last executing test programs:

22.880879624s ago: executing program 3 (id=525):
r0 = socket$inet6(0xa, 0x2, 0x0)
bind$inet6(r0, &(0x7f0000000040)={0xa, 0xe22}, 0x1c)
connect$inet6(r0, &(0x7f0000000100)={0xa, 0x4e21, 0x4000003, @remote, 0xfffffffe}, 0x1c)
r1 = socket$netlink(0x10, 0x3, 0x8000000004)
writev(r1, &(0x7f0000001200)=[{&(0x7f0000000080)="580000001400add427323b472545b45602117fffffff81004e230e227f000001925aa80020007b00090080007f000001e809000000ff0000f03ac71002000000ffffffffffffffffffe7ee00000000000000000200000000", 0x58}], 0x1)
r2 = socket$kcm(0x10, 0x2, 0x0)
mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x3000002, 0x5d031, 0xffffffffffffffff, 0x0)
remap_file_pages(&(0x7f0000800000/0x800000)=nil, 0x800000, 0x0, 0x600, 0x0)
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0)
ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
r4 = openat$btrfs_control(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0)
ioctl$BTRFS_IOC_GET_SUPPORTED_FEATURES(r4, 0x80489439, &(0x7f0000009a00))
sendmsg$kcm(r2, &(0x7f0000000600)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000000)="2e0018060000000000002aa73b72cc9f0ba1f8482dd2f9954ce003c19a3b9a774d36796d", 0x24}], 0x1}, 0x4040080)

22.62086165s ago: executing program 3 (id=527):
r0 = creat(&(0x7f0000000000)='./file0\x00', 0x0)
r1 = openat$fuse(0xffffffffffffff9c, &(0x7f00000001c0), 0x42, 0x0)
mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f0000002140)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r1, @ANYBLOB=',rootmode=000000000100000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0])
read$FUSE(r1, &(0x7f0000006380)={0x2020, 0x0, <r2=>0x0}, 0x2020)
write$FUSE_INIT(r1, &(0x7f0000000040)={0x50, 0x0, r2, {0x7, 0x1f, 0x0, 0x10408, 0x0, 0x0, 0x2}}, 0x50)
syz_fuse_handle_req(r1, &(0x7f00000021c0)="0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000e00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000800000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000dc4e00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ba045abcd5dfc67d00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000081000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000230000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000050000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000090000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000dc000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000008000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000209bfd66eea210560000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000020000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000003dc150f4000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000030000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f50000000000000000000000000000000000000000000000000000000000000000000000000000000000c6d90000000000001354c4b6000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f8000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001a00", 0x2000, &(0x7f00000062c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000300)={0x20}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
r3 = openat(0xffffffffffffff9c, &(0x7f000000c380)='./file0\x00', 0x80101, 0x0)
dup2(r3, r1)
close_range(r0, 0xffffffffffffffff, 0x0)
r4 = socket(0x10, 0x2, 0x0)
ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(r4, 0x89f1, &(0x7f00000000c0)={'ip6_vti0\x00', &(0x7f0000000000)={'syztnl1\x00', 0x0, 0x0, 0x20, 0x0, 0x0, 0x0, @dev, @dev={0xfe, 0x80, '\x00', 0x37}, 0x0, 0x0, 0x0, 0x1}})

22.472611559s ago: executing program 3 (id=528):
r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000001140), 0xa00, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0)
mkdir(&(0x7f0000000300)='./bus\x00', 0x0)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000380)={[{@upperdir={'upperdir', 0x3d, './file1'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@workdir={'workdir', 0x3d, './bus'}}, {@nfs_export_on}]})
chdir(&(0x7f00000000c0)='./bus\x00')
r1 = creat(&(0x7f0000000440)='./file0\x00', 0x0)
open_by_handle_at(r1, &(0x7f0000000140)=ANY=[@ANYBLOB="18000000f8000300b7557b4c4649"], 0x830200)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3000001, 0x12, r0, 0x45809000)
add_key(&(0x7f0000000000)='rxrpc_s\x00', 0x0, 0x0, 0x0, 0xffffffffffffffff)

22.368826587s ago: executing program 3 (id=529):
r0 = syz_init_net_socket$nfc_llcp(0x27, 0x1, 0x1)
setsockopt$nfc_llcp_NFC_LLCP_RW(r0, 0x118, 0x0, 0x0, 0x0)
r1 = syz_init_net_socket$802154_raw(0x24, 0x3, 0x0)
setxattr$system_posix_acl(&(0x7f0000002a00)='.\x00', &(0x7f0000000000)='system.posix_acl_default\x00', &(0x7f0000000140)=ANY=[@ANYBLOB="0200000001000000000000000400000000a4dcaf870debefb6458a6f51b3750005001000"], 0x24, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
mkdir(&(0x7f00000000c0)='./bus\x00', 0x0)
mount$bind(&(0x7f00000002c0)='.\x00', &(0x7f0000000200)='./file0/../file0\x00', 0x0, 0x101091, 0x0)
mkdir(&(0x7f0000000440)='./file1\x00', 0x0)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000a00)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]})
chdir(&(0x7f00000001c0)='./bus\x00')
r2 = syz_open_dev$usbmon(&(0x7f0000000800), 0x3, 0x8800)
ioctl$MON_IOCT_RING_SIZE(r2, 0x9204, 0x0)
rmdir(&(0x7f0000000380)='./file0/../file0\x00')
openat$autofs(0xffffffffffffff9c, &(0x7f0000000040), 0x8000, 0x0)
mkdir(&(0x7f0000000100)='./file0\x00', 0x0)
syz_clone(0x20800000, 0x0, 0x0, 0x0, 0x0, 0x0)
r3 = openat$sndseq(0xffffffffffffff9c, &(0x7f00000000c0), 0xe2981)
r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpu.stat\x00', 0x275a, 0x0)
write$UHID_CREATE2(r4, &(0x7f0000000180)=ANY=[], 0x118)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x9, 0x12, r4, 0x0)
ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r3, 0xc08c5332, &(0x7f00000001c0)={0x0, 0x0, 0x0, 'queue0\x00'})
write$sndseq(r3, &(0x7f0000000000)=[{0x84, 0x77, 0x0, 0x0, @tick, {}, {}, @raw32={[0x2600, 0x0, 0x2000]}}], 0xffc8)
ioctl$NS_GET_OWNER_UID(r4, 0xb704, &(0x7f0000000180)=<r5=>0x0)
ioprio_set$uid(0x0, r5, 0x2004)
bind$802154_raw(r1, &(0x7f0000001440)={0x24, @short={0x2, 0x2, 0xffff}}, 0x8)

22.291868499s ago: executing program 3 (id=531):
r0 = syz_open_dev$dri(&(0x7f0000000000), 0x1, 0x0)
ioctl$DRM_IOCTL_MODE_ADDFB2(r0, 0xc06864b8, &(0x7f0000000040)={0x0, 0xae, 0x3ff, 0x30315559})
r1 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x482000)
syz_open_dev$audion(&(0x7f0000000200), 0x2, 0x0)
ioctl$DRM_IOCTL_SET_CLIENT_CAP(r0, 0x4010640d, &(0x7f0000000240)={0x13, 0x2})
ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(r1, 0xc01064b5, &(0x7f0000000040)={&(0x7f0000000100)=[<r2=>0x0, 0x0, 0x0, 0x0], 0x31})
ioctl$DRM_IOCTL_MODE_GETPLANE(r1, 0xc02064b6, &(0x7f00000001c0)={r2, 0x0, <r3=>0x0, 0x0, 0x0, 0x0, 0x0})
ioctl$DRM_IOCTL_MODE_OBJ_GETPROPERTIES(r1, 0xc02064b9, &(0x7f00000002c0)={0x0, 0x0, 0x0, r3, 0xfbfbfbfb}) (async)
ioctl$DRM_IOCTL_MODE_OBJ_GETPROPERTIES(r1, 0xc02064b9, &(0x7f00000002c0)={0x0, 0x0, 0x0, r3, 0xfbfbfbfb})
mount(&(0x7f0000000140)=@rnullb, &(0x7f0000000040)='./cgroup\x00', &(0x7f0000000000)='cgroup2\x00', 0xac003d, 0x0) (async)
mount(&(0x7f0000000140)=@rnullb, &(0x7f0000000040)='./cgroup\x00', &(0x7f0000000000)='cgroup2\x00', 0xac003d, 0x0)
syz_open_dev$evdev(&(0x7f0000000180), 0x0, 0x0) (async)
r4 = syz_open_dev$evdev(&(0x7f0000000180), 0x0, 0x0)
ioctl$EVIOCGRAB(r4, 0x40044590, &(0x7f00000001c0))
socket$kcm(0x10, 0x2, 0x0) (async)
r5 = socket$kcm(0x10, 0x2, 0x0)
ioctl$BTRFS_IOC_SYNC(r0, 0x9408, 0x0) (async)
ioctl$BTRFS_IOC_SYNC(r0, 0x9408, 0x0)
sendmsg$kcm(r5, &(0x7f0000000600)={0x0, 0xffffff7f, &(0x7f00000005c0)=[{&(0x7f0000000940)="2e00000010008188c0b62aa73772cc9f1ba1f848020000005e140602000000000e000a001000000002800000128c", 0x2e}], 0x1}, 0x0)
r6 = openat$nvme_fabrics(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0)
ioctl$KVM_CREATE_VCPU(r6, 0xae41, 0x0)

21.924134601s ago: executing program 3 (id=538):
r0 = syz_init_net_socket$ax25(0x3, 0x3, 0xcf)
ioctl$SIOCAX25CTLCON(r0, 0x89e8, &(0x7f00000013c0)={@default, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x2}, 0x6, 0x5, 0x2, [@remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @bcast, @bcast, @bcast, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x3}, @null]})
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000080)={'wlan1\x00', <r3=>0x0})
sendmsg$NL80211_CMD_START_NAN(r1, &(0x7f0000000140)={&(0x7f0000000000), 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x30, r2, 0x200, 0x70bd2b, 0x25dfdbfe, {{}, {@val={0x8, 0x3, r3}, @val={0xc, 0x99, {0x8, 0x5d}}}}, [@NL80211_ATTR_BANDS={0x8, 0xef, 0x1}]}, 0x30}, 0x1, 0x0, 0x0, 0x40000}, 0x40)

21.681409635s ago: executing program 32 (id=538):
r0 = syz_init_net_socket$ax25(0x3, 0x3, 0xcf)
ioctl$SIOCAX25CTLCON(r0, 0x89e8, &(0x7f00000013c0)={@default, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x2}, 0x6, 0x5, 0x2, [@remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @bcast, @bcast, @bcast, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x3}, @null]})
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000080)={'wlan1\x00', <r3=>0x0})
sendmsg$NL80211_CMD_START_NAN(r1, &(0x7f0000000140)={&(0x7f0000000000), 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x30, r2, 0x200, 0x70bd2b, 0x25dfdbfe, {{}, {@val={0x8, 0x3, r3}, @val={0xc, 0x99, {0x8, 0x5d}}}}, [@NL80211_ATTR_BANDS={0x8, 0xef, 0x1}]}, 0x30}, 0x1, 0x0, 0x0, 0x40000}, 0x40)

4.42449428s ago: executing program 1 (id=628):
mount(&(0x7f0000000000)=@sg0, &(0x7f0000000040)='./cgroup\x00', &(0x7f00000000c0)='nilfs2\x00', 0x810809, 0x0)
r0 = accept$phonet_pipe(0xffffffffffffffff, &(0x7f0000000080), &(0x7f0000000100)=0x10)
accept4(r0, &(0x7f0000000140)=@nfc, &(0x7f00000001c0)=0x80, 0x80000)

4.340993737s ago: executing program 1 (id=629):
r0 = openat$ppp(0xffffffffffffff9c, &(0x7f00000030c0), 0x82200, 0x0)
ioctl$PPPIOCNEWUNIT(r0, 0xc004743e, &(0x7f0000003100)=0x3)
ioctl$PPPIOCGNPMODE(r0, 0x4004743c, 0x0) (fail_nth: 3)

3.982150107s ago: executing program 1 (id=631):
mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x3000002, 0x5d031, 0xffffffffffffffff, 0x0)
r0 = userfaultfd(0x1)
ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f00000000c0)={0xaa, 0x100})
ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000000100)={{&(0x7f00000e2000/0xc00000)=nil, 0xc00000}, 0x1})
r1 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bind$bt_hci(r1, &(0x7f0000000040)={0x1f, 0x0, 0x1}, 0x6)
write$bt_hci(r1, &(0x7f0000000180)=ANY=[], 0xe)
r2 = socket$caif_stream(0x25, 0x1, 0x5)
sendmsg$inet(r2, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000340)=ANY=[], 0x18}, 0x2000c8d0)
connect$bt_l2cap(0xffffffffffffffff, &(0x7f0000000080)={0x1f, 0x0, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}, 0x7ff}, 0xe)
r3 = syz_usb_connect(0x0, 0x2d, &(0x7f0000000100)=ANY=[@ANYBLOB="12010000d5e9bd40eb030200c0ba050000010902115c01000000000904000001b504b100090581"], 0x0)
r4 = fsopen(&(0x7f0000000040)='ceph\x00', 0x0)
r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.io_service_time_recursive\x00', 0x275a, 0x0)
r6 = socket$inet6_sctp(0xa, 0x5, 0x84)
setsockopt$inet6_MCAST_JOIN_GROUP(r6, 0x29, 0x2a, &(0x7f0000000280)={0xffffffff, {{0xa, 0x4e24, 0xf78, @mcast1, 0x8}}}, 0x88)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x12, r5, 0x0)
ftruncate(r5, 0xa)
syz_kvm_setup_cpu$x86(r5, 0xffffffffffffffff, &(0x7f000023e000/0x18000)=nil, &(0x7f0000000000)=[@text64={0x40, &(0x7f0000000280)="0f23b448b8a8800000000000000f23d00f21f8353000000e0f23f8f3490f2d6f53450f0059c90fc71e650f9fe3c744240017010000c744240200780000ff1c24450f01c94a0faea1007000000f20e035000200000f22e0", 0x57}], 0x1, 0x14, &(0x7f0000000300)=[@cstype3={0x5, 0x7}, @cr4={0x1, 0x10}], 0x2)
fsconfig$FSCONFIG_SET_STRING(r4, 0x1, &(0x7f0000000480)='name', &(0x7f0000000ac0)='\xf0\xdd\x0e\xbd\x00', 0x0)
syz_usb_control_io$cdc_ncm(r3, 0x0, &(0x7f0000000400)={0x44, &(0x7f0000000000)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$printer(r3, 0x0, &(0x7f0000000480)={0x34, &(0x7f00000002c0)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0})
r7 = socket$nl_netfilter(0x10, 0x3, 0xc)
r8 = memfd_create(&(0x7f0000000340)='y\x105\xfc\xf7u\x83%\x1f\xe09@:r\xc2\xb9x0\x90P\x03\x00\x00\x00\x00\x00\x00\x00\xfe,\x1c\xf1\xdd\xcf]\xac\xbc\t\xa4\xfc\xa4j\x9f\xceX\x8f5=\xaa\xd5\xe9n\xab s\xa5\x00\x8d\tV\t\x91\x18\x06O\xb0=D\xda\xb6F\x1a\xc82\x8b\xc0l\xd0\x89d\xe6\xb7\xd8\x97\xb8\xde\xa3\x89\xc2%/u\x17\xdaM\x8d\x01L\x1c\xc5\xf0\xf6\x92\x05\x9aH\x00\'\xd4\x94d_\v\xfc\xad\x0f\xa8\xc5\xad\x00\xc2\x12\xff\xff\xff\xff\xff\xff\x00\x00\x00\x00\nj\x8c\xef\x90\xc0Z\xfa\x06\xb3\xf0wVq\xe9d\xac\xe9\xaa\x9dR\x00\x9b\xf8N\x80\xd1g\xd8e\xc8\x16\xad1\x02\xab\xce3\xb2\xb0\xd1\x11\xf0\xc2G\x1b+kV$\x80\x8aJ$\x81\xc0\x16\xf5\x9cz\x10\x97\xdb\x12H\xee/\xe3sY\x02D;L~\xd0\xb44\x01*\xfb\xa4 \xb2b\x90H$\xb2\xad\xbf\x8aM\xb6\x81\x81^\x02\xa0\xa7t\xfbHb\xa5=\xdd+$\xc06J\xb4\xf0\xab\x85Xz\x9f\xb2D$\xbe\xd9\x7f-\r\x9aj9r\n_\x11\xd4\x19\xb0\xa0G\xb7\x94\xf7\xfd~\xe9\xb6G\xbfE\xbb\x15\x15\xa6\xca2\xd0\xd3\x8c\xf7nO\xf9\xa8\xfd\x8a\xd2\xb2v\xff\xe4\xb0;\xd9\xa8\f\x03R\xbd%\x9fF\xee\x1e\x11X\f\x0f\xf0\xe2\xb5\xf8', 0xb)
fcntl$addseals(r8, 0x409, 0x4)
ftruncate(r8, 0xffff)
sendmsg$NFT_BATCH(r7, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r7, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000080)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x1}}, [@NFT_MSG_NEWRULE={0x34, 0x6, 0xa, 0x409, 0x0, 0x0, {0x2}, [@NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_USERDATA={0x5, 0x7, 0x1, 0x0, "f6"}]}], {0x14}}, 0x5c}, 0x1, 0x0, 0x0, 0x20008080}, 0x0)
sendmmsg$inet(0xffffffffffffffff, &(0x7f0000002d00)=[{{0x0, 0x0, 0x0}}], 0x1, 0xc0)
r9 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_group_source_req(r9, 0x0, 0x2c, &(0x7f0000000140)={0x7b47a95c, {{0x2, 0x4e23, @loopback}}, {{0x2, 0x4e20, @initdev={0xac, 0x1e, 0x1, 0x0}}}}, 0x108)

3.812811816s ago: executing program 2 (id=633):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000004c0), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x0, 0x24, 0x0, 0x0, 0x0, 0x2, 0xfffffffffffffffe, 0x200, 0x2}, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000000))
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_PIT(0xffffffffffffffff, 0x8048ae66, &(0x7f00000000c0)={[{0x0, 0x8, 0x0, 0x0, 0x3, 0xa5, 0xbd, 0xf9, 0xa9, 0x4, 0x0, 0x0, 0x40000000}, {0x8, 0x5, 0xfc, 0x3, 0x41, 0x0, 0x0, 0x2, 0x6, 0xff, 0x0, 0x2, 0x6}, {0x1003fe, 0x9, 0x0, 0xfd, 0x20, 0x5, 0xb3, 0x0, 0x3, 0xfe, 0x80, 0xf6, 0xb82e}], 0x9})
ioctl$KVM_RUN(r2, 0xae80, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000140)=[@text32={0x20, &(0x7f0000000180)="66ba4300b006ee0f01c40f009b27000000b9800000c00f3235008000000f30b80e0000000f23d80f21f835800000a00f23f8c9b9490300000f60b932c00a000000328fe858b660002fb90d090000b800680000ba000000000f30", 0x5a}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x3000000)

3.705797311s ago: executing program 2 (id=634):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240), 0x840, 0x0)
syz_usb_connect(0x5, 0x36, 0x0, 0x0)
r1 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f00000000c0)='cpuset.effective_mems\x00', 0x275a, 0x0)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
mkdir(&(0x7f0000000540)='./file0\x00', 0x108)
mount$cgroup(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040), 0x4000, &(0x7f0000000000))
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0)
ioctl$KVM_SET_MSRS(r4, 0xc008ae88, &(0x7f00000006c0)=ANY=[@ANYRESDEC=r3, @ANYRES16=r2, @ANYRESOCT=r1, @ANYBLOB="856660b12b3227d27f2edbeda5f19cdf0b386893f9da9778030de4ed28a29b2779ebc2783c2ea77d6ac52a319f25ac30ad7fc05088704c99a8f746ddd556548bb7440a3bb7886c5dbb47f910cb9e2299fa030aae4fdce498805382457a932086f2ff3bd87b151464f747712fabd028af2a62cf54bc9564f4e31747d61929291f5b492c9f2650fd219b11a67376f0df34d855ce45c032082384034d1205b2899dac9c5eee761472abd7f45ef8d4996e5a5a88537566e3", @ANYRESDEC=0x0, @ANYRES8=r1, @ANYBLOB="60c7eb90458381720289368b737eb2dbe9dd7b146c4039d8f99e6cc07526e6a2ba42c8af64b420c6467ced356115", @ANYRESHEX])
r5 = syz_socket_connect_nvme_tcp()
fcntl$lock(r5, 0x25, &(0x7f0000000000)={0x0, 0x2, 0x1b9, 0x80000002})
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
fcntl$lock(r1, 0x6, &(0x7f0000000200)={0x0, 0x0, 0x3, 0x1fd})
r6 = socket$can_j1939(0x1d, 0x2, 0x7)
ioctl$ifreq_SIOCGIFINDEX_vcan(r6, 0x8933, &(0x7f0000000280)={'vcan0\x00', <r7=>0x0})
bind$can_j1939(r6, &(0x7f0000000100)={0x1d, r7, 0x0, {}, 0xfd}, 0x18)
r8 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r8, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_REGISTER_COALESCED_MMIO(r8, 0x4010ae67, &(0x7f0000000380)={0x1, 0x0, 0x1})
r9 = ioctl$KVM_CREATE_VCPU(r8, 0xae41, 0x0)
ioctl$KVM_RUN(r9, 0xae80, 0x0)
ioctl$KVM_REGISTER_COALESCED_MMIO(r8, 0x4010ae67, &(0x7f0000000040)={0x0, 0x7000, 0x1})
ioctl$KVM_RUN(r9, 0xae80, 0x0)

3.6527288s ago: executing program 4 (id=635):
r0 = socket$packet(0x11, 0x2, 0x300)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000080)={'wlan0\x00', <r1=>0x0})
sendto$packet(r0, 0x0, 0xdc05, 0x2, &(0x7f00000000c0)={0x11, 0x7, r1, 0x1, 0x2, 0x6, @random="3909694ecfe4"}, 0x14)

3.529018756s ago: executing program 4 (id=636):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_ADD(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000140)=ANY=[@ANYBLOB="40000000090601020000000000000000040000000900020073797a31000000000500010007000000180007800c"], 0x40}, 0x1, 0x0, 0x0, 0x10000047}, 0x4000084)

3.490211062s ago: executing program 4 (id=637):
r0 = syz_usb_connect(0x2, 0x1cb, &(0x7f0000000040)=ANY=[@ANYBLOB="12010000122f0d4071040403dfe4000000010902b901010000003f0904"], 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io$uac1(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ecm(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io$hid(r0, 0x0, 0x0)
syz_usb_control_io$uac1(r0, 0x0, 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r0, 0x0, &(0x7f0000000480)={0x44, &(0x7f0000000200)={0x60, 0x18}, &(0x7f0000000240)={0x0, 0xa, 0x1, 0xf}, &(0x7f0000000280)={0x0, 0x8, 0x1, 0x9}, &(0x7f00000002c0)={0x20, 0x80, 0x1c, {0xde5f, 0x3, 0x0, 0xa107, 0x2, 0x5, 0x2a81, 0x79, 0x6, 0xf40, 0x0, 0x8}}, &(0x7f0000000300)={0x20, 0x85, 0x4, 0x3f}, &(0x7f0000000340)={0x20, 0x83, 0x2}, &(0x7f0000000380)={0x20, 0x87, 0x2, 0x7}, &(0x7f00000003c0)={0x20, 0x89, 0x2, 0x1}})

2.18265984s ago: executing program 1 (id=639):
r0 = syz_open_dev$vim2m(&(0x7f0000000000), 0x7, 0x2)
ioctl$vim2m_VIDIOC_S_FMT(r0, 0xc0d05605, &(0x7f00000005c0)={0x600, @pix_mp={0x3ff, 0xfff, 0x34325241, 0x3, 0x0, [{0x8, 0xf}, {0x8, 0x29f6ebcd}, {0xd, 0x8}, {0x5, 0x8}, {0x2, 0x3}, {0x5, 0x3}, {0x6, 0x409}, {0x10001, 0x1800000}], 0x0, 0xd, 0x2, 0x3078182a3427730f, 0x1}})

2.180806364s ago: executing program 2 (id=640):
setsockopt$RDS_RECVERR(0xffffffffffffffff, 0x114, 0x5, &(0x7f0000000000), 0x4)
r0 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
ioctl$VHOST_SET_OWNER(r0, 0xaf01, 0x0)
r1 = openat2(0xffffffffffffffff, &(0x7f0000000080)='./file0\x00', &(0x7f00000000c0)={0x38001, 0x1c1, 0x10}, 0x18)
ioctl$TIOCSRS485(r1, 0x542f, &(0x7f0000000100)={0x3, 0x8f0, 0x2})
fsync(r0)
ioctl$sock_SIOCETHTOOL(r1, 0x8946, &(0x7f0000000440)={'macvlan1\x00', &(0x7f0000000140)=@ethtool_per_queue_op={0x4b, 0xe, [0x2, 0x4, 0x8, 0x8, 0x2, 0x8, 0x4, 0x5, 0x7f, 0x7, 0x1, 0x0, 0x2, 0x1, 0x2, 0xe, 0x9, 0x4, 0x2, 0x4, 0x6, 0x395f, 0x7, 0x2, 0x7, 0xc8da, 0x7, 0x3ff, 0x5, 0xfff, 0xc3, 0x6, 0xb4, 0xfffffff8, 0xd, 0x2, 0x6, 0x1, 0x9, 0x5ca6, 0x5, 0x9, 0x9, 0x5, 0x1, 0x7, 0x8001, 0x6, 0x79c, 0x0, 0x8ffb, 0x1, 0xff, 0x6, 0x0, 0x7, 0x80000001, 0xe00, 0x3, 0x9, 0x4, 0x7fff, 0xff, 0x800, 0x5, 0x8, 0xfffffffa, 0x6, 0x4, 0x4, 0x3, 0x808, 0x5, 0x80000000, 0xfffffffa, 0x4, 0x6, 0x7fffffff, 0x0, 0x5, 0x401, 0x0, 0xfffff000, 0x6, 0xbf, 0x7, 0xa1, 0x7, 0x5, 0x100, 0x7, 0xfffffff5, 0x8, 0x7, 0xfffffff8, 0x0, 0x2, 0x0, 0x5, 0x2, 0x1, 0x2, 0x1, 0x10001, 0x80000000, 0x9, 0xe000, 0x4, 0x0, 0x4db, 0x7, 0x2, 0x0, 0xc, 0x2, 0x23d0, 0x4, 0x9, 0x9, 0x8, 0x4, 0x5, 0x2, 0x3ff, 0x7f, 0xdd, 0x4000000, 0xa], "a916e8761024edbf0d33e456ed57d02ec74698d5225eff1fbd211df50ba96771f6c1677fc87ad293fc0f4be6ede4814ed6823e26ec40520ed586f146aa3f4125575341e8dcadd2c303444c95062bdaebea22ebe52391775c3909984807f0dc3ed04c48afaee45542b71f49294d7a66b4b206d4fb8da5fdbc78f53db7cc3d22f1637c7245eadfd6baffebad530cb876605a32c747d4ec1631bb15afc88a91da181b8f0cc3b0ec9ab23f6ce6a9553e9a111d8aade069126a70d1bff38037e6f05503667518b8aa2086a0a63392e18bed68ebf5e140015e948f4fc1fd419df26d79f73167f7a407d18793207db8147463a10751"}})
ioctl$VHOST_SET_VRING_BASE(r0, 0x4008af12, &(0x7f0000000480)={0x2, 0x9})
r2 = eventfd(0x2)
write$eventfd(r2, &(0x7f00000004c0)=0xc, 0x8)
ioctl$PPPIOCDISCONN(r1, 0x7439)
setsockopt$pppl2tp_PPPOL2TP_SO_DEBUG(r1, 0x111, 0x1, 0xc1, 0x4)
write$eventfd(r2, &(0x7f0000000500)=0x9, 0x8)
getsockopt$inet_sctp_SCTP_CONTEXT(r1, 0x84, 0x11, &(0x7f0000000540)={<r3=>0x0, 0x9}, &(0x7f0000000580)=0x8)
getsockopt$inet_sctp_SCTP_PEER_ADDR_THLDS(r1, 0x84, 0x1f, &(0x7f00000005c0)={r3, @in6={{0xa, 0x4e21, 0x1, @private0={0xfc, 0x0, '\x00', 0x1}, 0x6}}, 0x9, 0x4}, &(0x7f0000000680)=0x90)
getsockopt$inet_sctp6_SCTP_PR_ASSOC_STATUS(r1, 0x84, 0x73, &(0x7f00000006c0)={r3, 0xf821, 0x10, 0x3fffffffc00000, 0x3}, &(0x7f0000000700)=0x18)
ioctl$VHOST_SET_LOG_BASE(r0, 0x4008af04, &(0x7f0000000780)=&(0x7f0000000740))
r4 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000800), r1)
sendmsg$IPVS_CMD_GET_DEST(0xffffffffffffffff, &(0x7f0000000940)={&(0x7f00000007c0)={0x10, 0x0, 0x0, 0x800400}, 0xc, &(0x7f0000000900)={&(0x7f0000000840)={0x90, r4, 0x2, 0x70bd2b, 0x25dfdbfb, {}, [@IPVS_CMD_ATTR_TIMEOUT_TCP={0x8, 0x4, 0x2}, @IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8, 0x5, 0x8}, @IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0x1}, @IPVS_CMD_ATTR_TIMEOUT_TCP={0x8, 0x4, 0x5}, @IPVS_CMD_ATTR_DEST={0xc, 0x2, 0x0, 0x1, [@IPVS_DEST_ATTR_PERSIST_CONNS={0x8, 0x9, 0x3}]}, @IPVS_CMD_ATTR_DAEMON={0x50, 0x3, 0x0, 0x1, [@IPVS_DAEMON_ATTR_STATE={0x8, 0x1, 0x2}, @IPVS_DAEMON_ATTR_STATE={0x8, 0x1, 0x1}, @IPVS_DAEMON_ATTR_MCAST_GROUP={0x8, 0x5, @private=0xa010102}, @IPVS_DAEMON_ATTR_MCAST_TTL={0x5, 0x8, 0x81}, @IPVS_DAEMON_ATTR_MCAST_GROUP={0x8, 0x5, @empty}, @IPVS_DAEMON_ATTR_MCAST_IFN={0x14, 0x2, 'bridge_slave_0\x00'}, @IPVS_DAEMON_ATTR_STATE={0x8, 0x1, 0x2}, @IPVS_DAEMON_ATTR_SYNC_ID={0x8, 0x3, 0x2}]}]}, 0x90}, 0x1, 0x0, 0x0, 0x4000}, 0x0)
r5 = socket$can_j1939(0x1d, 0x2, 0x7)
close_range(r5, r0, 0x0)
getsockopt$ARPT_SO_GET_ENTRIES(r1, 0x0, 0x61, &(0x7f0000000980)={'filter\x00', 0x50, "9dbb458a9153d246546789ba8f6b7888a105ef2065d7a20b6e3e0d3d7eed8ff85bbde834731caf2b2415f153d2d2ed50cb4469637548b7a969dc9dd186403be8675996e4acf37ad68080c1c8fe6713eb"}, &(0x7f0000000a00)=0x74)
ioctl$sock_ipv4_tunnel_SIOCGETTUNNEL(r1, 0x89f0, &(0x7f0000000b00)={'ip_vti0\x00', &(0x7f0000000a80)={'syztnl2\x00', <r6=>0x0, 0x7, 0xf800, 0xba86, 0x4, {{0x16, 0x4, 0x2, 0xb, 0x58, 0x64, 0x0, 0x7, 0x4, 0x0, @rand_addr=0x64010101, @dev={0xac, 0x14, 0x14, 0x12}, {[@timestamp_prespec={0x44, 0x44, 0xc2, 0x3, 0x5, [{@multicast2, 0x3}, {@local, 0xad}, {@dev={0xac, 0x14, 0x14, 0x2a}, 0x6}, {@multicast2, 0x50ece70a}, {@empty, 0x7}, {@multicast1, 0x1}, {@local, 0x7}, {@initdev={0xac, 0x1e, 0x1, 0x0}, 0xd}]}]}}}}})
getsockopt$inet6_mreq(r1, 0x29, 0x15, &(0x7f0000000b40)={@private2, <r7=>0x0}, &(0x7f0000000b80)=0x14)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r5, 0x8933, &(0x7f0000000bc0)={'batadv_slave_1\x00', <r8=>0x0})
ioctl$sock_ipv6_tunnel_SIOCGET6RD(r1, 0x89f8, &(0x7f0000000c40)={'sit0\x00', &(0x7f0000000c00)={'gre0\x00', <r9=>0x0, 0x40, 0x8, 0xd, 0x7f, {{0x6, 0x4, 0x2, 0x10, 0x18, 0x64, 0x0, 0x2, 0x4, 0x0, @local, @dev={0xac, 0x14, 0x14, 0x1f}, {[@ra={0x94, 0x4, 0x1}]}}}}})
ioctl$sock_ipv6_tunnel_SIOCGETTUNNEL(r1, 0x89f0, &(0x7f0000000d00)={'ip6gre0\x00', &(0x7f0000000c80)={'syztnl1\x00', <r10=>0x0, 0x2f, 0x0, 0xc, 0x7, 0xe3, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @private1={0xfc, 0x1, '\x00', 0x1}, 0x20, 0x40, 0xc0000000, 0x200}})
ioctl$sock_ipv6_tunnel_SIOCGET6RD(r1, 0x89f8, &(0x7f0000000e80)={'syztnl0\x00', &(0x7f0000000d40)={'erspan0\x00', <r11=>0x0, 0x700, 0x7, 0x7, 0x7, {{0x46, 0x4, 0x2, 0x4, 0x118, 0x67, 0x0, 0xe3, 0x38, 0x0, @local, @remote, {[@cipso={0x86, 0x48, 0x2, [{0x0, 0xe, "cd05b3fab6f16e7b85661745"}, {0x1, 0xe, "56f13afc439f7c60a94d52db"}, {0x2, 0x4, "4fda"}, {0x2, 0x7, "78cd9edeb4"}, {0x2, 0x3, "d9"}, {0x7, 0x9, "640c1bdda0c306"}, {0x0, 0xf, "06c73f23bd93390c984f26d68a"}]}, @timestamp_addr={0x44, 0x4c, 0x85, 0x1, 0xb, [{@dev={0xac, 0x14, 0x14, 0x3a}, 0x3}, {@remote, 0xffff}, {@loopback, 0x5}, {@private=0xa010100, 0x8}, {@dev={0xac, 0x14, 0x14, 0x28}, 0x40}, {@private=0xa010101, 0x401}, {@private=0xa010101, 0x2}, {@dev={0xac, 0x14, 0x14, 0x1a}, 0x2}, {@private=0xa010102, 0x5}]}, @timestamp_prespec={0x44, 0xc, 0x8a, 0x3, 0x8, [{@loopback}]}, @ssrr={0x89, 0x17, 0x1f, [@multicast2, @remote, @remote, @rand_addr=0x64010100, @dev={0xac, 0x14, 0x14, 0x1b}]}, @timestamp_prespec={0x44, 0x3c, 0xef, 0x3, 0x6, [{@rand_addr=0x64010102, 0x8}, {@remote, 0xfffffffb}, {@rand_addr=0x64010102, 0x1}, {@private=0xa010102, 0x8000}, {@private=0xa010102, 0x1}, {@remote, 0x5}, {@multicast2}]}, @ra={0x94, 0x4}, @timestamp_addr={0x44, 0xc, 0x93, 0x1, 0x4, [{@empty, 0x9}]}]}}}}})
getsockopt$inet6_mreq(0xffffffffffffffff, 0x29, 0x15, &(0x7f0000000ec0)={@initdev, <r12=>0x0}, &(0x7f0000000f00)=0x14)
sendmsg$TEAM_CMD_PORT_LIST_GET(r1, &(0x7f0000001600)={&(0x7f0000000a40)={0x10, 0x0, 0x0, 0x2}, 0xc, &(0x7f00000015c0)={&(0x7f0000001100)={0x498, 0x0, 0x100, 0x70bd2b, 0x25dfdbff, {}, [{{0x8}, {0x1fc, 0x2, 0x0, 0x1, [{0x3c, 0x1, @user_linkup={{{0x24}, {0x5}, {0x4}}, {0x8, 0x6, r6}}}, {0x4c, 0x1, @lb_tx_method={{0x24}, {0x5}, {0x19, 0x4, 'hash_to_port_mapping\x00'}}}, {0x38, 0x1, @notify_peers_count={{0x24}, {0x5}, {0x8, 0x4, 0x9}}}, {0x40, 0x1, @queue_id={{{0x24}, {0x5}, {0x8, 0x4, 0xfffffffc}}, {0x8, 0x6, r7}}}, {0x3c, 0x1, @lb_tx_method={{0x24}, {0x5}, {0x9, 0x4, 'hash\x00'}}}, {0x3c, 0x1, @user_linkup_enabled={{{0x24}, {0x5}, {0x4}}, {0x8, 0x6, r8}}}, {0x40, 0x1, @lb_hash_stats={{{0x24}, {0x5}, {0x8, 0x4, 0x9}}, {0x8}}}, {0x40, 0x1, @lb_tx_hash_to_port_mapping={{{0x24}, {0x5}, {0x8, 0x4, r9}}, {0x8}}}]}}, {{0x8}, {0x138, 0x2, 0x0, 0x1, [{0x38, 0x1, @notify_peers_count={{0x24}, {0x5}, {0x8, 0x4, 0x8}}}, {0x40, 0x1, @queue_id={{{0x24}, {0x5}, {0x8, 0x4, 0x56}}, {0x8, 0x6, r10}}}, {0x40, 0x1, @queue_id={{{0x24}, {0x5}, {0x8, 0x4, 0x400}}, {0x8, 0x6, r11}}}, {0x40, 0x1, @lb_tx_hash_to_port_mapping={{{0x24}, {0x5}, {0x8}}, {0x8}}}, {0x3c, 0x1, @user_linkup={{{0x24}, {0x5}, {0x4}}, {0x8, 0x6, r12}}}]}}, {{0x8}, {0x138, 0x2, 0x0, 0x1, [{0x3c, 0x1, @enabled={{{0x24}, {0x5}, {0x4}}, {0x8}}}, {0x38, 0x1, @lb_stats_refresh_interval={{0x24}, {0x5}, {0x8, 0x4, 0x8}}}, {0x40, 0x1, @lb_port_stats={{{0x24}, {0x5}, {0x8, 0x4, 0x5}}, {0x8}}}, {0x40, 0x1, @lb_port_stats={{{0x24}, {0x5}, {0x8, 0x4, 0x3}}, {0x8}}}, {0x40, 0x1, @lb_port_stats={{{0x24}, {0x5}, {0x8, 0x4, 0xe7620f91}}, {0x8}}}]}}]}, 0x498}, 0x1, 0x0, 0x0, 0x4048040}, 0x4000001)

2.068877259s ago: executing program 1 (id=641):
sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0)
mkdir(&(0x7f0000000040)='./file1\x00', 0x0)
mkdir(&(0x7f0000000300)='./bus\x00', 0x0)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000340)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]})
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000044c0)={0x0}, 0x1, 0x0, 0x0, 0x810}, 0x20004000)
chdir(&(0x7f00000003c0)='./bus\x00')
openat$incfs(0xffffffffffffff9c, 0x0, 0xc0140, 0x0)
r1 = socket$l2tp(0x2, 0x2, 0x73)
getsockopt$IP_VS_SO_GET_DESTS(r1, 0x0, 0x484, &(0x7f0000000040)=""/68, &(0x7f00000000c0)=0x18)
mount$binderfs(0x0, &(0x7f00000001c0)='./binderfs\x00', 0x0, 0x89c030, &(0x7f0000000240)={[{@stats}]})
mknodat(0xffffffffffffff9c, &(0x7f00000000c0)='./file2\x00', 0x81c0, 0x0)
execveat(0xffffffffffffff9c, &(0x7f0000000280)='./file2\x00', 0x0, 0x0, 0x0)

1.942226599s ago: executing program 2 (id=642):
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000600)={{0x14, 0x10, 0x4}, [], {0x14, 0x10, 0x1, 0x0, 0x0, {0x0, 0x84}}}, 0x28}}, 0x0)
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$NFC_CMD_GET_TARGET(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f00000005c0)={&(0x7f0000000040)={0x14, 0x0, 0x4}, 0x14}}, 0x0)
syz_genetlink_get_family_id$nfc(&(0x7f0000000140), r0)
r1 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000300), r0)
sendmsg$NL802154_CMD_NEW_INTERFACE(r0, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000580)=ANY=[@ANYBLOB='0\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="0100000000000000eeff110000000a0004007778616e3300000008001500", @ANYRES32, @ANYBLOB="080001"], 0x30}}, 0x0)
r2 = syz_genetlink_get_family_id$netlbl_unlabel(&(0x7f0000000100), r0)
sendmsg$NLBL_UNLABEL_C_STATICLIST(r0, &(0x7f0000000240)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f0000000200)={&(0x7f0000000180)=ANY=[@ANYBLOB="5bffffea", @ANYRES16=r2, @ANYBLOB="000326bd7000fcdbdf2505000000080004007f000001050001000100000005000100010000001400060070696d3672656700000000000000000008000500e00000011400060069703665727370616e30000000000000"], 0x5c}, 0x1, 0x0, 0x0, 0x100}, 0x8000)

1.917408216s ago: executing program 1 (id=643):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000580), 0x202, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = syz_open_dev$vim2m(&(0x7f0000000000), 0xc74, 0x2)
mprotect(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1)
r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='cgroup.stat\x00', 0x275a, 0x0)
write$UHID_CREATE2(r3, &(0x7f00000001c0)=ANY=[], 0x118)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x5, 0x12, r3, 0x0)
r4 = socket$inet_udplite(0x2, 0x2, 0x88)
setsockopt$inet_int(r4, 0x0, 0x32, &(0x7f0000000080)=0xa8e, 0x4)
connect$pppl2tp(0xffffffffffffffff, &(0x7f00000000c0)=@pppol2tpv3in6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x2, 0x0, 0x4, 0x0, {0xa, 0x4e20, 0x401, @private1}}}, 0x3a)
ioctl$vim2m_VIDIOC_TRY_FMT(r2, 0xc0205648, &(0x7f0000000940)={0xf010000, @raw_data="d0eeca36b1877a4b628d7f29fa8ccd477acd0a98a902346e3c5563910a9697d3349ff06800f66f2f8b38814898c7acb5d098c94f1f482a38860fd17cffbae7e3108d509572dbabe128652405179463a8caec475af2520de3ee72fde245fdb9fbf5f3f955b5a1fa5f821f84167db69fb846846a7afe537b43d70cc8fb7d9afa6d88e10d51582fb3e0e824ecba5c8e65bbafb556fe373afed2bcd9d4f75fc7b6da76a9d59d4689052c34dfdf4fb8d8040189b5dac7109beb21be9f7769879c7046057e5802c156c67d"})
ioctl$KVM_GET_NESTED_STATE(r0, 0xc080aebe, &(0x7f0000001240)={{0x0, 0x0, 0x80}})
syz_usb_control_io$hid(0xffffffffffffffff, 0x0, 0x0)
syz_usb_control_io$hid(0xffffffffffffffff, &(0x7f0000000100)={0x24, 0x0, 0x0, &(0x7f0000000080)=ANY=[@ANYRES16=0x0], 0x0}, 0x0)
r5 = syz_open_dev$hiddev(&(0x7f0000000540), 0x0, 0x0)
ioctl$HIDIOCSUSAGE(r5, 0x4018480c, &(0x7f0000000040)={0x1, 0xffffffff, 0xdd56, 0xa1, 0xc, 0x6})
r6 = syz_open_dev$vcsn(&(0x7f0000000180), 0x1, 0x0)
read$FUSE(r6, 0x0, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
syz_usb_connect(0x0, 0x428, &(0x7f0000000680)={{0x12, 0x1, 0x341, 0xd7, 0x46, 0x15, 0x10, 0x7d1, 0x3a08, 0xc3b1, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x416, 0x3, 0x2, 0x3, 0x10, 0xc, [{{0x9, 0x4, 0xa3, 0x6, 0x4, 0x62, 0x97, 0x67, 0x79, [@cdc_ecm={{0x9, 0x24, 0x6, 0x0, 0x0, "6cdc93e1"}, {0x5, 0x24, 0x0, 0x1ff}, {0xd, 0x24, 0xf, 0x1, 0x7, 0x3, 0xccb3}, [@acm={0x4, 0x24, 0x2, 0xc}, @mdlm={0x15, 0x24, 0x12, 0x3}, @acm={0x4, 0x24, 0x2, 0xa}, @mbim={0xc, 0x24, 0x1b, 0xfffc, 0x1000, 0xf9, 0x9, 0x8, 0xf9}]}, @uac_as], [{{0x9, 0x5, 0x2, 0x0, 0x8, 0xde, 0x4, 0x3}}, {{0x9, 0x5, 0xa, 0x8, 0x20, 0x0, 0x5, 0x3, [@uac_iso={0x7, 0x25, 0x1, 0x2, 0x5, 0xa}, @uac_iso={0x7, 0x25, 0x1, 0x83, 0x7d, 0x9}]}}, {{0x9, 0x5, 0xd, 0x2, 0x10, 0x7, 0x6, 0x8, [@generic={0x37, 0x2, "fe64dfce178c07519051cd26a88f1a973832e6f33ad726cd504ef66135d3c0cad44286b3caec8d02f69b177eef49f89d4da7c7bd8b"}]}}, {{0x9, 0x5, 0x1, 0x3, 0x30, 0x3, 0xf, 0xf2}}]}}, {{0x9, 0x4, 0x42, 0xb, 0x2, 0xff, 0x3, 0x4a, 0x5, [], [{{0x9, 0x5, 0xb, 0x0, 0x3ff, 0xd, 0x2, 0x40, [@uac_iso={0x7, 0x25, 0x1, 0x0, 0x8, 0x8}]}}, {{0x9, 0x5, 0x3, 0x10, 0x20, 0x0, 0x9, 0x2d}}]}}, {{0x9, 0x4, 0x4, 0x2, 0xb, 0xb0, 0xeb, 0x7b, 0x10, [@uac_control={{0xa, 0x24, 0x1, 0x6, 0x9}, [@feature_unit={0x9, 0x24, 0x6, 0x6, 0x4, 0x1, [0x8], 0xff}]}], [{{0x9, 0x5, 0xc, 0x0, 0x40, 0x1, 0x0, 0x6, [@uac_iso={0x7, 0x25, 0x1, 0x80, 0x4, 0x98b}, @uac_iso={0x7, 0x25, 0x1, 0x3, 0x7f, 0xa}]}}, {{0x9, 0x5, 0x0, 0x3, 0x200, 0x6, 0x6, 0x3, [@generic={0x4e, 0x7, "4eb9c955503033981ab85bf052c9c09f92e390e2b0a248d5606ddafd8dcf3311f85105db712ef8ef075ea374b657ca1be6a847118cc9b742ab6ff346d54d4bdf146c3ce4b8def88559c9baee"}, @generic={0xd9, 0x21, "9f6f0cd71db37c1e3ea8a829965c147d6bf135dae02f38dcb19a600b2e31ebd4900df8cf367e3ee2ca119e64583cbf9afb9a193cbf5fb77ebbcb67bdcf3cb2d636a7abc8399b57ed932fb9d2919a4bf1231cfc965fe930f32e817df2dfd169ccd59fd2fd6ee528aea08fd80dc72c5e06af10c4aa2077bc2ae5ded15c26449f9a1bfb5d86aefde1f5483388204afbd0372b881dd82be5a4cc8c7521cd0ea6f35df507947f04ba2179ecce31a2f0ef3c27d93f6d7222ff50b4c4ffa00170c18cf63683174e04645a176cc233d7c93ac9c60f81e75855bf90"}]}}, {{0x9, 0x5, 0xf, 0x0, 0x10, 0x7, 0xf, 0xa, [@generic={0x65, 0x7, "ad7c04080526fadffd106511cfa9b3693ebbdbe1f1f465a5158f4fdb4aca49d7f2357e08ad2d364e8be07bb5bedf89243bcb06d01ebd6221d49354e9332865f195811906cdf5fcc6d737015880ebc3231f68bb20fe2d902e5d7ff4d14ac33ba4626cc4"}]}}, {{0x9, 0x5, 0x0, 0x10, 0x10, 0x5, 0xa, 0x2, [@uac_iso={0x7, 0x25, 0x1, 0x0, 0x6, 0xa}]}}, {{0x9, 0x5, 0x85, 0x0, 0x0, 0x3, 0x1, 0x0, [@uac_iso={0x7, 0x25, 0x1, 0x2, 0x0, 0x7fff}]}}, {{0x9, 0x5, 0xd, 0x0, 0x10, 0x8, 0xd, 0x3, [@uac_iso={0x7, 0x25, 0x1, 0x0, 0x8, 0x9}]}}, {{0x9, 0x5, 0x80, 0x10, 0x20, 0x9a, 0x2, 0x6, [@generic={0x2, 0x22}]}}, {{0x9, 0x5, 0x8, 0x3, 0x20, 0x6, 0x7, 0x5}}, {{0x9, 0x5, 0x7, 0x0, 0x20, 0xb9, 0x8, 0xfe, [@generic={0x2, 0x22}, @generic={0x2, 0x22}]}}, {{0x9, 0x5, 0x8, 0x10, 0x8, 0x8c, 0xa, 0x0, [@generic={0x8, 0x30, "40ef5edb61f4"}, @generic={0xfa, 0x8, "b92b865f71c0710ad728e7d18c07abab4d5451858ac186e4c5c4fbbaecbc084027f5d99c60f5cb2abebdceaef6db612c33a71784aaeede0bc18de1278132c5140249699c5f5bbb1c691c04ca7dbd6ddaa36f161be08eea35526f169ff91fa35129f457bd3bc091cec4909ee267c188d94bae25b0f1c0677ecfef61553d71fcb01ca555a68c92b57e05ec4666ca7e0dbb69d5626f40cea2880d7eee60b019d7e19525c5c72faabe2def6302984409d56095af279a64e63cb72654b94b139f19e541943912846272605b075d440b5a68a902ccebcce3eac5903f5854bfd4d31bfe18478b8034be2b882aab1b1f6c837f8d592d167f68c816a2"}]}}, {{0x9, 0x5, 0x2, 0x10, 0x10, 0x3, 0x3, 0x3e}}]}}]}}]}}, &(0x7f00000005c0)={0xa, &(0x7f0000000000)={0xa, 0x6, 0x201, 0x9, 0x7, 0xf, 0x20, 0x1}, 0x37, &(0x7f00000032c0)={0x5, 0xf, 0x37, 0x3, [@ext_cap={0x7, 0x10, 0x2, 0x4, 0x1, 0x0, 0x6}, @wireless={0xb, 0x10, 0x1, 0xc, 0x2, 0x8b, 0x6, 0x7, 0xc}, @ssp_cap={0x20, 0x10, 0xa, 0x33, 0x5, 0x62, 0xf, 0xfff, [0x0, 0xff0000, 0x3f00, 0x30, 0x3f]}]}, 0x7, [{0x61, &(0x7f0000000180)=@string={0x61, 0x3, "931d5322a0c416a085ddc5c7fb1043090a3478f60992292d0fe0e3f7708821f3d56523d2ad6e2418672e03c73d5d3a4ed1c57ae4bd0ff6f0a642ec82815cf6927422bfa2d71044c1494dbab90d6e6b907a3bd25787c0eb6207f607f57b9d55"}}, {0x74, &(0x7f0000000280)=@string={0x74, 0x3, "fbe670353eb2d04ef4b5f097900104a8387ad843c279f6ee29dc95431f6668faceeebdfc4e5f920729d4ad0ce789d16971f7f6355eef5a7f38c9e14b0ef380a22a6a7146e53c9bccd9eb5eab99cd28cb4f130970b99be5b24a76b682b7f20137f3c218f2ba797166e4c3f10bc6d0a3685375"}}, {0x9b, &(0x7f0000000300)=@string={0x9b, 0x3, "fd9c0384028e9d5725f8c524b80ce4175796a14d3cbb8ae5dc6a17a235f42c42dfd250e4ce34f481dbcf5e8ebaa7596cdef2ff39e07be547dade48259ef5e46a9d9a41a713c19369102c8a8037af41e9ffccc7c2d000ffb3c285cd8144c5881f220ba761ad068d57f41e0b95bdf1910558d3d00135dad435a292f5625b730dff6260b71de5ec082860b536135e6b5af77afa8ee4cf2ec79695"}}, {0xba, &(0x7f00000003c0)=@string={0xba, 0x3, "dcfbd5ca07c62442b12e75bcc05f9256f94c2d34ca8f5084f24f17e952c60e06ebc7abcc2dbc346038254bee0880df81e9959666394296ff367078b2b08f4c359e0b8bf641d1a28352a2a10c4fccad0612159aad29afdf338c6c36a8db715e9e800e0c016d47097bd4393e197d799553d48fdb120427b1f2f1706dd76ad74555c07576350e7cefdc5d2eddc66e4dbd8d4d49a216ec3fc12d1392b333cd395876a31952cfb6f3c94cf15a48eb8943638751fd22fccdf8fe55"}}, {0x4, &(0x7f0000000480)=@string={0x4, 0x3, "9775"}}, {0x4, &(0x7f00000004c0)=@lang_id={0x4, 0x3, 0x82c}}, {0x4, &(0x7f0000000500)=@lang_id={0x4, 0x3, 0x420}}]})
r7 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_VAPIC_ADDR(r7, 0x4008ae93, &(0x7f0000000640)=0x4)

1.728688625s ago: executing program 2 (id=645):
r0 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f0000000380)="d8000000180081064e81f782db4cb904021d0800fd007c05e8fe55a1bc000b000140020203600e41b0000900ac0006031100000016001500030002000000035c3b61c1d67f6f94007134cfce1e090000001fb791643a5ee4ce1b14d6d930ede1d9d322fe7c9f8775730d165ae24e25ccca9e00360db79826835d3a71d95667e006dcdf63951f215ce3f09ad809d5e1cace81ed0bffece0b42a9ecbee5dd6e4edef3d93452a92954b4337000000008af26c8b7b55f4d2cb1df0966736a1dfe444c65ac5b348eac7c2ea475327557ba566236ceb0000000000", 0xd8}], 0x1}, 0x4000)

1.614022032s ago: executing program 2 (id=646):
r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000001140), 0xa00, 0x0)
r1 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$SNDCTL_SEQ_GETOUTCOUNT(r1, 0x80045104, 0x0)
r2 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000100)=ANY=[@ANYBLOB="12013f00000000407f04ffff000000000001090224000100000000090400001503000000092140000001220f000905", @ANYRES16], 0x0)
syz_usb_control_io$hid(r2, 0x0, 0x0)
syz_usb_control_io$hid(r2, &(0x7f0000001540)={0x24, 0x0, 0x0, &(0x7f00000001c0)=ANY=[@ANYBLOB="00220f0000005b574e69622bf85eda07b3"], 0x0}, 0x0) (async)
syz_usb_control_io$hid(r2, &(0x7f0000001540)={0x24, 0x0, 0x0, &(0x7f00000001c0)=ANY=[@ANYBLOB="00220f0000005b574e69622bf85eda07b3"], 0x0}, 0x0)
syz_usb_control_io(r2, &(0x7f00000002c0)={0x2c, &(0x7f0000000000)={0x20, 0x10, 0xbf, {0xbf, 0x5, "ee12006ec3fd61e3381a2e982347309115358119d9539a85a034ecee589c1467e64e8a7a266dd96a06c516c94a8d3cf16514a057cb7a6c8e6effc19779cb428cbc5371a90baa88dda2dfefb5f0f115f7d5f9817bf0f63f80675e591dd7e494284c094a153af854f7730bc7150e340ffdb1b4ec8895da5a87e9ce17bcc69b9e5839de96689a572d20b5a3c1e17e8de72d7c05380363d95b374b027de93fbfe4fa932fe3c2cb3c28dc5a60e5b8ddc283ae67f4d62fe5f7c8932380324faf"}}, &(0x7f0000000140)={0x0, 0x3, 0x4, @lang_id={0x4, 0x3, 0x42a}}, &(0x7f0000000200)={0x0, 0xf, 0x77, {0x5, 0xf, 0x77, 0x6, [@ss_container_id={0x14, 0x10, 0x4, 0xf0, "935eeeb80464a603f31bab9f5280e0fb"}, @ext_cap={0x7, 0x10, 0x2, 0x0, 0x3, 0x8, 0x97}, @ss_cap={0xa, 0x10, 0x3, 0x2, 0x4, 0xa, 0xfc, 0x7}, @ss_cap={0xa, 0x10, 0x3, 0x2, 0x4, 0x6, 0x3, 0x6}, @ss_container_id={0x14, 0x10, 0x4, 0x3, "ff64f623ae29fa67b1b889e3b7c42fde"}, @generic={0x2f, 0x10, 0x3, "87e2b52977189cc427f5952b7a45f3dbbd828583bd1b27b81212f3d4b8e4e449bf3a7f56a255ba9e915c8be4"}]}}, &(0x7f0000000180)={0x20, 0x29, 0xf, {0xf, 0x29, 0xf, 0x3, 0x7, 0x8, 'iC\'/', "703d8410"}}, &(0x7f0000000280)={0x20, 0x2a, 0xc, {0xc, 0x2a, 0x7, 0x0, 0xa, 0x1, 0x1, 0x10, 0x8}}}, &(0x7f0000000780)={0x84, &(0x7f0000000300)={0x0, 0x12, 0x69, "bf122b942d1806b16d04d9239d99e8e1fe570765e442d1ebd56815105e713b9969b8dccd288b6c82cf8346f680faeb9c9a5d4d6783c359c865ee6102e755efb4e07427963724eef5e92de169f5e138f8c24aa2911cf18831ac5fd9a0f7a92c850d9f2d7d823abc8e7a"}, &(0x7f0000000380)={0x0, 0xa, 0x1, 0x9}, &(0x7f00000003c0)={0x0, 0x8, 0x1, 0x4}, &(0x7f0000000400)={0x20, 0x0, 0x4, {0x2, 0x1}}, &(0x7f0000000440)={0x20, 0x0, 0x8, {0x800, 0x8, [0xf]}}, &(0x7f0000000480)={0x40, 0x7, 0x2, 0x1}, &(0x7f00000004c0)={0x40, 0x9, 0x1, 0x3}, &(0x7f0000000500)={0x40, 0xb, 0x2, "b0a6"}, &(0x7f0000000580)={0x40, 0xf, 0x2}, &(0x7f00000005c0)={0x40, 0x13, 0x6, @local}, &(0x7f0000000600)={0x40, 0x17, 0x6, @local}, &(0x7f0000000640)={0x40, 0x19, 0x2, 'yL'}, &(0x7f0000000680)={0x40, 0x1a, 0x2, 0x2}, &(0x7f00000006c0)={0x40, 0x1c, 0x1, 0xf4}, &(0x7f0000000700)={0x40, 0x1e, 0x1, 0x40}, &(0x7f0000000740)={0x40, 0x21, 0x1, 0x1}}) (async)
syz_usb_control_io(r2, &(0x7f00000002c0)={0x2c, &(0x7f0000000000)={0x20, 0x10, 0xbf, {0xbf, 0x5, "ee12006ec3fd61e3381a2e982347309115358119d9539a85a034ecee589c1467e64e8a7a266dd96a06c516c94a8d3cf16514a057cb7a6c8e6effc19779cb428cbc5371a90baa88dda2dfefb5f0f115f7d5f9817bf0f63f80675e591dd7e494284c094a153af854f7730bc7150e340ffdb1b4ec8895da5a87e9ce17bcc69b9e5839de96689a572d20b5a3c1e17e8de72d7c05380363d95b374b027de93fbfe4fa932fe3c2cb3c28dc5a60e5b8ddc283ae67f4d62fe5f7c8932380324faf"}}, &(0x7f0000000140)={0x0, 0x3, 0x4, @lang_id={0x4, 0x3, 0x42a}}, &(0x7f0000000200)={0x0, 0xf, 0x77, {0x5, 0xf, 0x77, 0x6, [@ss_container_id={0x14, 0x10, 0x4, 0xf0, "935eeeb80464a603f31bab9f5280e0fb"}, @ext_cap={0x7, 0x10, 0x2, 0x0, 0x3, 0x8, 0x97}, @ss_cap={0xa, 0x10, 0x3, 0x2, 0x4, 0xa, 0xfc, 0x7}, @ss_cap={0xa, 0x10, 0x3, 0x2, 0x4, 0x6, 0x3, 0x6}, @ss_container_id={0x14, 0x10, 0x4, 0x3, "ff64f623ae29fa67b1b889e3b7c42fde"}, @generic={0x2f, 0x10, 0x3, "87e2b52977189cc427f5952b7a45f3dbbd828583bd1b27b81212f3d4b8e4e449bf3a7f56a255ba9e915c8be4"}]}}, &(0x7f0000000180)={0x20, 0x29, 0xf, {0xf, 0x29, 0xf, 0x3, 0x7, 0x8, 'iC\'/', "703d8410"}}, &(0x7f0000000280)={0x20, 0x2a, 0xc, {0xc, 0x2a, 0x7, 0x0, 0xa, 0x1, 0x1, 0x10, 0x8}}}, &(0x7f0000000780)={0x84, &(0x7f0000000300)={0x0, 0x12, 0x69, "bf122b942d1806b16d04d9239d99e8e1fe570765e442d1ebd56815105e713b9969b8dccd288b6c82cf8346f680faeb9c9a5d4d6783c359c865ee6102e755efb4e07427963724eef5e92de169f5e138f8c24aa2911cf18831ac5fd9a0f7a92c850d9f2d7d823abc8e7a"}, &(0x7f0000000380)={0x0, 0xa, 0x1, 0x9}, &(0x7f00000003c0)={0x0, 0x8, 0x1, 0x4}, &(0x7f0000000400)={0x20, 0x0, 0x4, {0x2, 0x1}}, &(0x7f0000000440)={0x20, 0x0, 0x8, {0x800, 0x8, [0xf]}}, &(0x7f0000000480)={0x40, 0x7, 0x2, 0x1}, &(0x7f00000004c0)={0x40, 0x9, 0x1, 0x3}, &(0x7f0000000500)={0x40, 0xb, 0x2, "b0a6"}, &(0x7f0000000580)={0x40, 0xf, 0x2}, &(0x7f00000005c0)={0x40, 0x13, 0x6, @local}, &(0x7f0000000600)={0x40, 0x17, 0x6, @local}, &(0x7f0000000640)={0x40, 0x19, 0x2, 'yL'}, &(0x7f0000000680)={0x40, 0x1a, 0x2, 0x2}, &(0x7f00000006c0)={0x40, 0x1c, 0x1, 0xf4}, &(0x7f0000000700)={0x40, 0x1e, 0x1, 0x40}, &(0x7f0000000740)={0x40, 0x21, 0x1, 0x1}})
r3 = syz_open_dev$evdev(&(0x7f0000000080), 0x0, 0x0)
ioctl$EVIOCGSW(r3, 0x80404531, &(0x7f0000000140)=""/4084)
r4 = syz_open_dev$hiddev(&(0x7f0000000540), 0x0, 0x0)
ioctl$HIDIOCGUCODE(r4, 0xc018480d, &(0x7f00000011c0)={0x3, 0x100, 0x300, 0x8000005, 0x590f, 0x9}) (async)
ioctl$HIDIOCGUCODE(r4, 0xc018480d, &(0x7f00000011c0)={0x3, 0x100, 0x300, 0x8000005, 0x590f, 0x9})
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3000001, 0x12, r0, 0x45809000) (async)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3000001, 0x12, r0, 0x45809000)

1.565782315s ago: executing program 4 (id=647):
r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000001140), 0xa00, 0x0)
r1 = dup(0xffffffffffffffff)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x180000f, 0x13, r1, 0x1000)
r2 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x1, 0x0)
r3 = dup(r2)
write$6lowpan_enable(r3, &(0x7f0000000000)='0', 0xfffffd2c)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3000001, 0x12, r0, 0x45809000)

1.516829543s ago: executing program 0 (id=648):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240), 0x840, 0x0)
syz_usb_connect(0x5, 0x36, 0x0, 0x0)
r1 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f00000000c0)='cpuset.effective_mems\x00', 0x275a, 0x0)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
mkdir(&(0x7f0000000540)='./file0\x00', 0x108)
mount$cgroup(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040), 0x4000, &(0x7f0000000000))
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0)
ioctl$KVM_SET_MSRS(r4, 0xc008ae88, &(0x7f00000006c0)=ANY=[@ANYRESDEC=r3, @ANYRES16=r2, @ANYRESOCT=r1, @ANYBLOB="856660b12b3227d27f2edbeda5f19cdf0b386893f9da9778030de4ed28a29b2779ebc2783c2ea77d6ac52a319f25ac30ad7fc05088704c99a8f746ddd556548bb7440a3bb7886c5dbb47f910cb9e2299fa030aae4fdce498805382457a932086f2ff3bd87b151464f747712fabd028af2a62cf54bc9564f4e31747d61929291f5b492c9f2650fd219b11a67376f0df34d855ce45c032082384034d1205b2899dac9c5eee761472abd7f45ef8d4996e5a5a88537566e3", @ANYRESDEC=0x0, @ANYRES8=r1, @ANYBLOB="60c7eb90458381720289368b737eb2dbe9dd7b146c4039d8f99e6cc07526e6a2ba42c8af64b420c6467ced356115", @ANYRESHEX])
r5 = syz_socket_connect_nvme_tcp()
fcntl$lock(r5, 0x25, &(0x7f0000000000)={0x0, 0x2, 0x1b9, 0x80000002})
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
fcntl$lock(r1, 0x6, &(0x7f0000000200)={0x0, 0x0, 0x3, 0x1fd})
r6 = socket$can_j1939(0x1d, 0x2, 0x7)
ioctl$ifreq_SIOCGIFINDEX_vcan(r6, 0x8933, &(0x7f0000000280)={'vcan0\x00', <r7=>0x0})
bind$can_j1939(r6, &(0x7f0000000100)={0x1d, r7, 0x0, {}, 0xfd}, 0x18)
r8 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r8, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_REGISTER_COALESCED_MMIO(r8, 0x4010ae67, &(0x7f0000000380)={0x1, 0x0, 0x1})
r9 = ioctl$KVM_CREATE_VCPU(r8, 0xae41, 0x0)
ioctl$KVM_RUN(r9, 0xae80, 0x0)
ioctl$KVM_REGISTER_COALESCED_MMIO(r8, 0x4010ae67, &(0x7f0000000040)={0x0, 0x7000, 0x1})
ioctl$KVM_RUN(r9, 0xae80, 0x0)

565.090319ms ago: executing program 4 (id=649):
r0 = socket$pppl2tp(0x18, 0x1, 0x1)
r1 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$pppl2tp(r0, &(0x7f0000000000)=@pppol2tpv3={0x18, 0x1, {0x3, r1, {0x2, 0x0, @dev}, 0x2}}, 0x2e)
r2 = syz_genetlink_get_family_id$l2tp(&(0x7f00000008c0), 0xffffffffffffffff)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$L2TP_CMD_SESSION_DELETE(r3, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000180)={0x48, r2, 0x1, 0x1070bd2c, 0x4, {0x5}, [@L2TP_ATTR_PW_TYPE={0x6, 0x1, 0x5}, @L2TP_ATTR_CONN_ID={0x8, 0x9, 0x2}, @L2TP_ATTR_SESSION_ID={0x8, 0xb, 0x2}, @L2TP_ATTR_PEER_SESSION_ID={0x8, 0xc, 0x2}, @L2TP_ATTR_IFNAME={0x14, 0x8, 'veth0_to_bridge\x00'}]}, 0x48}, 0x1, 0x0, 0xffe4, 0x20008000}, 0x0)

493.416637ms ago: executing program 4 (id=650):
r0 = socket(0x1d, 0x2, 0x6)
r1 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000004002, 0x0)
r2 = dup(r1)
mmap(&(0x7f0000359000/0x4000)=nil, 0x4000, 0x100000a, 0x13, r2, 0x2000)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000080)={'pimreg0\x00', 0x7c2})
r3 = openat$iommufd(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0)
ioctl$IOMMU_TEST_OP_ACCESS_PAGES(r3, 0x3ba0, &(0x7f0000000240)={0x48, 0x4, 0xffffffffffffffff, 0x0, 0x1000000, 0x0, 0x20000000})
madvise(&(0x7f00008e3000/0x2000)=nil, 0x2000, 0xc)
ioctl$IOMMU_IOAS_ALLOC(r2, 0x3b81, &(0x7f0000000140)={0xc, 0x0, <r4=>0x0})
ioctl$IOMMU_IOAS_UNMAP$ALL(r2, 0x3b86, &(0x7f0000000180)={0x18, r4})
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, <r5=>0xffffffffffffffff})
sendmmsg$unix(r5, &(0x7f00000bd000), 0x318, 0x0)
r6 = syz_open_dev$sg(&(0x7f00000060c0), 0x0, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3000000, 0x12, r6, 0x0)
fcntl$setpipe(r1, 0x407, 0xbd)
ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, &(0x7f0000000000)={'vxcan0\x00', <r7=>0x0})
bind$can_j1939(r2, &(0x7f0000000380)={0x1d, r7, 0x1, {0x0, 0x1, 0x3}, 0x2}, 0x18)
bind$can_raw(r0, &(0x7f00000000c0)={0x1d, r7}, 0x10)
r8 = openat$ttynull(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
ioctl$TIOCSTI(r8, 0x5412, &(0x7f00000003c0)=0x6)
ioctl$TIOCSTI(r8, 0x5412, &(0x7f0000000040)=0x7f)
r9 = socket$xdp(0x2c, 0x3, 0x0)
setsockopt$XDP_UMEM_REG(r9, 0x11b, 0x4, &(0x7f00000000c0)={&(0x7f0000000000), 0x101000, 0x800, 0x3, 0x1}, 0x20)
setsockopt$XDP_TX_RING(r9, 0x11b, 0x3, &(0x7f00000003c0)=0x800, 0x4)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)={0xffffffffffffffff, <r10=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r10, 0x8933, &(0x7f0000000000)={'veth1_to_batadv\x00', <r11=>0x0})
setsockopt$XDP_UMEM_COMPLETION_RING(r9, 0x11b, 0x6, &(0x7f0000000180)=0x20, 0x4)
setsockopt$XDP_UMEM_FILL_RING(r9, 0x11b, 0x5, &(0x7f0000000140)=0x4000, 0x4)
bind$xdp(r9, &(0x7f00000001c0)={0x2c, 0x4, r11}, 0x10)
sendmsg$ETHTOOL_MSG_STRSET_GET(r2, &(0x7f0000000340)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x40000000}, 0xc, &(0x7f0000000300)={&(0x7f0000000540)={0x29c, 0x0, 0x200, 0x70bd2c, 0x25dfdbfe, {}, [@ETHTOOL_A_STRSET_HEADER={0x54, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'gre0\x00'}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'bridge_slave_1\x00'}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r7}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r7}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x1}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r11}]}, @ETHTOOL_A_STRSET_COUNTS_ONLY={0x4}, @ETHTOOL_A_STRSET_COUNTS_ONLY={0x4}, @ETHTOOL_A_STRSET_STRINGSETS={0xd8, 0x2, 0x0, 0x1, [{0x34, 0x1, 0x0, 0x1, [@ETHTOOL_A_STRINGSET_ID={0x8, 0x1, 0x8}, @ETHTOOL_A_STRINGSET_ID={0x8, 0x1, 0x1}, @ETHTOOL_A_STRINGSET_ID={0x8}, @ETHTOOL_A_STRINGSET_ID={0x8, 0x1, 0x6}, @ETHTOOL_A_STRINGSET_ID={0x8, 0x1, 0x4}, @ETHTOOL_A_STRINGSET_ID={0x8, 0x1, 0x8}]}, {0x2c, 0x1, 0x0, 0x1, [@ETHTOOL_A_STRINGSET_ID={0x8, 0x1, 0x6}, @ETHTOOL_A_STRINGSET_ID={0x8}, @ETHTOOL_A_STRINGSET_ID={0x8, 0x1, 0x3}, @ETHTOOL_A_STRINGSET_ID={0x8, 0x1, 0x2}, @ETHTOOL_A_STRINGSET_ID={0x8, 0x1, 0x4}]}, {0x3c, 0x1, 0x0, 0x1, [@ETHTOOL_A_STRINGSET_ID={0x8, 0x1, 0x1}, @ETHTOOL_A_STRINGSET_ID={0x8, 0x1, 0x1}, @ETHTOOL_A_STRINGSET_ID={0x8, 0x1, 0x8}, @ETHTOOL_A_STRINGSET_ID={0x8, 0x1, 0x3}, @ETHTOOL_A_STRINGSET_ID={0x8, 0x1, 0x2}, @ETHTOOL_A_STRINGSET_ID={0x8, 0x1, 0x7}, @ETHTOOL_A_STRINGSET_ID={0x8, 0x1, 0x6}]}, {0xc, 0x1, 0x0, 0x1, [@ETHTOOL_A_STRINGSET_ID={0x8, 0x1, 0x1}]}, {0x14, 0x1, 0x0, 0x1, [@ETHTOOL_A_STRINGSET_ID={0x8, 0x1, 0x6}, @ETHTOOL_A_STRINGSET_ID={0x8}]}, {0xc, 0x1, 0x0, 0x1, [@ETHTOOL_A_STRINGSET_ID={0x8, 0x1, 0x7}]}, {0xc, 0x1, 0x0, 0x1, [@ETHTOOL_A_STRINGSET_ID={0x8, 0x1, 0x7}]}]}, @ETHTOOL_A_STRSET_STRINGSETS={0x154, 0x2, 0x0, 0x1, [{0x34, 0x1, 0x0, 0x1, [@ETHTOOL_A_STRINGSET_ID={0x8, 0x1, 0x3}, @ETHTOOL_A_STRINGSET_ID={0x8, 0x1, 0x3}, @ETHTOOL_A_STRINGSET_ID={0x8, 0x1, 0x4}, @ETHTOOL_A_STRINGSET_ID={0x8, 0x1, 0x1}, @ETHTOOL_A_STRINGSET_ID={0x8, 0x1, 0x8}, @ETHTOOL_A_STRINGSET_ID={0x8, 0x1, 0x4}]}, {0x44, 0x1, 0x0, 0x1, [@ETHTOOL_A_STRINGSET_ID={0x8, 0x1, 0x2}, @ETHTOOL_A_STRINGSET_ID={0x8, 0x1, 0x1}, @ETHTOOL_A_STRINGSET_ID={0x8, 0x1, 0x7}, @ETHTOOL_A_STRINGSET_ID={0x8, 0x1, 0x8}, @ETHTOOL_A_STRINGSET_ID={0x8, 0x1, 0x6}, @ETHTOOL_A_STRINGSET_ID={0x8, 0x1, 0x6}, @ETHTOOL_A_STRINGSET_ID={0x8, 0x1, 0x4}, @ETHTOOL_A_STRINGSET_ID={0x8, 0x1, 0x6}]}, {0x1c, 0x1, 0x0, 0x1, [@ETHTOOL_A_STRINGSET_ID={0x8, 0x1, 0x3}, @ETHTOOL_A_STRINGSET_ID={0x8, 0x1, 0x5}, @ETHTOOL_A_STRINGSET_ID={0x8, 0x1, 0x3}]}, {0x4c, 0x1, 0x0, 0x1, [@ETHTOOL_A_STRINGSET_ID={0x8, 0x1, 0x4}, @ETHTOOL_A_STRINGSET_ID={0x8, 0x1, 0x1}, @ETHTOOL_A_STRINGSET_ID={0x8, 0x1, 0x4}, @ETHTOOL_A_STRINGSET_ID={0x8, 0x1, 0x6}, @ETHTOOL_A_STRINGSET_ID={0x8, 0x1, 0x4}, @ETHTOOL_A_STRINGSET_ID={0x8, 0x1, 0x5}, @ETHTOOL_A_STRINGSET_ID={0x8}, @ETHTOOL_A_STRINGSET_ID={0x8, 0x1, 0x4}, @ETHTOOL_A_STRINGSET_ID={0x8, 0x1, 0x2}]}, {0x1c, 0x1, 0x0, 0x1, [@ETHTOOL_A_STRINGSET_ID={0x8, 0x1, 0x7}, @ETHTOOL_A_STRINGSET_ID={0x8, 0x1, 0x2}, @ETHTOOL_A_STRINGSET_ID={0x8}]}, {0xc, 0x1, 0x0, 0x1, [@ETHTOOL_A_STRINGSET_ID={0x8, 0x1, 0x1}]}, {0x1c, 0x1, 0x0, 0x1, [@ETHTOOL_A_STRINGSET_ID={0x8, 0x1, 0x2}, @ETHTOOL_A_STRINGSET_ID={0x8, 0x1, 0x6}, @ETHTOOL_A_STRINGSET_ID={0x8, 0x1, 0x4}]}, {0x2c, 0x1, 0x0, 0x1, [@ETHTOOL_A_STRINGSET_ID={0x8, 0x1, 0x4}, @ETHTOOL_A_STRINGSET_ID={0x8, 0x1, 0x1}, @ETHTOOL_A_STRINGSET_ID={0x8}, @ETHTOOL_A_STRINGSET_ID={0x8, 0x1, 0x7}, @ETHTOOL_A_STRINGSET_ID={0x8, 0x1, 0x4}]}]}]}, 0x29c}, 0x1, 0x0, 0x0, 0x880}, 0x0)

317.424564ms ago: executing program 0 (id=651):
sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0)
mkdir(&(0x7f0000000040)='./file1\x00', 0x0)
mkdir(&(0x7f0000000300)='./bus\x00', 0x0)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000340)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]})
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000044c0)={0x0}, 0x1, 0x0, 0x0, 0x810}, 0x20004000)
chdir(&(0x7f00000003c0)='./bus\x00')
openat$incfs(0xffffffffffffff9c, 0x0, 0xc0140, 0x0)
r1 = socket$l2tp(0x2, 0x2, 0x73)
getsockopt$IP_VS_SO_GET_DESTS(r1, 0x0, 0x484, &(0x7f0000000040)=""/68, &(0x7f00000000c0)=0x18)
mount$binderfs(0x0, &(0x7f00000001c0)='./binderfs\x00', 0x0, 0x89c030, &(0x7f0000000240)={[{@stats}]})
mknodat(0xffffffffffffff9c, &(0x7f00000000c0)='./file2\x00', 0x81c0, 0x0)
execveat(0xffffffffffffff9c, &(0x7f0000000280)='./file2\x00', 0x0, 0x0, 0x0)

223.839294ms ago: executing program 0 (id=652):
open(&(0x7f0000000100)='./file0\x00', 0x80ff, 0x36)
r0 = openat$fuse(0xffffffffffffff9c, &(0x7f00000001c0), 0x42, 0x0)
mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f0000002140)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r0, @ANYBLOB=',rootmode=000000000100000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',grou', @ANYRESDEC=0x0])
read$FUSE(r0, &(0x7f0000006300)={0x2020, 0x0, <r1=>0x0, <r2=>0x0, <r3=>0x0}, 0x2020)
write$FUSE_INIT(r0, &(0x7f0000000040)={0x50, 0x0, r1, {0x7, 0x1f, 0x0, 0x10408}}, 0x50)
syz_fuse_handle_req(r0, &(0x7f00000021c0)="0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000e00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000800000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000dc4e00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ba045abcd5dfc67d00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000081000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000230000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000050000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000090000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000dc000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000008000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000209bfd66eea210560000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000020000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000003dc150f4000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000030000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f50000000000000000000000000000000000000000000000000000000000000000000000000000000000c6d90000000000001354c4b6000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f8000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001a00", 0x2000, &(0x7f00000062c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000300)={0x20}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_fuse_handle_req(r0, &(0x7f0000004200)="a28096c80abf3543ecde7564abff5085d2227ebcb0f164ae92706ad0b083a3f469a3efd15b4921e9c3063b98b3082068e7c31950dde842eac55df0f991453cad62a6956b0b6f7b8cf49b506a3060fe1127eca99663ade8efa89ee189acb5f3b92f6bc4c46621c803eed0d0bb5f32384870ed08f89d4f74445762fb99715e083c4c92a8878be19ffacc30d0f2da64f971cd40563163adc15670ecf25cd3ad96138967c4b53ad9d04b5193ab5fb674aa0030a9d703d1baf810ce897f969121f142161919e583c275671b999e7f363891dfdfdf3556d01b86ee29eca8fccbfeaf1771395148706cc6e6be7ce29fc9ffef061b5420950c1a525bf75ad06edec51538d1c5bbc77da72dc90fd9998936fffdda2427e5a68966c7e2208f76304680182ec73007e482f034195712af922db2726195d997708734db9e7825a864be00b2a4f800881fc0363f5e618398454f35b148b4ccb88d418269fac868a8ba4a2d5b4f06a1ac01b5ad158b842e05adca22c7372585bf4ce95560b6c1e021a3ed2ff7bd3b6b3c7734c3b66d7e4c460096312082f89b16baa6e73814aa60925780cd92cd65087e260ec046fc363264366a9df2c849c0644911303946adad544521ceb469a3e193ecc9a7876403fac461a4a70d6193b2451189a5c5120b3535e9edf619108af7f517b58abd3fa7fb1ab832213430d2e6901076fba9c9e1acc6c6f48ff0e419bbc45589745a176f52a7407ad5e3dd49acb31b47862806f47077dda04905e45a80a12cbcd4d2dd9fe66c2d1f99394fed8ec60961cd2dc7115a96ece432fac86d51bebb08b95f447a83792fe80291fca7b298c9043ef2c26f0f7e42798d3f54c84b94c24c76c555d83ecc53b99bb22d71845e5cf21a5ba7fbeffeb6306e1730db14561b950a3f24bcfd78d4ab0d97de8054bb1a6077ae7cca6e45d846d3df82298d07212922742cb0facac3b77edfbab90e9ee2d4f7b0ee9b17bb11ec5e5721340d84cb6bd93428167e69b47759172557acda313c3decdfc6fe9336bfade459f43b39d0f2289f9142db280f4ee668e650e12858c577e12e2b9a57ee66c834be97979bcbe94747fa5d8d0b7d3a9f8f218df1bf960f828429a1efe838616b18faf6629236ddbded43a093efae163228e5c38fd7714743c2fcca47e3382bcfb1ab893fd7377527b4ec43f3fa60ebd338161d8de7cad65b15579e4af258f5fe3a63c2637a15703207029b0899b5427767647baef11e291358e6e54f6f13d3d2ca7a5e7969e04d2733b3b9ab822c69a3cfac097384de5071a9b74a656136d55eb1000008747b509fd610ff62b4950ef71c934fe21a48a4931d3d9458b415f112cee65c660f5490e982341da1c58634b3967ca6f3596d20cc90f508382156e36f16539093240ef5f2aa6a2c0dff2a67df30dcf50bf6e0b82a3d49f2d532a8dde1b3ceefcf0837190b74186090d1c18b59917d7efce1adfb238ef4a7b1d22c4cef09320221de883e97e6882466508de06fcdabad3b741bdca2cff879d57ddda52f42b3dcb8a78cfc05826af7e4ff155960ff8491194f4d321ef195990abaeeefdcb852d1e1e3703f317385a9458b6c2dd9db830f757ec29c9939fc7313e639fe485bc1e41ddaaef3fbf1f7cc527c8fad0d21b8082482caad7bee440e5097665f636c3dfec82f8c98afb6243bc3944939675a594277d278ba4361461f7da52e224e4ce5dee4a467bf6ae9f67b61ac6eb0a440406abac2016eec907e241c57f5f44be47290fd0fef785ff04df3810ccd637b4d97a84bae8486a36f75d872e645fe46625969fc2d1f032c56ed44bd98ea27bd9b6ddc8eb2dc2ec9f90f2f1ca1bd20e37ac58b03c84c872f4ba47310654986641460dfdd531ac62a76ad87b89c103ac5c9c2e7e70c66447b3412d4a1e5cbc30e16939505116c04de33ae054ed366de8d1f971c2de439957a194e22a488f58d7efd46439177f3f3c45a1475927eecd846d3d2e6a2ab5c7f8addd99062c2fc6b272d1f51bb8f22f1b6f8bb3faf8aa85e5eb9abf7df5cf8f26267323808b0833a987989cbe59205e7ad06556e2d1b8a4873ca1cbcbc8d43abc145fd4eb832e7a58ab2c793d003ce7b1850ce45eb7480417a1e9eb9d39a1028a2a04a2aa649c098c4f8eee514db5f6021173bb254b8e22b150b2ca01dc7ff235db46ed78d07f43d1adab13b8445d1b32069eb45f9d389fcf5a3f7d3ebe243c5b1fe17b1f5a3d571b65f21b9e471e818172554dc956749b99cb7a5f303ec480d7194a2ba86e204f06aa1becdddc8c49082c527e7064ac2ad77dc05639d3d2a7778f6943ed6105ebf6f0b9e94fddbe05c236ec000f4d1d4e496b10068211ab68ada4c7f7ac61f5f5ba5f1810d5bbe87ff4f8356af0d3f682baedb0ad8f8488b277421f0a03fc5e3095ee34bc4472d8f17e3f7013cf2f79f5ff3ea4b6bae56d1365a33b09bfa9a496323f7da923b7e29dce4beb80035f13130004c96e56d7ef6ca6c101d20c27a218e623227c33c9e488b17e7ae9ac20da8240501f7b614a1730f164553fe479ef149866e4ea47296814284a3d3eb7cbb294289ffb996e0eb053b9c16e54cf267832e3d360eb196ed51305630223309ea97215628f01ec9d3ea48096418d5e962cac5063460f0a18772ec7ce66d14a1cce14b52c40bbbfafccbf1e76f09e57ff0718048e5b993157a6cf4718826b1e09430413a3596a15c4a620fa8c8e1d1663e5739f9f790ddbb3be0e00187d43717d659242467d8681ac10303346157f894d9037641417010e9654c6a5b22383e73a5a37128f50078a980c30930321aa5c5e7851d5d392ddce3a14a96916fa8421ae6728f37f5de7c3e98feb4babd4e1bd2315d595e209d52748f70adc2284fcdaa6ad880470d2a071f3490aaf3491fb64b4547419e8eccdc491a8921156cb4811ad1e66514a32b0b31b641438881f28c1e6461b4f451938999af671e8c6a5cd0c072a9fe4cdbefe24ca616f3d0a15ac97cca835b1a440e04fa28340c6044176c8ecc8ee0d033d47db8a0aacfa0eabdfa1c9509fc2604008f01cbafeb5bd2b503b809ed672340b9a576593f1ef388391b54b605e7a15bef7b1345627a34fca57738b0f8f4f19eea93c903495274a4425a1a1cc6c4c6e335b631df5185c95b485a4257867b5347a40e4e14dcc560f061fd4fd265137dc68afd548adde778f1330f769acb1ccf5da14ff6992c24e210ea6e6179421881b803393bc6974e37106c5b5b3b5d0b3469f8969bffb7e4ceb2c98e928e74366492d27235ae4c74a2f48511aeeaa53a2beafa7a331b50e454c507af1b63350a5cef35668a5b9325014192277e509561008b3601088f79d42eaa8b1e4ae2000b31749e2b8094312ddb7f3c1cd625ef885c11fa22a66e374b52b3425e0b8016154e1fd8471339e32e7373d63ab646d893fbe09ae07b06074c01401ea76b3c382a9d32f24f93c789964e16bc4206ecd75c10917ab84ffd8d6cdf4cd28fd90375ff28518f8c1a3befc538e1b9e427fb671988d29f2fb2fcd039f4d341c84eb4d7cf600ddaba88bb094e4d87a1419180149f491368e648b69985b05ac39a4ecdd3c5135f3a5c8ad7792dacb6470144bb9e67805a211efb3ec9ccaf8e0901345fb19e4da579e1fbe86a1207f4f13c3436009c2c640b7cf3f8b77ca7bd994bf93308027359c6dd1b7db1e153fc0821968ef36c003b6c73fe890f4de24f5c6458dbaaf3819edeaa91783c3cfc7e773689236248195c7bbd60113f2476fa3687621d668d1728ee433d2f8f4db707345d30f1e52ab87a2a0afd547c6bb06500f59f17facde48f693490e22494b75d11df1a143b85068d143ef6a9bb5937a9df380c8948f1a01e9675e18409edb0f6b9605b68e34632fcce472dc50b90b0f6dcd57931f78e1e8861a0fb62e72b0baad6f9d23c1cfb0f19b25013c8d9fcd786a2f6f79768b5fb398f7b2baa31ce8156d1fc4a46c1c463fdf30360d42aeed2ef11611d0b7f654bb51052fd4dc39328f8ec4c58bbda05e6f1b3c8f6d8adca0268f2410e9a4a7d63b6616006d0e02f6edacc10e5c54fd85f15a8bd7648a293f23d6a699bd9a675250475a73a96d7475e4fabb89fb5e7de5d7a3479aa485c0befc60d0ac4fd5ac6dbecceb06cad86e219fc0ce4720758917811a3215f8d13e413bfb64fc065fc421aede0b56691797dac428c7e463479fa591b9072c309b7533e427c5cc11a1f6cf9a5b995d328d796d874c5b55dfc12a5039b413ce319cf5ba1f355c4e0717d32650b43e18010f37f048731931c52c4f36eb969dda702afe96c2a5241350a67ba2d026946189c5e281293c9a8e2cff3784776f1de78b917101b54e5ab00c045ea15f28a0e3f509962cf8bd3385d85250737eae5c34ece86b86669c13b00308a3b13c0ac3c83ff26fb52a4aa83c1233a9490cb9ca917a056908931751bddb88a62379a713395f0764e4a393faf253a4026d0472270e6036287d56850df1751543484d65b3062155b6300e0024241c59a862ae769c1a9232a2d9fb24705177a09cceb3eefbf9f106f67e01be14cdeb4d2fc7d8661df3e75de5ccd09a7e559f028fb9837c621ea0045b4d1b679067f246339c974631aa7134d4e910efb28d3c48929cef1df7e6c73668762d55086b6c59c36ac90154135fd7ca4e4047dd0aa161fa982d8edf9c0cb9666477e096c55718f6e4742415fefd4f696d1f1ccd6322bc19496ddebd36282a7c707d5b44113e30678e6e33ab7d34be04a59ac614d6a54134490998be02636fa91633d6294781c2b9a54c611c0045cfcfe81f49aa21b29d835cd2047c854486fd8e65a2ebf629f7ced602b9dd107bfde483e5c9b5cbba4a08cdce09920bda9978b7fc2b4a89bf1573a26389e52090fdf5dccf22111dc8c42fd3c8c477092895398086cc22cca665269e193fc650742a361a44b857d258429f701f22e9b7615bc3dab78c1479a41cf8575cdb17169470b347adfc03e03daea3e269725cfc72df5664b9df36d2f2b55013b71133e0b80577a47182511ebb308b6248d457bd2af7b28e77182c305241178c4124ab102771fd5a8c3dacb8775de881301d71587c76bcf0a97a72ad244d0c42fd71aceec32dd48bb5c9a95b391166c832ac5bac8c7cae4d18b3f7d9f2e4782fdf97732e3d51f67bbb57f989ee0d7589dbd0c2a5c63840e914b9d7d720fa120acbffebf816b588b2ccc052e7fa78992e0ea39dd21a122add41195f8e2e1acd777c1a4e8ef4362fef441feb4d9252c6bfbd2742152300a32027776e3341620d3c8d9365e10e81adcca7d87a0e555c98a0353c692557d90ee9be3fbaab766abf93e2462149fd99c92a5fc58d899ee75535cd1fe1386c5ab0b157c2102039d6015258f59cef3f15b951893a30ae839f740402a30b34e7be73796286403c5beb0853d856d83f1b00b48328f56dcb32e1faab08a3435b1482bf18b21c95aefeaafa7fd761c7f28d416fcde06bf7aee5c6e9eb50e55874253ba3f1d0ce2505b4fc7c3fc996bfbb8446bafe84f5bea94bfd7ca5aeaf237fe793b66e5c521d4092e4e1f9bde1dfcfe53fa55005d21cfa833a338fd9792614129336060e10d1911862070761aa20c2902eb7c5a355eff4cf6253d7102a2ca1fead4c53b57d576d104c081310d92797e4e2e8c269d19910d0d4cedf30fa28ba680c00137f83de940624229b6a125ce5233c6cf4a3640b74f58f288dad8451fbe37641c5559a5f3caf1299c8bfb230723652278fe378efd8e459b9da26cffeb58468a6301dbc06d713ba2d8d43d9038f5f2dc8b831ba58a88eeb5b1786b21e398aeeeb7c1f3d6f01d82b3947862fb9e7cbd7da5d04c5fcd34da28d53e2246e3ac1e3a619ad174efa6435eaa0fc94d610799ce0158421dce046306eb5042143daa336d52206b12610ea6389cdda49bf5af1d4ee42ac090a94ae7b7612073f3a5c36a2245eda887f41478f7d20f18667f941f71eebcfa76c1ab28f2a49a3bd56bd3f4e6bd079ab3fe2d94782236e83585a03e52907abaef7456a95d5d3f3d37efdc035dbfd7c41b8ba0af2df8adf1cf24f7ff0beccd3d26bc91caf42314ef7e466f74e19ae0df2e2298fc2f694a7ec134632035585d530e7e19f65c256f001d75382d9825ef741bc213af186377d9ca10d3722354e1897ca5c23ac6a52c9ad0e6b686e1776f7ec65df033e8f4d5db80c1bc354093b319cb70df93d610667675816328c99322f14e636b95f04e6497f139d508b453f53ddb5c289d849fd5407c9bdcefd1642abd46e28cb4e94371bdc606eeb67c9fe17747c68f2d50e82711da4d3edb0eda06f41b7f93fa8fb4d83cf21c79da67000bac2275508217ade1659fa8d24e5f8efb9f4bd21073ebef3d06368eb03fa3cf0d638448bd055ed20d292033ffdba538559c8ff9a2a5c8f83b5c393643d6585d1df994c3be43e72b8f3f53114d2a5f6bcedb573842b23b6a3eb7fca8495bf03bd03fde7b19bd39a16cec49e01f38e671af33cae082d9788e3202799bc466babec2080528d0609c0b731964719093735b4c1e73bd0705637c47516922197c552baeaf3516b5e3bbc2cd1afa3ef8215196ed580d9561092f620b897e98e786a0c7cbb0eedda8063292ba6482497f5f6bb62fb5ab4c97cb7658dc6579718eb97b547fcf47ced1426561af93a15fb4dc6d3d93b868644943c2c94b23b0570bbb81df2666c24f5abccfcdd71e209f3bb43c01d17f9bc8b9af2c26762fc6a741a150b7d1186e4f35175f3c315243e1c11e92c43a1fc492eef5a13c77a81fcf514ebfd0f8e645dae15a07e86b2f01fda065db4505a5eea83cb616f744f6bee731be191c65449c02603556d5a51422cf9c2f19f8d6843e0c1091e0708aa271e91f71c8602b9fa72189e036b7cb6af1569f21269283de94a6d7fe5849fd433d5b719c80419873db0587fc29786cc598d896fb16360bddd2ce12e54d05418f4f5e5f2d7aafe9fcd6268cbe2e9e6329ffb6c67fab8f3ce673028cc06aaa6b857556bba3b44d3fab5b6e875e70a2f3ad4b2ff76f31ead3462d3801ba373b3c2f545e94f57021575e2947f81f53283fc0a5137fd44fa3d074c92de54a0a3465c858f5a7ef08313faddbc3663e4e0167f3cba39612057a7518fbfb031f5ad0f9f75831973ebd733b82e554bf3fdec84e51f65dab6028c6c51366d9d4700fdf255e4c7bd70766e7f2281b3f2a5363f85ce49f9135904d14bcb117ad754c2594dcdca2d30e40ff265b5accfb116f64ed99aad570c4c5a91efdbb984ac651d8721405a0342cf77f448c17a152eabf29e88950558a86d0074e1cefab1eb7c366682f686ee1338737e675ea58eb8b4c86b9f28a6f6e96459f29e3b4dc59ff044c61a0dcc5c31d803e6e98420e446229ccdec3d0f705e92ffe016bb3696373eadab7f35ccf65ab4d9be09a085ce21bbd7c0555376e4d7fe68b5e7a64f48b5127825fb2be598d991f9c1a54bf52713417dcc599e812d85513a537e6eafa738edc972b67e065595d11678449bce6cd3d69800a649b560d0e057c502ca3e72e97820829ecfea801192c3f4e2c8763c095a43ee6fe45fe8730130937668df1d4ee577ada28238be03286481f2d2a004cc4d48856e71fbd64f1a0043a4520ecbbf1b3abdc96b87a27be8495a20542967aa4cd3a44a11502419a083d84e97abfde0901b66dde48388649a0ed6d93b9f20c530e990c7c52370a114d800d6ab3f6687d6bbc105b63738fe05fa6cac98ad6663936bb18cb923264e4c921012b68a26a70977446b8f15f9d62467d8b356560c183a6bd6cd76ec868c3bd94a595cd7bf996755a508a814980c5e588b275200c45afd900c8c2de329ec2484b0e3ecd7b0960e5e3425881d1ff7f8bd8b20f5cc98ffc3acb77f5e88775a4bd3ab9f9eb027e27d3af55ebdf4eebab48ea911128d668d00fc3f5b5480aa0d9a4af563ba577384448e5425157133d59e1cef3c722f33700bd372825046b1fa5824e405154a3af1440bc2b75acfbd07cf92e8c162587e74b5ab66b1c6aeab3ad5fa3ee91da4900ef30ad04baea326df912517dd96e1696b4a91faa66675978a375e81f25464a1073dc6737af08d7e25956bb31d438548a7da38662d49db812a8cf1d6cc65f5c63879fd9ee7fd2a66ca3fc1a768cb239aab88c87206470b4c60592afeb6d69ed97a8f990155862ba4e22b64804142c131a23792937aa8a8696e165c24d7692a04bb4471b0f0d2507fe7c8618421428fc7a0acc984ca5cc6bacb772e8a717bbaa646f9643275910a6037afaf5a80678d18edda138a4e13d06d04a5d06431eab48738225cf1567e960e765728dc12e91b91c6f2b33dfb6e033aa68c1c2334d24335abc4a7a1df5636dec29091da54d5f5a1fff41e4a35a0c2f04f968f7d78e2f51c73577e2192bb20f289aaba5a175c2ed533855bd9ed9a842ad482136dd5e0cf45eb5e2d31ff62a3be1cf8a94a58316e74f4ab9fc54f3a0bb83beef0f355993bdea2c83e61cdc796bf2564ae51fae616799e8711998cd88d35cd9824452fdd65226174b46792cb87f4dd282e4e6f67eb66da413ad877ed6ce775f7e19bc93f48bb9e5ec04009de3c042aeacf7f4b25ad6b30e017303f64fe07ac79e8744aab6926d117f13513d0469cef335fe1d0d787c2d0b2c031a9521786ac10e9f8b768271680337f2c3262abdccb5d3107c632bf1f74c83ee91f49988222fb080cc8faa9b1a02526d8b6087e0b2354173d29016b3309587c16f057dd812aa63c3169150de81f3af97d082a8f8da4ce4f909ff649821d7f96d97613552e8cc4902e046ecfa329b1d980ff5ece69b8f1615fdff5244f41cec0af924624ae1641ecae5fa26c5fb9006e57100ee71377ced7c255ae17a0845e2ee0287c62c1852f93877f9f86157ca9675d383fff5cd6f2b001ec0136c07cf37f5ace1853122c2baa1092d418e2a490c4a5c8f56b828ce1bafeef4e77f095d6b4ed99d56f66812cb19be540ebe5d52e7eff2d69cbb8477e11514f7e3604bf9999f78c2f1ca6f60a2216b87fa0f25269c425b7d50709b200912b3b7899c95e12d6e9c4dacc19e327721860e0477a53e6793fbb7fb9704a848f395f48c24a6e79b9e1358cc3497251de88b8d3a7b22c6d8af1a7fab81530d9f0cc98f62debb222b54780d89794238532717b447d71b46a60ed481c21db85b590b31720009695ecffd4ef029964e5d5149622233ac013e960a005c924f73ea82c318455546c53d74aa3f7e2ff26aa074c40a55aba8b08027fc19b596eec6c4f89bae39e74b9aad88344f7cc5ad3eefa5095f2ab47222e9a357ecd71c6700ac576025201490d9e446603dfd4bda7617dd500981b2d2ab8c43882a5208494cb3f8ebc720bca8a7cf6c80bd7aaaf89507bb3412ea490a78973f12cc30413e9df1458917ea3d68b438d424c1314bc8d01939c5a5a842438281e62d0c800dee704b2a6cd3e1e4b885a6b26b894a98765fa3308c9e4b87f93625faecdb17c29a27cd243bf6030a67874ec9f2443cf8154261ac2a834c01cbe1f314ee7aa3ca552e1648cf8b42a63f249e3538026e09e44d69dc259adb0d1a0cbccb5a5dd5d0dccc90d023da79d5634188ff060f7e35a5f9d7ad99546824d63975d4452de876093f4e997dc46eedcd80a9eebf5e4f077fbb10c7d9e19a3419e7b845972a3b62613c5404a209b16fa88e0ff49d7b4f21fecc1f773c5b4be61021e0cab8602c6e8257649303aaeafcbb178e7a460ff07f219c46eb6fe5bf8113723e454003bd707767c107daf4255751daaf8decf35262640058924eb6587868b2c08230b317e97396ebc928ba8d274ca0eed0bfcb637676003c64e8c1e1a0420b6c96a44226061ced41b8448382abd2f3d0c472afcde231fbc9ee90c2f1132f8e2391246f95ad93354c7460e20de996ad0f61b13b27646887a637cede90b94b7d8c3130f0fe060e8d955c711a2700b302a75bdeb32a0a6802ea795cb114f5f82a1a381a86bbff88b299e47728b746dff964c94c52b661b9429376b1320b46081426b7c340206dc0da151bf84be2a49e78b6b5938753d2b1be8d9e67c43c5d70e72519f5f90d0500e84ee38f82b191ac4d968b0a37901fd923cb289d585693ac3c3f8a94fca6df45e694e199a9cd0b1bc1fa7394bcc96aae670dca6605a998793b7e067ac410ba631057b8b76fcbe9524df820c02efef1608b743cd2aa6d60d3d8e476fa12d3acc329f8272b087d89471177ed531fec1f9c24a975ca2fcd8c246a33e291a3f00b7f234052067a0059c86762475256bb5e7dac6f121a0925506b18933c6e314915d4b3b2130aafc2483ef22ff8bb7b887565b1bd22fabca22037d8fc9437f675c5313526266f60bb7c7c47f30c7d567ed142ea5ec367c4298328d20e5344f01c0c90cf8a6302f4d84b6ba7495fba314a05ba29b63bb6d458fdb05a4411136958309f418fb178e19aa09ff9e62b29732fb2986c96e738f7a688cb2122dbb8f2ad9a5f28bc49ec0c462413552afee8e403259b55ad6dc334dde7f2d306929dd01f2aa6036cafd41874522689301b81c9e50e86828894140356db0a3317b081ed9d8148c41e77e6bda6287762532b86eb91f5480915680deb8a91fb8656b7f0109064865d2b846af0861f67d3f720d6e306540cd7b68f095ef3690b88ea93fb6a402ff5697597cda83171f159e85307d1a8c01611189bd4eb4f0453ab88d43ae181a562a76902a67c687514079d6f4304d9a7c0fa24b6e86074ea0a9fd8187c120312078f5ebfa674adc0303734bf8f6b5585943706594192ad64c9f7d9794fb83758924f862855ddd50bff58b522c43d73c03289baec628cd693cab93101b1e473b76532510e10f03e86812fea6f2d6f5467dcf29e6d7cf8524f383a0ded3f0951c3ffb171a6b8a6d97b5fa8899a19f1a3d0e934a1d4741076e4394ba225158f697bf7d5651717c6950229a0be22e8120d76a414edbcd03d505264b7ede8272ccbd6dbdcebaf11daf6a652f6f9eb74ba7a3ecc942892891388005ae5d971e4e79d696564906dffd44845b704a9abc2fa5ba1bb69a548423a08044ad6d0e365db7e6bea0f3844a452759716cb98dcf326001ec90c1c343174098cdf47ea2e13341058ca014d2a30e9ba3c526de72a6e387181bf76a278c9cbc518d8c374a3f1d9802a39464a100903dbec16f8f095f5d82d9d09507281e4f7fe0ce4fbeced193902a5f658af2a4c1d0952dabdc6ae5830b6b5a2c3f5b8d33a73665990822e5f4a7ce5366755a1615543bdf78299c71e890e0bedb6ec277b10a389d6a3ba9c037221421279e51ab50fb115de2076cc99444202e88ebd9d0fbe4e60234b7b761495ac6c9e615ddac8176164a88fb6d6cc2b52672c8949afe3efc1e87a598896bc93e421423844fcaafe65af898a015b3bcaf623ebeef9a57155af5278ceb52b995f7ca466d9e18b05e86380679e0257cff6d0c6750078462f2ee4701d6d8289ed848b877cf5918625b7937060d667c11119881c30809056892352c6c53c01e395af6866ea350e6f21fa3db772c1177c759999973b51e11ffc590800", 0x2000, &(0x7f0000000c80)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000580)={0x78, 0x0, 0x6, {0x0, 0x0, 0x0, {0x4, 0x10000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3966, 0x3, 0x8000, 0x0, r2, r3, 0xe, 0x4}}}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
r4 = openat(0xffffffffffffff9c, &(0x7f000000c380)='./file0\x00', 0x80101, 0x0)
write$tcp_congestion(r4, 0x0, 0xff0f)
dup2(r4, r0)

156.618932ms ago: executing program 0 (id=653):
syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
r0 = syz_open_dev$dri(&(0x7f0000000000), 0x79, 0x0)
ioctl$DRM_IOCTL_SET_MASTER(r0, 0x641e)
mount(&(0x7f0000000000)=@rnullb, &(0x7f0000000040)='./cgroup\x00', &(0x7f0000000080)='msdos\x00', 0x200000, 0x0)

21.014276ms ago: executing program 0 (id=654):
r0 = socket$l2tp6(0xa, 0x2, 0x73)
bind$l2tp6(r0, &(0x7f0000000000)={0xa, 0x0, 0x4, @loopback, 0x2, 0x3}, 0x20)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$l2tp(&(0x7f0000000140), 0xffffffffffffffff)
sendmsg$L2TP_CMD_TUNNEL_CREATE(r1, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000003c0)=ANY=[@ANYBLOB="5cffffff", @ANYRES16=r2, @ANYBLOB="0100000000000000000001000500050007000000000008000900030000001400200000000000000000000000e1ffe000000108000a0000000000060002000100000014001f"], 0x5c}, 0x1, 0x6c}, 0x0)

0s ago: executing program 0 (id=655):
openat$ptp0(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0)
r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x5, 0x0)
bind$bt_l2cap(r0, &(0x7f0000000000)={0x1f, 0x0, @any, 0x4, 0x1}, 0xe)
listen(r0, 0x3)
r1 = socket$rxrpc(0x21, 0x2, 0x2)
getsockopt$inet_sctp6_SCTP_RECONFIG_SUPPORTED(r1, 0x110, 0x75, 0x0, 0x0)
syz_emit_vhci(&(0x7f0000000540)=ANY=[@ANYBLOB="043e130100c900", @ANYBLOB=' '], 0x16)

kernel console output (not intermixed with test programs):

4][ T6796]  ? __pfx__printk+0x10/0x10
[  142.996594][ T6796]  ? __might_fault+0xb0/0x130
[  142.996625][ T6796]  should_fail_ex+0x414/0x560
[  142.996652][ T6796]  _copy_from_user+0x2d/0xb0
[  142.996672][ T6796]  ___sys_sendmsg+0x158/0x2a0
[  142.996699][ T6796]  ? __pfx____sys_sendmsg+0x10/0x10
[  142.996754][ T6796]  ? __fget_files+0x2a/0x420
[  142.996777][ T6796]  ? __fget_files+0x3a0/0x420
[  142.996810][ T6796]  __x64_sys_sendmsg+0x19b/0x260
[  142.996845][ T6796]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  142.996875][ T6796]  ? __pfx_ksys_write+0x10/0x10
[  142.996895][ T6796]  ? rcu_is_watching+0x15/0xb0
[  142.996920][ T6796]  ? do_syscall_64+0xbe/0x3b0
[  142.996940][ T6796]  do_syscall_64+0xfa/0x3b0
[  142.996954][ T6796]  ? lockdep_hardirqs_on+0x9c/0x150
[  142.996977][ T6796]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  142.996994][ T6796]  ? clear_bhb_loop+0x60/0xb0
[  142.997014][ T6796]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  142.997039][ T6796] RIP: 0033:0x7f94d958e929
[  142.997056][ T6796] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  142.997071][ T6796] RSP: 002b:00007f94da352038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  142.997090][ T6796] RAX: ffffffffffffffda RBX: 00007f94d97b5fa0 RCX: 00007f94d958e929
[  142.997102][ T6796] RDX: 0000000000000000 RSI: 0000200000000300 RDI: 0000000000000003
[  142.997117][ T6796] RBP: 00007f94da352090 R08: 0000000000000000 R09: 0000000000000000
[  142.997126][ T6796] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  142.997134][ T6796] R13: 0000000000000000 R14: 00007f94d97b5fa0 R15: 00007ffd66a75578
[  142.997160][ T6796]  </TASK>
[  143.293451][ T6798] Mount JFS Failure: -22
[  143.301726][ T6798] jfs_mount failed w/return code = -22
[  143.313828][ T6800] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  143.377017][ T6800] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  143.399498][ T6800] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  143.411294][ T6800] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  143.424718][ T6800] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  143.536947][ T6806] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  143.642329][    C1] vcan0: j1939_tp_rxtimer: 0xffff88807af4b800: rx timeout, send abort
[  143.650912][    C1] vcan0: j1939_xtp_rx_abort_one: 0xffff88807af4b800: 0x2f000: (3) A timeout occurred and this is the connection abort to close the session.
[  143.995907][ T6815] IPVS: length: 24 != 1689624
[  144.331381][ T6828] netlink: 4 bytes leftover after parsing attributes in process `syz.1.335'.
[  144.355829][ T3581] usb 3-1: new high-speed USB device number 34 using dummy_hcd
[  144.526018][ T3581] usb 3-1: config 17 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  144.544071][ T3581] usb 3-1: config 17 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7
[  144.564317][ T3581] usb 3-1: config 17 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024
[  144.584199][ T3581] usb 3-1: New USB device found, idVendor=0458, idProduct=5003, bcdDevice= 0.00
[  144.593296][ T3581] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  144.629871][ T6820] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22
[  145.427961][ T6841] netlink: 48 bytes leftover after parsing attributes in process `syz.1.340'.
[  145.438461][ T6841] omfs: Invalid superblock (0)
[  145.592902][    C1] vcan0: j1939_tp_rxtimer: 0xffff88805ad1a400: rx timeout, send abort
[  145.601765][    C1] vcan0: j1939_xtp_rx_abort_one: 0xffff88805ad1a400: 0x2f000: (3) A timeout occurred and this is the connection abort to close the session.
[  145.808484][ T6849] syzkaller1: entered promiscuous mode
[  145.816312][ T6849] syzkaller1: entered allmulticast mode
[  146.783082][ T6899] netlink: 60 bytes leftover after parsing attributes in process `syz.0.361'.
[  147.074541][ T5850] usb 4-1: new high-speed USB device number 33 using dummy_hcd
[  147.174571][ T3581] aiptek 3-1:17.0: Aiptek using 400 ms programming speed
[  147.190671][ T3581] input: Aiptek as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:17.0/input/input18
[  147.226346][ T5850] usb 4-1: device descriptor read/64, error -71
[  147.262923][ T3581] usb 3-1: USB disconnect, device number 34
[  147.269232][    C1] aiptek 3-1:17.0: aiptek_irq - usb_submit_urb failed with result -19
[  147.484703][ T5850] usb 4-1: new high-speed USB device number 34 using dummy_hcd
[  147.624322][ T5850] usb 4-1: device descriptor read/64, error -71
[  147.678799][    C1] vcan0: j1939_tp_rxtimer: 0xffff88805b11ac00: rx timeout, send abort
[  147.687312][    C1] vcan0: j1939_xtp_rx_abort_one: 0xffff88805b11ac00: 0x2f000: (3) A timeout occurred and this is the connection abort to close the session.
[  147.736201][ T5850] usb usb4-port1: attempt power cycle
[  148.071684][ T6932] syzkaller1: entered promiscuous mode
[  148.080561][ T6932] syzkaller1: entered allmulticast mode
[  148.102808][ T6932] FAULT_INJECTION: forcing a failure.
[  148.102808][ T6932] name failslab, interval 1, probability 0, space 0, times 0
[  148.115721][ T6932] CPU: 1 UID: 0 PID: 6932 Comm: syz.0.368 Not tainted 6.16.0-rc3-syzkaller-00042-g78f4e737a53e #0 PREEMPT(full) 
[  148.115747][ T6932] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  148.115758][ T6932] Call Trace:
[  148.115766][ T6932]  <TASK>
[  148.115773][ T6932]  dump_stack_lvl+0x189/0x250
[  148.115813][ T6932]  ? __pfx____ratelimit+0x10/0x10
[  148.115841][ T6932]  ? __pfx_dump_stack_lvl+0x10/0x10
[  148.115859][ T6932]  ? __pfx__printk+0x10/0x10
[  148.115889][ T6932]  should_fail_ex+0x414/0x560
[  148.115916][ T6932]  should_failslab+0xa8/0x100
[  148.115944][ T6932]  kmem_cache_alloc_noprof+0x73/0x3c0
[  148.115962][ T6932]  ? dst_alloc+0x105/0x170
[  148.115986][ T6932]  dst_alloc+0x105/0x170
[  148.116010][ T6932]  ip_route_input_rcu+0x1ed5/0x2ff0
[  148.116044][ T6932]  ? __pfx_ip_route_input_rcu+0x10/0x10
[  148.116086][ T6932]  ? ipt_do_table+0x13dd/0x1640
[  148.116111][ T6932]  ? ip_route_input_noref+0x98/0x250
[  148.116134][ T6932]  ip_route_input_noref+0x167/0x250
[  148.116157][ T6932]  ? __pfx_ip_route_input_noref+0x10/0x10
[  148.116186][ T6932]  ? ipt_do_table+0x2a3/0x1640
[  148.116204][ T6932]  ? __pfx_ipt_do_table+0x10/0x10
[  148.116226][ T6932]  ip_rcv_finish_core+0x5af/0x1c00
[  148.116259][ T6932]  ip_rcv_finish+0x14c/0x2f0
[  148.116281][ T6932]  NF_HOOK+0x309/0x3a0
[  148.116299][ T6932]  ? __pfx_ip_rcv_finish+0x10/0x10
[  148.116315][ T6932]  ? NF_HOOK+0x9a/0x3a0
[  148.116332][ T6932]  ? __pfx_NF_HOOK+0x10/0x10
[  148.116347][ T6932]  ? ip_rcv_core+0x7f7/0xd00
[  148.116368][ T6932]  ? __pfx_ip_rcv_finish+0x10/0x10
[  148.116395][ T6932]  ? __pfx_ip_rcv+0x10/0x10
[  148.116410][ T6932]  __netif_receive_skb+0x143/0x380
[  148.116432][ T6932]  ? netif_receive_skb+0x115/0x790
[  148.116459][ T6932]  netif_receive_skb+0x1cb/0x790
[  148.116483][ T6932]  ? __pfx___local_bh_disable_ip+0x10/0x10
[  148.116501][ T6932]  ? _copy_from_iter+0x24c/0x16f0
[  148.116534][ T6932]  ? __pfx_netif_receive_skb+0x10/0x10
[  148.116556][ T6932]  ? sock_alloc_send_pskb+0x875/0x990
[  148.116578][ T6932]  ? tun_rx_batched+0x160/0x730
[  148.116597][ T6932]  tun_rx_batched+0x1b9/0x730
[  148.116611][ T6932]  ? __lock_acquire+0xab9/0xd20
[  148.116630][ T6932]  ? __pfx_tun_rx_batched+0x10/0x10
[  148.116648][ T6932]  ? tun_get_user+0x2549/0x3ce0
[  148.116673][ T6932]  tun_get_user+0x298e/0x3ce0
[  148.116692][ T6932]  ? tun_get_user+0x2549/0x3ce0
[  148.116716][ T6932]  ? aa_file_perm+0x11f/0xed0
[  148.116737][ T6932]  ? __pfx_tun_get_user+0x10/0x10
[  148.116760][ T6932]  ? aa_file_perm+0x3e7/0xed0
[  148.116786][ T6932]  ? ref_tracker_alloc+0x318/0x460
[  148.116811][ T6932]  ? __lock_acquire+0xab9/0xd20
[  148.116828][ T6932]  ? __pfx_ref_tracker_alloc+0x10/0x10
[  148.116854][ T6932]  ? tun_get+0x1c/0x2f0
[  148.116884][ T6932]  ? tun_get+0x1c/0x2f0
[  148.116906][ T6932]  ? tun_get+0x1c/0x2f0
[  148.116932][ T6932]  tun_chr_write_iter+0x113/0x200
[  148.116955][ T6932]  vfs_write+0x54b/0xa90
[  148.116980][ T6932]  ? __pfx_tun_chr_write_iter+0x10/0x10
[  148.116999][ T6932]  ? __pfx_vfs_write+0x10/0x10
[  148.117024][ T6932]  ? __fget_files+0x2a/0x420
[  148.117053][ T6932]  ksys_write+0x145/0x250
[  148.117074][ T6932]  ? __pfx_ksys_write+0x10/0x10
[  148.117089][ T6932]  ? rcu_is_watching+0x15/0xb0
[  148.117112][ T6932]  ? do_syscall_64+0xbe/0x3b0
[  148.117131][ T6932]  do_syscall_64+0xfa/0x3b0
[  148.117145][ T6932]  ? lockdep_hardirqs_on+0x9c/0x150
[  148.117168][ T6932]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  148.117184][ T6932]  ? clear_bhb_loop+0x60/0xb0
[  148.117205][ T6932]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  148.117221][ T6932] RIP: 0033:0x7f1579b8e929
[  148.117239][ T6932] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  148.117254][ T6932] RSP: 002b:00007f157aa96038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  148.117272][ T6932] RAX: ffffffffffffffda RBX: 00007f1579db5fa0 RCX: 00007f1579b8e929
[  148.117284][ T6932] RDX: 000000000000002a RSI: 0000200000000840 RDI: 0000000000000003
[  148.117294][ T6932] RBP: 00007f157aa96090 R08: 0000000000000000 R09: 0000000000000000
[  148.117303][ T6932] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  148.117309][ T6932] R13: 0000000000000000 R14: 00007f1579db5fa0 R15: 00007ffcd88308b8
[  148.117328][ T6932]  </TASK>
[  148.538332][ T5850] usb 4-1: new high-speed USB device number 35 using dummy_hcd
[  148.550171][ T6938] IPVS: length: 24 != 1689624
[  148.575222][ T5850] usb 4-1: device descriptor read/8, error -71
[  148.608997][ T6940] 9pnet_fd: Insufficient options for proto=fd
[  148.824096][ T5850] usb 4-1: new high-speed USB device number 36 using dummy_hcd
[  148.844753][ T5850] usb 4-1: device descriptor read/8, error -71
[  148.954390][ T5850] usb usb4-port1: unable to enumerate USB device
[  149.181287][ T6962] FAULT_INJECTION: forcing a failure.
[  149.181287][ T6962] name failslab, interval 1, probability 0, space 0, times 0
[  149.196943][ T6962] CPU: 0 UID: 0 PID: 6962 Comm: syz.1.378 Not tainted 6.16.0-rc3-syzkaller-00042-g78f4e737a53e #0 PREEMPT(full) 
[  149.196970][ T6962] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  149.196981][ T6962] Call Trace:
[  149.196989][ T6962]  <TASK>
[  149.196996][ T6962]  dump_stack_lvl+0x189/0x250
[  149.197023][ T6962]  ? __pfx____ratelimit+0x10/0x10
[  149.197050][ T6962]  ? __pfx_dump_stack_lvl+0x10/0x10
[  149.197069][ T6962]  ? __pfx__printk+0x10/0x10
[  149.197094][ T6962]  ? __pfx___might_resched+0x10/0x10
[  149.197113][ T6962]  ? fs_reclaim_acquire+0x7d/0x100
[  149.197140][ T6962]  should_fail_ex+0x414/0x560
[  149.197167][ T6962]  should_failslab+0xa8/0x100
[  149.197192][ T6962]  __kmalloc_noprof+0xcb/0x4f0
[  149.197211][ T6962]  ? copy_splice_read+0x143/0x9b0
[  149.197239][ T6962]  copy_splice_read+0x143/0x9b0
[  149.197260][ T6962]  ? __pfx_pipe_to_null+0x10/0x10
[  149.197283][ T6962]  ? pipe_unlock+0x56/0x80
[  149.197305][ T6962]  ? splice_from_pipe+0x108/0x160
[  149.197327][ T6962]  ? __pfx_pipe_to_null+0x10/0x10
[  149.197344][ T6962]  ? __pfx_copy_splice_read+0x10/0x10
[  149.197364][ T6962]  ? look_up_lock_class+0x74/0x170
[  149.197401][ T6962]  ? file_end_write+0xd8/0x250
[  149.197424][ T6962]  ? direct_splice_actor+0x10c/0x160
[  149.197448][ T6962]  ? __pfx_copy_splice_read+0x10/0x10
[  149.197467][ T6962]  splice_direct_to_actor+0x4a6/0xcc0
[  149.197508][ T6962]  ? __pfx_direct_splice_actor+0x10/0x10
[  149.197530][ T6962]  ? __pfx_splice_direct_to_actor+0x10/0x10
[  149.197552][ T6962]  ? __pfx_aa_file_perm+0x10/0x10
[  149.197580][ T6962]  do_splice_direct+0x181/0x270
[  149.197605][ T6962]  ? __pfx_do_splice_direct+0x10/0x10
[  149.197628][ T6962]  ? __pfx_direct_file_splice_eof+0x10/0x10
[  149.197653][ T6962]  ? bpf_lsm_file_permission+0x9/0x20
[  149.197671][ T6962]  ? security_file_permission+0x75/0x290
[  149.197703][ T6962]  ? rw_verify_area+0x258/0x650
[  149.197728][ T6962]  do_sendfile+0x4da/0x7e0
[  149.197744][ T6962]  ? __pfx_vfs_write+0x10/0x10
[  149.197771][ T6962]  ? __pfx_do_sendfile+0x10/0x10
[  149.197787][ T6962]  ? __fget_files+0x3a0/0x420
[  149.197821][ T6962]  __se_sys_sendfile64+0x13e/0x190
[  149.197848][ T6962]  ? __pfx___se_sys_sendfile64+0x10/0x10
[  149.197868][ T6962]  ? rcu_is_watching+0x15/0xb0
[  149.197892][ T6962]  ? do_syscall_64+0xbe/0x3b0
[  149.197924][ T6962]  do_syscall_64+0xfa/0x3b0
[  149.197937][ T6962]  ? lockdep_hardirqs_on+0x9c/0x150
[  149.197963][ T6962]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  149.197979][ T6962]  ? clear_bhb_loop+0x60/0xb0
[  149.198000][ T6962]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  149.198017][ T6962] RIP: 0033:0x7fd67c38e929
[  149.198034][ T6962] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  149.198049][ T6962] RSP: 002b:00007fd67d207038 EFLAGS: 00000246 ORIG_RAX: 0000000000000028
[  149.198069][ T6962] RAX: ffffffffffffffda RBX: 00007fd67c5b5fa0 RCX: 00007fd67c38e929
[  149.198081][ T6962] RDX: 0000000000000000 RSI: 0000000000000003 RDI: 0000000000000003
[  149.198091][ T6962] RBP: 00007fd67d207090 R08: 0000000000000000 R09: 0000000000000000
[  149.198102][ T6962] R10: 000000040000f63c R11: 0000000000000246 R12: 0000000000000001
[  149.198113][ T6962] R13: 0000000000000000 R14: 00007fd67c5b5fa0 R15: 00007ffc444b9ed8
[  149.198140][ T6962]  </TASK>
[  149.525057][    C0] vkms_vblank_simulate: vblank timer overrun
[  149.578274][ T6964] fuse: Bad value for 'fd'
[  149.824107][ T6969] capability: warning: `syz.1.380' uses deprecated v2 capabilities in a way that may be insecure
[  149.864315][ T6969] capability: warning: `syz.1.380' uses 32-bit capabilities (legacy support in use)
[  149.906115][ T6969] netlink: 'syz.1.380': attribute type 10 has an invalid length.
[  149.969217][ T6969] 8021q: adding VLAN 0 to HW filter on device bond0
[  149.996015][ T6969] team0: Port device bond0 added
[  150.014296][    C1] vcan0: j1939_tp_rxtimer: 0xffff8880331e5000: rx timeout, send abort
[  150.022786][    C1] vcan0: j1939_xtp_rx_abort_one: 0xffff8880331e5000: 0x2f000: (3) A timeout occurred and this is the connection abort to close the session.
[  150.147539][ T6982] fuse: Bad value for 'fd'
[  150.157967][ T6983] netlink: 'syz.3.385': attribute type 12 has an invalid length.
[  150.194865][ T6983] netlink: 9472 bytes leftover after parsing attributes in process `syz.3.385'.
[  150.527456][ T1210] usb 4-1: new high-speed USB device number 37 using dummy_hcd
[  150.667226][ T7005] FAULT_INJECTION: forcing a failure.
[  150.667226][ T7005] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  150.695144][ T7005] CPU: 1 UID: 0 PID: 7005 Comm: syz.1.391 Not tainted 6.16.0-rc3-syzkaller-00042-g78f4e737a53e #0 PREEMPT(full) 
[  150.695174][ T7005] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  150.695184][ T7005] Call Trace:
[  150.695191][ T7005]  <TASK>
[  150.695200][ T7005]  dump_stack_lvl+0x189/0x250
[  150.695227][ T7005]  ? __pfx____ratelimit+0x10/0x10
[  150.695255][ T7005]  ? __pfx_dump_stack_lvl+0x10/0x10
[  150.695273][ T7005]  ? __pfx__printk+0x10/0x10
[  150.695292][ T7005]  ? __might_fault+0xb0/0x130
[  150.695323][ T7005]  should_fail_ex+0x414/0x560
[  150.695349][ T7005]  _copy_from_user+0x2d/0xb0
[  150.695370][ T7005]  io_submit_one+0xc2/0x1310
[  150.695411][ T7005]  ? __pfx_io_submit_one+0x10/0x10
[  150.695434][ T7005]  ? __might_fault+0xb0/0x130
[  150.695465][ T7005]  ? __might_fault+0xb0/0x130
[  150.695485][ T7005]  __se_sys_io_submit+0x185/0x2f0
[  150.695509][ T7005]  ? __pfx___se_sys_io_submit+0x10/0x10
[  150.695528][ T7005]  ? ksys_write+0x22a/0x250
[  150.695559][ T7005]  ? do_syscall_64+0xbe/0x3b0
[  150.695577][ T7005]  do_syscall_64+0xfa/0x3b0
[  150.695605][ T7005]  ? lockdep_hardirqs_on+0x9c/0x150
[  150.695627][ T7005]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  150.695644][ T7005]  ? clear_bhb_loop+0x60/0xb0
[  150.695665][ T7005]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  150.695680][ T7005] RIP: 0033:0x7fd67c38e929
[  150.695697][ T7005] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  150.695711][ T7005] RSP: 002b:00007fd67d207038 EFLAGS: 00000246 ORIG_RAX: 00000000000000d1
[  150.695730][ T7005] RAX: ffffffffffffffda RBX: 00007fd67c5b5fa0 RCX: 00007fd67c38e929
[  150.695743][ T7005] RDX: 00002000000000c0 RSI: 2000000000000153 RDI: 00007fd67d1e6000
[  150.695755][ T7005] RBP: 00007fd67d207090 R08: 0000000000000000 R09: 0000000000000000
[  150.695779][ T7005] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  150.695789][ T7005] R13: 0000000000000000 R14: 00007fd67c5b5fa0 R15: 00007ffc444b9ed8
[  150.695815][ T7005]  </TASK>
[  150.705819][ T1210] usb 4-1: Using ep0 maxpacket: 16
[  150.928750][ T7016] fuse: Bad value for 'fd'
[  151.057538][ T1210] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  151.068824][ T7021] FAULT_INJECTION: forcing a failure.
[  151.068824][ T7021] name failslab, interval 1, probability 0, space 0, times 0
[  151.070682][ T1210] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 3
[  151.085339][ T7021] CPU: 1 UID: 0 PID: 7021 Comm: syz.1.397 Not tainted 6.16.0-rc3-syzkaller-00042-g78f4e737a53e #0 PREEMPT(full) 
[  151.085367][ T7021] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  151.085379][ T7021] Call Trace:
[  151.085386][ T7021]  <TASK>
[  151.085394][ T7021]  dump_stack_lvl+0x189/0x250
[  151.085422][ T7021]  ? __pfx____ratelimit+0x10/0x10
[  151.085450][ T7021]  ? __pfx_dump_stack_lvl+0x10/0x10
[  151.085468][ T7021]  ? __pfx__printk+0x10/0x10
[  151.085493][ T7021]  ? __pfx___might_resched+0x10/0x10
[  151.085512][ T7021]  ? fs_reclaim_acquire+0x7d/0x100
[  151.085548][ T7021]  should_fail_ex+0x414/0x560
[  151.085574][ T7021]  should_failslab+0xa8/0x100
[  151.085599][ T7021]  kmem_cache_alloc_noprof+0x73/0x3c0
[  151.085618][ T7021]  ? skb_clone+0x212/0x3a0
[  151.085644][ T7021]  skb_clone+0x212/0x3a0
[  151.085663][ T7021]  ? nfnetlink_rcv+0x486/0x2520
[  151.085692][ T7021]  nfnetlink_rcv+0x4b4/0x2520
[  151.085719][ T7021]  ? __dev_queue_xmit+0x1cd7/0x3a70
[  151.085744][ T7021]  ? kmem_cache_alloc_noprof+0x1c1/0x3c0
[  151.085765][ T7021]  ? __dev_queue_xmit+0x27e/0x3a70
[  151.085787][ T7021]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  151.085812][ T7021]  ? __pfx_nfnetlink_rcv+0x10/0x10
[  151.085849][ T7021]  ? ref_tracker_free+0x63a/0x7d0
[  151.085869][ T7021]  ? __copy_skb_header+0xa7/0x550
[  151.085890][ T7021]  ? __pfx_ref_tracker_free+0x10/0x10
[  151.085910][ T7021]  ? __skb_clone+0x63/0x7a0
[  151.085934][ T7021]  ? __skb_clone+0x483/0x7a0
[  151.085960][ T7021]  ? skb_clone+0x246/0x3a0
[  151.085996][ T7021]  ? __netlink_deliver_tap+0x807/0x850
[  151.086017][ T7021]  ? netlink_deliver_tap+0x2e/0x1b0
[  151.086041][ T7021]  ? netlink_deliver_tap+0x2e/0x1b0
[  151.086059][ T7021]  ? netlink_deliver_tap+0x2e/0x1b0
[  151.086083][ T7021]  netlink_unicast+0x75b/0x8d0
[  151.086111][ T7021]  netlink_sendmsg+0x805/0xb30
[  151.086139][ T7021]  ? __pfx_netlink_sendmsg+0x10/0x10
[  151.086161][ T7021]  ? aa_sock_msg_perm+0x94/0x160
[  151.086180][ T7021]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  151.086203][ T7021]  ? __pfx_netlink_sendmsg+0x10/0x10
[  151.086223][ T7021]  __sock_sendmsg+0x219/0x270
[  151.086250][ T7021]  ____sys_sendmsg+0x505/0x830
[  151.086275][ T7021]  ? __pfx_____sys_sendmsg+0x10/0x10
[  151.086304][ T7021]  ? import_iovec+0x74/0xa0
[  151.086324][ T7021]  ___sys_sendmsg+0x21f/0x2a0
[  151.086346][ T7021]  ? __pfx____sys_sendmsg+0x10/0x10
[  151.086398][ T7021]  ? __fget_files+0x2a/0x420
[  151.086421][ T7021]  ? __fget_files+0x3a0/0x420
[  151.086453][ T7021]  __x64_sys_sendmsg+0x19b/0x260
[  151.086475][ T7021]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  151.086504][ T7021]  ? __pfx_ksys_write+0x10/0x10
[  151.086527][ T7021]  ? rcu_is_watching+0x15/0xb0
[  151.086548][ T7021]  ? do_syscall_64+0xbe/0x3b0
[  151.086567][ T7021]  do_syscall_64+0xfa/0x3b0
[  151.086581][ T7021]  ? lockdep_hardirqs_on+0x9c/0x150
[  151.086604][ T7021]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  151.086619][ T7021]  ? clear_bhb_loop+0x60/0xb0
[  151.086641][ T7021]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  151.086657][ T7021] RIP: 0033:0x7fd67c38e929
[  151.086674][ T7021] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  151.086689][ T7021] RSP: 002b:00007fd67d207038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  151.086709][ T7021] RAX: ffffffffffffffda RBX: 00007fd67c5b5fa0 RCX: 00007fd67c38e929
[  151.086721][ T7021] RDX: 0000000000000000 RSI: 00002000000000c0 RDI: 0000000000000003
[  151.086733][ T7021] RBP: 00007fd67d207090 R08: 0000000000000000 R09: 0000000000000000
[  151.086744][ T7021] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  151.086755][ T7021] R13: 0000000000000000 R14: 00007fd67c5b5fa0 R15: 00007ffc444b9ed8
[  151.086781][ T7021]  </TASK>
[  151.493810][ T1210] usb 4-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  151.502994][ T1210] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  151.511075][ T1210] usb 4-1: Product: syz
[  151.524147][ T1210] usb 4-1: Manufacturer: syz
[  151.528825][ T1210] usb 4-1: SerialNumber: syz
[  151.594242][ T5917] usb 3-1: new high-speed USB device number 35 using dummy_hcd
[  151.726930][ T5850] usb 2-1: new high-speed USB device number 20 using dummy_hcd
[  151.760324][ T1210] usb 4-1: 0:2 : does not exist
[  151.767243][ T5917] usb 3-1: config 1 has too many interfaces: 66, using maximum allowed: 32
[  151.784299][ T5917] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  151.805268][ T5917] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 66
[  151.821649][ T1210] usb 4-1: 5:0: failed to get current value for ch 0 (-22)
[  151.834338][ T5917] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  151.890712][ T5917] usb 3-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[  151.905957][ T5850] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  151.909491][ T1210] usb 4-1: USB disconnect, device number 37
[  151.934321][ T5917] usb 3-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[  151.942431][ T5917] usb 3-1: Product: syz
[  151.946722][ T5850] usb 2-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40
[  151.973433][ T5917] usb 3-1: Manufacturer: syz
[  151.984862][ T5850] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  152.019237][ T5850] usb 2-1: config 0 descriptor??
[  152.025177][ T5917] cdc_wdm 3-1:1.0: skipping garbage
[  152.038102][ T5917] cdc_wdm 3-1:1.0: skipping garbage
[  152.058606][ T5917] cdc_wdm 3-1:1.0: cdc-wdm0: USB WDM device
[  152.075076][ T5917] cdc_wdm 3-1:1.0: Unknown control protocol
[  152.158995][ T7030] /dev/rnullb0: Can't open blockdev
[  152.463859][ T5850] keytouch 0003:0926:3333.0009: fixing up Keytouch IEC report descriptor
[  152.488408][ T5850] input: HID 0926:3333 as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/0003:0926:3333.0009/input/input20
[  152.541168][ T7036] FAT-fs (rnullb0): bogus number of reserved sectors
[  152.548107][ T7036] FAT-fs (rnullb0): Can't find a valid FAT filesystem
[  152.587574][ T7038] atomic_op ffff88806b852998 conn xmit_atomic 0000000000000000
[  152.635445][ T5850] keytouch 0003:0926:3333.0009: input,hidraw0: USB HID v0.00 Keyboard [HID 0926:3333] on usb-dummy_hcd.1-1/input0
[  152.800458][ T7041] fuse: Bad value for 'fd'
[  152.895482][ T5850] usb 2-1: USB disconnect, device number 20
[  152.965783][    C0] cdc_wdm 3-1:1.0: nonzero urb status received: -EPIPE
[  153.284324][ T1210] usb 1-1: new high-speed USB device number 34 using dummy_hcd
[  153.304191][ T5899] usb 4-1: new high-speed USB device number 38 using dummy_hcd
[  153.449281][ T1210] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  153.473333][ T1210] usb 1-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40
[  153.491608][ T1210] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  153.502019][ T5899] usb 4-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  153.522622][ T5899] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7
[  153.537096][ T1210] usb 1-1: config 0 descriptor??
[  153.555839][ T5899] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0
[  153.574337][ T5899] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  153.595156][ T5899] usb 4-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  153.606848][ T5899] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  153.619940][ T5899] usb 4-1: config 0 descriptor??
[  153.936858][ T7052] FAULT_INJECTION: forcing a failure.
[  153.936858][ T7052] name failslab, interval 1, probability 0, space 0, times 0
[  153.952171][ T7052] CPU: 1 UID: 0 PID: 7052 Comm: syz.1.409 Not tainted 6.16.0-rc3-syzkaller-00042-g78f4e737a53e #0 PREEMPT(full) 
[  153.952244][ T7052] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  153.952255][ T7052] Call Trace:
[  153.952262][ T7052]  <TASK>
[  153.952270][ T7052]  dump_stack_lvl+0x189/0x250
[  153.952298][ T7052]  ? __pfx____ratelimit+0x10/0x10
[  153.952336][ T7052]  ? __pfx_dump_stack_lvl+0x10/0x10
[  153.952353][ T7052]  ? __pfx__printk+0x10/0x10
[  153.952374][ T7052]  ? __pfx___might_resched+0x10/0x10
[  153.952391][ T7052]  ? fs_reclaim_acquire+0x7d/0x100
[  153.952416][ T7052]  should_fail_ex+0x414/0x560
[  153.952443][ T7052]  should_failslab+0xa8/0x100
[  153.952465][ T7052]  kmem_cache_alloc_noprof+0x73/0x3c0
[  153.952483][ T7052]  ? skb_clone+0x212/0x3a0
[  153.952509][ T7052]  skb_clone+0x212/0x3a0
[  153.952529][ T7052]  ? nfnetlink_rcv+0x486/0x2520
[  153.952555][ T7052]  nfnetlink_rcv+0x4b4/0x2520
[  153.952582][ T7052]  ? __dev_queue_xmit+0x1cd7/0x3a70
[  153.952614][ T7052]  ? kmem_cache_alloc_noprof+0x1c1/0x3c0
[  153.952635][ T7052]  ? __dev_queue_xmit+0x27e/0x3a70
[  153.952657][ T7052]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  153.952683][ T7052]  ? __pfx_nfnetlink_rcv+0x10/0x10
[  153.952721][ T7052]  ? ref_tracker_free+0x63a/0x7d0
[  153.952738][ T7052]  ? __copy_skb_header+0xa7/0x550
[  153.952760][ T7052]  ? __pfx_ref_tracker_free+0x10/0x10
[  153.952780][ T7052]  ? __skb_clone+0x63/0x7a0
[  153.952805][ T7052]  ? __skb_clone+0x483/0x7a0
[  153.952831][ T7052]  ? skb_clone+0x246/0x3a0
[  153.952855][ T7052]  ? __netlink_deliver_tap+0x807/0x850
[  153.952875][ T7052]  ? netlink_deliver_tap+0x2e/0x1b0
[  153.952901][ T7052]  ? netlink_deliver_tap+0x2e/0x1b0
[  153.952920][ T7052]  ? netlink_deliver_tap+0x2e/0x1b0
[  153.952944][ T7052]  netlink_unicast+0x75b/0x8d0
[  153.952971][ T7052]  netlink_sendmsg+0x805/0xb30
[  153.953000][ T7052]  ? __pfx_netlink_sendmsg+0x10/0x10
[  153.953023][ T7052]  ? aa_sock_msg_perm+0x94/0x160
[  153.953043][ T7052]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  153.953067][ T7052]  ? __pfx_netlink_sendmsg+0x10/0x10
[  153.953089][ T7052]  __sock_sendmsg+0x219/0x270
[  153.953117][ T7052]  ____sys_sendmsg+0x505/0x830
[  153.953143][ T7052]  ? __pfx_____sys_sendmsg+0x10/0x10
[  153.953172][ T7052]  ? import_iovec+0x74/0xa0
[  153.953194][ T7052]  ___sys_sendmsg+0x21f/0x2a0
[  153.953224][ T7052]  ? __pfx____sys_sendmsg+0x10/0x10
[  153.953276][ T7052]  ? __fget_files+0x2a/0x420
[  153.953299][ T7052]  ? __fget_files+0x3a0/0x420
[  153.953330][ T7052]  __x64_sys_sendmsg+0x19b/0x260
[  153.953350][ T7052]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  153.953376][ T7052]  ? __pfx_ksys_write+0x10/0x10
[  153.953403][ T7052]  ? do_syscall_64+0xbe/0x3b0
[  153.953424][ T7052]  do_syscall_64+0xfa/0x3b0
[  153.953438][ T7052]  ? lockdep_hardirqs_on+0x9c/0x150
[  153.953461][ T7052]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  153.953490][ T7052]  ? clear_bhb_loop+0x60/0xb0
[  153.953511][ T7052]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  153.953526][ T7052] RIP: 0033:0x7fd67c38e929
[  153.953543][ T7052] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  153.953557][ T7052] RSP: 002b:00007fd67d207038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  153.953576][ T7052] RAX: ffffffffffffffda RBX: 00007fd67c5b5fa0 RCX: 00007fd67c38e929
[  153.953588][ T7052] RDX: 0000000000000000 RSI: 0000200000000200 RDI: 0000000000000003
[  153.953598][ T7052] RBP: 00007fd67d207090 R08: 0000000000000000 R09: 0000000000000000
[  153.953609][ T7052] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  153.953618][ T7052] R13: 0000000000000000 R14: 00007fd67c5b5fa0 R15: 00007ffc444b9ed8
[  153.953644][ T7052]  </TASK>
[  154.364316][ T5899] plantronics 0003:047F:FFFF.000A: unknown main item tag 0x0
[  154.388913][ T5899] plantronics 0003:047F:FFFF.000A: No inputs registered, leaving
[  154.405197][ T5917] usb 3-1: USB disconnect, device number 35
[  154.453806][ T1210] keytouch 0003:0926:3333.000B: fixing up Keytouch IEC report descriptor
[  154.567247][ T1210] input: HID 0926:3333 as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/0003:0926:3333.000B/input/input22
[  154.600003][ T5899] plantronics 0003:047F:FFFF.000A: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.3-1/input0
[  154.637234][ T7044] netlink: 28 bytes leftover after parsing attributes in process `syz.3.405'.
[  154.804419][ T7061] IPVS: length: 24 != 1689624
[  154.863734][ T1210] keytouch 0003:0926:3333.000B: input,hidraw1: USB HID v0.00 Keyboard [HID 0926:3333] on usb-dummy_hcd.0-1/input0
[  154.931571][ T7063] netlink: zone id is out of range
[  154.965068][ T7063] netlink: zone id is out of range
[  154.977845][ T7044] block device autoloading is deprecated and will be removed.
[  154.987383][ T1210] usb 1-1: USB disconnect, device number 34
[  155.011289][ T7063] netlink: zone id is out of range
[  155.079884][ T7063] netlink: zone id is out of range
[  155.132195][ T7044] syz.3.405: attempt to access beyond end of device
[  155.132195][ T7044] md0: rw=2048, sector=0, nr_sectors = 8 limit=0
[  155.159181][ T7063] netlink: zone id is out of range
[  155.175343][ T5899] usb 4-1: USB disconnect, device number 38
[  155.194224][ T7063] netlink: zone id is out of range
[  155.199857][ T7063] netlink: zone id is out of range
[  155.206380][ T7064] fido_id[7064]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.0/usb1/report_descriptor': No such file or directory
[  155.240808][ T7063] netlink: zone id is out of range
[  155.248674][ T7063] netlink: zone id is out of range
[  155.255941][ T7063] netlink: zone id is out of range
[  155.268126][ T7057] syzkaller0: entered promiscuous mode
[  155.276150][ T7057] syzkaller0: entered allmulticast mode
[  156.490346][ T7092] UDF-fs: warning (device rnullb0): udf_load_vrs: No VRS found
[  156.505283][ T7092] UDF-fs: Scanning with blocksize 4096 failed
[  156.969969][ T5925] usb 4-1: new high-speed USB device number 39 using dummy_hcd
[  157.117070][ T5925] usb 4-1: device descriptor read/64, error -71
[  157.123408][    C1] vcan0: j1939_tp_rxtimer: 0xffff88807aa00c00: rx timeout, send abort
[  157.131955][    C1] vcan0: j1939_xtp_rx_abort_one: 0xffff88807aa00c00: 0x2f000: (3) A timeout occurred and this is the connection abort to close the session.
[  157.404253][ T5925] usb 4-1: new high-speed USB device number 40 using dummy_hcd
[  157.499179][ T3581] usb 1-1: new full-speed USB device number 35 using dummy_hcd
[  157.523377][ T7108] netlink: 60 bytes leftover after parsing attributes in process `syz.1.427'.
[  157.534370][ T5925] usb 4-1: device descriptor read/64, error -71
[  157.537890][ T7108] netlink: 60 bytes leftover after parsing attributes in process `syz.1.427'.
[  157.551897][ T7108] netlink: 60 bytes leftover after parsing attributes in process `syz.1.427'.
[  157.645305][ T5925] usb usb4-port1: attempt power cycle
[  157.666249][ T3581] usb 1-1: unable to get BOS descriptor or descriptor too short
[  157.675168][ T3581] usb 1-1: not running at top speed; connect to a high speed hub
[  157.683795][ T3581] usb 1-1: config 13 has an invalid interface number: 219 but max is 0
[  157.692224][ T3581] usb 1-1: config 13 has no interface number 0
[  157.699624][ T3581] usb 1-1: config 13 interface 219 has no altsetting 0
[  157.709049][ T3581] usb 1-1: New USB device found, idVendor=0979, idProduct=0280, bcdDevice=69.2d
[  157.718422][ T3581] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  157.727267][ T3581] usb 1-1: Product: syz
[  157.732632][ T3581] usb 1-1: Manufacturer: syz
[  157.737350][ T3581] usb 1-1: SerialNumber: syz
[  157.844276][ T5899] usb 2-1: new full-speed USB device number 21 using dummy_hcd
[  157.950291][ T7102] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  157.960501][ T7102] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  157.994242][ T5925] usb 4-1: new high-speed USB device number 41 using dummy_hcd
[  158.016012][ T5925] usb 4-1: device descriptor read/8, error -71
[  158.018256][ T5899] usb 2-1: unable to read config index 0 descriptor/start: -61
[  158.032370][ T5899] usb 2-1: can't read configurations, error -61
[  158.164217][ T5899] usb 2-1: new full-speed USB device number 22 using dummy_hcd
[  158.264203][ T5925] usb 4-1: new high-speed USB device number 42 using dummy_hcd
[  158.284791][ T5925] usb 4-1: device descriptor read/8, error -71
[  158.319251][ T5899] usb 2-1: unable to read config index 0 descriptor/start: -61
[  158.327301][ T5899] usb 2-1: can't read configurations, error -61
[  158.334049][ T5899] usb usb2-port1: attempt power cycle
[  158.395209][ T7102] dlm: plock device version mismatch: kernel (1.2.0), user (1668248176.0.24)
[  158.395703][ T5925] usb usb4-port1: unable to enumerate USB device
[  158.618700][ T7102] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  158.627642][ T7102] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  158.644764][ T3581] gspca_main: jeilinj-2.14.0 probing 0979:0280
[  158.659765][ T3581] usb 1-1: USB disconnect, device number 35
[  158.675447][ T5899] usb 2-1: new full-speed USB device number 23 using dummy_hcd
[  158.709864][ T5899] usb 2-1: unable to read config index 0 descriptor/start: -61
[  158.734391][ T5899] usb 2-1: can't read configurations, error -61
[  158.874266][ T5899] usb 2-1: new full-speed USB device number 24 using dummy_hcd
[  158.896761][ T5899] usb 2-1: unable to read config index 0 descriptor/start: -61
[  158.904597][ T5899] usb 2-1: can't read configurations, error -61
[  158.911186][ T5899] usb usb2-port1: unable to enumerate USB device
[  158.991614][ T7117] Bluetooth: MGMT ver 1.23
[  159.055820][ T7119] overlayfs: missing 'lowerdir'
[  159.067291][ T7119] IPVS: length: 24 != 1689624
[  159.414138][ T3581] usb 3-1: new high-speed USB device number 36 using dummy_hcd
[  159.575483][ T3581] usb 3-1: no configurations
[  159.580219][ T3581] usb 3-1: can't read configurations, error -22
[  159.716052][ T3581] usb 3-1: new high-speed USB device number 37 using dummy_hcd
[  159.874988][ T3581] usb 3-1: no configurations
[  159.881065][ T3581] usb 3-1: can't read configurations, error -22
[  159.888240][ T3581] usb usb3-port1: attempt power cycle
[  160.234176][ T3581] usb 3-1: new high-speed USB device number 38 using dummy_hcd
[  160.255362][ T3581] usb 3-1: no configurations
[  160.260005][ T3581] usb 3-1: can't read configurations, error -22
[  160.311199][ T7140] overlayfs: missing 'lowerdir'
[  160.323067][ T7140] IPVS: length: 24 != 1689624
[  160.394350][ T3581] usb 3-1: new high-speed USB device number 39 using dummy_hcd
[  160.415399][ T3581] usb 3-1: no configurations
[  160.420095][ T3581] usb 3-1: can't read configurations, error -22
[  160.427316][ T3581] usb usb3-port1: unable to enumerate USB device
[  160.560736][ T7146] netlink: 16 bytes leftover after parsing attributes in process `syz.0.443'.
[  160.570469][ T7146] netlink: 16 bytes leftover after parsing attributes in process `syz.0.443'.
[  160.682469][ T7148] FAULT_INJECTION: forcing a failure.
[  160.682469][ T7148] name failslab, interval 1, probability 0, space 0, times 0
[  160.695211][ T7148] CPU: 1 UID: 0 PID: 7148 Comm: syz.1.444 Not tainted 6.16.0-rc3-syzkaller-00042-g78f4e737a53e #0 PREEMPT(full) 
[  160.695235][ T7148] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  160.695244][ T7148] Call Trace:
[  160.695252][ T7148]  <TASK>
[  160.695258][ T7148]  dump_stack_lvl+0x189/0x250
[  160.695285][ T7148]  ? __pfx____ratelimit+0x10/0x10
[  160.695313][ T7148]  ? __pfx_dump_stack_lvl+0x10/0x10
[  160.695331][ T7148]  ? __pfx__printk+0x10/0x10
[  160.695345][ T7148]  ? kasan_save_track+0x4f/0x80
[  160.695366][ T7148]  ? dst_alloc+0x105/0x170
[  160.695390][ T7148]  ? fib6_rule_lookup+0x348/0x6f0
[  160.695411][ T7148]  ? ip6_route_output_flags+0x364/0x5d0
[  160.695431][ T7148]  ? ip6_dst_lookup_tail+0x1ae/0x1510
[  160.695452][ T7148]  ? udpv6_sendmsg+0x18e7/0x2710
[  160.695470][ T7148]  ? __sock_sendmsg+0xe5/0x270
[  160.695492][ T7148]  ? ____sys_sendmsg+0x52d/0x830
[  160.695510][ T7148]  ? ___sys_sendmsg+0x21f/0x2a0
[  160.695527][ T7148]  ? __sys_sendmmsg+0x227/0x430
[  160.695545][ T7148]  ? __x64_sys_sendmmsg+0xa0/0xc0
[  160.695569][ T7148]  should_fail_ex+0x414/0x560
[  160.695595][ T7148]  should_failslab+0xa8/0x100
[  160.695619][ T7148]  __kmalloc_node_noprof+0xd1/0x4e0
[  160.695647][ T7148]  ? alloc_slab_obj_exts+0x39/0xa0
[  160.695668][ T7148]  alloc_slab_obj_exts+0x39/0xa0
[  160.695686][ T7148]  __memcg_slab_post_alloc_hook+0x31e/0x7f0
[  160.695724][ T7148]  kmem_cache_alloc_noprof+0x2bf/0x3c0
[  160.695742][ T7148]  ? dst_alloc+0x105/0x170
[  160.695763][ T7148]  ? __pfx_ip6_dst_gc+0x10/0x10
[  160.695782][ T7148]  dst_alloc+0x105/0x170
[  160.695807][ T7148]  ip6_pol_route+0xa21/0x1180
[  160.695836][ T7148]  ? ip6_pol_route+0x162/0x1180
[  160.695857][ T7148]  ? __pfx_ip6_pol_route+0x10/0x10
[  160.695873][ T7148]  ? ip6_compressed_string+0xa9e/0xb70
[  160.695901][ T7148]  ? __pfx_ip6_compressed_string+0x10/0x10
[  160.695925][ T7148]  ? kernel_text_address+0xa5/0xe0
[  160.695954][ T7148]  fib6_rule_lookup+0x348/0x6f0
[  160.695974][ T7148]  ? __pfx_ip6_pol_route_output+0x10/0x10
[  160.695993][ T7148]  ? __pfx_fib6_rule_lookup+0x10/0x10
[  160.696024][ T7148]  ? dev_get_by_index_rcu+0xf4/0x110
[  160.696055][ T7148]  ip6_route_output_flags+0x364/0x5d0
[  160.696073][ T7148]  ? ip6_route_output_flags+0x2e/0x5d0
[  160.696095][ T7148]  ip6_dst_lookup_tail+0x1ae/0x1510
[  160.696129][ T7148]  ? __pfx_ip6_dst_lookup_tail+0x10/0x10
[  160.696157][ T7148]  ? sk_dst_check+0x25/0x480
[  160.696178][ T7148]  ? sk_dst_check+0x25/0x480
[  160.696191][ T7148]  ? sk_dst_check+0x30e/0x480
[  160.696211][ T7148]  ip6_sk_dst_lookup_flow+0x730/0x980
[  160.696234][ T7148]  ? udpv6_sendmsg+0x16f2/0x2710
[  160.696257][ T7148]  udpv6_sendmsg+0x18e7/0x2710
[  160.696289][ T7148]  ? __pfx_udplite_getfrag+0x10/0x10
[  160.696312][ T7148]  ? __pfx_udpv6_sendmsg+0x10/0x10
[  160.696329][ T7148]  ? udp_lib_get_port+0x15cc/0x1a60
[  160.696360][ T7148]  ? __lock_acquire+0xab9/0xd20
[  160.696394][ T7148]  ? __local_bh_enable_ip+0x12d/0x1c0
[  160.696411][ T7148]  ? __pfx___local_bh_enable_ip+0x10/0x10
[  160.696435][ T7148]  ? inet_send_prepare+0x1b9/0x270
[  160.696453][ T7148]  ? inet_send_prepare+0x1b9/0x270
[  160.696474][ T7148]  ? inet6_sendmsg+0xe4/0x120
[  160.696493][ T7148]  __sock_sendmsg+0xe5/0x270
[  160.696521][ T7148]  ____sys_sendmsg+0x52d/0x830
[  160.696548][ T7148]  ? __pfx_____sys_sendmsg+0x10/0x10
[  160.696578][ T7148]  ? import_iovec+0x74/0xa0
[  160.696599][ T7148]  ___sys_sendmsg+0x21f/0x2a0
[  160.696623][ T7148]  ? __pfx____sys_sendmsg+0x10/0x10
[  160.696687][ T7148]  ? __fget_files+0x2a/0x420
[  160.696710][ T7148]  ? __fget_files+0x3a0/0x420
[  160.696744][ T7148]  __sys_sendmmsg+0x227/0x430
[  160.696770][ T7148]  ? __pfx___sys_sendmmsg+0x10/0x10
[  160.696789][ T7148]  ? __mutex_unlock_slowpath+0x1cd/0x700
[  160.696831][ T7148]  ? ksys_write+0x22a/0x250
[  160.696855][ T7148]  ? __pfx_ksys_write+0x10/0x10
[  160.696873][ T7148]  ? rcu_is_watching+0x15/0xb0
[  160.696899][ T7148]  __x64_sys_sendmmsg+0xa0/0xc0
[  160.696923][ T7148]  do_syscall_64+0xfa/0x3b0
[  160.696937][ T7148]  ? lockdep_hardirqs_on+0x9c/0x150
[  160.696961][ T7148]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  160.696978][ T7148]  ? clear_bhb_loop+0x60/0xb0
[  160.697003][ T7148]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  160.697019][ T7148] RIP: 0033:0x7fd67c38e929
[  160.697035][ T7148] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  160.697051][ T7148] RSP: 002b:00007fd67d207038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[  160.697069][ T7148] RAX: ffffffffffffffda RBX: 00007fd67c5b5fa0 RCX: 00007fd67c38e929
[  160.697082][ T7148] RDX: 0000000000000001 RSI: 0000200000000440 RDI: 0000000000000003
[  160.697093][ T7148] RBP: 00007fd67d207090 R08: 0000000000000000 R09: 0000000000000000
[  160.697103][ T7148] R10: 0000000008008801 R11: 0000000000000246 R12: 0000000000000001
[  160.697113][ T7148] R13: 0000000000000000 R14: 00007fd67c5b5fa0 R15: 00007ffc444b9ed8
[  160.697142][ T7148]  </TASK>
[  161.509263][ T7161] FAULT_INJECTION: forcing a failure.
[  161.509263][ T7161] name failslab, interval 1, probability 0, space 0, times 0
[  161.535284][ T7161] CPU: 0 UID: 0 PID: 7161 Comm: syz.3.449 Not tainted 6.16.0-rc3-syzkaller-00042-g78f4e737a53e #0 PREEMPT(full) 
[  161.535313][ T7161] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  161.535322][ T7161] Call Trace:
[  161.535331][ T7161]  <TASK>
[  161.535339][ T7161]  dump_stack_lvl+0x189/0x250
[  161.535364][ T7161]  ? __pfx____ratelimit+0x10/0x10
[  161.535389][ T7161]  ? __pfx_dump_stack_lvl+0x10/0x10
[  161.535404][ T7161]  ? __pfx__printk+0x10/0x10
[  161.535426][ T7161]  ? __pfx___might_resched+0x10/0x10
[  161.535447][ T7161]  should_fail_ex+0x414/0x560
[  161.535472][ T7161]  should_failslab+0xa8/0x100
[  161.535495][ T7161]  __kmalloc_cache_noprof+0x70/0x3d0
[  161.535514][ T7161]  ? allocate_cgrp_cset_links+0xc9/0x320
[  161.535535][ T7161]  allocate_cgrp_cset_links+0xc9/0x320
[  161.535557][ T7161]  find_css_set+0x9f5/0x15e0
[  161.535585][ T7161]  ? __pfx_find_css_set+0x10/0x10
[  161.535625][ T7161]  cgroup_migrate_prepare_dst+0x130/0x700
[  161.535649][ T7161]  cgroup_attach_task+0x5ae/0x970
[  161.535669][ T7161]  ? cgroup_attach_task+0x1fb/0x970
[  161.535684][ T7161]  ? __pfx_cgroup_attach_task+0x10/0x10
[  161.535709][ T7161]  ? get_task_cred+0x23/0x300
[  161.535740][ T7161]  ? get_task_cred+0x23/0x300
[  161.535754][ T7161]  ? get_task_cred+0x23/0x300
[  161.535771][ T7161]  ? get_task_cred+0x2c1/0x300
[  161.535785][ T7161]  ? get_task_cred+0x23/0x300
[  161.535806][ T7161]  __cgroup1_procs_write+0x2cd/0x3c0
[  161.535833][ T7161]  ? __pfx___cgroup1_procs_write+0x10/0x10
[  161.535851][ T7161]  ? kernfs_root+0x1c/0x230
[  161.535865][ T7161]  ? kernfs_root+0x1c/0x230
[  161.535878][ T7161]  ? kernfs_root+0x1ea/0x230
[  161.535889][ T7161]  ? __pfx_cgroup1_procs_write+0x10/0x10
[  161.535908][ T7161]  cgroup_file_write+0x39b/0x740
[  161.535938][ T7161]  ? __pfx_cgroup_file_write+0x10/0x10
[  161.535974][ T7161]  ? __pfx_cgroup_file_write+0x10/0x10
[  161.535993][ T7161]  kernfs_fop_write_iter+0x378/0x4f0
[  161.536033][ T7161]  vfs_write+0x54b/0xa90
[  161.536058][ T7161]  ? __pfx_kernfs_fop_write_iter+0x10/0x10
[  161.536078][ T7161]  ? __pfx_vfs_write+0x10/0x10
[  161.536109][ T7161]  ? __fget_files+0x2a/0x420
[  161.536141][ T7161]  ksys_write+0x145/0x250
[  161.536162][ T7161]  ? __pfx_ksys_write+0x10/0x10
[  161.536178][ T7161]  ? rcu_is_watching+0x15/0xb0
[  161.536201][ T7161]  ? do_syscall_64+0xbe/0x3b0
[  161.536222][ T7161]  do_syscall_64+0xfa/0x3b0
[  161.536233][ T7161]  ? lockdep_hardirqs_on+0x9c/0x150
[  161.536252][ T7161]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  161.536262][ T7161]  ? clear_bhb_loop+0x60/0xb0
[  161.536274][ T7161]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  161.536283][ T7161] RIP: 0033:0x7f94d958e929
[  161.536295][ T7161] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  161.536305][ T7161] RSP: 002b:00007f94da352038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  161.536404][ T7161] RAX: ffffffffffffffda RBX: 00007f94d97b5fa0 RCX: 00007f94d958e929
[  161.536411][ T7161] RDX: 0000000000000012 RSI: 00002000000001c0 RDI: 0000000000000005
[  161.536420][ T7161] RBP: 00007f94da352090 R08: 0000000000000000 R09: 0000000000000000
[  161.536425][ T7161] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  161.536431][ T7161] R13: 0000000000000000 R14: 00007f94d97b5fa0 R15: 00007ffd66a75578
[  161.536616][ T7161]  </TASK>
[  161.895367][ T7164] FAULT_INJECTION: forcing a failure.
[  161.895367][ T7164] name failslab, interval 1, probability 0, space 0, times 0
[  161.908123][ T7164] CPU: 0 UID: 0 PID: 7164 Comm: syz.0.450 Not tainted 6.16.0-rc3-syzkaller-00042-g78f4e737a53e #0 PREEMPT(full) 
[  161.908148][ T7164] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  161.908158][ T7164] Call Trace:
[  161.908167][ T7164]  <TASK>
[  161.908175][ T7164]  dump_stack_lvl+0x189/0x250
[  161.908204][ T7164]  ? __pfx____ratelimit+0x10/0x10
[  161.908232][ T7164]  ? __pfx_dump_stack_lvl+0x10/0x10
[  161.908252][ T7164]  ? __pfx__printk+0x10/0x10
[  161.908274][ T7164]  ? __pfx___might_resched+0x10/0x10
[  161.908295][ T7164]  ? fs_reclaim_acquire+0x7d/0x100
[  161.908325][ T7164]  should_fail_ex+0x414/0x560
[  161.908353][ T7164]  should_failslab+0xa8/0x100
[  161.908378][ T7164]  __kmalloc_noprof+0xcb/0x4f0
[  161.908398][ T7164]  ? genl_family_rcv_msg_attrs_parse+0xa3/0x2a0
[  161.908431][ T7164]  genl_family_rcv_msg_attrs_parse+0xa3/0x2a0
[  161.908464][ T7164]  genl_family_rcv_msg_doit+0xb8/0x300
[  161.908502][ T7164]  ? __pfx_genl_family_rcv_msg_doit+0x10/0x10
[  161.908527][ T7164]  ? __pfx___mutex_lock+0x10/0x10
[  161.908545][ T7164]  ? __pfx_genl_get_cmd+0x10/0x10
[  161.908565][ T7164]  ? __pfx_tipc_nl_bearer_enable+0x10/0x10
[  161.908602][ T7164]  genl_rcv_msg+0x60e/0x790
[  161.908633][ T7164]  ? __pfx_genl_rcv_msg+0x10/0x10
[  161.908663][ T7164]  ? ref_tracker_free+0x63a/0x7d0
[  161.908683][ T7164]  ? __pfx_tipc_nl_bearer_enable+0x10/0x10
[  161.908705][ T7164]  ? __pfx_ref_tracker_free+0x10/0x10
[  161.908736][ T7164]  netlink_rcv_skb+0x208/0x470
[  161.908757][ T7164]  ? __pfx_genl_rcv_msg+0x10/0x10
[  161.908781][ T7164]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  161.908818][ T7164]  ? down_read+0x1ad/0x2e0
[  161.908837][ T7164]  genl_rcv+0x28/0x40
[  161.908857][ T7164]  netlink_unicast+0x75b/0x8d0
[  161.908887][ T7164]  netlink_sendmsg+0x805/0xb30
[  161.908916][ T7164]  ? __pfx_netlink_sendmsg+0x10/0x10
[  161.908940][ T7164]  ? aa_sock_msg_perm+0x94/0x160
[  161.908960][ T7164]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  161.908985][ T7164]  ? __pfx_netlink_sendmsg+0x10/0x10
[  161.909005][ T7164]  __sock_sendmsg+0x219/0x270
[  161.909036][ T7164]  ____sys_sendmsg+0x505/0x830
[  161.909063][ T7164]  ? __pfx_____sys_sendmsg+0x10/0x10
[  161.909093][ T7164]  ? import_iovec+0x74/0xa0
[  161.909114][ T7164]  ___sys_sendmsg+0x21f/0x2a0
[  161.909137][ T7164]  ? __pfx____sys_sendmsg+0x10/0x10
[  161.909194][ T7164]  ? __fget_files+0x2a/0x420
[  161.909216][ T7164]  ? __fget_files+0x3a0/0x420
[  161.909250][ T7164]  __x64_sys_sendmsg+0x19b/0x260
[  161.909274][ T7164]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  161.909305][ T7164]  ? __pfx_ksys_write+0x10/0x10
[  161.909324][ T7164]  ? rcu_is_watching+0x15/0xb0
[  161.909350][ T7164]  ? do_syscall_64+0xbe/0x3b0
[  161.909371][ T7164]  do_syscall_64+0xfa/0x3b0
[  161.909385][ T7164]  ? lockdep_hardirqs_on+0x9c/0x150
[  161.909409][ T7164]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  161.909426][ T7164]  ? clear_bhb_loop+0x60/0xb0
[  161.909451][ T7164]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  161.909468][ T7164] RIP: 0033:0x7f1579b8e929
[  161.909491][ T7164] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  161.909506][ T7164] RSP: 002b:00007f157aa96038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  161.909525][ T7164] RAX: ffffffffffffffda RBX: 00007f1579db5fa0 RCX: 00007f1579b8e929
[  161.909538][ T7164] RDX: 0000000000000000 RSI: 00002000000001c0 RDI: 0000000000000003
[  161.909548][ T7164] RBP: 00007f157aa96090 R08: 0000000000000000 R09: 0000000000000000
[  161.909559][ T7164] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  161.909568][ T7164] R13: 0000000000000000 R14: 00007f1579db5fa0 R15: 00007ffcd88308b8
[  161.909597][ T7164]  </TASK>
[  162.382759][ T7172] FAULT_INJECTION: forcing a failure.
[  162.382759][ T7172] name failslab, interval 1, probability 0, space 0, times 0
[  162.400364][ T7153] netlink: 60 bytes leftover after parsing attributes in process `syz.1.447'.
[  162.423735][ T7172] CPU: 1 UID: 0 PID: 7172 Comm: syz.2.452 Not tainted 6.16.0-rc3-syzkaller-00042-g78f4e737a53e #0 PREEMPT(full) 
[  162.423769][ T7172] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  162.423780][ T7172] Call Trace:
[  162.423789][ T7172]  <TASK>
[  162.423798][ T7172]  dump_stack_lvl+0x189/0x250
[  162.423828][ T7172]  ? __pfx____ratelimit+0x10/0x10
[  162.423870][ T7172]  ? __pfx_dump_stack_lvl+0x10/0x10
[  162.423889][ T7172]  ? __pfx__printk+0x10/0x10
[  162.423914][ T7172]  ? __pfx___might_resched+0x10/0x10
[  162.423934][ T7172]  ? fs_reclaim_acquire+0x7d/0x100
[  162.423963][ T7172]  should_fail_ex+0x414/0x560
[  162.423993][ T7172]  should_failslab+0xa8/0x100
[  162.424016][ T7172]  __kmalloc_cache_noprof+0x70/0x3d0
[  162.424036][ T7172]  ? rtnl_newlink+0xed/0x1c70
[  162.424056][ T7172]  ? kasan_save_free_info+0x46/0x50
[  162.424085][ T7172]  rtnl_newlink+0xed/0x1c70
[  162.424102][ T7172]  ? netlink_sendmsg+0x805/0xb30
[  162.424123][ T7172]  ? __sock_sendmsg+0x219/0x270
[  162.424147][ T7172]  ? ____sys_sendmsg+0x505/0x830
[  162.424166][ T7172]  ? ___sys_sendmsg+0x21f/0x2a0
[  162.424184][ T7172]  ? __x64_sys_sendmsg+0x19b/0x260
[  162.424202][ T7172]  ? do_syscall_64+0xfa/0x3b0
[  162.424217][ T7172]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  162.424242][ T7172]  ? __pfx_rtnl_newlink+0x10/0x10
[  162.424282][ T7172]  ? kasan_quarantine_put+0xdd/0x220
[  162.424300][ T7172]  ? lockdep_hardirqs_on+0x9c/0x150
[  162.424328][ T7172]  ? nlmon_xmit+0xb0/0x100
[  162.424343][ T7172]  ? kmem_cache_free+0x18f/0x400
[  162.424370][ T7172]  ? __local_bh_enable_ip+0x12d/0x1c0
[  162.424389][ T7172]  ? lockdep_hardirqs_on+0x9c/0x150
[  162.424411][ T7172]  ? __local_bh_enable_ip+0x12d/0x1c0
[  162.424427][ T7172]  ? __pfx___local_bh_enable_ip+0x10/0x10
[  162.424449][ T7172]  ? __dev_queue_xmit+0x27e/0x3a70
[  162.424483][ T7172]  ? __lock_acquire+0xab9/0xd20
[  162.424520][ T7172]  ? __pfx_rtnl_newlink+0x10/0x10
[  162.424537][ T7172]  rtnetlink_rcv_msg+0x7cc/0xb70
[  162.424558][ T7172]  ? rtnetlink_rcv_msg+0x1ab/0xb70
[  162.424574][ T7172]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  162.424589][ T7172]  ? ref_tracker_free+0x63a/0x7d0
[  162.424607][ T7172]  ? __copy_skb_header+0xa7/0x550
[  162.424630][ T7172]  ? __pfx_ref_tracker_free+0x10/0x10
[  162.424650][ T7172]  ? __skb_clone+0x63/0x7a0
[  162.424684][ T7172]  netlink_rcv_skb+0x208/0x470
[  162.424706][ T7172]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  162.424724][ T7172]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  162.424755][ T7172]  ? netlink_deliver_tap+0x2e/0x1b0
[  162.424773][ T7172]  ? netlink_deliver_tap+0x2e/0x1b0
[  162.424798][ T7172]  netlink_unicast+0x75b/0x8d0
[  162.424827][ T7172]  netlink_sendmsg+0x805/0xb30
[  162.424856][ T7172]  ? __pfx_netlink_sendmsg+0x10/0x10
[  162.424879][ T7172]  ? aa_sock_msg_perm+0x94/0x160
[  162.424899][ T7172]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  162.424937][ T7172]  ? __pfx_netlink_sendmsg+0x10/0x10
[  162.424957][ T7172]  __sock_sendmsg+0x219/0x270
[  162.424985][ T7172]  ____sys_sendmsg+0x505/0x830
[  162.425011][ T7172]  ? __pfx_____sys_sendmsg+0x10/0x10
[  162.425040][ T7172]  ? import_iovec+0x74/0xa0
[  162.425062][ T7172]  ___sys_sendmsg+0x21f/0x2a0
[  162.425085][ T7172]  ? __pfx____sys_sendmsg+0x10/0x10
[  162.425140][ T7172]  ? __fget_files+0x2a/0x420
[  162.425163][ T7172]  ? __fget_files+0x3a0/0x420
[  162.425195][ T7172]  __x64_sys_sendmsg+0x19b/0x260
[  162.425218][ T7172]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  162.425248][ T7172]  ? __pfx_ksys_write+0x10/0x10
[  162.425266][ T7172]  ? rcu_is_watching+0x15/0xb0
[  162.425291][ T7172]  ? do_syscall_64+0xbe/0x3b0
[  162.425310][ T7172]  do_syscall_64+0xfa/0x3b0
[  162.425324][ T7172]  ? lockdep_hardirqs_on+0x9c/0x150
[  162.425348][ T7172]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  162.425363][ T7172]  ? clear_bhb_loop+0x60/0xb0
[  162.425384][ T7172]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  162.425400][ T7172] RIP: 0033:0x7f70b9b8e929
[  162.425417][ T7172] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  162.425432][ T7172] RSP: 002b:00007f70ba9cb038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  162.425450][ T7172] RAX: ffffffffffffffda RBX: 00007f70b9db6080 RCX: 00007f70b9b8e929
[  162.425463][ T7172] RDX: 0000000000000000 RSI: 00002000000003c0 RDI: 0000000000000007
[  162.425474][ T7172] RBP: 00007f70ba9cb090 R08: 0000000000000000 R09: 0000000000000000
[  162.425484][ T7172] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  162.425493][ T7172] R13: 0000000000000000 R14: 00007f70b9db6080 R15: 00007fff3c2f0d38
[  162.425520][ T7172]  </TASK>
[  162.869571][ T7168] netlink: 1041 bytes leftover after parsing attributes in process `syz.0.451'.
[  162.891140][ T7168] Mount JFS Failure: -22
[  162.895550][ T7168] jfs_mount failed w/return code = -22
[  163.061203][ T7153] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[  163.070307][ T7153] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[  163.084426][ T7153] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[  163.091687][ T7153] Bluetooth: hci0: Opcode 0x0406 failed: -4
[  163.110713][ T7153] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[  163.164614][ T7181] FAULT_INJECTION: forcing a failure.
[  163.164614][ T7181] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  163.197009][ T7181] CPU: 0 UID: 0 PID: 7181 Comm: syz.2.455 Not tainted 6.16.0-rc3-syzkaller-00042-g78f4e737a53e #0 PREEMPT(full) 
[  163.197041][ T7181] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  163.197052][ T7181] Call Trace:
[  163.197061][ T7181]  <TASK>
[  163.197069][ T7181]  dump_stack_lvl+0x189/0x250
[  163.197098][ T7181]  ? __pfx____ratelimit+0x10/0x10
[  163.197125][ T7181]  ? __pfx_dump_stack_lvl+0x10/0x10
[  163.197144][ T7181]  ? __pfx__printk+0x10/0x10
[  163.197175][ T7181]  should_fail_ex+0x414/0x560
[  163.197203][ T7181]  _copy_to_user+0x31/0xb0
[  163.197238][ T7181]  simple_read_from_buffer+0xe1/0x170
[  163.197268][ T7181]  proc_fail_nth_read+0x1df/0x250
[  163.197288][ T7181]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  163.197307][ T7181]  ? rw_verify_area+0x258/0x650
[  163.197328][ T7181]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  163.197346][ T7181]  vfs_read+0x200/0x980
[  163.197371][ T7181]  ? __pfx___mutex_lock+0x10/0x10
[  163.197389][ T7181]  ? __pfx_vfs_read+0x10/0x10
[  163.197410][ T7181]  ? __fget_files+0x2a/0x420
[  163.197449][ T7181]  ? __fget_files+0x3a0/0x420
[  163.197470][ T7181]  ? __fget_files+0x2a/0x420
[  163.197501][ T7181]  ksys_read+0x145/0x250
[  163.197524][ T7181]  ? __pfx_ksys_read+0x10/0x10
[  163.197541][ T7181]  ? rcu_is_watching+0x15/0xb0
[  163.197566][ T7181]  ? do_syscall_64+0xbe/0x3b0
[  163.197586][ T7181]  do_syscall_64+0xfa/0x3b0
[  163.197600][ T7181]  ? lockdep_hardirqs_on+0x9c/0x150
[  163.197624][ T7181]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  163.197640][ T7181]  ? clear_bhb_loop+0x60/0xb0
[  163.197661][ T7181]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  163.197677][ T7181] RIP: 0033:0x7f70b9b8d33c
[  163.197694][ T7181] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[  163.197710][ T7181] RSP: 002b:00007f70ba9ec030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  163.197729][ T7181] RAX: ffffffffffffffda RBX: 00007f70b9db5fa0 RCX: 00007f70b9b8d33c
[  163.197742][ T7181] RDX: 000000000000000f RSI: 00007f70ba9ec0a0 RDI: 0000000000000006
[  163.197752][ T7181] RBP: 00007f70ba9ec090 R08: 0000000000000000 R09: 0000000000000000
[  163.197763][ T7181] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  163.197772][ T7181] R13: 0000000000000000 R14: 00007f70b9db5fa0 R15: 00007fff3c2f0d38
[  163.197801][ T7181]  </TASK>
[  163.582636][ T7187] FAT-fs (rnullb0): bogus number of reserved sectors
[  163.590310][ T7187] FAT-fs (rnullb0): Can't find a valid FAT filesystem
[  163.603618][ T7187] warning: `syz.0.458' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211
[  163.624120][ T1210] usb 4-1: new full-speed USB device number 43 using dummy_hcd
[  163.632525][ T7191] FAT-fs (rnullb0): bogus number of reserved sectors
[  163.652493][ T7191] FAT-fs (rnullb0): Can't find a valid FAT filesystem
[  163.804962][ T1210] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  163.816402][ T1210] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 3
[  163.830492][ T1210] usb 4-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  163.840326][ T1210] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  163.843568][ T7198] FAULT_INJECTION: forcing a failure.
[  163.843568][ T7198] name failslab, interval 1, probability 0, space 0, times 0
[  163.848891][ T1210] usb 4-1: Product: syz
[  163.864791][ T5925] usb 3-1: new high-speed USB device number 40 using dummy_hcd
[  163.867083][ T1210] usb 4-1: Manufacturer: syz
[  163.875002][ T7198] CPU: 1 UID: 0 PID: 7198 Comm: syz.1.462 Not tainted 6.16.0-rc3-syzkaller-00042-g78f4e737a53e #0 PREEMPT(full) 
[  163.875026][ T7198] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  163.875037][ T7198] Call Trace:
[  163.875057][ T7198]  <TASK>
[  163.875064][ T7198]  dump_stack_lvl+0x189/0x250
[  163.875093][ T7198]  ? __pfx____ratelimit+0x10/0x10
[  163.875121][ T7198]  ? __pfx_dump_stack_lvl+0x10/0x10
[  163.875139][ T7198]  ? __pfx__printk+0x10/0x10
[  163.875161][ T7198]  ? __pfx___might_resched+0x10/0x10
[  163.875180][ T7198]  ? fs_reclaim_acquire+0x7d/0x100
[  163.875208][ T7198]  should_fail_ex+0x414/0x560
[  163.875240][ T7198]  should_failslab+0xa8/0x100
[  163.875400][ T7198]  __kmalloc_noprof+0xcb/0x4f0
[  163.875421][ T7198]  ? tomoyo_encode+0x28b/0x550
[  163.875445][ T7198]  tomoyo_encode+0x28b/0x550
[  163.875476][ T7198]  tomoyo_realpath_from_path+0x58d/0x5d0
[  163.875616][ T7198]  tomoyo_check_open_permission+0x1c1/0x3b0
[  163.875655][ T7198]  ? tomoyo_check_open_permission+0x16a/0x3b0
[  163.875686][ T7198]  ? __pfx_tomoyo_check_open_permission+0x10/0x10
[  163.875708][ T7198]  ? seqcount_lockdep_reader_access+0x122/0x1c0
[  163.875774][ T7198]  ? tomoyo_file_open+0x165/0x220
[  163.875797][ T7198]  security_file_open+0xb1/0x270
[  163.875823][ T7198]  do_dentry_open+0x35e/0x1970
[  163.875855][ T7198]  ? devcgroup_check_permission+0x86d/0x980
[  163.875898][ T7198]  vfs_open+0x3b/0x340
[  163.875913][ T7198]  ? path_openat+0x2ecd/0x3830
[  163.875934][ T7198]  path_openat+0x2ee5/0x3830
[  163.875952][ T7198]  ? arch_stack_walk+0xfc/0x150
[  163.876005][ T7198]  ? __pfx_path_openat+0x10/0x10
[  163.876021][ T7198]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  163.876058][ T7198]  do_filp_open+0x1fa/0x410
[  163.876075][ T7198]  ? __lock_acquire+0xab9/0xd20
[  163.876094][ T7198]  ? __pfx_do_filp_open+0x10/0x10
[  163.876134][ T7198]  ? _raw_spin_unlock+0x28/0x50
[  163.876155][ T7198]  ? alloc_fd+0x64c/0x6c0
[  163.876189][ T7198]  do_sys_openat2+0x121/0x1c0
[  163.876209][ T7198]  ? __pfx_do_sys_openat2+0x10/0x10
[  163.876226][ T7198]  ? ksys_write+0x22a/0x250
[  163.876249][ T7198]  ? __pfx_ksys_write+0x10/0x10
[  163.876291][ T7198]  ? rcu_is_watching+0x15/0xb0
[  163.876315][ T7198]  __x64_sys_openat+0x138/0x170
[  163.876338][ T7198]  do_syscall_64+0xfa/0x3b0
[  163.876353][ T7198]  ? lockdep_hardirqs_on+0x9c/0x150
[  163.876375][ T7198]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  163.876390][ T7198]  ? clear_bhb_loop+0x60/0xb0
[  163.876411][ T7198]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  163.876426][ T7198] RIP: 0033:0x7fd67c38e929
[  163.876445][ T7198] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  163.876460][ T7198] RSP: 002b:00007fd67d207038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[  163.876478][ T7198] RAX: ffffffffffffffda RBX: 00007fd67c5b5fa0 RCX: 00007fd67c38e929
[  163.876499][ T7198] RDX: 0000000000040000 RSI: 0000200000000680 RDI: ffffffffffffff9c
[  163.876509][ T7198] RBP: 00007fd67d207090 R08: 0000000000000000 R09: 0000000000000000
[  163.876518][ T7198] R10: 0000000000000019 R11: 0000000000000246 R12: 0000000000000001
[  163.876528][ T7198] R13: 0000000000000000 R14: 00007fd67c5b5fa0 R15: 00007ffc444b9ed8
[  163.876568][ T7198]  </TASK>
[  163.876598][ T7198] ERROR: Out of memory at tomoyo_realpath_from_path.
[  163.886958][ T1210] usb 4-1: SerialNumber: syz
[  164.078895][ T5925] usb 3-1: config 160 has an invalid interface number: 200 but max is 0
[  164.126328][ T7198] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[  164.152163][ T5925] usb 3-1: config 160 has no interface number 0
[  164.154573][ T5917] usb 1-1: new high-speed USB device number 36 using dummy_hcd
[  164.162518][ T5925] usb 3-1: config 160 interface 200 has no altsetting 0
[  164.182914][ T7198] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[  164.226894][ T5925] usb 3-1: New USB device found, idVendor=21bb, idProduct=2070, bcdDevice=87.0b
[  164.233415][ T7198] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[  164.240679][ T5925] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  164.249377][ T7198] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[  164.255582][ T5925] usb 3-1: Product: syz
[  164.291930][ T5925] usb 3-1: Manufacturer: syz
[  164.296668][ T5925] usb 3-1: SerialNumber: syz
[  164.338681][ T5917] usb 1-1: no configurations
[  164.364556][ T5917] usb 1-1: can't read configurations, error -22
[  164.382198][ T1210] usb 4-1: 0:2 : does not exist
[  164.397573][ T1210] usb 4-1: 5:0: failed to get current value for ch 0 (-22)
[  164.425648][ T1210] usb 4-1: USB disconnect, device number 43
[  164.506282][ T5848] udevd[5848]: error opening ATTR{/sys/devices/platform/dummy_hcd.3/usb4/4-1/4-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  164.538319][ T5917] usb 1-1: new high-speed USB device number 37 using dummy_hcd
[  164.657035][ T5925] usb 3-1: Quirk or no altset; falling back to MIDI 1.0
[  164.664323][ T5925] usb 3-1: MIDIStreaming interface descriptor not found
[  164.698745][ T5917] usb 1-1: no configurations
[  164.703404][ T5917] usb 1-1: can't read configurations, error -22
[  164.720579][ T5917] usb usb1-port1: attempt power cycle
[  164.734789][ T5925] usb 3-1: USB disconnect, device number 40
[  164.818996][ T6154] udevd[6154]: error opening ATTR{/sys/devices/platform/dummy_hcd.2/usb3/3-1/3-1:160.200/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  165.040618][ T7216] tracefs: Unknown parameter 'euid>00000000000000000000'
[  165.048509][ T7216] cgroup2: Unknown parameter 'hash'
[  165.075244][ T5917] usb 1-1: new high-speed USB device number 38 using dummy_hcd
[  165.107919][ T5917] usb 1-1: no configurations
[  165.112562][ T5917] usb 1-1: can't read configurations, error -22
[  165.176627][ T1210] usb 2-1: new high-speed USB device number 25 using dummy_hcd
[  165.254152][ T5917] usb 1-1: new high-speed USB device number 39 using dummy_hcd
[  165.299303][ T5917] usb 1-1: no configurations
[  165.325608][ T5917] usb 1-1: can't read configurations, error -22
[  165.334482][ T5917] usb usb1-port1: unable to enumerate USB device
[  165.338951][ T7227] overlayfs: missing 'lowerdir'
[  165.362070][ T7227] IPVS: length: 24 != 1689624
[  165.365839][ T1210] usb 2-1: config 160 has an invalid interface number: 200 but max is 0
[  165.384067][ T1210] usb 2-1: config 160 has no interface number 0
[  165.390866][ T1210] usb 2-1: config 160 interface 200 has no altsetting 0
[  165.412141][ T1210] usb 2-1: New USB device found, idVendor=21bb, idProduct=2070, bcdDevice=87.0b
[  165.424017][ T1210] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  165.443950][ T1210] usb 2-1: Product: syz
[  165.451059][ T1210] usb 2-1: Manufacturer: syz
[  165.464021][ T1210] usb 2-1: SerialNumber: syz
[  165.754345][ T7232] FAULT_INJECTION: forcing a failure.
[  165.754345][ T7232] name fail_page_alloc, interval 1, probability 0, space 0, times 1
[  165.789668][ T7232] CPU: 1 UID: 0 PID: 7232 Comm: syz.1.466 Not tainted 6.16.0-rc3-syzkaller-00042-g78f4e737a53e #0 PREEMPT(full) 
[  165.789700][ T7232] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  165.789711][ T7232] Call Trace:
[  165.789719][ T7232]  <TASK>
[  165.789727][ T7232]  dump_stack_lvl+0x189/0x250
[  165.789755][ T7232]  ? __pfx____ratelimit+0x10/0x10
[  165.789783][ T7232]  ? __pfx_dump_stack_lvl+0x10/0x10
[  165.789802][ T7232]  ? __pfx__printk+0x10/0x10
[  165.789823][ T7232]  ? fs_reclaim_acquire+0x7d/0x100
[  165.789856][ T7232]  should_fail_ex+0x414/0x560
[  165.789883][ T7232]  prepare_alloc_pages+0x213/0x610
[  165.789913][ T7232]  __alloc_frozen_pages_noprof+0x123/0x370
[  165.789941][ T7232]  ? __pfx___alloc_frozen_pages_noprof+0x10/0x10
[  165.789968][ T7232]  ? rcu_is_watching+0x15/0xb0
[  165.789991][ T7232]  ? policy_nodemask+0x27c/0x720
[  165.790019][ T7232]  alloc_pages_mpol+0x232/0x4a0
[  165.790046][ T7232]  alloc_pages_noprof+0xa9/0x190
[  165.790068][ T7232]  alloc_skb_with_frags+0x233/0x890
[  165.790105][ T7232]  sock_alloc_send_pskb+0x857/0x990
[  165.790147][ T7232]  ? __pfx_sock_alloc_send_pskb+0x10/0x10
[  165.790188][ T7232]  ? iov_iter_advance+0x8b/0x1c0
[  165.790216][ T7232]  tun_get_user+0x9c3/0x3ce0
[  165.790251][ T7232]  ? aa_file_perm+0x11f/0xed0
[  165.790272][ T7232]  ? __pfx_tun_get_user+0x10/0x10
[  165.790295][ T7232]  ? aa_file_perm+0x11f/0xed0
[  165.790312][ T7232]  ? aa_file_perm+0x3e7/0xed0
[  165.790341][ T7232]  ? ref_tracker_alloc+0x318/0x460
[  165.790361][ T7232]  ? __lock_acquire+0xab9/0xd20
[  165.790381][ T7232]  ? __pfx_ref_tracker_alloc+0x10/0x10
[  165.790406][ T7232]  ? tun_get+0x1c/0x2f0
[  165.790434][ T7232]  ? tun_get+0x1c/0x2f0
[  165.790456][ T7232]  ? tun_get+0x1c/0x2f0
[  165.790483][ T7232]  tun_chr_write_iter+0x113/0x200
[  165.790510][ T7232]  vfs_write+0x54b/0xa90
[  165.790537][ T7232]  ? __pfx_tun_chr_write_iter+0x10/0x10
[  165.790561][ T7232]  ? __pfx_vfs_write+0x10/0x10
[  165.790591][ T7232]  ? __fget_files+0x2a/0x420
[  165.790623][ T7232]  ksys_write+0x145/0x250
[  165.790660][ T7232]  ? __pfx_ksys_write+0x10/0x10
[  165.790686][ T7232]  ? do_syscall_64+0xbe/0x3b0
[  165.790705][ T7232]  do_syscall_64+0xfa/0x3b0
[  165.790720][ T7232]  ? lockdep_hardirqs_on+0x9c/0x150
[  165.790744][ T7232]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  165.790761][ T7232]  ? clear_bhb_loop+0x60/0xb0
[  165.790780][ T7232]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  165.790796][ T7232] RIP: 0033:0x7fd67c38e929
[  165.790813][ T7232] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  165.790828][ T7232] RSP: 002b:00007fd67d1e6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  165.790848][ T7232] RAX: ffffffffffffffda RBX: 00007fd67c5b6080 RCX: 00007fd67c38e929
[  165.790860][ T7232] RDX: 0000000000000ffe RSI: 00002000000000c0 RDI: 0000000000000004
[  165.790870][ T7232] RBP: 00007fd67d1e6090 R08: 0000000000000000 R09: 0000000000000000
[  165.790880][ T7232] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  165.790894][ T7232] R13: 0000000000000001 R14: 00007fd67c5b6080 R15: 00007ffc444b9ed8
[  165.790920][ T7232]  </TASK>
[  166.204473][ T5152] Bluetooth: hci1: command 0x0c1a tx timeout
[  166.210646][ T5840] Bluetooth: hci3: command 0x0c1a tx timeout
[  166.244211][ T5899] usb 3-1: new full-speed USB device number 41 using dummy_hcd
[  166.284222][ T5152] Bluetooth: hci0: command 0x0c1a tx timeout
[  166.290531][ T5840] Bluetooth: hci2: command 0x0c1a tx timeout
[  166.337517][ T1210] usb 2-1: Quirk or no altset; falling back to MIDI 1.0
[  166.344992][ T1210] usb 2-1: MIDIStreaming interface descriptor not found
[  166.387730][ T1210] usb 2-1: USB disconnect, device number 25
[  166.411884][ T5899] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  166.435404][ T5899] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 3
[  166.474911][ T5899] usb 3-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  166.486852][ T5847] udevd[5847]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:160.200/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  166.507486][ T5899] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  166.530815][ T5899] usb 3-1: Product: syz
[  166.544421][ T5899] usb 3-1: Manufacturer: syz
[  166.555264][ T5899] usb 3-1: SerialNumber: syz
[  166.888812][ T5899] usb 3-1: 0:2 : does not exist
[  166.911609][ T5899] usb 3-1: 5:0: failed to get current value for ch 0 (-22)
[  166.948376][ T5899] usb 3-1: USB disconnect, device number 41
[  166.955364][ T7242] kvm: emulating exchange as write
[  166.961008][ T5925] usb 4-1: new full-speed USB device number 44 using dummy_hcd
[  166.998106][ T7241] kvm: requested 4190 ns i8254 timer period limited to 200000 ns
[  167.033200][ T5848] udevd[5848]: error opening ATTR{/sys/devices/platform/dummy_hcd.2/usb3/3-1/3-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  167.140045][ T5925] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  167.155525][ T5925] usb 4-1: New USB device found, idVendor=0471, idProduct=0304, bcdDevice=e4.df
[  167.184973][ T5925] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  167.210512][ T5925] usb 4-1: config 0 descriptor??
[  167.219649][ T5925] pwc: Askey VC010 type 2 USB webcam detected.
[  167.621705][ T5925] pwc: recv_control_msg error -32 req 02 val 2b00
[  167.629499][ T5925] pwc: recv_control_msg error -32 req 02 val 2700
[  167.636919][ T5925] pwc: recv_control_msg error -32 req 02 val 2c00
[  167.648355][ T5925] pwc: recv_control_msg error -32 req 04 val 1000
[  167.655704][ T5925] pwc: recv_control_msg error -32 req 04 val 1300
[  167.665530][ T5925] pwc: recv_control_msg error -32 req 04 val 1400
[  167.672567][ T5925] pwc: recv_control_msg error -32 req 02 val 2000
[  167.685678][ T5925] pwc: recv_control_msg error -32 req 02 val 2100
[  167.692710][ T5925] pwc: recv_control_msg error -32 req 04 val 1500
[  167.724342][ T5899] usb 1-1: new full-speed USB device number 40 using dummy_hcd
[  167.754145][ T3581] usb 2-1: new full-speed USB device number 26 using dummy_hcd
[  167.854104][ T5899] usb 1-1: device descriptor read/64, error -71
[  167.884216][ T3581] usb 2-1: device descriptor read/64, error -71
[  167.902441][ T5925] pwc: recv_control_msg error -71 req 02 val 2400
[  167.910952][ T5925] pwc: recv_control_msg error -71 req 02 val 2600
[  167.919152][ T5925] pwc: recv_control_msg error -71 req 02 val 2900
[  167.926257][ T5925] pwc: recv_control_msg error -71 req 02 val 2800
[  167.933139][ T5925] pwc: recv_control_msg error -71 req 04 val 1100
[  167.940122][ T5925] pwc: recv_control_msg error -71 req 04 val 1200
[  167.950122][ T5925] pwc: Registered as video103.
[  167.959413][ T5925] input: PWC snapshot button as /devices/platform/dummy_hcd.3/usb4/4-1/input/input24
[  167.987662][ T5925] usb 4-1: USB disconnect, device number 44
[  168.104376][ T5899] usb 1-1: new full-speed USB device number 41 using dummy_hcd
[  168.126280][ T3581] usb 2-1: new full-speed USB device number 27 using dummy_hcd
[  168.244230][ T5899] usb 1-1: device descriptor read/64, error -71
[  168.264152][ T3581] usb 2-1: device descriptor read/64, error -71
[  168.354388][ T5899] usb usb1-port1: attempt power cycle
[  168.364230][ T5840] Bluetooth: hci2: command 0x0c1a tx timeout
[  168.364366][ T5152] Bluetooth: hci0: command 0x0c1a tx timeout
[  168.387075][ T3581] usb usb2-port1: attempt power cycle
[  168.528745][ T7263] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore
[  168.538652][ T7263] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent
[  168.551539][ T7263] IPVS: length: 24 != 1689624
[  168.713717][    C1] vcan0: j1939_tp_rxtimer: 0xffff88805b5f3800: rx timeout, send abort
[  168.715673][ T5899] usb 1-1: new full-speed USB device number 42 using dummy_hcd
[  168.722394][    C1] vcan0: j1939_xtp_rx_abort_one: 0xffff88805b5f3800: 0x2f000: (3) A timeout occurred and this is the connection abort to close the session.
[  168.749145][ T3581] usb 2-1: new full-speed USB device number 28 using dummy_hcd
[  168.759341][ T5899] usb 1-1: device descriptor read/8, error -71
[  168.784919][ T3581] usb 2-1: device descriptor read/8, error -71
[  168.930984][ T7273] vivid-000: =================  START STATUS  =================
[  168.933465][ T7271] exFAT-fs (rnullb0): invalid boot record signature
[  168.940056][ T7273] vivid-000: Radio HW Seek Mode: Bounded
[  168.948712][ T7271] exFAT-fs (rnullb0): failed to read boot sector
[  168.954981][ T7273] vivid-000: Radio Programmable HW Seek: false
[  168.961570][ T7271] exFAT-fs (rnullb0): failed to recognize exfat type
[  168.968614][ T1210] usb 4-1: new high-speed USB device number 45 using dummy_hcd
[  168.981237][ T7273] vivid-000: RDS Rx I/O Mode: Block I/O
[  168.988641][ T7273] vivid-000: Generate RBDS Instead of RDS: false
[  168.997565][ T7273] vivid-000: RDS Reception: true
[  169.002601][ T7273] vivid-000: RDS Program Type: 0 inactive
[  169.008532][ T7273] vivid-000: RDS PS Name:  inactive
[  169.013759][ T7273] vivid-000: RDS Radio Text:  inactive
[  169.014156][ T5899] usb 1-1: new full-speed USB device number 43 using dummy_hcd
[  169.019669][ T7273] vivid-000: RDS Traffic Announcement: false inactive
[  169.034923][ T7273] vivid-000: RDS Traffic Program: false inactive
[  169.041286][ T7273] vivid-000: RDS Music: false inactive
[  169.046890][ T3581] usb 2-1: new full-speed USB device number 29 using dummy_hcd
[  169.055642][ T5899] usb 1-1: device descriptor read/8, error -71
[  169.057337][ T7273] vivid-000: ==================  END STATUS  ==================
[  169.074773][ T3581] usb 2-1: device descriptor read/8, error -71
[  169.126270][ T7275] netlink: 36 bytes leftover after parsing attributes in process `syz.2.490'.
[  169.143095][ T1210] usb 4-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  169.161268][ T1210] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7
[  169.175122][ T5899] usb usb1-port1: unable to enumerate USB device
[  169.181929][ T1210] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0
[  169.184889][ T3581] usb usb2-port1: unable to enumerate USB device
[  169.198674][ T1210] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  169.223265][ T1210] usb 4-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  169.232925][ T1210] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  169.254597][ T1210] usb 4-1: config 0 descriptor??
[  169.318192][ T7279] netlink: 24 bytes leftover after parsing attributes in process `syz.2.492'.
[  169.564326][ T3581] usb 3-1: new high-speed USB device number 42 using dummy_hcd
[  169.665280][ T1210] plantronics 0003:047F:FFFF.000C: ignoring exceeding usage max
[  169.675751][ T1210] plantronics 0003:047F:FFFF.000C: No inputs registered, leaving
[  169.694145][ T3581] usb 3-1: device descriptor read/64, error -71
[  169.697326][ T1210] plantronics 0003:047F:FFFF.000C: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.3-1/input0
[  169.934226][ T3581] usb 3-1: new high-speed USB device number 43 using dummy_hcd
[  170.064120][ T3581] usb 3-1: device descriptor read/64, error -71
[  170.176694][ T3581] usb usb3-port1: attempt power cycle
[  170.514474][ T3581] usb 3-1: new high-speed USB device number 44 using dummy_hcd
[  170.544982][ T3581] usb 3-1: device descriptor read/8, error -71
[  170.589943][ T7290] vimc link validate: Sensor B:src:640x480 (0x33424752, 8, 0, 0, 0) Raw Capture 1:snk:640x480 (0x33424752, 8, 0, 0, 0)
[  170.661192][ T7292] sctp: [Deprecated]: syz.1.497 (pid 7292) Use of struct sctp_assoc_value in delayed_ack socket option.
[  170.661192][ T7292] Use struct sctp_sack_info instead
[  170.704385][ T1210] usb 1-1: new full-speed USB device number 44 using dummy_hcd
[  170.784170][ T3581] usb 3-1: new high-speed USB device number 45 using dummy_hcd
[  170.804848][ T3581] usb 3-1: device descriptor read/8, error -71
[  170.875577][ T1210] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  170.886010][ T1210] usb 1-1: New USB device found, idVendor=0471, idProduct=0304, bcdDevice=e4.df
[  170.895134][ T1210] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  170.907677][ T1210] usb 1-1: config 0 descriptor??
[  170.914434][ T3581] usb usb3-port1: unable to enumerate USB device
[  170.924899][ T1210] pwc: Askey VC010 type 2 USB webcam detected.
[  171.014957][   T43] usb 2-1: new full-speed USB device number 30 using dummy_hcd
[  171.168095][   T43] usb 2-1: config 0 has an invalid interface number: 227 but max is 0
[  171.176549][   T43] usb 2-1: config 0 has an invalid descriptor of length 67, skipping remainder of the config
[  171.188468][   T43] usb 2-1: config 0 has no interface number 0
[  171.195166][   T43] usb 2-1: config 0 interface 227 altsetting 7 has 0 endpoint descriptors, different from the interface descriptor's value: 2
[  171.208548][   T43] usb 2-1: config 0 interface 227 has no altsetting 0
[  171.218631][   T43] usb 2-1: New USB device found, idVendor=10f0, idProduct=2002, bcdDevice=58.dd
[  171.227842][   T43] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  171.235954][   T43] usb 2-1: Product: syz
[  171.240129][   T43] usb 2-1: Manufacturer: syz
[  171.244837][   T43] usb 2-1: SerialNumber: syz
[  171.254491][   T43] usb 2-1: config 0 descriptor??
[  171.317696][ T1210] pwc: recv_control_msg error -32 req 02 val 2b00
[  171.325161][ T1210] pwc: recv_control_msg error -32 req 02 val 2700
[  171.332356][ T1210] pwc: recv_control_msg error -32 req 02 val 2c00
[  171.341088][ T1210] pwc: recv_control_msg error -32 req 04 val 1000
[  171.349960][ T1210] pwc: recv_control_msg error -32 req 04 val 1300
[  171.357469][ T1210] pwc: recv_control_msg error -32 req 04 val 1400
[  171.364568][ T1210] pwc: recv_control_msg error -32 req 02 val 2000
[  171.371587][ T1210] pwc: recv_control_msg error -32 req 02 val 2100
[  171.378828][ T1210] pwc: recv_control_msg error -32 req 04 val 1500
[  171.468500][ T5917] usb 2-1: USB disconnect, device number 30
[  171.588210][ T1210] pwc: recv_control_msg error -71 req 02 val 2400
[  171.598343][ T1210] pwc: recv_control_msg error -71 req 02 val 2600
[  171.606818][ T1210] pwc: recv_control_msg error -71 req 02 val 2900
[  171.613824][ T1210] pwc: recv_control_msg error -71 req 02 val 2800
[  171.624653][ T1210] pwc: recv_control_msg error -71 req 04 val 1100
[  171.631749][ T1210] pwc: recv_control_msg error -71 req 04 val 1200
[  171.649502][ T1210] pwc: Registered as video103.
[  171.662153][ T1210] input: PWC snapshot button as /devices/platform/dummy_hcd.0/usb1/1-1/input/input26
[  171.704453][ T1210] usb 1-1: USB disconnect, device number 44
[  171.767070][ T5998] udevd[5998]: setting owner of /dev/input/event4 to uid=0, gid=104 failed: No such file or directory
[  171.768147][ T5899] usb 4-1: USB disconnect, device number 45
[  171.883781][ T7301] fuse: Unknown parameter 'grou00000000000000000000'
[  171.928678][ T7303] ntfs3(rnullb0): Primary boot signature is not NTFS.
[  171.938071][ T7303] ntfs3(rnullb0): Alternative boot signature is not NTFS.
[  172.364141][ T5899] usb 4-1: new high-speed USB device number 46 using dummy_hcd
[  172.444122][ T3581] usb 1-1: new high-speed USB device number 45 using dummy_hcd
[  172.544202][ T5899] usb 4-1: Using ep0 maxpacket: 16
[  172.551210][ T5899] usb 4-1: config 0 has an invalid interface number: 41 but max is 6
[  172.559480][ T5899] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 7
[  172.568407][ T5899] usb 4-1: config 0 has no interface number 0
[  172.574639][ T5899] usb 4-1: config 0 interface 41 altsetting 2 bulk endpoint 0x4 has invalid maxpacket 16
[  172.585323][ T5899] usb 4-1: config 0 interface 41 has no altsetting 0
[  172.594612][ T5899] usb 4-1: New USB device found, idVendor=0fe6, idProduct=9800, bcdDevice=d1.9a
[  172.604107][ T5899] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  172.604159][ T3581] usb 1-1: Using ep0 maxpacket: 16
[  172.612105][ T5899] usb 4-1: Product: syz
[  172.612140][ T5899] usb 4-1: Manufacturer: syz
[  172.612153][ T5899] usb 4-1: SerialNumber: syz
[  172.615649][ T5899] usb 4-1: config 0 descriptor??
[  172.622622][ T3581] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  172.628276][ T7305] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22
[  172.637278][ T3581] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  172.650062][ T5899] CoreChips 4-1:0.41: probe with driver CoreChips failed with error -22
[  172.672700][ T3581] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x2 has invalid wMaxPacketSize 0
[  172.701080][ T3581] usb 1-1: config 0 interface 0 altsetting 0 bulk endpoint 0x2 has invalid maxpacket 0
[  172.731383][ T3581] usb 1-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  172.754121][ T5925] usb 3-1: new high-speed USB device number 46 using dummy_hcd
[  172.764504][ T3581] usb 1-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42
[  172.773586][ T3581] usb 1-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0
[  172.785602][ T3581] usb 1-1: Manufacturer: syz
[  172.787717][ T7316] netlink: 8 bytes leftover after parsing attributes in process `syz.1.507'.
[  172.802285][ T3581] usb 1-1: config 0 descriptor??
[  172.905793][ T5925] usb 3-1: Using ep0 maxpacket: 8
[  172.924805][ T5925] usb 3-1: New USB device found, idVendor=10d2, idProduct=2865, bcdDevice=a4.c9
[  172.934619][ T5925] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  172.947546][ T5925] usb 3-1: config 0 descriptor??
[  172.956817][ T5925] usblcd 3-1:0.0: USBLCD model not supported.
[  172.974457][ T7321] fuse: Unknown parameter 'grou00000000000000000000'
[  173.096528][ T3581] rc_core: IR keymap rc-hauppauge not found
[  173.102519][ T3581] Registered IR keymap rc-empty
[  173.107829][ T3581] mceusb 1-1:0.0: Error: mce write submit urb error = -90
[  173.130500][ T7326] FAULT_INJECTION: forcing a failure.
[  173.130500][ T7326] name failslab, interval 1, probability 0, space 0, times 0
[  173.143422][ T7326] CPU: 0 UID: 0 PID: 7326 Comm: syz.1.511 Not tainted 6.16.0-rc3-syzkaller-00042-g78f4e737a53e #0 PREEMPT(full) 
[  173.143446][ T7326] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  173.143457][ T7326] Call Trace:
[  173.143464][ T7326]  <TASK>
[  173.143472][ T7326]  dump_stack_lvl+0x189/0x250
[  173.143500][ T7326]  ? __pfx____ratelimit+0x10/0x10
[  173.143528][ T7326]  ? __pfx_dump_stack_lvl+0x10/0x10
[  173.143547][ T7326]  ? __pfx__printk+0x10/0x10
[  173.143572][ T7326]  ? __pfx___might_resched+0x10/0x10
[  173.143591][ T7326]  ? fs_reclaim_acquire+0x7d/0x100
[  173.143620][ T7326]  should_fail_ex+0x414/0x560
[  173.143647][ T7326]  should_failslab+0xa8/0x100
[  173.143672][ T7326]  __kmalloc_noprof+0xcb/0x4f0
[  173.143691][ T7326]  ? kfree+0x4d/0x440
[  173.143706][ T7326]  ? tomoyo_realpath_from_path+0xe3/0x5d0
[  173.143733][ T7326]  tomoyo_realpath_from_path+0xe3/0x5d0
[  173.143753][ T7326]  ? tomoyo_domain+0xd9/0x130
[  173.143777][ T7326]  ? tomoyo_path_number_perm+0x1bc/0x5a0
[  173.143801][ T7326]  tomoyo_path_number_perm+0x1e8/0x5a0
[  173.143828][ T7326]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  173.143869][ T7326]  ? __lock_acquire+0xab9/0xd20
[  173.143906][ T7326]  ? __fget_files+0x2a/0x420
[  173.143933][ T7326]  ? __fget_files+0x2a/0x420
[  173.143968][ T7326]  ? __fget_files+0x3a0/0x420
[  173.143987][ T7326]  ? __fget_files+0x2a/0x420
[  173.144010][ T7326]  security_file_ioctl+0xcb/0x2d0
[  173.144036][ T7326]  __se_sys_ioctl+0x47/0x170
[  173.144060][ T7326]  do_syscall_64+0xfa/0x3b0
[  173.144076][ T7326]  ? lockdep_hardirqs_on+0x9c/0x150
[  173.144097][ T7326]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  173.144111][ T7326]  ? clear_bhb_loop+0x60/0xb0
[  173.144130][ T7326]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  173.144147][ T7326] RIP: 0033:0x7fd67c38e929
[  173.144160][ T7326] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  173.144174][ T7326] RSP: 002b:00007fd67d207038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  173.144192][ T7326] RAX: ffffffffffffffda RBX: 00007fd67c5b5fa0 RCX: 00007fd67c38e929
[  173.144203][ T7326] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000006
[  173.144211][ T7326] RBP: 00007fd67d207090 R08: 0000000000000000 R09: 0000000000000000
[  173.144219][ T7326] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  173.144227][ T7326] R13: 0000000000000000 R14: 00007fd67c5b5fa0 R15: 00007ffc444b9ed8
[  173.144248][ T7326]  </TASK>
[  173.387631][    C0] vkms_vblank_simulate: vblank timer overrun
[  173.403256][ T3581] mceusb 1-1:0.0: Error: mce write submit urb error = -90
[  173.412241][ T7326] ERROR: Out of memory at tomoyo_realpath_from_path.
[  173.431219][ T3581] rc rc0: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/rc/rc0
[  173.450754][ T3581] input: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/rc/rc0/input27
[  173.451004][ T1210] usb 3-1: USB disconnect, device number 46
[  173.496023][ T3581] mceusb 1-1:0.0: Error: mce write submit urb error = -90
[  173.527200][ T3581] mceusb 1-1:0.0: Error: mce write submit urb error = -90
[  173.564246][ T3581] mceusb 1-1:0.0: Error: mce write submit urb error = -90
[  173.596383][ T7333] netlink: 48 bytes leftover after parsing attributes in process `syz.1.512'.
[  173.599537][ T3581] mceusb 1-1:0.0: Error: mce write submit urb error = -90
[  173.644741][ T3581] mceusb 1-1:0.0: Error: mce write submit urb error = -90
[  173.664224][ T3581] mceusb 1-1:0.0: Error: mce write submit urb error = -90
[  173.697431][ T3581] mceusb 1-1:0.0: Error: mce write submit urb error = -90
[  173.727081][ T3581] mceusb 1-1:0.0: Error: mce write submit urb error = -90
[  173.754229][ T3581] mceusb 1-1:0.0: Error: mce write submit urb error = -90
[  173.774250][ T3581] mceusb 1-1:0.0: Error: mce write submit urb error = -90
[  173.796050][ T3581] mceusb 1-1:0.0: Registered 424242424242 with mce emulator interface version 1
[  173.816805][ T3581] mceusb 1-1:0.0: 2 tx ports (0x0 cabled) and 2 rx sensors (0x0 active)
[  173.840203][ T3581] usb 1-1: USB disconnect, device number 45
[  174.324779][ T5899] usb 3-1: new full-speed USB device number 47 using dummy_hcd
[  174.387471][ T7338] netlink: 'syz.0.514': attribute type 3 has an invalid length.
[  174.399209][ T7338] netlink: 'syz.0.514': attribute type 1 has an invalid length.
[  174.407145][ T7338] netlink: 216 bytes leftover after parsing attributes in process `syz.0.514'.
[  174.496946][ T5899] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  174.509104][ T5899] usb 3-1: New USB device found, idVendor=0471, idProduct=0304, bcdDevice=e4.df
[  174.524191][ T5899] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  174.544039][ T5899] usb 3-1: config 0 descriptor??
[  174.572350][ T5899] pwc: Askey VC010 type 2 USB webcam detected.
[  174.968198][ T7354] netlink: 132 bytes leftover after parsing attributes in process `syz.1.522'.
[  174.977564][ T5899] pwc: recv_control_msg error -32 req 02 val 2b00
[  174.978270][ T5899] pwc: recv_control_msg error -32 req 02 val 2700
[  174.995736][ T5899] pwc: recv_control_msg error -32 req 02 val 2c00
[  175.003281][ T5899] pwc: recv_control_msg error -32 req 04 val 1000
[  175.011627][ T5899] pwc: recv_control_msg error -32 req 04 val 1300
[  175.019837][ T5899] pwc: recv_control_msg error -32 req 04 val 1400
[  175.027505][ T5899] pwc: recv_control_msg error -32 req 02 val 2000
[  175.036145][ T5899] pwc: recv_control_msg error -32 req 02 val 2100
[  175.043677][ T5899] pwc: recv_control_msg error -32 req 04 val 1500
[  175.046064][ T5925] usb 4-1: USB disconnect, device number 46
[  175.152973][ T7358] overlayfs: missing 'workdir'
[  175.169630][ T7358] IPVS: length: 24 != 1689624
[  175.254994][ T5899] pwc: recv_control_msg error -71 req 02 val 2400
[  175.265222][ T5899] pwc: recv_control_msg error -71 req 02 val 2600
[  175.271785][ T7361] mmap: syz.3.525 (7361) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst.
[  175.274474][ T5899] pwc: recv_control_msg error -71 req 02 val 2900
[  175.291451][ T5899] pwc: recv_control_msg error -71 req 02 val 2800
[  175.299004][ T5899] pwc: recv_control_msg error -71 req 04 val 1100
[  175.307059][ T5899] pwc: recv_control_msg error -71 req 04 val 1200
[  175.321015][ T5899] pwc: Registered as video103.
[  175.334356][ T5899] input: PWC snapshot button as /devices/platform/dummy_hcd.2/usb3/3-1/input/input28
[  175.382414][ T5899] usb 3-1: USB disconnect, device number 47
[  175.652081][ T7371] overlayfs: failed to decode file handle (len=6, type=248, flags=0, err=-22)
[  175.860254][ T5917] usb 2-1: new high-speed USB device number 31 using dummy_hcd
[  175.945718][ T7382] fuse: Bad value for 'group_id'
[  175.968624][ T7382] fuse: Bad value for 'group_id'
[  176.054404][ T5917] usb 2-1: device descriptor read/64, error -71
[  176.210429][   T64] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  176.311446][   T64] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  176.328271][ T5917] usb 2-1: new high-speed USB device number 32 using dummy_hcd
[  176.422222][   T64] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  176.464279][ T5917] usb 2-1: device descriptor read/64, error -71
[  176.499335][   T64] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  176.584371][ T5917] usb usb2-port1: attempt power cycle
[  176.700101][   T64] bridge_slave_1: left allmulticast mode
[  176.707064][   T64] bridge_slave_1: left promiscuous mode
[  176.714761][   T64] bridge0: port 2(bridge_slave_1) entered disabled state
[  176.744699][ T5840] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[  176.753613][ T5840] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[  176.763450][ T5840] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[  176.773008][ T5840] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[  176.786622][ T5840] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[  176.796255][   T64] bridge_slave_0: left allmulticast mode
[  176.821162][   T64] bridge_slave_0: left promiscuous mode
[  176.839783][   T64] bridge0: port 1(bridge_slave_0) entered disabled state
[  176.932501][ T7397] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off.
[  176.954643][ T5917] usb 2-1: new high-speed USB device number 33 using dummy_hcd
[  176.984904][ T5917] usb 2-1: device descriptor read/8, error -71
[  177.117292][ T7399] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  177.244150][ T5917] usb 2-1: new high-speed USB device number 34 using dummy_hcd
[  177.274881][ T5917] usb 2-1: device descriptor read/8, error -71
[  177.311360][ T7402] fuse: Bad value for 'group_id'
[  177.319393][ T7402] fuse: Bad value for 'group_id'
[  177.394895][ T5917] usb usb2-port1: unable to enumerate USB device
[  177.412288][   T64] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  177.423749][   T64] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  177.435181][   T64] bond0 (unregistering): Released all slaves
[  177.944092][ T5925] usb 1-1: new high-speed USB device number 46 using dummy_hcd
[  178.126402][ T5925] usb 1-1: Using ep0 maxpacket: 8
[  178.133950][ T5925] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  178.145709][ T5925] usb 1-1: New USB device found, idVendor=046d, idProduct=0892, bcdDevice=6d.2a
[  178.155288][ T5925] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  178.167014][ T5925] usb 1-1: config 0 descriptor??
[  178.179162][ T5925] gspca_main: vc032x-2.14.0 probing 046d:0892
[  178.213846][   T64] hsr_slave_0: left promiscuous mode
[  178.223444][   T64] hsr_slave_1: left promiscuous mode
[  178.231072][   T64] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  178.245430][   T64] batman_adv: batadv0: Removing interface: batadv_slave_0
[  178.267356][   T64] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  178.275545][   T64] batman_adv: batadv0: Removing interface: batadv_slave_1
[  178.303420][   T64] veth1_macvtap: left promiscuous mode
[  178.309511][   T64] veth0_macvtap: left promiscuous mode
[  178.323366][   T64] veth1_vlan: left promiscuous mode
[  178.329451][   T64] veth0_vlan: left promiscuous mode
[  178.844279][ T5152] Bluetooth: hci2: command tx timeout
[  179.031419][   T64] team0 (unregistering): Port device team_slave_1 removed
[  179.080195][   T64] team0 (unregistering): Port device team_slave_0 removed
[  179.421048][ T7442] ntfs3(rnullb0): Primary boot signature is not NTFS.
[  179.429567][ T7442] ntfs3(rnullb0): Alternative boot signature is not NTFS.
[  179.750454][ T7438] netlink: 2 bytes leftover after parsing attributes in process `syz.1.547'.
[  179.813579][ T7392] chnl_net:caif_netlink_parms(): no params data found
[  180.002041][ T5850] usb 1-1: USB disconnect, device number 46
[  180.181303][ T7392] bridge0: port 1(bridge_slave_0) entered blocking state
[  180.189206][ T7392] bridge0: port 1(bridge_slave_0) entered disabled state
[  180.196039][ T5925] usb 3-1: new full-speed USB device number 48 using dummy_hcd
[  180.197136][ T7392] bridge_slave_0: entered allmulticast mode
[  180.212088][ T7392] bridge_slave_0: entered promiscuous mode
[  180.214715][ T7457] FAULT_INJECTION: forcing a failure.
[  180.214715][ T7457] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  180.221462][ T7392] bridge0: port 2(bridge_slave_1) entered blocking state
[  180.243391][ T7392] bridge0: port 2(bridge_slave_1) entered disabled state
[  180.251578][ T7392] bridge_slave_1: entered allmulticast mode
[  180.255660][ T7457] CPU: 1 UID: 0 PID: 7457 Comm: syz.1.555 Not tainted 6.16.0-rc3-syzkaller-00042-g78f4e737a53e #0 PREEMPT(full) 
[  180.255689][ T7457] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  180.255700][ T7457] Call Trace:
[  180.255714][ T7457]  <TASK>
[  180.255722][ T7457]  dump_stack_lvl+0x189/0x250
[  180.255751][ T7457]  ? __pfx____ratelimit+0x10/0x10
[  180.255778][ T7457]  ? __pfx_dump_stack_lvl+0x10/0x10
[  180.255796][ T7457]  ? __pfx__printk+0x10/0x10
[  180.255815][ T7457]  ? __might_fault+0xb0/0x130
[  180.255847][ T7457]  should_fail_ex+0x414/0x560
[  180.255875][ T7457]  _copy_from_user+0x2d/0xb0
[  180.255893][ T7457]  kstrtouint_from_user+0xc4/0x170
[  180.255918][ T7457]  ? __pfx_kstrtouint_from_user+0x10/0x10
[  180.255956][ T7457]  proc_fail_nth_write+0x88/0x240
[  180.255974][ T7457]  ? __pfx_proc_fail_nth_write+0x10/0x10
[  180.255994][ T7457]  ? __pfx_proc_fail_nth_write+0x10/0x10
[  180.256012][ T7457]  vfs_write+0x27e/0xa90
[  180.256044][ T7457]  ? __pfx_vfs_write+0x10/0x10
[  180.256065][ T7457]  ? __fget_files+0x2a/0x420
[  180.256093][ T7457]  ? __fget_files+0x3a0/0x420
[  180.256113][ T7457]  ? __fget_files+0x2a/0x420
[  180.256145][ T7457]  ksys_write+0x145/0x250
[  180.256168][ T7457]  ? __pfx_ksys_write+0x10/0x10
[  180.256185][ T7457]  ? rcu_is_watching+0x15/0xb0
[  180.256209][ T7457]  ? do_syscall_64+0xbe/0x3b0
[  180.256229][ T7457]  do_syscall_64+0xfa/0x3b0
[  180.256246][ T7457]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  180.256261][ T7457]  ? asm_sysvec_apic_timer_interrupt+0x1a/0x20
[  180.256276][ T7457]  ? clear_bhb_loop+0x60/0xb0
[  180.256296][ T7457]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  180.256312][ T7457] RIP: 0033:0x7fd67c38d3df
[  180.256328][ T7457] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48
[  180.256342][ T7457] RSP: 002b:00007fd67d207030 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[  180.256365][ T7457] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007fd67c38d3df
[  180.256376][ T7457] RDX: 0000000000000001 RSI: 00007fd67d2070a0 RDI: 0000000000000006
[  180.256386][ T7457] RBP: 00007fd67d207090 R08: 0000000000000000 R09: 0000000000000000
[  180.256396][ T7457] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000001
[  180.256406][ T7457] R13: 0000000000000000 R14: 00007fd67c5b5fa0 R15: 00007ffc444b9ed8
[  180.256433][ T7457]  </TASK>
[  180.396236][ T5925] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  180.404290][ T7392] bridge_slave_1: entered promiscuous mode
[  180.439252][ T5925] usb 3-1: New USB device found, idVendor=0471, idProduct=0304, bcdDevice=e4.df
[  180.530201][ T5925] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  180.570634][ T5925] usb 3-1: config 0 descriptor??
[  180.580586][ T7392] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  180.608645][ T7392] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  180.632803][ T5925] pwc: Askey VC010 type 2 USB webcam detected.
[  180.706013][ T7469] F2FS-fs (rnullb0): Magic Mismatch, valid(0xf2f52010) - read(0x0)
[  180.750738][ T7392] team0: Port device team_slave_0 added
[  180.754094][ T7469] F2FS-fs (rnullb0): Can't find valid F2FS filesystem in 1th superblock
[  180.805373][ T7469] F2FS-fs (rnullb0): Magic Mismatch, valid(0xf2f52010) - read(0x0)
[  180.822306][ T7392] team0: Port device team_slave_1 added
[  180.831355][ T7469] F2FS-fs (rnullb0): Can't find valid F2FS filesystem in 2th superblock
[  180.926716][ T5152] Bluetooth: hci2: command tx timeout
[  181.022000][ T5925] pwc: recv_control_msg error -32 req 02 val 2b00
[  181.032503][ T5925] pwc: recv_control_msg error -32 req 02 val 2700
[  181.039230][ T7392] batman_adv: batadv0: Adding interface: batadv_slave_0
[  181.039248][ T7392] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  181.039285][ T7392] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  181.041409][ T7392] batman_adv: batadv0: Adding interface: batadv_slave_1
[  181.051137][ T5925] pwc: recv_control_msg error -32 req 02 val 2c00
[  181.161728][ T7392] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  181.179425][ T5925] pwc: recv_control_msg error -32 req 04 val 1000
[  181.192060][ T7392] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  181.247175][ T5925] pwc: recv_control_msg error -32 req 04 val 1300
[  181.282341][ T5925] pwc: recv_control_msg error -32 req 04 val 1400
[  181.297106][ T5925] pwc: recv_control_msg error -32 req 02 val 2000
[  181.315273][ T5925] pwc: recv_control_msg error -32 req 02 val 2100
[  181.327968][ T5925] pwc: recv_control_msg error -32 req 04 val 1500
[  181.358224][ T7392] hsr_slave_0: entered promiscuous mode
[  181.367932][ T5925] pwc: recv_control_msg error -32 req 02 val 2500
[  181.387058][ T7392] hsr_slave_1: entered promiscuous mode
[  181.401417][ T7392] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  181.412667][ T7392] Cannot create hsr debugfs directory
[  181.794729][ T5925] pwc: recv_control_msg error -71 req 02 val 2900
[  181.804877][ T5925] pwc: recv_control_msg error -71 req 02 val 2800
[  181.815800][ T5925] pwc: recv_control_msg error -71 req 04 val 1100
[  181.822759][ T5925] pwc: recv_control_msg error -71 req 04 val 1200
[  181.835195][ T5925] pwc: Registered as video103.
[  181.858680][ T5925] input: PWC snapshot button as /devices/platform/dummy_hcd.2/usb3/3-1/input/input29
[  181.933105][ T5925] usb 3-1: USB disconnect, device number 48
[  181.954367][ T5899] usb 2-1: new full-speed USB device number 35 using dummy_hcd
[  182.001018][ T7392] netdevsim netdevsim4 netdevsim0: renamed from eth0
[  182.032654][ T7392] netdevsim netdevsim4 netdevsim1: renamed from eth1
[  182.061259][ T7392] netdevsim netdevsim4 netdevsim2: renamed from eth2
[  182.101931][ T7392] netdevsim netdevsim4 netdevsim3: renamed from eth3
[  182.158868][ T5899] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  182.170577][ T5899] usb 2-1: New USB device found, idVendor=0471, idProduct=0304, bcdDevice=e4.df
[  182.190313][ T5899] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  182.209299][ T5899] usb 2-1: config 0 descriptor??
[  182.228362][ T5899] pwc: Askey VC010 type 2 USB webcam detected.
[  182.402851][ T7392] 8021q: adding VLAN 0 to HW filter on device bond0
[  182.460535][ T7392] 8021q: adding VLAN 0 to HW filter on device team0
[  182.521542][   T49] bridge0: port 1(bridge_slave_0) entered blocking state
[  182.528805][   T49] bridge0: port 1(bridge_slave_0) entered forwarding state
[  182.576617][   T13] bridge0: port 2(bridge_slave_1) entered blocking state
[  182.583884][   T13] bridge0: port 2(bridge_slave_1) entered forwarding state
[  182.637733][ T5899] pwc: recv_control_msg error -32 req 02 val 2b00
[  182.662140][ T5899] pwc: recv_control_msg error -32 req 02 val 2700
[  182.707085][ T5899] pwc: recv_control_msg error -32 req 02 val 2c00
[  182.727490][ T5899] pwc: recv_control_msg error -32 req 04 val 1000
[  182.752417][ T5899] pwc: recv_control_msg error -32 req 04 val 1300
[  182.760265][ T5899] pwc: recv_control_msg error -32 req 04 val 1400
[  182.769041][ T5899] pwc: recv_control_msg error -32 req 02 val 2000
[  182.778451][ T5899] pwc: recv_control_msg error -32 req 02 val 2100
[  182.804594][ T5899] pwc: recv_control_msg error -32 req 04 val 1500
[  183.004349][ T5840] Bluetooth: hci2: command tx timeout
[  183.013645][ T5899] pwc: recv_control_msg error -71 req 02 val 2400
[  183.033031][ T5899] pwc: recv_control_msg error -71 req 02 val 2600
[  183.041628][ T5899] pwc: recv_control_msg error -71 req 02 val 2900
[  183.045272][ T5850] usb 1-1: new high-speed USB device number 47 using dummy_hcd
[  183.077065][ T5899] pwc: recv_control_msg error -71 req 02 val 2800
[  183.113775][ T5899] pwc: recv_control_msg error -71 req 04 val 1100
[  183.137548][ T5899] pwc: recv_control_msg error -71 req 04 val 1200
[  183.177144][ T5899] pwc: Registered as video103.
[  183.192706][ T5899] input: PWC snapshot button as /devices/platform/dummy_hcd.1/usb2/2-1/input/input30
[  183.194382][ T5850] usb 1-1: device descriptor read/64, error -71
[  183.339523][ T5899] usb 2-1: USB disconnect, device number 35
[  183.413013][ T7392] 8021q: adding VLAN 0 to HW filter on device batadv0
[  183.614147][ T5850] usb 1-1: new high-speed USB device number 48 using dummy_hcd
[  183.780503][ T5850] usb 1-1: device descriptor read/64, error -71
[  183.918575][ T5850] usb usb1-port1: attempt power cycle
[  184.163655][ T7392] veth0_vlan: entered promiscuous mode
[  184.194089][ T7571] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  184.223942][ T7571] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  184.230091][ T7392] veth1_vlan: entered promiscuous mode
[  184.252631][ T7571] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  184.273443][ T7571] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  184.284663][ T5850] usb 1-1: new high-speed USB device number 49 using dummy_hcd
[  184.292436][ T7392] veth0_macvtap: entered promiscuous mode
[  184.315192][ T5850] usb 1-1: device descriptor read/8, error -71
[  184.323522][ T7392] veth1_macvtap: entered promiscuous mode
[  184.326075][ T7571] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  184.377488][ T7392] batman_adv: batadv0: Interface activated: batadv_slave_0
[  184.405003][ T7392] batman_adv: batadv0: Interface activated: batadv_slave_1
[  184.426841][ T7392] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  184.444069][ T7392] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  184.467811][ T7392] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  184.484034][ T7392] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  184.559115][ T5850] usb 1-1: new high-speed USB device number 50 using dummy_hcd
[  184.607996][ T5850] usb 1-1: device descriptor read/8, error -71
[  184.689935][   T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  184.719732][   T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  184.742307][ T5850] usb usb1-port1: unable to enumerate USB device
[  184.798224][   T13] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  184.815609][   T13] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  185.085262][ T5840] Bluetooth: hci2: command tx timeout
[  185.120774][ T7590] overlay: ./file0 is not a directory
[  185.704159][ T5850] usb 2-1: new high-speed USB device number 36 using dummy_hcd
[  185.845015][ T5850] usb 2-1: device descriptor read/64, error -71
[  186.104227][ T5850] usb 2-1: new high-speed USB device number 37 using dummy_hcd
[  186.244138][ T5850] usb 2-1: device descriptor read/64, error -71
[  186.304143][ T5925] usb 3-1: new high-speed USB device number 49 using dummy_hcd
[  186.354570][ T5850] usb usb2-port1: attempt power cycle
[  186.455164][ T5925] usb 3-1: device descriptor read/64, error -71
[  186.687048][ T7638] usb usb6: Requested nonsensical USBDEVFS_URB_ZERO_PACKET.
[  186.714167][ T5850] usb 2-1: new high-speed USB device number 38 using dummy_hcd
[  186.722075][ T5925] usb 3-1: new high-speed USB device number 50 using dummy_hcd
[  186.756345][ T5850] usb 2-1: device descriptor read/8, error -71
[  186.843948][ T7642] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  186.863937][ T7642] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  186.874515][ T5925] usb 3-1: device descriptor read/64, error -71
[  186.901149][ T7642] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  186.936535][ T7642] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  186.978932][ T7642] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  186.992540][ T5925] usb usb3-port1: attempt power cycle
[  187.011397][ T7645] Mount JFS Failure: -22
[  187.017187][ T5850] usb 2-1: new high-speed USB device number 39 using dummy_hcd
[  187.055310][ T5850] usb 2-1: device descriptor read/8, error -71
[  187.164583][ T5850] usb usb2-port1: unable to enumerate USB device
[  187.344096][ T5925] usb 3-1: new high-speed USB device number 51 using dummy_hcd
[  187.374624][ T5925] usb 3-1: device descriptor read/8, error -71
[  187.644395][ T5925] usb 3-1: new high-speed USB device number 52 using dummy_hcd
[  187.703466][ T5925] usb 3-1: device descriptor read/8, error -71
[  187.835119][ T5925] usb usb3-port1: unable to enumerate USB device
[  188.327397][ T7665] orangefs_mount: mount request failed with -4
[  188.384167][ T5917] usb 1-1: new high-speed USB device number 51 using dummy_hcd
[  188.444243][ T1210] usb 2-1: new full-speed USB device number 40 using dummy_hcd
[  188.478326][ T7687] fuse: Bad value for 'user_id'
[  188.483459][ T7687] fuse: Bad value for 'user_id'
[  188.544197][ T5917] usb 1-1: Using ep0 maxpacket: 32
[  188.558177][ T5917] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  188.571166][ T5917] usb 1-1: config 0 has no interfaces?
[  188.579552][ T5917] usb 1-1: New USB device found, idVendor=0ac8, idProduct=0321, bcdDevice=6f.be
[  188.593505][ T5917] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  188.614417][ T5917] usb 1-1: config 0 descriptor??
[  188.636869][ T1210] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  188.664672][ T1210] usb 2-1: New USB device found, idVendor=0471, idProduct=0304, bcdDevice=e4.df
[  188.688607][ T1210] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  188.716715][ T1210] usb 2-1: config 0 descriptor??
[  188.730447][ T1210] pwc: Askey VC010 type 2 USB webcam detected.
[  188.818780][ T7696] hpfs: Bad magic ... probably not HPFS
[  188.831546][ T7696] hpfs: Bad magic ... probably not HPFS
[  188.975532][ T7702] netlink: 'syz.4.597': attribute type 1 has an invalid length.
[  188.983486][ T7702] netlink: 'syz.4.597': attribute type 101 has an invalid length.
[  188.991638][ T7702] netlink: 564 bytes leftover after parsing attributes in process `syz.4.597'.
[  189.050930][ T7705] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  189.069181][ T7705] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  189.087792][ T7705] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  189.105077][ T7705] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  189.128695][ T7705] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  189.140890][ T1210] pwc: recv_control_msg error -32 req 02 val 2b00
[  189.151284][ T1210] pwc: recv_control_msg error -32 req 02 val 2700
[  189.162610][ T1210] pwc: recv_control_msg error -32 req 02 val 2c00
[  189.180114][ T1210] pwc: recv_control_msg error -32 req 04 val 1000
[  189.182293][ T7707] FAULT_INJECTION: forcing a failure.
[  189.182293][ T7707] name failslab, interval 1, probability 0, space 0, times 0
[  189.187741][ T1210] pwc: recv_control_msg error -32 req 04 val 1300
[  189.203567][ T7707] CPU: 1 UID: 0 PID: 7707 Comm: syz.2.599 Not tainted 6.16.0-rc3-syzkaller-00042-g78f4e737a53e #0 PREEMPT(full) 
[  189.203592][ T7707] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  189.203603][ T7707] Call Trace:
[  189.203611][ T7707]  <TASK>
[  189.203619][ T7707]  dump_stack_lvl+0x189/0x250
[  189.203646][ T7707]  ? __pfx____ratelimit+0x10/0x10
[  189.203674][ T7707]  ? __pfx_dump_stack_lvl+0x10/0x10
[  189.203692][ T7707]  ? __pfx__printk+0x10/0x10
[  189.203716][ T7707]  ? __pfx___might_resched+0x10/0x10
[  189.203740][ T7707]  should_fail_ex+0x414/0x560
[  189.203767][ T7707]  should_failslab+0xa8/0x100
[  189.203791][ T7707]  kmem_cache_alloc_node_noprof+0x76/0x3c0
[  189.203811][ T7707]  ? __alloc_skb+0x112/0x2d0
[  189.203835][ T7707]  __alloc_skb+0x112/0x2d0
[  189.203863][ T7707]  netlink_sendmsg+0x5c6/0xb30
[  189.203893][ T7707]  ? __pfx_netlink_sendmsg+0x10/0x10
[  189.203915][ T7707]  ? aa_sock_msg_perm+0x94/0x160
[  189.203935][ T7707]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  189.203964][ T7707]  ? __pfx_netlink_sendmsg+0x10/0x10
[  189.203983][ T7707]  __sock_sendmsg+0x219/0x270
[  189.204011][ T7707]  ____sys_sendmsg+0x505/0x830
[  189.204037][ T7707]  ? __pfx_____sys_sendmsg+0x10/0x10
[  189.204066][ T7707]  ? import_iovec+0x74/0xa0
[  189.204086][ T7707]  ___sys_sendmsg+0x21f/0x2a0
[  189.204120][ T7707]  ? __pfx____sys_sendmsg+0x10/0x10
[  189.204174][ T7707]  ? __fget_files+0x2a/0x420
[  189.204196][ T7707]  ? __fget_files+0x3a0/0x420
[  189.204227][ T7707]  __x64_sys_sendmsg+0x19b/0x260
[  189.204250][ T7707]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  189.204279][ T7707]  ? __pfx_ksys_write+0x10/0x10
[  189.204297][ T7707]  ? rcu_is_watching+0x15/0xb0
[  189.204322][ T7707]  ? do_syscall_64+0xbe/0x3b0
[  189.204341][ T7707]  do_syscall_64+0xfa/0x3b0
[  189.204355][ T7707]  ? lockdep_hardirqs_on+0x9c/0x150
[  189.204377][ T7707]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  189.204393][ T7707]  ? clear_bhb_loop+0x60/0xb0
[  189.204412][ T7707]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  189.204427][ T7707] RIP: 0033:0x7f70b9b8e929
[  189.204444][ T7707] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  189.204458][ T7707] RSP: 002b:00007f70ba9ec038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  189.204477][ T7707] RAX: ffffffffffffffda RBX: 00007f70b9db5fa0 RCX: 00007f70b9b8e929
[  189.204489][ T7707] RDX: 0000000000000000 RSI: 0000200000000080 RDI: 0000000000000003
[  189.204499][ T7707] RBP: 00007f70ba9ec090 R08: 0000000000000000 R09: 0000000000000000
[  189.204508][ T7707] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  189.204518][ T7707] R13: 0000000000000000 R14: 00007f70b9db5fa0 R15: 00007fff3c2f0d38
[  189.204544][ T7707]  </TASK>
[  189.480387][ T7711] IPVS: length: 24 != 1689624
[  189.489274][ T1210] pwc: recv_control_msg error -32 req 04 val 1400
[  189.496890][ T1210] pwc: recv_control_msg error -32 req 02 val 2000
[  189.504453][ T1210] pwc: recv_control_msg error -32 req 02 val 2100
[  189.511725][ T1210] pwc: recv_control_msg error -32 req 04 val 1500
[  189.593577][ T7715] batadv_slave_0: entered promiscuous mode
[  189.722801][ T1210] pwc: recv_control_msg error -71 req 02 val 2400
[  189.733645][ T1210] pwc: recv_control_msg error -71 req 02 val 2600
[  189.740708][ T1210] pwc: recv_control_msg error -71 req 02 val 2900
[  189.749357][ T1210] pwc: recv_control_msg error -71 req 02 val 2800
[  189.756717][ T1210] pwc: recv_control_msg error -71 req 04 val 1100
[  189.765302][ T1210] pwc: recv_control_msg error -71 req 04 val 1200
[  189.785851][ T1210] pwc: Registered as video103.
[  189.813313][ T1210] input: PWC snapshot button as /devices/platform/dummy_hcd.1/usb2/2-1/input/input31
[  189.861408][ T1210] usb 2-1: USB disconnect, device number 40
[  189.871288][ T7719] fuse: Bad value for 'fd'
[  190.429084][ T7714] batadv_slave_0: left promiscuous mode
[  190.586427][ T7736] gfs2: not a GFS2 filesystem
[  190.595145][ T7740] netlink: 32 bytes leftover after parsing attributes in process `syz.2.608'.
[  190.697569][ T7743] IPVS: length: 24 != 1689624
[  190.704880][ T7743] binder: Binderfs stats mode cannot be changed during a remount
[  190.739614][ T7745] fuse: Bad value for 'fd'
[  190.774225][ T5925] usb 2-1: new high-speed USB device number 41 using dummy_hcd
[  190.840393][ T7747] nfs: Bad value for 'source'
[  190.925322][ T5925] usb 2-1: device descriptor read/64, error -71
[  191.143439][ T3581] usb 1-1: USB disconnect, device number 51
[  191.170290][ T5925] usb 2-1: new high-speed USB device number 42 using dummy_hcd
[  191.315239][ T5925] usb 2-1: device descriptor read/64, error -71
[  191.455111][ T5925] usb usb2-port1: attempt power cycle
[  191.490006][ T7769] IPVS: length: 24 != 1689624
[  191.495832][ T7769] binder: Binderfs stats mode cannot be changed during a remount
[  191.552802][ T7771] fuse: Bad value for 'fd'
[  191.628434][ T7773] binder: 7772:7773 unknown command 0
[  191.633889][ T7773] binder: 7772:7773 ioctl c0306201 200000000540 returned -22
[  191.647321][ T7773] tipc: Started in network mode
[  191.653492][ T7773] tipc: Node identity , cluster identity 4711
[  191.660171][ T7773] tipc: Failed to set node id, please configure manually
[  191.667614][ T3581] usb 5-1: new high-speed USB device number 2 using dummy_hcd
[  191.667692][ T7773] tipc: Enabling of bearer <udp:syz0> rejected, failed to enable media
[  191.814298][ T5925] usb 2-1: new high-speed USB device number 43 using dummy_hcd
[  191.821991][ T3581] usb 5-1: device descriptor read/64, error -71
[  191.844892][ T5925] usb 2-1: device descriptor read/8, error -71
[  192.074145][ T3581] usb 5-1: new high-speed USB device number 3 using dummy_hcd
[  192.084220][ T5925] usb 2-1: new high-speed USB device number 44 using dummy_hcd
[  192.104838][ T5925] usb 2-1: device descriptor read/8, error -71
[  192.144537][ T5899] usb 1-1: new high-speed USB device number 52 using dummy_hcd
[  192.204805][ T3581] usb 5-1: device descriptor read/64, error -71
[  192.215664][ T5925] usb usb2-port1: unable to enumerate USB device
[  192.304178][ T5899] usb 1-1: Using ep0 maxpacket: 32
[  192.312544][ T5899] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  192.314445][ T3581] usb usb5-port1: attempt power cycle
[  192.323742][ T5899] usb 1-1: config 0 has no interfaces?
[  192.334197][ T5899] usb 1-1: New USB device found, idVendor=0ac8, idProduct=0321, bcdDevice=6f.be
[  192.344122][ T5899] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  192.354359][ T5899] usb 1-1: config 0 descriptor??
[  192.664160][ T3581] usb 5-1: new high-speed USB device number 4 using dummy_hcd
[  192.686372][ T3581] usb 5-1: device descriptor read/8, error -71
[  192.924259][ T3581] usb 5-1: new high-speed USB device number 5 using dummy_hcd
[  192.944804][ T3581] usb 5-1: device descriptor read/8, error -71
[  193.054382][ T3581] usb usb5-port1: unable to enumerate USB device
[  193.743147][ T7792] FAULT_INJECTION: forcing a failure.
[  193.743147][ T7792] name failslab, interval 1, probability 0, space 0, times 0
[  193.757808][ T7792] CPU: 1 UID: 0 PID: 7792 Comm: syz.1.629 Not tainted 6.16.0-rc3-syzkaller-00042-g78f4e737a53e #0 PREEMPT(full) 
[  193.757825][ T7792] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  193.757831][ T7792] Call Trace:
[  193.757836][ T7792]  <TASK>
[  193.757842][ T7792]  dump_stack_lvl+0x189/0x250
[  193.757862][ T7792]  ? __pfx____ratelimit+0x10/0x10
[  193.757881][ T7792]  ? __pfx_dump_stack_lvl+0x10/0x10
[  193.757891][ T7792]  ? __pfx__printk+0x10/0x10
[  193.757915][ T7792]  ? __pfx___might_resched+0x10/0x10
[  193.757927][ T7792]  ? fs_reclaim_acquire+0x7d/0x100
[  193.757948][ T7792]  should_fail_ex+0x414/0x560
[  193.757966][ T7792]  should_failslab+0xa8/0x100
[  193.757981][ T7792]  __kmalloc_noprof+0xcb/0x4f0
[  193.757992][ T7792]  ? tomoyo_encode+0x28b/0x550
[  193.758006][ T7792]  tomoyo_encode+0x28b/0x550
[  193.758019][ T7792]  tomoyo_realpath_from_path+0x58d/0x5d0
[  193.758036][ T7792]  ? tomoyo_path_number_perm+0x1bc/0x5a0
[  193.758051][ T7792]  tomoyo_path_number_perm+0x1e8/0x5a0
[  193.758066][ T7792]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  193.758088][ T7792]  ? __lock_acquire+0xab9/0xd20
[  193.758109][ T7792]  ? __fget_files+0x2a/0x420
[  193.758125][ T7792]  ? __fget_files+0x2a/0x420
[  193.758137][ T7792]  ? __fget_files+0x3a0/0x420
[  193.758149][ T7792]  ? __fget_files+0x2a/0x420
[  193.758164][ T7792]  security_file_ioctl+0xcb/0x2d0
[  193.758179][ T7792]  __se_sys_ioctl+0x47/0x170
[  193.758193][ T7792]  do_syscall_64+0xfa/0x3b0
[  193.758202][ T7792]  ? lockdep_hardirqs_on+0x9c/0x150
[  193.758217][ T7792]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  193.758226][ T7792]  ? clear_bhb_loop+0x60/0xb0
[  193.758238][ T7792]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  193.758247][ T7792] RIP: 0033:0x7fd67c38e929
[  193.758258][ T7792] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  193.758267][ T7792] RSP: 002b:00007fd67d207038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  193.758279][ T7792] RAX: ffffffffffffffda RBX: 00007fd67c5b5fa0 RCX: 00007fd67c38e929
[  193.758286][ T7792] RDX: 0000000000000000 RSI: 000000004004743c RDI: 0000000000000003
[  193.758292][ T7792] RBP: 00007fd67d207090 R08: 0000000000000000 R09: 0000000000000000
[  193.758298][ T7792] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  193.758303][ T7792] R13: 0000000000000000 R14: 00007fd67c5b5fa0 R15: 00007ffc444b9ed8
[  193.758318][ T7792]  </TASK>
[  193.758335][ T7792] ERROR: Out of memory at tomoyo_realpath_from_path.
[  194.010114][ T7792] syz.1.629 (7792) used obsolete PPPIOCDETACH ioctl
[  194.095106][ T7796] IPVS: length: 24 != 1689624
[  194.114464][ T7796] binder: Binderfs stats mode cannot be changed during a remount
[  194.202119][ T7800] CUSE: info not properly terminated
[  194.388796][ T5925] usb 2-1: new high-speed USB device number 45 using dummy_hcd
[  194.556104][ T5925] usb 2-1: config index 0 descriptor too short (expected 23569, got 27)
[  194.568658][ T5925] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  194.595397][ T5925] usb 2-1: New USB device found, idVendor=03eb, idProduct=0002, bcdDevice=ba.c0
[  194.612807][ T5925] usb 2-1: New USB device strings: Mfr=5, Product=0, SerialNumber=0
[  194.652104][ T5925] usb 2-1: Manufacturer: syz
[  194.694584][ T5925] usb 2-1: config 0 descriptor??
[  194.795435][ T5925] rc_core: IR keymap rc-hauppauge not found
[  194.817054][ T5925] Registered IR keymap rc-empty
[  194.830030][ T5925] rc rc0: IgorPlug-USB IR Receiver as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/rc/rc0
[  194.843587][ T5925] input: IgorPlug-USB IR Receiver as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/rc/rc0/input33
[  194.934956][ T3581] usb 5-1: new full-speed USB device number 6 using dummy_hcd
[  195.029547][ T5899] usb 1-1: USB disconnect, device number 52
[  195.149843][ T3581] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  195.183384][ T3581] usb 5-1: New USB device found, idVendor=0471, idProduct=0304, bcdDevice=e4.df
[  195.204122][ T3581] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  195.241667][ T3581] usb 5-1: config 0 descriptor??
[  195.255647][ T7828] netlink: 36 bytes leftover after parsing attributes in process `syz.0.638'.
[  195.272828][ T3581] pwc: Askey VC010 type 2 USB webcam detected.
[  195.334547][ T5899] usb 2-1: USB disconnect, device number 45
[  195.687923][ T3581] pwc: recv_control_msg error -32 req 02 val 2b00
[  195.695430][ T3581] pwc: recv_control_msg error -32 req 02 val 2700
[  195.702600][ T3581] pwc: recv_control_msg error -32 req 02 val 2c00
[  195.710410][ T3581] pwc: recv_control_msg error -32 req 04 val 1000
[  195.717782][ T3581] pwc: recv_control_msg error -32 req 04 val 1300
[  195.729600][ T3581] pwc: recv_control_msg error -32 req 04 val 1400
[  195.737066][ T3581] pwc: recv_control_msg error -32 req 02 val 2000
[  195.744489][ T3581] pwc: recv_control_msg error -32 req 02 val 2100
[  195.751709][ T3581] pwc: recv_control_msg error -32 req 04 val 1500
[  195.959556][ T3581] pwc: recv_control_msg error -71 req 02 val 2400
[  195.974858][ T3581] pwc: recv_control_msg error -71 req 02 val 2600
[  195.985210][ T3581] pwc: recv_control_msg error -71 req 02 val 2900
[  195.993172][ T3581] pwc: recv_control_msg error -71 req 02 val 2800
[  196.006880][ T3581] pwc: recv_control_msg error -71 req 04 val 1100
[  196.015860][ T3581] pwc: recv_control_msg error -71 req 04 val 1200
[  196.034368][ T3581] pwc: Registered as video103.
[  196.041353][ T3581] input: PWC snapshot button as /devices/platform/dummy_hcd.4/usb5/5-1/input/input34
[  196.071886][ T7842] IPVS: length: 24 != 1689624
[  196.077925][ T7830] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512
[  196.090355][ T3581] usb 5-1: USB disconnect, device number 6
[  196.242569][ T7846] netlink: 'syz.2.642': attribute type 4 has an invalid length.
[  196.439206][ T7853] netlink: 'syz.2.645': attribute type 11 has an invalid length.
[  196.594394][ T5925] usb 2-1: new high-speed USB device number 46 using dummy_hcd
[  196.734201][ T5925] usb 2-1: device descriptor read/64, error -71
[  196.828725][ T3581] usb 3-1: new high-speed USB device number 53 using dummy_hcd
[  196.994239][ T5925] usb 2-1: new high-speed USB device number 47 using dummy_hcd
[  197.023851][ T3581] usb 3-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  197.046341][ T3581] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7
[  197.074083][ T3581] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0
[  197.095178][ T3581] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  197.124047][ T3581] usb 3-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  197.133286][ T3581] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  197.170946][ T5925] usb 2-1: device descriptor read/64, error -71
[  197.181359][ T3581] usb 3-1: config 0 descriptor??
[  197.300351][ T5925] usb usb2-port1: attempt power cycle
[  197.571412][ T1301] ieee802154 phy0 wpan0: encryption failed: -22
[  197.577996][ T1301] ieee802154 phy1 wpan1: encryption failed: -22
[  197.598432][ T3581] plantronics 0003:047F:FFFF.000D: ignoring exceeding usage max
[  197.660326][ T5925] usb 2-1: new high-speed USB device number 48 using dummy_hcd
[  197.672689][ T3581] plantronics 0003:047F:FFFF.000D: No inputs registered, leaving
[  197.693314][ T3581] plantronics 0003:047F:FFFF.000D: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.2-1/input0
[  197.714936][ T5925] usb 2-1: device descriptor read/8, error -71
[  197.841711][ T7870] IPVS: length: 24 != 1689624
[  197.901518][ T7872] fuse: Unknown parameter 'grou00000000000000000000'
[  197.961798][ T7875] FAT-fs (rnullb0): bogus number of reserved sectors
[  197.969808][ T7875] FAT-fs (rnullb0): Can't find a valid FAT filesystem
[  197.978083][ T5925] usb 2-1: new high-speed USB device number 49 using dummy_hcd
[  198.004865][ T5925] usb 2-1: device descriptor read/8, error -71
[  198.115848][ T5840] ==================================================================
[  198.123991][ T5840] BUG: KASAN: slab-use-after-free in l2cap_sock_ready_cb+0xd5/0x140
[  198.132009][ T5840] Read of size 8 at addr ffff88807f4bb188 by task kworker/u9:4/5840
[  198.139979][ T5840] 
[  198.142312][ T5840] CPU: 0 UID: 0 PID: 5840 Comm: kworker/u9:4 Not tainted 6.16.0-rc3-syzkaller-00042-g78f4e737a53e #0 PREEMPT(full) 
[  198.142332][ T5840] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  198.142345][ T5840] Workqueue: hci0 hci_rx_work
[  198.142368][ T5840] Call Trace:
[  198.142378][ T5840]  <TASK>
[  198.142386][ T5840]  dump_stack_lvl+0x189/0x250
[  198.142406][ T5840]  ? __virt_addr_valid+0x1c8/0x5c0
[  198.142427][ T5840]  ? rcu_is_watching+0x15/0xb0
[  198.142446][ T5840]  ? __kasan_check_byte+0x12/0x40
[  198.142463][ T5840]  ? __pfx_dump_stack_lvl+0x10/0x10
[  198.142478][ T5840]  ? rcu_is_watching+0x15/0xb0
[  198.142493][ T5840]  ? lock_release+0x4b/0x3e0
[  198.142510][ T5840]  ? __virt_addr_valid+0x1c8/0x5c0
[  198.142527][ T5840]  ? __virt_addr_valid+0x4a5/0x5c0
[  198.142545][ T5840]  print_report+0xd2/0x2b0
[  198.142565][ T5840]  ? l2cap_sock_ready_cb+0xd5/0x140
[  198.142584][ T5840]  kasan_report+0x118/0x150
[  198.142604][ T5840]  ? l2cap_sock_ready_cb+0xd5/0x140
[  198.142624][ T5840]  l2cap_sock_ready_cb+0xd5/0x140
[  198.142643][ T5840]  l2cap_le_start+0xb0a/0x13b0
[  198.142659][ T5840]  ? l2cap_connect_cfm+0x679/0x1040
[  198.142676][ T5840]  ? __pfx_l2cap_le_start+0x10/0x10
[  198.142690][ T5840]  ? l2cap_global_fixed_chan+0x2ee/0x380
[  198.142707][ T5840]  ? __pfx_l2cap_global_fixed_chan+0x10/0x10
[  198.142725][ T5840]  ? l2cap_chan_put+0x117/0x240
[  198.142743][ T5840]  l2cap_connect_cfm+0x6be/0x1040
[  198.142762][ T5840]  ? __pfx_l2cap_connect_cfm+0x10/0x10
[  198.142779][ T5840]  ? device_add+0x70b/0xb50
[  198.142794][ T5840]  ? __pfx_l2cap_connect_cfm+0x10/0x10
[  198.142810][ T5840]  hci_connect_cfm+0x95/0x140
[  198.142825][ T5840]  le_conn_complete_evt+0xcd3/0x1220
[  198.142845][ T5840]  ? __pfx_le_conn_complete_evt+0x10/0x10
[  198.142866][ T5840]  ? __mutex_unlock_slowpath+0x1cd/0x700
[  198.142882][ T5840]  ? __asan_memcpy+0x40/0x70
[  198.142897][ T5840]  ? __pfx___mutex_lock+0x10/0x10
[  198.142911][ T5840]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[  198.142923][ T5840]  ? skb_pull_data+0xfb/0x200
[  198.142948][ T5840]  hci_le_conn_complete_evt+0x187/0x450
[  198.142965][ T5840]  hci_event_packet+0x78c/0x1200
[  198.142985][ T5840]  ? __pfx_hci_le_meta_evt+0x10/0x10
[  198.143000][ T5840]  ? __pfx_hci_event_packet+0x10/0x10
[  198.143019][ T5840]  ? kcov_remote_start+0x4d3/0x7f0
[  198.143039][ T5840]  ? local_clock_noinstr+0xe0/0xe0
[  198.143059][ T5840]  ? hci_send_to_monitor+0xe2/0x570
[  198.143075][ T5840]  hci_rx_work+0x46a/0xe80
[  198.143089][ T5840]  ? process_scheduled_works+0x9ef/0x17b0
[  198.143105][ T5840]  process_scheduled_works+0xae1/0x17b0
[  198.143128][ T5840]  ? __pfx_process_scheduled_works+0x10/0x10
[  198.143147][ T5840]  worker_thread+0x8a0/0xda0
[  198.143169][ T5840]  kthread+0x70e/0x8a0
[  198.143187][ T5840]  ? __pfx_worker_thread+0x10/0x10
[  198.143204][ T5840]  ? __pfx_kthread+0x10/0x10
[  198.143222][ T5840]  ? _raw_spin_unlock_irq+0x23/0x50
[  198.143247][ T5840]  ? lockdep_hardirqs_on+0x9c/0x150
[  198.143265][ T5840]  ? __pfx_kthread+0x10/0x10
[  198.143282][ T5840]  ret_from_fork+0x3fc/0x770
[  198.143301][ T5840]  ? __pfx_ret_from_fork+0x10/0x10
[  198.143317][ T5840]  ? __switch_to_asm+0x39/0x70
[  198.143335][ T5840]  ? __switch_to_asm+0x33/0x70
[  198.143350][ T5840]  ? __pfx_kthread+0x10/0x10
[  198.143367][ T5840]  ret_from_fork_asm+0x1a/0x30
[  198.143392][ T5840]  </TASK>
[  198.143398][ T5840] 
[  198.462811][ T5840] Allocated by task 7879:
[  198.467145][ T5840]  kasan_save_track+0x3e/0x80
[  198.471820][ T5840]  __kasan_kmalloc+0x93/0xb0
[  198.476401][ T5840]  __kmalloc_noprof+0x27a/0x4f0
[  198.481247][ T5840]  sk_prot_alloc+0xe7/0x220
[  198.485752][ T5840]  sk_alloc+0x3a/0x370
[  198.489812][ T5840]  bt_sock_alloc+0x3b/0x310
[  198.494311][ T5840]  l2cap_sock_create+0x147/0x300
[  198.499259][ T5840]  bt_sock_create+0x160/0x240
[  198.503934][ T5840]  __sock_create+0x4b0/0x9f0
[  198.508519][ T5840]  __sys_socket+0xd7/0x1b0
[  198.512931][ T5840]  __x64_sys_socket+0x7a/0x90
[  198.517602][ T5840]  do_syscall_64+0xfa/0x3b0
[  198.522097][ T5840]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  198.527992][ T5840] 
[  198.530328][ T5840] Freed by task 7878:
[  198.534299][ T5840]  kasan_save_track+0x3e/0x80
[  198.538971][ T5840]  kasan_save_free_info+0x46/0x50
[  198.543994][ T5840]  __kasan_slab_free+0x62/0x70
[  198.548750][ T5840]  kfree+0x18e/0x440
[  198.552645][ T5840]  __sk_destruct+0x4e1/0x660
[  198.557238][ T5840]  l2cap_sock_release+0x158/0x1d0
[  198.562256][ T5840]  sock_close+0xc0/0x240
[  198.566500][ T5840]  __fput+0x449/0xa70
[  198.570472][ T5840]  task_work_run+0x1d1/0x260
[  198.575061][ T5840]  exit_to_user_mode_loop+0xec/0x110
[  198.580341][ T5840]  do_syscall_64+0x2bd/0x3b0
[  198.584936][ T5840]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  198.590918][ T5840] 
[  198.593232][ T5840] The buggy address belongs to the object at ffff88807f4bb000
[  198.593232][ T5840]  which belongs to the cache kmalloc-2k of size 2048
[  198.607463][ T5840] The buggy address is located 392 bytes inside of
[  198.607463][ T5840]  freed 2048-byte region [ffff88807f4bb000, ffff88807f4bb800)
[  198.621434][ T5840] 
[  198.623754][ T5840] The buggy address belongs to the physical page:
[  198.630170][ T5840] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x7f4b8
[  198.638946][ T5840] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[  198.647447][ T5840] flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff)
[  198.655325][ T5840] page_type: f5(slab)
[  198.659307][ T5840] raw: 00fff00000000040 ffff88801a842000 ffffea0000cb8800 dead000000000002
[  198.667891][ T5840] raw: 0000000000000000 0000000000080008 00000000f5000000 0000000000000000
[  198.676474][ T5840] head: 00fff00000000040 ffff88801a842000 ffffea0000cb8800 dead000000000002
[  198.685134][ T5840] head: 0000000000000000 0000000000080008 00000000f5000000 0000000000000000
[  198.693826][ T5840] head: 00fff00000000003 ffffea0001fd2e01 00000000ffffffff 00000000ffffffff
[  198.702517][ T5840] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000008
[  198.711188][ T5840] page dumped because: kasan: bad access detected
[  198.717620][ T5840] page_owner tracks the page as allocated
[  198.723325][ T5840] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 5832, tgid 5832 (syz-executor), ts 86812415583, free_ts 86801666737
[  198.744693][ T5840]  post_alloc_hook+0x240/0x2a0
[  198.749468][ T5840]  get_page_from_freelist+0x21e4/0x22c0
[  198.755012][ T5840]  __alloc_frozen_pages_noprof+0x181/0x370
[  198.760811][ T5840]  alloc_pages_mpol+0x232/0x4a0
[  198.765653][ T5840]  allocate_slab+0x8a/0x3b0
[  198.770144][ T5840]  ___slab_alloc+0xbfc/0x1480
[  198.774810][ T5840]  __kmalloc_cache_noprof+0x296/0x3d0
[  198.780170][ T5840]  rtnl_newlink+0xed/0x1c70
[  198.784660][ T5840]  rtnetlink_rcv_msg+0x7cc/0xb70
[  198.789581][ T5840]  netlink_rcv_skb+0x208/0x470
[  198.794342][ T5840]  netlink_unicast+0x75b/0x8d0
[  198.799110][ T5840]  netlink_sendmsg+0x805/0xb30
[  198.803859][ T5840]  __sock_sendmsg+0x219/0x270
[  198.808530][ T5840]  __sys_sendto+0x3bd/0x520
[  198.813022][ T5840]  __x64_sys_sendto+0xde/0x100
[  198.817793][ T5840]  do_syscall_64+0xfa/0x3b0
[  198.822327][ T5840] page last free pid 5830 tgid 5830 stack trace:
[  198.828656][ T5840]  __free_frozen_pages+0xc71/0xe70
[  198.833770][ T5840]  __slab_free+0x326/0x400
[  198.838176][ T5840]  qlist_free_all+0x97/0x140
[  198.842756][ T5840]  kasan_quarantine_reduce+0x148/0x160
[  198.848200][ T5840]  __kasan_slab_alloc+0x22/0x80
[  198.853039][ T5840]  __kmalloc_cache_noprof+0x1be/0x3d0
[  198.858397][ T5840]  kset_create_and_add+0x5a/0x170
[  198.863843][ T5840]  netdev_register_kobject+0x180/0x2f0
[  198.869478][ T5840]  register_netdevice+0x126c/0x1ae0
[  198.874683][ T5840]  veth_newlink+0x5cc/0xa50
[  198.879196][ T5840]  rtnl_newlink_create+0x30d/0xb00
[  198.884317][ T5840]  rtnl_newlink+0x16d6/0x1c70
[  198.888992][ T5840]  rtnetlink_rcv_msg+0x7cc/0xb70
[  198.893923][ T5840]  netlink_rcv_skb+0x208/0x470
[  198.898694][ T5840]  netlink_unicast+0x75b/0x8d0
[  198.903446][ T5840]  netlink_sendmsg+0x805/0xb30
[  198.908206][ T5840] 
[  198.910520][ T5840] Memory state around the buggy address:
[  198.916134][ T5840]  ffff88807f4bb080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  198.924186][ T5840]  ffff88807f4bb100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  198.932240][ T5840] >ffff88807f4bb180: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  198.940374][ T5840]                       ^
[  198.944705][ T5840]  ffff88807f4bb200: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  198.952776][ T5840]  ffff88807f4bb280: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  198.960842][ T5840] ==================================================================
[  198.968920][    C0] vkms_vblank_simulate: vblank timer overrun
[  198.989207][ T5925] usb usb2-port1: unable to enumerate USB device
[  198.994064][ T5840] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[  198.994089][ T5840] CPU: 0 UID: 0 PID: 5840 Comm: kworker/u9:4 Not tainted 6.16.0-rc3-syzkaller-00042-g78f4e737a53e #0 PREEMPT(full) 
[  198.994112][ T5840] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  198.994125][ T5840] Workqueue: hci0 hci_rx_work
[  198.994154][ T5840] Call Trace:
[  198.994162][ T5840]  <TASK>
[  198.994170][ T5840]  dump_stack_lvl+0x99/0x250
[  198.994206][ T5840]  ? __asan_memcpy+0x40/0x70
[  198.994224][ T5840]  ? __pfx_dump_stack_lvl+0x10/0x10
[  198.994243][ T5840]  ? __pfx__printk+0x10/0x10
[  198.994268][ T5840]  panic+0x2db/0x790
[  198.994285][ T5840]  ? __pfx_panic+0x10/0x10
[  198.994302][ T5840]  ? _raw_spin_unlock_irqrestore+0xfd/0x110
[  198.994327][ T5840]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  198.994349][ T5840]  ? print_memory_metadata+0x314/0x400
[  198.994373][ T5840]  ? l2cap_sock_ready_cb+0xd5/0x140
[  198.994396][ T5840]  check_panic_on_warn+0x89/0xb0
[  198.994423][ T5840]  ? l2cap_sock_ready_cb+0xd5/0x140
[  198.994451][ T5840]  end_report+0x78/0x160
[  198.994471][ T5840]  kasan_report+0x129/0x150
[  198.994493][ T5840]  ? l2cap_sock_ready_cb+0xd5/0x140
[  198.994517][ T5840]  l2cap_sock_ready_cb+0xd5/0x140
[  198.994541][ T5840]  l2cap_le_start+0xb0a/0x13b0
[  198.994562][ T5840]  ? l2cap_connect_cfm+0x679/0x1040
[  198.994583][ T5840]  ? __pfx_l2cap_le_start+0x10/0x10
[  198.994602][ T5840]  ? l2cap_global_fixed_chan+0x2ee/0x380
[  198.994623][ T5840]  ? __pfx_l2cap_global_fixed_chan+0x10/0x10
[  198.994647][ T5840]  ? l2cap_chan_put+0x117/0x240
[  198.994672][ T5840]  l2cap_connect_cfm+0x6be/0x1040
[  198.994695][ T5840]  ? __pfx_l2cap_connect_cfm+0x10/0x10
[  198.994716][ T5840]  ? device_add+0x70b/0xb50
[  198.994735][ T5840]  ? __pfx_l2cap_connect_cfm+0x10/0x10
[  198.994756][ T5840]  hci_connect_cfm+0x95/0x140
[  198.994775][ T5840]  le_conn_complete_evt+0xcd3/0x1220
[  198.994801][ T5840]  ? __pfx_le_conn_complete_evt+0x10/0x10
[  198.994821][ T5840]  ? __mutex_unlock_slowpath+0x1cd/0x700
[  198.994837][ T5840]  ? __asan_memcpy+0x40/0x70
[  198.994853][ T5840]  ? __pfx___mutex_lock+0x10/0x10
[  198.994870][ T5840]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[  198.994884][ T5840]  ? skb_pull_data+0xfb/0x200
[  198.994912][ T5840]  hci_le_conn_complete_evt+0x187/0x450
[  198.994933][ T5840]  hci_event_packet+0x78c/0x1200
[  198.994959][ T5840]  ? __pfx_hci_le_meta_evt+0x10/0x10
[  198.994975][ T5840]  ? __pfx_hci_event_packet+0x10/0x10
[  198.994999][ T5840]  ? kcov_remote_start+0x4d3/0x7f0
[  198.995024][ T5840]  ? local_clock_noinstr+0xe0/0xe0
[  198.995048][ T5840]  ? hci_send_to_monitor+0xe2/0x570
[  198.995068][ T5840]  hci_rx_work+0x46a/0xe80
[  198.995086][ T5840]  ? process_scheduled_works+0x9ef/0x17b0
[  198.995107][ T5840]  process_scheduled_works+0xae1/0x17b0
[  198.995136][ T5840]  ? __pfx_process_scheduled_works+0x10/0x10
[  198.995161][ T5840]  worker_thread+0x8a0/0xda0
[  198.995196][ T5840]  kthread+0x70e/0x8a0
[  198.995219][ T5840]  ? __pfx_worker_thread+0x10/0x10
[  198.995236][ T5840]  ? __pfx_kthread+0x10/0x10
[  198.995258][ T5840]  ? _raw_spin_unlock_irq+0x23/0x50
[  198.995278][ T5840]  ? lockdep_hardirqs_on+0x9c/0x150
[  198.995301][ T5840]  ? __pfx_kthread+0x10/0x10
[  198.995322][ T5840]  ret_from_fork+0x3fc/0x770
[  198.995341][ T5840]  ? __pfx_ret_from_fork+0x10/0x10
[  198.995359][ T5840]  ? __switch_to_asm+0x39/0x70
[  198.995379][ T5840]  ? __switch_to_asm+0x33/0x70
[  198.995398][ T5840]  ? __pfx_kthread+0x10/0x10
[  198.995420][ T5840]  ret_from_fork_asm+0x1a/0x30
[  198.995446][ T5840]  </TASK>
[  198.995854][ T5840] Kernel Offset: disabled