last executing test programs:

18m18.242792473s ago: executing program 3 (id=32):
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000040)=0x7)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f0000000180)=@abs={0x0, 0x0, 0x10000000}, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x400}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r3}, 0x10)
msgctl$IPC_INFO(0x0, 0x3, &(0x7f0000000380)=""/176)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.net/syz0\x00', 0x1ff)
r4 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
getpid()
open_by_handle_at(0xffffffffffffffff, &(0x7f0000000180)=ANY=[], 0x1)
r5 = landlock_create_ruleset(&(0x7f0000000180)={0x100, 0x0, 0x3}, 0x18, 0x0)
landlock_add_rule$LANDLOCK_RULE_PATH_BENEATH(r5, 0xf4240, 0x0, 0x0)
r6 = openat$cgroup_ro(r4, &(0x7f0000000380)='devices.list\x00', 0x0, 0x0)
preadv(r6, &(0x7f00000000c0)=[{&(0x7f0000000240)=""/140, 0x8c}], 0x1, 0x0, 0x0)

18m13.209866499s ago: executing program 3 (id=43):
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r0, 0x0, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040)='cgroup2\x00', 0x0, 0x0)
mount$overlay(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000180), 0x0, 0x0)
mkdir(&(0x7f0000000040)='./file1\x00', 0x0)
mkdir(&(0x7f0000000300)='./bus\x00', 0x0)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000340)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@xino_on}, {@upperdir={'upperdir', 0x3d, './file1'}}]})
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(0xffffffffffffffff, 0x8933, 0x0)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x18, 0x4, &(0x7f0000000000)=ANY=[@ANYBLOB="18010000200180000000000000000000850000007b00000095"], &(0x7f00000001c0)='GPL\x00', 0x4}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000080)='sched_switch\x00', r1}, 0x10)
chdir(&(0x7f00000003c0)='./bus\x00')
getdents(0xffffffffffffffff, &(0x7f0000001fc0)=""/184, 0x20002078)

18m10.701555135s ago: executing program 3 (id=49):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x1, 0x46, &(0x7f0000000140), 0x4)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x4000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = socket$netlink(0x10, 0x3, 0xc)
bind$netlink(r3, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc)
sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x0)
mount$tmpfs(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f00000000c0), 0x800400, &(0x7f0000000100)={[{@usrquota}]})
chown(&(0x7f0000000240)='./file0\x00', 0xee00, 0x0)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r4, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)={{0x14}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x101, 0x0, 0x0, {0x2}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWCHAIN={0x34, 0x3, 0xa, 0x101, 0x0, 0x0, {0x2}, [@NFTA_CHAIN_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_CHAIN_NAME={0x9, 0x3, 'syz2\x00'}, @NFTA_CHAIN_TYPE={0x8, 0x7, 'nat\x00'}]}, @NFT_MSG_DELTABLE={0x14, 0x2, 0xa, 0x5}], {0x14}}, 0x90}}, 0x0)

18m8.091704198s ago: executing program 3 (id=53):
setsockopt$inet_tcp_TCP_CONGESTION(0xffffffffffffffff, 0x6, 0xd, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x3)
sched_setaffinity(0x0, 0x8, &(0x7f00000000c0)=0xa)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004}, 0x0)
add_key$user(&(0x7f0000000180), &(0x7f0000000340)={'syz', 0x0}, &(0x7f0000000580)="00e6af00000000000000f8708c06f366f9327247bac14cdb9f2fc0d130a82edc06bfa81f809b7f686b229f2af1bc990c4bfd9f82f2141e161fdf814b3a86ebef4ce51b7b648dee65af47d31827c9dc0047a2f985579fcf251148df363bdaa75d8e8ad731adf940d4ca8152686d", 0x6d, 0xfffffffffffffffd)
add_key$user(&(0x7f00000003c0), &(0x7f0000000440), &(0x7f00000000c0), 0xf1, 0xfffffffffffffffd)
r1 = socket(0x10, 0x3, 0x0)
close_range(r0, 0xffffffffffffffff, 0x2)
fcntl$getownex(r1, 0x10, 0x0)
ptrace$setopts(0x4206, 0x0, 0x5, 0x10)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000100)={0x11, 0x3, 0x0, 0x0}, 0x94)
bpf$LINK_GET_FD_BY_ID(0x1e, 0x0, 0x0)
close_range(r1, 0xffffffffffffffff, 0x2)
openat$binderfs(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r2 = openat$binderfs(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, 0x0)
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, 0x0)
syz_emit_ethernet(0x82, &(0x7f00000006c0)=ANY=[@ANYBLOB="bbbbbbbbbbbbaaaaaaaaaabb88a800008100000086dd60fc104600442f00fc000000000000000000000000000000ff020000000000000000000000000001242081000000000000000800000086dd080088be86ddffff100000000100000000000000080022eb000000002000e00002000000000000000000000008006558000000007822bcc5b98fde77b3e16dd65ff64d7432b536279b98f3d009395118fa8d4a7278761da7d73b75936fd4496dc5a406020dd5fe04666f3e014c5555130ec35dd0a840b01dbfa4677b1723a2ac34e263965bdba4980486d2fd6b4efbda215d7b4caa491a6295159d4e50bd2f102bd36716da5c426fd249e88697e281abd9952d2f34cbf3997ca252b02e5413c3b8ed2161ab68683a"], 0x0)

18m6.309314985s ago: executing program 3 (id=57):
r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x140, 0x1a0)
r1 = fanotify_init(0x4, 0x101801)
socket$nl_netfilter(0x10, 0x3, 0xc)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e21}, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
fanotify_mark(r1, 0x105, 0x40001032, r0, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0xe8e41, 0x0)
fcntl$setlease(r0, 0x400, 0x0)
read$FUSE(r1, &(0x7f0000000b00)={0x2020}, 0x2020)
getrlimit(0x5, &(0x7f0000000040))
socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
r5 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r5, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000200)=@ipv6_newrule={0x24, 0x20, 0x70f, 0x0, 0x0, {0xa, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10012}, [@FIB_RULE_POLICY=@FRA_SPORT_RANGE={0x8, 0x17, {0x4e20, 0x4e21}}]}, 0x24}}, 0x0)
r6 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r6, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000380)=@newlink={0x54, 0x10, 0x403, 0x0, 0x25dfdbfe, {0x0, 0x0, 0x74, 0x0, 0x800, 0x55007}, [@IFLA_LINKINFO={0x34, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x24, 0x2, 0x0, 0x1, [@IFLA_BR_MCAST_QUERIER={0x5, 0x19, 0x2}, @IFLA_BR_MCAST_STARTUP_QUERY_INTVL={0xc, 0x23, 0x1}, @IFLA_BR_MCAST_QUERY_RESPONSE_INTVL={0xc, 0x22, 0x6}]}}}]}, 0x54}, 0x1, 0x0, 0x0, 0x800}, 0x0)

18m3.897189737s ago: executing program 3 (id=61):
setsockopt$inet_tcp_TCP_CONGESTION(0xffffffffffffffff, 0x6, 0xd, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x3)
sched_setaffinity(0x0, 0x8, &(0x7f00000000c0)=0xa)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004}, 0x0)
add_key$user(&(0x7f0000000180), &(0x7f0000000340)={'syz', 0x0}, &(0x7f0000000580)="00e6af00000000000000f8708c06f366f9327247bac14cdb9f2fc0d130a82edc06bfa81f809b7f686b229f2af1bc990c4bfd9f82f2141e161fdf814b3a86ebef4ce51b7b648dee65af47d31827c9dc0047a2f985579fcf251148df363bdaa75d8e8ad731adf940d4ca8152686d", 0x6d, 0xfffffffffffffffd)
add_key$user(&(0x7f00000003c0), &(0x7f0000000440), &(0x7f00000000c0), 0xf1, 0xfffffffffffffffd)
r1 = socket(0x10, 0x3, 0x0)
close_range(r0, 0xffffffffffffffff, 0x2)
fcntl$getownex(r1, 0x10, 0x0)
bpf$LINK_GET_FD_BY_ID(0x1e, 0x0, 0x0)
syz_emit_ethernet(0x82, &(0x7f00000006c0)=ANY=[@ANYBLOB="bbbbbbbbbbbbaaaaaaaaaabb88a800008100000086dd60fc104600442f00fc000000000000000000000000000000ff020000000000000000000000000001242081000000000000000800000086dd080088be86ddffff100000000100000000000000080022eb000000002000e00002000000000000000000000008006558000000007822bcc5b98fde77b3e16dd65ff64d7432b536279b98f3d009395118fa8d4a7278761da7d73b75936fd4496dc5a406020dd5fe04666f3e014c5555130ec35dd0a840b01dbfa4677b1723a2ac34e263965bdba4980486d2fd6b4efbda215d7b4caa491a6295159d4e50bd2f102bd36716da5c426fd249e88697e281abd9952d2f34cbf3997ca252b02e5413c3b8ed2161ab68683a"], 0x0)

17m48.362178343s ago: executing program 32 (id=61):
setsockopt$inet_tcp_TCP_CONGESTION(0xffffffffffffffff, 0x6, 0xd, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x3)
sched_setaffinity(0x0, 0x8, &(0x7f00000000c0)=0xa)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004}, 0x0)
add_key$user(&(0x7f0000000180), &(0x7f0000000340)={'syz', 0x0}, &(0x7f0000000580)="00e6af00000000000000f8708c06f366f9327247bac14cdb9f2fc0d130a82edc06bfa81f809b7f686b229f2af1bc990c4bfd9f82f2141e161fdf814b3a86ebef4ce51b7b648dee65af47d31827c9dc0047a2f985579fcf251148df363bdaa75d8e8ad731adf940d4ca8152686d", 0x6d, 0xfffffffffffffffd)
add_key$user(&(0x7f00000003c0), &(0x7f0000000440), &(0x7f00000000c0), 0xf1, 0xfffffffffffffffd)
r1 = socket(0x10, 0x3, 0x0)
close_range(r0, 0xffffffffffffffff, 0x2)
fcntl$getownex(r1, 0x10, 0x0)
bpf$LINK_GET_FD_BY_ID(0x1e, 0x0, 0x0)
syz_emit_ethernet(0x82, &(0x7f00000006c0)=ANY=[@ANYBLOB="bbbbbbbbbbbbaaaaaaaaaabb88a800008100000086dd60fc104600442f00fc000000000000000000000000000000ff020000000000000000000000000001242081000000000000000800000086dd080088be86ddffff100000000100000000000000080022eb000000002000e00002000000000000000000000008006558000000007822bcc5b98fde77b3e16dd65ff64d7432b536279b98f3d009395118fa8d4a7278761da7d73b75936fd4496dc5a406020dd5fe04666f3e014c5555130ec35dd0a840b01dbfa4677b1723a2ac34e263965bdba4980486d2fd6b4efbda215d7b4caa491a6295159d4e50bd2f102bd36716da5c426fd249e88697e281abd9952d2f34cbf3997ca252b02e5413c3b8ed2161ab68683a"], 0x0)

16m10.064283158s ago: executing program 1 (id=253):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x5, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000100)=0x2)
sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000002000)=""/102400, 0x19000)
r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$TCFLSH(r2, 0x400455c8, 0x20000000008)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000240)={{}, &(0x7f0000000040), &(0x7f0000000080)=r0}, 0x20)
getpeername$packet(0xffffffffffffffff, &(0x7f0000001340)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @link_local}, 0x0)
r3 = openat$ubi_ctrl(0xffffffffffffff9c, 0x0, 0x210000, 0x0)
syz_io_uring_setup(0x9c, &(0x7f0000000640)={0x0, 0xec25, 0x4000, 0x2, 0x40000333, 0x0, r3}, 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f00000012c0)=@IORING_OP_SENDMSG={0x9, 0x71, 0x0, r3, 0x0, 0x0, 0x0, 0x4, 0x1})
ioctl$SCSI_IOCTL_GET_PCI(0xffffffffffffffff, 0x5393, &(0x7f0000000000))
r4 = bpf$BPF_BTF_LOAD(0x12, &(0x7f00000003c0)={0x0, 0x0, 0x26}, 0x28)
r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0xd, 0x3, &(0x7f0000000040)=@framed, &(0x7f0000000080)='GPL\x00', 0x5, 0x1f6, &(0x7f00000002c0)=""/168, 0x0, 0x0, '\x00', 0x0, @sock_ops, r4, 0x8, 0x0, 0x0, 0x10, &(0x7f0000000200), 0x1}, 0x6d)
pread64(r2, &(0x7f0000000280)=""/57, 0x39, 0xc)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f00000004c0)={r5, 0x0, 0x0}, 0x10)
r6 = open(&(0x7f0000000180)='./bus\x00', 0x143042, 0x0)
ftruncate(r6, 0x2007ffb)
lseek(r6, 0x0, 0x4)
ioctl$DRM_IOCTL_MODE_CREATE_LEASE(0xffffffffffffffff, 0xc01864c6, 0x0)
r7 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r7, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000001700)=ANY=[@ANYBLOB="180000002400010300000000000000000100"], 0x18}, 0x1, 0x0, 0x0, 0x8001}, 0x4000)

16m6.7115412s ago: executing program 1 (id=258):
capset(&(0x7f0000000080)={0x20071026}, &(0x7f0000000040)={0x200000, 0x7})
r0 = syz_init_net_socket$llc(0x1a, 0x1, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f0000000180)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
r4 = landlock_create_ruleset(&(0x7f0000000040)={0xb001, 0x3, 0x3}, 0x18, 0x0)
read$FUSE(0xffffffffffffffff, &(0x7f0000000480)={0x2020}, 0x2020)
landlock_restrict_self(r4, 0x0)
mknodat(0xffffffffffffff9c, &(0x7f0000000300)='./file2\x00', 0xc000, 0x0)
renameat2(0xffffffffffffff9c, &(0x7f0000000080)='./file2\x00', 0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', 0x2)
r5 = socket$inet6(0xa, 0x2, 0x0)
ioctl$ifreq_SIOCGIFINDEX_wireguard(r0, 0x8933, &(0x7f0000000280)={'wg1\x00', <r6=>0x0})
bpf$MAP_CREATE(0x0, &(0x7f00000003c0)=@base={0x19, 0x5, 0x2, 0x40, 0x21d8, 0x1, 0xff, '\x00', r6, 0xffffffffffffffff, 0x5, 0x0, 0x2}, 0x50)
bind$inet6(r5, &(0x7f0000f5dfe4)={0xa, 0x4e20, 0x0, @empty}, 0x1c)
sendto$inet6(r5, 0x0, 0x0, 0x0, &(0x7f0000000240)={0xa, 0x4e20, 0x0, @mcast2}, 0x1c)
setsockopt$sock_int(r5, 0x1, 0x2a, &(0x7f0000000000)=0x59cc, 0x4)
ioctl$sock_ipv6_tunnel_SIOCDELTUNNEL(r5, 0x89f2, &(0x7f0000000100)={'ip6_vti0\x00', &(0x7f0000000300)={'ip6_vti0\x00', 0x0, 0x0, 0x4, 0x8, 0x8001, 0x15, @mcast1, @private1, 0x7, 0x7800, 0x4, 0xae02}})
r7 = openat$vicodec0(0xffffffffffffff9c, &(0x7f0000000380), 0x2, 0x0)
ioctl$VIDIOC_TRY_FMT(r7, 0xc0d05640, &(0x7f00000007c0)={0x8, @pix={0x8, 0x1, 0x59455247, 0x9, 0x4, 0x6, 0x3, 0x2, 0x0, 0x2, 0x0, 0x3}})

16m4.408746713s ago: executing program 1 (id=261):
mknodat$null(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0, 0x103)
r0 = inotify_init1(0x0)
prlimit64(0x0, 0xe, &(0x7f0000000340)={0xd, 0x200200090}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x1, &(0x7f0000000040)=0x7)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f0000000180)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4)
r4 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0xb, &(0x7f0000000380)=ANY=[@ANYBLOB], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000300)='rcu_utilization\x00', r4, 0x0, 0x8}, 0x18)
openat$audio(0xffffffffffffff9c, &(0x7f00000000c0), 0x82, 0x0)
inotify_add_watch(r0, &(0x7f00000000c0)='./file0\x00', 0x20000510)
unlinkat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x0)
mkdir(&(0x7f0000000000)='./file0\x00', 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0)
mkdir(&(0x7f0000000300)='./bus\x00', 0x0)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000400)={[{@upperdir={'upperdir', 0x3d, './file1'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@workdir={'workdir', 0x3d, './bus'}}]})
r5 = open(&(0x7f0000000040)='./file0\x00', 0x400, 0x43)
ioctl$KDGKBTYPE(r5, 0x4b33, &(0x7f0000000140))
mknodat$loop(r5, &(0x7f00000002c0)='./file1\x00', 0x6000, 0x0)
chdir(&(0x7f00000003c0)='./bus\x00')
lstat(&(0x7f0000002340)='./file1\x00', &(0x7f0000002400))

16m3.299089716s ago: executing program 1 (id=263):
capset(&(0x7f0000000080)={0x20071026}, &(0x7f0000000040)={0x200000, 0x7})
r0 = syz_init_net_socket$llc(0x1a, 0x1, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f0000000180)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
r4 = landlock_create_ruleset(&(0x7f0000000040)={0xb001, 0x3, 0x3}, 0x18, 0x0)
read$FUSE(0xffffffffffffffff, &(0x7f0000000480)={0x2020}, 0x2020)
landlock_restrict_self(r4, 0x0)
mknodat(0xffffffffffffff9c, &(0x7f0000000300)='./file2\x00', 0xc000, 0x0)
renameat2(0xffffffffffffff9c, &(0x7f0000000080)='./file2\x00', 0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', 0x2)
r5 = socket$inet6(0xa, 0x2, 0x0)
ioctl$ifreq_SIOCGIFINDEX_wireguard(r0, 0x8933, &(0x7f0000000280)={'wg1\x00', <r6=>0x0})
bpf$MAP_CREATE(0x0, &(0x7f00000003c0)=@base={0x19, 0x5, 0x2, 0x40, 0x21d8, 0x1, 0xff, '\x00', r6, 0xffffffffffffffff, 0x5, 0x0, 0x2}, 0x50)
bind$inet6(r5, &(0x7f0000f5dfe4)={0xa, 0x4e20, 0x0, @empty}, 0x1c)
setsockopt$sock_int(r5, 0x1, 0x2a, &(0x7f0000000000)=0x59cc, 0x4)
ioctl$sock_ipv6_tunnel_SIOCDELTUNNEL(r5, 0x89f2, &(0x7f0000000100)={'ip6_vti0\x00', &(0x7f0000000300)={'ip6_vti0\x00', 0x0, 0x0, 0x4, 0x8, 0x8001, 0x15, @mcast1, @private1, 0x7, 0x7800, 0x4, 0xae02}})
r7 = openat$vicodec0(0xffffffffffffff9c, &(0x7f0000000380), 0x2, 0x0)
ioctl$VIDIOC_TRY_FMT(r7, 0xc0d05640, &(0x7f00000007c0)={0x8, @pix={0x8, 0x1, 0x59455247, 0x9, 0x4, 0x6, 0x3, 0x2, 0x0, 0x2, 0x0, 0x3}})

16m1.57568563s ago: executing program 1 (id=266):
openat(0xffffffffffffff9c, &(0x7f000000c380)='./file0\x00', 0x40, 0x0)
openat$fuse(0xffffffffffffff9c, 0x0, 0x42, 0x0)
r0 = gettid()
prlimit64(r0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000480)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r4 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bind$bt_hci(r4, &(0x7f0000000040), 0x6)
ioctl$sock_bt_hci(r4, 0x400448e6, &(0x7f0000000080)="fc")
r5 = fsopen(0x0, 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r5, 0x6, 0x0, 0x0, 0x0)
r6 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpuset.effective_cpus\x00', 0x275a, 0x0)
fcntl$lock(r6, 0x26, 0x0)
fcntl$lock(r6, 0x25, &(0x7f0000000040)={0x0, 0x0, 0x80000080, 0x7, r0})
setsockopt$bt_l2cap_L2CAP_LM(0xffffffffffffffff, 0x6, 0x3, 0x0, 0x0)

16m0.276878685s ago: executing program 1 (id=269):
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r0, 0x0, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040)='cgroup2\x00', 0x0, 0x0)
mount$overlay(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000180), 0x0, 0x0)
mkdir(&(0x7f0000000040)='./file1\x00', 0x0)
mkdir(&(0x7f0000000300)='./bus\x00', 0x0)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000340)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@xino_on}, {@upperdir={'upperdir', 0x3d, './file1'}}]})
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(0xffffffffffffffff, 0x8933, 0x0)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000080)='sched_switch\x00', r3}, 0x10)
chdir(&(0x7f00000003c0)='./bus\x00')
r4 = open(&(0x7f00000000c0)='.\x00', 0x0, 0x0)
getdents(r4, &(0x7f0000001fc0)=""/184, 0x20002078)

15m44.765643909s ago: executing program 33 (id=269):
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r0, 0x0, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040)='cgroup2\x00', 0x0, 0x0)
mount$overlay(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000180), 0x0, 0x0)
mkdir(&(0x7f0000000040)='./file1\x00', 0x0)
mkdir(&(0x7f0000000300)='./bus\x00', 0x0)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000340)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@xino_on}, {@upperdir={'upperdir', 0x3d, './file1'}}]})
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(0xffffffffffffffff, 0x8933, 0x0)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000080)='sched_switch\x00', r3}, 0x10)
chdir(&(0x7f00000003c0)='./bus\x00')
r4 = open(&(0x7f00000000c0)='.\x00', 0x0, 0x0)
getdents(r4, &(0x7f0000001fc0)=""/184, 0x20002078)

16.057027377s ago: executing program 4 (id=2246):
r0 = openat$audio(0xffffffffffffff9c, &(0x7f0000000180), 0x109842, 0x0)
r1 = syz_io_uring_setup(0x19d1, &(0x7f00000003c0)={0x0, 0xfffffffc, 0x10100, 0x8000000, 0x8000000}, &(0x7f0000000080)=<r2=>0x0, &(0x7f0000000140)=<r3=>0x0)
syz_io_uring_submit(r2, r3, &(0x7f0000000240)=@IORING_OP_POLL_ADD={0x6, 0x0, 0x0, @fd_index=0x3, 0x0, 0x0, 0x0, {0x2185}, 0x1})
io_uring_enter(r1, 0xa3d, 0x0, 0x0, 0x0, 0xff39)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xe)
prctl$PR_SET_SECCOMP(0x16, 0x2, 0x0)
move_pages(0x0, 0xffffffffffffff55, 0x0, 0x0, 0x0, 0x0)
sendmsg$can_bcm(0xffffffffffffffff, &(0x7f00000004c0)={0x0, 0x0, 0x0}, 0x0)
r5 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f00000002c0)=ANY=[@ANYRES16=r4], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r5}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000180)={0xc, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r6 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r6, 0x1, &(0x7f0000000200)=0x4)
r7 = socket$inet(0x2, 0x3, 0x2)
r8 = dup(r7)
setsockopt$inet_int(r8, 0x0, 0xce, 0x0, 0x0)
mmap$binder(&(0x7f0000297000/0x1000)=nil, 0x1000, 0x1, 0x11, r8, 0x7)
r9 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r9, &(0x7f0000019680)=""/102392, 0x18ff8)
sched_setaffinity(0x0, 0xfffffef7, &(0x7f0000000740)=0x410000002)
r10 = socket$nl_netfilter(0x10, 0x3, 0xc)
r11 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r11, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000440)=ANY=[@ANYBLOB="4c00000002060108000034e40000000000000000050001000600000005000400000000000900020073797a3100000080050005000200000011000300686173683a69702c706f7274"], 0x4c}, 0x1, 0x0, 0x0, 0x4000}, 0x0)
sendmsg$IPSET_CMD_ADD(r10, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000300)=ANY=[@ANYBLOB="50000000090601020000000000000000020000840900020073797a31000000000500010007000000280007800c00018008000140fffffff70500070084000000060004404e22000006000540"], 0x50}, 0x1, 0x0, 0x0, 0x10000082}, 0x90)
ioctl$AUTOFS_IOC_EXPIRE(r0, 0x810c9365, &(0x7f0000000280)={{0x1, 0x3ff}, 0x100, './file0\x00'})
openat$cuse(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)

14.549680822s ago: executing program 4 (id=2249):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000280)={0x9})
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_PIT(r1, 0x8048ae66, &(0x7f0000000100)={[{0x5, 0xc000, 0x4, 0x5, 0x0, 0x8, 0x3, 0xa, 0xb9, 0x1, 0xe, 0x5, 0x204}, {0x804, 0x1, 0x1, 0x45, 0x7, 0x2, 0x2, 0xff, 0x0, 0x4, 0x6, 0x7f, 0x20c}, {0x1, 0x3, 0x38, 0x3, 0x84, 0x7, 0x3, 0x50, 0x0, 0x70, 0x4, 0x5, 0x24ab}], 0xffffffff})
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000003c0)={[0x60000000000, 0x1000000000, 0x0, 0x40, 0x200002000001, 0x0, 0x2004c8, 0x0, 0x0, 0x68ff, 0x5, 0x7fff, 0x3, 0x400000000], 0x80ad003})
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)

13.598235306s ago: executing program 4 (id=2255):
openat$vhost_vsock(0xffffffffffffff9c, 0x0, 0x2, 0x0)
r0 = socket$inet6(0xa, 0x1, 0x8010000000000084)
bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e21, 0x0, @empty}, 0x1c)
openat$rdma_cm(0xffffffffffffff9c, 0x0, 0x2, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
ioctl$sock_inet_SIOCSIFNETMASK(r0, 0x891c, &(0x7f0000001540)={'tunl0\x00', {0x2, 0x4e23, @local}})
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
bind$netlink(r3, &(0x7f0000000200)={0x10, 0x0, 0x0, 0x80065c9}, 0xc)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)={0x0}}, 0x0)
connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e21, 0x0, @ipv4={'\x00', '\xff\xff', @dev={0xac, 0x14, 0x14, 0x14}}}, 0x1c)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r0, 0x84, 0x9, &(0x7f0000000300)={0x0, @in6={{0xa, 0x0, 0x0, @empty}}, 0x0, 0x0, 0x318, 0x1, 0x24}, 0x9c)
r4 = socket$inet6(0xa, 0x2, 0x0)
setreuid(0xffffffffffffffff, 0xee00)
ioctl$sock_SIOCETHTOOL(r4, 0x89f0, &(0x7f0000000040)={'bridge0\x00', &(0x7f0000000100)=@ethtool_coalesce={0xf, 0x0, 0x6dd68c91, 0x6, 0x10, 0xfff, 0x0, 0xc0000000, 0x402, 0x3, 0x5, 0x7f, 0x3, 0x6, 0x7f, 0xfffffffc, 0x8, 0x800002, 0x80000000, 0x2, 0x1ff, 0xfffffff9, 0xc}})

11.221490924s ago: executing program 0 (id=2258):
r0 = openat$uhid(0xffffffffffffff9c, &(0x7f0000000400), 0x2, 0x0)
write$UHID_CREATE2(r0, 0x0, 0x119)

10.959380725s ago: executing program 0 (id=2260):
socket$inet6_sctp(0xa, 0x1, 0x84)
socket$inet(0x2b, 0x801, 0x0)
prlimit64(0x0, 0xe, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x1, &(0x7f0000000200)=0x7)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0xb, &(0x7f0000000380)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020000000000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000300)='rcu_utilization\x00', r3}, 0x10)
r4 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x8400, 0x0)
ioctl$FS_IOC_SETFLAGS(r4, 0x40046f41, 0x0)
read$FUSE(0xffffffffffffffff, 0x0, 0x0)
fsopen(0x0, 0x1)
mount$fuse(0x0, 0x0, 0x0, 0x0, 0x0)
shmctl$IPC_RMID(0x0, 0x0)
mount(&(0x7f00000000c0)=@nullb, 0x0, 0x0, 0x208000, 0x0)
socket$inet_sctp(0x2d, 0x5, 0x84)
r5 = socket$kcm(0x2, 0x200000000000001, 0x106)
sendmsg$inet(r5, &(0x7f0000000080)={&(0x7f0000000140)={0x2, 0x4001, @local}, 0x10, 0x0}, 0x30004001)

10.158688754s ago: executing program 6 (id=2264):
r0 = syz_usb_connect(0x5, 0x2d, &(0x7f0000000040)=ANY=[@ANYBLOB="12010000fdc01a40f30c74933bbc0000000109021b0001000000000904000001a7a00f00090582020002"], 0x0)
unshare(0x2040400)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000006c0)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
sendmsg$inet(r2, &(0x7f0000001b00)={0x0, 0x0, 0x0, 0x0, &(0x7f0000001d80)=ANY=[@ANYBLOB="28010000000000000100000001"], 0x128}, 0x4050)
recvmsg$unix(r1, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000080), 0x100}, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
sendmsg$inet(r4, &(0x7f0000001b00)={0x0, 0x0, 0x0, 0x0, &(0x7f0000001d80)=ANY=[], 0x128}, 0x0)
recvmsg$unix(r3, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000080), 0x100}, 0x0)
r5 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route(r5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000001bc0)=@newlink={0x44, 0x10, 0xffffff1f, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x24, 0x12, 0x0, 0x1, @ipip6={{0xb}, {0x14, 0x2, 0x0, 0x1, [@IFLA_IPTUN_FLAGS={0x8}, @IFLA_IPTUN_PROTO={0x5}]}}}]}, 0x44}}, 0x0)
newfstatat(0xffffffff0000005d, 0x0, 0x0, 0x1000)
r6 = socket$inet6_mptcp(0xa, 0x1, 0x106)
setsockopt$inet6_tcp_TCP_CONGESTION(r6, 0x6, 0xd, &(0x7f0000000080)='cdg\x00', 0x4)
bind$inet6(r6, &(0x7f0000000000)={0xa, 0x3, 0x0, @loopback}, 0x1c)
r7 = open$dir(&(0x7f00000002c0)='./file0\x00', 0x11500, 0x80)
openat$incfs(r7, &(0x7f0000000340)='.log\x00', 0x200000, 0x0)
connect$inet6(r6, &(0x7f0000000040)={0xa, 0x3, 0x0, @loopback}, 0x1c)
r8 = socket$nl_route(0x10, 0x3, 0x0)
r9 = syz_open_dev$cec(&(0x7f0000000000), 0x0, 0x180)
ioctl$CEC_ADAP_S_LOG_ADDRS(r9, 0xc05c6104, &(0x7f00000000c0)={"0000f980", 0x0, 0x6, 0x2, 0x1ff, 0x0, "f700", '\x00\x00\a\x00', "0300", "fcffffff", ["50d5c2a7c5ace40000b600", "808e88e2e9ffffffffff00", "0c0500743c97c443084000", "ff81000000008000"]})
r10 = syz_open_procfs$namespace(0x0, &(0x7f0000000100)='ns/net\x00')
sendmsg$nl_route(r8, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000200)=@newlink={0x3c, 0x10, 0x49920d862a92153b, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @vxcan={{0xa}, {0x4, 0x2, 0x0, 0x1, @void}}}, @IFLA_NET_NS_FD={0x8, 0x1c, r10}]}, 0x3c}}, 0x0)
sendmmsg$inet6(r6, &(0x7f00000018c0)=[{{0x0, 0x0, &(0x7f0000000140)=[{&(0x7f0000000700)="1255f5", 0x3}], 0x1}}, {{0x0, 0x0, &(0x7f00000016c0)=[{&(0x7f0000000240)=' ', 0x1}], 0x1}}], 0x2, 0x48800)
r11 = syz_open_dev$vim2m(&(0x7f0000000000), 0x3, 0x2)
ioctl$vim2m_VIDIOC_REQBUFS(r11, 0xc0145608, &(0x7f00000000c0)={0x1, 0x2, 0x1})
ioctl$vim2m_VIDIOC_QBUF(r11, 0xc058560f, &(0x7f0000000180)=@multiplanar_mmap={0x0, 0x2, 0xffffffffffffff81, 0x2, 0x0, {0x77359400}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 'y)\x00'}, 0x0, 0x1, {0x0}, 0xea})
accept4$inet6(r6, &(0x7f0000000200)={0xa, 0x0, 0x0, @initdev}, &(0x7f0000000280)=0x1c, 0x0)
syz_usb_ep_write$ath9k_ep1(r0, 0x82, 0x4, &(0x7f00000005c0)=ANY=[])

9.970629027s ago: executing program 0 (id=2265):
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000180)={0x8, 0x100}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000500), 0x13f, 0x2}}, 0xfffffffffffffd50)
bpf$MAP_CREATE_RINGBUF(0x0, 0x0, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
socketpair$unix(0x1, 0x1, 0x0, 0x0)
syz_io_uring_setup(0x88f, &(0x7f0000000300)={0x0, 0x17da, 0x0, 0x2, 0xbfdffffc}, &(0x7f0000000000), 0x0)
bpf$MAP_CREATE(0x0, 0x0, 0x48)
r1 = epoll_create(0xeed)
r2 = openat$random(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r2, &(0x7f00000000c0)={0x20000003})
epoll_ctl$EPOLL_CTL_MOD(r1, 0x3, r2, &(0x7f0000000140)={0x20000008})
write$uinput_user_dev(0xffffffffffffffff, &(0x7f0000000400)={'syz0\x00', {0x7, 0x4, 0x6, 0xfffa}, 0x3d, [0x6, 0xc95a, 0xfffffff3, 0x8, 0x80, 0x2, 0x1, 0x7f, 0x3, 0x449, 0xfffffff2, 0x5f, 0xc, 0x0, 0xffff2d37, 0x1dd2, 0x6, 0x7, 0x0, 0x80000001, 0x7b08, 0x7, 0x3, 0x3c5b, 0x1, 0x24, 0xffffffff, 0xfffffffe, 0x1f461e2c, 0x3, 0xe661, 0x4, 0x1000007, 0x3, 0x8001, 0x4c74, 0x8f00, 0x642, 0x3, 0xa, 0x0, 0x71, 0x7, 0x7, 0x103, 0x0, 0x5, 0x3d, 0x8f, 0x6, 0x1, 0x4, 0x5, 0x4, 0x5, 0x0, 0x80, 0x0, 0x5, 0x6, 0x8, 0x4, 0x0, 0x40], [0x10000007, 0x10002, 0x12b, 0x8000, 0x10, 0x6, 0x129432e6, 0x3, 0xf9, 0xd, 0x2bf, 0x6c9, 0x1ff, 0xfffffffe, 0x3, 0x0, 0x7, 0x10000005, 0x2f, 0xe, 0x313, 0x78, 0xea4, 0xa, 0x4, 0x4, 0x80, 0x5, 0x400, 0x1, 0x6, 0x400001, 0xff, 0x1005, 0x7ff, 0x5f31, 0x4, 0xffffffff, 0x6, 0x1000004, 0x9, 0x4, 0x9, 0x8, 0x9, 0x7, 0x5, 0x0, 0x3, 0x8000, 0xefff, 0x2, 0x7f, 0x9, 0x8, 0x3, 0x4, 0x1, 0x20007, 0x3, 0x9, 0x48c93690, 0x6, 0xff], [0x7, 0x80, 0x0, 0x64e, 0xfffffdfe, 0x7fffffff, 0x8d2, 0x9, 0x5, 0x7fff, 0x0, 0x5, 0xb, 0x4, 0x5, 0x5, 0x0, 0x1ef, 0x5, 0x8, 0x86, 0x3, 0x10000009, 0x3e7, 0xb, 0x5, 0x202, 0x40002, 0xf, 0x8, 0x84, 0x6d01, 0x5, 0x3c, 0x3, 0x200, 0x80, 0x3, 0x4, 0x2, 0xfffffffd, 0xa4, 0x7, 0x53cf697b, 0x5, 0x6, 0x54fe12da, 0xbf, 0x5, 0x3, 0x400000, 0xfffffff9, 0x0, 0x1, 0x4, 0x0, 0xf95, 0xfffffffb, 0x120000, 0x9, 0x6, 0x9, 0x2, 0x4], [0x9, 0xbb31, 0x3, 0xfffffffa, 0x5, 0x3, 0x6, 0x6, 0x51bf, 0x5, 0xce7, 0x1ff, 0x6, 0x7, 0x5, 0x3, 0x104, 0x80000000, 0x0, 0x7fff, 0x8ffff, 0xa620, 0x2, 0x5, 0xffffffff, 0x2, 0x8000014c, 0x60a7, 0x6, 0x2, 0xffffffff, 0x80000003, 0x5, 0x8, 0xff, 0x40003, 0x3, 0xffff, 0x3, 0x8, 0x100, 0x9602, 0xa, 0x2, 0x4, 0x6, 0x1, 0x10000, 0x5, 0x8, 0x2b91, 0xa1f, 0x8, 0x9, 0x1, 0x6c0b, 0x0, 0x2, 0x5, 0xb1c, 0x705, 0x200, 0xfff, 0xfff]}, 0x45c)
r3 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
ioctl$IOMMU_IOAS_ALLOC(r3, 0x3b81, &(0x7f0000000200)={0xc, 0x0, <r4=>0x0})
ioctl$IOMMU_VFIO_IOAS$SET(r3, 0x3b88, &(0x7f0000000300)={0xc, r4})
ioctl$IOMMU_IOAS_MAP$PAGES(r3, 0x3b85, &(0x7f0000000340)={0x28, 0x4, r4, 0x0, &(0x7f0000ffb000/0x3000)=nil, 0x3000, 0x2})
ioctl$IOMMU_IOAS_MAP$PAGES(r3, 0x3b85, &(0x7f0000000000)={0x28, 0x6, r4, 0x0, &(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x5})
ioctl$IOMMU_VFIO_SET_IOMMU(r3, 0x3b66, 0x1)
ioctl$IOMMU_VFIO_IOMMU_UNMAP_DMA(r3, 0x3b72, &(0x7f0000000440)=ANY=[@ANYBLOB="1800007f00"])

8.265164547s ago: executing program 0 (id=2267):
r0 = socket$xdp(0x2c, 0x3, 0x0)
getsockopt$XDP_STATISTICS(r0, 0x11b, 0xf, 0x0, 0x0)
r1 = openat$procfs(0xffffffffffffff9c, 0x0, 0x0, 0x0)
socket$nl_crypto(0x10, 0x3, 0x15)
prlimit64(0x0, 0xe, &(0x7f0000000440)={0x6, 0x8c}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x3)
setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x20, 0x0, 0x0)
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=@base={0xa, 0x5, 0x9, 0xcd}, 0x50)
r3 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000, 0x0, 0xffffffffffffffff, 0x9}, 0x50)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x10, &(0x7f0000000000)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b702000002000000850000008600000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000600)={&(0x7f00000005c0)='sys_enter\x00', r4}, 0x10)
r5 = open(&(0x7f0000000040)='./bus\x00', 0x143142, 0x80)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xc, &(0x7f0000000400)={0x1, &(0x7f0000000380)=[{0x6, 0x2, 0x0, 0x7ffffffb}]})
mq_timedsend(0xffffffffffffffff, 0x0, 0x0, 0xe0, 0x0)
ftruncate(r5, 0x2007ffb)
fcntl$getownex(r1, 0x10, &(0x7f00000000c0)={0x0, <r6=>0x0})
sched_setaffinity(r6, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r7 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
ioctl$AUTOFS_DEV_IOCTL_REQUESTER(r1, 0xc018937b, &(0x7f0000000000)={{0x1, 0x1, 0x18, r1, {<r8=>0xee01}}, './file0\x00'})
getgroups(0x3, &(0x7f0000000080)=[<r9=>0xee00, 0xffffffffffffffff, 0xee01])
getsockopt$inet_IP_IPSEC_POLICY(r1, 0x0, 0x10, 0x0, 0x0)
write$P9_RSTATu(r1, &(0x7f0000000100)=ANY=[@ANYBLOB="670000007d0100000052000c007f000003000000000000000003000000000000000406000000c1636b9705000000000000000f002f6465762f6370752f232f6d73720001002900000f002f6465762f6370752f232f6d7372000000", @ANYRES32=r8, @ANYRES32=r9, @ANYRES32=0x0], 0x67)
read$msr(r7, &(0x7f0000019380)=""/102400, 0x19000)
r10 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000100), 0x2, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r10, &(0x7f0000000040)={0x0, 0x7, 0xfa00, {0x0, &(0x7f0000000000)={<r11=>0xffffffffffffffff}, 0x13f}}, 0x20)
write$RDMA_USER_CM_CMD_RESOLVE_ADDR(r10, &(0x7f0000000280)={0x15, 0xfffffffffffffdf1, 0xfa00, {r11, 0x0, 0x0, 0x30, 0x0, @in6={0xa, 0x4e23, 0x1, @loopback, 0x5}, @ib={0x1b, 0x0, 0xc, {"7d735931001016095e000303ff010001"}, 0x4}}}, 0x118)
write$RDMA_USER_CM_CMD_LISTEN(r10, &(0x7f0000000080)={0x7, 0x8, 0xfa00, {r11}}, 0x10)

7.338816958s ago: executing program 2 (id=2268):
symlink(&(0x7f0000000000)='.\x00', 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000440)='./bus\x00', 0x0)
mount$overlay(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000000), 0x10000, &(0x7f00000002c0)={[{@workdir={'workdir', 0x3d, './file0'}}, {@lowerdir={'lowerdir', 0x3d, '.'}}, {@upperdir={'upperdir', 0x3d, './bus'}}], [], 0x2c})

6.734782667s ago: executing program 0 (id=2269):
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0xb058}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
ioctl$KDGKBDIACR(0xffffffffffffffff, 0x4b4b, 0x0)
sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r1, 0x0, 0x0)
sendmsg$kcm(0xffffffffffffffff, 0x0, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r4 = socket$inet6(0xa, 0x3, 0x6)
setsockopt$inet6_buf(r4, 0x29, 0x39, 0x0, 0x0)
socketpair$unix(0x1, 0x5, 0x0, 0x0)
r5 = io_uring_setup(0x773d, &(0x7f0000000a40)={0x0, 0x0, 0x1000, 0x0, 0x3bc})
r6 = socket$rxrpc(0x21, 0x2, 0xa)
bind$rxrpc(r6, &(0x7f0000000000)=@in4={0x21, 0x4, 0x2, 0x10, {0x2, 0x0, @empty}}, 0x24)
listen(r6, 0x4)
close_range(r5, r6, 0x0)
bind$rxrpc(0xffffffffffffffff, &(0x7f0000000280)=@in4={0x21, 0x3, 0x2, 0x10, {0x2, 0x4e20, @remote}}, 0x24)
r7 = syz_open_dev$usbfs(&(0x7f0000000000), 0x1ff, 0x402)
ioctl$USBDEVFS_CONTROL(r7, 0xc0185500, 0x0)
sendmsg$nl_xfrm(r0, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000780)=ANY=[@ANYBLOB="48010000100001000000000000000000e00000020000000000000000000000000a010101000000000000000000000000000000004e2100"/64, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="ffffdfff0000000000000000000000000000000033000000fe8000000000000000000000010000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000fcffffffffffffff000000000000000000000000000004000000010000000000000000000a000000000000000000000048000100736861323536000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000048460000000000000000000000000008001d00000000000800220003"], 0x148}}, 0x0)

6.718928334s ago: executing program 2 (id=2270):
r0 = openat$uhid(0xffffffffffffff9c, &(0x7f0000000400), 0x2, 0x0)
write$UHID_CREATE2(r0, &(0x7f0000000040)=ANY=[@ANYRESHEX], 0x119)

6.481575405s ago: executing program 2 (id=2271):
r0 = socket(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000200)={'sit0\x00'})
sendmsg$nl_route(r0, &(0x7f0000000080)={0xffffffffffffffff, 0x0, &(0x7f00000001c0)={&(0x7f0000000240)=ANY=[@ANYBLOB="4000000068000100ddc8000000993fd461d6b0890ffae5933e5b02000000040000420000000004000000000000000000000000004fd76960030e68f1813b90847200dbf8293dca6c84bf763c9cf7ab02b4", @ANYRES32=r0, @ANYRES64=r0, @ANYRES64=0x0, @ANYBLOB], 0x40}}, 0x0)
r1 = syz_open_procfs(0x0, &(0x7f0000000180)='net/kcm\x00')
socket$inet_udp(0x2, 0x2, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x5, 0x89}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000100)=0x2)
sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r2, &(0x7f0000002000)=""/102400, 0x19000)
io_setup(0x8, 0x0)
r3 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000100), 0x2, 0x0)
write$RDMA_USER_CM_CMD_SET_OPTION(r3, &(0x7f00000000c0)={0xe, 0x18, 0xfa00, @id_tos={0x0, 0xffffffffffffffff, 0x0, 0x3}}, 0x20)
preadv(r1, 0x0, 0x0, 0xd, 0x0)
r4 = openat$iommufd(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0)
ioctl$IOMMU_IOAS_ALLOC(r4, 0x3b81, &(0x7f0000000400)={0xc, 0x0, <r5=>0x0})
ioctl$IOMMU_IOAS_MAP$PAGES(r4, 0x3b85, &(0x7f0000000140)={0x28, 0x6, r5, 0x0, &(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x800})
ioctl$IOMMU_IOAS_MAP$PAGES(r4, 0x3b85, &(0x7f0000000000)={0x28, 0x4, r5, 0x0, &(0x7f00004f9000/0x3000)=nil, 0x3000})
ioctl$IOMMU_IOAS_ALLOC(r4, 0x3b81, &(0x7f0000000080)={0xc, 0x0, <r6=>0x0})
ioctl$IOMMU_IOAS_COPY(r4, 0x3b83, &(0x7f0000000040)={0x28, 0x3, r6, r5, 0x3, 0xfffffffffefffff8, 0x3fff})
fsmount(r1, 0x1, 0x6)

6.340314771s ago: executing program 4 (id=2272):
r0 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
r1 = syz_open_procfs$userns(0x0, &(0x7f0000000180))
ioctl$AUTOFS_DEV_IOCTL_OPENMOUNT(0xffffffffffffffff, 0xc0189374, &(0x7f00000001c0)={{0x1, 0x1, 0x18, <r2=>0xffffffffffffffff, {0xb0}}, './file0\x00'})
sendmsg$RDMA_NLDEV_CMD_SYS_SET(r0, &(0x7f00000002c0)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x20}, 0xc, &(0x7f0000000280)={&(0x7f0000000200)={0x4c, 0x1407, 0x100, 0x70bd29, 0x25dfdbfb, "", [@RDMA_NLDEV_ATTR_DEV_DIM={0x5, 0x54, 0x1}, @RDMA_NLDEV_NET_NS_FD={0x8, 0x44, r1}, @RDMA_NLDEV_ATTR_DEV_INDEX={0x8, 0x1, 0x1}, @RDMA_NLDEV_NET_NS_FD={0x8}, @RDMA_NLDEV_NET_NS_FD={0x8, 0x44, r2}, @RDMA_NLDEV_ATTR_DEV_NAME={0x9, 0x2, 'syz0\x00'}, @RDMA_NLDEV_ATTR_DEV_INDEX={0x8}]}, 0x4c}, 0x1, 0x0, 0x0, 0x4040000}, 0x4000000)
r3 = socket(0x10, 0x3, 0x0)
r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x3, 0x6, &(0x7f0000000000)=ANY=[@ANYBLOB="050000000000000063112800000002008510008500"/32], &(0x7f0000000080)='GPL\x00', 0x5, 0x29e, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0xffffffffffffffff, 0x6}, 0x70)
sendmsg$nl_route(r3, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=@newlink={0x4c, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x24200}, [@IFLA_LINKINFO={0x2c, 0x12, 0x0, 0x1, @macvlan={{0xc}, {0x1c, 0x2, 0x0, 0x1, [@IFLA_MACVLAN_MODE={0x8}, @IFLA_MACVLAN_MACADDR_DATA={0x10, 0x5, 0x0, 0x1, [{0xa}]}]}}}]}, 0x4c}, 0x1, 0x4801000000000000}, 0x0)
ioctl$BTRFS_IOC_TREE_SEARCH_V2(r0, 0xc0709411, &(0x7f0000000300)={{<r5=>0x0, 0x4, 0x80000000, 0x8, 0xef8, 0x3, 0x2, 0x8001, 0x5, 0xfff, 0x6, 0x0, 0x1, 0x9, 0x1}, 0x18, [0x0, 0x0, 0x0]})
ioctl$IOCTL_VMCI_VERSION2(0xffffffffffffffff, 0x7a7, &(0x7f0000000140)=0xa0000)
r6 = socket$inet(0x2, 0x2, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000005c0)=@newqdisc={0x24}, 0x24}}, 0x0)
r7 = socket(0x2a, 0x2, 0x0)
getsockname$packet(r7, &(0x7f0000000200)={0x11, 0x0, <r8=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000001480)=0x14)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000400)=@newqdisc={0x34, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r8, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_cake={{0x9}, {0x4}}]}, 0x34}}, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000440)=@newtfilter={0x50, 0x2c, 0x52f, 0x0, 0x25dfdbff, {0x0, 0x0, 0x0, r8, {}, {}, {0x2, 0xe}}, [@filter_kind_options=@f_flower={{0xb}, {0x20, 0x2, [@TCA_FLOWER_KEY_ENC_UDP_DST_PORT={0x6}, @TCA_FLOWER_KEY_ENC_IPV6_DST={0x14, 0x21, @local}]}}]}, 0x50}}, 0x0)
r9 = socket$netlink(0x10, 0x3, 0x0)
r10 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$inet(r10, &(0x7f0000000000)={0x0, 0xa6, &(0x7f0000003480)=[{&(0x7f0000000040)="1800000072006bcd9e3fe3dc6e080000070900000d000000", 0x18}], 0x1, 0x0, 0x0, 0x1f00c00e}, 0x0)
syz_emit_ethernet(0x5e, &(0x7f00000001c0)={@broadcast, @remote, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "120008", 0x28, 0x3a, 0xff, @ipv4={'\x00', '\xff\xff', @dev={0xac, 0x14, 0x14, 0x20}}, @mcast2, {[], @ndisc_redir={0x89, 0x0, 0x0, '\x00', @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @private0={0xfc, 0x0, '\x00', 0x1}}}}}}}, 0x0)
sendmmsg(r9, &(0x7f00000002c0), 0x40000000000009f, 0x0)
setsockopt$IPT_SO_SET_REPLACE(r6, 0x0, 0x40, &(0x7f0000000000)=@raw={'raw\x00', 0x8, 0x3, 0x260, 0x0, 0xb, 0xd0e0011, 0x0, 0xc6, 0x1c8, 0x1d8, 0x190, 0x1c8, 0x1d8, 0x3, 0x0, {[{{@ip={@rand_addr, @multicast1, 0x0, 0x0, 'nr0\x00', 'vlan0\x00', {}, {}, 0x1}, 0x0, 0xc0, 0xf0, 0x2000000, {}, [@common=@icmp={{0x28}, {0x0, "0010"}}, @common=@unspec=@state={{0x28}}]}, @common=@unspec=@CONNMARK={0x30}}, {{@ip={@initdev={0xac, 0x1e, 0x0, 0x0}, @broadcast, 0xffffff00, 0xffffffff, 'veth0_to_bond\x00', 'macvlan0\x00', {}, {0xff}, 0x11, 0x2, 0x72}, 0x0, 0x70, 0xd8}, @unspec=@CT2={0x68, 'CT\x00', 0x2, {0x0, 0x0, 0x0, 0x0, 'syz1\x00', 'syz1\x00'}}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x2c0)
ioctl$IOCTL_VMCI_INIT_CONTEXT(0xffffffffffffffff, 0x7a0, &(0x7f0000000040)={@host})
ioctl$IOCTL_VMCI_NOTIFY_RESOURCE(0xffffffffffffffff, 0x7aa, &(0x7f0000000080)={{@my=0x1}, 0x0, 0x2, 0x3})
ioctl$BTRFS_IOC_TREE_SEARCH_V2(r4, 0xc0709411, &(0x7f00000003c0)={{r5, 0x1, 0x3, 0x6, 0x7f, 0x9, 0xffffffffffffa540, 0x1, 0xa996, 0x878f, 0xfffffffd, 0xffffffffffffffff, 0x6, 0x1, 0x5}, 0x8, [0x0]})

6.067621389s ago: executing program 5 (id=2273):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
listen(r0, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="0f00000004000000040000000300000000000000", @ANYRES32, @ANYBLOB="000000000000000000000000000900676419dd360000000000", @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/21], 0x50)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000680)={0x10, 0x4, &(0x7f0000000380)=ANY=[@ANYBLOB="18020000004000000000000000000000850000003d00000095"], &(0x7f00000000c0)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x4}, 0x94)
r2 = bpf$MAP_CREATE(0x0, &(0x7f00000023c0)=ANY=[@ANYBLOB="1200000004000000080000000b"], 0x48)
mlock(&(0x7f0000ffc000/0x1000)=nil, 0x1000)
bpf$BPF_PROG_DETACH(0x8, &(0x7f0000000740)=ANY=[@ANYRES32=r2, @ANYRES32=r1, @ANYBLOB='\a'], 0x10)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000500)={r2, &(0x7f0000000240), &(0x7f00000004c0)=@tcp6=r0}, 0x20)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000100)={&(0x7f0000000300)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x18, 0x18, 0x7, [@struct={0x5, 0x1, 0x0, 0xf, 0x0, 0x3, [{0x6, 0x1, 0x5}]}]}, {0x0, [0x0, 0x61, 0x0, 0x61, 0x61]}}, &(0x7f0000000000)=""/254, 0x37, 0xfe, 0x9, 0x1000}, 0x28)
sendmmsg$inet6(r0, &(0x7f0000000b00)=[{{0x0, 0x0, 0x0}}, {{0x0, 0x0, &(0x7f0000000300)=[{&(0x7f0000000ac0)="b0", 0x18000}], 0x11}}], 0x2, 0x0)

5.648852287s ago: executing program 6 (id=2274):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
listen(r0, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000400)=@base={0xf, 0x4, 0x4, 0x3}, 0x50)
mmap(&(0x7f0000ff4000/0xc000)=nil, 0xc000, 0x1000003, 0x20031, 0xffffffffffffffff, 0xffffe000)
r1 = openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={0xffffffffffffffff, 0x5, 0x0, 0x0, &(0x7f0000000000), 0x0, 0xd01, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x50)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x3000000, 0x810, 0xffffffffffffffff, 0x0)
ioctl$KVM_CREATE_DEVICE(r2, 0xc00caee0, &(0x7f0000000100)={0x4, <r3=>0xffffffffffffffff})
ioctl$KVM_SET_DEVICE_ATTR(r3, 0x4018aee1, 0x0)
socket$inet_mptcp(0x2, 0x1, 0x106)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f00000003c0)={0x4, 0x80100008b}, 0x0)
sched_setaffinity(0x0, 0x11, &(0x7f0000000180)=0x1400200bce)
r4 = socket$can_raw(0x1d, 0x3, 0x1)
setsockopt$CAN_RAW_FILTER(r4, 0x65, 0x1, &(0x7f0000000000)=[{{0x4, 0x1, 0x1, 0x1}, {0x1}}], 0x8)
sched_setscheduler(0x0, 0x1, &(0x7f0000002200)=0x1)
r5 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r5, &(0x7f0000002700)=""/102392, 0x18ff8)
r6 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000480), 0x1a1040, 0x0)
ioctl$AUTOFS_IOC_FAIL(r6, 0x4c80, 0x7000000)
mount(&(0x7f0000000040)=@nbd={'/dev/nbd', 0x0}, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000080)='ocfs2\x00', 0x0, 0x0)
r7 = fsopen(&(0x7f0000000240)='befs\x00', 0x0)
fsconfig$FSCONFIG_SET_STRING(r7, 0x1, &(0x7f0000000ac0)='gid', &(0x7f00000005c0)='0\x00#\x00\xd0\x00 \x00\x00qS\x00\x00\x00\x00\x00\x00\x00\x00$\xf6_\xbdI\x1c\xf2\xa9]\xcc\xe0*\xef\x01\x8d\x15\xd2h\x93\xc9\xb57\xc3\xea\\Eb\xf8\xe6,\xdf\xd4\xfae\x84\xcc\xd5\"d\xf0D-\x98\x9f\x81{\xfc$\xc4\xbcF\xf8\xc8\x8d\xcb\xb8\xf2\x1e\xe4\'U\xb3\xb8\xd3\xe6\xd7\x80Y\xc2\xeb\n\xb8_\xe8\x96YY\xe3\xc7\xe6\xf28\x19\xa6\xa7\xfa\xdb\x1ce\xc1\x03\x86J\xb2fh\x19\xee#\xcc\x0f\xed\xfea\xdc\x88\xcb%bW\xd35\xda=\xac\x1d\xae\x93\xfd\'T6\x94\n\xa4\x9cU\xc4\fA~[\xbf\x8b\x90\xfe\x04\xe7U\xf3h\x81\x14l7u\x95\x96t\\\x0f\xef;\x03\xa4C\xbc(Vc!a\xc1\xe39\xc6b\x905\xf8\xc9@h\x01\xf5\xcb\x88\xdf9\xaf5\xc8a:z\xe4\xcbag&67\x814\xf6}\xe10v6l\xd6,\x1e\xa0\xcc\xbf\xfdkm\b?\x839\x85N\x1c\xc1\xcb\xfc\x85\xd2\n\x02\"\xf2\x81g\x90\x01n%\x7f_\xe1.f>>\xa5\xfb\"\xab\xdb\x06\x12e\x14\x11~\x9a\bR-\x85\xc3\xa9\xe6\xf6R\x11\"\xc3\xc9\xfc\x14s X\xec\xdd\xc2qB\x85\xf0\xd7\x04\xdd<\x9a\x84\'\xa3\xf1\xd9<\xb9k', 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000680)={0x10, 0x4, &(0x7f0000000380)=ANY=[@ANYBLOB="18020000004000000000000000000000850000003d00000095"], &(0x7f00000000c0)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x4}, 0x94)
bpf$MAP_CREATE(0x0, &(0x7f00000023c0)=ANY=[@ANYBLOB="1200000004000000080000000b"], 0x48)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)

5.64581473s ago: executing program 5 (id=2275):
socket$inet6_sctp(0xa, 0x1, 0x84)
socket$inet(0x2b, 0x801, 0x0)
prlimit64(0x0, 0xe, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x1, &(0x7f0000000200)=0x7)
connect$unix(0xffffffffffffffff, &(0x7f0000000180)=@abs, 0x6e)
sendmmsg$unix(0xffffffffffffffff, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0xb, &(0x7f0000000380)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020000000000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000300)='rcu_utilization\x00', r1}, 0x10)
r2 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x8400, 0x0)
ioctl$FS_IOC_SETFLAGS(r2, 0x40046f41, 0x0)
read$FUSE(0xffffffffffffffff, 0x0, 0x0)
fsopen(0x0, 0x1)
mount$fuse(0x0, 0x0, 0x0, 0x0, 0x0)
shmctl$IPC_RMID(0x0, 0x0)
mount(&(0x7f00000000c0)=@nullb, 0x0, 0x0, 0x208000, 0x0)
socket$inet_sctp(0x2d, 0x5, 0x84)
r3 = socket$kcm(0x2, 0x200000000000001, 0x106)
sendmsg$inet(r3, &(0x7f0000000080)={&(0x7f0000000140)={0x2, 0x4001, @local}, 0x10, 0x0}, 0x30004001)

5.573191834s ago: executing program 4 (id=2276):
socketpair(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=ANY=[@ANYRESHEX=r0, @ANYRES32, @ANYBLOB="040000001000"/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x50)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000200)={{r1, <r2=>0xffffffffffffffff}, &(0x7f0000000040), &(0x7f0000000140)=r0}, 0x20)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f00000004c0)={r2, &(0x7f00000002c0), &(0x7f0000000300)=@tcp=r0}, 0x20)
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r4, 0xae60)
ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f0000000080)={0x0, 0x3, 0x0, 0x3d70000000, &(0x7f0000ffe000/0x2000)=nil})
ioctl$KVM_CREATE_PIT2(r4, 0x4040ae77, &(0x7f0000000280)={0x9})
openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0)
socket$inet6_sctp(0xa, 0x1, 0x84)
clock_nanosleep(0xb, 0x0, &(0x7f0000000000)={0x77359400}, 0xfffffffffffffffe)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x1, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x1)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000000)=0x2)
r6 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r6, &(0x7f0000032680)=""/102392, 0x18ff8)
r7 = syz_open_procfs(0x0, &(0x7f00000042c0)='mounts\x00')
r8 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/crypto\x00', 0x0, 0x0)
read$FUSE(r8, 0x0, 0x0)
pread64(r7, &(0x7f0000002240)=""/237, 0xed, 0x4eb)
ioctl$KVM_SET_PIT(r4, 0x8048ae66, &(0x7f0000000100)={[{0x5, 0xc000, 0x4, 0x5, 0x0, 0x8, 0x3, 0xa, 0xb9, 0x1, 0xe, 0x5, 0x204}, {0x804, 0x1, 0x1, 0x45, 0x7, 0x2, 0x2, 0xff, 0x0, 0x4, 0x6, 0x7f, 0x20c}, {0x1, 0x3, 0x38, 0x3, 0x84, 0x7, 0x3, 0x50, 0x0, 0x70, 0x4, 0x5, 0x24ab}], 0xffffffff})
ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_REGISTER_COALESCED_MMIO(0xffffffffffffffff, 0x4010ae67, &(0x7f0000000000)={0x1000, 0x317000, 0xffffffee})
ioctl$KVM_SET_REGS(r5, 0x4090ae82, &(0x7f00000003c0)={[0x60000000000, 0x1000000000, 0x0, 0x40, 0x200002000001, 0x0, 0x2004c8, 0x0, 0x0, 0x68ff, 0x5, 0x7fff, 0x3, 0x400000000], 0x80ad003})
ioctl$KVM_RUN(r5, 0xae80, 0x0)

4.641138327s ago: executing program 5 (id=2277):
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000180)={0x8, 0x100}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000500), 0x13f, 0x2}}, 0xfffffffffffffd50)
bpf$MAP_CREATE_RINGBUF(0x0, 0x0, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
socketpair$unix(0x1, 0x1, 0x0, 0x0)
syz_io_uring_setup(0x88f, &(0x7f0000000300)={0x0, 0x17da, 0x0, 0x2, 0xbfdffffc}, &(0x7f0000000000), 0x0)
bpf$MAP_CREATE(0x0, 0x0, 0x48)
r1 = epoll_create(0xeed)
r2 = openat$random(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r2, &(0x7f00000000c0)={0x20000003})
epoll_ctl$EPOLL_CTL_MOD(r1, 0x3, r2, &(0x7f0000000140)={0x20000008})
write$uinput_user_dev(0xffffffffffffffff, &(0x7f0000000400)={'syz0\x00', {0x7, 0x4, 0x6, 0xfffa}, 0x3d, [0x6, 0xc95a, 0xfffffff3, 0x8, 0x80, 0x2, 0x1, 0x7f, 0x3, 0x449, 0xfffffff2, 0x5f, 0xc, 0x0, 0xffff2d37, 0x1dd2, 0x6, 0x7, 0x0, 0x80000001, 0x7b08, 0x7, 0x3, 0x3c5b, 0x1, 0x24, 0xffffffff, 0xfffffffe, 0x1f461e2c, 0x3, 0xe661, 0x4, 0x1000007, 0x3, 0x8001, 0x4c74, 0x8f00, 0x642, 0x3, 0xa, 0x0, 0x71, 0x7, 0x7, 0x103, 0x0, 0x5, 0x3d, 0x8f, 0x6, 0x1, 0x4, 0x5, 0x4, 0x5, 0x0, 0x80, 0x0, 0x5, 0x6, 0x8, 0x4, 0x0, 0x40], [0x10000007, 0x10002, 0x12b, 0x8000, 0x10, 0x6, 0x129432e6, 0x3, 0xf9, 0xd, 0x2bf, 0x6c9, 0x1ff, 0xfffffffe, 0x3, 0x0, 0x7, 0x10000005, 0x2f, 0xe, 0x313, 0x78, 0xea4, 0xa, 0x4, 0x4, 0x80, 0x5, 0x400, 0x1, 0x6, 0x400001, 0xff, 0x1005, 0x7ff, 0x5f31, 0x4, 0xffffffff, 0x6, 0x1000004, 0x9, 0x4, 0x9, 0x8, 0x9, 0x7, 0x5, 0x0, 0x3, 0x8000, 0xefff, 0x2, 0x7f, 0x9, 0x8, 0x3, 0x4, 0x1, 0x20007, 0x3, 0x9, 0x48c93690, 0x6, 0xff], [0x7, 0x80, 0x0, 0x64e, 0xfffffdfe, 0x7fffffff, 0x8d2, 0x9, 0x5, 0x7fff, 0x0, 0x5, 0xb, 0x4, 0x5, 0x5, 0x0, 0x1ef, 0x5, 0x8, 0x86, 0x3, 0x10000009, 0x3e7, 0xb, 0x5, 0x202, 0x40002, 0xf, 0x8, 0x84, 0x6d01, 0x5, 0x3c, 0x3, 0x200, 0x80, 0x3, 0x4, 0x2, 0xfffffffd, 0xa4, 0x7, 0x53cf697b, 0x5, 0x6, 0x54fe12da, 0xbf, 0x5, 0x3, 0x400000, 0xfffffff9, 0x0, 0x1, 0x4, 0x0, 0xf95, 0xfffffffb, 0x120000, 0x9, 0x6, 0x9, 0x2, 0x4], [0x9, 0xbb31, 0x3, 0xfffffffa, 0x5, 0x3, 0x6, 0x6, 0x51bf, 0x5, 0xce7, 0x1ff, 0x6, 0x7, 0x5, 0x3, 0x104, 0x80000000, 0x0, 0x7fff, 0x8ffff, 0xa620, 0x2, 0x5, 0xffffffff, 0x2, 0x8000014c, 0x60a7, 0x6, 0x2, 0xffffffff, 0x80000003, 0x5, 0x8, 0xff, 0x40003, 0x3, 0xffff, 0x3, 0x8, 0x100, 0x9602, 0xa, 0x2, 0x4, 0x6, 0x1, 0x10000, 0x5, 0x8, 0x2b91, 0xa1f, 0x8, 0x9, 0x1, 0x6c0b, 0x0, 0x2, 0x5, 0xb1c, 0x705, 0x200, 0xfff, 0xfff]}, 0x45c)
r3 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
ioctl$IOMMU_IOAS_ALLOC(r3, 0x3b81, &(0x7f0000000200)={0xc, 0x0, <r4=>0x0})
ioctl$IOMMU_VFIO_IOAS$SET(r3, 0x3b88, &(0x7f0000000300)={0xc, r4})
ioctl$IOMMU_IOAS_MAP$PAGES(r3, 0x3b85, &(0x7f0000000340)={0x28, 0x4, r4, 0x0, &(0x7f0000ffb000/0x3000)=nil, 0x3000, 0x2})
ioctl$IOMMU_IOAS_MAP$PAGES(r3, 0x3b85, &(0x7f0000000000)={0x28, 0x6, r4, 0x0, &(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x5})
ioctl$IOMMU_VFIO_SET_IOMMU(r3, 0x3b66, 0x1)
ioctl$IOMMU_VFIO_IOMMU_UNMAP_DMA(r3, 0x3b72, &(0x7f0000000440)=ANY=[@ANYBLOB="1800007f00000000"])

4.543330068s ago: executing program 2 (id=2278):
openat$sndseq(0xffffffffffffff9c, &(0x7f0000000000), 0x8040)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20008008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
ioctl$SNDRV_RAWMIDI_IOCTL_PVERSION(0xffffffffffffffff, 0x40045702, &(0x7f0000000000))
ioctl$SNDRV_RAWMIDI_IOCTL_PARAMS(0xffffffffffffffff, 0xc0305710, &(0x7f0000000080)={0x1, 0xa7cb, 0x0, 0x0, 0xe809})
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000002100)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e)
mknod$loop(&(0x7f0000000040)='./file0\x00', 0x400, 0x1)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000005c0)={0x18, 0xb, &(0x7f0000000380)=ANY=[@ANYBLOB], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x20, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
newfstatat(0xffffffffffffff9c, &(0x7f00000044c0)='./file0\x00', &(0x7f0000004500)={0x0, 0x0, 0x0, 0x0, <r3=>0x0}, 0x4000)
setresuid(r3, 0xffffffffffffffff, 0x0)
openat(0xffffffffffffffff, 0x0, 0x10040, 0x103)
capset(0x0, 0x0)
request_key(&(0x7f0000000300)='logon\x00', &(0x7f0000000340)={'syz', 0x3}, &(0x7f0000000380)='fscrypt:', 0x0)

3.164550952s ago: executing program 6 (id=2279):
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000680)=@newtaction={0x14, 0x30, 0x1}, 0x14}, 0x1, 0x0, 0x0, 0x804}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
syz_io_uring_submit(0x0, 0x0, 0x0)
r3 = socket$inet(0x2, 0x2, 0x0)
setsockopt$inet_mreqn(r3, 0x0, 0x23, &(0x7f0000000100)={@multicast2, @loopback}, 0xc)
bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xc, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000000000000000000000000000850000000800"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x18, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r4 = socket$netlink(0x10, 0x3, 0x0)
writev(r4, &(0x7f00000003c0)=[{&(0x7f0000000180)="390000001300034700bb65e1c3e4ffff01000000010000005600000025000000190004000400", 0x26}], 0x1)
writev(r4, &(0x7f0000000400)=[{&(0x7f00000001c0)="390000001300034700bb5be1c3e4feff06000000010000004500000025000000190004000400ad000d00000000000006040000000000f93132", 0x39}], 0x1)
r5 = socket$inet(0x2, 0x2, 0x0)
setsockopt$inet_mreqn(r5, 0x0, 0x23, &(0x7f0000000740)={@multicast2, @loopback}, 0x40)
setsockopt$inet_msfilter(r5, 0x0, 0x29, &(0x7f0000000000)=ANY=[@ANYBLOB="e00000027fa80a010000000004"], 0x57)
setsockopt$inet_mreqsrc(r3, 0x0, 0x24, &(0x7f0000000440)={@multicast2, @loopback, @empty}, 0xc)
r6 = fsopen(&(0x7f0000000380)='btrfs\x00', 0x1)
fsconfig$FSCONFIG_CMD_CREATE(r6, 0x6, 0x0, 0x0, 0x0)
r7 = socket$inet6(0xa, 0x1, 0x0)
bind$inet6(r7, &(0x7f0000000100)={0xa, 0x4e20, 0x0, @loopback}, 0x1c)
sendmsg$RDMA_NLDEV_CMD_DELLINK(0xffffffffffffffff, &(0x7f00000005c0)={&(0x7f00000003c0)={0x10, 0x0, 0x0, 0x400}, 0xc, &(0x7f0000000580)={0x0}, 0x1, 0x0, 0x0, 0x20008080}, 0x20000000)
mmap(&(0x7f00009ff000/0x600000)=nil, 0x600000, 0x0, 0x11, r7, 0x0)
setsockopt$SO_TIMESTAMP(0xffffffffffffffff, 0x1, 0x41, &(0x7f0000000000)=0xff, 0x4)

2.876333693s ago: executing program 5 (id=2280):
socketpair(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=ANY=[@ANYRESHEX=r0, @ANYRES32, @ANYBLOB="040000001000"/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x50)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000200)={{r1, <r2=>0xffffffffffffffff}, &(0x7f0000000040), &(0x7f0000000140)=r0}, 0x20)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f00000004c0)={r2, &(0x7f00000002c0), &(0x7f0000000300)=@tcp=r0}, 0x20)
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r4, 0xae60)
ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f0000000080)={0x0, 0x3, 0x0, 0x3d70000000, &(0x7f0000ffe000/0x2000)=nil})
ioctl$KVM_CREATE_PIT2(r4, 0x4040ae77, &(0x7f0000000280)={0x9})
openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0)
socket$inet6_sctp(0xa, 0x1, 0x84)
clock_nanosleep(0xb, 0x0, &(0x7f0000000000)={0x77359400}, 0xfffffffffffffffe)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x1, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x1)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000000)=0x2)
r6 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r6, &(0x7f0000032680)=""/102392, 0x18ff8)
syz_open_procfs(0x0, &(0x7f00000042c0)='mounts\x00')
r7 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/crypto\x00', 0x0, 0x0)
read$FUSE(r7, 0x0, 0x0)
mount(&(0x7f0000000300), &(0x7f0000000080)='.\x00', &(0x7f0000000180)='devtmpfs\x00', 0x2200892, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_SET_REGS(r5, 0x4090ae82, &(0x7f00000003c0)={[0x60000000000, 0x1000000000, 0x0, 0x40, 0x200002000001, 0x0, 0x2004c8, 0x0, 0x0, 0x68ff, 0x5, 0x7fff, 0x3, 0x400000000], 0x80ad003})
ioctl$KVM_RUN(r5, 0xae80, 0x0)
ioctl$KVM_RUN(r5, 0xae80, 0x0)

1.878701747s ago: executing program 2 (id=2281):
socket$nl_route(0x10, 0x3, 0x0)
r0 = socket(0xa, 0x3, 0x3a)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFQNL_MSG_CONFIG(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000004c0)={0x54, 0x2, 0x3, 0x101, 0x0, 0x0, {}, [@NFQA_CFG_FLAGS={0x8, 0x5, 0x1, 0x0, 0x9}, @NFQA_CFG_FLAGS={0x8, 0x5, 0x1, 0x0, 0x8}, @NFQA_CFG_FLAGS={0x8, 0x5, 0x1, 0x0, 0x10}, @NFQA_CFG_MASK={0x8, 0x4, 0x1, 0x0, 0x18}, @NFQA_CFG_QUEUE_MAXLEN={0x8, 0x3, 0x1, 0x0, 0x5}, @NFQA_CFG_FLAGS={0x8, 0x5, 0x1, 0x0, 0x4}, @NFQA_CFG_CMD={0x8, 0x1, {0x1, 0x0, 0x8}}, @NFQA_CFG_QUEUE_MAXLEN={0x8, 0x3, 0x1, 0x0, 0x7}]}, 0x54}}, 0x44840)
sendmsg$NFQNL_MSG_CONFIG(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000080)=ANY=[@ANYBLOB="1c00000002030104000000000000002200000010080d010001000000"], 0x1c}}, 0x0)
setsockopt$MRT6_ADD_MIF(r0, 0x29, 0xca, &(0x7f0000000000)={0x0, 0x1}, 0xc)
setsockopt$MRT6_DEL_MIF(r0, 0x29, 0xcb, &(0x7f0000000040), 0xc)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={0x0}, 0x18)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7)
socket$nl_sock_diag(0x10, 0x3, 0x4)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f00000000c0)='sched_switch\x00', r3}, 0x18)
sched_setscheduler(0x0, 0x2, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r4=>0xffffffffffffffff})
connect$unix(r4, &(0x7f000057eff8)=@abs, 0x6e)
recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r5 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(r5, &(0x7f0000000100)={0x3, 0x0, &(0x7f0000000080)={&(0x7f0000000000)=ANY=[@ANYBLOB="0203f3021600000000000000000000000200090008000000e9000000000000000300060000000000020000000000000000000000000000000200010000000000000003fdff000020030005000000000002000000ac1414aa00000000000000000a00080008"], 0xb0}, 0x1, 0x7}, 0x0)
mkdir(&(0x7f0000000300)='./bus\x00', 0x0)
r6 = socket$packet(0x11, 0x2, 0x300)
bpf$PROG_LOAD(0x5, &(0x7f0000000400)={0x9, 0x3, &(0x7f0000000340)=ANY=[@ANYBLOB="b4001002000000007100000000c160c64979378d82e729e10f86b36653a083cb54fd8c3a30e42325918845568a8d082974ff16725424a3bc84e2359d4bb3e380e1d1239cb10aa0fd25e8740a2e02f01c0adc8cd3a99f645ae3c88a09a55db3b4e657f32e97281f7e1c58536eb8e955329735500733ba5356861cbf8fef129c1421eddf3b226a7a3700"/147], &(0x7f0000003ff6)='GPL\x00', 0x5, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @fallback=0x12}, 0x94)
setsockopt$packet_fanout(r6, 0x107, 0x12, &(0x7f0000000040)={0xfffe, 0x6}, 0x4)
openat$ptmx(0xffffffffffffff9c, &(0x7f00000013c0), 0x2, 0x0)

1.597707562s ago: executing program 6 (id=2282):
r0 = openat$uhid(0xffffffffffffff9c, &(0x7f0000000400), 0x2, 0x0)
write$UHID_CREATE2(r0, &(0x7f0000000040)=ANY=[], 0x119)

1.418154082s ago: executing program 4 (id=2283):
socketpair(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=ANY=[@ANYRESHEX=r0, @ANYRES32, @ANYBLOB="040000001000"/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x50)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000200)={{r1, <r2=>0xffffffffffffffff}, &(0x7f0000000040), &(0x7f0000000140)=r0}, 0x20)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f00000004c0)={r2, &(0x7f00000002c0), &(0x7f0000000300)=@tcp=r0}, 0x20)
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r4, 0xae60)
ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f0000000080)={0x0, 0x3, 0x0, 0x3d70000000, &(0x7f0000ffe000/0x2000)=nil})
ioctl$KVM_CREATE_PIT2(r4, 0x4040ae77, &(0x7f0000000280)={0x9})
openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0)
socket$inet6_sctp(0xa, 0x1, 0x84)
clock_nanosleep(0xb, 0x0, &(0x7f0000000000)={0x77359400}, 0xfffffffffffffffe)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x1, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x1)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000000)=0x2)
r6 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r6, &(0x7f0000032680)=""/102392, 0x18ff8)
syz_open_procfs(0x0, &(0x7f00000042c0)='mounts\x00')
r7 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/crypto\x00', 0x0, 0x0)
read$FUSE(r7, 0x0, 0x0)
mount(&(0x7f0000000300), &(0x7f0000000080)='.\x00', &(0x7f0000000180)='devtmpfs\x00', 0x2200892, 0x0)
ioctl$KVM_SET_PIT(r4, 0x8048ae66, &(0x7f0000000100)={[{0x5, 0xc000, 0x4, 0x5, 0x0, 0x8, 0x3, 0xa, 0xb9, 0x1, 0xe, 0x5, 0x204}, {0x804, 0x1, 0x1, 0x45, 0x7, 0x2, 0x2, 0xff, 0x0, 0x4, 0x6, 0x7f, 0x20c}, {0x1, 0x3, 0x38, 0x3, 0x84, 0x7, 0x3, 0x50, 0x0, 0x70, 0x4, 0x5, 0x24ab}], 0xffffffff})
ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_SET_REGS(r5, 0x4090ae82, &(0x7f00000003c0)={[0x60000000000, 0x1000000000, 0x0, 0x40, 0x200002000001, 0x0, 0x2004c8, 0x0, 0x0, 0x68ff, 0x5, 0x7fff, 0x3, 0x400000000], 0x80ad003})
ioctl$KVM_RUN(r5, 0xae80, 0x0)
ioctl$KVM_RUN(r5, 0xae80, 0x0)

1.223177653s ago: executing program 0 (id=2284):
mkdir(&(0x7f0000000300)='./bus\x00', 0x0) (async)
chdir(&(0x7f00000000c0)='./bus\x00') (async)
bind(0xffffffffffffffff, &(0x7f0000000480)=@in={0x2, 0x4e21, @local}, 0x80) (async, rerun: 64)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) (async, rerun: 64)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f0000000440)=0x2) (async)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6) (async)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) (async)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0) (async)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) (async)
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r3, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f000000c280)={&(0x7f0000000380)=ANY=[@ANYBLOB="140000000500000000000000000000000000000a2000000000050000000900010073797a300000000048000000030a01030000000000000000000000000100000073797a30000000000900030073797a300000001e08000a4000000003140004800800024000642ad9f800014000000001140000001100018000000000400000000000000a"], 0x90}, 0x1, 0x0, 0x0, 0x400c041}, 0x0) (async, rerun: 32)
r4 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000980)={0x6, 0x3, &(0x7f0000000140)=ANY=[@ANYRES32=r0], &(0x7f0000000000)='syzkaller\x00', 0x4, 0x0, 0x0, 0x0, 0x2d}, 0x94) (async, rerun: 32)
r5 = socket$packet(0x11, 0x2, 0x300)
ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000080)={'syz_tun\x00', <r6=>0x0})
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f00000001c0)={r4, r6, 0x25, 0x0, @val=@tracing={0x0, 0x3}}, 0x20)
openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) (async)
r7 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r8 = syz_genetlink_get_family_id$net_dm(&(0x7f0000000300), r7)
sendmsg$NET_DM_CMD_START(r7, &(0x7f00000005c0)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000540)={0x14, r8, 0x1}, 0x14}}, 0x0) (async)
r9 = syz_genetlink_get_family_id$ieee802154(&(0x7f0000000100), 0xffffffffffffffff)
sendmsg$IEEE802154_LLSEC_ADD_SECLEVEL(r7, &(0x7f0000000340)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f0000000280)={&(0x7f0000000240)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r9, @ANYBLOB="020028300000b4d0571cbb5eb47a2a000000b9547d00"], 0x1c}, 0x1, 0x0, 0x0, 0xc080}, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(0xffffffffffffffff, 0xc02064b2, 0x0) (async)
mmap(&(0x7f0000001000/0x4000)=nil, 0x4000, 0x4, 0x11, 0xffffffffffffffff, 0x100000) (async, rerun: 64)
r10 = socket$nl_generic(0x10, 0x3, 0x10) (rerun: 64)
sendmsg$nl_generic(r10, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000002c0)=ANY=[@ANYBLOB="2000000028000701000000080000000005"], 0x20}}, 0x40080c0)
bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x1, 0xc, &(0x7f0000000100)=ANY=[], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)

1.165333633s ago: executing program 6 (id=2285):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
listen(r0, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="0f00000004000000040000000300000000000000", @ANYRES32, @ANYBLOB="000000000000000000000000000900676419dd360000000000", @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/21], 0x50)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000680)={0x10, 0x4, &(0x7f0000000380)=ANY=[@ANYBLOB="18020000004000000000000000000000850000003d00000095"], &(0x7f00000000c0)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x4}, 0x94)
r2 = bpf$MAP_CREATE(0x0, &(0x7f00000023c0)=ANY=[@ANYBLOB="1200000004000000080000000b"], 0x48)
mlock(&(0x7f0000ffc000/0x1000)=nil, 0x1000)
bpf$BPF_PROG_DETACH(0x8, &(0x7f0000000740)=ANY=[@ANYRES32=r2, @ANYRES32=r1, @ANYBLOB='\a'], 0x10)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000500)={r2, &(0x7f0000000240), &(0x7f00000004c0)=@tcp6=r0}, 0x20)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000100)={&(0x7f0000000300)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x18, 0x18, 0x7, [@struct={0x5, 0x1, 0x0, 0xf, 0x0, 0x3, [{0x6, 0x1, 0x5}]}]}, {0x0, [0x0, 0x61, 0x0, 0x61, 0x61]}}, &(0x7f0000000000)=""/254, 0x37, 0xfe, 0x9, 0x1000}, 0x28)
sendmmsg$inet6(r0, &(0x7f0000000b00)=[{{0x0, 0x0, 0x0}}, {{0x0, 0x0, &(0x7f0000000300)=[{&(0x7f0000000ac0)="b0", 0x18000}], 0x11}}], 0x2, 0x0)

408.535177ms ago: executing program 5 (id=2286):
r0 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
r1 = syz_open_procfs$userns(0x0, &(0x7f0000000180))
ioctl$AUTOFS_DEV_IOCTL_OPENMOUNT(0xffffffffffffffff, 0xc0189374, &(0x7f00000001c0)={{0x1, 0x1, 0x18, <r2=>0xffffffffffffffff, {0xb0}}, './file0\x00'})
sendmsg$RDMA_NLDEV_CMD_SYS_SET(r0, &(0x7f00000002c0)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x20}, 0xc, &(0x7f0000000280)={&(0x7f0000000200)={0x4c, 0x1407, 0x100, 0x70bd29, 0x25dfdbfb, "", [@RDMA_NLDEV_ATTR_DEV_DIM={0x5, 0x54, 0x1}, @RDMA_NLDEV_NET_NS_FD={0x8, 0x44, r1}, @RDMA_NLDEV_ATTR_DEV_INDEX={0x8, 0x1, 0x1}, @RDMA_NLDEV_NET_NS_FD={0x8}, @RDMA_NLDEV_NET_NS_FD={0x8, 0x44, r2}, @RDMA_NLDEV_ATTR_DEV_NAME={0x9, 0x2, 'syz0\x00'}, @RDMA_NLDEV_ATTR_DEV_INDEX={0x8}]}, 0x4c}, 0x1, 0x0, 0x0, 0x4040000}, 0x4000000)
r3 = socket(0x10, 0x3, 0x0)
r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x3, 0x6, &(0x7f0000000000)=ANY=[@ANYBLOB="050000000000000063112800000002008510008500"/32], &(0x7f0000000080)='GPL\x00', 0x5, 0x29e, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0xffffffffffffffff, 0x6}, 0x70)
sendmsg$nl_route(r3, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=@newlink={0x4c, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x24200}, [@IFLA_LINKINFO={0x2c, 0x12, 0x0, 0x1, @macvlan={{0xc}, {0x1c, 0x2, 0x0, 0x1, [@IFLA_MACVLAN_MODE={0x8}, @IFLA_MACVLAN_MACADDR_DATA={0x10, 0x5, 0x0, 0x1, [{0xa}]}]}}}]}, 0x4c}, 0x1, 0x4801000000000000}, 0x0)
ioctl$BTRFS_IOC_TREE_SEARCH_V2(r0, 0xc0709411, &(0x7f0000000300)={{<r5=>0x0, 0x4, 0x80000000, 0x8, 0xef8, 0x3, 0x2, 0x8001, 0x5, 0xfff, 0x6, 0x0, 0x1, 0x9, 0x1}, 0x18, [0x0, 0x0, 0x0]})
ioctl$IOCTL_VMCI_VERSION2(0xffffffffffffffff, 0x7a7, &(0x7f0000000140)=0xa0000)
r6 = socket$inet(0x2, 0x2, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000005c0)=@newqdisc={0x24}, 0x24}}, 0x0)
r7 = socket(0x2a, 0x2, 0x0)
getsockname$packet(r7, &(0x7f0000000200)={0x11, 0x0, <r8=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000001480)=0x14)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000400)=@newqdisc={0x34, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r8, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_cake={{0x9}, {0x4}}]}, 0x34}}, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000440)=@newtfilter={0x50, 0x2c, 0x52f, 0x0, 0x25dfdbff, {0x0, 0x0, 0x0, r8, {}, {}, {0x2, 0xe}}, [@filter_kind_options=@f_flower={{0xb}, {0x20, 0x2, [@TCA_FLOWER_KEY_ENC_UDP_DST_PORT={0x6}, @TCA_FLOWER_KEY_ENC_IPV6_DST={0x14, 0x21, @local}]}}]}, 0x50}}, 0x0)
r9 = socket$netlink(0x10, 0x3, 0x0)
r10 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$inet(r10, &(0x7f0000000000)={0x0, 0xa6, &(0x7f0000003480)=[{&(0x7f0000000040)="1800000072006bcd9e3fe3dc6e080000070900000d000000", 0x18}], 0x1, 0x0, 0x0, 0x1f00c00e}, 0x0)
syz_emit_ethernet(0x5e, &(0x7f00000001c0)={@broadcast, @remote, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "120008", 0x28, 0x3a, 0xff, @ipv4={'\x00', '\xff\xff', @dev={0xac, 0x14, 0x14, 0x20}}, @mcast2, {[], @ndisc_redir={0x89, 0x0, 0x0, '\x00', @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @private0={0xfc, 0x0, '\x00', 0x1}}}}}}}, 0x0)
sendmmsg(r9, &(0x7f00000002c0), 0x40000000000009f, 0x0)
setsockopt$IPT_SO_SET_REPLACE(r6, 0x0, 0x40, &(0x7f0000000000)=@raw={'raw\x00', 0x8, 0x3, 0x260, 0x0, 0xb, 0xd0e0011, 0x0, 0xc6, 0x1c8, 0x1d8, 0x190, 0x1c8, 0x1d8, 0x3, 0x0, {[{{@ip={@rand_addr, @multicast1, 0x0, 0x0, 'nr0\x00', 'vlan0\x00', {}, {}, 0x1}, 0x0, 0xc0, 0xf0, 0x2000000, {}, [@common=@icmp={{0x28}, {0x0, "0010"}}, @common=@unspec=@state={{0x28}}]}, @common=@unspec=@CONNMARK={0x30}}, {{@ip={@initdev={0xac, 0x1e, 0x0, 0x0}, @broadcast, 0xffffff00, 0xffffffff, 'veth0_to_bond\x00', 'macvlan0\x00', {}, {0xff}, 0x11, 0x2, 0x72}, 0x0, 0x70, 0xd8}, @unspec=@CT2={0x68, 'CT\x00', 0x2, {0x0, 0x0, 0x0, 0x0, 'syz1\x00', 'syz1\x00'}}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x2c0)
ioctl$IOCTL_VMCI_INIT_CONTEXT(0xffffffffffffffff, 0x7a0, &(0x7f0000000040)={@host})
ioctl$IOCTL_VMCI_NOTIFY_RESOURCE(0xffffffffffffffff, 0x7aa, &(0x7f0000000080)={{@my=0x1}, 0x0, 0x2, 0x3})
ioctl$BTRFS_IOC_TREE_SEARCH_V2(r4, 0xc0709411, &(0x7f00000003c0)={{r5, 0x1, 0x3, 0x6, 0x7f, 0x9, 0xffffffffffffa540, 0x1, 0xa996, 0x878f, 0xfffffffd, 0xffffffffffffffff, 0x6, 0x1, 0x5}, 0x8, [0x0]})

209.165846ms ago: executing program 6 (id=2287):
socketpair(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=ANY=[@ANYRESHEX=r0, @ANYRES32, @ANYBLOB="040000001000"/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x50)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000200)={{r1, <r2=>0xffffffffffffffff}, &(0x7f0000000040), &(0x7f0000000140)=r0}, 0x20)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f00000004c0)={r2, &(0x7f00000002c0), &(0x7f0000000300)=@tcp=r0}, 0x20)
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r4, 0xae60)
ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f0000000080)={0x0, 0x3, 0x0, 0x3d70000000, &(0x7f0000ffe000/0x2000)=nil})
ioctl$KVM_CREATE_PIT2(r4, 0x4040ae77, &(0x7f0000000280)={0x9})
openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0)
socket$inet6_sctp(0xa, 0x1, 0x84)
clock_nanosleep(0xb, 0x0, &(0x7f0000000000)={0x77359400}, 0xfffffffffffffffe)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x1, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x1)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000000)=0x2)
r6 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r6, &(0x7f0000032680)=""/102392, 0x18ff8)
r7 = syz_open_procfs(0x0, &(0x7f00000042c0)='mounts\x00')
r8 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/crypto\x00', 0x0, 0x0)
read$FUSE(r8, 0x0, 0x0)
pread64(r7, &(0x7f0000002240)=""/237, 0xed, 0x4eb)
ioctl$KVM_SET_PIT(r4, 0x8048ae66, &(0x7f0000000100)={[{0x5, 0xc000, 0x4, 0x5, 0x0, 0x8, 0x3, 0xa, 0xb9, 0x1, 0xe, 0x5, 0x204}, {0x804, 0x1, 0x1, 0x45, 0x7, 0x2, 0x2, 0xff, 0x0, 0x4, 0x6, 0x7f, 0x20c}, {0x1, 0x3, 0x38, 0x3, 0x84, 0x7, 0x3, 0x50, 0x0, 0x70, 0x4, 0x5, 0x24ab}], 0xffffffff})
ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_REGISTER_COALESCED_MMIO(0xffffffffffffffff, 0x4010ae67, &(0x7f0000000000)={0x1000, 0x317000, 0xffffffee})
ioctl$KVM_SET_REGS(r5, 0x4090ae82, &(0x7f00000003c0)={[0x60000000000, 0x1000000000, 0x0, 0x40, 0x200002000001, 0x0, 0x2004c8, 0x0, 0x0, 0x68ff, 0x5, 0x7fff, 0x3, 0x400000000], 0x80ad003})
ioctl$KVM_RUN(r5, 0xae80, 0x0)

963.669µs ago: executing program 2 (id=2288):
r0 = openat$pidfd(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
fcntl$notify(r0, 0x402, 0x26)
preadv(r0, 0x0, 0x0, 0x2, 0x1a)
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r1, 0x6, 0x13, &(0x7f0000000000)=0x100000001, 0x4)
connect$inet6(r1, &(0x7f0000000200)={0xa, 0x0, 0x0, @loopback}, 0x1c)
setsockopt$inet6_tcp_TCP_ULP(r1, 0x6, 0x1f, &(0x7f00000000c0), 0x4)
setsockopt$inet6_tcp_TLS_TX(r1, 0x11a, 0x1, &(0x7f0000000140)=@gcm_128={{0x303}, "87ee8ac6c46dad33", "2607080d7f4fcf00fd4ef2dece6c7c58", ' \x00'}, 0x28)
ioctl$AUTOFS_DEV_IOCTL_ASKUMOUNT(0xffffffffffffffff, 0xc018937d, &(0x7f0000000040)={{0x1, 0x1, 0x18, r1, {0x60f7}}, './file0\x00'})
syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
openat$ptmx(0xffffffffffffff9c, &(0x7f00000001c0), 0x240, 0x0)
prlimit64(0x0, 0xe, &(0x7f00000007c0)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
r2 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r2, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
socket$inet6_sctp(0xa, 0x1, 0x84)
openat$mice(0xffffffffffffff9c, &(0x7f0000000100), 0x41)
ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x8946, 0x0)
r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r3, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r4 = socket(0x10, 0x803, 0x0)
r5 = socket$unix(0x1, 0x5, 0x0)
ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r6=>0x0})
sendmsg$nl_route_sched(r4, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r6, {0x0, 0x9}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8, 0x2, {0x4, 0xc00}}}]}, 0x38}}, 0x0)
sendmsg$nl_route_sched(r4, &(0x7f0000006040)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000340)=@newtfilter={0x58, 0x2c, 0xd27, 0xfffffffc, 0x0, {0x0, 0x0, 0x0, r6, {0xc, 0xfff1}, {}, {0x5, 0xf}}, [@filter_kind_options=@f_flow={{0x9}, {0x28, 0x2, [@TCA_FLOW_EMATCHES={0x24, 0xb, 0x0, 0x1, [@TCA_EMATCH_TREE_HDR={0x8, 0x1, {0xfffb}}, @TCA_EMATCH_TREE_LIST={0x18, 0x2, 0x0, 0x1, [@TCF_EM_CANID={0x14, 0x1, 0x0, 0x0, {{0x7, 0x7, 0x2}, {{0x0, 0x1, 0x0, 0x1}, {0x0, 0x1, 0x1, 0x1}}}}]}]}]}}]}, 0x58}}, 0x20040054)
socket$kcm(0x11, 0x3, 0x0)

0s ago: executing program 5 (id=2289):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000440), 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
ioctl$KVM_CAP_SPLIT_IRQCHIP(r2, 0x4068aea3, &(0x7f00000001c0)={0x79, 0x0, 0xc73})
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x2)
ioctl$KVM_SET_MP_STATE(r3, 0x4004ae99, &(0x7f0000000040)=0x3)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1000003, 0x13, r3, 0x0)
ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f00000000c0)={[0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x6], 0x0, 0x8340})
execveat(0xffffffffffffffff, 0x0, &(0x7f0000000380)={[&(0x7f0000000300)='veth0_vlan\x00']}, 0x0, 0x1000)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]})
ioctl$KVM_SET_VCPU_EVENTS(r3, 0x4040aea0, &(0x7f0000000080)=@x86={0x7c, 0x3, 0xfd, 0x0, 0x1, 0x7e, 0xcb, 0x10, 0x8, 0x5, 0xb, 0x8, 0x0, 0x10003, 0x9, 0xff, 0x6, 0x8, 0xc, '\x00', 0x1, 0x2})
ioctl$KVM_RUN(r3, 0xae80, 0x0)
r4 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r4, 0xae60)
ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f0000000080)={0x0, 0x3, 0x0, 0x3d70000000, &(0x7f0000ffe000/0x2000)=nil})
r5 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r5, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000006c0)=@can_newroute={0x14c, 0x18, 0x1, 0x70bd2b, 0x0, {0x1d, 0x1, 0x3}, [@CGW_CS_CRC8={0x11e, 0x6, {0x2, 0x1, 0x6d, 0x0, 0x0, "71ec6d721744cd5200080000f8cfcad4c4ec6511ec028c5028564abce83afe16c93e15e556c2baed7f897fe841c155aab2a4b9f3052995cdf66a9c7922ff0300005b6c67281f1519cd7c32c2bf7563b9452575505da99ea128d37616896be8764a2c78edbad5bde7a5e405bdc893770338925f824bd24689c0d11a5568fc3aaa9ad0d7766d8ea8d3bf1006e3df494e2f373148ecb4adafdd39874e9808b118301f1e76054a64c6d243523f5de7b347f3b740e105d0ed18fae7289635301ebd8949268090b3bcd4cbed5f1cfe93cff41a9630802f96defe9e8ea850529827c5e301953a8abaafa1f121e590f74e28233f4129d4587eee87ec5d42c3ef0619022c", 0x3, "5c8d586b2a88d81866930fca15c8a95d29e5b2ea"}}, @CGW_MOD_SET={0x15, 0x4, {{{0x1, 0x1, 0x1}, 0x1, 0x0, 0x0, 0x0, "b5182384a022fbaa"}, 0x2}}]}, 0x14c}}, 0x0)
ioctl$KVM_CREATE_PIT2(r4, 0x4040ae77, &(0x7f0000000280)={0x9})
openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
r6 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0)
ioctl$KVM_SET_PIT(r4, 0x8048ae66, &(0x7f0000000100)={[{0x5, 0xc000, 0x4, 0x5, 0x0, 0x8, 0x3, 0xa, 0xb9, 0x1, 0xe, 0x5, 0x204}, {0x804, 0x1, 0x1, 0x45, 0x7, 0x2, 0x2, 0xff, 0x0, 0x4, 0x6, 0x7f, 0x20c}, {0x1, 0x3, 0x38, 0x3, 0x84, 0x7, 0x3, 0x50, 0x0, 0x70, 0x4, 0x5, 0x24ab}], 0xffffffff})
ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_REGISTER_COALESCED_MMIO(r4, 0x4010ae67, &(0x7f0000000000)={0x100000, 0x104000})
bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0xd, 0x4, &(0x7f0000000040)=@framed={{0xffffffb4, 0x0, 0x0, 0x0, 0x0, 0x79, 0x11, 0xc0}, [@ldst={0x5}], {0x95, 0x0, 0x74}}, &(0x7f0000003ff6)='GPL\x00', 0x2, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sock_ops}, 0x48)
ioctl$KVM_SET_REGS(r6, 0x4090ae82, &(0x7f00000003c0)={[0x60000000000, 0x1000000000, 0x0, 0x40, 0x200002000001, 0x0, 0x2004c8, 0x0, 0x0, 0x68ff, 0x5, 0x7fff, 0x3, 0x400000000], 0x80ad003})
ioctl$KVM_RUN(r6, 0xae80, 0x0)
ioctl$KVM_RUN(r6, 0xae80, 0x0)

kernel console output (not intermixed with test programs):

367" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2be018e929 code=0x7ffc0000
[  855.343441][   T30] audit: type=1326 audit(1752724823.357:13): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12422 comm="syz.5.1367" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f2be018e929 code=0x7ffc0000
[  855.397774][   T30] audit: type=1326 audit(1752724823.367:14): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12422 comm="syz.5.1367" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2be018e929 code=0x7ffc0000
[  855.554409][ T8707] usb 1-1: new high-speed USB device number 5 using dummy_hcd
[  855.750345][ T8707] usb 1-1: New USB device found, idVendor=1a86, idProduct=7522, bcdDevice=35.36
[  855.815924][ T8707] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  855.898266][ T8707] usb 1-1: Product: syz
[  855.921198][ T8707] usb 1-1: Manufacturer: syz
[  855.963009][ T8707] usb 1-1: SerialNumber: syz
[  856.103970][ T8707] usb 1-1: config 0 descriptor??
[  856.114434][ T5894] usb 5-1: new full-speed USB device number 5 using dummy_hcd
[  856.129447][ T8707] ch341 1-1:0.0: ch341-uart converter detected
[  856.303688][T12423] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512
[  856.326370][ T5894] usb 5-1: New USB device found, idVendor=09c0, idProduct=0203, bcdDevice=d3.43
[  856.338035][ T5894] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  856.350050][ T5894] usb 5-1: config 0 descriptor??
[  856.358724][ T5894] dvb-usb: found a 'Genpix SkyWalker-1 DVB-S receiver' in warm state.
[  856.425619][    T9] usb 6-1: USB disconnect, device number 9
[  856.433118][    T9] ch341 6-1:0.0: device disconnected
[  856.474449][ T5908] usb 3-1: new high-speed USB device number 8 using dummy_hcd
[  856.548322][T12456] FAULT_INJECTION: forcing a failure.
[  856.548322][T12456] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  856.553024][T12447] nfs4: Unknown parameter '
dev/ocfs2_control'
[  856.571274][T12456] CPU: 1 UID: 0 PID: 12456 Comm: syz.5.1376 Not tainted 6.16.0-rc6-syzkaller-00037-ge2291551827f #0 PREEMPT(full) 
[  856.571299][T12456] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  856.571307][T12456] Call Trace:
[  856.571313][T12456]  <TASK>
[  856.571320][T12456]  dump_stack_lvl+0x189/0x250
[  856.571347][T12456]  ? __pfx____ratelimit+0x10/0x10
[  856.571368][T12456]  ? __pfx_dump_stack_lvl+0x10/0x10
[  856.571382][T12456]  ? __pfx__printk+0x10/0x10
[  856.571408][T12456]  should_fail_ex+0x414/0x560
[  856.571430][T12456]  _copy_to_user+0x31/0xb0
[  856.571448][T12456]  simple_read_from_buffer+0xe1/0x170
[  856.571473][T12456]  proc_fail_nth_read+0x1df/0x250
[  856.571493][T12456]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  856.571508][T12456]  ? rw_verify_area+0x258/0x650
[  856.571525][T12456]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  856.571539][T12456]  vfs_read+0x200/0x980
[  856.571560][T12456]  ? __pfx___mutex_lock+0x10/0x10
[  856.571574][T12456]  ? __pfx_vfs_read+0x10/0x10
[  856.571591][T12456]  ? __fget_files+0x2a/0x420
[  856.571608][T12456]  ? __fget_files+0x3a0/0x420
[  856.571623][T12456]  ? __fget_files+0x2a/0x420
[  856.571641][T12456]  ksys_read+0x145/0x250
[  856.571686][T12456]  ? __fget_files+0x2a/0x420
[  856.571700][T12456]  ? __pfx_ksys_read+0x10/0x10
[  856.571721][T12456]  ? do_syscall_64+0xbe/0x3b0
[  856.571736][T12456]  do_syscall_64+0xfa/0x3b0
[  856.571750][T12456]  ? lockdep_hardirqs_on+0x9c/0x150
[  856.571771][T12456]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  856.571783][T12456]  ? clear_bhb_loop+0x60/0xb0
[  856.571800][T12456]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  856.571812][T12456] RIP: 0033:0x7f2be018d33c
[  856.571825][T12456] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[  856.571837][T12456] RSP: 002b:00007f2be102c030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  856.571851][T12456] RAX: ffffffffffffffda RBX: 00007f2be03b5fa0 RCX: 00007f2be018d33c
[  856.571861][T12456] RDX: 000000000000000f RSI: 00007f2be102c0a0 RDI: 0000000000000004
[  856.571870][T12456] RBP: 00007f2be102c090 R08: 0000000000000000 R09: 0000000000000000
[  856.571878][T12456] R10: 0000200000000000 R11: 0000000000000246 R12: 0000000000000001
[  856.571889][T12456] R13: 0000000000000000 R14: 00007f2be03b5fa0 R15: 00007ffc1550b1f8
[  856.571913][T12456]  </TASK>
[  856.585755][ T8707] usb 1-1: failed to send control message: -71
[  856.740272][ T5908] usb 3-1: unable to get BOS descriptor or descriptor too short
[  856.776661][ T8707] ch341-uart ttyUSB1: probe with driver ch341-uart failed with error -71
[  856.801163][ T8707] usb 1-1: USB disconnect, device number 5
[  856.831593][ T5908] usb 3-1: unable to read config index 0 descriptor/start: -71
[  856.866535][ T5908] usb 3-1: can't read configurations, error -71
[  856.881565][ T8707] ch341 1-1:0.0: device disconnected
[  857.061235][ T5894] dvb-usb: This USB2.0 device cannot be run on a USB1.1 port. (it lacks a hardware PID filter)
[  857.072193][ T5894] dvb-usb: Genpix SkyWalker-1 DVB-S receiver error while loading driver (-19)
[  857.227488][ T5884] usb 6-1: new high-speed USB device number 10 using dummy_hcd
[  857.384485][ T5884] usb 6-1: Using ep0 maxpacket: 32
[  857.491458][ T5884] usb 6-1: config 0 has 1 interface, different from the descriptor's value: 2
[  857.708262][ T5884] usb 6-1: too many endpoints for config 0 interface 0 altsetting 0: 183, using maximum allowed: 30
[  857.820150][ T5884] usb 6-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 183
[  857.850649][ T5884] usb 6-1: config 0 interface 0 has no altsetting 1
[  857.866398][ T5884] usb 6-1: New USB device found, idVendor=152d, idProduct=0539, bcdDevice= 0.00
[  857.899549][ T5884] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3
[  857.909819][ T5884] usb 6-1: SerialNumber: syz
[  857.922339][ T5884] usb 6-1: config 0 descriptor??
[  858.016979][ T5884] usb-storage 6-1:0.0: USB Mass Storage device detected
[  858.039961][ T5884] usb-storage 6-1:0.0: Quirks match for vid 152d pid 0539: 4000000
[  859.201027][T12474] overlayfs: missing 'lowerdir'
[  859.218887][ T5884] usb 6-1: USB disconnect, device number 10
[  859.257441][T12474] overlayfs: failed to resolve './file1': -2
[  859.298285][    T9] usb 5-1: USB disconnect, device number 5
[  859.781570][T12487] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1387'.
[  859.801930][T12487] pim6reg: entered allmulticast mode
[  859.811166][T12487] pim6reg: left allmulticast mode
[  860.003861][ T5884] usb 1-1: new full-speed USB device number 6 using dummy_hcd
[  860.179460][ T5884] usb 1-1: not running at top speed; connect to a high speed hub
[  860.253708][ T5884] usb 1-1: config 1 contains an unexpected descriptor of type 0x1, skipping
[  860.283015][ T5884] usb 1-1: config 1 has an invalid descriptor of length 1, skipping remainder of the config
[  860.526044][ T5884] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 3
[  860.569926][ T5884] usb 1-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  860.603832][ T5884] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  860.687143][ T5884] usb 1-1: Product: ᥭߴ鲶ﴼ�ꗴ咙ﾌ�ც綔��䎊ꕾ⓷纘삼꾇腇ᗴꈄḌ꛾ꃓᒮ넱繡濵�䉾�븑믚얳霗�ɬ⚨쟗�韤䟚︪冀蹙熽ት藕뤉뫿礞��
[  860.709706][ T5884] usb 1-1: Manufacturer: Ъ
[  860.714303][ T5884] usb 1-1: SerialNumber: à „
[  861.055609][T12485] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  861.300998][T12485] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  861.564027][ T5884] usb 1-1: 0:2 : does not exist
[  861.643213][ T5884] usb 1-1: USB disconnect, device number 6
[  862.484447][ T5884] usb 1-1: new high-speed USB device number 7 using dummy_hcd
[  862.693858][ T5842] usb 3-1: new high-speed USB device number 10 using dummy_hcd
[  862.804282][ T5884] usb 1-1: Using ep0 maxpacket: 8
[  862.988826][ T5884] usb 1-1: New USB device found, idVendor=047d, idProduct=5003, bcdDevice=2f.8c
[  863.000855][ T5884] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  863.011104][ T5884] usb 1-1: Product: syz
[  863.034295][ T5884] usb 1-1: Manufacturer: syz
[  863.038946][ T5884] usb 1-1: SerialNumber: syz
[  863.088484][ T5842] usb 3-1: unable to get BOS descriptor or descriptor too short
[  863.118688][ T5842] usb 3-1: unable to read config index 0 descriptor/start: -71
[  863.151014][ T5842] usb 3-1: can't read configurations, error -71
[  863.289323][T12523] overlayfs: missing 'lowerdir'
[  864.633141][ T5884] usb 1-1: config 0 descriptor??
[  864.641822][ T5884] gspca_main: se401-2.14.0 probing 047d:5003
[  865.646272][ T5884] gspca_se401: Bayer format not supported!
[  866.069672][T12552] binder: 12551:12552 ioctl c0306201 0 returned -14
[  866.087381][T12547] netlink: 8 bytes leftover after parsing attributes in process `syz.6.1403'.
[  867.292298][T12555] pim6reg: entered allmulticast mode
[  867.299228][T12547] pim6reg: left allmulticast mode
[  867.573930][ T5908] usb 1-1: USB disconnect, device number 7
[  868.374523][T12566] netlink: 'syz.0.1408': attribute type 5 has an invalid length.
[  868.382346][T12566] netlink: 7 bytes leftover after parsing attributes in process `syz.0.1408'.
[  868.640426][T12571] openvswitch: netlink: VXLAN extension message has 201 unknown bytes.
[  870.525061][ T1300] ieee802154 phy0 wpan0: encryption failed: -22
[  870.555665][ T1300] ieee802154 phy1 wpan1: encryption failed: -22
[  870.694304][ T5884] usb 3-1: new high-speed USB device number 12 using dummy_hcd
[  871.760510][ T5884] usb 3-1: config 0 interface 0 altsetting 253 endpoint 0x81 has an invalid bInterval 36, changing to 9
[  871.777341][ T5884] usb 3-1: config 0 interface 0 altsetting 253 endpoint 0x81 has invalid wMaxPacketSize 0
[  871.787764][ T5884] usb 3-1: config 0 interface 0 has no altsetting 0
[  871.795178][ T5884] usb 3-1: New USB device found, idVendor=0810, idProduct=0002, bcdDevice= 0.00
[  871.804596][ T5884] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  871.833044][ T5884] usb 3-1: config 0 descriptor??
[  872.034563][T12604] openvswitch: netlink: VXLAN extension message has 201 unknown bytes.
[  872.068717][T12601] input: syz1 as /devices/virtual/input/input9
[  872.446782][T12612] netlink: 'syz.6.1420': attribute type 4 has an invalid length.
[  873.175245][ T5884] pantherlord 0003:0810:0002.0001: hidraw0: USB HID v0.00 Device [HID 0810:0002] on usb-dummy_hcd.2-1/input0
[  873.249321][ T5884] pantherlord 0003:0810:0002.0001: Force feedback for PantherLord/GreenAsia devices by Anssi Hannula <anssi.hannula@gmail.com>
[  873.336312][T12618] netlink: 'syz.6.1422': attribute type 5 has an invalid length.
[  873.344247][T12618] netlink: 7 bytes leftover after parsing attributes in process `syz.6.1422'.
[  873.907465][T12625] openvswitch: netlink: VXLAN extension message has 201 unknown bytes.
[  874.322858][ T5842] usb 3-1: USB disconnect, device number 12
[  874.448477][T12634] bridge0: trying to set multicast startup query interval below minimum, setting to 100 (1000ms)
[  874.507940][T12635] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1424'.
[  874.571309][T12635] pim6reg: entered allmulticast mode
[  874.870759][T12641] pim6reg: left allmulticast mode
[  878.024787][T12664] netlink: 'syz.6.1435': attribute type 5 has an invalid length.
[  878.032565][T12664] netlink: 7 bytes leftover after parsing attributes in process `syz.6.1435'.
[  878.064605][T12666] No control pipe specified
[  878.322837][T12672] openvswitch: netlink: VXLAN extension message has 201 unknown bytes.
[  881.223783][T12697] FAULT_INJECTION: forcing a failure.
[  881.223783][T12697] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  881.237911][T12697] CPU: 1 UID: 0 PID: 12697 Comm: syz.2.1441 Not tainted 6.16.0-rc6-syzkaller-00037-ge2291551827f #0 PREEMPT(full) 
[  881.237936][T12697] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  881.237948][T12697] Call Trace:
[  881.237955][T12697]  <TASK>
[  881.237963][T12697]  dump_stack_lvl+0x189/0x250
[  881.237988][T12697]  ? __pfx____ratelimit+0x10/0x10
[  881.238014][T12697]  ? __pfx_dump_stack_lvl+0x10/0x10
[  881.238033][T12697]  ? __pfx__printk+0x10/0x10
[  881.238054][T12697]  ? __might_fault+0xb0/0x130
[  881.238088][T12697]  should_fail_ex+0x414/0x560
[  881.238116][T12697]  _copy_from_user+0x2d/0xb0
[  881.238132][T12697]  xfrm_user_policy+0x2cf/0x950
[  881.238147][T12697]  ? rcu_is_watching+0x15/0xb0
[  881.238164][T12697]  ? __pfx_xfrm_user_policy+0x10/0x10
[  881.238178][T12697]  ? __local_bh_enable_ip+0x12d/0x1c0
[  881.238264][T12697]  ? safesetid_security_capable+0xa9/0x1a0
[  881.238285][T12697]  ? bpf_lsm_capable+0x9/0x20
[  881.238298][T12697]  ? security_capable+0x7e/0x2e0
[  881.238318][T12697]  do_ipv6_setsockopt+0x165c/0x2fb0
[  881.238344][T12697]  ? __pfx_do_ipv6_setsockopt+0x10/0x10
[  881.238360][T12697]  ? __might_fault+0xb0/0x130
[  881.238378][T12697]  ? _parse_integer_limit+0x1ae/0x1f0
[  881.238403][T12697]  ? __lock_acquire+0xab9/0xd20
[  881.238424][T12697]  ? get_pid_task+0x20/0x1f0
[  881.238453][T12697]  ? rcu_read_lock_any_held+0xb3/0x120
[  881.238469][T12697]  ? __pfx_rcu_read_lock_any_held+0x10/0x10
[  881.238486][T12697]  ? vfs_write+0x8d8/0xa90
[  881.238511][T12697]  ipv6_setsockopt+0x59/0x170
[  881.238530][T12697]  rawv6_setsockopt+0x23b/0x5b0
[  881.238547][T12697]  ? __lock_acquire+0xab9/0xd20
[  881.238561][T12697]  ? __pfx_rawv6_setsockopt+0x10/0x10
[  881.238581][T12697]  ? sock_common_setsockopt+0x36/0xc0
[  881.238596][T12697]  ? __pfx_sock_common_setsockopt+0x10/0x10
[  881.238611][T12697]  do_sock_setsockopt+0x25a/0x3e0
[  881.238629][T12697]  ? __pfx_do_sock_setsockopt+0x10/0x10
[  881.238648][T12697]  ? __fget_files+0x2a/0x420
[  881.238667][T12697]  __x64_sys_setsockopt+0x18b/0x220
[  881.238687][T12697]  do_syscall_64+0xfa/0x3b0
[  881.238699][T12697]  ? lockdep_hardirqs_on+0x9c/0x150
[  881.238717][T12697]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  881.238731][T12697]  ? clear_bhb_loop+0x60/0xb0
[  881.238747][T12697]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  881.238760][T12697] RIP: 0033:0x7f0ca958e929
[  881.238773][T12697] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  881.238785][T12697] RSP: 002b:00007f0caa417038 EFLAGS: 00000246 ORIG_RAX: 0000000000000036
[  881.238799][T12697] RAX: ffffffffffffffda RBX: 00007f0ca97b6160 RCX: 00007f0ca958e929
[  881.238809][T12697] RDX: 0000000000000022 RSI: 0000000000000029 RDI: 0000000000000005
[  881.238817][T12697] RBP: 00007f0caa417090 R08: 000000000000005c R09: 0000000000000000
[  881.238826][T12697] R10: 0000200000000100 R11: 0000000000000246 R12: 0000000000000001
[  881.238834][T12697] R13: 0000000000000000 R14: 00007f0ca97b6160 R15: 00007ffdb45d5098
[  881.238856][T12697]  </TASK>
[  881.541165][    C1] vkms_vblank_simulate: vblank timer overrun
[  884.591670][T12720] netlink: 40 bytes leftover after parsing attributes in process `syz.2.1448'.
[  884.798214][T12731] netlink: 'syz.6.1453': attribute type 1 has an invalid length.
[  884.827245][T12735] binder: 12732:12735 ioctl 5429 200000000180 returned -22
[  887.174704][    T9] usb 5-1: new high-speed USB device number 6 using dummy_hcd
[  887.378597][    T9] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  887.437819][    T9] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  887.475350][    T9] usb 5-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00
[  887.485256][    T9] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  887.574553][ T5901] usb 7-1: new high-speed USB device number 6 using dummy_hcd
[  887.600607][    T9] usb 5-1: config 0 descriptor??
[  887.701996][T12765] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1465'.
[  887.724438][ T5842] usb 1-1: new high-speed USB device number 8 using dummy_hcd
[  887.766263][T12765] pim6reg: entered allmulticast mode
[  887.775411][T12766] pim6reg: left allmulticast mode
[  887.781601][ T5901] usb 7-1: Using ep0 maxpacket: 8
[  887.803348][ T5901] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x8D has an invalid bInterval 42, changing to 9
[  887.814820][ T5901] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  887.830172][ T5901] usb 7-1: config 0 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  887.842309][ T5901] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x8B has invalid maxpacket 12336, setting to 1024
[  887.982589][ T5901] usb 7-1: config 0 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 1024
[  887.993220][ T5901] usb 7-1: New USB device found, idVendor=05ac, idProduct=8215, bcdDevice=8f.58
[  887.994252][ T5842] usb 1-1: Using ep0 maxpacket: 8
[  888.006401][ T5901] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  888.011036][ T5842] usb 1-1: config 179 has an invalid interface number: 65 but max is 0
[  888.025137][ T5842] usb 1-1: config 179 has no interface number 0
[  888.032122][ T5901] usb 7-1: config 0 descriptor??
[  888.050237][ T5842] usb 1-1: config 179 interface 65 altsetting 12 endpoint 0xF has an invalid bInterval 63, changing to 9
[  888.053062][T12755] raw-gadget.1 gadget.6: fail, usb_ep_enable returned -22
[  888.105229][ T5842] usb 1-1: config 179 interface 65 altsetting 12 endpoint 0xF has invalid maxpacket 57605, setting to 1024
[  888.200781][ T5842] usb 1-1: config 179 interface 65 altsetting 12 endpoint 0x83 has an invalid bInterval 0, changing to 7
[  888.275983][ T5842] usb 1-1: config 179 interface 65 altsetting 12 endpoint 0x83 has invalid wMaxPacketSize 0
[  888.304986][ T5842] usb 1-1: config 179 interface 65 altsetting 12 has 2 endpoint descriptors, different from the interface descriptor's value: 23
[  888.319568][ T5842] usb 1-1: config 179 interface 65 has no altsetting 0
[  888.327561][ T5842] usb 1-1: New USB device found, idVendor=12ab, idProduct=0004, bcdDevice= 0.00
[  888.337359][ T5842] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  888.468535][ T5842] input: Honey Bee Xbox360 dancepad as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:179.65/input/input10
[  888.671445][T12758] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  888.736675][T12758] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  888.780422][   T24] usb 7-1: USB disconnect, device number 6
[  888.790326][ T5838] Bluetooth: hci5: Opcode 0x0c03 failed: -71
[  888.921663][ T5838] Bluetooth: hci3: ISO packet for unknown connection handle 1145
[  888.977206][    T9] uclogic 0003:256C:006D.0002: failed retrieving string descriptor #100: -71
[  889.053811][    T9] uclogic 0003:256C:006D.0002: failed retrieving pen parameters: -71
[  889.084406][    T9] uclogic 0003:256C:006D.0002: failed probing pen v1 parameters: -71
[  889.118503][    T9] uclogic 0003:256C:006D.0002: failed probing parameters: -71
[  889.160536][    T9] uclogic 0003:256C:006D.0002: probe with driver uclogic failed with error -71
[  889.200672][    T9] usb 5-1: USB disconnect, device number 6
[  889.264732][   T24] usb 1-1: USB disconnect, device number 8
[  889.266258][    C0] xpad 1-1:179.65: xpad_irq_out - usb_submit_urb failed with result -19
[  892.879006][ T8707] usb 1-1: new high-speed USB device number 9 using dummy_hcd
[  892.886614][ T5842] usb 7-1: new high-speed USB device number 7 using dummy_hcd
[  893.754452][ T8707] usb 1-1: Using ep0 maxpacket: 16
[  893.778345][ T8707] usb 1-1: unable to get BOS descriptor or descriptor too short
[  893.824868][ T5842] usb 7-1: config 0 has an invalid interface number: 51 but max is 0
[  893.851696][T12806] bond1: entered allmulticast mode
[  893.891184][ T8707] usb 1-1: config 1 has an invalid interface number: 206 but max is 0
[  893.923722][ T5842] usb 7-1: config 0 has no interface number 0
[  893.933224][ T8707] usb 1-1: config 1 has no interface number 0
[  893.945487][ T5842] usb 7-1: config 0 interface 51 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[  893.965972][ T8707] usb 1-1: string descriptor 0 read error: -22
[  893.973537][ T5842] usb 7-1: New USB device found, idVendor=12d1, idProduct=8869, bcdDevice=3b.15
[  893.994955][ T8707] usb 1-1: New USB device found, idVendor=152d, idProduct=0310, bcdDevice=3b.0a
[  894.004050][ T8707] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  894.024294][ T5842] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  894.039596][ T5842] usb 7-1: Product: syz
[  894.043811][ T5842] usb 7-1: Manufacturer: syz
[  894.057573][ T5842] usb 7-1: SerialNumber: syz
[  894.083300][ T5842] usb 7-1: config 0 descriptor??
[  894.097563][ T5842] huawei_cdc_ncm 7-1:0.51: CDC Union missing and no IAD found
[  894.107427][ T5842] huawei_cdc_ncm 7-1:0.51: bind() failure
[  894.163731][T12818] 9pnet_fd: Insufficient options for proto=fd
[  894.254358][ T5901] usb 5-1: new high-speed USB device number 7 using dummy_hcd
[  894.300502][T12787] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  894.309223][T12787] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  894.346239][   T24] usb 7-1: USB disconnect, device number 7
[  894.426740][ T5842] usb 1-1: USB disconnect, device number 9
[  894.586355][ T5901] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  895.230610][ T5901] usb 5-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40
[  895.239959][ T5901] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  895.312315][ T5901] usb 5-1: config 0 descriptor??
[  895.662223][T12812] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  896.744584][T12812] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  897.040034][ T5901] keytouch 0003:0926:3333.0003: fixing up Keytouch IEC report descriptor
[  897.055568][ T5901] input: HID 0926:3333 as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/0003:0926:3333.0003/input/input13
[  901.166560][ T5901] keytouch 0003:0926:3333.0003: input,hidraw0: USB HID v0.00 Keyboard [HID 0926:3333] on usb-dummy_hcd.4-1/input0
[  901.330653][T12869] netlink: 384 bytes leftover after parsing attributes in process `syz.4.1494'.
[  901.339979][T12869] netlink: 'syz.4.1494': attribute type 2 has an invalid length.
[  901.524536][ T5901] usb 5-1: USB disconnect, device number 7
[  901.863327][T12875] fido_id[12875]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.4/usb5/5-1/report_descriptor': No such file or directory
[  903.364231][T12892] netlink: 14528 bytes leftover after parsing attributes in process `syz.4.1498'.
[  904.484446][T12903] Illegal XDP return value 4294967274 on prog  (id 308) dev N/A, expect packet loss!
[  908.960460][T12954] FAULT_INJECTION: forcing a failure.
[  908.960460][T12954] name failslab, interval 1, probability 0, space 0, times 0
[  908.974838][T12954] CPU: 0 UID: 0 PID: 12954 Comm: syz.2.1517 Not tainted 6.16.0-rc6-syzkaller-00037-ge2291551827f #0 PREEMPT(full) 
[  908.974864][T12954] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  908.974874][T12954] Call Trace:
[  908.974882][T12954]  <TASK>
[  908.974889][T12954]  dump_stack_lvl+0x189/0x250
[  908.974913][T12954]  ? __pfx____ratelimit+0x10/0x10
[  908.974937][T12954]  ? __pfx_dump_stack_lvl+0x10/0x10
[  908.974955][T12954]  ? __pfx__printk+0x10/0x10
[  908.974981][T12954]  ? __pfx___might_resched+0x10/0x10
[  908.974999][T12954]  ? fs_reclaim_acquire+0x7d/0x100
[  908.975021][T12954]  should_fail_ex+0x414/0x560
[  908.975049][T12954]  should_failslab+0xa8/0x100
[  908.975074][T12954]  __kmalloc_cache_noprof+0x70/0x3d0
[  908.975097][T12954]  ? rtnl_newlink+0xed/0x1c70
[  908.975113][T12954]  ? kasan_save_free_info+0x46/0x50
[  908.975135][T12954]  rtnl_newlink+0xed/0x1c70
[  908.975151][T12954]  ? netlink_sendmsg+0x805/0xb30
[  908.975169][T12954]  ? __sock_sendmsg+0x219/0x270
[  908.975190][T12954]  ? ____sys_sendmsg+0x52d/0x830
[  908.975207][T12954]  ? ___sys_sendmsg+0x21f/0x2a0
[  908.975225][T12954]  ? __sys_sendmmsg+0x227/0x430
[  908.975240][T12954]  ? __x64_sys_sendmmsg+0xa0/0xc0
[  908.975259][T12954]  ? do_syscall_64+0xfa/0x3b0
[  908.975274][T12954]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  908.975298][T12954]  ? __pfx_rtnl_newlink+0x10/0x10
[  908.975338][T12954]  ? kasan_quarantine_put+0xdd/0x220
[  908.975358][T12954]  ? lockdep_hardirqs_on+0x9c/0x150
[  908.975387][T12954]  ? nlmon_xmit+0xb0/0x100
[  908.975402][T12954]  ? kmem_cache_free+0x18f/0x400
[  908.975431][T12954]  ? __local_bh_enable_ip+0x12d/0x1c0
[  908.975450][T12954]  ? lockdep_hardirqs_on+0x9c/0x150
[  908.975473][T12954]  ? __local_bh_enable_ip+0x12d/0x1c0
[  908.975491][T12954]  ? __pfx___local_bh_enable_ip+0x10/0x10
[  908.975512][T12954]  ? __dev_queue_xmit+0x27e/0x3a70
[  908.975534][T12954]  ? __dev_queue_xmit+0x27e/0x3a70
[  908.975553][T12954]  ? __dev_queue_xmit+0x27e/0x3a70
[  908.975576][T12954]  ? __dev_queue_xmit+0x1cd7/0x3a70
[  908.975611][T12954]  ? __lock_acquire+0xab9/0xd20
[  908.975652][T12954]  ? __pfx_rtnl_newlink+0x10/0x10
[  908.975669][T12954]  rtnetlink_rcv_msg+0x7cc/0xb70
[  908.975691][T12954]  ? rtnetlink_rcv_msg+0x1ab/0xb70
[  908.975707][T12954]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  908.975723][T12954]  ? ref_tracker_free+0x63a/0x7d0
[  908.975744][T12954]  ? __copy_skb_header+0xa7/0x550
[  908.975766][T12954]  ? __pfx_ref_tracker_free+0x10/0x10
[  908.975786][T12954]  ? __skb_clone+0x63/0x7a0
[  908.975812][T12954]  netlink_rcv_skb+0x208/0x470
[  908.975831][T12954]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  908.975846][T12954]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  908.975876][T12954]  ? netlink_deliver_tap+0x2e/0x1b0
[  908.975895][T12954]  ? netlink_deliver_tap+0x2e/0x1b0
[  908.975915][T12954]  netlink_unicast+0x75c/0x8e0
[  908.975941][T12954]  netlink_sendmsg+0x805/0xb30
[  908.975967][T12954]  ? __pfx_netlink_sendmsg+0x10/0x10
[  908.975990][T12954]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  908.976009][T12954]  ? __pfx_netlink_sendmsg+0x10/0x10
[  908.976027][T12954]  __sock_sendmsg+0x219/0x270
[  908.976050][T12954]  ____sys_sendmsg+0x52d/0x830
[  908.976074][T12954]  ? __pfx_____sys_sendmsg+0x10/0x10
[  908.976101][T12954]  ? import_iovec+0x74/0xa0
[  908.976123][T12954]  ___sys_sendmsg+0x21f/0x2a0
[  908.976144][T12954]  ? __pfx____sys_sendmsg+0x10/0x10
[  908.976196][T12954]  ? __fget_files+0x2a/0x420
[  908.976211][T12954]  ? __fget_files+0x3a0/0x420
[  908.976235][T12954]  __sys_sendmmsg+0x227/0x430
[  908.976259][T12954]  ? __pfx___sys_sendmmsg+0x10/0x10
[  908.976275][T12954]  ? __mutex_unlock_slowpath+0x1cd/0x700
[  908.976313][T12954]  ? ksys_write+0x22a/0x250
[  908.976334][T12954]  ? __pfx_ksys_write+0x10/0x10
[  908.976351][T12954]  ? rcu_is_watching+0x15/0xb0
[  908.976374][T12954]  __x64_sys_sendmmsg+0xa0/0xc0
[  908.976397][T12954]  do_syscall_64+0xfa/0x3b0
[  908.976410][T12954]  ? lockdep_hardirqs_on+0x9c/0x150
[  908.976432][T12954]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  908.976448][T12954]  ? clear_bhb_loop+0x60/0xb0
[  908.976466][T12954]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  908.976482][T12954] RIP: 0033:0x7f0ca958e929
[  908.976497][T12954] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  908.976510][T12954] RSP: 002b:00007f0caa459038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[  908.976529][T12954] RAX: ffffffffffffffda RBX: 00007f0ca97b5fa0 RCX: 00007f0ca958e929
[  908.976539][T12954] RDX: 040000000000009f RSI: 00002000000002c0 RDI: 0000000000000003
[  908.976550][T12954] RBP: 00007f0caa459090 R08: 0000000000000000 R09: 0000000000000000
[  908.976560][T12954] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  908.976568][T12954] R13: 0000000000000000 R14: 00007f0ca97b5fa0 R15: 00007ffdb45d5098
[  908.976602][T12954]  </TASK>
[  909.554302][ T8707] usb 1-1: new low-speed USB device number 10 using dummy_hcd
[  910.126655][ T8707] usb 1-1: device descriptor read/all, error -71
[  912.927312][T12985] netlink: 'syz.2.1523': attribute type 5 has an invalid length.
[  912.935266][T12985] netlink: 7 bytes leftover after parsing attributes in process `syz.2.1523'.
[  913.344001][T12991] openvswitch: netlink: VXLAN extension message has 201 unknown bytes.
[  914.213802][ T8707] usb 7-1: new full-speed USB device number 8 using dummy_hcd
[  914.412275][T13001] netlink: 'syz.2.1528': attribute type 5 has an invalid length.
[  914.420719][T13001] netlink: 7 bytes leftover after parsing attributes in process `syz.2.1528'.
[  914.911758][T13006] openvswitch: netlink: VXLAN extension message has 201 unknown bytes.
[  915.941751][ T8707] usb 7-1: New USB device found, idVendor=09c0, idProduct=0203, bcdDevice=d3.43
[  915.972105][T12997] 9pnet: Could not find request transport: rd‡a0000000004[23
[  915.979677][ T8707] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  916.057039][ T8707] usb 7-1: config 0 descriptor??
[  916.096165][ T8707] usb 7-1: can't set config #0, error -71
[  916.139528][ T8707] usb 7-1: USB disconnect, device number 8
[  921.026217][T13052] netlink: 384 bytes leftover after parsing attributes in process `syz.6.1541'.
[  921.035922][T13052] netlink: 'syz.6.1541': attribute type 2 has an invalid length.
[  925.480424][T13081] netlink: 28 bytes leftover after parsing attributes in process `syz.4.1547'.
[  925.495775][T13081] netlink: 384 bytes leftover after parsing attributes in process `syz.4.1547'.
[  925.505124][T13081] netlink: 'syz.4.1547': attribute type 2 has an invalid length.
[  927.770554][T13104] netlink: 212376 bytes leftover after parsing attributes in process `syz.4.1556'.
[  927.780941][T13103] netlink: 'syz.5.1555': attribute type 5 has an invalid length.
[  927.788818][T13103] netlink: 7 bytes leftover after parsing attributes in process `syz.5.1555'.
[  927.948393][T13102] [U] ùÿ
[  927.969857][T13109] xt_CT: You must specify a L4 protocol and not use inversions on it
[  928.062574][T13111] openvswitch: netlink: VXLAN extension message has 201 unknown bytes.
[  931.094391][ T8707] usb 1-1: new full-speed USB device number 12 using dummy_hcd
[  931.541123][ T1300] ieee802154 phy0 wpan0: encryption failed: -22
[  931.561892][ T1300] ieee802154 phy1 wpan1: encryption failed: -22
[  931.885752][ T8707] usb 1-1: config 0 has an invalid interface number: 176 but max is 0
[  931.893977][ T8707] usb 1-1: config 0 has no interface number 0
[  931.934834][ T8707] usb 1-1: config 0 interface 176 altsetting 25 has 1 endpoint descriptor, different from the interface descriptor's value: 23
[  931.969373][ T8707] usb 1-1: config 0 interface 176 has no altsetting 0
[  931.991278][ T8707] usb 1-1: New USB device found, idVendor=0499, idProduct=1039, bcdDevice= c.76
[  932.021266][ T8707] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  932.030905][ T8707] usb 1-1: Product: syz
[  932.039024][ T8707] usb 1-1: Manufacturer: syz
[  932.043732][ T8707] usb 1-1: SerialNumber: syz
[  932.060232][ T8707] usb 1-1: config 0 descriptor??
[  932.070336][T13119] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22
[  932.238828][T13149] overlayfs: missing 'lowerdir'
[  932.327606][ T8707] usb 1-1: Quirk or no altset; falling back to MIDI 1.0
[  932.539877][ T8707] usb 1-1: USB disconnect, device number 12
[  934.918088][T13173] binder: 13172:13173 ioctl c0306201 0 returned -14
[  936.414986][T13183] netlink: 'syz.0.1577': attribute type 9 has an invalid length.
[  936.474415][T13183] netlink: 'syz.0.1577': attribute type 9 has an invalid length.
[  936.585947][T13195] FAULT_INJECTION: forcing a failure.
[  936.585947][T13195] name failslab, interval 1, probability 0, space 0, times 0
[  936.634334][T13195] CPU: 1 UID: 0 PID: 13195 Comm: syz.5.1580 Not tainted 6.16.0-rc6-syzkaller-00037-ge2291551827f #0 PREEMPT(full) 
[  936.634360][T13195] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  936.634371][T13195] Call Trace:
[  936.634378][T13195]  <TASK>
[  936.634386][T13195]  dump_stack_lvl+0x189/0x250
[  936.634410][T13195]  ? __pfx____ratelimit+0x10/0x10
[  936.634434][T13195]  ? __pfx_dump_stack_lvl+0x10/0x10
[  936.634451][T13195]  ? __pfx__printk+0x10/0x10
[  936.634476][T13195]  ? __pfx___might_resched+0x10/0x10
[  936.634495][T13195]  ? fs_reclaim_acquire+0x7d/0x100
[  936.634518][T13195]  should_fail_ex+0x414/0x560
[  936.634546][T13195]  ? __pfx_proc_alloc_inode+0x10/0x10
[  936.634563][T13195]  should_failslab+0xa8/0x100
[  936.634588][T13195]  ? __pfx_proc_alloc_inode+0x10/0x10
[  936.634604][T13195]  kmem_cache_alloc_lru_noprof+0x78/0x3d0
[  936.634627][T13195]  ? proc_alloc_inode+0x2a/0xc0
[  936.634657][T13195]  ? __pfx_proc_alloc_inode+0x10/0x10
[  936.634674][T13195]  proc_alloc_inode+0x2a/0xc0
[  936.634697][T13195]  alloc_inode+0x67/0x1b0
[  936.634722][T13195]  new_inode+0x22/0x170
[  936.634743][T13195]  proc_pid_make_inode+0x21/0x130
[  936.634766][T13195]  proc_pident_instantiate+0x6d/0x2b0
[  936.634792][T13195]  proc_pident_lookup+0x1b3/0x290
[  936.634822][T13195]  __lookup_slow+0x297/0x3d0
[  936.634845][T13195]  ? __pfx___lookup_slow+0x10/0x10
[  936.634871][T13195]  ? generic_permission+0x2db/0x690
[  936.634894][T13195]  ? down_read+0x1ad/0x2e0
[  936.634915][T13195]  lookup_slow+0x53/0x70
[  936.634935][T13195]  link_path_walk+0x935/0xea0
[  936.634971][T13195]  path_openat+0x28c/0x3830
[  936.634990][T13195]  ? arch_stack_walk+0xfc/0x150
[  936.635047][T13195]  ? __pfx_path_openat+0x10/0x10
[  936.635064][T13195]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  936.635103][T13195]  do_filp_open+0x1fa/0x410
[  936.635120][T13195]  ? __lock_acquire+0xab9/0xd20
[  936.635140][T13195]  ? __pfx_do_filp_open+0x10/0x10
[  936.635171][T13195]  ? __pfx_kfree_link+0x10/0x10
[  936.635204][T13195]  ? _raw_spin_unlock+0x28/0x50
[  936.635224][T13195]  ? alloc_fd+0x64c/0x6c0
[  936.635264][T13195]  do_sys_openat2+0x121/0x1c0
[  936.635286][T13195]  ? __pfx_do_sys_openat2+0x10/0x10
[  936.635305][T13195]  ? ksys_write+0x22a/0x250
[  936.635326][T13195]  ? __pfx_ksys_write+0x10/0x10
[  936.635351][T13195]  __x64_sys_openat+0x138/0x170
[  936.635375][T13195]  do_syscall_64+0xfa/0x3b0
[  936.635391][T13195]  ? lockdep_hardirqs_on+0x9c/0x150
[  936.635413][T13195]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  936.635430][T13195]  ? clear_bhb_loop+0x60/0xb0
[  936.635451][T13195]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  936.635468][T13195] RIP: 0033:0x7f2be018d290
[  936.635483][T13195] Code: 48 89 44 24 20 75 93 44 89 54 24 0c e8 49 94 02 00 44 8b 54 24 0c 89 da 48 89 ee 41 89 c0 bf 9c ff ff ff b8 01 01 00 00 0f 05 <48> 3d 00 f0 ff ff 77 38 44 89 c7 89 44 24 0c e8 9c 94 02 00 8b 44
[  936.635497][T13195] RSP: 002b:00007f2be102bf60 EFLAGS: 00000293 ORIG_RAX: 0000000000000101
[  936.635516][T13195] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f2be018d290
[  936.635528][T13195] RDX: 0000000000000000 RSI: 00007f2be0210db9 RDI: 00000000ffffff9c
[  936.635539][T13195] RBP: 00007f2be0210db9 R08: 0000000000000000 R09: 0000000000000000
[  936.635550][T13195] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000001
[  936.635560][T13195] R13: 0000000000000001 R14: 00007f2be03b5fa0 R15: 00007ffc1550b1f8
[  936.635589][T13195]  </TASK>
[  936.968824][    C1] vkms_vblank_simulate: vblank timer overrun
[  939.146489][T13221] syz.6.1586 uses obsolete (PF_INET,SOCK_PACKET)
[  945.081205][T13268] netlink: 'syz.5.1601': attribute type 5 has an invalid length.
[  945.089088][T13268] netlink: 7 bytes leftover after parsing attributes in process `syz.5.1601'.
[  945.658115][T13272] openvswitch: netlink: VXLAN extension message has 201 unknown bytes.
[  950.060225][T13284] FAULT_INJECTION: forcing a failure.
[  950.060225][T13284] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  950.306128][T13284] CPU: 0 UID: 0 PID: 13284 Comm: syz.0.1604 Not tainted 6.16.0-rc6-syzkaller-00037-ge2291551827f #0 PREEMPT(full) 
[  950.306156][T13284] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  950.306167][T13284] Call Trace:
[  950.306175][T13284]  <TASK>
[  950.306184][T13284]  dump_stack_lvl+0x189/0x250
[  950.306209][T13284]  ? __pfx____ratelimit+0x10/0x10
[  950.306234][T13284]  ? __pfx_dump_stack_lvl+0x10/0x10
[  950.306251][T13284]  ? __pfx__printk+0x10/0x10
[  950.306283][T13284]  should_fail_ex+0x414/0x560
[  950.306315][T13284]  _copy_to_iter+0x575/0x16f0
[  950.306346][T13284]  ? __pfx__copy_to_iter+0x10/0x10
[  950.306360][T13284]  ? __skb_try_recv_from_queue+0x58f/0x730
[  950.306387][T13284]  ? __skb_try_recv_datagram+0x3da/0x4e0
[  950.306415][T13284]  __skb_datagram_iter+0xf8/0x990
[  950.306437][T13284]  ? __pfx_simple_copy_to_iter+0x10/0x10
[  950.306467][T13284]  skb_copy_datagram_iter+0xc5/0x230
[  950.306493][T13284]  netlink_recvmsg+0x2ab/0xa30
[  950.306524][T13284]  ? __pfx_netlink_recvmsg+0x10/0x10
[  950.306548][T13284]  ? __lock_acquire+0xab9/0xd20
[  950.306567][T13284]  ? bpf_lsm_socket_recvmsg+0x9/0x20
[  950.306588][T13284]  ? security_socket_recvmsg+0x7e/0x2e0
[  950.306610][T13284]  ? __pfx_netlink_recvmsg+0x10/0x10
[  950.306630][T13284]  sock_recvmsg+0x229/0x270
[  950.306659][T13284]  ____sys_recvmsg+0x1c9/0x460
[  950.306689][T13284]  ? __pfx_____sys_recvmsg+0x10/0x10
[  950.306727][T13284]  ? import_iovec+0x74/0xa0
[  950.306750][T13284]  ___sys_recvmsg+0x1b5/0x510
[  950.306775][T13284]  ? __pfx____sys_recvmsg+0x10/0x10
[  950.306820][T13284]  ? __fget_files+0x3a0/0x420
[  950.306848][T13284]  do_recvmmsg+0x307/0x770
[  950.306878][T13284]  ? __pfx_do_recvmmsg+0x10/0x10
[  950.306913][T13284]  ? _copy_from_user+0x94/0xb0
[  950.306948][T13284]  __x64_sys_recvmmsg+0x1af/0x240
[  950.306974][T13284]  ? __pfx___x64_sys_recvmmsg+0x10/0x10
[  950.306993][T13284]  ? rcu_is_watching+0x15/0xb0
[  950.307017][T13284]  ? do_syscall_64+0xbe/0x3b0
[  950.307046][T13284]  do_syscall_64+0xfa/0x3b0
[  950.307061][T13284]  ? lockdep_hardirqs_on+0x9c/0x150
[  950.307084][T13284]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  950.307101][T13284]  ? clear_bhb_loop+0x60/0xb0
[  950.307120][T13284]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  950.307136][T13284] RIP: 0033:0x7f9a0ad8e929
[  950.307152][T13284] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  950.307166][T13284] RSP: 002b:00007f9a0bb45038 EFLAGS: 00000246 ORIG_RAX: 000000000000012b
[  950.307185][T13284] RAX: ffffffffffffffda RBX: 00007f9a0afb5fa0 RCX: 00007f9a0ad8e929
[  950.307198][T13284] RDX: 04000000000003b4 RSI: 00002000000037c0 RDI: 0000000000000003
[  950.307210][T13284] RBP: 00007f9a0bb45090 R08: 0000200000000080 R09: 0000000000000000
[  950.307221][T13284] R10: 0000000000012022 R11: 0000000000000246 R12: 0000000000000001
[  950.307233][T13284] R13: 0000000000000000 R14: 00007f9a0afb5fa0 R15: 00007ffe6ff26b18
[  950.307261][T13284]  </TASK>
[  952.021351][T13303] binder: 13302:13303 ioctl c0306201 0 returned -14
[  952.196624][T13313] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1613'.
[  952.212730][T13314] netlink: 8 bytes leftover after parsing attributes in process `syz.5.1612'.
[  952.262330][T13313] pim6reg: entered allmulticast mode
[  952.306497][T13314] pim6reg: entered allmulticast mode
[  952.311994][T13315] pim6reg: left allmulticast mode
[  952.674331][T13316] pim6reg: left allmulticast mode
[  953.234335][ T5894] usb 1-1: new high-speed USB device number 13 using dummy_hcd
[  953.527284][ T5894] usb 1-1: too many endpoints for config 0 interface 0 altsetting 0: 253, using maximum allowed: 30
[  953.707367][ T5894] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  953.835251][ T5894] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  953.878486][ T5894] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 253
[  954.098086][ T5894] usb 1-1: New USB device found, idVendor=05ac, idProduct=8243, bcdDevice=8b.40
[  954.112492][ T5894] usb 1-1: New USB device strings: Mfr=11, Product=0, SerialNumber=0
[  954.121139][ T5894] usb 1-1: Manufacturer: syz
[  954.141326][ T5894] usb 1-1: config 0 descriptor??
[  954.273040][T13334] netlink: 384 bytes leftover after parsing attributes in process `syz.6.1616'.
[  954.283426][T13334] netlink: 'syz.6.1616': attribute type 2 has an invalid length.
[  954.856873][ T5894] appleir 0003:05AC:8243.0004: unknown main item tag 0x0
[  954.893669][ T5894] appleir 0003:05AC:8243.0004: hiddev0,hidraw0: USB HID v0.00 Device [syz] on usb-dummy_hcd.0-1/input0
[  957.128764][T12802] usb 1-1: USB disconnect, device number 13
[  957.257931][T13361] binder: 13360:13361 ioctl c0306201 0 returned -14
[  960.464289][ T5901] usb 6-1: new high-speed USB device number 11 using dummy_hcd
[  960.781831][ T5901] usb 6-1: New USB device found, idVendor=2770, idProduct=9052, bcdDevice=15.f5
[  960.791419][ T5901] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  960.801105][ T5901] usb 6-1: Product: syz
[  960.805870][ T5901] usb 6-1: Manufacturer: syz
[  960.810470][ T5901] usb 6-1: SerialNumber: syz
[  960.817543][ T5901] usb 6-1: config 0 descriptor??
[  960.826336][ T5901] gspca_main: sq905c-2.14.0 probing 2770:9052
[  960.960618][T13415] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1637'.
[  961.001264][T13415] netlink: 'syz.0.1637': attribute type 20 has an invalid length.
[  961.018587][T13415] netlink: 'syz.0.1637': attribute type 21 has an invalid length.
[  961.650812][T13425] netlink: 384 bytes leftover after parsing attributes in process `syz.4.1639'.
[  961.660268][T13425] netlink: 'syz.4.1639': attribute type 2 has an invalid length.
[  961.851816][ T5901] gspca_sq905c: sq905c_read: usb_control_msg failed (-110)
[  961.872325][ T5901] sq905c 6-1:0.0: Reading version command failed
[  961.889113][ T5901] sq905c 6-1:0.0: probe with driver sq905c failed with error -110
[  962.499836][T13435] binder: 13433:13435 ioctl c0306201 0 returned -14
[  963.332741][ T5901] usb 6-1: USB disconnect, device number 11
[  963.835934][T13456] netlink: 384 bytes leftover after parsing attributes in process `syz.0.1648'.
[  963.847184][T13456] netlink: 'syz.0.1648': attribute type 2 has an invalid length.
[  964.427927][T13459] x_tables: ip6_tables: TCPMSS target: only valid for protocol 6
[  964.510373][T13466] x_tables: ip6_tables: TCPMSS target: only valid for protocol 6
[  964.768453][T13471] netlink: 384 bytes leftover after parsing attributes in process `syz.4.1653'.
[  964.779409][T13471] netlink: 'syz.4.1653': attribute type 2 has an invalid length.
[  967.783253][ T5901] usb 1-1: new full-speed USB device number 14 using dummy_hcd
[  968.085946][ T5901] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  968.195158][ T5901] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 3
[  968.307660][ T5901] usb 1-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  968.426715][ T5901] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  968.553814][ T5901] usb 1-1: Product: syz
[  968.644065][ T5901] usb 1-1: Manufacturer: syz
[  968.848586][ T5901] usb 1-1: SerialNumber: syz
[  969.860044][T13492] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  970.043558][T13492] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  970.593675][ T5901] usb 1-1: cannot find UAC_HEADER
[  971.197864][ T5901] snd-usb-audio 1-1:1.0: probe with driver snd-usb-audio failed with error -22
[  971.646464][ T5901] usb 1-1: USB disconnect, device number 14
[  971.722605][T11952] udevd[11952]: error opening ATTR{/sys/devices/platform/dummy_hcd.0/usb1/1-1/1-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  974.083893][T13554] xt_CT: You must specify a L4 protocol and not use inversions on it
[  974.227340][T13557] netlink: 'syz.0.1674': attribute type 5 has an invalid length.
[  974.235268][T13557] netlink: 7 bytes leftover after parsing attributes in process `syz.0.1674'.
[  974.592260][T13568] openvswitch: netlink: VXLAN extension message has 201 unknown bytes.
[  975.043921][T12802] usb 6-1: new high-speed USB device number 12 using dummy_hcd
[  975.604524][T12802] usb 6-1: Using ep0 maxpacket: 16
[  975.632492][T12802] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  975.650255][T12802] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  975.700622][T12802] usb 6-1: New USB device found, idVendor=1fd2, idProduct=6007, bcdDevice= 0.00
[  975.768139][T12802] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  975.797531][T12802] usb 6-1: config 0 descriptor??
[  976.944721][T12802] hid-multitouch 0003:1FD2:6007.0005: hidraw0: USB HID v0.00 Device [HID 1fd2:6007] on usb-dummy_hcd.5-1/input0
[  978.836226][T12802] usb 6-1: USB disconnect, device number 12
[  978.939222][T13605] netlink: 'syz.6.1688': attribute type 11 has an invalid length.
[  979.774477][T13460] usb 6-1: new high-speed USB device number 13 using dummy_hcd
[  981.011999][T13624] netlink: 'syz.0.1694': attribute type 5 has an invalid length.
[  981.021026][T13624] netlink: 7 bytes leftover after parsing attributes in process `syz.0.1694'.
[  981.034728][T13460] usb 6-1: Using ep0 maxpacket: 8
[  981.788652][T13460] usb 6-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2d.ea
[  981.799083][T13460] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  981.814829][T13460] usb 6-1: Product: syz
[  981.823869][T13460] usb 6-1: Manufacturer: syz
[  981.835723][T13460] usb 6-1: SerialNumber: syz
[  982.312264][T13460] usb 6-1: config 0 descriptor??
[  982.317779][T13631] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1695'.
[  982.348263][T13460] usb 6-1: can't set config #0, error -71
[  982.372654][T13631] pim6reg: entered allmulticast mode
[  982.405611][T13460] usb 6-1: USB disconnect, device number 13
[  982.430334][T13634] pim6reg: left allmulticast mode
[  983.629008][T13644] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1698'.
[  983.705251][T13644] netlink: 44 bytes leftover after parsing attributes in process `syz.2.1698'.
[  984.256629][T13664] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  984.279809][T13667] netlink: 32 bytes leftover after parsing attributes in process `syz.0.1709'.
[  984.994542][ T5923] usb 1-1: new low-speed USB device number 15 using dummy_hcd
[  985.548762][ T5923] usb 1-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0x41, changing to 0x1
[  985.622606][ T5923] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x1 has an invalid bInterval 0, changing to 4
[  986.278191][T13684] netlink: 384 bytes leftover after parsing attributes in process `syz.5.1712'.
[  986.288023][T13684] netlink: 'syz.5.1712': attribute type 2 has an invalid length.
[  987.405454][ T5923] usb 1-1: New USB device found, idVendor=0e9c, idProduct=0000, bcdDevice=5b.1e
[  988.020610][ T5923] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  988.031301][ T5923] usb 1-1: config 0 descriptor??
[  988.036933][ T5923] usb 1-1: can't set config #0, error -71
[  988.044928][ T5923] usb 1-1: USB disconnect, device number 15
[  989.519838][T13707] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1720'.
[  989.702153][T13711] pim6reg: entered allmulticast mode
[  990.115378][T13707] pim6reg: left allmulticast mode
[  991.541444][T13734] cgroup: fork rejected by pids controller in /syz4
[  991.805100][T13752] xt_CT: You must specify a L4 protocol and not use inversions on it
[  991.898652][T13755] netlink: 96 bytes leftover after parsing attributes in process `syz.0.1732'.
[  991.980377][T13777] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  992.215266][T13787] xt_socket: unknown flags 0xc
[  993.371094][ T1300] ieee802154 phy0 wpan0: encryption failed: -22
[  993.377890][ T1300] ieee802154 phy1 wpan1: encryption failed: -22
[  995.251853][T13816] netlink: 'syz.2.1742': attribute type 4 has an invalid length.
[  995.422875][   T59] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  995.700942][   T59] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  995.796866][   T59] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  996.087943][T13828] netlink: 8 bytes leftover after parsing attributes in process `syz.6.1745'.
[  996.132428][   T59] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  996.317481][T13828] pim6reg: entered allmulticast mode
[  996.368249][   T30] kauditd_printk_skb: 39 callbacks suppressed
[  996.368268][   T30] audit: type=1326 audit(1752724964.797:54): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13837 comm="syz.0.1748" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9a0ad8e929 code=0x7ffc0000
[  996.405495][T13835] pim6reg: left allmulticast mode
[  996.433499][   T30] audit: type=1326 audit(1752724964.797:55): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13837 comm="syz.0.1748" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7f9a0ad8e929 code=0x7ffc0000
[  996.462606][   T30] audit: type=1326 audit(1752724964.797:56): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13837 comm="syz.0.1748" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9a0ad8e929 code=0x7ffc0000
[  996.491299][   T30] audit: type=1326 audit(1752724964.797:57): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13837 comm="syz.0.1748" exe="/root/syz-executor" sig=0 arch=c000003e syscall=434 compat=0 ip=0x7f9a0ad8e929 code=0x7ffc0000
[  996.749160][   T30] audit: type=1326 audit(1752724964.797:58): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13837 comm="syz.0.1748" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9a0ad8e929 code=0x7ffc0000
[  996.976569][   T30] audit: type=1326 audit(1752724964.797:59): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13837 comm="syz.0.1748" exe="/root/syz-executor" sig=0 arch=c000003e syscall=308 compat=0 ip=0x7f9a0ad8e929 code=0x7ffc0000
[  997.019724][   T30] audit: type=1326 audit(1752724964.797:60): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13837 comm="syz.0.1748" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9a0ad8e929 code=0x7ffc0000
[  997.491587][   T30] audit: type=1326 audit(1752724964.797:61): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13837 comm="syz.0.1748" exe="/root/syz-executor" sig=0 arch=c000003e syscall=442 compat=0 ip=0x7f9a0ad8e929 code=0x7ffc0000
[  997.557505][T13848] FAULT_INJECTION: forcing a failure.
[  997.557505][T13848] name failslab, interval 1, probability 0, space 0, times 0
[  997.573430][T13848] CPU: 1 UID: 0 PID: 13848 Comm: syz.0.1750 Not tainted 6.16.0-rc6-syzkaller-00037-ge2291551827f #0 PREEMPT(full) 
[  997.573456][T13848] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  997.573466][T13848] Call Trace:
[  997.573474][T13848]  <TASK>
[  997.573481][T13848]  dump_stack_lvl+0x189/0x250
[  997.573506][T13848]  ? __pfx____ratelimit+0x10/0x10
[  997.573538][T13848]  ? __pfx_dump_stack_lvl+0x10/0x10
[  997.573557][T13848]  ? __pfx__printk+0x10/0x10
[  997.573584][T13848]  ? __pfx___might_resched+0x10/0x10
[  997.573602][T13848]  ? fs_reclaim_acquire+0x7d/0x100
[  997.573625][T13848]  should_fail_ex+0x414/0x560
[  997.573653][T13848]  should_failslab+0xa8/0x100
[  997.573678][T13848]  __kmalloc_noprof+0xcb/0x4f0
[  997.573698][T13848]  ? kfree+0x4d/0x440
[  997.573715][T13848]  ? tomoyo_realpath_from_path+0xe3/0x5d0
[  997.573739][T13848]  tomoyo_realpath_from_path+0xe3/0x5d0
[  997.573759][T13848]  ? tomoyo_domain+0xda/0x130
[  997.573784][T13848]  ? tomoyo_path_number_perm+0x1bc/0x5a0
[  997.573807][T13848]  tomoyo_path_number_perm+0x1e8/0x5a0
[  997.573833][T13848]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  997.573874][T13848]  ? __lock_acquire+0xab9/0xd20
[  997.573911][T13848]  ? __fget_files+0x2a/0x420
[  997.573929][T13848]  ? __fget_files+0x2a/0x420
[  997.573944][T13848]  ? __fget_files+0x3a0/0x420
[  997.573958][T13848]  ? __fget_files+0x2a/0x420
[  997.573977][T13848]  security_file_ioctl+0xcb/0x2d0
[  997.574004][T13848]  __se_sys_ioctl+0x47/0x170
[  997.574029][T13848]  do_syscall_64+0xfa/0x3b0
[  997.574044][T13848]  ? lockdep_hardirqs_on+0x9c/0x150
[  997.574071][T13848]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  997.574085][T13848]  ? clear_bhb_loop+0x60/0xb0
[  997.574105][T13848]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  997.574120][T13848] RIP: 0033:0x7f9a0ad8e929
[  997.574132][T13848] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  997.574144][T13848] RSP: 002b:00007f9a0bb45038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  997.574159][T13848] RAX: ffffffffffffffda RBX: 00007f9a0afb5fa0 RCX: 00007f9a0ad8e929
[  997.574168][T13848] RDX: 0000200000000240 RSI: 00000000c0189374 RDI: 0000000000000003
[  997.574177][T13848] RBP: 00007f9a0bb45090 R08: 0000000000000000 R09: 0000000000000000
[  997.574187][T13848] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  997.574196][T13848] R13: 0000000000000000 R14: 00007f9a0afb5fa0 R15: 00007ffe6ff26b18
[  997.574222][T13848]  </TASK>
[  997.834736][T13848] ERROR: Out of memory at tomoyo_realpath_from_path.
[  997.911170][   T30] audit: type=1326 audit(1752724964.797:62): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13837 comm="syz.0.1748" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9a0ad8e929 code=0x7ffc0000
[  997.932787][   T30] audit: type=1326 audit(1752724964.797:63): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13837 comm="syz.0.1748" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f9a0ad8e929 code=0x7ffc0000
[  998.026216][T11850] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[  998.039166][T11850] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[  998.048503][T11850] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[  998.061217][T11850] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[  998.084971][T11850] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[  998.098343][   T59] bridge_slave_1: left allmulticast mode
[  998.120992][   T59] bridge_slave_1: left promiscuous mode
[  998.141863][   T59] bridge0: port 2(bridge_slave_1) entered disabled state
[  998.228251][   T59] bridge_slave_0: left allmulticast mode
[  998.248021][   T59] bridge_slave_0: left promiscuous mode
[  998.277611][   T59] bridge0: port 1(bridge_slave_0) entered disabled state
[  999.728069][T13875] netlink: 40 bytes leftover after parsing attributes in process `syz.6.1756'.
[ 1000.254292][T11850] Bluetooth: hci1: command tx timeout
[ 1001.407261][   T59] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 1001.428908][   T59] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 1001.448084][   T59] bond0 (unregistering): Released all slaves
[ 1001.968674][   T59] bond1 (unregistering): Released all slaves
[ 1001.991808][T13858] platform regulatory.0: loading /lib/firmware/regulatory.db failed with error -12
[ 1002.003366][T13858] platform regulatory.0: Direct firmware load for regulatory.db failed with error -12
[ 1002.016368][T13858] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db
[ 1002.094244][T13460] usb 1-1: new high-speed USB device number 16 using dummy_hcd
[ 1002.247094][T13899] FAULT_INJECTION: forcing a failure.
[ 1002.247094][T13899] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1002.324465][T13899] CPU: 0 UID: 0 PID: 13899 Comm: syz.2.1761 Not tainted 6.16.0-rc6-syzkaller-00037-ge2291551827f #0 PREEMPT(full) 
[ 1002.324493][T13899] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 1002.324504][T13899] Call Trace:
[ 1002.324512][T13899]  <TASK>
[ 1002.324519][T13899]  dump_stack_lvl+0x189/0x250
[ 1002.324544][T13899]  ? __pfx____ratelimit+0x10/0x10
[ 1002.324568][T13899]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1002.324587][T13899]  ? __pfx__printk+0x10/0x10
[ 1002.324620][T13899]  should_fail_ex+0x414/0x560
[ 1002.324649][T13899]  _copy_to_user+0x31/0xb0
[ 1002.324670][T13899]  simple_read_from_buffer+0xe1/0x170
[ 1002.324700][T13899]  proc_fail_nth_read+0x1df/0x250
[ 1002.324721][T13899]  ? __pfx_proc_fail_nth_read+0x10/0x10
[ 1002.324742][T13899]  ? rw_verify_area+0x258/0x650
[ 1002.324763][T13899]  ? __pfx_proc_fail_nth_read+0x10/0x10
[ 1002.324782][T13899]  vfs_read+0x200/0x980
[ 1002.324810][T13899]  ? __pfx___mutex_lock+0x10/0x10
[ 1002.324827][T13899]  ? __pfx_vfs_read+0x10/0x10
[ 1002.324850][T13899]  ? __fget_files+0x2a/0x420
[ 1002.324877][T13899]  ? __fget_files+0x3a0/0x420
[ 1002.324892][T13899]  ? __fget_files+0x2a/0x420
[ 1002.324917][T13899]  ksys_read+0x145/0x250
[ 1002.324941][T13899]  ? __pfx_ksys_read+0x10/0x10
[ 1002.324968][T13899]  ? do_syscall_64+0xbe/0x3b0
[ 1002.324990][T13899]  do_syscall_64+0xfa/0x3b0
[ 1002.325005][T13899]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1002.325027][T13899]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1002.325044][T13899]  ? clear_bhb_loop+0x60/0xb0
[ 1002.325066][T13899]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1002.325082][T13899] RIP: 0033:0x7f0ca958d33c
[ 1002.325098][T13899] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[ 1002.325112][T13899] RSP: 002b:00007f0caa459030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[ 1002.325131][T13899] RAX: ffffffffffffffda RBX: 00007f0ca97b5fa0 RCX: 00007f0ca958d33c
[ 1002.325144][T13899] RDX: 000000000000000f RSI: 00007f0caa4590a0 RDI: 0000000000000004
[ 1002.325155][T13899] RBP: 00007f0caa459090 R08: 0000000000000000 R09: 0000000000000000
[ 1002.325165][T13899] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1002.325175][T13899] R13: 0000000000000000 R14: 00007f0ca97b5fa0 R15: 00007ffdb45d5098
[ 1002.325204][T13899]  </TASK>
[ 1002.426100][T13460] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 255, changing to 11
[ 1002.427103][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1002.431630][T13460] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 5
[ 1002.555907][T11850] Bluetooth: hci1: command tx timeout
[ 1002.759535][T13909] netlink: 'syz.2.1764': attribute type 5 has an invalid length.
[ 1002.768259][T13909] netlink: 7 bytes leftover after parsing attributes in process `syz.2.1764'.
[ 1002.817942][T13913] netlink: 8 bytes leftover after parsing attributes in process `syz.5.1765'.
[ 1002.842765][T13460] usb 1-1: New USB device found, idVendor=1241, idProduct=5015, bcdDevice= 0.00
[ 1002.853807][T13460] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1002.854622][T13913] pim6reg: entered allmulticast mode
[ 1002.891950][T13460] usb 1-1: config 0 descriptor??
[ 1003.023446][T13913] pim6reg: left allmulticast mode
[ 1003.320370][T13460] holtek 0003:1241:5015.0006: unbalanced collection at end of report description
[ 1003.349655][T13460] holtek 0003:1241:5015.0006: parse failed
[ 1003.362960][T13460] holtek 0003:1241:5015.0006: probe with driver holtek failed with error -22
[ 1003.495725][   T59] hsr_slave_0: left promiscuous mode
[ 1003.587620][   T59] hsr_slave_1: left promiscuous mode
[ 1003.615846][ T5894] usb 1-1: USB disconnect, device number 16
[ 1003.623619][   T59] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[ 1003.704472][   T59] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 1003.769151][   T59] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[ 1003.795272][   T59] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 1003.973522][T13928] openvswitch: netlink: VXLAN extension message has 201 unknown bytes.
[ 1004.225557][T13930] FAULT_INJECTION: forcing a failure.
[ 1004.225557][T13930] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1004.294225][T13930] CPU: 1 UID: 0 PID: 13930 Comm: syz.6.1767 Not tainted 6.16.0-rc6-syzkaller-00037-ge2291551827f #0 PREEMPT(full) 
[ 1004.294252][T13930] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 1004.294263][T13930] Call Trace:
[ 1004.294271][T13930]  <TASK>
[ 1004.294278][T13930]  dump_stack_lvl+0x189/0x250
[ 1004.294303][T13930]  ? __pfx____ratelimit+0x10/0x10
[ 1004.294328][T13930]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1004.294347][T13930]  ? __pfx__printk+0x10/0x10
[ 1004.294385][T13930]  should_fail_ex+0x414/0x560
[ 1004.294411][T13930]  _copy_to_user+0x31/0xb0
[ 1004.294433][T13930]  simple_read_from_buffer+0xe1/0x170
[ 1004.294462][T13930]  proc_fail_nth_read+0x1df/0x250
[ 1004.294484][T13930]  ? __pfx_proc_fail_nth_read+0x10/0x10
[ 1004.294505][T13930]  ? rw_verify_area+0x258/0x650
[ 1004.294526][T13930]  ? __pfx_proc_fail_nth_read+0x10/0x10
[ 1004.294545][T13930]  vfs_read+0x200/0x980
[ 1004.294571][T13930]  ? __pfx___mutex_lock+0x10/0x10
[ 1004.294588][T13930]  ? __pfx_vfs_read+0x10/0x10
[ 1004.294611][T13930]  ? __fget_files+0x2a/0x420
[ 1004.294632][T13930]  ? __fget_files+0x3a0/0x420
[ 1004.294646][T13930]  ? __fget_files+0x2a/0x420
[ 1004.294677][T13930]  ksys_read+0x145/0x250
[ 1004.294701][T13930]  ? __pfx_ksys_read+0x10/0x10
[ 1004.294719][T13930]  ? rcu_is_watching+0x15/0xb0
[ 1004.294744][T13930]  ? do_syscall_64+0xbe/0x3b0
[ 1004.294765][T13930]  do_syscall_64+0xfa/0x3b0
[ 1004.294780][T13930]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1004.294802][T13930]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1004.294819][T13930]  ? clear_bhb_loop+0x60/0xb0
[ 1004.294840][T13930]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1004.294856][T13930] RIP: 0033:0x7f29dfd8d33c
[ 1004.294871][T13930] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[ 1004.294885][T13930] RSP: 002b:00007f29e0b41030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[ 1004.294903][T13930] RAX: ffffffffffffffda RBX: 00007f29dffb5fa0 RCX: 00007f29dfd8d33c
[ 1004.294916][T13930] RDX: 000000000000000f RSI: 00007f29e0b410a0 RDI: 000000000000001e
[ 1004.294927][T13930] RBP: 00007f29e0b41090 R08: 0000000000000000 R09: 0000000000000000
[ 1004.294937][T13930] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1004.294947][T13930] R13: 0000000000000000 R14: 00007f29dffb5fa0 R15: 00007ffc290351e8
[ 1004.294977][T13930]  </TASK>
[ 1004.693923][ T5838] Bluetooth: hci1: command tx timeout
[ 1004.845105][   T59] veth0_macvtap: left promiscuous mode
[ 1004.850850][   T59] veth1_vlan: left promiscuous mode
[ 1004.860882][   T59] veth0_vlan: left promiscuous mode
[ 1005.078379][T13941] xt_CT: You must specify a L4 protocol and not use inversions on it
[ 1006.747888][ T5838] Bluetooth: hci1: command tx timeout
[ 1006.851372][T13951] FAULT_INJECTION: forcing a failure.
[ 1006.851372][T13951] name failslab, interval 1, probability 0, space 0, times 0
[ 1006.871443][T13951] CPU: 0 UID: 0 PID: 13951 Comm: syz.5.1772 Not tainted 6.16.0-rc6-syzkaller-00037-ge2291551827f #0 PREEMPT(full) 
[ 1006.871476][T13951] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 1006.871485][T13951] Call Trace:
[ 1006.871492][T13951]  <TASK>
[ 1006.871499][T13951]  dump_stack_lvl+0x189/0x250
[ 1006.871522][T13951]  ? __pfx____ratelimit+0x10/0x10
[ 1006.871543][T13951]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1006.871561][T13951]  ? __pfx__printk+0x10/0x10
[ 1006.871586][T13951]  ? __pfx___might_resched+0x10/0x10
[ 1006.871603][T13951]  ? fs_reclaim_acquire+0x7d/0x100
[ 1006.871624][T13951]  should_fail_ex+0x414/0x560
[ 1006.871653][T13951]  should_failslab+0xa8/0x100
[ 1006.871678][T13951]  kmem_cache_alloc_lru_noprof+0x78/0x3d0
[ 1006.871700][T13951]  ? __d_alloc+0x31/0x6f0
[ 1006.871722][T13951]  __d_alloc+0x31/0x6f0
[ 1006.871740][T13951]  ? __lock_acquire+0xab9/0xd20
[ 1006.871758][T13951]  d_alloc_parallel+0xe0/0x14e0
[ 1006.871789][T13951]  ? __d_lookup+0x66/0x780
[ 1006.871810][T13951]  ? __pfx_d_alloc_parallel+0x10/0x10
[ 1006.871844][T13951]  path_openat+0xa3b/0x3830
[ 1006.871861][T13951]  ? arch_stack_walk+0xfc/0x150
[ 1006.871917][T13951]  ? __pfx_path_openat+0x10/0x10
[ 1006.871933][T13951]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1006.871971][T13951]  do_filp_open+0x1fa/0x410
[ 1006.871989][T13951]  ? __lock_acquire+0xab9/0xd20
[ 1006.872006][T13951]  ? __pfx_do_filp_open+0x10/0x10
[ 1006.872038][T13951]  ? __pfx_kfree_link+0x10/0x10
[ 1006.872070][T13951]  ? _raw_spin_unlock+0x28/0x50
[ 1006.872092][T13951]  ? alloc_fd+0x64c/0x6c0
[ 1006.872126][T13951]  do_sys_openat2+0x121/0x1c0
[ 1006.872149][T13951]  ? __pfx_do_sys_openat2+0x10/0x10
[ 1006.872169][T13951]  ? ksys_write+0x22a/0x250
[ 1006.872192][T13951]  ? __pfx_ksys_write+0x10/0x10
[ 1006.872217][T13951]  __x64_sys_openat+0x138/0x170
[ 1006.872241][T13951]  do_syscall_64+0xfa/0x3b0
[ 1006.872256][T13951]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1006.872276][T13951]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1006.872292][T13951]  ? clear_bhb_loop+0x60/0xb0
[ 1006.872311][T13951]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1006.872328][T13951] RIP: 0033:0x7f2be018d290
[ 1006.872343][T13951] Code: 48 89 44 24 20 75 93 44 89 54 24 0c e8 49 94 02 00 44 8b 54 24 0c 89 da 48 89 ee 41 89 c0 bf 9c ff ff ff b8 01 01 00 00 0f 05 <48> 3d 00 f0 ff ff 77 38 44 89 c7 89 44 24 0c e8 9c 94 02 00 8b 44
[ 1006.872357][T13951] RSP: 002b:00007f2be102bf60 EFLAGS: 00000293 ORIG_RAX: 0000000000000101
[ 1006.872375][T13951] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f2be018d290
[ 1006.872387][T13951] RDX: 0000000000000000 RSI: 00007f2be0210db9 RDI: 00000000ffffff9c
[ 1006.872398][T13951] RBP: 00007f2be0210db9 R08: 0000000000000000 R09: 0000000000000000
[ 1006.872409][T13951] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000001
[ 1006.872420][T13951] R13: 0000000000000001 R14: 00007f2be03b5fa0 R15: 00007ffc1550b1f8
[ 1006.872449][T13951]  </TASK>
[ 1007.149696][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1008.953489][   T59] team0 (unregistering): Port device team_slave_1 removed
[ 1009.488276][   T59] team0 (unregistering): Port device team_slave_0 removed
[ 1010.029703][T13976] overlayfs: missing 'lowerdir'
[ 1010.041440][T13976] overlayfs: "xino" feature enabled using 2 upper inode bits.
[ 1010.370803][T13966] platform regulatory.0: loading /lib/firmware/regulatory.db failed with error -12
[ 1010.420865][T13966] platform regulatory.0: Direct firmware load for regulatory.db failed with error -12
[ 1010.454529][T13966] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db
[ 1011.757124][T14000] RDS: rds_bind could not find a transport for ::ffff:10.1.1.1, load rds_tcp or rds_rdma?
[ 1011.998235][T14010] xt_CT: You must specify a L4 protocol and not use inversions on it
[ 1012.054205][T13460] usb 7-1: new high-speed USB device number 9 using dummy_hcd
[ 1012.093063][T13849] chnl_net:caif_netlink_parms(): no params data found
[ 1012.095760][T14015] netlink: 8 bytes leftover after parsing attributes in process `syz.5.1786'.
[ 1012.161010][T14015] netlink: 44 bytes leftover after parsing attributes in process `syz.5.1786'.
[ 1012.414248][T13460] usb 7-1: Using ep0 maxpacket: 8
[ 1012.427666][T13460] usb 7-1: New USB device found, idVendor=10c4, idProduct=8244, bcdDevice=dc.00
[ 1012.439571][T13460] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1012.494018][T14020] overlayfs: missing 'lowerdir'
[ 1012.539993][T14020] overlayfs: missing 'workdir'
[ 1013.014306][T13460] usb 7-1: Product: syz
[ 1013.018682][T13460] usb 7-1: Manufacturer: syz
[ 1013.023864][T13460] usb 7-1: SerialNumber: syz
[ 1013.044655][T13460] usb 7-1: config 0 descriptor??
[ 1013.062849][T13460] radio-usb-si4713 7-1:0.0: Si4713 development board discovered: (10C4:8244)
[ 1013.347412][T13460] radio-usb-si4713 7-1:0.0: probe with driver radio-usb-si4713 failed with error -71
[ 1013.547280][T13460] usbhid 7-1:0.0: couldn't find an input interrupt endpoint
[ 1013.564288][T13460] usb 7-1: USB disconnect, device number 9
[ 1014.681083][T13849] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1014.746050][T13849] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1014.753328][T13849] bridge_slave_0: entered allmulticast mode
[ 1014.799650][T13849] bridge_slave_0: entered promiscuous mode
[ 1014.898713][T13849] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1014.914354][T13849] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1014.934484][T13849] bridge_slave_1: entered allmulticast mode
[ 1014.942272][T13849] bridge_slave_1: entered promiscuous mode
[ 1014.994825][T14041] netlink: 'syz.6.1791': attribute type 5 has an invalid length.
[ 1015.002599][T14041] netlink: 7 bytes leftover after parsing attributes in process `syz.6.1791'.
[ 1015.523137][T14049] netlink: 28 bytes leftover after parsing attributes in process `syz.5.1792'.
[ 1015.550169][T14050] openvswitch: netlink: VXLAN extension message has 201 unknown bytes.
[ 1016.196033][T13849] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1016.239571][T13849] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1018.461309][T14090] netlink: 'syz.2.1799': attribute type 4 has an invalid length.
[ 1018.474241][ T5894] usb 6-1: new full-speed USB device number 14 using dummy_hcd
[ 1018.529562][T13849] team0: Port device team_slave_0 added
[ 1018.559430][T13849] team0: Port device team_slave_1 added
[ 1018.651759][ T5894] usb 6-1: New USB device found, idVendor=09c0, idProduct=0203, bcdDevice=d3.43
[ 1018.666717][ T5894] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1019.125032][ T5894] usb 6-1: config 0 descriptor??
[ 1019.125523][T13849] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 1019.150691][ T5894] dvb-usb: found a 'Genpix SkyWalker-1 DVB-S receiver' in warm state.
[ 1019.177654][T13849] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1019.282453][T13849] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 1019.757801][T13849] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 1019.774024][T13849] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1019.834224][T13849] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 1019.925549][T14102] platform regulatory.0: loading /lib/firmware/regulatory.db failed with error -12
[ 1019.964667][T14102] platform regulatory.0: Direct firmware load for regulatory.db failed with error -12
[ 1019.981275][T14102] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db
[ 1020.082373][T13849] hsr_slave_0: entered promiscuous mode
[ 1020.111825][T13849] hsr_slave_1: entered promiscuous mode
[ 1020.130884][T13849] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[ 1020.140175][ T5894] gp8psk: usb out operation failed.
[ 1020.152630][T13849] Cannot create hsr debugfs directory
[ 1020.164356][ T5894] dvb-usb: This USB2.0 device cannot be run on a USB1.1 port. (it lacks a hardware PID filter)
[ 1020.202289][ T5894] dvb-usb: Genpix SkyWalker-1 DVB-S receiver error while loading driver (-19)
[ 1020.242272][ T5894] usb 6-1: USB disconnect, device number 14
[ 1020.964593][T14121] netlink: 'syz.2.1805': attribute type 5 has an invalid length.
[ 1020.972406][T14121] netlink: 7 bytes leftover after parsing attributes in process `syz.2.1805'.
[ 1021.402237][T14127] netlink: 28 bytes leftover after parsing attributes in process `syz.6.1806'.
[ 1021.432475][T14128] openvswitch: netlink: VXLAN extension message has 201 unknown bytes.
[ 1025.860074][T14181] netlink: 'syz.5.1816': attribute type 4 has an invalid length.
[ 1028.232399][T14212] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1824'.
[ 1028.513085][T13849] netdevsim netdevsim4 netdevsim0: renamed from eth0
[ 1028.537982][T13849] netdevsim netdevsim4 netdevsim1: renamed from eth1
[ 1028.552345][T13849] netdevsim netdevsim4 netdevsim2: renamed from eth2
[ 1028.579602][T13849] netdevsim netdevsim4 netdevsim3: renamed from eth3
[ 1029.393738][T13849] 8021q: adding VLAN 0 to HW filter on device bond0
[ 1029.651925][T13849] 8021q: adding VLAN 0 to HW filter on device team0
[ 1029.740570][ T6238] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1029.747821][ T6238] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1029.955743][T14241] netlink: 'syz.5.1827': attribute type 9 has an invalid length.
[ 1029.986457][T12341] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1029.993801][T12341] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1030.008915][T14244] netlink: 'syz.5.1827': attribute type 9 has an invalid length.
[ 1035.597400][T14287] overlayfs: missing 'lowerdir'
[ 1035.652389][T14288] overlayfs: "xino" feature enabled using 2 upper inode bits.
[ 1035.988435][T13849] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 1040.888149][T14318] xt_CT: You must specify a L4 protocol and not use inversions on it
[ 1041.916140][T14336] FAULT_INJECTION: forcing a failure.
[ 1041.916140][T14336] name failslab, interval 1, probability 0, space 0, times 0
[ 1041.929049][T14336] CPU: 0 UID: 0 PID: 14336 Comm: syz.2.1847 Not tainted 6.16.0-rc6-syzkaller-00037-ge2291551827f #0 PREEMPT(full) 
[ 1041.929072][T14336] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 1041.929083][T14336] Call Trace:
[ 1041.929090][T14336]  <TASK>
[ 1041.929098][T14336]  dump_stack_lvl+0x189/0x250
[ 1041.929122][T14336]  ? __pfx____ratelimit+0x10/0x10
[ 1041.929147][T14336]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1041.929166][T14336]  ? __pfx__printk+0x10/0x10
[ 1041.929190][T14336]  ? __pfx___might_resched+0x10/0x10
[ 1041.929209][T14336]  ? fs_reclaim_acquire+0x7d/0x100
[ 1041.929233][T14336]  should_fail_ex+0x414/0x560
[ 1041.929261][T14336]  should_failslab+0xa8/0x100
[ 1041.929287][T14336]  __kmalloc_noprof+0xcb/0x4f0
[ 1041.929309][T14336]  ? tomoyo_encode+0x28b/0x550
[ 1041.929332][T14336]  tomoyo_encode+0x28b/0x550
[ 1041.929355][T14336]  tomoyo_realpath_from_path+0x58d/0x5d0
[ 1041.929385][T14336]  ? tomoyo_path_number_perm+0x1bc/0x5a0
[ 1041.929409][T14336]  tomoyo_path_number_perm+0x1e8/0x5a0
[ 1041.929436][T14336]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[ 1041.929477][T14336]  ? __lock_acquire+0xab9/0xd20
[ 1041.929515][T14336]  ? __fget_files+0x2a/0x420
[ 1041.929534][T14336]  ? __fget_files+0x2a/0x420
[ 1041.929548][T14336]  ? __fget_files+0x3a0/0x420
[ 1041.929562][T14336]  ? __fget_files+0x2a/0x420
[ 1041.929581][T14336]  security_file_ioctl+0xcb/0x2d0
[ 1041.929609][T14336]  __se_sys_ioctl+0x47/0x170
[ 1041.929633][T14336]  do_syscall_64+0xfa/0x3b0
[ 1041.929649][T14336]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1041.929672][T14336]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1041.929689][T14336]  ? clear_bhb_loop+0x60/0xb0
[ 1041.929710][T14336]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1041.929726][T14336] RIP: 0033:0x7f0ca958e929
[ 1041.929742][T14336] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1041.929757][T14336] RSP: 002b:00007f0caa459038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1041.929775][T14336] RAX: ffffffffffffffda RBX: 00007f0ca97b5fa0 RCX: 00007f0ca958e929
[ 1041.929788][T14336] RDX: 0000200000000240 RSI: 00000000c0189374 RDI: 0000000000000003
[ 1041.929800][T14336] RBP: 00007f0caa459090 R08: 0000000000000000 R09: 0000000000000000
[ 1041.929816][T14336] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1041.929826][T14336] R13: 0000000000000000 R14: 00007f0ca97b5fa0 R15: 00007ffdb45d5098
[ 1041.929856][T14336]  </TASK>
[ 1041.929877][T14336] ERROR: Out of memory at tomoyo_realpath_from_path.
[ 1043.214191][   T24] usb 7-1: new high-speed USB device number 10 using dummy_hcd
[ 1043.223016][T13849] veth0_vlan: entered promiscuous mode
[ 1043.271371][T13849] veth1_vlan: entered promiscuous mode
[ 1043.856157][   T24] usb 7-1: device descriptor read/64, error -71
[ 1044.855904][   T24] usb 7-1: new high-speed USB device number 11 using dummy_hcd
[ 1044.920456][T13849] veth0_macvtap: entered promiscuous mode
[ 1044.948334][T13849] veth1_macvtap: entered promiscuous mode
[ 1045.004229][   T24] usb 7-1: device descriptor read/64, error -71
[ 1045.013471][T13849] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 1045.069243][T13849] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 1045.108498][T13849] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 1045.120588][T13849] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 1045.131117][T13849] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 1045.144584][   T24] usb usb7-port1: attempt power cycle
[ 1045.153540][T13849] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 1045.160248][T14370] RDS: rds_bind could not find a transport for ::ffff:10.1.1.1, load rds_tcp or rds_rdma?
[ 1045.494284][   T24] usb 7-1: new high-speed USB device number 12 using dummy_hcd
[ 1046.162399][T14376] RDS: rds_bind could not find a transport for ::ffff:10.1.1.1, load rds_tcp or rds_rdma?
[ 1046.326993][   T24] usb 7-1: device not accepting address 12, error -71
[ 1046.400122][T12339] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1046.432421][T12339] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1046.525168][T13460] usb 1-1: new high-speed USB device number 17 using dummy_hcd
[ 1046.714315][   T24] usb 7-1: new high-speed USB device number 13 using dummy_hcd
[ 1046.860258][T13460] usb 1-1: New USB device found, idVendor=0cf3, idProduct=9374, bcdDevice=bc.3b
[ 1046.890150][   T24] usb 7-1: Using ep0 maxpacket: 8
[ 1047.014300][T12339] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1047.015168][T13460] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1047.022142][T12339] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1047.039546][   T24] usb 7-1: New USB device found, idVendor=10c4, idProduct=8244, bcdDevice=dc.00
[ 1047.080484][   T24] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1047.103418][T13460] usb 1-1: config 0 descriptor??
[ 1047.152086][   T24] usb 7-1: Product: syz
[ 1047.170528][   T24] usb 7-1: Manufacturer: syz
[ 1047.193955][   T24] usb 7-1: SerialNumber: syz
[ 1047.233272][   T24] usb 7-1: config 0 descriptor??
[ 1047.268880][   T24] radio-usb-si4713 7-1:0.0: Si4713 development board discovered: (10C4:8244)
[ 1047.495352][   T24] radio-usb-si4713 7-1:0.0: probe with driver radio-usb-si4713 failed with error -71
[ 1047.525264][   T24] usbhid 7-1:0.0: couldn't find an input interrupt endpoint
[ 1047.555337][   T24] usb 7-1: USB disconnect, device number 13
[ 1048.335011][T13460] ath6kl: Failed to submit usb control message: -110
[ 1048.352173][T13460] ath6kl: unable to send the bmi data to the device: -110
[ 1048.366291][T13460] ath6kl: Unable to send get target info: -110
[ 1048.424217][T13460] ath6kl: Failed to init ath6kl core: -110
[ 1048.460927][T13460] ath6kl_usb 1-1:0.0: probe with driver ath6kl_usb failed with error -110
[ 1048.479960][T14426] RDS: rds_bind could not find a transport for ::ffff:10.1.1.1, load rds_tcp or rds_rdma?
[ 1049.399012][T14435] binder: 14433:14435 ioctl c0306201 0 returned -14
[ 1049.448710][T14435] binder: 14433:14435 ioctl 5429 0 returned -22
[ 1049.714227][T13460] usb 1-1: USB disconnect, device number 17
[ 1050.666809][T14458] binder: 14457:14458 ioctl c0306201 0 returned -14
[ 1050.699725][T14458] FAULT_INJECTION: forcing a failure.
[ 1050.699725][T14458] name failslab, interval 1, probability 0, space 0, times 0
[ 1050.729590][T14458] CPU: 1 UID: 0 PID: 14458 Comm: syz.2.1874 Not tainted 6.16.0-rc6-syzkaller-00037-ge2291551827f #0 PREEMPT(full) 
[ 1050.729616][T14458] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 1050.729626][T14458] Call Trace:
[ 1050.729633][T14458]  <TASK>
[ 1050.729641][T14458]  dump_stack_lvl+0x189/0x250
[ 1050.729673][T14458]  ? __pfx____ratelimit+0x10/0x10
[ 1050.729697][T14458]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1050.729715][T14458]  ? __pfx__printk+0x10/0x10
[ 1050.729739][T14458]  ? __pfx___might_resched+0x10/0x10
[ 1050.729757][T14458]  ? fs_reclaim_acquire+0x7d/0x100
[ 1050.729779][T14458]  should_fail_ex+0x414/0x560
[ 1050.729808][T14458]  should_failslab+0xa8/0x100
[ 1050.729833][T14458]  __kmalloc_noprof+0xcb/0x4f0
[ 1050.729855][T14458]  ? tomoyo_encode+0x28b/0x550
[ 1050.729877][T14458]  tomoyo_encode+0x28b/0x550
[ 1050.729899][T14458]  tomoyo_realpath_from_path+0x58d/0x5d0
[ 1050.729928][T14458]  ? tomoyo_path_number_perm+0x1bc/0x5a0
[ 1050.729952][T14458]  tomoyo_path_number_perm+0x1e8/0x5a0
[ 1050.729978][T14458]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[ 1050.730017][T14458]  ? __lock_acquire+0xab9/0xd20
[ 1050.730055][T14458]  ? __fget_files+0x2a/0x420
[ 1050.730075][T14458]  ? __fget_files+0x2a/0x420
[ 1050.730089][T14458]  ? __fget_files+0x3a0/0x420
[ 1050.730103][T14458]  ? __fget_files+0x2a/0x420
[ 1050.730122][T14458]  security_file_ioctl+0xcb/0x2d0
[ 1050.730148][T14458]  __se_sys_ioctl+0x47/0x170
[ 1050.730169][T14458]  do_syscall_64+0xfa/0x3b0
[ 1050.730184][T14458]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1050.730207][T14458]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1050.730221][T14458]  ? clear_bhb_loop+0x60/0xb0
[ 1050.730240][T14458]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1050.730255][T14458] RIP: 0033:0x7f0ca958e929
[ 1050.730268][T14458] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1050.730282][T14458] RSP: 002b:00007f0caa459038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1050.730299][T14458] RAX: ffffffffffffffda RBX: 00007f0ca97b5fa0 RCX: 00007f0ca958e929
[ 1050.730311][T14458] RDX: 0000000000000000 RSI: 0000000000005429 RDI: 0000000000000003
[ 1050.730321][T14458] RBP: 00007f0caa459090 R08: 0000000000000000 R09: 0000000000000000
[ 1050.730332][T14458] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1050.730342][T14458] R13: 0000000000000000 R14: 00007f0ca97b5fa0 R15: 00007ffdb45d5098
[ 1050.730372][T14458]  </TASK>
[ 1050.730392][T14458] ERROR: Out of memory at tomoyo_realpath_from_path.
[ 1051.235842][T14458] binder: 14457:14458 ioctl 5429 0 returned -22
[ 1054.142330][T14507] autofs: Unknown parameter 'fd0x0000000000000000'
[ 1054.420454][ T1300] ieee802154 phy0 wpan0: encryption failed: -22
[ 1054.427226][ T1300] ieee802154 phy1 wpan1: encryption failed: -22
[ 1055.138694][T14529] xt_CT: You must specify a L4 protocol and not use inversions on it
[ 1060.955372][T14598] netlink: 16 bytes leftover after parsing attributes in process `syz.2.1908'.
[ 1060.979393][T14598] nbd: must specify at least one socket
[ 1063.639598][T14615] netlink: 384 bytes leftover after parsing attributes in process `syz.4.1911'.
[ 1063.662021][T14615] netlink: 'syz.4.1911': attribute type 2 has an invalid length.
[ 1064.401969][T14635] netlink: 'syz.6.1916': attribute type 5 has an invalid length.
[ 1064.412715][T14635] netlink: 7 bytes leftover after parsing attributes in process `syz.6.1916'.
[ 1064.685679][T14642] openvswitch: netlink: VXLAN extension message has 201 unknown bytes.
[ 1065.926603][T13460] usb 7-1: new full-speed USB device number 14 using dummy_hcd
[ 1066.906686][T13460] usb 7-1: New USB device found, idVendor=09c0, idProduct=0203, bcdDevice=d3.43
[ 1066.922311][T13460] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1067.059324][T13460] usb 7-1: config 0 descriptor??
[ 1067.089304][T13460] dvb-usb: found a 'Genpix SkyWalker-1 DVB-S receiver' in warm state.
[ 1067.184186][ T5901] usb 6-1: new high-speed USB device number 15 using dummy_hcd
[ 1067.384233][ T5901] usb 6-1: Using ep0 maxpacket: 8
[ 1067.402762][ T5901] usb 6-1: unable to get BOS descriptor or descriptor too short
[ 1067.425613][ T5901] usb 6-1: config 8 has an invalid interface number: 24 but max is 1
[ 1067.454661][ T5901] usb 6-1: config 8 has an invalid descriptor of length 0, skipping remainder of the config
[ 1067.476183][ T5901] usb 6-1: config 8 has 1 interface, different from the descriptor's value: 2
[ 1067.501264][T13460] gp8psk: usb in 137 operation failed.
[ 1067.518553][ T5901] usb 6-1: config 8 has no interface number 0
[ 1067.530490][T13460] dvb-usb: This USB2.0 device cannot be run on a USB1.1 port. (it lacks a hardware PID filter)
[ 1067.551503][ T5901] usb 6-1: config 8 interface 24 altsetting 2 endpoint 0xE has invalid wMaxPacketSize 0
[ 1067.571595][T13460] dvb-usb: Genpix SkyWalker-1 DVB-S receiver error while loading driver (-19)
[ 1067.589427][ T5901] usb 6-1: config 8 interface 24 altsetting 2 endpoint 0x85 has an invalid bInterval 0, changing to 7
[ 1067.612631][T13460] usb 7-1: USB disconnect, device number 14
[ 1067.625344][ T5901] usb 6-1: config 8 interface 24 has no altsetting 0
[ 1067.658269][ T5901] usb 6-1: New USB device found, idVendor=10cf, idProduct=5503, bcdDevice=75.af
[ 1067.758154][ T5901] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1067.834617][ T5901] usb 6-1: Product: syz
[ 1067.849080][ T5901] usb 6-1: Manufacturer: syz
[ 1067.853735][ T5901] usb 6-1: SerialNumber: syz
[ 1069.368347][ T5901] vmk80xx 6-1:8.24: driver 'vmk80xx' failed to auto-configure device.
[ 1069.485483][ T5901] vmk80xx 6-1:8.24: probe with driver vmk80xx failed with error -22
[ 1069.519156][ T5901] usb 6-1: USB disconnect, device number 15
[ 1071.065046][T13460] usb 3-1: new full-speed USB device number 13 using dummy_hcd
[ 1071.271898][T13460] usb 3-1: New USB device found, idVendor=09c0, idProduct=0203, bcdDevice=d3.43
[ 1071.324785][T13460] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1071.579974][T13460] usb 3-1: config 0 descriptor??
[ 1071.598321][T13460] dvb-usb: found a 'Genpix SkyWalker-1 DVB-S receiver' in warm state.
[ 1072.090375][T13460] gp8psk: usb in 137 operation failed.
[ 1072.105347][T13460] dvb-usb: This USB2.0 device cannot be run on a USB1.1 port. (it lacks a hardware PID filter)
[ 1072.200077][T13460] dvb-usb: Genpix SkyWalker-1 DVB-S receiver error while loading driver (-19)
[ 1072.252438][T13460] usb 3-1: USB disconnect, device number 13
[ 1072.614225][ T5894] usb 1-1: new full-speed USB device number 18 using dummy_hcd
[ 1072.624186][ T5961] usb 5-1: new full-speed USB device number 8 using dummy_hcd
[ 1072.775844][ T5961] usb 5-1: no configurations
[ 1072.780702][ T5961] usb 5-1: can't read configurations, error -22
[ 1072.787715][ T5894] usb 1-1: New USB device found, idVendor=09c0, idProduct=0203, bcdDevice=d3.43
[ 1072.810201][ T5894] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1073.060548][ T5961] usb 5-1: new full-speed USB device number 9 using dummy_hcd
[ 1073.072138][ T5894] usb 1-1: config 0 descriptor??
[ 1073.089463][ T5894] dvb-usb: found a 'Genpix SkyWalker-1 DVB-S receiver' in warm state.
[ 1074.390494][ T5961] usb 5-1: no configurations
[ 1074.404550][ T5961] usb 5-1: can't read configurations, error -22
[ 1074.415372][ T5961] usb usb5-port1: attempt power cycle
[ 1074.423479][ T5894] gp8psk: usb in 137 operation failed.
[ 1074.429060][ T5894] dvb-usb: This USB2.0 device cannot be run on a USB1.1 port. (it lacks a hardware PID filter)
[ 1074.439746][ T5894] dvb-usb: Genpix SkyWalker-1 DVB-S receiver error while loading driver (-19)
[ 1074.452209][ T5894] usb 1-1: USB disconnect, device number 18
[ 1074.774450][ T5961] usb 5-1: new full-speed USB device number 10 using dummy_hcd
[ 1075.065389][ T5961] usb 5-1: no configurations
[ 1075.415268][ T5961] usb 5-1: can't read configurations, error -22
[ 1075.554362][ T5961] usb 5-1: new full-speed USB device number 11 using dummy_hcd
[ 1075.969888][T14775] xt_CT: You must specify a L4 protocol and not use inversions on it
[ 1076.074381][ T5961] usb 5-1: device not accepting address 11, error -71
[ 1076.101713][ T5961] usb usb5-port1: unable to enumerate USB device
[ 1076.634337][ T5961] usb 5-1: new high-speed USB device number 12 using dummy_hcd
[ 1076.955188][ T5961] usb 5-1: New USB device found, idVendor=0cf3, idProduct=9374, bcdDevice=bc.3b
[ 1076.976603][T14784] netlink: 40 bytes leftover after parsing attributes in process `syz.0.1953'.
[ 1076.977425][T14785] netlink: 716 bytes leftover after parsing attributes in process `syz.5.1954'.
[ 1076.988837][ T5961] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1077.444342][ T5961] usb 5-1: config 0 descriptor??
[ 1077.889031][T14796] input: syz1 as /devices/virtual/input/input37
[ 1078.807205][ T5961] ath6kl: Failed to submit usb control message: -110
[ 1078.866631][ T5961] ath6kl: unable to send the bmi data to the device: -110
[ 1078.873843][ T5961] ath6kl: Unable to send get target info: -110
[ 1079.025234][T14811] overlayfs: missing 'lowerdir'
[ 1079.041867][ T5961] ath6kl: Failed to init ath6kl core: -110
[ 1079.172949][T14808] overlayfs: "xino" feature enabled using 2 upper inode bits.
[ 1079.185362][   T30] kauditd_printk_skb: 22 callbacks suppressed
[ 1079.185377][   T30] audit: type=1326 audit(1752725047.627:86): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14809 comm="syz.0.1961" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f9a0ad8e929 code=0x200000
[ 1079.278851][ T8707] usb 7-1: new full-speed USB device number 15 using dummy_hcd
[ 1079.335608][ T5961] ath6kl_usb 5-1:0.0: probe with driver ath6kl_usb failed with error -110
[ 1079.429386][ T5961] usb 5-1: USB disconnect, device number 12
[ 1079.494703][ T8707] usb 7-1: no configurations
[ 1079.520622][ T8707] usb 7-1: can't read configurations, error -22
[ 1079.764813][ T8707] usb 7-1: new full-speed USB device number 16 using dummy_hcd
[ 1079.955039][ T8707] usb 7-1: no configurations
[ 1080.010458][ T8707] usb 7-1: can't read configurations, error -22
[ 1080.042969][ T8707] usb usb7-port1: attempt power cycle
[ 1080.167962][T14827] netlink: 40 bytes leftover after parsing attributes in process `syz.2.1966'.
[ 1080.765113][ T8707] usb 7-1: new full-speed USB device number 17 using dummy_hcd
[ 1080.814663][ T8707] usb 7-1: no configurations
[ 1080.819330][ T8707] usb 7-1: can't read configurations, error -22
[ 1081.355845][ T8707] usb 7-1: new full-speed USB device number 18 using dummy_hcd
[ 1081.497713][T14836] FAULT_INJECTION: forcing a failure.
[ 1081.497713][T14836] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1081.544313][T14836] CPU: 1 UID: 0 PID: 14836 Comm: syz.4.1968 Not tainted 6.16.0-rc6-syzkaller-00037-ge2291551827f #0 PREEMPT(full) 
[ 1081.544340][T14836] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 1081.544350][T14836] Call Trace:
[ 1081.544358][T14836]  <TASK>
[ 1081.544365][T14836]  dump_stack_lvl+0x189/0x250
[ 1081.544390][T14836]  ? __pfx____ratelimit+0x10/0x10
[ 1081.544432][T14836]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1081.544450][T14836]  ? __pfx__printk+0x10/0x10
[ 1081.544470][T14836]  ? __might_fault+0xb0/0x130
[ 1081.544502][T14836]  should_fail_ex+0x414/0x560
[ 1081.544529][T14836]  _copy_from_user+0x2d/0xb0
[ 1081.544549][T14836]  autofs_dev_ioctl+0x136/0xb30
[ 1081.544582][T14836]  ? __pfx_autofs_dev_ioctl+0x10/0x10
[ 1081.544602][T14836]  ? __fget_files+0x2a/0x420
[ 1081.544617][T14836]  ? __fget_files+0x2a/0x420
[ 1081.544636][T14836]  ? bpf_lsm_file_ioctl+0x9/0x20
[ 1081.544653][T14836]  ? __pfx_autofs_dev_ioctl+0x10/0x10
[ 1081.544676][T14836]  __se_sys_ioctl+0xfc/0x170
[ 1081.544699][T14836]  do_syscall_64+0xfa/0x3b0
[ 1081.544722][T14836]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1081.544744][T14836]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1081.544759][T14836]  ? clear_bhb_loop+0x60/0xb0
[ 1081.544779][T14836]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1081.544795][T14836] RIP: 0033:0x7fb34658e929
[ 1081.544811][T14836] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1081.544826][T14836] RSP: 002b:00007fb3473ad038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1081.544845][T14836] RAX: ffffffffffffffda RBX: 00007fb3467b5fa0 RCX: 00007fb34658e929
[ 1081.544857][T14836] RDX: 0000200000000240 RSI: 00000000c0189374 RDI: 0000000000000003
[ 1081.544869][T14836] RBP: 00007fb3473ad090 R08: 0000000000000000 R09: 0000000000000000
[ 1081.544884][T14836] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1081.544894][T14836] R13: 0000000000000000 R14: 00007fb3467b5fa0 R15: 00007fff22dce1f8
[ 1081.544922][T14836]  </TASK>
[ 1082.367141][ T8707] usb 7-1: device descriptor read/all, error -71
[ 1082.384313][ T8707] usb usb7-port1: unable to enumerate USB device
[ 1083.363710][T14868] No control pipe specified
[ 1083.612705][T14871] netlink: 40 bytes leftover after parsing attributes in process `syz.5.1979'.
[ 1084.545307][ T8707] usb 7-1: new full-speed USB device number 19 using dummy_hcd
[ 1084.961667][T13460] usb 3-1: new high-speed USB device number 14 using dummy_hcd
[ 1084.962050][    T9] usb 6-1: new high-speed USB device number 16 using dummy_hcd
[ 1085.013404][ T8707] usb 7-1: no configurations
[ 1085.025037][ T8707] usb 7-1: can't read configurations, error -22
[ 1085.195890][T13460] usb 3-1: Using ep0 maxpacket: 32
[ 1085.274655][T13460] usb 3-1: config 0 interface 0 has no altsetting 0
[ 1085.343489][T13460] usb 3-1: New USB device found, idVendor=1b1c, idProduct=0c10, bcdDevice= 0.00
[ 1085.391205][ T8707] usb 7-1: new full-speed USB device number 20 using dummy_hcd
[ 1085.418558][T13460] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1085.424185][    T9] usb 6-1: Using ep0 maxpacket: 8
[ 1085.541732][    T9] usb 6-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0x99, changing to 0x89
[ 1085.590569][T13460] usb 3-1: config 0 descriptor??
[ 1085.620280][    T9] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x89 has invalid wMaxPacketSize 0
[ 1085.670891][    T9] usb 6-1: New USB device found, idVendor=0e9c, idProduct=0000, bcdDevice=5b.1e
[ 1085.697941][    T9] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1085.715286][    T9] usb 6-1: Product: syz
[ 1085.719985][ T8707] usb 7-1: no configurations
[ 1085.726479][ T8707] usb 7-1: can't read configurations, error -22
[ 1085.734280][    T9] usb 6-1: Manufacturer: syz
[ 1085.738907][    T9] usb 6-1: SerialNumber: syz
[ 1085.750706][ T8707] usb usb7-port1: attempt power cycle
[ 1085.769250][    T9] usb 6-1: config 0 descriptor??
[ 1085.801032][    T9] streamzap 6-1:0.0: streamzap_probe: endpoint attributes don't match xfer 0200
[ 1086.098780][T14884] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1086.116734][T14884] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1086.144662][ T8707] usb 7-1: new full-speed USB device number 21 using dummy_hcd
[ 1086.225692][    T9] usb 6-1: USB disconnect, device number 16
[ 1086.257159][ T8707] usb 7-1: no configurations
[ 1086.296680][ T8707] usb 7-1: can't read configurations, error -22
[ 1086.518195][T13460] usbhid 3-1:0.0: can't add hid device: -71
[ 1086.528935][T13460] usbhid 3-1:0.0: probe with driver usbhid failed with error -71
[ 1086.541310][T13460] usb 3-1: USB disconnect, device number 14
[ 1086.574375][ T8707] usb 7-1: new full-speed USB device number 22 using dummy_hcd
[ 1086.638362][ T8707] usb 7-1: no configurations
[ 1086.653372][ T8707] usb 7-1: can't read configurations, error -22
[ 1086.665870][ T8707] usb usb7-port1: unable to enumerate USB device
[ 1089.037849][T14931] Cannot find add_set index 0 as target
[ 1089.924616][ T5901] usb 5-1: new high-speed USB device number 13 using dummy_hcd
[ 1090.193345][ T5901] usb 5-1: New USB device found, idVendor=0cf3, idProduct=9374, bcdDevice=bc.3b
[ 1090.228140][ T5901] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1090.351007][ T5901] usb 5-1: config 0 descriptor??
[ 1090.555953][T14946] overlayfs: option "uuid=on" requires an upper fs, falling back to uuid=null.
[ 1090.631554][T14946] overlayfs: missing 'lowerdir'
[ 1090.741716][T14952] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=2074988594 (4149977188 ns) > initial count (411353520 ns). Using initial count to start timer.
[ 1090.982393][T14948] kvm: pic: non byte write
[ 1091.543129][ T5901] ath6kl: Failed to submit usb control message: -110
[ 1092.112411][ T5901] ath6kl: unable to send the bmi data to the device: -110
[ 1092.268657][ T5901] ath6kl: Unable to send get target info: -110
[ 1092.537727][ T5901] ath6kl: Failed to init ath6kl core: -110
[ 1092.570234][ T5901] ath6kl_usb 5-1:0.0: probe with driver ath6kl_usb failed with error -110
[ 1092.858619][ T5901] usb 5-1: USB disconnect, device number 13
[ 1092.889014][T14980] netlink: 40 bytes leftover after parsing attributes in process `syz.4.2010'.
[ 1095.744406][ T5894] usb 6-1: new high-speed USB device number 17 using dummy_hcd
[ 1095.952712][ T5894] usb 6-1: New USB device found, idVendor=0cf3, idProduct=9374, bcdDevice=bc.3b
[ 1096.062900][ T5894] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1096.135505][ T5894] usb 6-1: config 0 descriptor??
[ 1097.402050][ T5894] ath6kl: Failed to submit usb control message: -110
[ 1097.424677][ T5894] ath6kl: unable to send the bmi data to the device: -110
[ 1097.518327][ T5894] ath6kl: Unable to send get target info: -110
[ 1097.797540][ T5894] ath6kl: Failed to init ath6kl core: -110
[ 1097.920395][ T5894] ath6kl_usb 6-1:0.0: probe with driver ath6kl_usb failed with error -110
[ 1098.287158][ T5894] usb 6-1: USB disconnect, device number 17
[ 1098.418662][T15039] process 'syz.5.2025' launched './file1' with NULL argv: empty string added
[ 1099.070314][T15055] netlink: 40 bytes leftover after parsing attributes in process `syz.5.2028'.
[ 1100.391986][T15065] FAULT_INJECTION: forcing a failure.
[ 1100.391986][T15065] name failslab, interval 1, probability 0, space 0, times 0
[ 1100.405028][T15065] CPU: 0 UID: 0 PID: 15065 Comm: syz.4.2031 Not tainted 6.16.0-rc6-syzkaller-00037-ge2291551827f #0 PREEMPT(full) 
[ 1100.405044][T15065] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 1100.405049][T15065] Call Trace:
[ 1100.405054][T15065]  <TASK>
[ 1100.405058][T15065]  dump_stack_lvl+0x189/0x250
[ 1100.405073][T15065]  ? __pfx____ratelimit+0x10/0x10
[ 1100.405088][T15065]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1100.405099][T15065]  ? __pfx__printk+0x10/0x10
[ 1100.405113][T15065]  ? __pfx___might_resched+0x10/0x10
[ 1100.405123][T15065]  ? fs_reclaim_acquire+0x7d/0x100
[ 1100.405135][T15065]  should_fail_ex+0x414/0x560
[ 1100.405151][T15065]  ? __pfx_sock_alloc_inode+0x10/0x10
[ 1100.405165][T15065]  should_failslab+0xa8/0x100
[ 1100.405179][T15065]  ? __pfx_sock_alloc_inode+0x10/0x10
[ 1100.405191][T15065]  kmem_cache_alloc_lru_noprof+0x78/0x3d0
[ 1100.405204][T15065]  ? sock_alloc_inode+0x28/0xc0
[ 1100.405219][T15065]  ? __pfx_sock_alloc_inode+0x10/0x10
[ 1100.405231][T15065]  sock_alloc_inode+0x28/0xc0
[ 1100.405243][T15065]  alloc_inode+0x67/0x1b0
[ 1100.405257][T15065]  do_accept+0x111/0x680
[ 1100.405270][T15065]  ? __pfx_do_accept+0x10/0x10
[ 1100.405292][T15065]  __sys_accept4+0x11c/0x1c0
[ 1100.405303][T15065]  ? __pfx___sys_accept4+0x10/0x10
[ 1100.405313][T15065]  ? __pfx_ksys_write+0x10/0x10
[ 1100.405329][T15065]  __x64_sys_accept4+0x9a/0xb0
[ 1100.405339][T15065]  do_syscall_64+0xfa/0x3b0
[ 1100.405349][T15065]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1100.405362][T15065]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1100.405371][T15065]  ? clear_bhb_loop+0x60/0xb0
[ 1100.405382][T15065]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1100.405395][T15065] RIP: 0033:0x7fb34658e929
[ 1100.405410][T15065] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1100.405423][T15065] RSP: 002b:00007fb3473ad038 EFLAGS: 00000246 ORIG_RAX: 0000000000000120
[ 1100.405441][T15065] RAX: ffffffffffffffda RBX: 00007fb3467b5fa0 RCX: 00007fb34658e929
[ 1100.405453][T15065] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000005
[ 1100.405462][T15065] RBP: 00007fb3473ad090 R08: 0000000000000000 R09: 0000000000000000
[ 1100.405471][T15065] R10: 0000000000080800 R11: 0000000000000246 R12: 0000000000000001
[ 1100.405489][T15065] R13: 0000000000000000 R14: 00007fb3467b5fa0 R15: 00007fff22dce1f8
[ 1100.405518][T15065]  </TASK>
[ 1102.695253][T15093] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2040'.
[ 1102.722437][T15093] netlink: 44 bytes leftover after parsing attributes in process `syz.2.2040'.
[ 1102.733943][T15093] FAULT_INJECTION: forcing a failure.
[ 1102.733943][T15093] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1102.735178][ T5901] usb 7-1: new high-speed USB device number 23 using dummy_hcd
[ 1102.748131][T15093] CPU: 0 UID: 0 PID: 15093 Comm: syz.2.2040 Not tainted 6.16.0-rc6-syzkaller-00037-ge2291551827f #0 PREEMPT(full) 
[ 1102.748157][T15093] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 1102.748168][T15093] Call Trace:
[ 1102.748175][T15093]  <TASK>
[ 1102.748183][T15093]  dump_stack_lvl+0x189/0x250
[ 1102.748207][T15093]  ? __pfx____ratelimit+0x10/0x10
[ 1102.748231][T15093]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1102.748257][T15093]  ? __pfx__printk+0x10/0x10
[ 1102.748290][T15093]  should_fail_ex+0x414/0x560
[ 1102.748318][T15093]  _copy_from_user+0x2d/0xb0
[ 1102.748339][T15093]  __copy_msghdr+0x3c5/0x5b0
[ 1102.748364][T15093]  ___sys_sendmsg+0x1a5/0x2a0
[ 1102.748386][T15093]  ? __pfx____sys_sendmsg+0x10/0x10
[ 1102.748448][T15093]  ? __might_fault+0xb0/0x130
[ 1102.748474][T15093]  __sys_sendmmsg+0x227/0x430
[ 1102.748499][T15093]  ? __pfx___sys_sendmmsg+0x10/0x10
[ 1102.748516][T15093]  ? __mutex_unlock_slowpath+0x1cd/0x700
[ 1102.748558][T15093]  ? ksys_write+0x22a/0x250
[ 1102.748582][T15093]  ? __pfx_ksys_write+0x10/0x10
[ 1102.748600][T15093]  ? rcu_is_watching+0x15/0xb0
[ 1102.748624][T15093]  __x64_sys_sendmmsg+0xa0/0xc0
[ 1102.748647][T15093]  do_syscall_64+0xfa/0x3b0
[ 1102.748661][T15093]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1102.748684][T15093]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1102.748699][T15093]  ? clear_bhb_loop+0x60/0xb0
[ 1102.748719][T15093]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1102.748735][T15093] RIP: 0033:0x7f0ca958e929
[ 1102.748750][T15093] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1102.748764][T15093] RSP: 002b:00007f0caa459038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[ 1102.748783][T15093] RAX: ffffffffffffffda RBX: 00007f0ca97b5fa0 RCX: 00007f0ca958e929
[ 1102.748795][T15093] RDX: 040000000000009f RSI: 00002000000002c0 RDI: 0000000000000003
[ 1102.748806][T15093] RBP: 00007f0caa459090 R08: 0000000000000000 R09: 0000000000000000
[ 1102.748817][T15093] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 1102.748826][T15093] R13: 0000000000000000 R14: 00007f0ca97b5fa0 R15: 00007ffdb45d5098
[ 1102.748854][T15093]  </TASK>
[ 1103.677162][T15107] netlink: 'syz.5.2042': attribute type 4 has an invalid length.
[ 1103.686357][ T5901] usb 7-1: New USB device found, idVendor=0cf3, idProduct=9374, bcdDevice=bc.3b
[ 1103.699506][ T5901] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1103.713584][ T5901] usb 7-1: config 0 descriptor??
[ 1103.726051][T15108] netlink: 40 bytes leftover after parsing attributes in process `syz.0.2043'.
[ 1103.972099][T15114] overlayfs: workdir and upperdir must be separate subtrees
[ 1104.915850][ T5901] ath6kl: Failed to submit usb control message: -110
[ 1104.943856][ T5901] ath6kl: unable to send the bmi data to the device: -110
[ 1104.968772][ T5901] ath6kl: Unable to send get target info: -110
[ 1105.069163][T15128] netlink: 'syz.4.2047': attribute type 1 has an invalid length.
[ 1105.078869][T15128] netlink: 'syz.4.2047': attribute type 2 has an invalid length.
[ 1105.153977][T15128] dlm: plock device version mismatch: kernel (1.2.0), user (1.3.65538)
[ 1106.114586][ T5901] ath6kl: Failed to init ath6kl core: -110
[ 1106.121808][ T5901] ath6kl_usb 7-1:0.0: probe with driver ath6kl_usb failed with error -110
[ 1106.900220][ T5901] usb 7-1: USB disconnect, device number 23
[ 1106.960857][T15147] netlink: 'syz.0.2050': attribute type 4 has an invalid length.
[ 1108.947178][T15166] netlink: 'syz.4.2056': attribute type 4 has an invalid length.
[ 1109.140339][T15169] netlink: 4 bytes leftover after parsing attributes in process `syz.5.2059'.
[ 1109.224242][T15173] netlink: 40 bytes leftover after parsing attributes in process `syz.0.2061'.
[ 1111.181382][T15198] netlink: 'syz.4.2065': attribute type 4 has an invalid length.
[ 1113.247603][T15220] netlink: 'syz.6.2072': attribute type 4 has an invalid length.
[ 1114.519327][T15240] netlink: 8 bytes leftover after parsing attributes in process `syz.5.2076'.
[ 1114.802748][T15240] pim6reg: entered allmulticast mode
[ 1114.813915][T15240] pim6reg: left allmulticast mode
[ 1115.718007][T15250] fuse: Unknown parameter 'rootBë·'
[ 1115.728285][T15248] netlink: 36 bytes leftover after parsing attributes in process `syz.4.2079'.
[ 1115.852430][T15250] netdevsim netdevsim0 netdevsim0: entered promiscuous mode
[ 1115.863342][ T1300] ieee802154 phy0 wpan0: encryption failed: -22
[ 1115.924521][ T1300] ieee802154 phy1 wpan1: encryption failed: -22
[ 1116.268372][T15256] netdevsim netdevsim4 netdevsim0: entered promiscuous mode
[ 1116.949117][T15256] A link change request failed with some changes committed already. Interface netdevsim0 may have been left with an inconsistent configuration, please check.
[ 1117.117626][T15265] xt_CT: You must specify a L4 protocol and not use inversions on it
[ 1118.998135][T15281] warning: `syz.6.2088' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211
[ 1121.705967][T15312] netlink: 8 bytes leftover after parsing attributes in process `syz.5.2093'.
[ 1121.808691][T15312] pim6reg: entered allmulticast mode
[ 1121.992832][T15317] pim6reg: left allmulticast mode
[ 1123.072245][T11850] Bluetooth: hci1: command 0x0406 tx timeout
[ 1125.504125][ T5894] usb 6-1: new high-speed USB device number 18 using dummy_hcd
[ 1125.874121][ T5894] usb 6-1: Using ep0 maxpacket: 8
[ 1125.892613][ T5894] usb 6-1: New USB device found, idVendor=10c4, idProduct=8244, bcdDevice=dc.00
[ 1125.913410][ T5894] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1125.956755][ T5894] usb 6-1: Product: syz
[ 1125.962492][ T5894] usb 6-1: Manufacturer: syz
[ 1125.991905][ T5894] usb 6-1: SerialNumber: syz
[ 1126.042386][ T5894] usb 6-1: config 0 descriptor??
[ 1126.077393][ T5894] radio-usb-si4713 6-1:0.0: Si4713 development board discovered: (10C4:8244)
[ 1126.454708][ T5894] radio-usb-si4713 6-1:0.0: probe with driver radio-usb-si4713 failed with error -71
[ 1126.498002][ T5894] usbhid 6-1:0.0: couldn't find an input interrupt endpoint
[ 1126.531836][ T5894] usb 6-1: USB disconnect, device number 18
[ 1126.543671][T15364] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1128.378144][ T8707] usb 6-1: new high-speed USB device number 19 using dummy_hcd
[ 1128.767251][    T9] usb 7-1: new high-speed USB device number 24 using dummy_hcd
[ 1128.804362][ T8707] usb 6-1: Using ep0 maxpacket: 8
[ 1128.819557][ T8707] usb 6-1: New USB device found, idVendor=10c4, idProduct=8244, bcdDevice=dc.00
[ 1128.831805][ T8707] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1128.841916][ T8707] usb 6-1: Product: syz
[ 1128.848087][ T8707] usb 6-1: Manufacturer: syz
[ 1128.853256][ T8707] usb 6-1: SerialNumber: syz
[ 1128.870981][ T8707] usb 6-1: config 0 descriptor??
[ 1129.014417][ T5901] usb 1-1: new high-speed USB device number 19 using dummy_hcd
[ 1129.014498][    T9] usb 7-1: Using ep0 maxpacket: 8
[ 1129.253785][ T8707] radio-usb-si4713 6-1:0.0: Si4713 development board discovered: (10C4:8244)
[ 1129.289811][    T9] usb 7-1: unable to get BOS descriptor or descriptor too short
[ 1129.304507][    T9] usb 7-1: config 8 has an invalid interface number: 24 but max is 1
[ 1129.312848][    T9] usb 7-1: config 8 has an invalid descriptor of length 0, skipping remainder of the config
[ 1129.331467][    T9] usb 7-1: config 8 has 1 interface, different from the descriptor's value: 2
[ 1129.340820][    T9] usb 7-1: config 8 has no interface number 0
[ 1129.354147][    T9] usb 7-1: config 8 interface 24 altsetting 2 endpoint 0xE has invalid wMaxPacketSize 0
[ 1129.373404][    T9] usb 7-1: config 8 interface 24 altsetting 2 endpoint 0x85 has an invalid bInterval 0, changing to 7
[ 1129.391069][T15399] netlink: 248 bytes leftover after parsing attributes in process `syz.4.2118'.
[ 1129.446226][ T5901] usb 1-1: New USB device found, idVendor=0cf3, idProduct=9374, bcdDevice=bc.3b
[ 1129.472454][    T9] usb 7-1: config 8 interface 24 has no altsetting 0
[ 1129.486390][ T8707] radio-usb-si4713 6-1:0.0: probe with driver radio-usb-si4713 failed with error -71
[ 1129.495546][ T5901] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1129.518522][    T9] usb 7-1: New USB device found, idVendor=10cf, idProduct=5503, bcdDevice=75.af
[ 1129.520409][ T5901] usb 1-1: config 0 descriptor??
[ 1129.537249][ T8707] usbhid 6-1:0.0: couldn't find an input interrupt endpoint
[ 1129.553519][    T9] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1129.572060][ T8707] usb 6-1: USB disconnect, device number 19
[ 1129.589511][    T9] usb 7-1: Product: syz
[ 1129.620434][    T9] usb 7-1: Manufacturer: syz
[ 1129.641798][    T9] usb 7-1: SerialNumber: syz
[ 1129.718565][T12802] IPVS: starting estimator thread 0...
[ 1129.850768][T15408] IPVS: using max 29 ests per chain, 69600 per kthread
[ 1130.655057][ T5901] ath6kl: Failed to submit usb control message: -110
[ 1131.395763][ T5901] ath6kl: unable to send the bmi data to the device: -110
[ 1131.403002][ T5901] ath6kl: Unable to send get target info: -110
[ 1131.447773][ T5901] ath6kl: Failed to init ath6kl core: -110
[ 1131.567687][ T5901] ath6kl_usb 1-1:0.0: probe with driver ath6kl_usb failed with error -110
[ 1131.606328][T15422] netlink: 40 bytes leftover after parsing attributes in process `syz.2.2122'.
[ 1131.645054][    T9] vmk80xx 7-1:8.24: driver 'vmk80xx' failed to auto-configure device.
[ 1131.671209][ T5901] usb 1-1: USB disconnect, device number 19
[ 1131.692435][    T9] vmk80xx 7-1:8.24: probe with driver vmk80xx failed with error -22
[ 1131.756478][    T9] usb 7-1: USB disconnect, device number 24
[ 1132.833944][T15451] overlayfs: failed to resolve './file0': -2
[ 1134.294141][ T5894] usb 6-1: new full-speed USB device number 20 using dummy_hcd
[ 1134.641686][ T5894] usb 6-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0x41, changing to 0x1
[ 1134.704760][ T5894] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x1 has an invalid bInterval 0, changing to 4
[ 1134.802555][ T5894] usb 6-1: New USB device found, idVendor=0e9c, idProduct=0000, bcdDevice=5b.1e
[ 1134.812262][ T5894] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1134.822824][ T5894] usb 6-1: Product: syz
[ 1134.846764][ T5894] usb 6-1: Manufacturer: syz
[ 1134.876649][ T5894] usb 6-1: SerialNumber: syz
[ 1134.915838][ T5894] usb 6-1: config 0 descriptor??
[ 1134.951071][ T5894] streamzap 6-1:0.0: streamzap_probe: endpoint doesn't match input device 0201
[ 1135.704235][T12802] usb 3-1: new high-speed USB device number 15 using dummy_hcd
[ 1135.897065][T12802] usb 3-1: New USB device found, idVendor=0cf3, idProduct=9374, bcdDevice=bc.3b
[ 1135.952514][T12802] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1136.042790][T12802] usb 3-1: config 0 descriptor??
[ 1137.638645][T12802] ath6kl: Failed to submit usb control message: -110
[ 1137.671297][T12802] ath6kl: unable to send the bmi data to the device: -110
[ 1137.678657][T12802] ath6kl: Unable to send get target info: -110
[ 1137.808087][T12802] ath6kl: Failed to init ath6kl core: -110
[ 1137.837763][T15518] netlink: 'syz.4.2141': attribute type 5 has an invalid length.
[ 1137.838404][T12802] ath6kl_usb 3-1:0.0: probe with driver ath6kl_usb failed with error -110
[ 1137.845967][T15518] netlink: 7 bytes leftover after parsing attributes in process `syz.4.2141'.
[ 1138.047610][T15518] openvswitch: netlink: VXLAN extension message has 201 unknown bytes.
[ 1138.064162][   T24] usb 1-1: new full-speed USB device number 20 using dummy_hcd
[ 1138.248617][   T24] usb 1-1: config 0 has 0 interfaces, different from the descriptor's value: 1
[ 1138.268607][T15523] netlink: 'syz.6.2143': attribute type 10 has an invalid length.
[ 1138.280496][   T24] usb 1-1: New USB device found, idVendor=09c0, idProduct=0203, bcdDevice=d3.43
[ 1138.289770][T15523] macvlan0: entered promiscuous mode
[ 1138.295228][T15523] macvlan0: entered allmulticast mode
[ 1138.302965][T15523] veth1_vlan: entered allmulticast mode
[ 1138.310996][T15523] bond0: (slave macvlan0): Enslaving as an active interface with an up link
[ 1138.320853][   T24] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1138.334672][   T24] usb 1-1: config 0 descriptor??
[ 1138.718889][T15530] netlink: 52 bytes leftover after parsing attributes in process `syz.4.2144'.
[ 1139.178231][ T5908] usb 3-1: USB disconnect, device number 15
[ 1139.416465][   T24] usb 6-1: USB disconnect, device number 20
[ 1139.634281][ T8707] usb 7-1: new high-speed USB device number 25 using dummy_hcd
[ 1140.148558][ T8707] usb 7-1: config 0 has no interfaces?
[ 1140.159906][ T8707] usb 7-1: New USB device found, idVendor=1645, idProduct=0008, bcdDevice=cf.36
[ 1140.191964][ T8707] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1140.215663][ T8707] usb 7-1: config 0 descriptor??
[ 1140.304152][   T24] usb 6-1: new high-speed USB device number 21 using dummy_hcd
[ 1140.436889][T15537] netlink: 'syz.6.2145': attribute type 1 has an invalid length.
[ 1140.700953][   T24] usb 6-1: New USB device found, idVendor=0cf3, idProduct=9374, bcdDevice=bc.3b
[ 1140.715497][   T24] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1140.745096][   T24] usb 6-1: config 0 descriptor??
[ 1141.194168][ T8707] usb 1-1: USB disconnect, device number 20
[ 1141.731977][T15573] overlayfs: failed to resolve './file0': -2
[ 1141.888170][   T24] ath6kl: Failed to submit usb control message: -110
[ 1141.896453][   T24] ath6kl: unable to send the bmi data to the device: -110
[ 1141.906773][   T24] ath6kl: Unable to send get target info: -110
[ 1141.932170][   T24] ath6kl: Failed to init ath6kl core: -110
[ 1141.945439][   T24] ath6kl_usb 6-1:0.0: probe with driver ath6kl_usb failed with error -110
[ 1142.497839][T11850] Bluetooth: hci0: command 0x0406 tx timeout
[ 1142.511306][    T9] usb 7-1: USB disconnect, device number 25
[ 1142.972062][ T5894] usb 6-1: USB disconnect, device number 21
[ 1144.150285][T15585] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1146.279135][T15621] netlink: 384 bytes leftover after parsing attributes in process `syz.4.2163'.
[ 1146.289253][T15621] netlink: 'syz.4.2163': attribute type 2 has an invalid length.
[ 1147.665630][T15636] netlink: 'syz.4.2167': attribute type 4 has an invalid length.
[ 1152.753403][T15683] overlayfs: failed to resolve './file0': -2
[ 1153.173882][T15690] loop2: detected capacity change from 0 to 7
[ 1153.568463][T11952] Dev loop2: unable to read RDB block 7
[ 1153.594217][T11952]  loop2: unable to read partition table
[ 1153.757185][T11952] loop2: partition table beyond EOD, truncated
[ 1153.773977][T15690] Dev loop2: unable to read RDB block 7
[ 1153.785088][T15690]  loop2: unable to read partition table
[ 1153.799984][T15690] loop2: partition table beyond EOD, truncated
[ 1153.815485][T15690] loop_reread_partitions: partition scan of loop2 (þ被xü—ŸÑà– ) failed (rc=-5)
[ 1155.813339][T15715] FAULT_INJECTION: forcing a failure.
[ 1155.813339][T15715] name failslab, interval 1, probability 0, space 0, times 0
[ 1155.828667][T15715] CPU: 0 UID: 0 PID: 15715 Comm: syz.6.2182 Not tainted 6.16.0-rc6-syzkaller-00037-ge2291551827f #0 PREEMPT(full) 
[ 1155.828682][T15715] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 1155.828689][T15715] Call Trace:
[ 1155.828694][T15715]  <TASK>
[ 1155.828699][T15715]  dump_stack_lvl+0x189/0x250
[ 1155.828715][T15715]  ? __pfx____ratelimit+0x10/0x10
[ 1155.828729][T15715]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1155.828740][T15715]  ? __pfx__printk+0x10/0x10
[ 1155.828754][T15715]  ? __pfx___might_resched+0x10/0x10
[ 1155.828765][T15715]  ? fs_reclaim_acquire+0x7d/0x100
[ 1155.828777][T15715]  should_fail_ex+0x414/0x560
[ 1155.828794][T15715]  should_failslab+0xa8/0x100
[ 1155.828809][T15715]  kmem_cache_alloc_noprof+0x73/0x3c0
[ 1155.828821][T15715]  ? security_inode_alloc+0x39/0x330
[ 1155.828835][T15715]  security_inode_alloc+0x39/0x330
[ 1155.828847][T15715]  inode_init_always_gfp+0x9ed/0xdc0
[ 1155.828865][T15715]  ? __pfx_sock_alloc_inode+0x10/0x10
[ 1155.828878][T15715]  alloc_inode+0x82/0x1b0
[ 1155.828892][T15715]  do_accept+0x111/0x680
[ 1155.828904][T15715]  ? __pfx_do_accept+0x10/0x10
[ 1155.828925][T15715]  __sys_accept4+0x11c/0x1c0
[ 1155.828937][T15715]  ? __pfx___sys_accept4+0x10/0x10
[ 1155.828946][T15715]  ? __pfx_ksys_write+0x10/0x10
[ 1155.828957][T15715]  ? rcu_is_watching+0x15/0xb0
[ 1155.828971][T15715]  __x64_sys_accept4+0x9a/0xb0
[ 1155.828982][T15715]  do_syscall_64+0xfa/0x3b0
[ 1155.828991][T15715]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1155.829004][T15715]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1155.829013][T15715]  ? clear_bhb_loop+0x60/0xb0
[ 1155.829025][T15715]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1155.829034][T15715] RIP: 0033:0x7f29dfd8e929
[ 1155.829044][T15715] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1155.829052][T15715] RSP: 002b:00007f29e0b41038 EFLAGS: 00000246 ORIG_RAX: 0000000000000120
[ 1155.829071][T15715] RAX: ffffffffffffffda RBX: 00007f29dffb5fa0 RCX: 00007f29dfd8e929
[ 1155.829078][T15715] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000005
[ 1155.829084][T15715] RBP: 00007f29e0b41090 R08: 0000000000000000 R09: 0000000000000000
[ 1155.829089][T15715] R10: 0000000000080800 R11: 0000000000000246 R12: 0000000000000001
[ 1155.829095][T15715] R13: 0000000000000000 R14: 00007f29dffb5fa0 R15: 00007ffc290351e8
[ 1155.829110][T15715]  </TASK>
[ 1158.004793][   T24] usb 5-1: new high-speed USB device number 14 using dummy_hcd
[ 1158.484286][   T24] usb 5-1: Using ep0 maxpacket: 16
[ 1158.544139][   T24] usb 5-1: config 0 has an invalid interface number: 26 but max is 0
[ 1158.552282][   T24] usb 5-1: config 0 has no interface number 0
[ 1158.671113][   T24] usb 5-1: config 0 interface 26 has no altsetting 0
[ 1158.704323][   T24] usb 5-1: New USB device found, idVendor=257a, idProduct=261f, bcdDevice=fa.f1
[ 1158.716460][   T24] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1158.754211][   T24] usb 5-1: Product: syz
[ 1158.766441][   T24] usb 5-1: Manufacturer: syz
[ 1158.776702][   T24] usb 5-1: SerialNumber: syz
[ 1158.791476][   T24] usb 5-1: config 0 descriptor??
[ 1158.834671][   T24] option 5-1:0.26: GSM modem (1-port) converter detected
[ 1160.726799][T12802] usb 5-1: USB disconnect, device number 14
[ 1160.733643][T12802] option 5-1:0.26: device disconnected
[ 1161.154161][T12802] usb 5-1: new full-speed USB device number 15 using dummy_hcd
[ 1161.390223][T12802] usb 5-1: New USB device found, idVendor=09c0, idProduct=0203, bcdDevice=d3.43
[ 1161.967631][T12802] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1162.028020][T12802] usb 5-1: config 0 descriptor??
[ 1162.051577][T12802] dvb-usb: found a 'Genpix SkyWalker-1 DVB-S receiver' in warm state.
[ 1162.211309][T15785] netlink: 'syz.2.2201': attribute type 5 has an invalid length.
[ 1162.219257][T15785] netlink: 7 bytes leftover after parsing attributes in process `syz.2.2201'.
[ 1162.298899][T15788] openvswitch: netlink: VXLAN extension message has 201 unknown bytes.
[ 1162.311722][T12802] gp8psk: usb in 128 operation failed.
[ 1162.530109][T12802] gp8psk: FW Version = 71.128.174 (0x4780ae)  Build 2101/232/141
[ 1163.333369][T12802] gp8psk: usb in 149 operation failed.
[ 1163.360655][T12802] gp8psk: failed to get FPGA version
[ 1163.464095][T12802] gp8psk: usb in 138 operation failed.
[ 1163.607004][T12802] dvb-usb: This USB2.0 device cannot be run on a USB1.1 port. (it lacks a hardware PID filter)
[ 1163.632899][T12802] dvb-usb: Genpix SkyWalker-1 DVB-S receiver error while loading driver (-19)
[ 1163.817085][T12802] usb 5-1: USB disconnect, device number 15
[ 1164.088783][T15803] netlink: 'syz.5.2205': attribute type 4 has an invalid length.
[ 1170.044156][ T8707] usb 3-1: new full-speed USB device number 16 using dummy_hcd
[ 1170.218352][ T8707] usb 3-1: New USB device found, idVendor=09c0, idProduct=0203, bcdDevice=d3.43
[ 1170.235279][ T8707] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1170.383001][ T8707] usb 3-1: config 0 descriptor??
[ 1170.547748][ T8707] dvb-usb: found a 'Genpix SkyWalker-1 DVB-S receiver' in warm state.
[ 1171.087629][ T8707] gp8psk: usb in 128 operation failed.
[ 1171.504879][ T8707] gp8psk: FW Version = 71.128.174 (0x4780ae)  Build 2101/232/141
[ 1171.914149][ T8707] gp8psk: usb in 149 operation failed.
[ 1171.919678][ T8707] gp8psk: failed to get FPGA version
[ 1171.926150][ T8707] gp8psk: usb in 138 operation failed.
[ 1171.934730][ T8707] dvb-usb: This USB2.0 device cannot be run on a USB1.1 port. (it lacks a hardware PID filter)
[ 1171.945216][ T8707] dvb-usb: Genpix SkyWalker-1 DVB-S receiver error while loading driver (-19)
[ 1172.028317][ T8707] usb 3-1: USB disconnect, device number 16
[ 1173.004257][T15909] netlink: 40 bytes leftover after parsing attributes in process `syz.2.2230'.
[ 1174.002821][T15919] mmap: syz.5.2233 (15919) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst.
[ 1175.831053][T15919] netlink: 104 bytes leftover after parsing attributes in process `syz.5.2233'.
[ 1176.224317][T15950] netlink: 32 bytes leftover after parsing attributes in process `syz.0.2240'.
[ 1176.589040][T15957] netlink: 'syz.6.2239': attribute type 1 has an invalid length.
[ 1176.596925][T15957] netlink: 224 bytes leftover after parsing attributes in process `syz.6.2239'.
[ 1177.035823][T13800] usb 6-1: new full-speed USB device number 22 using dummy_hcd
[ 1177.324973][ T1300] ieee802154 phy0 wpan0: encryption failed: -22
[ 1177.336537][ T1300] ieee802154 phy1 wpan1: encryption failed: -22
[ 1177.412037][T13800] usb 6-1: New USB device found, idVendor=09c0, idProduct=0203, bcdDevice=d3.43
[ 1177.492920][T13800] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1177.535173][T13800] usb 6-1: config 0 descriptor??
[ 1178.287163][T15967] netlink: 'syz.6.2242': attribute type 4 has an invalid length.
[ 1178.436841][T13800] dvb-usb: found a 'Genpix SkyWalker-1 DVB-S receiver' in warm state.
[ 1178.475044][T13800] gp8psk: usb in 128 operation failed.
[ 1178.728315][T13800] gp8psk: FW Version = 71.128.174 (0x4780ae)  Build 2101/232/141
[ 1178.767349][ T5901] usb 1-1: new high-speed USB device number 21 using dummy_hcd
[ 1178.979096][T13800] gp8psk: usb in 149 operation failed.
[ 1178.988709][T13800] gp8psk: failed to get FPGA version
[ 1179.066234][T13800] gp8psk: usb in 138 operation failed.
[ 1179.076831][ T5901] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[ 1179.094490][ T5901] usb 1-1: config 1 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 18
[ 1179.098976][T13800] dvb-usb: This USB2.0 device cannot be run on a USB1.1 port. (it lacks a hardware PID filter)
[ 1179.133034][ T5901] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a5, bcdDevice= 0.40
[ 1179.142671][ T5901] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1
[ 1179.164182][ T5901] usb 1-1: SerialNumber: syz
[ 1179.187659][T13800] dvb-usb: Genpix SkyWalker-1 DVB-S receiver error while loading driver (-19)
[ 1179.202121][ T5901] cdc_ether 1-1:1.0: skipping garbage
[ 1179.220172][ T5901] usb 1-1: bad CDC descriptors
[ 1179.253526][T13800] usb 6-1: USB disconnect, device number 22
[ 1179.254377][ T5901] usb-storage 1-1:1.0: USB Mass Storage device detected
[ 1179.320649][ T5901] usb-storage 1-1:1.0: Quirks match for vid 0525 pid a4a5: 10000
[ 1180.486814][T13800] usb 1-1: USB disconnect, device number 21
[ 1181.842454][T16003] netlink: 'syz.2.2253': attribute type 5 has an invalid length.
[ 1181.850376][T16003] netlink: 7 bytes leftover after parsing attributes in process `syz.2.2253'.
[ 1182.349135][T16011] openvswitch: netlink: VXLAN extension message has 201 unknown bytes.
[ 1182.537795][T16015] netlink: 'syz.0.2254': attribute type 4 has an invalid length.
[ 1183.377438][T16020] binder: 16017:16020 ioctl c0306201 0 returned -14
[ 1184.374906][T16029] netlink: 'syz.6.2259': attribute type 9 has an invalid length.
[ 1184.472161][T16030] netlink: 'syz.6.2259': attribute type 9 has an invalid length.
[ 1186.124138][T13800] usb 7-1: new high-speed USB device number 26 using dummy_hcd
[ 1187.124554][T13800] usb 7-1: New USB device found, idVendor=0cf3, idProduct=9374, bcdDevice=bc.3b
[ 1187.138664][T13800] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1187.180029][T13800] usb 7-1: config 0 descriptor??
[ 1188.939613][T13800] ath6kl: Failed to submit usb control message: -110
[ 1188.982162][T13800] ath6kl: unable to send the bmi data to the device: -110
[ 1189.003605][T13800] ath6kl: Unable to send get target info: -110
[ 1189.091339][T16065] netlink: 40 bytes leftover after parsing attributes in process `syz.2.2271'.
[ 1189.091567][T13800] ath6kl: Failed to init ath6kl core: -110
[ 1189.150285][T13800] ath6kl_usb 7-1:0.0: probe with driver ath6kl_usb failed with error -110
[ 1189.406813][T16071] xt_CT: You must specify a L4 protocol and not use inversions on it
[ 1189.646890][T13800] usb 7-1: USB disconnect, device number 26
[ 1193.011079][T16096] netlink: 'syz.6.2279': attribute type 4 has an invalid length.
[ 1193.902174][T16100] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2281'.
[ 1193.939944][T16100] pim6reg: entered allmulticast mode
[ 1193.980940][T16100] pim6reg: left allmulticast mode
[ 1195.227654][T16125] xt_CT: You must specify a L4 protocol and not use inversions on it
[ 1195.847000][T16133] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[ 1195.861912][   T30] audit: type=1326 audit(1752725164.277:87): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16132 comm="syz.5.2289" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2be018e929 code=0x7ffc0000
[ 1195.891430][   T30] audit: type=1326 audit(1752725164.277:88): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16132 comm="syz.5.2289" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f2be018e929 code=0x7ffc0000
[ 1195.913895][   T30] audit: type=1326 audit(1752725164.277:89): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16132 comm="syz.5.2289" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2be018e929 code=0x7ffc0000
[ 1195.942529][T16133] ------------[ cut here ]------------
[ 1195.948439][T16133] WARNING: CPU: 0 PID: 16133 at ./include/linux/memcontrol.h:371 folio_memcg+0x1a8/0x310
[ 1195.958428][T16133] Modules linked in:
[ 1195.962537][T16133] CPU: 0 UID: 0 PID: 16133 Comm: syz.5.2289 Not tainted 6.16.0-rc6-syzkaller-00037-ge2291551827f #0 PREEMPT(full) 
[ 1195.974666][T16133] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 1195.984769][T16133] RIP: 0010:folio_memcg+0x1a8/0x310
[ 1195.989958][T16133] Code: 80 3c 28 00 74 08 4c 89 f7 e8 74 ca 1b 00 4d 8b 36 4c 89 f0 5b 41 5c 41 5d 41 5e 41 5f 5d e9 0f 56 65 09 cc e8 f9 74 ba ff 90 <0f> 0b 90 eb c5 44 89 e1 80 e1 07 80 c1 03 38 c1 0f 8c fe fe ff ff
[ 1196.010521][T16133] RSP: 0018:ffffc9000de17250 EFLAGS: 00010283
[ 1196.017330][T16133] RAX: ffffffff8205bd57 RBX: 0000000000000000 RCX: 0000000000080000
[ 1196.025373][T16133] RDX: ffffc9000ba29000 RSI: 0000000000001f2e RDI: 0000000000001f2f
[ 1196.033360][T16133] RBP: 0000000000000000 R08: ffffea0000cd3c07 R09: 1ffffd400019a780
[ 1196.041510][T16133] R10: dffffc0000000000 R11: fffff9400019a781 R12: ffffea0000cd3c30
[ 1196.049830][T16133] R13: dffffc0000000000 R14: ffff88804a4e4000 R15: 0000000000000002
[ 1196.057863][T16133] FS:  00007f2be102c6c0(0000) GS:ffff888125c4f000(0000) knlGS:0000000000000000
[ 1196.066885][T16133] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 1196.073471][T16133] CR2: 0000000000000000 CR3: 000000002915a000 CR4: 00000000003526f0
[ 1196.081485][T16133] Call Trace:
[ 1196.084834][T16133]  <TASK>
[ 1196.087796][T16133]  workingset_activation+0x5f/0x4a0
[ 1196.093023][T16133]  ? folio_mark_accessed+0x2b1/0x4a0
[ 1196.099916][T16133]  folio_mark_accessed+0x3b5/0x4a0
[ 1196.105960][T16133]  kvm_release_page_clean+0x9a/0xe0
[ 1196.111177][T16133]  kvm_tdp_page_fault+0x2dd/0x370
[ 1196.116279][T16133]  kvm_mmu_do_page_fault+0x2c5/0x640
[ 1196.121595][T16133]  ? __pfx_kvm_mmu_do_page_fault+0x10/0x10
[ 1196.127500][T16133]  ? vmx_handle_exit_irqoff+0x29e/0xad0
[ 1196.133096][T16133]  kvm_mmu_page_fault+0x22f/0xb70
[ 1196.138246][T16133]  ? __pfx_handle_ept_violation+0x10/0x10
[ 1196.144005][T16133]  vmx_handle_exit+0x1090/0x18a0
[ 1196.148963][T16133]  ? vcpu_run+0x361c/0x6f70
[ 1196.153471][T16133]  vcpu_run+0x432e/0x6f70
[ 1196.157864][T16133]  ? vcpu_run+0x361c/0x6f70
[ 1196.162488][T16133]  ? __pfx_vcpu_run+0x10/0x10
[ 1196.167222][T16133]  ? kvm_arch_vcpu_ioctl_run+0x1f3/0x1940
[ 1196.173039][T16133]  ? rcu_is_watching+0x15/0xb0
[ 1196.177987][T16133]  kvm_arch_vcpu_ioctl_run+0xfc9/0x1940
[ 1196.183646][T16133]  ? kvm_arch_vcpu_ioctl_run+0x1f3/0x1940
[ 1196.189625][T16133]  ? __pfx_kvm_arch_vcpu_ioctl_run+0x10/0x10
[ 1196.195777][T16133]  ? rcu_is_watching+0x15/0xb0
[ 1196.201410][T16133]  ? look_up_lock_class+0x74/0x170
[ 1196.207284][T16133]  ? register_lock_class+0x51/0x320
[ 1196.212766][T16133]  ? __lock_acquire+0xab9/0xd20
[ 1196.217710][T16133]  kvm_vcpu_ioctl+0x95c/0xe90
[ 1196.222431][T16133]  ? __pfx_kvm_vcpu_ioctl+0x10/0x10
[ 1196.227674][T16133]  ? __lock_acquire+0xab9/0xd20
[ 1196.232549][T16133]  ? __asan_memset+0x22/0x50
[ 1196.237214][T16133]  ? smack_file_ioctl+0x302/0x340
[ 1196.242241][T16133]  ? __pfx_smack_file_ioctl+0x10/0x10
[ 1196.247723][T16133]  ? __fget_files+0x2a/0x420
[ 1196.252501][T16133]  ? __fget_files+0x3a0/0x420
[ 1196.257227][T16133]  ? __fget_files+0x2a/0x420
[ 1196.261848][T16133]  ? bpf_lsm_file_ioctl+0x9/0x20
[ 1196.266841][T16133]  ? __pfx_kvm_vcpu_ioctl+0x10/0x10
[ 1196.272041][T16133]  __se_sys_ioctl+0xfc/0x170
[ 1196.276673][T16133]  do_syscall_64+0xfa/0x3b0
[ 1196.281178][T16133]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1196.287284][T16133]  ? asm_sysvec_call_function_single+0x1a/0x20
[ 1196.293442][T16133]  ? clear_bhb_loop+0x60/0xb0
[ 1196.298292][T16133]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1196.305136][T16133] RIP: 0033:0x7f2be018e929
[ 1196.309645][T16133] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1196.330052][T16133] RSP: 002b:00007f2be102c038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1196.338631][T16133] RAX: ffffffffffffffda RBX: 00007f2be03b5fa0 RCX: 00007f2be018e929
[ 1196.346654][T16133] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 000000000000000a
[ 1196.355175][T16133] RBP: 00007f2be0210ca1 R08: 0000000000000000 R09: 0000000000000000
[ 1196.363153][T16133] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 1196.371206][T16133] R13: 0000000000000000 R14: 00007f2be03b5fa0 R15: 00007ffc1550b1f8
[ 1196.379238][T16133]  </TASK>
[ 1196.382265][T16133] Kernel panic - not syncing: kernel: panic_on_warn set ...
[ 1196.389547][T16133] CPU: 0 UID: 0 PID: 16133 Comm: syz.5.2289 Not tainted 6.16.0-rc6-syzkaller-00037-ge2291551827f #0 PREEMPT(full) 
[ 1196.401611][T16133] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 1196.411683][T16133] Call Trace:
[ 1196.415227][T16133]  <TASK>
[ 1196.418149][T16133]  dump_stack_lvl+0x99/0x250
[ 1196.422759][T16133]  ? __asan_memcpy+0x40/0x70
[ 1196.427349][T16133]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1196.432540][T16133]  ? __pfx__printk+0x10/0x10
[ 1196.437151][T16133]  panic+0x2db/0x790
[ 1196.441059][T16133]  ? __pfx_panic+0x10/0x10
[ 1196.445492][T16133]  __warn+0x31b/0x4b0
[ 1196.449578][T16133]  ? folio_memcg+0x1a8/0x310
[ 1196.454178][T16133]  ? folio_memcg+0x1a8/0x310
[ 1196.458766][T16133]  report_bug+0x2be/0x4f0
[ 1196.463095][T16133]  ? folio_memcg+0x1a8/0x310
[ 1196.467677][T16133]  ? folio_memcg+0x1a8/0x310
[ 1196.472532][T16133]  ? folio_memcg+0x1aa/0x310
[ 1196.477126][T16133]  handle_bug+0x84/0x160
[ 1196.481451][T16133]  exc_invalid_op+0x1a/0x50
[ 1196.485948][T16133]  asm_exc_invalid_op+0x1a/0x20
[ 1196.490797][T16133] RIP: 0010:folio_memcg+0x1a8/0x310
[ 1196.496004][T16133] Code: 80 3c 28 00 74 08 4c 89 f7 e8 74 ca 1b 00 4d 8b 36 4c 89 f0 5b 41 5c 41 5d 41 5e 41 5f 5d e9 0f 56 65 09 cc e8 f9 74 ba ff 90 <0f> 0b 90 eb c5 44 89 e1 80 e1 07 80 c1 03 38 c1 0f 8c fe fe ff ff
[ 1196.515611][T16133] RSP: 0018:ffffc9000de17250 EFLAGS: 00010283
[ 1196.522113][T16133] RAX: ffffffff8205bd57 RBX: 0000000000000000 RCX: 0000000000080000
[ 1196.530102][T16133] RDX: ffffc9000ba29000 RSI: 0000000000001f2e RDI: 0000000000001f2f
[ 1196.538077][T16133] RBP: 0000000000000000 R08: ffffea0000cd3c07 R09: 1ffffd400019a780
[ 1196.546237][T16133] R10: dffffc0000000000 R11: fffff9400019a781 R12: ffffea0000cd3c30
[ 1196.554309][T16133] R13: dffffc0000000000 R14: ffff88804a4e4000 R15: 0000000000000002
[ 1196.562911][T16133]  ? folio_memcg+0x1a7/0x310
[ 1196.567867][T16133]  workingset_activation+0x5f/0x4a0
[ 1196.573072][T16133]  ? folio_mark_accessed+0x2b1/0x4a0
[ 1196.578356][T16133]  folio_mark_accessed+0x3b5/0x4a0
[ 1196.583459][T16133]  kvm_release_page_clean+0x9a/0xe0
[ 1196.588644][T16133]  kvm_tdp_page_fault+0x2dd/0x370
[ 1196.593688][T16133]  kvm_mmu_do_page_fault+0x2c5/0x640
[ 1196.598969][T16133]  ? __pfx_kvm_mmu_do_page_fault+0x10/0x10
[ 1196.604774][T16133]  ? vmx_handle_exit_irqoff+0x29e/0xad0
[ 1196.610310][T16133]  kvm_mmu_page_fault+0x22f/0xb70
[ 1196.615330][T16133]  ? __pfx_handle_ept_violation+0x10/0x10
[ 1196.621035][T16133]  vmx_handle_exit+0x1090/0x18a0
[ 1196.625970][T16133]  ? vcpu_run+0x361c/0x6f70
[ 1196.630464][T16133]  vcpu_run+0x432e/0x6f70
[ 1196.634879][T16133]  ? vcpu_run+0x361c/0x6f70
[ 1196.639395][T16133]  ? __pfx_vcpu_run+0x10/0x10
[ 1196.644156][T16133]  ? kvm_arch_vcpu_ioctl_run+0x1f3/0x1940
[ 1196.649861][T16133]  ? rcu_is_watching+0x15/0xb0
[ 1196.654616][T16133]  kvm_arch_vcpu_ioctl_run+0xfc9/0x1940
[ 1196.660152][T16133]  ? kvm_arch_vcpu_ioctl_run+0x1f3/0x1940
[ 1196.665857][T16133]  ? __pfx_kvm_arch_vcpu_ioctl_run+0x10/0x10
[ 1196.671825][T16133]  ? rcu_is_watching+0x15/0xb0
[ 1196.676605][T16133]  ? look_up_lock_class+0x74/0x170
[ 1196.681707][T16133]  ? register_lock_class+0x51/0x320
[ 1196.686892][T16133]  ? __lock_acquire+0xab9/0xd20
[ 1196.691745][T16133]  kvm_vcpu_ioctl+0x95c/0xe90
[ 1196.696414][T16133]  ? __pfx_kvm_vcpu_ioctl+0x10/0x10
[ 1196.701601][T16133]  ? __lock_acquire+0xab9/0xd20
[ 1196.706451][T16133]  ? __asan_memset+0x22/0x50
[ 1196.711029][T16133]  ? smack_file_ioctl+0x302/0x340
[ 1196.716162][T16133]  ? __pfx_smack_file_ioctl+0x10/0x10
[ 1196.721526][T16133]  ? __fget_files+0x2a/0x420
[ 1196.726099][T16133]  ? __fget_files+0x3a0/0x420
[ 1196.730758][T16133]  ? __fget_files+0x2a/0x420
[ 1196.735338][T16133]  ? bpf_lsm_file_ioctl+0x9/0x20
[ 1196.740259][T16133]  ? __pfx_kvm_vcpu_ioctl+0x10/0x10
[ 1196.745479][T16133]  __se_sys_ioctl+0xfc/0x170
[ 1196.750426][T16133]  do_syscall_64+0xfa/0x3b0
[ 1196.754921][T16133]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1196.760975][T16133]  ? asm_sysvec_call_function_single+0x1a/0x20
[ 1196.767113][T16133]  ? clear_bhb_loop+0x60/0xb0
[ 1196.771775][T16133]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1196.777661][T16133] RIP: 0033:0x7f2be018e929
[ 1196.782060][T16133] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1196.801657][T16133] RSP: 002b:00007f2be102c038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1196.810080][T16133] RAX: ffffffffffffffda RBX: 00007f2be03b5fa0 RCX: 00007f2be018e929
[ 1196.818046][T16133] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 000000000000000a
[ 1196.826001][T16133] RBP: 00007f2be0210ca1 R08: 0000000000000000 R09: 0000000000000000
[ 1196.833966][T16133] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 1196.841929][T16133] R13: 0000000000000000 R14: 00007f2be03b5fa0 R15: 00007ffc1550b1f8
[ 1196.849896][T16133]  </TASK>
[ 1196.853169][T16133] Kernel Offset: disabled
[ 1196.857482][T16133] Rebooting in 86400 seconds..