last executing test programs:

4m12.285159981s ago: executing program 3 (id=1523):
openat$smackfs_netlabel(0xffffffffffffff9c, &(0x7f00000004c0), 0x2, 0x0)
bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100))
bpf$MAP_CREATE(0x0, &(0x7f00000023c0)=ANY=[@ANYBLOB="120000002400000008000000"], 0x48)
bpf$MAP_LOOKUP_ELEM(0x1, &(0x7f0000000040)={0xffffffffffffffff, 0x0, &(0x7f0000000280)=""/179}, 0x20)
ioctl$IOMMU_IOAS_ALLOC(0xffffffffffffffff, 0x3b81, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFNL_MSG_CTHELPER_NEW(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000040)={0x58, 0x0, 0x9, 0x101, 0x0, 0x0, {}, [@NFCTH_POLICY={0x10, 0x4, 0x0, 0x1, {0x8, 0x1, 0x1, 0x0, 0x3}}, @NFCTH_TUPLE={0xfffffffffffffdb8, 0x2, [@CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}, @CTA_TUPLE_IP={0x14, 0x2, 0x0, 0x1, @ipv4={{0x8, 0x1, @private}, {0x8, 0x2, @dev}}}]}, @NFCTH_PRIV_DATA_LEN={0x8}, @NFCTH_NAME={0x9, 0x1, 'syz1\x00'}]}, 0x58}}, 0x0) (fail_nth: 1)

4m11.59508187s ago: executing program 3 (id=1526):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r1 = socket(0x400000000010, 0x3, 0x0)
r2 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r3=>0x0})
sendmsg$nl_route_sched(r1, &(0x7f0000000bc0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r3, {0x0, 0xfff1}, {0xffff, 0xffff}, {0x0, 0x2}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8, 0x2, {0x0, 0x3}}}]}, 0x38}}, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000004400)=@newtfilter={0x8b0, 0x2c, 0xd27, 0x30bd29, 0x25dfdc00, {0x0, 0x0, 0x0, r3, {0x0, 0x4}, {}, {0x8}}, [@filter_kind_options=@f_matchall={{0xd}, {0x87c, 0x2, [@TCA_MATCHALL_ACT={0x878, 0x2, [@m_police={0x874, 0x1, 0x0, 0x0, {{0xb}, {0x848, 0x2, 0x0, 0x1, [[@TCA_POLICE_RATE={0x404, 0x2, [0x1ff, 0x3, 0x10000, 0x81, 0x7f, 0xfffffffb, 0x4, 0x2, 0xffffffc0, 0x5, 0x2234, 0x7f, 0x81b, 0x800, 0x8, 0x0, 0x3, 0x7ed53619, 0x1, 0x7, 0x9644, 0x4, 0x58b, 0x85a, 0x3ff, 0x46, 0x2, 0x1, 0x0, 0x80000000, 0x10001, 0x790, 0x9, 0xab2, 0xfffffff9, 0x1a77, 0x9, 0x3, 0x400, 0x63c, 0x4, 0xffffffff, 0x1, 0x5, 0x1, 0x5b1f, 0x7b0, 0x7, 0x100, 0x6, 0xd, 0xff, 0x3, 0x10000, 0x6, 0x6b7, 0x1ff, 0x80, 0x4, 0x7, 0x3, 0xa14, 0x3, 0x2, 0x80000000, 0x81, 0x7, 0x8, 0x5, 0x10001, 0xf7, 0x3, 0xfffffff9, 0x9, 0x4, 0x8, 0xfff, 0x3, 0x1, 0x6, 0x7, 0x0, 0x100, 0xc0000000, 0x6, 0x6, 0x6, 0x8, 0x80000001, 0x8, 0x1d24, 0x2, 0x9, 0x0, 0x7f, 0x7, 0x63c, 0xff, 0x24, 0x3, 0x7, 0x6, 0x7a, 0x8, 0x0, 0x7, 0x470, 0x7f, 0x6, 0x0, 0x1, 0x0, 0x4, 0x9, 0x61, 0x200, 0x6, 0x2, 0x2, 0x800, 0x10001, 0x8, 0x7, 0xf, 0xda56, 0x80000000, 0x80, 0x2f0cb955, 0x7, 0xfed, 0xf, 0x6ae, 0x2, 0x1, 0x9, 0x8001, 0x0, 0xec000, 0x0, 0x1, 0x2, 0xfffffffb, 0x7, 0x8, 0x4, 0x1, 0xffffcf1b, 0x282, 0x5517bc7b, 0x3, 0x4, 0xb6d, 0x5, 0x0, 0xac, 0x9, 0x6, 0x10, 0x9, 0x8, 0x80000001, 0x0, 0x74, 0x2, 0x7fffffff, 0xfffffff9, 0xa, 0x6, 0xffffffff, 0x8, 0x2, 0x7, 0x7f, 0x5, 0x3, 0xa, 0x1, 0x0, 0x9, 0x300, 0x5, 0x3, 0x0, 0xffffffff, 0xffb, 0xff, 0x5, 0x8, 0x3, 0x2, 0x5, 0xfca, 0x399d, 0x6, 0x8ab6, 0x18000, 0x2, 0xfffffff9, 0x2, 0x2, 0x528c, 0x5, 0x200, 0xac, 0xf, 0xd05, 0x9a2ce73, 0x4, 0x6, 0xe074, 0x6b10, 0x5, 0x1, 0x6, 0xb, 0xa26, 0xaf6, 0x0, 0xec, 0x8, 0xde16, 0xc418, 0xffffffff, 0xffffffff, 0x9, 0x400, 0x1, 0x5, 0x354d, 0x5, 0x2, 0x1, 0x7, 0x1, 0x177, 0x7, 0x3, 0x80, 0x5, 0x8, 0xfffffffb, 0x9, 0xe7b, 0x0, 0x7, 0x42bf, 0x10000, 0x9, 0x9, 0x6, 0x4b75, 0x80000001, 0x1000, 0x5915, 0x10001, 0x1]}], [@TCA_POLICE_PEAKRATE={0x404, 0x3, [0x1000, 0x4, 0xec2, 0x6, 0x8, 0x400, 0x5, 0x1, 0x7, 0x470, 0x487, 0x100, 0xa99, 0xffffff01, 0x5, 0x37f, 0x8, 0x6, 0x3, 0x3, 0x800, 0xd2f5, 0x40, 0x4, 0x4, 0x5, 0x7, 0xe, 0x2, 0x8, 0x101, 0xffffffff, 0x2, 0x10000, 0xa6, 0x3, 0x10000, 0x5, 0x4, 0x0, 0x3, 0x0, 0xd, 0x8000, 0x98, 0x8, 0x6, 0x9, 0x1000, 0xb3000, 0xf, 0x3, 0x9, 0xb4, 0x94d, 0x9, 0x8, 0x6, 0x100, 0xec0, 0xffff, 0x4, 0x2, 0x3ff, 0x3e, 0xb828, 0x0, 0x0, 0x365, 0x8, 0x8, 0xf, 0x1, 0xfffffffe, 0xfffffff6, 0x93, 0x7ff, 0x92, 0x0, 0x7, 0xfffffffc, 0x7ff, 0x9, 0x2, 0x0, 0x6, 0x8, 0x4, 0x3, 0x9, 0xc, 0x0, 0x3, 0x3, 0x400, 0x100000, 0x7f, 0x2, 0x8, 0x4, 0x7, 0x4, 0x6, 0xfffffffa, 0x101, 0xadd9, 0x1, 0x0, 0x7, 0x7fffffff, 0x2, 0x4, 0x0, 0x5, 0x4, 0x3, 0x8, 0x9, 0x6, 0x6, 0xe, 0xb, 0x3, 0x7f, 0xffff, 0x401, 0x1685, 0xa252, 0x2, 0x200, 0x3, 0x1, 0x400, 0xfffffffc, 0xfffffffc, 0x1000, 0x7ff, 0x1, 0x1f6, 0x751, 0x7, 0x40000000, 0x4, 0xffffdbb7, 0x50, 0xf, 0xf, 0xe, 0x3, 0x0, 0x81, 0xfff80000, 0x7a7, 0x1, 0x6, 0x3, 0x8, 0x7, 0x5, 0x2, 0x0, 0x4e9, 0x80, 0x3, 0x8, 0x5, 0x0, 0x5, 0x7fff, 0x7, 0x8, 0x6a4941c5, 0x2ea567b4, 0x8, 0x80000000, 0x6, 0x40, 0x2, 0xfff, 0x8, 0x3, 0x1, 0x1, 0x0, 0x0, 0xd3bed341, 0x691f, 0x0, 0x2, 0x9, 0x6, 0x0, 0x1ff, 0x3, 0x3, 0x6, 0x5fc8462f, 0x0, 0x7, 0xffff, 0xfffffffc, 0x5, 0x0, 0xb9a6, 0x522, 0x2, 0x2, 0x900, 0x8, 0xbb99, 0xb8000000, 0x8, 0x3, 0xc0a1, 0x5, 0x8, 0x7, 0x59, 0x9, 0x2, 0xa3, 0x5f502dc7, 0x7, 0x0, 0x4, 0x6, 0x80000001, 0x3, 0xffffff97, 0x2, 0xfff, 0x1, 0x40, 0x8, 0x3, 0x70c, 0x8, 0x1, 0xfffff339, 0x3, 0x8001, 0x1, 0x8001, 0x9, 0x8, 0xfffffffa, 0x8, 0x9, 0x3, 0xe, 0x10000, 0x9, 0x9, 0x7, 0xfffffff8]}, @TCA_POLICE_TBF={0x3c, 0x1, {0xfffffe00, 0x7, 0x5, 0x1, 0xdbec, {0x8, 0x0, 0xb55, 0x5, 0x7, 0x5}, {0x6, 0x0, 0xd, 0x5, 0x1, 0x5d17}, 0x2, 0x0, 0x6}}]]}, {0x4}, {0xc}, {0xc, 0x8, {0x0, 0x3}}}}]}]}}]}, 0x8b0}, 0x1, 0x0, 0x0, 0x10}, 0x0)

4m11.24862489s ago: executing program 3 (id=1531):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000600)={0x16, 0x3, &(0x7f0000000000)=ANY=[@ANYBLOB="dbaa00fea000000071104f000000000095"], &(0x7f0000000480)='syzkaller\x00', 0x5, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x790f}, 0x94)

4m11.137828822s ago: executing program 3 (id=1533):
r0 = openat$ttyS3(0xffffffffffffff9c, &(0x7f00000000c0), 0x121602, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xb, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000003c0)=0x14)
ioctl$TIOCVHANGUP(r0, 0x5437, 0x2)
openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)

4m11.025391871s ago: executing program 3 (id=1534):
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$netlink(0x10, 0x3, 0x0)
r2 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000000)={'bridge0\x00', <r3=>0x0})
sendmsg$nl_route(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000480)=ANY=[@ANYBLOB="6c0000001000010400d201000072f60000020000", @ANYRES32=r3, @ANYBLOB="0524060000000001300012800b0001006272696467650000200002800c002e00fffff6ffffffffff050007001f"], 0x6c}}, 0x0)
r4 = socket(0x200000000000011, 0x2, 0x0)
ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000000)={'bridge0\x00', <r5=>0x0})
sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=@newlink={0x3c, 0x10, 0x403, 0x0, 0x0, {0x0, 0x0, 0x74, r5}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @bridge={{0xb}, {0xc, 0x2, 0x0, 0x1, [@IFLA_BR_VLAN_FILTERING={0x5}]}}}]}, 0x3c}}, 0x0)

4m10.959841692s ago: executing program 3 (id=1535):
sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000240)={0x0, 0x50}}, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0)
sendmsg$IPSET_CMD_ADD(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000240)={0x0}, 0x1, 0x0, 0x0, 0x10000082}, 0x80)
r0 = socket$netlink(0x10, 0x3, 0xc)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000400)=ANY=[@ANYBLOB="540000000206010200000000000000000500000005000100060000000d000300686173683a6e6574000000000900020073797a31000000000c00078008000640000000400500050002000000050004"], 0x54}}, 0x0)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_ADD(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000280)={0x44, 0x9, 0x6, 0x201, 0x0, 0x0, {}, [@IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_DATA={0x1c, 0x7, 0x0, 0x1, [@IPSET_ATTR_IP={0xc, 0x1, 0x0, 0x1, @IPSET_ATTR_IPADDR_IPV4={0x8, 0x1, 0x1, 0x0, @broadcast}}, @IPSET_ATTR_IP_TO={0xc, 0x2, 0x0, 0x1, @IPSET_ATTR_IPADDR_IPV4={0x8, 0x1, 0x1, 0x0, @loopback}}]}]}, 0x44}, 0x1, 0x0, 0x0, 0x10040047}, 0x240008c4)
sendmsg$IPSET_CMD_ADD(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000040)={0x38, 0x9, 0x6, 0x201, 0x0, 0x0, {}, [@IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_DATA={0x10, 0x7, 0x0, 0x1, [@IPSET_ATTR_IP={0xc, 0x1, 0x0, 0x1, @IPSET_ATTR_IPADDR_IPV4={0x8, 0x1, 0x1, 0x0, @loopback}}]}]}, 0x38}, 0x1, 0x0, 0x0, 0x10048047}, 0x4000050)
sendmsg$IPSET_CMD_ADD(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000040)=ANY=[@ANYBLOB='8\x00\x00\x00\n'], 0x38}, 0x1, 0x0, 0x0, 0x10048047}, 0x4000050)
sendmmsg(r0, &(0x7f00000002c0), 0x40000000000009f, 0x0)

3m55.559040953s ago: executing program 32 (id=1535):
sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000240)={0x0, 0x50}}, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0)
sendmsg$IPSET_CMD_ADD(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000240)={0x0}, 0x1, 0x0, 0x0, 0x10000082}, 0x80)
r0 = socket$netlink(0x10, 0x3, 0xc)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000400)=ANY=[@ANYBLOB="540000000206010200000000000000000500000005000100060000000d000300686173683a6e6574000000000900020073797a31000000000c00078008000640000000400500050002000000050004"], 0x54}}, 0x0)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_ADD(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000280)={0x44, 0x9, 0x6, 0x201, 0x0, 0x0, {}, [@IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_DATA={0x1c, 0x7, 0x0, 0x1, [@IPSET_ATTR_IP={0xc, 0x1, 0x0, 0x1, @IPSET_ATTR_IPADDR_IPV4={0x8, 0x1, 0x1, 0x0, @broadcast}}, @IPSET_ATTR_IP_TO={0xc, 0x2, 0x0, 0x1, @IPSET_ATTR_IPADDR_IPV4={0x8, 0x1, 0x1, 0x0, @loopback}}]}]}, 0x44}, 0x1, 0x0, 0x0, 0x10040047}, 0x240008c4)
sendmsg$IPSET_CMD_ADD(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000040)={0x38, 0x9, 0x6, 0x201, 0x0, 0x0, {}, [@IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_DATA={0x10, 0x7, 0x0, 0x1, [@IPSET_ATTR_IP={0xc, 0x1, 0x0, 0x1, @IPSET_ATTR_IPADDR_IPV4={0x8, 0x1, 0x1, 0x0, @loopback}}]}]}, 0x38}, 0x1, 0x0, 0x0, 0x10048047}, 0x4000050)
sendmsg$IPSET_CMD_ADD(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000040)=ANY=[@ANYBLOB='8\x00\x00\x00\n'], 0x38}, 0x1, 0x0, 0x0, 0x10048047}, 0x4000050)
sendmmsg(r0, &(0x7f00000002c0), 0x40000000000009f, 0x0)

11.549622082s ago: executing program 5 (id=2396):
sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, 0x0}, 0x0)
setsockopt$EBT_SO_SET_ENTRIES(0xffffffffffffffff, 0x0, 0x80, &(0x7f00000001c0)=@nat={'nat\x00', 0x19, 0x0, 0x90, [0x80000100, 0x0, 0x0, 0x80000130, 0x80000160], 0x0, 0x0, 0x0}, 0x50)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000006680))
bpf$MAP_CREATE(0x0, 0x0, 0x50)
socket$inet6_icmp(0xa, 0x2, 0x3a)
arch_prctl$ARCH_GET_GS(0x1004, 0x0)
prlimit64(0x0, 0xe, 0x0, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000001a40)=""/102392, 0x18ff8)
socket(0x21, 0x3, 0x0)
epoll_create1(0x0)
memfd_create(0x0, 0x0)
r1 = fsopen(&(0x7f00000001c0)='proc\x00', 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r1, 0x6, 0x0, 0x0, 0x0)
r2 = fsmount(r1, 0x0, 0x0)
r3 = syz_open_dev$dri(&(0x7f0000000480), 0xf2ef, 0x0)
ioctl$DRM_IOCTL_MODE_CREATEPROPBLOB(r3, 0xc01064bd, &(0x7f00000000c0)={&(0x7f0000000100)="41c2b1af4b9e2afb08fbfa8795ae198eb98603501824b278e7af60824251a6b1334031aac5f7421d7ea02310f3f6dad9592da8773525688000a5f6a49c37b23832cc040c84e783080c453e1088ece52fc69e24c3e1ae2c1037d5ce4993609bee3f15bec55d55dc9e7628af08d52ef57f853e1e37981fbde83dcef7e62652a8134c50c7228bd9dd014e8fb12da0beba609df04014981d5b909c40d62f8520adf12fa8d1214304592069042f66a842d82d7d1066eb523222ddd454ffabbf8f42ff0ac2f20598b329547ab02665210da6927ec3b6dc80802b2349e5c1059214af03419fb04bbc4a0f147f8f170c960fd3cdae0e9ff5d5c8f431543fade614db2ed4297d74b4ccbe9a8cb22105ce48dbf2c00f8ad06f13416476", 0x118})
close(r3)
fchdir(r2)
open(0x0, 0x1e3042, 0x9c)
r4 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x0, 0x3a)
fcntl$setlease(r4, 0x400, 0x1)
link(&(0x7f00000001c0)='./file1\x00', &(0x7f0000000240)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00')
syz_emit_vhci(&(0x7f0000000000)=@HCI_VENDOR_PKT={0xff, 0x1}, 0x11)
r5 = socket$inet6_sctp(0xa, 0x1, 0x84)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r5, 0x84, 0x6f, &(0x7f0000000000)={<r6=>0x0, 0x1c, &(0x7f0000000080)=[@in6={0xa, 0x0, 0xc, @private2, 0xfffffffe}]}, &(0x7f0000000180)=0x10)
getsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r5, 0x84, 0x9, &(0x7f00000001c0)={r6, @in6={{0xa, 0x0, 0x0, @private2}}, 0x4, 0x0, 0x1000000, 0x0, 0x0, 0xfffffffc, 0xf7}, &(0x7f0000000040)=0x9c)

8.093269231s ago: executing program 1 (id=2402):
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0xb, &(0x7f0000000380)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020000000000000000000007b1a"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x24, '\x00', 0x0, 0x2}, 0x94)
timer_settime(0x0, 0x0, &(0x7f0000000640)={{}, {0x0, 0x989680}}, &(0x7f00000017c0))
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000080)={'ip6tnl0\x00'})
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0xfffffffffffffffe)
r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000040), 0x62181)
ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r0, 0xc08c5332, &(0x7f0000000180)={0x0, 0x0, 0x0, 'queue0\x00'})
ioctl$SIOCSIFHWADDR(0xffffffffffffffff, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @dev={'\xaa\xaa\xaa\xaa\xaa', 0x26}})
write$sndseq(r0, &(0x7f0000000000)=[{0x22, 0x0, 0x0, 0x0, @tick, {}, {}, @raw32={[0x0, 0x0, 0x95ffffff]}}], 0xffc8)

7.949461404s ago: executing program 1 (id=2403):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000006c0)={0x18, 0xb, &(0x7f0000000640)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020000000000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f00000004c0)='GPL\x00', 0x4, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000300)='rcu_utilization\x00', r0}, 0x10)
r1 = userfaultfd(0x80001)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000000140))
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000000080)={{&(0x7f00000e2000/0xc00000)=nil, 0xc00000}, 0x3})
syz_io_uring_setup(0x0, &(0x7f0000000000), &(0x7f0000c57000), 0x0)
r2 = syz_io_uring_setup(0x4169, &(0x7f0000000200)={0x0, 0x0, 0x10100}, &(0x7f0000000480), &(0x7f0000000000)=<r3=>0x0)
syz_io_uring_setup(0xa94, &(0x7f0000000080), &(0x7f0000000340)=<r4=>0x0, &(0x7f00000005c0))
syz_io_uring_submit(r4, r3, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x3, 0x0, 0x0, 0xfffffffffffffe54})
r5 = socket(0x200000000000011, 0x2, 0xd)
bind$packet(r5, &(0x7f0000000080)={0x11, 0x4, 0x0, 0x1, 0x0, 0x6, @multicast}, 0x14)
syz_emit_ethernet(0xfc0, &(0x7f0000002000)={@local, @remote, @void, {@llc_tr={0x11, {@llc={0xf4, 0xbc, 'h', "5214a12caf2d02eb9dbacd789cb2b1fb8261181fcd75d62e540ecc83639ceec2e9931374cbe4a7fbc13cec03ec1a7bef08bd36ade6b6c841f655cdee0ff65d0f3598e15667263408bd97d5e73ae91a1148eb4483587210791fa3cbb7656d3466bfba7b31c842f7a2627947208fb076501874eeb1f5ee82ae19f5ed2c4ab6478dbbbc8f7958dd5e4d400284340591209c7c93be2445a463103f618aafb20e3816094a07879d68ac06d4fb2a557ba667352827769895d80affce018787d01adc927c4366ec991fb8651f28901890034a09f163216ea5a5b898ac9c115c85d86bfa907e79eaa97c2e02fc603bf27504396907e17db361b5b0332d7dd51e0ce1b028abd244882408494f4a76b099c2e3d246f70873238e3b1fc595b57c87c7d4fc79d74e40fcd2bd6af0705a7ec131bf8e6da6f5e29ac83aff4825ce825614e5dc72fd0d52d14cd1132dd20b6c715ceeded4064a1185114dc971026d74bbc294a9c6487293097afac9988965f144c443cd013935ba1a98a1f383b4ae979d6def9d5b76a102b8610163b8c92374d438359b68bd5f2eb9cec738c9f53dc80ad50c79f7cef75901bc50ba687549f360bf29e98ad9289a5690d73be6dba5c6b899977d46f1c749d648f12c5945770b83dced9c1ba63215b9652894339175d3d9fc815923bafc10725cd1eef9b85ec2d297ca58d125940c6d5e3952a3376cc1b7ba442aaa9e95c93cd0e355036ad360ccb2ef2b4ffcdd12c041a232cf159e2b41061051204f0e54434788e9c347a01b70553cf384f6199b3ead31edbd9f763cab7bfc02c089493c107523378fdeeccfe88042d116eec30af3d1f5286b5c75bf9948f52aea65c4aa0d05da117e30e9a776c1b31438662cd0e6106e74902c286192607f50281da755e855e0b306b6954ca985ff3f9db4bfa0b284b7e8dea618ac4ee86f2943590e961184cb9544d1019eb695df02cff561cb2403f4ef1dc1e3127ab173cccada0b400059cef390a84454596298887a9e6023c5566810e795badf783fc4cb9f454f33a3563a247a58d835ab6e96c375d43516aad96a1d1ed5b778205617c0e12d5b420e74e1cfe0621b2c1caad50b40279f62c23d5e217952d2152e5f14dbe32304f25b31e68e824b590518da26c9b740779f6cd34ad2f3b4aac18915faf48b30922af8c3859de74e1df02654f72b04bde9842e857a5ca196c06a834a35f204436b992800b2a550172eba48be503f7a34dc7444d0e9ad5876395cca05fcd2d9cd1ca858ade56aee687a685e641ee9419978251619146f20acab78e672c0ff88c28342f7c669935bdbb36b7e9aba825716657a086d72a96a4a1c1223c8e2a873d263d586e7989db66633771cf4ab3d65543ffd85c59c9bf5c9deff6ff1038b0b2e4cf7c03245066b5d37bc98d94127836968c407dc8bd68d37b806ee7935cf8d6b12fe217fe5e315eccd1079dda7d12856764ea3cd9ecb5aba8ab683ad8111f11bcc661b5cd4dc676b1a1beb77504034299a1076381e83aa287e6ebf7d02bafd48b64b786955a3f6adb1bb33e6e6e9ed448e54fd8f8ede6e0ce22a5e858e4acf3c29aa3ce8c9a507402c8aa6532e8af56f17cc65daef82bbef426fc15910718e88891fbbccb9acf5f891a9b206f880c8f2695a56899aa30964a426e35a66df728ad6889b3a51a34d0d7c94f82943d6ed4bcd7713eceed5f0d09b4db374c5a5e81cc07280e37ff0da53f293d3d6dc1b0fa0a249e6f55b28cadec7c6d79b45d45b0caa27526678a2518b1587846e31a040cbcfff7b771b24ac830a85a50703848191ff7948d372d0a78ed66e9cce7b05c4ee363702156f03a5f8ff48c2edaa72ac349777a772c12e739f0fe4181b35fcaf523e91bc836cbc71224a925bb042ef86845c3e67b05c99db825e29dd5640788f325e6025e3877379ae26d2114aa6c81648879cc9de5e6f408a39ffd43490ce716e9fece89a0a43f7d9555be9bb2f11aefa6172fd4b6972ce14f45b49e723c7b20627f6f3069fad619fb91abeacfb84b15a1d611edc2782f12755cb7adb866b9c5b0f040d1597f23a0e78ffde2e1b481a58e4f677c6923eec1e8ae30b04b33fdac49104426990d76613b0bd98cfa8b6e82b48faf7cc5f49904447252af684866ed332c04167d5994ffd03fcfa456db963c40dc6c5e50b76ff60ef89205f895b9ae60c08e7bb7cdc1bc3a0fa367f77efd728c4bd1e9ab22669d96f1b3d6d2a0fc6eb321d3c440db6f8529e7ed51ba7412bfc49ffc4028ad71aa8dfe36c9cd7c658ef48631af286e9d194884ca31225cde3a2317fdf0bc69c5f46bfa0afb91ccf1e8d972b6a67a9b929cb40bcac564582e93dd5ba48bd7671ae12f540d239fc633a490bd8ab1cce139b4c83b3d84ca220106851a05f48aa955a125bed00a596e8c83fae1bf1acba958ed451b350092555a8c6064cedd7ba9e3267981f530db811b7312549d067494d2e2f8e4b3c1b7542c863e34dd1fc1585cff7bd62c4905071a852869f84916f69ae346a2a8091d5f611445ccdfb920b23a7cc92fc253e1b5a05303b21b3b3bbfb469aaea2fde60472785b598cec66ac56300e5674d0129a86907971aab27ac27c05309f47b68241861c70138583b5e75f420dda23ec07bce70cfafbc576df26375b252e84ea70205957586891368cc32e78a702241a1f17eabb19d934954f0e6b955f8e818d5a2bc804b6053f9d2b961d5839af58d7e253f4d428cf913eb479e894f9a550f0152982e89787728807b5aa95f975600a18c532536fc87783e7bc234481e56d38a76dac314fdc78f94f1cfb20c8d326e7e0d797c448b2eee7f71bb27887c281da821e670b19a422953ad91762228ad8325fe32748f059d65370aa762589127c0fbf1401ccc6b4a47bab1460900300e50606fd715221486ae2928545311fcb712a418635b3e926b2e745f2a81ad07ebaa6b026de3609609cf57d3d136ae0cbef4479c883b2d974687612c352c14c55ca3d3b09af594e3154ec584e365d450ad46859c120ac19c1c0ab825625974aae4fe474cbbb3f6361504cb369def119a139a4910fee1280d7f8cf47767745057acbeeb869f1b436d34183aae28e70f6b785747f237ef01d279493c88b949173dc11ecc8db827230fba2650ff1863e1d4519732fe6a9d484efa88249831b6a0321952655768c3ac87a46e0a30945c76184807c2c62c1d49903faac5d69c9c46dc895bbd7e659b016f1503f644d7563e6d66324d57ff38f9990b91ffd06048981771221a5a8dd417be1a5503641a334e2b751ee2c5ca537596d35419d31b7acca3e1e7ee3523d67d833f719319220d7a81cbbd61cf2ee421a5731990b030d0a27438f8094eb71d53878f9fae57b72872b77d55b12321af4b61b2ce7f77cf502ef422f1283b4c651e73a7474667e9cc046ecab35e8e6441699f04eb7f80a99ec488d724c3e189f68832a897392c47ba8e44c314e303e8661c7bb57f66a0a249c4a1aa38c31672f78ebe39e74b9ffe6b9bff7c7820d2233dbdbc1312f283d6a2e414260388a19a2c3aeb984f890b5187bf984aeef511e7a433f07177177c0617e76ba5c62cf2136e9a42b41af2546fdc369beb9aae45acef038897a57f40ee26ed946e07bea07d262571013a0db214a866eeeafb98f52d92c1df3dbf56c32626b08089f32c5c321edea48542c5c4fa93f6f4c19a09d4a5e570cfbc832f348f54362804f1bb9433ade9cf1aaa2438128961da3524e9496b7388addf4a50e460c7588117edc5884853b3c20febe6c3dae14ce616c7199b967af789922b9660e986d3f00935c5bc71c4d7735e6cbf40b757ab837d1ec15c1cb78ddeca19b36e586c8fdae8a6d57e098d4921ca7b045a1676aa61f82fd4e5113493aac8e20cadf9731670fdb3b4dc862963c2b0ee598072f83d07ae6f247792b229aa788cc6e08fa1df5c572675842d2b017818ac25305305836fb2edb854e12541138be0a3bb9d7709f7bab828667ccffebdbee89497b4d00b4f3b9106293dc575200935d24f78b4da7031405301b8da1a763d37efeb2f9c3ef8885cc948798baf0e5f4b296261416080407f087f6fb75485c3a2c7f68acdb1ac6a5249badd3d46f5510a8a9480ba90d30c5f8f672d8321a302e2ae7b27aee2dd9ffaa38febcdea872629bef24e97853eddf4fc3d72140e370b3534c87e64189fbd7af4e4a0937a4a8cff1ce02169dbd47b766d7879704f0d6e78716a86cb140d30a9d9f71d44ef0bf039f2c3aa457acd63106b114a3fa83ae20f49e66a0dd1e1344c42292dffb878ae207f032f4771042c6250be7e1af4d231a1a90eab0df6a2713a3a6dea49a6c6e78f5cd78a27b72d9886042b5c7fd37afac78092272976867fdb8a4b942a7c11d0a17c6b3a98f43152b442904568a11d6f823133c7285d256f26523aa5fcda9bfd54a3f60316f7d4cea55edcb703ce6329419f893ea7dd4c2afeb4b55e733fec2b42f3b61d68622fb418f2b6e102be582f6ecc9f4ce7998bdea544ad09ef525f6259a5c491d83f6cc0bc56d59eca626fd9fbfeb996459c46c8d7c9a212e2d3caba2a69c41cb49c2d81690f38929a5284f4b1273f79834400f964cfc8ebf22e1e47cf6cd221ef5c3beaf632224ad116eee7e6fdcda4f72b81947cbbf19c41b94a568870237d3e0deb16fa08c3fdf56316d56d71265acacafe12fdbe7d65fbf9ceebf51ff16b2ad8df5946b833eb337b6141fbd9635e2499af5d6d7b256fe01aac5d07758a153daa644a24b8106507fd2cf03a31ef63679092a0773bd5527f03299a2662b0e5a684a45bd4ba8f65b764e3481295070b9676bac286fa3ff208275a53ccfd3d0038af97f4436531755d30eec4cfdaa89628b79db0ba42307c6622b78e01ae45542757dacc21a70d7724659f875244d550c0d0b7c98a04c0614dd8b1aaf35e5ffaf6c5dcb5d15739597768a77d8210e481ce50f67fcb13ec75e98fb39f8f45a7ea1a66406078dbed4c1da520f0f63a848114bcec368e761de035683d08a6e94c653a35f98680ba2e15aa78b47f9b40fe9785ddbb561beea967684ff005f24d9290269f4674706627edb50958375d5fa6cc8f381989334dd588da3f6bab34bf83b8c8e1fccfb88eb555081afcab96fddf87f71edeb09c4dd6102d80ab5d7f3d5136d47bcd04f135a9f0474144cb43351dbedc5905de8632a4c90c8e5c7294fa2f2eb2b41f40c6a256afd5732221d46f146686cf1f638e9ef95bf16f1190313b15318a5a0a52034a87a92d738239cf45757da14cb6f12e6c5cfa41b052f43b4847fc58a59f5d1856cbd42fa0f2034a7c8cf7d842e0db7a96b5bc995393ea71483e5ce3ee151f728204ef2441bf226c2e928f739634e5b525d5dcae6d077aa6bacc5cb0818da89d6414e852953238f7507f81f1710ed15032dd00e96522dee95f6da323a35f1465447133c9ed44b12d21b725d43798bb4449522a0bc34117943f818618cb131fbb5588a69fb92752a8f2648ae45a76797bba1af70e4271752bca6b1d95e235c8b9503bdb83345608dea5882c01d28ebac36eaba5ea062d39db44a04897bbb24c86ca2dd8347dc0484c084843c862118cbbec0236ca71d029976e745210eb09342baef401492e6f4bc2209e8cd22cfa818dd8ad06bc471db8ac802b2c0255989bbbadc2146"}}}}}, 0x0)
io_uring_enter(r2, 0x48e9, 0x0, 0x0, 0x0, 0x0)
ioctl$UFFDIO_ZEROPAGE(r1, 0xc018aa06, &(0x7f0000000380)={{&(0x7f00007db000/0x2000)=nil, 0x2000}})
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xa, &(0x7f0000000080)={0x1, &(0x7f0000000000)=[{0x3, 0x7, 0x5, 0xfffffff0}]})
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000012c0)={<r6=>0xffffffffffffffff, <r7=>0xffffffffffffffff})
r8 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r9 = syz_genetlink_get_family_id$netlbl_cipso(&(0x7f0000000bc0), r8)
sendmsg$NLBL_CIPSOV4_C_ADD(r8, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000000500)=ANY=[@ANYBLOB="84010000", @ANYRES16=r9, @ANYBLOB="010000000000000000000100000004000480080002000100000008000100000000000400088058010c8054000b8008000900000003"], 0x184}, 0x1, 0x0, 0x0, 0x22000004}, 0x0)
ioctl$FS_IOC_FSGETXATTR(r7, 0x801c581f, &(0x7f0000000100)={0x7, 0x93, 0x5fe3, 0x29482a4d, 0x7f})
sendmsg$inet(r6, &(0x7f0000000740)={0x0, 0x0, &(0x7f0000000900)=[{&(0x7f00000013c0)="d080", 0xfdef}], 0x1, 0x0, 0x0, 0x800300}, 0x20000801)
recvmsg(r7, &(0x7f0000000000)={0x0, 0x300, 0x0, 0x0, 0x0, 0x0, 0x300}, 0x40002002)

6.703984593s ago: executing program 5 (id=2411):
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000e00), 0xffffffffffffffff)
sendmsg$NL802154_CMD_NEW_SEC_KEY(r0, &(0x7f00000010c0)={0x0, 0x0, &(0x7f0000001080)={&(0x7f00000001c0)=ANY=[@ANYBLOB="2c010000", @ANYRES16=r1, @ANYBLOB="01000000000000000000170020000c00060001000000010000000c01308014000400976f1044852bca665354bd217b6b9037200001800c0005000c0000020000020008000100030000000500d20003000000050002"], 0x12c}, 0x1, 0x0, 0x0, 0x24004821}, 0x0)
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="0600000004000000fd0f000002"], 0x50)
bpf$PROG_LOAD(0x5, &(0x7f00000006c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000004000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f9ffffffb703000000080000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94)
r3 = socket$inet6(0x10, 0x3, 0x0)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000240)={&(0x7f0000000380)='neigh_update\x00', r4}, 0x10)
sendto$inet6(r3, &(0x7f00000000c0)="900000001c001f4d154a817393278bff0a80a578020000000104740014000100ac1414bb0542d6401051a2d708f37ac8da1a297e0099c5ac0000c5b068d0bf46d323456536016466fcb78dcaaf6c3efed495a46215be0000760700c0c80cefd28581d158ba86c9d2896c6d3bca2d0000000b0015009e49a6560641263da4de1df32c1739d7fbee9aa241731ae9e0b390", 0x90, 0x0, 0x0, 0x56)
pselect6(0x40, &(0x7f0000000000)={0x6, 0x80, 0x6f04, 0xd, 0x3, 0x9, 0x81, 0x5}, &(0x7f0000000040)={0xffffffffffff7fff, 0x4, 0x1, 0x6, 0x7, 0x6, 0x5, 0x6db}, &(0x7f0000000080)={0x10, 0x3, 0x8, 0x1, 0x5, 0xffffffffffffff69, 0x3e, 0x3}, &(0x7f00000000c0)={0x0, 0x3938700}, &(0x7f0000000140)={&(0x7f0000000100)={[0x7]}, 0x8})

6.692925157s ago: executing program 1 (id=2413):
r0 = syz_usb_connect(0x0, 0x1cb, &(0x7f0000000000)=ANY=[@ANYBLOB="12010000122f0d4071040403dfe4000000010902b901010000003f0904"], 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ecm(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)
syz_open_dev$amidi(&(0x7f0000000240), 0x3e0, 0x123c80)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000012c0)={0x3, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="180000000000002000000000000000008500000061000000850000000500000095"], &(0x7f0000000200)='GPL\x00', 0x3}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000140)={r1, 0x27, 0x14, 0x0, &(0x7f0000000980)="f8ad48cc02cb29fcc8007f5b0800c22da2e6d3de", 0x0, 0x2, 0xf2ffffff, 0x0, 0x0, 0x0, 0x0}, 0x50)
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io$hid(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r0, &(0x7f0000000140)={0x14, &(0x7f0000000040)={0x40, 0x22, 0x84, {0x84, 0x7, "2abbd9d33e7c271afc4f2ac0d50e38fea6fde56c1735002f372c33c5ea5650219f8307d652180d451133ccb798dc2d7dd63f928a3edcfd662ae9aede6ff820ee31251b025d6a6506d6070d7320370f065919a82fc85fea7a9bb18cc6d1274ab0125b32a3e6f97e5f3834621b417812f7fb40fd328d96c46be3660f00d4c8ffaea60d"}}, &(0x7f0000000100)={0x0, 0x3, 0x1a, {0x1a}}}, &(0x7f0000000480)={0x44, &(0x7f0000000180)={0x40, 0x5, 0xbf, "96fbe7954cc75021a7cb158aec4671fe0ec4fd7b065b5043f794e093fb696b01f39da403aa7533a6bff91461145aa85aa6ca7a63afe4325471e52513275326ae2a987dffbb46feb718f3c1a08936d3547de76b037f554b1fa4172bc120f615771059df0da5bc886d9a6784e7a18346a33a0410c31a6925cdd2c8e975d1ba23a8e1c4e77865786f13bb5f52c7a42abd8970cfc256f5d8568c86deecdb3b5277512f50b4634a1f08660f86278abedad35d878e5f8f7e1a09347ad61c14d090ce"}, &(0x7f0000000280)={0x0, 0xa, 0x1, 0xe3}, &(0x7f00000002c0)={0x0, 0x8, 0x1, 0x1}, &(0x7f0000000300)={0x20, 0x80, 0x1c, {0xff, 0x200, 0x9, 0x3, 0x400, 0x2, 0x730a, 0x9, 0x5c, 0x2a, 0x4, 0xe14}}, &(0x7f0000000380)={0x20, 0x85, 0x4, 0x4}, &(0x7f00000003c0)={0x20, 0x83, 0x2}, &(0x7f0000000400)={0x20, 0x87, 0x2, 0x2}, &(0x7f0000000440)={0x20, 0x89, 0x2}})
r2 = openat$ppp(0xffffffffffffff9c, &(0x7f0000001740), 0x121c02, 0x0)
ioctl$PPPIOCSACTIVE(r2, 0x40107446, &(0x7f0000000000)={0x2, &(0x7f0000000080)=[{0x50, 0x1, 0x2, 0x6}, {0x6, 0x0, 0xff, 0x2}]})
write$ppp(r2, &(0x7f0000000200)="620f", 0x2)
syz_usb_control_io(r0, 0x0, &(0x7f0000000740)={0x84, &(0x7f0000000340)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})

6.425060535s ago: executing program 5 (id=2414):
r0 = syz_open_procfs$namespace(0x0, &(0x7f0000000100)='ns/mnt\x00')
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x2}, &(0x7f0000bbdffc)=<r1=>0x0)
timer_settime(r1, 0x1, &(0x7f0000000400)={{0x77359400}, {0x0, 0x3938700}}, &(0x7f0000000440))
r2 = socket(0x2a, 0x2, 0x0)
setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(0xffffffffffffffff, 0x84, 0x64, &(0x7f0000000000)=[@in6={0xa, 0x4e24, 0x1ff, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02', 0x8}, @in={0x2, 0x4e23, @rand_addr=0x64010102}, @in6={0xa, 0x4e23, 0x1, @private2={0xfc, 0x2, '\x00', 0x1}, 0x4}, @in={0x2, 0x4e23, @broadcast}, @in6={0xa, 0x4e1f, 0x40, @mcast1, 0x5}, @in6={0xa, 0x4e22, 0x7, @empty, 0x4}], 0x90)
sendmsg$TIPC_NL_LINK_GET(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000280)={0x0, 0x24}}, 0x0)
socket(0x2a, 0x2, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000380)=@newqdisc={0x2c, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_drr={0x8}]}, 0x2c}}, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000000)=@newtfilter={0x6c, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, {0xfffa}, {}, {0x1c, 0xfff9}}, [@filter_kind_options=@f_flower={{0xb}, {0x3c, 0x2, [@TCA_FLOWER_ACT={0x38, 0x3, [@m_connmark={0x34, 0x1, 0x0, 0x0, {{0xd}, {0x4}, {0x4}, {0xc, 0x7, {0x1, 0x1}}, {0xc, 0x8, {0x3, 0x3}}}}]}]}}]}, 0x6c}}, 0x24000000)
r3 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$DEVLINK_CMD_RATE_SET(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, 0x0}, 0x0)
sendmmsg(r3, &(0x7f00000002c0), 0x40000000000009f, 0x0)
getsockname$packet(r2, &(0x7f0000000200)={0x11, 0x0, <r4=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000001480)=0x14)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000040)=@newtfilter={0x34, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {0xfffa, 0xffe0}, {}, {0x1c, 0xfff9}}, [@filter_kind_options=@f_flower={{0xb}, {0x4}}]}, 0x34}, 0x1, 0x0, 0x0, 0x81}, 0x24004000)
r5 = socket$netlink(0x10, 0x3, 0x0)
sendmmsg(r5, &(0x7f00000002c0), 0x40000000000009f, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
connect$unix(0xffffffffffffffff, 0x0, 0x0)
futex(&(0x7f0000000140), 0x5, 0x0, 0x0, &(0x7f0000000000), 0x0)
ioctl$FIDEDUPERANGE(r0, 0xc0189436, &(0x7f00000001c0)=ANY=[@ANYBLOB="03000000000000001800000000002f1c1748"])

5.01589379s ago: executing program 0 (id=2416):
syz_open_dev$swradio(&(0x7f0000000080), 0x0, 0x2) (async)
r0 = syz_open_dev$swradio(&(0x7f0000000080), 0x0, 0x2)
r1 = socket$netlink(0x10, 0x3, 0xe)
setsockopt$SO_BINDTODEVICE_wg(r1, 0x1, 0x19, &(0x7f0000000000)='wg0\x00', 0x4) (async)
setsockopt$SO_BINDTODEVICE_wg(r1, 0x1, 0x19, &(0x7f0000000000)='wg0\x00', 0x4)
prctl$PR_MCE_KILL(0x35, 0x1, 0x8)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000100), r1) (async)
r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000100), r1)
sendmsg$NL80211_CMD_DEL_INTERFACE(r1, &(0x7f00000001c0)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x2000}, 0xc, &(0x7f0000000180)={&(0x7f0000000140)=ANY=[@ANYBLOB="7c246fdd", @ANYRES16=r2, @ANYBLOB="04002dbd7000ffdbdf25080000000c009900c0ffffff12000000"], 0x20}, 0x1, 0x0, 0x0, 0x40080}, 0x944)
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) (async)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
getpid() (async)
r3 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) (async)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
ptrace$setopts(0x4206, r3, 0xfffffffffffffffb, 0x100083) (async)
ptrace$setopts(0x4206, r3, 0xfffffffffffffffb, 0x100083)
sched_setscheduler(r3, 0x1, &(0x7f0000000200)=0x7) (async)
sched_setscheduler(r3, 0x1, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
ioprio_get$pid(0x3, r3)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000280)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
connect$unix(r4, &(0x7f0000000400)=@abs={0x0, 0x0, 0x4e24}, 0x6e)
ioctl$AUTOFS_IOC_FAIL(r4, 0x9361, 0x6) (async)
ioctl$AUTOFS_IOC_FAIL(r4, 0x9361, 0x6)
sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r6 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000ac0)=ANY=[@ANYRESOCT], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0xa, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r6}, 0x10)
poll(0x0, 0x0, 0x1d)
r7 = socket(0x10, 0x2, 0x0)
write(r7, &(0x7f0000000040)="1c0000001a009b8a140000003b9b301f00"/28, 0x1c)
getsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x5, 0x0, 0x0)
recvmmsg(r7, &(0x7f0000002ec0), 0x400000000000ec0, 0x2, &(0x7f00000001c0)={0x77359400})
prctl$PR_MCE_KILL(0x35, 0x1, 0x2)
ioctl$VIDIOC_ENUM_FMT(r0, 0xc0585611, &(0x7f00000000c0)={0x0, 0xb, 0x0, "3e58f67896b2f2098200902177392faff604cb7ef87e7610bc39ef64257f5d33"}) (async)
ioctl$VIDIOC_ENUM_FMT(r0, 0xc0585611, &(0x7f00000000c0)={0x0, 0xb, 0x0, "3e58f67896b2f2098200902177392faff604cb7ef87e7610bc39ef64257f5d33"})

4.893830947s ago: executing program 5 (id=2418):
write$FUSE_INIT(0xffffffffffffffff, &(0x7f00000002c0)={0x50, 0xfffffffffffffff5, 0x0, {0x7, 0x2b, 0x9, 0x203104, 0xc, 0x7, 0x401, 0x7, 0x0, 0x0, 0x80, 0x8}}, 0x50)
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x5, 0x0, 0x0, &(0x7f0000000140)='GPL\x00', 0x3, 0x0, 0x0, 0x0, 0xa, '\x00', 0x0, @fallback=0x11}, 0x94)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000100)={r0, 0xe0, &(0x7f00000007c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, 0x10)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
sendmmsg(0xffffffffffffffff, &(0x7f0000004c80)=[{{0x0, 0x0, &(0x7f0000000640)=[{&(0x7f0000000980)="7cfb74fafe0b9e8b30b676d3abdbc0549b80acb76934c3e8d06f4ac0f0d7dcef56f47a6add8f7718f363c0268e04d2ff1cf2c0cc0a5f74989ada9091559af4bc5ec45c82cfcc1cbeeac788f5", 0x4c}], 0x1}}], 0x1, 0x4)
r2 = socket$alg(0x26, 0x5, 0x0)
gettid()
bind$alg(r2, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-camellia-asm\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r2, 0x117, 0x1, &(0x7f0000000280)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18)
r3 = accept4(r2, 0x0, 0x0, 0x800)
openat$sndseq(0xffffffffffffff9c, &(0x7f00000006c0), 0x0)
recvmsg(r3, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x7ffff000}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2}, 0x0)
r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f00000013c0)={'wlan1\x00', <r5=>0x0})
sendmsg$NL80211_CMD_FRAME(r1, &(0x7f0000001380)={0x0, 0x0, &(0x7f0000001340)={&(0x7f0000000680)=ANY=[@ANYBLOB="f4060000", @ANYRES16=r4, @ANYBLOB="01000000000000e14f003b00000008000300", @ANYRES32=r5, @ANYBLOB="d506330080000000ffffffffffff080211000001"], 0x6f4}}, 0x0)

4.749300193s ago: executing program 0 (id=2419):
r0 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$netlink(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f00000000c0)={0x30, 0x10, 0x1, 0x0, 0x25dfdbfe, "", [@typed={0x7, 0x0, 0x0, 0x0, @str='\x13\x00\x00'}, @nested={0x4, 0xca}, @nested={0x10, 0xd0, 0x0, 0x1, [@typed={0x8, 0x2, 0x0, 0x0, @u32=0x1}, @generic="3cac7ecd"]}, @nested={0x4, 0x37}]}, 0x30}], 0x1}, 0x0)

4.622156282s ago: executing program 5 (id=2422):
sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, 0x0}, 0x0)
setsockopt$EBT_SO_SET_ENTRIES(0xffffffffffffffff, 0x0, 0x80, &(0x7f00000001c0)=@nat={'nat\x00', 0x19, 0x0, 0x90, [0x80000100, 0x0, 0x0, 0x80000130, 0x80000160], 0x0, 0x0, 0x0}, 0x50)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000006680))
bpf$MAP_CREATE(0x0, 0x0, 0x50)
socket$inet6_icmp(0xa, 0x2, 0x3a)
arch_prctl$ARCH_GET_GS(0x1004, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000001a40)=""/102392, 0x18ff8)
socket(0x21, 0x3, 0x0)
epoll_create1(0x0)
memfd_create(0x0, 0x0)
r1 = fsopen(&(0x7f00000001c0)='proc\x00', 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r1, 0x6, 0x0, 0x0, 0x0)
r2 = fsmount(r1, 0x0, 0x0)
r3 = syz_open_dev$dri(&(0x7f0000000480), 0xf2ef, 0x0)
ioctl$DRM_IOCTL_MODE_CREATEPROPBLOB(r3, 0xc01064bd, &(0x7f00000000c0)={&(0x7f0000000100)="41c2b1af4b9e2afb08fbfa8795ae198eb98603501824b278e7af60824251a6b1334031aac5f7421d7ea02310f3f6dad9592da8773525688000a5f6a49c37b23832cc040c84e783080c453e1088ece52fc69e24c3e1ae2c1037d5ce4993609bee3f15bec55d55dc9e7628af08d52ef57f853e1e37981fbde83dcef7e62652a8134c50c7228bd9dd014e8fb12da0beba609df04014981d5b909c40d62f8520adf12fa8d1214304592069042f66a842d82d7d1066eb523222ddd454ffabbf8f42ff0ac2f20598b329547ab02665210da6927ec3b6dc80802b2349e5c1059214af03419fb04bbc4a0f147f8f170c960fd3cdae0e9ff5d5c8f431543fade614db2ed4297d74b4ccbe9a8cb22105ce48dbf2c00f8ad06f13416476", 0x118})
close(r3)
fchdir(r2)
open(0x0, 0x1e3042, 0x9c)
r4 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x0, 0x3a)
fcntl$setlease(r4, 0x400, 0x1)
link(&(0x7f00000001c0)='./file1\x00', &(0x7f0000000240)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00')
syz_emit_vhci(&(0x7f0000000000)=@HCI_VENDOR_PKT={0xff, 0x1}, 0x11)
r5 = socket$inet6_sctp(0xa, 0x1, 0x84)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r5, 0x84, 0x6f, &(0x7f0000000000)={<r6=>0x0, 0x1c, &(0x7f0000000080)=[@in6={0xa, 0x0, 0xc, @private2, 0xfffffffe}]}, &(0x7f0000000180)=0x10)
getsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r5, 0x84, 0x9, &(0x7f00000001c0)={r6, @in6={{0xa, 0x0, 0x0, @private2}}, 0x4, 0x0, 0x1000000, 0x0, 0x0, 0xfffffffc, 0xf7}, &(0x7f0000000040)=0x9c)

4.536804267s ago: executing program 0 (id=2424):
r0 = ioctl$KVM_GET_STATS_FD_cpu(0xffffffffffffffff, 0xaece)
ioctl$ifreq_SIOCGIFINDEX_wireguard(0xffffffffffffffff, 0x8933, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000140)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x20000}, 0xc, &(0x7f00000000c0)={&(0x7f0000000080)=ANY=[@ANYBLOB="2c0000005200000125bd7000fddbdf251c0800060007faffffe50158f4", @ANYRES32=0x0, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB='\x00\x00\x00'], 0x2c}, 0x1, 0x0, 0x0, 0x4000}, 0x0)
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r1, &(0x7f0000000080)={0x2, 0x4e21, @multicast1}, 0x10)
connect$inet(r1, &(0x7f0000000180)={0x2, 0x4e21, @empty}, 0x10)
setsockopt$inet_tcp_TCP_CONGESTION(r1, 0x6, 0xd, 0x0, 0x0)
sendto$inet(r1, &(0x7f0000000000), 0xffffffffffffff94, 0xb, 0x0, 0x0)
sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)=ANY=[@ANYBLOB="7c0100001900010d"], 0x17c}, 0x1, 0x0, 0x0, 0x1}, 0x84)
r2 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bind$bt_hci(r2, &(0x7f0000000100)={0x1f, 0xffffffffffffffff, 0x4}, 0x6)
getsockopt$sock_buf(r1, 0x1, 0x1c, &(0x7f0000000280)=""/26, &(0x7f00000002c0)=0x1a)
write$bt_hci(r2, &(0x7f0000000240)=ANY=[@ANYBLOB="0000020008"], 0xe)
sendmmsg(0xffffffffffffffff, &(0x7f0000000d40)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000000300)=[{0xa0, 0x104, 0x4, "21328dc73af91d0160f7df8bb2fd2e4381c6f567caa065d31da7db2b719b5c92e42d0e1b940db5c104842985b3d5f88c814134dc0ee18d2c5cf0ee10762c217ffb565976470dda0b1f1382fe1db499e1b902b7a443c3ba8e6ecf7e0008b9e9582fff9c25ea70258dabd8580aeade3a5ee223990be0555bf5312099d38308aad5d857362a846ba76489caa4e24e"}], 0xa0}}], 0x1, 0x10)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r3, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="2c00000029000b0027bd7000000000000200000018000180"], 0x2c}}, 0x0)

4.511798662s ago: executing program 2 (id=2425):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
ioctl$AUTOFS_DEV_IOCTL_CATATONIC(0xffffffffffffffff, 0xc0189379, &(0x7f0000000040)={{0x1, 0x1, 0x18, <r2=>r1}, './file0\x00'})
ioctl$KVM_CAP_PMU_CAPABILITY(r2, 0x4068aea3, &(0x7f00000001c0)={0xd4, 0x0, 0x8})
r3 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000100)=[@textreal={0x8, &(0x7f0000000140)="bad104ec0f20d86635080000000f22d8b800008ee0baf80c66b84a50ad8b66efbafc0cb013ee66b9650900000f32f30f35660f3a0c7500fcba6100b84f00ef66b93d0b00000f32baf80c66b8d87c528166efbafc0c66b80000000066ef", 0x5d}], 0x1, 0x49, 0x0, 0x0)
syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f00000000c0)=[@text16={0x10, 0x0}], 0x1, 0x54, 0x0, 0xfffffffffffffd9c)
ioctl$KVM_RUN(r3, 0xae80, 0x0)

3.345027932s ago: executing program 2 (id=2427):
mkdirat(0xffffffffffffff9c, &(0x7f0000000300)='./file0\x00', 0x1)
mount$tmpfs(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f00000001c0), 0x800, &(0x7f0000000080)={[{@quota}, {@usrquota_inode_hardlimit={'usrquota_inode_hardlimit', 0x3d, [0x37]}}]})
chdir(&(0x7f0000000240)='./file0\x00')
mkdir(&(0x7f00000002c0)='./file0\x00', 0x0)
mkdir(&(0x7f00000000c0)='./bus\x00', 0x0)
mkdir(&(0x7f0000000440)='./file1\x00', 0x78)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000a00)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]})

3.344323116s ago: executing program 0 (id=2428):
r0 = syz_open_procfs$namespace(0x0, &(0x7f0000000100)='ns/mnt\x00')
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x2}, &(0x7f0000bbdffc)=<r1=>0x0)
timer_settime(r1, 0x1, &(0x7f0000000400)={{0x77359400}, {0x0, 0x3938700}}, &(0x7f0000000440))
r2 = socket(0x2a, 0x2, 0x0)
setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(0xffffffffffffffff, 0x84, 0x64, &(0x7f0000000000)=[@in6={0xa, 0x4e24, 0x1ff, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02', 0x8}, @in={0x2, 0x4e23, @rand_addr=0x64010102}, @in6={0xa, 0x4e23, 0x1, @private2={0xfc, 0x2, '\x00', 0x1}, 0x4}, @in={0x2, 0x4e23, @broadcast}, @in6={0xa, 0x4e1f, 0x40, @mcast1, 0x5}, @in6={0xa, 0x4e22, 0x7, @empty, 0x4}], 0x90)
sendmsg$TIPC_NL_LINK_GET(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000280)={0x0, 0x24}}, 0x0)
socket(0x2a, 0x2, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000380)=@newqdisc={0x2c, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_drr={0x8}]}, 0x2c}}, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000000)=@newtfilter={0x6c, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, {0xfffa}, {}, {0x1c, 0xfff9}}, [@filter_kind_options=@f_flower={{0xb}, {0x3c, 0x2, [@TCA_FLOWER_ACT={0x38, 0x3, [@m_connmark={0x34, 0x1, 0x0, 0x0, {{0xd}, {0x4}, {0x4}, {0xc, 0x7, {0x1, 0x1}}, {0xc, 0x8, {0x3, 0x3}}}}]}]}}]}, 0x6c}}, 0x24000000)
r3 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$DEVLINK_CMD_RATE_SET(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, 0x0}, 0x0)
sendmmsg(r3, &(0x7f00000002c0), 0x40000000000009f, 0x0)
getsockname$packet(r2, &(0x7f0000000200)={0x11, 0x0, <r4=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000001480)=0x14)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000040)=@newtfilter={0x34, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {0xfffa, 0xffe0}, {}, {0x1c, 0xfff9}}, [@filter_kind_options=@f_flower={{0xb}, {0x4}}]}, 0x34}, 0x1, 0x0, 0x0, 0x81}, 0x24004000)
r5 = socket$netlink(0x10, 0x3, 0x0)
sendmmsg(r5, &(0x7f00000002c0), 0x40000000000009f, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
connect$unix(0xffffffffffffffff, 0x0, 0x0)
futex(&(0x7f0000000140), 0x5, 0x0, 0x0, &(0x7f0000000000), 0x0)
ioctl$FIDEDUPERANGE(r0, 0xc0189436, &(0x7f00000001c0)=ANY=[@ANYBLOB="03000000000000001800000000002f1c1748"])

3.234378754s ago: executing program 2 (id=2429):
r0 = syz_open_dev$tty1(0xc, 0x4, 0x1)
socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r2 = socket$netlink(0x10, 0x3, 0x0)
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
close(r3)
sendmsg$nl_route_sched(r2, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={0x0}}, 0x0)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000280)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
connect$unix(r4, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r5, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r1, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
r6 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x121301, 0x0)
ioctl$TIOCSETD(r6, 0x5423, &(0x7f0000000040)=0xd)
write$binfmt_aout(r6, &(0x7f0000000940)=ANY=[], 0xff2e)
ioctl$TIOCSTI(r6, 0x5412, &(0x7f0000000180)=0x5)
sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x4000)
r7 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r7, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000080)=ANY=[@ANYBLOB="3c00000010000304000000000000000000000400", @ANYRES32=0x0, @ANYBLOB="0003000000000000140012800b0001006272696467650000", @ANYRES32], 0x3c}, 0x1, 0x0, 0x0, 0x20004084}, 0x8044)
ioctl$KDFONTOP_SET_DEF(r0, 0x4b72, &(0x7f00000006c0)={0x2, 0x1, 0x1c, 0x14, 0x43, 0x0})

3.19453857s ago: executing program 4 (id=2430):
r0 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000180)={0x3, 0x4, 0x4, 0xa, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
bpf$BPF_BTF_GET_NEXT_ID(0x17, &(0x7f0000000240)={0x5, <r1=>0x0}, 0x8)
bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x19, 0x10, &(0x7f0000000400)=ANY=[@ANYBLOB="18081200ff000000000000000000000000000000705b4d234c0f09b0bae86da81f09a0", @ANYRES32=r0, @ANYRES32=r0], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r1, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r2 = socket$packet(0x11, 0x3, 0x300)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x11, 0x3, &(0x7f00000001c0)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f00000000c0)='syzkaller\x00'}, 0x94)
r4 = syz_open_dev$usbfs(&(0x7f0000000080), 0x76, 0x101301)
ioctl$USBDEVFS_ALLOC_STREAMS(r4, 0x8008551c, &(0x7f0000000000)={0xd616, 0x1, [{0x1, 0x1}]})
r5 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000002c0)='ext4_writepages_result\x00', r3}, 0x10)
r6 = bpf$ITER_CREATE(0xb, &(0x7f0000000180)={r5}, 0x5)
close(r6)
r7 = bpf$MAP_CREATE(0x0, &(0x7f00000002c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48)
r8 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000340)={0x1f, 0xd, &(0x7f0000000100)=@framed={{0x18, 0x0, 0x0, 0x0, 0xfffffffc, 0x0, 0x0, 0x0, 0x80}, [@call={0x85, 0x0, 0x0, 0xa8}, @ringbuf_output={{0x18, 0x1, 0x1, 0x0, r7}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x20000002}, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x4, 0x0, 0x0, 0x2}, {0x85, 0x0, 0x0, 0xa6}}]}, &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x11}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000500)={r8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x48)
setsockopt$packet_fanout(r2, 0x107, 0x12, &(0x7f0000000100)={0x0, 0x7}, 0x4)
setsockopt$packet_int(r2, 0x107, 0x16, &(0x7f0000000000)=0x4, 0x4)
r9 = socket$packet(0x11, 0x3, 0x300)
sendto(r9, &(0x7f0000000040)="5afa3fd29bffffffe50000000000", 0xe, 0x4000846, &(0x7f0000000100)=@qipcrtr={0x2a, 0x4, 0x8000}, 0x80)

2.771310789s ago: executing program 4 (id=2431):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x50)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0x16, &(0x7f0000000140)=ANY=[@ANYBLOB="1800000005000000000000000200000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf090000000000005509010000000000950000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b702000000f10000850000008600000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000850000006d000000bf91000000000000b7020000010000008500000085000000b70000000000000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0xed41d0969ec4053c, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='tlb_flush\x00', r1}, 0x10)

2.767496108s ago: executing program 1 (id=2432):
socket$l2tp6(0xa, 0x2, 0x73)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0xb9e}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f00000005c0)=0x5)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0xb, &(0x7f0000000380)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020000000000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000300)='rcu_utilization\x00', r3}, 0x10)
r4 = add_key$user(&(0x7f00000003c0), &(0x7f0000000440), &(0x7f00000000c0), 0xc9, 0xfffffffffffffffd)
r5 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
r7 = syz_genetlink_get_family_id$batadv(&(0x7f0000000480), 0xffffffffffffffff)
sendmsg$BATADV_CMD_GET_BLA_BACKBONE(r6, &(0x7f0000000580)={&(0x7f0000000400)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f0000000500)={&(0x7f00000004c0)={0x14, r7, 0x200, 0x70bd27, 0x25dfdbff}, 0x14}, 0x1, 0x0, 0x0, 0x8100}, 0x10)
ioctl$VHOST_SET_VRING_BASE(r5, 0xaf01, 0x0)
ioctl$VHOST_SET_MEM_TABLE(r5, 0x4008af03, &(0x7f0000000140))
ioctl$VHOST_SET_FEATURES(r5, 0x4008af00, &(0x7f0000000380)=0x200000000)
write$vhost_msg_v2(0xffffffffffffffff, &(0x7f0000000280)={0x2, 0x0, {&(0x7f0000000140)=""/128, 0xffffffd9, 0x0, 0x0, 0x2}}, 0x48)
ioctl$VHOST_VSOCK_SET_RUNNING(0xffffffffffffffff, 0x4004af61, &(0x7f0000000040)=0x1)
keyctl$dh_compute(0x17, &(0x7f0000000200)={r4, r4, r4}, 0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000140)={'sha1-avx2\x00'}})

1.949867444s ago: executing program 2 (id=2433):
r0 = syz_clone(0x80110200, &(0x7f0000000a40)="921337c4e20f876264a4d1353f719a87b14f255b4d11f872ed7da2b6219b396e5bc164b591b404eb2b6e5b051719286d00382d177f99a438b810ad2221e3ffc521afe0284f6d1a4fe1ab9103d7f19366c816e390059b4da0e88bbf4ee3e5fee61813ae", 0x63, 0x0, &(0x7f0000000ac0), 0x0)
syz_open_procfs$pagemap(r0, 0x0)
symlinkat(&(0x7f0000000180)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0xffffffffffffff9c, 0x0)
socket(0xb, 0x0, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
r1 = socket$packet(0x11, 0x2, 0x300)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000240)={'syz_tun\x00'})
r2 = socket$packet(0x11, 0x3, 0x300)
bind$packet(r2, 0x0, 0x0)
syz_emit_ethernet(0x36, &(0x7f0000000380)=ANY=[], 0x0)
openat$vmci(0xffffffffffffff9c, &(0x7f0000000a00), 0x2, 0x0)
fsopen(0x0, 0x0)
ioctl$VIDIOC_SUBDEV_G_FRAME_INTERVAL(0xffffffffffffffff, 0xc0305615, &(0x7f0000000080)={0x0, {0xfff, 0x9}})
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, 0x0, 0x0)
sched_setscheduler(r0, 0x2, &(0x7f0000000100)=0x2)
r3 = syz_open_dev$MSR(&(0x7f00000007c0), 0x0, 0x0)
read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8)
r4 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000), 0x2b00, 0x0)
preadv(r4, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0x18ff2}], 0x1, 0x0, 0x0)

1.946640213s ago: executing program 4 (id=2434):
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
r1 = openat$audio(0xffffffffffffff9c, &(0x7f0000000180), 0x109842, 0x0)
r2 = bpf$MAP_CREATE(0x1900000000000000, &(0x7f0000000040)=@base={0x1b, 0x0, 0x0, 0x2000}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0xd, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000001f80000850000008200000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) (async, rerun: 32)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x1, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x10, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) (async, rerun: 32)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000500)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
setsockopt$sock_attach_bpf(r4, 0x1, 0x32, &(0x7f0000000180)=r3, 0x4) (async)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r6, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000002300)=ANY=[@ANYBLOB="1c00000034000701fffffffffeffffff037c0000080004"], 0x1c}, 0x1, 0x0, 0x0, 0x488c0}, 0xc000) (async, rerun: 32)
sendmsg$inet(r5, &(0x7f0000000100)={0x0, 0x0, 0x0}, 0x20000000) (async, rerun: 32)
ioctl$SNDCTL_DSP_SETFMT(r1, 0xc0045005, &(0x7f0000000100)=0x40) (async, rerun: 64)
ioctl$SNDCTL_DSP_GETOPTR(r1, 0x800c5012, &(0x7f0000000000)) (rerun: 64)
close_range(r0, 0xffffffffffffffff, 0x0) (async)
openat$comedi(0xffffff9c, &(0x7f0000000040)='/dev/comedi2\x00', 0xa400, 0x0)

1.35763354s ago: executing program 0 (id=2435):
r0 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000180)={0x3, 0x4, 0x4, 0xa, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x1, 0x10, &(0x7f0000000bc0)=ANY=[@ANYBLOB="1808000000000000000000000000000018120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b703000000000000850000000c000000b7000000000000001801000000082c2500000000002120207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000000085000000b000000095"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r1 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_fanout(r1, 0x107, 0x12, &(0x7f0000000100)={0x0, 0x7}, 0x4)
setsockopt$packet_int(r1, 0x107, 0x16, &(0x7f0000000000)=0x4, 0x4)
r2 = socket$packet(0x11, 0x3, 0x300)
sendto(r2, &(0x7f0000000040)="5afa3fd29bffffffe50000000000", 0xe, 0x4000846, &(0x7f0000000100)=@qipcrtr={0x2a, 0x4, 0x8000}, 0x80) (fail_nth: 3)

1.265239603s ago: executing program 4 (id=2436):
openat$sndseq(0xffffffffffffff9c, &(0x7f0000000040), 0x62181)
madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xe)
mlock(&(0x7f0000000000/0x800000)=nil, 0x800000)
mprotect(&(0x7f000004f000/0x800000)=nil, 0x800000, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f0000000180)='map_files\x00')
fchdir(r0)
r1 = syz_open_procfs(0x0, &(0x7f0000000000)='smaps\x00')
read$FUSE(r1, &(0x7f0000000040)={0x2020}, 0x2020)
mprotect(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1)
write$cgroup_int(0xffffffffffffffff, &(0x7f0000000040)=0x800000000001c8, 0x12)

1.11902189s ago: executing program 1 (id=2437):
mmap(&(0x7f0000001000/0xc00000)=nil, 0xc00000, 0x0, 0x3032, 0xffffffffffffffff, 0x0)
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f0000000180)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
r4 = syz_open_dev$evdev(&(0x7f00000000c0), 0x2, 0x862b01)
r5 = syz_genetlink_get_family_id$ipvs(&(0x7f00000001c0), 0xffffffffffffffff)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$IPVS_CMD_NEW_DAEMON(r6, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000580)=ANY=[@ANYBLOB='X\x00\x00\x00', @ANYRES16=r5, @ANYBLOB="0100000000000000eca20ae4000044000380080001"], 0x58}}, 0x0)
ioctl$EVIOCGKEY(r4, 0x80404518, 0x0)
r7 = getpid()
sched_setscheduler(r7, 0x2, &(0x7f0000000200)=0x7)
fcntl$getownex(r0, 0x10, &(0x7f0000000040))
r8 = socket$inet6_sctp(0xa, 0x5, 0x84)
setsockopt$inet_sctp6_SCTP_EVENTS(r8, 0x84, 0xb, &(0x7f0000000280)={0x0, 0x4}, 0xe)
shutdown(r8, 0x0)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r8, 0x84, 0x6f, &(0x7f0000000000)={<r9=>0x0, 0x10, &(0x7f00000002c0)=[@in={0x2, 0x0, @local}]}, &(0x7f0000000240)=0x10)
getsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r8, 0x84, 0x7b, &(0x7f0000000040)={r9}, &(0x7f0000000080)=0x8)
ioctl$AUTOFS_DEV_IOCTL_ISMOUNTPOINT(0xffffffffffffffff, 0xc018937e, &(0x7f0000000080)={{0x1, 0x1, 0x18}, './file0\x00'})
mount(&(0x7f0000000300)=@nbd={'/dev/nbd', 0x0}, &(0x7f0000000100)='./file0/file0\x00', &(0x7f0000000140)='afs\x00', 0x90840, &(0x7f0000000180)='/\x00')
r10 = bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0xf, 0x3, &(0x7f0000000500)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_device, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_LINK_CREATE(0x1c, &(0x7f00000002c0)={r10, 0xffffffffffffffff, 0x13, 0x0, @void}, 0x10)
sendmsg$key(0xffffffffffffffff, &(0x7f00000001c0)={0x500, 0x0, &(0x7f0000000040)={&(0x7f0000000280)=ANY=[@ANYBLOB="020100090a0000000600000000000000030006000000000002000000ffffffff0000000000000000030005000000000002000000ac1e00010000000000000000020013"], 0x50}}, 0x0)

1.062596758s ago: executing program 0 (id=2438):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0xc00)
sendmsg$NFT_BATCH(r0, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f00000003c0)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x5}}, [@NFT_MSG_NEWSET={0x5c, 0x9, 0xa, 0x401, 0x0, 0x0, {0xa, 0x0, 0x4}, [@NFTA_SET_TABLE={0x9, 0x1, 'syz1\x00'}, @NFTA_SET_KEY_LEN={0x8, 0x5, 0x1, 0x0, 0x4}, @NFTA_SET_NAME={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_ID={0x8, 0xa, 0x1, 0x0, 0xfffffffc}, @NFTA_SET_EXPR={0x20, 0x11, 0x0, 0x1, @connlimit={{0xe}, @val={0xc, 0x2, 0x0, 0x1, [@NFTA_CONNLIMIT_COUNT={0x8, 0x1, 0x1, 0x0, 0xfffff274}]}}}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x1}}}, 0x84}, 0x1, 0x0, 0x0, 0x4000850}, 0x40)
r1 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000480)={0x6, 0x3, &(0x7f0000000040)=ANY=[@ANYRES8=r0], &(0x7f00000002c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x3}, 0x94)
syz_emit_ethernet(0x3e, &(0x7f0000000000)=ANY=[@ANYBLOB="aaaaaaaaaaaaaaaaaaaaaabb86dd6018232500082c"], 0x0)
socket$unix(0x1, 0x1, 0x0)
socket$inet_udplite(0x2, 0x2, 0x88)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
getpid()
sched_setaffinity(0x0, 0x0, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000600)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file1\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
mknod$loop(&(0x7f0000000180)='./file0\x00', 0x6000, 0x0)
r4 = creat(&(0x7f00000000c0)='./file0\x00', 0x0)
r5 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000480)={0x6, 0x3, &(0x7f0000000680)=ANY=[@ANYBLOB="1800000002000000000000000000000095"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x9}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r5, 0x5, 0xd50, 0x0, 0x0, 0x0, 0xd01, 0x2a0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x50)
r6 = dup2(r4, r4)
ioctl$BLKTRACESETUP(r6, 0xc0481273, &(0x7f0000000240)={'\x00', 0x40, 0xa, 0x1, 0x40000000, 0x10})
ioctl$BLKTRACESTART(r4, 0x1274, 0x0)
ioctl$BLKTRACETEARDOWN(r6, 0x1276, 0x0)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r1, 0x5, 0xb68, 0xffc7, &(0x7f0000000000)="ff", 0x0, 0x149c, 0x503, 0x0, 0x0, 0x0, 0x0, 0x2, 0xffff80fe, 0x80}, 0x48)

693.188907ms ago: executing program 4 (id=2439):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$TIPC_NL_MEDIA_SET(r0, &(0x7f00000001c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000000180)={&(0x7f0000000040)={0x138, 0x0, 0x20e, 0x70bd2d, 0x25dfdbfd, {}, [@TIPC_NLA_NODE={0x90, 0x6, 0x0, 0x1, [@TIPC_NLA_NODE_KEY={0x42, 0x4, {'gcm(aes)\x00', 0x1a, "349917c334bd7aa7e9a589c7a67d6df1196314bd7ea9af354249"}}, @TIPC_NLA_NODE_ADDR={0x8, 0x1, 0x1a}, @TIPC_NLA_NODE_REKEYING={0x8, 0x6, 0x3}, @TIPC_NLA_NODE_ID={0x14, 0x3, "40311aab39d3cbc28c946c407ceed66e"}, @TIPC_NLA_NODE_KEY_MASTER={0x4}, @TIPC_NLA_NODE_ADDR={0x8}, @TIPC_NLA_NODE_KEY_MASTER={0x4}, @TIPC_NLA_NODE_UP={0x4}, @TIPC_NLA_NODE_REKEYING={0x8, 0x6, 0x2}, @TIPC_NLA_NODE_ADDR={0x8, 0x1, 0x2}]}, @TIPC_NLA_BEARER={0x78, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_PROP={0x1c, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8, 0x4, 0x4a9}, @TIPC_NLA_PROP_WIN={0x8}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x1}]}, @TIPC_NLA_BEARER_PROP={0x14, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_WIN={0x8, 0x3, 0x8}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x10}]}, @TIPC_NLA_BEARER_UDP_OPTS={0x44, 0x4, {{0x20, 0x1, @in6={0xa, 0x4e23, 0x6, @local, 0xffff}}, {0x20, 0x2, @in6={0xa, 0x4e23, 0xf, @local, 0x80000000}}}}]}, @TIPC_NLA_SOCK={0x1c, 0x2, 0x0, 0x1, [@TIPC_NLA_SOCK_HAS_PUBL={0x4}, @TIPC_NLA_SOCK_ADDR={0x8, 0x1, 0x40}, @TIPC_NLA_SOCK_HAS_PUBL={0x4}, @TIPC_NLA_SOCK_ADDR={0x8, 0x1, 0x5}]}]}, 0x138}, 0x1, 0x0, 0x0, 0x40}, 0x4000080)
syz_genetlink_get_family_id$tipc(&(0x7f0000000200), r0)
r1 = syz_open_dev$vivid(&(0x7f0000000240), 0x1, 0x2)
ioctl$VIDIOC_SUBDEV_S_CROP(r1, 0xc038563c, &(0x7f0000000280)={0x0, 0x0, {0x8, 0x5, 0x1000, 0x80000}})
r2 = timerfd_create(0x41c23ac3593852bc, 0x40800)
ftruncate(r2, 0x8000)
fsopen(&(0x7f00000002c0)='devtmpfs\x00', 0x1)
ioctl$BTRFS_IOC_START_SYNC(r0, 0x80089418, &(0x7f0000000300)=<r3=>0x0)
r4 = openat$tun(0xffffffffffffff9c, &(0x7f0000000340), 0x301000, 0x0)
r5 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000380), 0x2, 0x0)
read$FUSE(r5, &(0x7f00000003c0)={0x2020}, 0x2020)
ioctl$BTRFS_IOC_SCRUB_PROGRESS(r1, 0xc400941d, &(0x7f0000002480)={<r6=>0x0, 0xd, 0x80000001})
ioctl$BTRFS_IOC_SNAP_CREATE_V2(r1, 0x50009417, &(0x7f0000002880)={{r4}, r3, 0x2, @inherit={0x70, &(0x7f0000002400)={0x0, 0x5, 0x15, 0x6, {0x8, 0x8, 0x5, 0x8000000000000001, 0x5}, [0x5, 0x5, 0x401, 0x1614, 0x6]}}, @devid=r6})
ioctl$VIDIOC_G_INPUT(r1, 0x80045626, &(0x7f0000003880))
r7 = socket$inet6_udp(0xa, 0x2, 0x0)
getpeername$packet(0xffffffffffffffff, &(0x7f00000038c0)={0x11, 0x0, <r8=>0x0, 0x1, 0x0, 0x6, @remote}, &(0x7f0000003900)=0x14)
ioctl$sock_ipv6_tunnel_SIOCGETTUNNEL(r7, 0x89f0, &(0x7f00000039c0)={'syztnl1\x00', &(0x7f0000003940)={'ip6_vti0\x00', r8, 0x4, 0x5, 0x3, 0x0, 0x10, @private0={0xfc, 0x0, '\x00', 0x1}, @private0, 0x8000, 0x0, 0x3, 0x3}})
getsockopt$inet_sctp6_SCTP_DEFAULT_SEND_PARAM(r7, 0x84, 0xa, &(0x7f0000003a00)={0x39bb, 0x7, 0x0, 0x8, 0x7, 0x7, 0xd7d, 0x8, <r9=>0x0}, &(0x7f0000003a40)=0x20)
setsockopt$inet_sctp_SCTP_ASSOCINFO(r4, 0x84, 0x1, &(0x7f0000003a80)={r9, 0xfffd, 0x100, 0x1, 0x8, 0x1}, 0x14)
r10 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000003ac0), 0x420000, 0x0)
ioctl$IOMMU_TEST_OP_MOCK_DOMAIN(0xffffffffffffffff, 0x3ba0, &(0x7f0000003b00)={0x48, 0x2, 0x0, 0x0, 0x0, 0x0, <r11=>0x0})
ioctl$IOMMU_GET_HW_INFO(r10, 0x3b8a, &(0x7f0000003bc0)={0x28, 0x0, r11, 0x33, &(0x7f0000003b80)=""/51})
r12 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_netdev_private(r12, 0x89f4, &(0x7f0000003c00)="3e3c5f10c9eebfab59a55287cb654f45b9b4cf0c01dd9fac9cdf0f5d67eaa6b99e85e4642e19f35fe82a2ca673c781c1603321569fd8ef524cb69805e0a222dc55d13b6e1282922fc080680345b9")
fsconfig$FSCONFIG_SET_STRING(r0, 0x1, &(0x7f0000003c80)='syztnl1\x00', &(0x7f0000003cc0)='TIPC\x00', 0x0)
ioctl$AUTOFS_IOC_EXPIRE_MULTI(r2, 0x40049366, &(0x7f0000003d00))
ioctl$IOMMU_VFIO_IOMMU_UNMAP_DMA(r10, 0x3b72, &(0x7f0000003d40)={0x94, 0x3, 0x6, 0x1ff, "83f17a21971fae76366bea55003c2dcbcdbc2ff2d6224aa651dc82787f6d65d1ad022c27688b400e1563963971f001339e57015e54e90cdc2784ec805122999315d6414afbbcd7b4cf992e4e14c8b0d1e11657ecd19bea1d0a7995b9eee3a9514a9151993ebf5f18571528d5d786dc85d6308b5702297739fc5534f3"})
r13 = accept$packet(0xffffffffffffffff, 0x0, &(0x7f0000003e00))
pwritev2(r13, &(0x7f0000004f40)=[{&(0x7f0000003e40)="07cd9192c9633339dbc259d214c62729047282111bda1a74ea61591dff53c4900a2837d7ff1ab64bba62bc5701f02dc56645fa12b9cb000e251ac303634f02ddfcccb9de9ea37768465629080c2c9126f5", 0x51}, {&(0x7f0000003ec0)="16559d385d11ca675ecb2e28a050a150e400ae7bfc924da304ffa404181a8dbce9bde4bbc29d095a6205cb460a1ca384014526c1d5f696661a8093788b1f565ec073200b8d9ea330f11046020bd29a56a18cab91", 0x54}, {&(0x7f0000003f40)="883020db3543d6e8687aaca30d11d5bd9b3ba3f16e3564a2d88fd8ec531f48b2c323c56cefc578d6f44f8adf1a46725c97565bfe8190976516cfce7360dda4a9d613e7782ffe8a29b4792a0adabe334d05a9977bd29c9fa3c0edd2dacd4932e6962949f45262d0bc503d230886c0a727a918ce7af735054f21beb7ba29d2524c00d79ed9a9f538422a36e745e3f22e2a3e1962234f1c051ee9640582991306bce6e0b8203d4b0f4e4c0e5f24e06b8b0f9634ea84f88a92b8b4849d276f06ae5de68c63eeb053da5e2e7d15093472b33c80267044d44ce39286a4e068cbe383836cc7229ed30cecaa3138735b2d4ea984a04040d5958e3040cebb96bca8cdfea4e09ea96878b146f0d33ca6a11d515ed89d04b3115557daf597dfb0188d631111eb67086020610c86ed7ee0b46ecb9fb61794d1c798172e04160365ed7553b7635dcaf4b200e0e48172f3f65260e12ec7436a29bdb979fa46006949c43829d2fbfdd68aaed3bf6e3a8dddf74c708737158fe773db45eca18f1c689438315b982d032eeeff064e372ec75bba0def1dbd70fc80ea8a652d63bf103572724686ef26690f690b49d64691096d03f8765ba1e0c89ed40a270adca118b0429900a2c55e245c5b13886a0da3d48f9e1211d15fcc5d3a51f4f8d98ab25d483461c3972f0b3e705436aa1a46f64b51a5ef8ee5a787e7bbc9009b9fc6ca49d5afdba18377b290cdd166ca219884562358ce1aba986603abccd209c95397d5d4eb219db09f02dd9da8b82a70e497df55c36bdb2b6c6b74f0324e6b3c05908732a5a18a646106d198284953b86d8cc48a24707b14f7e7546e10f6bed37b3a22fe9e88b7d66eb7f863455e00906263c0ad0c57d50de66e37a1c7f9e3376146c966c94b6cb939fa39555463a1bec295dea648af7ea3b72f835e2d708f9eb44efe95ce1bea93c69384e4f81a89ef5618383b3f4d3079d3f4cf008b3ca8e879067fdc48d041a94237091292266cf8c72ddf3cb8c85aa7ca6e76f2d753498dba2f628b4ac8e4631d5fa3fb13fbe9311cb4e9458e1753f2c16d24a094a352b038305a50d33f0394a28d689fdc064babee12d8a9fa90472d930ee67b51caf15dda4c08f44bc7d4c8177ef267997d25e4278115eadd209450ed1f294ee27d040e026a3bc0be8f4f5faed833978f055b57e636c9fb8dd2ef33e90246116dbdd783f83c485a47cd3d79b9d785fed789a805c34f77c9a0bbd916af0cbbab759ab5db86fa4271c69abae71fd1d53f02e75aefbe4fc4a91b37160b70518f0a1dec7acfc2d9994494bd03360715fa78112d50741f2641f4e72efd195b09fdada1b2938335578282ff77760275d1cb5aae5efb162207e37729b85779bfd21e7dedd8120d87e4957474ea23f2d5cd9d65f2dea281bc818a1d9839e5a1d41ae08e8578284df02ce95bb7d49e43182a7d8eacdd799842429e5e484a9aa4756a2c3ca90311284d06c21a42fa320c8bb76a428fd934fe00aedca7065c99349574b8445b9157af9685ca494ca1b7c45c2b907d848d974b044dbce1b04c74f6e69694fc972aa52121300c79d62f5666e57acf187737df6f084f5fa0286187d5dfbc8252d0e052fb9c982362eb3d6c78188da964649f0a9a72654f06dca1c5275293c2078e6d235f8046816a4aa59c781241e9b75470a5e85c8763bdb40fd2fb1e5b830a6fd000ccae4225df7c9f056cd0536d430ba242f6e6f5058fd9d5855d71ac73925392965d5cec6dadc296719173f82772e18e97d5a3668add24f38edb22592ccad6817c56cfba16583983ccac3559fed9a80f677f65296729a8e84e7238e82b08ca54c6f39ec11fe62e8af4dddc7f7cbf6315fcd9552c427be29ca1fc7b02aa4295d866ef2d633a266febc0b6943870cc3f44c273647fcb5861a094783280cc2521d63dd07c5e9d9020b3e117844e357003e3d59433fad907091d5ce974ccf620e26895babc1144ab68fd2a9e54d2231cd0f6c47a7cb28301837f8e599842db8be169ad0d04ae250d952c0074ff852a510de9c40a9649410e3c3ad9867b585256752bf49e24a4e1ab8af2888bd2a3595b9417d5c41b260cc59b56b5b4788cffe2ddc17dc8f12966cb2994bca52f46ec757aae8255ac219589e5d8a2e1e20303455f5c5d59ae3caa1e9b272a95f01cd13ef827f69c7c10aefd87369c27b63306a08c3c929cd6e8ab66a11febc4440342da67c66ae9fa8239489e8603b3affafc6998752383bdeba1b765068f76ca18679c21375a2270b880d25f558d95d175c6f6446891b39f4edb832d00e4ada3b00f79039b6f80131abde6dbbb585681b18bde74140b229af6151c013b2ae7a1df0e85fa1767966899b84a070132bf130c167ead27a65bff47fbcfa23a44ea8429bf601879b4b15ac18fd65a0a23e70a9382c27cb30ae63ba3c2183d93a1be004a71c98e549bfced84450a0c11c8684755f62a3be612725d3e89f70207cfce4222f06382e85bf02e402f436cefbb0e38f14e7ae29d0d029b2d8be02e8151b422cbba57b60544b9e012f95f2d6d2248f17427410ff8f3a5dea1f02b9d8ca26d7b23771243ce337992dc77853b277c5c70b796966cfe23c7d56830fbdf101777acd76ddef82f4bc6ea47c8c5abf4e1b2d0f7e33e1e9e8e29dc8711b9562c01c3eed04f6f05ace8f7dc0678846b7b721c95cfb9d9cdc98e0d423200eb70cf9834d5fe70eef470ed604fdd72f8b8a338a5ea4b22a45e610695f9a2c02836c8b8c7f884d856c3709a0adacba05d7037b3776b514ee137564a3010f851af893b21a835400385a551473ee114aacb36997d158bf66b5332230f570e312fad0837b01c3a6b72c620ff618f24e0400c77906067101eaed2cc2ff6609e544ec46f6d63ba9463435c63a7a8a44bdd3cc81b0707cc0d75223083aaa3695ec2bd8451b6f9f5ec4bcfbc58e4bd0ecbea668b8252411bf97a0654d3c09724a3f9a7a019f7ccaba35c2d1044ee53cfe86bf115d481f2fa7baf1dcd3a5588f903946664ecd589d2cfa136db65143a0a3a8b8598eff354b8f7f570dbac9849bfe0886d19a3563fb620d8aa209f38b289907b7b9f727482482fd268086418f3ab4bf095d8fe481a03be52e743dbb883774d79751f7ec45e8a3cbe7a1dbf55233a59b64ecd5d54e457277aca517ca6d65d4bcdde2d6be291a259c11e789ab074e234f630ac0760811ef5997c656b99b977f0c77c37af3bf6c42951ea1feec65a61d720b0e247bb7ae591d07ec74c81e150212d2aa8cf93546e4e1725bf0f6e8de3480df57a5bbcc608177e3eb1851ea791eea3cdca961a1e414be2750aa36b561a4d54e269935121833de9de883d2fb1c564d23c148fd406059df1d70fae52f1effd734c2097253514c63507d3d37e0f690bfdf494d20f1d7b47f7e345d459b919ac2ab722249260cfdb6e07b3aadf12db9b570da94020b3b06db66f171fc30087f2c0765baf89ec2f209db06037afdedef214b540cce0fbeafba19005e169e160ff5e32cb4c80874d5a8c2e80c9a74d0041d13bb949d0717a26e054981b0bb419904bb94ffc031667a0caaf13e88811c3c0a6eee94f40066b69183ddac6722eb21ab0efb3006802ee4802a8ad9089d1352c777d2119fa32e637e0b1b51d96b2f24973ddb3e3f03b8aae529cca1157ac6ef8f3d92b14d8d252ff82d271d49476b5c31e51d501463658acbda9960a04fb7bfa8d6159f9f4b932a1ebbcaab8338f4f1ab397ac82f38f9b68e14d3ab756f73ccc3a3c67289ef24289e8658b7d76e86d2cc981464acb0509c616b33b2a9167840313b63a7566ae594ae2c3da744203b5d442f826a10dcc560d9ac6b3067393e8f3e4d54adca18467de3d6beab5c0a8e2725979a21555b3ca8c317cf5191c741cec85f622bea1387e42ca67da1812662d88aeebdf1089869153d101f4d1cd9544940cea2bc47f4c463909d2132cdc335db4557eed326a43c4be515b19924ae97b2b90d06e775ef23fadc3206703b4c32bec7a45db75fe52596001322e5cf4f4fdc028a048957593954bcdca367a8639e165299fe08c95f7c7eb7be83d0a8e0b667c40560111f80b60a996dd985d6565d29bab70a81574da4b021fb2082c9a84b17d445b6640d661deb28da15da9453a3f4ac2b49723efa70ac1c899eaa92508d711f9931760680c51ec3c2156a780abb5d9e67c4a8b97e9ec43286a010925076888115788fba7126a48e4aa7406f763905c3f046c7011b64a9de6103e69c52ab4df67ed4bb232d0fac16f77504ed2352146a4a81bb51f7113ed497e11b92bee018496582bffc33af447c2e820b7d15587050a679ab5b1ae6ce3ea690ac20aba257169954bcd2d543e664e563d8374abe9da5e5b1deefeab4ccbdc43e90f50b404fc28338fabe678793ab4994d3a100d854879789d4cacdc345ffbe0b2be8b4af9885312ef21920160df2955afaf394126176cf3566914e6536252446e212e9b914a19cc8aa3475a112bb4d5d09ede8cce245bf73f577b610f304f58b2b455b3333224edc870f541a68d93396e7f1fdbcbf562cf955e97c1b90f95d22c5ba3fca6423b3f763e45c98ad7ffd323359974211b1fbed97b8a437a4b961f62cbfd3330ca98a62d0b6354403303718eb45133567d60ad3717b73c971175aba1e1b6573934fdde1d816379bbf5b024f253bde0c3447cbcf939cc1a478f0e75ee944aba486bdb55443b39188daa4fd41fcb6bec2d7feb0caaa081f7e170e2447059f790986ed0801abe267dee1733b65cfc757e3db3e70744183178cb4a3ba86a1acf55a29233a53d1c99f2163d320e0d8ef2e9fe4f074144596456c0b13b42e8fa99b56db6e8db6ab55b53941782b94822e55a880c8ff44288f6a1bb125de332c593db4cf6c5a48db4ea10adddfb86d238ee37195cd205795e67bd2d2175d144fc8b86580b4b63e08d69f76b50ed2e2f92c0759751b3e454ea1890ccaa8a07ffbdba4af2667786feb0dd68f508ecf3c9a7063d7ef27f30ca1db26d1609cdee1bb4bd29445011780da0240828d332cb52228d6b311fb0476ab46b4fbce460b12d185b2669d49b05b8a14b36622c3a827ce5f7db16877048c656f284b674bb8d3de4f51fcc946c36bedd717bb950e73393438f18d73d16ec353a303a6a3795457088eb7702d30c1307085326c08d325b603c6f575bacf9cd5aeecb05d600a63cd11748175a68e4520f72aea3bc0e0879c55da5838fcb1205c96961a81f705b6cc898d7e957b03f1e9f29016fdb70acab1e43d21824c56e62f13a901e6fa8beae455e83e8bf6c6fc1260c60c89d567725817e3db19ec4fea1cdf473bd5abd955b4f5e2e52c0b01e3d879c452abb81805ba6de49886e4d5eb6dd7911ed9945609fa81f5b396fa2e047a1c05e59fba9433c6d3a8f881ea61fa6d6a461dd18bea65f27f61e33ae6c5e2686af7ef527bcb783e7c78d7d418893758043e4c681f84c9c4e791927a6af2e9e542aaa33b8b9e54a428f174c9d2d41a34e7519088c2efb8915499ac84dd51b346e99b3eb301b5b88992e68aebc7f90054cd3229ab5ce0320f0aaf6b7c236023e09940758b025d4c5083d04759745748ff3906a90139f5279d3bdee3ef2604c2cc4f0e64fbf5327b8693e16149d3eb78437d1a1ccb9171817c5ed9974ab586aab7f8a2da75ba2b7cb3d37478137c7aeb41b8a63207ad998601f1b33aa6786a06957294808d4dd76dd7e34b9b65e4fa560c57e3e003d1964b2203aba957f33f2eb6ac88abeca95cb33d89756749642a75aa6087e8b7a707b", 0x1000}], 0x3, 0x8, 0x7, 0xe)

645.165265ms ago: executing program 2 (id=2440):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000004c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a40000000160a03020000000000000000020000000900020073797a32000000000900010073797a3000000000140003800800024000000000080001400000000014000000110001"], 0x68}}, 0x0)
sendmsg$NFT_BATCH(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000040000000000a40000000160a01080000000000000000020000000900020073797a30000000000900010073797a3000000000140003800800024000000000080001400000000014000000110001"], 0x68}}, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000040)={'batadv0\x00', <r2=>0x0})
sendmsg$nl_route(r1, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000300)=ANY=[@ANYBLOB="4c00000010000104000002000000000000000000", @ANYRES32=0x0, @ANYBLOB="03800000000000001c0012800b0001006970766c616e00000c000280060001000200000008000500", @ANYRES32=r2, @ANYBLOB='\b\x00\n\x00', @ANYRES32=r2], 0x4c}, 0x1, 0x0, 0x0, 0x20004885}, 0x4054) (fail_nth: 3)

509.144367ms ago: executing program 2 (id=2441):
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040), 0x2041, 0x0)
ioctl$TCSETAF(r0, 0x5408, &(0x7f0000000080)={0x49de, 0x0, 0xfffc, 0xbfff, 0x19, "ec28a144f13d7607"})
write$binfmt_aout(r0, &(0x7f00000000c0)=ANY=[], 0xff2e)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
r1 = socket(0x2, 0x3, 0xff)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000000)={0x5, 0x1000086}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x0, 0x0)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8)
socket$kcm(0x29, 0x2, 0x0)
bind$inet(r1, &(0x7f0000000080)={0x2, 0x0, @local}, 0x10)
r3 = add_key$user(0x0, &(0x7f0000000140)={'syz', 0x3}, 0x0, 0x0, 0xffffffffffffffff)
pipe2$watch_queue(&(0x7f0000000240)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff}, 0x80)
keyctl$KEYCTL_WATCH_KEY(0x20, r3, r4, 0x0)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000240)=ANY=[], 0x7c}, 0x1, 0x0, 0x0, 0x4084004}, 0x10000)
sendmsg$NL80211_CMD_REQ_SET_REG(r5, 0x0, 0x24044004)
write(0xffffffffffffffff, &(0x7f0000000000)="240000001a005f0214d00707000904001f000000fe0200020000000008000400010000", 0x23)
sendmsg$NL80211_CMD_DEL_PMKSA(r1, &(0x7f0000000340)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x40000}, 0xc, &(0x7f0000000300)={&(0x7f00000004c0)=ANY=[], 0x60}, 0x1, 0x0, 0x0, 0x2}, 0x80)
sendto$inet(r1, 0x0, 0x0, 0x800, 0x0, 0x0)
bind$inet(0xffffffffffffffff, &(0x7f00008a5ff0)={0x2, 0x0, @loopback}, 0x10)
recvmmsg(0xffffffffffffffff, &(0x7f0000004900)=[{{0x0, 0x0, 0x0}, 0xd57e}, {{0x0, 0x0, 0x0, 0x0, &(0x7f0000000380)=""/3, 0x3}, 0x101}], 0x2, 0x60010020, 0x0)
sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f0000000200)={0x2, 0x0, @loopback}, 0x10)
prctl$PR_SET_VMA(0x53564d41, 0x0, &(0x7f0000ffa000/0x1000)=nil, 0x1000, &(0x7f0000000080)='\x00\x00\x00')
prctl$PR_SET_VMA(0x53564d41, 0x0, &(0x7f0000ff7000/0x4000)=nil, 0x4000, 0x0)
r6 = syz_init_net_socket$nfc_llcp(0x27, 0x2, 0x1)
socket$igmp6(0xa, 0x3, 0x2)
bind$nfc_llcp(r6, &(0x7f0000001040)={0x27, 0x0, 0xffffffffffffffff, 0x5, 0x0, 0x0, "d92984bd1ca44c226af5160e961711a077609475b78411e88509de050000000000f2170e65e3f50327e422000000000000000000000200000000001900", 0x3c}, 0x60)
sendmmsg(r6, &(0x7f0000004dc0)=[{{&(0x7f00000003c0)=@xdp={0x2c, 0x4, 0x0, 0x15}, 0x80, &(0x7f00000000c0)=[{&(0x7f0000001500)="0644c70615344fa6491bc72618069ea7d0fa51a607d6ee7d7ba544925eb4412394f5bd0eb49ef6a806cc85c5485992e354e0fce5dfb1eb0966558737953aa4c887f7fef774103591eb9a073c1f98a59f7a6696b2725d83cd9573afc031b67761245611d485f57b81f4e831a18162713240d510b542235f561b9e1ed090b4e6e107", 0x81}], 0x1}}], 0x1, 0x0)

89.451321ms ago: executing program 1 (id=2442):
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) (async)
r2 = socket$nl_generic(0x10, 0x3, 0x10) (async)
r3 = syz_genetlink_get_family_id$ipvs(&(0x7f0000001ec0), 0xffffffffffffffff)
sendmsg$IPVS_CMD_SET_CONFIG(r2, &(0x7f0000002040)={0x0, 0x0, &(0x7f0000002000)={&(0x7f0000000800)=ANY=[@ANYBLOB="1ccb2d07", @ANYRES16=r3, @ANYBLOB="01002bbd7000fddbdf250c00000008000400f9ffffff"], 0x1c}, 0x1, 0x0, 0x0, 0x8840}, 0xc000) (async)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x0, 0x9ff698112509803e, 0x0) (async)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) (async)
r4 = syz_io_uring_setup(0xbdc, &(0x7f0000000640)={0x0, 0xec25, 0x400, 0x1, 0x40000333}, &(0x7f00000006c0)=<r5=>0x0, &(0x7f0000000280)=<r6=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r5, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4) (async)
r7 = io_uring_register$IORING_REGISTER_PERSONALITY(r4, 0x9, 0x0, 0x0)
syz_io_uring_submit(r5, r6, &(0x7f0000000200)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x44, 0x0, 0xffffffffffffffff, 0x0, &(0x7f00000000c0), 0x0, 0x40000000, 0x1, {0x0, r7}})
io_uring_enter(r4, 0x847ba, 0x0, 0xe, 0x0, 0x0) (async)
socket$inet6(0xa, 0x3, 0x2f) (async)
r8 = socket$inet6(0xa, 0x80002, 0x0)
setsockopt$inet6_udp_int(r8, 0x11, 0x67, &(0x7f0000000200)=0x3, 0x4) (async)
connect$inet6(r8, 0x0, 0x0)
connect$inet6(r8, &(0x7f0000000000)={0xa, 0x0, 0xfffffffd, @local, 0x2}, 0x1c)
sendmmsg$inet6(r8, &(0x7f0000003cc0)=[{{0x0, 0x0, &(0x7f0000003980), 0x171}}], 0x400000000000172, 0x4001c00) (async)
bpf$MAP_CREATE_CONST_STR(0x0, 0x0, 0x48) (async)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0xfd2b, &(0x7f00000002c0)=0x2) (async)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) (async)
r9 = syz_open_dev$MSR(&(0x7f0000000040), 0x0, 0x0)
read$msr(r9, &(0x7f0000019680)=""/102392, 0x18ff8) (async)
bpf$MAP_CREATE_TAIL_CALL(0x0, 0x0, 0x8)
socket$netlink(0x10, 0x3, 0x0) (async)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000200)={'rose0\x00', 0x112}) (async)
socket$nl_route(0x10, 0x3, 0x0)

36.903189ms ago: executing program 4 (id=2443):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
r3 = dup(r2)
r4 = ioctl$KVM_CREATE_VCPU(r3, 0xaece, 0x0)
preadv(r4, &(0x7f0000000600)=[{&(0x7f0000000ac0)=""/4096, 0x1000}], 0x1, 0x40000000, 0xe6)
r5 = socket$packet(0x11, 0x3, 0x300)
ioctl$sock_SIOCETHTOOL(r5, 0x8946, &(0x7f0000000100)={'bridge0\x00', &(0x7f0000002fc0)=@ethtool_link_settings={0x4c, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, [0x0, 0x10, 0x451f, 0x0, 0x400000]}})
preadv(r2, &(0x7f0000000400)=[{&(0x7f0000000140)=""/158, 0x9e}, {&(0x7f0000000080)=""/41, 0x29}, {&(0x7f0000001ac0)=""/4096, 0x1000}, {&(0x7f0000000200)=""/204, 0xcc}, {&(0x7f0000000300)=""/195, 0xc3}], 0x5, 0x40, 0x2)
accept$packet(r5, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000040)=0x14)

0s ago: executing program 5 (id=2444):
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000640)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000004000000b703000000000000850000007200000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x28, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000400)={&(0x7f0000000040)='sched_switch\x00', r0}, 0x10)
sched_setscheduler(0x0, 0x2, 0x0)
syz_init_net_socket$llc(0x1a, 0x1, 0x0)
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x2, 0x0)
r1 = io_uring_setup(0x2e34, &(0x7f0000000180)={0x0, 0xe148})
close_range(r1, 0xffffffffffffffff, 0x0)
r2 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000100), 0x0)
read(r2, &(0x7f0000000840)=""/40, 0x28) (fail_nth: 1)

kernel console output (not intermixed with test programs):

[  515.928647][T10921]  ? clear_bhb_loop+0x60/0xb0
[  515.928670][T10921]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  515.928689][T10921] RIP: 0033:0x7f85b3f8eb69
[  515.928706][T10921] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  515.928724][T10921] RSP: 002b:00007f85b1dd5038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  515.928745][T10921] RAX: ffffffffffffffda RBX: 00007f85b41b6160 RCX: 00007f85b3f8eb69
[  515.928759][T10921] RDX: 0000000000000000 RSI: 0000000000004b68 RDI: 0000000000000007
[  515.928772][T10921] RBP: 00007f85b1dd5090 R08: 0000000000000000 R09: 0000000000000000
[  515.928784][T10921] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  515.928796][T10921] R13: 0000000000000000 R14: 00007f85b41b6160 R15: 00007ffe91189268
[  515.928828][T10921]  </TASK>
[  515.928975][T10921] ERROR: Out of memory at tomoyo_realpath_from_path.
[  516.155138][ T5958] usb 2-1: new high-speed USB device number 38 using dummy_hcd
[  516.269991][ T5958] usb 2-1: unable to read config index 0 descriptor/start: -61
[  516.278092][ T5958] usb 2-1: can't read configurations, error -61
[  516.287318][ T5958] usb usb2-port1: unable to enumerate USB device
[  518.419164][T10945] netlink: 16 bytes leftover after parsing attributes in process `syz.4.1382'.
[  518.544117][T10947] bridge0: port 3(syz_tun) entered blocking state
[  518.550929][T10947] bridge0: port 3(syz_tun) entered disabled state
[  518.557739][T10947] syz_tun: entered allmulticast mode
[  518.564775][T10947] syz_tun: entered promiscuous mode
[  518.571956][T10947] bridge0: port 3(syz_tun) entered blocking state
[  518.578593][T10947] bridge0: port 3(syz_tun) entered forwarding state
[  518.588914][T10947] xt_CT: You must specify a L4 protocol and not use inversions on it
[  519.527550][T10962] Illegal XDP return value 4294967274 on prog  (id 331) dev N/A, expect packet loss!
[  519.631788][ T5935] usb 3-1: new high-speed USB device number 21 using dummy_hcd
[  520.231628][ T5935] usb 3-1: Using ep0 maxpacket: 16
[  520.243789][ T5935] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  520.274597][ T5935] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 3
[  520.310877][ T5935] usb 3-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  520.344123][ T5935] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  520.361719][ T5935] usb 3-1: Product: syz
[  520.372555][ T5935] usb 3-1: Manufacturer: syz
[  520.396022][ T5935] usb 3-1: SerialNumber: syz
[  520.680187][T10973] FAULT_INJECTION: forcing a failure.
[  520.680187][T10973] name failslab, interval 1, probability 0, space 0, times 0
[  520.693213][T10973] CPU: 1 UID: 0 PID: 10973 Comm: syz.1.1390 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) 
[  520.693238][T10973] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  520.693250][T10973] Call Trace:
[  520.693261][T10973]  <TASK>
[  520.693269][T10973]  dump_stack_lvl+0x189/0x250
[  520.693297][T10973]  ? __pfx____ratelimit+0x10/0x10
[  520.693319][T10973]  ? __pfx_dump_stack_lvl+0x10/0x10
[  520.693341][T10973]  ? __pfx__printk+0x10/0x10
[  520.693372][T10973]  ? __pfx___might_resched+0x10/0x10
[  520.693399][T10973]  should_fail_ex+0x414/0x560
[  520.693425][T10973]  should_failslab+0xa8/0x100
[  520.693448][T10973]  kmem_cache_alloc_node_noprof+0x76/0x3c0
[  520.693469][T10973]  ? __alloc_skb+0x112/0x2d0
[  520.693501][T10973]  __alloc_skb+0x112/0x2d0
[  520.693532][T10973]  netlink_sendmsg+0x5c6/0xb30
[  520.693583][T10973]  ? __pfx_netlink_sendmsg+0x10/0x10
[  520.693626][T10973]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  520.693645][T10973]  ? __pfx_netlink_sendmsg+0x10/0x10
[  520.693674][T10973]  __sock_sendmsg+0x21c/0x270
[  520.693700][T10973]  ____sys_sendmsg+0x505/0x830
[  520.693736][T10973]  ? __pfx_____sys_sendmsg+0x10/0x10
[  520.693784][T10973]  ___sys_sendmsg+0x21f/0x2a0
[  520.693816][T10973]  ? __pfx____sys_sendmsg+0x10/0x10
[  520.693886][T10973]  ? __fget_files+0x2a/0x420
[  520.693907][T10973]  ? __fget_files+0x3a0/0x420
[  520.693940][T10973]  __x64_sys_sendmsg+0x19b/0x260
[  520.693967][T10973]  ? schedule+0x165/0x360
[  520.693988][T10973]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  520.694038][T10973]  ? do_syscall_64+0xbe/0x3b0
[  520.694064][T10973]  do_syscall_64+0xfa/0x3b0
[  520.694086][T10973]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  520.694105][T10973]  ? asm_sysvec_reschedule_ipi+0x1a/0x20
[  520.694151][T10973]  ? clear_bhb_loop+0x60/0xb0
[  520.694175][T10973]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  520.694194][T10973] RIP: 0033:0x7fe7f618eb69
[  520.694212][T10973] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  520.694229][T10973] RSP: 002b:00007fe7f3ff6038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  520.694250][T10973] RAX: ffffffffffffffda RBX: 00007fe7f63b6160 RCX: 00007fe7f618eb69
[  520.694264][T10973] RDX: 0000000000000040 RSI: 00002000000005c0 RDI: 0000000000000007
[  520.694277][T10973] RBP: 00007fe7f3ff6090 R08: 0000000000000000 R09: 0000000000000000
[  520.694289][T10973] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  520.694301][T10973] R13: 0000000000000000 R14: 00007fe7f63b6160 R15: 00007ffe31829598
[  520.694333][T10973]  </TASK>
[  521.098410][T10979] overlayfs: failed to clone upperpath
[  521.160832][ T5935] usb 3-1: 0:2 : does not exist
[  521.695392][T10990] netlink: 56 bytes leftover after parsing attributes in process `syz.1.1394'.
[  522.354286][T10989] netlink: 16 bytes leftover after parsing attributes in process `syz.0.1395'.
[  522.518313][T10992] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  522.590051][T10992] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  522.680168][  T978] usb 3-1: USB disconnect, device number 21
[  522.725220][T10999] netlink: 'syz.3.1397': attribute type 4 has an invalid length.
[  523.998970][T11030] netlink: 'syz.2.1408': attribute type 1 has an invalid length.
[  524.007241][T11030] nbd: couldn't find device at index -492516727
[  524.101374][T11031] netlink: 16 bytes leftover after parsing attributes in process `syz.1.1409'.
[  524.610985][T11041] bridge0: port 1(syz_tun) entered blocking state
[  524.618691][T11041] bridge0: port 1(syz_tun) entered disabled state
[  524.626326][T11041] syz_tun: entered allmulticast mode
[  524.643146][T11041] syz_tun: entered promiscuous mode
[  524.653023][T11041] bridge0: port 1(syz_tun) entered blocking state
[  524.659612][T11041] bridge0: port 1(syz_tun) entered forwarding state
[  524.740409][T11041] xt_CT: You must specify a L4 protocol and not use inversions on it
[  526.771612][  T978] usb 3-1: new full-speed USB device number 22 using dummy_hcd
[  527.304148][  T978] usb 3-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2d.ea
[  527.337798][  T978] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  527.362415][  T978] usb 3-1: Product: syz
[  527.366651][  T978] usb 3-1: Manufacturer: syz
[  527.371395][  T978] usb 3-1: SerialNumber: syz
[  527.413392][  T978] usb 3-1: config 0 descriptor??
[  527.503189][T11089] netlink: 'syz.3.1428': attribute type 1 has an invalid length.
[  527.549539][T11089] nbd: couldn't find device at index -492516727
[  528.615841][  T978] usb 3-1: dvb_usb_v2: found a 'TerraTec NOXON DAB Stick' in warm state
[  529.394749][T11094] FAULT_INJECTION: forcing a failure.
[  529.394749][T11094] name failslab, interval 1, probability 0, space 0, times 0
[  529.408573][T11094] CPU: 0 UID: 0 PID: 11094 Comm: syz.1.1427 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) 
[  529.408600][T11094] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  529.408613][T11094] Call Trace:
[  529.408621][T11094]  <TASK>
[  529.408629][T11094]  dump_stack_lvl+0x189/0x250
[  529.408658][T11094]  ? lockdep_hardirqs_on+0x9c/0x150
[  529.408678][T11094]  ? __pfx_dump_stack_lvl+0x10/0x10
[  529.408714][T11094]  should_fail_ex+0x414/0x560
[  529.408738][T11094]  should_failslab+0xa8/0x100
[  529.408760][T11094]  __kmalloc_noprof+0xcb/0x4f0
[  529.408778][T11094]  ? tomoyo_encode+0x28b/0x550
[  529.408806][T11094]  tomoyo_encode+0x28b/0x550
[  529.408837][T11094]  tomoyo_realpath_from_path+0x58d/0x5d0
[  529.408864][T11094]  ? tomoyo_domain+0xda/0x130
[  529.408896][T11094]  ? tomoyo_path_number_perm+0x1bc/0x5a0
[  529.408923][T11094]  tomoyo_path_number_perm+0x1e8/0x5a0
[  529.408947][T11094]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  529.408987][T11094]  ? __lock_acquire+0xab9/0xd20
[  529.409028][T11094]  ? lockdep_hardirqs_on+0x9c/0x150
[  529.409065][T11094]  security_file_ioctl+0xcb/0x2d0
[  529.409091][T11094]  __se_sys_ioctl+0x47/0x170
[  529.409122][T11094]  do_syscall_64+0xfa/0x3b0
[  529.409145][T11094]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  529.409163][T11094]  ? asm_sysvec_call_function_single+0x1a/0x20
[  529.409182][T11094]  ? clear_bhb_loop+0x60/0xb0
[  529.409206][T11094]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  529.409223][T11094] RIP: 0033:0x7fe7f618eb69
[  529.409241][T11094] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  529.409257][T11094] RSP: 002b:00007fe7f3ff6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  529.409278][T11094] RAX: ffffffffffffffda RBX: 00007fe7f63b6160 RCX: 00007fe7f618eb69
[  529.409293][T11094] RDX: 0000200000000080 RSI: 00000000c028aa03 RDI: 0000000000000004
[  529.409306][T11094] RBP: 00007fe7f3ff6090 R08: 0000000000000000 R09: 0000000000000000
[  529.409318][T11094] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  529.409329][T11094] R13: 0000000000000000 R14: 00007fe7f63b6160 R15: 00007ffe31829598
[  529.409362][T11094]  </TASK>
[  529.409623][T11094] ERROR: Out of memory at tomoyo_realpath_from_path.
[  529.975902][  T978] dvb_usb_rtl28xxu 3-1:0.0: probe with driver dvb_usb_rtl28xxu failed with error -32
[  530.247194][ T2061] usb 3-1: USB disconnect, device number 22
[  530.326290][T11108] netlink: 36 bytes leftover after parsing attributes in process `syz.4.1432'.
[  530.335776][T11108] netlink: 16 bytes leftover after parsing attributes in process `syz.4.1432'.
[  530.345751][T11108] netlink: 36 bytes leftover after parsing attributes in process `syz.4.1432'.
[  530.354992][T11108] netlink: 36 bytes leftover after parsing attributes in process `syz.4.1432'.
[  530.485713][T11113] overlayfs: missing 'lowerdir'
[  530.579584][T11115] netlink: 20 bytes leftover after parsing attributes in process `syz.1.1431'.
[  530.598268][T11115] No source specified
[  531.131910][T11115] workqueue: Failed to create a rescuer kthread for wq "xfs-conv/nullb0": -EINTR
[  531.817982][T11135] netlink: 'syz.4.1440': attribute type 1 has an invalid length.
[  531.835152][T11135] nbd: couldn't find device at index -492516727
[  531.894664][ T2061] usb 2-1: new high-speed USB device number 39 using dummy_hcd
[  532.083450][ T2061] usb 2-1: config 0 has an invalid interface number: 8 but max is 0
[  532.106643][ T2061] usb 2-1: config 0 has no interface number 0
[  532.116885][ T2061] usb 2-1: New USB device found, idVendor=0403, idProduct=da71, bcdDevice=a2.95
[  532.126596][ T2061] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  532.140935][ T2061] usb 2-1: Product: syz
[  532.149106][ T2061] usb 2-1: Manufacturer: syz
[  532.736147][ T2061] usb 2-1: SerialNumber: syz
[  532.811708][ T2061] usb 2-1: config 0 descriptor??
[  532.828010][ T2061] usb 2-1: NDI device with a latency value of 1
[  533.058378][ T2061] ftdi_sio 2-1:0.8: FTDI USB Serial Device converter detected
[  533.085000][ T2061] ftdi_sio ttyUSB0: unknown device type: 0xa295
[  533.671268][ T2061] usb 2-1: USB disconnect, device number 39
[  533.680199][ T2061] ftdi_sio 2-1:0.8: device disconnected
[  535.776428][T11186] netlink: 16 bytes leftover after parsing attributes in process `syz.4.1457'.
[  535.818827][T11187] relay: one or more items not logged [item size (56) > sub-buffer size (10)]
[  537.039206][T11203] netlink: 'syz.3.1465': attribute type 3 has an invalid length.
[  537.051281][T11203] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1465'.
[  538.818698][T11227] relay: one or more items not logged [item size (56) > sub-buffer size (10)]
[  538.945259][T11229] netlink: 56 bytes leftover after parsing attributes in process `syz.1.1470'.
[  539.997400][T11238] No source specified
[  540.618047][T11239] netlink: 'syz.1.1475': attribute type 1 has an invalid length.
[  540.641173][T11239] nbd: couldn't find device at index -492516727
[  541.433349][T11259] netlink: 52 bytes leftover after parsing attributes in process `syz.0.1483'.
[  541.840568][T11272] blktrace: Concurrent blktraces are not allowed on loop2
[  542.611815][T11279] netlink: 'syz.1.1489': attribute type 1 has an invalid length.
[  542.621078][T11279] nbd: couldn't find device at index -492516727
[  543.504702][ T5833] usb 3-1: new high-speed USB device number 23 using dummy_hcd
[  543.673566][ T5833] usb 3-1: config 0 has an invalid interface number: 8 but max is 0
[  543.696460][ T5833] usb 3-1: config 0 has no interface number 0
[  543.724260][ T5833] usb 3-1: New USB device found, idVendor=0403, idProduct=da71, bcdDevice=a2.95
[  543.753494][ T5833] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  543.790573][ T5833] usb 3-1: Product: syz
[  543.806955][ T5833] usb 3-1: Manufacturer: syz
[  543.836687][ T5833] usb 3-1: SerialNumber: syz
[  543.866216][ T5833] usb 3-1: config 0 descriptor??
[  543.891435][ T5833] usb 3-1: NDI device with a latency value of 1
[  544.254385][ T5833] ftdi_sio 3-1:0.8: FTDI USB Serial Device converter detected
[  544.271438][ T5833] ftdi_sio ttyUSB0: unknown device type: 0xa295
[  544.307686][ T5833] usb 3-1: USB disconnect, device number 23
[  544.337752][ T5833] ftdi_sio 3-1:0.8: device disconnected
[  545.243084][T11350] netlink: 'syz.3.1510': attribute type 1 has an invalid length.
[  545.289791][T11350] nbd: couldn't find device at index -492516727
[  545.305311][T11352] autofs: Bad value for 'fd'
[  547.398870][T11371] netlink: 'syz.1.1520': attribute type 11 has an invalid length.
[  547.482029][T11374] netlink: 76 bytes leftover after parsing attributes in process `syz.1.1520'.
[  547.771626][T11388] netlink: 'syz.2.1522': attribute type 1 has an invalid length.
[  547.780761][T11388] netlink: 'syz.2.1522': attribute type 2 has an invalid length.
[  547.793169][T11388] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1522'.
[  548.349553][T11399] Invalid logical block size (1748)
[  548.507447][T11407] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  548.544790][T11404] netlink: 'syz.1.1528': attribute type 10 has an invalid length.
[  548.576726][T11404] bond0: (slave wlan1): Enslaving as an active interface with an up link
[  548.708327][T11416] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1534'.
[  548.724328][T11416] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1534'.
[  548.743610][T11416] bridge0: vlan filtering disabled, automatically disabling multicast vlan snooping
[  550.479613][T11440] xt_CT: You must specify a L4 protocol and not use inversions on it
[  551.768872][T11451] netlink: 16 bytes leftover after parsing attributes in process `syz.0.1544'.
[  552.848070][T11464] netlink: 20 bytes leftover after parsing attributes in process `syz.0.1547'.
[  552.896430][T11464] No source specified
[  555.422327][T11487] netlink: 20 bytes leftover after parsing attributes in process `syz.1.1553'.
[  559.160825][T11517] netlink: 'syz.4.1560': attribute type 6 has an invalid length.
[  560.549946][T11530] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  560.610311][T11530] syzkaller0: entered promiscuous mode
[  560.652641][T11530] syzkaller0: entered allmulticast mode
[  560.690243][T11532] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  560.752912][T11530] tipc: Resetting bearer <eth:syzkaller0>
[  560.812143][T11529] tipc: Resetting bearer <eth:syzkaller0>
[  560.872395][T11529] tipc: Disabling bearer <eth:syzkaller0>
[  563.043027][ T1301] ieee802154 phy0 wpan0: encryption failed: -22
[  563.049589][ T1301] ieee802154 phy1 wpan1: encryption failed: -22
[  563.860888][T11581] FAULT_INJECTION: forcing a failure.
[  563.860888][T11581] name failslab, interval 1, probability 0, space 0, times 0
[  563.873945][T11581] CPU: 1 UID: 0 PID: 11581 Comm: syz.2.1581 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) 
[  563.873971][T11581] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  563.873984][T11581] Call Trace:
[  563.873995][T11581]  <TASK>
[  563.874006][T11581]  dump_stack_lvl+0x189/0x250
[  563.874040][T11581]  ? __pfx____ratelimit+0x10/0x10
[  563.874062][T11581]  ? __pfx_dump_stack_lvl+0x10/0x10
[  563.874084][T11581]  ? __pfx__printk+0x10/0x10
[  563.874114][T11581]  ? __pfx___might_resched+0x10/0x10
[  563.874141][T11581]  should_fail_ex+0x414/0x560
[  563.874168][T11581]  should_failslab+0xa8/0x100
[  563.874191][T11581]  kmem_cache_alloc_node_noprof+0x76/0x3c0
[  563.874211][T11581]  ? __alloc_skb+0x112/0x2d0
[  563.874243][T11581]  __alloc_skb+0x112/0x2d0
[  563.874272][T11581]  netlink_sendmsg+0x5c6/0xb30
[  563.874310][T11581]  ? __pfx_netlink_sendmsg+0x10/0x10
[  563.874348][T11581]  ? __pfx_netlink_sendmsg+0x10/0x10
[  563.874386][T11581]  __sock_sendmsg+0x21c/0x270
[  563.874413][T11581]  ____sys_sendmsg+0x505/0x830
[  563.874448][T11581]  ? __pfx_____sys_sendmsg+0x10/0x10
[  563.874486][T11581]  ? import_iovec+0x74/0xa0
[  563.874517][T11581]  ___sys_sendmsg+0x21f/0x2a0
[  563.874549][T11581]  ? __pfx____sys_sendmsg+0x10/0x10
[  563.874574][T11581]  ? preempt_schedule_common+0x83/0xd0
[  563.874634][T11581]  ? __fget_files+0x2a/0x420
[  563.874654][T11581]  ? __fget_files+0x3a0/0x420
[  563.874687][T11581]  __x64_sys_sendmsg+0x19b/0x260
[  563.874723][T11581]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  563.874780][T11581]  do_syscall_64+0xfa/0x3b0
[  563.874803][T11581]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  563.874822][T11581]  ? asm_sysvec_reschedule_ipi+0x1a/0x20
[  563.874840][T11581]  ? clear_bhb_loop+0x60/0xb0
[  563.874864][T11581]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  563.874883][T11581] RIP: 0033:0x7f85b3f8eb69
[  563.874900][T11581] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  563.874917][T11581] RSP: 002b:00007f85b1dd5038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  563.874938][T11581] RAX: ffffffffffffffda RBX: 00007f85b41b6160 RCX: 00007f85b3f8eb69
[  563.874952][T11581] RDX: 0000000000000000 RSI: 0000200000000300 RDI: 0000000000000008
[  563.874965][T11581] RBP: 00007f85b1dd5090 R08: 0000000000000000 R09: 0000000000000000
[  563.874977][T11581] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  563.874989][T11581] R13: 0000000000000000 R14: 00007f85b41b6160 R15: 00007ffe91189268
[  563.875029][T11581]  </TASK>
[  565.134531][T11595] netlink: 56 bytes leftover after parsing attributes in process `syz.0.1585'.
[  566.031949][T11599] cgroup: Unknown subsys name '¬§@﬽æì¦4*oäÂÒ£hÓîºoþüíUÜ'
[  567.032410][T10826] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1
[  567.071966][T10826] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9
[  567.081963][T10826] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9
[  567.095272][T10826] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4
[  567.110087][T10826] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2
[  567.245914][T11613] overlayfs: failed to clone upperpath
[  567.457597][T11418] Set syz1 is full, maxelem 65536 reached
[  567.717014][T11625] blktrace: Concurrent blktraces are not allowed on loop4
[  568.786406][T11616] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  568.839182][T11616] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  569.170830][T11616] netdevsim netdevsim4 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0
[  569.180283][T10826] Bluetooth: hci5: command tx timeout
[  569.195601][T11616] netdevsim netdevsim4 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0
[  569.228037][T11616] netdevsim netdevsim4 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0
[  569.237076][T11616] netdevsim netdevsim4 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0
[  569.320166][T11608] vxcan1 speed is unknown, defaulting to 1000
[  569.352614][T11418] bridge0: port 3(syz_tun) entered disabled state
[  569.480799][T11418] syz_tun (unregistering): left allmulticast mode
[  569.494475][T11418] syz_tun (unregistering): left promiscuous mode
[  569.511446][T11418] bridge0: port 3(syz_tun) entered disabled state
[  569.531849][T11657] netlink: 24 bytes leftover after parsing attributes in process `syz.4.1599'.
[  569.580225][    T9] vxcan1 speed is unknown, defaulting to 1000
[  569.598459][    T9] syz2: Port: 1 Link DOWN
[  569.625371][    T9] vxcan1 speed is unknown, defaulting to 1000
[  569.651073][T11660] FAULT_INJECTION: forcing a failure.
[  569.651073][T11660] name failslab, interval 1, probability 0, space 0, times 0
[  569.667006][T11660] CPU: 0 UID: 0 PID: 11660 Comm: syz.1.1600 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) 
[  569.667035][T11660] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  569.667046][T11660] Call Trace:
[  569.667053][T11660]  <TASK>
[  569.667061][T11660]  dump_stack_lvl+0x189/0x250
[  569.667089][T11660]  ? __pfx____ratelimit+0x10/0x10
[  569.667111][T11660]  ? __pfx_dump_stack_lvl+0x10/0x10
[  569.667132][T11660]  ? __pfx__printk+0x10/0x10
[  569.667163][T11660]  ? __pfx___might_resched+0x10/0x10
[  569.667190][T11660]  should_fail_ex+0x414/0x560
[  569.667216][T11660]  should_failslab+0xa8/0x100
[  569.667240][T11660]  kmem_cache_alloc_node_noprof+0x76/0x3c0
[  569.667260][T11660]  ? __alloc_skb+0x112/0x2d0
[  569.667290][T11660]  __alloc_skb+0x112/0x2d0
[  569.667320][T11660]  netlink_sendmsg+0x5c6/0xb30
[  569.667358][T11660]  ? __pfx_netlink_sendmsg+0x10/0x10
[  569.667394][T11660]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  569.667413][T11660]  ? __pfx_netlink_sendmsg+0x10/0x10
[  569.667441][T11660]  __sock_sendmsg+0x21c/0x270
[  569.667467][T11660]  ____sys_sendmsg+0x505/0x830
[  569.667502][T11660]  ? __pfx_____sys_sendmsg+0x10/0x10
[  569.667540][T11660]  ? import_iovec+0x74/0xa0
[  569.667571][T11660]  ___sys_sendmsg+0x21f/0x2a0
[  569.667602][T11660]  ? __pfx____sys_sendmsg+0x10/0x10
[  569.667670][T11660]  ? __fget_files+0x2a/0x420
[  569.667697][T11660]  ? __fget_files+0x3a0/0x420
[  569.667729][T11660]  __x64_sys_sendmsg+0x19b/0x260
[  569.667765][T11660]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  569.667804][T11660]  ? __pfx_ksys_write+0x10/0x10
[  569.667820][T11660]  ? rcu_is_watching+0x15/0xb0
[  569.667847][T11660]  ? do_syscall_64+0xbe/0x3b0
[  569.667872][T11660]  do_syscall_64+0xfa/0x3b0
[  569.667892][T11660]  ? lockdep_hardirqs_on+0x9c/0x150
[  569.667912][T11660]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  569.667932][T11660]  ? clear_bhb_loop+0x60/0xb0
[  569.667954][T11660]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  569.667974][T11660] RIP: 0033:0x7fe7f618eb69
[  569.667991][T11660] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  569.668009][T11660] RSP: 002b:00007fe7f6f33038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  569.668031][T11660] RAX: ffffffffffffffda RBX: 00007fe7f63b5fa0 RCX: 00007fe7f618eb69
[  569.668045][T11660] RDX: 0000000024008044 RSI: 0000200000000400 RDI: 0000000000000004
[  569.668059][T11660] RBP: 00007fe7f6f33090 R08: 0000000000000000 R09: 0000000000000000
[  569.668071][T11660] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  569.668083][T11660] R13: 0000000000000000 R14: 00007fe7f63b5fa0 R15: 00007ffe31829598
[  569.668115][T11660]  </TASK>
[  569.751587][T11646] usb 3-1: new high-speed USB device number 24 using dummy_hcd
[  570.154374][ T6663] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  570.193507][T11646] usb 3-1: config 0 has no interfaces?
[  570.199542][T11646] usb 3-1: New USB device found, idVendor=1e7d, idProduct=3264, bcdDevice= 0.00
[  570.209439][T11646] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  570.235080][T11646] usb 3-1: config 0 descriptor??
[  570.313448][ T6663] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  570.369799][T11608] chnl_net:caif_netlink_parms(): no params data found
[  570.545610][ T6663] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  571.210167][T11684] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  571.289145][T10826] Bluetooth: hci5: command tx timeout
[  571.453889][ T6663] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  571.814455][T11608] bridge0: port 1(bridge_slave_0) entered blocking state
[  571.844504][T11608] bridge0: port 1(bridge_slave_0) entered disabled state
[  571.864915][T11608] bridge_slave_0: entered allmulticast mode
[  571.873190][T11608] bridge_slave_0: entered promiscuous mode
[  571.882985][T11608] bridge0: port 2(bridge_slave_1) entered blocking state
[  571.891404][T11608] bridge0: port 2(bridge_slave_1) entered disabled state
[  571.921920][T11608] bridge_slave_1: entered allmulticast mode
[  571.929741][T11608] bridge_slave_1: entered promiscuous mode
[  572.098359][T11608] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  572.162533][T11608] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  572.416063][T11608] team0: Port device team_slave_0 added
[  572.500621][T11608] team0: Port device team_slave_1 added
[  572.663458][ T6663] bridge_slave_1: left allmulticast mode
[  572.690050][ T6663] bridge_slave_1: left promiscuous mode
[  572.712308][ T6663] bridge0: port 2(bridge_slave_1) entered disabled state
[  572.773516][ T6663] bridge_slave_0: left allmulticast mode
[  572.781297][ T6663] bridge_slave_0: left promiscuous mode
[  572.804023][ T6663] bridge0: port 1(bridge_slave_0) entered disabled state
[  572.819324][ T5935] usb 3-1: USB disconnect, device number 24
[  573.636064][T10826] Bluetooth: hci5: command tx timeout
[  574.743126][T11721] xt_CT: You must specify a L4 protocol and not use inversions on it
[  575.738034][T10826] Bluetooth: hci5: command tx timeout
[  576.646822][ T6663] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  576.678109][ T6663] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  576.704754][ T6663] bond0 (unregistering): (slave team0): Releasing backup interface
[  576.720133][ T6663] bond0 (unregistering): Released all slaves
[  576.759749][T11608] batman_adv: batadv0: Adding interface: batadv_slave_0
[  576.770591][T11608] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  576.805453][T11608] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  577.031117][ T6663] tipc: Left network mode
[  577.106743][T11743] blktrace: Concurrent blktraces are not allowed on loop2
[  577.128151][T11608] batman_adv: batadv0: Adding interface: batadv_slave_1
[  577.199989][T11743] relay: one or more items not logged [item size (56) > sub-buffer size (10)]
[  577.299808][T11608] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  577.523211][T11608] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  578.019540][T11746] relay: one or more items not logged [item size (56) > sub-buffer size (10)]
[  578.681114][T11760] netlink: 20 bytes leftover after parsing attributes in process `syz.1.1624'.
[  578.840879][T11608] hsr_slave_0: entered promiscuous mode
[  578.864323][T11608] hsr_slave_1: entered promiscuous mode
[  578.888632][T11608] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  578.921763][T11608] Cannot create hsr debugfs directory
[  579.311710][    T9] usb 2-1: new full-speed USB device number 40 using dummy_hcd
[  579.568231][    T9] usb 2-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2d.ea
[  579.921583][    T9] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  579.929652][    T9] usb 2-1: Product: syz
[  579.934711][    T9] usb 2-1: Manufacturer: syz
[  579.939354][    T9] usb 2-1: SerialNumber: syz
[  579.949646][    T9] usb 2-1: config 0 descriptor??
[  580.342047][    T9] usb 2-1: dvb_usb_v2: found a 'TerraTec NOXON DAB Stick' in warm state
[  581.814211][    T9] dvb_usb_rtl28xxu 2-1:0.0: probe with driver dvb_usb_rtl28xxu failed with error -32
[  581.885437][    T9] usb 2-1: USB disconnect, device number 40
[  582.313881][ T6663] hsr_slave_0: left promiscuous mode
[  582.343757][ T6663] hsr_slave_1: left promiscuous mode
[  582.352980][ T6663] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  582.360777][ T6663] batman_adv: batadv0: Removing interface: batadv_slave_0
[  582.382198][ T6663] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  582.393974][ T6663] batman_adv: batadv0: Removing interface: batadv_slave_1
[  582.509245][ T6663] veth1_macvtap: left promiscuous mode
[  582.535382][ T6663] veth0_macvtap: left promiscuous mode
[  582.541157][ T6663] veth1_vlan: left promiscuous mode
[  582.591928][ T6663] veth0_vlan: left promiscuous mode
[  582.937503][T11821] xt_CT: You must specify a L4 protocol and not use inversions on it
[  583.491214][T11818] Bluetooth: hci0: Opcode 0x0c03 failed: -4
[  584.758830][T11831] netlink: 16 bytes leftover after parsing attributes in process `syz.1.1643'.
[  586.122960][ T6663] team0 (unregistering): Port device team_slave_1 removed
[  586.235327][T11848] blktrace: Concurrent blktraces are not allowed on loop4
[  586.306612][T11848] relay: one or more items not logged [item size (56) > sub-buffer size (10)]
[  586.868984][ T6663] team0 (unregistering): Port device team_slave_0 removed
[  587.256570][T11854] netlink: 56 bytes leftover after parsing attributes in process `syz.4.1649'.
[  588.209350][T11856] netlink: 56 bytes leftover after parsing attributes in process `syz.2.1650'.
[  589.157526][T10826] Bluetooth: hci3: unexpected event for opcode 0x0c03
[  589.165226][T10826] Bluetooth: hci3: unexpected event for opcode 0x0c03
[  589.931825][T11860] Bluetooth: hci0: Opcode 0x0c03 failed: -4
[  591.010813][T11874] xt_CT: You must specify a L4 protocol and not use inversions on it
[  591.258644][T11608] netdevsim netdevsim5 netdevsim0: renamed from eth0
[  591.557508][T11608] netdevsim netdevsim5 netdevsim1: renamed from eth1
[  591.586658][T11608] netdevsim netdevsim5 netdevsim2: renamed from eth2
[  591.600605][T11608] netdevsim netdevsim5 netdevsim3: renamed from eth3
[  592.302835][T11895] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1659'.
[  592.364438][ T6663] IPVS: stop unused estimator thread 0...
[  592.401630][T11895] batadv0: entered promiscuous mode
[  592.893749][T11903] netlink: 20 bytes leftover after parsing attributes in process `syz.2.1660'.
[  592.904240][T11903] No source specified
[  592.915052][T11904] netlink: 56 bytes leftover after parsing attributes in process `syz.4.1661'.
[  593.472426][T11894] batadv0: left promiscuous mode
[  593.646239][T11903] workqueue: Failed to create a rescuer kthread for wq "xfs-conv/nullb0": -EINTR
[  593.844160][T11608] 8021q: adding VLAN 0 to HW filter on device bond0
[  593.937974][T11608] 8021q: adding VLAN 0 to HW filter on device team0
[  594.104475][ T6671] bridge0: port 1(bridge_slave_0) entered blocking state
[  594.111791][ T6671] bridge0: port 1(bridge_slave_0) entered forwarding state
[  594.144613][ T6671] bridge0: port 2(bridge_slave_1) entered blocking state
[  594.151973][ T6671] bridge0: port 2(bridge_slave_1) entered forwarding state
[  594.958738][T11910] Bluetooth: hci0: Opcode 0x0c03 failed: -4
[  595.305762][T11608] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  595.726243][T11922] xt_CT: You must specify a L4 protocol and not use inversions on it
[  597.161882][ T5892] usb 2-1: new high-speed USB device number 41 using dummy_hcd
[  597.382124][ T5892] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  597.515588][ T5892] usb 2-1: New USB device found, idVendor=0471, idProduct=0304, bcdDevice=e4.df
[  597.640333][ T5892] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  597.818676][ T5892] usb 2-1: config 0 descriptor??
[  597.942919][ T5892] pwc: Askey VC010 type 2 USB webcam detected.
[  598.079668][T11608] 8021q: adding VLAN 0 to HW filter on device batadv0
[  598.384245][ T5892] pwc: recv_control_msg error -32 req 02 val 2b00
[  598.438637][ T5892] pwc: recv_control_msg error -32 req 02 val 2700
[  598.619565][ T5892] pwc: recv_control_msg error -32 req 02 val 2c00
[  598.770369][ T5892] pwc: recv_control_msg error -32 req 04 val 1000
[  598.795725][ T5892] pwc: recv_control_msg error -32 req 04 val 1300
[  598.827618][T11954] FAULT_INJECTION: forcing a failure.
[  598.827618][T11954] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  598.890170][T11954] CPU: 1 UID: 0 PID: 11954 Comm: syz.2.1673 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) 
[  598.890200][T11954] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  598.890211][T11954] Call Trace:
[  598.890220][T11954]  <TASK>
[  598.890231][T11954]  dump_stack_lvl+0x189/0x250
[  598.890258][T11954]  ? __pfx____ratelimit+0x10/0x10
[  598.890279][T11954]  ? __pfx_dump_stack_lvl+0x10/0x10
[  598.890300][T11954]  ? __pfx__printk+0x10/0x10
[  598.890325][T11954]  ? __might_fault+0xb0/0x130
[  598.890357][T11954]  should_fail_ex+0x414/0x560
[  598.890382][T11954]  _copy_from_user+0x2d/0xb0
[  598.890409][T11954]  __sys_connect+0x123/0x440
[  598.890435][T11954]  ? __fget_files+0x3a0/0x420
[  598.890456][T11954]  ? __pfx___sys_connect+0x10/0x10
[  598.890494][T11954]  ? __pfx_ksys_write+0x10/0x10
[  598.890510][T11954]  ? rcu_is_watching+0x15/0xb0
[  598.890539][T11954]  __x64_sys_connect+0x7a/0x90
[  598.890567][T11954]  do_syscall_64+0xfa/0x3b0
[  598.890587][T11954]  ? lockdep_hardirqs_on+0x9c/0x150
[  598.890607][T11954]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  598.890626][T11954]  ? clear_bhb_loop+0x60/0xb0
[  598.890650][T11954]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  598.890668][T11954] RIP: 0033:0x7f85b3f8eb69
[  598.890685][T11954] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  598.890702][T11954] RSP: 002b:00007f85b4d10038 EFLAGS: 00000246 ORIG_RAX: 000000000000002a
[  598.890723][T11954] RAX: ffffffffffffffda RBX: 00007f85b41b5fa0 RCX: 00007f85b3f8eb69
[  598.890744][T11954] RDX: 000000000000000e RSI: 0000200000000040 RDI: 0000000000000004
[  598.890757][T11954] RBP: 00007f85b4d10090 R08: 0000000000000000 R09: 0000000000000000
[  598.890770][T11954] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  598.890782][T11954] R13: 0000000000000000 R14: 00007f85b41b5fa0 R15: 00007ffe91189268
[  598.890814][T11954]  </TASK>
[  599.331946][ T5892] pwc: recv_control_msg error -71 req 02 val 2100
[  599.336229][T11965] netlink: 'syz.4.1676': attribute type 1 has an invalid length.
[  599.429163][T11965] nbd: couldn't find device at index -492516727
[  599.983560][ T5892] pwc: recv_control_msg error -71 req 04 val 1500
[  600.128954][ T5892] pwc: recv_control_msg error -71 req 02 val 2500
[  600.141654][ T5892] pwc: recv_control_msg error -71 req 02 val 2400
[  600.158484][ T5892] pwc: recv_control_msg error -71 req 02 val 2600
[  600.171937][ T5892] pwc: recv_control_msg error -71 req 02 val 2900
[  600.191613][ T5892] pwc: recv_control_msg error -71 req 02 val 2800
[  600.198777][ T5892] pwc: recv_control_msg error -71 req 04 val 1100
[  600.211985][ T5892] pwc: recv_control_msg error -71 req 04 val 1200
[  600.229238][ T5892] pwc: Registered as video103.
[  600.236450][ T5892] input: PWC snapshot button as /devices/platform/dummy_hcd.1/usb2/2-1/input/input18
[  600.251028][ T5892] usb 2-1: USB disconnect, device number 41
[  600.369137][T11608] veth0_vlan: entered promiscuous mode
[  600.394462][T11608] veth1_vlan: entered promiscuous mode
[  600.464436][T11608] veth0_macvtap: entered promiscuous mode
[  600.490070][T11608] veth1_macvtap: entered promiscuous mode
[  600.536878][T11608] batman_adv: batadv0: Interface activated: batadv_slave_0
[  600.549560][T11608] batman_adv: batadv0: Interface activated: batadv_slave_1
[  600.560668][T11608] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  600.569924][ T5935] usb 3-1: new full-speed USB device number 25 using dummy_hcd
[  600.582010][T11608] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  600.603440][T11608] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  600.620309][T11608] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  600.977540][ T5935] usb 3-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2d.ea
[  601.126386][ T5935] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  601.249775][ T5935] usb 3-1: Product: syz
[  601.303926][ T5935] usb 3-1: Manufacturer: syz
[  601.352501][ T5935] usb 3-1: SerialNumber: syz
[  601.443629][ T5935] usb 3-1: config 0 descriptor??
[  601.483021][T10506] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  601.490986][T10506] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  601.628872][   T61] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  601.650572][   T61] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  601.802570][ T5935] usb 3-1: dvb_usb_v2: found a 'TerraTec NOXON DAB Stick' in warm state
[  601.868925][T11998] FAULT_INJECTION: forcing a failure.
[  601.868925][T11998] name failslab, interval 1, probability 0, space 0, times 0
[  601.887790][T11998] CPU: 1 UID: 0 PID: 11998 Comm: syz.5.1582 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) 
[  601.887819][T11998] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  601.887834][T11998] Call Trace:
[  601.887841][T11998]  <TASK>
[  601.887849][T11998]  dump_stack_lvl+0x189/0x250
[  601.887876][T11998]  ? __pfx____ratelimit+0x10/0x10
[  601.887897][T11998]  ? __pfx_dump_stack_lvl+0x10/0x10
[  601.887919][T11998]  ? __pfx__printk+0x10/0x10
[  601.887950][T11998]  ? __pfx___might_resched+0x10/0x10
[  601.887976][T11998]  should_fail_ex+0x414/0x560
[  601.888003][T11998]  should_failslab+0xa8/0x100
[  601.888024][T11998]  kmem_cache_alloc_node_noprof+0x76/0x3c0
[  601.888066][T11998]  ? __alloc_skb+0x112/0x2d0
[  601.888093][T11998]  __alloc_skb+0x112/0x2d0
[  601.888134][T11998]  netlink_sendmsg+0x5c6/0xb30
[  601.888172][T11998]  ? __pfx_netlink_sendmsg+0x10/0x10
[  601.888206][T11998]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  601.888237][T11998]  ? __pfx_netlink_sendmsg+0x10/0x10
[  601.888265][T11998]  __sock_sendmsg+0x21c/0x270
[  601.888291][T11998]  ____sys_sendmsg+0x505/0x830
[  601.888327][T11998]  ? __pfx_____sys_sendmsg+0x10/0x10
[  601.888362][T11998]  ? import_iovec+0x74/0xa0
[  601.888393][T11998]  ___sys_sendmsg+0x21f/0x2a0
[  601.888424][T11998]  ? __pfx____sys_sendmsg+0x10/0x10
[  601.888490][T11998]  ? __fget_files+0x2a/0x420
[  601.888511][T11998]  ? __fget_files+0x3a0/0x420
[  601.888544][T11998]  __x64_sys_sendmsg+0x19b/0x260
[  601.888576][T11998]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  601.888615][T11998]  ? __pfx_ksys_write+0x10/0x10
[  601.888640][T11998]  ? do_syscall_64+0xbe/0x3b0
[  601.888666][T11998]  do_syscall_64+0xfa/0x3b0
[  601.888686][T11998]  ? lockdep_hardirqs_on+0x9c/0x150
[  601.888707][T11998]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  601.888726][T11998]  ? clear_bhb_loop+0x60/0xb0
[  601.888750][T11998]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  601.888769][T11998] RIP: 0033:0x7f043958eb69
[  601.888786][T11998] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  601.888803][T11998] RSP: 002b:00007f043a393038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  601.888823][T11998] RAX: ffffffffffffffda RBX: 00007f04397b5fa0 RCX: 00007f043958eb69
[  601.888836][T11998] RDX: 0000000000000000 RSI: 0000200000000280 RDI: 0000000000000003
[  601.888848][T11998] RBP: 00007f043a393090 R08: 0000000000000000 R09: 0000000000000000
[  601.888858][T11998] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  601.888868][T11998] R13: 0000000000000000 R14: 00007f04397b5fa0 R15: 00007fffe9a0f738
[  601.888896][T11998]  </TASK>
[  602.486045][T11993] Bluetooth: hci0: Opcode 0x0c03 failed: -4
[  602.512282][    T9] usb 6-1: new high-speed USB device number 2 using dummy_hcd
[  602.609084][T12012] bond0: option arp_validate: mode dependency failed, not supported in mode balance-tlb(5)
[  602.626180][T12012] bond0: option arp_interval: mode dependency failed, not supported in mode balance-tlb(5)
[  602.684234][    T9] usb 6-1: Using ep0 maxpacket: 8
[  602.707627][    T9] usb 6-1: config 6 has an invalid interface number: 2 but max is 0
[  602.726042][    T9] usb 6-1: config 6 has an invalid descriptor of length 0, skipping remainder of the config
[  602.761258][    T9] usb 6-1: config 6 has no interface number 0
[  602.770991][    T9] usb 6-1: config 6 interface 2 altsetting 0 has an endpoint descriptor with address 0xAA, changing to 0x8A
[  602.803789][    T9] usb 6-1: config 6 interface 2 altsetting 0 endpoint 0x8A has invalid wMaxPacketSize 0
[  602.814846][    T9] usb 6-1: config 6 interface 2 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  602.835678][    T9] usb 6-1: New USB device found, idVendor=0af0, idProduct=7271, bcdDevice=88.91
[  602.846267][    T9] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  602.854461][    T9] usb 6-1: Product: syz
[  602.858744][    T9] usb 6-1: Manufacturer: syz
[  602.863476][    T9] usb 6-1: SerialNumber: syz
[  602.888258][    T9] hso 6-1:6.2: Failed to find INT IN ep
[  603.016661][ T5935] dvb_usb_rtl28xxu 3-1:0.0: probe with driver dvb_usb_rtl28xxu failed with error -32
[  603.029156][ T5935] usb 3-1: USB disconnect, device number 25
[  603.133746][T12023] netlink: 56 bytes leftover after parsing attributes in process `syz.0.1697'.
[  604.035189][T12031] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1700'.
[  604.580203][ T5935] usb 6-1: USB disconnect, device number 2
[  604.744815][T12035] trusted_key: encrypted_key: insufficient parameters specified
[  605.303735][ T6669] bond0: (slave bond_slave_0): interface is now down
[  605.321729][ T6669] bond0: (slave bond_slave_1): interface is now down
[  605.339140][ T6669] bond0: (slave wlan1): interface is now down
[  605.363917][ T6669] bond0: now running without any active interface!
[  606.052039][T12039] Bluetooth: hci0: Opcode 0x0c03 failed: -4
[  607.801636][    T9] usb 3-1: new high-speed USB device number 26 using dummy_hcd
[  607.942551][   T61] bond0: (slave bond_slave_0): interface is now down
[  607.960817][   T61] bond0: (slave bond_slave_1): interface is now down
[  607.973445][    T9] usb 3-1: Using ep0 maxpacket: 8
[  608.163937][   T61] bond0: (slave wlan1): interface is now down
[  608.166515][    T9] usb 3-1: config 6 has an invalid interface number: 2 but max is 0
[  608.184418][    T9] usb 3-1: config 6 has an invalid descriptor of length 0, skipping remainder of the config
[  608.208359][   T61] bond0: now running without any active interface!
[  608.215402][    T9] usb 3-1: config 6 has no interface number 0
[  608.215456][    T9] usb 3-1: config 6 interface 2 altsetting 0 has an endpoint descriptor with address 0xAA, changing to 0x8A
[  608.215513][    T9] usb 3-1: config 6 interface 2 altsetting 0 endpoint 0x8A has invalid wMaxPacketSize 0
[  608.215536][    T9] usb 3-1: config 6 interface 2 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  608.217892][    T9] usb 3-1: New USB device found, idVendor=0af0, idProduct=7271, bcdDevice=88.91
[  608.527409][    T9] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  608.536990][    T9] usb 3-1: Product: syz
[  608.541909][    T9] usb 3-1: Manufacturer: syz
[  608.546633][    T9] usb 3-1: SerialNumber: syz
[  608.567851][    T9] hso 3-1:6.2: Failed to find INT IN ep
[  609.352221][    T9] usb 3-1: USB disconnect, device number 26
[  610.051965][T12094] comedi comedi3: 8255: I/O port conflict (0x40404f26,4)
[  610.059954][T12094] comedi comedi3: 8255: I/O port conflict (0x5,4)
[  610.070308][T12094] comedi comedi3: 8255: I/O port conflict (0x2,4)
[  610.089605][T12094] comedi comedi3: 8255: I/O port conflict (0xc,4)
[  610.099810][T12094] comedi comedi3: 8255: I/O port conflict (0x9,4)
[  610.362848][T12094] comedi comedi3: 8255: I/O port conflict (0x5c95239c,4)
[  610.377849][T12094] comedi comedi3: 8255: I/O port conflict (0x5,4)
[  610.562923][T12094] comedi comedi3: 8255: I/O port conflict (0x3bf,4)
[  610.569798][T12094] comedi comedi3: 8255: I/O port conflict (0x1,4)
[  610.588907][T12094] comedi comedi3: 8255: I/O port conflict (0x20000001,4)
[  611.185556][T12094] comedi comedi3: 8255: I/O port conflict (0x9,4)
[  611.206290][T12094] comedi comedi3: 8255: I/O port conflict (0x6,4)
[  611.938123][T12111] netlink: 16 bytes leftover after parsing attributes in process `syz.0.1729'.
[  612.791548][    T9] usb 6-1: new full-speed USB device number 3 using dummy_hcd
[  612.976963][    T9] usb 6-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2d.ea
[  613.018396][    T9] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  613.073628][    T9] usb 6-1: Product: syz
[  613.087366][    T9] usb 6-1: Manufacturer: syz
[  613.099086][    T9] usb 6-1: SerialNumber: syz
[  613.120280][    T9] usb 6-1: config 0 descriptor??
[  613.355141][    T9] usb 6-1: dvb_usb_v2: found a 'TerraTec NOXON DAB Stick' in warm state
[  614.848065][T12140] x_tables: arp_tables: CLASSIFY target: used from hooks INPUT, but only usable from FORWARD/OUTPUT
[  615.017377][    T9] dvb_usb_rtl28xxu 6-1:0.0: probe with driver dvb_usb_rtl28xxu failed with error -32
[  615.071141][    T9] usb 6-1: USB disconnect, device number 3
[  615.196450][T12139] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  615.926907][T12157] netlink: 16 bytes leftover after parsing attributes in process `syz.5.1743'.
[  618.081781][    T9] usb 6-1: new full-speed USB device number 4 using dummy_hcd
[  618.283659][    T9] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10
[  618.374090][    T9] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  618.411538][    T9] usb 6-1: New USB device found, idVendor=046d, idProduct=c262, bcdDevice= 0.00
[  618.420647][    T9] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  618.591788][    T9] usb 6-1: config 0 descriptor??
[  619.658247][T12186] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  619.678141][    T9] logitech-hidpp-device 0003:046D:C262.0004: item fetching failed at offset 0/3
[  619.720061][T12186] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  619.776873][    T9] logitech-hidpp-device 0003:046D:C262.0004: hidpp_probe:parse failed
[  620.431902][    T9] logitech-hidpp-device 0003:046D:C262.0004: probe with driver logitech-hidpp-device failed with error -22
[  620.500740][    T9] usb 6-1: USB disconnect, device number 4
[  620.947407][T12207] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1757'.
[  620.961148][T12207] No source specified
[  621.541252][T12207] workqueue: Failed to create a rescuer kthread for wq "xfs-conv/nullb0": -EINTR
[  621.761849][    T9] usb 6-1: new full-speed USB device number 5 using dummy_hcd
[  622.530335][    T9] usb 6-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  622.573889][    T9] usb 6-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  622.606595][    T9] usb 6-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  622.626398][    T9] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  622.902170][    T9] usb 6-1: usb_control_msg returned -32
[  622.908680][    T9] usbtmc 6-1:16.0: can't read capabilities
[  623.578047][T12227] netlink: 'syz.0.1763': attribute type 10 has an invalid length.
[  623.683498][T12227] bridge0: port 1(syz_tun) entered disabled state
[  623.692305][T12227] syz_tun: left allmulticast mode
[  623.697879][T12227] bridge0: port 1(syz_tun) entered disabled state
[  623.721213][T12227] bond0: (slave syz_tun): Enslaving as an active interface with an up link
[  624.702529][ T1301] ieee802154 phy0 wpan0: encryption failed: -22
[  624.708951][ T1301] ieee802154 phy1 wpan1: encryption failed: -22
[  625.005816][ T5892] usb 6-1: USB disconnect, device number 5
[  628.826612][T12253] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1770'.
[  628.836258][T12253] No source specified
[  631.429637][T12284] bond0: option arp_validate: mode dependency failed, not supported in mode balance-tlb(5)
[  631.466226][T12284] netlink: 'syz.4.1778': attribute type 10 has an invalid length.
[  631.482298][T12284] syz_tun: left allmulticast mode
[  631.545349][T12284] bridge0: port 3(syz_tun) entered disabled state
[  631.579657][T12290] FAULT_INJECTION: forcing a failure.
[  631.579657][T12290] name failslab, interval 1, probability 0, space 0, times 0
[  631.607109][T12290] CPU: 0 UID: 0 PID: 12290 Comm: syz.5.1780 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) 
[  631.607138][T12290] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  631.607151][T12290] Call Trace:
[  631.607158][T12290]  <TASK>
[  631.607167][T12290]  dump_stack_lvl+0x189/0x250
[  631.607194][T12290]  ? __pfx____ratelimit+0x10/0x10
[  631.607215][T12290]  ? __pfx_dump_stack_lvl+0x10/0x10
[  631.607236][T12290]  ? __pfx__printk+0x10/0x10
[  631.607267][T12290]  ? __pfx___might_resched+0x10/0x10
[  631.607293][T12290]  should_fail_ex+0x414/0x560
[  631.607319][T12290]  should_failslab+0xa8/0x100
[  631.607342][T12290]  kmem_cache_alloc_node_noprof+0x76/0x3c0
[  631.607362][T12290]  ? __alloc_skb+0x112/0x2d0
[  631.607393][T12290]  __alloc_skb+0x112/0x2d0
[  631.607424][T12290]  netlink_sendmsg+0x5c6/0xb30
[  631.607461][T12290]  ? __pfx_netlink_sendmsg+0x10/0x10
[  631.607497][T12290]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  631.607516][T12290]  ? __pfx_netlink_sendmsg+0x10/0x10
[  631.607544][T12290]  __sock_sendmsg+0x21c/0x270
[  631.607571][T12290]  ____sys_sendmsg+0x52d/0x830
[  631.607606][T12290]  ? __pfx_____sys_sendmsg+0x10/0x10
[  631.607645][T12290]  ? import_iovec+0x74/0xa0
[  631.607675][T12290]  ___sys_sendmsg+0x21f/0x2a0
[  631.607707][T12290]  ? __pfx____sys_sendmsg+0x10/0x10
[  631.607775][T12290]  ? __fget_files+0x2a/0x420
[  631.607795][T12290]  ? __fget_files+0x3a0/0x420
[  631.607828][T12290]  __sys_sendmmsg+0x227/0x430
[  631.607863][T12290]  ? __pfx___sys_sendmmsg+0x10/0x10
[  631.607889][T12290]  ? __mutex_unlock_slowpath+0x1cd/0x700
[  631.607940][T12290]  ? ksys_write+0x22a/0x250
[  631.607961][T12290]  ? __pfx_ksys_write+0x10/0x10
[  631.607977][T12290]  ? rcu_is_watching+0x15/0xb0
[  631.608012][T12290]  __x64_sys_sendmmsg+0xa0/0xc0
[  631.608043][T12290]  do_syscall_64+0xfa/0x3b0
[  631.608063][T12290]  ? lockdep_hardirqs_on+0x9c/0x150
[  631.608087][T12290]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  631.608106][T12290]  ? clear_bhb_loop+0x60/0xb0
[  631.608130][T12290]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  631.608149][T12290] RIP: 0033:0x7f043958eb69
[  631.608166][T12290] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  631.608184][T12290] RSP: 002b:00007f043a393038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[  631.608204][T12290] RAX: ffffffffffffffda RBX: 00007f04397b5fa0 RCX: 00007f043958eb69
[  631.608218][T12290] RDX: 0400000000000235 RSI: 0000200000000000 RDI: 0000000000000003
[  631.608232][T12290] RBP: 00007f043a393090 R08: 0000000000000000 R09: 0000000000000000
[  631.608244][T12290] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  631.608255][T12290] R13: 0000000000000000 R14: 00007f04397b5fa0 R15: 00007fffe9a0f738
[  631.608287][T12290]  </TASK>
[  631.899416][T12284] : (slave syz_tun): Enslaving as an active interface with an up link
[  632.528695][T12303] trusted_key: encrypted_key: insufficient parameters specified
[  632.679008][T12305] xt_CT: You must specify a L4 protocol and not use inversions on it
[  634.938552][T12323] FAULT_INJECTION: forcing a failure.
[  634.938552][T12323] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  634.972086][T12323] CPU: 0 UID: 0 PID: 12323 Comm: syz.1.1791 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) 
[  634.972116][T12323] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  634.972128][T12323] Call Trace:
[  634.972137][T12323]  <TASK>
[  634.972145][T12323]  dump_stack_lvl+0x189/0x250
[  634.972173][T12323]  ? __pfx____ratelimit+0x10/0x10
[  634.972194][T12323]  ? __pfx_dump_stack_lvl+0x10/0x10
[  634.972214][T12323]  ? __pfx__printk+0x10/0x10
[  634.972246][T12323]  should_fail_ex+0x414/0x560
[  634.972271][T12323]  _copy_to_user+0x31/0xb0
[  634.972296][T12323]  simple_read_from_buffer+0xe1/0x170
[  634.972319][T12323]  proc_fail_nth_read+0x1df/0x250
[  634.972346][T12323]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  634.972370][T12323]  ? rw_verify_area+0x258/0x650
[  634.972399][T12323]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  634.972425][T12323]  vfs_read+0x200/0x980
[  634.972458][T12323]  ? __pfx___mutex_lock+0x10/0x10
[  634.972480][T12323]  ? __pfx_vfs_read+0x10/0x10
[  634.972509][T12323]  ? __fget_files+0x2a/0x420
[  634.972535][T12323]  ? __fget_files+0x3a0/0x420
[  634.972555][T12323]  ? __fget_files+0x2a/0x420
[  634.972584][T12323]  ksys_read+0x145/0x250
[  634.972605][T12323]  ? __pfx_ksys_read+0x10/0x10
[  634.972620][T12323]  ? rcu_is_watching+0x15/0xb0
[  634.972648][T12323]  ? do_syscall_64+0xbe/0x3b0
[  634.972674][T12323]  do_syscall_64+0xfa/0x3b0
[  634.972693][T12323]  ? lockdep_hardirqs_on+0x9c/0x150
[  634.972713][T12323]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  634.972731][T12323]  ? clear_bhb_loop+0x60/0xb0
[  634.972752][T12323]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  634.972770][T12323] RIP: 0033:0x7fe7f618d57c
[  634.972787][T12323] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[  634.972804][T12323] RSP: 002b:00007fe7f6f33030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  634.972824][T12323] RAX: ffffffffffffffda RBX: 00007fe7f63b5fa0 RCX: 00007fe7f618d57c
[  634.972839][T12323] RDX: 000000000000000f RSI: 00007fe7f6f330a0 RDI: 0000000000000004
[  634.972851][T12323] RBP: 00007fe7f6f33090 R08: 0000000000000000 R09: 0000000000000000
[  634.972863][T12323] R10: 0000000040002000 R11: 0000000000000246 R12: 0000000000000001
[  634.972875][T12323] R13: 0000000000000000 R14: 00007fe7f63b5fa0 R15: 00007ffe31829598
[  634.972908][T12323]  </TASK>
[  635.362294][    T9] usb 3-1: new high-speed USB device number 27 using dummy_hcd
[  635.557272][T12345] netlink: 16 bytes leftover after parsing attributes in process `syz.5.1792'.
[  635.623011][T12346] netlink: 44 bytes leftover after parsing attributes in process `syz.4.1796'.
[  636.113298][    T9] usb 3-1: config 0 has an invalid interface number: 8 but max is 0
[  636.131623][    T9] usb 3-1: config 0 has no interface number 0
[  636.143930][    T9] usb 3-1: New USB device found, idVendor=0403, idProduct=da71, bcdDevice=a2.95
[  636.158048][    T9] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  636.166737][    T9] usb 3-1: Product: syz
[  636.171202][    T9] usb 3-1: Manufacturer: syz
[  636.176218][    T9] usb 3-1: SerialNumber: syz
[  636.196175][    T9] usb 3-1: config 0 descriptor??
[  636.207521][    T9] usb 3-1: NDI device with a latency value of 1
[  636.410444][    T9] ftdi_sio 3-1:0.8: FTDI USB Serial Device converter detected
[  636.443132][    T9] ftdi_sio ttyUSB0: unknown device type: 0xa295
[  636.501407][    T9] usb 3-1: USB disconnect, device number 27
[  636.511814][T11630] usb 2-1: new low-speed USB device number 42 using dummy_hcd
[  636.534780][    T9] ftdi_sio 3-1:0.8: device disconnected
[  636.576818][T12368] overlayfs: failed to clone lowerpath
[  636.673239][T11630] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10
[  636.690439][T11630] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  636.711302][T11630] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 3
[  636.727093][T11630] usb 2-1: New USB device found, idVendor=0eef, idProduct=480d, bcdDevice= 0.00
[  636.737220][T11630] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  636.754626][T11630] usb 2-1: config 0 descriptor??
[  636.767855][T11630] usbhid 2-1:0.0: can't add hid device: -22
[  636.785363][T11630] usbhid 2-1:0.0: probe with driver usbhid failed with error -22
[  637.653592][T12383] relay: one or more items not logged [item size (56) > sub-buffer size (10)]
[  637.706354][T12390] netlink: 'syz.5.1811': attribute type 1 has an invalid length.
[  637.723441][T12390] nbd: couldn't find device at index -492516727
[  638.013768][T12396] netlink: 16 bytes leftover after parsing attributes in process `syz.0.1810'.
[  639.259157][ T5892] usb 2-1: USB disconnect, device number 42
[  639.756511][T12416] trusted_key: encrypted_key: insufficient parameters specified
[  642.001416][T12446] netlink: 16 bytes leftover after parsing attributes in process `syz.1.1829'.
[  644.912584][T12458] bond0: option arp_validate: mode dependency failed, not supported in mode balance-tlb(5)
[  645.001553][T12458] netlink: 'syz.4.1834': attribute type 10 has an invalid length.
[  645.269417][T12471] bridge0: received packet on syz_tun with own address as source address (addr:aa:aa:aa:aa:aa:aa, vlan:0)
[  646.106715][T12484] netlink: 16 bytes leftover after parsing attributes in process `syz.4.1843'.
[  647.441860][T12499] xt_CT: You must specify a L4 protocol and not use inversions on it
[  649.107266][T12512] vxcan1 speed is unknown, defaulting to 1000
[  650.437948][T11630] usb 6-1: new high-speed USB device number 6 using dummy_hcd
[  650.705749][T11630] usb 6-1: device descriptor read/64, error -71
[  650.872548][T12531] comedi comedi3: 8255: I/O port conflict (0x40404f26,4)
[  650.880285][T12531] comedi comedi3: 8255: I/O port conflict (0x5,4)
[  650.887827][T12531] comedi comedi3: 8255: I/O port conflict (0x2,4)
[  650.895951][T12531] comedi comedi3: 8255: I/O port conflict (0xc,4)
[  650.903349][T12531] comedi comedi3: 8255: I/O port conflict (0x9,4)
[  650.911538][T12531] comedi comedi3: 8255: I/O port conflict (0x5c95239c,4)
[  650.919413][T12531] comedi comedi3: 8255: I/O port conflict (0x5,4)
[  650.927481][T12531] comedi comedi3: 8255: I/O port conflict (0x3bf,4)
[  650.936533][T12531] comedi comedi3: 8255: I/O port conflict (0x1,4)
[  650.944459][T12531] comedi comedi3: 8255: I/O port conflict (0x20000001,4)
[  650.953028][T12531] comedi comedi3: 8255: I/O port conflict (0x9,4)
[  650.961219][T12531] comedi comedi3: 8255: I/O port conflict (0x6,4)
[  651.521764][T11630] usb 6-1: new high-speed USB device number 7 using dummy_hcd
[  651.691780][T12538] relay: one or more items not logged [item size (56) > sub-buffer size (10)]
[  652.137968][T11630] usb 6-1: device descriptor read/64, error -71
[  652.579967][T11630] usb usb6-port1: attempt power cycle
[  653.046334][T12554] netlink: 20 bytes leftover after parsing attributes in process `syz.4.1862'.
[  654.461846][T12570] vxcan1 speed is unknown, defaulting to 1000
[  654.491416][T12580] netlink: 'syz.5.1871': attribute type 1 has an invalid length.
[  654.499538][T12580] nbd: couldn't find device at index -492516727
[  656.676869][T12601] No source specified
[  657.746060][T11630] usb 3-1: new high-speed USB device number 28 using dummy_hcd
[  657.936014][T12618] netlink: 60 bytes leftover after parsing attributes in process `syz.0.1883'.
[  658.012576][T11630] usb 3-1: Using ep0 maxpacket: 8
[  658.146702][T11630] usb 3-1: config 6 has an invalid interface number: 2 but max is 0
[  658.456492][T11630] usb 3-1: config 6 has an invalid descriptor of length 0, skipping remainder of the config
[  658.490654][T11630] usb 3-1: config 6 has no interface number 0
[  658.511612][T11630] usb 3-1: config 6 interface 2 altsetting 0 has an endpoint descriptor with address 0xAA, changing to 0x8A
[  658.578393][T11630] usb 3-1: config 6 interface 2 altsetting 0 endpoint 0x8A has invalid wMaxPacketSize 0
[  658.612859][T11630] usb 3-1: config 6 interface 2 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  658.659099][T11630] usb 3-1: New USB device found, idVendor=0af0, idProduct=7271, bcdDevice=88.91
[  658.677579][T11630] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  659.512483][T11630] usb 3-1: Product: syz
[  659.516773][T11630] usb 3-1: Manufacturer: syz
[  659.526625][T11630] usb 3-1: SerialNumber: syz
[  660.019292][T11630] hso 3-1:6.2: Failed to find INT IN ep
[  660.095744][T12634] comedi comedi3: 8255: I/O port conflict (0x40404f26,4)
[  660.120230][T12634] comedi comedi3: 8255: I/O port conflict (0x5,4)
[  660.131774][T12634] comedi comedi3: 8255: I/O port conflict (0x2,4)
[  660.151608][T12634] comedi comedi3: 8255: I/O port conflict (0xc,4)
[  660.158245][T12634] comedi comedi3: 8255: I/O port conflict (0x9,4)
[  660.182466][T12634] comedi comedi3: 8255: I/O port conflict (0x5c95239c,4)
[  660.297567][T12634] comedi comedi3: 8255: I/O port conflict (0x5,4)
[  660.413789][T12634] comedi comedi3: 8255: I/O port conflict (0x3bf,4)
[  660.545964][T12634] comedi comedi3: 8255: I/O port conflict (0x1,4)
[  660.622644][T12634] comedi comedi3: 8255: I/O port conflict (0x20000001,4)
[  660.661624][T12634] comedi comedi3: 8255: I/O port conflict (0x9,4)
[  660.705883][T12634] comedi comedi3: 8255: I/O port conflict (0x6,4)
[  660.869551][T11630] usb 3-1: USB disconnect, device number 28
[  660.966571][T12645] netlink: 'syz.4.1890': attribute type 1 has an invalid length.
[  660.974888][T12645] nbd: couldn't find device at index -492516727
[  661.427872][T12651] No source specified
[  661.451958][    T9] usb 6-1: new high-speed USB device number 9 using dummy_hcd
[  661.892350][    T9] usb 6-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[  662.011982][    T9] usb 6-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47
[  662.024212][    T9] usb 6-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[  662.034401][    T9] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  662.052599][T12647] raw-gadget.0 gadget.5: fail, usb_ep_enable returned -22
[  662.063844][    T9] usb 6-1: Quirk or no altset; falling back to MIDI 1.0
[  662.555535][T12667] xt_CT: You must specify a L4 protocol and not use inversions on it
[  663.366851][T12647] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  663.442020][T12647] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  663.566109][ T5935] usb 6-1: USB disconnect, device number 9
[  666.336829][T12701] netlink: 'syz.0.1905': attribute type 1 has an invalid length.
[  666.344893][T12701] nbd: couldn't find device at index -492516727
[  666.515270][    T9] usb 2-1: new high-speed USB device number 43 using dummy_hcd
[  667.200514][T12710] bridge0: port 3(syz_tun) entered blocking state
[  667.207432][T12710] bridge0: port 3(syz_tun) entered disabled state
[  667.214444][T12710] syz_tun: entered allmulticast mode
[  667.223774][T12710] syz_tun: entered promiscuous mode
[  667.230506][T12710] bridge0: port 3(syz_tun) entered blocking state
[  667.237289][T12710] bridge0: port 3(syz_tun) entered forwarding state
[  667.252588][T12710] xt_CT: You must specify a L4 protocol and not use inversions on it
[  667.691646][    T9] usb 2-1: Using ep0 maxpacket: 16
[  667.704033][    T9] usb 2-1: config 1 contains an unexpected descriptor of type 0x1, skipping
[  667.721285][    T9] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  667.739452][    T9] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 3
[  668.461797][T12713] relay: one or more items not logged [item size (56) > sub-buffer size (10)]
[  668.869037][    T9] usb 2-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  668.891287][    T9] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  668.899891][    T9] usb 2-1: Product: syz
[  668.904345][    T9] usb 2-1: Manufacturer: syz
[  668.910210][    T9] usb 2-1: SerialNumber: syz
[  669.424624][    T9] usb 2-1: 0:2 : does not exist
[  669.525761][    T9] usb 2-1: 5:0: failed to get current value for ch 0 (-22)
[  669.571522][    T9] usb 2-1: USB disconnect, device number 43
[  672.692144][T12738] kthread_run failed with err -4
[  672.700773][T12744] netlink: 'syz.4.1919': attribute type 1 has an invalid length.
[  672.712590][T12744] nbd: couldn't find device at index -492516727
[  673.260990][T12764] netlink: 16 bytes leftover after parsing attributes in process `syz.4.1922'.
[  674.001513][    T9] usb 2-1: new high-speed USB device number 44 using dummy_hcd
[  674.231559][    T9] usb 2-1: Using ep0 maxpacket: 8
[  674.253111][    T9] usb 2-1: config 6 has an invalid interface number: 2 but max is 0
[  674.261746][    T9] usb 2-1: config 6 has an invalid descriptor of length 0, skipping remainder of the config
[  674.272314][    T9] usb 2-1: config 6 has no interface number 0
[  674.278969][    T9] usb 2-1: config 6 interface 2 altsetting 0 has an endpoint descriptor with address 0xAA, changing to 0x8A
[  674.290860][    T9] usb 2-1: config 6 interface 2 altsetting 0 endpoint 0x8A has invalid wMaxPacketSize 0
[  674.301107][    T9] usb 2-1: config 6 interface 2 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  674.867625][    T9] usb 2-1: New USB device found, idVendor=0af0, idProduct=7271, bcdDevice=88.91
[  674.891352][    T9] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  674.909020][    T9] usb 2-1: Product: syz
[  674.913847][    T9] usb 2-1: Manufacturer: syz
[  674.918851][    T9] usb 2-1: SerialNumber: syz
[  674.930919][    T9] hso 2-1:6.2: Failed to find INT IN ep
[  675.041138][T12775] netlink: 'syz.5.1927': attribute type 10 has an invalid length.
[  675.178212][T12775] bond0: (slave netdevsim0): Enslaving as an active interface with an up link
[  675.500545][T12785] netlink: 16 bytes leftover after parsing attributes in process `syz.4.1931'.
[  676.195125][ T5892] usb 2-1: USB disconnect, device number 44
[  676.406217][T12793] IPv6: NLM_F_REPLACE set, but no existing node found!
[  676.439468][T12796] netlink: 'syz.0.1932': attribute type 1 has an invalid length.
[  676.449636][T12796] nbd: couldn't find device at index -492516727
[  676.701621][ T5892] usb 2-1: new high-speed USB device number 45 using dummy_hcd
[  677.549106][   T30] audit: type=1326 audit(1754352070.998:119): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12803 comm="syz.0.1936" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7efda378eb69 code=0x0
[  677.571028][T12799] 9pnet: Could not find request transport: xen
[  679.756558][T12832] nvme_fabrics: unknown parameter or missing value '' in ctrl creation request
[  679.847414][T12838] netlink: 16 bytes leftover after parsing attributes in process `syz.0.1944'.
[  680.428051][T12840] netlink: 'syz.2.1946': attribute type 1 has an invalid length.
[  680.492477][T12840] nbd: couldn't find device at index -492516727
[  680.724810][T12855] gretap0: entered promiscuous mode
[  680.733129][T12855] gretap0: left promiscuous mode
[  682.668716][T12876] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1960'.
[  682.781830][T12880] netlink: 'syz.4.1963': attribute type 10 has an invalid length.
[  683.014023][T12883] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1960'.
[  683.102436][T12891] netlink: 16 bytes leftover after parsing attributes in process `syz.2.1962'.
[  684.138698][T12901] netlink: 209836 bytes leftover after parsing attributes in process `syz.2.1968'.
[  684.589248][T12908] comedi comedi3: 8255: I/O port conflict (0x40404f26,4)
[  684.600161][T12908] comedi comedi3: 8255: I/O port conflict (0x5,4)
[  685.241504][T12908] comedi comedi3: 8255: I/O port conflict (0x2,4)
[  685.248867][T12908] comedi comedi3: 8255: I/O port conflict (0xc,4)
[  685.258305][T12908] comedi comedi3: 8255: I/O port conflict (0x9,4)
[  685.265943][T12908] comedi comedi3: 8255: I/O port conflict (0x5c95239c,4)
[  685.276473][T12908] comedi comedi3: 8255: I/O port conflict (0x5,4)
[  685.284531][T12908] comedi comedi3: 8255: I/O port conflict (0x3bf,4)
[  685.292729][T12908] comedi comedi3: 8255: I/O port conflict (0x1,4)
[  685.299777][T12908] comedi comedi3: 8255: I/O port conflict (0x20000001,4)
[  685.307707][T12908] comedi comedi3: 8255: I/O port conflict (0x9,4)
[  685.315248][T12908] comedi comedi3: 8255: I/O port conflict (0x6,4)
[  685.896087][ T1301] ieee802154 phy0 wpan0: encryption failed: -22
[  686.074870][ T1301] ieee802154 phy1 wpan1: encryption failed: -22
[  687.821729][T11630] usb 6-1: new high-speed USB device number 10 using dummy_hcd
[  687.999649][T12934] netlink: 16 bytes leftover after parsing attributes in process `syz.4.1977'.
[  688.615636][T11630] usb 6-1: Using ep0 maxpacket: 8
[  688.712291][T11630] usb 6-1: config 6 has an invalid interface number: 2 but max is 0
[  688.721364][T11630] usb 6-1: config 6 has an invalid descriptor of length 0, skipping remainder of the config
[  689.035246][T11630] usb 6-1: config 6 has no interface number 0
[  689.051611][T11630] usb 6-1: config 6 interface 2 altsetting 0 has an endpoint descriptor with address 0xAA, changing to 0x8A
[  689.087193][T11630] usb 6-1: config 6 interface 2 altsetting 0 endpoint 0x8A has invalid wMaxPacketSize 0
[  689.220391][T11630] usb 6-1: config 6 interface 2 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  689.236890][T11630] usb 6-1: New USB device found, idVendor=0af0, idProduct=7271, bcdDevice=88.91
[  689.249161][T11630] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  689.257449][T11630] usb 6-1: Product: syz
[  689.262769][T11630] usb 6-1: Manufacturer: syz
[  689.268417][T11630] usb 6-1: SerialNumber: syz
[  690.019622][T11630] hso 6-1:6.2: Failed to find INT IN ep
[  691.194751][T12964] netlink: 'syz.2.1987': attribute type 1 has an invalid length.
[  691.216733][T12964] netlink: 208 bytes leftover after parsing attributes in process `syz.2.1987'.
[  691.344960][T12968] xt_CT: You must specify a L4 protocol and not use inversions on it
[  691.546594][T11645] usb 6-1: USB disconnect, device number 10
[  691.858667][T12964] netlink: 'syz.2.1987': attribute type 1 has an invalid length.
[  691.869142][T12964] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1987'.
[  692.535627][T12987] netlink: 20 bytes leftover after parsing attributes in process `syz.0.1995'.
[  692.668268][T12990] fuse: Bad value for 'user_id'
[  692.680389][T12990] fuse: Bad value for 'user_id'
[  692.713572][T12990] dlm: plock device version mismatch: kernel (1.2.0), user (1.3.2)
[  692.799942][T12993] comedi comedi3: 8255: I/O port conflict (0x40404f26,4)
[  692.807389][T12993] comedi comedi3: 8255: I/O port conflict (0x5,4)
[  692.814363][T12993] comedi comedi3: 8255: I/O port conflict (0x2,4)
[  692.821142][T12993] comedi comedi3: 8255: I/O port conflict (0xc,4)
[  692.827942][T12993] comedi comedi3: 8255: I/O port conflict (0x9,4)
[  692.834806][T12993] comedi comedi3: 8255: I/O port conflict (0x5c95239c,4)
[  692.842295][T12993] comedi comedi3: 8255: I/O port conflict (0x5,4)
[  692.849807][T12993] comedi comedi3: 8255: I/O port conflict (0x3bf,4)
[  692.857902][T12993] comedi comedi3: 8255: I/O port conflict (0x1,4)
[  692.864807][T12993] comedi comedi3: 8255: I/O port conflict (0x20000001,4)
[  692.872266][T12993] comedi comedi3: 8255: I/O port conflict (0x9,4)
[  692.880120][T12993] comedi comedi3: 8255: I/O port conflict (0x6,4)
[  693.145830][T10826] Bluetooth: hci5: command 0x0406 tx timeout
[  693.703856][    T9] usb 3-1: new full-speed USB device number 29 using dummy_hcd
[  693.781337][T12997] netlink: 1760 bytes leftover after parsing attributes in process `syz.4.1999'.
[  694.019383][    T9] usb 3-1: config 0 has an invalid interface number: 1 but max is 0
[  694.035385][    T9] usb 3-1: config 0 has no interface number 0
[  694.105439][    T9] usb 3-1: New USB device found, idVendor=0b48, idProduct=1005, bcdDevice=8c.1e
[  695.126677][    T9] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  695.272432][    T9] usb 3-1: config 0 descriptor??
[  695.464347][    T9] usb 3-1: selecting invalid altsetting 1
[  695.477224][    T9] dvb_ttusb_budget: ttusb_init_controller: error
[  695.484492][    T9] dvbdev: DVB: registering new adapter (Technotrend/Hauppauge Nova-USB)
[  695.596037][    T9] DVB: Unable to find symbol cx22700_attach()
[  695.796303][    T9] DVB: Unable to find symbol tda10046_attach()
[  695.818223][    T9] dvb_ttusb_budget: no frontend driver found for device [0b48:1005]
[  695.846219][    T9] usb 3-1: USB disconnect, device number 29
[  696.063280][T13027] xfrm0: entered promiscuous mode
[  696.068984][T13027] xfrm0: entered allmulticast mode
[  697.402370][T13029] comedi comedi3: 8255: I/O port conflict (0x40404f26,4)
[  697.410194][T13029] comedi comedi3: 8255: I/O port conflict (0x5,4)
[  697.420411][T13029] comedi comedi3: 8255: I/O port conflict (0x2,4)
[  697.428220][T13029] comedi comedi3: 8255: I/O port conflict (0xc,4)
[  697.435018][T13029] comedi comedi3: 8255: I/O port conflict (0x9,4)
[  697.441680][T13029] comedi comedi3: 8255: I/O port conflict (0x5c95239c,4)
[  697.449401][T13029] comedi comedi3: 8255: I/O port conflict (0x5,4)
[  697.456241][T13029] comedi comedi3: 8255: I/O port conflict (0x3bf,4)
[  697.463041][T13029] comedi comedi3: 8255: I/O port conflict (0x1,4)
[  697.469653][T13029] comedi comedi3: 8255: I/O port conflict (0x20000001,4)
[  697.476934][T13029] comedi comedi3: 8255: I/O port conflict (0x9,4)
[  697.483514][T13029] comedi comedi3: 8255: I/O port conflict (0x6,4)
[  698.309996][T13045] FAULT_INJECTION: forcing a failure.
[  698.309996][T13045] name failslab, interval 1, probability 0, space 0, times 0
[  698.441692][T13045] CPU: 0 UID: 0 PID: 13045 Comm: syz.5.2015 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) 
[  698.441722][T13045] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  698.441735][T13045] Call Trace:
[  698.441743][T13045]  <TASK>
[  698.441753][T13045]  dump_stack_lvl+0x189/0x250
[  698.441781][T13045]  ? __pfx____ratelimit+0x10/0x10
[  698.441802][T13045]  ? __pfx_dump_stack_lvl+0x10/0x10
[  698.441824][T13045]  ? __pfx__printk+0x10/0x10
[  698.441849][T13045]  ? kmem_cache_alloc_node_noprof+0x4e/0x3c0
[  698.441873][T13045]  ? __pfx___might_resched+0x10/0x10
[  698.441900][T13045]  should_fail_ex+0x414/0x560
[  698.441926][T13045]  should_failslab+0xa8/0x100
[  698.441949][T13045]  kmem_cache_alloc_node_noprof+0x76/0x3c0
[  698.441969][T13045]  ? __alloc_skb+0x112/0x2d0
[  698.442000][T13045]  __alloc_skb+0x112/0x2d0
[  698.442031][T13045]  netlink_sendmsg+0x5c6/0xb30
[  698.442069][T13045]  ? __pfx_netlink_sendmsg+0x10/0x10
[  698.442103][T13045]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  698.442123][T13045]  ? __pfx_netlink_sendmsg+0x10/0x10
[  698.442151][T13045]  __sock_sendmsg+0x21c/0x270
[  698.442177][T13045]  ____sys_sendmsg+0x505/0x830
[  698.442213][T13045]  ? __pfx_____sys_sendmsg+0x10/0x10
[  698.442251][T13045]  ? import_iovec+0x74/0xa0
[  698.442282][T13045]  ___sys_sendmsg+0x21f/0x2a0
[  698.442313][T13045]  ? __pfx____sys_sendmsg+0x10/0x10
[  698.442390][T13045]  ? __fget_files+0x2a/0x420
[  698.442411][T13045]  ? __fget_files+0x3a0/0x420
[  698.442443][T13045]  __x64_sys_sendmsg+0x19b/0x260
[  698.442470][T13045]  ? schedule+0x165/0x360
[  698.442491][T13045]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  698.442531][T13045]  ? rcu_is_watching+0x15/0xb0
[  698.442558][T13045]  ? do_syscall_64+0xbe/0x3b0
[  698.442583][T13045]  do_syscall_64+0xfa/0x3b0
[  698.442605][T13045]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  698.442623][T13045]  ? asm_sysvec_reschedule_ipi+0x1a/0x20
[  698.442641][T13045]  ? clear_bhb_loop+0x60/0xb0
[  698.442664][T13045]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  698.442683][T13045] RIP: 0033:0x7f043958eb69
[  698.442699][T13045] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  698.442716][T13045] RSP: 002b:00007f043a393038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  698.442737][T13045] RAX: ffffffffffffffda RBX: 00007f04397b5fa0 RCX: 00007f043958eb69
[  698.442752][T13045] RDX: 0000000020008050 RSI: 0000200000000340 RDI: 0000000000000004
[  698.442765][T13045] RBP: 00007f043a393090 R08: 0000000000000000 R09: 0000000000000000
[  698.442777][T13045] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  698.442788][T13045] R13: 0000000000000000 R14: 00007f04397b5fa0 R15: 00007fffe9a0f738
[  698.442819][T13045]  </TASK>
[  699.415117][T13050] comedi comedi3: 8255: I/O port conflict (0x40404f26,4)
[  699.422292][T13050] comedi comedi3: 8255: I/O port conflict (0x5,4)
[  699.428721][T13050] comedi comedi3: 8255: I/O port conflict (0x2,4)
[  699.435346][T13050] comedi comedi3: 8255: I/O port conflict (0xc,4)
[  699.441814][T13050] comedi comedi3: 8255: I/O port conflict (0x9,4)
[  699.448283][T13050] comedi comedi3: 8255: I/O port conflict (0x5c95239c,4)
[  699.455436][T13050] comedi comedi3: 8255: I/O port conflict (0x5,4)
[  699.461914][T13050] comedi comedi3: 8255: I/O port conflict (0x3bf,4)
[  699.468556][T13050] comedi comedi3: 8255: I/O port conflict (0x1,4)
[  699.652679][T13050] comedi comedi3: 8255: I/O port conflict (0x20000001,4)
[  699.680728][T13050] comedi comedi3: 8255: I/O port conflict (0x9,4)
[  699.687347][T13050] comedi comedi3: 8255: I/O port conflict (0x6,4)
[  700.010108][T13060] netlink: 16 bytes leftover after parsing attributes in process `syz.2.2017'.
[  700.626088][T13065] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2018'.
[  700.865725][T13074] Cannot find add_set index 0 as target
[  702.424186][   T30] audit: type=1326 audit(1754352095.878:120): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13093 comm="syz.2.2029" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f85b3f8eb69 code=0x0
[  702.484594][T13095] netlink: 16 bytes leftover after parsing attributes in process `syz.5.2030'.
[  703.967064][T13116] Cannot find add_set index 0 as target
[  704.990824][T13134] netlink: 'syz.0.2047': attribute type 10 has an invalid length.
[  705.073322][ T5935] usb 6-1: new high-speed USB device number 11 using dummy_hcd
[  705.234820][ T5935] usb 6-1: Using ep0 maxpacket: 16
[  705.246377][ T5935] usb 6-1: config 1 contains an unexpected descriptor of type 0x1, skipping
[  705.255613][ T5935] usb 6-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  705.271644][ T5935] usb 6-1: config 1 has 1 interface, different from the descriptor's value: 3
[  705.422148][ T5935] usb 6-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  705.431250][ T5935] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  705.461461][ T5935] usb 6-1: Product: syz
[  705.465837][ T5935] usb 6-1: Manufacturer: syz
[  705.470622][ T5935] usb 6-1: SerialNumber: syz
[  706.015002][ T5935] usb 6-1: 0:2 : does not exist
[  706.070312][ T5935] usb 6-1: 5:0: failed to get current value for ch 0 (-22)
[  706.475268][T13155] comedi comedi3: 8255: I/O port conflict (0x40404f26,4)
[  706.484700][T13155] comedi comedi3: 8255: I/O port conflict (0x5,4)
[  706.492925][T13155] comedi comedi3: 8255: I/O port conflict (0x2,4)
[  706.498535][ T5935] usb 6-1: USB disconnect, device number 11
[  706.509438][T13155] comedi comedi3: 8255: I/O port conflict (0xc,4)
[  706.516330][T13155] comedi comedi3: 8255: I/O port conflict (0x9,4)
[  706.524605][T13155] comedi comedi3: 8255: I/O port conflict (0x5c95239c,4)
[  706.532103][T13155] comedi comedi3: 8255: I/O port conflict (0x5,4)
[  706.540934][T13155] comedi comedi3: 8255: I/O port conflict (0x3bf,4)
[  706.625379][T13155] comedi comedi3: 8255: I/O port conflict (0x1,4)
[  706.632411][T13155] comedi comedi3: 8255: I/O port conflict (0x20000001,4)
[  706.640416][T13155] comedi comedi3: 8255: I/O port conflict (0x9,4)
[  706.647741][T13155] comedi comedi3: 8255: I/O port conflict (0x6,4)
[  707.325439][T13168] netlink: 72 bytes leftover after parsing attributes in process `syz.2.2056'.
[  709.195839][T13183] netlink: 'syz.2.2061': attribute type 10 has an invalid length.
[  709.219072][T13183] bridge0: port 3(syz_tun) entered disabled state
[  709.234294][T13183] syz_tun: left allmulticast mode
[  709.251940][T13183] bridge0: port 3(syz_tun) entered disabled state
[  709.279678][T13183] bond0: (slave syz_tun): Enslaving as an active interface with an up link
[  709.294804][ T6664] bond0: (slave syz_tun): interface is now down
[  709.313228][ T6363] bond0: (slave syz_tun): interface is now down
[  709.334162][ T6363] bond0: now running without any active interface!
[  711.004946][T13203] netlink: 32 bytes leftover after parsing attributes in process `syz.5.2066'.
[  713.227527][ T5851] Bluetooth: hci5: unexpected event for opcode 0x0c03
[  713.543185][T13232] netlink: 16 bytes leftover after parsing attributes in process `syz.4.2071'.
[  714.095933][T13233] netlink: 'syz.5.2072': attribute type 1 has an invalid length.
[  714.111740][T13233] nbd: couldn't find device at index -492516727
[  714.622089][T13242] relay: one or more items not logged [item size (56) > sub-buffer size (10)]
[  715.783919][T13249] comedi comedi3: 8255: I/O port conflict (0x40404f26,4)
[  715.794397][T13249] comedi comedi3: 8255: I/O port conflict (0x5,4)
[  715.801516][T13249] comedi comedi3: 8255: I/O port conflict (0x2,4)
[  715.808694][T13249] comedi comedi3: 8255: I/O port conflict (0xc,4)
[  715.815929][T13249] comedi comedi3: 8255: I/O port conflict (0x9,4)
[  715.823797][T13249] comedi comedi3: 8255: I/O port conflict (0x5c95239c,4)
[  715.831453][T13249] comedi comedi3: 8255: I/O port conflict (0x5,4)
[  715.838415][T13249] comedi comedi3: 8255: I/O port conflict (0x3bf,4)
[  715.846579][T13249] comedi comedi3: 8255: I/O port conflict (0x1,4)
[  715.853854][T13249] comedi comedi3: 8255: I/O port conflict (0x20000001,4)
[  715.861447][T13249] comedi comedi3: 8255: I/O port conflict (0x9,4)
[  715.868451][T13249] comedi comedi3: 8255: I/O port conflict (0x6,4)
[  718.101544][T13274] netlink: 16 bytes leftover after parsing attributes in process `syz.4.2085'.
[  719.456911][T13286] netlink: 36 bytes leftover after parsing attributes in process `syz.2.2092'.
[  719.537017][T13286] bridge_slave_1: left allmulticast mode
[  719.542818][T13286] bridge_slave_1: left promiscuous mode
[  719.548738][T13286] bridge0: port 2(bridge_slave_1) entered disabled state
[  719.570280][T13286] bridge_slave_0: left allmulticast mode
[  719.645586][T13286] bridge_slave_0: left promiscuous mode
[  719.653693][T13288] relay: one or more items not logged [item size (56) > sub-buffer size (10)]
[  719.771674][T13286] bridge0: port 1(bridge_slave_0) entered disabled state
[  720.080373][ T5851] Bluetooth: hci3: Malformed LE Event: 0x1b
[  721.284127][T13318] netlink: 16 bytes leftover after parsing attributes in process `syz.5.2100'.
[  723.222728][T13333] netlink: 'syz.0.2108': attribute type 10 has an invalid length.
[  723.452227][ T5892] usb 3-1: new high-speed USB device number 30 using dummy_hcd
[  723.654701][ T5892] usb 3-1: Using ep0 maxpacket: 16
[  723.725451][ T5892] usb 3-1: config 1 contains an unexpected descriptor of type 0x1, skipping
[  723.781499][ T5892] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  723.821706][ T5892] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 3
[  723.843799][ T5892] usb 3-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  723.861956][ T5892] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  723.870194][ T5892] usb 3-1: Product: syz
[  723.884309][ T5892] usb 3-1: Manufacturer: syz
[  723.888980][ T5892] usb 3-1: SerialNumber: syz
[  723.987195][T13346] FAULT_INJECTION: forcing a failure.
[  723.987195][T13346] name failslab, interval 1, probability 0, space 0, times 0
[  724.002950][T13346] CPU: 1 UID: 0 PID: 13346 Comm: syz.5.2113 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) 
[  724.002980][T13346] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  724.002993][T13346] Call Trace:
[  724.003002][T13346]  <TASK>
[  724.003012][T13346]  dump_stack_lvl+0x189/0x250
[  724.003044][T13346]  ? __pfx____ratelimit+0x10/0x10
[  724.003066][T13346]  ? __pfx_dump_stack_lvl+0x10/0x10
[  724.003090][T13346]  ? __pfx__printk+0x10/0x10
[  724.003128][T13346]  ? __pfx___might_resched+0x10/0x10
[  724.003149][T13346]  ? fs_reclaim_acquire+0x7d/0x100
[  724.003178][T13346]  should_fail_ex+0x414/0x560
[  724.003205][T13346]  should_failslab+0xa8/0x100
[  724.003229][T13346]  kmem_cache_alloc_noprof+0x73/0x3c0
[  724.003248][T13346]  ? security_inode_alloc+0x39/0x330
[  724.003281][T13346]  security_inode_alloc+0x39/0x330
[  724.003312][T13346]  inode_init_always_gfp+0x9ed/0xdc0
[  724.003341][T13346]  ? __pfx_sock_alloc_inode+0x10/0x10
[  724.003364][T13346]  alloc_inode+0x82/0x1b0
[  724.003386][T13346]  __sock_create+0x12d/0x9f0
[  724.003421][T13346]  mptcp_subflow_create_socket+0xfd/0xb40
[  724.003460][T13346]  ? __pfx_mptcp_subflow_create_socket+0x10/0x10
[  724.003491][T13346]  ? tomoyo_check_inet_address+0x275/0x8c0
[  724.003522][T13346]  __mptcp_nmpc_sk+0x148/0x750
[  724.003552][T13346]  ? __pfx___mptcp_nmpc_sk+0x10/0x10
[  724.003578][T13346]  ? smack_ipv6host_label+0x119/0x8e0
[  724.003603][T13346]  ? look_up_lock_class+0x74/0x170
[  724.003634][T13346]  mptcp_connect+0x6f/0x790
[  724.003661][T13346]  __inet_stream_connect+0x2ab/0xe80
[  724.003696][T13346]  ? __local_bh_enable_ip+0x12d/0x1c0
[  724.003718][T13346]  ? __pfx___inet_stream_connect+0x10/0x10
[  724.003743][T13346]  ? __local_bh_enable_ip+0x12d/0x1c0
[  724.003764][T13346]  ? __pfx___local_bh_enable_ip+0x10/0x10
[  724.003798][T13346]  inet_stream_connect+0x66/0xa0
[  724.003824][T13346]  __sys_connect+0x316/0x440
[  724.003851][T13346]  ? __fget_files+0x3a0/0x420
[  724.003874][T13346]  ? __pfx___sys_connect+0x10/0x10
[  724.003915][T13346]  ? __pfx_ksys_write+0x10/0x10
[  724.003932][T13346]  ? rcu_is_watching+0x15/0xb0
[  724.003962][T13346]  __x64_sys_connect+0x7a/0x90
[  724.003990][T13346]  do_syscall_64+0xfa/0x3b0
[  724.004014][T13346]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  724.004033][T13346]  ? asm_sysvec_apic_timer_interrupt+0x1a/0x20
[  724.004052][T13346]  ? clear_bhb_loop+0x60/0xb0
[  724.004077][T13346]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  724.004096][T13346] RIP: 0033:0x7f043958eb69
[  724.004115][T13346] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  724.004142][T13346] RSP: 002b:00007f043a393038 EFLAGS: 00000246 ORIG_RAX: 000000000000002a
[  724.004163][T13346] RAX: ffffffffffffffda RBX: 00007f04397b5fa0 RCX: 00007f043958eb69
[  724.004179][T13346] RDX: 000000000000001c RSI: 0000200000000040 RDI: 0000000000000006
[  724.004192][T13346] RBP: 00007f043a393090 R08: 0000000000000000 R09: 0000000000000000
[  724.004205][T13346] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  724.004218][T13346] R13: 0000000000000000 R14: 00007f04397b5fa0 R15: 00007fffe9a0f738
[  724.004252][T13346]  </TASK>
[  724.339155][T13346] socket: no more sockets
[  724.344139][ T5892] usb 3-1: 0:2 : does not exist
[  724.548359][T13352] overlay: Unknown parameter 'dont_measure'
[  724.563281][ T5892] usb 3-1: 5:0: failed to get current value for ch 0 (-22)
[  724.585530][ T5892] usb 3-1: USB disconnect, device number 30
[  724.664386][T13354] netlink: 16 bytes leftover after parsing attributes in process `syz.4.2114'.
[  724.816581][ T5935] usb 6-1: new full-speed USB device number 12 using dummy_hcd
[  725.156763][ T5935] usb 6-1: config 27 has an invalid descriptor of length 0, skipping remainder of the config
[  725.256605][ T5935] usb 6-1: config 27 interface 0 altsetting 0 endpoint 0x8B has invalid wMaxPacketSize 0
[  725.304439][ T5935] usb 6-1: config 27 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  725.359153][ T5935] usb 6-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[  725.407185][ T5935] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  725.438153][ T5935] usb 6-1: Quirk or no altset; falling back to MIDI 1.0
[  725.502945][T13364] netlink: 'syz.2.2121': attribute type 10 has an invalid length.
[  725.699185][ T5935] snd-usb-audio 6-1:27.0: probe with driver snd-usb-audio failed with error -2
[  725.741901][ T5935] usb 6-1: USB disconnect, device number 12
[  725.846763][T13371] xt_CT: You must specify a L4 protocol and not use inversions on it
[  726.401569][ T5892] usb 2-1: new high-speed USB device number 46 using dummy_hcd
[  726.563678][ T5892] usb 2-1: Using ep0 maxpacket: 32
[  726.715266][ T5892] usb 2-1: config 0 has an invalid interface number: 51 but max is 0
[  726.735939][ T5892] usb 2-1: config 0 has no interface number 0
[  726.778863][ T5892] usb 2-1: New USB device found, idVendor=061d, idProduct=c150, bcdDevice=ce.6f
[  726.803683][ T5892] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  727.351116][ T5892] usb 2-1: Product: syz
[  727.463561][ T5892] usb 2-1: Manufacturer: syz
[  727.468228][ T5892] usb 2-1: SerialNumber: syz
[  727.529975][ T5892] usb 2-1: config 0 descriptor??
[  727.568596][ T5892] quatech2 2-1:0.51: Quatech 2nd gen USB to Serial Driver converter detected
[  727.792427][ T5892] usb 2-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB0
[  727.837507][ T5892] usb 2-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB1
[  727.989161][    C1] quatech-serial ttyUSB0: qt2_process_read_urb - unsupported command 8
[  728.062649][T13398] netlink: 8 bytes leftover after parsing attributes in process `syz.5.2132'.
[  728.071663][T13398] veth1_to_hsr: entered promiscuous mode
[  728.079179][T13398] No source specified
[  728.232392][    C1] usb 2-1: qt2_read_bulk_callback - non-zero urb status: -71
[  728.234092][T11630] usb 2-1: USB disconnect, device number 46
[  728.256046][T11630] quatech-serial ttyUSB0: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB0
[  728.324974][T11630] quatech-serial ttyUSB1: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB1
[  728.345811][T11630] quatech2 2-1:0.51: device disconnected
[  728.660430][T13416] xt_CT: You must specify a L4 protocol and not use inversions on it
[  732.480818][T13458] netlink: 'syz.4.2149': attribute type 10 has an invalid length.
[  733.687200][T13473] FAULT_INJECTION: forcing a failure.
[  733.687200][T13473] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  733.725185][T13473] CPU: 0 UID: 0 PID: 13473 Comm: syz.1.2154 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) 
[  733.725218][T13473] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  733.725230][T13473] Call Trace:
[  733.725239][T13473]  <TASK>
[  733.725248][T13473]  dump_stack_lvl+0x189/0x250
[  733.725277][T13473]  ? __pfx____ratelimit+0x10/0x10
[  733.725299][T13473]  ? __pfx_dump_stack_lvl+0x10/0x10
[  733.725321][T13473]  ? __pfx__printk+0x10/0x10
[  733.725362][T13473]  should_fail_ex+0x414/0x560
[  733.725388][T13473]  _copy_from_user+0x2d/0xb0
[  733.725418][T13473]  bpf_test_init+0xf8/0x170
[  733.725449][T13473]  bpf_prog_test_run_skb+0x1e9/0x1560
[  733.725475][T13473]  ? __fget_files+0x2a/0x420
[  733.725501][T13473]  ? __fget_files+0x2a/0x420
[  733.725533][T13473]  ? __pfx_bpf_prog_test_run_skb+0x10/0x10
[  733.725560][T13473]  bpf_prog_test_run+0x2c7/0x340
[  733.725596][T13473]  __sys_bpf+0x4a4/0x860
[  733.725627][T13473]  ? __pfx___sys_bpf+0x10/0x10
[  733.725677][T13473]  ? ksys_write+0x22a/0x250
[  733.725699][T13473]  ? __pfx_ksys_write+0x10/0x10
[  733.725716][T13473]  ? rcu_is_watching+0x15/0xb0
[  733.725746][T13473]  __x64_sys_bpf+0x7c/0x90
[  733.725774][T13473]  do_syscall_64+0xfa/0x3b0
[  733.725795][T13473]  ? lockdep_hardirqs_on+0x9c/0x150
[  733.725816][T13473]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  733.725837][T13473]  ? clear_bhb_loop+0x60/0xb0
[  733.725862][T13473]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  733.725892][T13473] RIP: 0033:0x7fe7f618eb69
[  733.725911][T13473] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  733.725928][T13473] RSP: 002b:00007fe7f6f33038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[  733.725950][T13473] RAX: ffffffffffffffda RBX: 00007fe7f63b5fa0 RCX: 00007fe7f618eb69
[  733.725966][T13473] RDX: 0000000000000050 RSI: 00002000000005c0 RDI: 000000000000000a
[  733.725980][T13473] RBP: 00007fe7f6f33090 R08: 0000000000000000 R09: 0000000000000000
[  733.725994][T13473] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  733.726007][T13473] R13: 0000000000000000 R14: 00007fe7f63b5fa0 R15: 00007ffe31829598
[  733.726041][T13473]  </TASK>
[  735.206696][T13498] netlink: 'syz.1.2165': attribute type 10 has an invalid length.
[  735.220461][T13498] bridge0: port 3(syz_tun) entered disabled state
[  735.234973][T13498] syz_tun: left allmulticast mode
[  735.243203][T13498] bridge0: port 3(syz_tun) entered disabled state
[  735.267935][T13498] bond0: (slave syz_tun): Enslaving as an active interface with an up link
[  735.283878][ T6664] bond0: (slave syz_tun): interface is now down
[  735.290878][ T6664] bond0: now running without any active interface!
[  735.683336][T13512] netlink: 'syz.4.2169': attribute type 1 has an invalid length.
[  735.811363][T13512] nbd: couldn't find device at index -492516727
[  736.049767][T13513] FAULT_INJECTION: forcing a failure.
[  736.049767][T13513] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  736.131590][T13513] CPU: 0 UID: 0 PID: 13513 Comm: syz.5.2171 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) 
[  736.131620][T13513] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  736.131632][T13513] Call Trace:
[  736.131640][T13513]  <TASK>
[  736.131649][T13513]  dump_stack_lvl+0x189/0x250
[  736.131677][T13513]  ? __pfx____ratelimit+0x10/0x10
[  736.131699][T13513]  ? __pfx_dump_stack_lvl+0x10/0x10
[  736.131720][T13513]  ? __pfx__printk+0x10/0x10
[  736.131751][T13513]  should_fail_ex+0x414/0x560
[  736.131766][T13513]  _copy_from_user+0x2d/0xb0
[  736.131800][T13513]  bpf_test_init+0xf8/0x170
[  736.131817][T13513]  bpf_prog_test_run_skb+0x1e9/0x1560
[  736.131830][T13513]  ? __fget_files+0x2a/0x420
[  736.131845][T13513]  ? __fget_files+0x2a/0x420
[  736.131860][T13513]  ? __pfx_bpf_prog_test_run_skb+0x10/0x10
[  736.131875][T13513]  bpf_prog_test_run+0x2c7/0x340
[  736.131894][T13513]  __sys_bpf+0x4a4/0x860
[  736.131911][T13513]  ? __pfx___sys_bpf+0x10/0x10
[  736.131942][T13513]  __x64_sys_bpf+0x7c/0x90
[  736.131957][T13513]  do_syscall_64+0xfa/0x3b0
[  736.131970][T13513]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  736.131979][T13513]  ? asm_sysvec_reschedule_ipi+0x1a/0x20
[  736.131989][T13513]  ? clear_bhb_loop+0x60/0xb0
[  736.132002][T13513]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  736.132012][T13513] RIP: 0033:0x7f043958eb69
[  736.132023][T13513] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  736.132032][T13513] RSP: 002b:00007f043a393038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[  736.132044][T13513] RAX: ffffffffffffffda RBX: 00007f04397b5fa0 RCX: 00007f043958eb69
[  736.132052][T13513] RDX: 0000000000000050 RSI: 00002000000002c0 RDI: 000000000000000a
[  736.132059][T13513] RBP: 00007f043a393090 R08: 0000000000000000 R09: 0000000000000000
[  736.132066][T13513] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  736.132073][T13513] R13: 0000000000000000 R14: 00007f04397b5fa0 R15: 00007fffe9a0f738
[  736.132089][T13513]  </TASK>
[  736.511878][T13507] syz.0.2167 (13507) used greatest stack depth: 18616 bytes left
[  736.622416][T13521] netlink: 24 bytes leftover after parsing attributes in process `syz.4.2174'.
[  736.687573][T13521] vxcan3: entered promiscuous mode
[  736.792011][ T5935] usb 3-1: new high-speed USB device number 31 using dummy_hcd
[  737.422274][ T5935] usb 3-1: Using ep0 maxpacket: 8
[  737.439834][ T5935] usb 3-1: config 0 has an invalid interface number: 52 but max is 0
[  737.449173][ T5935] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  737.479185][ T5935] usb 3-1: config 0 has no interface number 0
[  737.500119][ T5935] usb 3-1: config 0 interface 52 altsetting 1 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  737.541164][ T5935] usb 3-1: config 0 interface 52 altsetting 1 endpoint 0x8F has an invalid bInterval 0, changing to 7
[  737.575474][ T5935] usb 3-1: config 0 interface 52 altsetting 1 endpoint 0x8F has invalid maxpacket 59391, setting to 1024
[  737.616145][ T5935] usb 3-1: config 0 interface 52 altsetting 1 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  737.660424][ T5935] usb 3-1: config 0 interface 52 has no altsetting 0
[  737.740021][ T5935] usb 3-1: New USB device found, idVendor=06cb, idProduct=0007, bcdDevice= 8.00
[  737.775438][ T5935] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  737.854798][ T5935] usb 3-1: config 0 descriptor??
[  738.303283][T13520] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  738.321944][T13520] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  738.352147][ T5935] input: USB Synaptics Device 06cb:0007 (Stick) as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.52/input/input19
[  738.544729][    T9] usb 3-1: USB disconnect, device number 31
[  738.583845][T13556] netlink: 'syz.4.2184': attribute type 1 has an invalid length.
[  738.596482][T13556] nbd: couldn't find device at index -492516727
[  738.711695][T11630] usb 2-1: new high-speed USB device number 47 using dummy_hcd
[  738.881812][T11630] usb 2-1: Using ep0 maxpacket: 8
[  738.888983][T11630] usb 2-1: config index 0 descriptor too short (expected 30, got 18)
[  738.910342][T11630] usb 2-1: New USB device found, idVendor=1660, idProduct=0932, bcdDevice=80.ea
[  738.930081][T11630] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  738.951440][T11630] usb 2-1: Product: syz
[  738.955646][T11630] usb 2-1: Manufacturer: syz
[  738.964152][T11630] usb 2-1: SerialNumber: syz
[  738.970740][T11630] usb 2-1: config 0 descriptor??
[  738.979458][T11630] dvb-usb: found a 'Medion MD95700 (MDUSBTV-HYBRID)' in warm state.
[  739.355547][T11630] usb 2-1: setting power ON
[  739.360825][T11630] dvb-usb: bulk message failed: -22 (2/0)
[  739.385141][T11630] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer.
[  739.446135][T11630] dvbdev: DVB: registering new adapter (Medion MD95700 (MDUSBTV-HYBRID))
[  739.460291][T11630] usb 2-1: media controller created
[  740.064567][T11630] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  740.123971][T11630] usb 2-1: selecting invalid altsetting 6
[  740.131088][T13571] syzkaller1: entered promiscuous mode
[  740.138117][T13571] syzkaller1: entered allmulticast mode
[  740.149394][T11630] usb 2-1: digital interface selection failed (-22)
[  740.167688][T11630] dvb-usb: no frontend was attached by 'Medion MD95700 (MDUSBTV-HYBRID)'
[  740.197170][T11630] usb 2-1: setting power OFF
[  740.208994][T11630] dvb-usb: bulk message failed: -22 (2/0)
[  740.218232][T11630] dvb-usb: Medion MD95700 (MDUSBTV-HYBRID) successfully initialized and connected.
[  740.228571][T11630] (NULL device *): no alternate interface
[  740.288007][T11630] dvb-usb: Medion MD95700 (MDUSBTV-HYBRID) successfully deinitialized and disconnected.
[  740.577533][T13583] netlink: 16 bytes leftover after parsing attributes in process `syz.4.2192'.
[  741.531585][    T9] usb 2-1: USB disconnect, device number 47
[  741.708126][T13598] netlink: 'syz.4.2200': attribute type 1 has an invalid length.
[  741.716534][T13598] nbd: couldn't find device at index -492516727
[  742.576702][T13601] FAULT_INJECTION: forcing a failure.
[  742.576702][T13601] name failslab, interval 1, probability 0, space 0, times 0
[  742.589744][T13601] CPU: 1 UID: 0 PID: 13601 Comm: syz.1.2199 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) 
[  742.589768][T13601] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  742.589780][T13601] Call Trace:
[  742.589788][T13601]  <TASK>
[  742.589796][T13601]  dump_stack_lvl+0x189/0x250
[  742.589823][T13601]  ? __pfx____ratelimit+0x10/0x10
[  742.589845][T13601]  ? __pfx_dump_stack_lvl+0x10/0x10
[  742.589867][T13601]  ? __pfx__printk+0x10/0x10
[  742.589899][T13601]  ? __pfx___might_resched+0x10/0x10
[  742.589919][T13601]  ? fs_reclaim_acquire+0x7d/0x100
[  742.589948][T13601]  should_fail_ex+0x414/0x560
[  742.589974][T13601]  should_failslab+0xa8/0x100
[  742.589997][T13601]  __kmalloc_node_noprof+0xd1/0x4e0
[  742.590016][T13601]  ? load_msg+0x41/0x3b0
[  742.590047][T13601]  load_msg+0x41/0x3b0
[  742.590073][T13601]  ? ksys_write+0x1cb/0x250
[  742.590097][T13601]  do_msgsnd+0x19a/0x13d0
[  742.590142][T13601]  ? __might_fault+0xb0/0x130
[  742.590159][T13601]  ? fput+0xa0/0xd0
[  742.590179][T13601]  ? __pfx_do_msgsnd+0x10/0x10
[  742.590210][T13601]  ? __might_fault+0xb0/0x130
[  742.590233][T13601]  ? __x64_sys_msgsnd+0xee/0x120
[  742.590265][T13601]  do_syscall_64+0xfa/0x3b0
[  742.590286][T13601]  ? lockdep_hardirqs_on+0x9c/0x150
[  742.590307][T13601]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  742.590327][T13601]  ? clear_bhb_loop+0x60/0xb0
[  742.590351][T13601]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  742.590370][T13601] RIP: 0033:0x7fe7f618eb69
[  742.590389][T13601] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  742.590405][T13601] RSP: 002b:00007fe7f6f12038 EFLAGS: 00000246 ORIG_RAX: 0000000000000045
[  742.590426][T13601] RAX: ffffffffffffffda RBX: 00007fe7f63b6080 RCX: 00007fe7f618eb69
[  742.590442][T13601] RDX: 0000000000002000 RSI: 0000200000000180 RDI: 0000000000000000
[  742.590455][T13601] RBP: 00007fe7f6f12090 R08: 0000000000000000 R09: 0000000000000000
[  742.590467][T13601] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  742.590479][T13601] R13: 0000000000000000 R14: 00007fe7f63b6080 R15: 00007ffe31829598
[  742.590512][T13601]  </TASK>
[  743.286970][T13620] syzkaller1: entered promiscuous mode
[  743.545568][T13620] syzkaller1: entered allmulticast mode
[  744.391508][T11645] usb 2-1: new high-speed USB device number 48 using dummy_hcd
[  745.501506][T11645] usb 2-1: Using ep0 maxpacket: 8
[  745.538992][T11645] usb 2-1: config 6 has an invalid interface number: 2 but max is 0
[  745.549294][T11645] usb 2-1: config 6 has an invalid descriptor of length 0, skipping remainder of the config
[  745.568453][T11645] usb 2-1: config 6 has no interface number 0
[  746.174186][T11645] usb 2-1: config 6 interface 2 altsetting 0 has an endpoint descriptor with address 0xAA, changing to 0x8A
[  746.186179][T11645] usb 2-1: config 6 interface 2 altsetting 0 endpoint 0x8A has invalid wMaxPacketSize 0
[  746.196180][T11645] usb 2-1: config 6 interface 2 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  746.212812][T11645] usb 2-1: New USB device found, idVendor=0af0, idProduct=7271, bcdDevice=88.91
[  746.222568][T11645] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  746.233977][T13647] netlink: 'syz.0.2214': attribute type 1 has an invalid length.
[  746.242158][T11645] usb 2-1: Product: syz
[  746.246490][T11645] usb 2-1: Manufacturer: syz
[  746.251199][T13647] nbd: couldn't find device at index -492516727
[  746.258136][T11645] usb 2-1: SerialNumber: syz
[  746.466175][T11645] hso 2-1:6.2: Failed to find INT IN ep
[  746.574015][T13655] netlink: 16 bytes leftover after parsing attributes in process `syz.4.2213'.
[  746.635325][T13654] Cannot find add_set index 0 as target
[  746.859879][T11645] usb 2-1: USB disconnect, device number 48
[  746.923536][T13651] block device autoloading is deprecated and will be removed.
[  747.057631][T13659] netlink: 36 bytes leftover after parsing attributes in process `syz.5.2218'.
[  747.090157][T13659] syz_tun: left allmulticast mode
[  747.095769][T13659] syz_tun: left promiscuous mode
[  747.121657][T13659] bridge0: port 3(syz_tun) entered disabled state
[  747.151349][T13659] bridge_slave_1: left allmulticast mode
[  747.158071][T13659] bridge_slave_1: left promiscuous mode
[  747.181687][T13659] bridge0: port 2(bridge_slave_1) entered disabled state
[  747.211209][T13659] bridge_slave_0: left allmulticast mode
[  747.217042][T13659] bridge_slave_0: left promiscuous mode
[  747.223376][T13659] bridge0: port 1(bridge_slave_0) entered disabled state
[  747.346887][ T1301] ieee802154 phy0 wpan0: encryption failed: -22
[  747.353590][ T1301] ieee802154 phy1 wpan1: encryption failed: -22
[  747.387971][T13674] netlink: 'syz.0.2224': attribute type 1 has an invalid length.
[  747.428022][T13674] 8021q: adding VLAN 0 to HW filter on device bond2
[  748.381878][T11630] usb 3-1: new high-speed USB device number 32 using dummy_hcd
[  748.697968][T11630] usb 3-1: Using ep0 maxpacket: 8
[  748.785349][T11630] usb 3-1: config 126 has an invalid interface number: 10 but max is 0
[  748.798735][T11630] usb 3-1: config 126 has no interface number 0
[  748.949853][T11630] usb 3-1: New USB device found, idVendor=0f3d, idProduct=68aa, bcdDevice=10.22
[  749.082672][T13695] xt_CT: You must specify a L4 protocol and not use inversions on it
[  749.633431][T11630] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  749.641842][T11630] usb 3-1: Product: syz
[  749.645845][T13690] Cannot find add_set index 0 as target
[  749.646120][T11630] usb 3-1: Manufacturer: syz
[  749.656531][T11630] usb 3-1: SerialNumber: syz
[  749.675927][T11630] usb 3-1: Expected 3 endpoints, found: 0
[  750.045194][T13709] netlink: 16 bytes leftover after parsing attributes in process `syz.4.2231'.
[  750.630040][T13706] netlink: 36 bytes leftover after parsing attributes in process `syz.1.2234'.
[  750.641728][T13706] bridge_slave_1: left allmulticast mode
[  750.647428][T13706] bridge_slave_1: left promiscuous mode
[  750.658413][T13706] bridge0: port 2(bridge_slave_1) entered disabled state
[  750.667529][    T9] usb 3-1: USB disconnect, device number 32
[  750.810823][T13706] bridge_slave_0: left allmulticast mode
[  750.816680][T13706] bridge_slave_0: left promiscuous mode
[  750.833397][T13706] bridge0: port 1(bridge_slave_0) entered disabled state
[  750.898765][T13718] No source specified
[  750.974992][T13715] netlink: 8 bytes leftover after parsing attributes in process `syz.5.2235'.
[  752.663442][T13763] overlayfs: failed to clone lowerpath
[  752.683606][T13763] netlink: 36 bytes leftover after parsing attributes in process `syz.0.2249'.
[  753.145505][T13776] relay: one or more items not logged [item size (56) > sub-buffer size (10)]
[  753.239457][T13782] netlink: 'syz.0.2254': attribute type 1 has an invalid length.
[  753.281932][T13782] nbd: couldn't find device at index -492516727
[  753.736651][T13797] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  753.757942][T13799] overlayfs: failed to clone lowerpath
[  753.773396][T13799] netlink: 36 bytes leftover after parsing attributes in process `syz.4.2262'.
[  753.785349][T13799] bridge_slave_1: left allmulticast mode
[  753.791117][T13799] bridge_slave_1: left promiscuous mode
[  753.797141][T13799] bridge0: port 2(bridge_slave_1) entered disabled state
[  753.808927][T13799] bridge_slave_0: left allmulticast mode
[  753.815432][T13799] bridge_slave_0: left promiscuous mode
[  753.824999][T13799] bridge0: port 1(bridge_slave_0) entered disabled state
[  753.860634][T13799] bridge0 (unregistering): left promiscuous mode
[  755.049934][T13818] syzkaller1: entered promiscuous mode
[  755.059342][T13818] syzkaller1: entered allmulticast mode
[  755.614803][T13838] relay: one or more items not logged [item size (56) > sub-buffer size (10)]
[  756.602823][T13857] netlink: 4 bytes leftover after parsing attributes in process `syz.5.2280'.
[  756.876196][T13861] ALSA: mixer_oss: invalid OSS volume ''
[  757.038997][T13865] syzkaller1: entered promiscuous mode
[  757.085027][T13865] syzkaller1: entered allmulticast mode
[  758.066774][   T30] audit: type=1800 audit(1754352151.038:121): pid=13874 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz.1.2287" name="bus" dev="overlay" ino=2089 res=0 errno=0
[  758.267069][T13878] block nbd0: shutting down sockets
[  758.302104][T13885] relay: one or more items not logged [item size (56) > sub-buffer size (10)]
[  758.530882][T13894] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(5)
[  758.537456][T13894] vhci_hcd vhci_hcd.0: devid(0) speed(4) speed_str(wireless)
[  758.552474][T13894] vhci_hcd vhci_hcd.0: Device attached
[  758.559516][T13894] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2294'.
[  759.047921][T13896] vhci_hcd: cannot find the pending unlink 6
[  759.070612][T13896] vhci_hcd: connection closed
[  759.129258][T11645] vhci_hcd: vhci_device speed not set
[  759.177757][ T6159] vhci_hcd: stop threads
[  759.188304][ T6159] vhci_hcd: release socket
[  759.207625][ T6159] vhci_hcd: disconnect device
[  759.222032][T11645] usb 35-1: new full-speed USB device number 2 using vhci_hcd
[  759.246819][T11645] usb 35-1: enqueue for inactive port 0
[  759.389336][T11645] vhci_hcd: vhci_device speed not set
[  760.539022][T13919] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2300'.
[  760.552717][T13919] No source specified
[  761.068782][T13919] workqueue: Failed to create a rescuer kthread for wq "xfs-conv/nullb0": -EINTR
[  761.631541][T11645] usb 2-1: new high-speed USB device number 49 using dummy_hcd
[  761.840864][T13931] FAULT_INJECTION: forcing a failure.
[  761.840864][T13931] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  761.867155][T13931] CPU: 0 UID: 0 PID: 13931 Comm: syz.2.2305 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) 
[  761.867185][T13931] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  761.867198][T13931] Call Trace:
[  761.867207][T13931]  <TASK>
[  761.867216][T13931]  dump_stack_lvl+0x189/0x250
[  761.867245][T13931]  ? __pfx____ratelimit+0x10/0x10
[  761.867267][T13931]  ? __pfx_dump_stack_lvl+0x10/0x10
[  761.867289][T13931]  ? __pfx__printk+0x10/0x10
[  761.867328][T13931]  should_fail_ex+0x414/0x560
[  761.867356][T13931]  _copy_from_user+0x2d/0xb0
[  761.867383][T13931]  bpf_test_init+0xf8/0x170
[  761.867414][T13931]  bpf_prog_test_run_xdp+0x37c/0x1000
[  761.867458][T13931]  ? __pfx_bpf_prog_test_run_xdp+0x10/0x10
[  761.867491][T13931]  ? __fget_files+0x2a/0x420
[  761.867519][T13931]  ? __pfx_bpf_prog_test_run_xdp+0x10/0x10
[  761.867555][T13931]  bpf_prog_test_run+0x2c7/0x340
[  761.867589][T13931]  __sys_bpf+0x4a4/0x860
[  761.867619][T13931]  ? __pfx___sys_bpf+0x10/0x10
[  761.867661][T13931]  ? ksys_write+0x22a/0x250
[  761.867683][T13931]  ? __pfx_ksys_write+0x10/0x10
[  761.867710][T13931]  __x64_sys_bpf+0x7c/0x90
[  761.867736][T13931]  do_syscall_64+0xfa/0x3b0
[  761.867758][T13931]  ? lockdep_hardirqs_on+0x9c/0x150
[  761.867778][T13931]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  761.867798][T13931]  ? clear_bhb_loop+0x60/0xb0
[  761.867823][T13931]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  761.867841][T13931] RIP: 0033:0x7f85b3f8eb69
[  761.867859][T13931] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  761.867877][T13931] RSP: 002b:00007f85b4d10038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[  761.867898][T13931] RAX: ffffffffffffffda RBX: 00007f85b41b5fa0 RCX: 00007f85b3f8eb69
[  761.867913][T13931] RDX: 0000000000000050 RSI: 0000200000000600 RDI: 000000000000000a
[  761.867927][T13931] RBP: 00007f85b4d10090 R08: 0000000000000000 R09: 0000000000000000
[  761.867939][T13931] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  761.867952][T13931] R13: 0000000000000000 R14: 00007f85b41b5fa0 R15: 00007ffe91189268
[  761.867984][T13931]  </TASK>
[  762.131795][T11645] usb 2-1: Using ep0 maxpacket: 16
[  762.157559][T11645] usb 2-1: config 1 has an invalid descriptor of length 97, skipping remainder of the config
[  762.206922][T11645] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 3
[  762.627109][T11645] usb 2-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  762.701611][T11645] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  762.740264][T11645] usb 2-1: Product: syz
[  762.759640][T11645] usb 2-1: Manufacturer: syz
[  762.774849][T11645] usb 2-1: SerialNumber: syz
[  763.118414][T11645] usb 2-1: 0:2 : does not exist
[  763.136348][T11645] usb 2-1: 5:0: failed to get current value for ch 0 (-22)
[  763.287947][T11645] usb 2-1: USB disconnect, device number 49
[  764.136222][T13950] relay: one or more items not logged [item size (56) > sub-buffer size (10)]
[  764.462240][T13959] netlink: 20 bytes leftover after parsing attributes in process `syz.4.2312'.
[  766.100287][T13978] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  768.082194][T13995] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2321'.
[  768.092226][T13995] No source specified
[  768.373231][T13995] workqueue: Failed to create a rescuer kthread for wq "xfs-buf/nullb0": -EINTR
[  775.011888][T11627] usb 3-1: new high-speed USB device number 33 using dummy_hcd
[  776.261537][T11627] usb 3-1: Using ep0 maxpacket: 8
[  776.298458][T11627] usb 3-1: config 6 has an invalid interface number: 2 but max is 0
[  776.377385][T11627] usb 3-1: config 6 has an invalid descriptor of length 0, skipping remainder of the config
[  776.406628][T11627] usb 3-1: config 6 has no interface number 0
[  776.421657][T11627] usb 3-1: config 6 interface 2 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[  776.456321][T11627] usb 3-1: config 6 interface 2 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  776.643980][T11627] usb 3-1: New USB device found, idVendor=0af0, idProduct=7271, bcdDevice=88.91
[  776.780888][T11627] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  776.997357][T11627] usb 3-1: Product: syz
[  777.003577][T11627] usb 3-1: Manufacturer: syz
[  777.021340][T11627] usb 3-1: SerialNumber: syz
[  777.101775][T11627] hso 3-1:6.2: Failed to find INT IN ep
[  777.134502][T14094] relay: one or more items not logged [item size (56) > sub-buffer size (10)]
[  777.187030][T11627] usb 3-1: USB disconnect, device number 33
[  778.006131][ T5851] Bluetooth: hci3: unexpected event for opcode 0x0c03
[  778.533013][T14116] comedi comedi3: 8255: I/O port conflict (0x40404f26,4)
[  778.550241][T14116] comedi comedi3: 8255: I/O port conflict (0x5,4)
[  778.603673][T14116] comedi comedi3: 8255: I/O port conflict (0x2,4)
[  778.638038][T14116] comedi comedi3: 8255: I/O port conflict (0xc,4)
[  778.651420][T14116] comedi comedi3: 8255: I/O port conflict (0x9,4)
[  778.711491][T14116] comedi comedi3: 8255: I/O port conflict (0x5c95239c,4)
[  778.737673][T14116] comedi comedi3: 8255: I/O port conflict (0x5,4)
[  778.945024][T14116] comedi comedi3: 8255: I/O port conflict (0x3bf,4)
[  778.981503][T14116] comedi comedi3: 8255: I/O port conflict (0x1,4)
[  779.003788][T14116] comedi comedi3: 8255: I/O port conflict (0x20000001,4)
[  779.024592][T14116] comedi comedi3: 8255: I/O port conflict (0x9,4)
[  779.059681][T14116] comedi comedi3: 8255: I/O port conflict (0x6,4)
[  779.798044][T14133] netlink: 8 bytes leftover after parsing attributes in process `syz.5.2364'.
[  779.870018][T14134] No source specified
[  780.253779][T14146] xt_CT: You must specify a L4 protocol and not use inversions on it
[  781.018226][T14156] netlink: 36 bytes leftover after parsing attributes in process `syz.2.2369'.
[  781.045362][ T5851] Bluetooth: hci3: Malformed LE Event: 0x1b
[  781.491105][T14170] netlink: 'syz.0.2377': attribute type 11 has an invalid length.
[  781.631507][T11645] usb 3-1: new high-speed USB device number 34 using dummy_hcd
[  781.803439][T11645] usb 3-1: config 0 has an invalid interface number: 8 but max is 0
[  781.825764][T11645] usb 3-1: config 0 has no interface number 0
[  781.849380][T11645] usb 3-1: New USB device found, idVendor=0403, idProduct=da71, bcdDevice=a2.95
[  781.868927][T11645] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  781.914837][T11645] usb 3-1: Product: syz
[  781.921014][T11645] usb 3-1: Manufacturer: syz
[  782.001119][T11645] usb 3-1: SerialNumber: syz
[  782.027303][T11645] usb 3-1: config 0 descriptor??
[  782.038518][T11645] usb 3-1: NDI device with a latency value of 1
[  782.175175][T11630] usb 2-1: new high-speed USB device number 50 using dummy_hcd
[  782.256213][T11645] ftdi_sio 3-1:0.8: FTDI USB Serial Device converter detected
[  782.286552][T11645] ftdi_sio ttyUSB0: unknown device type: 0xa295
[  782.316128][T11645] usb 3-1: USB disconnect, device number 34
[  782.338589][T11645] ftdi_sio 3-1:0.8: device disconnected
[  782.383550][T11630] usb 2-1: Using ep0 maxpacket: 8
[  782.405311][T11630] usb 2-1: config 6 has an invalid interface number: 2 but max is 0
[  782.417213][T11630] usb 2-1: config 6 has an invalid descriptor of length 0, skipping remainder of the config
[  782.445936][T11630] usb 2-1: config 6 has no interface number 0
[  782.546853][T11630] usb 2-1: config 6 interface 2 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[  782.564028][T11630] usb 2-1: config 6 interface 2 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  782.592201][T11630] usb 2-1: New USB device found, idVendor=0af0, idProduct=7271, bcdDevice=88.91
[  782.603400][T11630] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  782.611867][T11630] usb 2-1: Product: syz
[  782.620846][T11630] usb 2-1: Manufacturer: syz
[  782.631420][T11630] usb 2-1: SerialNumber: syz
[  782.661274][T11630] hso 2-1:6.2: Failed to find INT IN ep
[  783.934977][T11645] usb 2-1: USB disconnect, device number 50
[  785.139894][T14207] comedi comedi3: 8255: I/O port conflict (0x40404f26,4)
[  785.148054][T14207] comedi comedi3: 8255: I/O port conflict (0x5,4)
[  785.157117][T14207] comedi comedi3: 8255: I/O port conflict (0x2,4)
[  785.164983][T14207] comedi comedi3: 8255: I/O port conflict (0xc,4)
[  785.175117][T14207] comedi comedi3: 8255: I/O port conflict (0x9,4)
[  785.186853][T14207] comedi comedi3: 8255: I/O port conflict (0x5c95239c,4)
[  785.201163][T14207] comedi comedi3: 8255: I/O port conflict (0x5,4)
[  785.211456][T14207] comedi comedi3: 8255: I/O port conflict (0x3bf,4)
[  785.222380][T14207] comedi comedi3: 8255: I/O port conflict (0x1,4)
[  785.229332][T14207] comedi comedi3: 8255: I/O port conflict (0x20000001,4)
[  785.236864][T14207] comedi comedi3: 8255: I/O port conflict (0x9,4)
[  785.244576][T14207] comedi comedi3: 8255: I/O port conflict (0x6,4)
[  785.728020][T14213] netlink: 68 bytes leftover after parsing attributes in process `syz.1.2389'.
[  786.636809][T14216] netlink: 48 bytes leftover after parsing attributes in process `syz.0.2391'.
[  786.758082][T14218] netlink: 'syz.0.2391': attribute type 2 has an invalid length.
[  786.799525][T14218] netlink: 'syz.0.2391': attribute type 11 has an invalid length.
[  786.808089][T14218] netlink: 132 bytes leftover after parsing attributes in process `syz.0.2391'.
[  786.845541][T14221] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2391'.
[  788.530746][T14237] overlayfs: failed to clone upperpath
[  788.540234][T14239] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2393'.
[  788.730582][T14242] No source specified
[  789.840631][T14250] xt_CT: You must specify a L4 protocol and not use inversions on it
[  792.206377][T14263] netlink: 256 bytes leftover after parsing attributes in process `syz.1.2403'.
[  792.254674][T14263] netlink: 72 bytes leftover after parsing attributes in process `syz.1.2403'.
[  793.107752][T14286] netlink: 204 bytes leftover after parsing attributes in process `syz.5.2411'.
[  793.125653][T14286] netlink: 96 bytes leftover after parsing attributes in process `syz.5.2411'.
[  793.206353][T14289] FAULT_INJECTION: forcing a failure.
[  793.206353][T14289] name failslab, interval 1, probability 0, space 0, times 0
[  793.272530][T14289] CPU: 1 UID: 0 PID: 14289 Comm: syz.2.2412 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) 
[  793.272559][T14289] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  793.272573][T14289] Call Trace:
[  793.272581][T14289]  <TASK>
[  793.272591][T14289]  dump_stack_lvl+0x189/0x250
[  793.272619][T14289]  ? __pfx____ratelimit+0x10/0x10
[  793.272641][T14289]  ? __pfx_dump_stack_lvl+0x10/0x10
[  793.272663][T14289]  ? __pfx__printk+0x10/0x10
[  793.272694][T14289]  ? __pfx___might_resched+0x10/0x10
[  793.272726][T14289]  should_fail_ex+0x414/0x560
[  793.272754][T14289]  should_failslab+0xa8/0x100
[  793.272779][T14289]  kmem_cache_alloc_node_noprof+0x76/0x3c0
[  793.272801][T14289]  ? __alloc_skb+0x112/0x2d0
[  793.272834][T14289]  __alloc_skb+0x112/0x2d0
[  793.272863][T14289]  netlink_sendmsg+0x5c6/0xb30
[  793.272901][T14289]  ? __pfx_netlink_sendmsg+0x10/0x10
[  793.272937][T14289]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  793.272958][T14289]  ? __pfx_netlink_sendmsg+0x10/0x10
[  793.272987][T14289]  __sock_sendmsg+0x21c/0x270
[  793.273015][T14289]  __sys_sendto+0x3bd/0x520
[  793.273046][T14289]  ? __pfx___sys_sendto+0x10/0x10
[  793.273085][T14289]  ? count_memcg_event_mm+0x21/0x260
[  793.273128][T14289]  ? exc_page_fault+0x76/0xf0
[  793.273184][T14289]  ? do_user_addr_fault+0xc8a/0x1390
[  793.273219][T14289]  __x64_sys_sendto+0xde/0x100
[  793.273257][T14289]  do_syscall_64+0xfa/0x3b0
[  793.273278][T14289]  ? lockdep_hardirqs_on+0x9c/0x150
[  793.273299][T14289]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  793.273319][T14289]  ? clear_bhb_loop+0x60/0xb0
[  793.273343][T14289]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  793.273363][T14289] RIP: 0033:0x7f85b3f909fc
[  793.273381][T14289] Code: 2a 5f 02 00 44 8b 4c 24 2c 4c 8b 44 24 20 89 c5 44 8b 54 24 28 48 8b 54 24 18 b8 2c 00 00 00 48 8b 74 24 10 8b 7c 24 08 0f 05 <48> 3d 00 f0 ff ff 77 34 89 ef 48 89 44 24 08 e8 70 5f 02 00 48 8b
[  793.273400][T14289] RSP: 002b:00007f85b4d0eec0 EFLAGS: 00000293 ORIG_RAX: 000000000000002c
[  793.273427][T14289] RAX: ffffffffffffffda RBX: 00007f85b4d0efc0 RCX: 00007f85b3f909fc
[  793.273443][T14289] RDX: 0000000000000020 RSI: 00007f85b4d0f010 RDI: 0000000000000003
[  793.273456][T14289] RBP: 0000000000000000 R08: 00007f85b4d0ef14 R09: 000000000000000c
[  793.273475][T14289] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000003
[  793.273490][T14289] R13: 00007f85b4d0ef68 R14: 00007f85b4d0f010 R15: 0000000000000000
[  793.273522][T14289]  </TASK>
[  793.514239][    C1] vkms_vblank_simulate: vblank timer overrun
[  793.678850][T14294] xt_CT: You must specify a L4 protocol and not use inversions on it
[  794.289718][T11645] usb 2-1: new high-speed USB device number 51 using dummy_hcd
[  794.778261][T11645] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  794.800802][T11645] usb 2-1: New USB device found, idVendor=0471, idProduct=0304, bcdDevice=e4.df
[  794.823892][T11645] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  794.855161][T11645] usb 2-1: config 0 descriptor??
[  794.871053][T14310] netlink: 'syz.4.2417': attribute type 10 has an invalid length.
[  794.885925][T14310] veth0_vlan: left promiscuous mode
[  794.894312][T14310] veth0_vlan: entered promiscuous mode
[  794.902864][T14310] team0: Device veth0_vlan failed to register rx_handler
[  794.927269][T11645] pwc: Askey VC010 type 2 USB webcam detected.
[  795.052440][T14314] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2419'.
[  795.274537][T11645] pwc: recv_control_msg error -32 req 02 val 2b00
[  795.289871][T11645] pwc: recv_control_msg error -32 req 02 val 2700
[  795.308654][T11645] pwc: recv_control_msg error -32 req 02 val 2c00
[  795.327374][T11645] pwc: recv_control_msg error -32 req 04 val 1000
[  795.352045][T11645] pwc: recv_control_msg error -32 req 04 val 1300
[  795.379916][T14330] netlink: 'syz.0.2424': attribute type 1 has an invalid length.
[  795.402756][T14330] nbd: couldn't find device at index -492516727
[  795.802621][T14337] xt_CT: You must specify a L4 protocol and not use inversions on it
[  796.258690][T11645] pwc: recv_control_msg error -71 req 02 val 2100
[  796.277280][T11645] pwc: recv_control_msg error -71 req 04 val 1500
[  796.300382][T11645] pwc: recv_control_msg error -71 req 02 val 2500
[  796.333603][T11645] pwc: recv_control_msg error -71 req 02 val 2400
[  796.346308][T11645] pwc: recv_control_msg error -71 req 02 val 2600
[  796.357054][T11645] pwc: recv_control_msg error -71 req 02 val 2900
[  796.376198][T11645] pwc: recv_control_msg error -71 req 02 val 2800
[  796.515090][T11645] pwc: recv_control_msg error -71 req 04 val 1100
[  796.526058][T11645] pwc: recv_control_msg error -71 req 04 val 1200
[  796.548760][T11645] pwc: Registered as video103.
[  796.563706][T11645] input: PWC snapshot button as /devices/platform/dummy_hcd.1/usb2/2-1/input/input20
[  796.598650][T11645] usb 2-1: USB disconnect, device number 51
[  797.172678][T14351] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2429'.
[  797.181708][T14351] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2429'.
[  797.236735][T14351] bridge0: entered promiscuous mode
[  797.242398][T14351] bridge0: entered allmulticast mode
[  798.943311][T14376] netlink: 56 bytes leftover after parsing attributes in process `syz.1.2437'.
[  799.073968][T14379] relay: one or more items not logged [item size (56) > sub-buffer size (10)]
[  799.800433][T14399] FAULT_INJECTION: forcing a failure.
[  799.800433][T14399] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  799.801924][T14399] 
[  799.801932][T14399] ======================================================
[  799.801937][T14399] WARNING: possible circular locking dependency detected
[  799.801946][T14399] 6.16.0-syzkaller #0 Not tainted
[  799.801953][T14399] ------------------------------------------------------
[  799.801957][T14399] syz.5.2444/14399 is trying to acquire lock:
[  799.801963][T14399] ffffffff8e133300 (console_owner){-.-.}-{0:0}, at: console_flush_all+0x13a/0xc40
[  799.801997][T14399] 
[  799.801997][T14399] but task is already holding lock:
[  799.802001][T14399] ffff8880b8639e18 (&rq->__lock){-.-.}-{2:2}, at: raw_spin_rq_lock_nested+0xad/0x140
[  799.802023][T14399] 
[  799.802023][T14399] which lock already depends on the new lock.
[  799.802023][T14399] 
[  799.802026][T14399] 
[  799.802026][T14399] the existing dependency chain (in reverse order) is:
[  799.802030][T14399] 
[  799.802030][T14399] -> #4 (&rq->__lock){-.-.}-{2:2}:
[  799.802043][T14399]        lock_acquire+0x120/0x360
[  799.802052][T14399]        _raw_spin_lock_nested+0x32/0x50
[  799.802062][T14399]        raw_spin_rq_lock_nested+0x2a/0x140
[  799.802072][T14399]        task_rq_lock+0xbc/0x470
[  799.802081][T14399]        cgroup_move_task+0x9a/0x590
[  799.802092][T14399]        css_set_move_task+0x658/0x9e0
[  799.802103][T14399]        cgroup_post_fork+0x1ef/0x790
[  799.802113][T14399]        copy_process+0x37e6/0x3b80
[  799.802125][T14399]        kernel_clone+0x224/0x7f0
[  799.802136][T14399]        user_mode_thread+0xdd/0x140
[  799.802146][T14399]        rest_init+0x23/0x300
[  799.802158][T14399]        start_kernel+0x47d/0x500
[  799.802169][T14399]        x86_64_start_reservations+0x24/0x30
[  799.802182][T14399]        x86_64_start_kernel+0x143/0x1c0
[  799.802195][T14399]        common_startup_64+0x13e/0x147
[  799.802208][T14399] 
[  799.802208][T14399] -> #3 (&p->pi_lock){-.-.}-{2:2}:
[  799.802220][T14399]        lock_acquire+0x120/0x360
[  799.802228][T14399]        _raw_spin_lock_irqsave+0xa7/0xf0
[  799.802242][T14399]        try_to_wake_up+0x6e/0x1290
[  799.802254][T14399]        __wake_up_common_lock+0x137/0x1f0
[  799.802350][T14399]        tty_port_default_wakeup+0xa2/0xf0
[  799.802368][T14399]        serial8250_tx_chars+0x72e/0x970
[  799.802382][T14399]        serial8250_handle_irq+0x633/0xbb0
[  799.802395][T14399]        serial8250_default_handle_irq+0xbf/0x1b0
[  799.802404][T14399]        serial8250_interrupt+0xa2/0x1d0
[  799.802415][T14399]        __handle_irq_event_percpu+0x289/0x980
[  799.802428][T14399]        handle_irq_event+0x8b/0x1e0
[  799.802480][T14399]        handle_edge_irq+0x267/0x9c0
[  799.802491][T14399]        __common_interrupt+0x140/0x250
[  799.802505][T14399]        common_interrupt+0xb6/0xe0
[  799.802517][T14399]        asm_common_interrupt+0x26/0x40
[  799.802527][T14399]        pv_native_safe_halt+0x13/0x20
[  799.802537][T14399]        default_idle+0x13/0x20
[  799.802547][T14399]        default_idle_call+0x74/0xb0
[  799.802558][T14399]        do_idle+0x1e8/0x510
[  799.802568][T14399]        cpu_startup_entry+0x44/0x60
[  799.802578][T14399]        rest_init+0x2de/0x300
[  799.802590][T14399]        start_kernel+0x47d/0x500
[  799.802601][T14399]        x86_64_start_reservations+0x24/0x30
[  799.802614][T14399]        x86_64_start_kernel+0x143/0x1c0
[  799.802627][T14399]        common_startup_64+0x13e/0x147
[  799.802640][T14399] 
[  799.802640][T14399] -> #2 (&tty->write_wait){-.-.}-{3:3}:
[  799.802657][T14399]        lock_acquire+0x120/0x360
[  799.802666][T14399]        _raw_spin_lock_irqsave+0xa7/0xf0
[  799.802681][T14399]        __wake_up_common_lock+0x2f/0x1f0
[  799.802697][T14399]        tty_port_default_wakeup+0xa2/0xf0
[  799.802715][T14399]        serial8250_tx_chars+0x72e/0x970
[  799.802728][T14399]        serial8250_handle_irq+0x633/0xbb0
[  799.802741][T14399]        serial8250_default_handle_irq+0xbf/0x1b0
[  799.802751][T14399]        serial8250_interrupt+0xa2/0x1d0
[  799.802761][T14399]        __handle_irq_event_percpu+0x289/0x980
[  799.802773][T14399]        handle_irq_event+0x8b/0x1e0
[  799.802785][T14399]        handle_edge_irq+0x267/0x9c0
[  799.802795][T14399]        __common_interrupt+0x140/0x250
[  799.802809][T14399]        common_interrupt+0xb6/0xe0
[  799.802821][T14399]        asm_common_interrupt+0x26/0x40
[  799.802830][T14399]        pv_native_safe_halt+0x13/0x20
[  799.802839][T14399]        default_idle+0x13/0x20
[  799.802851][T14399]        default_idle_call+0x74/0xb0
[  799.802867][T14399]        do_idle+0x1e8/0x510
[  799.802876][T14399]        cpu_startup_entry+0x44/0x60
[  799.802885][T14399]        rest_init+0x2de/0x300
[  799.802897][T14399]        start_kernel+0x47d/0x500
[  799.802907][T14399]        x86_64_start_reservations+0x24/0x30
[  799.802921][T14399]        x86_64_start_kernel+0x143/0x1c0
[  799.802933][T14399]        common_startup_64+0x13e/0x147
[  799.802946][T14399] 
[  799.802946][T14399] -> #1 (&port_lock_key){-.-.}-{3:3}:
[  799.802960][T14399]        lock_acquire+0x120/0x360
[  799.802968][T14399]        _raw_spin_lock_irqsave+0xa7/0xf0
[  799.802983][T14399]        serial8250_console_write+0x17e/0x1ba0
[  799.802997][T14399]        console_flush_all+0x728/0xc40
[  799.803009][T14399]        console_unlock+0xc4/0x270
[  799.803020][T14399]        vprintk_emit+0x5b7/0x7a0
[  799.803030][T14399]        _printk+0xcf/0x120
[  799.803041][T14399]        register_console+0xa8b/0xf90
[  799.803054][T14399]        univ8250_console_init+0x52/0x90
[  799.803067][T14399]        console_init+0x1a1/0x670
[  799.803079][T14399]        start_kernel+0x2cc/0x500
[  799.803089][T14399]        x86_64_start_reservations+0x24/0x30
[  799.803102][T14399]        x86_64_start_kernel+0x143/0x1c0
[  799.803115][T14399]        common_startup_64+0x13e/0x147
[  799.803127][T14399] 
[  799.803127][T14399] -> #0 (console_owner){-.-.}-{0:0}:
[  799.803144][T14399]        validate_chain+0xb9b/0x2140
[  799.803155][T14399]        __lock_acquire+0xab9/0xd20
[  799.803162][T14399]        lock_acquire+0x120/0x360
[  799.803170][T14399]        console_flush_all+0x6d2/0xc40
[  799.803182][T14399]        console_unlock+0xc4/0x270
[  799.803193][T14399]        vprintk_emit+0x5b7/0x7a0
[  799.803202][T14399]        _printk+0xcf/0x120
[  799.803213][T14399]        should_fail_ex+0x3f5/0x560
[  799.803222][T14399]        strncpy_from_user+0x36/0x290
[  799.803237][T14399]        strncpy_from_user_nofault+0x72/0x150
[  799.803248][T14399]        bpf_probe_read_user_str+0x2a/0x70
[  799.803258][T14399]        bpf_prog_bc7c5c6b9645592f+0x3e/0x44
[  799.803268][T14399]        bpf_trace_run4+0x28e/0x4a0
[  799.803281][T14399]        __bpf_trace_sched_switch+0x17a/0x1e0
[  799.803295][T14399]        __traceiter_sched_switch+0x9a/0xd0
[  799.803308][T14399]        __schedule+0x22ba/0x4c90
[  799.803317][T14399]        schedule+0x165/0x360
[  799.803326][T14399]        snd_seq_fifo_cell_out+0x216/0x500
[  799.803340][T14399]        snd_seq_read+0x2eb/0x650
[  799.803351][T14399]        vfs_read+0x200/0x980
[  799.803365][T14399]        ksys_read+0x145/0x250
[  799.803373][T14399]        do_syscall_64+0xfa/0x3b0
[  799.803383][T14399]        entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  799.803392][T14399] 
[  799.803392][T14399] other info that might help us debug this:
[  799.803392][T14399] 
[  799.803397][T14399] Chain exists of:
[  799.803397][T14399]   console_owner --> &p->pi_lock --> &rq->__lock
[  799.803397][T14399] 
[  799.803412][T14399]  Possible unsafe locking scenario:
[  799.803412][T14399] 
[  799.803416][T14399]        CPU0                    CPU1
[  799.803420][T14399]        ----                    ----
[  799.803424][T14399]   lock(&rq->__lock);
[  799.803431][T14399]                                lock(&p->pi_lock);
[  799.803443][T14399]                                lock(&rq->__lock);
[  799.803451][T14399]   lock(console_owner);
[  799.803458][T14399] 
[  799.803458][T14399]  *** DEADLOCK ***
[  799.803458][T14399] 
[  799.803461][T14399] 4 locks held by syz.5.2444/14399:
[  799.803468][T14399]  #0: ffff8880b8639e18 (&rq->__lock){-.-.}-{2:2}, at: raw_spin_rq_lock_nested+0xad/0x140
[  799.803493][T14399]  #1: ffffffff8e13f0e0 (rcu_read_lock){....}-{1:3}, at: bpf_trace_run4+0x19c/0x4a0
[  799.803518][T14399]  #2: ffffffff8e133360 (console_lock){+.+.}-{0:0}, at: _printk+0xcf/0x120
[  799.803542][T14399]  #3: ffffffff8e01ac30 (console_srcu){....}-{0:0}, at: console_flush_all+0x13a/0xc40
[  799.803568][T14399] 
[  799.803568][T14399] stack backtrace:
[  799.803576][T14399] CPU: 1 UID: 0 PID: 14399 Comm: syz.5.2444 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) 
[  799.803588][T14399] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  799.803596][T14399] Call Trace:
[  799.803602][T14399]  <TASK>
[  799.803607][T14399]  dump_stack_lvl+0x189/0x250
[  799.803620][T14399]  ? __pfx_dump_stack_lvl+0x10/0x10
[  799.803632][T14399]  ? __pfx__printk+0x10/0x10
[  799.803645][T14399]  ? print_lock_name+0xde/0x100
[  799.803658][T14399]  print_circular_bug+0x2ee/0x310
[  799.803671][T14399]  check_noncircular+0x134/0x160
[  799.803685][T14399]  validate_chain+0xb9b/0x2140
[  799.803706][T14399]  __lock_acquire+0xab9/0xd20
[  799.803717][T14399]  ? console_flush_all+0x13a/0xc40
[  799.803730][T14399]  lock_acquire+0x120/0x360
[  799.803738][T14399]  ? console_flush_all+0x13a/0xc40
[  799.803752][T14399]  ? do_raw_spin_unlock+0x122/0x240
[  799.803765][T14399]  ? console_flush_all+0x13a/0xc40
[  799.803778][T14399]  console_flush_all+0x6d2/0xc40
[  799.803791][T14399]  ? console_flush_all+0x13a/0xc40
[  799.803804][T14399]  ? console_flush_all+0x13a/0xc40
[  799.803817][T14399]  ? __pfx_console_flush_all+0x10/0x10
[  799.803832][T14399]  ? is_printk_cpu_sync_owner+0x32/0x40
[  799.803848][T14399]  console_unlock+0xc4/0x270
[  799.803860][T14399]  ? __pfx_console_unlock+0x10/0x10
[  799.803872][T14399]  ? is_printk_cpu_sync_owner+0x32/0x40
[  799.803887][T14399]  vprintk_emit+0x5b7/0x7a0
[  799.803899][T14399]  ? __pfx_vprintk_emit+0x10/0x10
[  799.803912][T14399]  ? __lock_acquire+0xab9/0xd20
[  799.803923][T14399]  _printk+0xcf/0x120
[  799.803935][T14399]  ? __pfx____ratelimit+0x10/0x10
[  799.803946][T14399]  ? __pfx__printk+0x10/0x10
[  799.803957][T14399]  ? bsearch+0x95/0xc0
[  799.803973][T14399]  ? search_extable+0x8f/0xd0
[  799.803987][T14399]  should_fail_ex+0x3f5/0x560
[  799.803997][T14399]  strncpy_from_user+0x36/0x290
[  799.804014][T14399]  strncpy_from_user_nofault+0x72/0x150
[  799.804026][T14399]  bpf_probe_read_user_str+0x2a/0x70
[  799.804036][T14399]  bpf_prog_bc7c5c6b9645592f+0x3e/0x44
[  799.804044][T14399]  bpf_trace_run4+0x28e/0x4a0
[  799.804058][T14399]  ? bpf_trace_run4+0x19c/0x4a0
[  799.804071][T14399]  ? __pfx_bpf_trace_run4+0x10/0x10
[  799.804083][T14399]  ? kvm_sched_clock_read+0x11/0x20
[  799.804093][T14399]  ? sched_clock_cpu+0x74/0x430
[  799.804104][T14399]  ? __bpf_trace_sched_switch+0x15f/0x1e0
[  799.804119][T14399]  __bpf_trace_sched_switch+0x17a/0x1e0
[  799.804133][T14399]  ? __pfx___bpf_trace_sched_switch+0x10/0x10
[  799.804147][T14399]  ? psi_group_change+0xbc7/0x1210
[  799.804158][T14399]  ? rcu_read_lock_sched_held+0x89/0x100
[  799.804170][T14399]  ? __pfx_rcu_read_lock_sched_held+0x10/0x10
[  799.804183][T14399]  ? psi_task_switch+0x318/0x6d0
[  799.804196][T14399]  ? tracing_record_taskinfo_sched_switch+0x7d/0x370
[  799.804210][T14399]  ? __pfx___bpf_trace_sched_switch+0x10/0x10
[  799.804223][T14399]  __traceiter_sched_switch+0x9a/0xd0
[  799.804238][T14399]  __schedule+0x22ba/0x4c90
[  799.804252][T14399]  ? schedule+0x165/0x360
[  799.804262][T14399]  ? __pfx___schedule+0x10/0x10
[  799.804275][T14399]  ? schedule+0x91/0x360
[  799.804285][T14399]  schedule+0x165/0x360
[  799.804303][T14399]  snd_seq_fifo_cell_out+0x216/0x500
[  799.804318][T14399]  ? _parse_integer_limit+0x1ae/0x1f0
[  799.804331][T14399]  ? __pfx_snd_seq_fifo_cell_out+0x10/0x10
[  799.804346][T14399]  ? __pfx_default_wake_function+0x10/0x10
[  799.804363][T14399]  ? get_pid_task+0x20/0x1f0
[  799.804378][T14399]  snd_seq_read+0x2eb/0x650
[  799.804390][T14399]  ? __pfx_snd_seq_read+0x10/0x10
[  799.804400][T14399]  ? rcu_read_lock_any_held+0xb3/0x120
[  799.804412][T14399]  ? __pfx_rcu_read_lock_any_held+0x10/0x10
[  799.804424][T14399]  ? bpf_lsm_file_permission+0x9/0x20
[  799.804436][T14399]  ? security_file_permission+0x75/0x290
[  799.804452][T14399]  ? rw_verify_area+0x258/0x650
[  799.804467][T14399]  ? __pfx_snd_seq_read+0x10/0x10
[  799.804478][T14399]  vfs_read+0x200/0x980
[  799.804495][T14399]  ? __pfx_vfs_read+0x10/0x10
[  799.804510][T14399]  ? __fget_files+0x2a/0x420
[  799.804522][T14399]  ? __fget_files+0x2a/0x420
[  799.804533][T14399]  ? __fget_files+0x3a0/0x420
[  799.804543][T14399]  ? __fget_files+0x2a/0x420
[  799.804555][T14399]  ksys_read+0x145/0x250
[  799.804565][T14399]  ? __pfx_ksys_read+0x10/0x10
[  799.804573][T14399]  ? rcu_is_watching+0x15/0xb0
[  799.804585][T14399]  ? do_syscall_64+0xbe/0x3b0
[  799.804597][T14399]  do_syscall_64+0xfa/0x3b0
[  799.804607][T14399]  ? lockdep_hardirqs_on+0x9c/0x150
[  799.804617][T14399]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  799.804626][T14399]  ? clear_bhb_loop+0x60/0xb0
[  799.804638][T14399]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  799.804648][T14399] RIP: 0033:0x7f043958eb69
[  799.804659][T14399] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  799.804669][T14399] RSP: 002b:00007f043a393038 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  799.804681][T14399] RAX: ffffffffffffffda RBX: 00007f04397b5fa0 RCX: 00007f043958eb69
[  799.804689][T14399] RDX: 0000000000000028 RSI: 0000200000000840 RDI: 0000000000000005
[  799.804697][T14399] RBP: 00007f043a393090 R08: 0000000000000000 R09: 0000000000000000
[  799.804703][T14399] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  799.804710][T14399] R13: 0000000000000000 R14: 00007f04397b5fa0 R15: 00007fffe9a0f738
[  799.804721][T14399]  </TASK>
[  801.119555][T14399] CPU: 1 UID: 0 PID: 14399 Comm: syz.5.2444 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) 
[  801.119572][T14399] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  801.119583][T14399] Call Trace:
[  801.119592][T14399]  <TASK>
[  801.119600][T14399]  dump_stack_lvl+0x189/0x250
[  801.119617][T14399]  ? __pfx____ratelimit+0x10/0x10
[  801.119630][T14399]  ? __pfx_dump_stack_lvl+0x10/0x10
[  801.119641][T14399]  ? __pfx__printk+0x10/0x10
[  801.119653][T14399]  ? bsearch+0x95/0xc0
[  801.119669][T14399]  ? search_extable+0x8f/0xd0
[  801.119682][T14399]  should_fail_ex+0x414/0x560
[  801.119693][T14399]  strncpy_from_user+0x36/0x290
[  801.119711][T14399]  strncpy_from_user_nofault+0x72/0x150
[  801.119723][T14399]  bpf_probe_read_user_str+0x2a/0x70
[  801.119734][T14399]  bpf_prog_bc7c5c6b9645592f+0x3e/0x44
[  801.119744][T14399]  bpf_trace_run4+0x28e/0x4a0
[  801.119758][T14399]  ? bpf_trace_run4+0x19c/0x4a0
[  801.119770][T14399]  ? __pfx_bpf_trace_run4+0x10/0x10
[  801.119783][T14399]  ? kvm_sched_clock_read+0x11/0x20
[  801.119793][T14399]  ? sched_clock_cpu+0x74/0x430
[  801.119805][T14399]  ? __bpf_trace_sched_switch+0x15f/0x1e0
[  801.119821][T14399]  __bpf_trace_sched_switch+0x17a/0x1e0
[  801.119836][T14399]  ? __pfx___bpf_trace_sched_switch+0x10/0x10
[  801.119848][T14399]  ? psi_group_change+0xbc7/0x1210
[  801.119860][T14399]  ? rcu_read_lock_sched_held+0x89/0x100
[  801.119872][T14399]  ? __pfx_rcu_read_lock_sched_held+0x10/0x10
[  801.119884][T14399]  ? psi_task_switch+0x318/0x6d0
[  801.119897][T14399]  ? tracing_record_taskinfo_sched_switch+0x7d/0x370
[  801.119910][T14399]  ? __pfx___bpf_trace_sched_switch+0x10/0x10
[  801.119924][T14399]  __traceiter_sched_switch+0x9a/0xd0
[  801.119939][T14399]  __schedule+0x22ba/0x4c90
[  801.119953][T14399]  ? schedule+0x165/0x360
[  801.119962][T14399]  ? __pfx___schedule+0x10/0x10
[  801.119975][T14399]  ? schedule+0x91/0x360
[  801.119984][T14399]  schedule+0x165/0x360
[  801.119993][T14399]  snd_seq_fifo_cell_out+0x216/0x500
[  801.120008][T14399]  ? _parse_integer_limit+0x1ae/0x1f0
[  801.120021][T14399]  ? __pfx_snd_seq_fifo_cell_out+0x10/0x10
[  801.120035][T14399]  ? __pfx_default_wake_function+0x10/0x10
[  801.120052][T14399]  ? get_pid_task+0x20/0x1f0
[  801.120066][T14399]  snd_seq_read+0x2eb/0x650
[  801.120078][T14399]  ? __pfx_snd_seq_read+0x10/0x10
[  801.120088][T14399]  ? rcu_read_lock_any_held+0xb3/0x120
[  801.120100][T14399]  ? __pfx_rcu_read_lock_any_held+0x10/0x10
[  801.120112][T14399]  ? bpf_lsm_file_permission+0x9/0x20
[  801.120123][T14399]  ? security_file_permission+0x75/0x290
[  801.120135][T14399]  ? rw_verify_area+0x258/0x650
[  801.120151][T14399]  ? __pfx_snd_seq_read+0x10/0x10
[  801.120162][T14399]  vfs_read+0x200/0x980
[  801.120178][T14399]  ? __pfx_vfs_read+0x10/0x10
[  801.120193][T14399]  ? __fget_files+0x2a/0x420
[  801.120205][T14399]  ? __fget_files+0x2a/0x420
[  801.120215][T14399]  ? __fget_files+0x3a0/0x420
[  801.120225][T14399]  ? __fget_files+0x2a/0x420
[  801.120238][T14399]  ksys_read+0x145/0x250
[  801.120247][T14399]  ? __pfx_ksys_read+0x10/0x10
[  801.120255][T14399]  ? rcu_is_watching+0x15/0xb0
[  801.120267][T14399]  ? do_syscall_64+0xbe/0x3b0
[  801.120279][T14399]  do_syscall_64+0xfa/0x3b0
[  801.120290][T14399]  ? lockdep_hardirqs_on+0x9c/0x150
[  801.120300][T14399]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  801.120310][T14399]  ? clear_bhb_loop+0x60/0xb0
[  801.120321][T14399]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  801.120332][T14399] RIP: 0033:0x7f043958eb69
[  801.120342][T14399] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  801.120351][T14399] RSP: 002b:00007f043a393038 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  801.120363][T14399] RAX: ffffffffffffffda RBX: 00007f04397b5fa0 RCX: 00007f043958eb69
[  801.120371][T14399] RDX: 0000000000000028 RSI: 0000200000000840 RDI: 0000000000000005
[  801.120384][T14399] RBP: 00007f043a393090 R08: 0000000000000000 R09: 0000000000000000
[  801.120390][T14399] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  801.120397][T14399] R13: 0000000000000000 R14: 00007f04397b5fa0 R15: 00007fffe9a0f738
[  801.120408][T14399]  </TASK>
[  801.120562][    C0] vkms_vblank_simulate: vblank timer overrun
[  801.529221][    C0] vkms_vblank_simulate: vblank timer overrun
[  808.773235][ T1301] ieee802154 phy0 wpan0: encryption failed: -22
[  808.779974][ T1301] ieee802154 phy1 wpan1: encryption failed: -22