last executing test programs:

11.73272899s ago: executing program 0 (id=1367):
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000040)=ANY=[@ANYBLOB="2000000069000b000000000000000000000000007f000000080001"], 0x20}}, 0x4000000) (fail_nth: 7)

11.475377055s ago: executing program 0 (id=1370):
r0 = socket$caif_seqpacket(0x25, 0x5, 0x3)
connect$inet6(0xffffffffffffffff, &(0x7f0000000140)={0xa, 0x0, 0x0, @remote, 0x5}, 0x1c)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r1}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x102}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0xd7816000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000180)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs={0x0, 0x0, 0xfffffffe}, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
openat$sndtimer(0xffffffffffffff9c, 0x0, 0x40)
epoll_create(0x7)
r5 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r5, 0x6, 0x13, &(0x7f0000000000)=0x100000001, 0x4)
connect$inet6(r5, &(0x7f0000000200)={0xa, 0x0, 0x0, @loopback}, 0x1c)
setsockopt$inet6_tcp_TLS_TX(r5, 0x11a, 0x1, &(0x7f0000000140)=@gcm_128={{0x303}, "87ee8ac6c46dad33", "2607080d7f4fcf00fd4ef2dece6c7c58"}, 0x28)
setsockopt$CAIFSO_REQ_PARAM(r0, 0x116, 0x80, 0x0, 0x0)
r6 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$INCFS_IOC_PERMIT_FILL(r0, 0x40046721, &(0x7f0000000000)={r0})
sendmsg$nl_route(r6, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=@newlink={0x38, 0x10, 0x403, 0x10010, 0x25dfdbfc, {0x0, 0x0, 0x0, 0x0, 0x700}, [@IFLA_LINKINFO={0x18, 0x12, 0x0, 0x1, @ipip6={{0xb}, {0x8, 0x2, 0x0, 0x1, [@IFLA_IPTUN_COLLECT_METADATA={0x4}]}}}]}, 0x38}}, 0x8000)

8.853760337s ago: executing program 0 (id=1374):
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000200)={&(0x7f0000000000)=ANY=[@ANYBLOB="9feb01001800000000000000240000002400000002000000000000000000000400000003000000000000001301000000000000000000000d020000000000"], 0xffffffffffffffff, 0x3e, 0xb1, 0x2}, 0x1f)
syz_usb_connect(0x3, 0x44, &(0x7f0000000000)={{0x12, 0x1, 0x0, 0x92, 0x91, 0x82, 0x40, 0x6f8, 0x300c, 0x3964, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x32, 0x1, 0x0, 0x0, 0x0, 0x3, [{{0x9, 0x4, 0x49, 0x0, 0x0, 0xe, 0x1, 0x0, 0x0, [@cdc_ncm={{0x8, 0x24, 0x6, 0x0, 0x1, 'icf'}, {0x5, 0x24, 0x0, 0x7}, {0xd, 0x24, 0xf, 0x1, 0x7, 0x1ff, 0x7f, 0xd}, {0x6, 0x24, 0x1a, 0x401, 0x24}}]}}]}}]}}, 0x0) (async)
syz_usb_connect(0x3, 0x44, &(0x7f0000000000)={{0x12, 0x1, 0x0, 0x92, 0x91, 0x82, 0x40, 0x6f8, 0x300c, 0x3964, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x32, 0x1, 0x0, 0x0, 0x0, 0x3, [{{0x9, 0x4, 0x49, 0x0, 0x0, 0xe, 0x1, 0x0, 0x0, [@cdc_ncm={{0x8, 0x24, 0x6, 0x0, 0x1, 'icf'}, {0x5, 0x24, 0x0, 0x7}, {0xd, 0x24, 0xf, 0x1, 0x7, 0x1ff, 0x7f, 0xd}, {0x6, 0x24, 0x1a, 0x401, 0x24}}]}}]}}]}}, 0x0)

8.552007222s ago: executing program 2 (id=1378):
socket$l2tp(0x2, 0x2, 0x73)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x2)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x4000)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000340)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
fsconfig$FSCONFIG_SET_STRING(0xffffffffffffffff, 0x1, &(0x7f0000000580)='gid', 0x0, 0x0)
r3 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$HCIINQUIRY(r3, 0x400448ca, 0x0)
symlinkat(&(0x7f0000001040)='./cgroup\x00', 0xffffffffffffffff, &(0x7f00000003c0)='./file0\x00')
memfd_create(0x0, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20008b}, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000580)=0x2)
syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
r4 = syz_init_net_socket$llc(0x1a, 0x1, 0x0)
setsockopt$sock_int(r4, 0x1, 0x3e, &(0x7f00000000c0)=0x7, 0x4)
sendmmsg$inet(r4, &(0x7f0000000c40)=[{{&(0x7f0000000040)={0x2, 0x0, @multicast2}, 0x23, 0x0}}], 0x3284b164842c97f7, 0x8014)
ioctl$KDSETLED(0xffffffffffffffff, 0x4b32, 0x1)
modify_ldt$write2(0x11, &(0x7f0000000400)={0x2, 0x20001000, 0xffffffffffffffff, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1}, 0x10)
r5 = syz_open_dev$ndb(&(0x7f0000000000), 0x0, 0x0)
ioctl$NBD_DISCONNECT(r5, 0xab08)
r6 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1f, 0xb, &(0x7f00000002c0)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000000850000007300000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x1d, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000240)={r6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x50)
bind$bt_hci(r3, &(0x7f0000000040)={0x1f, 0x0, 0x1}, 0x6)
syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)

7.171469196s ago: executing program 2 (id=1382):
r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x4, 0x7fff0000}]})
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000044c0)={&(0x7f0000000200)=ANY=[@ANYBLOB="4c000000020681010000000000000000000000000500050002000000050001000700000005000400030000000900020073797a310000000011000300686173683a6e65742c6e6574"], 0x4c}, 0x1, 0x0, 0x0, 0x4040000}, 0x800)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_ADD(r2, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000580)=ANY=[@ANYBLOB="50000000090601020000000000000000030000000900020073797a31000000000500010007000000280007800c000180080001407f00011c0c00148008000140ac1414bb0c00028008000140"], 0x50}, 0x1, 0x0, 0x0, 0xd24f4d5778621d46}, 0x4)
r3 = syz_open_dev$loop(&(0x7f00000002c0), 0x1, 0xa0182)
ioctl$LOOP_SET_CAPACITY(r3, 0x4c07)
close_range(r0, 0xffffffffffffffff, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0)
r4 = openat$smackfs_ipv6host(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0)
r5 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0)
ioctl$KVM_IOEVENTFD(r6, 0x4040ae79, &(0x7f0000000280)={0x8, 0xd000, 0x0, 0xffffffffffffffff, 0xc8140ee6e279b532})
write$smackfs_ipv6host(r4, &(0x7f00000003c0)=@l2={{0x34a1, 0x3a, 0x4, 0x3a, 0x800, 0x3a, 0x8, 0x3a, 0x7ffffffffffffffe, 0x3a, 0x100, 0x3a, 0x2af3bf97, 0x3a, 0xffffffffffffffef}, 0x2f, 0x1, 0x20, '/dev/nullb0\x00'}, 0x10d)
socket$inet6(0xa, 0x80002, 0x0)
r7 = socket$nl_generic(0x10, 0x3, 0x10)
syz_usb_connect(0x5, 0x24, &(0x7f0000000040)=ANY=[@ANYBLOB="1201000079db8540da0b77010b7d000000010902120001000000000904", @ANYRES32, @ANYRES8=r7], 0x0)

5.889693159s ago: executing program 0 (id=1387):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f00000001c0)=0x8)
syz_init_net_socket$bt_l2cap(0x1f, 0x5, 0x0)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
syz_usb_connect(0x0, 0x4f, 0x0, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x6770c000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x11, 0x6, &(0x7f0000000cc0)=ANY=[@ANYBLOB="050000000000000061110c00000000008510000002000000850000000500000095000000000000009500a5050000000077d8f3b423cdac8d80000000000000002be16ad10a48b243ccc42606d25dfd73a015e0ca7fc2506a0f7535f7866907dc0200000000000000ae669e17fd6587d452d6453559c3421eed73d56615fe6c54c3b3ffe1b4ce25d7c983c044c03bf3a48dfe47ec9dd6c091c30b93bfae76d9ebacd3ed3e26e7a23129d6606fd28a69989d552af6bda9df2c3af36effff9af2551ce896165127cb3f011a7d06602e2fc40848228567ffb400000000003ed38ae89d24e1cebfba2f87925bfacba83109751fe6c05405d027edd68149ee99eef6a6992308a4fc0b7c70bc677d6dd4aed4af7500d7900a820b6347184e9a217b5614cd50cbe43a1ed2526814bc0000e9e086ce48e90defb6670c3df2624f56da648d28ad0a97aec7291c25447c106a99893e10db21901eb397b2f5fd71400fa7a050fbbef9e326ea27e513e96068fd1e8a43e89f9c85c822a961546ed5363c17ff1432d08806bc376e3e49ee52b59d13182e1f24ed200ada10eb1affb87ba55b2d72078e9f40b4ae7d01000000d11cd22c35d32940000088dde499000000fdffffff00000000000f000000ef0000000000000000000000000c52f4ebd2c893bb97a068bd10734a83584898eccb26f7b789cfc4cd995fa3e11a5c74c85404e2df3ad37b729ac83b0dcb4f48f3c3356b9997fc455a17690b6f7f9ccbe4b1701941b18aba6b16455a66c3b84b138efc20a546d3d5227e23b03f2a834391ade2ff3e93ee296c4082ee73e7c353312c9d75711ce1623e9c54bdff59d2a69dcb7d84c235b23a4480c2461b405cfd1a38992f295ad3adc94cd07c850d1ce6d0b2fea02c24e9280333152fb794e4ddea02017a6c139b50101caecaf2abc0847a1ff2f7fc3c2b99a96fc4275ad107274e2934a87a4ddcdb112754ca5bdec0ead14b6c0f19a43a2f05c7f0be31491eb8c9ff68236c8600040000000000000000000066e034c81c3cab64e4fc8dc55ce0ada18dcbf31c6e82893add3bee3e10fc87"], &(0x7f0000000080)='GPL\x00', 0x5, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x6}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r3}, 0x10)
socket$packet(0x11, 0x3, 0x300)
ioctl$TUNSETOFFLOAD(0xffffffffffffffff, 0x400454d0, 0x11)
r4 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r4, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000540)=ANY=[@ANYBLOB="280000002100010000000000000000000a00000000000002000000000c0014"], 0x28}}, 0x0)

5.88002975s ago: executing program 1 (id=1388):
unshare(0x22020600)
openat$vmci(0xffffffffffffff9c, &(0x7f0000000740), 0x2, 0x0)
bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f0000000440)={{0xffffffffffffffff, <r0=>0xffffffffffffffff}, &(0x7f0000000280), &(0x7f0000000400)='%pi6   \x00'}, 0x20)
openat$mixer(0xffffffffffffff9c, &(0x7f0000000500), 0x280040, 0x0)
unshare(0x4000000)
bpf$OBJ_PIN_MAP(0x6, &(0x7f0000000480)=@generic={&(0x7f0000000240)='./file0\x00', r0}, 0x18)
r1 = syz_open_dev$loop(&(0x7f0000000100), 0x2, 0x0)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='cpuacct.usage_user\x00', 0x275a, 0x0)
write$binfmt_misc(r2, &(0x7f0000000040), 0xe09)
setsockopt$ARPT_SO_SET_ADD_COUNTERS(0xffffffffffffffff, 0x0, 0x60, 0x0, 0x0)
socket$nl_sock_diag(0x10, 0x3, 0x4)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
r3 = socket$packet(0x11, 0x2, 0x300)
setsockopt$packet_fanout(r3, 0x107, 0x12, &(0x7f0000000040)={0xfffe, 0x6}, 0x4)
setsockopt$packet_fanout_data(r3, 0x107, 0x16, &(0x7f0000000100)={0x3, &(0x7f0000000180)=[{0x28, 0x0, 0x0, 0xfffff034}, {0x40}, {0x6}]}, 0x10)
syz_emit_ethernet(0x3e, &(0x7f00000007c0)=ANY=[@ANYBLOB="ffffffffffffaaaaaaaaaabb86dd0c00000000080000fc0100000040bee3e99e34284f12a622085567d38a0000b800000000000000ff02"], 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00002a0fb8)={0xf, 0x4, &(0x7f0000000080)=ANY=[@ANYBLOB="8500000019000000630a00ff0002000018100400"/34, @ANYRES32, @ANYBLOB="000000000000000005000000000000009500000000000000"], &(0x7f0000000140)='GPL\x00', 0x2, 0xffa0, &(0x7f0000000180)=""/149, 0x0, 0x8, '\x00', 0x0, @cgroup_device, 0xffffffffffffffff, 0x8, 0x0, 0x1e, 0x10, 0x0, 0x1e}, 0x2d)
ioctl$LOOP_CONFIGURE(r1, 0x4c0a, &(0x7f00000002c0)={r2, 0x0, {0x2a00, 0x80010000, 0x0, 0x2, 0x0, 0x0, 0x12, 0xb, 0x1d, "fee8a2ab78fc979fd1e00d96072000001ea89de2b7fb0000e60080b8785d96000100", "2809e8dbe108598948224ad54afac11d875397bdb22d0000b420a1a93c5240f45f819e01177d3d458dd4992861ac00", "f4bd0007003219002bfd000000000000000000af1e4ccfb7b3cad800000800", [0x0, 0x8]}})
r4 = openat$random(0xffffffffffffff9c, &(0x7f0000000540), 0x349200, 0x0)
epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, r4, &(0x7f0000000580)={0x2})

5.680323517s ago: executing program 1 (id=1391):
setsockopt$ALG_SET_KEY(0xffffffffffffffff, 0x117, 0x1, &(0x7f0000000040)="ee17", 0x2)
r0 = socket$kcm(0xf, 0x0, 0x2)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
getsockopt$sock_buf(r1, 0x1, 0x3d, &(0x7f00000001c0)=""/242, &(0x7f0000000300)=0xf2)
sendmsg$inet(r0, &(0x7f00000000c0), 0x0)

5.679988892s ago: executing program 4 (id=1392):
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000040)='./cgroup.net/syz0\x00', 0x1ff)
r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20000008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpgrp(0x0)
pipe(&(0x7f0000000080)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
r4 = epoll_create1(0x80000)
openat$vcsa(0xffffffffffffff9c, &(0x7f00000000c0), 0x404800, 0x0)
read$FUSE(r2, &(0x7f0000002200)={0x2020}, 0x2020)
r5 = syz_open_dev$video4linux(&(0x7f0000000000), 0x5, 0x0)
ioctl$VIDIOC_TRY_EXT_CTRLS(r5, 0xc0205649, &(0x7f00000000c0)={0xf000000, 0x9, 0x1ff, 0xffffffffffffffff, 0x0, &(0x7f0000000040)={0xd48dad, 0x9, '\x00', @value=0xfffffff7}})
epoll_ctl$EPOLL_CTL_ADD(r4, 0x1, r2, &(0x7f0000000000))
write$binfmt_script(r3, &(0x7f0000020240), 0x10010)
sched_setscheduler(r1, 0x1, &(0x7f0000000240)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, <r6=>0xffffffffffffffff})
sendmmsg$unix(r6, &(0x7f0000000000), 0x651, 0x0)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x10000}, 0x28)
r7 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000080)='cmdline\x00')
read$nci(r7, 0x0, 0x0)
r8 = syz_open_dev$evdev(&(0x7f0000000100), 0x0, 0x862b01)
r9 = syz_open_dev$evdev(&(0x7f0000000280), 0x0, 0x0)
read$hiddev(r9, &(0x7f0000002300)=""/102, 0x66)
write$char_usb(r8, &(0x7f0000000040)="e2", 0x2250)
r10 = openat$cgroup_devices(r0, &(0x7f0000000380)='devices.allow\x00', 0x2, 0x0)
fremovexattr(r0, &(0x7f0000000000)=@known='trusted.syz\x00')
write$cgroup_devices(r10, &(0x7f0000000140)=ANY=[], 0xa)

5.16715119s ago: executing program 1 (id=1393):
setresuid(0x0, 0xee00, 0x0)
capset(&(0x7f0000000500)={0x20080522}, &(0x7f0000000200)={0x200002, 0x200003, 0x801, 0x4, 0x7})
r0 = creat(&(0x7f0000001200)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0xa)
r1 = fanotify_init(0xf00, 0x0)
fanotify_mark(r1, 0x105, 0x40009975, r0, 0x0)
r2 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x7fff7ffc}]})
close_range(r2, 0xffffffffffffffff, 0x0)
r3 = socket$inet6_tcp(0xa, 0x1, 0x0)
r4 = syz_open_dev$loop(&(0x7f00000005c0), 0xffff, 0x109041)
r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.events.local\x00', 0x275a, 0x0)
write$binfmt_script(r5, &(0x7f0000000040), 0x208e24b)
ioctl$LOOP_CONFIGURE(r4, 0x4c0a, &(0x7f00000002c0)={r5, 0x1000, {0x2a00, 0x80010000, 0x0, 0x52, 0x0, 0x0, 0x0, 0x0, 0x1c, "fee8a2ab78fc179fd1f8a0e91ddaaca7bd64c6a4b4e00d9683dda1af1ea89de2b7fb0a0100000000000000000300", "2809e8dbe108598948224ad54afac11d09000000000000008dd4992861ac1000", "90be6c09306003d8006000", [0x0, 0x2]}})
r6 = socket$nl_generic(0x10, 0x3, 0x10)
r7 = syz_genetlink_get_family_id$batadv(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r6, 0x8933, &(0x7f0000000140)={'batadv0\x00', <r8=>0x0})
sendmsg$BATADV_CMD_GET_NEIGHBORS(r6, &(0x7f0000004340)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000600)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYRES16=r7, @ANYBLOB="31032fbd7000fddbdf250800000008000300", @ANYRES32=r8, @ANYBLOB="05002d000100000008000600", @ANYRES32=r6], 0x2c}, 0x1, 0x0, 0x0, 0x8814}, 0x20000084)
ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000080)={'wg1\x00', <r9=>0x0})
sendmsg$BATADV_CMD_SET_HARDIF(r5, &(0x7f00000002c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x20000}, 0xc, &(0x7f0000000200)={&(0x7f0000000180)={0x5c, r7, 0x400, 0x70bd26, 0x25dfdbfd, {}, [@BATADV_ATTR_NETWORK_CODING_ENABLED={0x5, 0x38, 0x1}, @BATADV_ATTR_ORIG_INTERVAL={0x8, 0x39, 0x5}, @BATADV_ATTR_FRAGMENTATION_ENABLED={0x5}, @BATADV_ATTR_MULTICAST_FORCEFLOOD_ENABLED={0x5}, @BATADV_ATTR_BRIDGE_LOOP_AVOIDANCE_ENABLED={0x5, 0x2e, 0x1}, @BATADV_ATTR_NETWORK_CODING_ENABLED={0x5, 0x38, 0x1}, @BATADV_ATTR_NETWORK_CODING_ENABLED={0x5, 0x38, 0x1}, @BATADV_ATTR_NETWORK_CODING_ENABLED={0x5}, @BATADV_ATTR_MESH_IFINDEX={0x8, 0x3, r9}]}, 0x5c}}, 0x4001)
connect$bt_l2cap(r5, &(0x7f0000000400)={0x1f, 0x1, @any, 0x1}, 0xe)
r10 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0xf, 0x3, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000001000000000000000000080974b4fbfb35c70000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_device, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r11 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(&(0x7f00000000c0), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r11, 0x8933, &(0x7f0000000100)={'wlan0\x00'})
openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0)
r12 = openat$fb0(0xffffffffffffff9c, &(0x7f0000000080), 0x80042, 0x0)
pwritev(r12, &(0x7f00000000c0), 0x300, 0x300000, 0x0)
sendmsg$NL80211_CMD_SET_TX_BITRATE_MASK(r11, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000640)=ANY=[@ANYBLOB='@\x00\x00\x00', @ANYRES64=r10, @ANYBLOB="010000000000000000003900000008000300", @ANYRES32=r7, @ANYBLOB="24005a80200001801400030000000600060002000100070001000500050004000100000054efe034b44ccab9f0b828387db03e4fface2cb7c7cbeab8858bb8d4fd6c942a08ef96c3dddc98cd6f501b1a50e3a6570462ea53459d37e4f96b14512e2f5aa55c0d65dc055740e6423d9cce76c74de9262ae38c66f7f3d47077776f9f391c6ae11f4b7190962eac8909fe716b61fb9cd3ac8d7068cb480a48ab4f0700946c14f9373ca524498a2db7b9421c1bb6a83657367e15ff221b8b2a25011f64cce8a56f477ea93eb4aba6a78d8ed7d098f4ee2d09abe39c22e0124a9dfa972525fd0d8f8c9926e5f049cfbd1b532ae83e73098cc2f9fe4fe5393df4f1dd6ad2ce3ccf735608f565b83b90a951eade82fc89"], 0x40}}, 0x0)
setsockopt$inet6_tcp_int(r3, 0x6, 0x2000000000000020, &(0x7f0000000040)=0xa, 0x1959cc36)

4.519268393s ago: executing program 3 (id=1396):
bpf$MAP_CREATE(0x0, 0x0, 0x48)
openat(0xffffffffffffff9c, &(0x7f00000002c0)='./bus\x00', 0x289c2, 0x1)
bpf$MAP_CREATE(0x0, 0x0, 0x48)
syz_io_uring_submit(0x0, 0x0, &(0x7f00000003c0)=@IORING_OP_READV=@pass_iovec={0x1, 0x20, 0x0, @fd_index=0x5, 0x0, 0x0})
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$MSR(&(0x7f0000000040), 0x0, 0x0)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
unshare(0x22020600)
mq_getsetattr(0xffffffffffffffff, 0x0, &(0x7f0000000180))
r1 = openat$sndseq(0xffffffffffffff9c, &(0x7f00000018c0), 0xe0c81)
ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r1, 0xc08c5332, &(0x7f00000000c0)={0x0, 0x4, 0x0, 'queue0\x00'})
write$sndseq(r1, &(0x7f0000000000)=[{0x84, 0x77, 0x0, 0x0, @tick, {}, {}, @raw32={[0xfffffffd]}}], 0xffc8)

4.470436135s ago: executing program 3 (id=1397):
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x41, 0x0)
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f0000000200)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-serpent-avx2\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, 0x0, 0x0)
r1 = accept(r0, 0x0, 0x0)
sendmmsg$alg(r1, &(0x7f0000000740)=[{0x0, 0x0, &(0x7f00000002c0)=[{&(0x7f00000001c0)="564004c6852da7a299e4c397614090d1a6e12edf1767f157", 0x33a77c20f21f5ff8}], 0x1, &(0x7f0000000480)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x0)
recvmsg(r1, &(0x7f000000b680)={0x0, 0x0, &(0x7f000000b600)}, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000002300)=ANY=[@ANYBLOB="2c00000010000304000000000000000000080000", @ANYRES32, @ANYBLOB="15020000000000000a000100aaaaaaaaaa1c"], 0x2c}, 0x1, 0xba01, 0x0, 0x20000000}, 0x0)

4.42219939s ago: executing program 4 (id=1398):
r0 = socket$caif_seqpacket(0x25, 0x5, 0x3)
connect$inet6(0xffffffffffffffff, &(0x7f0000000140)={0xa, 0x0, 0x0, @remote, 0x5}, 0x1c)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r1}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x102}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0xd7816000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000180)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs={0x0, 0x0, 0xfffffffe}, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
openat$sndtimer(0xffffffffffffff9c, 0x0, 0x40)
epoll_create(0x7)
r5 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r5, 0x6, 0x13, &(0x7f0000000000)=0x100000001, 0x4)
connect$inet6(r5, &(0x7f0000000200)={0xa, 0x0, 0x0, @loopback}, 0x1c)
setsockopt$inet6_tcp_TLS_TX(r5, 0x11a, 0x1, &(0x7f0000000140)=@gcm_128={{0x303}, "87ee8ac6c46dad33", "2607080d7f4fcf00fd4ef2dece6c7c58"}, 0x28)
setsockopt$CAIFSO_REQ_PARAM(r0, 0x116, 0x80, 0x0, 0x0)
r6 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$INCFS_IOC_PERMIT_FILL(r0, 0x40046721, &(0x7f0000000000)={r0})
sendmsg$nl_route(r6, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=@newlink={0x38, 0x10, 0x403, 0x10010, 0x25dfdbfc, {0x0, 0x0, 0x0, 0x0, 0x700}, [@IFLA_LINKINFO={0x18, 0x12, 0x0, 0x1, @ipip6={{0xb}, {0x8, 0x2, 0x0, 0x1, [@IFLA_IPTUN_COLLECT_METADATA={0x4}]}}}]}, 0x38}}, 0x8000)

4.267807377s ago: executing program 2 (id=1399):
prlimit64(0x0, 0xe, 0x0, 0x0)
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0)
r1 = socket(0x10, 0x803, 0x0)
sendmsg$NL80211_CMD_STOP_AP(r1, &(0x7f0000002cc0)={0x0, 0x0, &(0x7f00000028c0)={0x0, 0x28}}, 0x0)
getsockname$packet(r1, &(0x7f0000000080)={0x11, 0x0, <r2=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
r3 = socket$nl_route(0x10, 0x3, 0x0)
r4 = socket$inet6_udplite(0xa, 0x2, 0x88)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r4, 0x8933, &(0x7f0000000040)={'batadv0\x00', <r5=>0x0})
sendmsg$nl_route(r3, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000540)=@newlink={0x48, 0x10, 0x401, 0x0, 0x101, {0x0, 0x0, 0x0, 0x0, 0x9}, [@IFLA_LINKINFO={0x20, 0x12, 0x0, 0x1, @ip6gretap={{0xe}, {0xc, 0x2, 0x0, 0x1, [@IFLA_GRE_LINK={0x8, 0x1, r2}]}}}, @IFLA_MASTER={0x8, 0xa, r5}]}, 0x48}}, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r6 = socket(0x10, 0x803, 0x0)
ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r7=>0x0})
sendmsg$nl_route_sched(r6, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000400)=@newqdisc={0x44, 0x24, 0x4ee4e6a52ff56541, 0x70bd28, 0xffffffff, {0x0, 0x0, 0x0, r7, {0x0, 0xd}, {0xffff, 0xffff}, {0xc}}, [@qdisc_kind_options=@q_codel={{0xa}, {0x14, 0x2, [@TCA_CODEL_LIMIT={0x8, 0x2, 0xfe}, @TCA_CODEL_ECN={0x8, 0x4, 0x1}]}}]}, 0x44}, 0x1, 0x0, 0x0, 0x40000}, 0x4000000)

3.411338464s ago: executing program 3 (id=1400):
r0 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000040), 0x149002, 0x0) (async)
mount$fuse(0x0, 0x0, 0x0, 0x0, 0x0) (async)
r1 = syz_io_uring_setup(0x88f, &(0x7f0000000140)={0x0, 0x8c36, 0x3c00, 0x2, 0xbfdffffa}, &(0x7f0000000000)=<r2=>0x0, &(0x7f00000001c0)=<r3=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) (async)
syz_io_uring_submit(r2, r3, &(0x7f00000002c0)=@IORING_OP_POLL_ADD={0x6, 0x0, 0x0, @fd_index=0x3}) (async)
io_uring_enter(r1, 0x47f6, 0x0, 0x0, 0x0, 0x0) (async)
newfstatat(0xffffffffffffff9c, 0x0, 0x0, 0x6000) (async)
write$P9_RSTATu(r0, &(0x7f00000004c0)={0x293, 0x7d, 0x0, {{0x500, 0xf0, 0x0, 0x5000000, {}, 0x0, 0x0, 0x0, 0x0, 0x1f, '\x04nodev{cvfox\x92\xff\xff\xff\x81\x02\x00\x00\x00\x00\x001\xff\xce\xbc\x92\x00\x00\x00', 0x38, 'pJ\x86\xce\xc6\x02\x00}\xfag>\xff\xeb\t\xb55\x1f[\xde\x05\xf7\x00\x00\x00\x00\x18{\x82\x00\xb5\x00\x00;Y_\xcb\x14\x03CT\xb9\xfd\x9e\xf1\x96\xa5\x1c\xd5\x15z\xdc\x81\x06\xb4\x94\xe1', 0x12, '\xcf\xc2\x00\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xf3\x13\xf6\x00', 0x55, '\xf8\xf6i\xfbqm\xcf1^\xca\xf3\x85@\x9a\xc6[\x94\bg\x8c,;\x9e\x1dR\xc3l\xde{\xa4\xa4\x00\xb4\xb0\xb4\xf1t\xa6f\xa8R\x9aE\x1b4\a\xdb\xda\xb2\x88K\xaf\x05\x00\x00\x00\x00\x00\x00\x00G\xec!\xca\xbf\xf2\x0f\x9c\x1c\xbe6\xf4\xfd\x1aL\xc2\x80\xe8\xd4\x89\xdad\x9a7\x00'}, 0x12c, 'odev-n\xb1{#\x00\xf9\xda\xa5\xee#&n\xcf\x85\xfe\xa6^B\xd9y\xa3\xfd\xe5\xf4u\xda\xf0;\x11r\xd9{\xad\xc7\tZ\xfdv\xfeO\x04A\xf7\xf7t\x1e\xac\x03\x00\x00\xec\xff\x00\x00\xdb\xa0\xc2\xf7\xf0\x9f\xf5<~M\x1a\xd6n-\a\x01\x98\x01\x9f0\x11\x84G\xaa\x9at\xf5\x16\x85\xf5\x06\xae\x89H\x06\x87\x82g\xd5\xa1)\x8dy,J7\xf2\xe1\xcb\xbd$\x82\x92\x9a\r\x89r\xb5\xcfs.\xa5\xb0\xd7#\x85\x9d\xba?\x93\xae\xd3\xb4.\xe7\xca\xc0}\xe0\x9d\x1dh\xa6\x033\xa8\x82F}+1\xaa\xcd\xf9\x18\x85I\xb1\x12]lL\x9b\x18\xc2\xfbV\xc5}}\xc6&\xe49\a\x96\xa1\xebH\'Fi\xab\x13\xf8\xb1\x1d\x14`Y\xf3\x10\xe2cMY?\xece\xd5)\xf3\x82\x06fd\xdf$NL\x90W\np\x04\x9f9\x9f\x06\x1fu\xb7y|\xe1\xfe\x11\xea\x91\x96\t\xd5\x1aA\xdd=\xe3\x04\xbd|~\xd0\xa4V\xf0\xae\x12Qa\x05\xc9\xce\x88}\xf5\xa6\xe0\xb6\xa7}Yl\xf8\x8b\xa6\xe5\xc69|}P!\xd7\x98\x95(\xfd\x179\xe1\xc2\xd8\x7f\xff\x00'/300}}, 0x232) (async)
r4 = socket$inet_udp(0x2, 0x2, 0x0) (async)
syz_io_uring_setup(0x5a5d, &(0x7f0000000200)={0x0, 0x5685, 0x20, 0x3, 0x273, 0x0, r1}, &(0x7f0000000280), &(0x7f0000000300))
setsockopt$inet6_IPV6_FLOWLABEL_MGR(0xffffffffffffffff, 0x29, 0x20, &(0x7f0000000000)={@mcast2={0xff, 0x5}, 0x40000200, 0x0, 0x1, 0x3, 0x4}, 0x2e) (async)
ioctl$sock_inet_SIOCGIFBRDADDR(0xffffffffffffffff, 0x8919, &(0x7f0000000000)={'batadv0\x00', {0x2, 0x0, @broadcast}}) (async)
fsetxattr$smack_xattr_label(r4, &(0x7f0000006880)='security.SMACK64IPOUT\x00', &(0x7f0000000040)=ANY=[@ANYBLOB="000000000000000864ce086dc3ec154607b33616fff757c6283c7fff4da6510551cbc3121db5c3d063540cf93a3fffb5844e8e0ae91e0f5a63971dce0da16747ca85d66abfa4803cabd75b8edf4cea4a44ac59df51e716bd60a326e2879f63c0344df2cc48725a14a98d960c92d25386bfc9267a3c24b68c548d0327ee8a7c27393229f0fd01be99cb3f0bbb528298d29def17e5a06b5a39b795b5c8d97d28348e0b00000019b1b11681da6a7f7c8f1f1100377ebfde71d965e0410e80823c10967e56b6cd3625603964a2d1e7ca31a60eaf31d07bc7aa6d2e73518b92a41da69047235107e6e75fddc840d9cd985dd278468585afd99f665147f38846c731a11644f696f17f4835ef62c67ee21be8629a871dbc0fb9237b36e26e34dc61898914903128aa2bfdc91caac5e4fc0537199004636c44023d28b2efdfd7ce9d2af3fee9e32f18766d4f1f6878d055bd76d920afc34049ac00490ef39ae7c9c80e2ca880ebf02e96f9a0fa77594c30"], 0x8, 0x3)

3.396165002s ago: executing program 4 (id=1401):
r0 = syz_open_dev$loop(&(0x7f0000000100), 0x2, 0x0)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='cpuacct.usage_user\x00', 0x275a, 0x0)
write$binfmt_misc(r1, &(0x7f0000000040), 0xe09)
ioctl$LOOP_CONFIGURE(r0, 0x4c0a, &(0x7f00000002c0)={r1, 0x0, {0x2a00, 0x80010000, 0x0, 0x2, 0x0, 0x0, 0x12, 0xb, 0x1d, "fee8a2ab78fc979fd1e00d96072000001ea89de2b7fb0000e60080b8785d96000100", "2809e8dbe108598948224ad54afac11d875397bdb22d0000b420a1a93c5240f45f819e01177d3d458dd4992861ac00", "f4bd0007003219002bfd000000000000000000af1e4ccfb7b3cad800000800", [0x0, 0x8]}})
r2 = openat$random(0xffffffffffffff9c, &(0x7f0000000540), 0x349200, 0x0)
epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r2, &(0x7f0000000580)={0x2})

3.334235604s ago: executing program 1 (id=1402):
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000180)={0x8, 0x100}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
creat(&(0x7f00000000c0)='./file0\x00', 0x198)
write$P9_RVERSION(0xffffffffffffffff, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065fffff530000008003950323030302e75"], 0x15)
pipe2$9p(&(0x7f0000000000)={0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
socket$nl_xfrm(0x10, 0x3, 0x6)
write$P9_RVERSION(r1, &(0x7f0000000300)=ANY=[], 0x15)
r2 = dup(r1)
semtimedop(0x0, &(0x7f0000000180)=[{0x0, 0xfff}], 0x1, 0x0)
semtimedop(0x0, &(0x7f0000000040)=[{}, {0x1}], 0x2, 0x0)
semop(0x0, &(0x7f0000000000), 0x0)
semctl$IPC_RMID(0x0, 0x0, 0x0)
write$P9_RLERRORu(r2, &(0x7f0000000540)=ANY=[@ANYBLOB="8b"], 0x53)
write$RDMA_USER_CM_CMD_SET_OPTION(r2, &(0x7f0000000100)={0xe, 0x18, 0xfa00, @id_afonly={0x0}}, 0x20)
write$binfmt_elf64(r2, &(0x7f0000000340)=ANY=[@ANYBLOB="7f454c4600073f034b0b00000000000003003e00ffffffe93501"], 0x7c8)
mount$9p_fd(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040), 0x100000, &(0x7f0000000400)=ANY=[@ANYBLOB="646e6f3d0000000001222c00100000976f63f076f6b3d1c343065af8cda90c2409da2dc89167ea14d77f8487fc0755dd0295768183", @ANYBLOB="61f875a39c42fa22a03618c3b11d5dc655b60e58553dd0ab6ec244a7a04d4ca02b63d13e2111ec13fe1d1de33ef90d2176e37b1df41e1065622b0a50627a34a7f57b7595272849eecd3b9f9c35caa8236f6e09e83ed480d799af69ce1d447a0af2e094b740ac1fde7c7f5332e2", @ANYBLOB=',wfdno=', @ANYRESOCT=0x0])
mbind(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x2, &(0x7f0000000080)=0x9, 0x8, 0x0)
mbind(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x2, 0x0, 0x0, 0x1)
mbind(&(0x7f0000673000/0x1000)=nil, 0x1000, 0x3, 0x0, 0x3, 0x0)
mbind(&(0x7f0000001000/0x800000)=nil, 0x800000, 0x0, 0x0, 0x0, 0x0)
lchown(&(0x7f0000000300)='./file0\x00', 0x0, 0x0)
syz_io_uring_setup(0x40003cec, &(0x7f0000000380)={0x0, 0xadc9, 0x200, 0x3, 0x284}, 0x0, 0x0)
r3 = socket$kcm(0x10, 0x2, 0x0)
ioctl$sock_SIOCGIFVLAN_ADD_VLAN_CMD(r3, 0x80108907, 0x0)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000740)=ANY=[@ANYBLOB="24b800191000090000001d00011800018011006580ac0000"], 0x2c}}, 0x48800)

3.235503776s ago: executing program 2 (id=1403):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x11, 0x3, &(0x7f0000000180)=@framed, &(0x7f00000000c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0xd}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000080)='contention_end\x00', r0}, 0x10)
r1 = socket(0x10, 0x3, 0x0)
openat$sysctl(0xffffffffffffff9c, &(0x7f0000000340)='/proc/sys/net/ipv4/tcp_mtu_probing\x00', 0x1, 0x0)
socket$inet_tcp(0x2, 0x1, 0x0)
prlimit64(0x0, 0xe, &(0x7f00000007c0)={0x8, 0x88}, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
r2 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x2)
writev(r2, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
socket$xdp(0x2c, 0x3, 0x0)
socket$packet(0x11, 0x3, 0x300)
r3 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r3, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000180)=@newlink={0x44, 0x10, 0x439, 0x0, 0x0, {0x0, 0x0, 0xe403, 0x0, 0x3}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @ip6gretap={{0xe}, {0x8, 0x2, 0x0, 0x1, [@IFLA_GRE_FLAGS={0x0, 0xd, 0x10001}, @IFLA_GRE_TTL={0x0, 0x8, 0x12}]}}}, @IFLA_NUM_TX_QUEUES={0x8, 0x1f, 0x4}]}, 0x44}}, 0x4000000)
openat$vnet(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0)
setsockopt$ALG_SET_KEY(0xffffffffffffffff, 0x117, 0x1, 0x0, 0x0)
pselect6(0x40, &(0x7f00000001c0)={0x0, 0x0, 0xfffffffffffffff8, 0x7ff, 0x0, 0x0, 0x0, 0x8}, 0x0, &(0x7f00000002c0)={0x3fc, 0x0, 0x0, 0x9, 0x0, 0x0, 0x7fffffff, 0x2}, 0x0, 0x0)
sendmsg$nl_generic(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000100)=ANY=[@ANYBLOB="280000001e00010a030000000000009b2d"], 0x28}}, 0x0)

3.235166174s ago: executing program 4 (id=1404):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x5}}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x401, 0x0, 0x0, {0x1, 0x0, 0x8003}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWCHAIN={0x2c, 0x3, 0xa, 0x101, 0x0, 0x0, {0x1}, [@NFTA_CHAIN_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_CHAIN_NAME={0x9, 0x3, 'syz2\x00'}]}, @NFT_MSG_NEWRULE={0x9c, 0x6, 0xa, 0x401, 0x0, 0x0, {0x1}, [@NFTA_RULE_CHAIN_ID={0x8}, @NFTA_RULE_EXPRESSIONS={0x74, 0x4, 0x0, 0x1, [{0x34, 0x1, 0x0, 0x1, @exthdr={{0xb}, @val={0x24, 0x2, 0x0, 0x1, [@NFTA_EXTHDR_DREG={0x8, 0x1, 0x1, 0x0, 0xc}, @NFTA_EXTHDR_OFFSET={0x8}, @NFTA_EXTHDR_LEN={0x8, 0x4, 0x1, 0x0, 0x22}, @NFTA_EXTHDR_TYPE={0x5, 0x2, 0x7}]}}}, {0x3c, 0x1, 0x0, 0x1, @bitwise={{0xc}, @val={0x2c, 0x2, 0x0, 0x1, [@NFTA_BITWISE_LEN={0x8, 0x3, 0x1, 0x0, 0x2}, @NFTA_BITWISE_SREG={0x8, 0x1, 0x1, 0x0, 0x14}, @NFTA_BITWISE_DREG={0x8, 0x2, 0x1, 0x0, 0x12}, @NFTA_BITWISE_XOR={0x4}, @NFTA_BITWISE_MASK={0xc, 0x4, 0x0, 0x1, [@NFTA_DATA_VALUE={0x6, 0x1, "8a95"}]}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x7}}}, 0x110}}, 0x0)
mount(0x0, &(0x7f0000000240)='./file1\x00', &(0x7f0000000000)='tmpfs\x00', 0x0, 0x0)
getpid()
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000380)={0x11, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="1801000000000000000000000000ea04850000"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000040)='sched_switch\x00', r1}, 0x10)
sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x9)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0)
r2 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r2, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
r3 = socket$inet6(0xa, 0x1, 0x8010000000000084)
bind$inet6(r3, &(0x7f00000000c0)={0xa, 0x4e21, 0x0, @empty}, 0x1c)
connect$inet6(r3, &(0x7f0000000000)={0xa, 0x4e21, 0x0, @ipv4={'\x00', '\xff\xff', @dev={0xac, 0x14, 0x14, 0x14}}}, 0x1c)
r4 = openat$vim2m(0xffffffffffffff9c, 0x0, 0x2, 0x0)
mbind(&(0x7f00005b4000/0x4000)=nil, 0x100000000004000, 0x0, 0x0, 0x0, 0x2)
ioctl$vim2m_VIDIOC_REQBUFS(r4, 0xc0145608, 0x0)
mmap(&(0x7f0000fed000/0x12000)=nil, 0x12000, 0x2, 0x11, 0xffffffffffffffff, 0x0)
connect$inet(0xffffffffffffffff, 0x0, 0x0)
openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000000), 0x80082, 0x0)
r5 = socket$nl_crypto(0x10, 0x3, 0x15)
sendmsg$nl_crypto(r5, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000004c0)=ANY=[@ANYBLOB="e0000000130001"], 0xe0}}, 0x0)
socket$l2tp(0x2, 0x2, 0x73)

2.329031364s ago: executing program 0 (id=1405):
r0 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
write$binfmt_format(r0, &(0x7f0000000080)='0\x00', 0x2)
r1 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, 0x0)
syz_usb_connect(0x1, 0x3c, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x4, 0x80000001}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f0000000680)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$F2FS_IOC_GET_COMPRESS_OPTION(r0, 0x8002f515, &(0x7f00000000c0))
ioctl$TCSETS(r2, 0x40045431, &(0x7f0000000dc0)={0x0, 0x4, 0x21000002, 0x7, 0x12, "d4e9002b2c000000ff00"})
r3 = syz_open_pts(r2, 0x0)
r4 = dup(r3)
ioctl$TIOCSETD(r4, 0x5423, 0x0)
dup3(r2, r4, 0x0)
r5 = dup3(r3, r4, 0x0)
ioctl$TIOCSTI(r5, 0x5412, &(0x7f0000000000)=0x11)
r6 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r6, &(0x7f0000019680)=""/102392, 0x18ff8)
r7 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r7, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000200)=ANY=[@ANYBLOB="280000001000010800"/20, @ANYRES32=0x0, @ANYBLOB="000000009002010008001b000100"], 0x28}, 0x1, 0x0, 0x0, 0x1}, 0x4008040)

2.30064083s ago: executing program 3 (id=1406):
r0 = syz_open_dev$tty1(0xc, 0x4, 0x1)
ioctl$TIOCSTI(r0, 0x5412, &(0x7f0000000240)=0x6)

2.159444893s ago: executing program 2 (id=1407):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = creat(&(0x7f0000000040)='./file0\x00', 0x82)
ioctl$DRM_IOCTL_GET_CLIENT(r1, 0xc0286405, &(0x7f0000000100)={0x7fffffff, 0x4, {}, {<r2=>0xee01}, 0x8, 0x1d9})
sendmsg$nl_generic(r0, &(0x7f00000000c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f0000000080)={&(0x7f0000000900)={0x48c, 0x14, 0x400, 0x70bd25, 0x25dfdbfb, {0xa}, [@nested={0x2e4, 0xe3, 0x0, 0x1, [@typed={0x14, 0x106, 0x0, 0x0, @ipv6=@remote}, @nested={0x281, 0x45, 0x0, 0x1, [@nested={0x4, 0xc1}, @generic="ec2ece2b21cc9ac54cb4ca3c6b57bac9fd71f57797c63e67551c5661df4b1703d0f4038d158f4f61fddf525c4bba07c72954b9ffd0c7ab86e77dece625b4f33ae5a75cfd6ed8165ca5df176c27dd70496be8bd4ba7ed6e3cfc1ec8f270c5f9bfae50084eeec163867e32196487bbe7327f0a68f521b8ffc56b33157d62d028cd0260b8e7dc2721235cda7521a90f02cfb8dc0febb84eec86e7fb99295d4cfe69b36e1c516dbe0dd7a362ae52ff9fb408217f074f9f2aa7a99e3b5680b5b69e71fed3281ab9ddb2dd3d638359594f959b4c1a4c15", @generic="54bfc6657fac52ce6e4dc8ea7f2c34046a8fcb1daed96337299b29cc811824df5f1a953e8abfb82943f33d3270be4e4349ac19feef3fad5831945c8ca04a5aa6f2f131afcd842dc5c31e788a3422337364166a576753e56d049e2c39641010ef0dbf9f0d4cbfca8f8dcefdc21a73b7c842bb28d58aebe10b3a187a286354560d89fec50c0c3a3facaa74af7aec2f98d51ca89efd034ccba7d84259d494a0a1dafe5fd498398b4122f07be456ac73fc0c8fccc302a0158b3606fcee969396406af62c778ab8682d8fad1fadb98e7746398da7a23e78b03c5d5888c03551e1e7d9f858b5b3368ed064b7c1c084dbf3ba737075865b65b5", @typed={0x8, 0xcd, 0x0, 0x0, @uid=r2}, @typed={0x8, 0x9, 0x0, 0x0, @ipv4=@remote}, @nested={0x4, 0x138}, @nested={0x4, 0x10a}, @generic="5443f49bcfef9c7723fadbfc0fccabc2aab9987e24f7b1d4c84698829680cb51e86e3ae2431cc15106145be7c4f20f0733b409e8b6f768e7a6492fef1b593ec9027764f508aa1c692711b36d002a39feffdc4f64cf77cc46e7ea23f003d8ddb130e4f393094b4534e327741f83f30db9aa275509c51bae59eb056cad9d0fd544e3b196d977fb95ddf9607ce58336ac7095ae3ea9fb0ba9"]}, @nested={0x46, 0x2c, 0x0, 0x1, [@typed={0x4, 0x113}, @generic="deee6c5aeee97efef600b6178ba5175fc6363171832c3542bcc8dba3d846404ac64c39a4198cfcb370b792f0e3ef64af60ea0b9590d9", @typed={0x8, 0x12b, 0x0, 0x0, @ipv4=@initdev={0xac, 0x1e, 0x0, 0x0}}]}]}, @nested={0x122, 0x28, 0x0, 0x1, [@typed={0x8, 0x8d, 0x0, 0x0, @fd=r1}, @generic="6f9b84832eaa92ece58f562a5c107fc92c1138fd67f8620a0e51779a28c5ec3c6c56c96fe1ae117ea7372ee673e09df6e940278cd30d634798533533ab61ba06af561be45baa226a4995", @typed={0x4, 0x136}, @typed={0xaa, 0x116, 0x0, 0x0, @binary="3214b949afcd41b4b6347f068d64a7b32924ead8e34666adb6ff9aa0a8603300ec5c7c043b29f56b2b1ac3af4b823a633263abbf52332e326fdf5686a5c659c4862962caddd989bea758ac9e112581c45d90b372d602990006ff5c9f1f4a7b17aced940480f977573b217aafffecb4fc03d59fef30a233cdd934bf705ed11f39da572ce4fa0348c26d09547a193eaa9bac25ae143a10f20621ec9a5b446082fb5fbd5da22df9"}, @nested={0x4, 0xe7}, @typed={0x14, 0xd4, 0x0, 0x0, @ipv6=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}}, @nested={0x4, 0xc3}]}, @generic="e1de83ab838c52b2199bd855651f26ba660949644c437ddb54900757cf8a972965dd2feb36daae6342d4091aaf4347837fab50f5dd7e8c8eeba021bb42df86de105a1e0dc73590791bea811151873cd0c503b89f05d4a41b49c8", @typed={0x13, 0x5b, 0x0, 0x0, @str='/dev/cpu/#/msr\x00'}]}, 0x48c}, 0x1, 0x0, 0x0, 0x84}, 0x40800)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x4, 0x8b}, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0xfffffdca, &(0x7f0000000200)=0x400000bce)
r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8)
syz_open_dev$sndmidi(&(0x7f0000000300), 0x7, 0x111200)
fsconfig$FSCONFIG_SET_FD(0xffffffffffffffff, 0x5, 0x0, 0x0, 0xffffffffffffffff)
r4 = shmget$private(0x0, 0x3000, 0x2, &(0x7f0000ffb000/0x3000)=nil)
shmat(r4, &(0x7f0000ffc000/0x4000)=nil, 0x5000)
openat$comedi(0xffffff9c, &(0x7f0000000040)='/dev/comedi1\x00', 0x2180, 0x0)
r5 = syz_io_uring_setup(0x4169, &(0x7f0000000200)={0x0, 0x0, 0x10100}, &(0x7f0000000480), &(0x7f0000000040)=<r6=>0x0)
syz_io_uring_setup(0xa94, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r5}, &(0x7f0000000340)=<r7=>0x0, &(0x7f00000005c0)) (fail_nth: 4)
syz_io_uring_submit(r7, r6, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x3, 0x0, 0x0, 0xfffffffffffffe54})
io_uring_enter(r5, 0x48e9, 0x0, 0x0, 0x0, 0x0)
socket$nl_sock_diag(0x10, 0x3, 0x4)
r8 = openat$random(0xffffff9c, &(0x7f00000001c0), 0x80, 0x0)
r9 = syz_io_uring_setup(0x239, &(0x7f0000000080)={0x0, 0x4000, 0x10100}, &(0x7f0000000000)=<r10=>0x0, &(0x7f00000001c0)=<r11=>0x0)
syz_io_uring_submit(r10, r11, &(0x7f0000000380)=@IORING_OP_POLL_ADD={0x6, 0x0, 0x0, @fd=r8, 0x0, 0x0, 0x0, {0x183}})
io_uring_enter(r9, 0x2def, 0x0, 0x0, 0x0, 0x0)
r12 = syz_init_net_socket$netrom(0x6, 0x5, 0x0)
getsockopt$sock_buf(r12, 0x1, 0x1c, 0x0, &(0x7f0000000140))
fsmount(0xffffffffffffffff, 0x0, 0x2)
r13 = openat$uhid(0xffffffffffffff9c, &(0x7f0000000400), 0x802, 0x0)
write$UHID_CREATE2(r13, &(0x7f00000007c0)=ANY=[@ANYBLOB="0b00000073797a31000000dfff000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000073797a30000037b35f0a000089b4c45a10000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000073797a3100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001"], 0x119)

1.256638136s ago: executing program 1 (id=1408):
socket$nl_generic(0x10, 0x3, 0x10)
openat$null(0xffffffffffffff9c, &(0x7f00000001c0), 0x100, 0x0)
fsopen(&(0x7f0000000140)='ocfs2_dlmfs\x00', 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080))
socket$inet_udp(0x2, 0x2, 0x0)
socket$key(0xf, 0x3, 0x2)
timerfd_create(0x0, 0x0)
openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000040)='/sys/kernel/debug/binder/state\x00', 0x0, 0x0)
socket$inet6_udplite(0xa, 0x2, 0x88)
socket$inet6(0xa, 0x200000000003, 0x87)
socket$tipc(0x1e, 0x2, 0x0)
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000680)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000500)=ANY=[@ANYBLOB="380000001800010000000000000002000a000000000000000000000008000400", @ANYRES32=r1, @ANYBLOB="06001500070000000c00168008000100", @ANYRES64=r0], 0x38}}, 0x10)

1.222078431s ago: executing program 4 (id=1409):
socket$inet_smc(0x2b, 0x1, 0x0)
sendmmsg$inet(0xffffffffffffffff, &(0x7f00000089c0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x20004804)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000100)=0x5)
fsmount(0xffffffffffffffff, 0x1, 0x8c)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000480)='/sys/power/pm_debug_messages', 0x141a82, 0x0)
write$cgroup_int(r0, &(0x7f0000000000)=0x91e, 0x12)
r1 = syz_open_dev$MSR(&(0x7f00000007c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$devlink(&(0x7f0000002b40), 0xffffffffffffffff)
mount$9p_rdma(0x0, 0x0, 0x0, 0x3b8c039, 0x0)
r2 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
preadv(r2, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0x18ff2}], 0x1, 0x0, 0x0)
bind$l2tp6(0xffffffffffffffff, 0x0, 0x0)
capset(&(0x7f0000000100)={0x20071026}, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x81, 0xfffffffb})
openat$fuse(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x15, 0x4, &(0x7f0000000640)=ANY=[@ANYBLOB="b4000000000000007910300000000000730a00ff000000009500740000000000c4b285bc2e09cc2a5266b4550845eceb4f589b"], &(0x7f0000003ff6)='GPL\x00', 0x2, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sk_reuseport}, 0x48)
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)

631.015927ms ago: executing program 3 (id=1410):
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000001c0)=ANY=[@ANYBLOB="2400000068000901000000000000000002004700000000000800100047"], 0x24}}, 0x0)

100.849968ms ago: executing program 2 (id=1411):
r0 = getpid()
openat$sequencer2(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0)
socket(0x40000000015, 0x5, 0x0)
ioctl$DRM_IOCTL_MODE_GETRESOURCES(0xffffffffffffffff, 0xc04064a0, &(0x7f0000000340)={&(0x7f0000000180), 0x0, 0x0, 0x0})
r1 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
ioctl$DRM_IOCTL_SET_CLIENT_CAP(r1, 0x4010640d, &(0x7f0000000000)={0x3, 0x2})
ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(r1, 0xc01064b5, &(0x7f0000000140)={&(0x7f0000000100)=[<r2=>0x0], 0x1})
ioctl$DRM_IOCTL_MODE_GETPLANE(r1, 0xc02064b6, &(0x7f00000001c0)={r2, <r3=>0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
ioctl$DRM_IOCTL_MODE_GET_LEASE(r1, 0xc01064c8, &(0x7f0000000280)={0x1, 0x0, &(0x7f0000000200)=[0x0]})
ioctl$DRM_IOCTL_MODE_OBJ_GETPROPERTIES(r1, 0xc02064b9, &(0x7f00000002c0)={&(0x7f0000000240)=[0x0, 0x0, <r4=>0x0], &(0x7f0000000040), 0x3, r3})
ioctl$DRM_IOCTL_MODE_ATOMIC(r1, 0xc03864bc, &(0x7f0000000380)={0x200, 0x1, &(0x7f0000000440)=[r3], &(0x7f0000000200), &(0x7f0000000300)=[r4], &(0x7f0000000340)})
ppoll(&(0x7f00000000c0)=[{}, {}], 0x20000000000000dc, 0x0, 0x0, 0x0)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
r5 = syz_clone(0x84048200, &(0x7f00000003c0)="0129b805e6981f0bcbd2", 0xa, &(0x7f0000000080), &(0x7f00000000c0), &(0x7f0000000240)="1b700d3273f826c286ae46c28a850cfdb9c2e4b5fa84f80f42772a6a0048f113f24692880cb52bfaa8fe1db8a0fa21bbc4a119a083b9e8521a2044bebe4ba77a5ba6992757927fbb2bd4ff89b40e49b5628f5418682ab0e87d69dbdbfaae12096fa4888cdf9b732561ad537c91198f1d1ec04e49dd9c370e1335426635be9204c598c270182bdfa7d2499baf68bf6818a1d3046e3843a45dd67b6c9d082184e40b634bb3db6289e9bdd0d3092bad8bece9ddc01195b296803cfb5359e82a142f8752b8f38d1b488241221646666378ea")
r6 = syz_open_procfs$namespace(r5, &(0x7f0000000140)='ns/ipc\x00')
mknodat$loop(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x4, 0x0)
r7 = openat(0xffffffffffffff9c, &(0x7f000000c380)='./file0\x00', 0x20842, 0x0)
io_setup(0x2e, &(0x7f0000000100)=<r8=>0x0)
io_submit(r8, 0x1, &(0x7f00000001c0)=[&(0x7f0000000180)={0x0, 0x0, 0x0, 0x1, 0x0, r7, &(0x7f0000000140)='^', 0x1}])
clock_settime(0x0, &(0x7f0000003c80)={0x77359400})
fremovexattr(r6, &(0x7f0000000040)=@random={'os2.', 'se;\x16\xfccurity\xaea\xb8\x0ear\xb5'})

90.047243ms ago: executing program 0 (id=1412):
r0 = syz_open_dev$vim2m(&(0x7f00000002c0), 0x2000000f5, 0x2)
memfd_create(&(0x7f0000000000)='prodM\xb0\xea\a\x06\xbe\xaen/\xce4\xb7\xc1\xef\xba!\x9d\rSt\xa24\t\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x1dz\xd05\xe2e,\xb1\x84\xea\x91^%A\xe5\x9e\x13TdT\xc6^p\xb0#R\x04\x06\xae\xebA;Y\xeb\x8f\xec\xb4\xf9\x17\xb7\x04\xc2\xc0\xc6\xb4\v\xff\xfc\x88\x90\xabC\x02\x00\xf04\x03\x88\xae9\'>R^P{Vr!\xe2W\xc72\xea\xb7Wp\xc36\x96\xffZ\\A@\x00\x00\x00\xc9\xf3Y\xb8\x89#\xa1\xb1)Dk\xeb\xa1\t\x00{u[\xbd\x9d\xf4\xbf\\\xce\x02P\xf2MY\x05^\xffj\x9c\x14\xb7\xb6v\x1d*1>\x00 \x00\x00\x00\x00\x14C?]\x8c\xb4Y\xcf\x80\x85\xd6\x036\xc8~\xa8\f\x00\x00\xb5M\x9a\x9dc\xaaAU\xec\xe06\xed\xe4\xfb\xdf\a\xd0lg\x13\xf9\x8b:s>\xd7s\xef\xb3\x9f#\x15)\xf9\xe10\xc7\xb262<k\xa8\x88\x01\x00fhD\xe7\xb6\x17\x80\x95\xa8\x1e\t\xb01KB\xcb\x00\x1e\x7fE\x7f\x02\x00\x00\x00y<nGR\x94\x99\xb8\x89\x9b\x8f\xd5\xe6\x02\xb5C\xad\"u\xf4>\x00\x00\x00\x00\x00\x00\x00\x00Nz\x0eu\x8f\x01\x00\x00\x00\x00\x00\x00\xdd\xff\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\xc3\xa7/\x0f\x9b`\xa5\x98\x81a\xeev\x00\x00\x00\x00\a\x10\x00m2\xf2\xd8,\x17\xf8\x8e\xae\xc8\xad\xed<\"\x8e\n\x9d\xb13\x8d\xef\x96\xd2I\"8=tg\xdfU\xd0q\x95/f\xec\xdc\xa3\xe1[\xc0\xaa\xefz\xc9\xf4[\x00\x00\x00Q\xff}5\x94\x88\xa1\xdc\xa1g\xe0q\xc5:\xe4\xdf\x80\xb3,\xb9\xb2\xdc\x81\x9f6\x0f\x84WY\xbfSY`\xb8\a\x19\xb1\x058\xa4\xc3\xbb\xf8aB:\x84\x02?\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xf3o-GU\xb0\x00F\xb3o(aI[\xd6\x9fG\xaeI\x83\x93\x8cC\xc0#\xe0q\xd0Ex|\xdb\xa8\x16\xfe>:\t0\xfd\x8a\xc7\x84\xb5\xc7M-0A\xf0\x94\xf3\xcc\x8d\xbb3\\\"\x882\xb3\xa84\xac\x00\xdd}Ft\xc6\xcc\f}1X#\xe4\xe1\x94i\xce\xa1\xff\x95\x80\xb4T\x9c\x01\xf3\x1cLB\x94m(m\f\xbc\xebY\xa0\xf7\xf0\x9d\x10\xbd\x86\x1by\xe6\xdf\xc0\xc5\xb9\xb9\xbf\xdf~9\nC\xe9\xc5\x0e\xda\x9c(\x9b\"\xc7\x97\xfc\b\xd9\xc2T\xa7*}]\xc8\xb3 .\x9b\x89\x0f\xf8$\xdd>lU\x13EG\xbb1] \xda\x19\xc5\x9b\x15\x95\xc4\xfcw\xbb\x92\x91\xc4\xa6\x907XK\xfc\x17]\xfa\xff\'\xef\x92\x1c\xb8\x1fK\xb2o \xd1\xbd\xb2\x11+\xa3R\xefQ\xc2\xbdW\x05\xec\xb3=@\x03\xc6^\xa2\x15%\xb0\'D#\xb6Q\x8f\x82?S>\x0fP\x9cE\x92{d\xe6\x9cj1\x87\xb3\x01\xde\xe8\x89\xc4s\xb7\x14~}\xaa\x8c\xc3\x95BAE\xf2.\x8f#;a\x94\"\xd1U\xff\xe8v\xd3\x84d\xf4\x134\xa6XI\xe5h\xaa\x15\x9a\xf7Z\xe3%\x88p\x90\xbb\x9dt\xa3\xe1\r\x8d\x94\"\x19\x8b\x17)\xea\xd5\x17\xeb\xe4\x1b\x0fBZ1\xbe\xee\xfa\x1c\xf9\xa6\x11\x94\x06\\P:\xaf\xcex\xc2\x82\x9a\x16\xfc\xa1\xf9q\x12\xe3\x1a\xdc\xb7\x12\xbba\b\xbb\xed\xb2\xd1W\xe2\x8b\x8d8}\x10W\xbd\xa60A\xc3\x03\xfa\x890\x86#\bQ\xcb)\x00]\x9e\x14\xd2\xea\x82\xa8\xb7ZG\x15r\xf1\t\x00\x00\x00 \xc1\xaf\x19?\x00\\\x91\x13\x1b8\xe1\xc3\xa4\v\x94\xbfJ\xb5\xde\x95\x82\x00]B|\xe2[%\xe3\xf0\x04\xba\xed\xdb\xf5\x7f\x9d\xfe>\xf6m$M&\x7fq]\xe4\xf6\x82\xc3\x00\xb1zg}\x99E\xa4\x19\xe9\x1a4a\xd75D-k\x84\xa6\x12+\xebk\xa1\xfek\x89\xef\x18\xc1)6\xa65\xe2D\xbe\xe1\xdfq\xdd68\xf37g\xab9m\xe7\xddO\v?\xe0\xbe}\xa9U\xc7{\xd3\x16W\xbb\xe5\xd2\x93\xfe\xa4\x9d\r$\xe91c8`\x86\xbc)\xe29\xc3}\xb9P\xd5F\xc6\x12\x8c_x\xa8\xfa\xb5K\x03\x85\x93k\xe1\x8e\x1f)\".\xcc\'\v\xa6\x1bj\\\n\xe98yA\xd8T\x85\x80A\xcbo\x99\x99\xeb)r\x1a\xce\x18(\x185LL\xbcOeO\'\xe2\x86&\xe4\xe2\xe7~\x92\xa2\xb2\x1b\xc3\x00\x85\xce\xad7\x87\xa0\xfcc\xf5\xf8\xaf\v,q\xd4\x18\xbdM\x1a\xde\xba*L\x05m6\xecH\xd0T\xb8m\xdb\b\xa6\x02\xfb\x13\xac\x91\x8a\x8d\x94\x93\x8d=\xb1\x84\x9c\x9b\xe5\xc7\xa6\xc9Q\xc1eUc\xcc\x180^\x00\x00\x00\x00\x00\x00\x00\x00\xe7]6+\\\x00\x00\x00\x00?#C.\x1dj\xd9\xc3\xdd&\x80g:N\xec\x06[\x8f\x92\xe2\xb01\xb0\xef\x10,\xde\xf3\x86D\x8b\xf7\xf1>AH\xef\\\xf9\x8b\a\xe0\xb2\xcb\xf0\x97\b\r\xd5`\xb9\xd6\xa4\x1e\xbe\x12-}\xc5\x84\xde@\x18\x87\f\x01O\xedS\x8f\x9en,\xbce\xb2\xe4\x82v\x1c\xed\x84-s\xab\x06b\x9c\xba\xec\xa5\xc9A\x84\xd0\xe0 S\xc8\xa2\xaf\x85\v\xad\xa5\x88\xcf\xb6}`\x14\'\xea\xbfN\xac)\xa1\xe8\xb2\x9f\x112TJ\x16\x8c9\xe9\xf5\x18\x15Dd\x8a%>\x91\x93\x88\xe9\x18\x82]\x9e&\xfa\xaa\xfa8Z2\x00'/1301, 0x3)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f0000000000)=ANY=[@ANYBLOB="180100000000001000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$MAP_CREATE(0x0, &(0x7f0000000540)=ANY=[@ANYRESOCT=r1], 0x50)
pwrite64(0xffffffffffffffff, &(0x7f0000000000)='L', 0x1, 0x7ffffffe)
r2 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bind$bt_hci(r2, &(0x7f0000000040)={0x1f, 0xffff, 0x3}, 0x6)
madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xe)
mlock(&(0x7f0000000000/0x800000)=nil, 0x800000)
mprotect(&(0x7f000004f000/0x800000)=nil, 0x800000, 0x0)
r3 = userfaultfd(0x801)
r4 = syz_open_dev$media(&(0x7f00000001c0), 0x0, 0x0)
readv(r4, &(0x7f0000000440)=[{&(0x7f0000000140)=""/65, 0x41}], 0x1)
ioctl$UFFDIO_API(r3, 0xc018aa3f, &(0x7f00000000c0))
ioctl$UFFDIO_REGISTER(r3, 0xc020aa00, &(0x7f0000000000)={{&(0x7f0000400000/0xc00000)=nil, 0xc00000}, 0x3})
ioctl$UFFDIO_WRITEPROTECT(r3, 0xc018aa06, &(0x7f0000000140)={{&(0x7f0000400000/0xc00000)=nil, 0xc00000}, 0x1})
r5 = socket$unix(0x1, 0x2, 0x0)
capset(&(0x7f0000000040)={0x19980330}, &(0x7f0000000140)={0x0, 0x3, 0x0, 0x81, 0xf7fffff9})
ioctl$sock_SIOCETHTOOL(r5, 0x89f0, &(0x7f0000000080)={'bridge0\x00', &(0x7f0000000000)=@ethtool_ringparam={0x9, 0x0, 0x6}})
write$binfmt_misc(r2, &(0x7f0000000000), 0xd)
ioctl$vim2m_VIDIOC_S_CTRL(r0, 0xc008561c, &(0x7f0000000000)={0xd0f002, 0x101})
r6 = openat$vimc2(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
r7 = syz_open_dev$vim2m(&(0x7f00000002c0), 0x2000000f5, 0x2)
ioctl$vim2m_VIDIOC_S_CTRL(r7, 0xc008561c, &(0x7f0000000300)={0xf0f002, 0x1})
ioctl$VIDIOC_S_SELECTION(r6, 0xc040565f, &(0x7f0000000080)={0xb, 0x100, 0x2, {0x5, 0x5e79, 0x7fff, 0xfffffffc}})

23.298614ms ago: executing program 1 (id=1413):
socket$packet(0x11, 0x3, 0x300)
r0 = syz_open_dev$vim2m(&(0x7f0000000680), 0x8, 0x2)
r1 = syz_open_dev$dri(&(0x7f00000004c0), 0x8000000000000000, 0x149001)
ioctl$DRM_IOCTL_PRIME_HANDLE_TO_FD(r1, 0xc00c642d, &(0x7f0000000500))
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7)
prlimit64(r2, 0x0, &(0x7f0000000080)={0x1, 0x7}, &(0x7f0000000100))
ioctl$vim2m_VIDIOC_REQBUFS(r0, 0xc0145608, &(0x7f00000000c0)={0x1, 0x2, 0x1})
ioctl$vim2m_VIDIOC_QBUF(r0, 0xc058560f, &(0x7f00000002c0)=@multiplanar_mmap={0x0, 0x2, 0x0, 0x0, 0x0, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, "fafc00"}, 0x0, 0x1, {0x0}})
ioctl$vim2m_VIDIOC_STREAMOFF(r0, 0x40045612, &(0x7f0000000280)=0x2)
close(0x3)
r3 = syz_io_uring_setup(0x22f, &(0x7f00000001c0)={0x0, 0x5325, 0x10000, 0x0, 0x259}, &(0x7f0000000000), &(0x7f0000000040))
close_range(r3, 0xffffffffffffffff, 0x0)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000240)={&(0x7f0000000340)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x0, 0x0, 0xa}, {0x0, [0x61, 0x30, 0x61, 0x2e, 0x0, 0x0, 0x2e, 0x5f]}}, &(0x7f0000000140)=""/77, 0x22, 0x4d, 0x5, 0x1}, 0x28)

4.186125ms ago: executing program 4 (id=1414):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000040)={0x0, 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000f80)={{0x14, 0x10, 0x1, 0x0, 0x2000000}, [@NFT_MSG_NEWSET={0x3c, 0x12, 0xa, 0x101, 0x0, 0xffffffff, {0x2}, [@NFTA_SET_NAME={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_KEY_TYPE={0x8}, @NFTA_SET_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_SET_FLAGS={0x8, 0x3, 0x1, 0x0, 0x2}]}], {0x14}}, 0x64}}, 0x0)

0s ago: executing program 3 (id=1415):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f00000001c0)=0x8)
syz_init_net_socket$bt_l2cap(0x1f, 0x5, 0x0)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
syz_usb_connect(0x0, 0x4f, 0x0, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x6770c000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x11, 0x6, &(0x7f0000000cc0)=ANY=[@ANYBLOB="050000000000000061110c00000000008510000002000000850000000500000095000000000000009500a5050000000077d8f3b423cdac8d80000000000000002be16ad10a48b243ccc42606d25dfd73a015e0ca7fc2506a0f7535f7866907dc0200000000000000ae669e17fd6587d452d6453559c3421eed73d56615fe6c54c3b3ffe1b4ce25d7c983c044c03bf3a48dfe47ec9dd6c091c30b93bfae76d9ebacd3ed3e26e7a23129d6606fd28a69989d552af6bda9df2c3af36effff9af2551ce896165127cb3f011a7d06602e2fc40848228567ffb400000000003ed38ae89d24e1cebfba2f87925bfacba83109751fe6c05405d027edd68149ee99eef6a6992308a4fc0b7c70bc677d6dd4aed4af7500d7900a820b6347184e9a217b5614cd50cbe43a1ed2526814bc0000e9e086ce48e90defb6670c3df2624f56da648d28ad0a97aec7291c25447c106a99893e10db21901eb397b2f5fd71400fa7a050fbbef9e326ea27e513e96068fd1e8a43e89f9c85c822a961546ed5363c17ff1432d08806bc376e3e49ee52b59d13182e1f24ed200ada10eb1affb87ba55b2d72078e9f40b4ae7d01000000d11cd22c35d32940000088dde499000000fdffffff00000000000f000000ef0000000000000000000000000c52f4ebd2c893bb97a068bd10734a83584898eccb26f7b789cfc4cd995fa3e11a5c74c85404e2df3ad37b729ac83b0dcb4f48f3c3356b9997fc455a17690b6f7f9ccbe4b1701941b18aba6b16455a66c3b84b138efc20a546d3d5227e23b03f2a834391ade2ff3e93ee296c4082ee73e7c353312c9d75711ce1623e9c54bdff59d2a69dcb7d84c235b23a4480c2461b405cfd1a38992f295ad3adc94cd07c850d1ce6d0b2fea02c24e9280333152fb794e4ddea02017a6c139b50101caecaf2abc0847a1ff2f7fc3c2b99a96fc4275ad107274e2934a87a4ddcdb112754ca5bdec0ead14b6c0f19a43a2f05c7f0be31491eb8c9ff68236c8600040000000000000000000066e034c81c3cab64e4fc8dc55ce0ada18dcbf31c6e82893add3bee3e10fc87"], &(0x7f0000000080)='GPL\x00', 0x5, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x6}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r3}, 0x10)
socket$packet(0x11, 0x3, 0x300)
ioctl$TUNSETOFFLOAD(0xffffffffffffffff, 0x400454d0, 0x11)
r4 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r4, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000540)=ANY=[@ANYBLOB="280000002100010000000000000000000a00000000000002000000000c0014"], 0x28}}, 0x0)

kernel console output (not intermixed with test programs):

link+0x16d6/0x1c70
[  312.352477][ T8092]  ? netlink_sendmsg+0x805/0xb30
[  312.352515][ T8092]  ? __pfx_rtnl_newlink+0x10/0x10
[  312.352562][ T8092]  ? kasan_quarantine_put+0xdd/0x220
[  312.352587][ T8092]  ? lockdep_hardirqs_on+0x9c/0x150
[  312.352623][ T8092]  ? nlmon_xmit+0xb0/0x100
[  312.352641][ T8092]  ? kmem_cache_free+0x18f/0x400
[  312.352677][ T8092]  ? __local_bh_enable_ip+0x12d/0x1c0
[  312.352698][ T8092]  ? lockdep_hardirqs_on+0x9c/0x150
[  312.352728][ T8092]  ? __local_bh_enable_ip+0x12d/0x1c0
[  312.352749][ T8092]  ? __pfx___local_bh_enable_ip+0x10/0x10
[  312.352775][ T8092]  ? __dev_queue_xmit+0x27e/0x3a70
[  312.352802][ T8092]  ? __dev_queue_xmit+0x27e/0x3a70
[  312.352827][ T8092]  ? __dev_queue_xmit+0x27e/0x3a70
[  312.352856][ T8092]  ? __dev_queue_xmit+0x1cd7/0x3a70
[  312.352889][ T8092]  ? __lock_acquire+0xab9/0xd20
[  312.352946][ T8092]  ? __pfx_rtnl_newlink+0x10/0x10
[  312.352966][ T8092]  rtnetlink_rcv_msg+0x7cf/0xb70
[  312.352989][ T8092]  ? rtnetlink_rcv_msg+0x1ab/0xb70
[  312.353007][ T8092]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  312.353024][ T8092]  ? ref_tracker_free+0x63a/0x7d0
[  312.353050][ T8092]  ? __copy_skb_header+0xa7/0x550
[  312.353077][ T8092]  ? __pfx_ref_tracker_free+0x10/0x10
[  312.353103][ T8092]  ? __skb_clone+0x63/0x7a0
[  312.353135][ T8092]  netlink_rcv_skb+0x208/0x470
[  312.353158][ T8092]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  312.353186][ T8092]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  312.353222][ T8092]  ? netlink_deliver_tap+0x2e/0x1b0
[  312.353243][ T8092]  ? netlink_deliver_tap+0x2e/0x1b0
[  312.353270][ T8092]  netlink_unicast+0x75b/0x8d0
[  312.353302][ T8092]  netlink_sendmsg+0x805/0xb30
[  312.353333][ T8092]  ? __pfx_netlink_sendmsg+0x10/0x10
[  312.353365][ T8092]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  312.353391][ T8092]  ? __pfx_netlink_sendmsg+0x10/0x10
[  312.353414][ T8092]  __sock_sendmsg+0x21c/0x270
[  312.353446][ T8092]  ____sys_sendmsg+0x505/0x830
[  312.353476][ T8092]  ? __pfx_____sys_sendmsg+0x10/0x10
[  312.353510][ T8092]  ? import_iovec+0x74/0xa0
[  312.353535][ T8092]  ___sys_sendmsg+0x21f/0x2a0
[  312.353561][ T8092]  ? __pfx____sys_sendmsg+0x10/0x10
[  312.353623][ T8092]  ? __fget_files+0x2a/0x420
[  312.353640][ T8092]  ? __fget_files+0x3a0/0x420
[  312.353668][ T8092]  __x64_sys_sendmsg+0x19b/0x260
[  312.353694][ T8092]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  312.353727][ T8092]  ? __pfx_ksys_write+0x10/0x10
[  312.353749][ T8092]  ? rcu_is_watching+0x15/0xb0
[  312.353774][ T8092]  ? do_syscall_64+0xbe/0x3b0
[  312.353796][ T8092]  do_syscall_64+0xfa/0x3b0
[  312.353812][ T8092]  ? lockdep_hardirqs_on+0x9c/0x150
[  312.353838][ T8092]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  312.353876][ T8092]  ? clear_bhb_loop+0x60/0xb0
[  312.353900][ T8092]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  312.353920][ T8092] RIP: 0033:0x7f178238e929
[  312.353937][ T8092] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  312.353954][ T8092] RSP: 002b:00007f178323a038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  312.353976][ T8092] RAX: ffffffffffffffda RBX: 00007f17825b6160 RCX: 00007f178238e929
[  312.353991][ T8092] RDX: 0000000000000000 RSI: 0000200000000000 RDI: 0000000000000005
[  312.354004][ T8092] RBP: 00007f178323a090 R08: 0000000000000000 R09: 0000000000000000
[  312.354016][ T8092] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  312.354028][ T8092] R13: 0000000000000000 R14: 00007f17825b6160 R15: 00007ffd27509308
[  312.354061][ T8092]  </TASK>
[  312.832234][    C1] vkms_vblank_simulate: vblank timer overrun
[  313.023429][ T5894] hub 4-1:0.0: 1 port detected
[  313.140453][ T8075] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[  313.148064][ T8075] Bluetooth: hci0: Opcode 0x0406 failed: -4
[  313.160726][ T8075] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[  313.169462][ T8075] Bluetooth: hci1: Opcode 0x0406 failed: -4
[  313.184863][ T8075] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[  313.236246][ T8075] Bluetooth: hci2: Opcode 0x0406 failed: -4
[  313.265102][ T8075] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[  313.281228][ T8075] Bluetooth: hci3: Opcode 0x0406 failed: -4
[  313.295200][ T8075] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[  313.301536][ T8075] Bluetooth: hci4: Opcode 0x0406 failed: -4
[  313.312901][ T8100] xt_physdev: --physdev-out and --physdev-is-out only supported in the FORWARD and POSTROUTING chains with bridged traffic
[  313.702128][ T8108] netlink: 96 bytes leftover after parsing attributes in process `syz.4.605'.
[  313.803791][ T5847] Bluetooth: hci0: command 0x0406 tx timeout
[  313.851436][ T5894] usb 4-1: USB disconnect, device number 22
[  313.861439][ T3616] hub 4-1:0.0: hub_ext_port_status failed (err = -71)
[  315.153862][ T5894] usb 2-1: new high-speed USB device number 20 using dummy_hcd
[  315.243798][ T5847] Bluetooth: hci2: command 0x0406 tx timeout
[  315.243813][ T5155] Bluetooth: hci1: command 0x0406 tx timeout
[  315.324889][ T5847] Bluetooth: hci4: command 0x0406 tx timeout
[  315.326408][ T5155] Bluetooth: hci3: command 0x0406 tx timeout
[  315.455087][ T5894] usb 2-1: Using ep0 maxpacket: 32
[  315.563276][ T5894] usb 2-1: config 0 has an invalid interface number: 184 but max is 0
[  315.647865][ T5894] usb 2-1: config 0 has no interface number 0
[  315.675075][ T5894] usb 2-1: config 0 interface 184 has no altsetting 0
[  315.720656][ T5894] usb 2-1: New USB device found, idVendor=0424, idProduct=7500, bcdDevice=69.ee
[  315.734197][ T5894] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  315.752768][ T5894] usb 2-1: Product: syz
[  315.763228][ T5894] usb 2-1: Manufacturer: syz
[  315.778119][ T5894] usb 2-1: SerialNumber: syz
[  315.884565][ T5155] Bluetooth: hci0: command 0x0406 tx timeout
[  315.884642][ T5894] usb 2-1: config 0 descriptor??
[  316.257413][ T5894] smsc75xx v1.0.0
[  316.287228][ T5894] smsc75xx 2-1:0.184 (unnamed net_device) (uninitialized): usbnet_get_endpoints failed: -22
[  316.477807][ T5894] smsc75xx 2-1:0.184: probe with driver smsc75xx failed with error -22
[  316.834436][ T8135] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  316.894617][ T8135] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  317.209707][ T5914] usb 2-1: USB disconnect, device number 20
[  317.362871][ T5155] Bluetooth: hci2: command 0x0406 tx timeout
[  317.369296][ T5155] Bluetooth: hci1: command 0x0406 tx timeout
[  317.376905][ T1299] ieee802154 phy1 wpan1: encryption failed: -22
[  317.429566][ T5847] Bluetooth: hci3: command 0x0406 tx timeout
[  317.436036][ T5155] Bluetooth: hci4: command 0x0406 tx timeout
[  318.757531][ T5914] usb 1-1: new high-speed USB device number 17 using dummy_hcd
[  319.103740][ T5914] usb 1-1: Using ep0 maxpacket: 32
[  319.173463][ T5914] usb 1-1: config 0 interface 0 has no altsetting 0
[  319.218288][ T5914] usb 1-1: New USB device found, idVendor=16d0, idProduct=10b8, bcdDevice=de.8e
[  319.234803][ T5914] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  319.303499][ T5914] usb 1-1: Product: syz
[  319.314846][ T5914] usb 1-1: Manufacturer: syz
[  319.334111][ T5914] usb 1-1: SerialNumber: syz
[  319.378565][ T5914] usb 1-1: config 0 descriptor??
[  319.441355][ T8168] mmap: syz.1.619 (8168): VmData 37564416 exceed data ulimit 65536. Update limits or use boot option ignore_rlimit_data.
[  319.505721][ T5914] usb 1-1: can't set config #0, error -71
[  319.534440][ T5914] usb 1-1: USB disconnect, device number 17
[  319.703694][    T9] usb 5-1: new high-speed USB device number 13 using dummy_hcd
[  319.884025][    T9] usb 5-1: Using ep0 maxpacket: 32
[  319.902586][    T9] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 147, changing to 11
[  319.946919][ T8181] Bluetooth: MGMT ver 1.23
[  320.026148][    T9] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 42046, setting to 1024
[  320.135478][    T9] usb 5-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40
[  320.195032][    T9] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  320.422874][    T9] usb 5-1: config 0 descriptor??
[  320.434447][ T8170] raw-gadget.1 gadget.4: fail, usb_ep_enable returned -22
[  320.444756][    T9] hub 5-1:0.0: USB hub found
[  320.566666][ T3616] usb 1-1: new full-speed USB device number 18 using dummy_hcd
[  320.644358][    T9] hub 5-1:0.0: 1 port detected
[  320.693716][ T5922] usb 2-1: new high-speed USB device number 21 using dummy_hcd
[  320.703915][ T3616] usb 1-1: device descriptor read/64, error -71
[  320.865845][ T5922] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  320.893870][ T5922] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  320.908448][ T5922] usb 2-1: New USB device found, idVendor=1e7d, idProduct=2cf6, bcdDevice= 0.00
[  320.923748][ T5922] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  320.943791][ T3616] usb 1-1: new full-speed USB device number 19 using dummy_hcd
[  320.954434][ T5922] usb 2-1: config 0 descriptor??
[  321.093717][ T3616] usb 1-1: device descriptor read/64, error -71
[  321.205089][ T3616] usb usb1-port1: attempt power cycle
[  321.374456][ T5922] pyra 0003:1E7D:2CF6.0007: hidraw0: USB HID v0.00 Device [HID 1e7d:2cf6] on usb-dummy_hcd.1-1/input0
[  321.470958][    T9] hub 5-1:0.0: hub_ext_port_status failed (err = -71)
[  321.499346][ T8194] bridge: RTM_NEWNEIGH with invalid ether address
[  321.565593][ T3616] usb 1-1: new full-speed USB device number 20 using dummy_hcd
[  321.586683][ T5922] pyra 0003:1E7D:2CF6.0007: couldn't init struct pyra_device
[  321.650223][ T3616] usb 1-1: device descriptor read/8, error -71
[  321.669482][ T5922] pyra 0003:1E7D:2CF6.0007: couldn't install mouse
[  322.148842][ T5922] pyra 0003:1E7D:2CF6.0007: probe with driver pyra failed with error -5
[  322.213973][ T3616] usb 1-1: new full-speed USB device number 21 using dummy_hcd
[  322.244415][ T3616] usb 1-1: device descriptor read/8, error -71
[  322.284765][   T10] usb 5-1: USB disconnect, device number 13
[  322.365877][ T3616] usb usb1-port1: unable to enumerate USB device
[  322.579330][ T8211] kernel profiling enabled (shift: 17)
[  322.600998][ T8211] netlink: 8 bytes leftover after parsing attributes in process `syz.4.633'.
[  322.613418][ T8211] bridge0: port 2(bridge_slave_1) entered disabled state
[  322.621128][ T8211] bridge0: port 1(bridge_slave_0) entered disabled state
[  323.935585][ T5969] usb 2-1: USB disconnect, device number 21
[  324.209748][ T8240] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  324.918928][ T8252] random: crng reseeded on system resumption
[  325.969730][ T8256] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=2142054965 (4284109930 ns) > initial count (2850433972 ns). Using initial count to start timer.
[  326.802215][ T8274] netlink: 32 bytes leftover after parsing attributes in process `syz.2.650'.
[  326.825415][ T8274] netlink: 32 bytes leftover after parsing attributes in process `syz.2.650'.
[  327.004348][ T5969] usb 4-1: new high-speed USB device number 23 using dummy_hcd
[  327.153994][ T5969] usb 4-1: device descriptor read/64, error -71
[  327.502859][ T5969] usb 4-1: new high-speed USB device number 24 using dummy_hcd
[  327.753929][ T5922] usb 5-1: new full-speed USB device number 14 using dummy_hcd
[  327.823804][ T5969] usb 4-1: device descriptor read/64, error -71
[  327.934256][ T5969] usb usb4-port1: attempt power cycle
[  327.980724][ T5922] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10
[  328.013534][ T5922] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  328.098164][ T5922] usb 5-1: New USB device found, idVendor=1e7d, idProduct=2d5a, bcdDevice= 0.00
[  328.108507][ T5922] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  328.121006][ T5922] usb 5-1: config 0 descriptor??
[  328.273743][ T5969] usb 4-1: new high-speed USB device number 25 using dummy_hcd
[  328.304328][ T5969] usb 4-1: device descriptor read/8, error -71
[  328.463761][   T24] usb 3-1: new high-speed USB device number 27 using dummy_hcd
[  328.543734][ T5969] usb 4-1: new high-speed USB device number 26 using dummy_hcd
[  328.564393][ T5969] usb 4-1: device descriptor read/8, error -71
[  328.613741][   T24] usb 3-1: Using ep0 maxpacket: 16
[  328.621298][   T24] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 11
[  328.630532][   T24] usb 3-1: config 1 interface 0 altsetting 3 endpoint 0xB has invalid wMaxPacketSize 0
[  328.640322][   T24] usb 3-1: config 1 interface 0 altsetting 3 bulk endpoint 0xB has invalid maxpacket 0
[  328.650092][   T24] usb 3-1: config 1 interface 0 altsetting 3 endpoint 0x8A has invalid wMaxPacketSize 0
[  328.659913][   T24] usb 3-1: config 1 interface 0 altsetting 3 bulk endpoint 0x8A has invalid maxpacket 0
[  328.669840][   T24] usb 3-1: config 1 interface 0 has no altsetting 0
[  328.676859][   T24] usb 3-1: New USB device found, idVendor=04e6, idProduct=0003, bcdDevice= 1.77
[  328.686877][ T5969] usb usb4-port1: unable to enumerate USB device
[  328.695631][   T24] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  328.711934][   T24] ums-sddr09 3-1:1.0: USB Mass Storage device detected
[  328.737915][ T8279] netlink: 104 bytes leftover after parsing attributes in process `syz.4.652'.
[  328.753022][ T5922] usbhid 5-1:0.0: can't add hid device: -71
[  328.760965][ T5922] usbhid 5-1:0.0: probe with driver usbhid failed with error -71
[  328.772797][ T5922] usb 5-1: USB disconnect, device number 14
[  328.997641][   T24] ums-sddr09 3-1:1.0: probe with driver ums-sddr09 failed with error -22
[  329.022496][   T24] usb 3-1: USB disconnect, device number 27
[  329.548412][ T8310] NILFS (loop1): device size too small
[  331.670922][ T8321] FAULT_INJECTION: forcing a failure.
[  331.670922][ T8321] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  331.684325][ T8321] CPU: 0 UID: 0 PID: 8321 Comm: syz.3.664 Not tainted 6.16.0-rc5-syzkaller #0 PREEMPT(full) 
[  331.684352][ T8321] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  331.684365][ T8321] Call Trace:
[  331.684374][ T8321]  <TASK>
[  331.684384][ T8321]  dump_stack_lvl+0x189/0x250
[  331.684412][ T8321]  ? __pfx____ratelimit+0x10/0x10
[  331.684460][ T8321]  ? __pfx_dump_stack_lvl+0x10/0x10
[  331.684484][ T8321]  ? __pfx__printk+0x10/0x10
[  331.684510][ T8321]  ? __might_fault+0xb0/0x130
[  331.684552][ T8321]  should_fail_ex+0x414/0x560
[  331.684587][ T8321]  _copy_from_user+0x2d/0xb0
[  331.684612][ T8321]  ___sys_sendmsg+0x158/0x2a0
[  331.684642][ T8321]  ? __pfx____sys_sendmsg+0x10/0x10
[  331.684709][ T8321]  ? __fget_files+0x2a/0x420
[  331.684727][ T8321]  ? __fget_files+0x3a0/0x420
[  331.684758][ T8321]  __x64_sys_sendmsg+0x19b/0x260
[  331.684809][ T8321]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  331.684856][ T8321]  ? do_syscall_64+0xbe/0x3b0
[  331.684881][ T8321]  do_syscall_64+0xfa/0x3b0
[  331.684909][ T8321]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  331.684929][ T8321]  ? asm_sysvec_reschedule_ipi+0x1a/0x20
[  331.684949][ T8321]  ? clear_bhb_loop+0x60/0xb0
[  331.684974][ T8321]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  331.684994][ T8321] RIP: 0033:0x7fd75d98e929
[  331.685012][ T8321] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  331.685030][ T8321] RSP: 002b:00007fd75b7b4038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  331.685053][ T8321] RAX: ffffffffffffffda RBX: 00007fd75dbb6160 RCX: 00007fd75d98e929
[  331.685068][ T8321] RDX: 0000000000000000 RSI: 0000200000000100 RDI: 0000000000000003
[  331.685081][ T8321] RBP: 00007fd75b7b4090 R08: 0000000000000000 R09: 0000000000000000
[  331.685094][ T8321] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  331.685106][ T8321] R13: 0000000000000000 R14: 00007fd75dbb6160 R15: 00007ffd9ff6e398
[  331.685138][ T8321]  </TASK>
[  333.669388][ T8340] misc userio: Invalid payload size
[  333.678806][ T8340] misc userio: Invalid payload size
[  333.687675][ T8340] misc userio: The device must be registered before sending interrupts
[  334.768397][ T8330] evm: overlay not supported
[  335.097959][ T8359] FAULT_INJECTION: forcing a failure.
[  335.097959][ T8359] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  335.134489][ T8359] CPU: 0 UID: 0 PID: 8359 Comm: syz.1.678 Not tainted 6.16.0-rc5-syzkaller #0 PREEMPT(full) 
[  335.134519][ T8359] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  335.134532][ T8359] Call Trace:
[  335.134541][ T8359]  <TASK>
[  335.134550][ T8359]  dump_stack_lvl+0x189/0x250
[  335.134578][ T8359]  ? __pfx____ratelimit+0x10/0x10
[  335.134608][ T8359]  ? __pfx_dump_stack_lvl+0x10/0x10
[  335.134631][ T8359]  ? __pfx__printk+0x10/0x10
[  335.134671][ T8359]  should_fail_ex+0x414/0x560
[  335.134705][ T8359]  _copy_to_user+0x31/0xb0
[  335.134731][ T8359]  simple_read_from_buffer+0xe1/0x170
[  335.134767][ T8359]  proc_fail_nth_read+0x1df/0x250
[  335.134791][ T8359]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  335.134823][ T8359]  ? rw_verify_area+0x258/0x650
[  335.134848][ T8359]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  335.134871][ T8359]  vfs_read+0x1fd/0x980
[  335.134904][ T8359]  ? __pfx___mutex_lock+0x10/0x10
[  335.134924][ T8359]  ? __pfx_vfs_read+0x10/0x10
[  335.134952][ T8359]  ? __fget_files+0x2a/0x420
[  335.134976][ T8359]  ? __fget_files+0x3a0/0x420
[  335.134993][ T8359]  ? __fget_files+0x2a/0x420
[  335.135021][ T8359]  ksys_read+0x145/0x250
[  335.135051][ T8359]  ? __pfx_ksys_read+0x10/0x10
[  335.135074][ T8359]  ? rcu_is_watching+0x15/0xb0
[  335.135103][ T8359]  ? do_syscall_64+0xbe/0x3b0
[  335.135126][ T8359]  do_syscall_64+0xfa/0x3b0
[  335.135143][ T8359]  ? lockdep_hardirqs_on+0x9c/0x150
[  335.135171][ T8359]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  335.135190][ T8359]  ? clear_bhb_loop+0x60/0xb0
[  335.135215][ T8359]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  335.135234][ T8359] RIP: 0033:0x7f178238d33c
[  335.135252][ T8359] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[  335.135269][ T8359] RSP: 002b:00007f178327c030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  335.135290][ T8359] RAX: ffffffffffffffda RBX: 00007f17825b5fa0 RCX: 00007f178238d33c
[  335.135305][ T8359] RDX: 000000000000000f RSI: 00007f178327c0a0 RDI: 0000000000000006
[  335.135317][ T8359] RBP: 00007f178327c090 R08: 0000000000000000 R09: 0000000000000000
[  335.135329][ T8359] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  335.135340][ T8359] R13: 0000000000000000 R14: 00007f17825b5fa0 R15: 00007ffd27509308
[  335.135374][ T8359]  </TASK>
[  335.364985][    C0] vkms_vblank_simulate: vblank timer overrun
[  335.744163][ T8378] fuseblk: Bad value for 'fd'
[  336.535502][ T8394] overlay: Unknown parameter 'fsmagic'
[  339.882852][ T8413] IPVS: ip_vs_add_dest(): server weight less than zero
[  340.059327][ T5969] IPVS: starting estimator thread 0...
[  340.934257][ T8417] IPVS: using max 42 ests per chain, 100800 per kthread
[  341.882903][ T8425] misc userio: Invalid payload size
[  341.889922][ T8425] misc userio: The device must be registered before sending interrupts
[  342.736226][ T8442] overlayfs: "xino" feature enabled using 2 upper inode bits.
[  343.518765][   T30] kauditd_printk_skb: 20 callbacks suppressed
[  343.518785][   T30] audit: type=1326 audit(1751916046.607:81): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8447 comm="syz.4.703" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f610218e929 code=0x7ffc0000
[  343.610229][   T30] audit: type=1326 audit(1751916046.607:82): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8447 comm="syz.4.703" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f610218e929 code=0x7ffc0000
[  343.632694][   T30] audit: type=1326 audit(1751916046.607:83): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8447 comm="syz.4.703" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f610218e929 code=0x7ffc0000
[  343.691983][   T30] audit: type=1326 audit(1751916046.607:84): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8447 comm="syz.4.703" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f610218e929 code=0x7ffc0000
[  343.746078][   T30] audit: type=1326 audit(1751916046.607:85): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8447 comm="syz.4.703" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f610218e929 code=0x7ffc0000
[  343.829583][   T30] audit: type=1326 audit(1751916046.607:86): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8447 comm="syz.4.703" exe="/root/syz-executor" sig=0 arch=c000003e syscall=49 compat=0 ip=0x7f610218e929 code=0x7ffc0000
[  343.866863][   T30] audit: type=1326 audit(1751916046.607:87): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8447 comm="syz.4.703" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f610218e929 code=0x7ffc0000
[  343.911069][   T30] audit: type=1326 audit(1751916046.627:88): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8447 comm="syz.4.703" exe="/root/syz-executor" sig=0 arch=c000003e syscall=54 compat=0 ip=0x7f610218e929 code=0x7ffc0000
[  343.958188][   T30] audit: type=1326 audit(1751916046.627:89): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8447 comm="syz.4.703" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f610218e929 code=0x7ffc0000
[  343.980296][   T30] audit: type=1326 audit(1751916046.627:90): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8447 comm="syz.4.703" exe="/root/syz-executor" sig=0 arch=c000003e syscall=54 compat=0 ip=0x7f610218e929 code=0x7ffc0000
[  344.643676][ T5914] usb 2-1: new high-speed USB device number 22 using dummy_hcd
[  344.707403][ T8484] overlayfs: failed to clone upperpath
[  344.935125][ T5914] usb 2-1: Using ep0 maxpacket: 32
[  345.036409][    C1] vcan0: j1939_tp_rxtimer: 0xffff8880568efc00: rx timeout, send abort
[  345.046981][    C1] vcan0: j1939_tp_rxtimer: 0xffff8880568ec000: rx timeout, send abort
[  345.056764][    C1] vcan0: j1939_xtp_rx_abort_one: 0xffff8880568efc00: 0x00000: (3) A timeout occurred and this is the connection abort to close the session.
[  345.072533][    C1] vcan0: j1939_xtp_rx_abort_one: 0xffff8880568ec000: 0x00000: (3) A timeout occurred and this is the connection abort to close the session.
[  345.073662][ T5914] usb 2-1: config 0 has an invalid interface number: 12 but max is 0
[  345.158212][ T5914] usb 2-1: config 0 has no interface number 0
[  345.209363][ T5914] usb 2-1: config 0 interface 12 has no altsetting 0
[  345.229219][ T5914] usb 2-1: New USB device found, idVendor=2c42, idProduct=1202, bcdDevice=85.40
[  345.261680][ T5914] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  345.438074][ T5914] usb 2-1: Product: syz
[  345.466808][ T5914] usb 2-1: Manufacturer: syz
[  345.471577][ T5914] usb 2-1: SerialNumber: syz
[  345.514897][ T5914] usb 2-1: config 0 descriptor??
[  345.731905][ T8469] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  345.773460][ T8469] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  346.088167][ T8507] netlink: 48 bytes leftover after parsing attributes in process `syz.2.720'.
[  346.155982][   T10] usb 5-1: new high-speed USB device number 15 using dummy_hcd
[  346.356406][   T10] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  346.375755][   T10] usb 5-1: New USB device found, idVendor=046d, idProduct=c50c, bcdDevice= 0.00
[  346.393683][   T10] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  346.431295][   T10] usb 5-1: config 0 descriptor??
[  346.460178][ T5914] f81534 2-1:0.12: f81534_set_register: reg: 1003 data: b0 failed: -71
[  346.469045][ T5914] f81534 2-1:0.12: f81534_find_config_idx: read failed: -71
[  346.484964][ T5914] f81534 2-1:0.12: f81534_calc_num_ports: find idx failed: -71
[  346.492686][ T5914] f81534 2-1:0.12: probe with driver f81534 failed with error -71
[  346.573737][   T24] usb 3-1: new high-speed USB device number 28 using dummy_hcd
[  346.778320][   T24] usb 3-1: unable to get BOS descriptor or descriptor too short
[  346.842306][   T24] usb 3-1: config 6 has an invalid interface number: 200 but max is 0
[  346.885865][   T24] usb 3-1: config 6 has no interface number 0
[  346.944959][   T24] usb 3-1: config 6 interface 200 has no altsetting 0
[  347.059610][   T24] usb 3-1: New USB device found, idVendor=05d8, idProduct=770c, bcdDevice=dd.40
[  347.128486][ T5914] usb 2-1: USB disconnect, device number 22
[  347.147446][   T10] logitech 0003:046D:C50C.0008: unbalanced delimiter at end of report description
[  347.199425][   T10] logitech 0003:046D:C50C.0008: parse failed
[  347.232588][   T10] logitech 0003:046D:C50C.0008: probe with driver logitech failed with error -22
[  347.239413][   T24] usb 3-1: New USB device strings: Mfr=222, Product=2, SerialNumber=3
[  347.257382][   T24] usb 3-1: Product: syz
[  347.261880][   T24] usb 3-1: Manufacturer: syz
[  347.266693][   T24] usb 3-1: SerialNumber: syz
[  347.390078][ T5969] usb 5-1: USB disconnect, device number 15
[  347.518063][ T8525] fuse: Bad value for 'fd'
[  347.559680][ T8513] program syz.2.724 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  347.588207][ T8513] sd 0:0:1:0: ioctl_internal_command: ILLEGAL REQUEST asc=0x20 ascq=0x0
[  347.599665][ T8529] overlayfs: missing 'lowerdir'
[  347.612224][ T8529] overlayfs: "xino" feature enabled using 2 upper inode bits.
[  349.219734][ T8542] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(12)
[  349.226416][ T8542] vhci_hcd vhci_hcd.0: devid(0) speed(4) speed_str(wireless)
[  349.253644][ T8548] tap0: tun_chr_ioctl cmd 1074025677
[  349.259454][ T8548] tap0: linktype set to 773
[  349.288435][ T8542] vhci_hcd vhci_hcd.0: Device attached
[  349.313726][ T8550] vhci_hcd vhci_hcd.0: pdev(1) rhport(1) sockfd(15)
[  349.320395][ T8550] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed)
[  349.361365][ T8550] vhci_hcd vhci_hcd.0: Device attached
[  349.384221][ T8542] vhci_hcd vhci_hcd.0: pdev(1) rhport(2) sockfd(14)
[  349.390878][ T8542] vhci_hcd vhci_hcd.0: devid(0) speed(2) speed_str(full-speed)
[  349.424407][ T8542] vhci_hcd vhci_hcd.0: Device attached
[  349.440775][ T8550] vhci_hcd vhci_hcd.0: pdev(1) rhport(3) sockfd(17)
[  349.447437][ T8550] vhci_hcd vhci_hcd.0: devid(0) speed(2) speed_str(full-speed)
[  349.467831][ T8544] netlink: 12 bytes leftover after parsing attributes in process `syz.4.734'.
[  349.477829][ T5914] vhci_hcd: vhci_device speed not set
[  349.517722][ T8550] vhci_hcd vhci_hcd.0: Device attached
[  349.543810][ T5914] usb 35-1: new full-speed USB device number 2 using vhci_hcd
[  349.563787][ T8542] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(21)
[  349.570444][ T8542] vhci_hcd vhci_hcd.0: devid(0) speed(5) speed_str(super-speed)
[  349.579741][ T8542] vhci_hcd vhci_hcd.0: Device attached
[  349.580253][ T8555] netlink: 28 bytes leftover after parsing attributes in process `syz.4.734'.
[  349.609745][ T8542] vhci_hcd: Failed attach request for unsupported USB speed: UNKNOWN
[  349.621328][ T8555] 8021q: adding VLAN 0 to HW filter on device bond1
[  349.654981][ T8542] vhci_hcd: Failed attach request for unsupported USB speed: UNKNOWN
[  349.688664][ T8542] vhci_hcd: Failed attach request for unsupported USB speed: UNKNOWN
[  349.741821][ T8542] vhci_hcd vhci_hcd.0: pdev(1) rhport(7) sockfd(30)
[  349.748501][ T8542] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed)
[  349.807802][   T24] usb 3-1: USB disconnect, device number 28
[  349.814033][ T8542] vhci_hcd vhci_hcd.0: Device attached
[  349.908326][ T8566] vhci_hcd: connection closed
[  349.909865][ T8559] vhci_hcd: connection closed
[  349.911381][ T3483] vhci_hcd: stop threads
[  349.923947][ T8552] vhci_hcd: connection closed
[  349.924128][ T8556] vhci_hcd: connection closed
[  349.953690][ T8546] vhci_hcd: connection reset by peer
[  349.965094][ T3483] vhci_hcd: release socket
[  349.969776][ T3483] vhci_hcd: disconnect device
[  349.997504][ T3483] vhci_hcd: stop threads
[  350.227004][ T3483] vhci_hcd: release socket
[  350.275816][ T3483] vhci_hcd: disconnect device
[  352.202127][ T3483] vhci_hcd: stop threads
[  352.211423][ T3483] vhci_hcd: release socket
[  352.577246][ T8589] overlayfs: missing 'lowerdir'
[  352.645132][ T8590] overlayfs: failed to clone upperpath
[  352.687874][ T8572] vhci_hcd: connection closed
[  352.755036][ T3483] vhci_hcd: disconnect device
[  352.890618][ T3483] vhci_hcd: stop threads
[  352.900705][ T3483] vhci_hcd: release socket
[  352.925033][ T3483] vhci_hcd: disconnect device
[  352.975827][ T3483] vhci_hcd: stop threads
[  353.009114][ T3483] vhci_hcd: release socket
[  353.113361][ T3483] vhci_hcd: disconnect device
[  353.209046][ T3483] vhci_hcd: stop threads
[  353.264728][ T3483] vhci_hcd: release socket
[  353.400229][ T3483] vhci_hcd: disconnect device
[  353.929251][ T8605] netlink: 12 bytes leftover after parsing attributes in process `syz.2.746'.
[  353.954750][ T8603] netlink: 'syz.0.747': attribute type 3 has an invalid length.
[  354.020066][ T8603] netlink: 12 bytes leftover after parsing attributes in process `syz.0.747'.
[  354.495165][ T8625] netlink: 8 bytes leftover after parsing attributes in process `syz.4.752'.
[  354.774079][ T5914] vhci_hcd: vhci_device speed not set
[  356.079961][ T8630] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(12)
[  356.086634][ T8630] vhci_hcd vhci_hcd.0: devid(0) speed(4) speed_str(wireless)
[  356.104145][ T8630] vhci_hcd vhci_hcd.0: Device attached
[  356.129758][ T8636] vhci_hcd vhci_hcd.0: pdev(1) rhport(1) sockfd(14)
[  356.136409][ T8636] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed)
[  356.155950][ T8636] vhci_hcd vhci_hcd.0: Device attached
[  356.171269][ T8630] vhci_hcd vhci_hcd.0: pdev(1) rhport(2) sockfd(16)
[  356.177894][ T8630] vhci_hcd vhci_hcd.0: devid(0) speed(2) speed_str(full-speed)
[  356.195991][ T8630] vhci_hcd vhci_hcd.0: Device attached
[  356.205872][ T8630] vhci_hcd vhci_hcd.0: pdev(1) rhport(3) sockfd(18)
[  356.212523][ T8630] vhci_hcd vhci_hcd.0: devid(0) speed(2) speed_str(full-speed)
[  356.225047][ T8630] vhci_hcd vhci_hcd.0: Device attached
[  356.251745][ T8630] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(20)
[  356.258410][ T8630] vhci_hcd vhci_hcd.0: devid(0) speed(5) speed_str(super-speed)
[  356.293740][   T10] usb 1-1: new high-speed USB device number 22 using dummy_hcd
[  356.313350][ T8647] usb usb9: Requested nonsensical USBDEVFS_URB_SHORT_NOT_OK.
[  356.320910][ T8647] usb usb9: Requested nonsensical USBDEVFS_URB_ZERO_PACKET.
[  356.329970][ T8647] trusted_key: syz.4.755 sent an empty control message without MSG_MORE.
[  356.344849][ T8647] netlink: 12 bytes leftover after parsing attributes in process `syz.4.755'.
[  356.353897][ T5969] usb 36-1: SetAddress Request (2) to port 0
[  356.360117][ T5969] usb 36-1: new SuperSpeed USB device number 2 using vhci_hcd
[  356.383798][ T8630] vhci_hcd vhci_hcd.0: Device attached
[  356.438310][ T8630] vhci_hcd: Failed attach request for unsupported USB speed: UNKNOWN
[  356.448306][ T8630] vhci_hcd: Failed attach request for unsupported USB speed: UNKNOWN
[  356.514810][ T8650] vhci_hcd: Failed attach request for unsupported USB speed: UNKNOWN
[  356.637775][   T10] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x7 has invalid wMaxPacketSize 0
[  357.433708][   T10] usb 1-1: config 0 interface 0 altsetting 0 bulk endpoint 0x7 has invalid maxpacket 0
[  357.495561][   T10] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x89 has invalid wMaxPacketSize 0
[  357.560456][   T10] usb 1-1: config 0 interface 0 altsetting 0 bulk endpoint 0x89 has invalid maxpacket 0
[  357.564341][ T8630] vhci_hcd vhci_hcd.0: pdev(1) rhport(7) sockfd(30)
[  357.576845][ T8630] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed)
[  357.615555][ T8630] vhci_hcd vhci_hcd.0: Device attached
[  357.623868][   T10] usb 1-1: New USB device found, idVendor=2040, idProduct=4900, bcdDevice=4d.8b
[  357.651637][ T8644] vhci_hcd: connection reset by peer
[  357.652090][ T8633] vhci_hcd: connection closed
[  357.657235][ T8637] vhci_hcd: connection closed
[  357.658333][ T8640] vhci_hcd: connection closed
[  357.667820][ T6391] vhci_hcd: stop threads
[  357.673169][ T8642] vhci_hcd: connection closed
[  357.683957][   T10] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  357.708044][ T6391] vhci_hcd: release socket
[  357.712615][ T6391] vhci_hcd: disconnect device
[  357.723164][   T10] usb 1-1: config 0 descriptor??
[  357.738506][ T6391] vhci_hcd: stop threads
[  357.742811][ T6391] vhci_hcd: release socket
[  357.779516][ T6391] vhci_hcd: disconnect device
[  357.818408][ T6391] vhci_hcd: stop threads
[  357.822784][ T6391] vhci_hcd: release socket
[  357.833696][ T6391] vhci_hcd: disconnect device
[  357.901517][ T6391] vhci_hcd: stop threads
[  357.917555][ T6391] vhci_hcd: release socket
[  357.952107][ T6391] vhci_hcd: disconnect device
[  357.972790][   T10] hdpvr 1-1:0.0: firmware version 0x69 dated Ì
[  358.008137][ T6391] vhci_hcd: stop threads
[  358.012528][ T6391] vhci_hcd: release socket
[  358.022488][   T10] hdpvr 1-1:0.0: untested firmware, the driver might not work.
[  358.036338][ T6391] vhci_hcd: disconnect device
[  358.168321][   T10] hdpvr 1-1:0.0: device init failed
[  358.218416][   T10] hdpvr 1-1:0.0: probe with driver hdpvr failed with error -12
[  358.260207][   T10] usb 1-1: USB disconnect, device number 22
[  358.417203][ T8656] vhci_hcd: connection closed
[  358.444097][   T35] vhci_hcd: stop threads
[  358.475936][   T35] vhci_hcd: release socket
[  358.485452][   T35] vhci_hcd: disconnect device
[  358.613498][ T5847] Bluetooth: hci4: command 0x0406 tx timeout
[  358.771845][ T8673] FAULT_INJECTION: forcing a failure.
[  358.771845][ T8673] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  358.823750][ T8673] CPU: 0 UID: 0 PID: 8673 Comm: syz.4.762 Not tainted 6.16.0-rc5-syzkaller #0 PREEMPT(full) 
[  358.823780][ T8673] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  358.823795][ T8673] Call Trace:
[  358.823802][ T8673]  <TASK>
[  358.823809][ T8673]  dump_stack_lvl+0x189/0x250
[  358.823842][ T8673]  ? __pfx____ratelimit+0x10/0x10
[  358.823864][ T8673]  ? __pfx_dump_stack_lvl+0x10/0x10
[  358.823880][ T8673]  ? __pfx__printk+0x10/0x10
[  358.823898][ T8673]  ? __might_fault+0xb0/0x130
[  358.823927][ T8673]  should_fail_ex+0x414/0x560
[  358.823950][ T8673]  _copy_from_user+0x2d/0xb0
[  358.823968][ T8673]  ___sys_sendmsg+0x158/0x2a0
[  358.823987][ T8673]  ? __pfx____sys_sendmsg+0x10/0x10
[  358.824031][ T8673]  ? __fget_files+0x2a/0x420
[  358.824043][ T8673]  ? __fget_files+0x3a0/0x420
[  358.824063][ T8673]  __x64_sys_sendmsg+0x19b/0x260
[  358.824083][ T8673]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  358.824109][ T8673]  ? __pfx_ksys_write+0x10/0x10
[  358.824127][ T8673]  ? rcu_is_watching+0x15/0xb0
[  358.824146][ T8673]  ? do_syscall_64+0xbe/0x3b0
[  358.824162][ T8673]  do_syscall_64+0xfa/0x3b0
[  358.824174][ T8673]  ? lockdep_hardirqs_on+0x9c/0x150
[  358.824194][ T8673]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  358.824208][ T8673]  ? clear_bhb_loop+0x60/0xb0
[  358.824225][ T8673]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  358.824238][ T8673] RIP: 0033:0x7f610218e929
[  358.824252][ T8673] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  358.824264][ T8673] RSP: 002b:00007f6102f26038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  358.824280][ T8673] RAX: ffffffffffffffda RBX: 00007f61023b5fa0 RCX: 00007f610218e929
[  358.824292][ T8673] RDX: 0000000000000800 RSI: 0000200000000040 RDI: 0000000000000003
[  358.824306][ T8673] RBP: 00007f6102f26090 R08: 0000000000000000 R09: 0000000000000000
[  358.824318][ T8673] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  358.824330][ T8673] R13: 0000000000000000 R14: 00007f61023b5fa0 R15: 00007ffd52daa4c8
[  358.824362][ T8673]  </TASK>
[  359.073363][ T8664] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[  359.079567][ T8664] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[  359.085880][ T8664] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[  359.092017][ T8664] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[  359.098713][ T8664] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[  359.901454][ T8699] overlay: Unknown parameter 'fsmagic'
[  360.173793][   T10] usb 3-1: new high-speed USB device number 29 using dummy_hcd
[  360.293859][ T5847] Bluetooth: hci0: command 0x0406 tx timeout
[  360.568851][ T3616] usb 1-1: new high-speed USB device number 23 using dummy_hcd
[  360.653786][   T10] usb 3-1: Using ep0 maxpacket: 32
[  360.660642][   T10] usb 3-1: config 0 interface 0 has no altsetting 0
[  360.667511][   T10] usb 3-1: New USB device found, idVendor=1b1c, idProduct=0c10, bcdDevice= 0.00
[  360.690150][   T10] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  360.744256][   T10] usb 3-1: config 0 descriptor??
[  360.807753][ T3616] usb 1-1: config 1 has an invalid interface number: 239 but max is 0
[  360.831513][ T3616] usb 1-1: config 1 has no interface number 0
[  360.833040][ T8706] netlink: 'syz.4.774': attribute type 29 has an invalid length.
[  360.848641][ T3616] usb 1-1: config 1 interface 239 altsetting 9 has an invalid descriptor for endpoint zero, skipping
[  360.861461][ T8706] netlink: 8 bytes leftover after parsing attributes in process `syz.4.774'.
[  360.867334][ T3616] usb 1-1: config 1 interface 239 altsetting 9 has an endpoint descriptor with address 0xC6, changing to 0x86
[  360.883211][ T3616] usb 1-1: config 1 interface 239 altsetting 9 endpoint 0x86 has an invalid bInterval 230, changing to 11
[  360.931461][ T3616] usb 1-1: config 1 interface 239 altsetting 9 endpoint 0x86 has invalid maxpacket 59105, setting to 1024
[  360.959749][ T3616] usb 1-1: config 1 interface 239 altsetting 9 has 3 endpoint descriptors, different from the interface descriptor's value: 2
[  360.974868][ T3616] usb 1-1: config 1 interface 239 has no altsetting 0
[  360.985815][ T3616] usb 1-1: New USB device found, idVendor=1163, idProduct=0100, bcdDevice=b3.a7
[  360.997351][ T3616] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  361.010140][ T3616] usb 1-1: Product: syz
[  361.015127][ T3616] usb 1-1: Manufacturer: syz
[  361.019937][ T3616] usb 1-1: SerialNumber: syz
[  361.057769][ T8689] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22
[  361.084304][ T5847] Bluetooth: hci1: command 0x0406 tx timeout
[  361.162543][   T10] corsair-cpro 0003:1B1C:0C10.0009: unknown main item tag 0x0
[  361.171601][ T5847] Bluetooth: hci4: command 0x0406 tx timeout
[  361.171646][ T5155] Bluetooth: hci3: command 0x0406 tx timeout
[  361.179018][ T5847] Bluetooth: hci2: command 0x0406 tx timeout
[  361.275477][   T10] corsair-cpro 0003:1B1C:0C10.0009: unknown main item tag 0x0
[  361.311303][   T10] corsair-cpro 0003:1B1C:0C10.0009: unknown main item tag 0x0
[  361.336889][   T10] corsair-cpro 0003:1B1C:0C10.0009: unknown main item tag 0x0
[  361.355827][ T8717] 9pnet_fd: Insufficient options for proto=fd
[  361.363208][   T10] corsair-cpro 0003:1B1C:0C10.0009: unknown main item tag 0x0
[  361.452360][ T8718] netlink: 830 bytes leftover after parsing attributes in process `syz.4.778'.
[  361.468479][ T8718] netlink: 132 bytes leftover after parsing attributes in process `syz.4.778'.
[  361.484631][ T5969] usb 36-1: device descriptor read/8, error -110
[  361.496821][ T8718] bridge2: entered promiscuous mode
[  361.519838][ T8718] netlink: 'syz.4.778': attribute type 1 has an invalid length.
[  362.116617][   T10] corsair-cpro 0003:1B1C:0C10.0009: hidraw0: USB HID v4.06 Device [HID 1b1c:0c10] on usb-dummy_hcd.2-1/input0
[  362.193872][ T5914] vhci_hcd: vhci_device speed not set
[  362.354174][ T3616] cypress_m8 1-1:1.239: DeLorme Earthmate USB converter detected
[  362.582829][ T3616] earthmate ttyUSB0: required endpoint is missing
[  362.604151][ T3616] usb 1-1: USB disconnect, device number 23
[  362.669149][   T10] corsair-cpro 0003:1B1C:0C10.0009: probe with driver corsair-cpro failed with error -110
[  362.670053][ T3616] cypress_m8 1-1:1.239: device disconnected
[  362.849547][   T24] usb 3-1: USB disconnect, device number 29
[  363.556705][ T5969] usb usb36-port1: attempt power cycle
[  363.669902][ T5847] Bluetooth: hci3: unexpected cc 0x0c2d length: 69 > 4
[  363.683838][ T5847] Bluetooth: hci3: unexpected event for opcode 0x0c2d
[  364.208553][ T5969] usb usb36-port1: unable to enumerate USB device
[  365.573969][ T5969] usb 2-1: new high-speed USB device number 23 using dummy_hcd
[  365.698050][ T8760] 9pnet_fd: Insufficient options for proto=fd
[  365.749098][ T8760] netlink: 830 bytes leftover after parsing attributes in process `syz.3.791'.
[  365.760433][ T8760] netlink: 132 bytes leftover after parsing attributes in process `syz.3.791'.
[  365.781138][ T8760] bridge2: entered promiscuous mode
[  365.789937][ T8760] netlink: 'syz.3.791': attribute type 1 has an invalid length.
[  365.799162][ T5969] usb 2-1: config 0 interface 0 altsetting 8 endpoint 0x81 has invalid wMaxPacketSize 0
[  365.842013][ T5969] usb 2-1: config 0 interface 0 has no altsetting 0
[  365.853707][ T5969] usb 2-1: New USB device found, idVendor=1b1c, idProduct=1c04, bcdDevice= 0.00
[  365.878549][ T5969] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  365.914751][ T5969] usb 2-1: config 0 descriptor??
[  367.332876][ T5969] corsair-psu 0003:1B1C:1C04.000A: hidraw0: USB HID v0.01 Device [HID 1b1c:1c04] on usb-dummy_hcd.1-1/input0
[  369.231690][ T5969] corsair-psu 0003:1B1C:1C04.000A: unable to initialize device (-71)
[  369.565206][ T5969] corsair-psu 0003:1B1C:1C04.000A: probe with driver corsair-psu failed with error -71
[  369.715114][ T5969] usb 2-1: USB disconnect, device number 23
[  369.735863][ T5914] kernel write not supported for file /input/mice (pid: 5914 comm: kworker/0:5)
[  369.815379][ T8785] netlink: 60 bytes leftover after parsing attributes in process `syz.1.798'.
[  369.824390][ T8785] netlink: 12 bytes leftover after parsing attributes in process `syz.1.798'.
[  369.833292][ T8785] netlink: 60 bytes leftover after parsing attributes in process `syz.1.798'.
[  369.927252][ T8785] netlink: 60 bytes leftover after parsing attributes in process `syz.1.798'.
[  369.936371][ T8785] netlink: 12 bytes leftover after parsing attributes in process `syz.1.798'.
[  369.945470][ T8785] netlink: 60 bytes leftover after parsing attributes in process `syz.1.798'.
[  370.532539][ T8785] netlink: 60 bytes leftover after parsing attributes in process `syz.1.798'.
[  370.541572][ T8785] netlink: 12 bytes leftover after parsing attributes in process `syz.1.798'.
[  370.550912][ T8785] netlink: 60 bytes leftover after parsing attributes in process `syz.1.798'.
[  370.881944][ T8806] 9pnet_fd: Insufficient options for proto=fd
[  370.911863][ T8805] netlink: 'syz.1.804': attribute type 3 has an invalid length.
[  370.986349][ T8808] overlay: Unknown parameter '/'
[  371.019409][ T8808] overlayfs: "xino" feature enabled using 2 upper inode bits.
[  371.088252][ T8809] netlink: 830 bytes leftover after parsing attributes in process `syz.0.803'.
[  371.266531][ T8812] netlink: 'syz.0.803': attribute type 1 has an invalid length.
[  371.274139][ T8809] bridge5: entered promiscuous mode
[  375.706160][ T8846] __nla_validate_parse: 3 callbacks suppressed
[  375.706205][ T8846] netlink: 60 bytes leftover after parsing attributes in process `syz.2.812'.
[  375.723445][ T8845] netlink: 60 bytes leftover after parsing attributes in process `syz.2.812'.
[  376.524185][    C0] IPv4: Oversized IP packet from 172.20.20.170
[  376.595681][    C0] IPv4: Oversized IP packet from 172.20.20.170
[  376.604456][    C0] IPv4: Oversized IP packet from 172.20.20.170
[  376.685099][    C1] IPv4: Oversized IP packet from 172.20.20.170
[  376.692595][    C1] IPv4: Oversized IP packet from 172.20.20.170
[  376.700304][    C1] IPv4: Oversized IP packet from 172.20.20.170
[  376.707932][    C1] IPv4: Oversized IP packet from 172.20.20.170
[  376.716389][    C1] IPv4: Oversized IP packet from 172.20.20.170
[  376.723849][    C1] IPv4: Oversized IP packet from 172.20.20.170
[  376.731621][    C1] IPv4: Oversized IP packet from 172.20.20.170
[  376.742810][ T8862] overlayfs: failed to resolve './file1': -2
[  376.758310][ T8864] 9pnet_fd: Insufficient options for proto=fd
[  377.640637][ T8870] netlink: 132 bytes leftover after parsing attributes in process `syz.1.820'.
[  377.756440][ T8869] netlink: 830 bytes leftover after parsing attributes in process `syz.1.820'.
[  377.930500][ T8864] bridge2: entered promiscuous mode
[  378.588620][ T8864] netlink: 'syz.1.820': attribute type 1 has an invalid length.
[  378.930819][ T1299] ieee802154 phy1 wpan1: encryption failed: -22
[  379.424555][ T3616] usb 1-1: new high-speed USB device number 24 using dummy_hcd
[  380.077074][ T3616] usb 1-1: Using ep0 maxpacket: 32
[  381.410067][ T3616] usb 1-1: unable to read config index 0 descriptor/start: -71
[  381.459607][ T3616] usb 1-1: can't read configurations, error -71
[  382.005102][ T3616] usb 1-1: new high-speed USB device number 25 using dummy_hcd
[  382.441568][ T3616] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  383.441402][ T3616] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  383.628166][ T3616] usb 1-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40
[  383.661200][ T3616] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  383.758372][ T3616] usb 1-1: config 0 descriptor??
[  384.077702][ T8901] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  384.132032][ T8901] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  384.151720][ T8929] overlayfs: failed to resolve './file1': -2
[  384.167068][ T8901] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  384.183287][ T8901] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  384.196806][ T8901] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  384.208464][ T8901] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  384.217990][ T8901] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  384.232141][ T8901] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  384.246254][ T8901] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  384.256575][ T8901] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  384.280776][ T3616] keytouch 0003:0926:3333.000B: fixing up Keytouch IEC report descriptor
[  384.305745][ T3616] input: HID 0926:3333 as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/0003:0926:3333.000B/input/input9
[  384.527972][ T3616] keytouch 0003:0926:3333.000B: input,hidraw0: USB HID v0.00 Keyboard [HID 0926:3333] on usb-dummy_hcd.0-1/input0
[  385.185494][ T3616] usb 1-1: USB disconnect, device number 25
[  385.468615][ T8939] fido_id[8939]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.0/usb1/1-1/report_descriptor': No such file or directory
[  385.709206][ T8954] netlink: 'syz.3.841': attribute type 11 has an invalid length.
[  385.743733][    T9] usb 2-1: new high-speed USB device number 24 using dummy_hcd
[  385.853935][ T5969] usb 3-1: new high-speed USB device number 30 using dummy_hcd
[  385.910286][    T9] usb 2-1: Using ep0 maxpacket: 32
[  385.923899][   T24] usb 5-1: new high-speed USB device number 16 using dummy_hcd
[  385.925691][    T9] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 147, changing to 11
[  385.968430][    T9] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 42046, setting to 1024
[  385.989573][    T9] usb 2-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40
[  386.000296][    T9] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  386.019521][    T9] usb 2-1: config 0 descriptor??
[  386.025937][ T8945] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22
[  386.036859][    T9] hub 2-1:0.0: USB hub found
[  386.038857][ T5969] usb 3-1: Using ep0 maxpacket: 8
[  386.075078][ T5969] usb 3-1: unable to get BOS descriptor or descriptor too short
[  386.105347][ T5969] usb 3-1: config 3 has an invalid interface number: 173 but max is 2
[  386.116400][   T24] usb 5-1: config 0 has an invalid interface number: 156 but max is 0
[  386.139791][   T24] usb 5-1: config 0 has no interface number 0
[  386.149572][ T5969] usb 3-1: config 3 has an invalid descriptor of length 0, skipping remainder of the config
[  386.160574][   T24] usb 5-1: New USB device found, idVendor=abcd, idProduct=cdee, bcdDevice= 5.b9
[  386.169965][ T5969] usb 3-1: config 3 has 1 interface, different from the descriptor's value: 3
[  386.179599][   T24] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  386.188310][ T5969] usb 3-1: config 3 has no interface number 0
[  386.221193][   T24] usb 5-1: config 0 descriptor??
[  386.226584][ T5969] usb 3-1: config 3 interface 173 altsetting 221 has 0 endpoint descriptors, different from the interface descriptor's value: 15
[  386.245006][    T9] hub 2-1:0.0: 1 port detected
[  386.255048][ T5969] usb 3-1: config 3 interface 173 has no altsetting 0
[  386.262073][   T24] gspca_main: spca561-2.14.0 probing abcd:cdee
[  386.285850][ T5969] usb 3-1: string descriptor 0 read error: -22
[  386.294231][ T5969] usb 3-1: New USB device found, idVendor=22b8, idProduct=2d9a, bcdDevice=ed.44
[  386.303956][ T5969] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  386.623359][ T8943] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  386.630157][ T8951] netdevsim netdevsim4 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0
[  386.640903][ T8951] netdevsim netdevsim4 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0
[  386.650397][ T8951] netdevsim netdevsim4 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0
[  386.659801][ T8951] netdevsim netdevsim4 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0
[  386.720810][ T8943] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  386.818938][   T24] spca561 5-1:0.156: probe with driver spca561 failed with error -22
[  387.192578][ T8951] team0: Port device vxlan0 added
[  387.328639][   T24] usb 5-1: Quirk or no altset; falling back to MIDI 1.0
[  387.340486][   T24] usb 5-1: MIDIStreaming interface descriptor not found
[  387.494225][    T9] hub 2-1:0.0: hub_ext_port_status failed (err = -71)
[  387.496202][ T3616] usb 2-1: USB disconnect, device number 24
[  387.531632][   T24] usb 5-1: USB disconnect, device number 16
[  387.543711][ T5847] Bluetooth: hci0: ACL packet for unknown connection handle 201
[  387.840324][    T9] usb 3-1: USB disconnect, device number 30
[  388.111028][ T8978] misc userio: Invalid payload size
[  388.118886][ T8978] misc userio: Invalid payload size
[  388.126070][ T8978] misc userio: The device must be registered before sending interrupts
[  389.280858][ T8983] overlayfs: failed to clone lowerpath
[  389.333897][ T8985] overlayfs: failed to resolve './file1': -2
[  390.913869][ T8992] overlay: Unknown parameter 'fsmagic'
[  393.428739][ T8952] sched: DL replenish lagged too much
[  393.877857][ T9003] trusted_key: encrypted_key: master key parameter 'defaul|' is invalid
[  395.547563][ T9017] input: syz0 as /devices/virtual/input/input10
[  396.306991][ T9028] netlink: 28 bytes leftover after parsing attributes in process `syz.0.860'.
[  396.370333][ T9030] overlayfs: failed to clone upperpath
[  396.604532][ T5969] usb 3-1: new high-speed USB device number 31 using dummy_hcd
[  396.836413][ T5969] usb 3-1: Using ep0 maxpacket: 8
[  397.078368][ T9037] netlink: 'syz.1.862': attribute type 2 has an invalid length.
[  397.086824][ T9037] netlink: 'syz.1.862': attribute type 1 has an invalid length.
[  398.011775][ T5969] usb 3-1: unable to get BOS descriptor or descriptor too short
[  398.075706][ T5969] usb 3-1: config 3 has an invalid interface number: 173 but max is 2
[  398.160415][ T5969] usb 3-1: config 3 has an invalid descriptor of length 0, skipping remainder of the config
[  398.315761][ T5969] usb 3-1: config 3 has 1 interface, different from the descriptor's value: 3
[  398.379044][ T5969] usb 3-1: config 3 has no interface number 0
[  398.399474][ T5969] usb 3-1: config 3 interface 173 altsetting 221 has 0 endpoint descriptors, different from the interface descriptor's value: 15
[  398.453634][ T5969] usb 3-1: config 3 interface 173 has no altsetting 0
[  398.484387][ T5969] usb 3-1: string descriptor 0 read error: -22
[  398.511439][ T5969] usb 3-1: New USB device found, idVendor=22b8, idProduct=2d9a, bcdDevice=ed.44
[  398.560215][ T5969] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  398.830935][ T9024] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  398.930593][ T9024] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  399.034548][    T9] usb 5-1: new high-speed USB device number 17 using dummy_hcd
[  399.121924][ T9047] overlay: Unknown parameter 'fsmagic'
[  399.538452][    T9] usb 5-1: Using ep0 maxpacket: 8
[  399.553964][    T9] usb 5-1: too many configurations: 12, using maximum allowed: 8
[  399.564091][    T9] usb 5-1: unable to read config index 0 descriptor/start: -61
[  399.571733][    T9] usb 5-1: can't read configurations, error -61
[  399.726201][    T9] usb 5-1: new high-speed USB device number 18 using dummy_hcd
[  399.914575][    T9] usb 5-1: Using ep0 maxpacket: 8
[  399.926602][    T9] usb 5-1: too many configurations: 12, using maximum allowed: 8
[  399.942201][    T9] usb 5-1: unable to read config index 0 descriptor/start: -61
[  399.951623][    T9] usb 5-1: can't read configurations, error -61
[  399.978115][    T9] usb usb5-port1: attempt power cycle
[  400.054211][ T5914] usb 3-1: USB disconnect, device number 31
[  400.333822][    T9] usb 5-1: new high-speed USB device number 19 using dummy_hcd
[  400.376353][    T9] usb 5-1: Using ep0 maxpacket: 8
[  400.395189][    T9] usb 5-1: too many configurations: 12, using maximum allowed: 8
[  400.415144][    T9] usb 5-1: unable to read config index 0 descriptor/start: -61
[  400.422874][    T9] usb 5-1: can't read configurations, error -61
[  400.613674][    T9] usb 5-1: new high-speed USB device number 20 using dummy_hcd
[  400.684435][    T9] usb 5-1: Using ep0 maxpacket: 8
[  400.718760][    T9] usb 5-1: too many configurations: 12, using maximum allowed: 8
[  400.773878][    T9] usb 5-1: unable to read config index 0 descriptor/start: -61
[  400.788048][    T9] usb 5-1: can't read configurations, error -61
[  400.807315][    T9] usb usb5-port1: unable to enumerate USB device
[  400.904361][ T5914] usb 2-1: new high-speed USB device number 25 using dummy_hcd
[  401.233838][ T5914] usb 2-1: Using ep0 maxpacket: 8
[  401.322745][ T5914] usb 2-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0x73, changing to 0x3
[  401.564191][ T5914] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x3 has invalid wMaxPacketSize 0
[  401.605734][ T5914] usb 2-1: New USB device found, idVendor=0e9c, idProduct=0000, bcdDevice=5b.1e
[  401.623607][ T5914] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  401.631681][ T5914] usb 2-1: Product: syz
[  401.645057][ T5914] usb 2-1: Manufacturer: syz
[  401.661720][ T5914] usb 2-1: SerialNumber: syz
[  401.695966][ T5914] usb 2-1: config 0 descriptor??
[  401.732368][ T5914] streamzap 2-1:0.0: streamzap_probe: endpoint doesn't match input device 0203
[  401.973405][ T9105] overlay: Unknown parameter 'fsmagic'
[  404.089414][ T9121] netlink: 8 bytes leftover after parsing attributes in process `syz.0.887'.
[  404.693850][ T5914] usb 2-1: USB disconnect, device number 25
[  406.048883][ T9132] overlayfs: failed to clone lowerpath
[  406.201646][ T9134] FAULT_INJECTION: forcing a failure.
[  406.201646][ T9134] name failslab, interval 1, probability 0, space 0, times 0
[  406.323782][ T9138] netlink: 8 bytes leftover after parsing attributes in process `syz.1.892'.
[  406.379855][ T9134] CPU: 1 UID: 0 PID: 9134 Comm: syz.2.893 Not tainted 6.16.0-rc5-syzkaller #0 PREEMPT(full) 
[  406.379883][ T9134] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  406.379894][ T9134] Call Trace:
[  406.379902][ T9134]  <TASK>
[  406.379928][ T9134]  dump_stack_lvl+0x189/0x250
[  406.379955][ T9134]  ? __pfx____ratelimit+0x10/0x10
[  406.379985][ T9134]  ? __pfx_dump_stack_lvl+0x10/0x10
[  406.380006][ T9134]  ? __pfx__printk+0x10/0x10
[  406.380036][ T9134]  ? __pfx___might_resched+0x10/0x10
[  406.380061][ T9134]  should_fail_ex+0x414/0x560
[  406.380093][ T9134]  should_failslab+0xa8/0x100
[  406.380123][ T9134]  kmem_cache_alloc_node_noprof+0x76/0x3c0
[  406.380158][ T9134]  ? __alloc_skb+0x112/0x2d0
[  406.380183][ T9134]  __alloc_skb+0x112/0x2d0
[  406.380208][ T9134]  netlink_sendmsg+0x5c6/0xb30
[  406.380241][ T9134]  ? __pfx_netlink_sendmsg+0x10/0x10
[  406.380274][ T9134]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  406.380300][ T9134]  ? __pfx_netlink_sendmsg+0x10/0x10
[  406.380323][ T9134]  __sock_sendmsg+0x21c/0x270
[  406.380354][ T9134]  ____sys_sendmsg+0x505/0x830
[  406.380383][ T9134]  ? __pfx_____sys_sendmsg+0x10/0x10
[  406.380416][ T9134]  ? import_iovec+0x74/0xa0
[  406.380441][ T9134]  ___sys_sendmsg+0x21f/0x2a0
[  406.380467][ T9134]  ? __pfx____sys_sendmsg+0x10/0x10
[  406.380527][ T9134]  ? __fget_files+0x2a/0x420
[  406.380543][ T9134]  ? __fget_files+0x3a0/0x420
[  406.380571][ T9134]  __x64_sys_sendmsg+0x19b/0x260
[  406.380597][ T9134]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  406.380631][ T9134]  ? __pfx_ksys_write+0x10/0x10
[  406.380653][ T9134]  ? rcu_is_watching+0x15/0xb0
[  406.380679][ T9134]  ? do_syscall_64+0xbe/0x3b0
[  406.380700][ T9134]  do_syscall_64+0xfa/0x3b0
[  406.380716][ T9134]  ? lockdep_hardirqs_on+0x9c/0x150
[  406.380743][ T9134]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  406.380761][ T9134]  ? clear_bhb_loop+0x60/0xb0
[  406.380784][ T9134]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  406.380802][ T9134] RIP: 0033:0x7f695ab8e929
[  406.380819][ T9134] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  406.380840][ T9134] RSP: 002b:00007f695ba73038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  406.380860][ T9134] RAX: ffffffffffffffda RBX: 00007f695adb5fa0 RCX: 00007f695ab8e929
[  406.380874][ T9134] RDX: 000000000000c000 RSI: 0000200000000000 RDI: 0000000000000003
[  406.380886][ T9134] RBP: 00007f695ba73090 R08: 0000000000000000 R09: 0000000000000000
[  406.380898][ T9134] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  406.380909][ T9134] R13: 0000000000000000 R14: 00007f695adb5fa0 R15: 00007ffd475ef768
[  406.380956][ T9134]  </TASK>
[  407.623986][   T10] usb 5-1: new high-speed USB device number 21 using dummy_hcd
[  407.985765][   T10] usb 5-1: no configurations
[  408.038944][   T10] usb 5-1: can't read configurations, error -22
[  408.854169][   T10] usb 5-1: new high-speed USB device number 22 using dummy_hcd
[  409.276516][   T10] usb 5-1: no configurations
[  409.281193][   T10] usb 5-1: can't read configurations, error -22
[  409.297778][   T10] usb usb5-port1: attempt power cycle
[  409.684759][   T10] usb 5-1: new high-speed USB device number 23 using dummy_hcd
[  409.705859][   T10] usb 5-1: no configurations
[  409.705882][   T10] usb 5-1: can't read configurations, error -22
[  409.833874][   T10] usb 5-1: new high-speed USB device number 24 using dummy_hcd
[  410.064019][   T10] usb 5-1: device not accepting address 24, error -71
[  410.123337][   T10] usb usb5-port1: unable to enumerate USB device
[  412.312344][ T9209] autofs: Unknown parameter '
[  412.312344][ T9209] ÌÌÌÌÌÌ'
[  412.432006][ T9214] misc userio: Invalid payload size
[  412.438501][ T9214] misc userio: Invalid payload size
[  412.445107][ T9214] misc userio: The device must be registered before sending interrupts
[  413.134942][ T9210] netdevsim netdevsim1 netdevsim0: entered promiscuous mode
[  415.528890][ T9243] netlink: 8 bytes leftover after parsing attributes in process `syz.4.919'.
[  415.528944][ T9243] netlink: 'syz.4.919': attribute type 2 has an invalid length.
[  415.687791][ T9248] FAULT_INJECTION: forcing a failure.
[  415.687791][ T9248] name failslab, interval 1, probability 0, space 0, times 0
[  415.687847][ T9248] CPU: 1 UID: 0 PID: 9248 Comm: syz.1.921 Not tainted 6.16.0-rc5-syzkaller #0 PREEMPT(full) 
[  415.687867][ T9248] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  415.687884][ T9248] Call Trace:
[  415.687891][ T9248]  <TASK>
[  415.687899][ T9248]  dump_stack_lvl+0x189/0x250
[  415.687942][ T9248]  ? __pfx____ratelimit+0x10/0x10
[  415.687991][ T9248]  ? __pfx_dump_stack_lvl+0x10/0x10
[  415.688015][ T9248]  ? __pfx__printk+0x10/0x10
[  415.688048][ T9248]  ? __pfx___might_resched+0x10/0x10
[  415.688070][ T9248]  ? fs_reclaim_acquire+0x7d/0x100
[  415.688097][ T9248]  should_fail_ex+0x414/0x560
[  415.688141][ T9248]  should_failslab+0xa8/0x100
[  415.688174][ T9248]  __kmalloc_cache_noprof+0x70/0x3d0
[  415.688203][ T9248]  ? rdmacg_css_alloc+0x4e/0xc0
[  415.688240][ T9248]  rdmacg_css_alloc+0x4e/0xc0
[  415.688277][ T9248]  cgroup_apply_control_enable+0x3d1/0xa80
[  415.688303][ T9248]  ? css_next_descendant_pre+0x194/0x260
[  415.688330][ T9248]  ? cgroup_propagate_control+0x646/0x6c0
[  415.688367][ T9248]  cgroup_apply_control+0x92/0x6e0
[  415.688403][ T9248]  ? __pfx_cgroup_apply_control+0x10/0x10
[  415.688441][ T9248]  ? css_next_child+0xbd/0x220
[  415.688469][ T9248]  ? css_next_descendant_pre+0x172/0x260
[  415.688496][ T9248]  ? css_next_descendant_pre+0x194/0x260
[  415.688522][ T9248]  ? cgroup_save_control+0x2db/0x350
[  415.688546][ T9248]  cgroup_subtree_control_write+0xaa1/0x1090
[  415.688594][ T9248]  ? __pfx_cgroup_subtree_control_write+0x10/0x10
[  415.688627][ T9248]  ? kernfs_root+0x1c/0x230
[  415.688645][ T9248]  ? kernfs_root+0x1c/0x230
[  415.688665][ T9248]  ? kernfs_root+0x1ea/0x230
[  415.688684][ T9248]  ? __pfx_cgroup_subtree_control_write+0x10/0x10
[  415.688719][ T9248]  cgroup_file_write+0x39e/0x740
[  415.688756][ T9248]  ? __pfx_cgroup_file_write+0x10/0x10
[  415.688801][ T9248]  ? __pfx_cgroup_file_write+0x10/0x10
[  415.688827][ T9248]  kernfs_fop_write_iter+0x375/0x4f0
[  415.688864][ T9248]  vfs_write+0x548/0xa90
[  415.688897][ T9248]  ? __pfx_kernfs_fop_write_iter+0x10/0x10
[  415.688926][ T9248]  ? __pfx_vfs_write+0x10/0x10
[  415.688966][ T9248]  ? __fget_files+0x2a/0x420
[  415.688996][ T9248]  ksys_write+0x145/0x250
[  415.689026][ T9248]  ? __pfx_ksys_write+0x10/0x10
[  415.689051][ T9248]  ? rcu_is_watching+0x15/0xb0
[  415.689077][ T9248]  ? do_syscall_64+0xbe/0x3b0
[  415.689102][ T9248]  do_syscall_64+0xfa/0x3b0
[  415.689136][ T9248]  ? lockdep_hardirqs_on+0x9c/0x150
[  415.689173][ T9248]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  415.689190][ T9248]  ? clear_bhb_loop+0x60/0xb0
[  415.689210][ T9248]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  415.689226][ T9248] RIP: 0033:0x7f178238e929
[  415.689242][ T9248] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  415.689257][ T9248] RSP: 002b:00007f178327c038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  415.689275][ T9248] RAX: ffffffffffffffda RBX: 00007f17825b5fa0 RCX: 00007f178238e929
[  415.689288][ T9248] RDX: 000000000000000e RSI: 0000200000000140 RDI: 0000000000000005
[  415.689299][ T9248] RBP: 00007f178327c090 R08: 0000000000000000 R09: 0000000000000000
[  415.689309][ T9248] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  415.689320][ T9248] R13: 0000000000000000 R14: 00007f17825b5fa0 R15: 00007ffd27509308
[  415.689347][ T9248]  </TASK>
[  415.803976][   T10] usb 5-1: new high-speed USB device number 25 using dummy_hcd
[  415.974938][   T10] usb 5-1: config 1 interface 0 altsetting 7 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  415.974973][   T10] usb 5-1: config 1 interface 0 has no altsetting 0
[  415.981306][   T10] usb 5-1: New USB device found, idVendor=05ac, idProduct=022d, bcdDevice= 0.40
[  415.981339][   T10] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  415.981354][   T10] usb 5-1: Product: syz
[  415.981365][   T10] usb 5-1: Manufacturer: syz
[  415.981376][   T10] usb 5-1: SerialNumber: syz
[  416.010269][ T9253] overlayfs: failed to clone lowerpath
[  416.029864][ T9256] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  416.033903][ T9256] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  416.051242][ T9257] misc userio: Invalid payload size
[  416.051660][ T9257] misc userio: Invalid payload size
[  416.051948][ T9257] misc userio: The device must be registered before sending interrupts
[  416.100399][ T9256] net_ratelimit: 21 callbacks suppressed
[  416.100422][ T9256] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  416.100454][ T9256] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:1)
[  416.100566][ T9256] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:255)
[  416.100627][ T9256] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:256)
[  416.100681][ T9256] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:257)
[  416.100754][ T9256] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:258)
[  416.100818][ T9256] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:259)
[  416.100887][ T9256] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:260)
[  416.100937][ T9256] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:261)
[  416.101116][ T9256] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:262)
[  416.109484][ T9256] bridge_slave_0: default FDB implementation only supports local addresses
[  416.215055][ T9243] netlink: 104 bytes leftover after parsing attributes in process `syz.4.919'.
[  416.283892][ T3616] usb 2-1: new full-speed USB device number 26 using dummy_hcd
[  416.749811][   T10] usbhid 5-1:1.0: can't add hid device: -71
[  416.749923][   T10] usbhid 5-1:1.0: probe with driver usbhid failed with error -71
[  416.752544][   T10] usb 5-1: USB disconnect, device number 25
[  417.301049][ T9275] netlink: 8 bytes leftover after parsing attributes in process `syz.1.931'.
[  417.765715][ T9285] netlink: 12 bytes leftover after parsing attributes in process `syz.1.932'.
[  418.704117][ T9299] netdevsim netdevsim2 netdevsim0: entered promiscuous mode
[  418.744147][ T9299] netlink: 184 bytes leftover after parsing attributes in process `syz.2.936'.
[  418.821511][ T9303] xt_CHECKSUM: CHECKSUM should be avoided.  If really needed, restrict with "-p udp" and only use in OUTPUT
[  419.550303][ T9311] misc userio: Invalid payload size
[  419.557483][ T9311] misc userio: Invalid payload size
[  419.563659][ T9311] misc userio: The device must be registered before sending interrupts
[  420.804638][ T9315] overlayfs: failed to clone lowerpath
[  420.849740][ T9314] overlayfs: missing 'workdir'
[  421.654833][ T9338] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  421.723688][   T24] usb 2-1: new high-speed USB device number 27 using dummy_hcd
[  421.883753][   T24] usb 2-1: Using ep0 maxpacket: 32
[  421.890556][   T24] usb 2-1: config index 0 descriptor too short (expected 8457, got 36)
[  421.901732][   T24] usb 2-1: config 8 has an invalid descriptor of length 0, skipping remainder of the config
[  421.912132][   T24] usb 2-1: config 8 has no interfaces?
[  421.913705][ T5914] usb 5-1: new high-speed USB device number 26 using dummy_hcd
[  421.917944][   T24] usb 2-1: New USB device found, idVendor=046d, idProduct=c314, bcdDevice= 0.40
[  421.937222][   T24] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  422.068383][   T10] usb 1-1: new high-speed USB device number 26 using dummy_hcd
[  422.095794][ T5914] usb 5-1: New USB device found, idVendor=055f, idProduct=c230, bcdDevice=b6.ac
[  422.105127][ T5914] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  422.113250][ T5914] usb 5-1: Product: syz
[  422.117537][ T5914] usb 5-1: Manufacturer: syz
[  422.122176][ T5914] usb 5-1: SerialNumber: syz
[  422.136826][ T5914] usb 5-1: config 0 descriptor??
[  422.156156][ T5914] gspca_main: sunplus-2.14.0 probing 055f:c230
[  422.239971][ T9350] netlink: 48 bytes leftover after parsing attributes in process `syz.2.952'.
[  422.249810][ T9351] netlink: 48 bytes leftover after parsing attributes in process `syz.2.952'.
[  422.468093][   T10] usb 1-1: New USB device found, idVendor=8420, idProduct=157a, bcdDevice=77.64
[  422.482324][   T10] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  422.504895][   T10] usb 1-1: Product: syz
[  422.512296][   T10] usb 1-1: Manufacturer: syz
[  422.520276][   T10] usb 1-1: SerialNumber: syz
[  422.537605][ T9356] overlayfs: failed to clone lowerpath
[  422.607263][   T10] usb 1-1: config 0 descriptor??
[  423.142065][ T5914] gspca_sunplus: reg_r err -110
[  423.147353][ T9361] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  423.171837][ T5914] sunplus 5-1:0.0: probe with driver sunplus failed with error -110
[  423.180404][    T9] usb 1-1: USB disconnect, device number 26
[  423.293318][ T9361] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  424.102596][ T9371] overlayfs: failed to clone lowerpath
[  424.190239][ T9372] overlayfs: missing 'workdir'
[  424.810454][   T30] kauditd_printk_skb: 12 callbacks suppressed
[  424.810474][   T30] audit: type=1326 audit(1751916127.907:103): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9374 comm="syz.2.955" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f695ab8e929 code=0x7ffc0000
[  424.853186][   T30] audit: type=1326 audit(1751916127.907:104): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9374 comm="syz.2.955" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f695ab8e929 code=0x7ffc0000
[  424.903857][   T30] audit: type=1326 audit(1751916127.907:105): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9374 comm="syz.2.955" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f695ab8e929 code=0x7ffc0000
[  424.959383][   T30] audit: type=1326 audit(1751916127.947:106): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9374 comm="syz.2.955" exe="/root/syz-executor" sig=0 arch=c000003e syscall=44 compat=0 ip=0x7f695ab8e929 code=0x7ffc0000
[  425.036940][   T30] audit: type=1326 audit(1751916127.947:107): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9374 comm="syz.2.955" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f695ab8e929 code=0x7ffc0000
[  425.068693][ T5922] usb 2-1: USB disconnect, device number 27
[  425.120191][   T30] audit: type=1326 audit(1751916127.947:108): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9374 comm="syz.2.955" exe="/root/syz-executor" sig=0 arch=c000003e syscall=48 compat=0 ip=0x7f695ab8e929 code=0x7ffc0000
[  425.612628][   T30] audit: type=1326 audit(1751916127.947:109): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9374 comm="syz.2.955" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f695ab8e929 code=0x7ffc0000
[  426.238603][    T9] usb 5-1: USB disconnect, device number 26
[  426.323701][ T5969] usb 2-1: new high-speed USB device number 28 using dummy_hcd
[  426.633782][ T5969] usb 2-1: Using ep0 maxpacket: 8
[  426.656202][ T5969] usb 2-1: unable to get BOS descriptor or descriptor too short
[  426.670999][ T5969] usb 2-1: config 3 has an invalid interface number: 173 but max is 2
[  426.787653][ T5969] usb 2-1: config 3 has an invalid descriptor of length 0, skipping remainder of the config
[  426.799906][ T5969] usb 2-1: config 3 has 1 interface, different from the descriptor's value: 3
[  426.811153][ T5969] usb 2-1: config 3 has no interface number 0
[  426.820163][ T5969] usb 2-1: config 3 interface 173 altsetting 221 has 0 endpoint descriptors, different from the interface descriptor's value: 15
[  427.599514][ T5969] usb 2-1: config 3 interface 173 has no altsetting 0
[  427.622238][ T5969] usb 2-1: string descriptor 0 read error: -22
[  427.628885][ T5969] usb 2-1: New USB device found, idVendor=22b8, idProduct=2d9a, bcdDevice=ed.44
[  427.642119][ T5969] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  428.253970][ T9386] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  428.288464][ T9386] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  429.475649][ T9419] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off.
[  429.487349][ T9419] overlayfs: "xino" feature enabled using 2 upper inode bits.
[  430.556869][ T9429] random: crng reseeded on system resumption
[  432.089947][ T9444] input: syz1 as /devices/virtual/input/input11
[  432.109862][ T9444] cgroup: Invalid name
[  432.116716][ T9444] netlink: 'syz.4.974': attribute type 3 has an invalid length.
[  432.124852][ T9444] netlink: 8 bytes leftover after parsing attributes in process `syz.4.974'.
[  432.146399][ T9444] netlink: 'syz.4.974': attribute type 3 has an invalid length.
[  432.197784][ T9452] netlink: 'syz.3.973': attribute type 4 has an invalid length.
[  432.222083][ T9444] netlink: 8 bytes leftover after parsing attributes in process `syz.4.974'.
[  432.268563][ T9454] netlink: 'syz.3.973': attribute type 4 has an invalid length.
[  432.536989][ T5969] usb 2-1: USB disconnect, device number 28
[  434.488071][ T9483] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off.
[  434.499764][ T9483] overlayfs: "xino" feature enabled using 2 upper inode bits.
[  435.409643][ T9489] 9pnet_fd: Insufficient options for proto=fd
[  435.729527][ T9491] netlink: 44 bytes leftover after parsing attributes in process `syz.0.984'.
[  436.103953][ T5922] usb 5-1: new high-speed USB device number 27 using dummy_hcd
[  437.116487][ T5922] usb 5-1: Using ep0 maxpacket: 32
[  437.141200][ T5922] usb 5-1: config 0 has no interfaces?
[  437.186190][ T5922] usb 5-1: New USB device found, idVendor=0fd9, idProduct=0025, bcdDevice=29.40
[  437.290402][ T5922] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  437.527324][ T5922] usb 5-1: config 0 descriptor??
[  437.763302][ T5922] usb 5-1: USB disconnect, device number 27
[  437.908275][ T9515] overlayfs: missing 'lowerdir'
[  438.869326][ T9526] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off.
[  438.881190][ T9526] overlayfs: "xino" feature enabled using 2 upper inode bits.
[  440.372571][ T9541] ip6tnl1: entered promiscuous mode
[  440.377888][ T9541] ip6tnl1: entered allmulticast mode
[  440.394192][ T1299] ieee802154 phy1 wpan1: encryption failed: -22
[  441.437324][ T9563] overlayfs: missing 'lowerdir'
[  442.011309][ T9570] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off.
[  442.022484][ T9570] overlayfs: "xino" feature enabled using 2 upper inode bits.
[  442.843937][ T9572] overlay: Unknown parameter 'fsmagic'
[  443.712422][ T9582] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1010'.
[  448.017026][ T9593] fuse: Bad value for 'rootmode'
[  448.397589][ T9608] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1019'.
[  448.517063][ T9610] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1019'.
[  448.626977][   T30] audit: type=1326 audit(1751916151.727:110): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9603 comm="syz.0.1019" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f7291f8e929 code=0x0
[  449.718181][ T9617] overlayfs: missing 'lowerdir'
[  451.196733][ T9630] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off.
[  451.207910][ T9630] overlayfs: "xino" feature enabled using 2 upper inode bits.
[  452.004212][ T9632] overlay: Unknown parameter 'fsmagic'
[  452.693039][ T9629] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1026'.
[  452.939193][ T9641] FAULT_INJECTION: forcing a failure.
[  452.939193][ T9641] name failslab, interval 1, probability 0, space 0, times 0
[  452.952875][ T9641] CPU: 1 UID: 0 PID: 9641 Comm: syz.1.1025 Not tainted 6.16.0-rc5-syzkaller #0 PREEMPT(full) 
[  452.952893][ T9641] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  452.952905][ T9641] Call Trace:
[  452.952913][ T9641]  <TASK>
[  452.952919][ T9641]  dump_stack_lvl+0x189/0x250
[  452.952941][ T9641]  ? __pfx____ratelimit+0x10/0x10
[  452.952963][ T9641]  ? __pfx_dump_stack_lvl+0x10/0x10
[  452.952979][ T9641]  ? __pfx__printk+0x10/0x10
[  452.953008][ T9641]  should_fail_ex+0x414/0x560
[  452.953031][ T9641]  should_failslab+0xa8/0x100
[  452.953054][ T9641]  kmem_cache_alloc_noprof+0x73/0x3c0
[  452.953073][ T9641]  ? skb_clone+0x212/0x3a0
[  452.953095][ T9641]  skb_clone+0x212/0x3a0
[  452.953116][ T9641]  __netlink_deliver_tap+0x404/0x850
[  452.953142][ T9641]  ? netlink_deliver_tap+0x2e/0x1b0
[  452.953159][ T9641]  netlink_deliver_tap+0x19c/0x1b0
[  452.953176][ T9641]  netlink_sendskb+0x68/0x140
[  452.953192][ T9641]  netlink_rcv_skb+0x28c/0x470
[  452.953208][ T9641]  ? __pfx_xfrm_user_rcv_msg+0x10/0x10
[  452.953228][ T9641]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  452.953260][ T9641]  ? netlink_deliver_tap+0x2e/0x1b0
[  452.953280][ T9641]  ? netlink_deliver_tap+0x2e/0x1b0
[  452.953310][ T9641]  xfrm_netlink_rcv+0x79/0x90
[  452.953325][ T9641]  netlink_unicast+0x75b/0x8d0
[  452.953346][ T9641]  netlink_sendmsg+0x805/0xb30
[  452.953380][ T9641]  ? __pfx_netlink_sendmsg+0x10/0x10
[  452.953400][ T9641]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  452.953418][ T9641]  ? __pfx_netlink_sendmsg+0x10/0x10
[  452.953433][ T9641]  __sock_sendmsg+0x21c/0x270
[  452.953455][ T9641]  ____sys_sendmsg+0x505/0x830
[  452.953474][ T9641]  ? __pfx_____sys_sendmsg+0x10/0x10
[  452.953495][ T9641]  ? import_iovec+0x74/0xa0
[  452.953513][ T9641]  ___sys_sendmsg+0x21f/0x2a0
[  452.953553][ T9641]  ? __pfx____sys_sendmsg+0x10/0x10
[  452.953615][ T9641]  ? __fget_files+0x2a/0x420
[  452.953628][ T9641]  ? __fget_files+0x3a0/0x420
[  452.953647][ T9641]  __x64_sys_sendmsg+0x19b/0x260
[  452.953665][ T9641]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  452.953689][ T9641]  ? __pfx_ksys_write+0x10/0x10
[  452.953705][ T9641]  ? rcu_is_watching+0x15/0xb0
[  452.953723][ T9641]  ? do_syscall_64+0xbe/0x3b0
[  452.953738][ T9641]  do_syscall_64+0xfa/0x3b0
[  452.953749][ T9641]  ? lockdep_hardirqs_on+0x9c/0x150
[  452.953768][ T9641]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  452.953781][ T9641]  ? clear_bhb_loop+0x60/0xb0
[  452.953797][ T9641]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  452.953809][ T9641] RIP: 0033:0x7f178238e929
[  452.953822][ T9641] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  452.953833][ T9641] RSP: 002b:00007f178325b038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  452.953848][ T9641] RAX: ffffffffffffffda RBX: 00007f17825b6080 RCX: 00007f178238e929
[  452.953858][ T9641] RDX: 0000000000000000 RSI: 0000200000000480 RDI: 0000000000000005
[  452.953866][ T9641] RBP: 00007f178325b090 R08: 0000000000000000 R09: 0000000000000000
[  452.953874][ T9641] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  452.953881][ T9641] R13: 0000000000000000 R14: 00007f17825b6080 R15: 00007ffd27509308
[  452.953902][ T9641]  </TASK>
[  453.780106][ T9647] fuse: Bad value for 'rootmode'
[  454.001883][ T9656] netlink: 108 bytes leftover after parsing attributes in process `syz.0.1032'.
[  454.412105][ T9667] sp0: Synchronizing with TNC
[  454.786780][ T9676] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off.
[  454.799344][ T9676] overlayfs: "xino" feature enabled using 2 upper inode bits.
[  457.328525][ T9706] fuse: Unknown parameter '0xffffffffffffffff0x0000000000000001'
[  457.363252][    T9] Process accounting resumed
[  457.925193][   T10] usb 2-1: new high-speed USB device number 29 using dummy_hcd
[  458.814813][ T9716] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off.
[  458.826762][ T9716] overlayfs: "xino" feature enabled using 2 upper inode bits.
[  459.134987][ T9706] Process accounting resumed
[  459.423654][   T10] usb 2-1: Using ep0 maxpacket: 16
[  459.430883][   T10] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  459.441717][   T10] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 3
[  459.453478][   T10] usb 2-1: config 1 interface 0 has no altsetting 0
[  459.463023][   T10] usb 2-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  459.700296][   T10] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  459.710326][   T10] usb 2-1: Product: syz
[  459.714926][   T10] usb 2-1: Manufacturer: syz
[  459.719633][   T10] usb 2-1: SerialNumber: syz
[  460.089236][ T9736] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1049'.
[  460.113884][ T9733] hub 8-0:1.0: USB hub found
[  460.152013][ T9733] hub 8-0:1.0: 1 port detected
[  460.289250][   T10] usb 2-1: USB disconnect, device number 29
[  464.036575][ T9801] : entered promiscuous mode
[  464.116294][ T9802] ip6gre1: entered promiscuous mode
[  464.130008][ T9802] ip6gre1: entered allmulticast mode
[  464.187562][   T24] usb 5-1: new high-speed USB device number 28 using dummy_hcd
[  464.204180][ T9806] netlink: 5128 bytes leftover after parsing attributes in process `syz.2.1079'.
[  464.226857][ T9807]  speed is unknown, defaulting to 1000
[  464.232745][ T9807]  speed is unknown, defaulting to 1000
[  464.242252][ T9807]  speed is unknown, defaulting to 1000
[  464.255281][ T9806] netlink: 5128 bytes leftover after parsing attributes in process `syz.2.1079'.
[  464.268900][ T9807] iwpm_register_pid: Unable to send a nlmsg (client = 2)
[  464.285617][ T9806] netlink: 584 bytes leftover after parsing attributes in process `syz.2.1079'.
[  464.317325][ T9807] infiniband syz0: RDMA CMA: cma_listen_on_dev, error -98
[  464.345940][   T24] usb 5-1: New USB device found, idVendor=17e9, idProduct=8b4e, bcdDevice=9c.08
[  464.355626][   T24] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  464.385367][   T24] usb 5-1: config 0 descriptor??
[  464.422539][ T9807]  speed is unknown, defaulting to 1000
[  464.436071][ T9807]  speed is unknown, defaulting to 1000
[  464.446546][ T9807]  speed is unknown, defaulting to 1000
[  464.456399][ T9807]  speed is unknown, defaulting to 1000
[  464.466929][ T9807]  speed is unknown, defaulting to 1000
[  464.513773][ T5914] usb 3-1: new high-speed USB device number 32 using dummy_hcd
[  464.762084][   T24] udl 5-1:0.0: [drm] Unrecognized vendor firmware descriptor
[  464.777274][ T5914] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  464.798015][ T5914] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 3
[  465.277289][ T5914] usb 3-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00
[  465.287324][ T5914] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3
[  465.295471][ T5914] usb 3-1: SerialNumber: syz
[  465.326579][   T24] [drm] Initialized udl 0.0.1 for 5-1:0.0 on minor 2
[  465.357440][   T24] [drm] Initialized udl on minor 2
[  465.517691][ T5914] usb 3-1: 0:2 : does not exist
[  465.537461][ T5914] usb 3-1: unit 255 not found!
[  465.561266][ T5914] usb 3-1: 5:0: cannot get min/max values for control 2 (id 5)
[  465.611721][ T5914] usb 3-1: USB disconnect, device number 32
[  465.651225][ T9817] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1082'.
[  465.706991][ T9636] udevd[9636]: error opening ATTR{/sys/devices/platform/dummy_hcd.2/usb3/3-1/3-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  465.807977][   T24] udl 5-1:0.0: [drm] *ERROR* Read EDID byte 2 failed err ffffffb9
[  465.887022][   T24] udl 5-1:0.0: [drm] Cannot find any crtc or sizes
[  465.921752][ T5922] udl 5-1:0.0: [drm] *ERROR* Read EDID byte 0 failed err ffffffb9
[  465.942661][   T24] usb 5-1: USB disconnect, device number 28
[  465.952373][ T5922] udl 5-1:0.0: [drm] Cannot find any crtc or sizes
[  466.173649][ T5969] usb 2-1: new full-speed USB device number 30 using dummy_hcd
[  467.117090][ T5969] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10
[  467.273807][ T5922] usb 3-1: new low-speed USB device number 33 using dummy_hcd
[  468.389507][ T5969] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  468.401027][ T5969] usb 2-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40
[  468.419564][ T5969] usb 2-1: New USB device strings: Mfr=145, Product=0, SerialNumber=0
[  468.428161][ T5969] usb 2-1: Manufacturer: syz
[  468.441381][ T5969] usb 2-1: config 0 descriptor??
[  468.454153][ T5969] hub 2-1:0.0: USB hub found
[  468.513750][ T5922] usb 3-1: device descriptor read/64, error -71
[  468.660065][ T5969] hub 2-1:0.0: config failed, hub doesn't have any ports! (err -19)
[  468.753855][ T5922] usb 3-1: new low-speed USB device number 34 using dummy_hcd
[  469.046616][ T5922] usb 3-1: device descriptor read/64, error -71
[  469.164047][ T5922] usb usb3-port1: attempt power cycle
[  470.219749][ T5969] usbhid 2-1:0.0: can't add hid device: -71
[  470.226018][ T5969] usbhid 2-1:0.0: probe with driver usbhid failed with error -71
[  470.273972][ T5969] usb 2-1: USB disconnect, device number 30
[  470.720715][ T9877] overlayfs: failed to clone upperpath
[  476.794173][ T9929] netlink: 'syz.3.1116': attribute type 3 has an invalid length.
[  476.802023][ T9929] netlink: 20 bytes leftover after parsing attributes in process `syz.3.1116'.
[  476.815775][ T9929] netdevsim netdevsim3: Direct firmware load for ./file0 failed with error -2
[  476.824931][ T9929] netdevsim netdevsim3: Falling back to sysfs fallback for: ./file0
[  476.973152][ T9948] fuse: Unknown parameter 'user_i00000000000000000000'
[  478.400534][   T24] usb 1-1: new high-speed USB device number 27 using dummy_hcd
[  478.578379][   T24] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  478.720635][   T24] usb 1-1: config 1 interface 1 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 2
[  478.883915][ T5922] usb 3-1: new low-speed USB device number 36 using dummy_hcd
[  479.157738][   T24] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  479.304375][ T5922] usb 3-1: device descriptor read/64, error -71
[  479.327428][   T24] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  479.468547][   T24] usb 1-1: Product: syz
[  479.536947][   T24] usb 1-1: Manufacturer: syz
[  479.557560][   T24] usb 1-1: SerialNumber: syz
[  479.633979][ T5922] usb 3-1: new low-speed USB device number 37 using dummy_hcd
[  479.664973][ T9978] netlink: 60 bytes leftover after parsing attributes in process `syz.1.1126'.
[  479.685771][ T9978] netlink: 16 bytes leftover after parsing attributes in process `syz.1.1126'.
[  479.697910][ T9978] netlink: 60 bytes leftover after parsing attributes in process `syz.1.1126'.
[  479.761719][ T9984] tmpfs: Bad value for 'mpol'
[  479.763839][ T5922] usb 3-1: device descriptor read/64, error -71
[  479.894184][ T5922] usb usb3-port1: attempt power cycle
[  480.063750][ T3616] usb 2-1: new high-speed USB device number 31 using dummy_hcd
[  480.213750][ T3616] usb 2-1: Using ep0 maxpacket: 32
[  480.221077][ T3616] usb 2-1: config 0 has an invalid descriptor of length 107, skipping remainder of the config
[  480.231782][ T3616] usb 2-1: config 0 has 0 interfaces, different from the descriptor's value: 1
[  480.241587][ T3616] usb 2-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40
[  480.250971][ T5922] usb 3-1: new low-speed USB device number 38 using dummy_hcd
[  480.258850][ T3616] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  480.270109][ T3616] usb 2-1: config 0 descriptor??
[  480.284542][ T5922] usb 3-1: device descriptor read/8, error -71
[  480.545039][ T5922] usb 3-1: new low-speed USB device number 39 using dummy_hcd
[  480.564672][ T5922] usb 3-1: device descriptor read/8, error -71
[  480.675144][ T5922] usb usb3-port1: unable to enumerate USB device
[  480.684125][ T3616] usb 2-1: string descriptor 0 read error: -71
[  480.694309][ T3616] usb 2-1: USB disconnect, device number 31
[  480.795949][   T24] cdc_ncm 1-1:1.0: MAC-Address: 42:42:42:42:42:42
[  480.802662][   T24] cdc_ncm 1-1:1.0: dwNtbInMaxSize=256 is too small. Using 2048
[  480.810605][   T24] cdc_ncm 1-1:1.0: setting rx_max = 2048
[  480.996509][ T9956] netlink: 'syz.0.1121': attribute type 7 has an invalid length.
[  481.009660][   T24] cdc_ncm 1-1:1.0: setting tx_max = 184
[  481.040506][   T24] cdc_ncm 1-1:1.0 usb0: register 'cdc_ncm' at usb-dummy_hcd.0-1, CDC NCM (NO ZLP), 42:42:42:42:42:42
[  481.061111][   T24] usb 1-1: USB disconnect, device number 27
[  481.078394][   T24] cdc_ncm 1-1:1.0 usb0: unregister 'cdc_ncm' usb-dummy_hcd.0-1, CDC NCM (NO ZLP)
[  481.339720][ T9991] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1130'.
[  481.357577][ T9991] netlink: 'syz.1.1130': attribute type 7 has an invalid length.
[  481.366977][ T9991] netlink: 'syz.1.1130': attribute type 8 has an invalid length.
[  481.376709][ T9991] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1130'.
[  481.389029][   T30] audit: type=1326 audit(1751916184.487:111): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9990 comm="syz.1.1130" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f178238e929 code=0x0
[  481.478104][ T9997] netlink: 'syz.2.1132': attribute type 10 has an invalid length.
[  481.486434][ T9997] netlink: 40 bytes leftover after parsing attributes in process `syz.2.1132'.
[  481.497258][ T9997] batadv0: entered promiscuous mode
[  481.503337][ T9997] batadv0: entered allmulticast mode
[  481.512238][ T9997] bridge0: port 3(batadv0) entered blocking state
[  481.519597][ T9997] bridge0: port 3(batadv0) entered disabled state
[  481.898699][ T6391] batman_adv: batadv0: No IGMP Querier present - multicast optimizations disabled
[  481.908428][ T6391] batman_adv: batadv0: No MLD Querier present - multicast optimizations disabled
[  482.195064][T10014] netlink: 'syz.2.1138': attribute type 29 has an invalid length.
[  482.206530][T10014] netlink: 'syz.2.1138': attribute type 29 has an invalid length.
[  482.218507][T10014] netlink: 500 bytes leftover after parsing attributes in process `syz.2.1138'.
[  482.235513][T10014] netlink: 'syz.2.1138': attribute type 4 has an invalid length.
[  482.243326][T10014] netlink: 'syz.2.1138': attribute type 2 has an invalid length.
[  482.419358][T10014] bio_check_eod: 2 callbacks suppressed
[  482.419397][T10014] syz.2.1138: attempt to access beyond end of device
[  482.419397][T10014] nbd2: rw=4096, sector=0, nr_sectors = 1 limit=0
[  483.732702][T10032] misc userio: Invalid payload size
[  483.749516][T10032] misc userio: Invalid payload size
[  483.769629][T10032] misc userio: The device must be registered before sending interrupts
[  483.933625][    T9] usb 1-1: new high-speed USB device number 28 using dummy_hcd
[  484.513663][    T9] usb 1-1: Using ep0 maxpacket: 32
[  484.545428][    T9] usb 1-1: config 0 has an invalid interface number: 12 but max is 0
[  484.555436][    T9] usb 1-1: config 0 has no interface number 0
[  484.561561][    T9] usb 1-1: config 0 interface 12 has no altsetting 0
[  485.425992][    T9] usb 1-1: New USB device found, idVendor=2c42, idProduct=1202, bcdDevice=85.40
[  485.435775][    T9] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  485.443856][    T9] usb 1-1: Product: syz
[  485.448041][    T9] usb 1-1: Manufacturer: syz
[  485.452751][    T9] usb 1-1: SerialNumber: syz
[  485.525220][    T9] usb 1-1: config 0 descriptor??
[  485.607727][T10050] FAULT_INJECTION: forcing a failure.
[  485.607727][T10050] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  485.631499][T10050] CPU: 1 UID: 0 PID: 10050 Comm: syz.1.1149 Not tainted 6.16.0-rc5-syzkaller #0 PREEMPT(full) 
[  485.631527][T10050] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  485.631539][T10050] Call Trace:
[  485.631547][T10050]  <TASK>
[  485.631555][T10050]  dump_stack_lvl+0x189/0x250
[  485.631583][T10050]  ? __pfx____ratelimit+0x10/0x10
[  485.631611][T10050]  ? __pfx_dump_stack_lvl+0x10/0x10
[  485.631632][T10050]  ? __pfx__printk+0x10/0x10
[  485.631669][T10050]  should_fail_ex+0x414/0x560
[  485.631700][T10050]  _copy_to_user+0x31/0xb0
[  485.631724][T10050]  finalize_log+0xe1/0x160
[  485.631749][T10050]  ? __pfx_finalize_log+0x10/0x10
[  485.631770][T10050]  ? btf_check_type_tags+0x679/0x680
[  485.631800][T10050]  btf_new_fd+0x6fa/0xc90
[  485.631833][T10050]  ? __pfx_btf_new_fd+0x10/0x10
[  485.631857][T10050]  ? bpf_token_put+0x143/0x160
[  485.631884][T10050]  ? bpf_btf_load+0x126/0x190
[  485.631904][T10050]  __sys_bpf+0x635/0x860
[  485.631933][T10050]  ? __pfx___sys_bpf+0x10/0x10
[  485.631973][T10050]  ? ksys_write+0x22a/0x250
[  485.632000][T10050]  ? __pfx_ksys_write+0x10/0x10
[  485.632033][T10050]  __x64_sys_bpf+0x7c/0x90
[  485.632059][T10050]  do_syscall_64+0xfa/0x3b0
[  485.632076][T10050]  ? lockdep_hardirqs_on+0x9c/0x150
[  485.632109][T10050]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  485.632127][T10050]  ? clear_bhb_loop+0x60/0xb0
[  485.632150][T10050]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  485.632167][T10050] RIP: 0033:0x7f178238e929
[  485.632184][T10050] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  485.632200][T10050] RSP: 002b:00007f178327c038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[  485.632220][T10050] RAX: ffffffffffffffda RBX: 00007f17825b5fa0 RCX: 00007f178238e929
[  485.632237][T10050] RDX: 0000000000000028 RSI: 0000200000000140 RDI: 0000000000000012
[  485.632249][T10050] RBP: 00007f178327c090 R08: 0000000000000000 R09: 0000000000000000
[  485.632260][T10050] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  485.632271][T10050] R13: 0000000000000001 R14: 00007f17825b5fa0 R15: 00007ffd27509308
[  485.632300][T10050]  </TASK>
[  485.993392][ T5922] usb 5-1: new low-speed USB device number 29 using dummy_hcd
[  486.156607][ T5922] usb 5-1: config 1 has an invalid descriptor of length 51, skipping remainder of the config
[  486.183649][ T5922] usb 5-1: config 1 interface 0 altsetting 4 has 0 endpoint descriptors, different from the interface descriptor's value: 3
[  486.199197][ T5922] usb 5-1: config 1 interface 0 has no altsetting 0
[  486.215756][ T5922] usb 5-1: string descriptor 0 read error: -22
[  486.222345][ T5922] usb 5-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  486.232465][ T5922] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  486.263133][ T5922] usb 5-1: bad CDC descriptors
[  486.704500][ T5922] usb 5-1: USB disconnect, device number 29
[  487.085434][T10077] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1158'.
[  487.110761][T10077] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1158'.
[  487.315347][T10084] xt_CT: No such helper "syz0"
[  487.592000][T10100] netlink: 60 bytes leftover after parsing attributes in process `syz.3.1166'.
[  487.603675][T10100] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1166'.
[  487.613850][T10100] netlink: 60 bytes leftover after parsing attributes in process `syz.3.1166'.
[  487.644019][ T5922] usb 3-1: new high-speed USB device number 40 using dummy_hcd
[  487.674587][T10100] netlink: 60 bytes leftover after parsing attributes in process `syz.3.1166'.
[  487.685172][T10100] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1166'.
[  487.694366][T10100] netlink: 60 bytes leftover after parsing attributes in process `syz.3.1166'.
[  487.798097][ T5922] usb 3-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 6
[  487.833231][ T5922] usb 3-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08
[  487.848676][ T5922] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  487.859047][ T5922] usb 3-1: Product: syz
[  487.863356][ T5922] usb 3-1: Manufacturer: syz
[  487.881262][    T9] f81534 1-1:0.12: f81534_get_register: reg: 1003 failed: -71
[  487.882847][ T5922] usb 3-1: SerialNumber: syz
[  487.905951][ T5922] usb 3-1: ath9k_htc: Device endpoint numbers are not the expected ones
[  487.909858][    T9] f81534 1-1:0.12: f81534_find_config_idx: read failed: -71
[  487.926915][T10100] netlink: 60 bytes leftover after parsing attributes in process `syz.3.1166'.
[  487.936602][T10100] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1166'.
[  487.945689][T10100] netlink: 60 bytes leftover after parsing attributes in process `syz.3.1166'.
[  487.991004][    T9] f81534 1-1:0.12: f81534_calc_num_ports: find idx failed: -71
[  488.013451][    T9] f81534 1-1:0.12: probe with driver f81534 failed with error -71
[  488.049385][    T9] usb 1-1: USB disconnect, device number 28
[  488.408289][T10113] macsec1: entered allmulticast mode
[  488.413836][T10113] veth1_macvtap: entered allmulticast mode
[  488.430686][T10113] veth1_macvtap: left allmulticast mode
[  489.118928][T10120] fuse: Unknown parameter 'user_id00000000000000000000'
[  490.137260][ T5847] Bluetooth: hci1: unexpected event for opcode 0x200c
[  490.247414][T10143] bridge0: port 1(bridge_slave_0) entered forwarding state
[  490.444917][ T3616] usb 3-1: USB disconnect, device number 40
[  490.518332][T10165] fuse: Bad value for 'fd'
[  490.616021][T10167] syzkaller1: entered promiscuous mode
[  490.622409][T10167] syzkaller1: entered allmulticast mode
[  491.306209][T10181] ip6tnl1: entered promiscuous mode
[  491.311762][T10181] ip6tnl1: entered allmulticast mode
[  491.794853][T10183] netlink: 212376 bytes leftover after parsing attributes in process `syz.3.1188'.
[  491.811677][T10183] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  491.819358][T10183] batman_adv: batadv0: Removing interface: batadv_slave_0
[  491.842513][T10183] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  491.862092][T10183] batman_adv: batadv0: Removing interface: batadv_slave_1
[  492.207350][T10203] fuse: Bad value for 'fd'
[  492.337924][    T9] usb 5-1: new high-speed USB device number 30 using dummy_hcd
[  493.046622][T10211] __nla_validate_parse: 2 callbacks suppressed
[  493.046640][T10211] netlink: 64 bytes leftover after parsing attributes in process `syz.1.1199'.
[  493.114537][    T9] usb 5-1: Using ep0 maxpacket: 16
[  493.122533][    T9] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  493.135660][    T9] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 3
[  493.148263][    T9] usb 5-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  493.157590][    T9] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  493.165653][    T9] usb 5-1: Product: syz
[  493.169868][    T9] usb 5-1: Manufacturer: syz
[  493.174546][    T9] usb 5-1: SerialNumber: syz
[  493.591517][    T9] usb 5-1: cannot find UAC_HEADER
[  493.618977][    T9] snd-usb-audio 5-1:1.0: probe with driver snd-usb-audio failed with error -22
[  493.708304][ T9914] udevd[9914]: error opening ATTR{/sys/devices/platform/dummy_hcd.4/usb5/5-1/5-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  493.808787][ T5922] usb 5-1: USB disconnect, device number 30
[  494.017662][T10238] fuse: Bad value for 'fd'
[  494.766883][T10262] tmpfs: Bad value for 'size'
[  495.610567][T10262] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1217'.
[  495.709199][T10266] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1217'.
[  496.435955][T10283] fuse: Unknown parameter '0x0000000000000003'
[  496.531944][T10289] misc userio: Invalid payload size
[  496.539119][T10289] misc userio: Invalid payload size
[  496.549109][T10289] misc userio: The device must be registered before sending interrupts
[  498.577432][T10321] FAULT_INJECTION: forcing a failure.
[  498.577432][T10321] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  498.656023][T10321] CPU: 0 UID: 0 PID: 10321 Comm: syz.4.1234 Not tainted 6.16.0-rc5-syzkaller #0 PREEMPT(full) 
[  498.656053][T10321] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  498.656064][T10321] Call Trace:
[  498.656072][T10321]  <TASK>
[  498.656081][T10321]  dump_stack_lvl+0x189/0x250
[  498.656107][T10321]  ? __pfx____ratelimit+0x10/0x10
[  498.656135][T10321]  ? __pfx_dump_stack_lvl+0x10/0x10
[  498.656156][T10321]  ? __pfx__printk+0x10/0x10
[  498.656183][T10321]  ? __pfx___mutex_lock+0x10/0x10
[  498.656208][T10321]  should_fail_ex+0x414/0x560
[  498.656241][T10321]  _copy_to_user+0x31/0xb0
[  498.656266][T10321]  cgroup_bpf_prog_query+0x57b/0xde0
[  498.656298][T10321]  ? __pfx_cgroup_bpf_prog_query+0x10/0x10
[  498.656320][T10321]  ? security_capable+0x7e/0x2e0
[  498.656351][T10321]  __sys_bpf+0x734/0x860
[  498.656400][T10321]  ? __pfx___sys_bpf+0x10/0x10
[  498.656443][T10321]  ? ksys_write+0x22a/0x250
[  498.656473][T10321]  ? __pfx_ksys_write+0x10/0x10
[  498.656514][T10321]  ? rcu_is_watching+0x15/0xb0
[  498.656546][T10321]  __x64_sys_bpf+0x7c/0x90
[  498.656574][T10321]  do_syscall_64+0xfa/0x3b0
[  498.656591][T10321]  ? lockdep_hardirqs_on+0x9c/0x150
[  498.656620][T10321]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  498.656641][T10321]  ? clear_bhb_loop+0x60/0xb0
[  498.656674][T10321]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  498.656694][T10321] RIP: 0033:0x7f610218e929
[  498.656713][T10321] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  498.656730][T10321] RSP: 002b:00007f6102f26038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[  498.656752][T10321] RAX: ffffffffffffffda RBX: 00007f61023b5fa0 RCX: 00007f610218e929
[  498.656767][T10321] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000010
[  498.656780][T10321] RBP: 00007f6102f26090 R08: 0000000000000000 R09: 0000000000000000
[  498.656792][T10321] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  498.656805][T10321] R13: 0000000000000000 R14: 00007f61023b5fa0 R15: 00007ffd52daa4c8
[  498.656837][T10321]  </TASK>
[  499.336778][T10327] input: syz1 as /devices/virtual/input/input14
[  499.377950][T10329] fuse: Unknown parameter '0x0000000000000003'
[  499.421024][T10327] cgroup: Invalid name
[  499.537442][T10327] netlink: 'syz.4.1235': attribute type 3 has an invalid length.
[  499.741713][T10327] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1235'.
[  499.837935][T10327] netlink: 'syz.4.1235': attribute type 3 has an invalid length.
[  499.846625][T10327] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1235'.
[  499.865038][T10333] netlink: 16 bytes leftover after parsing attributes in process `syz.0.1238'.
[  499.894039][T10335] 9pnet_fd: Insufficient options for proto=fd
[  499.952317][T10337] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1240'.
[  501.094270][ T5922] usb 2-1: new high-speed USB device number 32 using dummy_hcd
[  501.246218][ T5922] usb 2-1: device descriptor read/64, error -71
[  501.493809][ T5922] usb 2-1: new high-speed USB device number 33 using dummy_hcd
[  501.633698][ T5922] usb 2-1: device descriptor read/64, error -71
[  501.650345][ T1299] ieee802154 phy1 wpan1: encryption failed: -22
[  501.744002][ T5922] usb usb2-port1: attempt power cycle
[  502.390775][ T5922] usb 2-1: new high-speed USB device number 34 using dummy_hcd
[  503.365348][ T5922] usb 2-1: device descriptor read/8, error -71
[  503.510428][T10364] fuse: Unknown parameter '0x0000000000000003'
[  503.659299][ T5922] usb 2-1: new high-speed USB device number 35 using dummy_hcd
[  503.718437][ T5922] usb 2-1: device descriptor read/8, error -71
[  503.856475][ T5922] usb usb2-port1: unable to enumerate USB device
[  504.423607][ T5914] usb 3-1: new high-speed USB device number 41 using dummy_hcd
[  504.677664][ T5914] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  504.699834][ T5914] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  504.727520][ T5914] usb 3-1: New USB device found, idVendor=1e7d, idProduct=2cf6, bcdDevice= 0.00
[  504.751411][ T5914] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  504.769739][T10393] netlink: 68 bytes leftover after parsing attributes in process `syz.1.1257'.
[  504.882902][ T5914] usb 3-1: config 0 descriptor??
[  505.293114][   T30] audit: type=1326 audit(1751916208.387:112): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10397 comm="syz.0.1261" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f7291f8e929 code=0x0
[  505.336277][ T5914] pyra 0003:1E7D:2CF6.000C: hidraw0: USB HID v0.00 Device [HID 1e7d:2cf6] on usb-dummy_hcd.2-1/input0
[  505.404159][   T10] usb 5-1: new high-speed USB device number 31 using dummy_hcd
[  505.466096][T10405] cgroup: Invalid name
[  505.479433][T10405] netlink: 'syz.3.1262': attribute type 3 has an invalid length.
[  505.492066][T10405] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1262'.
[  505.506694][T10405] netlink: 'syz.3.1262': attribute type 3 has an invalid length.
[  505.518850][T10405] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1262'.
[  505.531296][ T5914] pyra 0003:1E7D:2CF6.000C: couldn't init struct pyra_device
[  505.553819][ T5914] pyra 0003:1E7D:2CF6.000C: couldn't install mouse
[  505.562918][ T5914] pyra 0003:1E7D:2CF6.000C: probe with driver pyra failed with error -5
[  505.611382][T10408] fuse: Unknown parameter '0x0000000000000003'
[  505.624151][   T10] usb 5-1: Using ep0 maxpacket: 16
[  505.636228][   T10] usb 5-1: New USB device found, idVendor=17ef, idProduct=721e, bcdDevice=de.06
[  505.664616][   T10] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  505.672704][   T10] usb 5-1: Product: syz
[  505.684615][   T10] usb 5-1: Manufacturer: syz
[  505.689279][   T10] usb 5-1: SerialNumber: syz
[  505.708130][   T10] r8152-cfgselector 5-1: Unknown version 0x0000
[  505.720519][   T10] r8152-cfgselector 5-1: config 0 descriptor??
[  505.731123][T10410] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1264'.
[  505.741500][T10410] netlink: 32 bytes leftover after parsing attributes in process `syz.3.1264'.
[  508.045365][T10428] overlayfs: "xino" feature enabled using 2 upper inode bits.
[  508.312169][ T3616] usb 3-1: USB disconnect, device number 41
[  508.318344][ T5834] usb 1-1: new low-speed USB device number 29 using dummy_hcd
[  508.470070][   T10] r8152-cfgselector 5-1: Unknown version 0x0000
[  508.510798][ T5834] usb 1-1: Invalid ep0 maxpacket: 64
[  508.518155][   T10] r8152-cfgselector 5-1: bad CDC descriptors
[  509.156202][   T10] r8152-cfgselector 5-1: USB disconnect, device number 31
[  509.160427][T10441] ip6tnl1: entered promiscuous mode
[  509.168855][T10441] ip6tnl1: entered allmulticast mode
[  509.203987][ T5834] usb 1-1: new low-speed USB device number 30 using dummy_hcd
[  509.464050][ T5834] usb 1-1: Invalid ep0 maxpacket: 64
[  509.492127][ T5834] usb usb1-port1: attempt power cycle
[  509.873627][ T5834] usb 1-1: new low-speed USB device number 31 using dummy_hcd
[  509.904371][ T5834] usb 1-1: Invalid ep0 maxpacket: 64
[  510.044960][ T5834] usb 1-1: new low-speed USB device number 32 using dummy_hcd
[  510.053855][   T10] usb 3-1: new high-speed USB device number 42 using dummy_hcd
[  510.095283][ T5834] usb 1-1: Invalid ep0 maxpacket: 64
[  510.102481][ T5834] usb usb1-port1: unable to enumerate USB device
[  510.135952][T10458] misc userio: Invalid payload size
[  510.142917][T10458] misc userio: Invalid payload size
[  510.150104][T10458] misc userio: The device must be registered before sending interrupts
[  511.231247][   T10] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  511.243370][   T10] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  511.254264][   T10] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  511.293925][   T10] usb 3-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  511.303036][   T10] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  511.315432][   T10] usb 3-1: config 0 descriptor??
[  512.178513][T10451] netlink: 212296 bytes leftover after parsing attributes in process `syz.2.1277'.
[  512.340107][   T10] plantronics 0003:047F:FFFF.000D: reserved main item tag 0xd
[  512.947715][   T10] plantronics 0003:047F:FFFF.000D: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.2-1/input0
[  513.032285][   T10] usb 3-1: USB disconnect, device number 42
[  513.729076][T10495] fido_id[10495]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.2/usb3/report_descriptor': No such file or directory
[  513.930795][T10501] ptrace attach of "./syz-executor exec"[5838] was attempted by "                                                                                                                                                                                                                                                                           €    "[10501]
[  514.057352][T10509] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1295'.
[  514.191085][T10514] 9pnet_fd: Insufficient options for proto=fd
[  514.379967][T10515] netlink: 830 bytes leftover after parsing attributes in process `syz.1.1297'.
[  514.440249][   T10] usb 5-1: new high-speed USB device number 32 using dummy_hcd
[  514.493660][T10515] netlink: 132 bytes leftover after parsing attributes in process `syz.1.1297'.
[  514.770764][T10515] bridge4: entered promiscuous mode
[  514.792834][T10517] netlink: 36 bytes leftover after parsing attributes in process `syz.3.1298'.
[  514.882700][T10514] netlink: 'syz.1.1297': attribute type 1 has an invalid length.
[  514.933801][   T10] usb 5-1: Using ep0 maxpacket: 16
[  514.957102][   T10] usb 5-1: New USB device found, idVendor=17ef, idProduct=721e, bcdDevice=de.06
[  514.989416][   T10] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  515.013613][   T10] usb 5-1: Product: syz
[  515.028958][   T10] usb 5-1: Manufacturer: syz
[  515.047040][   T10] usb 5-1: SerialNumber: syz
[  515.078854][   T10] r8152-cfgselector 5-1: Unknown version 0x0000
[  515.098923][   T10] r8152-cfgselector 5-1: config 0 descriptor??
[  515.483930][ T5914] usb 1-1: new high-speed USB device number 33 using dummy_hcd
[  515.517632][   T10] r8152-cfgselector 5-1: USB disconnect, device number 32
[  515.716280][ T5914] usb 1-1: Using ep0 maxpacket: 32
[  515.728588][ T5914] usb 1-1: config 0 interface 0 has no altsetting 0
[  515.738117][ T5914] usb 1-1: New USB device found, idVendor=16d0, idProduct=10b8, bcdDevice=de.8e
[  515.747942][ T5914] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  515.756134][ T5914] usb 1-1: Product: syz
[  515.760463][ T5914] usb 1-1: Manufacturer: syz
[  515.765911][ T5914] usb 1-1: SerialNumber: syz
[  515.775404][ T5914] usb 1-1: config 0 descriptor??
[  516.023813][ T9976] usb 3-1: new high-speed USB device number 43 using dummy_hcd
[  516.089809][T10535] netlink: 56 bytes leftover after parsing attributes in process `syz.3.1306'.
[  516.218713][ T5914] gs_usb 1-1:0.0: Couldn't get device config: (err=-71)
[  516.233595][ T5914] gs_usb 1-1:0.0: probe with driver gs_usb failed with error -71
[  516.276331][ T5914] usb 1-1: USB disconnect, device number 33
[  516.451241][T10540] ip6tnl1: entered promiscuous mode
[  516.456798][T10540] ip6tnl1: entered allmulticast mode
[  516.955393][ T9976] usb 3-1: too many endpoints for config 0 interface 0 altsetting 0: 196, using maximum allowed: 30
[  517.114592][ T9976] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  517.129200][ T9976] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 196
[  517.293321][ T9976] usb 3-1: New USB device found, idVendor=04d9, idProduct=a055, bcdDevice= 0.00
[  517.445826][ T9976] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  517.520976][ T9976] usb 3-1: config 0 descriptor??
[  517.559392][    T9] usb 5-1: new high-speed USB device number 33 using dummy_hcd
[  517.638606][T10548] snd_dummy snd_dummy.0: control 0:65280:65536:syz0:-786 is already present
[  517.741187][    T9] usb 5-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08
[  517.761526][    T9] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  517.783439][    T9] usb 5-1: Product: syz
[  517.790037][    T9] usb 5-1: Manufacturer: syz
[  517.803100][    T9] usb 5-1: SerialNumber: syz
[  517.842319][    T9] usb 5-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested
[  517.875736][T10552] netlink: 16 bytes leftover after parsing attributes in process `syz.0.1310'.
[  517.905012][ T5914] usb 5-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008
[  517.916741][T10552] netlink: 16 bytes leftover after parsing attributes in process `syz.0.1310'.
[  517.995314][ T9976] holtek_kbd 0003:04D9:A055.000E: bogus close delimiter
[  518.002650][ T9976] holtek_kbd 0003:04D9:A055.000E: item 0 4 2 10 parsing failed
[  518.037183][ T9976] holtek_kbd 0003:04D9:A055.000E: probe with driver holtek_kbd failed with error -22
[  518.325272][ T3616] usb 3-1: USB disconnect, device number 43
[  519.232181][ T5914] ath9k_htc 5-1:1.0: ath9k_htc: Target is unresponsive
[  519.244200][ T3616] usb 5-1: USB disconnect, device number 33
[  519.259557][ T5914] ath9k_htc: Failed to initialize the device
[  519.301361][ T3616] usb 5-1: ath9k_htc: USB layer deinitialized
[  521.572853][T10566] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1316'.
[  521.794151][T10566] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1316'.
[  522.295025][T10566] netlink: 40 bytes leftover after parsing attributes in process `syz.2.1316'.
[  522.533893][T10566] kvm: vcpu 0: requested 56 ns lapic timer period limited to 200000 ns
[  524.213601][ T3616] usb 2-1: new high-speed USB device number 36 using dummy_hcd
[  524.373778][ T3616] usb 2-1: Using ep0 maxpacket: 8
[  524.382611][ T3616] usb 2-1: unable to get BOS descriptor or descriptor too short
[  524.395413][ T3616] usb 2-1: config 17 has an invalid interface number: 8 but max is 1
[  524.407546][ T3616] usb 2-1: config 17 has 1 interface, different from the descriptor's value: 2
[  524.418112][ T3616] usb 2-1: config 17 has no interface number 0
[  524.427070][ T3616] usb 2-1: config 17 interface 8 altsetting 6 endpoint 0x3 has invalid wMaxPacketSize 0
[  524.455307][ T3616] usb 2-1: config 17 interface 8 has no altsetting 0
[  524.478381][ T3616] usb 2-1: New USB device found, idVendor=0763, idProduct=2001, bcdDevice=2c.ff
[  524.494586][ T3616] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  524.526132][ T3616] usb 2-1: Product: syz
[  524.533693][    T9] usb 1-1: new high-speed USB device number 34 using dummy_hcd
[  524.540957][ T3616] usb 2-1: Manufacturer: syz
[  524.550523][ T3616] usb 2-1: SerialNumber: syz
[  524.566708][T10620] misc userio: Invalid payload size
[  524.573745][T10620] misc userio: Invalid payload size
[  524.581127][T10620] misc userio: The device must be registered before sending interrupts
[  525.556161][    T9] usb 1-1: Using ep0 maxpacket: 8
[  525.573919][    T9] usb 1-1: config 0 has an invalid interface number: 37 but max is 0
[  525.587198][    T9] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  525.659354][    T9] usb 1-1: config 0 has no interface number 0
[  525.669641][    T9] usb 1-1: New USB device found, idVendor=0421, idProduct=0508, bcdDevice=50.d3
[  525.681203][    T9] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  525.692972][    T9] usb 1-1: Product: syz
[  525.710432][    T9] usb 1-1: Manufacturer: syz
[  525.720767][    T9] usb 1-1: SerialNumber: syz
[  525.730344][    T9] usb 1-1: config 0 descriptor??
[  525.744414][    T9] usb 1-1: bad CDC descriptors
[  525.783348][ T3616] usb 2-1: selecting invalid altsetting 0
[  525.830939][ T3616] usb 2-1: USB disconnect, device number 36
[  525.866469][ T9914] udevd[9914]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:17.8/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  525.951857][ T5922] usb 1-1: USB disconnect, device number 34
[  526.431789][T10643] netlink: 'syz.1.1341': attribute type 10 has an invalid length.
[  526.448781][T10645] netlink: 60 bytes leftover after parsing attributes in process `syz.2.1340'.
[  526.545236][T10643] syz_tun: entered promiscuous mode
[  526.557338][T10643] bond0: (slave syz_tun): Enslaving as an active interface with an up link
[  526.726119][T10653] input: syz1 as /devices/virtual/input/input17
[  526.852932][T10654] misc userio: Invalid payload size
[  526.864768][T10654] misc userio: Invalid payload size
[  526.875897][T10654] misc userio: The device must be registered before sending interrupts
[  527.109197][T10653] cgroup: Invalid name
[  527.605242][T10621] orangefs_mount: mount request failed with -4
[  530.759596][T10661] loop6: detected capacity change from 0 to 7
[  530.795107][T10661] Dev loop6: unable to read RDB block 7
[  530.815438][T10661]  loop6: AHDI p1 p2 p3 p4
[  530.819996][T10661] loop6: partition table partially beyond EOD, truncated
[  530.856789][T10661] loop6: p1 start 926365495 is beyond EOD, truncated
[  530.867236][T10661] loop6: p2 size 47 extends beyond EOD, truncated
[  530.879002][T10661] loop6: p3 start 1886353253 is beyond EOD, truncated
[  531.428722][T10678] (unnamed net_device) (uninitialized): option lp_interval: invalid value (0)
[  531.438757][T10678] (unnamed net_device) (uninitialized): option lp_interval: allowed values 1 - 2147483647
[  532.239779][ T5922] usb 2-1: new high-speed USB device number 37 using dummy_hcd
[  532.635622][ T5922] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  532.653625][ T5922] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  532.668936][ T5922] usb 2-1: New USB device found, idVendor=1e7d, idProduct=2cf6, bcdDevice= 0.00
[  532.678631][ T5922] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  532.706508][ T5922] usb 2-1: config 0 descriptor??
[  532.871326][   T24] usb 5-1: new high-speed USB device number 34 using dummy_hcd
[  533.106519][   T24] usb 5-1: config index 0 descriptor too short (expected 54364, got 92)
[  533.189293][   T24] usb 5-1: config 27 has too many interfaces: 112, using maximum allowed: 32
[  533.275019][   T24] usb 5-1: config 27 has 0 interfaces, different from the descriptor's value: 112
[  533.294672][ T5922] pyra 0003:1E7D:2CF6.000F: hidraw0: USB HID v0.00 Device [HID 1e7d:2cf6] on usb-dummy_hcd.1-1/input0
[  533.414128][   T24] usb 5-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  533.437606][ T5922] pyra 0003:1E7D:2CF6.000F: couldn't init struct pyra_device
[  533.510542][ T5922] pyra 0003:1E7D:2CF6.000F: couldn't install mouse
[  533.528169][   T24] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  533.651050][   T24] usb 5-1: Product: syz
[  533.699365][ T5922] pyra 0003:1E7D:2CF6.000F: probe with driver pyra failed with error -5
[  533.718357][   T24] usb 5-1: Manufacturer: syz
[  533.756035][   T24] usb 5-1: SerialNumber: syz
[  535.588450][ T5914] usb 2-1: USB disconnect, device number 37
[  537.812586][ T1143] batman_adv: batadv0: IGMP Querier appeared
[  537.819054][ T1143] batman_adv: batadv0: MLD Querier appeared
[  537.983620][   T24] usb 5-1: USB disconnect, device number 34
[  541.125950][T10723] FAULT_INJECTION: forcing a failure.
[  541.125950][T10723] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  541.383672][T10723] CPU: 0 UID: 0 PID: 10723 Comm: syz.0.1364 Not tainted 6.16.0-rc5-syzkaller #0 PREEMPT(full) 
[  541.383695][T10723] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  541.383705][T10723] Call Trace:
[  541.383711][T10723]  <TASK>
[  541.383718][T10723]  dump_stack_lvl+0x189/0x250
[  541.383741][T10723]  ? __pfx____ratelimit+0x10/0x10
[  541.383763][T10723]  ? __pfx_dump_stack_lvl+0x10/0x10
[  541.383779][T10723]  ? __pfx__printk+0x10/0x10
[  541.383798][T10723]  ? __might_fault+0xb0/0x130
[  541.383828][T10723]  should_fail_ex+0x414/0x560
[  541.383852][T10723]  _copy_from_iter+0x1db/0x16f0
[  541.383867][T10723]  ? trace_event_raw_event_bpf_trace_printk+0x187/0x260
[  541.383884][T10723]  ? __pfx_trace_event_raw_event_bpf_trace_printk+0x10/0x10
[  541.383905][T10723]  ? __pfx__copy_from_iter+0x10/0x10
[  541.383921][T10723]  ? rcu_is_watching+0x15/0xb0
[  541.383948][T10723]  tun_get_user+0x20f/0x3ce0
[  541.383965][T10723]  ? __lock_acquire+0xab9/0xd20
[  541.383987][T10723]  ? __might_fault+0xb0/0x130
[  541.384009][T10723]  ? __pfx_tun_get_user+0x10/0x10
[  541.384041][T10723]  ? __lock_acquire+0xab9/0xd20
[  541.384057][T10723]  ? ref_tracker_alloc+0x318/0x460
[  541.384074][T10723]  ? __lock_acquire+0xab9/0xd20
[  541.384088][T10723]  ? __pfx_ref_tracker_alloc+0x10/0x10
[  541.384111][T10723]  ? tun_get+0x1c/0x2f0
[  541.384127][T10723]  ? tun_get+0x1c/0x2f0
[  541.384139][T10723]  ? tun_get+0x1c/0x2f0
[  541.384155][T10723]  tun_chr_write_iter+0x113/0x200
[  541.384170][T10723]  vfs_write+0x548/0xa90
[  541.384197][T10723]  ? __pfx_tun_chr_write_iter+0x10/0x10
[  541.384212][T10723]  ? __pfx_vfs_write+0x10/0x10
[  541.384249][T10723]  ? __fget_files+0x2a/0x420
[  541.384272][T10723]  ksys_write+0x145/0x250
[  541.384292][T10723]  ? __pfx_ksys_write+0x10/0x10
[  541.384308][T10723]  ? rcu_is_watching+0x15/0xb0
[  541.384325][T10723]  ? do_syscall_64+0xbe/0x3b0
[  541.384341][T10723]  do_syscall_64+0xfa/0x3b0
[  541.384351][T10723]  ? lockdep_hardirqs_on+0x9c/0x150
[  541.384370][T10723]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  541.384383][T10723]  ? clear_bhb_loop+0x60/0xb0
[  541.384399][T10723]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  541.384412][T10723] RIP: 0033:0x7f7291f8e929
[  541.384424][T10723] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  541.384435][T10723] RSP: 002b:00007f7292dec038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  541.384450][T10723] RAX: ffffffffffffffda RBX: 00007f72921b5fa0 RCX: 00007f7291f8e929
[  541.384459][T10723] RDX: 000000000000007a RSI: 00002000000002c0 RDI: 0000000000000004
[  541.384467][T10723] RBP: 00007f7292dec090 R08: 0000000000000000 R09: 0000000000000000
[  541.384476][T10723] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  541.384483][T10723] R13: 0000000000000000 R14: 00007f72921b5fa0 R15: 00007ffe2b879db8
[  541.384504][T10723]  </TASK>
[  541.384654][ T5914] usb 3-1: new high-speed USB device number 44 using dummy_hcd
[  541.618086][    C0] vkms_vblank_simulate: vblank timer overrun
[  541.801766][T10731] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1365'.
[  541.898350][ T6073] Bluetooth: hci5: Frame reassembly failed (-84)
[  544.257159][ T5847] Bluetooth: hci5: Opcode 0x1003 failed: -110
[  544.263189][ T5155] Bluetooth: hci5: command 0x1003 tx timeout
[  545.002161][T10760] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  545.037253][T10760] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  545.117414][ T5847] Bluetooth: hci3: Unable to find connection with handle 0x00c9
[  545.127970][T10767] support for cryptoloop has been removed.  Use dm-crypt instead.
[  545.233874][   T24] usb 1-1: new high-speed USB device number 35 using dummy_hcd
[  545.784351][T10779] block nbd2: NBD_DISCONNECT
[  546.274796][   T24] usb 1-1: config 0 has an invalid interface number: 73 but max is 0
[  546.427356][   T24] usb 1-1: config 0 has no interface number 0
[  546.524478][   T24] usb 1-1: New USB device found, idVendor=06f8, idProduct=300c, bcdDevice=39.64
[  546.573628][   T24] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  546.644897][   T24] usb 1-1: Product: syz
[  546.649228][   T24] usb 1-1: Manufacturer: syz
[  546.673936][   T24] usb 1-1: SerialNumber: syz
[  546.682196][T10795] syz.3.1380 calls setitimer() with new_value NULL pointer. Misfeature support will be removed
[  546.734294][   T24] usb 1-1: config 0 descriptor??
[  546.955314][ T5914] usb 1-1: USB disconnect, device number 35
[  546.999108][   T10] usb 3-1: new high-speed USB device number 45 using dummy_hcd
[  547.013785][T10799] sch_tbf: peakrate 2 is lower than or equals to rate 9622228065856960865 !
[  547.601385][   T10] usb 3-1: config 0 has an invalid interface number: 255 but max is 0
[  547.764103][   T10] usb 3-1: config 0 has no interface number 0
[  547.783354][   T10] usb 3-1: too many endpoints for config 0 interface 255 altsetting 255: 255, using maximum allowed: 30
[  547.807570][   T10] usb 3-1: config 0 interface 255 altsetting 255 has 0 endpoint descriptors, different from the interface descriptor's value: 255
[  547.827688][   T10] usb 3-1: config 0 interface 255 has no altsetting 0
[  547.835822][   T10] usb 3-1: New USB device found, idVendor=0bda, idProduct=0177, bcdDevice=7d.0b
[  547.847484][   T10] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  547.900013][   T10] usb 3-1: config 0 descriptor??
[  547.931818][   T10] ums-realtek 3-1:0.255: USB Mass Storage device detected
[  547.991714][T10810] support for cryptoloop has been removed.  Use dm-crypt instead.
[  548.688099][   T10] usb 3-1: USB disconnect, device number 45
[  549.599723][T10841] batman_adv: Cannot find parent device. Skipping batadv-on-batadv check for ip6gretap1
[  549.614060][T10841] batman_adv: batadv0: Adding interface: ip6gretap1
[  549.620712][T10841] batman_adv: batadv0: The MTU of interface ip6gretap1 is too small (1434) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  549.647311][T10841] batman_adv: batadv0: Interface activated: ip6gretap1
[  550.230049][T10844] ip6tnl1: entered promiscuous mode
[  550.236671][T10844] ip6tnl1: entered allmulticast mode
[  550.444849][T10851] support for cryptoloop has been removed.  Use dm-crypt instead.
[  550.620382][T10855] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1403'.
[  553.875124][T10887] use of bytesused == 0 is deprecated and will be removed in the future,
[  553.900528][T10887] use the actual size instead.
[  659.073451][    C0] rcu: INFO: rcu_preempt detected stalls on CPUs/tasks:
[  659.080479][    C0] rcu: 	1-...!: (1 GPs behind) idle=589c/1/0x4000000000000000 softirq=47879/47880 fqs=11
[  659.091479][    C0] rcu: 	(detected by 0, t=10502 jiffies, g=41985, q=1311 ncpus=2)
[  659.099328][    C0] Sending NMI from CPU 0 to CPUs 1:
[  659.099368][    C1] NMI backtrace for cpu 1
[  659.099387][    C1] CPU: 1 UID: 0 PID: 10885 Comm: syz.2.1411 Not tainted 6.16.0-rc5-syzkaller #0 PREEMPT(full) 
[  659.099407][    C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  659.099418][    C1] RIP: 0010:lock_acquire+0x58/0x360
[  659.099441][    C1] Code: 8b 05 ec c2 fe 10 48 89 44 24 58 0f 1f 44 00 00 65 8b 05 ef c2 fe 10 83 f8 08 0f 83 b8 01 00 00 89 c0 48 0f a3 05 98 8e 02 0e <73> 16 e8 41 f1 08 00 84 c0 75 0d f6 05 53 79 ec 0d 01 0f 84 d7 01
[  659.099456][    C1] RSP: 0018:ffffc90000a08bc0 EFLAGS: 00000097
[  659.099472][    C1] RAX: 0000000000000001 RBX: 0000000000000000 RCX: 0000000000000000
[  659.099482][    C1] RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffff888023da4300
[  659.099492][    C1] RBP: ffffffff898784a4 R08: 0000000000000001 R09: 0000000000000000
[  659.099503][    C1] R10: dffffc0000000000 R11: ffffffff898783e0 R12: 0000000000000000
[  659.099515][    C1] R13: ffff888023da4300 R14: 0000000000000000 R15: 0000000000000001
[  659.099526][    C1] FS:  00007f695ba736c0(0000) GS:ffff888125d51000(0000) knlGS:0000000000000000
[  659.099541][    C1] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  659.099552][    C1] CR2: 0000200000003c80 CR3: 0000000030c0c000 CR4: 00000000003526f0
[  659.099567][    C1] Call Trace:
[  659.099575][    C1]  <IRQ>
[  659.099593][    C1]  _raw_spin_lock+0x2e/0x40
[  659.099617][    C1]  ? advance_sched+0xc4/0xc90
[  659.099645][    C1]  advance_sched+0xc4/0xc90
[  659.099667][    C1]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  659.099691][    C1]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  659.099720][    C1]  ? __pfx_advance_sched+0x10/0x10
[  659.099740][    C1]  __hrtimer_run_queues+0x529/0xc60
[  659.099770][    C1]  ? __pfx___hrtimer_run_queues+0x10/0x10
[  659.099787][    C1]  ? read_tsc+0x9/0x20
[  659.099817][    C1]  hrtimer_interrupt+0x45b/0xaa0
[  659.099850][    C1]  __sysvec_apic_timer_interrupt+0x10b/0x410
[  659.099872][    C1]  sysvec_apic_timer_interrupt+0xa1/0xc0
[  659.099898][    C1]  </IRQ>
[  659.099903][    C1]  <TASK>
[  659.099910][    C1]  asm_sysvec_apic_timer_interrupt+0x1a/0x20
[  659.099928][    C1] RIP: 0010:_raw_spin_unlock_irqrestore+0xa8/0x110
[  659.099952][    C1] Code: 74 05 e8 cb 2b 5d f6 48 c7 44 24 20 00 00 00 00 9c 8f 44 24 20 f6 44 24 21 02 75 4f f7 c3 00 02 00 00 74 01 fb bf 01 00 00 00 <e8> 03 4d 26 f6 65 8b 05 cc 6a 32 07 85 c0 74 40 48 c7 04 24 0e 36
[  659.099966][    C1] RSP: 0018:ffffc90002e57b60 EFLAGS: 00000206
[  659.099980][    C1] RAX: 843317af2771fe00 RBX: 0000000000000a06 RCX: 843317af2771fe00
[  659.099992][    C1] RDX: 0000000000000007 RSI: ffffffff8d983ce5 RDI: 0000000000000001
[  659.100003][    C1] RBP: ffffc90002e57bf0 R08: ffffffff8fa0bbf7 R09: 1ffffffff1f4177e
[  659.100015][    C1] R10: dffffc0000000000 R11: fffffbfff1f4177f R12: dffffc0000000000
[  659.100028][    C1] R13: ffff8880b8627ac0 R14: ffff8880b8627ac0 R15: 1ffff920005caf6c
[  659.100051][    C1]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  659.100074][    C1]  ? read_tsc+0x9/0x20
[  659.100103][    C1]  clock_was_set+0x63b/0x7c0
[  659.100123][    C1]  ? lockdep_hardirqs_on+0x9c/0x150
[  659.100150][    C1]  ? __pfx_clock_was_set+0x10/0x10
[  659.100164][    C1]  ? do_settimeofday64+0x2d1/0x5e0
[  659.100189][    C1]  ? timekeeping_update_from_shadow+0x2b1/0x350
[  659.100215][    C1]  do_settimeofday64+0x2ec/0x5e0
[  659.100237][    C1]  ? safesetid_security_capable+0xa9/0x1a0
[  659.100266][    C1]  ? __pfx_do_settimeofday64+0x10/0x10
[  659.100288][    C1]  ? amd_sfh_hid_client_init+0x409/0x18c0
[  659.100313][    C1]  ? bpf_lsm_settime+0x9/0x20
[  659.100331][    C1]  ? security_settime64+0x76/0x290
[  659.100350][    C1]  ? do_sys_settimeofday64+0x163/0x260
[  659.100376][    C1]  __x64_sys_clock_settime+0x22c/0x280
[  659.100403][    C1]  ? __pfx___x64_sys_clock_settime+0x10/0x10
[  659.100427][    C1]  ? rcu_is_watching+0x15/0xb0
[  659.100448][    C1]  ? do_syscall_64+0xbe/0x3b0
[  659.100466][    C1]  do_syscall_64+0xfa/0x3b0
[  659.100480][    C1]  ? lockdep_hardirqs_on+0x9c/0x150
[  659.100505][    C1]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  659.100521][    C1]  ? clear_bhb_loop+0x60/0xb0
[  659.100541][    C1]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  659.100557][    C1] RIP: 0033:0x7f695ab8e929
[  659.100573][    C1] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  659.100587][    C1] RSP: 002b:00007f695ba73038 EFLAGS: 00000246 ORIG_RAX: 00000000000000e3
[  659.100603][    C1] RAX: ffffffffffffffda RBX: 00007f695adb5fa0 RCX: 00007f695ab8e929
[  659.100615][    C1] RDX: 0000000000000000 RSI: 0000200000003c80 RDI: 0000000000000000
[  659.100634][    C1] RBP: 00007f695ac10b39 R08: 0000000000000000 R09: 0000000000000000
[  659.100645][    C1] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  659.100655][    C1] R13: 0000000000000000 R14: 00007f695adb5fa0 R15: 00007ffd475ef768
[  659.100675][    C1]  </TASK>
[  659.101354][    C0] rcu: rcu_preempt kthread starved for 10480 jiffies! g41985 f0x0 RCU_GP_WAIT_FQS(5) ->state=0x0 ->cpu=0
[  659.586461][    C0] rcu: 	Unless rcu_preempt kthread gets sufficient CPU time, OOM is now expected behavior.
[  659.596454][    C0] rcu: RCU grace-period kthread stack dump:
[  659.602444][    C0] task:rcu_preempt     state:R  running task     stack:26312 pid:16    tgid:16    ppid:2      task_flags:0x208040 flags:0x00004000
[  659.616347][    C0] Call Trace:
[  659.619657][    C0]  <TASK>
[  659.622619][    C0]  __schedule+0x16a2/0x4cb0
[  659.627189][    C0]  ? schedule+0x165/0x360
[  659.631567][    C0]  ? __pfx___schedule+0x10/0x10
[  659.636501][    C0]  ? schedule+0x91/0x360
[  659.640826][    C0]  schedule+0x165/0x360
[  659.645133][    C0]  schedule_timeout+0x12b/0x270
[  659.650027][    C0]  ? __pfx_schedule_timeout+0x10/0x10
[  659.655444][    C0]  ? _raw_spin_unlock_irqrestore+0x85/0x110
[  659.661733][    C0]  ? __pfx_process_timeout+0x10/0x10
[  659.667064][    C0]  ? prepare_to_swait_event+0x341/0x380
[  659.672650][    C0]  rcu_gp_fqs_loop+0x301/0x1540
[  659.677548][    C0]  ? __pfx_rcu_watching_snap_recheck+0x10/0x10
[  659.683731][    C0]  ? __pfx_rcu_gp_fqs_loop+0x10/0x10
[  659.689036][    C0]  ? _raw_spin_unlock_irq+0x2e/0x50
[  659.694285][    C0]  rcu_gp_kthread+0x99/0x390
[  659.698906][    C0]  ? __pfx_rcu_gp_kthread+0x10/0x10
[  659.704220][    C0]  ? __kthread_parkme+0x7b/0x200
[  659.709185][    C0]  ? __kthread_parkme+0x1a1/0x200
[  659.714250][    C0]  kthread+0x711/0x8a0
[  659.718354][    C0]  ? __pfx_rcu_gp_kthread+0x10/0x10
[  659.723573][    C0]  ? __pfx_kthread+0x10/0x10
[  659.728195][    C0]  ? _raw_spin_unlock_irq+0x23/0x50
[  659.733442][    C0]  ? lockdep_hardirqs_on+0x9c/0x150
[  659.738675][    C0]  ? __pfx_kthread+0x10/0x10
[  659.743310][    C0]  ret_from_fork+0x3fc/0x770
[  659.747934][    C0]  ? __pfx_ret_from_fork+0x10/0x10
[  659.753085][    C0]  ? __switch_to_asm+0x39/0x70
[  659.757886][    C0]  ? __switch_to_asm+0x33/0x70
[  659.762678][    C0]  ? __pfx_kthread+0x10/0x10
[  659.767304][    C0]  ret_from_fork_asm+0x1a/0x30
[  659.772208][    C0]  </TASK>
[  659.775253][    C0] rcu: Stack dump where RCU GP kthread last ran:
[  659.781596][    C0] CPU: 0 UID: 0 PID: 10894 Comm: syz.4.1414 Not tainted 6.16.0-rc5-syzkaller #0 PREEMPT(full) 
[  659.791943][    C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  659.802028][    C0] RIP: 0010:smp_call_function_many_cond+0xf69/0x12d0
[  659.808727][    C0] Code: 00 45 8b 2f 44 89 ee 83 e6 01 31 ff e8 c0 78 0b 00 41 83 e5 01 49 bd 00 00 00 00 00 fc ff df 75 07 e8 6b 74 0b 00 eb 37 f3 90 <43> 0f b6 04 2c 84 c0 75 10 41 f7 07 01 00 00 00 74 1e e8 50 74 0b
[  659.828365][    C0] RSP: 0018:ffffc90002eb7360 EFLAGS: 00000293
[  659.834471][    C0] RAX: ffffffff81b4b090 RBX: ffff8880b863b040 RCX: ffff88802f5c1e00
[  659.842479][    C0] RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000000
[  659.850492][    C0] RBP: ffffc90002eb74c0 R08: ffffffff8fa0bbf7 R09: 1ffffffff1f4177e
[  659.858492][    C0] R10: dffffc0000000000 R11: fffffbfff1f4177f R12: 1ffff110170e7f2d
[  659.866500][    C0] R13: dffffc0000000000 R14: 0000000000000001 R15: ffff8880b873f968
[  659.874503][    C0] FS:  0000000000000000(0000) GS:ffff888125c51000(0000) knlGS:0000000000000000
[  659.883481][    C0] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  659.890096][    C0] CR2: 000000110c28e45b CR3: 000000000df38000 CR4: 00000000003526f0
[  659.898104][    C0] Call Trace:
[  659.901420][    C0]  <TASK>
[  659.904385][    C0]  ? __pfx_smp_call_function_many_cond+0x10/0x10
[  659.910752][    C0]  ? rcu_is_watching+0x15/0xb0
[  659.915556][    C0]  ? __pfx_flush_tlb_func+0x10/0x10
[  659.920780][    C0]  on_each_cpu_cond_mask+0x3f/0x80
[  659.925921][    C0]  flush_tlb_mm_range+0x6b1/0x12c0
[  659.931080][    C0]  ? free_pgd_range+0x144b/0x14c0
[  659.936137][    C0]  ? __pfx_flush_tlb_mm_range+0x10/0x10
[  659.941813][    C0]  tlb_flush_mmu+0x1a7/0x680
[  659.946462][    C0]  tlb_finish_mmu+0xc3/0x1d0
[  659.951087][    C0]  ? free_pgd_range+0x144b/0x14c0
[  659.956138][    C0]  free_ldt_pgtables+0x17b/0x320
[  659.961105][    C0]  ? __pfx_free_ldt_pgtables+0x10/0x10
[  659.966610][    C0]  ? down_read+0x1ad/0x2e0
[  659.971057][    C0]  exit_mmap+0x17c/0xb50
[  659.975333][    C0]  ? uprobe_clear_state+0x20f/0x290
[  659.980568][    C0]  ? __pfx_exit_mmap+0x10/0x10
[  659.985391][    C0]  ? __mutex_unlock_slowpath+0x1cd/0x700
[  659.991065][    C0]  ? __pfx_exit_aio+0x10/0x10
[  659.995787][    C0]  ? uprobe_clear_state+0x274/0x290
[  660.001016][    C0]  ? mm_update_next_owner+0xa7/0x870
[  660.006341][    C0]  __mmput+0x118/0x410
[  660.010446][    C0]  exit_mm+0x1da/0x2c0
[  660.014563][    C0]  ? __pfx_exit_mm+0x10/0x10
[  660.019193][    C0]  ? rcu_is_watching+0x15/0xb0
[  660.024042][    C0]  do_exit+0x648/0x22e0
[  660.028237][    C0]  ? do_raw_spin_lock+0x121/0x290
[  660.033307][    C0]  ? __pfx_do_exit+0x10/0x10
[  660.037954][    C0]  do_group_exit+0x21c/0x2d0
[  660.042582][    C0]  ? lockdep_hardirqs_on+0x9c/0x150
[  660.047850][    C0]  get_signal+0x125e/0x1310
[  660.052580][    C0]  arch_do_signal_or_restart+0x9a/0x750
[  660.058171][    C0]  ? __pfx_arch_do_signal_or_restart+0x10/0x10
[  660.064382][    C0]  ? exit_to_user_mode_loop+0x40/0x110
[  660.069870][    C0]  exit_to_user_mode_loop+0x75/0x110
[  660.075181][    C0]  do_syscall_64+0x2bd/0x3b0
[  660.079796][    C0]  ? lockdep_hardirqs_on+0x9c/0x150
[  660.085027][    C0]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  660.091120][    C0]  ? clear_bhb_loop+0x60/0xb0
[  660.095834][    C0]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  660.101754][    C0] RIP: 0033:0x7f610218e929
[  660.106542][    C0] Code: Unable to access opcode bytes at 0x7f610218e8ff.
[  660.114561][    C0] RSP: 002b:00007f60ffff60e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca
[  660.123042][    C0] RAX: fffffffffffffe00 RBX: 00007f61023b6088 RCX: 00007f610218e929
[  660.131066][    C0] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007f61023b6088
[  660.139091][    C0] RBP: 00007f61023b6080 R08: 0000000000000000 R09: 0000000000000000
[  660.147107][    C0] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f61023b608c
[  660.155123][    C0] R13: 0000000000000000 R14: 00007ffd52daa3e0 R15: 00007ffd52daa4c8
[  660.163141][    C0]  </TASK>