last executing test programs:

32.163134682s ago: executing program 4 (id=2781):
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
setsockopt$IPT_SO_SET_REPLACE(r0, 0x0, 0x40, &(0x7f0000000380)=@raw={'raw\x00', 0x8, 0x3, 0x300, 0x0, 0xffffffff, 0xffffffff, 0x198, 0xffffffff, 0x268, 0xffffff7a, 0xffffffff, 0x268, 0xffffffff, 0x7fffffe, 0x0, {[{{@ip={@broadcast, @loopback, 0x0, 0x0, 'veth0\x00', 'team0\x00', {}, {}, 0x0, 0x3, 0x41}, 0x6, 0x130, 0x198, 0x0, {}, [@common=@unspec=@string={{0xc0}, {0x0, 0x0, 'bm\x00', "00000100cbd047da9ca965f96ad5801f0514d363ee84bb895919d9490f6785fba3c4a44f1e25ecefef2a2d6054f5260ece5ce1a56a5ef73be11d65bfe8c37674024c183ebacdf741cea92ded3a9ca54de15dd9ec8ef62f9e000000000000000000ffffff7f00", 0x7d, 0x3}}]}, @unspec=@CT2={0x68, 'CT\x00', 0x2, {0x0, 0x0, 0x0, 0x8, '\x00', 'syz1\x00', {0x4}}}}, {{@uncond, 0x0, 0x70, 0xd0}, @common=@CLUSTERIP={0x60, 'CLUSTERIP\x00', 0x0, {0x0, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x3}, 0x100, 0xb, [0x3c, 0x3f, 0x19, 0x12, 0x33, 0x14, 0x40, 0x2e, 0x2a, 0x3c, 0x2e, 0x32, 0x9, 0xc, 0x21, 0x1b], 0x0, 0xe, 0x6}}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x360)
r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
r2 = openat$cgroup_int(r1, &(0x7f0000000100)='blkio.reset_stats\x00', 0x2, 0x0)
write$cgroup_int(r2, &(0x7f0000000040)=0x2, 0x12)

32.042539872s ago: executing program 4 (id=2782):
r0 = socket(0x2, 0x80805, 0x0)
r1 = socket$inet6_sctp(0xa, 0x5, 0x84)
shutdown(r1, 0x0)
close(0x3)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r1, 0x84, 0x6f, &(0x7f0000000200)={<r2=>0x0, 0x10, &(0x7f00000001c0)=[@in={0x2, 0x4e23, @rand_addr=0x64010100}]}, &(0x7f0000000140)=0x10)
getsockopt$inet_sctp6_SCTP_PRIMARY_ADDR(r1, 0x84, 0x7a, &(0x7f0000000340)={r2, @in6={{0xa, 0x3, 0x4, @mcast1}}}, &(0x7f0000000040)=0x84)
sendmmsg$inet_sctp(r0, &(0x7f00000032c0)=[{0x0, 0x0, 0x0, 0x0, &(0x7f0000000700)=ANY=[@ANYBLOB="30000000000000008400000001000000000000017c"], 0x30}], 0x1, 0x0)
setsockopt$inet_sctp_SCTP_DEFAULT_PRINFO(r0, 0x84, 0x72, 0x0, 0x0)

32.037416958s ago: executing program 4 (id=2783):
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f00000001c0)=@abs={0x0, 0x0, 0x4e23}, 0x34) (async)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
syz_mount_image$fuse(0x0, &(0x7f0000000000)='./file0\x00', 0x141050, 0x0, 0x1, 0x0, 0x0)
lsetxattr$system_posix_acl(&(0x7f0000000040)='./file0\x00', &(0x7f0000000240)='system.posix_acl_default\x00', &(0x7f00000002c0)=ANY=[@ANYRESHEX=r0], 0xc, 0x1) (async)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000400)={0x1, &(0x7f00000007c0)=[{0x6, 0x0, 0x0, 0x7fffffdf}]}) (async, rerun: 64)
futex_waitv(0x0, 0x0, 0x2, 0x0, 0x0) (async, rerun: 64)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) (async, rerun: 32)
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000080)=@base={0x9, 0x4, 0x6, 0xbaa, 0x4, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50) (rerun: 32)
bpf$MAP_LOOKUP_BATCH(0x18, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000000), &(0x7f0000000240), 0xa7c, r2}, 0x38) (async)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15) (async)
mlock(&(0x7f0000000000/0x800000)=nil, 0x800000) (async, rerun: 32)
r3 = socket$inet_udp(0x2, 0x2, 0x0) (rerun: 32)
getsockopt$sock_cred(r3, 0x1, 0x11, &(0x7f0000000480), &(0x7f00000000c0)=0x839352b8218490eb) (async, rerun: 32)
syz_io_uring_setup(0x1249, 0x0, &(0x7f0000000180)=<r4=>0x0, 0x0) (rerun: 32)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r4, 0x4, 0x0, 0x0, 0x4) (async)
mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x4000002, 0x50032, 0xffffffffffffffff, 0x0) (async)
r5 = syz_open_dev$loop(&(0x7f0000000740), 0xc3b9, 0x0)
ioctl$LOOP_CONFIGURE(r5, 0x1264, 0x0) (async, rerun: 32)
syz_clone(0x100, 0x0, 0x0, 0x0, 0x0, 0x0) (rerun: 32)
pread64(0xffffffffffffffff, &(0x7f0000000000)=""/11, 0xb, 0x9) (async)
bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x8, 0x4, &(0x7f00000004c0)=@framed={{}, [@call={0x85, 0x0, 0x0, 0x6b}]}, &(0x7f0000000000)='GPL\x00', 0x3, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_skb, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) (async)
map_shadow_stack(&(0x7f00001dc000/0x3000)=nil, 0x3000, 0x0) (async)
ioctl$sock_SIOCGIFVLAN_GET_VLAN_REALDEV_NAME_CMD(r3, 0x8982, &(0x7f0000000000)={0x8, 'macsec0\x00', {'wlan1\x00'}})
r6 = socket$inet(0x2, 0x3, 0x30)
getsockopt$inet_mreqsrc(r6, 0x0, 0x53, &(0x7f0000000000)={@dev, @local, @broadcast}, &(0x7f0000000080)=0x2c)
r7 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0)
ioctl$LOOP_CONFIGURE(0xffffffffffffffff, 0x4c0a, &(0x7f00000005c0)={r7, 0x800, {0x2a00, 0x80010000, 0x0, 0x5, 0x0, 0x0, 0x0, 0x20, 0x1c, "fee8a2ab78fc179fd1f8a0e91ddaaca7bd6447a4b4e00d9683dda1af1ea09de2b7fb0a0100000000000000000300", "2809e8dbe108598927875397bab22d0000b420a9c81f40f05f819e01177d3d458dac00000000000000000000003b00000000000000000200", "90be8b1c5512406c7f00", [0x4, 0x40000000000000]}})
ioctl$sock_inet_SIOCSIFFLAGS(r1, 0x8914, &(0x7f0000000140)={'bridge_slave_0\x00', 0x180})

31.378184483s ago: executing program 4 (id=2786):
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x30, 0xfc6, &(0x7f0000000100)=0x20)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.net/syz1\x00', 0x1ff)
r0 = socket$inet(0x2, 0x1, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_ifreq(r1, 0x8929, &(0x7f00000010c0)={'syz_tun\x00', @ifru_addrs=@rc={0x1f, @none}})
setsockopt$sock_int(r0, 0x1, 0x2e, &(0x7f0000000180)=0x7b, 0x4)
shutdown(r0, 0x0)
r2 = syz_open_procfs(0x0, &(0x7f0000000000)='attr\x00')
getdents64(r2, &(0x7f0000002f40)=""/4098, 0x1002)
getdents64(r2, 0x0, 0x607a9e0a432a4785)
ioctl$SNDRV_CTL_IOCTL_HWDEP_NEXT_DEVICE(r2, 0xc0045520, &(0x7f00000000c0)=0xffffffff)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000240)={'veth1_vlan\x00', <r3=>0x0})
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000300)=ANY=[@ANYBLOB="380000004900010000000000000000000a008000", @ANYRES32=r3, @ANYBLOB="0000000008000200000000001400010000f0306432"], 0x38}, 0x1, 0x0, 0x0, 0x4000004}, 0x0)
recvmmsg(r0, &(0x7f00000066c0), 0xa0d, 0x0, 0x0)
r4 = syz_open_dev$sndctrl(&(0x7f0000000040), 0x5, 0x9c840)
ioctl$SNDRV_CTL_IOCTL_PCM_PREFER_SUBDEVICE(r4, 0x40045532, &(0x7f0000000080)=0xe)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x30, 0xfc6, &(0x7f0000000100)=0x20) (async)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.net/syz1\x00', 0x1ff) (async)
socket$inet(0x2, 0x1, 0x0) (async)
socket$nl_route(0x10, 0x3, 0x0) (async)
ioctl$sock_ifreq(r1, 0x8929, &(0x7f00000010c0)={'syz_tun\x00', @ifru_addrs=@rc={0x1f, @none}}) (async)
setsockopt$sock_int(r0, 0x1, 0x2e, &(0x7f0000000180)=0x7b, 0x4) (async)
shutdown(r0, 0x0) (async)
syz_open_procfs(0x0, &(0x7f0000000000)='attr\x00') (async)
getdents64(r2, &(0x7f0000002f40)=""/4098, 0x1002) (async)
getdents64(r2, 0x0, 0x607a9e0a432a4785) (async)
ioctl$SNDRV_CTL_IOCTL_HWDEP_NEXT_DEVICE(r2, 0xc0045520, &(0x7f00000000c0)=0xffffffff) (async)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000240)={'veth1_vlan\x00'}) (async)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000300)=ANY=[@ANYBLOB="380000004900010000000000000000000a008000", @ANYRES32=r3, @ANYBLOB="0000000008000200000000001400010000f0306432"], 0x38}, 0x1, 0x0, 0x0, 0x4000004}, 0x0) (async)
recvmmsg(r0, &(0x7f00000066c0), 0xa0d, 0x0, 0x0) (async)
syz_open_dev$sndctrl(&(0x7f0000000040), 0x5, 0x9c840) (async)
ioctl$SNDRV_CTL_IOCTL_PCM_PREFER_SUBDEVICE(r4, 0x40045532, &(0x7f0000000080)=0xe) (async)

28.698349528s ago: executing program 4 (id=2806):
r0 = socket(0x1e, 0x2, 0x260)
sendmmsg$unix(r0, &(0x7f0000000880), 0x0, 0x20008000)
getsockopt$inet_sctp6_SCTP_PR_SUPPORTED(r0, 0x84, 0x71, &(0x7f0000001440)={<r1=>0x0, 0x348}, &(0x7f0000001480)=0x8)
r2 = socket(0x2, 0x80805, 0x0)
openat$audio(0xffffffffffffff9c, &(0x7f00000000c0), 0x80400, 0x0)
r3 = socket$inet_mptcp(0x2, 0x1, 0x106)
bind$inet(r3, &(0x7f0000000040)={0x2, 0x4e21, @multicast2}, 0x10)
connect$inet(r3, &(0x7f0000000080)={0x2, 0x4e21, @empty}, 0x10)
r4 = syz_genetlink_get_family_id$mptcp(&(0x7f0000003040), 0xffffffffffffffff)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$MPTCP_PM_CMD_DEL_ADDR(r5, &(0x7f0000003180)={0x0, 0x0, &(0x7f0000003140)={&(0x7f0000003080)={0x28, r4, 0xe6e964277ae08d57, 0x70bd2a, 0x25dfdbfb, {}, [@MPTCP_PM_ATTR_ADDR={0x14, 0x1, 0x0, 0x1, [@MPTCP_PM_ADDR_ATTR_ADDR4={0x8, 0x3, @loopback}, @MPTCP_PM_ADDR_ATTR_FAMILY={0x6, 0x1, 0x2}]}]}, 0x28}, 0x1, 0x0, 0x0, 0x8040000}, 0x90)
sendmsg$NFULNL_MSG_CONFIG(r3, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000300)={&(0x7f00000002c0)={0x14, 0x1, 0x4, 0xd0efbb434e0d53c8, 0x0, 0x0, {0x0, 0x0, 0x1}}, 0x14}, 0x1, 0x0, 0x0, 0x4000001}, 0x4008888)
sendmmsg$inet(r2, &(0x7f0000000c80)=[{{&(0x7f0000000040)={0x2, 0x4e21, @initdev={0xac, 0x1e, 0xfe, 0x0}}, 0x10, &(0x7f0000000440)=[{&(0x7f0000000180)="fd", 0x1}], 0x1}}], 0x1, 0x0)
r6 = socket$inet_sctp(0x2, 0x5, 0x84)
getsockopt$inet_sctp_SCTP_MAX_BURST(r6, 0x84, 0xc, &(0x7f0000000240)=@assoc_value={<r7=>0x0}, &(0x7f0000000080)=0x8)
setsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(r2, 0x84, 0x72, &(0x7f0000000100)={r7, 0x7fff}, 0xc)
sendmmsg$inet_sctp(r0, &(0x7f0000002f00)=[{&(0x7f0000000000)=@in={0x2, 0x4e20, @private=0xa010101}, 0x10, &(0x7f00000000c0)=[{&(0x7f0000000040)="3b108abd0bf89f575344ec039a01d0bce2d46d0375ba36a2e2af6575cc8a9b589d2b8162bb3257380fd181d995f21aaa1c19b6d43d8e4fc2f536d50978e9d6873098b4f75b6d2007c72d54392d970d66c0a5adb68113d8f5d292efb64445a9036824ff48100a083fce4caf5f2feed1b7e6070ee5ff3de5fc", 0x78}], 0x1, 0x0, 0x0, 0x1}, {&(0x7f0000000100)=@in={0x2, 0x4e22, @remote}, 0x10, &(0x7f00000001c0)=[{&(0x7f0000000140)="78d9692055c6a948d12dd3f2fa3fae3d39590bde51d28474168f0242a8dbf2231cf73f66cccbc3e6974964c4528c19f03f037899a44613aabe0e53", 0x3b}, {&(0x7f0000000180)="42e7e320d905d810b7a18cfa9f4542fe7929b31c57f763b46667ccbd3783d3e97a24091bb4f1dd13c4e5b2aa19441f5a3f78f9be", 0x34}], 0x2, &(0x7f0000000200)=[@init={0x18, 0x84, 0x0, {0x1, 0x9, 0x5, 0x2}}], 0x18, 0x1}, {&(0x7f0000000240)=@in6={0xa, 0x4e22, 0x46, @private2}, 0x1c, &(0x7f0000001400)=[{&(0x7f0000000280)="21dd012e298f769f345fd583975ea6cb446b0705d9a3256c8df1fd59c8d6361295371c56fa74ce9df04759cab11833dc2281e220c08612d8ce082e3888d80da42ca0b5010c808e5a94524d97ee3803e1ae235d64202c17b2d10682df3adf62a0be0c08b3ca38a6d00c646090972f0dd131f63a4cfe490392d0dda90efc4907d378473af2b10fb528fd00decbac6ed6da878c95648ba6561247453430b50609cde99e1071012f1a5037e4e7732f6d1097a116703ef7d38da6177daedcf51151853e3f256d994bfe96f5c446055949b6198a6b8a5144a3428b034dbf9356806fb351f6d041c5fa331a7cb031831481f2f3dac05f820677ef12753c33ca2ba17b5c8bb6e2899015416413559deb0d216bbb72ef19b716b937a8976bc37d30e33066478ce44316636031642d49509db4dad01465f4fe2a6778445726e93c7a168eff66bed97f4b42e9ce0a26413d090ab1a297474bd11bc355cce8e31442cec4427bcb84aa8dfcd4237320f20d490d8e198f38cc73c95978ee28e4e459322287e65117dbf9a270fe92149dd81c785aaca837c24aff21fac0f5b566e2fc40f74d1643899d80ccf1af154e3b1146bf6f0b0094ba2517e9db2284e0f980b5144721674f46de50c949d6255f2b8b943edf37b92d78625c1cad0018c95adb5c8f691e9b43337baa8dcade48889fae0bcde72d29a4f639d9f11bcbd344d11d3c2c225ac4f06d04747cdafedaa378dc08f102af7465d6afc0fd3d82f25529f90847045241c6fbebe9d771cbf6e1b724b4d6783438a2eea3e68e3aa6d771b34a0cdf5edc3b231600f6066c2b21b156d4e99501dfdac1de03a2ef4481bb78d6b90e2df8b510d37f987674619162892bbe67aba0749086e6d38a83302241b1651e4bd62043a0afc754226d3d2815de6f3eae0b4a556308d2f9fbba2982d6611ccb10a4506850d5d7774b0ca2881a8907b379eb79fb2fc467e601a1f80962e755bdf1809fd1acbea0c3d8e12282f390445a104d4454f29946802b4e134d69f53cd49a9087e60b3274b3540e2c632915c938a709fd40f823d0c9df353420f18fcdd3dec1d4f1fb134206aadb20351b0a29b8916c9933f16606de426b5067a4f22027b9fe025435b3a5fb1d5a483b19e81a6ffe6291bb6ccb31863c2e7bb357fa2f76b80b56e7e78a98bee4ab886ec05321e5cd206051d016e37683fd7d5b3d97ee8a9f14367d3b6578c08c330485e5cecd73a51c4f647182c299508c2d9939f9f5ee3b988fd0dad813ca16a0e79154a5dfae6fe88bfa14b514bb534dd5b66c6d05597a2921d854c9c6ab7947fc1250e1875e091aae010ae71d224966cff755036d1cf548afbb76fa491174fe761c7d82d96307fe0eb961e58a138c325a11aad7749e8c33d52aa60a743f239c4da56106cd594cf53d301dcd7c73d44fce21188ff7c5799f56138482c05095d1e5496f2ca113934dcdd485b5395af085fda416158bdeccd98d0183374556a88b4275c7cf7db5659836bb81ad150118ca5b600573c377fe68802cfe9f46dc13070cc33bf6a83a449f38808cddc372afff765bb291715e11f07a25413d1a58f25efb58ffb674f77ba1c3aae3111438becab5f7db0fc8d6bbaa6e902b6c6dac71c157247af11eaac5b3ccc872c87bf9595147be0208f0eb8ecec5c71e2ab60bc1bf79f667c242efee7c08fb9a33cd699bbdc8b78a279b968b02d0bed48a809396aaf8318180c1d5c896bc40425dced495a521b7cee2a1243a2842af682839ad81ca5a6fef1a1523a9d7883832780470f94c1e24067ed2defe9d5d8d05f544c87f77d7e8ab204271b0f29a86d8eb68c2f18edb4730c4ea9293331f79922578113b1208f0345a6f9b2c102e809ac9b770a5bbd8ab6a03a41846ec7f41eef6606a0f442d8475ceac6b80fca9794fce6926124827fe5308ca86fc18903494cfe46d4ed0359266db4a02caaa236c8b481c5cc342c5a04a20de2df57df5f85e880d31930606cfdff67ec7394d65da5c5df2aadaec74af1eaa68d7b51b9bb4520b8760a4e1bf071224edbe0cee1f96dd02a039093f1bb78e564ce10325fa446112f4599ca043ae86589b40b2da6641419723d020c443312b776ffd6e576697185528e4757d36755cad91100dc52356647de38dfb5680c6ddf574904ccbb0dd02f9247db7f65f6f058edcdbf8ad9e687522178e2f4e6e2dec193c38b960ae118122fdddc167ab58ca0a28f290a2ec805f1d3905449523b3c8a9f9fccf023bd48a0f09db0cf2603ab2375df10d831c9d0f6b6a35b9de6646146d93250ad7102dfb101ffef8f792972af41c5ed4c9ec15eacd29d4f34b744ba7f1ba17dc58aba6a4d09fc4e806b78d70c8d543c52c3976a6738a25fcee660b42a36d7d2fb979647aa33906b2e7b0b0a5c7e4ac76ee9c2892157d37601b3c72998382feae871461d3f85a939705981a6e024dc882c7d0dd55754bb22452971fbd4e2f57eb206b91aeaf43949178e9be22492134b13a20d960944f8135bc3c397d4d991fded38c41811a89a54d744de88920e4630d55c74b10d062bf3b7faeea97a12467dec86c73f3f6b6ae382780f0adaeef04ce75a1f06f4ff79282e21f793b6b2e621ad35255a898cbbacf9e0513cddecca3d4573b6d4c8f7f03272b1766b884155b8e6b1122925333e9ac91c7116657de4418a45de81864d3118dd33fc35c1586b091f3437f3b63df65e7fb3ca9a6178de7270ad8466f5b41457fc1b1219115e01b2f456d276d07de9a6a2a73dcd9ee0eed79d933c933e4ca4b4fd9e503b8704de1c4072330f77683cb0795ada24ee4864ca9d2f39fa9ef551ed55da5e23a4c2f434578c02e6563a7dfb82a2277153b1568a451fbc7eea05a1e81062708688b20d7504def72e4e8f4f463f4c44e5d6a0ba50efe696a43225493e5682bdb3ed601e8880799285e0429ff5f7f2d344332e1d642440aad0a17c6d6727c58ab671dab5d5c350db94698336c10b9577b27cc7c3c273e29b7d28c26c6104f64e309426e196f85343d67710c36f9879b1cf494600e092dd48744a9e262381bbeb32ba29097a5c7b6df0b15419479382c09cd840717537e73a29c756823fb0aaf0553a0145ce962de635579364d38dffb6359ee07ee9f4ce27c93d73d9878d07088496d1419c489062eda53e2c243e17010f8d5ce21abb11d0dfe204b77177ce1559309fb62a45578977048b43d248dea16aa108ff56f7eef67a2f089a3ce1f35641a82b945221db6766b28a70c0531b6cdcf4d3797c5ec758288621f540f9f675ed2df69b92c225f3d629db5ec987d839add8c9e84b058e5ef9eaab74e52f79fea827289cdf7add6b85d4eab584f5c3b7bf589515d987c0e6d4d951a69294cf2d4c8c0ec5a0fb47faad25c32733a5d38ed03eea57c6e36d0450ec93148b6a77132bd18fc3ed775a0c77dfb581b89b90c6c611aa75e0d46b7252e02a8c37698b26775fce622eaa5d31c3b682f38c1011e7ce32043e8b424d02bf2d47c5e794f46b3e86f4a955ab06e75d0c6c1ea293fe1d7e027b22cbe22721f92ad64709582a4cc257f855f15ee305970dd8632735426876c21f0236c7d9ce8f3b18d33ffd5af7b2b8b2cbf3adca65c6e808af3ce42fc0f532970321e55e7ea5a3574f6e6ea356f3d1d2ffc9fe81d6df90b2e27eabd42b542582b138b1fc2092db7bb8b4a3e5fbee60ccfe4fd71864b5245896f78746eb42698da2d1ef375c559b76d2d5f7664a4061660a2aa87eff35542897d5eee9a4f3fd465fa59791ec3cd26ef18dc663976c405d72e84075f2f4a38c991c8e4dbb5659fef3e83e123abde44d1cb98e26473890d7703931a00febd626fb97dcd14d934f1380e61145ca6a9612e408826e427bf5239b36ee862379cff0b75e6146c3b48497d53c32e37b31fb229fa05e8f20d7a70bf57f374017d35d341dda8c18b72512d97d9de8991cdced900813d22597927807dda854be0f1612affc612fa39086a3279cb0b1d593933ab1802c33eca457d684334bb2583c13d3df7b7d756fb2d440c3fdaadbdf51b8e448346a4cb12d5be3ebbd06904b73252e1f5df1835540acf75023e62ecd8283bdbe9578faed98937dfddfc4bd469e0ee01c3725e154334f13eae268f200a77567596991cc54d6c2ea98d921db8b6816182128795600016036289878769f6fdd901861b8867ce5e27ee6ce6eb5a9a80fa8a9d2027d35e5afddb6a107fa2884d94d8cc99056fa2dd9a204c48c2e1bf2f02dbd5699ec014e71665cea7ea3f2e7001cd48c21d58462954448854c863f5b5ae77ceb3b31255542721cecd9eab9a3080de97b7765b29016e3750827eb1a5cc35fe11c2825b9f3c996b6931fe5676d3c6de89781559ae2277b4c8d37b79932a00f4954242a516aa6d2f9401572e44166ea2ad8c3a7c2320adca6b54c8de1666f81477f69aca527ff7af61284d05edaae4e014f4b5c7b18095fb353d1b094947a9c5cfb7998bbd2cb3a811fb5232bec41562f7a95d93858151213a4d0eac8e0383849c80575e7a8fc55abc19b2dfc2e3391d0e5dc5f51fe723d24686f90db449436271fe90f71bf5f6021c8ad96020f33867b7fc978c7764705d7e15986e96de8f1e552a87a0bee2b1001ba5c1e1a48c55f1f4b2cfd737d8eded9352af496e79a9cb5e10a6f90dacc943830c35eb0fd3f9804266961886de619f2562e89eaa5893f09715858a345df2a746b196db574f2e643f99e966835e8ed31ed71a618e13d3d2536f8c8194f66bf4078b02b32db2dd2aee9b2b34b2901b2d87887558ab7aeaaf7f564ec6ee744d44a349dd5aabe540f996b418f3447a007489e7732ef74ed5e3a627efefd01bb20fc6405a75437cf2c2c792f664d13a94f6ddcd21d5f3fc020d1acf0058c1ca8d90fbe70b04c81c4806cb414c6a3439ce812a251e691214c52ffd27921a00ee5d2511a973d136f0252cba01ac698153d5d4ff675f43410ff4fcd91612dbc069a31e830d36a2e6ec5326b871efd40ced8b3f92395e7862060f68798912d0ee3a3b76751abca647477b2fe7e7777558349a362a6f67cf6b095d96a06939f47283baccafa40470ec3e305f899c842767cf7e3ef00892550a592b04cddd59fe4e99c35d7b081649d290e01b9471c7d3abe83bf449d0eff768db29abdda2ae8089dab2eafa253410892c588167f5b177c75cac9dc622fb8326e1e451bc1810b730dee66aa6883dea02be2d5e5bbb809d1147cf7be342baed9f4371880509380c0f3f6a29f834fb65ec629eaf9a554b24796e94f9e4c4c5216bc131bffc650b9ee92be82fa9782b0b14f7f4d923b2ef439a96e992632cb3bc19e0b5f4e4548c6a9635fbe7d0519a1e085772eca637aa985d118add6c92bac4a56971f0a70fd06a64d24848594419205c9c231dc53e7f31b7110d82fd6e2871ef8aaaec2e77de936a4e37b7c104cf88c3a470159338f5b159e3e138e247139a4f7c5d8589113d430a19cf9ae3b2ea36e2604b1fb69db591d63b8657b02a5285c27b5b3f2b3a6ad47f742cbe017ebbfeca625b6c1174ba345feb79d74ce2c3de681c1cef96ec80e6d5b904f24f5cfe53d3554523eba67f9416bfb20441c0eaccfdd59180cde83c15947d3cd707e5f5e7a07c6e6024303eea9d2a6cf1b26d8da7e0d6111e06e81b3999c6b23843c21e7107abbbc77415595019eaa072161da6235ae9da9a0112a1bf5e4da5b0d2bda1f6390ca27d87dbb95da52b2cd9b4f1278d1a0a648dbba68f6b62eaa186c5779782e1ed6f3c31f37905a33253726e77ae2c3421cb20", 0x1000}, {&(0x7f0000001280)="7f2014371e2b71405f6115b765eedbe160e73f23361e20471197b8a04a2ba613b61bfc02654618e9f987a3a215f779e54931955862d3412a4d3cf1c9c4a9c96da4cb12b2fb726cd199cd3eaa4226a3afc2091aab562d684e27", 0x59}, {&(0x7f0000001300)="fcd64b682cb719b7287c5153af1d997ca68c1b14e8b554f7f4fbe1b209adfe59130145a4ce2eda1c2d0d580abc5cdef025f295bce8fecf7185a7f6dd5ec3ca284c02d2b1c8c44f146716e67e16d438587914b760e3964564795b3e464553ebfd77df85cc8a2fff5447fb5407a8e18748365681b0b3072ec989f28dab413aab94a786bfe8c89d0f55240db05713efb8bafee207cb08daf7e4864a8b99024412ad6ba23d9263308c62fdeb9982c22329fbeed3339bf41509a69a4bde2d593f16099cba7a457795e326f388b83e4f6809a44681d53e70c7a6da6ef700dd8f62f8934a24c7e34a1c79ddb1a6ed6286e9600f8f0328fb25b6d994", 0xf8}], 0x3, &(0x7f00000014c0)=[@dstaddrv4={0x18, 0x84, 0x7, @private=0xa010102}, @prinfo={0x18, 0x84, 0x5, {0x10, 0x5}}, @prinfo={0x18, 0x84, 0x5, {0x0, 0x4}}, @prinfo={0x18, 0x84, 0x5, {0x0, 0xfff}}, @sndrcv={0x30, 0x84, 0x1, {0x9, 0xfffd, 0x2, 0x8, 0xadd, 0xffffffff, 0xee7, 0x9, r1}}, @prinfo={0x18, 0x84, 0x5, {0x0, 0x1}}, @init={0x18, 0x84, 0x0, {0x43a, 0x6, 0xec, 0x9}}, @dstaddrv4={0x18, 0x84, 0x7, @dev={0xac, 0x14, 0x14, 0x28}}], 0xd8, 0x20000020}, {&(0x7f00000015c0)=@in={0x2, 0x4e22, @broadcast}, 0x10, &(0x7f00000018c0)=[{&(0x7f0000001600)="cf8d30274968fca1adffd92280fb8eab4ed1ff781a92bcdcacfec4fc0175f3fa42bbba7958edd56765e294907773d8eba3c1bcdbe4b046595acc965fed1141a15b682c9fe68f83be7dd135c53d9dcc867d6fec4c28551997a8b48054e75da81b39edf7bf", 0x64}, {&(0x7f0000001680)="3fd6dcdd18b39b651e5a3478f08da20f87ca6bc36832488218be12fe98b25a897346ce8f167e9d1390b459e7c31dd032548632bdc7d91d5ba28dbdb0a33a29f9ab0be2f944bf101f74560880bcdb528bfdd0b91b0d8429e9be2a6a67a3b29e8ae380ae97b40a7a7c538b948f339588623f18f4ac102dc22d47bd660e12ef12a27ce36e98faabdb7a9514a1c8aec64c463816e5f50e8b898d6fd5077117ee10b02c6f427aea7848e1d7aa34068b6690ad508caa77b9a74d85bdaba218facc223b9e63f4351a7eb128fa280b45ac06042e0f12fa891b4f5f3b75faf8e5c98c3bc3361114cb7966b8191b983fef762a8091c7d02a3dd703cf01fd13", 0xfa}, {&(0x7f0000001780)="e5ab183cc0a3a353888251bd25e088439e4f043956df789893f912fb01812800a9ccf277916eb2443e71b949be9881f6998fe9eb6cda18b4de62e72f09910b8eb07f571cb495c1c0efd543117b216d1b3e18eb1e2336bbb349f72b31b52774dbbacb6556760d4550d981ebfa577c04d7339e41b65d9fb44f7d69987dd87a703519ad1dcc3736045cc8043d37fcee336772cddfda34018af9571517d7bfa214cd11bcf406574d1fb5cb929941adfd68bbf2b4f7e31d9731e07f167e7e72e2e8dce4f8aa48e99b939518c130cf9fb03920e0ed28b9116c0a", 0xd7}, {&(0x7f0000001880)="f6583d2fdbb5947b50ecb81eb362e0fae52e7ffb00", 0x15}], 0x4, 0x0, 0x0, 0x4000010}, {&(0x7f0000001900)=@in={0x2, 0x4e20, @local}, 0x10, &(0x7f0000002940)=[{&(0x7f0000001940)="7b4fcf1257876aa287c43b849fa5c97b7c9379df5ae13073b7691bea70f00b6ce4b5bdbe5c0cb0ef254c4328ce9f557f1215b2ea3867851c4d66bda2a05651aae9649ff5de34e3c916ffd135e9a81d97f17dff73e18fc53858c1fb014f6e4eaf1585662d17027dc9532fc2397678995c99a90c5615b731bc128884edb533ec91f94cd7bf3d8d064c02a3fff4fede7a23a6caf4ad926e916c78eabc2e454a0977896de0405fef209db9c5bf725aa3deb550c3ac14a11a5a7c977891b54c3c5afb69091301167d644738c23c95acc0574509ee36aec22832826a0b27a966b63028aa0afa06dda202dab366d1ad2c3eeb6e69bb35f113ee881410e2f0b3d34cfa597fc71eaf54cec88d78aeea3e63f40b594f27f2e70d24aaa541ebb9709f1d57f175a59ebe8c60e55e83c963a505c05046e1dfaea387e848742637600ea134576f9bab55a16162e817e41e91fb7aa32653a8fc440ccdc3dffb06d7a27589712b6f55165d87b680dec971afa17499e26861ab17068e2ec0ce6f40e59e757eb5ea53a657428d4cae471ba87e629da19395d4c103dee24ded0c5d69b739c1b5edb3bd3521ec62c8d0867c8a9c2077e18f4134a83f95551b1abb85f330d204c23425caafa840b0ecd4b99b32f4174604caa6f37942848337302b82146ff941f175c4957d06dd6a1534f5125c9e0db2a2becc470069ad0ed3ef5ef6e00ab4f162f8d185af17b99dac05a280f72e7a2293526378d8f2a9068b39c772d6614a7dd37bb53c28efd72b08ee12d25e5258c4c44c324d4ab3d47a7420dc364a3be81607e6ba367561daae1bebcdbb225e2035c119dc74594473bdda418a0a56abc8deb94d35a2a2780f9b94376667bf415b421a52eda802cff6b769e6f495338d9a1264a54e4d1768d5639bdfb0f4bc840d6c14d434fc6858427bf5d2cb9582662103f3f33e7e3960f9bc1731b7235d3aec236ad385a43a3495cef18e09df3e859e6fe6303f57ba0f6dad5799e30eb4b669497d5c91be74bbff55681d91cb24b7e2cd79f15ba03f5002c2113d7c2d251364f71f6c986b6072b36fd8a6a06efc19cc53fdac3556b5e0aa0cfef38c18bc9f7d0f9541ad22495b2b5ab807823af889e4c65eed4ecc82ecf4c084f080ff3513f7f73e2bc1bf2b5f9d9a533b717cde86fcbe7bf574dd5744bab21c76fa909c1ce81455f35524f2aa52ee9da400de9e1311f482bb735c3b77f3c78ca2cf02b841e92bd3c5a785c9955f1dc03edca75379b1fb5f7144634da18e82184e44775f9633a0d2b5ec302cc60c5d4ce354d62c1d93afa16c44d0a7bdfaa4dedde9afb313619ba61946e77b7d6dc780f62cbefa00af76959543dbbb98bc4b4fd0587a8ee0f937514f92eb6ec09d9b6e260824f4522ce8fe67af3716b6484b04af38394a865583610fc61ca31e334fb01e9be5e45fd41ae5d329ce8c4cd47c405e232b0b1c90aee33fe1de954b35c527b97980488fa44043ba0b5cca8a0c182e71a2b52f10cfe99104e0c70f076f2bf0b072946f2f54e96c03c03ec508c9b3ce494dce1aeb399f7d473d744605538ea17a6ddb9b510d4b0d2779053bab48fff44024f70c1935a447e5344b4ee57e7f015315a56403bfbda78902d074a1c0680bd2103bfaab3e764792bf8e16221b02a3f5848fb248ad3a868deb619207742748199f76354d5254c87ee19d141b7ad4e568e8405b7cf21ae9dcbce95f8b1902fee75eecff5643cac9823d45aab150253143668b0828f25edda09caa544423387b1e1bc4a801be40bc3364178f58313e1ecf44baa06b894876a08dff7d9ddb4a806741f920d1823eee6b776403221bc60b493d61b1a98c77de23979bed03f88c5e0ac82d37b2d8229cd4797f18c9df7435c03dc66d11dd48daeca4201811c981696cde98a8d4277455056e20b17978a1596fb849e7e63e364bb29df254f11252812d92297b1860a28dba49c26067050106777a1d80f1df949295b2b73743a5037081534bb85bfafde868482d2f123b13a37d4eeec1f66ab96bbb6f17d2d1d437789d8521ab9b5c032edcb1de0ce4f512cc48f73e8a4641d50f3cda1d1508e30677b56ba08144a7c5e09061857ebfa8d940db8eb265b151a23c0de58be73934687476bac6223bc8c513c9d1c87060a16f1ccff547e13cb060ad00030cd58afc0f1c077ff7ce01063062bd87097ceb645b41ad253cf9cf4817d4314733fcbf6d6a9663c4cc41aae1dec6710e055c8a9e66b3672fbc80639ad78a4b0b8f366115e4246efa874dc2943f57a009483f4b61799f0452c2f77cee0c477ed3fb6d86f5b8ff7d9bc366789422762d90333e8ab6390bfbaedbb81f58a35d9917144c6d7f3473a92ca92e50da7099735cc1bea76e95b4e216c27a0d446601a8a70d35f8c50a5df14b68dafa95e700a930b61c265f75b2e5792072b8e66a2aa7e1ed8955e4ea52f0400457bfeb88ba448729029487e45a8d5acfa341014e4ee260d6263f27b4ac5117895da4289935fb9bfcad023bd75ef9056d0ed0764f53ff2a63cfe588ea89bb462a94349079de8e9d1828505fe2780447da73c11cef0d1ea7e79495ed6343a09925933c9a119a1176f2e54ce59faefcefcdf53409be7f621b624a80c31a85ce2cd8be3fa3560bee639be7689f33b368299af3d70b0bdfe5a087e51a96e2e1e1fe73947abbdc78bfe3d61d884c00023dde4c6df3f073450dc97e3636171543d428e58d9042f578d61930de2ce2b5f4b0709abb0c98b55d3d9474d38828d802927bbf96a181996c6fc85886ae991f79153a334f1931e19a9d9c85a72e78e1a3450ff439d35b7424746a42548e56ea61cd0ec1f537537e1d6dfbbf6ca898f766aed8132a9e3ee9b7970f8fe86253cb31fa40d87fc85d9455a4126ece813ab475e31bb1086bd4a52b04dd3748c5f7543280fad071d609a0b5b8abb3200b57d797e4a5c91f1b86fc806ea426a63d6f2d3fd252ffd6e4dfd61f809d5e2b19b55a1568c21208bef91d88502b8cc3ebefdfe97b160e146f9f50560efa3826e478bb3b3360f89bfa086ec966ef1c724976d78f061df843dd928f0dbff2df968af3e264c60a20f74ed1b6e453132509d59dca7c7390a9482768cc4084655091f4110623ee38be5c4f4bf0556686d3c03401c8dd5555733b85aec8183f6a35de7c66999c15d9a1abe33ba80e2bd1da0f5e6784dc5120c7149177b90d3c88b7afd3c3c9948d773c11cfa8ecf27a2eba67db3e4cda7d7153206f0440925ea44587ad6cb0bc7d631ad315b05d3d855b2f952df7ec9aee048d6aefd5fe4c0df1678c2caf4a45738451905d5ec4e43de1ae47a8f0b164f2b3480a216ad5dee045cb65cef11b7f565bb0a3ff7d15d2bb7c4a6066f113531bd6d1e27f0e4c1cb3b4fa714bd5789b30a5ab42a5e87ddff427238985c7f1c0830ed4b9b8ea158d704e83b25facb978282cb035ddee2ca184b2d72c7c2aa1df5394ff54000d501900b65da5ccef2398a94b4ee8ec7e73baa4204db83127c46f4d892b96675b2ad6f6ed6cee5616e2a9dbc8e9edf6612788fb1688be2b7d69d77b6146949b5680b5d7a907112673ab580536ad585687ef8f266c66e49288b77a04273248aa85052a86ef014290b341de553c07f4a20871af5bb72bf321cde6c6f7b0b23305f74afbd90b025d0d0e9a31a9e23d61c564f972b74f46f6e217101754347a88e4dc7c31e0fd4e56e0a057603c05dee7490b216cee6f2d2db89a2316bf2fdb790093d2b9e52a4bcc9b1b66f76eccde3cb6243951faeafcc0689f08f9950017814c459e368aa8472ee05c5ed5654c2def40b46a843196f5c0228deb8bca28039514b40dac3ee2ddf1e1d6400aa2659cbd4d1e96a0448c794995acd99eaeb75fbd883dd582b5dc463131ed63f8cf4624259ed62491c51360b5642ea5e9c7d30bc77f866fe67bdbad13b10ee130e19b599565523bd3c9fdb2ddaef1f01ee8ae7fd5c022c773f476fe5af598aca6b2c38482949bdb6cb159b0364458909633c9788da36b21b11a9096a75aba69fb9f995c966ead0676ccb31a61c492ebec5170f6cfd87e7136fb6efe19b9acab9e8f90464a30d1cef6609a6429942c7ad4d190264dec899d7f1133f7db996957a079d902f0295ed0581514bf78c388b554fbfc36ce11b571474361762970b2e57b7ee79075df102adc1838f0f01f92c05189ae574e5915934ac9fcfbc3b23e0c42e77acb02132986c929894344e2f52a5be073481ccb9a3a49543ffdc41f0e4809445afa05a6061cc9a9d866cbf822ade606a3ffdc0fb46395df49c6c0621ea6ce157708e9b5ac27f3985307293d53ee35c4e1ef5aa3b66c3c8a27a27fccd289996937976b5334dd6c94422f2f82ba08f92fdd59ecddbe71d15a1d47064c27026c5f1db66eefcaf31cc7a24fc124c492e45ce52ef8edee63dd1fd4c441d470eaf022ffc94d56c70e98a2615391a27126b0c6c1d9f0cf36fc54e662dcf4ddd50ad011d985c8565d39f8373c2718a9802f4e502c0d08e87459aa631871cd875eb95e37395dfc320b2829968957594180ca39b0f86f75515b420bd9678fd09076f2fd566795a0597b8181baf72ab45ed554cc71c2f3cc95e6e36cf37455de5f48ed9828bfafff4105ec3533510066642707de0a5cdb474b453ca772f107462857f7123334933f917a39942bd50ae84d4eaa71f6180d1d9dc35866d67644e9007d5d909b619f3d783956b0c90370372ca6703851c9f51fa928b69349da73601de5b2d73f5403f8c2025036e4bad3ac35f110c9406be435f55eb16ef775b601d006f47480b67b944a28c22cdbd2b17332c58ed39ea2d48a6f1e3b030fa1bc482a4e18d8734b446d8caaa2adae9698214d6e6c3e9989662833770e5389cde482d3137bcee8adc27bb5eeea265d7e79365f724a0bcf2e08357ba441239895a31105ed1f5acaf742a0461f52a2a53e9023fc0b4bc38e7db5812af7fb92b5b1d3c41db576cea574b31d2a653ff980b2ed1867149de9955f8dc1b4b34d2f97a97a70194aa385c59ad1ba58752155e062e127d8e9a880c08a83ed5424c402912798bc265a9191ecc21b2047238c82ef1aba27df2ad93e04e37d6bd8b382abf0c7c88f4674afb4924cce9b26c6f2606cafa66c83caccb97b3f3112ac25973080aa7b36cbdbbf264048549ae11c524ac1ff9ff354be3bb8556f101e4ab7654d537d527e45bc5ff80a350d28be4d8acf453fd03f02324847b6cd37222cfd7bfdcbf69de4484fdacb5c50f855f32694d5f6d98f094666f7d8b416a5af6a18cc09fa22c04ea649626c0b987b5ffd8a3de485eb2645822c9de61ba3e812d64274390482326ef907dc5c9c13450cde63f032cedcca7c444c04c6fab27c9b918410a211f28074762173d422f25cc0ccdcdce3b9ee02bbf1e483547e351022169a80fbbc6f32719dcbe7ffe8562bdd68d6a57ffabcdcf7927b260253e08eb0072b8f7ff744f91a6fccc302fdb4e3bf71c4e8b5fdf02d2db74d53b9106e9319e1636d645174f5cec47addffee0f7fc28ce5b9c3058a92c884754cb63f4e66f15e3a8329c006e89f71b24fd71af5ad8858a1682e50c4b57e24b6f5b1c1ff55b75175e0d3aab9a0ed25b50a889cb9c5f9247d345fb89ea3d2d659181a374086edb4a4958b4bacda5f0f3ada788e2faaf0d82d45a7dcac96f214351c010ee022ea7d398d4d85413350939a051131601174bc79f023cf9ca37fdc654576e5033b7983ecb67a00b35f9e8fbf1aec73bd2e32897baa6d218b28dfe6c02d42022b28d8640e0075785cff", 0x1000}], 0x1, 0x0, 0x0, 0x40}, {&(0x7f0000002980)=@in={0x2, 0x4e22, @empty}, 0x10, &(0x7f0000002dc0)=[{&(0x7f00000029c0)="7c9ed755d464685b31cd80f9ac0849cc7606fdb91646241032e45d602f0db558618a759772bef37f5f786147775ad31854e229eb8f03b84dc6339bceb86cfb9e8a71fdd3e751e84bea9e47b923150638785a6fad15eabd72437b2dc7ca4af053bb9760853bda4d58f51954fcf2d46a88fd909b7b7d", 0x75}, {&(0x7f0000002a40)="82502523b8f16e85c7cdcc711fbcaeb40a33d46eae967f59638bdb680a06ef578aeaa02e1d4bf330e89e4ef4a73d7a99252e2bdcaf732d27361c09e0380808d28c56803582dbe2bbde69823e", 0x4c}, {&(0x7f0000002ac0)="bb196d81eccfb731a2c6de582ea018c2ad538fbca5048798cf02196d984b5585a590e1d9cf29492d38da7d8a2562a2f285609fa1823446f75af133d3ac98b7a241a96cbb8c3658452b88c2aab5b9c5963738fc49c545b1cf447ff3a18e3d26e93503b258d481a2e1d84bbe4b42744fa1ad6e6234522bfb", 0x77}, {&(0x7f0000002b40)="64043f8610fe75bdf9a438999f6ce4f4b54e66a98dd0e207c695d9344a185918070b76d8a56ab4b73c969d948d4ded089e57d24924904a4923470b49458e7bf691aa7cdeeba828c0781fea9d95f0", 0x4e}, {&(0x7f0000002bc0)="905957d97fb33f9dfc59e3fa4cbfa7ca7d39a28d2fb05d738a12e16d220d269527a6950f6bcb5ddbac4f92a424ef268cd45a5618dbb38b2c44a5ea8c647e75a463a7bba6982f", 0x46}, {&(0x7f0000002c40)="5745e7d268e34ccb0dd335a30d5a2defcce0dfff26fead0945c590fc615127d4ed04454a3c19fd68085fefef78c693ef351d395829ba03a7902688da72de4d", 0x3f}, {&(0x7f0000002c80)="7ccf2b2ec43b2ea2703f96ea979ad985609e4301ad262a0ae7940ac02b923f95aee5e4037396af5074c41a096e6add636a49fa1323bb47a9c33738c2502821212814e882cb0b23ca12e801b087c042e17e178f5f16c021bcfdb69d98149cc6aa49e6ae787d35ca903da3f0c2aa6abf661d5ee35d1f7c398097396f5b5c46d75699347ace921a77ab3f246a528656206fe933c51a177792245f00732c8b3b555dd1c0dda5871b6281e26861e4b2d79f24fd2d227fc208519e2c655e03b14ffd9759122b4c421582636a5aa2632e2bededc44136f4beb4d613c38d2ef8fb5c0c17d410e7c54da1b182402a22907c038361316c", 0xf2}, {&(0x7f0000002d80)="dea11167c27bce47c97211fff537923c4119c89d44f4df6039bb4f231e950987f3db", 0x22}], 0x8, &(0x7f0000002e40)=[@init={0x18, 0x84, 0x0, {0x4, 0x7, 0x0, 0x6}}, @authinfo={0x18, 0x84, 0x6, {0x9}}, @dstaddrv4={0x18, 0x84, 0x7, @initdev={0xac, 0x1e, 0x0, 0x0}}, @sndinfo={0x20, 0x84, 0x2, {0x0, 0x200, 0x800, 0x1, r7}}, @dstaddrv6={0x20, 0x84, 0x8, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}}, @dstaddrv6={0x20, 0x84, 0x8, @local}], 0xa8, 0xd0}], 0x6, 0x2010)

27.545695368s ago: executing program 4 (id=2809):
r0 = socket$inet6(0xa, 0x2, 0x0)
setsockopt$inet6_IPV6_DSTOPTS(r0, 0x29, 0x3b, &(0x7f00000002c0)=ANY=[], 0x8)
bind$inet6(r0, &(0x7f0000f5dfe4)={0xa, 0x4e20, 0x0, @empty}, 0x1c)
recvmmsg(r0, &(0x7f0000000040), 0x400000000000284, 0x2b, 0x0)
setsockopt$inet6_int(r0, 0x29, 0x4a, &(0x7f0000000040)=0x7, 0x4)
setsockopt$inet6_int(r0, 0x29, 0x4, &(0x7f0000000000)=0x1, 0x4)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000080)=ANY=[@ANYBLOB="580000001000010400"/20, @ANYRES32=0x0, @ANYBLOB="0000000000000000380012800e00010069"], 0x58}}, 0x0)
sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000300)={0xa, 0x4e20, 0x0, @mcast1}, 0x1c)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000400)=ANY=[@ANYRES32=r1], 0x34}, 0x1, 0x0, 0x0, 0x4000}, 0x240040d5)

25.145051109s ago: executing program 2 (id=2822):
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f0000000300)=@abs, 0x6e)
socket$nl_audit(0x10, 0x3, 0x9)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x202400, 0x0)
sync_file_range(r2, 0x1, 0x1200000000000, 0x2)
sendmsg(r1, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0xb4c, 0x9, 0x6, 0x0, 0x3}, 0x0)
add_key(&(0x7f00000000c0)='pkcs7_test\x00', 0x0, &(0x7f0000000000)="100c0681000000ba8b0ad775b31b", 0xe, 0xfffffffffffffffc)
ioctl$SYNC_IOC_MERGE(0xffffffffffffffff, 0xc0303e03, &(0x7f00000000c0)={"3c24139ed44aec57f2e2ad238a7b448ed886923c31d4b8affbf514fd00"})
sendmsg$NL80211_CMD_NEW_STATION(0xffffffffffffffff, 0x0, 0x0)
r3 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0)
ioctl$TCSETS(r3, 0x40045431, &(0x7f0000000140)={0x0, 0xdffffffe, 0x80, 0x0, 0x0, "8100e1c8e80b598c36ff000800"})
r4 = syz_open_pts(r3, 0x141601)
fcntl$setstatus(r4, 0x4, 0x102800)
write(r4, &(0x7f0000000000)="d5", 0xfffffedf)
ioctl$UFFDIO_API(0xffffffffffffffff, 0xc018aa3f, &(0x7f0000000080)={0xaa, 0x582})
ioctl$TIOCSETD(r4, 0x5423, &(0x7f0000000040)=0x3)
r5 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000340))
close_range(r5, 0xffffffffffffffff, 0x0)
socket(0x10, 0x2, 0x0)
r6 = syz_usb_connect(0x0, 0x2d, &(0x7f0000000240)=ANY=[@ANYBLOB="1201410130f56920ac05190272f00102030109021b000100001000090455070103490200090582030004003381e79cb7286ada9c614080c1ac745ff399063950d00c8d408e83d98e205ce38f5aee35646c794852bc75718a369262a65c18883d799689effed00f95f03d0f8dcc5a"], 0x0)
syz_usb_control_io(r6, 0x0, &(0x7f0000000580)={0x84, &(0x7f0000000540)=ANY=[@ANYBLOB="004608000000e5a911bb11e39d2e"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_ep_write$ath9k_ep1(r6, 0x82, 0xff17, &(0x7f0000000040)=ANY=[])
userfaultfd(0x1)

24.202615967s ago: executing program 3 (id=2825):
mkdirat$cgroup_root(0xffffffffffffff9c, 0x0, 0x1ff)
r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
r1 = openat$cgroup_int(r0, &(0x7f0000000100)='blkio.reset_stats\x00', 0x2, 0x0)
write$cgroup_int(r1, &(0x7f0000000040)=0x2, 0x12)

24.06630673s ago: executing program 3 (id=2826):
r0 = openat$nvme_fabrics(0xffffffffffffff9c, &(0x7f00000001c0), 0xa40, 0x0)
r1 = syz_io_uring_setup(0x416f, &(0x7f0000000780)={0x0, 0xfffffffd, 0x10100, 0x200, 0x1}, &(0x7f0000000100)=<r2=>0x0, &(0x7f00000000c0)=<r3=>0x0)
r4 = semget$private(0x0, 0x6, 0x3b1)
semtimedop(r4, &(0x7f0000000040)=[{0x0, 0x1}], 0x1, 0x0)
semop(r4, &(0x7f00000000c0)=[{0x0, 0xfffc}], 0x1)
semop(r4, &(0x7f0000000180)=[{}], 0x1)
semctl$IPC_RMID(r4, 0x0, 0x0)
syz_io_uring_submit(r2, r3, &(0x7f0000000180)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x0, @fd=r0, 0x200000, &(0x7f0000000080)=[{&(0x7f0000000000)=""/4, 0x4}], 0x1})
semop(r4, &(0x7f0000000140)=[{0x3, 0x41, 0x1000}, {0x2, 0x9a49, 0x1000}, {0x1, 0x0, 0x1000}], 0x3)
io_uring_enter(r1, 0x567, 0x1000a387, 0x0, 0x0, 0x0)
ioctl$ifreq_SIOCGIFINDEX_wireguard(r0, 0x8933, &(0x7f0000000240)={'wg1\x00', <r5=>0x0})
sendmsg$nl_route(r0, &(0x7f0000000340)={&(0x7f0000000200)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000300)={&(0x7f0000000280)=@newnexthop={0x70, 0x68, 0x400, 0x70bd2d, 0x25dfdbfc, {0x0, 0x0, 0x2, 0x0, 0x2}, [@NHA_OIF={0x8, 0x5, r5}, @NHA_ENCAP_TYPE={0x6}, @NHA_FDB={0x4}, @NHA_GATEWAY={0x14, 0x6, @ip4=@multicast1}, @NHA_ENCAP={0x10, 0x8, 0x0, 0x1, @SEG6_LOCAL_BPF={0xc, 0x8, 0x0, 0x1, @SEG6_LOCAL_BPF_PROG={0x8, 0x1, r0}}}, @NHA_ID={0x8, 0x1, 0x2}, @NHA_GROUP_TYPE={0x6}, @NHA_ENCAP_TYPE={0x6}, @NHA_GROUP_TYPE={0x6}]}, 0x70}, 0x1, 0x0, 0x0, 0x400c080}, 0x8080)

23.769444514s ago: executing program 3 (id=2827):
r0 = fsopen(&(0x7f0000000000)='ecryptfs\x00', 0x0)
socket$inet_mptcp(0x2, 0x1, 0x106)
syz_usb_connect$hid(0x0, 0x0, 0x0, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200))
socket$inet6_tcp(0xa, 0x1, 0x0)
socket$kcm(0x21, 0x2, 0x2)
socket$inet_icmp_raw(0x2, 0x3, 0x1)
socket(0x40000000015, 0x5, 0x0)
socket$inet6_sctp(0xa, 0x801, 0x84)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000940)={<r1=>0xffffffffffffffff})
bpf$BPF_PROG_DETACH(0x9, &(0x7f0000000140)=ANY=[@ANYRES32, @ANYRES32, @ANYRES32=r1], 0x20)
fsconfig$FSCONFIG_CMD_CREATE(r0, 0x6, 0x0, 0x0, 0x0)
close(r0)

23.19669268s ago: executing program 0 (id=2829):
r0 = openat$zero(0xffffffffffffff9c, &(0x7f0000000040), 0x8800, 0x0)
read(r0, 0x0, 0x0)
ioctl$RTC_WIE_ON(0xffffffffffffffff, 0x700f)
r1 = syz_open_procfs$namespace(0x0, &(0x7f0000000080)='ns/cgroup\x00')
fcntl$lock(r1, 0x6, &(0x7f0000000000)={0x1, 0x1, 0x8001})
r2 = socket$inet_mptcp(0x2, 0x1, 0x106)
bind$inet(r2, &(0x7f0000000040)={0x2, 0x4e24, @multicast2}, 0x10)
sendmmsg$inet(r2, &(0x7f0000000480)=[{{&(0x7f0000000000)={0x2, 0x4e24, @dev={0xac, 0x14, 0x14, 0x39}}, 0x10, &(0x7f0000000100)=[{&(0x7f0000000080)="e6", 0x1}], 0x1}}], 0x1, 0x24040890)
setsockopt$sock_int(r2, 0x1, 0x12, &(0x7f0000000140)=0xffff0000, 0x4)
ioctl$BTRFS_IOC_WAIT_SYNC(r0, 0x40089416, 0x0)

23.162807042s ago: executing program 0 (id=2830):
r0 = openat$vimc1(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
ioctl$VIDIOC_DECODER_CMD(r0, 0xc0485660, &(0x7f0000000080)={0x0, 0x1, @stop_pts=0x10})
r1 = syz_open_dev$evdev(&(0x7f0000000000), 0x0, 0x2002)
r2 = syz_io_uring_setup(0x1e1e, &(0x7f0000000200)={0x0, 0x86f7, 0x10100}, &(0x7f0000002000)=<r3=>0x0, &(0x7f0000000000)=<r4=>0x0)
syz_io_uring_submit(r3, r4, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x3, 0xffffffffffffffff, 0x0, 0x0, 0x22})
r5 = socket$nl_generic(0x10, 0x3, 0x10)
r6 = syz_genetlink_get_family_id$nl80211(&(0x7f00000000c0), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r5, 0x8933, &(0x7f0000000100)={'wlan0\x00', <r7=>0x0})
sendmsg$NL80211_CMD_SET_TX_BITRATE_MASK(r5, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000500)={0x2c, r6, 0x1, 0x0, 0x0, {{}, {@val={0x8, 0x3, r7}, @void}}, [@NL80211_ATTR_TX_RATES={0x10, 0x5a, 0x0, 0x1, [@NL80211_BAND_2GHZ={0xc, 0x0, 0x0, 0x1, [@NL80211_TXRATE_HT={0x6, 0x2, [{0x7}, {0x1, 0x3}]}]}]}]}, 0x2c}}, 0x0)
io_uring_enter(r2, 0x48e9, 0x0, 0x2, 0x0, 0x0)
r8 = syz_io_uring_setup(0x1e1e, &(0x7f0000000280)={0x0, 0x86f7, 0x10100, 0x0, 0x2000000}, &(0x7f0000002000)=<r9=>0x0, &(0x7f0000000080)=<r10=>0x0)
syz_io_uring_submit(r9, r10, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x3, 0xffffffffffffffff, 0x0, 0x0, 0x22})
io_uring_enter(r8, 0x48e9, 0x0, 0x2, 0x0, 0x0)
r11 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000040), 0x40000, 0x0)
r12 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r12, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000140)=@newlink={0x50, 0x10, 0x1, 0x70bd2b, 0x0, {0x0, 0x0, 0x0, 0x0, 0x21a9, 0x50001}, [@IFLA_IFNAME={0x14, 0x3, 'team_slave_0\x00'}, @IFLA_VFINFO_LIST={0x1c, 0x16, 0x0, 0x1, [{0x18, 0x1, 0x0, 0x1, [@IFLA_VF_IB_NODE_GUID={0x14, 0xa, {0x79ab, 0x1900}}]}]}]}, 0x50}}, 0xc800)
mprotect(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1)
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1c0)
move_mount(0xffffffffffffff9c, &(0x7f0000000800)='./bus\x00', r11, &(0x7f0000000840)='./file0\x00', 0x64)
write$evdev(r1, &(0x7f0000000040)=[{{}, 0x0, 0x2}], 0x37)

23.087786355s ago: executing program 1 (id=2831):
socket$nl_netfilter(0x10, 0x3, 0xc)
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$netlink(0x10, 0x3, 0x0)
r2 = socket$netlink(0x10, 0x3, 0x0)
r3 = socket(0x10, 0x803, 0x0)
sendmsg$IPVS_CMD_SET_INFO(r3, &(0x7f0000000b00)={0x0, 0x0, &(0x7f0000000ac0)={0x0, 0x14}}, 0x0)
sendmsg$nl_route(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000850600"/20, @ANYRES32, @ANYBLOB="01000000020000001c0012000c000100626f6e64"], 0x3c}}, 0x0)
r4 = socket(0x10, 0x803, 0x2)
socket$kcm(0x29, 0x0, 0x0)
syz_genetlink_get_family_id$mptcp(&(0x7f00000000c0), r4)
dup2(r1, r3)
r5 = socket$netlink(0x10, 0x3, 0x0)
r6 = socket(0x10, 0x803, 0x0)
sendmsg$IPVS_CMD_SET_INFO(r6, &(0x7f0000000b00)={0x0, 0x0, &(0x7f0000000ac0)={0x0, 0x14}}, 0x0)
getsockname$packet(r6, &(0x7f0000000100)={0x11, 0x0, <r7=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f00000005c0)=@newlink={0x4c, 0x10, 0xffffff1f, 0x70bd29, 0x80, {0x0, 0x0, 0x0, 0x0, 0x0, 0x3f00}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @gretap={{0xb}, {0xc, 0x2, 0x0, 0x1, [@IFLA_GRE_REMOTE={0x8, 0x7, @rand_addr=0x64010101}]}}}, @IFLA_MASTER={0x8, 0xa, r7}, @IFLA_NUM_TX_QUEUES={0x8, 0x1f, 0x6}]}, 0x4c}}, 0x0)
getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, <r8=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffff11feffffff000000", @ANYRES32=r8, @ANYBLOB="01"], 0x3c}}, 0x0)
r9 = socket(0x10, 0x3, 0x0)
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x2, 0x0)
sendmsg$nl_route(r9, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f00000001c0)=@newneigh={0x30, 0x1c, 0x401, 0x0, 0x0, {0x2, 0x0, 0x0, 0x0, 0x0, 0x14}, [@NDA_DST_MAC={0xa, 0x1, @local}, @NDA_FLAGS_EXT={0x8, 0xf, 0x1}]}, 0x30}, 0x1, 0x0, 0x0, 0x20000}, 0x0)

22.962238508s ago: executing program 3 (id=2832):
openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff})
connect$unix(r0, &(0x7f00000002c0)=@file={0x0, './file0\x00'}, 0x6e)
r1 = socket$l2tp6(0xa, 0x2, 0x73)
sendmmsg$inet6(r1, 0x0, 0x0, 0x4000)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r2 = syz_open_dev$evdev(0x0, 0x8, 0x800)
fsetxattr$security_evm(r2, &(0x7f0000000200), &(0x7f0000000240)=@sha1={0x1, "6bcfc674bf8cfd83adbb89a036d38b508c770dc1"}, 0x15, 0x1)
r3 = syz_open_dev$vcsn(&(0x7f0000000140), 0x100000b2, 0xa6040)
mount_setattr(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0, &(0x7f0000000180)={0x2, 0x100000, 0x80000, {r3}}, 0x20)
socket$netlink(0x10, 0x3, 0x6)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
sendmmsg$unix(r5, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r6 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0)
r8 = ioctl$KVM_CREATE_VCPU(r7, 0xae41, 0x0)
ioctl$KVM_SET_GUEST_DEBUG(r8, 0x4048ae9b, &(0x7f0000000200)={0x4376ea830d56d49d})
ioctl$KVM_RUN(r8, 0xae80, 0x0)
r9 = ioctl$KVM_CREATE_VCPU(r7, 0xae41, 0x1)
ioctl$KVM_NMI(r9, 0xae9a)
ioctl$KVM_RUN(r9, 0xae80, 0x0)
openat$fb0(0xffffffffffffff9c, &(0x7f0000000000), 0x180300, 0x0)

21.964811014s ago: executing program 3 (id=2833):
r0 = socket$inet(0x2, 0x3, 0x1)
setsockopt$sock_int(r0, 0x1, 0x2e, &(0x7f0000000180)=0x7b, 0x4)
shutdown(r0, 0x1)
r1 = syz_io_uring_setup(0x7dca, &(0x7f0000000340)={0x0, 0x6b38, 0x10100, 0x0, 0x1eb}, &(0x7f0000000300), &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_setup(0x1868, &(0x7f0000000200)={0x0, 0xab62, 0x2, 0x3, 0x256}, &(0x7f0000000080)=<r3=>0x0, &(0x7f0000001540))
syz_io_uring_submit(r3, r2, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x3, 0x0, 0x0, 0xfffffffffffffe54})
r4 = socket$pppl2tp(0x18, 0x1, 0x1)
r5 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$pppl2tp(r4, &(0x7f0000000000)=@pppol2tpv3={0x18, 0x1, {0x3, r5, {0x2, 0x0, @local}, 0x2}}, 0x2e)
r6 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r6, &(0x7f0000000040)={0x0, 0x58, &(0x7f00000001c0)={&(0x7f0000000480)=ANY=[@ANYBLOB="fc0000001900674c0000000000000000e0000001000000000000000000000000e000000200000000000000000000000000000000000000000a00000000000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="0000000000000000000000000000400000000000000000000000000000000000000000000000000001000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000010000000000000044000500000000000000000000000000000000000000000033"], 0xfc}}, 0x0)
connect$inet6(r5, &(0x7f00000000c0)={0xa, 0x4e22, 0x81, @mcast2, 0x5}, 0x1c)
r7 = socket$pppl2tp(0x18, 0x1, 0x1)
connect$pppl2tp(r7, &(0x7f00000005c0)=@pppol2tpv3={0x18, 0x1, {0x0, r5, {0x2, 0x4e22, @remote}, 0x2, 0x4, 0x3, 0x3}}, 0x2e)
io_uring_enter(r1, 0x184c, 0x0, 0x0, 0x0, 0x0)

21.776251833s ago: executing program 3 (id=2834):
r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xa, &(0x7f0000000040))
r1 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCETHTOOL(r1, 0x8946, &(0x7f0000000200)={'gretap0\x00', &(0x7f0000000180)=@ethtool_gfeatures={0x3a, 0x5, [{}, {}, {}, {}, {}]}})
close_range(r0, 0xffffffffffffffff, 0x0)
r2 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r3 = dup(r2)
write$6lowpan_enable(r3, &(0x7f0000000000)='0', 0xfffffd2c)
r4 = socket$packet(0x11, 0x2, 0x300)
setsockopt$packet_int(r4, 0x107, 0xa, &(0x7f0000000080)=0x2, 0x4)
setsockopt$packet_rx_ring(r4, 0x107, 0x5, 0x0, 0x0)
syz_io_uring_setup(0x239, &(0x7f00000002c0)={0x0, 0x4533, 0x10100, 0x0, 0x0, 0x0, r3}, &(0x7f0000000080), &(0x7f0000000340))
write$binfmt_misc(r3, &(0x7f0000000080)="4cc581542272710b1ae7a60ca64d2910e07ecb7f14c5319fc167fdf4d36a09ca529eac90da26394263d4e66f1b0c79b7d44df884f730f9ab22434c02a2cf3daf793fad777e5b7b08ab2807828ab6576e409d0898f3e14eb96257cbe2b817694da41da56206cb2335c9862ac26f657b9565e491f2d62bf76b0100c415014c476439ec9a66c43115e488781dcbea6ef523152aa5c1f925111b2b5d7c561e2ef16e5fa0fa3045c32220ca5fbd6ca7b240975040a7e12f15cbf87dc486de0f0f702f82a8b6c94e7e9d25ee41f31e1c", 0xcd)
rseq(&(0x7f0000000040), 0x20, 0x0, 0x0)
prlimit64(0x0, 0x7, &(0x7f0000000300), 0x0)
open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901)
r5 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r5, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000400)=@newlink={0x50, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0xb29}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @bond={{0x9}, {0xc, 0x2, 0x0, 0x1, [@IFLA_BOND_PRIMARY={0x8}]}}}, @IFLA_ALT_IFNAME={0x14, 0x35, 'bond0\x00'}]}, 0x50}, 0x1, 0x0, 0x0, 0x20000000}, 0x0)
fsopen(&(0x7f0000000040)='ntfs3\x00', 0x0)
madvise(&(0x7f0000bdc000/0x4000)=nil, 0x86ac726dff2f4713, 0xa)
syz_clone(0x640c7000, 0x0, 0x0, 0x0, 0x0, 0x0)

21.494621205s ago: executing program 0 (id=2835):
mkdirat$cgroup_root(0xffffffffffffff9c, 0x0, 0x1ff)
r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
r1 = openat$cgroup_int(r0, &(0x7f0000000100)='blkio.reset_stats\x00', 0x2, 0x0)
write$cgroup_int(r1, &(0x7f0000000040)=0x2, 0x12)

21.415156572s ago: executing program 1 (id=2836):
fsopen(0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
timer_create(0x0, &(0x7f0000000080)={0x0, 0x11, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000000))
sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x0)
timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x8}, {0x0, 0x9}}, 0x0)
r0 = socket(0x840000000002, 0x3, 0xfa)
setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x48, &(0x7f0000000000)={0x0, 0x0}, 0x10)
fsopen(0x0, 0x0)
fchdir(0xffffffffffffffff)
socket$inet6_mptcp(0xa, 0x1, 0x106)
r1 = dup(0xffffffffffffffff)
r2 = syz_io_uring_setup(0x239, &(0x7f0000000740)={0x0, 0x1c2a, 0x10100, 0x0, 0x0, 0x0, r1}, 0x0, 0x0)
io_uring_enter(r2, 0x2ded, 0xef92, 0x0, 0x0, 0x0)
r3 = openat$ppp(0xffffffffffffff9c, &(0x7f0000001740), 0x101042, 0x0)
ioctl$PPPIOCNEWUNIT(r3, 0xc004743e, &(0x7f0000000040))
ioctl$PPPIOCSACTIVE(r3, 0x40047459, &(0x7f0000000080)={0xfffffffffffffe43, 0x0})
read(r3, 0x0, 0x5d)
r4 = openat$nvme_fabrics(0xffffffffffffff9c, &(0x7f0000000040), 0x800, 0x0)
r5 = syz_io_uring_setup(0x416f, &(0x7f0000000780)={0x0, 0xfffffffd, 0x10100, 0x200, 0x1}, &(0x7f0000000100)=<r6=>0x0, &(0x7f00000000c0)=<r7=>0x0)
syz_io_uring_submit(r6, r7, &(0x7f0000000180)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x0, @fd=r4, 0x200000, &(0x7f00000004c0)=[{&(0x7f0000000000)=""/4, 0x4}], 0x1})
io_uring_enter(r5, 0x567, 0x1000a387, 0x0, 0x0, 0x0)

21.235086263s ago: executing program 0 (id=2837):
r0 = socket(0x2, 0x80805, 0x0)
r1 = socket$inet6_sctp(0xa, 0x5, 0x84)
shutdown(r1, 0x0)
close(0x3)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r1, 0x84, 0x6f, &(0x7f0000000200)={<r2=>0x0, 0x10, &(0x7f00000001c0)=[@in={0x2, 0x4e23, @rand_addr=0x64010100}]}, &(0x7f0000000140)=0x10)
getsockopt$inet_sctp6_SCTP_PRIMARY_ADDR(r1, 0x84, 0x7a, &(0x7f0000000340)={r2, @in6={{0xa, 0x3, 0x4, @mcast1}}}, &(0x7f0000000040)=0x84)
sendmmsg$inet_sctp(r0, &(0x7f00000032c0)=[{0x0, 0x0, 0x0, 0x0, &(0x7f0000000700)=ANY=[@ANYBLOB="30000000000000008400000001000000000000017c"], 0x30}], 0x1, 0x0)
setsockopt$inet_sctp_SCTP_DEFAULT_PRINFO(r0, 0x84, 0x72, &(0x7f0000000000)={r2, 0x5, 0x20}, 0xc)

21.086543449s ago: executing program 2 (id=2838):
connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(0xffffffffffffffff, &(0x7f00000bd000), 0x318, 0x0) (async)
recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0) (async)
ioctl$DMA_HEAP_IOCTL_ALLOC(0xffffffffffffffff, 0xc0184800, &(0x7f0000000040)={0x8, <r0=>0xffffffffffffffff, 0x1})
getsockopt$inet_sctp6_SCTP_GET_ASSOC_STATS(r0, 0x84, 0x70, &(0x7f0000000080)={0x0, @in={{0x2, 0x4e24, @multicast2}}, [0x7, 0x2, 0x9, 0x5, 0x8, 0x3, 0x1, 0x6, 0x4, 0x5, 0x5, 0x4bb, 0x5, 0x6, 0x37db]}, &(0x7f0000000180)=0x100) (async)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
timer_create(0x0, 0x0, 0x0) (async, rerun: 64)
r1 = openat$dma_heap(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) (rerun: 64)
r2 = fcntl$dupfd(r1, 0x0, r1)
ioctl$VHOST_SET_FEATURES(r2, 0x4008af00, &(0x7f0000001140)=0x10000000)

20.943379724s ago: executing program 0 (id=2839):
socket$kcm(0x29, 0x2, 0x0)
r0 = syz_open_procfs$userns(0xffffffffffffffff, &(0x7f0000000180))
setns(r0, 0x10000000)
connect$pppl2tp(0xffffffffffffffff, 0x0, 0x0)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x2, 0x0, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000340)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0x0, 0xf, 0x9}, 0x0)
ioctl$KVM_CHECK_EXTENSION(0xffffffffffffffff, 0xae03, 0x2)
syz_usb_connect(0x0, 0x5f, &(0x7f0000000000)=ANY=[@ANYBLOB="12010000b1f203401e0903003bd7010203010902"], 0x0)
syz_open_dev$sg(0x0, 0x0, 0x2)
write$sndseq(0xffffffffffffffff, 0x0, 0x0)
ioctl$SNDRV_SEQ_IOCTL_SET_CLIENT_POOL(0xffffffffffffffff, 0x4058534c, &(0x7f0000001140)={0x80, 0x1})
r4 = socket$inet_udp(0x2, 0x2, 0x0)
syz_usb_connect$cdc_ncm(0x4, 0x86, &(0x7f0000000200)={{0x12, 0x1, 0x200, 0x2, 0x0, 0x0, 0x20, 0x525, 0xa4a1, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x74, 0x2, 0x1, 0x5, 0x10, 0x1, {{0x9, 0x4, 0x0, 0x0, 0x1, 0x2, 0xd, 0x0, 0x0, {{0x5}, {0x5, 0x24, 0x0, 0x7}, {0xd, 0x24, 0xf, 0x1, 0x8, 0xff5d, 0x7, 0x5}, {0x6, 0x24, 0x1a, 0x7, 0x15}, [@mbim={0xc, 0x24, 0x1b, 0x4, 0xfffb, 0x2, 0x1, 0xeb9e, 0xe}, @mbim={0xc, 0x24, 0x1b, 0x8, 0x3, 0x0, 0x5, 0x7}]}, {{0x9, 0x5, 0x81, 0x3, 0x8, 0x7, 0x3, 0x29}}}, {}, {0x9, 0x4, 0x1, 0x1, 0x2, 0x2, 0xd, 0x0, 0x0, "", {{{0x9, 0x5, 0x82, 0x2, 0x20, 0xdc, 0x1, 0x9}}, {{0x9, 0x5, 0x3, 0x2, 0x39f, 0x7, 0x7, 0x8}}}}}}}]}}, &(0x7f00000006c0)={0xa, &(0x7f00000002c0)={0xa, 0x6, 0x300, 0x4, 0xf6, 0xb8, 0xff, 0x78}, 0x23, &(0x7f0000000380)={0x5, 0xf, 0x23, 0x2, [@ss_container_id={0x14, 0x10, 0x4, 0x1, "e6a231ef2f6cd382ae20e865c906fe7f"}, @ss_cap={0xa, 0x10, 0x3, 0x0, 0x0, 0x1, 0x80, 0x2}]}, 0x7, [{0x0, 0x0}, {0x4, &(0x7f00000003c0)=@lang_id={0x4, 0x3, 0x1004}}, {0x21, &(0x7f0000000400)=@string={0x21, 0x3, "4c0282e53a8622f5983fce075a7fe5841ec8f540d3f96d5a9f095fb8298210"}}, {0x92, &(0x7f00000004c0)=@string={0x92, 0x3, "d05d7b285f15a8e728e58e4db14b8762ea32e4ae06985388e218e1a48959bcf413eb3ed5fbefb72c11642d27509be8a57cbf5030a238fef6f562b2ea203636b648d435a29355d192f1803f321a7967d15b8fa53d2e12e4eb7a64b4f60a1993724dbd0af657553e46af50fbf4d94a3f198a4ee9d147f4425a8cc6fb9546374984a435e3c1634ca9e8236271349a4a44fc"}}, {0x2, &(0x7f00000005c0)=@string={0x2}}, {0x4, &(0x7f0000000440)=@lang_id={0x4, 0x3, 0x4001}}, {0x2, &(0x7f0000000680)=@string={0x2}}]})
r5 = socket(0x10, 0x3, 0x0)
fcntl$addseals(r5, 0x409, 0x1)
connect$inet(r4, 0x0, 0x0)
sendfile(r4, 0xffffffffffffffff, 0x0, 0x20000023893)
ioctl$VHOST_VDPA_GET_GROUP_NUM(0xffffffffffffffff, 0x8004af81, &(0x7f00000001c0))
sendmsg$NFT_BATCH(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=ANY=[@ANYBLOB="14000000100001000000000000000000d100000a20000000000a01030000000000000000010000000900010073797a310000000054000000030a01020000000000000000010000000900030073797a320000000028000480080002400000000008000140000000051400030076657468315f6d6163767461700000000900010073797a31000000004c000000050a19020000000000000000010020000c00024000000000000000010900010073797a3100000000200004801400030076657468315f6d616376746170000000080001400000000514000000"], 0xe8}}, 0x0)
ioctl$BLKTRACESTOP(0xffffffffffffffff, 0x1275, 0x0)
ptrace(0x10, 0x1)
socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
unshare(0x2000400)

19.806354712s ago: executing program 2 (id=2840):
ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
madvise(&(0x7f0000bdc000/0x4000)=nil, 0x86ac726dff2f4713, 0xa)
r2 = socket$inet(0x2, 0x80001, 0x84)
setsockopt$sock_int(r2, 0x1, 0x12, &(0x7f0000000280)=0x8, 0x4)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x2, 0x0, 0x0, 0x0, 0x2000000000007ffd, 0x0, 0xd4}, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
syz_io_uring_setup(0x1249, &(0x7f00000004c0)={0x0, 0x2170, 0x1, 0x1, 0x1c1}, &(0x7f0000000180), 0x0)
madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xe)
wait4(0xffffffffffffffff, 0x0, 0x80000000, 0x0)
r3 = memfd_create(&(0x7f00000001c0)='\xa3\x9fn\xb4dR\x04i5\x02\xac\xce\xe1\x88\x9d[@8\xd7\xcc\x1f 9I\x7f\x15\x1d\x93=\xb5\xe7\\\'L\xe6\xd2\xae\xbc)JtTDq\x81\xcf\x81\xba\xe51\xf5\x00\x00\x00\x00\x00\x00\x00\x05L\xbf\xcf\x91\xdfM\xf3\x02^T*\x00\x02\xb9~B\x9f\xacl\x1d3\x06o\xf8\x16H\xaa*\x02\xf7\xfb\x06\xf1\x83\x92\xa8\xc2\xcb\xae\xb0\xb4\x93\xb8\x04\xf1\x99\xc2yY+\xd9y\x8a\xd5b\xe8\"q\x1b0)\xccm\xacz\xc1\xadd\x9b6a\xf3\xdds\xbb\x88\xff\b\x85\xb3s\x00\x0e\xbcfvi\x85\xfc.|\xd4h\xec\x82o\x8e\x93\x11\xc1\xd4\xae\x05\x17=\xd9R\x06\x00\x90\xcf\x9b\xdc\xaeV\x88\x94\x9f\xe3\xefqi\xed\xaaw\xbe\xd0\xd0\xc8d\x96G\xcf\x066\x84\x82-tBl\x9e+\xd3\xed\xce\x9f\x83\x86\xf9\x12\x16Ts\x80\x13]C\xfb`\xc2`\xf7\x1a\x00\x00\x00\x00\x00\x00\x00k\xae\xcb\x1a.\xc2\x8f\xd1x4]PZ\x9e\xd5Y\xf0L\xa4\xbc\x84\xf6\x04L\xff0\x8b\\*\xf9,\xb6\r\x97\xedy\xe0\x8a\xe2\x8ck\xc6S\xc3g\xb9\x1a\xf8\x8f \x9d\x00u7\xd8\'\xf1E\xa4(Q\x80Fy\xb5\xe4q\xc9\xff \xd8\x9d\xad\x11\xf8m\xd3\xbc\x9e\x10\x04\x7f!\xca\x0ev\x15h$\x01\xdd\xe5\xce\xf8*\xb3\x01\x85\a\xe4qv&\x9c\xac\x9aN~o\xe5\x89\xd5\a\x9f\f\x1f\xc2e/\x8d\x1e\n\xd0_\xbd!^\xa46\xb8j\xc0x\n\xdb\xe1\xa3\xd6\xae;\r\x92@\xa5I\x88Z1F\xf0\x1at\t\xd0\x8a\x04m\x06\xf3BL\xffS\x9eY\xf4\xb0U \xf8\xd00\x88y\xebX\x92\xd5\xbb\xa1h7\xf3\xe0\x0f\xbd\x02\xe4%\xf9\xb1\x87\x8aM\xfeG\xb2L\xbd\x92-\xcd\x1f\xf4\xe1,\xb7G|\xec\"\xa2\xab\xf6\x84\xe0\xcf1\x9a', 0x2)
execveat(r3, &(0x7f0000000000)='\x00', 0x0, 0x0, 0x1000)
r4 = syz_usb_connect$hid(0x0, 0x36, &(0x7f00000000c0)=ANY=[@ANYBLOB="12010000000000207d1e5a2d00000000000109022400010000000009040000010300000009210000000122080009058103"], 0x0)
syz_usb_control_io$hid(r4, &(0x7f0000000140)={0x24, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_80211_inject_frame(&(0x7f0000000040)=@broadcast, &(0x7f0000000740)=ANY=[@ANYBLOB="30340800080211000001ffffffffffff080211000000030418000500a9002d1a0200046f000000000000000500060005000000000400000000c0dd28280e70980ce7c95811d533aad5a91f994efe17ecb13cf7d6e92364d9c06693ff4fd9cca0577e5fe4dd5a28733666414365648b2cbb511bfa63b10e8f5688d01422fb127ded326b5616253ff1f90e5fe40be15f0b85986096a34b4e1c1be7c03df0a6a5af6607db4e88826f119c446085b636f0b5f256aa032878a5cf72b0730d386c1d34dd1be519665505ed8980ff41d6b88e18f16fbf61c67bc98e57fef5b87edd38869ea3a314005bf8a34d202067312124e3ec56e0247d2de6bd6229c6c2873fc78a4717e4ce31879d79cd1d899bff313330f4e936206d3248dd06d0585128ffc5dd8c4cb9cae3e17b2bf474e9e2c0c8d17c4c4e1ecd4c59f6d3ab813f245501138294a49700ee46839813091696e56546cbbe140627563d1e01b79327a11959c8f57401db7d52096c9986810717a14f93b9347e027c9ac4fdacbc769be7cb176488f4a7e064766d4a8d1721e55a69a75319707b68"], 0x1ad)
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_EXP_NEW(r5, &(0x7f0000000500)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000001e40)={0xbc, 0x0, 0x2, 0x401, 0x0, 0x0, {0xa, 0x0, 0x7}, [@CTA_EXPECT_MASTER={0x30, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}}, {0x14, 0x4, @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}}}}]}, @CTA_EXPECT_MASK={0x3c, 0x3, 0x0, 0x1, [@CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}, @CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}}, {0x14, 0x4, @remote}}}]}, @CTA_EXPECT_TUPLE={0x3c, 0x2, 0x0, 0x1, [@CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}, @CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @private2}, {0x14, 0x4, @private2}}}]}]}, 0xbc}}, 0x0)
ioctl$HIDIOCSFLAG(0xffffffffffffffff, 0x4004480f, &(0x7f0000000000)=0x2)
r6 = openat$userio(0xffffffffffffff9c, &(0x7f0000000080), 0x22242, 0x0)
write$USERIO_CMD_SET_PORT_TYPE(r6, &(0x7f0000000040)={0x1, 0x1}, 0x2)
write$USERIO_CMD_REGISTER(r6, &(0x7f00000001c0)={0x0, 0x3}, 0x2)

19.474544101s ago: executing program 1 (id=2841):
r0 = syz_clone(0x1200, &(0x7f0000004300), 0x0, &(0x7f0000004340), 0x0, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000340), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f00000000c0)={'wlan1\x00', <r4=>0x0})
sendmsg$NL80211_CMD_CONNECT(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000100)={0x30, r3, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r4}, @void}}, [@NL80211_ATTR_SSID={0xa, 0x34, @default_ibss_ssid}, @crypto_settings=[@NL80211_ATTR_SAE_PASSWORD={0x7, 0x115, "55b1db"}]]}, 0x30}, 0x1, 0x0, 0x0, 0x4008005}, 0x0)
sendmsg$NL80211_CMD_GET_COALESCE(r1, &(0x7f00000000c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f0000000080)={&(0x7f0000000040)={0x30, 0x0, 0x20, 0x70bd29, 0x25dfdbfd, {{}, {@val={0x8, 0x1, 0x10}, @val={0x8, 0x3, r4}, @val={0xc, 0x99, {0x2, 0x32}}}}, ["", ""]}, 0x30}, 0x1, 0x0, 0x0, 0x8040}, 0x4000090)
ioprio_set$pid(0x1, r0, 0x4000)

19.082206452s ago: executing program 1 (id=2842):
openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff})
connect$unix(r0, &(0x7f00000002c0)=@file={0x0, './file0\x00'}, 0x6e)
r1 = socket$l2tp6(0xa, 0x2, 0x73)
sendmmsg$inet6(r1, 0x0, 0x0, 0x4000)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r2 = syz_open_dev$evdev(0x0, 0x8, 0x800)
fsetxattr$security_evm(r2, &(0x7f0000000200), &(0x7f0000000240)=@sha1={0x1, "6bcfc674bf8cfd83adbb89a036d38b508c770dc1"}, 0x15, 0x1)
r3 = syz_open_dev$vcsn(&(0x7f0000000140), 0x100000b2, 0xa6040)
mount_setattr(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0, &(0x7f0000000180)={0x2, 0x100000, 0x80000, {r3}}, 0x20)
socket$netlink(0x10, 0x3, 0x6)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
sendmmsg$unix(r5, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r6 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0)
r8 = ioctl$KVM_CREATE_VCPU(r7, 0xae41, 0x0)
ioctl$KVM_SET_GUEST_DEBUG(r8, 0x4048ae9b, &(0x7f0000000200)={0x4376ea830d56d49d})
ioctl$KVM_RUN(r8, 0xae80, 0x0)
r9 = ioctl$KVM_CREATE_VCPU(r7, 0xae41, 0x1)
ioctl$KVM_NMI(r9, 0xae9a)
ioctl$KVM_RUN(r9, 0xae80, 0x0)
openat$fb0(0xffffffffffffff9c, &(0x7f0000000000), 0x180300, 0x0)

17.933393414s ago: executing program 1 (id=2843):
syz_open_dev$vim2m(&(0x7f00000000c0), 0xa, 0x2)
r0 = socket(0x40000000015, 0x5, 0x0)
r1 = add_key$user(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x1}, &(0x7f00000001c0)="2c2a89", 0x3, 0xfffffffffffffffd)
keyctl$chown(0x4, r1, 0x0, 0xffffffffffffffff)
connect$inet(r0, &(0x7f0000000200)={0x2, 0x4e20, @loopback}, 0x10)
r2 = userfaultfd(0x801)
ioctl$UFFDIO_API(r2, 0xc018aa3f, &(0x7f00000000c0)={0xaa, 0x4})
ioctl$UFFDIO_REGISTER(r2, 0xc020aa00, &(0x7f0000000000)={{&(0x7f0000400000/0xc00000)=nil, 0xc00000}, 0x1})
ioctl$UFFDIO_CONTINUE(r2, 0xc020aa08, &(0x7f0000000080)={{&(0x7f0000400000/0xc00000)=nil, 0xc00000}})
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000340), 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r5 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r6 = dup(r5)
write$6lowpan_enable(r6, &(0x7f0000000000)='0', 0xfffffd2c)
pipe(&(0x7f0000000040)={<r7=>0xffffffffffffffff})
r8 = syz_io_uring_setup(0x4e1, &(0x7f0000000380)={0x0, 0xad56, 0x10100}, &(0x7f0000000180)=<r9=>0x0, &(0x7f00000001c0)=<r10=>0x0)
syz_io_uring_submit(r9, r10, &(0x7f0000000040)=@IORING_OP_POLL_ADD={0x6, 0x2, 0x0, @fd_index=0x4, 0x0, 0x0, 0x0, {}, 0x1})
io_uring_enter(r8, 0x708, 0x41e3, 0x0, 0x0, 0x0)
read$FUSE(r7, &(0x7f00000095c0)={0x2020, 0x0, 0x0, 0x0, <r11=>0x0}, 0x2020)
r12 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r4, r12, &(0x7f0000fe5000/0x18000)=nil, &(0x7f0000000280)=[@text64={0x40, 0x0}], 0x1, 0x43, 0x0, 0x0)
r13 = open(&(0x7f0000000300)='.\x00', 0x0, 0x2)
close_range(r13, 0xffffffffffffffff, 0x0)
ioctl$SNDCTL_DSP_GETFMTS(r13, 0x8004500b, &(0x7f0000000040)=0xffffffff)
ioctl$KVM_PRE_FAULT_MEMORY(r12, 0xc040aed5, &(0x7f0000000000)={0x3000, 0xb000})
setsockopt$SO_RDS_TRANSPORT(r0, 0x114, 0x8, &(0x7f00000008c0)=0x2, 0x4)
r14 = socket$can_bcm(0x1d, 0x2, 0x2)
connect$can_bcm(r14, &(0x7f00000000c0), 0x10)
sendmsg$can_bcm(r14, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000400)=ANY=[@ANYRES64=r11, @ANYRES64=0x0, @ANYRES64=0xea60, @ANYRESOCT=r13, @ANYRES64=r2, @ANYRESHEX=r8, @ANYRESOCT=r1], 0x48}}, 0x0)

17.470386005s ago: executing program 0 (id=2844):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f00000004c0), 0x48582, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_opts(r1, 0x0, 0x8, &(0x7f0000000100)="83", 0x1)
getsockopt$inet_opts(r1, 0x0, 0x9, 0x0, &(0x7f0000000080))
r2 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r3 = dup(r2)
write$6lowpan_enable(r3, &(0x7f0000000000)='0', 0xfffffd2c)
syz_io_uring_setup(0x239, &(0x7f0000000740)={0x0, 0x1c27, 0x10100, 0x2, 0x2ea}, &(0x7f00000000c0)=<r4=>0x0, &(0x7f00000001c0)=<r5=>0x0)
syz_io_uring_submit(r4, r5, &(0x7f0000000040)=@IORING_OP_POLL_ADD={0x6, 0x2, 0x0, @fd=r2, 0x0, 0x0, 0x0, {}, 0x1})
readv(r0, &(0x7f0000000300)=[{&(0x7f0000001900)=""/4099, 0x1003}], 0x1)

16.858948761s ago: executing program 1 (id=2845):
socket$nl_netfilter(0x10, 0x3, 0xc)
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$netlink(0x10, 0x3, 0x0)
r2 = socket$netlink(0x10, 0x3, 0x0)
r3 = socket(0x10, 0x803, 0x0)
sendmsg$IPVS_CMD_SET_INFO(r3, &(0x7f0000000b00)={0x0, 0x0, &(0x7f0000000ac0)={0x0, 0x14}}, 0x0)
sendmsg$nl_route(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000850600"/20, @ANYRES32, @ANYBLOB="01000000020000001c0012000c000100626f6e64"], 0x3c}}, 0x0)
r4 = socket(0x10, 0x803, 0x2)
socket$kcm(0x29, 0x0, 0x0)
syz_genetlink_get_family_id$mptcp(&(0x7f00000000c0), r4)
dup2(r1, r3)
r5 = socket$netlink(0x10, 0x3, 0x0)
r6 = socket(0x10, 0x803, 0x0)
sendmsg$IPVS_CMD_SET_INFO(r6, &(0x7f0000000b00)={0x0, 0x0, &(0x7f0000000ac0)={0x0, 0x14}}, 0x0)
getsockname$packet(r6, &(0x7f0000000100)={0x11, 0x0, <r7=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f00000005c0)=@newlink={0x4c, 0x10, 0xffffff1f, 0x70bd29, 0x80, {0x0, 0x0, 0x0, 0x0, 0x0, 0x3f00}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @gretap={{0xb}, {0xc, 0x2, 0x0, 0x1, [@IFLA_GRE_REMOTE={0x8, 0x7, @rand_addr=0x64010101}]}}}, @IFLA_MASTER={0x8, 0xa, r7}, @IFLA_NUM_TX_QUEUES={0x8, 0x1f, 0x6}]}, 0x4c}}, 0x0)
getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, <r8=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffff11feffffff000000", @ANYRES32=r8, @ANYBLOB="01"], 0x3c}}, 0x0)
r9 = socket(0x10, 0x3, 0x0)
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x2, 0x0)
sendmsg$nl_route(r9, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f00000001c0)=@newneigh={0x30, 0x1c, 0x401, 0x0, 0x0, {0x2, 0x0, 0x0, 0x0, 0x0, 0x14}, [@NDA_DST_MAC={0xa, 0x1, @local}, @NDA_FLAGS_EXT={0x8, 0xf, 0x1}]}, 0x30}, 0x1, 0x0, 0x0, 0x20000}, 0x0)

16.401690019s ago: executing program 2 (id=2846):
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.net/syz0\x00', 0x1ff)
r0 = openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0)
r1 = openat$cgroup_int(r0, &(0x7f0000000100)='blkio.reset_stats\x00', 0x2, 0x0)
write$cgroup_int(r1, &(0x7f0000000040)=0x2, 0x12)

16.29042215s ago: executing program 2 (id=2847):
r0 = socket$pptp(0x18, 0x1, 0x2)
accept(r0, 0x0, 0x0)
r1 = socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$inet_opts(r1, 0x0, 0x4, 0x0, 0x0)
setsockopt$SO_BINDTODEVICE_wg(r1, 0x1, 0x19, &(0x7f00000003c0)='wg1\x00', 0x4)
socket$inet_udp(0x2, 0x2, 0x0)
socketpair(0x1e, 0x80005, 0x0, &(0x7f0000000580)={0x0, <r2=>0x0})
syz_open_dev$radio(&(0x7f00000002c0), 0x1, 0x2)
socket$inet6_sctp(0xa, 0x1, 0x84)
r3 = syz_open_dev$tty1(0xc, 0x4, 0x1)
dup(r3)
r4 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
dup(r4)
pselect6(0x40, &(0x7f0000000600)={0x11, 0xfffffffffffffffc, 0x2, 0x0, 0xfffffffffffffffe, 0x0, 0x4, 0x8}, 0x0, &(0x7f0000000680)={0x7fc, 0x2, 0x800000, 0x8000000000000001, 0x0, 0xc3ad, 0x0, 0x3}, 0x0, 0x0)
sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000100)={0x0}}, 0x40000)
r5 = bpf$MAP_CREATE(0x1900000000000000, &(0x7f0000000040)=@base={0x1f, 0x0, 0x0, 0x2000, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50)
poll(&(0x7f0000000240)=[{r5, 0x91}], 0x1, 0x2)
r6 = socket$inet_smc(0x2b, 0x1, 0x0)
r7 = socket(0x2a, 0x2, 0x0)
sendmsg$nl_route_sched(r7, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000005c0)=@newqdisc={0x24}, 0x24}}, 0x810)
getsockname$packet(r7, &(0x7f0000000040)={0x11, 0x0, <r8=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000500)=0x14)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000540)=@newqdisc={0x24, 0x24, 0x10, 0x0, 0x0, {0x0, 0x0, 0x0, r8, {0x8}, {0xffff, 0xffff}, {0xe}}}, 0x24}}, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000100)=@newtfilter={0x44, 0x2c, 0xd2f, 0x70bd2a, 0x25dfdbfb, {0x0, 0x0, 0x0, r8, {0x5, 0xfff1}, {}, {0x7}}, [@filter_kind_options=@f_flower={{0xb}, {0x14, 0x2, [@TCA_FLOWER_KEY_ETH_TYPE={0x6, 0x8, 0x11}, @TCA_FLOWER_KEY_IPV4_SRC={0x8, 0xa, @remote}]}}]}, 0x44}, 0x1, 0x0, 0x0, 0xc044}, 0x40)
r9 = socket$netlink(0x10, 0x3, 0x0)
sendmmsg(r9, &(0x7f00000002c0), 0x40000000000009f, 0x0)
setsockopt$inet_tcp_TCP_REPAIR(r6, 0x6, 0x13, &(0x7f0000000040)=0x1, 0x4)
ioctl$ifreq_SIOCGIFINDEX_vcan(r6, 0x8933, &(0x7f0000000080)={'vxcan1\x00', <r10=>0x0})
setsockopt$inet_IP_XFRM_POLICY(r6, 0x0, 0x11, &(0x7f0000000300)={{{@in=@multicast1, @in6=@remote, 0x0, 0x3, 0x0, 0x0, 0xa, 0x0, 0x60, 0x3c, r10}, {0x0, 0x0, 0x0, 0x1d, 0x0, 0x0, 0x0, 0xfffffffffffffffc}, {0x0, 0x0, 0x0, 0x6}}, {{@in6=@loopback, 0x0, 0x6c}, 0x0, @in6=@loopback}}, 0xe8)
setsockopt$IPT_SO_SET_ADD_COUNTERS(r1, 0x0, 0x61, &(0x7f0000000400)=ANY=[@ANYBLOB="726177000018090000000000000000000000000000000000200000000000337d70805cebe32f0000f8149a590978576aa19de677d0688215b56f631d9cd860a5fcace83528904bb4f4dc89e3d87fed0ea2415a3c8ccfa750ec64eb3f24d35ae11b1223ef2353f4af664f2887ddb4c21d7a79c22a2c6f0ceb94bba51420"], 0x28)
connect$inet(r1, &(0x7f00000001c0)={0x2, 0x0, @multicast2}, 0x10)

15.437257622s ago: executing program 2 (id=2848):
r0 = socket$xdp(0x2c, 0x3, 0x0)
setsockopt$XDP_UMEM_REG(r0, 0x11b, 0x4, &(0x7f0000000080)={&(0x7f0000000000)=""/5, 0x214000, 0x800}, 0x20)
setsockopt$XDP_TX_RING(r0, 0x11b, 0x3, &(0x7f00000001c0)=0x800, 0x4)
r1 = socket$tipc(0x1e, 0x2, 0x0)
setsockopt$XDP_UMEM_COMPLETION_RING(r0, 0x11b, 0x6, &(0x7f0000000040)=0x20000, 0x4)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000400)={'dummy0\x00', <r2=>0x0})
setsockopt$XDP_UMEM_FILL_RING(r0, 0x11b, 0x5, &(0x7f0000000140)=0x4000, 0x4)
bind$xdp(r0, &(0x7f0000000100)={0x2c, 0x0, r2}, 0x10)
r3 = socket$nl_route(0x10, 0x3, 0x0)
r4 = socket$inet_tcp(0x2, 0x1, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000280)={&(0x7f0000000040)='contention_end\x00'}, 0x18)
ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000740)={'dummy0\x00', <r5=>0x0})
r6 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_GET_BYINDEX(r6, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000080)=ANY=[@ANYBLOB="1c0000000f0601020000000000c7c800010100040500010007000000"], 0x1c}}, 0x4028000)
r7 = socket$nl_xfrm(0x10, 0x3, 0x6)
r8 = socket$rxrpc(0x21, 0x2, 0xa)
sendto$rxrpc(r8, &(0x7f00000000c0)="2c64e35b7a2183e2ae4423d52c341bf17482525a02550cf4192e3644211d14d2cdcbdec5d4c62d68c8", 0x29, 0x8000, &(0x7f0000000200)=@in4={0x21, 0x3, 0x2, 0x10, {0x2, 0x4e24, @broadcast}}, 0x24)
sendmsg$nl_xfrm(r7, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=ANY=[@ANYBLOB="b80000001400e9990000000000000000fc000000000000000000000000000020ac1e000100000000000000000000000000300000000000000a"], 0xb8}, 0x1, 0x0, 0x0, 0x200440c4}, 0x0)
sendmsg$nl_route(r3, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000500)=ANY=[@ANYBLOB="200000001100010100"/20, @ANYRES32=r5], 0x20}}, 0x0)
socket$xdp(0x2c, 0x3, 0x0) (async)
setsockopt$XDP_UMEM_REG(r0, 0x11b, 0x4, &(0x7f0000000080)={&(0x7f0000000000)=""/5, 0x214000, 0x800}, 0x20) (async)
setsockopt$XDP_TX_RING(r0, 0x11b, 0x3, &(0x7f00000001c0)=0x800, 0x4) (async)
socket$tipc(0x1e, 0x2, 0x0) (async)
setsockopt$XDP_UMEM_COMPLETION_RING(r0, 0x11b, 0x6, &(0x7f0000000040)=0x20000, 0x4) (async)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000400)={'dummy0\x00'}) (async)
setsockopt$XDP_UMEM_FILL_RING(r0, 0x11b, 0x5, &(0x7f0000000140)=0x4000, 0x4) (async)
bind$xdp(r0, &(0x7f0000000100)={0x2c, 0x0, r2}, 0x10) (async)
socket$nl_route(0x10, 0x3, 0x0) (async)
socket$inet_tcp(0x2, 0x1, 0x0) (async)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000280)={&(0x7f0000000040)='contention_end\x00'}, 0x18) (async)
ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000740)={'dummy0\x00'}) (async)
socket$nl_netfilter(0x10, 0x3, 0xc) (async)
sendmsg$IPSET_CMD_GET_BYINDEX(r6, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000080)=ANY=[@ANYBLOB="1c0000000f0601020000000000c7c800010100040500010007000000"], 0x1c}}, 0x4028000) (async)
socket$nl_xfrm(0x10, 0x3, 0x6) (async)
socket$rxrpc(0x21, 0x2, 0xa) (async)
sendto$rxrpc(r8, &(0x7f00000000c0)="2c64e35b7a2183e2ae4423d52c341bf17482525a02550cf4192e3644211d14d2cdcbdec5d4c62d68c8", 0x29, 0x8000, &(0x7f0000000200)=@in4={0x21, 0x3, 0x2, 0x10, {0x2, 0x4e24, @broadcast}}, 0x24) (async)
sendmsg$nl_xfrm(r7, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=ANY=[@ANYBLOB="b80000001400e9990000000000000000fc000000000000000000000000000020ac1e000100000000000000000000000000300000000000000a"], 0xb8}, 0x1, 0x0, 0x0, 0x200440c4}, 0x0) (async)
sendmsg$nl_route(r3, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000500)=ANY=[@ANYBLOB="200000001100010100"/20, @ANYRES32=r5], 0x20}}, 0x0) (async)

5.996000716s ago: executing program 32 (id=2834):
r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xa, &(0x7f0000000040))
r1 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCETHTOOL(r1, 0x8946, &(0x7f0000000200)={'gretap0\x00', &(0x7f0000000180)=@ethtool_gfeatures={0x3a, 0x5, [{}, {}, {}, {}, {}]}})
close_range(r0, 0xffffffffffffffff, 0x0)
r2 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r3 = dup(r2)
write$6lowpan_enable(r3, &(0x7f0000000000)='0', 0xfffffd2c)
r4 = socket$packet(0x11, 0x2, 0x300)
setsockopt$packet_int(r4, 0x107, 0xa, &(0x7f0000000080)=0x2, 0x4)
setsockopt$packet_rx_ring(r4, 0x107, 0x5, 0x0, 0x0)
syz_io_uring_setup(0x239, &(0x7f00000002c0)={0x0, 0x4533, 0x10100, 0x0, 0x0, 0x0, r3}, &(0x7f0000000080), &(0x7f0000000340))
write$binfmt_misc(r3, &(0x7f0000000080)="4cc581542272710b1ae7a60ca64d2910e07ecb7f14c5319fc167fdf4d36a09ca529eac90da26394263d4e66f1b0c79b7d44df884f730f9ab22434c02a2cf3daf793fad777e5b7b08ab2807828ab6576e409d0898f3e14eb96257cbe2b817694da41da56206cb2335c9862ac26f657b9565e491f2d62bf76b0100c415014c476439ec9a66c43115e488781dcbea6ef523152aa5c1f925111b2b5d7c561e2ef16e5fa0fa3045c32220ca5fbd6ca7b240975040a7e12f15cbf87dc486de0f0f702f82a8b6c94e7e9d25ee41f31e1c", 0xcd)
rseq(&(0x7f0000000040), 0x20, 0x0, 0x0)
prlimit64(0x0, 0x7, &(0x7f0000000300), 0x0)
open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901)
r5 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r5, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000400)=@newlink={0x50, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0xb29}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @bond={{0x9}, {0xc, 0x2, 0x0, 0x1, [@IFLA_BOND_PRIMARY={0x8}]}}}, @IFLA_ALT_IFNAME={0x14, 0x35, 'bond0\x00'}]}, 0x50}, 0x1, 0x0, 0x0, 0x20000000}, 0x0)
fsopen(&(0x7f0000000040)='ntfs3\x00', 0x0)
madvise(&(0x7f0000bdc000/0x4000)=nil, 0x86ac726dff2f4713, 0xa)
syz_clone(0x640c7000, 0x0, 0x0, 0x0, 0x0, 0x0)

1.998800972s ago: executing program 33 (id=2844):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f00000004c0), 0x48582, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_opts(r1, 0x0, 0x8, &(0x7f0000000100)="83", 0x1)
getsockopt$inet_opts(r1, 0x0, 0x9, 0x0, &(0x7f0000000080))
r2 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r3 = dup(r2)
write$6lowpan_enable(r3, &(0x7f0000000000)='0', 0xfffffd2c)
syz_io_uring_setup(0x239, &(0x7f0000000740)={0x0, 0x1c27, 0x10100, 0x2, 0x2ea}, &(0x7f00000000c0)=<r4=>0x0, &(0x7f00000001c0)=<r5=>0x0)
syz_io_uring_submit(r4, r5, &(0x7f0000000040)=@IORING_OP_POLL_ADD={0x6, 0x2, 0x0, @fd=r2, 0x0, 0x0, 0x0, {}, 0x1})
readv(r0, &(0x7f0000000300)=[{&(0x7f0000001900)=""/4099, 0x1003}], 0x1)

998.023512ms ago: executing program 34 (id=2845):
socket$nl_netfilter(0x10, 0x3, 0xc)
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$netlink(0x10, 0x3, 0x0)
r2 = socket$netlink(0x10, 0x3, 0x0)
r3 = socket(0x10, 0x803, 0x0)
sendmsg$IPVS_CMD_SET_INFO(r3, &(0x7f0000000b00)={0x0, 0x0, &(0x7f0000000ac0)={0x0, 0x14}}, 0x0)
sendmsg$nl_route(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000850600"/20, @ANYRES32, @ANYBLOB="01000000020000001c0012000c000100626f6e64"], 0x3c}}, 0x0)
r4 = socket(0x10, 0x803, 0x2)
socket$kcm(0x29, 0x0, 0x0)
syz_genetlink_get_family_id$mptcp(&(0x7f00000000c0), r4)
dup2(r1, r3)
r5 = socket$netlink(0x10, 0x3, 0x0)
r6 = socket(0x10, 0x803, 0x0)
sendmsg$IPVS_CMD_SET_INFO(r6, &(0x7f0000000b00)={0x0, 0x0, &(0x7f0000000ac0)={0x0, 0x14}}, 0x0)
getsockname$packet(r6, &(0x7f0000000100)={0x11, 0x0, <r7=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f00000005c0)=@newlink={0x4c, 0x10, 0xffffff1f, 0x70bd29, 0x80, {0x0, 0x0, 0x0, 0x0, 0x0, 0x3f00}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @gretap={{0xb}, {0xc, 0x2, 0x0, 0x1, [@IFLA_GRE_REMOTE={0x8, 0x7, @rand_addr=0x64010101}]}}}, @IFLA_MASTER={0x8, 0xa, r7}, @IFLA_NUM_TX_QUEUES={0x8, 0x1f, 0x6}]}, 0x4c}}, 0x0)
getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, <r8=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffff11feffffff000000", @ANYRES32=r8, @ANYBLOB="01"], 0x3c}}, 0x0)
r9 = socket(0x10, 0x3, 0x0)
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x2, 0x0)
sendmsg$nl_route(r9, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f00000001c0)=@newneigh={0x30, 0x1c, 0x401, 0x0, 0x0, {0x2, 0x0, 0x0, 0x0, 0x0, 0x14}, [@NDA_DST_MAC={0xa, 0x1, @local}, @NDA_FLAGS_EXT={0x8, 0xf, 0x1}]}, 0x30}, 0x1, 0x0, 0x0, 0x20000}, 0x0)

0s ago: executing program 35 (id=2848):
r0 = socket$xdp(0x2c, 0x3, 0x0)
setsockopt$XDP_UMEM_REG(r0, 0x11b, 0x4, &(0x7f0000000080)={&(0x7f0000000000)=""/5, 0x214000, 0x800}, 0x20)
setsockopt$XDP_TX_RING(r0, 0x11b, 0x3, &(0x7f00000001c0)=0x800, 0x4)
r1 = socket$tipc(0x1e, 0x2, 0x0)
setsockopt$XDP_UMEM_COMPLETION_RING(r0, 0x11b, 0x6, &(0x7f0000000040)=0x20000, 0x4)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000400)={'dummy0\x00', <r2=>0x0})
setsockopt$XDP_UMEM_FILL_RING(r0, 0x11b, 0x5, &(0x7f0000000140)=0x4000, 0x4)
bind$xdp(r0, &(0x7f0000000100)={0x2c, 0x0, r2}, 0x10)
r3 = socket$nl_route(0x10, 0x3, 0x0)
r4 = socket$inet_tcp(0x2, 0x1, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000280)={&(0x7f0000000040)='contention_end\x00'}, 0x18)
ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000740)={'dummy0\x00', <r5=>0x0})
r6 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_GET_BYINDEX(r6, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000080)=ANY=[@ANYBLOB="1c0000000f0601020000000000c7c800010100040500010007000000"], 0x1c}}, 0x4028000)
r7 = socket$nl_xfrm(0x10, 0x3, 0x6)
r8 = socket$rxrpc(0x21, 0x2, 0xa)
sendto$rxrpc(r8, &(0x7f00000000c0)="2c64e35b7a2183e2ae4423d52c341bf17482525a02550cf4192e3644211d14d2cdcbdec5d4c62d68c8", 0x29, 0x8000, &(0x7f0000000200)=@in4={0x21, 0x3, 0x2, 0x10, {0x2, 0x4e24, @broadcast}}, 0x24)
sendmsg$nl_xfrm(r7, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=ANY=[@ANYBLOB="b80000001400e9990000000000000000fc000000000000000000000000000020ac1e000100000000000000000000000000300000000000000a"], 0xb8}, 0x1, 0x0, 0x0, 0x200440c4}, 0x0)
sendmsg$nl_route(r3, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000500)=ANY=[@ANYBLOB="200000001100010100"/20, @ANYRES32=r5], 0x20}}, 0x0)
socket$xdp(0x2c, 0x3, 0x0) (async)
setsockopt$XDP_UMEM_REG(r0, 0x11b, 0x4, &(0x7f0000000080)={&(0x7f0000000000)=""/5, 0x214000, 0x800}, 0x20) (async)
setsockopt$XDP_TX_RING(r0, 0x11b, 0x3, &(0x7f00000001c0)=0x800, 0x4) (async)
socket$tipc(0x1e, 0x2, 0x0) (async)
setsockopt$XDP_UMEM_COMPLETION_RING(r0, 0x11b, 0x6, &(0x7f0000000040)=0x20000, 0x4) (async)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000400)={'dummy0\x00'}) (async)
setsockopt$XDP_UMEM_FILL_RING(r0, 0x11b, 0x5, &(0x7f0000000140)=0x4000, 0x4) (async)
bind$xdp(r0, &(0x7f0000000100)={0x2c, 0x0, r2}, 0x10) (async)
socket$nl_route(0x10, 0x3, 0x0) (async)
socket$inet_tcp(0x2, 0x1, 0x0) (async)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000280)={&(0x7f0000000040)='contention_end\x00'}, 0x18) (async)
ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000740)={'dummy0\x00'}) (async)
socket$nl_netfilter(0x10, 0x3, 0xc) (async)
sendmsg$IPSET_CMD_GET_BYINDEX(r6, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000080)=ANY=[@ANYBLOB="1c0000000f0601020000000000c7c800010100040500010007000000"], 0x1c}}, 0x4028000) (async)
socket$nl_xfrm(0x10, 0x3, 0x6) (async)
socket$rxrpc(0x21, 0x2, 0xa) (async)
sendto$rxrpc(r8, &(0x7f00000000c0)="2c64e35b7a2183e2ae4423d52c341bf17482525a02550cf4192e3644211d14d2cdcbdec5d4c62d68c8", 0x29, 0x8000, &(0x7f0000000200)=@in4={0x21, 0x3, 0x2, 0x10, {0x2, 0x4e24, @broadcast}}, 0x24) (async)
sendmsg$nl_xfrm(r7, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=ANY=[@ANYBLOB="b80000001400e9990000000000000000fc000000000000000000000000000020ac1e000100000000000000000000000000300000000000000a"], 0xb8}, 0x1, 0x0, 0x0, 0x200440c4}, 0x0) (async)
sendmsg$nl_route(r3, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000500)=ANY=[@ANYBLOB="200000001100010100"/20, @ANYRES32=r5], 0x20}}, 0x0) (async)

kernel console output (not intermixed with test programs):

921] usb 3-1: config 252 has an invalid interface number: 15 but max is 0
[  646.301617][ T5921] usb 3-1: config 252 has no interface number 0
[  646.308317][ T5921] usb 3-1: config 252 interface 15 altsetting 0 endpoint 0x83 has invalid maxpacket 1023, setting to 64
[  646.333640][ T5921] usb 3-1: New USB device found, idVendor=13b1, idProduct=0042, bcdDevice=2b.29
[  646.353128][ T5921] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  646.371123][ T5921] usb 3-1: Product: syz
[  646.372087][T14867] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  646.375427][ T5921] usb 3-1: Manufacturer: syz
[  646.412387][ T5921] usb 3-1: SerialNumber: syz
[  646.438563][ T5921] usb 3-1: Warning: ath10k USB support is incomplete, don't expect anything to work!
[  646.447000][T14867] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  646.521440][T14867] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  646.531924][T14867] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  646.645246][ T5921] usb 3-1: USB disconnect, device number 10
[  646.655386][   T61] usb 3-1: Failed to submit usb control message: -71
[  646.675558][   T61] usb 3-1: unable to send the bmi data to the device: -71
[  646.694042][   T61] usb 3-1: unable to get target info from device
[  646.717166][   T61] usb 3-1: could not get target info (-71)
[  646.732724][   T61] usb 3-1: could not probe fw (-71)
[  647.336545][T14893] binder: BINDER_SET_CONTEXT_MGR already set
[  647.342753][T14893] binder: 14890:14893 ioctl 4018620d 2000000000c0 returned -16
[  647.371275][T14894] netlink: 'syz.0.2432': attribute type 61 has an invalid length.
[  648.198607][ T5900] usb 3-1: new high-speed USB device number 11 using dummy_hcd
[  648.467388][ T5900] usb 3-1: config 220 has an invalid interface number: 76 but max is 2
[  648.475788][ T5900] usb 3-1: config 220 contains an unexpected descriptor of type 0x2, skipping
[  648.495107][ T5900] usb 3-1: config 220 has an invalid descriptor of length 0, skipping remainder of the config
[  648.521487][ T5900] usb 3-1: config 220 has no interface number 2
[  648.616414][ T5900] usb 3-1: config 220 interface 1 altsetting 5 has 0 endpoint descriptors, different from the interface descriptor's value: 12
[  648.684186][ T5900] usb 3-1: config 220 interface 0 has no altsetting 0
[  648.711121][ T5900] usb 3-1: config 220 interface 76 has no altsetting 0
[  648.736334][ T5900] usb 3-1: config 220 interface 1 has no altsetting 0
[  648.773049][ T5900] usb 3-1: New USB device found, idVendor=8086, idProduct=0b07, bcdDevice=6c.b9
[  648.822705][ T5900] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  648.854090][ T5900] usb 3-1: Product: syz
[  648.867613][ T5900] usb 3-1: Manufacturer: syz
[  648.891253][ T5900] usb 3-1: SerialNumber: syz
[  649.589530][T14935] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  649.659045][T14935] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  649.729358][T14940] PKCS7: Unknown OID: [4] 5.25.287.112.81.102.117.87.150326315.2007.15776.1
[  649.772689][ T5900] usb 3-1: selecting invalid altsetting 0
[  649.796561][ T5900] usb 3-1: Found UVC 7.01 device syz (8086:0b07)
[  649.830778][T14940] PKCS7: Only support pkcs7_signedData type
[  649.887481][ T5900] usb 3-1: No valid video chain found.
[  649.920672][ T5900] usb 3-1: selecting invalid altsetting 0
[  649.945788][ T5900] usbtest 3-1:220.1: probe with driver usbtest failed with error -22
[  649.985308][ T5900] usb 3-1: USB disconnect, device number 11
[  650.105689][T14954] netlink: 14 bytes leftover after parsing attributes in process `syz.4.2447'.
[  650.436691][ T5900] usb 3-1: new high-speed USB device number 12 using dummy_hcd
[  650.574843][T14962] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2449'.
[  650.580405][T14963] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2449'.
[  650.616905][ T5900] usb 3-1: Using ep0 maxpacket: 8
[  650.625632][ T5900] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 7
[  650.663752][ T5900] usb 3-1: New USB device found, idVendor=082d, idProduct=0100, bcdDevice=70.4b
[  650.683633][ T5900] usb 3-1: New USB device strings: Mfr=44, Product=2, SerialNumber=3
[  650.706470][ T5900] usb 3-1: Product: syz
[  650.715008][ T5900] usb 3-1: Manufacturer: syz
[  650.756398][ T5900] usb 3-1: SerialNumber: syz
[  651.067400][ T5900] usb 3-1: palm_os_3_probe - error -32 getting connection information
[  651.336400][ T5900] visor 3-1:1.0: probe with driver visor failed with error -32
[  651.388653][ T5900] usb 3-1: USB disconnect, device number 12
[  651.463867][T14975] FAULT_INJECTION: forcing a failure.
[  651.463867][T14975] name failslab, interval 1, probability 0, space 0, times 0
[  651.518672][T14975] CPU: 0 UID: 0 PID: 14975 Comm: syz.1.2453 Not tainted 6.16.0-rc2-syzkaller-00318-g739a6c93cc75 #0 PREEMPT(full) 
[  651.518702][T14975] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  651.518714][T14975] Call Trace:
[  651.518723][T14975]  <TASK>
[  651.518732][T14975]  dump_stack_lvl+0x189/0x250
[  651.518770][T14975]  ? __pfx____ratelimit+0x10/0x10
[  651.518795][T14975]  ? __pfx_dump_stack_lvl+0x10/0x10
[  651.518821][T14975]  ? __pfx__printk+0x10/0x10
[  651.518844][T14975]  ? __pfx___might_resched+0x10/0x10
[  651.518874][T14975]  should_fail_ex+0x414/0x560
[  651.518899][T14975]  should_failslab+0xa8/0x100
[  651.518919][T14975]  __kmalloc_noprof+0xcb/0x4f0
[  651.518935][T14975]  ? inotify_handle_inode_event+0x19b/0x5f0
[  651.518961][T14975]  inotify_handle_inode_event+0x19b/0x5f0
[  651.518989][T14975]  fsnotify+0x1671/0x1a80
[  651.519006][T14975]  ? take_dentry_name_snapshot+0x157/0x500
[  651.519039][T14975]  ? fsnotify+0x735/0x1a80
[  651.519054][T14975]  ? __pfx_fsnotify+0x10/0x10
[  651.519075][T14975]  ? take_dentry_name_snapshot+0x29/0x500
[  651.519101][T14975]  __fsnotify_parent+0x3fe/0x540
[  651.519124][T14975]  ? __pfx___fsnotify_parent+0x10/0x10
[  651.519139][T14975]  ? setattr_copy+0x728/0x9f0
[  651.519172][T14975]  ? fsnotify_change+0x228/0x2c0
[  651.519199][T14975]  notify_change+0xb70/0xe40
[  651.519233][T14975]  vfs_utimes+0x3fb/0x570
[  651.519259][T14975]  ? __pfx_vfs_utimes+0x10/0x10
[  651.519286][T14975]  ? __fget_files+0x2a/0x420
[  651.519305][T14975]  ? __fget_files+0x2a/0x420
[  651.519331][T14975]  do_utimes+0x182/0x2a0
[  651.519351][T14975]  ? get_timespec64+0x112/0x1a0
[  651.519374][T14975]  ? __pfx_do_utimes+0x10/0x10
[  651.519394][T14975]  ? __fget_files+0x3a0/0x420
[  651.519419][T14975]  __x64_sys_utimensat+0x14f/0x230
[  651.519443][T14975]  ? __pfx___x64_sys_utimensat+0x10/0x10
[  651.519473][T14975]  ? do_syscall_64+0xbe/0x3b0
[  651.519492][T14975]  do_syscall_64+0xfa/0x3b0
[  651.519505][T14975]  ? lockdep_hardirqs_on+0x9c/0x150
[  651.519529][T14975]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  651.519545][T14975]  ? clear_bhb_loop+0x60/0xb0
[  651.519566][T14975]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  651.519582][T14975] RIP: 0033:0x7f6bcd58e929
[  651.519597][T14975] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  651.519612][T14975] RSP: 002b:00007f6bce4c9038 EFLAGS: 00000246 ORIG_RAX: 0000000000000118
[  651.519630][T14975] RAX: ffffffffffffffda RBX: 00007f6bcd7b5fa0 RCX: 00007f6bcd58e929
[  651.519642][T14975] RDX: 0000200000000880 RSI: 0000000000000000 RDI: 0000000000000004
[  651.519654][T14975] RBP: 00007f6bce4c9090 R08: 0000000000000000 R09: 0000000000000000
[  651.519664][T14975] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  651.519674][T14975] R13: 0000000000000000 R14: 00007f6bcd7b5fa0 R15: 00007f6bcd8dfa28
[  651.519700][T14975]  </TASK>
[  652.432267][T14984] xt_CT: You must specify a L4 protocol and not use inversions on it
[  652.492394][   T30] audit: type=1326 audit(1750621808.078:3610): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14982 comm="syz.1.2456" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6bcd58e929 code=0x7ffc0000
[  652.595062][T14989] netlink: 12 bytes leftover after parsing attributes in process `syz.3.2458'.
[  652.655917][T14990] fuse: Bad value for 'fd'
[  652.663350][   T30] audit: type=1326 audit(1750621808.078:3611): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14982 comm="syz.1.2456" exe="/root/syz-executor" sig=0 arch=c000003e syscall=459 compat=0 ip=0x7f6bcd58e929 code=0x7ffc0000
[  652.710886][   T30] audit: type=1326 audit(1750621808.078:3612): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14982 comm="syz.1.2456" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6bcd58e929 code=0x7ffc0000
[  652.737126][T14991] syzkaller1: entered promiscuous mode
[  652.737465][   T30] audit: type=1326 audit(1750621808.078:3613): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14982 comm="syz.1.2456" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6bcd58e929 code=0x7ffc0000
[  652.742614][T14991] syzkaller1: entered allmulticast mode
[  652.800219][   T30] audit: type=1326 audit(1750621808.078:3614): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14982 comm="syz.1.2456" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f6bcd58e929 code=0x7ffc0000
[  652.845521][   T30] audit: type=1326 audit(1750621808.078:3615): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14982 comm="syz.1.2456" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6bcd58e929 code=0x7ffc0000
[  652.870646][   T30] audit: type=1326 audit(1750621808.078:3616): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14982 comm="syz.1.2456" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6bcd58e929 code=0x7ffc0000
[  652.901337][   T30] audit: type=1326 audit(1750621808.078:3617): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14982 comm="syz.1.2456" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f6bcd58e929 code=0x7ffc0000
[  653.112730][   T30] audit: type=1326 audit(1750621808.078:3618): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14982 comm="syz.1.2456" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6bcd58e929 code=0x7ffc0000
[  653.139252][   T30] audit: type=1326 audit(1750621808.078:3619): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14982 comm="syz.1.2456" exe="/root/syz-executor" sig=0 arch=c000003e syscall=1 compat=0 ip=0x7f6bcd58e929 code=0x7ffc0000
[  654.276525][T15014] netlink: 'syz.3.2465': attribute type 32 has an invalid length.
[  654.509985][T14996] netlink: 20 bytes leftover after parsing attributes in process `syz.1.2460'.
[  654.522321][T15020] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  654.558671][T15020] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  654.587898][T14996] netlink: 24 bytes leftover after parsing attributes in process `syz.1.2460'.
[  654.892419][ T5921] usb 2-1: new high-speed USB device number 18 using dummy_hcd
[  655.168073][ T5921] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  655.188561][ T5921] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 3
[  655.281602][T15028] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2468'.
[  655.281750][T15028] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  655.324922][ T5921] usb 2-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00
[  655.344049][ T5921] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3
[  655.373812][ T5921] usb 2-1: SerialNumber: syz
[  655.589549][ T5921] usb 2-1: 0:2 : does not exist
[  655.661282][ T5921] usb 2-1: USB disconnect, device number 18
[  655.856398][ T5900] usb 5-1: new high-speed USB device number 19 using dummy_hcd
[  656.013951][ T5900] usb 5-1: Using ep0 maxpacket: 8
[  656.051572][ T5900] usb 5-1: New USB device found, idVendor=0c45, idProduct=613a, bcdDevice=c4.6d
[  656.076081][ T5900] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  656.085329][ T5900] usb 5-1: Product: syz
[  656.095515][ T5900] usb 5-1: Manufacturer: syz
[  656.100579][ T5900] usb 5-1: SerialNumber: syz
[  656.117019][ T5900] usb 5-1: config 0 descriptor??
[  656.131728][ T5900] gspca_main: sonixj-2.14.0 probing 0c45:613a
[  656.145097][T15045] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2473'.
[  656.666350][ T5921] usb 2-1: new high-speed USB device number 19 using dummy_hcd
[  656.834989][ T5921] usb 2-1: config 0 has no interfaces?
[  656.852923][ T5921] usb 2-1: New USB device found, idVendor=091e, idProduct=0003, bcdDevice=d7.3b
[  656.862104][ T5921] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  656.870293][ T5921] usb 2-1: Product: syz
[  656.874491][ T5921] usb 2-1: Manufacturer: syz
[  656.882098][ T5921] usb 2-1: SerialNumber: syz
[  656.912083][ T5921] usb 2-1: config 0 descriptor??
[  657.167910][T15052] FAULT_INJECTION: forcing a failure.
[  657.167910][T15052] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  657.181496][T15052] CPU: 1 UID: 0 PID: 15052 Comm: syz.2.2475 Not tainted 6.16.0-rc2-syzkaller-00318-g739a6c93cc75 #0 PREEMPT(full) 
[  657.181525][T15052] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  657.181536][T15052] Call Trace:
[  657.181560][T15052]  <TASK>
[  657.181569][T15052]  dump_stack_lvl+0x189/0x250
[  657.181609][T15052]  ? __pfx____ratelimit+0x10/0x10
[  657.181637][T15052]  ? __pfx_dump_stack_lvl+0x10/0x10
[  657.181667][T15052]  ? __pfx__printk+0x10/0x10
[  657.181688][T15052]  ? __might_fault+0xb0/0x130
[  657.181719][T15052]  should_fail_ex+0x414/0x560
[  657.181754][T15052]  _copy_from_user+0x2d/0xb0
[  657.181775][T15052]  __sys_sendto+0x25c/0x520
[  657.181799][T15052]  ? __pfx___sys_sendto+0x10/0x10
[  657.181819][T15052]  ? __mutex_unlock_slowpath+0x1cd/0x700
[  657.181858][T15052]  ? __fget_files+0x3a0/0x420
[  657.181889][T15052]  ? ksys_write+0x22a/0x250
[  657.181910][T15052]  ? __pfx_ksys_write+0x10/0x10
[  657.181934][T15052]  __x64_sys_sendto+0xde/0x100
[  657.181960][T15052]  do_syscall_64+0xfa/0x3b0
[  657.181977][T15052]  ? lockdep_hardirqs_on+0x9c/0x150
[  657.182006][T15052]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  657.182026][T15052]  ? clear_bhb_loop+0x60/0xb0
[  657.182050][T15052]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  657.182069][T15052] RIP: 0033:0x7f7a8538e929
[  657.182088][T15052] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  657.182106][T15052] RSP: 002b:00007f7a862ba038 EFLAGS: 00000246 ORIG_RAX: 000000000000002c
[  657.182128][T15052] RAX: ffffffffffffffda RBX: 00007f7a855b6080 RCX: 00007f7a8538e929
[  657.182143][T15052] RDX: 49c03f0f40ae45de RSI: 0000200000000140 RDI: 0000000000000003
[  657.182158][T15052] RBP: 00007f7a862ba090 R08: 0000200000000240 R09: 0000000000000010
[  657.182172][T15052] R10: 0000000000004000 R11: 0000000000000246 R12: 0000000000000001
[  657.182184][T15052] R13: 0000000000000001 R14: 00007f7a855b6080 R15: 00007f7a856dfa28
[  657.182215][T15052]  </TASK>
[  657.185624][T15053] fuse: Unknown parameter 'fd0x0000000000000006'
[  657.411643][T15049] ptrace attach of "./syz-executor exec"[10823] was attempted by "./syz-executor exec"[15049]
[  657.554462][ T5900] IPVS: starting estimator thread 0...
[  657.654948][T15062] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2478'.
[  657.660163][T15060] IPVS: using max 29 ests per chain, 69600 per kthread
[  657.680622][T15062] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  657.691928][T15062] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  657.763286][T15063] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  657.774085][T15063] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  658.738091][ T5900] usb 5-1: USB disconnect, device number 19
[  658.862305][T15069] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2480'.
[  659.241704][T14614] usb 3-1: new high-speed USB device number 13 using dummy_hcd
[  659.416490][T14614] usb 3-1: Using ep0 maxpacket: 16
[  659.429362][T14614] usb 3-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xF3, changing to 0x83
[  659.452163][T14614] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x83 has an invalid bInterval 255, changing to 7
[  659.476361][T14614] usb 3-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1
[  659.485879][T14614] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  659.495460][T14614] usb 3-1: Product: syz
[  659.507852][T14614] usb 3-1: Manufacturer: syz
[  659.519614][T14614] usb 3-1: SerialNumber: syz
[  659.551965][T14614] usb 3-1: config 0 descriptor??
[  659.569100][T14614] em28xx 3-1:0.0: New device syz syz @ 480 Mbps (2040:0264, interface 0, class 0)
[  659.581932][T14614] em28xx 3-1:0.0: Audio interface 0 found (Vendor Class)
[  659.590837][ T5921] usb 2-1: USB disconnect, device number 19
[  659.698104][   T30] kauditd_printk_skb: 5 callbacks suppressed
[  659.698124][   T30] audit: type=1326 audit(1750621815.268:3625): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15089 comm="syz.4.2486" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fc8eab8e929 code=0x0
[  659.886842][T14614] em28xx 3-1:0.0: unknown em28xx chip ID (0)
[  659.911615][T14614] em28xx 3-1:0.0: Config register raw data: 0xfffffffb
[  659.925643][T14614] em28xx 3-1:0.0: AC97 chip type couldn't be determined
[  659.940260][T14614] em28xx 3-1:0.0: No AC97 audio processor
[  659.988748][T14614] usb 3-1: USB disconnect, device number 13
[  660.011054][T14614] em28xx 3-1:0.0: Disconnecting em28xx
[  660.040381][T14614] em28xx 3-1:0.0: Freeing device
[  660.124744][T15107] FAULT_INJECTION: forcing a failure.
[  660.124744][T15107] name failslab, interval 1, probability 0, space 0, times 0
[  660.142190][T15107] CPU: 1 UID: 0 PID: 15107 Comm: syz.2.2492 Not tainted 6.16.0-rc2-syzkaller-00318-g739a6c93cc75 #0 PREEMPT(full) 
[  660.142217][T15107] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  660.142229][T15107] Call Trace:
[  660.142238][T15107]  <TASK>
[  660.142247][T15107]  dump_stack_lvl+0x189/0x250
[  660.142282][T15107]  ? __pfx____ratelimit+0x10/0x10
[  660.142312][T15107]  ? __pfx_dump_stack_lvl+0x10/0x10
[  660.142340][T15107]  ? __pfx__printk+0x10/0x10
[  660.142366][T15107]  ? __pfx___might_resched+0x10/0x10
[  660.142395][T15107]  ? fs_reclaim_acquire+0x7d/0x100
[  660.142430][T15107]  should_fail_ex+0x414/0x560
[  660.142461][T15107]  should_failslab+0xa8/0x100
[  660.142484][T15107]  __kmalloc_noprof+0xcb/0x4f0
[  660.142502][T15107]  ? kfree+0x4d/0x440
[  660.142528][T15107]  ? tomoyo_realpath_from_path+0xe3/0x5d0
[  660.142561][T15107]  tomoyo_realpath_from_path+0xe3/0x5d0
[  660.142591][T15107]  ? tomoyo_domain+0xd9/0x130
[  660.142628][T15107]  tomoyo_path_perm+0x213/0x4b0
[  660.142651][T15107]  ? tomoyo_path_perm+0x1e3/0x4b0
[  660.142672][T15107]  ? __pfx_tomoyo_path_perm+0x10/0x10
[  660.142705][T15107]  ? filemap_check_errors+0xd2/0x120
[  660.142752][T15107]  ? bdev_mark_dead+0x9f/0x170
[  660.142790][T15107]  security_inode_getattr+0x12f/0x330
[  660.142824][T15107]  vfs_getattr+0x23/0x70
[  660.142850][T15107]  loop_assign_backing_file+0x222/0x400
[  660.142880][T15107]  ? __pfx_loop_assign_backing_file+0x10/0x10
[  660.142904][T15107]  ? bd_prepare_to_claim+0x3f1/0x490
[  660.142954][T15107]  ? __asan_memcpy+0x40/0x70
[  660.142982][T15107]  ? loop_set_status_from_info+0x185/0x250
[  660.143011][T15107]  loop_configure+0x7d5/0xfa0
[  660.143055][T15107]  ? __pfx_loop_configure+0x10/0x10
[  660.143114][T15107]  lo_ioctl+0x79b/0x2410
[  660.143150][T15107]  ? __pfx_lo_ioctl+0x10/0x10
[  660.143173][T15107]  ? ima_match_policy+0x10b/0x2150
[  660.143201][T15107]  ? look_up_lock_class+0x74/0x170
[  660.143231][T15107]  ? register_lock_class+0x51/0x320
[  660.143265][T15107]  ? __lock_acquire+0xab9/0xd20
[  660.143302][T15107]  ? process_measurement+0x3d8/0x1a40
[  660.143335][T15107]  ? __lock_acquire+0xab9/0xd20
[  660.143369][T15107]  ? __lock_acquire+0xab9/0xd20
[  660.143409][T15107]  ? __lock_acquire+0xab9/0xd20
[  660.143452][T15107]  ? __lock_acquire+0xab9/0xd20
[  660.143498][T15107]  ? is_bpf_text_address+0x26/0x2b0
[  660.143532][T15107]  ? is_bpf_text_address+0x292/0x2b0
[  660.143560][T15107]  ? is_bpf_text_address+0x26/0x2b0
[  660.143591][T15107]  ? kernel_text_address+0xa5/0xe0
[  660.143617][T15107]  ? __kernel_text_address+0xd/0x40
[  660.143641][T15107]  ? unwind_get_return_address+0x4d/0x90
[  660.143670][T15107]  ? __pfx_stack_trace_consume_entry+0x10/0x10
[  660.143692][T15107]  ? arch_stack_walk+0xfc/0x150
[  660.143725][T15107]  ? stack_trace_save+0x9c/0xe0
[  660.143748][T15107]  ? stack_depot_save_flags+0x40/0x900
[  660.143784][T15107]  ? kasan_save_track+0x4f/0x80
[  660.143811][T15107]  ? kasan_save_track+0x3e/0x80
[  660.143837][T15107]  ? kasan_save_free_info+0x46/0x50
[  660.143861][T15107]  ? __kasan_slab_free+0x62/0x70
[  660.143877][T15107]  ? kfree+0x18e/0x440
[  660.143902][T15107]  ? tomoyo_path_number_perm+0x47a/0x5a0
[  660.143923][T15107]  ? security_file_ioctl+0xcb/0x2d0
[  660.143943][T15107]  ? __se_sys_ioctl+0x47/0x170
[  660.143968][T15107]  ? do_syscall_64+0xfa/0x3b0
[  660.143984][T15107]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  660.144030][T15107]  ? do_vfs_ioctl+0xf37/0x1990
[  660.144061][T15107]  ? __pfx_do_vfs_ioctl+0x10/0x10
[  660.144096][T15107]  ? kasan_quarantine_put+0xdd/0x220
[  660.144133][T15107]  ? blkdev_common_ioctl+0xfc3/0x2450
[  660.144160][T15107]  ? tomoyo_path_number_perm+0x1bc/0x5a0
[  660.144184][T15107]  ? tomoyo_path_number_perm+0x1bc/0x5a0
[  660.144205][T15107]  ? __pfx_blkdev_common_ioctl+0x10/0x10
[  660.144231][T15107]  ? tomoyo_path_number_perm+0x4e2/0x5a0
[  660.144251][T15107]  ? tomoyo_path_number_perm+0x1bc/0x5a0
[  660.144318][T15107]  ? __pfx_lo_ioctl+0x10/0x10
[  660.144343][T15107]  blkdev_ioctl+0x5a8/0x6d0
[  660.144373][T15107]  ? __pfx_blkdev_ioctl+0x10/0x10
[  660.144398][T15107]  ? __fget_files+0x2a/0x420
[  660.144430][T15107]  ? bpf_lsm_file_ioctl+0x9/0x20
[  660.144458][T15107]  ? __pfx_blkdev_ioctl+0x10/0x10
[  660.144485][T15107]  __se_sys_ioctl+0xfc/0x170
[  660.144516][T15107]  do_syscall_64+0xfa/0x3b0
[  660.144532][T15107]  ? lockdep_hardirqs_on+0x9c/0x150
[  660.144559][T15107]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  660.144577][T15107]  ? clear_bhb_loop+0x60/0xb0
[  660.144601][T15107]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  660.144620][T15107] RIP: 0033:0x7f7a8538e929
[  660.144639][T15107] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  660.144656][T15107] RSP: 002b:00007f7a862db038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  660.144677][T15107] RAX: ffffffffffffffda RBX: 00007f7a855b5fa0 RCX: 00007f7a8538e929
[  660.144692][T15107] RDX: 00002000000002c0 RSI: 0000000000004c0a RDI: 0000000000000003
[  660.144706][T15107] RBP: 00007f7a862db090 R08: 0000000000000000 R09: 0000000000000000
[  660.144718][T15107] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  660.144731][T15107] R13: 0000000000000000 R14: 00007f7a855b5fa0 R15: 00007f7a856dfa28
[  660.144762][T15107]  </TASK>
[  660.144847][T15107] ERROR: Out of memory at tomoyo_realpath_from_path.
[  660.666890][T15107] loop6: detected capacity change from 0 to 7
[  660.676460][ T5838] Dev loop6: unable to read RDB block 7
[  660.682881][ T5838]  loop6: unable to read partition table
[  660.688843][ T5838] loop6: partition table beyond EOD, truncated
[  660.698868][T15107] Dev loop6: unable to read RDB block 7
[  660.715785][T15107]  loop6: unable to read partition table
[  660.736988][T15107] loop6: partition table beyond EOD, truncated
[  660.750423][T15107] loop_reread_partitions: partition scan of loop6 (þ被xü—ŸÑà– ) failed (rc=-5)
[  660.768650][T15109] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2493'.
[  660.796460][ T5921] usb 5-1: new high-speed USB device number 20 using dummy_hcd
[  660.855674][T15111] fuse: Bad value for 'user_id'
[  660.860937][T15111] fuse: Bad value for 'user_id'
[  660.968516][ T5921] usb 5-1: New USB device found, idVendor=0cf3, idProduct=9375, bcdDevice=1a.9e
[  660.980451][ T5921] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  660.996150][ T5921] usb 5-1: config 0 descriptor??
[  661.030851][T15118] FAULT_INJECTION: forcing a failure.
[  661.030851][T15118] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  661.049025][T15118] CPU: 0 UID: 0 PID: 15118 Comm: syz.3.2496 Not tainted 6.16.0-rc2-syzkaller-00318-g739a6c93cc75 #0 PREEMPT(full) 
[  661.049053][T15118] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  661.049066][T15118] Call Trace:
[  661.049074][T15118]  <TASK>
[  661.049083][T15118]  dump_stack_lvl+0x189/0x250
[  661.049117][T15118]  ? __pfx____ratelimit+0x10/0x10
[  661.049145][T15118]  ? __pfx_dump_stack_lvl+0x10/0x10
[  661.049171][T15118]  ? __pfx__printk+0x10/0x10
[  661.049190][T15118]  ? __might_fault+0xb0/0x130
[  661.049215][T15118]  should_fail_ex+0x414/0x560
[  661.049244][T15118]  _copy_from_iter+0x1db/0x16f0
[  661.049274][T15118]  ? txopt_get+0x7a/0x3f0
[  661.049297][T15118]  ? txopt_get+0x7a/0x3f0
[  661.049320][T15118]  ? __pfx__copy_from_iter+0x10/0x10
[  661.049341][T15118]  ? txopt_get+0x335/0x3f0
[  661.049366][T15118]  ? aa_label_sk_perm+0x413/0x560
[  661.049396][T15118]  ? __pfx_txopt_get+0x10/0x10
[  661.049428][T15118]  rawv6_sendmsg+0xb39/0x17f0
[  661.049463][T15118]  ? __pfx_rawv6_sendmsg+0x10/0x10
[  661.049509][T15118]  ? __pfx_aa_sk_perm+0x10/0x10
[  661.049531][T15118]  ? sock_rps_record_flow+0x19/0x410
[  661.049550][T15118]  ? inet_sendmsg+0x2f4/0x370
[  661.049565][T15118]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  661.049590][T15118]  __sock_sendmsg+0x19c/0x270
[  661.049618][T15118]  ____sys_sendmsg+0x52d/0x830
[  661.049645][T15118]  ? __pfx_____sys_sendmsg+0x10/0x10
[  661.049675][T15118]  ? import_iovec+0x74/0xa0
[  661.049693][T15118]  ___sys_sendmsg+0x21f/0x2a0
[  661.049717][T15118]  ? __pfx____sys_sendmsg+0x10/0x10
[  661.049767][T15118]  ? __fget_files+0x2a/0x420
[  661.049787][T15118]  ? __fget_files+0x3a0/0x420
[  661.049815][T15118]  __sys_sendmmsg+0x227/0x430
[  661.049840][T15118]  ? __pfx___sys_sendmmsg+0x10/0x10
[  661.049858][T15118]  ? __mutex_unlock_slowpath+0x1cd/0x700
[  661.049906][T15118]  ? ksys_write+0x22a/0x250
[  661.049926][T15118]  ? __pfx_ksys_write+0x10/0x10
[  661.049947][T15118]  __x64_sys_sendmmsg+0xa0/0xc0
[  661.049969][T15118]  do_syscall_64+0xfa/0x3b0
[  661.049984][T15118]  ? lockdep_hardirqs_on+0x9c/0x150
[  661.050007][T15118]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  661.050025][T15118]  ? clear_bhb_loop+0x60/0xb0
[  661.050047][T15118]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  661.050066][T15118] RIP: 0033:0x7fc232d8e929
[  661.050081][T15118] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  661.050097][T15118] RSP: 002b:00007fc233ccd038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[  661.050116][T15118] RAX: ffffffffffffffda RBX: 00007fc232fb5fa0 RCX: 00007fc232d8e929
[  661.050129][T15118] RDX: 0000000000000002 RSI: 0000200000000880 RDI: 0000000000000003
[  661.050141][T15118] RBP: 00007fc233ccd090 R08: 0000000000000000 R09: 0000000000000000
[  661.050156][T15118] R10: 0000000020008000 R11: 0000000000000246 R12: 0000000000000001
[  661.050166][T15118] R13: 0000000000000000 R14: 00007fc232fb5fa0 R15: 00007fc2330dfa28
[  661.050193][T15118]  </TASK>
[  661.216406][T14614] usb 3-1: new high-speed USB device number 14 using dummy_hcd
[  661.502180][T15122] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  661.515548][T15122] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  661.526472][T14614] usb 3-1: Using ep0 maxpacket: 8
[  661.533438][T14614] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 7
[  661.545741][T14614] usb 3-1: New USB device found, idVendor=082d, idProduct=0100, bcdDevice=70.4b
[  661.555161][T14614] usb 3-1: New USB device strings: Mfr=44, Product=2, SerialNumber=3
[  661.564035][T14614] usb 3-1: Product: syz
[  661.568535][T14614] usb 3-1: Manufacturer: syz
[  661.570328][T15122] ptrace attach of "./syz-executor exec"[6189] was attempted by "./syz-executor exec"[15122]
[  661.573362][ T5921] ath6kl: Unsupported hardware version: 0x0
[  661.589939][T14614] usb 3-1: SerialNumber: syz
[  661.597065][ T5921] ath6kl: Failed to init ath6kl core: -22
[  661.619939][ T5921] ath6kl_usb 5-1:0.0: probe with driver ath6kl_usb failed with error -22
[  661.819436][T14614] usb 3-1: Handspring Visor / Palm OS: port 16, is for unknown use
[  661.838998][T14614] usb 3-1: Handspring Visor / Palm OS: port 0, is for Generic use
[  661.965466][T14614] usb 3-1: Handspring Visor / Palm OS: Number of ports: 2
[  662.003777][ T5958] usb 5-1: USB disconnect, device number 20
[  662.032153][T15113] loop6: detected capacity change from 0 to 7
[  662.053155][T15113] Dev loop6: unable to read RDB block 7
[  662.065211][T15113]  loop6: unable to read partition table
[  662.084926][T15113] loop6: partition table beyond EOD, truncated
[  662.172621][T15113] loop_reread_partitions: partition scan of loop6 (þ被xü—ŸÑà– ) failed (rc=-5)
[  662.245392][T14614] usb 3-1: palm_os_3_probe - error -71 getting bytes available request
[  662.290840][T14614] visor 3-1:1.0: Handspring Visor / Palm OS converter detected
[  662.402263][T14614] usb 3-1: Handspring Visor / Palm OS converter now attached to ttyUSB0
[  662.546884][T14614] usb 3-1: Handspring Visor / Palm OS converter now attached to ttyUSB1
[  662.585817][   T30] audit: type=1326 audit(1750621818.168:3626): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15128 comm="syz.0.2499" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2ea478e929 code=0x7ffc0000
[  662.592637][T14614] usb 3-1: USB disconnect, device number 14
[  662.642976][T15130] fuse: Bad value for 'user_id'
[  662.648504][T15130] fuse: Bad value for 'user_id'
[  662.677021][   T30] audit: type=1326 audit(1750621818.218:3627): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15128 comm="syz.0.2499" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2ea478e929 code=0x7ffc0000
[  662.912675][T14614] visor ttyUSB0: Handspring Visor / Palm OS converter now disconnected from ttyUSB0
[  662.972463][T14614] visor ttyUSB1: Handspring Visor / Palm OS converter now disconnected from ttyUSB1
[  663.015056][T14614] visor 3-1:1.0: device disconnected
[  663.096504][ T5900] usb 5-1: new high-speed USB device number 21 using dummy_hcd
[  663.316449][ T5900] usb 5-1: device descriptor read/64, error -71
[  663.414737][T15140] FAULT_INJECTION: forcing a failure.
[  663.414737][T15140] name failslab, interval 1, probability 0, space 0, times 0
[  663.434830][T15142] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2504'.
[  663.465326][T15140] CPU: 0 UID: 0 PID: 15140 Comm: syz.2.2503 Not tainted 6.16.0-rc2-syzkaller-00318-g739a6c93cc75 #0 PREEMPT(full) 
[  663.465344][T15140] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  663.465351][T15140] Call Trace:
[  663.465357][T15140]  <TASK>
[  663.465362][T15140]  dump_stack_lvl+0x189/0x250
[  663.465383][T15140]  ? __pfx____ratelimit+0x10/0x10
[  663.465400][T15140]  ? __pfx_dump_stack_lvl+0x10/0x10
[  663.465416][T15140]  ? __pfx__printk+0x10/0x10
[  663.465429][T15140]  ? __pfx___might_resched+0x10/0x10
[  663.465448][T15140]  ? fs_reclaim_acquire+0x7d/0x100
[  663.465473][T15140]  should_fail_ex+0x414/0x560
[  663.465503][T15140]  should_failslab+0xa8/0x100
[  663.465518][T15140]  kmem_cache_alloc_node_noprof+0x76/0x3c0
[  663.465528][T15140]  ? dup_task_struct+0x52/0x860
[  663.465541][T15140]  dup_task_struct+0x52/0x860
[  663.465551][T15140]  ? lockdep_hardirqs_on+0x9c/0x150
[  663.465568][T15140]  copy_process+0x54b/0x3c00
[  663.465576][T15140]  ? stack_depot_save_flags+0x40/0x900
[  663.465596][T15140]  ? kasan_save_track+0x4f/0x80
[  663.465611][T15140]  ? __kmalloc_cache_noprof+0x230/0x3d0
[  663.465620][T15140]  ? create_io_worker+0xac/0x5d0
[  663.465631][T15140]  ? io_wq_enqueue+0x62c/0x850
[  663.465641][T15140]  ? tctx_task_work+0x3f/0x90
[  663.465651][T15140]  ? get_signal+0x11ed/0x1340
[  663.465664][T15140]  ? arch_do_signal_or_restart+0x9a/0x750
[  663.465677][T15140]  ? exit_to_user_mode_loop+0x75/0x110
[  663.465691][T15140]  ? do_syscall_64+0x2bd/0x3b0
[  663.465700][T15140]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  663.465713][T15140]  ? __pfx_copy_process+0x10/0x10
[  663.465727][T15140]  ? __pfx_io_wq_worker+0x10/0x10
[  663.465738][T15140]  ? __pfx_io_wq_worker+0x10/0x10
[  663.465749][T15140]  create_io_thread+0xef/0x150
[  663.465761][T15140]  ? __pfx_create_io_thread+0x10/0x10
[  663.465776][T15140]  ? __pfx_io_wq_worker+0x10/0x10
[  663.465791][T15140]  ? __raw_spin_lock_init+0x45/0x100
[  663.465803][T15140]  ? __init_swait_queue_head+0xa9/0x150
[  663.465816][T15140]  ? create_io_worker+0x27/0x5d0
[  663.465828][T15140]  create_io_worker+0x182/0x5d0
[  663.465841][T15140]  io_wq_enqueue+0x62c/0x850
[  663.465852][T15140]  ? __pfx_io_wq_work_match_item+0x10/0x10
[  663.465865][T15140]  ? __pfx_io_req_task_submit+0x10/0x10
[  663.465878][T15140]  io_handle_tw_list+0x350/0x4c0
[  663.465892][T15140]  tctx_task_work_run+0x99/0x370
[  663.465904][T15140]  tctx_task_work+0x3f/0x90
[  663.465915][T15140]  task_work_run+0x1d1/0x260
[  663.465929][T15140]  ? __pfx_task_work_run+0x10/0x10
[  663.465943][T15140]  ? security_file_permission+0x75/0x290
[  663.465955][T15140]  ? rw_verify_area+0x258/0x650
[  663.465972][T15140]  get_signal+0x11ed/0x1340
[  663.465992][T15140]  ? __pfx_vfs_write+0x10/0x10
[  663.466011][T15140]  arch_do_signal_or_restart+0x9a/0x750
[  663.466024][T15140]  ? __fget_files+0x2a/0x420
[  663.466035][T15140]  ? __fget_files+0x3a0/0x420
[  663.466045][T15140]  ? __fget_files+0x2a/0x420
[  663.466057][T15140]  ? __pfx_arch_do_signal_or_restart+0x10/0x10
[  663.466079][T15140]  ? exit_to_user_mode_loop+0x40/0x110
[  663.466096][T15140]  exit_to_user_mode_loop+0x75/0x110
[  663.466110][T15140]  do_syscall_64+0x2bd/0x3b0
[  663.466124][T15140]  ? lockdep_hardirqs_on+0x9c/0x150
[  663.466138][T15140]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  663.466148][T15140]  ? clear_bhb_loop+0x60/0xb0
[  663.466161][T15140]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  663.466171][T15140] RIP: 0033:0x7f7a8538e929
[  663.466182][T15140] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  663.466191][T15140] RSP: 002b:00007f7a862db038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  663.466203][T15140] RAX: 0000000000000030 RBX: 00007f7a855b5fa0 RCX: 00007f7a8538e929
[  663.466211][T15140] RDX: 0000000000000037 RSI: 0000200000000040 RDI: 0000000000000003
[  663.466218][T15140] RBP: 00007f7a862db090 R08: 0000000000000000 R09: 0000000000000000
[  663.466224][T15140] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  663.466236][T15140] R13: 0000000000000000 R14: 00007f7a855b5fa0 R15: 00007f7a856dfa28
[  663.466262][T15140]  </TASK>
[  663.986408][ T5900] usb 5-1: new high-speed USB device number 22 using dummy_hcd
[  663.987701][T15145] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[  664.141111][T15145] xt_CT: You must specify a L4 protocol and not use inversions on it
[  664.165759][T15149] program syz.2.2506 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  664.176754][ T5900] usb 5-1: device descriptor read/64, error -71
[  664.287229][ T5900] usb usb5-port1: attempt power cycle
[  664.573725][T15162] loop6: detected capacity change from 0 to 524288000
[  664.677162][ T5900] usb 5-1: new high-speed USB device number 23 using dummy_hcd
[  664.697069][ T5900] usb 5-1: device descriptor read/8, error -71
[  664.937926][ T5900] usb 5-1: new high-speed USB device number 24 using dummy_hcd
[  664.987616][ T5900] usb 5-1: device descriptor read/8, error -71
[  665.096864][ T5900] usb usb5-port1: unable to enumerate USB device
[  665.204833][T15176] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2515'.
[  665.216548][ T5958] usb 2-1: new high-speed USB device number 20 using dummy_hcd
[  665.312868][T15178] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  665.322025][T15178] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  665.378947][ T5958] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x3 has invalid wMaxPacketSize 0
[  665.391409][ T5958] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  665.404810][T15183] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  665.413819][T15183] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  665.422785][ T5958] usb 2-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  665.440574][ T5958] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  665.454001][T15178] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  665.474121][ T5958] usb 2-1: config 0 descriptor??
[  665.481912][T15178] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  665.518955][ T5958] usbhid 2-1:0.0: couldn't find an input interrupt endpoint
[  666.410479][T15207] netlink: 36 bytes leftover after parsing attributes in process `syz.3.2526'.
[  666.638290][   T30] audit: type=1326 audit(1750621822.228:3628): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15213 comm="syz.3.2527" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc232d8e929 code=0x7ffc0000
[  666.720125][   T30] audit: type=1326 audit(1750621822.258:3629): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15213 comm="syz.3.2527" exe="/root/syz-executor" sig=0 arch=c000003e syscall=318 compat=0 ip=0x7fc232d8e929 code=0x7ffc0000
[  666.748505][ T5900] usb 5-1: new high-speed USB device number 25 using dummy_hcd
[  667.037241][ T5900] usb 5-1: config 0 has no interfaces?
[  667.043757][   T30] audit: type=1326 audit(1750621822.258:3630): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15213 comm="syz.3.2527" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc232d8e929 code=0x7ffc0000
[  667.070287][T15216] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  667.084264][ T5900] usb 5-1: New USB device found, idVendor=091e, idProduct=0003, bcdDevice=d7.3b
[  667.166944][T15216] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  667.190886][ T5900] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  667.206779][ T5900] usb 5-1: Product: syz
[  667.211193][ T5900] usb 5-1: Manufacturer: syz
[  667.215892][   T30] audit: type=1326 audit(1750621822.258:3631): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15213 comm="syz.3.2527" exe="/root/syz-executor" sig=0 arch=c000003e syscall=271 compat=0 ip=0x7fc232d8e929 code=0x7ffc0000
[  667.264137][ T5900] usb 5-1: SerialNumber: syz
[  667.278413][ T5900] usb 5-1: config 0 descriptor??
[  667.295013][T15218] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  667.323735][T15218] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  667.341893][   T30] audit: type=1326 audit(1750621822.258:3632): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15213 comm="syz.3.2527" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc232d8e929 code=0x7ffc0000
[  667.440448][T15224] FAULT_INJECTION: forcing a failure.
[  667.440448][T15224] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  667.469041][T15224] CPU: 0 UID: 0 PID: 15224 Comm: syz.3.2530 Not tainted 6.16.0-rc2-syzkaller-00318-g739a6c93cc75 #0 PREEMPT(full) 
[  667.469072][T15224] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  667.469084][T15224] Call Trace:
[  667.469093][T15224]  <TASK>
[  667.469103][T15224]  dump_stack_lvl+0x189/0x250
[  667.469138][T15224]  ? __pfx____ratelimit+0x10/0x10
[  667.469167][T15224]  ? __pfx_dump_stack_lvl+0x10/0x10
[  667.469198][T15224]  ? __pfx__printk+0x10/0x10
[  667.469232][T15224]  should_fail_ex+0x414/0x560
[  667.469262][T15224]  strncpy_from_user+0x36/0x290
[  667.469290][T15224]  getname_flags+0xf3/0x540
[  667.469318][T15224]  do_sys_openat2+0xbc/0x1c0
[  667.469348][T15224]  ? __pfx_do_sys_openat2+0x10/0x10
[  667.469374][T15224]  ? ksys_write+0x22a/0x250
[  667.469395][T15224]  ? __pfx_ksys_write+0x10/0x10
[  667.469411][T15224]  ? rcu_is_watching+0x15/0xb0
[  667.469446][T15224]  __x64_sys_open+0x11e/0x150
[  667.469476][T15224]  do_syscall_64+0xfa/0x3b0
[  667.469494][T15224]  ? lockdep_hardirqs_on+0x9c/0x150
[  667.469521][T15224]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  667.469542][T15224]  ? clear_bhb_loop+0x60/0xb0
[  667.469566][T15224]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  667.469594][T15224] RIP: 0033:0x7fc232d8e929
[  667.469612][T15224] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  667.469629][T15224] RSP: 002b:00007fc233ccd038 EFLAGS: 00000246 ORIG_RAX: 0000000000000002
[  667.469651][T15224] RAX: ffffffffffffffda RBX: 00007fc232fb5fa0 RCX: 00007fc232d8e929
[  667.469666][T15224] RDX: 0000000000000000 RSI: 0000000000000002 RDI: 0000200000000200
[  667.469679][T15224] RBP: 00007fc233ccd090 R08: 0000000000000000 R09: 0000000000000000
[  667.469693][T15224] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  667.469705][T15224] R13: 0000000000000000 R14: 00007fc232fb5fa0 R15: 00007fc2330dfa28
[  667.469736][T15224]  </TASK>
[  668.009340][ T5921] usb 2-1: USB disconnect, device number 20
[  668.019915][T15211] ptrace attach of "./syz-executor exec"[5848] was attempted by "./syz-executor exec"[15211]
[  668.784176][T15235] could not allocate digest TFM handle sha256-ce
[  669.262540][T15244] delete_channel: no stack
[  669.267394][T15244] delete_channel: no stack
[  669.272171][T15244] delete_channel: no stack
[  669.277883][T15244] delete_channel: no stack
[  669.282586][T15244] delete_channel: no stack
[  669.287806][T15244] delete_channel: no stack
[  669.292425][T15244] delete_channel: no stack
[  669.422321][T15249] netlink: 36 bytes leftover after parsing attributes in process `syz.2.2537'.
[  669.474429][T15251] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  669.492120][T15251] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  669.610025][T15254] xt_CT: You must specify a L4 protocol and not use inversions on it
[  669.622176][   T30] audit: type=1326 audit(1750621825.208:3633): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15252 comm="syz.2.2539" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7a8538e929 code=0x7ffc0000
[  669.661399][   T30] audit: type=1326 audit(1750621825.208:3634): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15252 comm="syz.2.2539" exe="/root/syz-executor" sig=0 arch=c000003e syscall=459 compat=0 ip=0x7f7a8538e929 code=0x7ffc0000
[  669.684307][   T30] audit: type=1326 audit(1750621825.208:3635): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15252 comm="syz.2.2539" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7a8538e929 code=0x7ffc0000
[  669.745824][   T30] audit: type=1326 audit(1750621825.208:3636): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15252 comm="syz.2.2539" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f7a8538e929 code=0x7ffc0000
[  669.775209][   T30] audit: type=1326 audit(1750621825.208:3637): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15252 comm="syz.2.2539" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7a8538e929 code=0x7ffc0000
[  669.920953][T15265] FAULT_INJECTION: forcing a failure.
[  669.920953][T15265] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  669.941283][T15265] CPU: 0 UID: 0 PID: 15265 Comm: syz.1.2544 Not tainted 6.16.0-rc2-syzkaller-00318-g739a6c93cc75 #0 PREEMPT(full) 
[  669.941313][T15265] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  669.941324][T15265] Call Trace:
[  669.941331][T15265]  <TASK>
[  669.941340][T15265]  dump_stack_lvl+0x189/0x250
[  669.941372][T15265]  ? __pfx____ratelimit+0x10/0x10
[  669.941399][T15265]  ? __pfx_dump_stack_lvl+0x10/0x10
[  669.941426][T15265]  ? __pfx__printk+0x10/0x10
[  669.941453][T15265]  ? __might_fault+0xb0/0x130
[  669.941480][T15265]  should_fail_ex+0x414/0x560
[  669.941507][T15265]  _copy_from_user+0x2d/0xb0
[  669.941525][T15265]  ___sys_sendmsg+0x158/0x2a0
[  669.941550][T15265]  ? __pfx____sys_sendmsg+0x10/0x10
[  669.941607][T15265]  ? __might_fault+0xb0/0x130
[  669.941627][T15265]  __sys_sendmmsg+0x227/0x430
[  669.941653][T15265]  ? __pfx___sys_sendmmsg+0x10/0x10
[  669.941673][T15265]  ? __mutex_unlock_slowpath+0x1cd/0x700
[  669.941722][T15265]  ? ksys_write+0x22a/0x250
[  669.941740][T15265]  ? __pfx_ksys_write+0x10/0x10
[  669.941755][T15265]  ? rcu_is_watching+0x15/0xb0
[  669.941788][T15265]  __x64_sys_sendmmsg+0xa0/0xc0
[  669.941811][T15265]  do_syscall_64+0xfa/0x3b0
[  669.941826][T15265]  ? lockdep_hardirqs_on+0x9c/0x150
[  669.941849][T15265]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  669.941867][T15265]  ? clear_bhb_loop+0x60/0xb0
[  669.941887][T15265]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  669.941904][T15265] RIP: 0033:0x7f6bcd58e929
[  669.941921][T15265] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  669.941937][T15265] RSP: 002b:00007f6bce4c9038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[  669.941957][T15265] RAX: ffffffffffffffda RBX: 00007f6bcd7b5fa0 RCX: 00007f6bcd58e929
[  669.941970][T15265] RDX: 0000000000000651 RSI: 0000200000000000 RDI: 0000000000000004
[  669.941982][T15265] RBP: 00007f6bce4c9090 R08: 0000000000000000 R09: 0000000000000000
[  669.941993][T15265] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  669.942004][T15265] R13: 0000000000000000 R14: 00007f6bcd7b5fa0 R15: 00007f6bcd8dfa28
[  669.942030][T15265]  </TASK>
[  670.387726][ T5921] usb 5-1: USB disconnect, device number 25
[  671.543633][T15281] netlink: 36 bytes leftover after parsing attributes in process `syz.1.2549'.
[  672.054457][T15292] binder: 15282:15292 ioctl 4020ae46 7f2ea564fbe0 returned -22
[  672.128454][T15291] kvm: kvm [15290]: vcpu0, guest rIP: 0x1be Unhandled WRMSR(0xc2) = 0x8b49
[  672.199336][T15292] binder: 15282:15292 ioctl 4020ae46 7f2ea564fbe0 returned -22
[  672.234913][T15292] binder: 15282:15292 ioctl 4020ae46 7f2ea564fbe0 returned -22
[  672.286421][T15292] binder: 15282:15292 ioctl 4020ae46 7f2ea564fbe0 returned -22
[  672.350485][T15292] binder: 15282:15292 ioctl 4020ae46 7f2ea564fbe0 returned -22
[  672.363078][T15300] PKCS7: Unknown OID: [5] (bad)
[  672.368194][T15300] PKCS7: Only support pkcs7_signedData type
[  672.461697][T15292] binder: 15282:15292 ioctl 4020ae46 7f2ea564fbe0 returned -22
[  672.513028][T15292] binder: 15282:15292 ioctl 4020ae46 7f2ea564fbe0 returned -22
[  672.560783][T15292] binder: 15282:15292 ioctl 4020ae46 7f2ea564fbe0 returned -22
[  672.595407][T15292] binder: 15282:15292 ioctl 4020ae46 7f2ea564fbe0 returned -22
[  672.614313][T15302] ip6t_srh: unknown srh match flags  B153
[  672.653796][ T5893] usb 3-1: new high-speed USB device number 15 using dummy_hcd
[  672.773703][T15292] binder: 15282:15292 ioctl 4020ae46 7f2ea564fbe0 returned -22
[  672.804776][T15292] binder: 15282:15292 ioctl 4020ae46 7f2ea564fbe0 returned -22
[  672.813319][T15292] binder: 15282:15292 ioctl 4020ae46 7f2ea564fbe0 returned -22
[  672.821791][T15292] binder: 15282:15292 ioctl 4020ae46 7f2ea564fbe0 returned -22
[  672.830721][T15292] binder: 15282:15292 ioctl 4020ae46 7f2ea564fbe0 returned -22
[  672.838504][ T5893] usb 3-1: Using ep0 maxpacket: 32
[  672.866425][ T5921] usb 5-1: new high-speed USB device number 26 using dummy_hcd
[  672.870768][T15306] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2556'.
[  672.940538][T15292] binder: 15282:15292 ioctl 4020ae46 7f2ea564fbe0 returned -22
[  672.952086][ T5893] usb 3-1: config 0 has an invalid interface number: 85 but max is 0
[  672.960444][ T5893] usb 3-1: config 0 has no interface number 0
[  672.967721][ T5893] usb 3-1: config 0 interface 85 altsetting 7 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  672.980891][ T5893] usb 3-1: config 0 interface 85 has no altsetting 0
[  672.988662][T15292] binder: 15282:15292 ioctl 4020ae46 7f2ea564fbe0 returned -22
[  672.996940][T15292] binder: 15282:15292 ioctl 4020ae46 7f2ea564fbe0 returned -22
[  673.014820][T15292] binder: 15282:15292 ioctl 4020ae46 7f2ea564fbe0 returned -22
[  673.027952][ T5893] usb 3-1: New USB device found, idVendor=05ac, idProduct=0219, bcdDevice=f0.72
[  673.041041][ T5893] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  673.049673][ T5893] usb 3-1: Product: syz
[  673.053881][ T5893] usb 3-1: Manufacturer: syz
[  673.059235][ T5893] usb 3-1: SerialNumber: syz
[  673.065677][ T5893] usb 3-1: config 0 descriptor??
[  673.077435][ T5921] usb 5-1: device descriptor read/64, error -71
[  673.081448][T15292] binder: 15282:15292 ioctl 4020ae46 7f2ea564fbe0 returned -22
[  673.092102][T15292] binder: 15282:15292 ioctl 4020ae46 7f2ea564fbe0 returned -22
[  673.100970][T15292] binder: 15282:15292 ioctl 4020ae46 7f2ea564fbe0 returned -22
[  673.110125][T15292] binder: 15282:15292 ioctl 4020ae46 7f2ea564fbe0 returned -22
[  673.118272][T15306] hsr_slave_0 (unregistering): left promiscuous mode
[  673.133887][T15292] binder: 15282:15292 ioctl 4020ae46 7f2ea564fbe0 returned -22
[  673.162668][T15292] binder: 15282:15292 ioctl 4020ae46 7f2ea564fbe0 returned -22
[  673.237770][T15292] binder: 15282:15292 ioctl 4020ae46 7f2ea564f8e0 returned -22
[  673.330676][ T5921] usb 5-1: new high-speed USB device number 27 using dummy_hcd
[  673.476594][ T5921] usb 5-1: device descriptor read/64, error -71
[  673.605536][T15312] xt_TCPMSS: Only works on TCP SYN packets
[  673.629014][ T5921] usb usb5-port1: attempt power cycle
[  673.714964][T15321] netlink: 36 bytes leftover after parsing attributes in process `syz.3.2561'.
[  673.773388][T15323] FAULT_INJECTION: forcing a failure.
[  673.773388][T15323] name failslab, interval 1, probability 0, space 0, times 0
[  673.787986][T15323] CPU: 0 UID: 0 PID: 15323 Comm: syz.0.2560 Not tainted 6.16.0-rc2-syzkaller-00318-g739a6c93cc75 #0 PREEMPT(full) 
[  673.788016][T15323] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  673.788029][T15323] Call Trace:
[  673.788038][T15323]  <TASK>
[  673.788047][T15323]  dump_stack_lvl+0x189/0x250
[  673.788088][T15323]  ? __pfx____ratelimit+0x10/0x10
[  673.788118][T15323]  ? __pfx_dump_stack_lvl+0x10/0x10
[  673.788147][T15323]  ? __pfx__printk+0x10/0x10
[  673.788171][T15323]  ? __pfx___might_resched+0x10/0x10
[  673.788201][T15323]  ? fs_reclaim_acquire+0x7d/0x100
[  673.788229][T15323]  should_fail_ex+0x414/0x560
[  673.788259][T15323]  should_failslab+0xa8/0x100
[  673.788282][T15323]  kmem_cache_alloc_node_noprof+0x76/0x3c0
[  673.788302][T15323]  ? __alloc_skb+0x112/0x2d0
[  673.788326][T15323]  __alloc_skb+0x112/0x2d0
[  673.788351][T15323]  alloc_skb_with_frags+0xca/0x890
[  673.788378][T15323]  ? __lock_acquire+0xab9/0xd20
[  673.788414][T15323]  sock_alloc_send_pskb+0x857/0x990
[  673.788460][T15323]  ? __pfx_sock_alloc_send_pskb+0x10/0x10
[  673.788498][T15323]  ? bpf_lsm_socket_getpeersec_dgram+0x9/0x20
[  673.788529][T15323]  unix_dgram_sendmsg+0x4f6/0x1870
[  673.788555][T15323]  ? ktime_get+0x3e/0x1f0
[  673.788590][T15323]  ? aa_sk_perm+0x81e/0x950
[  673.788617][T15323]  ? __pfx_unix_dgram_sendmsg+0x10/0x10
[  673.788649][T15323]  ? aa_sock_msg_perm+0x94/0x160
[  673.788674][T15323]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  673.788699][T15323]  ? __pfx_unix_dgram_sendmsg+0x10/0x10
[  673.788725][T15323]  __sock_sendmsg+0x21c/0x270
[  673.788758][T15323]  ____sys_sendmsg+0x52d/0x830
[  673.788789][T15323]  ? __pfx_____sys_sendmsg+0x10/0x10
[  673.788823][T15323]  ? import_iovec+0x74/0xa0
[  673.788846][T15323]  ___sys_sendmsg+0x21f/0x2a0
[  673.788873][T15323]  ? __pfx____sys_sendmsg+0x10/0x10
[  673.788941][T15323]  ? __might_fault+0xb0/0x130
[  673.788964][T15323]  __sys_sendmmsg+0x227/0x430
[  673.788993][T15323]  ? __pfx___sys_sendmmsg+0x10/0x10
[  673.789014][T15323]  ? __mutex_unlock_slowpath+0x1cd/0x700
[  673.789071][T15323]  ? ksys_write+0x22a/0x250
[  673.789098][T15323]  ? __pfx_ksys_write+0x10/0x10
[  673.789123][T15323]  __x64_sys_sendmmsg+0xa0/0xc0
[  673.789151][T15323]  do_syscall_64+0xfa/0x3b0
[  673.789170][T15323]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  673.789189][T15323]  ? asm_sysvec_apic_timer_interrupt+0x1a/0x20
[  673.789209][T15323]  ? clear_bhb_loop+0x60/0xb0
[  673.789233][T15323]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  673.789252][T15323] RIP: 0033:0x7f2ea478e929
[  673.789270][T15323] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  673.789287][T15323] RSP: 002b:00007f2ea5693038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[  673.789308][T15323] RAX: ffffffffffffffda RBX: 00007f2ea49b5fa0 RCX: 00007f2ea478e929
[  673.789323][T15323] RDX: 0000000000000651 RSI: 0000200000000000 RDI: 0000000000000004
[  673.789336][T15323] RBP: 00007f2ea5693090 R08: 0000000000000000 R09: 0000000000000000
[  673.789348][T15323] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  673.789360][T15323] R13: 0000000000000000 R14: 00007f2ea49b5fa0 R15: 00007f2ea4adfa28
[  673.789391][T15323]  </TASK>
[  674.246732][ T5893] appletouch 3-1:0.85: Failed to request geyser raw mode
[  674.254028][ T5893] appletouch 3-1:0.85: probe with driver appletouch failed with error -5
[  674.336771][ T5921] usb 5-1: new high-speed USB device number 28 using dummy_hcd
[  674.404403][ T5893] usb 3-1: USB disconnect, device number 15
[  674.467341][ T5921] usb 5-1: device descriptor read/8, error -71
[  674.619127][T15337] netlink: 16 bytes leftover after parsing attributes in process `syz.2.2567'.
[  674.640414][T15337] netlink: 'syz.2.2567': attribute type 3 has an invalid length.
[  674.696913][T15337] netlink: 5108 bytes leftover after parsing attributes in process `syz.2.2567'.
[  674.716477][ T5921] usb 5-1: new high-speed USB device number 29 using dummy_hcd
[  674.746478][T15337] netlink: 'syz.2.2567': attribute type 3 has an invalid length.
[  674.757044][ T5921] usb 5-1: device descriptor read/8, error -71
[  674.774675][T15337] netlink: 5108 bytes leftover after parsing attributes in process `syz.2.2567'.
[  674.805959][T15341] netlink: 48 bytes leftover after parsing attributes in process `syz.2.2567'.
[  674.892744][ T5921] usb usb5-port1: unable to enumerate USB device
[  676.628966][T15361] netlink: 36 bytes leftover after parsing attributes in process `syz.2.2572'.
[  676.811051][T15371] program syz.0.2574 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  677.945860][T15396] fuse: Bad value for 'rootmode'
[  678.011994][T15396] bond3: (slave gretap2): Releasing backup interface
[  678.035830][T15400] netlink: 36 bytes leftover after parsing attributes in process `syz.2.2585'.
[  678.228978][T15346] delete_channel: no stack
[  678.498259][T15409] netlink: 'syz.1.2587': attribute type 64 has an invalid length.
[  678.527403][T15409] netlink: 9 bytes leftover after parsing attributes in process `syz.1.2587'.
[  678.586471][ T5921] usb 3-1: new full-speed USB device number 16 using dummy_hcd
[  678.758326][ T5921] usb 3-1: config 0 has an invalid interface number: 214 but max is 0
[  678.766662][T15420] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  678.767094][T15420] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  678.785219][ T5921] usb 3-1: config 0 has no interface number 0
[  678.832558][ T5921] usb 3-1: config 0 interface 214 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 10
[  679.083215][T15422] FAULT_INJECTION: forcing a failure.
[  679.083215][T15422] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  679.100282][ T5921] usb 3-1: config 0 interface 214 altsetting 0 endpoint 0x83 has invalid wMaxPacketSize 0
[  679.126626][T15422] CPU: 0 UID: 0 PID: 15422 Comm: syz.4.2593 Not tainted 6.16.0-rc2-syzkaller-00318-g739a6c93cc75 #0 PREEMPT(full) 
[  679.126651][T15422] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  679.126658][T15422] Call Trace:
[  679.126663][T15422]  <TASK>
[  679.126668][T15422]  dump_stack_lvl+0x189/0x250
[  679.126689][T15422]  ? __pfx____ratelimit+0x10/0x10
[  679.126705][T15422]  ? __pfx_dump_stack_lvl+0x10/0x10
[  679.126721][T15422]  ? __pfx__printk+0x10/0x10
[  679.126733][T15422]  ? __might_fault+0xb0/0x130
[  679.126749][T15422]  should_fail_ex+0x414/0x560
[  679.126765][T15422]  _copy_from_user+0x2d/0xb0
[  679.126776][T15422]  do_sys_poll+0x242/0x1070
[  679.126795][T15422]  ? __pfx_do_sys_poll+0x10/0x10
[  679.126809][T15422]  ? __lock_acquire+0xab9/0xd20
[  679.126853][T15422]  ? ktime_get_ts64+0xa2/0x3d0
[  679.126868][T15422]  ? seqcount_lockdep_reader_access+0x123/0x1c0
[  679.126894][T15422]  ? __pfx_timespec64_add_safe+0x10/0x10
[  679.126913][T15422]  __se_sys_poll+0x128/0x320
[  679.126935][T15422]  ? __pfx___se_sys_poll+0x10/0x10
[  679.126944][T15422]  ? rcu_is_watching+0x15/0xb0
[  679.126962][T15422]  ? do_syscall_64+0xbe/0x3b0
[  679.126974][T15422]  do_syscall_64+0xfa/0x3b0
[  679.126982][T15422]  ? lockdep_hardirqs_on+0x9c/0x150
[  679.126997][T15422]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  679.127008][T15422]  ? clear_bhb_loop+0x60/0xb0
[  679.127020][T15422]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  679.127030][T15422] RIP: 0033:0x7fc8eab8e929
[  679.127041][T15422] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  679.127051][T15422] RSP: 002b:00007fc8eb9ca038 EFLAGS: 00000246 ORIG_RAX: 0000000000000007
[  679.127063][T15422] RAX: ffffffffffffffda RBX: 00007fc8eadb5fa0 RCX: 00007fc8eab8e929
[  679.127071][T15422] RDX: 0000000000000007 RSI: 0000000000000001 RDI: 0000200000002240
[  679.127078][T15422] RBP: 00007fc8eb9ca090 R08: 0000000000000000 R09: 0000000000000000
[  679.127085][T15422] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  679.127091][T15422] R13: 0000000000000000 R14: 00007fc8eadb5fa0 R15: 00007fc8eaedfa28
[  679.127106][T15422]  </TASK>
[  679.153232][ T5921] usb 3-1: New USB device found, idVendor=0596, idProduct=0001, bcdDevice= 5.f5
[  679.516899][ T5921] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  679.525480][ T5921] usb 3-1: Product: syz
[  679.529759][ T5921] usb 3-1: Manufacturer: syz
[  679.534384][ T5921] usb 3-1: SerialNumber: syz
[  679.555867][ T5921] usb 3-1: config 0 descriptor??
[  679.784518][ T5921] usbtouchscreen 3-1:0.214: Failed to read FW rev: -71
[  679.796888][ T5921] usbtouchscreen 3-1:0.214: probe with driver usbtouchscreen failed with error -71
[  679.812194][ T5921] usb 3-1: USB disconnect, device number 16
[  680.357608][T15431] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2596'.
[  680.673801][T15441] program syz.4.2600 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  680.678604][T15446] FAULT_INJECTION: forcing a failure.
[  680.678604][T15446] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  680.700721][T15446] CPU: 0 UID: 0 PID: 15446 Comm: syz.3.2602 Not tainted 6.16.0-rc2-syzkaller-00318-g739a6c93cc75 #0 PREEMPT(full) 
[  680.700749][T15446] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  680.700762][T15446] Call Trace:
[  680.700770][T15446]  <TASK>
[  680.700780][T15446]  dump_stack_lvl+0x189/0x250
[  680.700814][T15446]  ? __pfx____ratelimit+0x10/0x10
[  680.700844][T15446]  ? __pfx_dump_stack_lvl+0x10/0x10
[  680.700873][T15446]  ? __pfx__printk+0x10/0x10
[  680.700895][T15446]  ? __might_fault+0xb0/0x130
[  680.700925][T15446]  should_fail_ex+0x414/0x560
[  680.700955][T15446]  _copy_from_user+0x2d/0xb0
[  680.700976][T15446]  ___sys_sendmsg+0x158/0x2a0
[  680.701005][T15446]  ? __pfx____sys_sendmsg+0x10/0x10
[  680.701073][T15446]  ? __might_fault+0xb0/0x130
[  680.701095][T15446]  __sys_sendmmsg+0x227/0x430
[  680.701126][T15446]  ? __pfx___sys_sendmmsg+0x10/0x10
[  680.701148][T15446]  ? __mutex_unlock_slowpath+0x1cd/0x700
[  680.701205][T15446]  ? ksys_write+0x22a/0x250
[  680.701225][T15446]  ? __pfx_ksys_write+0x10/0x10
[  680.701241][T15446]  ? rcu_is_watching+0x15/0xb0
[  680.701278][T15446]  __x64_sys_sendmmsg+0xa0/0xc0
[  680.701305][T15446]  do_syscall_64+0xfa/0x3b0
[  680.701322][T15446]  ? lockdep_hardirqs_on+0x9c/0x150
[  680.701349][T15446]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  680.701370][T15446]  ? clear_bhb_loop+0x60/0xb0
[  680.701394][T15446]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  680.701414][T15446] RIP: 0033:0x7fc232d8e929
[  680.701433][T15446] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  680.701450][T15446] RSP: 002b:00007fc233ccd038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[  680.701471][T15446] RAX: ffffffffffffffda RBX: 00007fc232fb5fa0 RCX: 00007fc232d8e929
[  680.701486][T15446] RDX: 0000000000000651 RSI: 0000200000000000 RDI: 0000000000000004
[  680.701500][T15446] RBP: 00007fc233ccd090 R08: 0000000000000000 R09: 0000000000000000
[  680.701513][T15446] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  680.701526][T15446] R13: 0000000000000000 R14: 00007fc232fb5fa0 R15: 00007fc2330dfa28
[  680.701556][T15446]  </TASK>
[  681.225700][T15455] FAULT_INJECTION: forcing a failure.
[  681.225700][T15455] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  681.246579][T15455] CPU: 0 UID: 0 PID: 15455 Comm: syz.1.2605 Not tainted 6.16.0-rc2-syzkaller-00318-g739a6c93cc75 #0 PREEMPT(full) 
[  681.246612][T15455] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  681.246624][T15455] Call Trace:
[  681.246633][T15455]  <TASK>
[  681.246641][T15455]  dump_stack_lvl+0x189/0x250
[  681.246674][T15455]  ? __pfx____ratelimit+0x10/0x10
[  681.246703][T15455]  ? __pfx_dump_stack_lvl+0x10/0x10
[  681.246734][T15455]  ? __pfx__printk+0x10/0x10
[  681.246755][T15455]  ? __might_fault+0xb0/0x130
[  681.246791][T15455]  should_fail_ex+0x414/0x560
[  681.246824][T15455]  _copy_from_user+0x2d/0xb0
[  681.246844][T15455]  dev_ethtool+0xd0/0x1990
[  681.246874][T15455]  ? __lock_acquire+0xab9/0xd20
[  681.246907][T15455]  ? __pfx_dev_ethtool+0x10/0x10
[  681.246943][T15455]  ? dev_load+0x21/0x1f0
[  681.246963][T15455]  ? dev_load+0x21/0x1f0
[  681.246986][T15455]  dev_ioctl+0x392/0x1150
[  681.247010][T15455]  sock_do_ioctl+0x22c/0x300
[  681.247039][T15455]  ? __pfx_sock_do_ioctl+0x10/0x10
[  681.247062][T15455]  ? __lock_acquire+0xab9/0xd20
[  681.247106][T15455]  sock_ioctl+0x576/0x790
[  681.247135][T15455]  ? __pfx_sock_ioctl+0x10/0x10
[  681.247162][T15455]  ? __fget_files+0x2a/0x420
[  681.247186][T15455]  ? __fget_files+0x3a0/0x420
[  681.247207][T15455]  ? __fget_files+0x2a/0x420
[  681.247231][T15455]  ? bpf_lsm_file_ioctl+0x9/0x20
[  681.247259][T15455]  ? __pfx_sock_ioctl+0x10/0x10
[  681.247285][T15455]  __se_sys_ioctl+0xfc/0x170
[  681.247314][T15455]  do_syscall_64+0xfa/0x3b0
[  681.247331][T15455]  ? lockdep_hardirqs_on+0x9c/0x150
[  681.247360][T15455]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  681.247380][T15455]  ? clear_bhb_loop+0x60/0xb0
[  681.247405][T15455]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  681.247424][T15455] RIP: 0033:0x7f6bcd58e929
[  681.247442][T15455] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  681.247460][T15455] RSP: 002b:00007f6bce4c9038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  681.247481][T15455] RAX: ffffffffffffffda RBX: 00007f6bcd7b5fa0 RCX: 00007f6bcd58e929
[  681.247497][T15455] RDX: 00002000000002c0 RSI: 0000000000008946 RDI: 0000000000000003
[  681.247511][T15455] RBP: 00007f6bce4c9090 R08: 0000000000000000 R09: 0000000000000000
[  681.247523][T15455] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  681.247535][T15455] R13: 0000000000000000 R14: 00007f6bcd7b5fa0 R15: 00007f6bcd8dfa28
[  681.247566][T15455]  </TASK>
[  681.498345][    C0] vkms_vblank_simulate: vblank timer overrun
[  681.778271][T15465] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2609'.
[  682.308351][T15481] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  682.320304][T15481] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  682.613604][T15488] program syz.2.2616 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  682.729535][T15491] FAULT_INJECTION: forcing a failure.
[  682.729535][T15491] name failslab, interval 1, probability 0, space 0, times 0
[  682.757031][T15491] CPU: 1 UID: 0 PID: 15491 Comm: syz.2.2617 Not tainted 6.16.0-rc2-syzkaller-00318-g739a6c93cc75 #0 PREEMPT(full) 
[  682.757062][T15491] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  682.757075][T15491] Call Trace:
[  682.757083][T15491]  <TASK>
[  682.757092][T15491]  dump_stack_lvl+0x189/0x250
[  682.757127][T15491]  ? __pfx____ratelimit+0x10/0x10
[  682.757156][T15491]  ? __pfx_dump_stack_lvl+0x10/0x10
[  682.757185][T15491]  ? __pfx__printk+0x10/0x10
[  682.757211][T15491]  ? __pfx___might_resched+0x10/0x10
[  682.757240][T15491]  ? fs_reclaim_acquire+0x7d/0x100
[  682.757268][T15491]  should_fail_ex+0x414/0x560
[  682.757297][T15491]  should_failslab+0xa8/0x100
[  682.757320][T15491]  __kmalloc_cache_noprof+0x70/0x3d0
[  682.757339][T15491]  ? dev_ethtool+0x126/0x1990
[  682.757369][T15491]  dev_ethtool+0x126/0x1990
[  682.757398][T15491]  ? __lock_acquire+0xab9/0xd20
[  682.757430][T15491]  ? __pfx_dev_ethtool+0x10/0x10
[  682.757475][T15491]  ? dev_load+0x21/0x1f0
[  682.757496][T15491]  ? dev_load+0x21/0x1f0
[  682.757516][T15491]  dev_ioctl+0x392/0x1150
[  682.757539][T15491]  sock_do_ioctl+0x22c/0x300
[  682.757571][T15491]  ? __pfx_sock_do_ioctl+0x10/0x10
[  682.757596][T15491]  ? __lock_acquire+0xab9/0xd20
[  682.757638][T15491]  sock_ioctl+0x576/0x790
[  682.757667][T15491]  ? __pfx_sock_ioctl+0x10/0x10
[  682.757694][T15491]  ? __fget_files+0x2a/0x420
[  682.757715][T15491]  ? __fget_files+0x3a0/0x420
[  682.757735][T15491]  ? __fget_files+0x2a/0x420
[  682.757760][T15491]  ? bpf_lsm_file_ioctl+0x9/0x20
[  682.757788][T15491]  ? __pfx_sock_ioctl+0x10/0x10
[  682.757814][T15491]  __se_sys_ioctl+0xfc/0x170
[  682.757846][T15491]  do_syscall_64+0xfa/0x3b0
[  682.757862][T15491]  ? lockdep_hardirqs_on+0x9c/0x150
[  682.757890][T15491]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  682.757909][T15491]  ? clear_bhb_loop+0x60/0xb0
[  682.757931][T15491]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  682.757950][T15491] RIP: 0033:0x7f7a8538e929
[  682.757967][T15491] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  682.757985][T15491] RSP: 002b:00007f7a862db038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  682.758007][T15491] RAX: ffffffffffffffda RBX: 00007f7a855b5fa0 RCX: 00007f7a8538e929
[  682.758022][T15491] RDX: 00002000000002c0 RSI: 0000000000008946 RDI: 0000000000000003
[  682.758035][T15491] RBP: 00007f7a862db090 R08: 0000000000000000 R09: 0000000000000000
[  682.758047][T15491] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  682.758059][T15491] R13: 0000000000000000 R14: 00007f7a855b5fa0 R15: 00007f7a856dfa28
[  682.758089][T15491]  </TASK>
[  683.165924][T15495] netlink: 'syz.3.2619': attribute type 8 has an invalid length.
[  683.178510][T15495] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2619'.
[  683.198817][T15497] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2620'.
[  683.215820][T15502] FAULT_INJECTION: forcing a failure.
[  683.215820][T15502] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  683.231988][T15502] CPU: 1 UID: 0 PID: 15502 Comm: syz.4.2621 Not tainted 6.16.0-rc2-syzkaller-00318-g739a6c93cc75 #0 PREEMPT(full) 
[  683.232014][T15502] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  683.232025][T15502] Call Trace:
[  683.232033][T15502]  <TASK>
[  683.232041][T15502]  dump_stack_lvl+0x189/0x250
[  683.232072][T15502]  ? __pfx____ratelimit+0x10/0x10
[  683.232101][T15502]  ? __pfx_dump_stack_lvl+0x10/0x10
[  683.232132][T15502]  ? __pfx__printk+0x10/0x10
[  683.232154][T15502]  ? __might_fault+0xb0/0x130
[  683.232184][T15502]  should_fail_ex+0x414/0x560
[  683.232213][T15502]  _copy_from_user+0x2d/0xb0
[  683.232231][T15502]  kstrtouint_from_user+0xc4/0x170
[  683.232259][T15502]  ? __pfx_kstrtouint_from_user+0x10/0x10
[  683.232301][T15502]  proc_fail_nth_write+0x88/0x240
[  683.232325][T15502]  ? __pfx_proc_fail_nth_write+0x10/0x10
[  683.232354][T15502]  ? __pfx_proc_fail_nth_write+0x10/0x10
[  683.232378][T15502]  vfs_write+0x27e/0xa90
[  683.232424][T15502]  ? __pfx_vfs_write+0x10/0x10
[  683.232452][T15502]  ? __fget_files+0x2a/0x420
[  683.232475][T15502]  ? __fget_files+0x3a0/0x420
[  683.232496][T15502]  ? __fget_files+0x2a/0x420
[  683.232526][T15502]  ksys_write+0x145/0x250
[  683.232545][T15502]  ? __pfx_ksys_write+0x10/0x10
[  683.232559][T15502]  ? rcu_is_watching+0x15/0xb0
[  683.232593][T15502]  ? do_syscall_64+0xbe/0x3b0
[  683.232613][T15502]  do_syscall_64+0xfa/0x3b0
[  683.232628][T15502]  ? lockdep_hardirqs_on+0x9c/0x150
[  683.232655][T15502]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  683.232675][T15502]  ? clear_bhb_loop+0x60/0xb0
[  683.232697][T15502]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  683.232715][T15502] RIP: 0033:0x7fc8eab8d3df
[  683.232732][T15502] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48
[  683.232748][T15502] RSP: 002b:00007fc8eb9ca030 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[  683.232768][T15502] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007fc8eab8d3df
[  683.232780][T15502] RDX: 0000000000000001 RSI: 00007fc8eb9ca0a0 RDI: 0000000000000004
[  683.232791][T15502] RBP: 00007fc8eb9ca090 R08: 0000000000000000 R09: 0000000000000014
[  683.232802][T15502] R10: 00000000200400c0 R11: 0000000000000293 R12: 0000000000000001
[  683.232813][T15502] R13: 0000000000000000 R14: 00007fc8eadb5fa0 R15: 00007fc8eaedfa28
[  683.232839][T15502]  </TASK>
[  683.596437][ T5893] usb 2-1: new high-speed USB device number 21 using dummy_hcd
[  683.740952][T15514] program syz.4.2627 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  683.786444][ T5893] usb 2-1: Using ep0 maxpacket: 32
[  683.822323][ T5893] usb 2-1: config 0 has an invalid interface number: 184 but max is 11
[  683.838465][ T5893] usb 2-1: config 0 has 1 interface, different from the descriptor's value: 12
[  683.875790][ T5893] usb 2-1: config 0 has no interface number 0
[  683.898902][ T5893] usb 2-1: config 0 interface 184 has no altsetting 0
[  683.948895][ T5893] usb 2-1: New USB device found, idVendor=0424, idProduct=7500, bcdDevice=69.ee
[  683.951093][T15519] netlink: 32 bytes leftover after parsing attributes in process `syz.3.2630'.
[  683.967832][ T5893] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  683.987845][ T5893] usb 2-1: Product: syz
[  683.992122][ T5893] usb 2-1: Manufacturer: syz
[  684.007609][ T5893] usb 2-1: SerialNumber: syz
[  684.012260][   T30] kauditd_printk_skb: 6 callbacks suppressed
[  684.012278][   T30] audit: type=1326 audit(1750621839.598:3644): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15521 comm="syz.2.2631" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7a8538e929 code=0x7ffc0000
[  684.039135][ T5893] usb 2-1: config 0 descriptor??
[  684.095008][ T5893] smsc75xx v1.0.0
[  684.103463][   T30] audit: type=1326 audit(1750621839.598:3645): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15521 comm="syz.2.2631" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7a8538e929 code=0x7ffc0000
[  684.131711][T15528] netlink: 36 bytes leftover after parsing attributes in process `syz.4.2633'.
[  684.140978][   T30] audit: type=1326 audit(1750621839.638:3646): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15521 comm="syz.2.2631" exe="/root/syz-executor" sig=0 arch=c000003e syscall=148 compat=0 ip=0x7f7a8538e929 code=0x7ffc0000
[  684.175910][T15519] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  684.201872][   T30] audit: type=1326 audit(1750621839.638:3647): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15521 comm="syz.2.2631" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7a8538e929 code=0x7ffc0000
[  684.226952][T15519] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  684.256901][T14614] usb 3-1: new low-speed USB device number 17 using dummy_hcd
[  684.326927][   T30] audit: type=1326 audit(1750621839.638:3648): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15521 comm="syz.2.2631" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7a8538e929 code=0x7ffc0000
[  684.368650][   T30] audit: type=1326 audit(1750621839.638:3649): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15521 comm="syz.2.2631" exe="/root/syz-executor" sig=0 arch=c000003e syscall=22 compat=0 ip=0x7f7a8538e929 code=0x7ffc0000
[  684.391024][    C0] vkms_vblank_simulate: vblank timer overrun
[  684.451449][   T30] audit: type=1326 audit(1750621839.638:3650): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15521 comm="syz.2.2631" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7a8538e929 code=0x7ffc0000
[  684.473991][    C0] vkms_vblank_simulate: vblank timer overrun
[  684.531723][   T30] audit: type=1326 audit(1750621839.638:3651): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15521 comm="syz.2.2631" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7a8538e929 code=0x7ffc0000
[  684.736995][ T5893] smsc75xx 2-1:0.184 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000040: -32
[  684.778636][ T5893] smsc75xx 2-1:0.184 (unnamed net_device) (uninitialized): Error reading E2P_CMD
[  684.792336][   T30] audit: type=1326 audit(1750621839.638:3652): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15521 comm="syz.2.2631" exe="/root/syz-executor" sig=0 arch=c000003e syscall=0 compat=0 ip=0x7f7a8538e929 code=0x7ffc0000
[  684.823839][   T30] audit: type=1326 audit(1750621839.698:3653): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15521 comm="syz.2.2631" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f7a8532ab19 code=0x7ffc0000
[  685.854654][ T1298] ieee802154 phy0 wpan0: encryption failed: -22
[  685.861126][ T1298] ieee802154 phy1 wpan1: encryption failed: -22
[  685.946341][T14614] usb 3-1: new high-speed USB device number 18 using dummy_hcd
[  686.118051][T14614] usb 3-1: config 0 has an invalid interface number: 1 but max is 0
[  686.126447][T14614] usb 3-1: config 0 has no interface number 0
[  686.134606][T14614] usb 3-1: New USB device found, idVendor=18b4, idProduct=fffb, bcdDevice=dc.7b
[  686.144294][T14614] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  686.152477][T14614] usb 3-1: Product: syz
[  686.156760][T14614] usb 3-1: Manufacturer: syz
[  686.161386][T14614] usb 3-1: SerialNumber: syz
[  686.182880][T14614] usb 3-1: config 0 descriptor??
[  686.263515][T15550] netlink: 28 bytes leftover after parsing attributes in process `syz.4.2638'.
[  686.278102][ T5893] smsc75xx 2-1:0.184 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000014: -71
[  686.299909][ T5893] smsc75xx 2-1:0.184 (unnamed net_device) (uninitialized): Failed to read PMT_CTL: -71
[  686.309897][ T5893] smsc75xx 2-1:0.184 (unnamed net_device) (uninitialized): smsc75xx_reset error -71
[  686.321725][ T5893] smsc75xx 2-1:0.184: probe with driver smsc75xx failed with error -71
[  686.336051][ T5893] usb 2-1: USB disconnect, device number 21
[  686.398497][T14614] dvb_usb_ec168 3-1:0.1: probe with driver dvb_usb_ec168 failed with error -71
[  686.415507][T14614] usb 3-1: USB disconnect, device number 18
[  686.778561][   T24] usb 5-1: new high-speed USB device number 30 using dummy_hcd
[  686.986311][   T24] usb 5-1: Using ep0 maxpacket: 32
[  687.002639][   T24] usb 5-1: New USB device found, idVendor=041e, idProduct=400b, bcdDevice=3e.e7
[  687.026518][   T24] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  687.047453][   T24] usb 5-1: config 0 descriptor??
[  687.056452][ T5893] usb 2-1: new high-speed USB device number 22 using dummy_hcd
[  687.059299][   T24] gspca_main: sunplus-2.14.0 probing 041e:400b
[  687.203795][T15568] netlink: 36 bytes leftover after parsing attributes in process `syz.2.2644'.
[  687.227076][ T5893] usb 2-1: Using ep0 maxpacket: 16
[  687.248558][ T5893] usb 2-1: config 3 contains an unexpected descriptor of type 0x2, skipping
[  687.276313][ T5893] usb 2-1: config 3 has an invalid descriptor of length 32, skipping remainder of the config
[  687.298162][ T5893] usb 2-1: config 3 has 0 interfaces, different from the descriptor's value: 1
[  687.316433][ T5893] usb 2-1: New USB device found, idVendor=1a86, idProduct=752d, bcdDevice=2d.4d
[  687.325764][ T5893] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  687.356498][ T5893] usb 2-1: Product: syz
[  687.360717][ T5893] usb 2-1: Manufacturer: syz
[  687.390043][ T5893] usb 2-1: SerialNumber: syz
[  687.443741][T15575] input: syz0 as /devices/virtual/input/input75
[  687.474537][T15575] input: failed to attach handler leds to device input75, error: -6
[  687.519726][   T24] gspca_sunplus: reg_w_riv err -71
[  687.524981][   T24] sunplus 5-1:0.0: probe with driver sunplus failed with error -71
[  687.564220][   T24] usb 5-1: USB disconnect, device number 30
[  687.634918][ T5893] usb 2-1: USB disconnect, device number 22
[  687.660953][T14614] IPVS: starting estimator thread 0...
[  687.767003][T15587] IPVS: using max 50 ests per chain, 120000 per kthread
[  688.209127][T15601] netlink: 36 bytes leftover after parsing attributes in process `syz.4.2656'.
[  688.276366][   T24] usb 3-1: new high-speed USB device number 19 using dummy_hcd
[  688.426373][   T24] usb 3-1: Using ep0 maxpacket: 32
[  688.438770][   T24] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  688.459903][   T24] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  688.486337][   T24] usb 3-1: New USB device found, idVendor=1e7d, idProduct=2d51, bcdDevice= 0.00
[  688.497070][   T24] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  688.519300][   T24] usb 3-1: config 0 descriptor??
[  688.646427][T14614] usb 5-1: new full-speed USB device number 31 using dummy_hcd
[  688.766559][ T5893] usb 2-1: new high-speed USB device number 23 using dummy_hcd
[  688.820570][T14614] usb 5-1: config 253 has no interfaces?
[  688.845170][T14614] usb 5-1: New USB device found, idVendor=7392, idProduct=e822, bcdDevice=82.6f
[  688.854793][T14614] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  688.867102][T14614] usb 5-1: Product: syz
[  688.875043][T14614] usb 5-1: Manufacturer: syz
[  688.880081][T14614] usb 5-1: SerialNumber: syz
[  688.926602][ T5893] usb 2-1: Using ep0 maxpacket: 16
[  688.935683][   T24] koneplus 0003:1E7D:2D51.002E: unknown main item tag 0x0
[  688.953173][   T24] koneplus 0003:1E7D:2D51.002E: unknown main item tag 0x0
[  688.976336][   T24] koneplus 0003:1E7D:2D51.002E: unknown main item tag 0x0
[  688.978750][T15610] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  688.992476][   T24] koneplus 0003:1E7D:2D51.002E: unknown main item tag 0x0
[  688.995345][T15610] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  689.006347][   T24] koneplus 0003:1E7D:2D51.002E: unknown main item tag 0x0
[  689.065765][   T24] koneplus 0003:1E7D:2D51.002E: hidraw0: USB HID v0.00 Device [HID 1e7d:2d51] on usb-dummy_hcd.2-1/input0
[  689.112477][T14614] usb 5-1: USB disconnect, device number 31
[  689.339235][T15596] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  689.358570][T15596] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  689.539609][ T5900] usb 3-1: USB disconnect, device number 19
[  689.820692][T15623] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  689.922045][T15629] FAULT_INJECTION: forcing a failure.
[  689.922045][T15629] name failslab, interval 1, probability 0, space 0, times 0
[  689.941186][T15629] CPU: 0 UID: 0 PID: 15629 Comm: syz.4.2663 Not tainted 6.16.0-rc2-syzkaller-00318-g739a6c93cc75 #0 PREEMPT(full) 
[  689.941216][T15629] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  689.941227][T15629] Call Trace:
[  689.941237][T15629]  <TASK>
[  689.941250][T15629]  dump_stack_lvl+0x189/0x250
[  689.941280][T15629]  ? __pfx____ratelimit+0x10/0x10
[  689.941305][T15629]  ? __pfx_dump_stack_lvl+0x10/0x10
[  689.941334][T15629]  ? __pfx__printk+0x10/0x10
[  689.941357][T15629]  ? __pfx___might_resched+0x10/0x10
[  689.941388][T15629]  ? fs_reclaim_acquire+0x7d/0x100
[  689.941417][T15629]  should_fail_ex+0x414/0x560
[  689.941448][T15629]  should_failslab+0xa8/0x100
[  689.941471][T15629]  __kmalloc_cache_node_noprof+0x73/0x3d0
[  689.941493][T15629]  ? page_pool_create_percpu+0x76/0xbe0
[  689.941523][T15629]  page_pool_create_percpu+0x76/0xbe0
[  689.941557][T15629]  __veth_napi_enable_range+0x16c/0x6f0
[  689.941590][T15629]  ? __pfx___veth_napi_enable_range+0x10/0x10
[  689.941626][T15629]  ? netif_napi_set_irq_locked+0x20b/0x720
[  689.941660][T15629]  veth_napi_enable_range+0xff/0x200
[  689.941692][T15629]  veth_set_features+0x1c8/0x2a0
[  689.941720][T15629]  __netdev_update_features+0xa43/0x1a20
[  689.941760][T15629]  ? __pfx___netdev_update_features+0x10/0x10
[  689.941783][T15629]  ? __lock_acquire+0xab9/0xd20
[  689.941819][T15629]  ? __might_fault+0xb0/0x130
[  689.941857][T15629]  ethtool_set_one_feature+0x2b4/0x300
[  689.941897][T15629]  ? __pfx_ethtool_set_one_feature+0x10/0x10
[  689.941925][T15629]  ? bpf_lsm_capable+0x9/0x20
[  689.941942][T15629]  ? security_capable+0x7e/0x2e0
[  689.941974][T15629]  dev_ethtool+0x1077/0x1990
[  689.942012][T15629]  ? __pfx_dev_ethtool+0x10/0x10
[  689.942056][T15629]  ? dev_load+0x21/0x1f0
[  689.942076][T15629]  dev_ioctl+0x392/0x1150
[  689.942097][T15629]  sock_do_ioctl+0x22c/0x300
[  689.942124][T15629]  ? __pfx_sock_do_ioctl+0x10/0x10
[  689.942147][T15629]  ? hook_file_ioctl+0xe0/0x530
[  689.942186][T15629]  sock_ioctl+0x576/0x790
[  689.942216][T15629]  ? __pfx_sock_ioctl+0x10/0x10
[  689.942245][T15629]  ? __fget_files+0x2a/0x420
[  689.942266][T15629]  ? __fget_files+0x3a0/0x420
[  689.942287][T15629]  ? __fget_files+0x2a/0x420
[  689.942312][T15629]  ? bpf_lsm_file_ioctl+0x9/0x20
[  689.942340][T15629]  ? __pfx_sock_ioctl+0x10/0x10
[  689.942368][T15629]  __se_sys_ioctl+0xfc/0x170
[  689.942399][T15629]  do_syscall_64+0xfa/0x3b0
[  689.942419][T15629]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  689.942438][T15629]  ? asm_sysvec_apic_timer_interrupt+0x1a/0x20
[  689.942458][T15629]  ? clear_bhb_loop+0x60/0xb0
[  689.942482][T15629]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  689.942501][T15629] RIP: 0033:0x7fc8eab8e929
[  689.942520][T15629] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  689.942538][T15629] RSP: 002b:00007fc8eb9ca038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  689.942559][T15629] RAX: ffffffffffffffda RBX: 00007fc8eadb5fa0 RCX: 00007fc8eab8e929
[  689.942575][T15629] RDX: 00002000000002c0 RSI: 0000000000008946 RDI: 0000000000000003
[  689.942588][T15629] RBP: 00007fc8eb9ca090 R08: 0000000000000000 R09: 0000000000000000
[  689.942602][T15629] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  689.942614][T15629] R13: 0000000000000000 R14: 00007fc8eadb5fa0 R15: 00007fc8eaedfa28
[  689.942645][T15629]  </TASK>
[  689.943768][T15629] veth0_to_team: set_features() failed (-12); wanted 0x0000612e4fdd49e9, left 0x0000612e4fdd09e9
[  690.367208][T15634] ptrace attach of "./syz-executor exec"[5846] was attempted by "./syz-executor exec"[15634]
[  690.507748][T15636] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  690.797335][T15641] netlink: 12 bytes leftover after parsing attributes in process `syz.4.2666'.
[  691.036906][T15650] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  691.045894][T15650] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  691.570043][ T5893] usb 2-1: unable to get BOS descriptor or descriptor too short
[  691.614813][ T5893] usb 2-1: unable to read config index 0 descriptor/start: -71
[  691.635276][ T5893] usb 2-1: can't read configurations, error -71
[  692.750773][   T30] kauditd_printk_skb: 331 callbacks suppressed
[  692.750796][   T30] audit: type=1326 audit(1750621848.278:3985): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15679 comm="syz.1.2678" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f6bcd58e929 code=0x0
[  692.798052][T15683] netlink: 'syz.1.2678': attribute type 12 has an invalid length.
[  692.866419][T15683] netlink: 9472 bytes leftover after parsing attributes in process `syz.1.2678'.
[  693.167349][T15687] A link change request failed with some changes committed already. Interface ip6gretap0 may have been left with an inconsistent configuration, please check.
[  693.405180][T15700] sctp: [Deprecated]: syz.0.2683 (pid 15700) Use of struct sctp_assoc_value in delayed_ack socket option.
[  693.405180][T15700] Use struct sctp_sack_info instead
[  693.605852][T15704] netlink: 'syz.0.2685': attribute type 3 has an invalid length.
[  694.788754][T15721] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2692'.
[  695.173518][T15729] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  695.374533][T15736] xt_limit: Overflow, try lower: 184549376/256
[  695.685407][T15741] netlink: 24 bytes leftover after parsing attributes in process `syz.2.2696'.
[  696.076389][ T5958] usb 3-1: new high-speed USB device number 21 using dummy_hcd
[  696.246708][ T5958] usb 3-1: Using ep0 maxpacket: 16
[  697.141121][T15767] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  697.217279][T15767] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  697.541254][T15776] PKCS7: Unknown OID: [5] (bad)
[  697.546559][T15776] PKCS7: Only support pkcs7_signedData type
[  697.554388][T15776] usb usb8: usbfs: process 15776 (syz.1.2706) did not claim interface 0 before use
[  697.573647][T15773] netlink: 156 bytes leftover after parsing attributes in process `syz.0.2707'.
[  698.276502][ T5900] usb 5-1: new high-speed USB device number 32 using dummy_hcd
[  698.399536][ T5958] usb 3-1: unable to get BOS descriptor or descriptor too short
[  698.423872][ T5958] usb 3-1: unable to read config index 0 descriptor/start: -71
[  698.437702][ T5958] usb 3-1: can't read configurations, error -71
[  698.459026][ T5900] usb 5-1: Using ep0 maxpacket: 8
[  698.483624][ T5900] usb 5-1: New USB device found, idVendor=047d, idProduct=5003, bcdDevice=2f.8c
[  698.498698][ T5900] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  698.521755][ T5900] usb 5-1: Product: syz
[  698.532145][ T5900] usb 5-1: Manufacturer: syz
[  698.544629][ T5900] usb 5-1: SerialNumber: syz
[  698.555206][ T5900] usb 5-1: config 0 descriptor??
[  698.571096][ T5900] gspca_main: se401-2.14.0 probing 047d:5003
[  698.708967][T15790] FAULT_INJECTION: forcing a failure.
[  698.708967][T15790] name failslab, interval 1, probability 0, space 0, times 0
[  698.722008][T15790] CPU: 1 UID: 0 PID: 15790 Comm: syz.0.2713 Not tainted 6.16.0-rc2-syzkaller-00318-g739a6c93cc75 #0 PREEMPT(full) 
[  698.722039][T15790] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  698.722070][T15790] Call Trace:
[  698.722078][T15790]  <TASK>
[  698.722087][T15790]  dump_stack_lvl+0x189/0x250
[  698.722121][T15790]  ? __pfx____ratelimit+0x10/0x10
[  698.722151][T15790]  ? __pfx_dump_stack_lvl+0x10/0x10
[  698.722181][T15790]  ? __pfx__printk+0x10/0x10
[  698.722205][T15790]  ? __pfx___might_resched+0x10/0x10
[  698.722234][T15790]  ? fs_reclaim_acquire+0x7d/0x100
[  698.722262][T15790]  should_fail_ex+0x414/0x560
[  698.722291][T15790]  should_failslab+0xa8/0x100
[  698.722314][T15790]  __kmalloc_noprof+0xcb/0x4f0
[  698.722333][T15790]  ? iovec_from_user+0x87/0x250
[  698.722356][T15790]  iovec_from_user+0x87/0x250
[  698.722379][T15790]  __import_iovec+0x163/0x7f0
[  698.722407][T15790]  import_iovec+0x74/0xa0
[  698.722430][T15790]  vfs_writev+0x1a3/0x960
[  698.722458][T15790]  ? __lock_acquire+0xab9/0xd20
[  698.722494][T15790]  ? __pfx_vfs_writev+0x10/0x10
[  698.722532][T15790]  ? __fget_files+0x2a/0x420
[  698.722557][T15790]  ? __fget_files+0x3a0/0x420
[  698.722578][T15790]  ? __fget_files+0x2a/0x420
[  698.722607][T15790]  do_writev+0x14d/0x2d0
[  698.722633][T15790]  ? __pfx_do_writev+0x10/0x10
[  698.722661][T15790]  ? do_syscall_64+0xbe/0x3b0
[  698.722684][T15790]  do_syscall_64+0xfa/0x3b0
[  698.722701][T15790]  ? lockdep_hardirqs_on+0x9c/0x150
[  698.722728][T15790]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  698.722748][T15790]  ? clear_bhb_loop+0x60/0xb0
[  698.722771][T15790]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  698.722791][T15790] RIP: 0033:0x7f2ea478e929
[  698.722809][T15790] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  698.722826][T15790] RSP: 002b:00007f2ea5693038 EFLAGS: 00000246 ORIG_RAX: 0000000000000014
[  698.722847][T15790] RAX: ffffffffffffffda RBX: 00007f2ea49b5fa0 RCX: 00007f2ea478e929
[  698.722862][T15790] RDX: 0000000000000011 RSI: 0000200000000080 RDI: 0000000000000003
[  698.722875][T15790] RBP: 00007f2ea5693090 R08: 0000000000000000 R09: 0000000000000000
[  698.722888][T15790] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  698.722900][T15790] R13: 0000000000000000 R14: 00007f2ea49b5fa0 R15: 00007f2ea4adfa28
[  698.722929][T15790]  </TASK>
[  699.041846][T15792] program syz.1.2714 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  699.179818][ T5900] gspca_se401: Too many frame sizes
[  699.226490][ T5958] usb 3-1: new high-speed USB device number 22 using dummy_hcd
[  699.378422][ T5958] usb 3-1: New USB device found, idVendor=046d, idProduct=0870, bcdDevice=61.47
[  699.388383][ T5958] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  699.421742][ T5900] usb 5-1: USB disconnect, device number 32
[  699.440155][ T5958] usb 3-1: config 0 descriptor??
[  699.557311][ T5958] gspca_main: STV06xx-2.14.0 probing 046d:0870
[  700.623186][T15820] FAULT_INJECTION: forcing a failure.
[  700.623186][T15820] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  700.671893][T15820] CPU: 1 UID: 0 PID: 15820 Comm: syz.4.2725 Not tainted 6.16.0-rc2-syzkaller-00318-g739a6c93cc75 #0 PREEMPT(full) 
[  700.671925][T15820] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  700.671936][T15820] Call Trace:
[  700.671945][T15820]  <TASK>
[  700.671953][T15820]  dump_stack_lvl+0x189/0x250
[  700.671987][T15820]  ? __pfx____ratelimit+0x10/0x10
[  700.672004][T15820]  ? __pfx_dump_stack_lvl+0x10/0x10
[  700.672023][T15820]  ? __pfx__printk+0x10/0x10
[  700.672041][T15820]  should_fail_ex+0x414/0x560
[  700.672069][T15820]  _copy_to_user+0x31/0xb0
[  700.672092][T15820]  simple_read_from_buffer+0xe1/0x170
[  700.672113][T15820]  proc_fail_nth_read+0x1df/0x250
[  700.672137][T15820]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  700.672151][T15820]  ? rw_verify_area+0x258/0x650
[  700.672166][T15820]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  700.672179][T15820]  vfs_read+0x200/0x980
[  700.672201][T15820]  ? __pfx___mutex_lock+0x10/0x10
[  700.672219][T15820]  ? __pfx_vfs_read+0x10/0x10
[  700.672250][T15820]  ? __fget_files+0x2a/0x420
[  700.672277][T15820]  ? __fget_files+0x3a0/0x420
[  700.672291][T15820]  ? __fget_files+0x2a/0x420
[  700.672307][T15820]  ksys_read+0x145/0x250
[  700.672318][T15820]  ? __pfx_ksys_read+0x10/0x10
[  700.672331][T15820]  ? rcu_is_watching+0x15/0xb0
[  700.672365][T15820]  ? do_syscall_64+0xbe/0x3b0
[  700.672387][T15820]  do_syscall_64+0xfa/0x3b0
[  700.672404][T15820]  ? lockdep_hardirqs_on+0x9c/0x150
[  700.672431][T15820]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  700.672443][T15820]  ? clear_bhb_loop+0x60/0xb0
[  700.672455][T15820]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  700.672465][T15820] RIP: 0033:0x7fc8eab8d33c
[  700.672476][T15820] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[  700.672485][T15820] RSP: 002b:00007fc8eb9a9030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  700.672501][T15820] RAX: ffffffffffffffda RBX: 00007fc8eadb6080 RCX: 00007fc8eab8d33c
[  700.672515][T15820] RDX: 000000000000000f RSI: 00007fc8eb9a90a0 RDI: 0000000000000004
[  700.672528][T15820] RBP: 00007fc8eb9a9090 R08: 0000000000000000 R09: 0000000000000000
[  700.672540][T15820] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  700.672553][T15820] R13: 0000000000000000 R14: 00007fc8eadb6080 R15: 00007fc8eaedfa28
[  700.672583][T15820]  </TASK>
[  700.951761][T15822] FAULT_INJECTION: forcing a failure.
[  700.951761][T15822] name failslab, interval 1, probability 0, space 0, times 0
[  701.087087][T15822] CPU: 0 UID: 0 PID: 15822 Comm: syz.3.2726 Not tainted 6.16.0-rc2-syzkaller-00318-g739a6c93cc75 #0 PREEMPT(full) 
[  701.087120][T15822] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  701.087134][T15822] Call Trace:
[  701.087143][T15822]  <TASK>
[  701.087152][T15822]  dump_stack_lvl+0x189/0x250
[  701.087187][T15822]  ? __pfx____ratelimit+0x10/0x10
[  701.087216][T15822]  ? __pfx_dump_stack_lvl+0x10/0x10
[  701.087246][T15822]  ? __pfx__printk+0x10/0x10
[  701.087282][T15822]  ? __pfx___might_resched+0x10/0x10
[  701.087318][T15822]  ? fs_reclaim_acquire+0x7d/0x100
[  701.087344][T15822]  should_fail_ex+0x414/0x560
[  701.087376][T15822]  should_failslab+0xa8/0x100
[  701.087400][T15822]  kmem_cache_alloc_noprof+0x73/0x3c0
[  701.087423][T15822]  ? skb_clone+0x212/0x3a0
[  701.087453][T15822]  skb_clone+0x212/0x3a0
[  701.087475][T15822]  ? nfnetlink_rcv+0x486/0x2520
[  701.087504][T15822]  nfnetlink_rcv+0x4b4/0x2520
[  701.087532][T15822]  ? unwind_get_return_address+0x4d/0x90
[  701.087561][T15822]  ? __pfx_stack_trace_consume_entry+0x10/0x10
[  701.087599][T15822]  ? stack_trace_save+0x9c/0xe0
[  701.087623][T15822]  ? stack_depot_save_flags+0x40/0x900
[  701.087653][T15822]  ? __pfx_nfnetlink_rcv+0x10/0x10
[  701.087704][T15822]  ? __lock_acquire+0xab9/0xd20
[  701.087757][T15822]  ? __lock_acquire+0xab9/0xd20
[  701.087795][T15822]  ? netlink_deliver_tap+0x2e/0x1b0
[  701.087824][T15822]  ? netlink_deliver_tap+0x2e/0x1b0
[  701.087846][T15822]  ? netlink_deliver_tap+0x2e/0x1b0
[  701.087875][T15822]  netlink_unicast+0x75b/0x8d0
[  701.087906][T15822]  netlink_sendmsg+0x805/0xb30
[  701.087939][T15822]  ? __pfx_netlink_sendmsg+0x10/0x10
[  701.087966][T15822]  ? aa_sock_msg_perm+0x94/0x160
[  701.087993][T15822]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  701.088016][T15822]  ? __pfx_netlink_sendmsg+0x10/0x10
[  701.088039][T15822]  __sock_sendmsg+0x21c/0x270
[  701.088071][T15822]  ____sys_sendmsg+0x505/0x830
[  701.088097][T15822]  ? __pfx_____sys_sendmsg+0x10/0x10
[  701.088130][T15822]  ? import_iovec+0x74/0xa0
[  701.088149][T15822]  ___sys_sendmsg+0x21f/0x2a0
[  701.088174][T15822]  ? __pfx____sys_sendmsg+0x10/0x10
[  701.088248][T15822]  ? __fget_files+0x2a/0x420
[  701.088274][T15822]  ? __fget_files+0x3a0/0x420
[  701.088304][T15822]  __x64_sys_sendmsg+0x19b/0x260
[  701.088329][T15822]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  701.088360][T15822]  ? __pfx_ksys_write+0x10/0x10
[  701.088376][T15822]  ? rcu_is_watching+0x15/0xb0
[  701.088408][T15822]  ? do_syscall_64+0xbe/0x3b0
[  701.088431][T15822]  do_syscall_64+0xfa/0x3b0
[  701.088447][T15822]  ? lockdep_hardirqs_on+0x9c/0x150
[  701.088468][T15822]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  701.088478][T15822]  ? clear_bhb_loop+0x60/0xb0
[  701.088491][T15822]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  701.088501][T15822] RIP: 0033:0x7fc232d8e929
[  701.088511][T15822] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  701.088521][T15822] RSP: 002b:00007fc233ccd038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  701.088533][T15822] RAX: ffffffffffffffda RBX: 00007fc232fb5fa0 RCX: 00007fc232d8e929
[  701.088541][T15822] RDX: 0000000000000000 RSI: 0000200000000000 RDI: 0000000000000003
[  701.088549][T15822] RBP: 00007fc233ccd090 R08: 0000000000000000 R09: 0000000000000000
[  701.088555][T15822] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  701.088562][T15822] R13: 0000000000000000 R14: 00007fc232fb5fa0 R15: 00007fc2330dfa28
[  701.088577][T15822]  </TASK>
[  701.565175][T15826] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  701.581349][T15829] vlan3: entered allmulticast mode
[  701.585529][T15826] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  701.587109][T15829] veth1: entered allmulticast mode
[  701.765904][T15826] fuse: Bad value for 'fd'
[  701.816674][T15837] syzkaller1: entered promiscuous mode
[  701.822397][T15837] syzkaller1: entered allmulticast mode
[  701.861699][T15837] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2731'.
[  701.989570][T15842] netlink: 80 bytes leftover after parsing attributes in process `syz.1.2733'.
[  702.244316][T15843] xt_CT: No such helper "syz0"
[  702.696388][ T5958] gspca_stv06xx: I2C: Read error writing address: -71
[  702.716389][ T5958] usb 3-1: USB disconnect, device number 22
[  703.106610][ T5958] usb 3-1: new full-speed USB device number 23 using dummy_hcd
[  703.156341][ T5893] usb 2-1: new high-speed USB device number 25 using dummy_hcd
[  703.258249][ T5958] usb 3-1: unable to get BOS descriptor or descriptor too short
[  703.269147][ T5958] usb 3-1: not running at top speed; connect to a high speed hub
[  703.277941][ T5958] usb 3-1: config 4 has an invalid interface number: 147 but max is 0
[  703.286154][ T5958] usb 3-1: config 4 has an invalid descriptor of length 0, skipping remainder of the config
[  703.296653][ T5958] usb 3-1: config 4 has no interface number 0
[  703.304973][ T5958] usb 3-1: New USB device found, idVendor=04f2, idProduct=b746, bcdDevice=8e.6e
[  703.306411][   T24] usb 5-1: new high-speed USB device number 33 using dummy_hcd
[  703.314846][ T5958] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  703.332444][ T5958] usb 3-1: Product: syz
[  703.337115][ T5958] usb 3-1: Manufacturer: syz
[  703.342004][ T5958] usb 3-1: SerialNumber: syz
[  703.348830][ T5893] usb 2-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3
[  703.358391][ T5893] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  703.377452][ T5893] usb 2-1: config 0 descriptor??
[  703.390722][ T5893] cp210x 2-1:0.0: cp210x converter detected
[  703.478468][   T24] usb 5-1: config 0 has an invalid interface number: 95 but max is 0
[  703.486861][   T24] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  703.497222][   T24] usb 5-1: config 0 has no interface number 0
[  703.503356][   T24] usb 5-1: config 0 interface 95 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 2
[  703.518978][   T24] usb 5-1: New USB device found, idVendor=7725, idProduct=b0a8, bcdDevice= 7.46
[  703.528613][   T24] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  703.536740][   T24] usb 5-1: Product: syz
[  703.541077][   T24] usb 5-1: Manufacturer: syz
[  703.545691][   T24] usb 5-1: SerialNumber: syz
[  703.552930][   T24] usb 5-1: config 0 descriptor??
[  703.574139][T15860] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  703.583257][T15860] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  703.596062][T15860] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  703.605053][T15860] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  703.617523][T15860] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  703.626662][T15860] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  703.635481][T15860] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  703.644392][T15860] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  703.653370][T15860] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  703.662214][T15860] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  703.701887][ T5958] usb 3-1: Found UVC 0.02 device syz (04f2:b746)
[  703.709774][ T5958] usb 3-1: No valid video chain found.
[  703.723580][ T5958] usb 3-1: USB disconnect, device number 23
[  703.808590][ T5893] cp210x 2-1:0.0: failed to get vendor val 0x0010 size 3: -32
[  703.827164][ T5893] usb 2-1: cp210x converter now attached to ttyUSB0
[  704.067965][T14614] usb 2-1: USB disconnect, device number 25
[  704.078285][T14614] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0
[  704.122937][T14614] cp210x 2-1:0.0: device disconnected
[  704.311557][   T24] usb 5-1: Quirk or no altset; falling back to MIDI 1.0
[  704.331080][   T24] usb 5-1: MIDIStreaming interface descriptor not found
[  704.393913][   T24] usb 5-1: USB disconnect, device number 33
[  704.462713][ T5957] udevd[5957]: error opening ATTR{/sys/devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.95/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  704.863691][T15887] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  704.893645][T15887] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  704.903446][T14614] usb 2-1: new high-speed USB device number 26 using dummy_hcd
[  704.924348][T15887] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  704.935393][T15887] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  705.044639][T15889] netlink: 'syz.0.2748': attribute type 6 has an invalid length.
[  705.158294][T14614] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  705.184679][T14614] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  705.207205][ T5893] usb 5-1: new high-speed USB device number 34 using dummy_hcd
[  705.215422][T14614] usb 2-1: New USB device found, idVendor=1e71, idProduct=200d, bcdDevice= 0.00
[  705.227381][T14614] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  705.244157][T14614] usb 2-1: config 0 descriptor??
[  705.365689][T15894] Invalid logical block size (33423360)
[  705.418776][ T5893] usb 5-1: config 0 interface 0 altsetting 15 endpoint 0x81 has invalid wMaxPacketSize 0
[  705.463996][ T5893] usb 5-1: config 0 interface 0 altsetting 15 has 1 endpoint descriptor, different from the interface descriptor's value: 5
[  705.515941][ T5893] usb 5-1: config 0 interface 0 has no altsetting 0
[  705.538956][ T5893] usb 5-1: New USB device found, idVendor=05ac, idProduct=025b, bcdDevice= 0.00
[  705.560375][T14614] usbhid 2-1:0.0: can't add hid device: -71
[  705.581103][ T5893] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  705.581178][T14614] usbhid 2-1:0.0: probe with driver usbhid failed with error -71
[  705.625892][T14614] usb 2-1: USB disconnect, device number 26
[  705.628863][ T5893] usb 5-1: config 0 descriptor??
[  705.747113][ T5921] usb 3-1: new high-speed USB device number 24 using dummy_hcd
[  705.822859][T15910] macsec3: entered promiscuous mode
[  705.832001][T15910] vlan1: entered promiscuous mode
[  705.907976][ T5921] usb 3-1: New USB device found, idVendor=0545, idProduct=808b, bcdDevice=31.ad
[  705.920184][ T5921] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  705.949093][ T5893] usb 5-1: string descriptor 0 read error: -71
[  705.955993][ T5921] usb 3-1: config 0 descriptor??
[  706.005961][ T5893] input: bcm5974 as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/input/input76
[  706.025735][ T5921] gspca_main: tv8532-2.14.0 probing 0545:808b
[  706.034429][ T5191] bcm5974 5-1:0.0: could not read from device
[  706.058333][ T5893] usb 5-1: USB disconnect, device number 34
[  706.086651][ T5191] bcm5974 5-1:0.0: could not read from device
[  706.369713][T15918] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  706.406131][T15918] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  706.427155][T15917] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2760'.
[  707.116484][ T5921] usb 2-1: new high-speed USB device number 27 using dummy_hcd
[  707.129086][   T24] usb 3-1: USB disconnect, device number 24
[  707.465435][T15944] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  707.477979][T15944] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  707.501484][ T5921] usb 2-1: config 0 has no interfaces?
[  707.764971][ T5921] usb 2-1: New USB device found, idVendor=091e, idProduct=0003, bcdDevice=d7.3b
[  707.827058][ T5921] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  707.861572][ T5921] usb 2-1: Product: syz
[  707.881062][ T5921] usb 2-1: Manufacturer: syz
[  707.891050][ T5921] usb 2-1: SerialNumber: syz
[  707.924322][ T5921] usb 2-1: config 0 descriptor??
[  708.165578][T15956] xt_CT: You must specify a L4 protocol and not use inversions on it
[  708.190737][T15963] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  708.496653][ T5893] usb 3-1: new high-speed USB device number 25 using dummy_hcd
[  709.306401][ T5893] usb 3-1: Using ep0 maxpacket: 32
[  709.314289][ T5893] usb 3-1: config 0 has an invalid interface number: 151 but max is 0
[  709.323231][ T5893] usb 3-1: config 0 has no interface number 0
[  709.401131][ T5893] usb 3-1: New USB device found, idVendor=0499, idProduct=6bb7, bcdDevice=68.2f
[  709.410995][ T5893] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  709.419762][ T5893] usb 3-1: Product: syz
[  709.426669][ T5893] usb 3-1: Manufacturer: syz
[  709.438189][ T5893] usb 3-1: SerialNumber: syz
[  709.445464][T15966] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2771'.
[  709.516540][ T5893] usb 3-1: config 0 descriptor??
[  709.873656][ T5893] usb 3-1: Quirk or no altset; falling back to MIDI 1.0
[  710.076160][ T5893] usb 3-1: USB disconnect, device number 25
[  710.777139][ T5921] usb 2-1: USB disconnect, device number 27
[  710.843642][T15983] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  710.871593][T15983] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  710.936805][T15989] xt_CT: You must specify a L4 protocol and not use inversions on it
[  710.946942][   T24] usb 3-1: new high-speed USB device number 26 using dummy_hcd
[  711.119174][   T24] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  711.208953][   T24] usb 3-1: New USB device found, idVendor=04d8, idProduct=0083, bcdDevice=83.9c
[  711.226399][   T24] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  711.234450][   T24] usb 3-1: Product: syz
[  711.246336][   T24] usb 3-1: Manufacturer: syz
[  711.250985][   T24] usb 3-1: SerialNumber: syz
[  711.268505][   T24] usb 3-1: config 0 descriptor??
[  711.283317][   T24] ims_pcu 3-1:0.0: Missing CDC union descriptor
[  711.306370][   T24] ims_pcu 3-1:0.0: probe with driver ims_pcu failed with error -22
[  711.488618][ T5958] usb 3-1: USB disconnect, device number 26
[  711.714526][T16005] netlink: 28 bytes leftover after parsing attributes in process `syz.1.2784'.
[  712.278620][T16028] pimreg: entered allmulticast mode
[  712.357423][T16032] program syz.1.2797 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  712.471655][T16036] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  712.533889][T16037] netlink: 28 bytes leftover after parsing attributes in process `syz.3.2798'.
[  712.896982][T16046] PKCS7: Unknown OID: [5] (bad)
[  712.902920][T16046] PKCS7: Only support pkcs7_signedData type
[  713.196633][   T24] usb 2-1: new high-speed USB device number 28 using dummy_hcd
[  713.376519][   T24] usb 2-1: Using ep0 maxpacket: 32
[  713.414985][   T24] usb 2-1: config 0 has an invalid interface number: 85 but max is 0
[  713.428211][   T24] usb 2-1: config 0 has no interface number 0
[  713.434453][   T24] usb 2-1: config 0 interface 85 altsetting 7 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  713.504734][   T24] usb 2-1: config 0 interface 85 has no altsetting 0
[  713.612324][   T24] usb 2-1: New USB device found, idVendor=05ac, idProduct=0219, bcdDevice=f0.72
[  713.621582][   T24] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  713.630000][   T24] usb 2-1: Product: syz
[  713.636516][   T24] usb 2-1: Manufacturer: syz
[  713.641154][   T24] usb 2-1: SerialNumber: syz
[  713.726996][   T24] usb 2-1: config 0 descriptor??
[  714.476704][ T5921] usb 3-1: new high-speed USB device number 27 using dummy_hcd
[  714.638669][ T5921] usb 3-1: Using ep0 maxpacket: 8
[  714.700706][ T5921] usb 3-1: New USB device found, idVendor=0c45, idProduct=613e, bcdDevice=c4.6d
[  714.710652][ T5921] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  714.720147][ T5921] usb 3-1: Product: syz
[  714.731751][ T5921] usb 3-1: Manufacturer: syz
[  714.753927][ T5921] usb 3-1: SerialNumber: syz
[  714.785918][ T5921] usb 3-1: config 0 descriptor??
[  714.847558][ T5921] gspca_main: sonixj-2.14.0 probing 0c45:613e
[  715.642736][T16071] netlink: 28 bytes leftover after parsing attributes in process `syz.3.2810'.
[  715.653476][ T5921] gspca_sonixj: reg_r err -32
[  715.658298][ T5921] sonixj 3-1:0.0: probe with driver sonixj failed with error -32
[  715.873405][T16076] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  715.896852][T16076] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  715.959077][T16076] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  716.009609][T16076] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  716.069218][T16076] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  716.077942][   T24] appletouch 2-1:0.85: Failed to request geyser raw mode
[  716.086940][T16076] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  716.088599][   T24] appletouch 2-1:0.85: probe with driver appletouch failed with error -5
[  716.132898][   T24] usb 2-1: USB disconnect, device number 28
[  716.238758][T16078] vlan3: entered allmulticast mode
[  716.254189][T16078] veth1: entered allmulticast mode
[  716.457078][   T51] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[  716.471494][   T51] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[  716.482292][   T51] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[  716.502620][   T51] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[  716.513831][   T51] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[  716.587840][ T3448] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  716.750996][T16091] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  716.763375][ T3448] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  716.765145][T16091] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  716.783439][T16081] kvm: user requested TSC rate below hardware speed
[  716.993097][ T3448] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  717.150525][ T3448] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  717.203558][ T5921] usb 3-1: USB disconnect, device number 27
[  717.681786][T16112] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2821'.
[  717.782610][T16116] netlink: 28 bytes leftover after parsing attributes in process `syz.2.2821'.
[  717.888802][T16084] chnl_net:caif_netlink_parms(): no params data found
[  718.244154][T16124] PKCS7: Unknown OID: [5] (bad)
[  718.249450][T16124] PKCS7: Only support pkcs7_signedData type
[  718.526632][ T5893] usb 3-1: new high-speed USB device number 28 using dummy_hcd
[  718.574295][   T51] Bluetooth: hci3: command tx timeout
[  718.756748][ T5893] usb 3-1: Using ep0 maxpacket: 32
[  718.781104][ T5893] usb 3-1: config 0 has an invalid interface number: 85 but max is 0
[  718.797317][ T5893] usb 3-1: config 0 has no interface number 0
[  718.891125][ T5893] usb 3-1: config 0 interface 85 altsetting 7 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  718.971765][ T5893] usb 3-1: config 0 interface 85 has no altsetting 0
[  719.132281][ T5893] usb 3-1: New USB device found, idVendor=05ac, idProduct=0219, bcdDevice=f0.72
[  719.202576][ T5893] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  719.274559][ T5893] usb 3-1: Product: syz
[  719.298222][ T5893] usb 3-1: Manufacturer: syz
[  719.325808][ T5893] usb 3-1: SerialNumber: syz
[  719.406009][ T5893] usb 3-1: config 0 descriptor??
[  720.103965][T16149] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2831'.
[  720.238551][T16154] netlink: 28 bytes leftover after parsing attributes in process `syz.1.2831'.
[  720.517061][ T3448] bond0 (unregistering): Released all slaves
[  720.650359][   T51] Bluetooth: hci3: command tx timeout
[  720.833726][ T3448] bond1 (unregistering): Released all slaves
[  721.154253][ T3448] bond2 (unregistering): Released all slaves
[  721.364026][ T3448] bond3 (unregistering): Released all slaves
[  721.538017][ T3448] tipc: Disabling bearer <udp:syz0>
[  721.605756][ T3448] tipc: Left network mode
[  721.636549][T16084] bridge0: port 1(bridge_slave_0) entered blocking state
[  721.643744][T16084] bridge0: port 1(bridge_slave_0) entered disabled state
[  721.728901][T16084] bridge_slave_0: entered allmulticast mode
[  721.762189][T16084] bridge_slave_0: entered promiscuous mode
[  721.780040][T16084] bridge0: port 2(bridge_slave_1) entered blocking state
[  721.787796][T16084] bridge0: port 2(bridge_slave_1) entered disabled state
[  721.795129][T16084] bridge_slave_1: entered allmulticast mode
[  721.802816][T16084] bridge_slave_1: entered promiscuous mode
[  721.854373][ T5893] appletouch 3-1:0.85: Failed to request geyser raw mode
[  721.867559][ T5893] appletouch 3-1:0.85: probe with driver appletouch failed with error -5
[  721.901852][ T5893] usb 3-1: USB disconnect, device number 28
[  722.379681][T16084] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  722.395299][T16084] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  722.726371][   T51] Bluetooth: hci3: command tx timeout
[  723.039309][T16084] team0: Port device team_slave_0 added
[  723.419696][T16084] team0: Port device team_slave_1 added
[  723.880488][ T5893] usb 3-1: new high-speed USB device number 29 using dummy_hcd
[  723.931621][T16084] batman_adv: batadv0: Adding interface: batadv_slave_0
[  723.946470][T16084] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  724.002570][T16084] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  724.034162][ T3448] hsr_slave_0: left promiscuous mode
[  724.040103][ T3448] hsr_slave_1: left promiscuous mode
[  724.078891][ T3448] veth1_macvtap: left promiscuous mode
[  724.084745][ T3448] veth0_macvtap: left promiscuous mode
[  724.091329][ T3448] veth0_vlan: left promiscuous mode
[  724.126387][ T5893] usb 3-1: Using ep0 maxpacket: 32
[  724.142644][ T5893] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  724.209845][ T5893] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  724.363085][ T5893] usb 3-1: New USB device found, idVendor=1e7d, idProduct=2d5a, bcdDevice= 0.00
[  724.432404][ T5893] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  724.472982][ T5893] usb 3-1: config 0 descriptor??
[  724.806455][   T51] Bluetooth: hci3: command tx timeout
[  725.149408][T16202] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  726.246668][T16223] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2845'.
[  726.353710][T16225] netlink: 28 bytes leftover after parsing attributes in process `syz.1.2845'.
[  726.639709][ T5893] usbhid 3-1:0.0: can't add hid device: -71
[  726.645762][ T5893] usbhid 3-1:0.0: probe with driver usbhid failed with error -71
[  726.684656][ T5893] usb 3-1: USB disconnect, device number 29
[  727.749577][T16234] netlink: 104 bytes leftover after parsing attributes in process `syz.2.2848'.
[  737.267280][ T5893] usb 4-1: USB disconnect, device number 94
[  737.350457][T10820] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1
[  737.360330][T10820] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9
[  737.370162][T10820] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9
[  737.378946][T10820] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4
[  737.390834][T10820] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2
[  739.446571][   T51] Bluetooth: hci5: command tx timeout
[  741.282204][T10820] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1
[  741.292714][T10820] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9
[  741.307709][T10820] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9
[  741.315756][T10820] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4
[  741.323800][T10820] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2
[  741.536566][   T51] Bluetooth: hci5: command tx timeout
[  742.280783][T10820] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1
[  742.290117][T10820] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9
[  742.300643][T10820] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9
[  742.311567][T10820] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4
[  742.322107][T10820] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2
[  743.307887][T10820] Bluetooth: hci8: unexpected cc 0x0c03 length: 249 > 1
[  743.320185][T10820] Bluetooth: hci8: unexpected cc 0x1003 length: 249 > 9
[  743.329723][T10820] Bluetooth: hci8: unexpected cc 0x1001 length: 249 > 9
[  743.339552][T10820] Bluetooth: hci8: unexpected cc 0x0c23 length: 249 > 4
[  743.347808][T10820] Bluetooth: hci8: unexpected cc 0x0c38 length: 249 > 2
[  743.370329][T10820] Bluetooth: hci6: command tx timeout
[  743.606533][T10820] Bluetooth: hci5: command tx timeout
[  744.406597][T10820] Bluetooth: hci7: command tx timeout
[  745.366481][T10820] Bluetooth: hci8: command tx timeout
[  745.446561][T10820] Bluetooth: hci6: command tx timeout
[  745.686410][T10820] Bluetooth: hci5: command tx timeout
[  746.486847][T10820] Bluetooth: hci7: command tx timeout
[  747.290600][ T1298] ieee802154 phy0 wpan0: encryption failed: -22
[  747.297148][ T1298] ieee802154 phy1 wpan1: encryption failed: -22
[  747.446500][T10820] Bluetooth: hci8: command tx timeout
[  747.526648][T10820] Bluetooth: hci6: command tx timeout
[  748.576612][T10820] Bluetooth: hci7: command tx timeout
[  749.536555][T10820] Bluetooth: hci8: command tx timeout
[  749.606508][T10820] Bluetooth: hci6: command tx timeout
[  750.646955][T10820] Bluetooth: hci7: command tx timeout
[  751.606390][T10820] Bluetooth: hci8: command tx timeout
[  776.321248][   T51] Bluetooth: hci9: unexpected cc 0x0c03 length: 249 > 1
[  776.331372][   T51] Bluetooth: hci9: unexpected cc 0x1003 length: 249 > 9
[  776.340338][   T51] Bluetooth: hci9: unexpected cc 0x1001 length: 249 > 9
[  776.351221][   T51] Bluetooth: hci9: unexpected cc 0x0c23 length: 249 > 4
[  776.363114][   T51] Bluetooth: hci9: unexpected cc 0x0c38 length: 249 > 2
[  778.406800][T10820] Bluetooth: hci9: command tx timeout
[  780.486718][T10820] Bluetooth: hci9: command tx timeout
[  782.566731][T10820] Bluetooth: hci9: command tx timeout
[  784.646457][T10820] Bluetooth: hci9: command tx timeout
[  797.352849][   T51] Bluetooth: hci10: unexpected cc 0x0c03 length: 249 > 1
[  797.364213][   T51] Bluetooth: hci10: unexpected cc 0x1003 length: 249 > 9
[  797.373471][   T51] Bluetooth: hci10: unexpected cc 0x1001 length: 249 > 9
[  797.383494][   T51] Bluetooth: hci10: unexpected cc 0x0c23 length: 249 > 4
[  797.391433][   T51] Bluetooth: hci10: unexpected cc 0x0c38 length: 249 > 2
[  799.446573][   T51] Bluetooth: hci10: command tx timeout
[  801.526629][   T51] Bluetooth: hci10: command tx timeout
[  801.843930][T10820] Bluetooth: hci11: unexpected cc 0x0c03 length: 249 > 1
[  801.858009][T10820] Bluetooth: hci11: unexpected cc 0x1003 length: 249 > 9
[  801.866828][T10820] Bluetooth: hci11: unexpected cc 0x1001 length: 249 > 9
[  801.881452][T10820] Bluetooth: hci11: unexpected cc 0x0c23 length: 249 > 4
[  801.892185][T10820] Bluetooth: hci11: unexpected cc 0x0c38 length: 249 > 2
[  802.843981][T10820] Bluetooth: hci12: unexpected cc 0x0c03 length: 249 > 1
[  802.856741][T10820] Bluetooth: hci12: unexpected cc 0x1003 length: 249 > 9
[  802.867221][T10820] Bluetooth: hci12: unexpected cc 0x1001 length: 249 > 9
[  802.879082][T10820] Bluetooth: hci12: unexpected cc 0x0c23 length: 249 > 4
[  802.892428][T10820] Bluetooth: hci12: unexpected cc 0x0c38 length: 249 > 2
[  803.348736][T10820] Bluetooth: hci13: unexpected cc 0x0c03 length: 249 > 1
[  803.359785][T10820] Bluetooth: hci13: unexpected cc 0x1003 length: 249 > 9
[  803.369079][T10820] Bluetooth: hci13: unexpected cc 0x1001 length: 249 > 9
[  803.383031][T10820] Bluetooth: hci13: unexpected cc 0x0c23 length: 249 > 4
[  803.392367][T10820] Bluetooth: hci13: unexpected cc 0x0c38 length: 249 > 2
[  803.606605][   T51] Bluetooth: hci10: command tx timeout
[  803.926617][   T51] Bluetooth: hci11: command tx timeout
[  804.966447][   T51] Bluetooth: hci12: command tx timeout
[  805.446732][   T51] Bluetooth: hci13: command tx timeout
[  805.686448][   T51] Bluetooth: hci10: command tx timeout
[  806.006426][   T51] Bluetooth: hci11: command tx timeout
[  807.046450][   T51] Bluetooth: hci12: command tx timeout
[  807.536362][   T51] Bluetooth: hci13: command tx timeout
[  808.096500][   T51] Bluetooth: hci11: command tx timeout
[  808.729713][ T1298] ieee802154 phy0 wpan0: encryption failed: -22
[  808.736041][ T1298] ieee802154 phy1 wpan1: encryption failed: -22
[  809.136387][   T51] Bluetooth: hci12: command tx timeout
[  809.606662][   T51] Bluetooth: hci13: command tx timeout
[  810.176512][   T51] Bluetooth: hci11: command tx timeout
[  811.206432][   T51] Bluetooth: hci12: command tx timeout
[  811.696432][   T51] Bluetooth: hci13: command tx timeout
[  836.407552][T10820] Bluetooth: hci14: unexpected cc 0x0c03 length: 249 > 1
[  836.423041][T10820] Bluetooth: hci14: unexpected cc 0x1003 length: 249 > 9
[  836.432501][T10820] Bluetooth: hci14: unexpected cc 0x1001 length: 249 > 9
[  836.446682][T10820] Bluetooth: hci14: unexpected cc 0x0c23 length: 249 > 4
[  836.454580][T10820] Bluetooth: hci14: unexpected cc 0x0c38 length: 249 > 2
[  838.486469][   T51] Bluetooth: hci14: command tx timeout
[  840.566474][T10820] Bluetooth: hci14: command tx timeout
[  841.536439][   T51] Bluetooth: hci3: command 0x0406 tx timeout
[  842.646491][   T51] Bluetooth: hci14: command tx timeout
[  844.726450][   T51] Bluetooth: hci14: command tx timeout
[  857.425445][T10820] Bluetooth: hci15: unexpected cc 0x0c03 length: 249 > 1
[  857.436832][T10820] Bluetooth: hci15: unexpected cc 0x1003 length: 249 > 9
[  857.445760][T10820] Bluetooth: hci15: unexpected cc 0x1001 length: 249 > 9
[  857.457762][T10820] Bluetooth: hci15: unexpected cc 0x0c23 length: 249 > 4
[  857.469685][T10820] Bluetooth: hci15: unexpected cc 0x0c38 length: 249 > 2
[  859.526500][T10820] Bluetooth: hci15: command tx timeout
[  861.616547][   T51] Bluetooth: hci15: command tx timeout
[  861.912494][T16252] Bluetooth: hci16: unexpected cc 0x0c03 length: 249 > 1
[  861.925597][T16252] Bluetooth: hci16: unexpected cc 0x1003 length: 249 > 9
[  861.935388][T16252] Bluetooth: hci16: unexpected cc 0x1001 length: 249 > 9
[  861.947416][T16252] Bluetooth: hci16: unexpected cc 0x0c23 length: 249 > 4
[  861.959732][T16252] Bluetooth: hci16: unexpected cc 0x0c38 length: 249 > 2
[  862.006525][T16252] Bluetooth: hci5: command 0x0406 tx timeout
[  862.957551][T16252] Bluetooth: hci17: unexpected cc 0x0c03 length: 249 > 1
[  862.969761][T16252] Bluetooth: hci17: unexpected cc 0x1003 length: 249 > 9
[  862.978585][T16252] Bluetooth: hci17: unexpected cc 0x1001 length: 249 > 9
[  862.992817][T16252] Bluetooth: hci17: unexpected cc 0x0c23 length: 249 > 4
[  863.002126][T16252] Bluetooth: hci17: unexpected cc 0x0c38 length: 249 > 2
[  863.687918][T16252] Bluetooth: hci15: command tx timeout
[  863.952384][T10820] Bluetooth: hci18: unexpected cc 0x0c03 length: 249 > 1
[  863.963834][T10820] Bluetooth: hci18: unexpected cc 0x1003 length: 249 > 9
[  863.972576][T10820] Bluetooth: hci18: unexpected cc 0x1001 length: 249 > 9
[  863.984373][T10820] Bluetooth: hci18: unexpected cc 0x0c23 length: 249 > 4
[  863.994072][T10820] Bluetooth: hci18: unexpected cc 0x0c38 length: 249 > 2
[  864.006596][T10820] Bluetooth: hci16: command tx timeout
[  865.046741][T10820] Bluetooth: hci17: command tx timeout
[  865.766619][T16296] Bluetooth: hci15: command tx timeout
[  866.086478][T16296] Bluetooth: hci16: command tx timeout
[  866.092073][T16296] Bluetooth: hci18: command tx timeout
[  867.126592][T16295] Bluetooth: hci6: command 0x0406 tx timeout
[  867.133373][T16295] Bluetooth: hci7: command 0x0406 tx timeout
[  867.133503][T16296] Bluetooth: hci8: command 0x0406 tx timeout
[  867.142225][T16295] Bluetooth: hci17: command tx timeout
[  868.166637][   T51] Bluetooth: hci18: command tx timeout
[  868.166683][T16297] Bluetooth: hci16: command tx timeout
[  869.216654][T16297] Bluetooth: hci17: command tx timeout
[  870.169972][ T1298] ieee802154 phy0 wpan0: encryption failed: -22
[  870.176884][ T1298] ieee802154 phy1 wpan1: encryption failed: -22
[  870.246516][T16297] Bluetooth: hci16: command tx timeout
[  870.256426][T16297] Bluetooth: hci18: command tx timeout
[  871.286695][T16297] Bluetooth: hci17: command tx timeout
[  872.326426][T16297] Bluetooth: hci18: command tx timeout
[  872.727129][   T31] INFO: task kworker/u8:11:3516 blocked for more than 143 seconds.
[  872.735114][   T31]       Not tainted 6.16.0-rc2-syzkaller-00318-g739a6c93cc75 #0
[  872.743110][   T31] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[  872.751873][   T31] task:kworker/u8:11   state:D stack:21160 pid:3516  tgid:3516  ppid:2      task_flags:0x4208060 flags:0x00004000
[  872.764054][   T31] Workqueue: events_unbound linkwatch_event
[  872.770115][   T31] Call Trace:
[  872.773411][   T31]  <TASK>
SYZFAIL: failed to recv rpc
fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor)
[  872.776515][   T31]  __schedule+0x16f5/0x4d00
[  872.781210][   T31]  ? schedule+0x165/0x360
[  872.785587][   T31]  ? __pfx___schedule+0x10/0x10
[  872.790818][   T31]  ? schedule+0x91/0x360
[  872.795105][   T31]  schedule+0x165/0x360
[  872.799843][   T31]  schedule_preempt_disabled+0x13/0x30
[  872.805350][   T31]  __mutex_lock+0x724/0xe80
[  872.810808][   T31]  ? __mutex_lock+0x51b/0xe80
[  872.815530][   T31]  ? linkwatch_event+0xe/0x60
[  872.850967][   T31]  ? __pfx___mutex_lock+0x10/0x10
[  872.856084][   T31]  ? _raw_spin_unlock_irq+0x23/0x50
[  872.886346][   T31]  ? process_scheduled_works+0x9ef/0x17b0
[  872.892155][   T31]  ? process_scheduled_works+0x9ef/0x17b0
[  872.900807][   T31]  linkwatch_event+0xe/0x60
[  872.905374][   T31]  process_scheduled_works+0xae1/0x17b0
[  872.911435][   T31]  ? __pfx_process_scheduled_works+0x10/0x10
[  872.919037][   T31]  worker_thread+0x8a0/0xda0
[  872.923699][   T31]  kthread+0x70e/0x8a0
[  872.930887][   T31]  ? __pfx_worker_thread+0x10/0x10
[  872.936057][   T31]  ? __pfx_kthread+0x10/0x10
[  872.941474][   T31]  ? _raw_spin_unlock_irq+0x23/0x50
[  872.949295][   T31]  ? lockdep_hardirqs_on+0x9c/0x150
[  872.954519][   T31]  ? __pfx_kthread+0x10/0x10
[  872.960455][   T31]  ret_from_fork+0x3f9/0x770
[  872.965087][   T31]  ? __pfx_ret_from_fork+0x10/0x10
[  872.972920][   T31]  ? __switch_to_asm+0x39/0x70
[  872.978841][   T31]  ? __switch_to_asm+0x33/0x70
[  872.983643][   T31]  ? __pfx_kthread+0x10/0x10
[  872.988503][   T31]  ret_from_fork_asm+0x1a/0x30
[  872.993320][   T31]  </TASK>
[  872.996561][   T31] INFO: task dhcpcd:5501 blocked for more than 143 seconds.
[  873.003872][   T31]       Not tainted 6.16.0-rc2-syzkaller-00318-g739a6c93cc75 #0
[  873.011625][   T31] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[  873.023753][   T31] task:dhcpcd          state:D stack:21384 pid:5501  tgid:5501  ppid:5500   task_flags:0x400140 flags:0x00004002
[  873.037365][   T31] Call Trace:
[  873.040683][   T31]  <TASK>
[  873.043632][   T31]  __schedule+0x16f5/0x4d00
[  873.048668][   T31]  ? __lock_acquire+0xa91/0xd20
[  873.053596][   T31]  ? schedule+0x165/0x360
[  873.058129][   T31]  ? __pfx___schedule+0x10/0x10
[  873.063018][   T31]  ? schedule+0x91/0x360
[  873.067559][   T31]  schedule+0x165/0x360
[  873.071745][   T31]  schedule_preempt_disabled+0x13/0x30
[  873.077355][   T31]  __mutex_lock+0x724/0xe80
[  873.081893][   T31]  ? __mutex_lock+0x51b/0xe80
[  873.087624][   T31]  ? rtnl_dumpit+0x92/0x200
[  873.092188][   T31]  ? __pfx___mutex_lock+0x10/0x10
[  873.097418][   T31]  ? __build_skb_around+0x257/0x3e0
[  873.102648][   T31]  ? __pfx_rtnl_dump_ifinfo+0x10/0x10
[  873.108100][   T31]  rtnl_dumpit+0x92/0x200
[  873.112453][   T31]  netlink_dump+0x62a/0xe20
[  873.117162][   T31]  ? __pfx_netlink_dump+0x10/0x10
[  873.122220][   T31]  ? kmem_cache_free+0x18f/0x400
[  873.127287][   T31]  netlink_recvmsg+0x676/0xa30
[  873.132097][   T31]  ? __pfx_netlink_recvmsg+0x10/0x10
[  873.137561][   T31]  ? netlink_rcv_skb+0x3fd/0x470
[  873.142526][   T31]  ? aa_sock_msg_perm+0x94/0x160
[  873.147605][   T31]  ? bpf_lsm_socket_recvmsg+0x9/0x20
[  873.152908][   T31]  ? security_socket_recvmsg+0x7e/0x2e0
[  873.158617][   T31]  ? __pfx_netlink_recvmsg+0x10/0x10
[  873.163921][   T31]  sock_recvmsg+0x22c/0x270
[  873.168552][   T31]  ____sys_recvmsg+0x1c9/0x460
[  873.173345][   T31]  ? __pfx_____sys_recvmsg+0x10/0x10
[  873.178924][   T31]  ? import_iovec+0x74/0xa0
[  873.183461][   T31]  ___sys_recvmsg+0x1b5/0x510
[  873.188235][   T31]  ? __pfx____sys_recvmsg+0x10/0x10
[  873.193526][   T31]  __x64_sys_recvmsg+0x198/0x260
[  873.198656][   T31]  ? __pfx___x64_sys_recvmsg+0x10/0x10
[  873.204155][   T31]  ? rcu_is_watching+0x15/0xb0
[  873.209099][   T31]  ? do_syscall_64+0xbe/0x3b0
[  873.213808][   T31]  do_syscall_64+0xfa/0x3b0
[  873.218488][   T31]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  873.224589][   T31]  ? asm_sysvec_apic_timer_interrupt+0x1a/0x20
[  873.230830][   T31]  ? clear_bhb_loop+0x60/0xb0
[  873.235537][   T31]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  873.241586][   T31] RIP: 0033:0x7f9532cb8407
[  873.246028][   T31] RSP: 002b:00007ffd29705dc0 EFLAGS: 00000202 ORIG_RAX: 000000000000002f
[  873.254793][   T31] RAX: ffffffffffffffda RBX: 00007f9532c2e740 RCX: 00007f9532cb8407
[  873.262929][   T31] RDX: 0000000000000000 RSI: 00007ffd29705e50 RDI: 0000000000000016
[  873.271123][   T31] RBP: 00007ffd29705e34 R08: 0000000000000000 R09: 0000000000000000
[  873.279591][   T31] R10: 0000000000000000 R11: 0000000000000202 R12: 00007ffd29726740
[  873.287978][   T31] R13: 00007ffd29705e40 R14: 00007ffd29705f30 R15: 00007ffd29716510
[  873.295983][   T31]  </TASK>
[  873.299458][   T31] INFO: task kworker/1:1:14614 blocked for more than 143 seconds.
[  873.307565][   T31]       Not tainted 6.16.0-rc2-syzkaller-00318-g739a6c93cc75 #0
[  873.315227][   T31] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[  873.324046][   T31] task:kworker/1:1     state:D stack:22664 pid:14614 tgid:14614 ppid:2      task_flags:0x4208060 flags:0x00004000
[  873.336161][   T31] Workqueue: events_power_efficient crda_timeout_work
[  873.343112][   T31] Call Trace:
[  873.346515][   T31]  <TASK>
[  873.349458][   T31]  __schedule+0x16f5/0x4d00
[  873.353976][   T31]  ? __pfx_do_raw_spin_lock+0x10/0x10
[  873.359505][   T31]  ? schedule+0x165/0x360
[  873.363880][   T31]  ? __pfx___schedule+0x10/0x10
[  873.369210][   T31]  ? schedule+0x91/0x360
[  873.373695][   T31]  schedule+0x165/0x360
[  873.378045][   T31]  schedule_preempt_disabled+0x13/0x30
[  873.383720][   T31]  __mutex_lock+0x724/0xe80
[  873.388358][   T31]  ? __mutex_lock+0x51b/0xe80
[  873.393079][   T31]  ? crda_timeout_work+0x15/0x50
[  873.398368][   T31]  ? __pfx___mutex_lock+0x10/0x10
[  873.403443][   T31]  ? _raw_spin_unlock_irq+0x23/0x50
[  873.408757][   T31]  ? process_scheduled_works+0x9ef/0x17b0
[  873.414517][   T31]  ? process_scheduled_works+0x9ef/0x17b0
[  873.420430][   T31]  crda_timeout_work+0x15/0x50
[  873.425229][   T31]  process_scheduled_works+0xae1/0x17b0
[  873.430944][   T31]  ? __pfx_process_scheduled_works+0x10/0x10
[  873.437138][   T31]  worker_thread+0x8a0/0xda0
[  873.441764][   T31]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  873.448270][   T31]  ? __kthread_parkme+0x7b/0x200
[  873.453248][   T31]  kthread+0x70e/0x8a0
[  873.457509][   T31]  ? __pfx_worker_thread+0x10/0x10
[  873.462663][   T31]  ? __pfx_kthread+0x10/0x10
[  873.467507][   T31]  ? _raw_spin_unlock_irq+0x23/0x50
[  873.472728][   T31]  ? lockdep_hardirqs_on+0x9c/0x150
[  873.478097][   T31]  ? __pfx_kthread+0x10/0x10
[  873.482710][   T31]  ret_from_fork+0x3f9/0x770
[  873.487396][   T31]  ? __pfx_ret_from_fork+0x10/0x10
[  873.492550][   T31]  ? __switch_to_asm+0x39/0x70
[  873.497468][   T31]  ? __switch_to_asm+0x33/0x70
[  873.502259][   T31]  ? __pfx_kthread+0x10/0x10
[  873.507150][   T31]  ret_from_fork_asm+0x1a/0x30
[  873.511953][   T31]  </TASK>
[  873.514997][   T31] INFO: task syz-executor:16084 blocked for more than 144 seconds.
[  873.523044][   T31]       Not tainted 6.16.0-rc2-syzkaller-00318-g739a6c93cc75 #0
[  873.530770][   T31] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[  873.539580][   T31] task:syz-executor    state:D stack:21864 pid:16084 tgid:16084 ppid:1      task_flags:0x400140 flags:0x00004004
[  873.551606][   T31] Call Trace:
[  873.554902][   T31]  <TASK>
[  873.557988][   T31]  __schedule+0x16f5/0x4d00
[  873.562540][   T31]  ? schedule+0x165/0x360
[  873.566932][   T31]  ? __pfx___schedule+0x10/0x10
[  873.571808][   T31]  ? schedule+0x91/0x360
[  873.576084][   T31]  schedule+0x165/0x360
[  873.580435][   T31]  schedule_preempt_disabled+0x13/0x30
[  873.585938][   T31]  __mutex_lock+0x724/0xe80
[  873.590525][   T31]  ? __mutex_lock+0x51b/0xe80
[  873.595217][   T31]  ? rtnl_newlink+0x8db/0x1c70
[  873.600152][   T31]  ? __pfx___mutex_lock+0x10/0x10
[  873.605236][   T31]  ? ns_capable+0x8a/0xf0
[  873.610004][   T31]  ? rtnl_link_get_net_capable+0x16a/0x350
[  873.615829][   T31]  rtnl_newlink+0x8db/0x1c70
[  873.620781][   T31]  ? __pfx_rtnl_newlink+0x10/0x10
[  873.625846][   T31]  ? __lock_acquire+0xab9/0xd20
[  873.630994][   T31]  ? __lock_acquire+0xab9/0xd20
[  873.635897][   T31]  ? is_bpf_text_address+0x26/0x2b0
[  873.641458][   T31]  ? is_bpf_text_address+0x292/0x2b0
[  873.647033][   T31]  ? is_bpf_text_address+0x26/0x2b0
[  873.652264][   T31]  ? kernel_text_address+0xa5/0xe0
[  873.657532][   T31]  ? __kernel_text_address+0xd/0x40
[  873.662902][   T31]  ? unwind_get_return_address+0x4d/0x90
[  873.668637][   T31]  ? __lock_acquire+0xab9/0xd20
[  873.673526][   T31]  ? __pfx_rtnl_newlink+0x10/0x10
[  873.678848][   T31]  rtnetlink_rcv_msg+0x7cc/0xb70
[  873.683827][   T31]  ? rtnetlink_rcv_msg+0x1ab/0xb70
[  873.689001][   T31]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  873.694624][   T31]  netlink_rcv_skb+0x208/0x470
[  873.699559][   T31]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  873.705057][   T31]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  873.710463][   T31]  ? netlink_deliver_tap+0x2e/0x1b0
[  873.715690][   T31]  ? netlink_deliver_tap+0x2e/0x1b0
[  873.721074][   T31]  netlink_unicast+0x75b/0x8d0
[  873.725871][   T31]  netlink_sendmsg+0x805/0xb30
[  873.730886][   T31]  ? __pfx_netlink_sendmsg+0x10/0x10
[  873.736205][   T31]  ? aa_sock_msg_perm+0x94/0x160
[  873.741312][   T31]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  873.746665][   T31]  ? __pfx_netlink_sendmsg+0x10/0x10
[  873.751973][   T31]  __sock_sendmsg+0x21c/0x270
[  873.756959][   T31]  __sys_sendto+0x3bd/0x520
[  873.761482][   T31]  ? __pfx___sys_sendto+0x10/0x10
[  873.766903][   T31]  ? fput_close_sync+0x119/0x200
[  873.771890][   T31]  ? __pfx_fput_close_sync+0x10/0x10
[  873.777703][   T31]  __x64_sys_sendto+0xde/0x100
[  873.782494][   T31]  do_syscall_64+0xfa/0x3b0
[  873.787080][   T31]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  873.793303][   T31]  ? asm_sysvec_reschedule_ipi+0x1a/0x20
[  873.799092][   T31]  ? clear_bhb_loop+0x60/0xb0
[  873.803906][   T31]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  873.809920][   T31] RIP: 0033:0x7fbdda9907bc
[  873.814355][   T31] RSP: 002b:00007fbddacdf630 EFLAGS: 00000293 ORIG_RAX: 000000000000002c
[  873.822943][   T31] RAX: ffffffffffffffda RBX: 00007fbddb6e4620 RCX: 00007fbdda9907bc
[  873.831002][   T31] RDX: 0000000000000028 RSI: 00007fbddb6e4670 RDI: 0000000000000003
[  873.839231][   T31] RBP: 0000000000000000 R08: 00007fbddacdf684 R09: 000000000000000c
[  873.847783][   T31] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000003
[  873.855774][   T31] R13: 0000000000000000 R14: 00007fbddb6e4670 R15: 0000000000000000
[  873.863908][   T31]  </TASK>
[  873.867009][   T31] INFO: task syz.3.2834:16168 blocked for more than 144 seconds.
[  873.874758][   T31]       Not tainted 6.16.0-rc2-syzkaller-00318-g739a6c93cc75 #0
[  873.885068][   T31] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[  873.894056][   T31] task:syz.3.2834      state:D stack:24504 pid:16168 tgid:16164 ppid:6189   task_flags:0x400140 flags:0x00004006
[  873.906687][   T31] Call Trace:
[  873.910016][   T31]  <TASK>
[  873.912976][   T31]  __schedule+0x16f5/0x4d00
[  873.917609][   T31]  ? schedule+0x165/0x360
[  873.922154][   T31]  ? __pfx___schedule+0x10/0x10
[  873.927355][   T31]  ? schedule+0x91/0x360
[  873.931626][   T31]  schedule+0x165/0x360
[  873.935800][   T31]  schedule_preempt_disabled+0x13/0x30
[  873.941656][   T31]  __mutex_lock+0x724/0xe80
[  873.946193][   T31]  ? __mutex_lock+0x51b/0xe80
[  873.951883][   T31]  ? fib_net_exit_batch+0x22/0xf0
[  873.957017][   T31]  ? __pfx___mutex_lock+0x10/0x10
[  873.962195][   T31]  ? __pfx_evict+0x10/0x10
[  873.966953][   T31]  ? _raw_spin_unlock+0x28/0x50
[  873.971837][   T31]  ? iput+0x6d8/0x9d0
[  873.975828][   T31]  fib_net_exit_batch+0x22/0xf0
[  873.981131][   T31]  ? __pfx_fib_net_exit_batch+0x10/0x10
[  873.987002][   T31]  ops_undo_list+0x522/0x990
[  873.991641][   T31]  ? __pfx_ops_undo_list+0x10/0x10
[  873.997108][   T31]  ? ops_init+0x469/0x5c0
[  874.001493][   T31]  setup_net+0x3e2/0x4b0
[  874.005756][   T31]  ? __pfx_setup_net+0x10/0x10
[  874.010729][   T31]  ? copy_net_ns+0x304/0x4d0
[  874.015354][   T31]  ? down_read_killable+0x1d1/0x350
[  874.020644][   T31]  copy_net_ns+0x31b/0x4d0
[  874.025092][   T31]  create_new_namespaces+0x3f3/0x720
[  874.030563][   T31]  ? security_capable+0x7e/0x2e0
[  874.035545][   T31]  ? copy_namespaces+0x5c/0x4b0
[  874.040726][   T31]  copy_namespaces+0x438/0x4b0
[  874.045526][   T31]  copy_process+0x1733/0x3c00
[  874.050542][   T31]  ? copy_process+0x97f/0x3c00
[  874.055339][   T31]  ? __pfx_copy_process+0x10/0x10
[  874.060675][   T31]  kernel_clone+0x21e/0x870
[  874.065221][   T31]  ? __pfx_futex_wake+0x10/0x10
[  874.070262][   T31]  ? __pfx_kernel_clone+0x10/0x10
[  874.075330][   T31]  ? do_futex+0x395/0x420
[  874.079746][   T31]  __x64_sys_clone+0x18b/0x1e0
[  874.084529][   T31]  ? count_memcg_event_mm+0x21/0x260
[  874.090250][   T31]  ? __pfx___x64_sys_clone+0x10/0x10
[  874.095578][   T31]  ? rcu_is_watching+0x15/0xb0
[  874.100452][   T31]  ? do_syscall_64+0xbe/0x3b0
[  874.105143][   T31]  do_syscall_64+0xfa/0x3b0
[  874.109788][   T31]  ? lockdep_hardirqs_on+0x9c/0x150
[  874.115031][   T31]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  874.121199][   T31]  ? clear_bhb_loop+0x60/0xb0
[  874.125909][   T31]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  874.131944][   T31] RIP: 0033:0x7fc232d8e929
[  874.136470][   T31] RSP: 002b:00007fc233c71fe8 EFLAGS: 00000206 ORIG_RAX: 0000000000000038
[  874.144913][   T31] RAX: ffffffffffffffda RBX: 00007fc232fb6160 RCX: 00007fc232d8e929
[  874.153095][   T31] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 00000000640c7000
[  874.161181][   T31] RBP: 00007fc232e10b39 R08: 0000000000000000 R09: 0000000000000000
[  874.169531][   T31] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[  874.177597][   T31] R13: 0000000000000000 R14: 00007fc232fb6160 R15: 00007fc2330dfa28
[  874.185610][   T31]  </TASK>
[  874.188832][   T31] INFO: task syz.0.2844:16219 blocked for more than 144 seconds.
[  874.196655][   T31]       Not tainted 6.16.0-rc2-syzkaller-00318-g739a6c93cc75 #0
[  874.204338][   T31] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[  874.213772][   T31] task:syz.0.2844      state:D stack:28328 pid:16219 tgid:16217 ppid:5842   task_flags:0x400040 flags:0x00004004
[  874.225842][   T31] Call Trace:
[  874.229266][   T31]  <TASK>
[  874.232213][   T31]  __schedule+0x16f5/0x4d00
[  874.236845][   T31]  ? schedule+0x165/0x360
[  874.241204][   T31]  ? __pfx___schedule+0x10/0x10
[  874.246062][   T31]  ? schedule+0x91/0x360
[  874.250432][   T31]  schedule+0x165/0x360
[  874.254613][   T31]  schedule_preempt_disabled+0x13/0x30
[  874.260261][   T31]  __mutex_lock+0x724/0xe80
[  874.264794][   T31]  ? __mutex_lock+0x51b/0xe80
[  874.269618][   T31]  ? __tun_chr_ioctl+0x37a/0x1df0
[  874.274681][   T31]  ? __pfx___mutex_lock+0x10/0x10
[  874.280031][   T31]  __tun_chr_ioctl+0x37a/0x1df0
[  874.284942][   T31]  ? __pfx___tun_chr_ioctl+0x10/0x10
[  874.290374][   T31]  ? __fget_files+0x2a/0x420
[  874.295013][   T31]  ? __fget_files+0x3a0/0x420
[  874.299881][   T31]  ? __fget_files+0x2a/0x420
[  874.304526][   T31]  ? bpf_lsm_file_ioctl+0x9/0x20
[  874.309696][   T31]  ? __pfx_tun_chr_ioctl+0x10/0x10
[  874.314857][   T31]  __se_sys_ioctl+0xfc/0x170
[  874.319841][   T31]  do_syscall_64+0xfa/0x3b0
[  874.324372][   T31]  ? lockdep_hardirqs_on+0x9c/0x150
[  874.329924][   T31]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  874.336035][   T31]  ? clear_bhb_loop+0x60/0xb0
[  874.340857][   T31]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  874.346901][   T31] RIP: 0033:0x7f2ea478e929
[  874.351346][   T31] RSP: 002b:00007f2ea5693038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  874.359889][   T31] RAX: ffffffffffffffda RBX: 00007f2ea49b5fa0 RCX: 00007f2ea478e929
[  874.367975][   T31] RDX: 0000200000000040 RSI: 00000000400454ca RDI: 0000000000000003
[  874.376147][   T31] RBP: 00007f2ea4810b39 R08: 0000000000000000 R09: 0000000000000000
[  874.384257][   T31] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  874.392499][   T31] R13: 0000000000000000 R14: 00007f2ea49b5fa0 R15: 00007f2ea4adfa28
[  874.400620][   T31]  </TASK>
[  874.403672][   T31] INFO: task syz.1.2845:16223 blocked for more than 145 seconds.
[  874.411652][   T31]       Not tainted 6.16.0-rc2-syzkaller-00318-g739a6c93cc75 #0
[  874.419387][   T31] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[  874.428195][   T31] task:syz.1.2845      state:D stack:25352 pid:16223 tgid:16222 ppid:10823  task_flags:0x400140 flags:0x00004004
[  874.440232][   T31] Call Trace:
[  874.443531][   T31]  <TASK>
[  874.446852][   T31]  __schedule+0x16f5/0x4d00
[  874.451413][   T31]  ? __lock_acquire+0xa91/0xd20
[  874.456770][   T31]  ? schedule+0x165/0x360
[  874.461155][   T31]  ? __pfx___schedule+0x10/0x10
[  874.466021][   T31]  ? schedule+0x91/0x360
[  874.470409][   T31]  schedule+0x165/0x360
[  874.474593][   T31]  schedule_preempt_disabled+0x13/0x30
[  874.480158][   T31]  __mutex_lock+0x724/0xe80
[  874.484693][   T31]  ? __mutex_lock+0x51b/0xe80
[  874.489534][   T31]  ? rtnl_newlink+0x8db/0x1c70
[  874.494335][   T31]  ? __pfx___mutex_lock+0x10/0x10
[  874.499639][   T31]  ? ns_capable+0x8a/0xf0
[  874.504023][   T31]  ? rtnl_link_get_net_capable+0x16a/0x350
[  874.510013][   T31]  rtnl_newlink+0x8db/0x1c70
[  874.514666][   T31]  ? __pfx_rtnl_newlink+0x10/0x10
[  874.519790][   T31]  ? finish_task_switch+0x266/0x950
[  874.525031][   T31]  ? __lock_acquire+0xab9/0xd20
[  874.530073][   T31]  ? __lock_acquire+0xab9/0xd20
[  874.535054][   T31]  ? is_bpf_text_address+0x26/0x2b0
[  874.540579][   T31]  ? is_bpf_text_address+0x292/0x2b0
[  874.545905][   T31]  ? is_bpf_text_address+0x26/0x2b0
[  874.551250][   T31]  ? kernel_text_address+0xa5/0xe0
[  874.556479][   T31]  ? __lock_acquire+0xab9/0xd20
[  874.561392][   T31]  ? __pfx_rtnl_newlink+0x10/0x10
[  874.566655][   T31]  rtnetlink_rcv_msg+0x7cc/0xb70
[  874.571651][   T31]  ? rtnetlink_rcv_msg+0x1ab/0xb70
[  874.576876][   T31]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  874.582463][   T31]  netlink_rcv_skb+0x208/0x470
[  874.587644][   T31]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  874.593132][   T31]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  874.598542][   T31]  ? netlink_deliver_tap+0x2e/0x1b0
[  874.603923][   T31]  ? netlink_deliver_tap+0x2e/0x1b0
[  874.609422][   T31]  netlink_unicast+0x75b/0x8d0
[  874.614401][   T31]  netlink_sendmsg+0x805/0xb30
[  874.619291][   T31]  ? __pfx_netlink_sendmsg+0x10/0x10
[  874.624605][   T31]  ? aa_sock_msg_perm+0x94/0x160
[  874.629695][   T31]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  874.635016][   T31]  ? __pfx_netlink_sendmsg+0x10/0x10
[  874.640387][   T31]  __sock_sendmsg+0x21c/0x270
[  874.645106][   T31]  ____sys_sendmsg+0x505/0x830
[  874.650273][   T31]  ? __pfx_____sys_sendmsg+0x10/0x10
[  874.655573][   T31]  ? import_iovec+0x74/0xa0
[  874.660180][   T31]  ___sys_sendmsg+0x21f/0x2a0
[  874.664893][   T31]  ? __pfx____sys_sendmsg+0x10/0x10
[  874.670289][   T31]  ? __fget_files+0x2a/0x420
[  874.674903][   T31]  ? __fget_files+0x3a0/0x420
[  874.679675][   T31]  __x64_sys_sendmsg+0x19b/0x260
[  874.684639][   T31]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  874.690263][   T31]  ? rcu_is_watching+0x15/0xb0
[  874.695064][   T31]  ? do_syscall_64+0xbe/0x3b0
[  874.699834][   T31]  do_syscall_64+0xfa/0x3b0
[  874.704384][   T31]  ? lockdep_hardirqs_on+0x9c/0x150
[  874.709762][   T31]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  874.715856][   T31]  ? clear_bhb_loop+0x60/0xb0
[  874.720933][   T31]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  874.727046][   T31] RIP: 0033:0x7f6bcd58e929
[  874.731483][   T31] RSP: 002b:00007f6bce4c9038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  874.739984][   T31] RAX: ffffffffffffffda RBX: 00007f6bcd7b5fa0 RCX: 00007f6bcd58e929
[  874.748109][   T31] RDX: 0000000000000000 RSI: 0000200000000080 RDI: 0000000000000006
[  874.756096][   T31] RBP: 00007f6bcd610b39 R08: 0000000000000000 R09: 0000000000000000
[  874.764165][   T31] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  874.772277][   T31] R13: 0000000000000000 R14: 00007f6bcd7b5fa0 R15: 00007f6bcd8dfa28
[  874.780362][   T31]  </TASK>
[  874.783404][   T31] INFO: task syz.1.2845:16224 blocked for more than 145 seconds.
[  874.791253][   T31]       Not tainted 6.16.0-rc2-syzkaller-00318-g739a6c93cc75 #0
[  874.798993][   T31] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[  874.807826][   T31] task:syz.1.2845      state:D stack:26328 pid:16224 tgid:16222 ppid:10823  task_flags:0x400140 flags:0x00004004
[  874.819857][   T31] Call Trace:
[  874.823159][   T31]  <TASK>
[  874.826106][   T31]  __schedule+0x16f5/0x4d00
[  874.830892][   T31]  ? __lock_acquire+0xa90/0xd20
[  874.835793][   T31]  ? schedule+0x165/0x360
[  874.840257][   T31]  ? __pfx___schedule+0x10/0x10
[  874.845164][   T31]  ? schedule+0x91/0x360
[  874.849584][   T31]  schedule+0x165/0x360
[  874.853774][   T31]  schedule_preempt_disabled+0x13/0x30
[  874.859341][   T31]  __mutex_lock+0x724/0xe80
[  874.863884][   T31]  ? __mutex_lock+0x51b/0xe80
[  874.868718][   T31]  ? rtnl_newlink+0x8db/0x1c70
[  874.873510][   T31]  ? __pfx___mutex_lock+0x10/0x10
[  874.878622][   T31]  ? ns_capable+0x8a/0xf0
[  874.882993][   T31]  ? rtnl_link_get_net_capable+0x16a/0x350
[  874.889374][   T31]  rtnl_newlink+0x8db/0x1c70
[  874.894024][   T31]  ? __pfx_rtnl_newlink+0x10/0x10
[  874.899164][   T31]  ? __lock_acquire+0xab9/0xd20
[  874.904063][   T31]  ? __lock_acquire+0xab9/0xd20
[  874.909072][   T31]  ? is_bpf_text_address+0x26/0x2b0
[  874.914316][   T31]  ? is_bpf_text_address+0x292/0x2b0
[  874.919703][   T31]  ? is_bpf_text_address+0x26/0x2b0
[  874.924958][   T31]  ? kernel_text_address+0xa5/0xe0
[  874.930240][   T31]  ? __lock_acquire+0xab9/0xd20
[  874.935162][   T31]  ? __pfx_rtnl_newlink+0x10/0x10
[  874.940435][   T31]  rtnetlink_rcv_msg+0x7cc/0xb70
[  874.945400][   T31]  ? rtnetlink_rcv_msg+0x1ab/0xb70
[  874.950654][   T31]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  874.956149][   T31]  netlink_rcv_skb+0x208/0x470
[  874.961045][   T31]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  874.966739][   T31]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  874.972071][   T31]  ? netlink_deliver_tap+0x2e/0x1b0
[  874.977379][   T31]  ? netlink_deliver_tap+0x2e/0x1b0
[  874.982610][   T31]  netlink_unicast+0x75b/0x8d0
[  874.987587][   T31]  netlink_sendmsg+0x805/0xb30
[  874.992416][   T31]  ? __pfx_netlink_sendmsg+0x10/0x10
[  874.997806][   T31]  ? aa_sock_msg_perm+0x94/0x160
[  875.002767][   T31]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  875.008199][   T31]  ? __pfx_netlink_sendmsg+0x10/0x10
[  875.013528][   T31]  __sock_sendmsg+0x21c/0x270
[  875.018352][   T31]  ____sys_sendmsg+0x505/0x830
[  875.023159][   T31]  ? __pfx_____sys_sendmsg+0x10/0x10
[  875.028614][   T31]  ? import_iovec+0x74/0xa0
[  875.033148][   T31]  ___sys_sendmsg+0x21f/0x2a0
[  875.037927][   T31]  ? __pfx____sys_sendmsg+0x10/0x10
[  875.043176][   T31]  ? __fget_files+0x2a/0x420
[  875.048046][   T31]  ? __fget_files+0x3a0/0x420
[  875.052758][   T31]  __x64_sys_sendmsg+0x19b/0x260
[  875.057797][   T31]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  875.063300][   T31]  ? rcu_is_watching+0x15/0xb0
[  875.068251][   T31]  ? do_syscall_64+0xbe/0x3b0
[  875.072966][   T31]  do_syscall_64+0xfa/0x3b0
[  875.077558][   T31]  ? lockdep_hardirqs_on+0x9c/0x150
[  875.082790][   T31]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  875.089060][   T31]  ? clear_bhb_loop+0x60/0xb0
[  875.093776][   T31]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  875.099769][   T31] RIP: 0033:0x7f6bcd58e929
[  875.104197][   T31] RSP: 002b:00007f6bce4a8038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  875.112763][   T31] RAX: ffffffffffffffda RBX: 00007f6bcd7b6080 RCX: 00007f6bcd58e929
[  875.120817][   T31] RDX: 0000000000000000 RSI: 00002000000000c0 RDI: 0000000000000009
[  875.129344][   T31] RBP: 00007f6bcd610b39 R08: 0000000000000000 R09: 0000000000000000
[  875.137460][   T31] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  875.145459][   T31] R13: 0000000000000000 R14: 00007f6bcd7b6080 R15: 00007f6bcd8dfa28
[  875.153600][   T31]  </TASK>
[  875.156851][   T31] INFO: task syz.1.2845:16225 blocked for more than 145 seconds.
[  875.164568][   T31]       Not tainted 6.16.0-rc2-syzkaller-00318-g739a6c93cc75 #0
[  875.172326][   T31] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[  875.181160][   T31] task:syz.1.2845      state:D stack:25352 pid:16225 tgid:16222 ppid:10823  task_flags:0x400140 flags:0x00004006
[  875.193217][   T31] Call Trace:
[  875.196555][   T31]  <TASK>
[  875.199518][   T31]  __schedule+0x16f5/0x4d00
[  875.204056][   T31]  ? __lock_acquire+0xa91/0xd20
[  875.209133][   T31]  ? schedule+0x165/0x360
[  875.213509][   T31]  ? __pfx___schedule+0x10/0x10
[  875.218466][   T31]  ? schedule+0x91/0x360
[  875.222751][   T31]  schedule+0x165/0x360
[  875.227067][   T31]  schedule_preempt_disabled+0x13/0x30
[  875.232564][   T31]  __mutex_lock+0x724/0xe80
[  875.237181][   T31]  ? __mutex_lock+0x51b/0xe80
[  875.241891][   T31]  ? rtnl_newlink+0x8db/0x1c70
[  875.246824][   T31]  ? __pfx___mutex_lock+0x10/0x10
[  875.251881][   T31]  ? ns_capable+0x8a/0xf0
[  875.256301][   T31]  ? rtnl_link_get_net_capable+0x16a/0x350
[  875.262142][   T31]  rtnl_newlink+0x8db/0x1c70
[  875.267103][   T31]  ? __lock_acquire+0xab9/0xd20
[  875.271987][   T31]  ? __pfx_rtnl_newlink+0x10/0x10
[  875.277089][   T31]  ? __lock_acquire+0xab9/0xd20
[  875.281979][   T31]  ? __lock_acquire+0xab9/0xd20
[  875.287052][   T31]  ? is_bpf_text_address+0x26/0x2b0
[  875.292297][   T31]  ? is_bpf_text_address+0x292/0x2b0
[  875.297722][   T31]  ? is_bpf_text_address+0x26/0x2b0
[  875.302975][   T31]  ? kernel_text_address+0xa5/0xe0
[  875.308243][   T31]  ? __lock_acquire+0xab9/0xd20
[  875.313133][   T31]  ? __pfx_rtnl_newlink+0x10/0x10
[  875.318277][   T31]  rtnetlink_rcv_msg+0x7cc/0xb70
[  875.323245][   T31]  ? rtnetlink_rcv_msg+0x1ab/0xb70
[  875.328488][   T31]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  875.333996][   T31]  netlink_rcv_skb+0x208/0x470
[  875.338843][   T31]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  875.344332][   T31]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  875.349805][   T31]  ? netlink_deliver_tap+0x2e/0x1b0
[  875.355037][   T31]  ? netlink_deliver_tap+0x2e/0x1b0
[  875.360338][   T31]  netlink_unicast+0x75b/0x8d0
[  875.365144][   T31]  netlink_sendmsg+0x805/0xb30
[  875.370090][   T31]  ? __pfx_netlink_sendmsg+0x10/0x10
[  875.375571][   T31]  ? aa_sock_msg_perm+0x94/0x160
[  875.380780][   T31]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  875.386104][   T31]  ? __pfx_netlink_sendmsg+0x10/0x10
[  875.391562][   T31]  __sock_sendmsg+0x21c/0x270
[  875.396334][   T31]  ____sys_sendmsg+0x505/0x830
[  875.401138][   T31]  ? __pfx_____sys_sendmsg+0x10/0x10
[  875.406587][   T31]  ? import_iovec+0x74/0xa0
[  875.411549][   T31]  ___sys_sendmsg+0x21f/0x2a0
[  875.416542][   T31]  ? __pfx____sys_sendmsg+0x10/0x10
[  875.421790][   T31]  ? __fget_files+0x2a/0x420
[  875.426703][   T31]  ? __fget_files+0x3a0/0x420
[  875.431437][   T31]  __x64_sys_sendmsg+0x19b/0x260
[  875.436513][   T31]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  875.442046][   T31]  ? rcu_is_watching+0x15/0xb0
[  875.447156][   T31]  ? do_syscall_64+0xbe/0x3b0
[  875.451859][   T31]  do_syscall_64+0xfa/0x3b0
[  875.456446][   T31]  ? lockdep_hardirqs_on+0x9c/0x150
[  875.461671][   T31]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  875.467878][   T31]  ? clear_bhb_loop+0x60/0xb0
[  875.472590][   T31]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  875.478587][   T31] RIP: 0033:0x7f6bcd58e929
[  875.483014][   T31] RSP: 002b:00007f6bce487038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  875.491707][   T31] RAX: ffffffffffffffda RBX: 00007f6bcd7b6160 RCX: 00007f6bcd58e929
[  875.499891][   T31] RDX: 0000000000000000 RSI: 0000200000000000 RDI: 0000000000000004
[  875.508032][   T31] RBP: 00007f6bcd610b39 R08: 0000000000000000 R09: 0000000000000000
[  875.516046][   T31] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  875.524144][   T31] R13: 0000000000000000 R14: 00007f6bcd7b6160 R15: 00007f6bcd8dfa28
[  875.532289][   T31]  </TASK>
[  875.535321][   T31] INFO: task syz.1.2845:16226 blocked for more than 146 seconds.
[  875.543113][   T31]       Not tainted 6.16.0-rc2-syzkaller-00318-g739a6c93cc75 #0
[  875.550862][   T31] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[  875.559654][   T31] task:syz.1.2845      state:D stack:27640 pid:16226 tgid:16222 ppid:10823  task_flags:0x400140 flags:0x00004004
[  875.571719][   T31] Call Trace:
[  875.575008][   T31]  <TASK>
[  875.578032][   T31]  __schedule+0x16f5/0x4d00
[  875.582583][   T31]  ? schedule+0x165/0x360
[  875.587090][   T31]  ? __pfx___schedule+0x10/0x10
[  875.591978][   T31]  ? schedule+0x91/0x360
[  875.596547][   T31]  schedule+0x165/0x360
[  875.600752][   T31]  schedule_preempt_disabled+0x13/0x30
[  875.606220][   T31]  __mutex_lock+0x724/0xe80
[  875.610902][   T31]  ? __mutex_lock+0x51b/0xe80
[  875.615594][   T31]  ? rtnetlink_rcv_msg+0x71c/0xb70
[  875.620784][   T31]  ? __pfx___mutex_lock+0x10/0x10
[  875.625856][   T31]  rtnetlink_rcv_msg+0x71c/0xb70
[  875.630965][   T31]  ? rtnetlink_rcv_msg+0x1ab/0xb70
[  875.636096][   T31]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  875.641687][   T31]  netlink_rcv_skb+0x208/0x470
[  875.646602][   T31]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  875.652094][   T31]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  875.657478][   T31]  ? netlink_deliver_tap+0x2e/0x1b0
[  875.662699][   T31]  ? netlink_deliver_tap+0x2e/0x1b0
[  875.668053][   T31]  netlink_unicast+0x75b/0x8d0
[  875.672846][   T31]  netlink_sendmsg+0x805/0xb30
[  875.677887][   T31]  ? __pfx_netlink_sendmsg+0x10/0x10
[  875.683223][   T31]  ? aa_sock_msg_perm+0x94/0x160
[  875.688846][   T31]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  875.694199][   T31]  ? __pfx_netlink_sendmsg+0x10/0x10
[  875.699812][   T31]  __sock_sendmsg+0x21c/0x270
[  875.704529][   T31]  ____sys_sendmsg+0x505/0x830
[  875.709590][   T31]  ? __pfx_____sys_sendmsg+0x10/0x10
[  875.714919][   T31]  ? import_iovec+0x74/0xa0
[  875.719547][   T31]  ___sys_sendmsg+0x21f/0x2a0
[  875.724254][   T31]  ? __pfx____sys_sendmsg+0x10/0x10
[  875.729638][   T31]  ? __fget_files+0x2a/0x420
[  875.734252][   T31]  ? __fget_files+0x3a0/0x420
[  875.739055][   T31]  __x64_sys_sendmsg+0x19b/0x260
[  875.744030][   T31]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  875.749658][   T31]  ? rcu_is_watching+0x15/0xb0
[  875.754461][   T31]  ? do_syscall_64+0xbe/0x3b0
[  875.759230][   T31]  do_syscall_64+0xfa/0x3b0
[  875.763749][   T31]  ? lockdep_hardirqs_on+0x9c/0x150
[  875.769122][   T31]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  875.775215][   T31]  ? clear_bhb_loop+0x60/0xb0
[  875.780019][   T31]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  875.785957][   T31] RIP: 0033:0x7f6bcd58e929
[  875.790565][   T31] RSP: 002b:00007f6bce466038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  875.799087][   T31] RAX: ffffffffffffffda RBX: 00007f6bcd7b6240 RCX: 00007f6bcd58e929
[  875.807213][   T31] RDX: 0000000000000000 RSI: 0000200000000300 RDI: 000000000000000b
[  875.815215][   T31] RBP: 00007f6bcd610b39 R08: 0000000000000000 R09: 0000000000000000
[  875.823482][   T31] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  875.831612][   T31] R13: 0000000000000000 R14: 00007f6bcd7b6240 R15: 00007f6bcd8dfa28
[  875.839685][   T31]  </TASK>
[  875.842712][   T31] Future hung task reports are suppressed, see sysctl kernel.hung_task_warnings
[  875.851848][   T31] INFO: task syz.2.2848:16233 blocked for more than 146 seconds.
[  875.859674][   T31]       Not tainted 6.16.0-rc2-syzkaller-00318-g739a6c93cc75 #0
[  875.867446][   T31] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[  875.876130][   T31] task:syz.2.2848      state:D stack:25800 pid:16233 tgid:16232 ppid:5846   task_flags:0x400140 flags:0x00004004
[  875.888232][   T31] Call Trace:
[  875.891553][   T31]  <TASK>
[  875.894496][   T31]  __schedule+0x16f5/0x4d00
[  875.899098][   T31]  ? futex_unqueue+0x22/0x240
[  875.903813][   T31]  ? __lock_acquire+0xa90/0xd20
[  875.908854][   T31]  ? schedule+0x165/0x360
[  875.913228][   T31]  ? __pfx___schedule+0x10/0x10
[  875.918168][   T31]  ? schedule+0x91/0x360
[  875.922451][   T31]  schedule+0x165/0x360
[  875.927106][   T31]  schedule_preempt_disabled+0x13/0x30
[  875.932604][   T31]  __mutex_lock+0x724/0xe80
[  875.937215][   T31]  ? __mutex_lock+0x51b/0xe80
[  875.941944][   T31]  ? xsk_bind+0x156/0xf90
[  875.946496][   T31]  ? __pfx___mutex_lock+0x10/0x10
[  875.951563][   T31]  ? __might_fault+0xb0/0x130
[  875.956340][   T31]  ? __pfx_aa_sk_perm+0x10/0x10
[  875.961209][   T31]  xsk_bind+0x156/0xf90
[  875.965367][   T31]  ? bpf_lsm_socket_bind+0x9/0x20
[  875.970582][   T31]  __sys_bind+0x2c6/0x3e0
[  875.974938][   T31]  ? __pfx___sys_bind+0x10/0x10
[  875.979966][   T31]  __x64_sys_bind+0x7a/0x90
[  875.984508][   T31]  do_syscall_64+0xfa/0x3b0
[  875.989176][   T31]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  875.995279][   T31]  ? asm_sysvec_apic_timer_interrupt+0x1a/0x20
[  876.001532][   T31]  ? clear_bhb_loop+0x60/0xb0
[  876.006444][   T31]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  876.012372][   T31] RIP: 0033:0x7f7a8538e929
[  876.016909][   T31] RSP: 002b:00007f7a862db038 EFLAGS: 00000246 ORIG_RAX: 0000000000000031
[  876.025365][   T31] RAX: ffffffffffffffda RBX: 00007f7a855b5fa0 RCX: 00007f7a8538e929
[  876.033495][   T31] RDX: 0000000000000010 RSI: 0000200000000100 RDI: 0000000000000003
[  876.041695][   T31] RBP: 00007f7a85410b39 R08: 0000000000000000 R09: 0000000000000000
[  876.049832][   T31] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  876.057907][   T31] R13: 0000000000000000 R14: 00007f7a855b5fa0 R15: 00007f7a856dfa28
[  876.065937][   T31]  </TASK>
[  876.069109][   T31] Future hung task reports are suppressed, see sysctl kernel.hung_task_warnings
[  876.078190][   T31] INFO: task syz.2.2848:16234 blocked for more than 146 seconds.
[  876.085950][   T31]       Not tainted 6.16.0-rc2-syzkaller-00318-g739a6c93cc75 #0
[  876.093731][   T31] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[  876.102525][   T31] task:syz.2.2848      state:D stack:26152 pid:16234 tgid:16232 ppid:5846   task_flags:0x400140 flags:0x00004004
[  876.114640][   T31] Call Trace:
[  876.117989][   T31]  <TASK>
[  876.120952][   T31]  __schedule+0x16f5/0x4d00
[  876.125479][   T31]  ? is_bpf_text_address+0x26/0x2b0
[  876.130860][   T31]  ? __lock_acquire+0xa91/0xd20
[  876.135747][   T31]  ? schedule+0x165/0x360
[  876.140145][   T31]  ? __pfx___schedule+0x10/0x10
[  876.145033][   T31]  ? schedule+0x91/0x360
[  876.149602][   T31]  schedule+0x165/0x360
[  876.153799][   T31]  schedule_preempt_disabled+0x13/0x30
[  876.159325][   T31]  __mutex_lock+0x724/0xe80
[  876.163845][   T31]  ? __mutex_lock+0x51b/0xe80
[  876.169006][   T31]  ? rtnl_dellink+0x331/0x710
[  876.173720][   T31]  ? __pfx___mutex_lock+0x10/0x10
[  876.178825][   T31]  ? dev_hard_start_xmit+0x2d7/0x830
[  876.184221][   T31]  ? netlink_deliver_tap+0x19c/0x1b0
[  876.189640][   T31]  ? netlink_unicast+0x72f/0x8d0
[  876.194616][   T31]  ? do_syscall_64+0xfa/0x3b0
[  876.199387][   T31]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  876.205489][   T31]  ? __nla_parse+0x40/0x60
[  876.210094][   T31]  rtnl_dellink+0x331/0x710
[  876.214633][   T31]  ? __pfx_rtnl_dellink+0x10/0x10
[  876.219850][   T31]  ? kasan_quarantine_put+0xdd/0x220
[  876.225174][   T31]  ? lockdep_hardirqs_on+0x9c/0x150
[  876.230607][   T31]  ? __pfx_rtnl_dellink+0x10/0x10
[  876.235651][   T31]  rtnetlink_rcv_msg+0x7cc/0xb70
[  876.240669][   T31]  ? rtnetlink_rcv_msg+0x1ab/0xb70
[  876.245798][   T31]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  876.251423][   T31]  ? ref_tracker_free+0x63a/0x7d0
[  876.256694][   T31]  ? __copy_skb_header+0xa7/0x550
[  876.261756][   T31]  ? __pfx_ref_tracker_free+0x10/0x10
[  876.267306][   T31]  ? __skb_clone+0x63/0x7a0
[  876.271853][   T31]  netlink_rcv_skb+0x208/0x470
[  876.276720][   T31]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  876.282202][   T31]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  876.287670][   T31]  ? netlink_deliver_tap+0x2e/0x1b0
[  876.292892][   T31]  ? netlink_deliver_tap+0x2e/0x1b0
[  876.298158][   T31]  netlink_unicast+0x75b/0x8d0
[  876.302963][   T31]  netlink_sendmsg+0x805/0xb30
[  876.307958][   T31]  ? __pfx_netlink_sendmsg+0x10/0x10
[  876.313274][   T31]  ? aa_sock_msg_perm+0x94/0x160
[  876.318308][   T31]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  876.323628][   T31]  ? __pfx_netlink_sendmsg+0x10/0x10
[  876.329093][   T31]  __sock_sendmsg+0x21c/0x270
[  876.333803][   T31]  ____sys_sendmsg+0x505/0x830
[  876.338674][   T31]  ? __pfx_____sys_sendmsg+0x10/0x10
[  876.344001][   T31]  ? import_iovec+0x74/0xa0
[  876.348709][   T31]  ___sys_sendmsg+0x21f/0x2a0
[  876.353413][   T31]  ? __pfx____sys_sendmsg+0x10/0x10
[  876.358716][   T31]  ? __fget_files+0x2a/0x420
[  876.363328][   T31]  ? __fget_files+0x3a0/0x420
[  876.368391][   T31]  __x64_sys_sendmsg+0x19b/0x260
[  876.373539][   T31]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  876.379115][   T31]  ? rcu_is_watching+0x15/0xb0
[  876.383925][   T31]  ? do_syscall_64+0xbe/0x3b0
[  876.388792][   T31]  do_syscall_64+0xfa/0x3b0
[  876.393322][   T31]  ? lockdep_hardirqs_on+0x9c/0x150
[  876.398629][   T31]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  876.404727][   T31]  ? clear_bhb_loop+0x60/0xb0
[  876.409561][   T31]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  876.415495][   T31] RIP: 0033:0x7f7a8538e929
[  876.419983][   T31] RSP: 002b:00007f7a862ba038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  876.428565][   T31] RAX: ffffffffffffffda RBX: 00007f7a855b6080 RCX: 00007f7a8538e929
[  876.436643][   T31] RDX: 0000000000000000 RSI: 0000200000000080 RDI: 0000000000000005
[  876.444655][   T31] RBP: 00007f7a85410b39 R08: 0000000000000000 R09: 0000000000000000
[  876.452802][   T31] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  876.460895][   T31] R13: 0000000000000000 R14: 00007f7a855b6080 R15: 00007f7a856dfa28
[  876.469052][   T31]  </TASK>
[  876.472098][   T31] Future hung task reports are suppressed, see sysctl kernel.hung_task_warnings
[  876.481412][   T31] 
[  876.481412][   T31] Showing all locks held in the system:
[  876.489513][   T31] 1 lock held by khungtaskd/31:
[  876.494389][   T31]  #0: ffffffff8e13eda0 (rcu_read_lock){....}-{1:3}, at: debug_show_all_locks+0x2e/0x180
[  876.504300][   T31] 3 locks held by kworker/u8:4/61:
[  876.509555][   T31]  #0: ffff88814c205148 ((wq_completion)ipv6_addrconf){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0
[  876.522795][   T31]  #1: ffffc9000212fbc0 ((work_completion)(&(&net->ipv6.addr_chk_work)->work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0
[  876.539586][   T31]  #2: ffffffff8f50fc48 (rtnl_mutex){+.+.}-{4:4}, at: addrconf_verify_work+0x19/0x30
[  876.549546][   T31] 5 locks held by kworker/u8:8/3448:
[  876.554837][   T31]  #0: ffff88801b2fe148 ((wq_completion)netns){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0
[  876.566937][   T31]  #1: ffffc9000c5d7bc0 (net_cleanup_work){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0
[  876.577825][   T31]  #2: ffffffff8f503050 (pernet_ops_rwsem){++++}-{4:4}, at: cleanup_net+0xf7/0x800
[  876.587490][   T31]  #3: ffffffff8f50fc48 (rtnl_mutex){+.+.}-{4:4}, at: default_device_exit_batch+0xdc/0x890
[  876.597718][   T31]  #4: ffff888029d8cd30 (&dev_instance_lock_key#14){+.+.}-{4:4}, at: napi_disable+0x4e/0x80
[  876.607992][   T31] 3 locks held by kworker/u8:11/3516:
[  876.613390][   T31]  #0: ffff88801a489148 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0
[  876.628807][   T31]  #1: ffffc9000c487bc0 ((linkwatch_work).work){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0
[  876.640023][   T31]  #2: ffffffff8f50fc48 (rtnl_mutex){+.+.}-{4:4}, at: linkwatch_event+0xe/0x60
[  876.652030][   T31] 2 locks held by dhcpcd/5501:
[  876.656945][   T31]  #0: ffff8880300446d0 (nlk_cb_mutex-ROUTE){+.+.}-{4:4}, at: netlink_dump+0xb8/0xe20
[  876.666764][   T31]  #1: ffffffff8f50fc48 (rtnl_mutex){+.+.}-{4:4}, at: rtnl_dumpit+0x92/0x200
[  876.675614][   T31] 2 locks held by getty/5600:
[  876.680489][   T31]  #0: ffff888030a970a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x25/0x70
[  876.690340][   T31]  #1: ffffc900036b42f0 (&ldata->atomic_read_lock){+.+.}-{4:4}, at: n_tty_read+0x43e/0x1400
[  876.700741][   T31] 3 locks held by kworker/1:3/5921:
[  876.705965][   T31]  #0: ffff88801a481d48 ((wq_completion)events_power_efficient){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0
[  876.718505][   T31]  #1: ffffc9000450fbc0 ((reg_check_chans).work){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0
[  876.729967][   T31]  #2: ffffffff8f50fc48 (rtnl_mutex){+.+.}-{4:4}, at: reg_check_chans_work+0x95/0xf00
[  876.739809][   T31] 3 locks held by kworker/1:1/14614:
[  876.745118][   T31]  #0: ffff88801a481d48 ((wq_completion)events_power_efficient){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0
[  876.757899][   T31]  #1: ffffc9000398fbc0 ((crda_timeout).work){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0
[  876.768971][   T31]  #2: ffffffff8f50fc48 (rtnl_mutex){+.+.}-{4:4}, at: crda_timeout_work+0x15/0x50
[  876.778420][   T31] 1 lock held by syz-executor/16084:
[  876.783715][   T31]  #0: ffffffff8f50fc48 (rtnl_mutex){+.+.}-{4:4}, at: rtnl_newlink+0x8db/0x1c70
[  876.792881][   T31] 2 locks held by syz.3.2834/16168:
[  876.798244][   T31]  #0: ffffffff8f503050 (pernet_ops_rwsem){++++}-{4:4}, at: copy_net_ns+0x304/0x4d0
[  876.808058][   T31]  #1: ffffffff8f50fc48 (rtnl_mutex){+.+.}-{4:4}, at: fib_net_exit_batch+0x22/0xf0
[  876.817536][   T31] 1 lock held by syz.0.2844/16219:
[  876.822667][   T31]  #0: ffffffff8f50fc48 (rtnl_mutex){+.+.}-{4:4}, at: __tun_chr_ioctl+0x37a/0x1df0
[  876.832471][   T31] 2 locks held by syz.1.2845/16223:
[  876.837861][   T31]  #0: ffffffff8fa13fc8 (&ops->srcu#2){.+.+}-{0:0}, at: rtnl_link_ops_get+0x23/0x250
[  876.847477][   T31]  #1: ffffffff8f50fc48 (rtnl_mutex){+.+.}-{4:4}, at: rtnl_newlink+0x8db/0x1c70
[  876.856725][   T31] 2 locks held by syz.1.2845/16224:
[  876.861946][   T31]  #0: ffffffff8fa2a9e0 (&ops->srcu#2){.+.+}-{0:0}, at: rtnl_link_ops_get+0x23/0x250
[  876.871535][   T31]  #1: ffffffff8f50fc48 (rtnl_mutex){+.+.}-{4:4}, at: rtnl_newlink+0x8db/0x1c70
[  876.880775][   T31] 1 lock held by syz.1.2845/16225:
[  876.885884][   T31]  #0: ffffffff8f50fc48 (rtnl_mutex){+.+.}-{4:4}, at: rtnl_newlink+0x8db/0x1c70
[  876.895100][   T31] 1 lock held by syz.1.2845/16226:
[  876.900439][   T31]  #0: ffffffff8f50fc48 (rtnl_mutex){+.+.}-{4:4}, at: rtnetlink_rcv_msg+0x71c/0xb70
[  876.910680][   T31] 1 lock held by syz.2.2848/16233:
[  876.915851][   T31]  #0: ffffffff8f50fc48 (rtnl_mutex){+.+.}-{4:4}, at: xsk_bind+0x156/0xf90
[  876.924974][   T31] 1 lock held by syz.2.2848/16234:
[  876.930238][   T31]  #0: ffffffff8f50fc48 (rtnl_mutex){+.+.}-{4:4}, at: rtnl_dellink+0x331/0x710
[  876.939442][   T31] 2 locks held by syz-executor/16242:
[  876.944840][   T31]  #0: ffffffff8f503050 (pernet_ops_rwsem){++++}-{4:4}, at: copy_net_ns+0x304/0x4d0
[  876.954363][   T31]  #1: ffffffff8f50fc48 (rtnl_mutex){+.+.}-{4:4}, at: register_netdevice_notifier_net+0x1a/0xa0
[  876.964994][   T31] 2 locks held by syz-executor/16246:
[  876.970583][   T31]  #0: ffffffff8f503050 (pernet_ops_rwsem){++++}-{4:4}, at: copy_net_ns+0x304/0x4d0
[  876.980151][   T31]  #1: ffffffff8f50fc48 (rtnl_mutex){+.+.}-{4:4}, at: register_netdevice_notifier_net+0x1a/0xa0
[  876.990697][   T31] 2 locks held by syz-executor/16249:
[  876.996108][   T31]  #0: ffffffff8f503050 (pernet_ops_rwsem){++++}-{4:4}, at: copy_net_ns+0x304/0x4d0
[  877.005749][   T31]  #1: ffffffff8f50fc48 (rtnl_mutex){+.+.}-{4:4}, at: register_netdevice_notifier_net+0x1a/0xa0
[  877.016423][   T31] 2 locks held by syz-executor/16253:
[  877.021829][   T31]  #0: ffffffff8f503050 (pernet_ops_rwsem){++++}-{4:4}, at: copy_net_ns+0x304/0x4d0
[  877.031518][   T31]  #1: ffffffff8f50fc48 (rtnl_mutex){+.+.}-{4:4}, at: register_netdevice_notifier_net+0x1a/0xa0
[  877.042167][   T31] 2 locks held by syz-executor/16258:
[  877.047634][   T31]  #0: ffffffff8f503050 (pernet_ops_rwsem){++++}-{4:4}, at: copy_net_ns+0x304/0x4d0
[  877.057382][   T31]  #1: ffffffff8f50fc48 (rtnl_mutex){+.+.}-{4:4}, at: register_netdevice_notifier_net+0x1a/0xa0
[  877.067976][   T31] 2 locks held by syz-executor/16262:
[  877.073365][   T31]  #0: ffffffff8f503050 (pernet_ops_rwsem){++++}-{4:4}, at: copy_net_ns+0x304/0x4d0
[  877.082973][   T31]  #1: ffffffff8f50fc48 (rtnl_mutex){+.+.}-{4:4}, at: register_netdevice_notifier_net+0x1a/0xa0
[  877.093590][   T31] 2 locks held by syz-executor/16266:
[  877.099173][   T31]  #0: ffffffff8f503050 (pernet_ops_rwsem){++++}-{4:4}, at: copy_net_ns+0x304/0x4d0
[  877.108743][   T31]  #1: ffffffff8f50fc48 (rtnl_mutex){+.+.}-{4:4}, at: register_netdevice_notifier_net+0x1a/0xa0
[  877.119396][   T31] 2 locks held by syz-executor/16269:
[  877.124770][   T31]  #0: ffffffff8f503050 (pernet_ops_rwsem){++++}-{4:4}, at: copy_net_ns+0x304/0x4d0
[  877.134360][   T31]  #1: ffffffff8f50fc48 (rtnl_mutex){+.+.}-{4:4}, at: register_netdevice_notifier_net+0x1a/0xa0
[  877.145114][   T31] 2 locks held by syz-executor/16273:
[  877.150566][   T31]  #0: ffffffff8f503050 (pernet_ops_rwsem){++++}-{4:4}, at: copy_net_ns+0x304/0x4d0
[  877.160121][   T31]  #1: ffffffff8f50fc48 (rtnl_mutex){+.+.}-{4:4}, at: register_netdevice_notifier_net+0x1a/0xa0
[  877.170720][   T31] 2 locks held by syz-executor/16277:
[  877.176114][   T31]  #0: ffffffff8f503050 (pernet_ops_rwsem){++++}-{4:4}, at: copy_net_ns+0x304/0x4d0
[  877.185740][   T31]  #1: ffffffff8f50fc48 (rtnl_mutex){+.+.}-{4:4}, at: register_netdevice_notifier_net+0x1a/0xa0
[  877.196422][   T31] 2 locks held by syz-executor/16282:
[  877.201831][   T31]  #0: ffffffff8f503050 (pernet_ops_rwsem){++++}-{4:4}, at: copy_net_ns+0x304/0x4d0
[  877.211830][   T31]  #1: ffffffff8f50fc48 (rtnl_mutex){+.+.}-{4:4}, at: register_netdevice_notifier_net+0x1a/0xa0
[  877.222486][   T31] 2 locks held by syz-executor/16287:
[  877.227946][   T31]  #0: ffffffff8f503050 (pernet_ops_rwsem){++++}-{4:4}, at: copy_net_ns+0x304/0x4d0
[  877.237541][   T31]  #1: ffffffff8f50fc48 (rtnl_mutex){+.+.}-{4:4}, at: register_netdevice_notifier_net+0x1a/0xa0
[  877.248304][   T31] 2 locks held by syz-executor/16291:
[  877.253701][   T31]  #0: ffffffff8f503050 (pernet_ops_rwsem){++++}-{4:4}, at: copy_net_ns+0x304/0x4d0
[  877.263248][   T31]  #1: ffffffff8f50fc48 (rtnl_mutex){+.+.}-{4:4}, at: register_netdevice_notifier_net+0x1a/0xa0
[  877.273798][   T31] 2 locks held by syz-executor/16294:
[  877.279315][   T31]  #0: ffffffff8f503050 (pernet_ops_rwsem){++++}-{4:4}, at: copy_net_ns+0x304/0x4d0
[  877.288820][   T31]  #1: ffffffff8f50fc48 (rtnl_mutex){+.+.}-{4:4}, at: register_netdevice_notifier_net+0x1a/0xa0
[  877.299473][   T31] 
[  877.301821][   T31] =============================================
[  877.301821][   T31] 
[  877.310336][   T31] NMI backtrace for cpu 0
[  877.310355][   T31] CPU: 0 UID: 0 PID: 31 Comm: khungtaskd Not tainted 6.16.0-rc2-syzkaller-00318-g739a6c93cc75 #0 PREEMPT(full) 
[  877.310373][   T31] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  877.310384][   T31] Call Trace:
[  877.310393][   T31]  <TASK>
[  877.310401][   T31]  dump_stack_lvl+0x189/0x250
[  877.310431][   T31]  ? __wake_up_klogd+0xd9/0x110
[  877.310452][   T31]  ? __pfx_dump_stack_lvl+0x10/0x10
[  877.310480][   T31]  ? __pfx__printk+0x10/0x10
[  877.310507][   T31]  nmi_cpu_backtrace+0x39e/0x3d0
[  877.310535][   T31]  ? __pfx_nmi_cpu_backtrace+0x10/0x10
[  877.310555][   T31]  ? _printk+0xcf/0x120
[  877.310579][   T31]  ? __pfx__printk+0x10/0x10
[  877.310602][   T31]  ? __pfx_nmi_raise_cpu_backtrace+0x10/0x10
[  877.310630][   T31]  nmi_trigger_cpumask_backtrace+0x17a/0x300
[  877.310656][   T31]  watchdog+0xfee/0x1030
[  877.310684][   T31]  ? watchdog+0x1de/0x1030
[  877.310717][   T31]  kthread+0x70e/0x8a0
[  877.310742][   T31]  ? __pfx_watchdog+0x10/0x10
[  877.310766][   T31]  ? __pfx_kthread+0x10/0x10
[  877.310791][   T31]  ? _raw_spin_unlock_irq+0x23/0x50
[  877.310826][   T31]  ? lockdep_hardirqs_on+0x9c/0x150
[  877.310852][   T31]  ? __pfx_kthread+0x10/0x10
[  877.310875][   T31]  ret_from_fork+0x3f9/0x770
[  877.310904][   T31]  ? __pfx_ret_from_fork+0x10/0x10
[  877.310935][   T31]  ? __switch_to_asm+0x39/0x70
[  877.310954][   T31]  ? __switch_to_asm+0x33/0x70
[  877.310972][   T31]  ? __pfx_kthread+0x10/0x10
[  877.310994][   T31]  ret_from_fork_asm+0x1a/0x30
[  877.311027][   T31]  </TASK>
[  877.311036][   T31] Sending NMI from CPU 0 to CPUs 1:
[  877.468660][    C1] NMI backtrace for cpu 1
[  877.468678][    C1] CPU: 1 UID: 0 PID: 3508 Comm: kworker/u8:10 Not tainted 6.16.0-rc2-syzkaller-00318-g739a6c93cc75 #0 PREEMPT(full) 
[  877.468700][    C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  877.468712][    C1] Workqueue: bat_events batadv_nc_worker
[  877.468741][    C1] RIP: 0010:debug_lockdep_rcu_enabled+0x23/0x40
[  877.468770][    C1] Code: 90 90 90 90 90 90 90 f3 0f 1e fa 31 c0 83 3d a7 aa 3a 04 00 74 1e 83 3d ca da 3a 04 00 74 15 65 48 8b 0c 25 08 f0 9c 92 31 c0 <83> b9 ec 0a 00 00 00 0f 94 c0 c3 cc cc cc cc cc cc cc cc cc cc cc
[  877.468785][    C1] RSP: 0018:ffffc9000c6e7a18 EFLAGS: 00000246
[  877.468799][    C1] RAX: 0000000000000000 RBX: ffff888076c50480 RCX: ffff8880310bda00
[  877.468813][    C1] RDX: 0000000000000000 RSI: ffffffff8db6ec2e RDI: ffffffff8be28ac0
[  877.468826][    C1] RBP: ffff888079ab9438 R08: 0000000000000000 R09: ffffffff8b342612
[  877.468839][    C1] R10: dffffc0000000000 R11: ffffffff8b342540 R12: dffffc0000000000
[  877.468852][    C1] R13: ffffffff8b342612 R14: ffff888058194d80 R15: 0000000000000287
[  877.468866][    C1] FS:  0000000000000000(0000) GS:ffff888125d51000(0000) knlGS:0000000000000000
[  877.468880][    C1] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  877.468893][    C1] CR2: 000055be38e79000 CR3: 000000000df38000 CR4: 00000000003526f0
[  877.468909][    C1] DR0: 0000000000000000 DR1: 0000000000005000 DR2: 00000000eeee0000
[  877.468921][    C1] DR3: 00000000eeee8000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[  877.468932][    C1] Call Trace:
[  877.468939][    C1]  <TASK>
[  877.468947][    C1]  batadv_nc_worker+0xf8/0x610
[  877.468972][    C1]  ? process_scheduled_works+0x9ef/0x17b0
[  877.469000][    C1]  process_scheduled_works+0xae1/0x17b0
[  877.469044][    C1]  ? __pfx_process_scheduled_works+0x10/0x10
[  877.469077][    C1]  worker_thread+0x8a0/0xda0
[  877.469104][    C1]  kthread+0x70e/0x8a0
[  877.469124][    C1]  ? __pfx_worker_thread+0x10/0x10
[  877.469149][    C1]  ? __pfx_kthread+0x10/0x10
[  877.469168][    C1]  ? _raw_spin_unlock_irq+0x23/0x50
[  877.469192][    C1]  ? lockdep_hardirqs_on+0x9c/0x150
[  877.469215][    C1]  ? __pfx_kthread+0x10/0x10
[  877.469233][    C1]  ret_from_fork+0x3f9/0x770
[  877.469259][    C1]  ? __pfx_ret_from_fork+0x10/0x10
[  877.469284][    C1]  ? __switch_to_asm+0x39/0x70
[  877.469303][    C1]  ? __switch_to_asm+0x33/0x70
[  877.469319][    C1]  ? __pfx_kthread+0x10/0x10
[  877.469338][    C1]  ret_from_fork_asm+0x1a/0x30
[  877.469363][    C1]  </TASK>
[  877.469846][   T31] Kernel panic - not syncing: hung_task: blocked tasks
[  877.712653][   T31] CPU: 0 UID: 0 PID: 31 Comm: khungtaskd Not tainted 6.16.0-rc2-syzkaller-00318-g739a6c93cc75 #0 PREEMPT(full) 
[  877.724458][   T31] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  877.734511][   T31] Call Trace:
[  877.737789][   T31]  <TASK>
[  877.740718][   T31]  dump_stack_lvl+0x99/0x250
[  877.745318][   T31]  ? __asan_memcpy+0x40/0x70
[  877.749916][   T31]  ? __pfx_dump_stack_lvl+0x10/0x10
[  877.755125][   T31]  ? __pfx__printk+0x10/0x10
[  877.759727][   T31]  panic+0x2db/0x790
[  877.763632][   T31]  ? __pfx_panic+0x10/0x10
[  877.768051][   T31]  ? nmi_backtrace_stall_check+0x433/0x440
[  877.773899][   T31]  ? preempt_schedule_thunk+0x16/0x30
[  877.779295][   T31]  ? nmi_trigger_cpumask_backtrace+0x2b6/0x300
[  877.785463][   T31]  watchdog+0x102d/0x1030
[  877.789803][   T31]  ? watchdog+0x1de/0x1030
[  877.794231][   T31]  kthread+0x70e/0x8a0
[  877.798308][   T31]  ? __pfx_watchdog+0x10/0x10
[  877.802986][   T31]  ? __pfx_kthread+0x10/0x10
[  877.807605][   T31]  ? _raw_spin_unlock_irq+0x23/0x50
[  877.812839][   T31]  ? lockdep_hardirqs_on+0x9c/0x150
[  877.818067][   T31]  ? __pfx_kthread+0x10/0x10
[  877.822665][   T31]  ret_from_fork+0x3f9/0x770
[  877.827268][   T31]  ? __pfx_ret_from_fork+0x10/0x10
[  877.832388][   T31]  ? __switch_to_asm+0x39/0x70
[  877.837166][   T31]  ? __switch_to_asm+0x33/0x70
[  877.841936][   T31]  ? __pfx_kthread+0x10/0x10
[  877.846529][   T31]  ret_from_fork_asm+0x1a/0x30
[  877.851308][   T31]  </TASK>
[  877.854604][   T31] Kernel Offset: disabled
[  877.858932][   T31] Rebooting in 86400 seconds..