  496.972553][ T9519] syz.1.795: attempt to access beyond end of device
[  496.972553][ T9519] nbd1: rw=0, sector=64, nr_sectors = 1 limit=0
[  497.810112][ T9519] syz.1.795: attempt to access beyond end of device
[  497.810112][ T9519] nbd1: rw=0, sector=256, nr_sectors = 1 limit=0
[  497.854803][ T9519] UDF-fs: error (device nbd1): udf_read_tagged: read failed, block=256, location=256
[  497.899697][ T9519] syz.1.795: attempt to access beyond end of device
[  497.899697][ T9519] nbd1: rw=0, sector=512, nr_sectors = 1 limit=0
[  497.960033][ T9519] UDF-fs: error (device nbd1): udf_read_tagged: read failed, block=512, location=512
[  497.976694][ T9519] syz.1.795: attempt to access beyond end of device
[  497.976694][ T9519] nbd1: rw=0, sector=64, nr_sectors = 2 limit=0
[  498.013914][ T9519] syz.1.795: attempt to access beyond end of device
[  498.013914][ T9519] nbd1: rw=0, sector=512, nr_sectors = 2 limit=0
[  498.090931][ T9519] UDF-fs: error (device nbd1): udf_read_tagged: read failed, block=256, location=256
[  498.128671][ T9519] syz.1.795: attempt to access beyond end of device
[  498.128671][ T9519] nbd1: rw=0, sector=1024, nr_sectors = 2 limit=0
[  498.162892][ T9519] UDF-fs: error (device nbd1): udf_read_tagged: read failed, block=512, location=512
[  498.202387][ T9519] syz.1.795: attempt to access beyond end of device
[  498.202387][ T9519] nbd1: rw=0, sector=64, nr_sectors = 4 limit=0
[  498.250206][ T9519] syz.1.795: attempt to access beyond end of device
[  498.250206][ T9519] nbd1: rw=0, sector=1024, nr_sectors = 4 limit=0
[  498.332851][ T9519] UDF-fs: error (device nbd1): udf_read_tagged: read failed, block=256, location=256
[  498.384320][ T9519] syz.1.795: attempt to access beyond end of device
[  498.384320][ T9519] nbd1: rw=0, sector=2048, nr_sectors = 4 limit=0
[  498.470287][ T9519] UDF-fs: error (device nbd1): udf_read_tagged: read failed, block=512, location=512
[  498.511897][ T9519] syz.1.795: attempt to access beyond end of device
[  498.511897][ T9519] nbd1: rw=0, sector=64, nr_sectors = 8 limit=0
[  498.949647][ T9519] UDF-fs: error (device nbd1): udf_read_tagged: read failed, block=256, location=256
[  498.984067][ T9519] UDF-fs: error (device nbd1): udf_read_tagged: read failed, block=512, location=512
[  499.193001][ T9519] UDF-fs: warning (device nbd1): udf_fill_super: No partition found (1)
[  499.209273][ T9529] netlink: 12 bytes leftover after parsing attributes in process `syz.4.798'.
[  500.125147][ T9549] xt_TPROXY: Can be used only with -p tcp or -p udp
[  500.350527][ T9541] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[  500.362159][ T9541] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[  500.368904][ T9541] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[  500.385845][ T9541] Bluetooth: hci5: Opcode 0x0c1a failed: -4
[  501.272580][ T9564] netlink: 'syz.1.807': attribute type 1 has an invalid length.
[  501.280736][ T9564] netlink: 144 bytes leftover after parsing attributes in process `syz.1.807'.
[  501.290022][ T9564] netlink: 28 bytes leftover after parsing attributes in process `syz.1.807'.
[  501.678681][ T5155] Bluetooth: hci1: command 0x0c1a tx timeout
[  502.358499][ T9573] netlink: 'syz.1.811': attribute type 4 has an invalid length.
[  502.367338][ T9573] netlink: 'syz.1.811': attribute type 4 has an invalid length.
[  502.384708][ T9573] netlink: 'syz.1.811': attribute type 4 has an invalid length.
[  502.392960][ T5155] Bluetooth: hci5: command 0x040f tx timeout
[  502.399050][ T8706] Bluetooth: hci4: command 0x0c1a tx timeout
[  502.406232][ T5841] Bluetooth: hci2: command 0x0c1a tx timeout
[  502.438192][ T9573] netlink: 'syz.1.811': attribute type 4 has an invalid length.
[  502.462127][ T9576] netlink: 'syz.0.812': attribute type 2 has an invalid length.
[  502.470222][ T9576] netlink: 199836 bytes leftover after parsing attributes in process `syz.0.812'.
[  502.480802][ T9576] nbd: must specify a device to reconfigure
[  502.489204][ T9576] xt_TPROXY: Can be used only with -p tcp or -p udp
[  502.553278][ T9573] netlink: 'syz.1.811': attribute type 4 has an invalid length.
[  502.599854][ T9573] netlink: 'syz.1.811': attribute type 4 has an invalid length.
[  503.186153][ T9573] netlink: 'syz.1.811': attribute type 4 has an invalid length.
[  503.215114][ T9573] netlink: 'syz.1.811': attribute type 4 has an invalid length.
[  503.599997][ T9587] bio_check_eod: 2 callbacks suppressed
[  503.605688][ T9587] syz.2.810: attempt to access beyond end of device
[  503.605688][ T9587] nbd2: rw=0, sector=64, nr_sectors = 1 limit=0
[  503.619441][ T9587] syz.2.810: attempt to access beyond end of device
[  503.619441][ T9587] nbd2: rw=0, sector=256, nr_sectors = 1 limit=0
[  503.888837][ T9587] UDF-fs: error (device nbd2): udf_read_tagged: read failed, block=256, location=256
[  503.900925][ T9587] syz.2.810: attempt to access beyond end of device
[  503.900925][ T9587] nbd2: rw=0, sector=512, nr_sectors = 1 limit=0
[  503.915055][ T9587] UDF-fs: error (device nbd2): udf_read_tagged: read failed, block=512, location=512
[  503.933393][ T9587] syz.2.810: attempt to access beyond end of device
[  503.933393][ T9587] nbd2: rw=0, sector=64, nr_sectors = 2 limit=0
[  503.948127][ T9587] syz.2.810: attempt to access beyond end of device
[  503.948127][ T9587] nbd2: rw=0, sector=512, nr_sectors = 2 limit=0
[  503.962024][ T9587] UDF-fs: error (device nbd2): udf_read_tagged: read failed, block=256, location=256
[  503.973230][ T9587] syz.2.810: attempt to access beyond end of device
[  503.973230][ T9587] nbd2: rw=0, sector=1024, nr_sectors = 2 limit=0
[  503.986941][ T9587] UDF-fs: error (device nbd2): udf_read_tagged: read failed, block=512, location=512
[  504.002611][ T9587] syz.2.810: attempt to access beyond end of device
[  504.002611][ T9587] nbd2: rw=0, sector=64, nr_sectors = 4 limit=0
[  504.018319][ T9587] syz.2.810: attempt to access beyond end of device
[  504.018319][ T9587] nbd2: rw=0, sector=1024, nr_sectors = 4 limit=0
[  504.031965][ T9587] UDF-fs: error (device nbd2): udf_read_tagged: read failed, block=256, location=256
[  504.043056][ T9587] syz.2.810: attempt to access beyond end of device
[  504.043056][ T9587] nbd2: rw=0, sector=2048, nr_sectors = 4 limit=0
[  504.056683][ T9587] UDF-fs: error (device nbd2): udf_read_tagged: read failed, block=512, location=512
[  504.069929][ T9587] syz.2.810: attempt to access beyond end of device
[  504.069929][ T9587] nbd2: rw=0, sector=64, nr_sectors = 8 limit=0
[  504.084602][ T9587] UDF-fs: error (device nbd2): udf_read_tagged: read failed, block=256, location=256
[  504.095951][ T9587] UDF-fs: error (device nbd2): udf_read_tagged: read failed, block=512, location=512
[  504.106329][ T9587] UDF-fs: warning (device nbd2): udf_fill_super: No partition found (1)
[  505.108392][ T9597] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(9)
[  505.115011][ T9597] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed)
[  505.199565][ T9597] vhci_hcd vhci_hcd.0: Device attached
[  505.394244][ T9610] xt_TPROXY: Can be used only with -p tcp or -p udp
[  505.732460][ T9612] UDF-fs: error (device nbd2): udf_read_tagged: read failed, block=256, location=256
[  505.742616][ T9612] UDF-fs: error (device nbd2): udf_read_tagged: read failed, block=512, location=512
[  505.754616][ T9612] UDF-fs: error (device nbd2): udf_read_tagged: read failed, block=256, location=256
[  505.764513][ T9612] UDF-fs: error (device nbd2): udf_read_tagged: read failed, block=512, location=512
[  505.775050][ T9612] UDF-fs: error (device nbd2): udf_read_tagged: read failed, block=256, location=256
[  505.785020][ T9612] UDF-fs: error (device nbd2): udf_read_tagged: read failed, block=512, location=512
[  505.795345][ T9612] UDF-fs: error (device nbd2): udf_read_tagged: read failed, block=256, location=256
[  505.805219][ T9612] UDF-fs: error (device nbd2): udf_read_tagged: read failed, block=512, location=512
[  505.814827][ T9612] UDF-fs: warning (device nbd2): udf_fill_super: No partition found (1)
[  505.840443][ T9597] vhci_hcd vhci_hcd.0: pdev(1) rhport(1) sockfd(12)
[  505.847131][ T9597] vhci_hcd vhci_hcd.0: devid(0) speed(2) speed_str(full-speed)
[  505.885380][ T9614] vhci_hcd vhci_hcd.0: pdev(1) rhport(2) sockfd(15)
[  505.892075][ T9614] vhci_hcd vhci_hcd.0: devid(0) speed(2) speed_str(full-speed)
[  505.911442][ T9597] vhci_hcd vhci_hcd.0: Device attached
[  505.917680][ T9614] vhci_hcd vhci_hcd.0: Device attached
[  505.978422][ T5897] usb 35-1: new high-speed USB device number 3 using vhci_hcd
[  506.716231][ T9617] vhci_hcd: Failed attach request for unsupported USB speed: UNKNOWN
[  506.756730][ T1301] ieee802154 phy0 wpan0: encryption failed: -22
[  506.763186][ T1301] ieee802154 phy1 wpan1: encryption failed: -22
[  506.773797][ T9614] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(17)
[  506.780475][ T9614] vhci_hcd vhci_hcd.0: devid(0) speed(5) speed_str(super-speed)
[  506.992002][ T9597] vhci_hcd: Failed attach request for unsupported USB speed: UNKNOWN
[  506.992171][ T9614] vhci_hcd vhci_hcd.0: Device attached
[  507.110537][ T9597] netlink: 8 bytes leftover after parsing attributes in process `syz.1.818'.
[  507.312126][ T9636] validate_nla: 45 callbacks suppressed
[  507.312150][ T9636] netlink: 'syz.5.824': attribute type 2 has an invalid length.
[  507.325532][ T9636] netlink: 199836 bytes leftover after parsing attributes in process `syz.5.824'.
[  507.334809][ T9636] nbd: must specify a device to reconfigure
[  507.343090][ T9636] xt_TPROXY: Can be used only with -p tcp or -p udp
[  508.395910][ T9617] vhci_hcd: Failed attach request for unsupported USB speed: UNKNOWN
[  508.474666][ T9643] vhci_hcd vhci_hcd.0: pdev(1) rhport(6) sockfd(29)
[  508.481358][ T9643] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed)
[  508.512315][ T9597] netdevsim netdevsim1 netdevsim0: entered promiscuous mode
[  508.539559][ T9643] vhci_hcd vhci_hcd.0: Device attached
[  508.569364][ T9597] macsec1: entered allmulticast mode
[  508.729554][ T9597] netdevsim netdevsim1 netdevsim0: entered allmulticast mode
[  508.796119][ T9644] vhci_hcd: connection closed
[  508.797918][ T9624] vhci_hcd: connection closed
[  508.799827][ T6125] vhci_hcd: stop threads
[  508.970542][ T6125] vhci_hcd: release socket
[  508.976146][ T6125] vhci_hcd: disconnect device
[  508.983581][ T9615] vhci_hcd: connection closed
[  508.993817][ T6125] vhci_hcd: stop threads
[  509.018320][ T6125] vhci_hcd: release socket
[  509.031625][ T6125] vhci_hcd: disconnect device
[  509.089252][ T9656] bio_check_eod: 14 callbacks suppressed
[  509.095275][ T9656] syz.0.827: attempt to access beyond end of device
[  509.095275][ T9656] nbd0: rw=0, sector=64, nr_sectors = 1 limit=0
[  509.112261][ T9656] syz.0.827: attempt to access beyond end of device
[  509.112261][ T9656] nbd0: rw=0, sector=256, nr_sectors = 1 limit=0
[  509.127171][ T9656] UDF-fs: error (device nbd0): udf_read_tagged: read failed, block=256, location=256
[  509.142393][ T9656] syz.0.827: attempt to access beyond end of device
[  509.142393][ T9656] nbd0: rw=0, sector=512, nr_sectors = 1 limit=0
[  509.156463][ T9656] UDF-fs: error (device nbd0): udf_read_tagged: read failed, block=512, location=512
[  509.185682][ T9656] syz.0.827: attempt to access beyond end of device
[  509.185682][ T9656] nbd0: rw=0, sector=64, nr_sectors = 2 limit=0
[  509.202358][ T9656] syz.0.827: attempt to access beyond end of device
[  509.202358][ T9656] nbd0: rw=0, sector=512, nr_sectors = 2 limit=0
[  509.216571][ T9656] UDF-fs: error (device nbd0): udf_read_tagged: read failed, block=256, location=256
[  509.229275][ T9656] syz.0.827: attempt to access beyond end of device
[  509.229275][ T9656] nbd0: rw=0, sector=1024, nr_sectors = 2 limit=0
[  509.244084][ T9656] UDF-fs: error (device nbd0): udf_read_tagged: read failed, block=512, location=512
[  509.265861][ T9656] syz.0.827: attempt to access beyond end of device
[  509.265861][ T9656] nbd0: rw=0, sector=64, nr_sectors = 4 limit=0
[  509.282037][ T9656] syz.0.827: attempt to access beyond end of device
[  509.282037][ T9656] nbd0: rw=0, sector=1024, nr_sectors = 4 limit=0
[  509.296103][ T9656] UDF-fs: error (device nbd0): udf_read_tagged: read failed, block=256, location=256
[  509.308616][ T9656] syz.0.827: attempt to access beyond end of device
[  509.308616][ T9656] nbd0: rw=0, sector=2048, nr_sectors = 4 limit=0
[  509.322639][ T9656] UDF-fs: error (device nbd0): udf_read_tagged: read failed, block=512, location=512
[  509.341512][ T9656] syz.0.827: attempt to access beyond end of device
[  509.341512][ T9656] nbd0: rw=0, sector=64, nr_sectors = 8 limit=0
[  509.358176][ T9656] UDF-fs: error (device nbd0): udf_read_tagged: read failed, block=256, location=256
[  509.370078][ T9656] UDF-fs: error (device nbd0): udf_read_tagged: read failed, block=512, location=512
[  509.379832][ T9656] UDF-fs: warning (device nbd0): udf_fill_super: No partition found (1)
[  509.453128][ T9605] vhci_hcd: connection closed
[  509.453367][ T9598] vhci_hcd: connection reset by peer
[  509.479985][ T6125] vhci_hcd: stop threads
[  509.484305][ T6125] vhci_hcd: release socket
[  509.496597][ T6125] vhci_hcd: disconnect device
[  509.503962][ T6125] vhci_hcd: stop threads
[  509.508273][ T6125] vhci_hcd: release socket
[  509.533351][ T6125] vhci_hcd: disconnect device
[  509.592804][ T3480] vhci_hcd: stop threads
[  509.597304][ T3480] vhci_hcd: release socket
[  509.603424][ T3480] vhci_hcd: disconnect device
[  511.169415][ T5897] vhci_hcd: vhci_device speed not set
[  511.290836][ T9683] xt_TPROXY: Can be used only with -p tcp or -p udp
[  512.401533][ T9690] netlink: 'syz.2.836': attribute type 2 has an invalid length.
[  512.410407][ T9690] netlink: 199836 bytes leftover after parsing attributes in process `syz.2.836'.
[  512.419770][ T9690] nbd: must specify a device to reconfigure
[  512.427904][ T9690] xt_TPROXY: Can be used only with -p tcp or -p udp
[  513.829087][ T9701] netlink: 'syz.4.838': attribute type 10 has an invalid length.
[  514.467362][   T24] usb usb36-port1: attempt power cycle
[  515.309293][   T24] usb usb36-port1: unable to enumerate USB device
[  516.757296][  T889] IPVS: starting estimator thread 0...
[  516.880537][ T9741] IPVS: using max 23 ests per chain, 55200 per kthread
[  516.987402][ T9745] trusted_key: encrypted_key: master key parameter '00N004093' is invalid
[  517.021112][ T9745] trusted_key: encrypted_key: master key parameter '00N004093' is invalid
[  517.790743][ T9753] bio_check_eod: 2 callbacks suppressed
[  517.790763][ T9753] syz.0.848: attempt to access beyond end of device
[  517.790763][ T9753] nbd0: rw=0, sector=64, nr_sectors = 1 limit=0
[  517.893248][ T9758] netlink: 'syz.1.849': attribute type 2 has an invalid length.
[  517.901455][ T9758] netlink: 199836 bytes leftover after parsing attributes in process `syz.1.849'.
[  517.910857][ T9758] nbd: must specify a device to reconfigure
[  517.922013][ T9758] xt_TPROXY: Can be used only with -p tcp or -p udp
[  518.927100][ T9753] syz.0.848: attempt to access beyond end of device
[  518.927100][ T9753] nbd0: rw=0, sector=256, nr_sectors = 1 limit=0
[  519.043819][ T9753] UDF-fs: error (device nbd0): udf_read_tagged: read failed, block=256, location=256
[  519.112782][ T9753] syz.0.848: attempt to access beyond end of device
[  519.112782][ T9753] nbd0: rw=0, sector=512, nr_sectors = 1 limit=0
[  519.316435][ T9753] UDF-fs: error (device nbd0): udf_read_tagged: read failed, block=512, location=512
[  519.374527][ T9761] FAULT_INJECTION: forcing a failure.
[  519.374527][ T9761] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  519.534161][ T9753] syz.0.848: attempt to access beyond end of device
[  519.534161][ T9753] nbd0: rw=0, sector=64, nr_sectors = 2 limit=0
[  519.547727][ T9761] CPU: 0 UID: 0 PID: 9761 Comm: syz.2.851 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) 
[  519.547758][ T9761] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  519.547771][ T9761] Call Trace:
[  519.547779][ T9761]  <TASK>
[  519.547788][ T9761]  dump_stack_lvl+0x189/0x250
[  519.547817][ T9761]  ? __pfx____ratelimit+0x10/0x10
[  519.547839][ T9761]  ? __pfx_dump_stack_lvl+0x10/0x10
[  519.547863][ T9761]  ? __pfx__printk+0x10/0x10
[  519.547905][ T9761]  should_fail_ex+0x414/0x560
[  519.547933][ T9761]  _copy_from_iter+0x1db/0x16f0
[  519.547971][ T9761]  ? policy_nodemask+0x5d4/0x720
[  519.547993][ T9761]  ? __pfx__copy_from_iter+0x10/0x10
[  519.548026][ T9761]  ? set_page_refcounted+0xa0/0x1e0
[  519.548049][ T9761]  ? page_copy_sane+0x4e/0x280
[  519.548076][ T9761]  copy_page_from_iter+0xdd/0x170
[  519.548108][ T9761]  tun_get_user+0x1c4d/0x3ce0
[  519.548138][ T9761]  ? tun_get_user+0x693/0x3ce0
[  519.548182][ T9761]  ? __pfx_tun_get_user+0x10/0x10
[  519.548207][ T9761]  ? __pfx_rcu_preempt_deferred_qs_irqrestore+0x10/0x10
[  519.548235][ T9761]  ? rcu_is_watching+0x15/0xb0
[  519.548253][ T9761]  ? trace_irq_disable+0x37/0x110
[  519.548281][ T9761]  ? rcu_is_watching+0x15/0xb0
[  519.548303][ T9761]  ? rcu_read_unlock_special+0x3fe/0x4c0
[  519.548327][ T9761]  ? irqentry_exit+0x74/0x90
[  519.548346][ T9761]  ? __pfx_ref_tracker_alloc+0x10/0x10
[  519.548366][ T9761]  ? __pfx_rcu_read_unlock_special+0x10/0x10
[  519.548393][ T9761]  ? tun_get+0x1c/0x2f0
[  519.548421][ T9761]  ? tun_get+0x1c/0x2f0
[  519.548446][ T9761]  tun_chr_write_iter+0x113/0x200
[  519.548471][ T9761]  vfs_write+0x54b/0xa90
[  519.548490][ T9761]  ? __pfx_tun_chr_write_iter+0x10/0x10
[  519.548513][ T9761]  ? __pfx_vfs_write+0x10/0x10
[  519.548532][ T9761]  ? __rcu_read_unlock+0x84/0xe0
[  519.548565][ T9761]  ? __fget_files+0x2a/0x420
[  519.548593][ T9761]  ksys_write+0x145/0x250
[  519.548611][ T9761]  ? __pfx_ksys_write+0x10/0x10
[  519.548632][ T9761]  ? do_syscall_64+0xbe/0x3b0
[  519.548654][ T9761]  do_syscall_64+0xfa/0x3b0
[  519.548674][ T9761]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  519.548691][ T9761]  ? asm_sysvec_reschedule_ipi+0x1a/0x20
[  519.548707][ T9761]  ? clear_bhb_loop+0x60/0xb0
[  519.548728][ T9761]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  519.548744][ T9761] RIP: 0033:0x7fd34cf8d69f
[  519.548760][ T9761] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48
[  519.548775][ T9761] RSP: 002b:00007fd34b1f6000 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[  519.548794][ T9761] RAX: ffffffffffffffda RBX: 00007fd34d1b5fa0 RCX: 00007fd34cf8d69f
[  519.548807][ T9761] RDX: 000000000000001a RSI: 0000200000000000 RDI: 00000000000000c8
[  519.548819][ T9761] RBP: 00007fd34b1f6090 R08: 0000000000000000 R09: 0000000000000000
[  519.548830][ T9761] R10: 000000000000001a R11: 0000000000000293 R12: 0000000000000001
[  519.548840][ T9761] R13: 00007fd34d1b6038 R14: 00007fd34d1b5fa0 R15: 00007ffdda4675b8
[  519.548866][ T9761]  </TASK>
[  520.006303][ T9753] syz.0.848: attempt to access beyond end of device
[  520.006303][ T9753] nbd0: rw=0, sector=512, nr_sectors = 2 limit=0
[  520.021683][ T9753] UDF-fs: error (device nbd0): udf_read_tagged: read failed, block=256, location=256
[  520.031528][ T9753] syz.0.848: attempt to access beyond end of device
[  520.031528][ T9753] nbd0: rw=0, sector=1024, nr_sectors = 2 limit=0
[  520.044932][ T9753] UDF-fs: error (device nbd0): udf_read_tagged: read failed, block=512, location=512
[  520.060093][ T9753] syz.0.848: attempt to access beyond end of device
[  520.060093][ T9753] nbd0: rw=0, sector=64, nr_sectors = 4 limit=0
[  520.256843][ T9753] syz.0.848: attempt to access beyond end of device
[  520.256843][ T9753] nbd0: rw=0, sector=1024, nr_sectors = 4 limit=0
[  520.328600][ T9753] UDF-fs: error (device nbd0): udf_read_tagged: read failed, block=256, location=256
[  520.368022][ T9753] syz.0.848: attempt to access beyond end of device
[  520.368022][ T9753] nbd0: rw=0, sector=2048, nr_sectors = 4 limit=0
[  520.416648][ T9753] UDF-fs: error (device nbd0): udf_read_tagged: read failed, block=512, location=512
[  520.429916][ T9753] syz.0.848: attempt to access beyond end of device
[  520.429916][ T9753] nbd0: rw=0, sector=64, nr_sectors = 8 limit=0
[  520.452229][ T9753] UDF-fs: error (device nbd0): udf_read_tagged: read failed, block=256, location=256
[  520.478283][ T9753] UDF-fs: error (device nbd0): udf_read_tagged: read failed, block=512, location=512
[  520.496363][ T9753] UDF-fs: warning (device nbd0): udf_fill_super: No partition found (1)
[  521.747312][ T9788] netlink: 56 bytes leftover after parsing attributes in process `syz.4.856'.
[  523.079232][ T9796] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  523.124646][ T9796] netlink: 48 bytes leftover after parsing attributes in process `syz.0.858'.
[  523.161536][ T9796] process 'syz.0.858' launched './file1' with NULL argv: empty string added
[  530.308141][ T9856] netlink: 24 bytes leftover after parsing attributes in process `syz.1.874'.
[  530.355809][ T9856] netlink: 48 bytes leftover after parsing attributes in process `syz.1.874'.
[  534.175090][ T9893] netlink: 'syz.5.881': attribute type 2 has an invalid length.
[  534.183089][ T9893] netlink: 199836 bytes leftover after parsing attributes in process `syz.5.881'.
[  534.192538][ T9893] nbd: must specify a device to reconfigure
[  534.203264][ T9893] xt_TPROXY: Can be used only with -p tcp or -p udp
[  535.395578][ T9905] FAULT_INJECTION: forcing a failure.
[  535.395578][ T9905] name failslab, interval 1, probability 0, space 0, times 0
[  535.408609][ T9905] CPU: 1 UID: 0 PID: 9905 Comm: syz.2.885 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) 
[  535.408638][ T9905] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  535.408652][ T9905] Call Trace:
[  535.408661][ T9905]  <TASK>
[  535.408672][ T9905]  dump_stack_lvl+0x189/0x250
[  535.408703][ T9905]  ? __pfx____ratelimit+0x10/0x10
[  535.408728][ T9905]  ? __pfx_dump_stack_lvl+0x10/0x10
[  535.408753][ T9905]  ? __pfx__printk+0x10/0x10
[  535.408788][ T9905]  ? __pfx___might_resched+0x10/0x10
[  535.408819][ T9905]  should_fail_ex+0x414/0x560
[  535.408848][ T9905]  should_failslab+0xa8/0x100
[  535.408874][ T9905]  kmem_cache_alloc_node_noprof+0x76/0x3c0
[  535.408898][ T9905]  ? __alloc_skb+0x112/0x2d0
[  535.408935][ T9905]  __alloc_skb+0x112/0x2d0
[  535.408970][ T9905]  netlink_sendmsg+0x5c6/0xb30
[  535.409014][ T9905]  ? __pfx_netlink_sendmsg+0x10/0x10
[  535.409056][ T9905]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  535.409078][ T9905]  ? __pfx_netlink_sendmsg+0x10/0x10
[  535.409117][ T9905]  __sock_sendmsg+0x21c/0x270
[  535.409146][ T9905]  ____sys_sendmsg+0x505/0x830
[  535.409185][ T9905]  ? __pfx_____sys_sendmsg+0x10/0x10
[  535.409227][ T9905]  ? import_iovec+0x74/0xa0
[  535.409262][ T9905]  ___sys_sendmsg+0x21f/0x2a0
[  535.409299][ T9905]  ? __pfx____sys_sendmsg+0x10/0x10
[  535.409374][ T9905]  ? __fget_files+0x2a/0x420
[  535.409399][ T9905]  ? __fget_files+0x3a0/0x420
[  535.409436][ T9905]  __x64_sys_sendmsg+0x19b/0x260
[  535.409474][ T9905]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  535.409527][ T9905]  ? __pfx_ksys_write+0x10/0x10
[  535.409547][ T9905]  ? rcu_is_watching+0x15/0xb0
[  535.409576][ T9905]  ? do_syscall_64+0xbe/0x3b0
[  535.409607][ T9905]  do_syscall_64+0xfa/0x3b0
[  535.409630][ T9905]  ? lockdep_hardirqs_on+0x9c/0x150
[  535.409654][ T9905]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  535.409676][ T9905]  ? clear_bhb_loop+0x60/0xb0
[  535.409704][ T9905]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  535.409726][ T9905] RIP: 0033:0x7fd34cf8ebe9
[  535.409746][ T9905] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  535.409766][ T9905] RSP: 002b:00007fd34b1b4038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  535.409790][ T9905] RAX: ffffffffffffffda RBX: 00007fd34d1b6180 RCX: 00007fd34cf8ebe9
[  535.409807][ T9905] RDX: 0000000000000000 RSI: 0000200000000300 RDI: 0000000000000008
[  535.409821][ T9905] RBP: 00007fd34b1b4090 R08: 0000000000000000 R09: 0000000000000000
[  535.409835][ T9905] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  535.409848][ T9905] R13: 00007fd34d1b6218 R14: 00007fd34d1b6180 R15: 00007ffdda4675b8
[  535.409883][ T9905]  </TASK>
[  535.778562][ T9898] bridge_slave_1: left allmulticast mode
[  535.859494][ T9898] bridge_slave_1: left promiscuous mode
[  535.867303][ T9898] bridge0: port 2(bridge_slave_1) entered disabled state
[  536.459044][ T9898] A link change request failed with some changes committed already. Interface bridge_slave_1 may have been left with an inconsistent configuration, please check.
[  540.320751][ T9938] netlink: 36 bytes leftover after parsing attributes in process `syz.5.891'.
[  543.241626][ T9973] Bluetooth: hci0: load_link_keys: too big key_count value 2816
[  543.668206][ T9979] FAULT_INJECTION: forcing a failure.
[  543.668206][ T9979] name failslab, interval 1, probability 0, space 0, times 0
[  543.681487][ T9979] CPU: 1 UID: 0 PID: 9979 Comm: syz.2.898 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) 
[  543.681516][ T9979] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  543.681530][ T9979] Call Trace:
[  543.681539][ T9979]  <TASK>
[  543.681549][ T9979]  dump_stack_lvl+0x189/0x250
[  543.681578][ T9979]  ? __pfx____ratelimit+0x10/0x10
[  543.681602][ T9979]  ? __pfx_dump_stack_lvl+0x10/0x10
[  543.681628][ T9979]  ? __pfx__printk+0x10/0x10
[  543.681663][ T9979]  ? __pfx___might_resched+0x10/0x10
[  543.681693][ T9979]  should_fail_ex+0x414/0x560
[  543.681722][ T9979]  should_failslab+0xa8/0x100
[  543.681749][ T9979]  kmem_cache_alloc_node_noprof+0x76/0x3c0
[  543.681772][ T9979]  ? __alloc_skb+0x112/0x2d0
[  543.681808][ T9979]  __alloc_skb+0x112/0x2d0
[  543.681844][ T9979]  netlink_sendmsg+0x5c6/0xb30
[  543.681887][ T9979]  ? __pfx_netlink_sendmsg+0x10/0x10
[  543.681936][ T9979]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  543.681958][ T9979]  ? __pfx_netlink_sendmsg+0x10/0x10
[  543.681991][ T9979]  __sock_sendmsg+0x21c/0x270
[  543.682021][ T9979]  ____sys_sendmsg+0x505/0x830
[  543.682062][ T9979]  ? __pfx_____sys_sendmsg+0x10/0x10
[  543.682094][ T9979]  ? __copy_msghdr+0x311/0x5b0
[  543.682137][ T9979]  ? import_iovec+0x74/0xa0
[  543.682173][ T9979]  ___sys_sendmsg+0x21f/0x2a0
[  543.682210][ T9979]  ? __pfx____sys_sendmsg+0x10/0x10
[  543.682285][ T9979]  ? __fget_files+0x2a/0x420
[  543.682310][ T9979]  ? __fget_files+0x3a0/0x420
[  543.682347][ T9979]  __x64_sys_sendmsg+0x19b/0x260
[  543.682384][ T9979]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  543.682440][ T9979]  ? do_syscall_64+0xbe/0x3b0
[  543.682470][ T9979]  do_syscall_64+0xfa/0x3b0
[  543.682496][ T9979]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  543.682517][ T9979]  ? asm_sysvec_reschedule_ipi+0x1a/0x20
[  543.682538][ T9979]  ? clear_bhb_loop+0x60/0xb0
[  543.682566][ T9979]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  543.682587][ T9979] RIP: 0033:0x7fd34cf8ebe9
[  543.682606][ T9979] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  543.682626][ T9979] RSP: 002b:00007fd34b1b4038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  543.682650][ T9979] RAX: ffffffffffffffda RBX: 00007fd34d1b6180 RCX: 00007fd34cf8ebe9
[  543.682666][ T9979] RDX: 0000000000000000 RSI: 0000200000000180 RDI: 0000000000000005
[  543.682680][ T9979] RBP: 00007fd34b1b4090 R08: 0000000000000000 R09: 0000000000000000
[  543.682694][ T9979] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  543.682708][ T9979] R13: 00007fd34d1b6218 R14: 00007fd34d1b6180 R15: 00007ffdda4675b8
[  543.682742][ T9979]  </TASK>
[  545.391831][ T9989] FAULT_INJECTION: forcing a failure.
[  545.391831][ T9989] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  545.405293][ T9989] CPU: 0 UID: 0 PID: 9989 Comm: syz.2.901 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) 
[  545.405322][ T9989] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  545.405336][ T9989] Call Trace:
[  545.405344][ T9989]  <TASK>
[  545.405353][ T9989]  dump_stack_lvl+0x189/0x250
[  545.405383][ T9989]  ? __pfx____ratelimit+0x10/0x10
[  545.405408][ T9989]  ? __pfx_dump_stack_lvl+0x10/0x10
[  545.405433][ T9989]  ? __pfx__printk+0x10/0x10
[  545.405462][ T9989]  ? __might_fault+0xb0/0x130
[  545.405498][ T9989]  should_fail_ex+0x414/0x560
[  545.405526][ T9989]  _copy_from_user+0x2d/0xb0
[  545.405558][ T9989]  ___sys_sendmsg+0x158/0x2a0
[  545.405596][ T9989]  ? __pfx____sys_sendmsg+0x10/0x10
[  545.405672][ T9989]  ? __fget_files+0x2a/0x420
[  545.405697][ T9989]  ? __fget_files+0x3a0/0x420
[  545.405734][ T9989]  __sys_sendmmsg+0x227/0x430
[  545.405782][ T9989]  ? __pfx___sys_sendmmsg+0x10/0x10
[  545.405814][ T9989]  ? __mutex_unlock_slowpath+0x1cd/0x700
[  545.405871][ T9989]  ? ksys_write+0x22a/0x250
[  545.405895][ T9989]  ? __pfx_ksys_write+0x10/0x10
[  545.405913][ T9989]  ? rcu_is_watching+0x15/0xb0
[  545.405945][ T9989]  __x64_sys_sendmmsg+0xa0/0xc0
[  545.405982][ T9989]  do_syscall_64+0xfa/0x3b0
[  545.406005][ T9989]  ? lockdep_hardirqs_on+0x9c/0x150
[  545.406028][ T9989]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  545.406050][ T9989]  ? clear_bhb_loop+0x60/0xb0
[  545.406077][ T9989]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  545.406099][ T9989] RIP: 0033:0x7fd34cf8ebe9
[  545.406119][ T9989] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  545.406138][ T9989] RSP: 002b:00007fd34b1b4038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[  545.406161][ T9989] RAX: ffffffffffffffda RBX: 00007fd34d1b6180 RCX: 00007fd34cf8ebe9
[  545.406178][ T9989] RDX: 00000000000002e9 RSI: 0000200000000480 RDI: 0000000000000008
[  545.406193][ T9989] RBP: 00007fd34b1b4090 R08: 0000000000000000 R09: 0000000000000000
[  545.406207][ T9989] R10: 000000000000ffe0 R11: 0000000000000246 R12: 0000000000000001
[  545.406220][ T9989] R13: 00007fd34d1b6218 R14: 00007fd34d1b6180 R15: 00007ffdda4675b8
[  545.406255][ T9989]  </TASK>
[  545.622475][    C0] vkms_vblank_simulate: vblank timer overrun
[  552.092347][T10027] tunl0: Caught tx_queue_len zero misconfig
[  553.998747][T10044] netlink: 'syz.1.912': attribute type 10 has an invalid length.
[  554.106695][T10044] bond0: (slave wlan1): Enslaving as an active interface with an up link
[  555.995744][T10071] netlink: 8 bytes leftover after parsing attributes in process `syz.0.915'.
[  560.298752][T10101] netlink: 56 bytes leftover after parsing attributes in process `syz.0.922'.
[  561.179467][ T5890] usb 1-1: new high-speed USB device number 9 using dummy_hcd
[  561.459467][ T5890] usb 1-1: Using ep0 maxpacket: 32
[  561.483480][ T5890] usb 1-1: unable to get BOS descriptor or descriptor too short
[  561.513802][ T5890] usb 1-1: config 2 has an invalid interface number: 189 but max is 0
[  561.572945][ T5890] usb 1-1: config 2 has no interface number 0
[  561.587994][ T5890] usb 1-1: config 2 interface 189 altsetting 11 has an invalid endpoint descriptor of length 3, skipping
[  561.637529][ T5890] usb 1-1: config 2 interface 189 has no altsetting 0
[  561.658004][ T5890] usb 1-1: New USB device found, idVendor=041e, idProduct=3f19, bcdDevice=9b.52
[  561.727761][ T5890] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  561.795442][ T5890] usb 1-1: Product: syz
[  561.836593][ T5890] usb 1-1: Manufacturer: syz
[  561.870931][ T5890] usb 1-1: SerialNumber: syz
[  561.874830][T10110] sp0: Synchronizing with TNC
[  562.072666][T10114] sp0: Found TNC
[  563.358909][T10111] netlink: 2384 bytes leftover after parsing attributes in process `syz.1.926'.
[  563.618628][ T5890] usb 1-1: can't set config #2, error -71
[  563.641054][ T5890] usb 1-1: USB disconnect, device number 9
[  563.805201][T10127] overlayfs: failed to decode file handle (len=6, type=251, flags=0, err=-22)
[  566.477399][T10136] netlink: 4 bytes leftover after parsing attributes in process `syz.1.929'.
[  566.684386][T10136] bridge_slave_1: left allmulticast mode
[  566.805983][T10136] bridge_slave_1: left promiscuous mode
[  567.018488][T10136] bridge0: port 2(bridge_slave_1) entered disabled state
[  567.808344][T10136] bridge_slave_0: left allmulticast mode
[  567.848898][T10136] bridge_slave_0: left promiscuous mode
[  567.879783][T10136] bridge0: port 1(bridge_slave_0) entered disabled state
[  568.165117][ T1301] ieee802154 phy0 wpan0: encryption failed: -22
[  568.175838][ T1301] ieee802154 phy1 wpan1: encryption failed: -22
[  570.236967][T10186] netlink: 56 bytes leftover after parsing attributes in process `syz.0.938'.
[  570.534605][T10189] bio_check_eod: 2 callbacks suppressed
[  570.534626][T10189] syz.1.939: attempt to access beyond end of device
[  570.534626][T10189] nbd1: rw=0, sector=64, nr_sectors = 1 limit=0
[  570.553375][T10189] syz.1.939: attempt to access beyond end of device
[  570.553375][T10189] nbd1: rw=0, sector=256, nr_sectors = 1 limit=0
[  570.566478][T10189] UDF-fs: error (device nbd1): udf_read_tagged: read failed, block=256, location=256
[  570.577131][T10189] syz.1.939: attempt to access beyond end of device
[  570.577131][T10189] nbd1: rw=0, sector=512, nr_sectors = 1 limit=0
[  570.590465][T10189] UDF-fs: error (device nbd1): udf_read_tagged: read failed, block=512, location=512
[  570.601215][T10189] syz.1.939: attempt to access beyond end of device
[  570.601215][T10189] nbd1: rw=0, sector=64, nr_sectors = 2 limit=0
[  570.614619][T10189] syz.1.939: attempt to access beyond end of device
[  570.614619][T10189] nbd1: rw=0, sector=512, nr_sectors = 2 limit=0
[  570.628085][T10189] UDF-fs: error (device nbd1): udf_read_tagged: read failed, block=256, location=256
[  570.638128][T10189] syz.1.939: attempt to access beyond end of device
[  570.638128][T10189] nbd1: rw=0, sector=1024, nr_sectors = 2 limit=0
[  570.651735][T10189] UDF-fs: error (device nbd1): udf_read_tagged: read failed, block=512, location=512
[  570.662332][T10189] syz.1.939: attempt to access beyond end of device
[  570.662332][T10189] nbd1: rw=0, sector=64, nr_sectors = 4 limit=0
[  570.681868][T10189] syz.1.939: attempt to access beyond end of device
[  570.681868][T10189] nbd1: rw=0, sector=1024, nr_sectors = 4 limit=0
[  570.697366][T10189] UDF-fs: error (device nbd1): udf_read_tagged: read failed, block=256, location=256
[  570.707657][T10189] syz.1.939: attempt to access beyond end of device
[  570.707657][T10189] nbd1: rw=0, sector=2048, nr_sectors = 4 limit=0
[  570.721336][T10189] UDF-fs: error (device nbd1): udf_read_tagged: read failed, block=512, location=512
[  570.733936][T10189] syz.1.939: attempt to access beyond end of device
[  570.733936][T10189] nbd1: rw=0, sector=64, nr_sectors = 8 limit=0
[  570.747657][T10189] UDF-fs: error (device nbd1): udf_read_tagged: read failed, block=256, location=256
[  570.757907][T10189] UDF-fs: error (device nbd1): udf_read_tagged: read failed, block=512, location=512
[  570.768353][T10189] UDF-fs: warning (device nbd1): udf_fill_super: No partition found (1)
[  571.363635][ T5963] usb 1-1: new high-speed USB device number 10 using dummy_hcd
[  571.814575][T10194] fanotify: failed to encode fid (type=0, len=0, err=-2)
[  572.187132][ T5963] usb 1-1: Using ep0 maxpacket: 32
[  572.209447][ T5963] usb 1-1: unable to get BOS descriptor or descriptor too short
[  572.244138][ T5963] usb 1-1: config 2 has an invalid interface number: 189 but max is 0
[  572.302685][ T5963] usb 1-1: config 2 has no interface number 0
[  572.316269][ T5963] usb 1-1: config 2 interface 189 altsetting 11 has an invalid endpoint descriptor of length 3, skipping
[  572.344033][ T5963] usb 1-1: config 2 interface 189 has no altsetting 0
[  572.361573][ T5963] usb 1-1: New USB device found, idVendor=041e, idProduct=3f19, bcdDevice=9b.52
[  572.388842][ T5963] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  572.412274][ T5963] usb 1-1: Product: syz
[  572.428638][ T5963] usb 1-1: Manufacturer: syz
[  572.438775][ T5963] usb 1-1: SerialNumber: syz
[  572.704452][T10198] syzkaller0: entered promiscuous mode
[  572.712470][T10198] syzkaller0: entered allmulticast mode
[  572.827902][T10205] mmap: syz.4.945 (10205) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst.
[  574.568468][ T5963] usb 1-1: unknown interface protocol 0x3b, assuming v1
[  574.589554][ T5963] usb 1-1: 189:2 : does not exist
[  574.595847][T10198] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[  574.602579][T10198] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[  574.629230][ T5155] Bluetooth: hci5: command 0x040f tx timeout
[  574.635955][T10198] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[  574.698851][T10198] Bluetooth: hci5: Opcode 0x0c1a failed: -4
[  575.286770][ T5963] usb 1-1: USB disconnect, device number 10
[  575.505516][ T6181] udevd[6181]: error opening ATTR{/sys/devices/platform/dummy_hcd.0/usb1/1-1/1-1:2.189/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  575.986876][ T5841] Bluetooth: hci1: command 0x0c1a tx timeout
[  576.633158][ T5841] Bluetooth: hci2: command 0x0c1a tx timeout
[  576.709233][ T5841] Bluetooth: hci5: command 0x040f tx timeout
[  576.709549][ T5155] Bluetooth: hci4: command 0x0c1a tx timeout
[  577.933779][T10243] FAULT_INJECTION: forcing a failure.
[  577.933779][T10243] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  577.949518][T10243] CPU: 0 UID: 0 PID: 10243 Comm: syz.4.952 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) 
[  577.949546][T10243] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  577.949560][T10243] Call Trace:
[  577.949568][T10243]  <TASK>
[  577.949576][T10243]  dump_stack_lvl+0x189/0x250
[  577.949607][T10243]  ? __pfx____ratelimit+0x10/0x10
[  577.949652][T10243]  ? __pfx_dump_stack_lvl+0x10/0x10
[  577.949676][T10243]  ? __pfx__printk+0x10/0x10
[  577.949703][T10243]  ? __might_fault+0xb0/0x130
[  577.949737][T10243]  should_fail_ex+0x414/0x560
[  577.949764][T10243]  _copy_from_user+0x2d/0xb0
[  577.949794][T10243]  ucma_resolve_addr+0xa8/0x270
[  577.949831][T10243]  ? __pfx_ucma_resolve_addr+0x10/0x10
[  577.949896][T10243]  ? __pfx_ucma_resolve_addr+0x10/0x10
[  577.949939][T10243]  ucma_write+0x249/0x2e0
[  577.949971][T10243]  ? __pfx_ucma_write+0x10/0x10
[  577.950000][T10243]  ? security_file_permission+0x75/0x290
[  577.950027][T10243]  ? rw_verify_area+0x258/0x650
[  577.950060][T10243]  ? __pfx_ucma_write+0x10/0x10
[  577.950091][T10243]  vfs_write+0x27e/0xa90
[  577.950121][T10243]  ? __pfx_vfs_write+0x10/0x10
[  577.950142][T10243]  ? __fget_files+0x2a/0x420
[  577.950168][T10243]  ? __fget_files+0x2a/0x420
[  577.950190][T10243]  ? __fget_files+0x3a0/0x420
[  577.950212][T10243]  ? __fget_files+0x2a/0x420
[  577.950246][T10243]  ksys_write+0x145/0x250
[  577.950269][T10243]  ? __pfx_ksys_write+0x10/0x10
[  577.950286][T10243]  ? rcu_is_watching+0x15/0xb0
[  577.950315][T10243]  ? do_syscall_64+0xbe/0x3b0
[  577.950350][T10243]  do_syscall_64+0xfa/0x3b0
[  577.950372][T10243]  ? lockdep_hardirqs_on+0x9c/0x150
[  577.950395][T10243]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  577.950415][T10243]  ? clear_bhb_loop+0x60/0xb0
[  577.950441][T10243]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  577.950462][T10243] RIP: 0033:0x7f18ec98ebe9
[  577.950479][T10243] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  577.950497][T10243] RSP: 002b:00007f18ed836038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  577.950520][T10243] RAX: ffffffffffffffda RBX: 00007f18ecbb6090 RCX: 00007f18ec98ebe9
[  577.950536][T10243] RDX: 0000000000000118 RSI: 0000200000000280 RDI: 0000000000000003
[  577.950549][T10243] RBP: 00007f18ed836090 R08: 0000000000000000 R09: 0000000000000000
[  577.950561][T10243] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  577.950573][T10243] R13: 00007f18ecbb6128 R14: 00007f18ecbb6090 R15: 00007ffc162a98c8
[  577.950606][T10243]  </TASK>
[  578.714191][T10252] xt_TPROXY: Can be used only with -p tcp or -p udp
[  580.579988][T10260] netlink: 'syz.0.957': attribute type 10 has an invalid length.
[  583.203332][T10279] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  585.492861][T10309] hub 8-0:1.0: USB hub found
[  585.500520][T10309] hub 8-0:1.0: 1 port detected
[  586.712416][ T5155] Bluetooth: hci5: ACL packet too small
[  597.097252][T10387] workqueue: Failed to create a rescuer kthread for wq "xfs-blockgc/nullb0": -EINTR
[  599.879378][ T5890] usb 2-1: new high-speed USB device number 13 using dummy_hcd
[  600.172336][ T5890] usb 2-1: Using ep0 maxpacket: 8
[  600.207672][ T5890] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  600.281534][ T5890] usb 2-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22
[  600.323754][ T5890] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  600.373548][ T5890] usb 2-1: config 0 descriptor??
[  600.981658][ T5890] iowarrior 2-1:0.0: IOWarrior product=0x1512, serial= interface=0 now attached to iowarrior0
[  601.096309][ T5890] usb 2-1: USB disconnect, device number 13
[  601.158708][T10444] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  601.240964][T10444] syzkaller0: entered promiscuous mode
[  601.246526][T10444] syzkaller0: entered allmulticast mode
[  601.286830][T10444] tipc: Resetting bearer <eth:syzkaller0>
[  601.331123][T10443] tipc: Resetting bearer <eth:syzkaller0>
[  601.967332][T10443] tipc: Disabling bearer <eth:syzkaller0>
[  601.983660][T10467] netlink: 28 bytes leftover after parsing attributes in process `syz.4.1000'.
[  602.007923][T10467] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1000'.
[  602.186701][T10467] bridge_slave_0: left allmulticast mode
[  602.409502][T10467] bridge_slave_0: left promiscuous mode
[  603.167918][T10483] bio_check_eod: 2 callbacks suppressed
[  603.167938][T10483] syz.2.1003: attempt to access beyond end of device
[  603.167938][T10483] loop2: rw=0, sector=0, nr_sectors = 1 limit=0
[  603.199653][T10467] bridge0: port 1(bridge_slave_0) entered disabled state
[  603.440082][T10467] bridge_slave_1: left allmulticast mode
[  603.445814][T10467] bridge_slave_1: left promiscuous mode
[  603.453469][T10467] bridge0: port 2(bridge_slave_1) entered disabled state
[  603.482281][T10467] bond0: (slave bond_slave_0): Releasing backup interface
[  603.537953][T10467] bond0: (slave bond_slave_1): Releasing backup interface
[  603.583198][T10467] team0: Port device team_slave_0 removed
[  603.635725][T10467] team0: Port device team_slave_1 removed
[  603.645462][T10467] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  603.764722][T10467] batman_adv: batadv0: Removing interface: batadv_slave_0
[  603.780277][T10467] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  603.840308][T10467] batman_adv: batadv0: Removing interface: batadv_slave_1
[  603.940644][T10467] bond0: (slave wlan1): Releasing backup interface
[  603.976181][T10467] bond1: (slave gretap1): Releasing active interface
[  605.571883][   T30] kauditd_printk_skb: 1 callbacks suppressed
[  605.571904][   T30] audit: type=1326 audit(1755756144.612:113): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10494 comm="syz.1.1007" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbd1998ebe9 code=0x7ffc0000
[  605.748024][   T30] audit: type=1326 audit(1755756144.612:114): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10494 comm="syz.1.1007" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbd1998ebe9 code=0x7ffc0000
[  605.826720][   T30] audit: type=1326 audit(1755756144.612:115): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10494 comm="syz.1.1007" exe="/root/syz-executor" sig=0 arch=c000003e syscall=100 compat=0 ip=0x7fbd1998ebe9 code=0x7ffc0000
[  605.909701][   T30] audit: type=1326 audit(1755756144.612:116): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10494 comm="syz.1.1007" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbd1998ebe9 code=0x7ffc0000
[  605.947521][   T30] audit: type=1326 audit(1755756144.612:117): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10494 comm="syz.1.1007" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbd1998ebe9 code=0x7ffc0000
[  605.972559][    C1] vkms_vblank_simulate: vblank timer overrun
[  606.132114][   T30] audit: type=1326 audit(1755756144.622:118): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10494 comm="syz.1.1007" exe="/root/syz-executor" sig=0 arch=c000003e syscall=431 compat=0 ip=0x7fbd1998ebe9 code=0x7ffc0000
[  606.236961][   T30] audit: type=1326 audit(1755756144.622:119): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10494 comm="syz.1.1007" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbd1998ebe9 code=0x7ffc0000
[  606.354085][   T30] audit: type=1326 audit(1755756144.622:120): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10494 comm="syz.1.1007" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbd1998ebe9 code=0x7ffc0000
[  606.375740][    C1] vkms_vblank_simulate: vblank timer overrun
[  606.505464][   T30] audit: type=1326 audit(1755756144.622:121): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10494 comm="syz.1.1007" exe="/root/syz-executor" sig=0 arch=c000003e syscall=186 compat=0 ip=0x7fbd1998ebe9 code=0x7ffc0000
[  606.626538][   T30] audit: type=1326 audit(1755756144.622:122): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10494 comm="syz.1.1007" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbd1998ebe9 code=0x7ffc0000
[  609.045615][T10531] lo: Caught tx_queue_len zero misconfig
[  613.278259][T10566] usb usb1: Requested nonsensical USBDEVFS_URB_ZERO_PACKET.
[  614.526191][T10570] netlink: 24 bytes leftover after parsing attributes in process `syz.1.1024'.
[  615.549030][T10600] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  618.879202][ T5964] usb 2-1: new high-speed USB device number 14 using dummy_hcd
[  619.960967][ T5964] usb 2-1: config 1 has too many interfaces: 66, using maximum allowed: 32
[  619.979140][ T5964] usb 2-1: config 1 has an invalid descriptor of length 55, skipping remainder of the config
[  620.149579][ T5964] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 66
[  620.158637][ T5964] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 52, changing to 9
[  620.189142][ T5964] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 8241, setting to 1024
[  620.221132][ T5964] usb 2-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[  620.254623][ T5964] usb 2-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[  620.302712][ T5964] usb 2-1: Product: syz
[  620.306954][ T5964] usb 2-1: Manufacturer: syz
[  620.590337][ T5964] cdc_wdm 2-1:1.0: skipping garbage
[  620.595620][ T5964] cdc_wdm 2-1:1.0: skipping garbage
[  620.616180][ T5964] cdc_wdm 2-1:1.0: cdc-wdm0: USB WDM device
[  620.633486][ T5964] cdc_wdm 2-1:1.0: Unknown control protocol
[  620.837213][ T5964] usb 2-1: USB disconnect, device number 14
[  622.146281][T10657] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  622.193333][T10657] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  624.563320][T10687] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off.
[  624.574777][T10687] overlayfs: "xino" feature enabled using 2 upper inode bits.
[  625.628069][T10699] syz.5.1045: attempt to access beyond end of device
[  625.628069][T10699] loop11: rw=0, sector=0, nr_sectors = 1 limit=0
[  625.641245][T10699] FAT-fs (loop11): unable to read boot sector
[  626.919541][ T5964] usb 6-1: new high-speed USB device number 6 using dummy_hcd
[  627.539300][ T5964] usb 6-1: Using ep0 maxpacket: 16
[  627.548957][ T5964] usb 6-1: config 0 has an invalid interface number: 48 but max is 0
[  627.565517][ T5964] usb 6-1: config 0 has no interface number 0
[  627.700493][ T5964] usb 6-1: config 0 interface 48 has no altsetting 0
[  628.073288][ T5964] usb 6-1: New USB device found, idVendor=1199, idProduct=b000, bcdDevice=a8.98
[  628.091602][ T5964] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  628.127440][ T5964] usb 6-1: Product: syz
[  628.137516][ T5964] usb 6-1: Manufacturer: syz
[  628.163879][ T5964] usb 6-1: SerialNumber: syz
[  628.376689][ T5964] usb 6-1: config 0 descriptor??
[  628.426140][ T5964] usb 6-1: can't set config #0, error -71
[  628.477720][ T5964] usb 6-1: USB disconnect, device number 6
[  629.649961][ T1301] ieee802154 phy0 wpan0: encryption failed: -22
[  629.656863][ T1301] ieee802154 phy1 wpan1: encryption failed: -22
[  632.673773][   T30] kauditd_printk_skb: 56 callbacks suppressed
[  632.673795][   T30] audit: type=1804 audit(1755756171.722:179): pid=10752 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz.5.1055" name="/newroot/166/file0" dev="tmpfs" ino=890 res=1 errno=0
[  637.024718][T10783] vlan3: entered promiscuous mode
[  637.030830][T10783] dummy0: entered promiscuous mode
[  637.037712][T10783] vlan3: entered allmulticast mode
[  637.043003][T10783] dummy0: entered allmulticast mode
[  637.076867][T10783] fuse: Bad value for 'rootmode'
[  638.456126][T10821] nbd: must specify a size in bytes for the device
[  638.981451][ T6011] Bluetooth: hci3: Frame reassembly failed (-84)
[  640.669473][ T5155] Bluetooth: hci3: Opcode 0x1003 failed: -110
[  645.129368][T10900] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1083'.
[  645.902023][T10908] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1085'.
[  645.911961][T10908] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1085'.
[  646.363972][T10911] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration
[  647.800346][T10921] binder: BINDER_SET_CONTEXT_MGR already set
[  647.806541][T10921] binder: 10918:10921 ioctl 4018620d 200000004a80 returned -16
[  648.089541][T10932] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[  656.273886][T11048] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration
[  657.526740][T11078] overlayfs: overlapping lowerdir path
[  658.632322][T11083] binder: BINDER_SET_CONTEXT_MGR already set
[  658.638514][T11083] binder: 11080:11083 ioctl 4018620d 200000004a80 returned -16
[  660.830786][T11095] 
[  660.833189][T11095] ======================================================
[  660.840422][T11095] WARNING: possible circular locking dependency detected
[  660.847575][T11095] 6.16.0-syzkaller #0 Not tainted
[  660.852630][T11095] ------------------------------------------------------
[  660.859928][T11095] syz.5.1121/11095 is trying to acquire lock:
[  660.866007][T11095] ffff888025534188 (&set->update_nr_hwq_lock){++++}-{4:4}, at: blk_mq_update_nr_hw_queues+0x3b/0x14c0
[  660.877040][T11095] 
[  660.877040][T11095] but task is already holding lock:
[  660.884420][T11095] ffff888025534230 (&nbd->config_lock){+.+.}-{4:4}, at: nbd_ioctl+0x131/0xeb0
[  660.893354][T11095] 
[  660.893354][T11095] which lock already depends on the new lock.
[  660.893354][T11095] 
[  660.903779][T11095] 
[  660.903779][T11095] the existing dependency chain (in reverse order) is:
[  660.912891][T11095] 
[  660.912891][T11095] -> #2 (&nbd->config_lock){+.+.}-{4:4}:
[  660.920735][T11095]        lock_acquire+0x120/0x360
[  660.925798][T11095]        __mutex_lock+0x182/0xe80
[  660.930844][T11095]        refcount_dec_and_mutex_lock+0x30/0xa0
[  660.937128][T11095]        nbd_config_put+0x2c/0x790
[  660.942264][T11095]        nbd_release+0xfe/0x140
[  660.947135][T11095]        bdev_release+0x533/0x650
[  660.952184][T11095]        blkdev_release+0x15/0x20
[  660.957373][T11095]        __fput+0x449/0xa70
[  660.962241][T11095]        fput_close_sync+0x119/0x200
[  660.967657][T11095]        __x64_sys_close+0x7f/0x110
[  660.972934][T11095]        do_syscall_64+0xfa/0x3b0
[  660.977982][T11095]        entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  660.984422][T11095] 
[  660.984422][T11095] -> #1 (&disk->open_mutex){+.+.}-{4:4}:
[  660.992366][T11095]        lock_acquire+0x120/0x360
[  660.997414][T11095]        __mutex_lock+0x182/0xe80
[  661.002470][T11095]        __del_gendisk+0x129/0x9e0
[  661.007600][T11095]        del_gendisk+0xe8/0x160
[  661.012469][T11095]        loop_remove+0x42/0xc0
[  661.017339][T11095]        loop_control_ioctl+0x4ac/0x5a0
[  661.022924][T11095]        __se_sys_ioctl+0xfc/0x170
[  661.028108][T11095]        do_syscall_64+0xfa/0x3b0
[  661.033166][T11095]        entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  661.040386][T11095] 
[  661.040386][T11095] -> #0 (&set->update_nr_hwq_lock){++++}-{4:4}:
[  661.049010][T11095]        validate_chain+0xb9b/0x2140
[  661.054327][T11095]        __lock_acquire+0xab9/0xd20
[  661.059537][T11095]        lock_acquire+0x120/0x360
[  661.064573][T11095]        down_write+0x96/0x1f0
[  661.069353][T11095]        blk_mq_update_nr_hw_queues+0x3b/0x14c0
[  661.075607][T11095]        nbd_start_device+0x16c/0xac0
[  661.080999][T11095]        nbd_ioctl+0x636/0xeb0
[  661.085783][T11095]        blkdev_ioctl+0x5a8/0x6d0
[  661.090827][T11095]        __se_sys_ioctl+0xfc/0x170
[  661.095960][T11095]        do_syscall_64+0xfa/0x3b0
[  661.100998][T11095]        entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  661.107429][T11095] 
[  661.107429][T11095] other info that might help us debug this:
[  661.107429][T11095] 
[  661.117665][T11095] Chain exists of:
[  661.117665][T11095]   &set->update_nr_hwq_lock --> &disk->open_mutex --> &nbd->config_lock
[  661.117665][T11095] 
[  661.131858][T11095]  Possible unsafe locking scenario:
[  661.131858][T11095] 
[  661.139313][T11095]        CPU0                    CPU1
[  661.144686][T11095]        ----                    ----
[  661.150064][T11095]   lock(&nbd->config_lock);
[  661.154669][T11095]                                lock(&disk->open_mutex);
[  661.161821][T11095]                                lock(&nbd->config_lock);
[  661.168946][T11095]   lock(&set->update_nr_hwq_lock);
[  661.174157][T11095] 
[  661.174157][T11095]  *** DEADLOCK ***
[  661.174157][T11095] 
[  661.182310][T11095] 1 lock held by syz.5.1121/11095:
[  661.187424][T11095]  #0: ffff888025534230 (&nbd->config_lock){+.+.}-{4:4}, at: nbd_ioctl+0x131/0xeb0
[  661.196860][T11095] 
[  661.196860][T11095] stack backtrace:
[  661.202763][T11095] CPU: 1 UID: 0 PID: 11095 Comm: syz.5.1121 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) 
[  661.202786][T11095] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  661.202797][T11095] Call Trace:
[  661.202805][T11095]  <TASK>
[  661.202812][T11095]  dump_stack_lvl+0x189/0x250
[  661.202837][T11095]  ? __pfx_dump_stack_lvl+0x10/0x10
[  661.202856][T11095]  ? __pfx__printk+0x10/0x10
[  661.202879][T11095]  ? print_lock_name+0xde/0x100
[  661.202903][T11095]  print_circular_bug+0x2ee/0x310
[  661.202926][T11095]  check_noncircular+0x134/0x160
[  661.202949][T11095]  validate_chain+0xb9b/0x2140
[  661.202970][T11095]  ? stack_depot_save_flags+0x40/0x900
[  661.202996][T11095]  __lock_acquire+0xab9/0xd20
[  661.203015][T11095]  ? blk_mq_update_nr_hw_queues+0x3b/0x14c0
[  661.203043][T11095]  lock_acquire+0x120/0x360
[  661.203057][T11095]  ? blk_mq_update_nr_hw_queues+0x3b/0x14c0
[  661.203082][T11095]  ? __mutex_trylock_common+0x153/0x260
[  661.203105][T11095]  down_write+0x96/0x1f0
[  661.203127][T11095]  ? blk_mq_update_nr_hw_queues+0x3b/0x14c0
[  661.203150][T11095]  ? __pfx_down_write+0x10/0x10
[  661.203170][T11095]  ? rcu_is_watching+0x15/0xb0
[  661.203189][T11095]  ? trace_contention_end+0x39/0x120
[  661.203210][T11095]  ? __mutex_lock+0x330/0xe80
[  661.203230][T11095]  blk_mq_update_nr_hw_queues+0x3b/0x14c0
[  661.203254][T11095]  ? blkdev_common_ioctl+0xfc3/0x2450
[  661.203275][T11095]  ? tomoyo_path_number_perm+0x1bc/0x5a0
[  661.203292][T11095]  ? nbd_ioctl+0x131/0xeb0
[  661.203316][T11095]  ? __pfx___mutex_lock+0x10/0x10
[  661.203337][T11095]  nbd_start_device+0x16c/0xac0
[  661.203359][T11095]  ? security_capable+0x7e/0x2e0
[  661.203384][T11095]  nbd_ioctl+0x636/0xeb0
[  661.203409][T11095]  ? __pfx_nbd_ioctl+0x10/0x10
[  661.203430][T11095]  ? __asan_memset+0x22/0x50
[  661.203455][T11095]  ? smack_file_ioctl+0x24a/0x340
[  661.203471][T11095]  ? __pfx_smack_file_ioctl+0x10/0x10
[  661.203487][T11095]  ? __pfx_nbd_ioctl+0x10/0x10
[  661.203510][T11095]  blkdev_ioctl+0x5a8/0x6d0
[  661.203530][T11095]  ? __pfx_blkdev_ioctl+0x10/0x10
[  661.203548][T11095]  ? __fget_files+0x2a/0x420
[  661.203569][T11095]  ? bpf_lsm_file_ioctl+0x9/0x20
[  661.203589][T11095]  ? __pfx_blkdev_ioctl+0x10/0x10
[  661.203608][T11095]  __se_sys_ioctl+0xfc/0x170
[  661.203634][T11095]  do_syscall_64+0xfa/0x3b0
[  661.203653][T11095]  ? lockdep_hardirqs_on+0x9c/0x150
[  661.203670][T11095]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  661.203687][T11095]  ? clear_bhb_loop+0x60/0xb0
[  661.203706][T11095]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  661.203723][T11095] RIP: 0033:0x7f94dcd8ebe9
[  661.203739][T11095] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  661.203755][T11095] RSP: 002b:00007f94ddcce038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  661.203773][T11095] RAX: ffffffffffffffda RBX: 00007f94dcfb5fa0 RCX: 00007f94dcd8ebe9
[  661.203789][T11095] RDX: 0000000000000000 RSI: 000000000000ab03 RDI: 0000000000000003
[  661.203800][T11095] RBP: 00007f94dce11e19 R08: 0000000000000000 R09: 0000000000000000
[  661.203811][T11095] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  661.203822][T11095] R13: 00007f94dcfb6038 R14: 00007f94dcfb5fa0 R15: 00007ffcad9feb98
[  661.203842][T11095]  </TASK>
[  661.624136][T11106] dvmrp17: entered allmulticast mode
[  661.969545][T11099] block nbd5: NBD_DISCONNECT
[  661.996472][T11099] block nbd5: Disconnected due to user request.
[  662.009954][T11104] dvmrp17: left allmulticast mode
[  662.030065][T11099] block nbd5: shutting down sockets