last executing test programs:

43.290503958s ago: executing program 0 (id=879):
r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000040)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x20, 0x403, 0x6030, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x1, 0x3, 0x0, 0x0, 0x0, {0x9, 0x21, 0x0, 0x0, 0x1, {0x22, 0x2}}}}]}}]}}, 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io$hid(r0, &(0x7f0000000000)={0x24, 0x0, 0x0, &(0x7f0000000140)={0x0, 0x22, 0x2, {[@main=@item_012={0x1, 0x0, 0x7, "a4"}]}}, 0x0}, 0x0)
syz_usb_control_io(r0, 0x0, &(0x7f0000000940)={0x84, &(0x7f00000004c0)={0x0, 0x14, 0xd, "5e6424818327b2369deca65eb2"}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io(r0, 0x0, &(0x7f0000000880)={0x84, &(0x7f00000003c0)=ANY=[@ANYBLOB='\x00\x00M'], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$hid(r0, 0x0, 0x0)
syz_usb_control_io(r0, 0x0, &(0x7f0000000b00)={0x84, &(0x7f0000000600)=ANY=[@ANYBLOB="200e06"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
r1 = syz_open_dev$I2C(&(0x7f0000000000), 0x1, 0x402)
ioctl$I2C_RDWR(r1, 0x707, &(0x7f0000000200)={&(0x7f0000000240)=[{0x3137, 0x1829, 0x0, 0x0}], 0x1})
r2 = syz_usb_connect(0x0, 0x24, &(0x7f0000000040)=ANY=[@ANYBLOB="120100007e618a08580403701a7a010203010902120001000000000904"], 0x0)
syz_usb_control_io$hid(r2, 0x0, 0x0)
syz_usb_control_io$cdc_ecm(r2, 0x0, 0x0)
syz_usb_control_io$hid(r2, 0x0, &(0x7f0000000680)={0x2c, &(0x7f0000000500)={0x20, 0x13, 0x1, 'c'}, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$cdc_ncm(r2, &(0x7f0000000180)={0x14, &(0x7f0000000080)={0x40, 0xb, 0x4d, {0x4d, 0x22, "6e51cbf87361e5ab536e31ffabd1c87bf34da0c659630cf63446d64c985b436d4a98c762fa69dd84379189757585d2166079aa8eeb7500230d1261f8464b064262c46bf8fff1d657bb0a57"}}, &(0x7f0000000100)={0x0, 0x3, 0x1a, {0x1a}}}, &(0x7f0000000500)={0x44, &(0x7f0000000280)={0x20, 0xf, 0x55, "95a3a3c7ec3d301a670b9865defaec37ee3787ac7ce8bad2333274783ed7704a90648107dfe92df1754bbed6f064dae431aa451310d83304d20cab09056e2afcf36c029d842eba34c4c81a41309177d2b91e158800"}, &(0x7f00000001c0)={0x0, 0xa, 0x1, 0x1}, &(0x7f0000000300)={0x0, 0x8, 0x1, 0x50}, &(0x7f0000000340)={0x20, 0x80, 0x1c, {0x4, 0x4, 0x6, 0x1ff, 0x40, 0x4, 0x4, 0x0, 0x1, 0x8, 0x2, 0x401}}, &(0x7f0000000380)={0x20, 0x85, 0x4, 0x5}, &(0x7f0000000400)={0x20, 0x83, 0x2, 0x1}, &(0x7f0000000440)={0x20, 0x87, 0x2, 0x4}, &(0x7f0000000480)={0x20, 0x89, 0x2, 0x1}})

39.641138928s ago: executing program 0 (id=890):
syz_open_dev$vbi(&(0x7f0000000040), 0x0, 0x2)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000013c0)={0x18, 0x3, &(0x7f0000000080)=@framed, 0x0}, 0x94)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x2, '\x00', 0x0, 0x2}, 0x94)
ioctl$TIOCGSID(0xffffffffffffffff, 0x5429, &(0x7f0000000340))
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x100}, 0x0)
r1 = getpid()
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000300), 0xffffffffffffffff)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r4, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000100)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a25c4e36aa5c4c6d30000010000000900010073797a30000000002c000000030a01020000000000000000010000000900010073797a30000000000900030073797a300000000054000000060a010400000000000000000100000008000b40000000002c00048028000180080001006e6174001c0002800800024000000000080001"], 0xc8}}, 0x0)
r5 = syz_open_procfs(0x0, &(0x7f00000001c0)='maps\x00')
ioctl$KVM_SET_USER_MEMORY_REGION(r5, 0xc0686611, &(0x7f0000000180)={0x67, 0x0, 0x18, 0x2000, &(0x7f0000ffd000/0x2000)=nil})
mknod$loop(&(0x7f0000000180)='./file0\x00', 0x6000, 0x0)
r6 = creat(0x0, 0x0)
r7 = dup2(r6, r6)
connect$inet(0xffffffffffffffff, 0x0, 0x0)
ioctl$BLKTRACESETUP(r7, 0xc0481273, &(0x7f0000000240)={'\x00', 0x40, 0xa, 0x1, 0x40000000, 0x10})
socket$inet_mptcp(0x2, 0x1, 0x106)
r8 = socket$kcm(0x10, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f00000007c0)={0x6, 0x87}, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sendmsg$sock(r8, 0x0, 0x20000880)

37.229444458s ago: executing program 0 (id=894):
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$netlbl_unlabel(0x0, r0)
sendmsg$NLBL_UNLABEL_C_STATICREMOVEDEF(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000200)=ANY=[@ANYBLOB='x\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="01000000000000000000037400062c00070073797352656d5f753a6f626a6563745f723a756465765f68656c7065725f657865635f743a7330000800020000000000080007002609090914000600626f6e64300000000000000000000000080003"], 0x78}, 0x1, 0xffffffff00000003, 0x0, 0x4000}, 0x0)

36.973819178s ago: executing program 0 (id=895):
sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, 0x0}, 0x0)
socket(0x10, 0x3, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000380)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000380)={0x11, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="1801000000000000000000000000ea04850000005000000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
r4 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000080), 0x1c0002, 0x0)
write$vga_arbiter(r4, &(0x7f0000000040)=@other={'trylock', ' ', 'io'}, 0xb)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000040)='sched_switch\x00', r3}, 0x10)
r5 = creat(&(0x7f0000000000)='./file0\x00', 0xd931d3864d39ddd8)
r6 = openat$fuse(0xffffffffffffff9c, &(0x7f0000002080), 0x42, 0x0)
read$FUSE(r6, &(0x7f00000083c0)={0x2020}, 0x2020)
openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x26e1, 0x0)
r7 = syz_open_dev$cec(&(0x7f0000000280), 0x0, 0x80200)
ioctl$CEC_ADAP_S_LOG_ADDRS(r7, 0xc05c6104, &(0x7f00000001c0)={"f2efe21e", 0x0, 0x5, 0x4a, 0x0, 0x1ff, "2179d46fd08e3c0ced34c7d0c7e6d7", '\x00', "0400", "a2d1d4a2", ["1af0b1ba1cb8fd54c9c9b587", "bed0f3d6ce7a5f7389827f04", "33af343c60abc64f2fdc9ddf", "9b3842fc56849f6236eb1c3c"]})
ioctl$sock_SIOCDELDLCI(r5, 0x8981, &(0x7f0000000240)={'virt_wifi0\x00', 0x7})
ioctl$CEC_TRANSMIT(0xffffffffffffffff, 0xc0386105, &(0x7f0000000d40)={0x2, 0x3, 0x3, 0xfffffffc, 0x0, 0x4063, "57c1169b6664e261326ac71ae7213059", 0x0, 0x0, 0x0, 0xfd, 0x5, 0x1})

35.867392958s ago: executing program 0 (id=898):
msgrcv(0x0, 0x0, 0x0, 0x2, 0x1000)
msgsnd(0x0, 0x0, 0x0, 0x0)
ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, 0x0)
sendmsg$NL80211_CMD_SET_KEY(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x2000}, 0x40010)
pread64(0xffffffffffffffff, 0x0, 0x0, 0x9)
socket$packet(0x11, 0x3, 0x300)
socket$inet(0x2, 0x5, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20008b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x3)
sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f000001aa40)=""/102400, 0x19000)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f00000002c0)=ANY=[@ANYBLOB="180000001800ff0f0000000000000000850000006d000000850000000800000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r1}, 0x10)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000000)=@IORING_OP_READ_FIXED={0x4, 0x14, 0x2004, @fd, 0x4, 0x20000000, 0x8020, 0x0, 0x0, {0x1}})
r2 = syz_open_dev$sg(&(0x7f00000060c0), 0x0, 0x8002)
ioctl$SCSI_IOCTL_GET_PCI(r2, 0x5393, &(0x7f0000000000))

34.338350312s ago: executing program 0 (id=901):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000040)=0x3)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r1 = socket(0x400000000010, 0x3, 0x0)
r2 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r3=>0x0})
mkdirat(0xffffffffffffff9c, 0x0, 0x0)
mount$fuse(0x0, 0x0, 0x0, 0x2b38094, &(0x7f0000000400)=ANY=[@ANYBLOB])
mount(0x0, &(0x7f0000000380)='./file1\x00', &(0x7f0000000040)='autofs\x00', 0x0, 0x0)
chdir(0x0)
r4 = openat$autofs(0xffffffffffffff9c, &(0x7f0000000000), 0x200, 0x0)
prlimit64(0x0, 0xe, &(0x7f00000000c0)={0x8, 0x8000}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x2)
sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r5 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r5, &(0x7f0000019680)=""/102392, 0x18ff8)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000006680))
ioctl$UI_ABS_SETUP(0xffffffffffffffff, 0x401c5504, 0x0)
write$uinput_user_dev(0xffffffffffffffff, &(0x7f0000000240)={'syz0\x00', {0x9, 0x1, 0x2, 0x6}, 0x0, [0x5, 0x5, 0x1000081, 0x7, 0x4, 0x1000, 0x50000, 0x1, 0x10001, 0xffffa103, 0x3, 0x6, 0x9, 0x6, 0x7, 0x3, 0x6, 0x0, 0x40, 0x2, 0x1cac, 0x3eb, 0xb8f, 0x1d8, 0x6f02, 0x40, 0x6, 0x0, 0xfffffffa, 0xdc, 0xffffffff, 0xa1bc, 0x200, 0x7, 0x6, 0x6, 0x8, 0x1, 0x0, 0x0, 0x2, 0x400, 0x7a08, 0x203, 0x3, 0x101, 0x7ff, 0x7f, 0x1c, 0x7, 0xe, 0x9, 0x5, 0xa, 0x3, 0x2, 0xf7, 0xfff, 0x171, 0x5, 0x1ac0, 0x4f, 0x6, 0x8], [0x5, 0x3ff, 0x6, 0xea, 0x3, 0x0, 0xca, 0x1c5936c5, 0x9, 0xfffffff8, 0x4, 0x1, 0x7, 0x6, 0xa, 0x4, 0x2, 0x4, 0x5, 0x2, 0x0, 0x6, 0x0, 0x1, 0x9, 0x6, 0x5e5893ea, 0xfffffff7, 0x9, 0xfffd, 0x3, 0x8001, 0x2e6d, 0x7ff, 0x1, 0x1000, 0x877, 0x9, 0x8, 0x8, 0x80000000, 0xfff, 0x5, 0x7, 0x8, 0x5, 0x75da, 0x2, 0x5, 0xe8, 0x3, 0x9, 0x5, 0x7, 0xb99c, 0x2, 0x1, 0x20000004, 0x4, 0x1, 0x1, 0x9, 0x2, 0xc406], [0x80000003, 0x6, 0x9, 0x9, 0x200, 0xb9, 0x7, 0x6, 0x3, 0x4, 0x2, 0x5, 0x3, 0x9, 0x9, 0x7, 0x8, 0x61, 0x9, 0x5, 0x9, 0x8, 0x2, 0x6, 0x8001, 0x4, 0xc, 0x80000000, 0x7fffffff, 0x1, 0x1, 0x6, 0x8, 0x3, 0x6, 0x5, 0x3, 0x2, 0x0, 0x24, 0x9, 0x2000000, 0x4, 0xff, 0x7, 0x3eef6cc9, 0x1, 0x40007, 0x7, 0x8bd, 0x9, 0xfffffff9, 0x80000001, 0x5, 0xffffff1d, 0x6, 0x0, 0xa, 0xfff, 0xfff, 0x1, 0x1, 0x19ee, 0xffffdff9], [0x0, 0x10, 0x101, 0x2, 0x4, 0x9c500, 0xef, 0x8, 0xc61, 0x9, 0xd, 0x358, 0xd567, 0x1d5, 0xc8b, 0x658, 0xcbfd, 0x101, 0x6, 0x5, 0xb, 0x5, 0xa, 0x3, 0x75d6, 0xb26, 0x3ff, 0x6, 0x9, 0x0, 0x1, 0xf412, 0x2, 0x2, 0x2000002, 0x3, 0x3, 0x9, 0x3, 0x5, 0xfffffffc, 0x3, 0xfffffff3, 0x8000, 0x6, 0x6, 0xffff, 0x80, 0xf, 0xfff, 0xfff, 0xffff, 0xfffffffe, 0x80, 0xb975, 0x5, 0x5e1, 0xa, 0xffff58ee, 0x2, 0x2530, 0x4, 0x26da282, 0xc]}, 0x45c)
sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x44080)
ioctl$AUTOFS_DEV_IOCTL_EXPIRE(r4, 0xc018937e, &(0x7f00000019c0)={{0x1, 0x1, 0x1018}, './file1\x00'})
sendmsg$nl_route_sched(r1, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r3, {0x0, 0xfff1}, {0xffff, 0xffff}, {0x0, 0x2}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8, 0x2, {0x0, 0x3}}}]}, 0x38}}, 0x0) (fail_nth: 1)
sendmsg$nl_route_sched(r1, &(0x7f0000000580)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000006c0)=@newtfilter={0x68, 0x2c, 0xd27, 0x70bd2d, 0x25dfdbfe, {0x0, 0x0, 0x0, r3, {0x0, 0x3}, {}, {0xfff3, 0xffe0}}, [@filter_kind_options=@f_matchall={{0xd}, {0x34, 0x2, [@TCA_MATCHALL_ACT={0x30, 0x2, [@m_ife={0x2c, 0x1, 0x0, 0x0, {{0x8}, {0x4}, {0x37}, {0xc}, {0xc, 0x8, {0x3, 0x1}}}}]}]}}]}, 0x68}, 0x1, 0x0, 0x0, 0x50}, 0x0)
r6 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r6, &(0x7f0000001a40)=""/102384, 0x18ff0)
syz_open_dev$sndctrl(0x0, 0x0, 0x0)
socket$netlink(0x10, 0x3, 0x14)

18.944204984s ago: executing program 32 (id=901):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000040)=0x3)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r1 = socket(0x400000000010, 0x3, 0x0)
r2 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r3=>0x0})
mkdirat(0xffffffffffffff9c, 0x0, 0x0)
mount$fuse(0x0, 0x0, 0x0, 0x2b38094, &(0x7f0000000400)=ANY=[@ANYBLOB])
mount(0x0, &(0x7f0000000380)='./file1\x00', &(0x7f0000000040)='autofs\x00', 0x0, 0x0)
chdir(0x0)
r4 = openat$autofs(0xffffffffffffff9c, &(0x7f0000000000), 0x200, 0x0)
prlimit64(0x0, 0xe, &(0x7f00000000c0)={0x8, 0x8000}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x2)
sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r5 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r5, &(0x7f0000019680)=""/102392, 0x18ff8)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000006680))
ioctl$UI_ABS_SETUP(0xffffffffffffffff, 0x401c5504, 0x0)
write$uinput_user_dev(0xffffffffffffffff, &(0x7f0000000240)={'syz0\x00', {0x9, 0x1, 0x2, 0x6}, 0x0, [0x5, 0x5, 0x1000081, 0x7, 0x4, 0x1000, 0x50000, 0x1, 0x10001, 0xffffa103, 0x3, 0x6, 0x9, 0x6, 0x7, 0x3, 0x6, 0x0, 0x40, 0x2, 0x1cac, 0x3eb, 0xb8f, 0x1d8, 0x6f02, 0x40, 0x6, 0x0, 0xfffffffa, 0xdc, 0xffffffff, 0xa1bc, 0x200, 0x7, 0x6, 0x6, 0x8, 0x1, 0x0, 0x0, 0x2, 0x400, 0x7a08, 0x203, 0x3, 0x101, 0x7ff, 0x7f, 0x1c, 0x7, 0xe, 0x9, 0x5, 0xa, 0x3, 0x2, 0xf7, 0xfff, 0x171, 0x5, 0x1ac0, 0x4f, 0x6, 0x8], [0x5, 0x3ff, 0x6, 0xea, 0x3, 0x0, 0xca, 0x1c5936c5, 0x9, 0xfffffff8, 0x4, 0x1, 0x7, 0x6, 0xa, 0x4, 0x2, 0x4, 0x5, 0x2, 0x0, 0x6, 0x0, 0x1, 0x9, 0x6, 0x5e5893ea, 0xfffffff7, 0x9, 0xfffd, 0x3, 0x8001, 0x2e6d, 0x7ff, 0x1, 0x1000, 0x877, 0x9, 0x8, 0x8, 0x80000000, 0xfff, 0x5, 0x7, 0x8, 0x5, 0x75da, 0x2, 0x5, 0xe8, 0x3, 0x9, 0x5, 0x7, 0xb99c, 0x2, 0x1, 0x20000004, 0x4, 0x1, 0x1, 0x9, 0x2, 0xc406], [0x80000003, 0x6, 0x9, 0x9, 0x200, 0xb9, 0x7, 0x6, 0x3, 0x4, 0x2, 0x5, 0x3, 0x9, 0x9, 0x7, 0x8, 0x61, 0x9, 0x5, 0x9, 0x8, 0x2, 0x6, 0x8001, 0x4, 0xc, 0x80000000, 0x7fffffff, 0x1, 0x1, 0x6, 0x8, 0x3, 0x6, 0x5, 0x3, 0x2, 0x0, 0x24, 0x9, 0x2000000, 0x4, 0xff, 0x7, 0x3eef6cc9, 0x1, 0x40007, 0x7, 0x8bd, 0x9, 0xfffffff9, 0x80000001, 0x5, 0xffffff1d, 0x6, 0x0, 0xa, 0xfff, 0xfff, 0x1, 0x1, 0x19ee, 0xffffdff9], [0x0, 0x10, 0x101, 0x2, 0x4, 0x9c500, 0xef, 0x8, 0xc61, 0x9, 0xd, 0x358, 0xd567, 0x1d5, 0xc8b, 0x658, 0xcbfd, 0x101, 0x6, 0x5, 0xb, 0x5, 0xa, 0x3, 0x75d6, 0xb26, 0x3ff, 0x6, 0x9, 0x0, 0x1, 0xf412, 0x2, 0x2, 0x2000002, 0x3, 0x3, 0x9, 0x3, 0x5, 0xfffffffc, 0x3, 0xfffffff3, 0x8000, 0x6, 0x6, 0xffff, 0x80, 0xf, 0xfff, 0xfff, 0xffff, 0xfffffffe, 0x80, 0xb975, 0x5, 0x5e1, 0xa, 0xffff58ee, 0x2, 0x2530, 0x4, 0x26da282, 0xc]}, 0x45c)
sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x44080)
ioctl$AUTOFS_DEV_IOCTL_EXPIRE(r4, 0xc018937e, &(0x7f00000019c0)={{0x1, 0x1, 0x1018}, './file1\x00'})
sendmsg$nl_route_sched(r1, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r3, {0x0, 0xfff1}, {0xffff, 0xffff}, {0x0, 0x2}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8, 0x2, {0x0, 0x3}}}]}, 0x38}}, 0x0) (fail_nth: 1)
sendmsg$nl_route_sched(r1, &(0x7f0000000580)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000006c0)=@newtfilter={0x68, 0x2c, 0xd27, 0x70bd2d, 0x25dfdbfe, {0x0, 0x0, 0x0, r3, {0x0, 0x3}, {}, {0xfff3, 0xffe0}}, [@filter_kind_options=@f_matchall={{0xd}, {0x34, 0x2, [@TCA_MATCHALL_ACT={0x30, 0x2, [@m_ife={0x2c, 0x1, 0x0, 0x0, {{0x8}, {0x4}, {0x37}, {0xc}, {0xc, 0x8, {0x3, 0x1}}}}]}]}}]}, 0x68}, 0x1, 0x0, 0x0, 0x50}, 0x0)
r6 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r6, &(0x7f0000001a40)=""/102384, 0x18ff0)
syz_open_dev$sndctrl(0x0, 0x0, 0x0)
socket$netlink(0x10, 0x3, 0x14)

14.140197012s ago: executing program 3 (id=934):
r0 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000001840), 0x2982, 0x0)
r1 = openat$procfs(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/timer_list\x00', 0x0, 0x0)
sendfile(r0, r1, 0x0, 0x20000023896)
ioctl$TCSETSW(r0, 0x5403, &(0x7f0000000380)={0x0, 0x4, 0xffffffff, 0x3, 0x5, "28c4d95d3933aabcf900000000000000001000"})

12.661201706s ago: executing program 3 (id=937):
openat$ptp0(0xffffffffffffff9c, &(0x7f0000000000), 0x244a02, 0x0)
r0 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000200)='/proc/bus/input/devices\x00', 0x0, 0x0)
r1 = syz_open_procfs(0x0, &(0x7f0000000000)='fd/3\x00')
mount$9p_fd(0xffffffffffffff8c, &(0x7f0000000100)='.\x00', &(0x7f0000000040), 0x0, &(0x7f0000000540)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}})

12.613246102s ago: executing program 3 (id=938):
r0 = openat$comedi(0xffffffffffffff9c, &(0x7f0000000080)='/dev/comedi3\x00', 0x400, 0x0)
socket$igmp(0x2, 0x3, 0x2)
sendto$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f0000000140)={0xa, 0x0, 0x0, @private0}, 0x1c)
socket(0x2, 0x80805, 0x0)
setsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER_VALUE(0xffffffffffffffff, 0x84, 0x7c, 0x0, 0x0)
r1 = socket$tipc(0x1e, 0x2, 0x0)
bind$tipc(r1, &(0x7f0000000400)=@nameseq={0x1e, 0x1, 0x3, {0x42, 0x0, 0x2}}, 0x10)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x1)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0xfffffffffffffffe)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8)
r3 = socket$unix(0x1, 0x5, 0x0)
ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000100)={'syzkaller0\x00'})
setsockopt$TIPC_GROUP_JOIN(r1, 0x10f, 0x87, &(0x7f0000000000)={0x42, 0x1}, 0x10)
r4 = socket$tipc(0x1e, 0x2, 0x0)
bind$tipc(r4, &(0x7f0000000180)=@nameseq={0x1e, 0x1, 0x0, {0x42, 0x1, 0x4}}, 0x10)
setsockopt$TIPC_GROUP_JOIN(r4, 0x10f, 0x87, &(0x7f0000000240)={0x42, 0x1}, 0x10)
dup3(r4, r1, 0x0)
ioctl$COMEDI_DEVCONFIG(r0, 0x40946400, 0x0)
ioctl$COMEDI_DEVCONFIG(r0, 0x40946400, &(0x7f00000000c0)={'pcl812\x00', [0x4f2a, 0x80004, 0x10000, 0x800005, 0x2, 0x5, 0x8, 0x7, 0x5, 0xfe, 0x2, 0x1, 0x3, 0x49a, 0x6, 0x101, 0x0, 0x47f, 0x3, 0x40000003, 0x89, 0x10caa3, 0x0, 0x20001e58, 0xb, 0x1000e66, 0x2d, 0x7f, 0x4085, 0xffffffff, 0xfffffff7]})

11.909498224s ago: executing program 1 (id=940):
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$netlbl_unlabel(&(0x7f00000001c0), r0)
sendmsg$NLBL_UNLABEL_C_STATICREMOVEDEF(r0, 0x0, 0x0)

11.753764254s ago: executing program 1 (id=942):
ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x8946, 0x0)
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$NLBL_UNLABEL_C_STATICADD(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000100)={0x0}, 0x8, 0x3000000000002}, 0x0)
r1 = syz_genetlink_get_family_id$nfc(&(0x7f0000000040), 0xffffffffffffffff)
ioctl$IOCTL_GET_NCIDEV_IDX(0xffffffffffffffff, 0x0, &(0x7f00000000c0)=<r2=>0x0)
r3 = syz_init_net_socket$nfc_llcp(0x27, 0x2, 0x1)
r4 = openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0)
ioctl$IOCTL_GET_NCIDEV_IDX(r4, 0x0, &(0x7f0000000000)=<r5=>0x0)
bind$nfc_llcp(r3, &(0x7f0000001040)={0x27, r5, 0xffffffffffffffff, 0x5, 0x0, 0x0, "d92984bd1ca44c226af5160e961711a077609475b78411e88509de050000000000f2170e65e3f50327e422000000000000000000000200000000001900", 0x3c}, 0x60)
r6 = openat$nci(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
r7 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r8 = syz_genetlink_get_family_id$nfc(&(0x7f0000000500), r7)
ioctl$IOCTL_GET_NCIDEV_IDX(r6, 0x0, &(0x7f0000000580)=<r9=>0x0)
sendmsg$NFC_CMD_SE_IO(r7, &(0x7f0000000840)={0x0, 0x0, &(0x7f0000000800)={&(0x7f0000000a00)={0x2c, r8, 0x1, 0x70bd28, 0x25dfdbfc, {}, [@NFC_ATTR_DEVICE_INDEX={0x8, 0x1, r9}, @NFC_ATTR_SE_INDEX={0x8, 0x15, 0xc0}, @NFC_ATTR_SE_APDU={0x5, 0x19, "d8"}]}, 0x2c}, 0x1, 0x0, 0x0, 0x8000}, 0x0)
sendmsg$NFC_CMD_DEACTIVATE_TARGET(r0, &(0x7f0000000200)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x1000}, 0xc, &(0x7f0000000180)={&(0x7f0000000100)={0x54, r1, 0x100, 0x70bd2a, 0x25dfdbfd, {}, [@NFC_ATTR_TARGET_INDEX={0x8}, @NFC_ATTR_TARGET_INDEX={0x8}, @NFC_ATTR_TARGET_INDEX={0x8, 0x4, 0xffffffffffffffff}, @NFC_ATTR_TARGET_INDEX={0x8}, @NFC_ATTR_TARGET_INDEX={0x8, 0x4, 0x1}, @NFC_ATTR_DEVICE_INDEX={0x8, 0x1, r2}, @NFC_ATTR_DEVICE_INDEX={0x8, 0x1, r5}, @NFC_ATTR_DEVICE_INDEX={0x8, 0x1, r9}]}, 0x54}, 0x1, 0x0, 0x0, 0x4000040}, 0x14)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r10 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r10, &(0x7f0000019680)=""/102392, 0x18ff8)
sigaltstack(&(0x7f0000000480)={&(0x7f0000004000)=""/4126, 0x80000001, 0x101e}, 0x0)
r11 = gettid()
timer_create(0x0, &(0x7f0000000080)={0x0, 0x21, 0x800000000004, @tid=r11}, &(0x7f0000bbdffc))
timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x8}, {0x0, 0x9}}, 0x0)

8.797516939s ago: executing program 4 (id=947):
r0 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000300)={'wlan0\x00', <r1=>0x0})
r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$NL80211_CMD_TDLS_OPER(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000380)={&(0x7f00000000c0)=ANY=[@ANYBLOB='0\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="010029bd7000e9dbdf255100000008000300", @ANYRES32=r1, @ANYBLOB="05008a00040000000a"], 0x30}, 0x1, 0x0, 0x0, 0x24000801}, 0x40448c4)

8.66425053s ago: executing program 4 (id=948):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
close(r0)
socket$inet6_mptcp(0xa, 0x1, 0x106)
bind$inet6(r0, &(0x7f0000000040)={0xa, 0x4e22, 0x0, @empty, 0x2}, 0x1c)
r1 = socket(0x10, 0x80002, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000001440)=ANY=[@ANYBLOB="1c0000005e0021a5553f8c6b23cbff070000e5373526a01edb"], 0x1c}, 0x1, 0x0, 0x0, 0x48050}, 0x0)
recvmmsg$unix(r1, &(0x7f0000002380)=[{{0x0, 0x0, &(0x7f0000001340)=[{&(0x7f00000002c0)=""/4096, 0x1000}], 0x1}}], 0x4000000000003b9, 0x26022, 0x0)
listen(r0, 0x0)
r2 = socket$inet_mptcp(0x2, 0x1, 0x106)
setsockopt$sock_int(r2, 0x1, 0x8, &(0x7f0000000140), 0x4)
connect$inet(r2, &(0x7f0000000000)={0x2, 0x4e22, @empty}, 0x10)
accept(r0, 0x0, 0x0)
recvfrom(r2, &(0x7f0000000180)=""/60, 0xfffffffffffffecb, 0x0, 0x0, 0x0)
sched_setattr(0x0, &(0x7f00000001c0)={0x38, 0x5, 0x0, 0x400, 0x0, 0x5, 0x0, 0x1}, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000))
openat$smackfs_load(0xffffffffffffff9c, &(0x7f0000000080)='/sys/fs/smackfs/load-self2\x00', 0x2, 0x0)
r3 = socket$inet_smc(0x2b, 0x1, 0x0)
setsockopt$inet_tcp_TCP_ULP(r3, 0x6, 0x1f, &(0x7f0000000040), 0x4)
set_mempolicy(0x8006, &(0x7f0000000040)=0xfff, 0x3)
r4 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="1b00000000000000000000000080000000000000", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="000000080000000000f7ffffffffffffff00000000adca0000000000"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x7, &(0x7f0000000300)=ANY=[@ANYBLOB="1800000000000000000000000000f82818110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b702000002000000850000008600000095"], &(0x7f0000000400)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r5 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000640)={&(0x7f0000000000)='mm_page_alloc\x00', 0xffffffffffffffff, 0x0, 0x2}, 0x18)
bpf$MAP_CREATE(0x0, &(0x7f0000001480)=@base={0xa, 0x101, 0x7fff, 0xcc, 0x0, r4, 0x800, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x3}, 0x50)
write$binfmt_script(r5, &(0x7f00000012c0)={'#! ', './file0', [{0x20, 'lWXr'}]}, 0x10)
syz_open_procfs(0x0, &(0x7f0000000380)='mountinfo\x00')
socket$packet(0x11, 0x2, 0x300)
syz_open_procfs(0x0, &(0x7f00000000c0)='net/ptype\x00')
r6 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$OSF_MSG_ADD(r6, &(0x7f0000000bc0)={0x0, 0x0, &(0x7f0000000b80)={&(0x7f0000000200)=ANY=[@ANYBLOB="6802000000050104000000000000000005000009540201000000000040000000010e050001000b0073797a31000000000000000000000000000000000000000000000000000000000f8cdcf7f2b060ccde97cfb8f25c5d6472cdebd250ecbcb1409ddf6760623856e8531bcc89bec319739adad00e5f8d860184e6cdb43680062f0839d5e3cb5b3001010010010000000500000003002000000000000c00000002000400000000000600000001000100010000000a0000000600ffff03000000ff030000060009000200000003000000090010000300000009000000080005000300000000000000a000080001000000070000000200060002000000010100000300fd5601000000310000000200da3701000000faffffff060008000600000006000000e6ab0e000100000002000000d00700fc0300000002000000ff0f080002000000070000000020ffff01000000ffffff7ff8ffff0303ff0f0000000000000007000200000009000000f9ff0600030000000600000003000f0003000000060000000000f10501000000060000000600050002000000ffff00000900040003000000090300003800fd0d0200000000000000040007000200000001000000fdff5d0002000000090000000600ffff03000000040000000300ec0001000000080000000100010102000000040000005b00080000000000bd06000009004f6a0100000003000000f9ff0c0002000000ffffff7f020008000300000003000000060001fe02000000080000000500faff020000000100ffff060003000300000039020000060001000200000003000000e0a802000000000002000000000000020200000074000000"], 0x268}, 0x1, 0x0, 0x0, 0x40}, 0x20000000)

7.122736906s ago: executing program 3 (id=949):
syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
socket$vsock_stream(0x28, 0x1, 0x0)
r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f00000003c0)={'netdevsim0\x00', <r3=>0x0})
sendmsg$nl_route(r1, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000000c0)=@newlink={0x40, 0x10, 0x1, 0x0, 0x25dfdbfe, {0x0, 0x0, 0x0, r3, 0x4660}, [@IFLA_VFINFO_LIST={0xc, 0x16, 0x0, 0x1, [{0x8, 0x1, 0x0, 0x1, [@IFLA_VF_VLAN_LIST={0x4}]}]}, @IFLA_IFALIAS={0x14, 0x14, 'batadv_slave_1\x00'}]}, 0x40}, 0x1, 0x0, 0x0, 0x11}, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f0000000040)={0x0, 0x18, 0xfa00, {0xffffffffffffffff, &(0x7f00000000c0), 0x111, 0x3}}, 0x42)
r4 = syz_init_net_socket$nfc_llcp(0x27, 0x2, 0x1)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
r5 = getpid()
sched_setscheduler(r5, 0x2, &(0x7f0000000200)=0x7)
r6 = socket(0x1e, 0x1, 0x0)
sendmmsg$sock(r6, &(0x7f0000000100)=[{{&(0x7f0000000180)=@ax25={{0x3, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x0}, 0x8}, [@bcast, @null, @default, @null, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @null, @null, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}]}, 0x80, 0x0, 0x0, 0x0, 0x0, 0x1000000}}, {{&(0x7f0000000080)=@tipc=@id, 0x80, 0x0}}], 0x2, 0x0)
prlimit64(r5, 0x5, &(0x7f0000000140)={0x8}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x7)
r7 = getpid()
waitid(0x2, 0xffffffffffffffff, 0x0, 0x40000000, 0x0)
sched_setscheduler(r7, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbee2, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000340)={<r8=>0xffffffffffffffff, <r9=>0xffffffffffffffff})
connect$unix(r6, &(0x7f0000000240)=@abs={0x1, 0x0, 0xe22}, 0x6e)
sendmmsg$unix(r9, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r8, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r10 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r11 = syz_genetlink_get_family_id$ieee802154(&(0x7f0000000040), r10)
sendmsg$IEEE802154_LLSEC_DEL_DEVKEY(r10, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000980)={&(0x7f0000000940)={0x14, r11, 0x1, 0x70bd2d, 0x25dfdbfe}, 0x14}, 0x1, 0x0, 0x0, 0x20000000}, 0x20000040)
bind$nfc_llcp(r4, &(0x7f00000001c0)={0x27, 0x0, 0x0, 0x2, 0x0, 0x49, "c46e9fd1a84b7fa0bf2cca6beb9363a680b652a86bcf56a1b9ca5386103a5ccbe47b7b9aa6d8d701a3ba00000000b97800001022f987617c318500", 0x3a}, 0x60)
getsockopt$inet_buf(r4, 0x118, 0x0, 0x0, &(0x7f00000003c0)=0x14)

6.708079032s ago: executing program 2 (id=951):
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$netlbl_unlabel(&(0x7f00000001c0), r0)
sendmsg$NLBL_UNLABEL_C_STATICREMOVEDEF(r0, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x1, 0xffffffff00000003, 0x0, 0x4000}, 0x0)

6.612335343s ago: executing program 2 (id=952):
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000140)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
setsockopt$sock_attach_bpf(r1, 0x1, 0x4c, &(0x7f0000000000), 0x4)
sendmsg$unix(r0, &(0x7f00000005c0)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="14000000000000000100000001"], 0x18}, 0x0)
recvmsg$unix(r1, &(0x7f0000000040)={0x0, 0x0, 0x0}, 0x0)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000400)={0x16, 0x13, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018010000786c252500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000000000008500000006000000180100002020702500000000002020207b1ad8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000080000000850000007000000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x33, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000080)={r2, 0x18000000000002a0, 0xe, 0xfffffffffffffffd, &(0x7f00000001c0)="186bf7ffffffffffffffef0a3254", 0x0, 0xff, 0x60000009, 0x0, 0x0, 0x0, 0x0}, 0x50)
r3 = socket$netlink(0x10, 0x3, 0x12)
setsockopt$netlink_NETLINK_NO_ENOBUFS(r3, 0x10e, 0x5, &(0x7f0000000080)=0x7, 0x4)

6.225402869s ago: executing program 2 (id=953):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x1d)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='xen_mc_entry\x00', r0}, 0x18)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0)
getsockopt$inet_mreqn(0xffffffffffffffff, 0x0, 0x24, &(0x7f0000000300)={@initdev, @remote, <r1=>0x0}, &(0x7f00000003c0)=0xc)
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', r1}, 0x50)
r2 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000140)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x50)
bpf$PROG_LOAD(0x5, &(0x7f0000000600)={0x10, 0x200000000000001a, &(0x7f00000006c0)=ANY=[@ANYBLOB="1808000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000005000000bc3800002c00000000000000b7020000000000007b9af8ff00000000b5090000c0ff0000dbaaf8fff1000000bf8600000000000007080000f8ffffffbfa400000000000007040000f0ffffffc702000008000000182200003451f2cadfb4372c98aa9e46849b23b633f3ab159bb3d3a38d8be4db794aa7bf82b7cde82252a6404e0c8b952f6c", @ANYRESOCT, @ANYBLOB="0000000000000000b7050000080000004608f0ff76000000bf9800000000000056080000000000008500000007000000b7000000000000009500000000000000"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x8, '\x00', r1, @sk_msg, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
mknodat$null(0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0, 0x103)
socket$nl_generic(0x10, 0x3, 0x10)
r3 = openat(0xffffffffffffff9c, &(0x7f0000004280)='./file0\x00', 0x0, 0x22)
ioctl$HIDIOCGUSAGE(r3, 0x40806685, 0x0)
r4 = syz_open_procfs$userns(0xffffffffffffffff, &(0x7f0000000200))
mount_setattr(r3, &(0x7f0000000140)='./file0\x00', 0x800, &(0x7f0000000280)={0x0, 0x2, 0xc0000, {r4}}, 0x20)
r5 = openat$fuse(0xffffffffffffff9c, &(0x7f0000002080), 0x42, 0x0)
mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f0000002140)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r5, @ANYBLOB=',rootmode=00000000000000000100000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0])
read$FUSE(r5, &(0x7f0000004200)={0x2020, 0x0, <r6=>0x0}, 0x2020)
write$FUSE_INIT(r5, &(0x7f0000000040)={0x50, 0x0, r6, {0x7, 0x1f}}, 0x50)
r7 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_ADD(r7, 0x84, 0x64, &(0x7f0000000080), 0x0)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r7, 0x84, 0x6f, &(0x7f00000000c0)={<r8=>0x0, 0x10, &(0x7f0000000040)=[@in={0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0x20}}]}, &(0x7f0000000100)=0x10)
getsockopt$inet_sctp6_SCTP_GET_PEER_ADDRS(r7, 0x84, 0x6c, &(0x7f0000000340)={r8}, &(0x7f0000000380)=0x8)
syz_fuse_handle_req(r5, &(0x7f000000e3c0)="000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000080000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000dc4e00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ba045abcd5dfc67d000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000230000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000050000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000008000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000209bfd66eea210560000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000020000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001354c4b600", 0x2000, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000100)={0x20, 0x0, 0x4000000000009, {0x0, 0xe}}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
acct(&(0x7f00000001c0)='./file0\x00')
acct(0x0)
umount2(&(0x7f00000002c0)='./file0\x00', 0x0)
r9 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x1, &(0x7f00000000c0)=[{0x6, 0xfe, 0x0, 0x7fff7ffc}]})
acct(&(0x7f0000000240)='./file0\x00')
close_range(r9, 0xffffffffffffffff, 0x0)
sched_setscheduler(0x0, 0x2, 0x0)

5.962709s ago: executing program 4 (id=954):
sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, 0x0}, 0x0)
socket(0x10, 0x3, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000380)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000380)={0x11, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="1801000000000000000000000000ea04850000005000000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
r4 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000080), 0x1c0002, 0x0)
write$vga_arbiter(r4, &(0x7f0000000040)=@other={'trylock', ' ', 'io'}, 0xb)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000040)='sched_switch\x00', r3}, 0x10)
r5 = creat(&(0x7f0000000000)='./file0\x00', 0xd931d3864d39ddd8)
r6 = openat$fuse(0xffffffffffffff9c, &(0x7f0000002080), 0x42, 0x0)
read$FUSE(r6, &(0x7f00000083c0)={0x2020}, 0x2020)
openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x26e1, 0x0)
ioctl$CEC_ADAP_S_LOG_ADDRS(0xffffffffffffffff, 0xc05c6104, &(0x7f00000001c0)={"f2efe21e", 0x0, 0x5, 0x4a, 0x0, 0x1ff, "2179d46fd08e3c0ced34c7d0c7e6d7", '\x00', "0400", "a2d1d4a2", ["1af0b1ba1cb8fd54c9c9b587", "bed0f3d6ce7a5f7389827f04", "33af343c60abc64f2fdc9ddf", "9b3842fc56849f6236eb1c3c"]})
r7 = syz_open_dev$cec(&(0x7f0000000000), 0x0, 0x40b80)
ioctl$sock_SIOCDELDLCI(r5, 0x8981, &(0x7f0000000240)={'virt_wifi0\x00', 0x7})
ioctl$CEC_TRANSMIT(r7, 0xc0386105, &(0x7f0000000d40)={0x2, 0x3, 0x3, 0xfffffffc, 0x0, 0x4063, "57c1169b6664e261326ac71ae7213059", 0x0, 0x0, 0x0, 0xfd, 0x5, 0x1})

4.974780194s ago: executing program 1 (id=955):
bpf$MAP_CREATE(0x1900000000000000, 0x0, 0x50)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x3000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file1\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
syz_init_net_socket$netrom(0x6, 0x5, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r3}, 0xc)
r4 = socket$inet_sctp(0x2, 0x5, 0x84)
bind$inet(r4, 0x0, 0x0)
setsockopt$inet_sctp_SCTP_INITMSG(r4, 0x84, 0x2, &(0x7f0000000080)={0x402, 0x3}, 0x8)
sendto$inet(r4, &(0x7f0000000100)="ab", 0x1, 0x40048c4, &(0x7f00000000c0)={0x2, 0x4e22, @local}, 0x10)

4.844405715s ago: executing program 4 (id=956):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_int(r0, 0x29, 0x1a, &(0x7f0000000100)=0x401, 0x4)
bind$inet6(r0, &(0x7f0000000140)={0xa, 0x4e22, 0x0, @empty, 0xffffffff}, 0x1c)
r1 = socket$inet6_mptcp(0xa, 0x1, 0x106)
r2 = socket$packet(0x11, 0x2, 0x300)
r3 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="19000000040000000800000008"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000107b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000925e850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x1, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x10, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
setsockopt$sock_attach_bpf(r2, 0x1, 0x32, &(0x7f0000000180)=r4, 0x4)
r5 = socket(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r5, &(0x7f0000000740)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000200)=@newqdisc={0x24, 0x24, 0xd0f, 0x3, 0x0, {0x60, 0x0, 0x0, 0x0, {0x0, 0x2}, {0xffff, 0xffff}, {0x4}}}, 0x24}, 0x1, 0x0, 0x0, 0x40001d4}, 0x8840)
bind$inet6(r1, &(0x7f0000000000)={0xa, 0x4e22, 0x0, @local, 0xb}, 0x1c)
syz_init_net_socket$ax25(0x3, 0x2, 0x3)

4.831022208s ago: executing program 2 (id=957):
r0 = memfd_create(&(0x7f0000000480)='\xff\x00l\x1e\xa0</\x00\x8eO4._\x14zC\x8a\xe8\xe0u\xe0\xff\xf1\xb2\xfd\xf6nz\x05-]\xc2Vk\xaeky\xd3\x83\xe2\xc7\xd3\xe6M^\x98ox\x14\t\xe9Q1\x1dK\x9a\x045\xd37\xb22\xfdD(\xd2\xdd\xa0\xff\x0f\x00\x00\x00\x00\x00\x00v\n\xd8?]k\x14N\x18\xf4\xc2j\xed6g\xfd\xd2\xd4\xe3\x1f\xa6 \xa0\x8d\xb5\x9aE<2`]<\x8cR\xd69\x0fO\xbf\xc3\xbd\xb0\x96\x90\x91k\x86\x1a\x10\xd2\xf5\x8b\xfc\xf4\xd0[\x12\xf5+\x1aS\x02/Yx\xf2jJb\x97\x9c/\x1f5i\xc6\x861\x9a\xff\xc3\xe7\xbfU\xd5\xac\xccB=\x8f\xfd\x84\xeepQ\x93nn\x0f\xc6\xa9?\xad\x8b~\x96@i=G\x9ft\x1d\xcc\xc6Ys7\x7f\x8ehv\xd3$\x13s\xa0\xbfi\xfaFS\xa9=Xe\xf8tI\x15\x882\x8b\x8e-X\xb8\xf2\x9du\x15S^\xec\xce\xfaf$S\x9f\xe7Ed\n\x84\\ u\xd2\x16\xc1\xa5\xa0\xaa\xe8.i\xc8\x0e\vt\xe2\xf1lA\x93\xdd\xce\x8f$\x06v\xbe\xe7\x95nN\xc5\xaa\x1ev\xc6P\x9c\\G&y\x8bYA\xc3}\xd9\x86[\xb2\xf3\x0f\x90%\xcb\x81\xe8\xea\xbcs\x95\xe9\x8eXH\x19m\xdfOY\xf1E9-\xc8\xe7\x13^+(\x034\x82\xafiOO\x14\x8f^\x8c', 0x7)
mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0xa, 0x4d091, r0, 0x4000000)
fcntl$addseals(r0, 0x409, 0x2)
r1 = openat$udambuf(0xffffff9c, &(0x7f0000000000), 0x2)
prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000140)={&(0x7f0000ffb000/0x2000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000ff6000/0x9000)=nil, &(0x7f0000ffa000/0x2000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ff9000/0x1000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ff7000/0x2000)=nil, &(0x7f0000ff9000/0x3000)=nil, &(0x7f0000000000)="8e", 0x1}, 0x68)
ioctl$UDMABUF_CREATE(r1, 0x40187542, &(0x7f0000000040)={r0, 0x0, 0x0, 0x2000})

4.600833015s ago: executing program 2 (id=958):
r0 = openat$comedi(0xffffffffffffff9c, &(0x7f0000000080)='/dev/comedi3\x00', 0x400, 0x0)
socket$igmp(0x2, 0x3, 0x2)
sendto$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f0000000140)={0xa, 0x0, 0x0, @private0}, 0x1c)
socket(0x2, 0x80805, 0x0)
setsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER_VALUE(0xffffffffffffffff, 0x84, 0x7c, 0x0, 0x0)
r1 = socket$tipc(0x1e, 0x2, 0x0)
bind$tipc(r1, &(0x7f0000000400)=@nameseq={0x1e, 0x1, 0x3, {0x42, 0x0, 0x2}}, 0x10)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x1)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0xfffffffffffffffe)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8)
r3 = socket$unix(0x1, 0x5, 0x0)
ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000100)={'syzkaller0\x00'})
setsockopt$TIPC_GROUP_JOIN(r1, 0x10f, 0x87, &(0x7f0000000000)={0x42, 0x1}, 0x10)
r4 = socket$tipc(0x1e, 0x2, 0x0)
bind$tipc(r4, &(0x7f0000000180)=@nameseq={0x1e, 0x1, 0x0, {0x42, 0x1, 0x4}}, 0x10)
setsockopt$TIPC_GROUP_JOIN(r4, 0x10f, 0x87, &(0x7f0000000240)={0x42, 0x1}, 0x10)
dup3(r4, r1, 0x0)
ioctl$COMEDI_DEVCONFIG(r0, 0x40946400, 0x0)
ioctl$COMEDI_DEVCONFIG(r0, 0x40946400, &(0x7f00000000c0)={'pcl812\x00', [0x4f2a, 0x80004, 0x10000, 0x800005, 0x2, 0x5, 0x8, 0x7, 0x5, 0xfe, 0x2, 0x1, 0x3, 0x49a, 0x6, 0x101, 0x0, 0x47f, 0x3, 0x40000003, 0x89, 0x10caa3, 0x0, 0x20001e58, 0xb, 0x1000e66, 0x2d, 0x7f, 0x4085, 0xffffffff, 0xfffffff7]})

4.557251735s ago: executing program 3 (id=959):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f00000003c0), 0x1c1341, 0x0)
close(0xffffffffffffffff)
r1 = syz_genetlink_get_family_id$tipc(&(0x7f0000000200), 0xffffffffffffffff)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r4 = syz_io_uring_setup(0x497, &(0x7f0000000400)={0x0, 0x3f73, 0x100, 0x0, 0x1a}, &(0x7f0000000340)=<r5=>0x0, &(0x7f0000000600)=<r6=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r5, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r5, r6, &(0x7f0000000200)=@IORING_OP_TIMEOUT_REMOVE={0xc, 0x40, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1})
io_uring_enter(r4, 0x3516, 0xf400, 0x1000000000000, 0x0, 0x0)
sendmsg$TIPC_CMD_ENABLE_BEARER(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000680)=ANY=[@ANYBLOB='8\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="010000000d0000000000010000000000000001410000001c001700000000000000006574683a73797a6b616c6c657230"], 0x38}}, 0x0)
set_mempolicy(0x2, &(0x7f0000000140)=0x8001, 0x2)
r7 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r7, &(0x7f0000000080)={0x2, 0x4e21, @multicast2}, 0x10)
r8 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r8, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000040)=ANY=[@ANYBLOB="340000001000010800"/20, @ANYRES32=0x0, @ANYBLOB="80400100000001000c002b8008000100c67296c02788ce", @ANYRES32, @ANYBLOB="08001b0000000000"], 0x34}, 0x1, 0x0, 0x0, 0x20000040}, 0x0)
connect$inet(r7, &(0x7f0000000180)={0x2, 0x4e21, @local}, 0x10)
sendto$inet(r7, &(0x7f0000000000), 0xffffffffffffff94, 0x0, 0x0, 0x0)
recvfrom$inet(r7, &(0x7f0000000080)=""/8, 0xfffffffffffffd0b, 0x720, 0x0, 0xfffffffffffffd25)
ioctl$SIOCSIFHWADDR(0xffffffffffffffff, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast})
writev(r0, &(0x7f0000000900)=[{&(0x7f0000000d40)="eee7ee2cffff62a3b47380c988ca", 0xe}], 0x1)

4.486653685s ago: executing program 4 (id=960):
r0 = openat$random(0xffffffffffffff9c, 0x0, 0x40002, 0x0)
fcntl$setownex(r0, 0x11, 0xfffffffffffffffe)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f0000000100)={0x0, 0x0})
r1 = syz_usb_connect$hid(0x6, 0x36, &(0x7f0000000180)={{0x12, 0x1, 0x250, 0x0, 0x0, 0x0, 0xff, 0x5ac, 0x24e, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x1, 0x2, 0xb0, 0xa, [{{0x9, 0x4, 0x0, 0x1, 0x2, 0x3, 0x1, 0x2, 0x40, {0x9, 0x21, 0x4, 0x80, 0x1, {0x22, 0xaca}}, {{{0x9, 0x5, 0x81, 0x3, 0x1bf, 0x4, 0x86, 0x2}}}}}]}}]}}, &(0x7f00000003c0)={0x0, 0x0, 0x25, &(0x7f0000000280)={0x5, 0xf, 0x25, 0x4, [@generic={0x3, 0x10, 0x1}, @generic={0x10, 0x10, 0x3, "d9295a46a7039c2006e85a826f"}, @ss_cap={0xa, 0x10, 0x3, 0x2, 0x1, 0x5, 0x8, 0x2}, @ptm_cap={0x3}]}})
syz_usb_control_io(r1, 0x0, 0x0)
r2 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r3 = getpid()
quotactl_fd$Q_GETINFO(0xffffffffffffffff, 0xffffffff80000501, 0x0, 0x0)
sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
connect$unix(r4, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e23}, 0x6e)
sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r6 = socket(0x15, 0x5, 0x0)
getsockopt(r6, 0x200000000114, 0x2710, &(0x7f0000005ec0)=""/102394, &(0x7f0000000040)=0x18ffa)
setsockopt$inet6_IPV6_HOPOPTS(r2, 0x29, 0x36, 0x0, 0x8)
mount(&(0x7f00000000c0)=@nullb, &(0x7f0000000000)='./cgroup\x00', &(0x7f0000000040)='hfsplus\x00', 0x2000010, 0x0)
r7 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r8 = syz_genetlink_get_family_id$netlbl_unlabel(&(0x7f00000001c0), r7)
sendmsg$NLBL_UNLABEL_C_STATICREMOVEDEF(r7, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000200)=ANY=[@ANYBLOB='x\x00\x00\x00', @ANYRES16=r8, @ANYBLOB="01000000000000000000037400062c00070073797352656d5f753a6f626a6563745f723a756465765f68656c7065725f657865635f743a7330000800020000000000080007002609090914000600626f6e64300000000000000000000000080003"], 0x78}, 0x1, 0xffffffff00000003, 0x0, 0x4000}, 0x0)
syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x3)
r9 = socket$packet(0x11, 0x2, 0x300)
ioctl$sock_SIOCGIFINDEX(r9, 0x8933, &(0x7f0000000080)={'bridge_slave_0\x00', <r10=>0x0})
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000000)=@newqdisc={0x34, 0x24, 0xf0b, 0x0, 0x4, {0x0, 0x0, 0x0, r10, {}, {0xffff, 0xffff}, {0xa, 0xfff1}}, [@qdisc_kind_options=@q_codel={{0xa}, {0x4, 0x5}}]}, 0x34}}, 0x0)

3.666061012s ago: executing program 1 (id=961):
sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, 0x0}, 0x0)
socket(0x10, 0x3, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000380)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000380)={0x11, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="1801000000000000000000000000ea04850000005000000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
r4 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000080), 0x1c0002, 0x0)
write$vga_arbiter(r4, &(0x7f0000000040)=@other={'trylock', ' ', 'io'}, 0xb)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000040)='sched_switch\x00', r3}, 0x10)
r5 = creat(&(0x7f0000000000)='./file0\x00', 0xd931d3864d39ddd8)
r6 = openat$fuse(0xffffffffffffff9c, &(0x7f0000002080), 0x42, 0x0)
read$FUSE(r6, &(0x7f00000083c0)={0x2020}, 0x2020)
openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x26e1, 0x0)
r7 = syz_open_dev$cec(&(0x7f0000000280), 0x0, 0x80200)
ioctl$CEC_ADAP_S_LOG_ADDRS(r7, 0xc05c6104, &(0x7f00000001c0)={"f2efe21e", 0x0, 0x5, 0x4a, 0x0, 0x1ff, "2179d46fd08e3c0ced34c7d0c7e6d7", '\x00', "0400", "a2d1d4a2", ["1af0b1ba1cb8fd54c9c9b587", "bed0f3d6ce7a5f7389827f04", "33af343c60abc64f2fdc9ddf", "9b3842fc56849f6236eb1c3c"]})
ioctl$sock_SIOCDELDLCI(r5, 0x8981, &(0x7f0000000240)={'virt_wifi0\x00', 0x7})
ioctl$CEC_TRANSMIT(0xffffffffffffffff, 0xc0386105, &(0x7f0000000d40)={0x2, 0x3, 0x3, 0xfffffffc, 0x0, 0x4063, "57c1169b6664e261326ac71ae7213059", 0x0, 0x0, 0x0, 0xfd, 0x5, 0x1})
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000400)={{0x14}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x3, 0x0, 0x0, {0x7}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWSET={0x3c, 0x9, 0xa, 0x401, 0x0, 0x0, {0x7, 0x0, 0x4}, [@NFTA_SET_ID={0x8}, @NFTA_SET_NAME={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_SET_KEY_LEN={0x8, 0x5, 0x1, 0x0, 0x6}]}, @NFT_MSG_NEWSETELEM={0x3c, 0x1e, 0xa, 0x105, 0x0, 0x0, {0x7}, [@NFTA_SET_ELEM_LIST_SET={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_ELEM_LIST_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_SET_ELEM_LIST_ELEMENTS={0x10, 0x3, 0x0, 0x1, [{0xc, 0x0, 0x0, 0x1, [@NFTA_SET_ELEM_KEY={0x8, 0x1, 0x0, 0x1, [@NFTA_DATA_VALUE={0x4}]}]}]}]}], {0x14, 0x10, 0x1, 0x0, 0x0, {0x0, 0x84}}}, 0xc0}}, 0x0)

2.397383668s ago: executing program 1 (id=962):
sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, 0x0}, 0x0)
socket(0x10, 0x3, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000380)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000380)={0x11, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="1801000000000000000000000000ea04850000005000000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
r4 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000080), 0x1c0002, 0x0)
write$vga_arbiter(r4, &(0x7f0000000040)=@other={'trylock', ' ', 'io'}, 0xb)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000040)='sched_switch\x00', r3}, 0x10)
creat(&(0x7f0000000000)='./file0\x00', 0xd931d3864d39ddd8)
r5 = openat$fuse(0xffffffffffffff9c, &(0x7f0000002080), 0x42, 0x0)
read$FUSE(r5, &(0x7f00000083c0)={0x2020}, 0x2020)
openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x26e1, 0x0)
r6 = syz_open_dev$cec(&(0x7f0000000280), 0x0, 0x80200)
ioctl$CEC_ADAP_S_LOG_ADDRS(r6, 0xc05c6104, &(0x7f00000001c0)={"f2efe21e", 0x0, 0x5, 0x4a, 0x0, 0x1ff, "2179d46fd08e3c0ced34c7d0c7e6d7", '\x00', "0400", "a2d1d4a2", ["1af0b1ba1cb8fd54c9c9b587", "bed0f3d6ce7a5f7389827f04", "33af343c60abc64f2fdc9ddf", "9b3842fc56849f6236eb1c3c"]})
r7 = syz_open_dev$cec(&(0x7f0000000000), 0x0, 0x40b80)
ioctl$CEC_TRANSMIT(r7, 0xc0386105, &(0x7f0000000d40)={0x2, 0x3, 0x3, 0xfffffffc, 0x0, 0x4063, "57c1169b6664e261326ac71ae7213059", 0x0, 0x0, 0x0, 0xfd, 0x5, 0x1})
ioctl$CEC_ADAP_S_LOG_ADDRS(r6, 0xc05c6104, &(0x7f0000000340)={"8171f879", 0x7, 0xb0, 0x0, 0x9, 0x5, "0080000000000080ffffffffffffff", "0c598b00", "0200", "01000800", ["dc001000", "0000000000ffe700005a00", "4a218302000000215c384d00", "790000a5a16706008c00edbf"]})
r8 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r8, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000400)={{0x14}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x3, 0x0, 0x0, {0x7}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWSET={0x3c, 0x9, 0xa, 0x401, 0x0, 0x0, {0x7, 0x0, 0x4}, [@NFTA_SET_ID={0x8}, @NFTA_SET_NAME={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_SET_KEY_LEN={0x8, 0x5, 0x1, 0x0, 0x6}]}, @NFT_MSG_NEWSETELEM={0x3c, 0x1e, 0xa, 0x105, 0x0, 0x0, {0x7}, [@NFTA_SET_ELEM_LIST_SET={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_ELEM_LIST_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_SET_ELEM_LIST_ELEMENTS={0x10, 0x3, 0x0, 0x1, [{0xc, 0x0, 0x0, 0x1, [@NFTA_SET_ELEM_KEY={0x8, 0x1, 0x0, 0x1, [@NFTA_DATA_VALUE={0x4}]}]}]}]}], {0x14, 0x10, 0x1, 0x0, 0x0, {0x0, 0x84}}}, 0xc0}}, 0x0)
r9 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x24c01, 0x0)
dup3(r9, r5, 0x80000)

1.277171671s ago: executing program 1 (id=963):
r0 = openat$random(0xffffffffffffff9c, 0x0, 0x40002, 0x0)
fcntl$setownex(r0, 0x11, 0xfffffffffffffffe)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f0000000100)={0x0, 0x0})
r1 = syz_usb_connect$hid(0x6, 0x36, &(0x7f0000000180)={{0x12, 0x1, 0x250, 0x0, 0x0, 0x0, 0xff, 0x5ac, 0x24e, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x1, 0x2, 0xb0, 0xa, [{{0x9, 0x4, 0x0, 0x1, 0x2, 0x3, 0x1, 0x2, 0x40, {0x9, 0x21, 0x4, 0x80, 0x1, {0x22, 0xaca}}, {{{0x9, 0x5, 0x81, 0x3, 0x1bf, 0x4, 0x86, 0x2}}}}}]}}]}}, &(0x7f00000003c0)={0x0, 0x0, 0x25, &(0x7f0000000280)={0x5, 0xf, 0x25, 0x4, [@generic={0x3, 0x10, 0x1}, @generic={0x10, 0x10, 0x3, "d9295a46a7039c2006e85a826f"}, @ss_cap={0xa, 0x10, 0x3, 0x2, 0x1, 0x5, 0x8, 0x2}, @ptm_cap={0x3}]}})
syz_usb_control_io(r1, 0x0, 0x0)
r2 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r3 = getpid()
quotactl_fd$Q_GETINFO(0xffffffffffffffff, 0xffffffff80000501, 0x0, 0x0)
sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
connect$unix(r4, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e23}, 0x6e)
sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r6 = socket(0x15, 0x5, 0x0)
getsockopt(r6, 0x200000000114, 0x2710, &(0x7f0000005ec0)=""/102394, &(0x7f0000000040)=0x18ffa)
setsockopt$inet6_IPV6_HOPOPTS(r2, 0x29, 0x36, 0x0, 0x8)
mount(&(0x7f00000000c0)=@nullb, &(0x7f0000000000)='./cgroup\x00', &(0x7f0000000040)='hfsplus\x00', 0x2000010, 0x0)
r7 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r8 = syz_genetlink_get_family_id$netlbl_unlabel(&(0x7f00000001c0), r7)
sendmsg$NLBL_UNLABEL_C_STATICREMOVEDEF(r7, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000200)=ANY=[@ANYBLOB='x\x00\x00\x00', @ANYRES16=r8, @ANYBLOB="01000000000000000000037400062c00070073797352656d5f753a6f626a6563745f723a756465765f68656c7065725f657865635f743a7330000800020000000000080007002609090914000600626f6e64300000000000000000000000080003"], 0x78}, 0x1, 0xffffffff00000003, 0x0, 0x4000}, 0x0)
syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x3)
r9 = socket$packet(0x11, 0x2, 0x300)
ioctl$sock_SIOCGIFINDEX(r9, 0x8933, &(0x7f0000000080)={'bridge_slave_0\x00', <r10=>0x0})
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000000)=@newqdisc={0x34, 0x24, 0xf0b, 0x0, 0x4, {0x0, 0x0, 0x0, r10, {}, {0xffff, 0xffff}, {0xa, 0xfff1}}, [@qdisc_kind_options=@q_codel={{0xa}, {0x4, 0x5}}]}, 0x34}}, 0x0)
sendmsg$inet6(r6, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)=[{&(0x7f00000002c0)="0d75977480e69dcb3672bee243ed117755a4e140", 0x14}], 0x1, &(0x7f0000000400)=[@dstopts_2292={{0x58, 0x29, 0x4, {0x0, 0x7, '\x00', [@hao={0xc9, 0x10, @local}, @calipso={0x7, 0x20, {0x2, 0x6, 0x80, 0x81, [0x5e02, 0xac, 0x400000]}}, @generic={0x5, 0x8, "22782e56f249afdf"}]}}}, @dstopts={{0x18, 0x29, 0x37, {0x33}}}, @dstopts_2292={{0x50, 0x29, 0x4, {0x3c, 0x6, '\x00', [@hao={0xc9, 0x10, @private1}, @jumbo={0xc2, 0x4, 0x5}, @generic={0x5, 0x2, "cd0d"}, @enc_lim={0x4, 0x1, 0x1}, @pad1, @jumbo={0xc2, 0x4, 0x2}, @jumbo={0xc2, 0x4, 0x8}, @jumbo={0xc2, 0x4, 0xb53}]}}}, @pktinfo={{0x24, 0x29, 0x32, {@private1, r10}}}, @tclass={{0x14, 0x29, 0x43, 0x5}}, @hopopts={{0x40, 0x29, 0x36, {0x87, 0x4, '\x00', [@pad1, @enc_lim={0x4, 0x1, 0x4}, @pad1, @padn={0x1, 0x1, [0x0]}, @calipso={0x7, 0x10, {0x0, 0x2, 0x6, 0x9, [0xff]}}, @jumbo={0xc2, 0x4, 0x9}]}}}, @hoplimit_2292={{0x14, 0x29, 0x8, 0x2}}, @hopopts_2292={{0x108, 0x29, 0x36, {0x3b, 0x1d, '\x00', [@calipso={0x7, 0x28, {0x0, 0x8, 0x3, 0x3, [0x400, 0xfff, 0x6a7c4850, 0x0]}}, @calipso={0x7, 0x10, {0x2, 0x2, 0x4, 0xae, [0x5]}}, @ra={0x5, 0x2, 0xc0}, @generic={0x80, 0x81, "071d507cdcafcf87fb30ccf909c21f7dddba15c9c8d5cbde3aab0cdc378a56d7321cc27d918f5f697829033942bb36a3bd09aa588bf7b6543b28854be512cf92d620045bd44a348a2a73bc50ca119544ae9b4ce6be427d07c7352e0dff44311732e4fd03cc653a1f4b3b85d8991001316d04a1ac9c8326e5c8688a040028eb0dc3"}, @calipso={0x7, 0x10, {0x5, 0x2, 0xaf, 0x7, [0x1]}}, @padn={0x1, 0x3, [0x0, 0x0, 0x0]}, @generic={0x9, 0xa, "bae9ae9088df6fc1e61b"}, @padn={0x1, 0x6, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}]}}}, @hoplimit_2292={{0x14, 0x29, 0x8, 0x4}}, @hopopts={{0x70, 0x29, 0x36, {0x84, 0xb, '\x00', [@enc_lim={0x4, 0x1, 0x90}, @calipso={0x7, 0x50, {0x1, 0x12, 0x3, 0x0, [0xfffffffffffffffd, 0x4, 0xb05, 0x6, 0x5, 0x9, 0x8, 0x6, 0x7f]}}, @pad1]}}}], 0x2e8}, 0x20000081)

1.265194285s ago: executing program 2 (id=964):
r0 = syz_open_dev$sndctrl(&(0x7f0000000440), 0x0, 0x0)
ioctl$SNDRV_CTL_IOCTL_PCM_PREFER_SUBDEVICE(r0, 0x40045532, &(0x7f0000000040))
r1 = openat$audio(0xffffffffffffff9c, &(0x7f0000000140), 0x40000000040201, 0x0)
r2 = syz_open_dev$sndpcmp(&(0x7f0000000200), 0x0, 0xa2c65)
write$RDMA_USER_CM_CMD_CREATE_ID(r1, &(0x7f0000000500)={0x0, 0xfffffffffffffd83, 0xfa00, {0x0, 0x0}}, 0xfdbc)
ioctl$SNDRV_PCM_IOCTL_SW_PARAMS(r2, 0xc0884113, &(0x7f0000000240)={0x1, 0x0, 0x203, 0xfffd, 0xffffffffffffffff, 0x200000000000008, 0xfffffffffffffffd, 0x200, 0x8, 0x2c, 0x80000005, 0x5})
ioctl$SNDRV_PCM_IOCTL_SYNC_PTR(r2, 0xc0884123, &(0x7f0000000300)={0x1, "244689261a3365eb47c14247a532ccbd3bf3b29282987c7cc12acb8ae6651cb5e0a3eeda1a7777d2fbd3428a0df873e1d58af8bf70c05fc6c43edcdaa8e7db07", {0x2, 0x1ff}})
ioctl$SNDRV_PCM_IOCTL_STATUS_EXT64(r2, 0xc0984124, &(0x7f0000000600)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8ad0b19196c79eb5})
r3 = openat$drirender128(0xffffffffffffff9c, &(0x7f00000000c0), 0x270000, 0x0)
ioctl$DRM_IOCTL_MODE_GETRESOURCES(0xffffffffffffffff, 0xc04064a0, &(0x7f0000000400)={&(0x7f0000000100)=[0x0, 0x0, 0x0, 0x0, 0x0, <r4=>0x0], &(0x7f0000000180)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], &(0x7f00000001c0)=[0x0], &(0x7f00000003c0)=[0x0], 0x6, 0x9, 0x1, 0x1})
ioctl$DRM_IOCTL_MODE_RMFB(r3, 0xc00464af, &(0x7f0000000480)=r4)
r5 = socket(0xa, 0x3, 0x3a)
setsockopt$MRT6_ADD_MIF(r5, 0x29, 0xca, &(0x7f0000000000)={0x2, 0x1, 0x0, 0x0, 0x9}, 0xc)
setsockopt$MRT6_FLUSH(r5, 0x29, 0xd4, &(0x7f0000000080)=0x9, 0x4)

1.081304495s ago: executing program 3 (id=965):
sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, 0x0}, 0x0)
socket(0x10, 0x3, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000380)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000380)={0x11, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="1801000000000000000000000000ea04850000005000000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
r4 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000080), 0x1c0002, 0x0)
write$vga_arbiter(r4, &(0x7f0000000040)=@other={'trylock', ' ', 'io'}, 0xb)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000040)='sched_switch\x00', r3}, 0x10)
r5 = creat(&(0x7f0000000000)='./file0\x00', 0xd931d3864d39ddd8)
r6 = openat$fuse(0xffffffffffffff9c, &(0x7f0000002080), 0x42, 0x0)
read$FUSE(r6, &(0x7f00000083c0)={0x2020}, 0x2020)
openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x26e1, 0x0)
ioctl$CEC_ADAP_S_LOG_ADDRS(0xffffffffffffffff, 0xc05c6104, &(0x7f00000001c0)={"f2efe21e", 0x0, 0x5, 0x4a, 0x0, 0x1ff, "2179d46fd08e3c0ced34c7d0c7e6d7", '\x00', "0400", "a2d1d4a2", ["1af0b1ba1cb8fd54c9c9b587", "bed0f3d6ce7a5f7389827f04", "33af343c60abc64f2fdc9ddf", "9b3842fc56849f6236eb1c3c"]})
r7 = syz_open_dev$cec(&(0x7f0000000000), 0x0, 0x40b80)
ioctl$sock_SIOCDELDLCI(r5, 0x8981, &(0x7f0000000240)={'virt_wifi0\x00', 0x7})
ioctl$CEC_TRANSMIT(r7, 0xc0386105, &(0x7f0000000d40)={0x2, 0x3, 0x3, 0xfffffffc, 0x0, 0x4063, "57c1169b6664e261326ac71ae7213059", 0x0, 0x0, 0x0, 0xfd, 0x5, 0x1})

0s ago: executing program 4 (id=966):
bpf$PROG_LOAD(0x5, &(0x7f0000000140)={0x7, 0x4, &(0x7f0000000300)=@framed={{0x18, 0x0, 0x0, 0x0, 0xfffffffb, 0x0, 0x0, 0x0, 0x94}, [@call={0x85, 0x0, 0x0, 0x77}]}, &(0x7f0000000000)='syzkaller\x00', 0x4, 0x0, 0x0, 0x41000, 0x48, '\x00', 0x0, @fallback=0x19, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x94)

kernel console output (not intermixed with test programs):

CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details.
[   95.213869][    T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!!
[   95.251846][    T0] NOHZ tick-stop error: local softirq work is pending, handler #08!!!
[   95.623334][    T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!!
[   95.725760][    T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!!
[   95.811590][    T0] NOHZ tick-stop error: local softirq work is pending, handler #08!!!
[   96.164030][ T5996] netlink: 8 bytes leftover after parsing attributes in process `syz.4.5'.
[   96.325515][ T5999] FAULT_INJECTION: forcing a failure.
[   96.325515][ T5999] name fail_usercopy, interval 1, probability 0, space 0, times 1
[   96.390761][ T5999] CPU: 1 UID: 0 PID: 5999 Comm: syz.1.12 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) 
[   96.390786][ T5999] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[   96.390804][ T5999] Call Trace:
[   96.390815][ T5999]  <TASK>
[   96.390823][ T5999]  dump_stack_lvl+0x189/0x250
[   96.390855][ T5999]  ? lockdep_hardirqs_on+0x9c/0x150
[   96.390876][ T5999]  ? __pfx_dump_stack_lvl+0x10/0x10
[   96.390912][ T5999]  should_fail_ex+0x414/0x560
[   96.390935][ T5999]  _copy_to_user+0x31/0xb0
[   96.390963][ T5999]  simple_read_from_buffer+0xe1/0x170
[   96.390987][ T5999]  proc_fail_nth_read+0x1df/0x250
[   96.391014][ T5999]  ? __pfx_proc_fail_nth_read+0x10/0x10
[   96.391039][ T5999]  ? rw_verify_area+0x258/0x650
[   96.391066][ T5999]  ? __pfx_proc_fail_nth_read+0x10/0x10
[   96.391090][ T5999]  vfs_read+0x200/0x980
[   96.391122][ T5999]  ? __pfx___mutex_lock+0x10/0x10
[   96.391143][ T5999]  ? __pfx_vfs_read+0x10/0x10
[   96.391172][ T5999]  ? __fget_files+0x2a/0x420
[   96.391197][ T5999]  ? __fget_files+0x3a0/0x420
[   96.391216][ T5999]  ? __fget_files+0x2a/0x420
[   96.391244][ T5999]  ksys_read+0x145/0x250
[   96.391263][ T5999]  ? __pfx_ksys_read+0x10/0x10
[   96.391285][ T5999]  ? do_syscall_64+0xbe/0x3b0
[   96.391313][ T5999]  do_syscall_64+0xfa/0x3b0
[   96.391332][ T5999]  ? lockdep_hardirqs_on+0x9c/0x150
[   96.391350][ T5999]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   96.391368][ T5999]  ? clear_bhb_loop+0x60/0xb0
[   96.391390][ T5999]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   96.391414][ T5999] RIP: 0033:0x7f22b798d5fc
[   96.391433][ T5999] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[   96.391449][ T5999] RSP: 002b:00007f22b883c030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[   96.391468][ T5999] RAX: ffffffffffffffda RBX: 00007f22b7bb6090 RCX: 00007f22b798d5fc
[   96.391481][ T5999] RDX: 000000000000000f RSI: 00007f22b883c0a0 RDI: 0000000000000005
[   96.391492][ T5999] RBP: 00007f22b883c090 R08: 0000000000000000 R09: 0000000000000000
[   96.391503][ T5999] R10: 0000200000000040 R11: 0000000000000246 R12: 0000000000000001
[   96.391514][ T5999] R13: 00007f22b7bb6128 R14: 00007f22b7bb6090 R15: 00007ffc9bc139f8
[   96.391543][ T5999]  </TASK>
[   96.619810][    C1] vkms_vblank_simulate: vblank timer overrun
[   97.319580][ T6013] syz.0.16: attempt to access beyond end of device
[   97.319580][ T6013] loop1: rw=0, sector=0, nr_sectors = 1 limit=0
[   97.333181][ T6013] FAT-fs (loop1): unable to read boot sector
[   98.715006][ T6022] tipc: Enabling of bearer <eth:syzkaller0> rejected, failed to enable media
[   98.907938][ T6026] openvswitch: netlink: IP tunnel attribute has 20 unknown bytes.
[   99.673441][ T6046] netlink: 256 bytes leftover after parsing attributes in process `syz.4.23'.
[   99.683503][ T6046] netlink: 19720 bytes leftover after parsing attributes in process `syz.4.23'.
[  100.136907][ T6045] 9pnet_fd: Insufficient options for proto=fd
[  103.051381][ T6084] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[  104.503358][ T6094] tipc: Enabling of bearer <eth:syzkaller0> rejected, failed to enable media
[  104.724624][ T6097] netlink: 256 bytes leftover after parsing attributes in process `syz.0.38'.
[  104.733551][ T6097] netlink: 19720 bytes leftover after parsing attributes in process `syz.0.38'.
[  105.937355][ T6121] Cannot find add_set index 0 as target
[  105.946228][ T6121] netlink: 'syz.0.40': attribute type 9 has an invalid length.
[  106.773882][ T6110] warning: `syz.4.32' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211
[  108.162977][ T5993] usb 2-1: new high-speed USB device number 2 using dummy_hcd
[  109.025572][ T6133] netlink: 80 bytes leftover after parsing attributes in process `syz.0.42'.
[  109.354683][ T5993] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 28, changing to 8
[  109.417843][ T5993] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 5
[  110.047944][ T5993] usb 2-1: New USB device found, idVendor=05ac, idProduct=0232, bcdDevice= 0.00
[  110.080251][ T5993] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  110.219099][ T5993] usb 2-1: config 0 descriptor??
[  110.457561][ T5993] input: bcm5974 as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/input/input5
[  110.603720][ T6132] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  110.659316][ T6132] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  110.828749][ T6163] syz.4.51 uses obsolete (PF_INET,SOCK_PACKET)
[  111.250121][ T5190] bcm5974 2-1:0.0: could not read from device
[  111.325344][ T5190] bcm5974 2-1:0.0: could not read from device
[  111.331951][ T5993] usb 2-1: USB disconnect, device number 2
[  111.755071][ T6181] openvswitch: netlink: IP tunnel attribute has 20 unknown bytes.
[  112.599780][ T6184] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[  115.578513][ T6211] FAULT_INJECTION: forcing a failure.
[  115.578513][ T6211] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  115.720746][ T6199] can0: slcan on pty28.
[  115.723095][ T6211] CPU: 1 UID: 0 PID: 6211 Comm: syz.3.59 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) 
[  115.723123][ T6211] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  115.723136][ T6211] Call Trace:
[  115.723144][ T6211]  <TASK>
[  115.723152][ T6211]  dump_stack_lvl+0x189/0x250
[  115.723180][ T6211]  ? __pfx____ratelimit+0x10/0x10
[  115.723203][ T6211]  ? __pfx_dump_stack_lvl+0x10/0x10
[  115.723226][ T6211]  ? __pfx__printk+0x10/0x10
[  115.723265][ T6211]  should_fail_ex+0x414/0x560
[  115.723309][ T6211]  _copy_to_user+0x31/0xb0
[  115.723340][ T6211]  simple_read_from_buffer+0xe1/0x170
[  115.723366][ T6211]  proc_fail_nth_read+0x1df/0x250
[  115.723396][ T6211]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  115.723424][ T6211]  ? rw_verify_area+0x258/0x650
[  115.723455][ T6211]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  115.723481][ T6211]  vfs_read+0x200/0x980
[  115.723519][ T6211]  ? __pfx___mutex_lock+0x10/0x10
[  115.723542][ T6211]  ? __pfx_vfs_read+0x10/0x10
[  115.723575][ T6211]  ? __fget_files+0x2a/0x420
[  115.723602][ T6211]  ? __fget_files+0x3a0/0x420
[  115.723624][ T6211]  ? __fget_files+0x2a/0x420
[  115.723655][ T6211]  ksys_read+0x145/0x250
[  115.723671][ T6211]  ? __fget_files+0x2a/0x420
[  115.723697][ T6211]  ? __pfx_ksys_read+0x10/0x10
[  115.723721][ T6211]  ? do_syscall_64+0xbe/0x3b0
[  115.723749][ T6211]  do_syscall_64+0xfa/0x3b0
[  115.723774][ T6211]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  115.723794][ T6211]  ? asm_sysvec_reschedule_ipi+0x1a/0x20
[  115.723814][ T6211]  ? clear_bhb_loop+0x60/0xb0
[  115.723839][ T6211]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  115.723859][ T6211] RIP: 0033:0x7fe23df8d5fc
[  115.723877][ T6211] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[  115.723893][ T6211] RSP: 002b:00007fe23edca030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  115.723933][ T6211] RAX: ffffffffffffffda RBX: 00007fe23e1b6180 RCX: 00007fe23df8d5fc
[  115.723949][ T6211] RDX: 000000000000000f RSI: 00007fe23edca0a0 RDI: 0000000000000003
[  115.723962][ T6211] RBP: 00007fe23edca090 R08: 0000000000000000 R09: 0000000000000000
[  115.723975][ T6211] R10: 0000000000000012 R11: 0000000000000246 R12: 0000000000000001
[  115.723988][ T6211] R13: 00007fe23e1b6218 R14: 00007fe23e1b6180 R15: 00007ffde9d6ba28
[  115.724022][ T6211]  </TASK>
[  116.213798][ T6225] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  116.356119][ T6199] can0 (unregistered): slcan off pty28.
[  116.814603][ T6239] x_tables: duplicate underflow at hook 1
[  116.900407][ T6241] Bluetooth: MGMT ver 1.23
[  117.674121][ T5848] usb 2-1: new high-speed USB device number 3 using dummy_hcd
[  117.870658][ T5848] usb 2-1: Using ep0 maxpacket: 8
[  117.934292][ T5848] usb 2-1: config 0 has an invalid interface number: 38 but max is 0
[  117.970399][ T5848] usb 2-1: config 0 has no interface number 0
[  118.010253][ T6254] Zero length message leads to an empty skb
[  118.030210][ T5848] usb 2-1: config 0 interface 38 has no altsetting 0
[  118.076553][ T5848] usb 2-1: New USB device found, idVendor=04e6, idProduct=0009, bcdDevice= 2.00
[  118.114610][ T5848] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  118.344716][ T5848] usb 2-1: Product: syz
[  118.349180][ T5848] usb 2-1: Manufacturer: syz
[  118.354225][ T5848] usb 2-1: SerialNumber: syz
[  118.431480][ T5848] usb 2-1: config 0 descriptor??
[  118.637206][ T6254] sp0: Synchronizing with TNC
[  118.756445][ T5848] usb-storage 2-1:0.38: USB Mass Storage device detected
[  119.882034][ T5848] usb 2-1: USB disconnect, device number 3
[  121.605655][ T6290] FAULT_INJECTION: forcing a failure.
[  121.605655][ T6290] name failslab, interval 1, probability 0, space 0, times 1
[  121.654035][ T6290] CPU: 1 UID: 0 PID: 6290 Comm: syz.4.82 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) 
[  121.654058][ T6290] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  121.654067][ T6290] Call Trace:
[  121.654073][ T6290]  <TASK>
[  121.654080][ T6290]  dump_stack_lvl+0x189/0x250
[  121.654102][ T6290]  ? __pfx____ratelimit+0x10/0x10
[  121.654118][ T6290]  ? __pfx_dump_stack_lvl+0x10/0x10
[  121.654136][ T6290]  ? __pfx__printk+0x10/0x10
[  121.654163][ T6290]  ? __pfx___might_resched+0x10/0x10
[  121.654184][ T6290]  should_fail_ex+0x414/0x560
[  121.654205][ T6290]  should_failslab+0xa8/0x100
[  121.654224][ T6290]  kmem_cache_alloc_node_noprof+0x76/0x3c0
[  121.654243][ T6290]  ? __alloc_skb+0x112/0x2d0
[  121.654272][ T6290]  __alloc_skb+0x112/0x2d0
[  121.654299][ T6290]  netlink_sendmsg+0x5c6/0xb30
[  121.654334][ T6290]  ? __pfx_netlink_sendmsg+0x10/0x10
[  121.654368][ T6290]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  121.654387][ T6290]  ? __pfx_netlink_sendmsg+0x10/0x10
[  121.654414][ T6290]  __sock_sendmsg+0x21c/0x270
[  121.654439][ T6290]  __sys_sendto+0x3bd/0x520
[  121.654467][ T6290]  ? __pfx___sys_sendto+0x10/0x10
[  121.654491][ T6290]  ? __mutex_unlock_slowpath+0x1cd/0x700
[  121.654524][ T6290]  ? __fget_files+0x3a0/0x420
[  121.654555][ T6290]  ? ksys_write+0x22a/0x250
[  121.654575][ T6290]  ? __pfx_ksys_write+0x10/0x10
[  121.654590][ T6290]  ? rcu_is_watching+0x15/0xb0
[  121.654615][ T6290]  __x64_sys_sendto+0xde/0x100
[  121.654645][ T6290]  do_syscall_64+0xfa/0x3b0
[  121.654667][ T6290]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  121.654684][ T6290]  ? asm_common_interrupt+0x26/0x40
[  121.654701][ T6290]  ? clear_bhb_loop+0x60/0xb0
[  121.654723][ T6290]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  121.654741][ T6290] RIP: 0033:0x7f562918ebe9
[  121.654757][ T6290] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  121.654779][ T6290] RSP: 002b:00007f562a013038 EFLAGS: 00000246 ORIG_RAX: 000000000000002c
[  121.654798][ T6290] RAX: ffffffffffffffda RBX: 00007f56293b5fa0 RCX: 00007f562918ebe9
[  121.654811][ T6290] RDX: 0000000000000090 RSI: 00002000000000c0 RDI: 0000000000000004
[  121.654822][ T6290] RBP: 00007f562a013090 R08: 0000000000000000 R09: 0000000000000000
[  121.654833][ T6290] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  121.654851][ T6290] R13: 00007f56293b6038 R14: 00007f56293b5fa0 R15: 00007fff4baf4138
[  121.654879][ T6290]  </TASK>
[  123.857919][ T6319] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[  124.000784][ T5848] usb 5-1: new high-speed USB device number 2 using dummy_hcd
[  124.230821][ T5848] usb 5-1: device descriptor read/64, error -71
[  125.055853][ T5848] usb 5-1: new high-speed USB device number 3 using dummy_hcd
[  125.220800][ T5848] usb 5-1: device descriptor read/64, error -71
[  125.346797][ T5848] usb usb5-port1: attempt power cycle
[  125.488083][ T6347] FAULT_INJECTION: forcing a failure.
[  125.488083][ T6347] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  125.501806][ T6347] CPU: 1 UID: 0 PID: 6347 Comm: syz.3.93 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) 
[  125.501828][ T6347] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  125.501840][ T6347] Call Trace:
[  125.501847][ T6347]  <TASK>
[  125.501855][ T6347]  dump_stack_lvl+0x189/0x250
[  125.501882][ T6347]  ? __pfx____ratelimit+0x10/0x10
[  125.501903][ T6347]  ? __pfx_dump_stack_lvl+0x10/0x10
[  125.501923][ T6347]  ? __pfx__printk+0x10/0x10
[  125.501948][ T6347]  ? __might_fault+0xb0/0x130
[  125.501977][ T6347]  should_fail_ex+0x414/0x560
[  125.502002][ T6347]  _copy_from_user+0x2d/0xb0
[  125.502029][ T6347]  kstrtouint_from_user+0xc4/0x170
[  125.502054][ T6347]  ? __pfx_kstrtouint_from_user+0x10/0x10
[  125.502092][ T6347]  proc_fail_nth_write+0x88/0x240
[  125.502116][ T6347]  ? __pfx_proc_fail_nth_write+0x10/0x10
[  125.502144][ T6347]  ? __pfx_proc_fail_nth_write+0x10/0x10
[  125.502169][ T6347]  vfs_write+0x27e/0xa90
[  125.502195][ T6347]  ? __pfx_vfs_write+0x10/0x10
[  125.502215][ T6347]  ? __fget_files+0x2a/0x420
[  125.502240][ T6347]  ? __fget_files+0x3a0/0x420
[  125.502260][ T6347]  ? __fget_files+0x2a/0x420
[  125.502290][ T6347]  ksys_write+0x145/0x250
[  125.502310][ T6347]  ? __pfx_ksys_write+0x10/0x10
[  125.502325][ T6347]  ? rcu_is_watching+0x15/0xb0
[  125.502351][ T6347]  ? do_syscall_64+0xbe/0x3b0
[  125.502375][ T6347]  do_syscall_64+0xfa/0x3b0
[  125.502397][ T6347]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  125.502415][ T6347]  ? asm_sysvec_reschedule_ipi+0x1a/0x20
[  125.502433][ T6347]  ? clear_bhb_loop+0x60/0xb0
[  125.502456][ T6347]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  125.502474][ T6347] RIP: 0033:0x7fe23df8d69f
[  125.502490][ T6347] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48
[  125.502505][ T6347] RSP: 002b:00007fe23edeb030 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[  125.502524][ T6347] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007fe23df8d69f
[  125.502537][ T6347] RDX: 0000000000000001 RSI: 00007fe23edeb0a0 RDI: 0000000000000006
[  125.502548][ T6347] RBP: 00007fe23edeb090 R08: 0000000000000000 R09: 0000000000000000
[  125.502559][ T6347] R10: 0000000000000004 R11: 0000000000000293 R12: 0000000000000001
[  125.502570][ T6347] R13: 00007fe23e1b6128 R14: 00007fe23e1b6090 R15: 00007ffde9d6ba28
[  125.502599][ T6347]  </TASK>
[  125.992150][ T5848] usb 5-1: new high-speed USB device number 4 using dummy_hcd
[  126.048999][ T6349] netlink: 60 bytes leftover after parsing attributes in process `syz.1.94'.
[  126.121931][ T5848] usb 5-1: device descriptor read/8, error -71
[  126.370744][ T5848] usb 5-1: new high-speed USB device number 5 using dummy_hcd
[  126.402912][ T5848] usb 5-1: device descriptor read/8, error -71
[  126.683824][ T5848] usb usb5-port1: unable to enumerate USB device
[  128.714457][ T6383] netdevsim netdevsim4: loading /lib/firmware/. failed with error -22
[  128.723140][ T6383] netdevsim netdevsim4: Direct firmware load for . failed with error -22
[  128.732346][ T6383] netdevsim netdevsim4: Falling back to sysfs fallback for: .
[  130.516501][ T6390] openvswitch: netlink: IP tunnel attribute has 20 unknown bytes.
[  131.969247][ T6410] vivid-001: disconnect
[  132.604964][ T6406] vivid-001: reconnect
[  132.709313][ T1300] ieee802154 phy0 wpan0: encryption failed: -22
[  132.721010][ T1300] ieee802154 phy1 wpan1: encryption failed: -22
[  132.835225][ T6426] Device name cannot be null; rc = [-22]
[  133.808907][ T6435] netlink: 28 bytes leftover after parsing attributes in process `syz.4.115'.
[  134.640632][ T5920] usb 5-1: new high-speed USB device number 6 using dummy_hcd
[  134.988327][ T5920] usb 5-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[  135.009596][ T5920] usb 5-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47
[  135.070746][ T5920] usb 5-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[  135.079849][ T5920] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  135.093215][ T6449] process 'syz.1.113' launched './file0' with NULL argv: empty string added
[  135.891073][ T6442] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22
[  136.231821][ T5920] usb 5-1: Quirk or no altset; falling back to MIDI 1.0
[  137.329025][  T979] usb 4-1: new high-speed USB device number 2 using dummy_hcd
[  137.448669][ T6468] cramfs: Unknown parameter 'discard'
[  138.317241][ T5900] usb 5-1: USB disconnect, device number 6
[  138.419806][  T979] usb 4-1: config 0 has an invalid interface number: 194 but max is 0
[  138.451957][  T979] usb 4-1: config 0 has no interface number 0
[  138.458109][  T979] usb 4-1: too many endpoints for config 0 interface 194 altsetting 233: 59, using maximum allowed: 30
[  138.533356][  T979] usb 4-1: config 0 interface 194 altsetting 233 has 0 endpoint descriptors, different from the interface descriptor's value: 59
[  138.590568][  T979] usb 4-1: config 0 interface 194 has no altsetting 0
[  139.580613][  T979] usb 4-1: New USB device found, idVendor=0c72, idProduct=0012, bcdDevice=22.96
[  139.651800][  T979] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  140.115241][  T979] usb 4-1: Product: syz
[  140.119475][  T979] usb 4-1: Manufacturer: syz
[  140.540329][  T979] usb 4-1: config 0 descriptor??
[  140.546037][  T979] usb 4-1: can't set config #0, error -71
[  140.571362][  T979] usb 4-1: USB disconnect, device number 2
[  140.686014][ T6485] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list
[  141.220833][ T5920] usb 2-1: new high-speed USB device number 4 using dummy_hcd
[  141.390626][ T5920] usb 2-1: Using ep0 maxpacket: 32
[  141.480169][ T5920] usb 2-1: config 0 has no interfaces?
[  141.542294][ T5920] usb 2-1: New USB device found, idVendor=8086, idProduct=9500, bcdDevice=b6.d8
[  141.686517][ T5920] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  141.737069][ T5920] usb 2-1: Product: syz
[  141.771175][ T5920] usb 2-1: Manufacturer: syz
[  141.783120][ T5920] usb 2-1: SerialNumber: syz
[  141.839832][ T5920] usb 2-1: config 0 descriptor??
[  142.055089][ T6480] syz.4.124 (6480): drop_caches: 2
[  142.613939][ T6504] netlink: 20 bytes leftover after parsing attributes in process `syz.2.129'.
[  143.801887][ T6507] Device name cannot be null; rc = [-22]
[  144.030730][ T5983] usb 2-1: USB disconnect, device number 4
[  151.600884][ T6546] Can not set IPV6_FL_F_REFLECT if flowlabel_consistency sysctl is enable
[  154.727613][ T6574] CIFS: No dialect specified on mount. Default has changed to a more secure dialect, SMB2.1 or later (e.g. SMB3.1.1), from CIFS (SMB1). To use the less secure SMB1 dialect to access old servers which do not support SMB3.1.1 (or even SMB3 or SMB2.1) specify vers=1.0 on mount.
[  154.753982][ T6574] CIFS mount error: No usable UNC path provided in device string!
[  154.753982][ T6574] 
[  154.765594][ T6574] CIFS: VFS: CIFS mount error: No usable UNC path provided in device string!
[  154.954466][ T6578] Device name cannot be null; rc = [-22]
[  155.756977][ T6582] netlink: 24 bytes leftover after parsing attributes in process `syz.0.154'.
[  156.183200][ T6589] FAULT_INJECTION: forcing a failure.
[  156.183200][ T6589] name failslab, interval 1, probability 0, space 0, times 0
[  156.201914][ T6589] CPU: 0 UID: 0 PID: 6589 Comm: syz.4.151 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) 
[  156.201939][ T6589] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  156.201950][ T6589] Call Trace:
[  156.201958][ T6589]  <TASK>
[  156.201965][ T6589]  dump_stack_lvl+0x189/0x250
[  156.201992][ T6589]  ? __pfx____ratelimit+0x10/0x10
[  156.202012][ T6589]  ? __pfx_dump_stack_lvl+0x10/0x10
[  156.202032][ T6589]  ? __pfx__printk+0x10/0x10
[  156.202062][ T6589]  ? __pfx___might_resched+0x10/0x10
[  156.202081][ T6589]  ? fs_reclaim_acquire+0x7d/0x100
[  156.202108][ T6589]  should_fail_ex+0x414/0x560
[  156.202132][ T6589]  should_failslab+0xa8/0x100
[  156.202154][ T6589]  __kmalloc_noprof+0xcb/0x4f0
[  156.202176][ T6589]  ? kfree+0x4d/0x440
[  156.202201][ T6589]  ? tomoyo_realpath_from_path+0xe3/0x5d0
[  156.202232][ T6589]  tomoyo_realpath_from_path+0xe3/0x5d0
[  156.202257][ T6589]  ? tomoyo_domain+0xda/0x130
[  156.202287][ T6589]  ? tomoyo_path_number_perm+0x1bc/0x5a0
[  156.202307][ T6589]  tomoyo_path_number_perm+0x1e8/0x5a0
[  156.202329][ T6589]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  156.202365][ T6589]  ? __lock_acquire+0xab9/0xd20
[  156.202402][ T6589]  ? __fget_files+0x2a/0x420
[  156.202425][ T6589]  ? __fget_files+0x2a/0x420
[  156.202445][ T6589]  ? __fget_files+0x3a0/0x420
[  156.202464][ T6589]  ? __fget_files+0x2a/0x420
[  156.202488][ T6589]  security_file_ioctl+0xcb/0x2d0
[  156.202512][ T6589]  __se_sys_ioctl+0x47/0x170
[  156.202542][ T6589]  do_syscall_64+0xfa/0x3b0
[  156.202561][ T6589]  ? lockdep_hardirqs_on+0x9c/0x150
[  156.202580][ T6589]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  156.202598][ T6589]  ? clear_bhb_loop+0x60/0xb0
[  156.202619][ T6589]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  156.202637][ T6589] RIP: 0033:0x7f562918ebe9
[  156.202653][ T6589] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  156.202668][ T6589] RSP: 002b:00007f5629ff2038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  156.202687][ T6589] RAX: ffffffffffffffda RBX: 00007f56293b6090 RCX: 00007f562918ebe9
[  156.202700][ T6589] RDX: 00002000000001c0 RSI: 000000004048ae9b RDI: 0000000000000005
[  156.202712][ T6589] RBP: 00007f5629ff2090 R08: 0000000000000000 R09: 0000000000000000
[  156.202723][ T6589] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  156.202733][ T6589] R13: 00007f56293b6128 R14: 00007f56293b6090 R15: 00007fff4baf4138
[  156.202762][ T6589]  </TASK>
[  156.202770][ T6589] ERROR: Out of memory at tomoyo_realpath_from_path.
[  156.834153][ T6597] tipc: Failed to remove unknown binding: 66,1,1/0:3711140039/3711140041
[  156.843222][ T6597] tipc: Failed to remove unknown binding: 66,1,1/0:3711140039/3711140041
[  159.291141][ T5848] usb 4-1: new high-speed USB device number 3 using dummy_hcd
[  159.470640][ T5848] usb 4-1: Using ep0 maxpacket: 32
[  159.487315][ T5848] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  159.499237][ T5848] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  159.509283][ T5848] usb 4-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40
[  159.518505][ T5848] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  159.813596][ T5848] usb 4-1: config 0 descriptor??
[  159.842537][ T5848] hub 4-1:0.0: USB hub found
[  160.271430][ T6612] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  160.296359][ T6612] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  160.348710][ T5848] hub 4-1:0.0: 1 port detected
[  160.368689][ T6622] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[  161.382176][ T5848] hub 4-1:0.0: activate --> -90
[  162.982139][ T6650] openvswitch: netlink: IP tunnel attribute has 20 unknown bytes.
[  163.261566][ T5848] usb 4-1-port1: config error
[  163.410431][ T5848] hub 4-1:0.0: hub_ext_port_status failed (err = -32)
[  163.424664][ T5848] usb 4-1-port1: connect-debounce failed
[  163.456381][ T5848] usb 4-1-port1: cannot disable (err = -71)
[  163.462833][ T5900] usb 4-1: USB disconnect, device number 3
[  163.565164][ T6658] Device name cannot be null; rc = [-22]
[  164.750723][ T5993] usb 5-1: new high-speed USB device number 7 using dummy_hcd
[  164.960599][ T5993] usb 5-1: device descriptor read/64, error -71
[  165.484566][ T5993] usb 5-1: new high-speed USB device number 8 using dummy_hcd
[  166.035052][ T5993] usb 5-1: device descriptor read/64, error -71
[  166.838726][ T5993] usb usb5-port1: attempt power cycle
[  167.046775][ T6689] syz.3.183 calls setitimer() with new_value NULL pointer. Misfeature support will be removed
[  167.604354][ T6697] openvswitch: netlink: IP tunnel attribute has 20 unknown bytes.
[  168.312506][ T6698] netlink: 20 bytes leftover after parsing attributes in process `syz.1.185'.
[  169.990254][ T6704] netdevsim netdevsim2: loading /lib/firmware/. failed with error -22
[  169.990300][ T6704] netdevsim netdevsim2: Direct firmware load for . failed with error -22
[  169.990313][ T6704] netdevsim netdevsim2: Falling back to sysfs fallback for: .
[  170.269583][ T6715] netlink: 324 bytes leftover after parsing attributes in process `syz.3.190'.
[  171.950707][ T5928] usb 3-1: new high-speed USB device number 2 using dummy_hcd
[  172.286509][ T5928] usb 3-1: Using ep0 maxpacket: 8
[  172.470785][ T5928] usb 3-1: unable to get BOS descriptor or descriptor too short
[  172.512656][ T5928] usb 3-1: config 1 has an invalid interface number: 67 but max is 0
[  172.537284][ T5928] usb 3-1: config 1 has no interface number 0
[  172.546428][ T6735] Device name cannot be null; rc = [-22]
[  172.555298][ T5928] usb 3-1: config 1 interface 67 altsetting 9 endpoint 0x2 has an invalid bInterval 0, changing to 7
[  172.568487][ T5928] usb 3-1: config 1 interface 67 altsetting 9 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  172.584974][ T5928] usb 3-1: config 1 interface 67 has no altsetting 0
[  172.606013][ T5928] usb 3-1: New USB device found, idVendor=12cf, idProduct=7111, bcdDevice=b9.ec
[  172.630009][ T5928] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  172.664038][ T5928] usb 3-1: Product: syz
[  172.668228][ T5928] usb 3-1: Manufacturer: syz
[  172.686465][ T5928] usb 3-1: SerialNumber: syz
[  172.956817][ T6727] netlink: 28 bytes leftover after parsing attributes in process `syz.2.193'.
[  172.996059][ T6727] tipc: Started in network mode
[  173.006853][ T6727] tipc: Node identity 7, cluster identity 5
[  173.045330][ T6727] tipc: Node number set to 7
[  173.117445][ T5928] radio-si470x 3-1:1.67: could not find interrupt in endpoint
[  173.128291][ T5928] radio-si470x 3-1:1.67: probe with driver radio-si470x failed with error -5
[  173.138826][ T6745] binder: 6741:6745 ioctl c0306201 200000000540 returned -22
[  173.915753][ T6746] xt_CT: No such helper "pptp"
[  174.032830][ T5928] usbhid 3-1:1.67: couldn't find an input interrupt endpoint
[  174.062441][ T5928] usb 3-1: USB disconnect, device number 2
[  175.000582][ T5928] usb 4-1: new high-speed USB device number 4 using dummy_hcd
[  175.223505][ T5928] usb 4-1: Using ep0 maxpacket: 32
[  175.237769][ T5928] usb 4-1: New USB device found, idVendor=041e, idProduct=400b, bcdDevice=3e.e7
[  175.254667][ T5928] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  175.511137][ T5928] usb 4-1: config 0 descriptor??
[  175.593936][ T5928] gspca_main: sunplus-2.14.0 probing 041e:400b
[  176.064449][ T6774] openvswitch: netlink: IP tunnel attribute has 20 unknown bytes.
[  176.272496][ T5928] gspca_sunplus: reg_w_riv err -110
[  176.546078][ T5928] sunplus 4-1:0.0: probe with driver sunplus failed with error -110
[  176.998295][ T6780] netlink: 36 bytes leftover after parsing attributes in process `syz.4.204'.
[  177.655927][ T5920] usb 4-1: USB disconnect, device number 4
[  177.821375][ T6789] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[  178.187998][ T6793] netlink: 20 bytes leftover after parsing attributes in process `syz.2.209'.
[  178.231245][ T6793] netlink: 148 bytes leftover after parsing attributes in process `syz.2.209'.
[  178.263884][ T6798] xt_hashlimit: size too large, truncated to 1048576
[  178.702011][ T5993] usb 3-1: new full-speed USB device number 3 using dummy_hcd
[  179.394960][ T5993] usb 3-1: config 9 has an invalid interface number: 88 but max is 1
[  179.511757][ T5993] usb 3-1: config 9 contains an unexpected descriptor of type 0x2, skipping
[  179.550539][ T5993] usb 3-1: config 9 has an invalid descriptor of length 0, skipping remainder of the config
[  179.600716][ T5993] usb 3-1: config 9 has no interface number 1
[  179.606899][ T5993] usb 3-1: config 9 interface 88 altsetting 9 has an invalid descriptor for endpoint zero, skipping
[  179.676671][ T5993] usb 3-1: config 9 interface 88 altsetting 9 has an invalid descriptor for endpoint zero, skipping
[  179.712927][ T5993] usb 3-1: config 9 interface 88 altsetting 9 has an endpoint descriptor with address 0xA4, changing to 0x84
[  179.733214][ T5993] usb 3-1: config 9 interface 88 has no altsetting 0
[  179.747324][ T5993] usb 3-1: New USB device found, idVendor=03f0, idProduct=581d, bcdDevice=50.80
[  180.640330][ T5993] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  180.653604][ T5993] usb 3-1: Product: syz
[  180.657799][ T5993] usb 3-1: Manufacturer: syz
[  180.662950][ T5993] usb 3-1: SerialNumber: syz
[  181.955997][ T5993] qmi_wwan 3-1:9.88: skipping garbage
[  181.994821][ T5993] qmi_wwan 3-1:9.88: probe with driver qmi_wwan failed with error -22
[  182.044014][ T5928] usb 5-1: new high-speed USB device number 10 using dummy_hcd
[  182.157916][ T5993] usb 3-1: Could not set interface, error -71
[  182.455834][ T5928] usb 5-1: device descriptor read/64, error -71
[  182.498192][ T5993] usb 3-1: USB disconnect, device number 3
[  183.210871][ T5928] usb 5-1: new high-speed USB device number 11 using dummy_hcd
[  183.345481][ T5848] libceph: connect (1)[c::]:6789 error -101
[  183.360001][ T5848] libceph: mon0 (1)[c::]:6789 connect error
[  183.370707][ T5928] usb 5-1: device descriptor read/64, error -71
[  183.469600][ T6834] ceph: No mds server is up or the cluster is laggy
[  183.515948][ T5928] usb usb5-port1: attempt power cycle
[  183.698946][ T6841] netlink: 'syz.1.222': attribute type 2 has an invalid length.
[  183.939362][ T5928] usb 5-1: new high-speed USB device number 12 using dummy_hcd
[  185.615935][ T6860] tipc: Failed to remove unknown binding: 66,1,1/0:3396618506/3396618508
[  185.625533][ T6860] tipc: Failed to remove unknown binding: 66,1,1/0:3396618506/3396618508
[  187.174168][ T6874] openvswitch: netlink: IP tunnel attribute has 20 unknown bytes.
[  187.849242][ T5928] usb 5-1: device descriptor read/8, error -71
[  188.667001][ T5848] IPVS: starting estimator thread 0...
[  188.790738][ T6885] IPVS: using max 29 ests per chain, 69600 per kthread
[  188.958351][ T6881] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  191.315968][ T6913] netlink: 'syz.4.239': attribute type 1 has an invalid length.
[  191.323704][ T6913] netlink: 224 bytes leftover after parsing attributes in process `syz.4.239'.
[  191.334273][ T6913] No such timeout policy "syz0"
[  192.374990][ T6914] openvswitch: netlink: IP tunnel attribute has 20 unknown bytes.
[  192.847387][ T6919] openvswitch: netlink: IP tunnel attribute has 20 unknown bytes.
[  194.140974][ T1300] ieee802154 phy0 wpan0: encryption failed: -22
[  194.147430][ T1300] ieee802154 phy1 wpan1: encryption failed: -22
[  195.014868][ T6935] block nbd0: NBD_DISCONNECT
[  195.054483][ T6935] block nbd0: Disconnected due to user request.
[  195.109163][ T6935] block nbd0: shutting down sockets
[  196.521284][ T6952] tipc: Failed to remove unknown binding: 66,1,1/0:580243579/580243581
[  196.529721][ T6952] tipc: Failed to remove unknown binding: 66,1,1/0:580243579/580243581
[  197.192774][ T5983] usb 2-1: new high-speed USB device number 5 using dummy_hcd
[  198.100577][ T5983] usb 2-1: Using ep0 maxpacket: 32
[  198.481229][ T5983] usb 2-1: config index 0 descriptor too short (expected 1060, got 36)
[  198.492016][ T5983] usb 2-1: config 4 has an invalid descriptor of length 255, skipping remainder of the config
[  198.504324][ T5983] usb 2-1: config 4 has 0 interfaces, different from the descriptor's value: 9
[  198.519651][ T5983] usb 2-1: New USB device found, idVendor=046d, idProduct=08c6, bcdDevice= b.5d
[  198.560672][ T5983] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  198.568709][ T5983] usb 2-1: Product: syz
[  198.590669][ T5983] usb 2-1: Manufacturer: syz
[  198.598510][ T5983] usb 2-1: SerialNumber: syz
[  198.908081][ T6962] cramfs: Unknown parameter 'discard'
[  199.859590][ T5983] usb 2-1: USB disconnect, device number 5
[  200.776816][ T6971] netlink: 'syz.0.255': attribute type 10 has an invalid length.
[  201.567798][ T6971] team0: Port device dummy0 added
[  203.042958][ T6989] netlink: 28 bytes leftover after parsing attributes in process `syz.2.258'.
[  203.051974][ T6989] netlink: 12 bytes leftover after parsing attributes in process `syz.2.258'.
[  204.150725][ T6971] syz.0.255 (6971) used greatest stack depth: 18200 bytes left
[  204.222860][ T6996] tipc: Failed to remove unknown binding: 66,1,1/0:1281868516/1281868518
[  204.254534][ T6996] tipc: Failed to remove unknown binding: 66,1,1/0:1281868516/1281868518
[  204.273800][ T6994] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[  210.481326][ T7037] tipc: Failed to remove unknown binding: 66,1,1/0:1843347860/1843347862
[  210.503163][ T7037] tipc: Failed to remove unknown binding: 66,1,1/0:1843347860/1843347862
[  210.759311][ T7042] random: crng reseeded on system resumption
[  210.774849][ T7042] Restarting kernel threads ...
[  210.780443][ T7042] Done restarting kernel threads.
[  211.975660][ T5155] Bluetooth: hci1: command 0x0406 tx timeout
[  211.988142][ T5854] Bluetooth: hci2: command 0x0406 tx timeout
[  211.995161][ T5859] Bluetooth: hci4: command 0x0406 tx timeout
[  212.012723][ T5846] Bluetooth: hci3: command 0x0406 tx timeout
[  216.071192][ T5907] usb 1-1: new high-speed USB device number 2 using dummy_hcd
[  216.208175][ T7086] netlink: 'syz.3.288': attribute type 1 has an invalid length.
[  216.281805][ T5907] usb 1-1: Using ep0 maxpacket: 8
[  217.853272][ T7089] bond1: (slave ip6gretap1): Enslaving as a backup interface with an up link
[  218.177447][ T5907] usb 1-1: unable to get BOS descriptor or descriptor too short
[  219.271959][ T5907] usb 1-1: unable to read config index 0 descriptor/start: -71
[  219.279605][ T5907] usb 1-1: can't read configurations, error -71
[  219.384284][ T7092] veth3: entered promiscuous mode
[  219.417093][ T7092] bond1: (slave veth3): Enslaving as a backup interface with a down link
[  220.522864][ T7112] blktrace: Concurrent blktraces are not allowed on loop8
[  221.361016][ T7118] binder_alloc: 7117: binder_alloc_buf, no vma
[  221.808351][ T7133] netlink: 12 bytes leftover after parsing attributes in process `syz.0.302'.
[  221.950825][ T5993] usb 5-1: new high-speed USB device number 14 using dummy_hcd
[  222.260619][ T5993] usb 5-1: Using ep0 maxpacket: 8
[  222.369803][ T5993] usb 5-1: config 168 descriptor has 1 excess byte, ignoring
[  222.715552][ T5993] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11
[  222.727716][ T5993] usb 5-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  222.739666][ T5993] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7
[  222.750973][ T5993] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024
[  222.786692][ T5993] usb 5-1: config 168 descriptor has 1 excess byte, ignoring
[  222.815709][ T5993] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11
[  222.847650][ T5993] usb 5-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  222.860119][ T5993] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7
[  223.795646][ T5993] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024
[  223.808989][ T5993] usb 5-1: config 168 descriptor has 1 excess byte, ignoring
[  223.817085][ T5993] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11
[  223.817603][  T979] usb 1-1: new high-speed USB device number 4 using dummy_hcd
[  223.830044][ T5993] usb 5-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  224.041695][ T5993] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7
[  224.057235][  T979] usb 1-1: device descriptor read/64, error -71
[  224.061227][ T5993] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024
[  225.086435][ T5993] usb 5-1: string descriptor 0 read error: -71
[  225.489498][ T7154] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[  225.618979][ T5993] usb 5-1: New USB device found, idVendor=0a07, idProduct=0064, bcdDevice=40.6e
[  225.678749][ T5993] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  225.835996][ T5993] usb 5-1: can't set config #168, error -71
[  225.908040][ T5993] usb 5-1: USB disconnect, device number 14
[  225.985234][ T7165] netlink: 'syz.0.308': attribute type 1 has an invalid length.
[  225.993152][ T7165] netlink: 16 bytes leftover after parsing attributes in process `syz.0.308'.
[  226.650730][   T30] audit: type=1326 audit(1755607485.790:2): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7157 comm="syz.2.310" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0b5af8ebe9 code=0x7ffc0000
[  226.888982][   T30] audit: type=1326 audit(1755607485.790:3): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7157 comm="syz.2.310" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0b5af8ebe9 code=0x7ffc0000
[  226.911305][   T30] audit: type=1326 audit(1755607485.790:4): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7157 comm="syz.2.310" exe="/root/syz-executor" sig=0 arch=c000003e syscall=261 compat=0 ip=0x7f0b5af8ebe9 code=0x7ffc0000
[  226.932915][   T30] audit: type=1326 audit(1755607485.800:5): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7157 comm="syz.2.310" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0b5af8ebe9 code=0x7ffc0000
[  226.954181][   T30] audit: type=1326 audit(1755607485.800:6): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7157 comm="syz.2.310" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0b5af8ebe9 code=0x7ffc0000
[  227.072071][   T30] audit: type=1326 audit(1755607485.800:7): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7157 comm="syz.2.310" exe="/root/syz-executor" sig=0 arch=c000003e syscall=42 compat=0 ip=0x7f0b5af8ebe9 code=0x7ffc0000
[  227.758312][   T30] audit: type=1326 audit(1755607485.800:8): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7157 comm="syz.2.310" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0b5af8ebe9 code=0x7ffc0000
[  227.779757][   T30] audit: type=1326 audit(1755607485.800:9): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7157 comm="syz.2.310" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0b5af8ebe9 code=0x7ffc0000
[  227.809852][   T30] audit: type=1326 audit(1755607485.800:10): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7157 comm="syz.2.310" exe="/root/syz-executor" sig=0 arch=c000003e syscall=325 compat=0 ip=0x7f0b5af8ebe9 code=0x7ffc0000
[  227.832602][   T30] audit: type=1326 audit(1755607485.810:11): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7157 comm="syz.2.310" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0b5af8ebe9 code=0x7ffc0000
[  228.630842][ T7189] netlink: 12 bytes leftover after parsing attributes in process `syz.3.314'.
[  230.160719][ T7191] mmap: syz.0.315 (7191) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst.
[  231.728318][ T7206] 8021q: adding VLAN 0 to HW filter on device bond2
[  231.778678][ T7209] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list
[  236.052218][ T7248] tipc: Started in network mode
[  236.057152][ T7248] tipc: Node identity be233bd461d3, cluster identity 4711
[  236.065544][ T7248] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  236.093917][ T7248] tipc: Resetting bearer <eth:syzkaller0>
[  236.179510][ T7247] tipc: Disabling bearer <eth:syzkaller0>
[  236.232063][ T5920] usb 5-1: new high-speed USB device number 15 using dummy_hcd
[  236.435359][ T5920] usb 5-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[  236.500716][ T5920] usb 5-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47
[  236.533010][ T5920] usb 5-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[  236.617455][ T5920] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  236.720983][ T7246] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22
[  236.763224][ T5920] usb 5-1: Quirk or no altset; falling back to MIDI 1.0
[  236.969987][ T7257] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  237.541401][ T5960] usb 5-1: USB disconnect, device number 15
[  237.564445][ T7256] tipc: Resetting bearer <eth:syzkaller0>
[  238.659747][  T979] tipc: Node number set to 3757063124
[  238.747304][ T7269] hugetlbfs: syz.3.339 (7269): Using mlock ulimits for SHM_HUGETLB is obsolete
[  238.831807][ T7255] tipc: Disabling bearer <eth:syzkaller0>
[  240.309357][ T7282] netlink: 8 bytes leftover after parsing attributes in process `syz.0.342'.
[  240.319362][ T7282] netlink: 12 bytes leftover after parsing attributes in process `syz.0.342'.
[  240.902585][ T7282] netdevsim netdevsim0 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0
[  240.911589][ T7282] netdevsim netdevsim0 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0
[  240.920306][ T7282] netdevsim netdevsim0 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0
[  240.930065][ T7282] netdevsim netdevsim0 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0
[  243.260537][  T979] usb 3-1: new full-speed USB device number 4 using dummy_hcd
[  244.116014][  T979] usb 3-1: device descriptor read/64, error -71
[  244.432963][  T979] usb 3-1: new full-speed USB device number 5 using dummy_hcd
[  244.590596][  T979] usb 3-1: device descriptor read/64, error -71
[  244.978360][  T979] usb usb3-port1: attempt power cycle
[  245.121232][ T7317] fuse: Bad value for 'fd'
[  245.820678][  T979] usb 3-1: new high-speed USB device number 6 using dummy_hcd
[  245.865865][  T979] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  246.110234][  T979] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  246.148077][  T979] usb 3-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40
[  246.214585][  T979] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  247.007114][  T979] usb 3-1: config 0 descriptor??
[  247.675473][ T7347] openvswitch: netlink: IP tunnel attribute has 20 unknown bytes.
[  248.288082][  T979] keytouch 0003:0926:3333.0001: fixing up Keytouch IEC report descriptor
[  248.328544][ T7325] loop2: detected capacity change from 0 to 7
[  248.375812][  T979] input: HID 0926:3333 as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/0003:0926:3333.0001/input/input6
[  248.605276][ T7325] Dev loop2: unable to read RDB block 7
[  248.704500][ T7325]  loop2: unable to read partition table
[  248.840994][ T7325] loop2: partition table beyond EOD, truncated
[  248.893570][  T979] keytouch 0003:0926:3333.0001: input,hidraw0: USB HID v0.00 Keyboard [HID 0926:3333] on usb-dummy_hcd.2-1/input0
[  248.966797][ T7325] loop_reread_partitions: partition scan of loop2 (�被x������ ) failed (rc=-5)
[  249.619980][ T7369] FAULT_INJECTION: forcing a failure.
[  249.619980][ T7369] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  249.634043][ T7369] CPU: 1 UID: 0 PID: 7369 Comm: syz.0.365 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) 
[  249.634066][ T7369] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  249.634077][ T7369] Call Trace:
[  249.634084][ T7369]  <TASK>
[  249.634093][ T7369]  dump_stack_lvl+0x189/0x250
[  249.634129][ T7369]  ? __pfx____ratelimit+0x10/0x10
[  249.634150][ T7369]  ? __pfx_dump_stack_lvl+0x10/0x10
[  249.634171][ T7369]  ? __pfx__printk+0x10/0x10
[  249.634195][ T7369]  ? __might_fault+0xb0/0x130
[  249.634225][ T7369]  should_fail_ex+0x414/0x560
[  249.634250][ T7369]  _copy_from_iter+0x1db/0x16f0
[  249.634279][ T7369]  ? n_hdlc_tty_write+0x167/0x890
[  249.634310][ T7369]  ? __pfx__copy_from_iter+0x10/0x10
[  249.634333][ T7369]  ? __pfx_default_wake_function+0x10/0x10
[  249.634366][ T7369]  ? __pfx_n_hdlc_tty_write+0x10/0x10
[  249.634390][ T7369]  ? iov_iter_revert+0x1eb/0x5f0
[  249.634421][ T7369]  file_tty_write+0x486/0x990
[  249.634455][ T7369]  vfs_write+0x54b/0xa90
[  249.634478][ T7369]  ? __pfx_tty_write+0x10/0x10
[  249.634503][ T7369]  ? __pfx_vfs_write+0x10/0x10
[  249.634531][ T7369]  ? __fget_files+0x2a/0x420
[  249.634562][ T7369]  ksys_write+0x145/0x250
[  249.634582][ T7369]  ? __pfx_ksys_write+0x10/0x10
[  249.634597][ T7369]  ? rcu_is_watching+0x15/0xb0
[  249.634622][ T7369]  ? do_syscall_64+0xbe/0x3b0
[  249.634647][ T7369]  do_syscall_64+0xfa/0x3b0
[  249.634673][ T7369]  ? lockdep_hardirqs_on+0x9c/0x150
[  249.634693][ T7369]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  249.634711][ T7369]  ? clear_bhb_loop+0x60/0xb0
[  249.634734][ T7369]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  249.634752][ T7369] RIP: 0033:0x7fbc6b98ebe9
[  249.634772][ T7369] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  249.634788][ T7369] RSP: 002b:00007fbc6c7c3038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  249.634806][ T7369] RAX: ffffffffffffffda RBX: 00007fbc6bbb6180 RCX: 00007fbc6b98ebe9
[  249.634820][ T7369] RDX: 00000000fffffdef RSI: 0000200000001040 RDI: 0000000000000009
[  249.634831][ T7369] RBP: 00007fbc6c7c3090 R08: 0000000000000000 R09: 0000000000000000
[  249.634842][ T7369] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  249.634853][ T7369] R13: 00007fbc6bbb6218 R14: 00007fbc6bbb6180 R15: 00007ffe30c00688
[  249.634883][ T7369]  </TASK>
[  249.869887][    C1] vkms_vblank_simulate: vblank timer overrun
[  250.318202][ T7373] FAULT_INJECTION: forcing a failure.
[  250.318202][ T7373] name failslab, interval 1, probability 0, space 0, times 0
[  250.416355][ T7373] CPU: 0 UID: 0 PID: 7373 Comm: syz.3.367 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) 
[  250.416391][ T7373] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  250.416401][ T7373] Call Trace:
[  250.416408][ T7373]  <TASK>
[  250.416416][ T7373]  dump_stack_lvl+0x189/0x250
[  250.416441][ T7373]  ? __pfx____ratelimit+0x10/0x10
[  250.416462][ T7373]  ? __pfx_dump_stack_lvl+0x10/0x10
[  250.416481][ T7373]  ? __pfx__printk+0x10/0x10
[  250.416510][ T7373]  ? __pfx___might_resched+0x10/0x10
[  250.416529][ T7373]  ? fs_reclaim_acquire+0x7d/0x100
[  250.416556][ T7373]  should_fail_ex+0x414/0x560
[  250.416578][ T7373]  should_failslab+0xa8/0x100
[  250.416599][ T7373]  __kmalloc_noprof+0xcb/0x4f0
[  250.416615][ T7373]  ? rds_message_alloc+0x47/0x1f0
[  250.416641][ T7373]  rds_message_alloc+0x47/0x1f0
[  250.416663][ T7373]  rds_sendmsg+0xb11/0x1f00
[  250.416700][ T7373]  ? __pfx_rds_sendmsg+0x10/0x10
[  250.416731][ T7373]  ? tomoyo_socket_sendmsg_permission+0x1e1/0x300
[  250.416767][ T7373]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  250.416785][ T7373]  ? __pfx_rds_sendmsg+0x10/0x10
[  250.416810][ T7373]  __sock_sendmsg+0x21c/0x270
[  250.416835][ T7373]  ____sys_sendmsg+0x505/0x830
[  250.416867][ T7373]  ? __pfx_____sys_sendmsg+0x10/0x10
[  250.416903][ T7373]  ? import_iovec+0x74/0xa0
[  250.416932][ T7373]  ___sys_sendmsg+0x21f/0x2a0
[  250.416962][ T7373]  ? __pfx____sys_sendmsg+0x10/0x10
[  250.417024][ T7373]  ? __fget_files+0x2a/0x420
[  250.417043][ T7373]  ? __fget_files+0x3a0/0x420
[  250.417074][ T7373]  __x64_sys_sendmsg+0x19b/0x260
[  250.417105][ T7373]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  250.417142][ T7373]  ? __pfx_ksys_write+0x10/0x10
[  250.417157][ T7373]  ? rcu_is_watching+0x15/0xb0
[  250.417180][ T7373]  ? do_syscall_64+0xbe/0x3b0
[  250.417204][ T7373]  do_syscall_64+0xfa/0x3b0
[  250.417226][ T7373]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  250.417244][ T7373]  ? asm_sysvec_reschedule_ipi+0x1a/0x20
[  250.417262][ T7373]  ? clear_bhb_loop+0x60/0xb0
[  250.417284][ T7373]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  250.417302][ T7373] RIP: 0033:0x7fe23df8ebe9
[  250.417318][ T7373] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  250.417333][ T7373] RSP: 002b:00007fe23ee0c038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  250.417352][ T7373] RAX: ffffffffffffffda RBX: 00007fe23e1b5fa0 RCX: 00007fe23df8ebe9
[  250.417365][ T7373] RDX: 0000000000000000 RSI: 0000200000000100 RDI: 0000000000000004
[  250.417385][ T7373] RBP: 00007fe23ee0c090 R08: 0000000000000000 R09: 0000000000000000
[  250.417396][ T7373] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  250.417407][ T7373] R13: 00007fe23e1b6038 R14: 00007fe23e1b5fa0 R15: 00007ffde9d6ba28
[  250.417435][ T7373]  </TASK>
[  250.818915][ T5983] usb 3-1: reset high-speed USB device number 6 using dummy_hcd
[  252.004909][ T7377] delete_channel: no stack
[  252.054350][ T5848] usb 3-1: USB disconnect, device number 6
[  252.304376][ T7395] netlink: 8 bytes leftover after parsing attributes in process `syz.1.374'.
[  253.312747][ T7395] vlan2: entered allmulticast mode
[  253.340055][ T7395] macvlan0: entered allmulticast mode
[  253.356062][ T7395] veth1_vlan: entered allmulticast mode
[  253.590592][ T5848] usb 3-1: new high-speed USB device number 7 using dummy_hcd
[  255.126306][ T5848] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0
[  255.180573][ T5848] usb 3-1: config 1 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0
[  255.190267][ T5848] usb 3-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  255.423308][ T7423] netlink: 384 bytes leftover after parsing attributes in process `syz.1.381'.
[  255.432792][ T7423] netlink: 'syz.1.381': attribute type 2 has an invalid length.
[  256.242351][ T1300] ieee802154 phy0 wpan0: encryption failed: -22
[  256.248807][ T1300] ieee802154 phy1 wpan1: encryption failed: -22
[  257.323839][ T7429] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[  257.435985][ T5848] usb 3-1: string descriptor 0 read error: -71
[  257.531403][ T5848] usb 3-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.41
[  257.840586][ T5848] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=11
[  257.928457][ T5848] usb 3-1: can't set config #1, error -71
[  257.998789][ T5848] usb 3-1: USB disconnect, device number 7
[  258.851260][ T5983] usb 5-1: new high-speed USB device number 16 using dummy_hcd
[  259.578901][ T5983] usb 5-1: New USB device found, idVendor=09e1, idProduct=0521, bcdDevice=40.c1
[  259.690322][ T5983] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  259.860805][ T5983] usb 5-1: Product: syz
[  259.879146][ T5983] usb 5-1: Manufacturer: syz
[  259.910688][ T5983] usb 5-1: SerialNumber: syz
[  259.926079][ T5983] usb 5-1: config 0 descriptor??
[  260.532811][ T5907] usb 2-1: new high-speed USB device number 6 using dummy_hcd
[  260.578952][   T30] kauditd_printk_skb: 4 callbacks suppressed
[  260.578969][   T30] audit: type=1326 audit(1755607520.030:16): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7436 comm="syz.4.385" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f562918ebe9 code=0x7ffc0000
[  260.636744][   T30] audit: type=1326 audit(1755607520.030:17): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7436 comm="syz.4.385" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f562918ebe9 code=0x7ffc0000
[  260.658449][   T30] audit: type=1326 audit(1755607520.030:18): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7436 comm="syz.4.385" exe="/root/syz-executor" sig=0 arch=c000003e syscall=33 compat=0 ip=0x7f562918ebe9 code=0x7ffc0000
[  260.696950][   T30] audit: type=1326 audit(1755607520.030:19): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7436 comm="syz.4.385" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f562918ebe9 code=0x7ffc0000
[  260.731236][   T30] audit: type=1326 audit(1755607520.030:20): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7436 comm="syz.4.385" exe="/root/syz-executor" sig=0 arch=c000003e syscall=44 compat=0 ip=0x7f5629190a7c code=0x7ffc0000
[  260.740996][ T5983] usb 1-1: new full-speed USB device number 6 using dummy_hcd
[  260.763762][   T30] audit: type=1326 audit(1755607520.030:21): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7436 comm="syz.4.385" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f562918ebe9 code=0x7ffc0000
[  260.785718][ T5907] usb 2-1: Using ep0 maxpacket: 16
[  260.805625][   T30] audit: type=1326 audit(1755607520.030:22): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7436 comm="syz.4.385" exe="/root/syz-executor" sig=0 arch=c000003e syscall=46 compat=0 ip=0x7f562918ebe9 code=0x7ffc0000
[  260.827684][ T5907] usb 2-1: config 0 interface 0 altsetting 2 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  260.839034][ T5907] usb 2-1: config 0 interface 0 altsetting 2 endpoint 0x81 has invalid wMaxPacketSize 0
[  260.854625][ T5907] usb 2-1: config 0 interface 0 has no altsetting 0
[  260.864046][ T5907] usb 2-1: New USB device found, idVendor=056a, idProduct=0331, bcdDevice= 0.00
[  260.874085][   T30] audit: type=1326 audit(1755607520.030:23): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7436 comm="syz.4.385" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f562918ebe9 code=0x7ffc0000
[  260.897846][ T5907] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  260.907853][   T30] audit: type=1326 audit(1755607520.030:24): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7436 comm="syz.4.385" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f562918ebe9 code=0x7ffc0000
[  260.939924][ T5907] usb 2-1: config 0 descriptor??
[  260.945255][   T30] audit: type=1326 audit(1755607520.030:25): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7436 comm="syz.4.385" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f562918ebe9 code=0x7ffc0000
[  261.092243][ T5983] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  261.109903][ T5983] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 10
[  261.123684][ T5983] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x2 has invalid wMaxPacketSize 0
[  261.133673][ T5983] usb 1-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 5
[  261.152392][ T5983] usb 1-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42
[  261.166693][ T5983] usb 1-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0
[  261.176809][ T5983] usb 1-1: Manufacturer: syz
[  261.191845][ T5983] usb 1-1: config 0 descriptor??
[  261.289552][ T5907] usbhid 2-1:0.0: can't add hid device: -71
[  261.296775][ T5907] usbhid 2-1:0.0: probe with driver usbhid failed with error -71
[  261.309867][ T7447] delete_channel: no stack
[  261.346692][ T5907] usb 2-1: USB disconnect, device number 6
[  261.497784][ T5983] rc_core: IR keymap rc-hauppauge not found
[  261.506164][ T5983] Registered IR keymap rc-empty
[  261.520174][ T5983] mceusb 1-1:0.0: Error: mce write submit urb error = -90
[  261.672702][ T5983] mceusb 1-1:0.0: Error: mce write submit urb error = -90
[  261.702170][ T5983] rc rc0: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/rc/rc0
[  261.723685][ T7466] netlink: 'syz.3.391': attribute type 21 has an invalid length.
[  261.731565][ T7466] IPv6: NLM_F_CREATE should be specified when creating new route
[  261.797496][ T5983] input: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/rc/rc0/input7
[  261.825598][ T5907] usb 5-1: USB disconnect, device number 16
[  261.855080][ T5983] mceusb 1-1:0.0: Error: mce write submit urb error = -90
[  261.953647][ T5983] mceusb 1-1:0.0: Error: mce write submit urb error = -90
[  261.980624][ T5983] mceusb 1-1:0.0: Error: mce write submit urb error = -90
[  262.000661][ T5983] mceusb 1-1:0.0: Error: mce write submit urb error = -90
[  262.064885][ T5983] mceusb 1-1:0.0: Error: mce write submit urb error = -90
[  262.122324][ T5983] mceusb 1-1:0.0: Error: mce write submit urb error = -90
[  262.166197][ T5983] mceusb 1-1:0.0: Error: mce write submit urb error = -90
[  262.200622][ T5983] mceusb 1-1:0.0: Error: mce write submit urb error = -90
[  262.230620][ T5983] mceusb 1-1:0.0: Error: mce write submit urb error = -90
[  262.283557][ T5983] mceusb 1-1:0.0: Error: mce write submit urb error = -90
[  262.323597][ T5983] mceusb 1-1:0.0: Registered 424242424242 with mce emulator interface version 1
[  262.335720][ T5983] mceusb 1-1:0.0: 2 tx ports (0x0 cabled) and 2 rx sensors (0x0 active)
[  262.350064][ T5983] usb 1-1: USB disconnect, device number 6
[  262.460584][ T5928] usb 5-1: new full-speed USB device number 17 using dummy_hcd
[  262.675532][ T7483] netlink: 16 bytes leftover after parsing attributes in process `syz.3.396'.
[  262.765474][ T5928] usb 5-1: config 0 has an invalid interface number: 213 but max is 0
[  262.795107][ T5928] usb 5-1: config 0 has no interface number 0
[  262.813882][ T5928] usb 5-1: New USB device found, idVendor=0079, idProduct=85eb, bcdDevice=90.b7
[  262.828264][ T5928] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  263.021518][ T5928] usb 5-1: Product: syz
[  263.025720][ T5928] usb 5-1: Manufacturer: syz
[  263.030326][ T5928] usb 5-1: SerialNumber: syz
[  263.040183][ T5928] usb 5-1: config 0 descriptor??
[  263.912191][ T7492] openvswitch: netlink: IP tunnel attribute has 20 unknown bytes.
[  264.076804][ T5907] usb 5-1: USB disconnect, device number 17
[  265.680771][ T5848] usb 5-1: new high-speed USB device number 18 using dummy_hcd
[  265.929819][ T5848] usb 5-1: Using ep0 maxpacket: 16
[  265.953033][ T5848] usb 5-1: config 0 descriptor has 1 excess byte, ignoring
[  265.968824][ T5848] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x4 has invalid maxpacket 65516, setting to 1024
[  266.361538][ T5848] usb 5-1: config 0 interface 0 altsetting 0 bulk endpoint 0x4 has invalid maxpacket 1024
[  266.470363][ T5848] usb 5-1: config 0 interface 0 altsetting 0 bulk endpoint 0x81 has invalid maxpacket 223
[  266.504749][ T5848] usb 5-1: New USB device found, idVendor=04d8, idProduct=0a30, bcdDevice=ce.47
[  266.533359][ T5848] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  266.820677][ T5848] usb 5-1: Product: syz
[  266.982837][ T5848] usb 5-1: Manufacturer: syz
[  266.987488][ T5848] usb 5-1: SerialNumber: syz
[  267.061638][ T5848] usb 5-1: config 0 descriptor??
[  267.068709][ T7507] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22
[  267.108509][ T7507] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22
[  267.214698][    C0] mcba_usb 5-1:0.0 can0: Tx URB aborted (-71)
[  267.231762][ T5848] mcba_usb 5-1:0.0: Microchip CAN BUS Analyzer connected
[  267.239094][    C0] mcba_usb 5-1:0.0 can0: Tx URB aborted (-71)
[  268.173074][ T5848] usb 5-1: USB disconnect, device number 18
[  268.223699][ T5848] mcba_usb 5-1:0.0 can0: device disconnected
[  268.609774][ T7540] openvswitch: netlink: IP tunnel attribute has 20 unknown bytes.
[  270.084873][ T7553] FAULT_INJECTION: forcing a failure.
[  270.084873][ T7553] name failslab, interval 1, probability 0, space 0, times 0
[  270.097949][ T7553] CPU: 0 UID: 0 PID: 7553 Comm: syz.4.415 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) 
[  270.097971][ T7553] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  270.097982][ T7553] Call Trace:
[  270.097990][ T7553]  <TASK>
[  270.097998][ T7553]  dump_stack_lvl+0x189/0x250
[  270.098023][ T7553]  ? __pfx____ratelimit+0x10/0x10
[  270.098044][ T7553]  ? __pfx_dump_stack_lvl+0x10/0x10
[  270.098065][ T7553]  ? __pfx__printk+0x10/0x10
[  270.098092][ T7553]  ? fs_reclaim_acquire+0x7d/0x100
[  270.098123][ T7553]  should_fail_ex+0x414/0x560
[  270.098147][ T7553]  should_failslab+0xa8/0x100
[  270.098169][ T7553]  __kmalloc_node_track_caller_noprof+0xcc/0x4e0
[  270.098193][ T7553]  ? dh_data_from_key+0x15e/0x280
[  270.098261][ T7553]  kmemdup_noprof+0x2b/0x70
[  270.098291][ T7553]  dh_data_from_key+0x15e/0x280
[  270.098327][ T7553]  __keyctl_dh_compute+0x295/0xca0
[  270.098371][ T7553]  ? __pfx___keyctl_dh_compute+0x10/0x10
[  270.098435][ T7553]  ? __schedule+0x16c8/0x4c90
[  270.098467][ T7553]  keyctl_dh_compute+0x109/0x160
[  270.098504][ T7553]  ? __pfx_keyctl_dh_compute+0x10/0x10
[  270.098536][ T7553]  ? preempt_schedule_irq+0xb5/0x150
[  270.098556][ T7553]  ? vfs_write+0x8d8/0xa90
[  270.098581][ T7553]  ? __pfx___schedule+0x10/0x10
[  270.098610][ T7553]  __se_sys_keyctl+0x423/0x910
[  270.098639][ T7553]  ? __pfx___se_sys_keyctl+0x10/0x10
[  270.098667][ T7553]  ? rcu_is_watching+0x15/0xb0
[  270.098692][ T7553]  ? trace_irq_disable+0x37/0x110
[  270.098723][ T7553]  ? preempt_schedule_irq+0xde/0x150
[  270.098744][ T7553]  ? __pfx_preempt_schedule_irq+0x10/0x10
[  270.098774][ T7553]  ? irqentry_exit+0x74/0x90
[  270.098796][ T7553]  ? lockdep_hardirqs_on+0x9c/0x150
[  270.098836][ T7553]  ? __x64_sys_keyctl+0x20/0xc0
[  270.098865][ T7553]  do_syscall_64+0xfa/0x3b0
[  270.098891][ T7553]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  270.098912][ T7553]  ? asm_sysvec_reschedule_ipi+0x1a/0x20
[  270.098933][ T7553]  ? clear_bhb_loop+0x60/0xb0
[  270.098960][ T7553]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  270.098981][ T7553] RIP: 0033:0x7f562918ebe9
[  270.098999][ T7553] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  270.099017][ T7553] RSP: 002b:00007f5629fd1038 EFLAGS: 00000246 ORIG_RAX: 00000000000000fa
[  270.099040][ T7553] RAX: ffffffffffffffda RBX: 00007f56293b6180 RCX: 00007f562918ebe9
[  270.099056][ T7553] RDX: 00002000000000c0 RSI: 0000200000000140 RDI: 0000000000000017
[  270.099070][ T7553] RBP: 00007f5629fd1090 R08: 0000000000000000 R09: 0000000000000000
[  270.099083][ T7553] R10: fffffffffffffe4f R11: 0000000000000246 R12: 0000000000000001
[  270.099097][ T7553] R13: 00007f56293b6218 R14: 00007f56293b6180 R15: 00007fff4baf4138
[  270.099132][ T7553]  </TASK>
[  270.587116][ T7555] Can not set IPV6_FL_F_REFLECT if flowlabel_consistency sysctl is enable
[  275.580620][ T5993] usb 3-1: new high-speed USB device number 8 using dummy_hcd
[  275.809334][ T5993] usb 3-1: New USB device found, idVendor=2c42, idProduct=1709, bcdDevice=ca.b7
[  275.897827][ T5848] usb 2-1: new high-speed USB device number 7 using dummy_hcd
[  275.900071][ T5993] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  275.937220][ T5993] usb 3-1: Product: syz
[  275.946199][ T5993] usb 3-1: Manufacturer: syz
[  275.969745][ T5993] usb 3-1: SerialNumber: syz
[  276.005644][ T5993] usb 3-1: config 0 descriptor??
[  276.060499][ T5848] usb 2-1: Using ep0 maxpacket: 8
[  276.121457][ T5848] usb 2-1: config 162 has an invalid interface number: 84 but max is 2
[  276.156611][ T5848] usb 2-1: config 162 has an invalid interface number: 3 but max is 2
[  276.165467][ T5848] usb 2-1: config 162 has no interface number 0
[  276.185383][ T5848] usb 2-1: config 162 has no interface number 1
[  276.205580][ T5848] usb 2-1: config 162 interface 84 altsetting 2 has 1 endpoint descriptor, different from the interface descriptor's value: 3
[  276.236193][ T5993] usb 3-1: f81604_read: reg: 105 failed: -EREMOTEIO
[  276.256050][ T5848] usb 2-1: config 162 interface 2 altsetting 1 has a duplicate endpoint with address 0x9, skipping
[  276.260629][ T5993] f81604 3-1:0.0: Setting termination of CH#0 failed: -EREMOTEIO
[  276.315086][ T5993] f81604 3-1:0.0: probe with driver f81604 failed with error -121
[  276.323066][ T5848] usb 2-1: config 162 interface 2 altsetting 1 has an endpoint descriptor with address 0xA6, changing to 0x86
[  276.373199][ T5848] usb 2-1: config 162 interface 2 altsetting 1 endpoint 0x86 has invalid maxpacket 23105, setting to 1024
[  276.414971][ T5848] usb 2-1: config 162 interface 2 altsetting 1 bulk endpoint 0x86 has invalid maxpacket 1024
[  276.445637][ T5848] usb 2-1: config 162 interface 2 altsetting 1 has 5 endpoint descriptors, different from the interface descriptor's value: 4
[  276.479292][ T5848] usb 2-1: config 162 interface 84 has no altsetting 0
[  276.499609][ T5848] usb 2-1: config 162 interface 2 has no altsetting 0
[  276.519886][ T5848] usb 2-1: config 162 interface 3 has no altsetting 0
[  276.542301][ T5848] usb 2-1: New USB device found, idVendor=0e8d, idProduct=763f, bcdDevice=9b.23
[  276.580531][ T5848] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  276.588559][ T5848] usb 2-1: Product: syz
[  276.613089][ T5848] usb 2-1: Manufacturer: syz
[  276.617721][ T5848] usb 2-1: SerialNumber: syz
[  277.304272][ T5844] Bluetooth: hci5: Opcode 0x0c03 failed: -71
[  277.310569][ T5848] usb 2-1: USB disconnect, device number 7
[  277.820955][ T5928] usb 3-1: USB disconnect, device number 8
[  280.529790][ T7629] FAULT_INJECTION: forcing a failure.
[  280.529790][ T7629] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  280.544858][ T7629] CPU: 1 UID: 0 PID: 7629 Comm: syz.2.438 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) 
[  280.544887][ T7629] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  280.544898][ T7629] Call Trace:
[  280.544905][ T7629]  <TASK>
[  280.544912][ T7629]  dump_stack_lvl+0x189/0x250
[  280.544937][ T7629]  ? __pfx____ratelimit+0x10/0x10
[  280.544958][ T7629]  ? __pfx_dump_stack_lvl+0x10/0x10
[  280.544979][ T7629]  ? __pfx__printk+0x10/0x10
[  280.545015][ T7629]  should_fail_ex+0x414/0x560
[  280.545039][ T7629]  _copy_to_user+0x31/0xb0
[  280.545066][ T7629]  simple_read_from_buffer+0xe1/0x170
[  280.545091][ T7629]  proc_fail_nth_read+0x1df/0x250
[  280.545116][ T7629]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  280.545141][ T7629]  ? rw_verify_area+0x258/0x650
[  280.545169][ T7629]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  280.545193][ T7629]  vfs_read+0x200/0x980
[  280.545226][ T7629]  ? __pfx___mutex_lock+0x10/0x10
[  280.545248][ T7629]  ? __pfx_vfs_read+0x10/0x10
[  280.545277][ T7629]  ? __fget_files+0x2a/0x420
[  280.545302][ T7629]  ? __fget_files+0x3a0/0x420
[  280.545321][ T7629]  ? __fget_files+0x2a/0x420
[  280.545350][ T7629]  ksys_read+0x145/0x250
[  280.545369][ T7629]  ? __pfx_ksys_read+0x10/0x10
[  280.545391][ T7629]  ? do_syscall_64+0xbe/0x3b0
[  280.545415][ T7629]  do_syscall_64+0xfa/0x3b0
[  280.545434][ T7629]  ? lockdep_hardirqs_on+0x9c/0x150
[  280.545454][ T7629]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  280.545472][ T7629]  ? clear_bhb_loop+0x60/0xb0
[  280.545494][ T7629]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  280.545512][ T7629] RIP: 0033:0x7f0b5af8d5fc
[  280.545528][ T7629] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[  280.545543][ T7629] RSP: 002b:00007f0b591ee030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  280.545557][ T7629] RAX: ffffffffffffffda RBX: 00007f0b5b1b5fa0 RCX: 00007f0b5af8d5fc
[  280.545566][ T7629] RDX: 000000000000000f RSI: 00007f0b591ee0a0 RDI: 0000000000000006
[  280.545574][ T7629] RBP: 00007f0b591ee090 R08: 0000000000000000 R09: 0000000000000000
[  280.545582][ T7629] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  280.545589][ T7629] R13: 00007f0b5b1b6038 R14: 00007f0b5b1b5fa0 R15: 00007ffd465419c8
[  280.545609][ T7629]  </TASK>
[  280.829633][ T7631] netlink: 16402 bytes leftover after parsing attributes in process `syz.1.439'.
[  283.148808][ T7612] syz.0.432 (7612): drop_caches: 2
[  283.169999][ T7645] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[  284.225336][ T7659] ieee802154 phy0 wpan0: encryption failed: -22
[  286.359797][   T30] kauditd_printk_skb: 17 callbacks suppressed
[  286.359814][   T30] audit: type=1326 audit(286.307:43): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7675 comm="syz.1.451" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f22b798ebe9 code=0x7ffc0000
[  286.448494][ T7676] audit: audit_lost=1 audit_rate_limit=0 audit_backlog_limit=64
[  286.516360][ T7676] audit: out of memory in audit_log_start
[  286.603218][   T30] audit: type=1326 audit(286.307:44): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7675 comm="syz.1.451" exe="/root/syz-executor" sig=0 arch=c000003e syscall=23 compat=0 ip=0x7f22b798ebe9 code=0x7ffc0000
[  286.624545][   T30] audit: type=1326 audit(286.307:45): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7675 comm="syz.1.451" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f22b798ebe9 code=0x7ffc0000
[  286.645888][   T30] audit: type=1326 audit(286.307:46): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7675 comm="syz.1.451" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f22b798ebe9 code=0x7ffc0000
[  286.680525][   T30] audit: type=1326 audit(286.307:47): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7675 comm="syz.1.451" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f22b798ebe9 code=0x7ffc0000
[  287.430546][   T30] audit: type=1326 audit(286.317:48): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7675 comm="syz.1.451" exe="/root/syz-executor" sig=0 arch=c000003e syscall=55 compat=0 ip=0x7f22b798ebe9 code=0x7ffc0000
[  287.451282][   T30] audit: type=1326 audit(286.317:49): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7675 comm="syz.1.451" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f22b798ebe9 code=0x7ffc0000
[  287.565799][   T30] audit: type=1326 audit(286.317:50): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7675 comm="syz.1.451" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f22b798ebe9 code=0x7ffc0000
[  288.622934][ T7693] ieee802154 phy0 wpan0: encryption failed: -22
[  294.999731][ T7738] sp0: Synchronizing with TNC
[  297.035119][ T7746] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[  299.490791][ T5907] usb 3-1: new high-speed USB device number 9 using dummy_hcd
[  299.528768][ T7779] tipc: Failed to remove unknown binding: 66,1,1/0:521582018/521582020
[  299.537691][ T7779] tipc: Failed to remove unknown binding: 66,1,1/0:521582018/521582020
[  299.762291][ T5907] usb 3-1: too many configurations: 13, using maximum allowed: 8
[  299.954909][ T5907] usb 3-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08
[  300.001198][ T5907] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  300.026059][ T5907] usb 3-1: Product: syz
[  300.470544][ T5907] usb 3-1: Manufacturer: syz
[  300.475303][ T5907] usb 3-1: SerialNumber: syz
[  300.716766][ T5907] usb 3-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested
[  300.851269][ T5907] usb 3-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008
[  302.014050][ T7772] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  302.534068][ T5907] ath9k_htc 3-1:1.0: ath9k_htc: Target is unresponsive
[  302.567169][ T5907] ath9k_htc: Failed to initialize the device
[  302.622730][ T5907] usb 3-1: ath9k_htc: USB layer deinitialized
[  302.632154][ T7772] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  303.818104][ T7807] tipc: Failed to remove unknown binding: 66,1,1/0:406842807/406842809
[  303.826790][ T7807] tipc: Failed to remove unknown binding: 66,1,1/0:406842807/406842809
[  304.341852][  T979] usb 3-1: USB disconnect, device number 9
[  304.620534][ T5848] usb 4-1: new high-speed USB device number 5 using dummy_hcd
[  304.917072][ T5848] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 97, changing to 10
[  304.943648][ T5848] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 24929, setting to 1024
[  305.011314][ T5848] usb 4-1: New USB device found, idVendor=0d8c, idProduct=0022, bcdDevice= 0.00
[  305.028922][ T5848] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  305.245680][ T5848] usb 4-1: config 0 descriptor??
[  305.486568][ T7839] tipc: Failed to remove unknown binding: 66,1,1/7:2009534697/2009534699
[  305.495285][ T7839] tipc: Failed to remove unknown binding: 66,1,1/7:2009534697/2009534699
[  306.036614][ T5848] cm6533_jd 0003:0D8C:0022.0002: unknown main item tag 0x0
[  306.074557][ T5848] cm6533_jd 0003:0D8C:0022.0002: unknown main item tag 0x0
[  306.216943][ T5848] input: HID 0d8c:0022 as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/0003:0D8C:0022.0002/input/input8
[  307.012573][ T5848] cm6533_jd 0003:0D8C:0022.0002: input,hiddev0,hidraw0: USB HID v0.00 Device [HID 0d8c:0022] on usb-dummy_hcd.3-1/input0
[  307.422003][ T7852] cramfs: Unknown parameter 'discard'
[  308.009611][ T5848] usb 4-1: USB disconnect, device number 5
[  308.745101][ T7853] fido_id[7853]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.3/usb4/report_descriptor': No such file or directory
[  308.939514][ T7870] sysfs: Unknown parameter 'tS'
[  309.630809][ T5848] usb 2-1: new high-speed USB device number 8 using dummy_hcd
[  310.283604][ T5848] usb 2-1: Using ep0 maxpacket: 32
[  310.411286][ T5848] usb 2-1: config 0 has an invalid interface number: 235 but max is 0
[  310.419504][ T5848] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  310.435413][ T5848] usb 2-1: config 0 has 2 interfaces, different from the descriptor's value: 1
[  310.453736][ T5848] usb 2-1: config 0 has no interface number 1
[  310.480529][ T5848] usb 2-1: config 0 interface 235 altsetting 0 endpoint 0x1 has invalid maxpacket 1024, setting to 64
[  310.532014][ T5848] usb 2-1: config 0 interface 235 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  310.712002][ T5848] usb 2-1: New USB device found, idVendor=085a, idProduct=0009, bcdDevice=a3.47
[  310.724572][ T5848] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  310.732653][ T5848] usb 2-1: Product: syz
[  310.736834][ T5848] usb 2-1: Manufacturer: syz
[  311.004242][ T5848] usb 2-1: SerialNumber: syz
[  311.022246][ T5848] usb 2-1: config 0 descriptor??
[  311.525262][ T5848] kaweth 2-1:0.235: Firmware present in device.
[  311.740078][ T7875] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  312.910793][   T30] kauditd_printk_skb: 40 callbacks suppressed
[  312.910829][   T30] audit: type=1800 audit(311.787:91): pid=7905 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed comm="syz.4.513" name="bus" dev="ramfs" ino=16394 res=0 errno=0
[  313.566825][ T7875] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  314.344981][ T5848] kaweth 2-1:0.235: Error reading configuration (-71), no net device created
[  314.399798][ T5848] kaweth 2-1:0.235: probe with driver kaweth failed with error -5
[  314.714107][ T7922] openvswitch: netlink: IP tunnel attribute has 20 unknown bytes.
[  315.497898][ T5848] kaweth 2-1:0.0: Firmware present in device.
[  315.530696][ T5848] kaweth 2-1:0.0: Error reading configuration (-71), no net device created
[  315.551729][ T5848] kaweth 2-1:0.0: probe with driver kaweth failed with error -5
[  316.739910][ T5848] usb 2-1: USB disconnect, device number 8
[  317.014100][ T1300] ieee802154 phy0 wpan0: encryption failed: -22
[  317.020616][ T1300] ieee802154 phy1 wpan1: encryption failed: -22
[  317.259936][ T7931] netlink: 8 bytes leftover after parsing attributes in process `syz.1.519'.
[  317.894456][ T7943] netlink: 'syz.4.521': attribute type 5 has an invalid length.
[  318.171897][ T7952] netlink: 4 bytes leftover after parsing attributes in process `syz.1.523'.
[  321.876552][ T7982] netlink: 8 bytes leftover after parsing attributes in process `syz.0.529'.
[  323.268051][ T8000] netlink: 40 bytes leftover after parsing attributes in process `syz.4.534'.
[  323.703950][ T8017] netlink: 28 bytes leftover after parsing attributes in process `syz.4.534'.
[  323.735826][ T8017] netlink: 28 bytes leftover after parsing attributes in process `syz.4.534'.
[  323.777709][ T8017] netlink: 28 bytes leftover after parsing attributes in process `syz.4.534'.
[  324.573339][ T8029] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  326.456955][ T8055] netlink: 24 bytes leftover after parsing attributes in process `syz.1.548'.
[  326.509915][ T8055] netlink: 48 bytes leftover after parsing attributes in process `syz.1.548'.
[  329.307728][ T8076] netlink: 31 bytes leftover after parsing attributes in process `syz.0.552'.
[  330.254553][ T8086] veth1_macvtap: left promiscuous mode
[  330.260151][ T8086] macsec0: entered allmulticast mode
[  330.724034][ T8090] 8021q: adding VLAN 0 to HW filter on device bond1
[  330.761926][ T8090] team0: Port device bond1 added
[  331.099038][ T8099] netlink: 36 bytes leftover after parsing attributes in process `syz.4.559'.
[  331.600484][ T8108] netlink: 12 bytes leftover after parsing attributes in process `syz.0.562'.
[  332.126877][ T8112] /dev/nullb0: Can't open blockdev
[  332.358417][ T8114] loop5: detected capacity change from 0 to 7
[  332.522518][ T8107] hfsplus: unable to find HFS+ superblock
[  333.214625][ T8114] Dev loop5: unable to read RDB block 7
[  333.222097][ T8114]  loop5: unable to read partition table
[  333.254571][ T8114] loop5: partition table beyond EOD, truncated
[  333.290565][ T8114] loop_reread_partitions: partition scan of loop5 (���������C�j̖�P=ý?�}X���	���%��`��ր���{��֐�ȵ4FLQk݊) failed (rc=-5)
[  333.618649][    C0] invalid error, dev loop5, sector 0 op 0x1:(WRITE) flags 0x800 phys_seg 1 prio class 0
[  333.628544][    C0] Buffer I/O error on dev loop5, logical block 0, lost async page write
[  336.401217][ T8161] netlink: 'syz.1.575': attribute type 11 has an invalid length.
[  337.540527][ T8165] usb usb8: usbfs: process 8165 (syz.3.576) did not claim interface 0 before use
[  337.767552][ T8168] usb usb8: usbfs: process 8168 (syz.1.579) did not claim interface 0 before use
[  339.227993][ T5844] Bluetooth: hci4: unexpected event for opcode 0x202a
[  339.750517][ T5848] usb 3-1: new high-speed USB device number 10 using dummy_hcd
[  340.352547][ T5848] usb 3-1: Using ep0 maxpacket: 8
[  340.362680][ T5848] usb 3-1: config 0 has an invalid interface number: 126 but max is 0
[  340.371929][ T5848] usb 3-1: config 0 has no interface number 0
[  340.378110][ T5848] usb 3-1: config 0 interface 126 has no altsetting 0
[  340.394682][ T5848] usb 3-1: New USB device found, idVendor=0547, idProduct=7303, bcdDevice=fa.3e
[  340.427055][ T5848] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  340.468115][ T5848] usb 3-1: Product: syz
[  340.536272][ T5848] usb 3-1: Manufacturer: syz
[  340.548414][ T5848] usb 3-1: SerialNumber: syz
[  340.575441][ T5848] usb 3-1: config 0 descriptor??
[  340.594820][ T5848] gspca_main: dtcs033-2.14.0 probing 0547:7303
[  341.056138][ T5848] usb 3-1: USB disconnect, device number 10
[  341.432084][ T8206] usb usb8: usbfs: process 8206 (syz.3.590) did not claim interface 0 before use
[  342.908798][ T8220] openvswitch: netlink: IP tunnel attribute has 20 unknown bytes.
[  345.413311][ T8232] bridge0: port 2(bridge_slave_1) entered disabled state
[  345.421951][ T8232] bridge0: port 1(bridge_slave_0) entered disabled state
[  345.641002][ T5848] usb 2-1: new high-speed USB device number 9 using dummy_hcd
[  345.785642][ T8232] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  345.830510][ T5848] usb 2-1: Using ep0 maxpacket: 8
[  345.839204][ T8232] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  345.852497][ T5848] usb 2-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  345.865915][ T5848] usb 2-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  345.885992][ T5848] usb 2-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  345.910705][ T5848] usb 2-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  345.930549][ T5848] usb 2-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  345.949973][ T5848] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  346.184345][ T5848] usb 2-1: GET_CAPABILITIES returned 0
[  346.201823][ T5848] usbtmc 2-1:16.0: can't read capabilities
[  346.228105][ T8232] netdevsim netdevsim3 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0
[  346.250220][ T8232] netdevsim netdevsim3 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0
[  346.269679][ T8232] netdevsim netdevsim3 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0
[  346.289965][ T8232] netdevsim netdevsim3 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0
[  346.459320][ T5920] usb 2-1: USB disconnect, device number 9
[  347.794913][ T8274] netlink: 28 bytes leftover after parsing attributes in process `syz.0.606'.
[  347.804224][ T8274] netlink: 28 bytes leftover after parsing attributes in process `syz.0.606'.
[  348.349508][ T5920] libceph: connect (1)[c::]:6789 error -101
[  348.373125][ T8276] ceph: No mds server is up or the cluster is laggy
[  348.393910][ T5920] libceph: mon0 (1)[c::]:6789 connect error
[  348.551617][ T5928] usb 5-1: new high-speed USB device number 19 using dummy_hcd
[  348.765552][ T5928] usb 5-1: Using ep0 maxpacket: 32
[  348.778289][ T5928] usb 5-1: config 0 has an invalid interface number: 1 but max is 0
[  348.786740][ T5928] usb 5-1: config 0 has no interface number 0
[  348.807949][ T5928] usb 5-1: New USB device found, idVendor=8086, idProduct=9500, bcdDevice=b6.d8
[  348.819705][ T5928] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  348.830524][ T5928] usb 5-1: Product: syz
[  348.834745][ T5928] usb 5-1: Manufacturer: syz
[  348.841202][ T5928] usb 5-1: SerialNumber: syz
[  348.849473][ T5928] usb 5-1: config 0 descriptor??
[  348.861631][ T5928] usb 5-1: dvb_usb_v2: found a 'Intel CE9500 reference design' in warm state
[  348.876610][ T5928] usb 5-1: selecting invalid altsetting 1
[  348.884847][ T5928] usb 5-1: dvb_usb_ce6230: usb_set_interface() failed=-22
[  349.022891][ T5928] usb 5-1: dvb_usb_v2: will pass the complete MPEG2 transport stream to the software demuxer
[  349.048447][ T5928] dvbdev: DVB: registering new adapter (Intel CE9500 reference design)
[  349.080543][ T5928] usb 5-1: media controller created
[  349.127755][ T5928] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  350.450865][ T5928] usb 5-1: dvb_usb_ce6230: usb_control_msg() failed=-110
[  350.471508][ T8295] usb 5-1: dvb_usb_ce6230: usb_control_msg() failed=-32
[  350.760947][ T5928] zl10353_read_register: readreg error (reg=127, ret==-110)
[  351.595332][ T8289] syz.1.613 (8289): drop_caches: 2
[  351.601952][ T5928] usb 5-1: USB disconnect, device number 19
[  352.070775][ T8305] fanotify: failed to encode fid (type=0, len=0, err=-2)
[  352.079986][ T8305] fanotify: failed to encode fid (type=0, len=0, err=-2)
[  352.096844][ T8305] fanotify: failed to encode fid (type=0, len=0, err=-2)
[  352.107027][ T8305] fanotify: failed to encode fid (type=0, len=0, err=-2)
[  352.117503][ T8305] fanotify: failed to encode fid (type=0, len=0, err=-2)
[  352.126527][ T8305] fanotify: failed to encode fid (type=0, len=0, err=-2)
[  352.154277][ T8305] fanotify: failed to encode fid (type=0, len=0, err=-2)
[  352.513636][ T8305] fanotify: failed to encode fid (type=0, len=0, err=-2)
[  352.730623][ T8317] netlink: 'syz.2.621': attribute type 10 has an invalid length.
[  352.952405][ T8317] bond0: (slave wlan1): Enslaving as an active interface with an up link
[  353.799819][ T8327] hfsplus: unable to find HFS+ superblock
[  355.843072][ T8337] netlink: 8 bytes leftover after parsing attributes in process `syz.0.627'.
[  355.854233][ T8337] netlink: 12 bytes leftover after parsing attributes in process `syz.0.627'.
[  357.597310][ T8359] openvswitch: netlink: IP tunnel attribute has 20 unknown bytes.
[  358.488489][ T8361] tipc: Failed to remove unknown binding: 66,1,1/0:1705150272/1705150274
[  358.497643][ T8361] tipc: Failed to remove unknown binding: 66,1,1/0:1705150272/1705150274
[  358.811367][ T8367] netlink: 8 bytes leftover after parsing attributes in process `syz.1.634'.
[  359.340508][ T5920] usb 4-1: new high-speed USB device number 6 using dummy_hcd
[  359.751905][ T8383] hfsplus: unable to find HFS+ superblock
[  360.449386][ T5920] usb 4-1: Using ep0 maxpacket: 8
[  360.470986][ T5920] usb 4-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xAD, changing to 0x8D
[  360.568741][ T8390] netlink: 384 bytes leftover after parsing attributes in process `syz.4.641'.
[  360.577919][ T8390] netlink: 'syz.4.641': attribute type 2 has an invalid length.
[  360.595929][ T5920] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x8D has invalid wMaxPacketSize 0
[  361.564984][ T5920] usb 4-1: config 0 interface 0 altsetting 0 bulk endpoint 0x8D has invalid maxpacket 0
[  361.574900][ T5920] usb 4-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0x93, changing to 0x83
[  361.586400][ T5920] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x83 has invalid wMaxPacketSize 0
[  361.598626][ T5920] usb 4-1: New USB device found, idVendor=0bfd, idProduct=0124, bcdDevice=3a.9f
[  361.607871][ T5920] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  361.696996][ T8393] hfsplus: unable to find HFS+ superblock
[  361.880296][ T5920] usb 4-1: Product: syz
[  361.884816][ T5920] usb 4-1: Manufacturer: syz
[  361.889442][ T5920] usb 4-1: SerialNumber: syz
[  361.930764][ T5920] usb 4-1: config 0 descriptor??
[  362.384897][ T5920] usb 4-1: can't set config #0, error -71
[  362.660333][ T5920] usb 4-1: USB disconnect, device number 6
[  363.309674][ T8410] openvswitch: netlink: IP tunnel attribute has 20 unknown bytes.
[  364.055993][ T8412] netlink: 'syz.1.646': attribute type 1 has an invalid length.
[  364.175197][ T8412] netlink: 'syz.1.646': attribute type 4 has an invalid length.
[  364.263172][ T8412] netlink: 9462 bytes leftover after parsing attributes in process `syz.1.646'.
[  364.738062][ T8423] fuse: Bad value for 'fd'
[  365.892967][ T8439] netlink: 'syz.0.653': attribute type 21 has an invalid length.
[  365.900832][ T8439] IPv6: NLM_F_CREATE should be specified when creating new route
[  366.077353][ T8441] No such timeout policy "syz0"
[  368.934356][ T8443] netlink: 28 bytes leftover after parsing attributes in process `syz.4.655'.
[  368.943368][ T8443] netlink: 28 bytes leftover after parsing attributes in process `syz.4.655'.
[  369.156548][ T8456] netlink: 96 bytes leftover after parsing attributes in process `syz.2.657'.
[  369.529990][ T8465] openvswitch: netlink: IP tunnel attribute has 20 unknown bytes.
[  370.326112][ T8461] syzkaller0: entered promiscuous mode
[  370.389370][ T8461] syzkaller0: entered allmulticast mode
[  372.481017][   T30] audit: type=1326 audit(372.417:92): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8498 comm="syz.4.671" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f562918ebe9 code=0x0
[  373.481240][ T5848] usb 4-1: new high-speed USB device number 7 using dummy_hcd
[  374.447994][ T8520] openvswitch: netlink: IP tunnel attribute has 20 unknown bytes.
[  374.561070][ T5848] usb 4-1: Using ep0 maxpacket: 16
[  374.568016][ T5848] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  374.578359][ T5848] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 3
[  374.589625][ T5848] usb 4-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  374.716105][ T5848] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  374.887758][ T5848] usb 4-1: Product: syz
[  374.898483][ T5848] usb 4-1: Manufacturer: syz
[  374.903479][ T5848] usb 4-1: SerialNumber: syz
[  375.758426][ T8536] tipc: Failed to remove unknown binding: 66,1,1/3757063124:1999974846/1999974848
[  375.767879][ T8536] tipc: Failed to remove unknown binding: 66,1,1/3757063124:1999974846/1999974848
[  376.281905][ T5848] usb 4-1: 0:2 : does not exist
[  377.373765][ T5848] usb 4-1: USB disconnect, device number 7
[  377.510496][  T979] usb 2-1: new high-speed USB device number 10 using dummy_hcd
[  378.947070][  T979] usb 2-1: Using ep0 maxpacket: 32
[  378.959200][ T6138] udevd[6138]: error opening ATTR{/sys/devices/platform/dummy_hcd.3/usb4/4-1/4-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  379.003029][ T1300] ieee802154 phy0 wpan0: encryption failed: -22
[  379.009380][ T1300] ieee802154 phy1 wpan1: encryption failed: -22
[  379.041795][  T979] usb 2-1: config 0 has no interfaces?
[  379.058818][  T979] usb 2-1: New USB device found, idVendor=8086, idProduct=9500, bcdDevice=b6.d8
[  379.110000][  T979] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  379.160653][  T979] usb 2-1: Product: syz
[  379.175081][  T979] usb 2-1: Manufacturer: syz
[  379.179723][  T979] usb 2-1: SerialNumber: syz
[  379.692836][ T8566] x_tables: duplicate underflow at hook 2
[  380.390124][  T979] usb 2-1: config 0 descriptor??
[  380.401953][  T979] usb 2-1: can't set config #0, error -71
[  380.421308][  T979] usb 2-1: USB disconnect, device number 10
[  382.364844][ T8574] usb usb8: usbfs: process 8574 (syz.1.687) did not claim interface 0 before use
[  386.867013][ T8637] vivid-002: disconnect
[  386.879022][ T8637] Bluetooth: MGMT ver 1.23
[  388.452449][ T8633] vivid-002: reconnect
[  389.289200][ T8653] netlink: 68 bytes leftover after parsing attributes in process `syz.3.706'.
[  389.298635][ T5960] usb 1-1: new high-speed USB device number 7 using dummy_hcd
[  389.474141][ T5960] usb 1-1: config 0 has an invalid interface number: 109 but max is 0
[  389.490264][ T5960] usb 1-1: config 0 has no interface number 0
[  389.569150][ T5960] usb 1-1: too many endpoints for config 0 interface 109 altsetting 100: 53, using maximum allowed: 30
[  389.750920][ T5960] usb 1-1: config 0 interface 109 altsetting 100 has 0 endpoint descriptors, different from the interface descriptor's value: 53
[  390.091295][ T5960] usb 1-1: config 0 interface 109 has no altsetting 0
[  390.101203][ T5960] usb 1-1: New USB device found, idVendor=0c45, idProduct=6005, bcdDevice=b5.55
[  390.111231][ T5960] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  390.119256][ T5960] usb 1-1: Product: syz
[  390.135711][ T5960] usb 1-1: Manufacturer: syz
[  390.140687][ T5960] usb 1-1: SerialNumber: syz
[  390.174200][ T5960] usb 1-1: config 0 descriptor??
[  390.204843][ T5960] gspca_main: sonixb-2.14.0 probing 0c45:6005
[  390.484960][ T8660] x_tables: duplicate underflow at hook 2
[  390.983274][ T5960] usb 1-1: USB disconnect, device number 7
[  391.125277][ T8668] ubi31: attaching mtd0
[  391.132093][ T8668] ubi31: scanning is finished
[  391.136804][ T8668] ubi31: empty MTD device detected
[  391.357699][ T8668] ubi31: attached mtd0 (name "mtdram test device", size 0 MiB)
[  391.365345][ T8668] ubi31: PEB size: 4096 bytes (4 KiB), LEB size: 3968 bytes
[  391.372752][ T8668] ubi31: min./max. I/O unit sizes: 1/64, sub-page size 1
[  391.379803][ T8668] ubi31: VID header offset: 64 (aligned 64), data offset: 128
[  391.387383][ T8668] ubi31: good PEBs: 32, bad PEBs: 0, corrupted PEBs: 0
[  391.394300][ T8668] ubi31: user volume: 0, internal volumes: 1, max. volumes count: 23
[  391.402408][ T8668] ubi31: max/mean erase counter: 0/0, WL threshold: 4096, image sequence number: 3288576985
[  391.412606][ T8668] ubi31: available PEBs: 28, total reserved PEBs: 4, PEBs reserved for bad PEB handling: 0
[  391.432040][ T8673] ubi31: background thread "ubi_bgt31d" started, PID 8673
[  393.613705][ T8693] netlink: 16 bytes leftover after parsing attributes in process `syz.0.716'.
[  394.014097][ T8694] netlink: 48 bytes leftover after parsing attributes in process `syz.2.715'.
[  394.152094][ T8701] hfsplus: unable to find HFS+ superblock
[  394.169680][ T8701] netlink: 12 bytes leftover after parsing attributes in process `syz.1.717'.
[  395.414141][ T8710] tipc: Failed to remove unknown binding: 66,1,1/0:2933187549/2933187551
[  395.422834][ T8710] tipc: Failed to remove unknown binding: 66,1,1/0:2933187549/2933187551
[  395.522259][ T8711] tipc: Failed to remove unknown binding: 66,1,1/3757063124:1525305040/1525305042
[  395.531722][ T8711] tipc: Failed to remove unknown binding: 66,1,1/3757063124:1525305040/1525305042
[  397.323418][ T8735] netlink: 'syz.2.724': attribute type 11 has an invalid length.
[  399.708973][ T8758] netlink: 68 bytes leftover after parsing attributes in process `syz.4.728'.
[  400.891569][ T8759] Device name cannot be null; rc = [-22]
[  400.970062][ T8758] bridge0: entered allmulticast mode
[  405.061870][ T8809] tipc: Failed to remove unknown binding: 66,1,1/0:109716504/109716506
[  405.070372][ T8809] tipc: Failed to remove unknown binding: 66,1,1/0:109716504/109716506
[  405.802978][ T8819] Device name cannot be null; rc = [-22]
[  405.840478][ T5993] usb 4-1: new full-speed USB device number 8 using dummy_hcd
[  406.012198][ T5993] usb 4-1: config 0 interface 0 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[  406.023319][ T5993] usb 4-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0x94, changing to 0x84
[  406.083402][ T5993] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x84 has invalid maxpacket 30768, setting to 64
[  406.188186][ T5993] usb 4-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 1
[  406.278374][ T5993] usb 4-1: New USB device found, idVendor=084e, idProduct=1001, bcdDevice=ed.ae
[  406.287923][ T5993] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  406.300571][ T5993] usb 4-1: Product: syz
[  406.313148][ T5993] usb 4-1: Manufacturer: syz
[  406.324556][ T5993] usb 4-1: SerialNumber: syz
[  406.353335][ T5993] usb 4-1: config 0 descriptor??
[  406.376822][ T5993] input: KB Gear Tablet as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/input/input10
[  406.398059][    C0] kbtab 4-1:0.0: kbtab_irq - usb_submit_urb failed with result -1
[  406.599339][ T5993] usb 4-1: USB disconnect, device number 8
[  406.605367][    C1] kbtab 4-1:0.0: kbtab_irq - usb_submit_urb failed with result -19
[  412.685210][ T8874] capability: warning: `syz.0.764' uses deprecated v2 capabilities in a way that may be insecure
[  413.633343][   T48] usb 2-1: new full-speed USB device number 11 using dummy_hcd
[  413.805702][   T48] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  413.824103][ T8890] netlink: 8 bytes leftover after parsing attributes in process `syz.0.769'.
[  413.826064][   T48] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 3
[  413.893758][   T48] usb 2-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  413.915604][   T48] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  413.943503][   T48] usb 2-1: Product: syz
[  413.950716][   T48] usb 2-1: Manufacturer: syz
[  413.957932][   T48] usb 2-1: SerialNumber: syz
[  414.967240][   T48] usb 2-1: 0:2 : does not exist
[  414.979704][   T48] usb 2-1: 5:0: failed to get current value for ch 0 (-22)
[  415.114915][ T8908] netlink: 'syz.2.775': attribute type 1 has an invalid length.
[  415.126524][   T48] usb 2-1: USB disconnect, device number 11
[  415.160187][ T8908] ptrace attach of "./syz-executor exec"[5847] was attempted by "./syz-executor exec"[8908]
[  415.188947][ T6138] udevd[6138]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  416.932897][ T8927] binder_alloc: 8925: binder_alloc_buf, no vma
[  416.998766][ T8929] FAULT_INJECTION: forcing a failure.
[  416.998766][ T8929] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  417.012194][ T8929] CPU: 0 UID: 0 PID: 8929 Comm: syz.0.780 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) 
[  417.012216][ T8929] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  417.012234][ T8929] Call Trace:
[  417.012243][ T8929]  <TASK>
[  417.012251][ T8929]  dump_stack_lvl+0x189/0x250
[  417.012275][ T8929]  ? lockdep_hardirqs_on+0x9c/0x150
[  417.012294][ T8929]  ? __pfx_dump_stack_lvl+0x10/0x10
[  417.012325][ T8929]  should_fail_ex+0x414/0x560
[  417.012346][ T8929]  _copy_to_user+0x31/0xb0
[  417.012370][ T8929]  simple_read_from_buffer+0xe1/0x170
[  417.012392][ T8929]  proc_fail_nth_read+0x1df/0x250
[  417.012415][ T8929]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  417.012436][ T8929]  ? rw_verify_area+0x258/0x650
[  417.012460][ T8929]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  417.012481][ T8929]  vfs_read+0x200/0x980
[  417.012509][ T8929]  ? __pfx___mutex_lock+0x10/0x10
[  417.012528][ T8929]  ? __pfx_vfs_read+0x10/0x10
[  417.012553][ T8929]  ? __fget_files+0x2a/0x420
[  417.012574][ T8929]  ? __fget_files+0x3a0/0x420
[  417.012591][ T8929]  ? __fget_files+0x2a/0x420
[  417.012618][ T8929]  ksys_read+0x145/0x250
[  417.012633][ T8929]  ? __fget_files+0x3a0/0x420
[  417.012653][ T8929]  ? __pfx_ksys_read+0x10/0x10
[  417.012674][ T8929]  ? do_syscall_64+0xbe/0x3b0
[  417.012697][ T8929]  do_syscall_64+0xfa/0x3b0
[  417.012717][ T8929]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  417.012733][ T8929]  ? asm_sysvec_call_function_single+0x1a/0x20
[  417.012750][ T8929]  ? clear_bhb_loop+0x60/0xb0
[  417.012771][ T8929]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  417.012787][ T8929] RIP: 0033:0x7fbc6b98d5fc
[  417.012802][ T8929] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[  417.012816][ T8929] RSP: 002b:00007fbc6c7e4030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  417.012834][ T8929] RAX: ffffffffffffffda RBX: 00007fbc6bbb6090 RCX: 00007fbc6b98d5fc
[  417.012852][ T8929] RDX: 000000000000000f RSI: 00007fbc6c7e40a0 RDI: 0000000000000008
[  417.012861][ T8929] RBP: 00007fbc6c7e4090 R08: 0000000000000000 R09: 0000000000000000
[  417.012871][ T8929] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  417.012879][ T8929] R13: 00007fbc6bbb6128 R14: 00007fbc6bbb6090 R15: 00007ffe30c00688
[  417.012904][ T8929]  </TASK>
[  418.271773][ T5920] usb 5-1: new high-speed USB device number 20 using dummy_hcd
[  418.912782][ T5920] usb 5-1: config 0 has an invalid interface number: 106 but max is 0
[  418.991444][ T5920] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  419.010625][ T5920] usb 5-1: config 0 has no interface number 0
[  419.016796][ T5920] usb 5-1: config 0 interface 106 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 216
[  419.041255][ T5920] usb 5-1: config 0 interface 106 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 6
[  419.070469][ T5920] usb 5-1: New USB device found, idVendor=13b1, idProduct=0042, bcdDevice=df.bb
[  419.079597][ T5920] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  419.114080][ T5920] usb 5-1: config 0 descriptor??
[  419.120121][ T8933] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22
[  419.550239][ T8959] netlink: 4 bytes leftover after parsing attributes in process `syz.0.787'.
[  420.184953][ T6447] usb 5-1: Failed to submit usb control message: -71
[  420.253973][ T5920] usb 5-1: Warning: ath10k USB support is incomplete, don't expect anything to work!
[  420.257705][ T6447] usb 5-1: unable to send the bmi data to the device: -71
[  420.953848][ T6447] usb 5-1: unable to get target info from device
[  420.960255][ T6447] usb 5-1: could not get target info (-71)
[  420.979927][ T6447] usb 5-1: could not probe fw (-71)
[  420.988752][ T5920] usb 5-1: USB disconnect, device number 20
[  421.028546][ T8963] FAULT_INJECTION: forcing a failure.
[  421.028546][ T8963] name failslab, interval 1, probability 0, space 0, times 0
[  421.074654][ T8963] CPU: 0 UID: 0 PID: 8963 Comm: syz.0.788 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) 
[  421.074678][ T8963] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  421.074688][ T8963] Call Trace:
[  421.074695][ T8963]  <TASK>
[  421.074703][ T8963]  dump_stack_lvl+0x189/0x250
[  421.074729][ T8963]  ? __pfx____ratelimit+0x10/0x10
[  421.074749][ T8963]  ? __pfx_dump_stack_lvl+0x10/0x10
[  421.074769][ T8963]  ? __pfx__printk+0x10/0x10
[  421.074799][ T8963]  ? __pfx___might_resched+0x10/0x10
[  421.074818][ T8963]  ? fs_reclaim_acquire+0x7d/0x100
[  421.074845][ T8963]  should_fail_ex+0x414/0x560
[  421.074870][ T8963]  should_failslab+0xa8/0x100
[  421.074892][ T8963]  __kmalloc_cache_noprof+0x70/0x3d0
[  421.074910][ T8963]  ? sctp_transport_new+0x7e/0x640
[  421.074933][ T8963]  sctp_transport_new+0x7e/0x640
[  421.074954][ T8963]  sctp_assoc_add_peer+0x260/0x13b0
[  421.074985][ T8963]  ? sctp_bind_addr_copy+0x380/0x3c0
[  421.075014][ T8963]  sctp_connect_new_asoc+0x30a/0x690
[  421.075045][ T8963]  ? __pfx_sctp_connect_new_asoc+0x10/0x10
[  421.075073][ T8963]  ? sctp_endpoint_lookup_assoc+0x7b/0x260
[  421.075101][ T8963]  ? sctp_endpoint_lookup_assoc+0x7b/0x260
[  421.075126][ T8963]  ? sctp_endpoint_lookup_assoc+0x7b/0x260
[  421.075153][ T8963]  ? bpf_lsm_sctp_bind_connect+0x9/0x20
[  421.075174][ T8963]  ? security_sctp_bind_connect+0x7e/0x2e0
[  421.075198][ T8963]  sctp_sendmsg+0x155c/0x2810
[  421.075237][ T8963]  ? __pfx_sctp_sendmsg+0x10/0x10
[  421.075263][ T8963]  ? __lock_acquire+0xab9/0xd20
[  421.075298][ T8963]  ? sock_rps_record_flow+0x19/0x410
[  421.075322][ T8963]  ? inet_sendmsg+0x2f4/0x370
[  421.075341][ T8963]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  421.075363][ T8963]  __sock_sendmsg+0x19c/0x270
[  421.075387][ T8963]  __sys_sendto+0x3bd/0x520
[  421.075415][ T8963]  ? __pfx___sys_sendto+0x10/0x10
[  421.075438][ T8963]  ? __mutex_unlock_slowpath+0x1cd/0x700
[  421.075472][ T8963]  ? __fget_files+0x3a0/0x420
[  421.075504][ T8963]  ? ksys_write+0x22a/0x250
[  421.075524][ T8963]  ? __pfx_ksys_write+0x10/0x10
[  421.075538][ T8963]  ? rcu_is_watching+0x15/0xb0
[  421.075564][ T8963]  __x64_sys_sendto+0xde/0x100
[  421.075593][ T8963]  do_syscall_64+0xfa/0x3b0
[  421.075615][ T8963]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  421.075633][ T8963]  ? asm_sysvec_apic_timer_interrupt+0x1a/0x20
[  421.075658][ T8963]  ? clear_bhb_loop+0x60/0xb0
[  421.075680][ T8963]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  421.075699][ T8963] RIP: 0033:0x7fbc6b98ebe9
[  421.075715][ T8963] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  421.075732][ T8963] RSP: 002b:00007fbc6c805038 EFLAGS: 00000246 ORIG_RAX: 000000000000002c
[  421.075751][ T8963] RAX: ffffffffffffffda RBX: 00007fbc6bbb5fa0 RCX: 00007fbc6b98ebe9
[  421.075764][ T8963] RDX: 000000000000fee4 RSI: 0000200000847fff RDI: 0000000000000005
[  421.075776][ T8963] RBP: 00007fbc6c805090 R08: 000020000005ffe4 R09: 000000000000001c
[  421.075788][ T8963] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  421.075799][ T8963] R13: 00007fbc6bbb6038 R14: 00007fbc6bbb5fa0 R15: 00007ffe30c00688
[  421.075829][ T8963]  </TASK>
[  426.612693][ T9019] netlink: 16 bytes leftover after parsing attributes in process `syz.1.802'.
[  426.830548][   T48] usb 4-1: new high-speed USB device number 9 using dummy_hcd
[  427.010902][   T48] usb 4-1: Using ep0 maxpacket: 8
[  427.018896][   T48] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 7
[  427.042727][   T48] usb 4-1: New USB device found, idVendor=082d, idProduct=0100, bcdDevice=70.4b
[  427.052994][   T48] usb 4-1: New USB device strings: Mfr=44, Product=2, SerialNumber=3
[  427.070500][   T48] usb 4-1: Product: syz
[  427.080043][   T48] usb 4-1: Manufacturer: syz
[  427.086885][   T48] usb 4-1: SerialNumber: syz
[  427.809963][   T30] audit: type=1326 audit(427.737:93): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9017 comm="syz.3.803" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe23df8ebe9 code=0x7ffc0000
[  427.976536][   T30] audit: type=1326 audit(427.817:94): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9017 comm="syz.3.803" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe23df8ebe9 code=0x7ffc0000
[  428.041535][   T30] audit: type=1326 audit(427.987:95): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9017 comm="syz.3.803" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fe23df8ebe9 code=0x7ffc0000
[  428.066847][   T48] usb 4-1: Invalid connection information received from device
[  428.111634][   T30] audit: type=1326 audit(427.987:96): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9017 comm="syz.3.803" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe23df8ebe9 code=0x7ffc0000
[  428.137749][   T30] audit: type=1326 audit(427.997:97): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9017 comm="syz.3.803" exe="/root/syz-executor" sig=0 arch=c000003e syscall=271 compat=0 ip=0x7fe23df8ebe9 code=0x7ffc0000
[  428.158742][   T30] audit: type=1326 audit(428.057:98): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9017 comm="syz.3.803" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe23df8ebe9 code=0x7ffc0000
[  428.226555][   T30] audit: type=1326 audit(428.057:99): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9017 comm="syz.3.803" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe23df8ebe9 code=0x7ffc0000
[  428.683897][ T9035] tipc: Enabling of bearer <eth:syzkall> rejected, failed to enable media
[  428.706435][ T9035] syzkaller0: entered promiscuous mode
[  428.720544][ T9035] syzkaller0: entered allmulticast mode
[  430.220481][ T5960] usb 4-1: USB disconnect, device number 9
[  430.617829][ T9071] FAULT_INJECTION: forcing a failure.
[  430.617829][ T9071] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  430.659655][ T9072] hfsplus: unable to find HFS+ superblock
[  430.678524][ T9072] netlink: 12 bytes leftover after parsing attributes in process `syz.1.816'.
[  430.774413][ T9071] CPU: 0 UID: 0 PID: 9071 Comm: syz.4.818 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) 
[  430.774446][ T9071] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  430.774458][ T9071] Call Trace:
[  430.774466][ T9071]  <TASK>
[  430.774474][ T9071]  dump_stack_lvl+0x189/0x250
[  430.774500][ T9071]  ? __pfx____ratelimit+0x10/0x10
[  430.774521][ T9071]  ? __pfx_dump_stack_lvl+0x10/0x10
[  430.774542][ T9071]  ? __pfx__printk+0x10/0x10
[  430.774564][ T9071]  ? __might_fault+0xb0/0x130
[  430.774584][ T9071]  ? __might_fault+0xb0/0x130
[  430.774611][ T9071]  should_fail_ex+0x414/0x560
[  430.774635][ T9071]  _copy_from_user+0x2d/0xb0
[  430.774662][ T9071]  ___sys_sendmsg+0x158/0x2a0
[  430.774695][ T9071]  ? __pfx____sys_sendmsg+0x10/0x10
[  430.774758][ T9071]  ? __fget_files+0x2a/0x420
[  430.774778][ T9071]  ? __fget_files+0x3a0/0x420
[  430.774810][ T9071]  __x64_sys_sendmsg+0x19b/0x260
[  430.774841][ T9071]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  430.774879][ T9071]  ? __pfx_ksys_write+0x10/0x10
[  430.774902][ T9071]  ? do_syscall_64+0xbe/0x3b0
[  430.774927][ T9071]  do_syscall_64+0xfa/0x3b0
[  430.774948][ T9071]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  430.774966][ T9071]  ? asm_sysvec_reschedule_ipi+0x1a/0x20
[  430.774984][ T9071]  ? clear_bhb_loop+0x60/0xb0
[  430.775007][ T9071]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  430.775025][ T9071] RIP: 0033:0x7f562918ebe9
[  430.775046][ T9071] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  430.775063][ T9071] RSP: 002b:00007f562a013038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  430.775083][ T9071] RAX: ffffffffffffffda RBX: 00007f56293b5fa0 RCX: 00007f562918ebe9
[  430.775096][ T9071] RDX: 0000000000000000 RSI: 00002000000002c0 RDI: 0000000000000004
[  430.775108][ T9071] RBP: 00007f562a013090 R08: 0000000000000000 R09: 0000000000000000
[  430.775120][ T9071] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  430.775131][ T9071] R13: 00007f56293b6038 R14: 00007f56293b5fa0 R15: 00007fff4baf4138
[  430.775160][ T9071]  </TASK>
[  431.921914][ T9085] tipc: Enabling of bearer <eth:syzkall> rejected, failed to enable media
[  431.943729][ T9086] syzkaller0: entered promiscuous mode
[  431.958781][ T9086] syzkaller0: entered allmulticast mode
[  433.492488][ T9097] tipc: Failed to remove unknown binding: 66,1,1/0:3318507439/3318507441
[  433.501716][ T9097] tipc: Failed to remove unknown binding: 66,1,1/0:3318507439/3318507441
[  433.880541][ T9108] netlink: 'syz.0.825': attribute type 11 has an invalid length.
[  434.705038][ T9120] netlink: 20 bytes leftover after parsing attributes in process `syz.4.831'.
[  435.110496][ T5928] usb 2-1: new high-speed USB device number 12 using dummy_hcd
[  435.402789][ T9128] openvswitch: netlink: IP tunnel attribute has 20 unknown bytes.
[  436.251333][ T5928] usb 2-1: Using ep0 maxpacket: 16
[  436.441342][ T5928] usb 2-1: config 1 has an invalid descriptor of length 9, skipping remainder of the config
[  436.714079][ T5928] usb 2-1: config 1 has 0 interfaces, different from the descriptor's value: 1
[  436.802102][ T5928] usb 2-1: string descriptor 0 read error: -71
[  436.820624][ T5928] usb 2-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40
[  436.829665][ T5928] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  437.041945][ T5928] usb 2-1: can't set config #1, error -71
[  437.068334][ T5928] usb 2-1: USB disconnect, device number 12
[  437.134102][ T9144] hfsplus: unable to find HFS+ superblock
[  437.151737][ T9144] netlink: 12 bytes leftover after parsing attributes in process `syz.4.836'.
[  438.079228][ T9157] tipc: Failed to remove unknown binding: 66,1,1/7:3623912455/3623912457
[  438.087827][ T9157] tipc: Failed to remove unknown binding: 66,1,1/7:3623912455/3623912457
[  439.093837][ T9168] netlink: 8 bytes leftover after parsing attributes in process `syz.1.843'.
[  439.457651][ T9174] openvswitch: netlink: IP tunnel attribute has 20 unknown bytes.
[  439.960100][ T1300] ieee802154 phy0 wpan0: encryption failed: -22
[  439.966620][ T1300] ieee802154 phy1 wpan1: encryption failed: -22
[  440.252067][ T9182] 9pnet_fd: Insufficient options for proto=fd
[  443.301016][ T9200] tipc: Enabling of bearer <eth:syzkaller> rejected, failed to enable media
[  443.387704][ T9200] syzkaller0: entered promiscuous mode
[  443.394692][ T9200] syzkaller0: entered allmulticast mode
[  444.780230][ T9238] openvswitch: netlink: IP tunnel attribute has 20 unknown bytes.
[  447.248429][ T9256] /dev/nullb0: Can't open blockdev
[  447.256839][ T9256] netlink: 12 bytes leftover after parsing attributes in process `syz.2.862'.
[  447.286430][ T9255] Driver unsupported XDP return value 0 on prog  (id 218) dev N/A, expect packet loss!
[  448.302705][ T9268] batadv_slave_1: entered promiscuous mode
[  448.792374][ T9267] batadv_slave_1: left promiscuous mode
[  451.966741][ T9296] netlink: 8 bytes leftover after parsing attributes in process `syz.4.872'.
[  452.218109][ T9296] netlink: 8 bytes leftover after parsing attributes in process `syz.4.872'.
[  452.262967][ T9298] netlink: 52 bytes leftover after parsing attributes in process `syz.4.872'.
[  452.436575][ T9304] netlink: 'syz.0.874': attribute type 10 has an invalid length.
[  452.479584][ T9304] bond0: (slave wlan1): Enslaving as an active interface with an up link
[  453.085220][ T9317] NILFS (nbd1): device size too small
[  453.104877][ T9317] netlink: 20 bytes leftover after parsing attributes in process `syz.1.876'.
[  453.213351][ T9312] tipc: Failed to remove unknown binding: 66,1,1/7:617597289/617597291
[  453.221727][ T9312] tipc: Failed to remove unknown binding: 66,1,1/7:617597289/617597291
[  454.126739][ T9333] tipc: Started in network mode
[  454.131815][ T9333] tipc: Node identity , cluster identity 4711
[  454.138073][ T9333] tipc: Failed to obtain node identity
[  454.148187][ T9333] tipc: Enabling of bearer <eth:caif0> rejected, failed to enable media
[  455.232598][ T9339] affs: No valid root block on device nullb0
[  455.550599][ T9347] input: syz1 as /devices/virtual/input/input11
[  457.319641][ T9393] netlink: 12 bytes leftover after parsing attributes in process `syz.3.889'.
[  458.558714][ T9415] netlink: 12 bytes leftover after parsing attributes in process `syz.0.890'.
[  459.280558][  T891] usb 3-1: new high-speed USB device number 11 using dummy_hcd
[  459.451367][  T891] usb 3-1: Using ep0 maxpacket: 32
[  459.465395][  T891] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  459.502612][  T891] usb 3-1: New USB device found, idVendor=04d8, idProduct=c002, bcdDevice= 0.00
[  459.517239][  T891] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  459.538302][  T891] usb 3-1: config 0 descriptor??
[  460.663906][ T9406] syz.2.891: attempt to access beyond end of device
[  460.663906][ T9406] nbd2: rw=4096, sector=0, nr_sectors = 1 limit=0
[  462.392044][ T9447] netlink: 28 bytes leftover after parsing attributes in process `syz.3.899'.
[  462.401696][ T9447] netlink: 28 bytes leftover after parsing attributes in process `syz.3.899'.
[  464.475897][  T891] usbhid 3-1:0.0: can't add hid device: -71
[  464.553998][  T891] usbhid 3-1:0.0: probe with driver usbhid failed with error -71
[  464.653352][  T891] usb 3-1: USB disconnect, device number 11
[  465.780025][ T9468] FAULT_INJECTION: forcing a failure.
[  465.780025][ T9468] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  465.794207][ T9468] CPU: 0 UID: 0 PID: 9468 Comm: syz.0.901 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) 
[  465.794230][ T9468] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  465.794241][ T9468] Call Trace:
[  465.794249][ T9468]  <TASK>
[  465.794257][ T9468]  dump_stack_lvl+0x189/0x250
[  465.794282][ T9468]  ? __pfx____ratelimit+0x10/0x10
[  465.794298][ T9468]  ? __pfx_dump_stack_lvl+0x10/0x10
[  465.794313][ T9468]  ? __pfx__printk+0x10/0x10
[  465.794330][ T9468]  ? __might_fault+0xb0/0x130
[  465.794350][ T9468]  should_fail_ex+0x414/0x560
[  465.794367][ T9468]  _copy_from_user+0x2d/0xb0
[  465.794386][ T9468]  ___sys_sendmsg+0x158/0x2a0
[  465.794408][ T9468]  ? __pfx____sys_sendmsg+0x10/0x10
[  465.794454][ T9468]  ? __x64_sys_sendmsg+0x180/0x260
[  465.794478][ T9468]  __x64_sys_sendmsg+0x19b/0x260
[  465.794500][ T9468]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  465.794527][ T9468]  ? __pfx_ksys_write+0x10/0x10
[  465.794538][ T9468]  ? arch_syscall_is_vdso_sigreturn+0x120/0x1a0
[  465.794560][ T9468]  ? syscall_user_dispatch+0x4f/0x90
[  465.794577][ T9468]  do_syscall_64+0xfa/0x3b0
[  465.794592][ T9468]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  465.794604][ T9468]  ? asm_sysvec_call_function_single+0x1a/0x20
[  465.794617][ T9468]  ? clear_bhb_loop+0x60/0xb0
[  465.794633][ T9468]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  465.794645][ T9468] RIP: 0033:0x7fbc6b98ebe9
[  465.794657][ T9468] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  465.794668][ T9468] RSP: 002b:00007fbc6c7c3038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  465.794682][ T9468] RAX: ffffffffffffffda RBX: 00007fbc6bbb6180 RCX: 00007fbc6b98ebe9
[  465.794692][ T9468] RDX: 0000000000000000 RSI: 00002000000012c0 RDI: 0000000000000004
[  465.794700][ T9468] RBP: 00007fbc6c7c3090 R08: 0000000000000000 R09: 0000000000000000
[  465.794708][ T9468] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  465.794716][ T9468] R13: 00007fbc6bbb6218 R14: 00007fbc6bbb6180 R15: 00007ffe30c00688
[  465.794742][ T9468]  </TASK>
[  466.506842][ T9469] usb usb8: usbfs: process 9469 (syz.2.906) did not claim interface 0 before use
[  469.028166][ T9486] netlink: 12 bytes leftover after parsing attributes in process `syz.3.910'.
[  469.502335][ T9495] hfsplus: unable to find HFS+ superblock
[  469.517959][ T9495] netlink: 12 bytes leftover after parsing attributes in process `syz.2.912'.
[  470.472110][ T9498] tc_dump_action: action bad kind
[  471.843576][ T5920] usb 4-1: new high-speed USB device number 10 using dummy_hcd
[  472.853192][ T9505] netlink: 4 bytes leftover after parsing attributes in process `syz.4.914'.
[  473.962033][ T5920] usb 4-1: device descriptor read/all, error -71
[  476.230568][ T9520] netlink: 16 bytes leftover after parsing attributes in process `syz.2.919'.
[  477.555966][ T9527] netlink: 36 bytes leftover after parsing attributes in process `syz.1.921'.
[  478.527519][ T9518] netdevsim netdevsim2: loading /lib/firmware/. failed with error -22
[  478.535972][ T9518] netdevsim netdevsim2: Direct firmware load for . failed with error -22
[  478.544479][ T9518] netdevsim netdevsim2: Falling back to sysfs fallback for: .
[  478.841476][ T9532] FAULT_INJECTION: forcing a failure.
[  478.841476][ T9532] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  478.858516][ T9532] CPU: 0 UID: 0 PID: 9532 Comm: syz.3.923 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) 
[  478.858545][ T9532] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  478.858559][ T9532] Call Trace:
[  478.858568][ T9532]  <TASK>
[  478.858577][ T9532]  dump_stack_lvl+0x189/0x250
[  478.858608][ T9532]  ? __pfx____ratelimit+0x10/0x10
[  478.858632][ T9532]  ? __pfx_dump_stack_lvl+0x10/0x10
[  478.858657][ T9532]  ? __pfx__printk+0x10/0x10
[  478.858685][ T9532]  ? __might_fault+0xb0/0x130
[  478.858721][ T9532]  should_fail_ex+0x414/0x560
[  478.858749][ T9532]  _copy_from_user+0x2d/0xb0
[  478.858782][ T9532]  kstrtouint_from_user+0xc4/0x170
[  478.858811][ T9532]  ? __pfx_kstrtouint_from_user+0x10/0x10
[  478.858857][ T9532]  proc_fail_nth_write+0x88/0x240
[  478.858885][ T9532]  ? __pfx_proc_fail_nth_write+0x10/0x10
[  478.858919][ T9532]  ? __pfx_proc_fail_nth_write+0x10/0x10
[  478.858948][ T9532]  vfs_write+0x27e/0xa90
[  478.858979][ T9532]  ? __pfx_vfs_write+0x10/0x10
[  478.859002][ T9532]  ? __fget_files+0x2a/0x420
[  478.859044][ T9532]  ? __fget_files+0x3a0/0x420
[  478.859067][ T9532]  ? __fget_files+0x2a/0x420
[  478.859102][ T9532]  ksys_write+0x145/0x250
[  478.859126][ T9532]  ? __pfx_ksys_write+0x10/0x10
[  478.859144][ T9532]  ? rcu_is_watching+0x15/0xb0
[  478.859175][ T9532]  ? do_syscall_64+0xbe/0x3b0
[  478.859204][ T9532]  do_syscall_64+0xfa/0x3b0
[  478.859234][ T9532]  ? lockdep_hardirqs_on+0x9c/0x150
[  478.859258][ T9532]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  478.859279][ T9532]  ? clear_bhb_loop+0x60/0xb0
[  478.859307][ T9532]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  478.859328][ T9532] RIP: 0033:0x7fe23df8d69f
[  478.859347][ T9532] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48
[  478.859366][ T9532] RSP: 002b:00007fe23edeb030 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[  478.859390][ T9532] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007fe23df8d69f
[  478.859406][ T9532] RDX: 0000000000000001 RSI: 00007fe23edeb0a0 RDI: 0000000000000007
[  478.859420][ T9532] RBP: 00007fe23edeb090 R08: 0000000000000000 R09: 0000000000000000
[  478.859434][ T9532] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000002
[  478.859447][ T9532] R13: 00007fe23e1b6128 R14: 00007fe23e1b6090 R15: 00007ffde9d6ba28
[  478.859492][ T9532]  </TASK>
[  481.421249][ T9562] openvswitch: netlink: IP tunnel attribute has 20 unknown bytes.
[  482.023814][   T51] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1
[  482.032884][   T51] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9
[  482.040940][   T51] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9
[  482.049423][   T51] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4
[  482.070333][   T51] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2
[  483.718307][ T9557] chnl_net:caif_netlink_parms(): no params data found
[  484.087454][ T9601] tipc: Failed to remove unknown binding: 66,1,1/0:645397565/645397567
[  484.095921][ T9601] tipc: Failed to remove unknown binding: 66,1,1/0:645397565/645397567
[  484.136055][   T51] Bluetooth: hci5: command tx timeout
[  484.159959][ T9597] Bluetooth: hci3: Frame reassembly failed (-84)
[  484.173844][ T6036] Bluetooth: hci3: Frame reassembly failed (-84)
[  484.408603][   T12] netdevsim netdevsim0 netdevsim3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  484.452565][   T12] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  484.625024][ T9557] bridge0: port 1(bridge_slave_0) entered blocking state
[  484.653382][ T9557] bridge0: port 1(bridge_slave_0) entered disabled state
[  484.674724][ T9557] bridge_slave_0: entered allmulticast mode
[  484.702701][ T9557] bridge_slave_0: entered promiscuous mode
[  484.790979][   T12] netdevsim netdevsim0 netdevsim2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  484.813101][   T12] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  484.859959][ T9557] bridge0: port 2(bridge_slave_1) entered blocking state
[  484.868648][ T9557] bridge0: port 2(bridge_slave_1) entered disabled state
[  484.876339][ T9557] bridge_slave_1: entered allmulticast mode
[  484.890685][ T9557] bridge_slave_1: entered promiscuous mode
[  485.030041][   T12] netdevsim netdevsim0 netdevsim1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  485.044053][   T12] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  485.062099][ T9557] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  485.074688][ T9557] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  486.002914][ T9557] team0: Port device team_slave_0 added
[  486.207573][   T12] netdevsim netdevsim0 netdevsim0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  486.220130][ T5844] Bluetooth: hci3: command 0x1003 tx timeout
[  486.226876][ T5856] Bluetooth: hci5: command tx timeout
[  486.370562][   T51] Bluetooth: hci3: Opcode 0x1003 failed: -110
[  486.864693][   T12] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  486.972874][ T9557] team0: Port device team_slave_1 added
[  487.105760][ T9557] batman_adv: batadv0: Adding interface: batadv_slave_0
[  487.121078][ T9557] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  487.284254][ T9557] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  487.328074][ T9557] batman_adv: batadv0: Adding interface: batadv_slave_1
[  487.355778][ T9557] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  487.392511][ T9557] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  487.480627][ T9632] xt_CT: No such helper "pptp"
[  487.735521][ T9557] hsr_slave_0: entered promiscuous mode
[  487.766616][ T9557] hsr_slave_1: entered promiscuous mode
[  487.773112][ T9557] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  487.783742][ T9557] Cannot create hsr debugfs directory
[  488.390496][   T51] Bluetooth: hci5: command tx timeout
[  488.975612][   T12] bridge_slave_1: left allmulticast mode
[  489.003481][   T12] bridge_slave_1: left promiscuous mode
[  489.031507][   T12] bridge0: port 2(bridge_slave_1) entered disabled state
[  489.095602][   T12] bridge_slave_0: left allmulticast mode
[  489.149385][   T12] bridge_slave_0: left promiscuous mode
[  489.182942][   T12] bridge0: port 1(bridge_slave_0) entered disabled state
[  490.333787][   T12] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  490.346479][   T12] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  490.358017][   T12] bond0 (unregistering): (slave wlan1): Releasing backup interface
[  490.377144][   T12] bond0 (unregistering): Released all slaves
[  490.405787][ T9652] netdevsim netdevsim3 netdevsim0: entered allmulticast mode
[  490.433293][ T9652] A link change request failed with some changes committed already. Interface netdevsim0 may have been left with an inconsistent configuration, please check.
[  490.480874][   T51] Bluetooth: hci5: command tx timeout
[  490.512565][   T12] tipc: Left network mode
[  491.594255][ T9663] Process accounting resumed
[  492.688573][ T9557] netdevsim netdevsim5 netdevsim0: renamed from eth0
[  492.864880][ T9699] tipc: Failed to remove unknown binding: 66,1,1/7:746080764/746080766
[  492.910588][ T9699] tipc: Failed to remove unknown binding: 66,1,1/7:746080764/746080766
[  493.269570][ T9709] hfsplus: unable to find HFS+ superblock
[  493.278557][ T9709] netlink: 12 bytes leftover after parsing attributes in process `syz.4.960'.
[  493.540229][ T9557] netdevsim netdevsim5 netdevsim1: renamed from eth1
[  494.124136][ T9702] netlink: 8 bytes leftover after parsing attributes in process `syz.3.959'.
[  495.218222][ T9557] netdevsim netdevsim5 netdevsim2: renamed from eth2
[  495.265288][ T9557] netdevsim netdevsim5 netdevsim3: renamed from eth3
[  495.617309][   T12] hsr_slave_0: left promiscuous mode
[  495.682587][ T9730] hfsplus: unable to find HFS+ superblock
[  496.396409][   T12] hsr_slave_1: left promiscuous mode
[  496.447614][   T12] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  496.475679][   T12] batman_adv: batadv0: Removing interface: batadv_slave_0
[  496.524041][   T12] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  496.565545][   T12] batman_adv: batadv0: Removing interface: batadv_slave_1
[  496.597825][   T12] 
[  496.600189][   T12] ======================================================
[  496.607217][   T12] WARNING: possible circular locking dependency detected
[  496.614296][   T12] 6.16.0-syzkaller #0 Not tainted
[  496.619333][   T12] ------------------------------------------------------
[  496.626370][   T12] kworker/u8:0/12 is trying to acquire lock:
[  496.632353][   T12] ffff88807a878e00 (team->team_lock_key#3){+.+.}-{4:4}, at: team_device_event+0x182/0xa20
[  496.642405][   T12] 
[  496.642405][   T12] but task is already holding lock:
[  496.649775][   T12] ffff88806eba6d30 (&dev_instance_lock_key#3){+.+.}-{4:4}, at: unregister_netdevice_many_notify+0x5a1/0x2320
[  496.661384][   T12] 
[  496.661384][   T12] which lock already depends on the new lock.
[  496.661384][   T12] 
[  496.671795][   T12] 
[  496.671795][   T12] the existing dependency chain (in reverse order) is:
[  496.680819][   T12] 
[  496.680819][   T12] -> #1 (&dev_instance_lock_key#3){+.+.}-{4:4}:
[  496.689290][   T12]        lock_acquire+0x120/0x360
[  496.694339][   T12]        __mutex_lock+0x182/0xe80
[  496.699390][   T12]        dev_set_mtu+0x10e/0x260
[  496.704362][   T12]        team_add_slave+0x8b8/0x2840
[  496.709674][   T12]        do_set_master+0x530/0x6d0
[  496.714819][   T12]        do_setlink+0xcf0/0x41c0
[  496.719784][   T12]        rtnl_newlink+0x160b/0x1c70
[  496.725005][   T12]        rtnetlink_rcv_msg+0x7cc/0xb70
[  496.730479][   T12]        netlink_rcv_skb+0x205/0x470
[  496.735775][   T12]        netlink_unicast+0x75c/0x8e0
[  496.741064][   T12]        netlink_sendmsg+0x805/0xb30
[  496.746355][   T12]        __sock_sendmsg+0x21c/0x270
[  496.751554][   T12]        ____sys_sendmsg+0x505/0x830
[  496.756849][   T12]        ___sys_sendmsg+0x21f/0x2a0
[  496.762049][   T12]        __x64_sys_sendmsg+0x19b/0x260
[  496.767512][   T12]        do_syscall_64+0xfa/0x3b0
[  496.772533][   T12]        entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  496.778947][   T12] 
[  496.778947][   T12] -> #0 (team->team_lock_key#3){+.+.}-{4:4}:
[  496.787134][   T12]        validate_chain+0xb9b/0x2140
[  496.792422][   T12]        __lock_acquire+0xab9/0xd20
[  496.797612][   T12]        lock_acquire+0x120/0x360
[  496.802628][   T12]        __mutex_lock+0x182/0xe80
[  496.807648][   T12]        team_device_event+0x182/0xa20
[  496.813104][   T12]        notifier_call_chain+0x1b3/0x3e0
[  496.818754][   T12]        dev_close_many+0x29c/0x410
[  496.823964][   T12]        unregister_netdevice_many_notify+0x619/0x2320
[  496.830815][   T12]        default_device_exit_batch+0x819/0x890
[  496.836970][   T12]        ops_undo_list+0x522/0x990
[  496.842084][   T12]        cleanup_net+0x4c5/0x800
[  496.847021][   T12]        process_scheduled_works+0xade/0x17b0
[  496.853084][   T12]        worker_thread+0x8a0/0xda0
[  496.858191][   T12]        kthread+0x70e/0x8a0
[  496.862782][   T12]        ret_from_fork+0x3fc/0x770
[  496.867891][   T12]        ret_from_fork_asm+0x1a/0x30
[  496.873180][   T12] 
[  496.873180][   T12] other info that might help us debug this:
[  496.873180][   T12] 
[  496.883404][   T12]  Possible unsafe locking scenario:
[  496.883404][   T12] 
[  496.890868][   T12]        CPU0                    CPU1
[  496.896241][   T12]        ----                    ----
[  496.901601][   T12]   lock(&dev_instance_lock_key#3);
[  496.906811][   T12]                                lock(team->team_lock_key#3);
[  496.914276][   T12]                                lock(&dev_instance_lock_key#3);
[  496.921999][   T12]   lock(team->team_lock_key#3);
[  496.926945][   T12] 
[  496.926945][   T12]  *** DEADLOCK ***
[  496.926945][   T12] 
[  496.935084][   T12] 5 locks held by kworker/u8:0/12:
[  496.940185][   T12]  #0: ffff88801b2fb948 ((wq_completion)netns){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0
[  496.951065][   T12]  #1: ffffc90000117bc0 (net_cleanup_work){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0
[  496.961593][   T12]  #2: ffffffff8f4fd310 (pernet_ops_rwsem){++++}-{4:4}, at: cleanup_net+0xf7/0x800
[  496.970915][   T12]  #3: ffffffff8f509f08 (rtnl_mutex){+.+.}-{4:4}, at: default_device_exit_batch+0xdc/0x890
[  496.980930][   T12]  #4: ffff88806eba6d30 (&dev_instance_lock_key#3){+.+.}-{4:4}, at: unregister_netdevice_many_notify+0x5a1/0x2320
[  496.992957][   T12] 
[  496.992957][   T12] stack backtrace:
[  496.998846][   T12] CPU: 0 UID: 0 PID: 12 Comm: kworker/u8:0 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) 
[  496.998866][   T12] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  496.998878][   T12] Workqueue: netns cleanup_net
[  496.998902][   T12] Call Trace:
[  496.998910][   T12]  <TASK>
[  496.998917][   T12]  dump_stack_lvl+0x189/0x250
[  496.998938][   T12]  ? __pfx_dump_stack_lvl+0x10/0x10
[  496.998957][   T12]  ? __pfx__printk+0x10/0x10
[  496.998979][   T12]  ? print_lock_name+0xde/0x100
[  496.999001][   T12]  print_circular_bug+0x2ee/0x310
[  496.999023][   T12]  check_noncircular+0x134/0x160
[  496.999045][   T12]  validate_chain+0xb9b/0x2140
[  496.999075][   T12]  __lock_acquire+0xab9/0xd20
[  496.999092][   T12]  ? team_device_event+0x182/0xa20
[  496.999108][   T12]  lock_acquire+0x120/0x360
[  496.999122][   T12]  ? team_device_event+0x182/0xa20
[  496.999139][   T12]  ? _raw_spin_unlock_irqrestore+0x85/0x110
[  496.999176][   T12]  __mutex_lock+0x182/0xe80
[  496.999194][   T12]  ? team_device_event+0x182/0xa20
[  496.999213][   T12]  ? __try_to_del_timer_sync+0x34a/0x3a0
[  496.999235][   T12]  ? team_device_event+0x182/0xa20
[  496.999251][   T12]  ? __pfx___mutex_lock+0x10/0x10
[  496.999268][   T12]  ? __timer_delete_sync+0x218/0x2d0
[  496.999300][   T12]  team_device_event+0x182/0xa20
[  496.999317][   T12]  notifier_call_chain+0x1b3/0x3e0
[  496.999339][   T12]  dev_close_many+0x29c/0x410
[  496.999363][   T12]  ? __pfx_dev_close_many+0x10/0x10
[  496.999383][   T12]  ? preempt_schedule_common+0x83/0xd0
[  496.999399][   T12]  ? preempt_schedule+0xae/0xc0
[  496.999417][   T12]  unregister_netdevice_many_notify+0x619/0x2320
[  496.999438][   T12]  ? preempt_schedule_thunk+0x16/0x30
[  496.999465][   T12]  ? __local_bh_enable_ip+0x13e/0x1c0
[  496.999482][   T12]  ? __pfx_unregister_netdevice_many_notify+0x10/0x10
[  496.999520][   T12]  ? unregister_netdevice_queue+0x1b3/0x380
[  496.999540][   T12]  ? batadv_meshif_destroy_netlink+0x1dd/0x270
[  496.999564][   T12]  default_device_exit_batch+0x819/0x890
[  496.999589][   T12]  ? __pfx___might_resched+0x10/0x10
[  496.999607][   T12]  ? __pfx_default_device_exit_batch+0x10/0x10
[  496.999629][   T12]  ? __pfx_rdma_dev_exit_net+0x10/0x10
[  496.999650][   T12]  ? net_generic+0x1e/0x240
[  496.999669][   T12]  ? __pfx_default_device_exit_batch+0x10/0x10
[  496.999691][   T12]  ops_undo_list+0x522/0x990
[  496.999716][   T12]  ? __pfx_ops_undo_list+0x10/0x10
[  496.999742][   T12]  cleanup_net+0x4c5/0x800
[  496.999765][   T12]  ? __pfx_cleanup_net+0x10/0x10
[  496.999787][   T12]  ? _raw_spin_unlock_irq+0x23/0x50
[  496.999801][   T12]  ? process_scheduled_works+0x9ef/0x17b0
[  496.999818][   T12]  ? process_scheduled_works+0x9ef/0x17b0
[  496.999834][   T12]  process_scheduled_works+0xade/0x17b0
[  496.999862][   T12]  ? __pfx_process_scheduled_works+0x10/0x10
[  496.999886][   T12]  worker_thread+0x8a0/0xda0
[  496.999915][   T12]  kthread+0x70e/0x8a0
[  496.999937][   T12]  ? __pfx_worker_thread+0x10/0x10
[  496.999954][   T12]  ? __pfx_kthread+0x10/0x10
[  496.999975][   T12]  ? _raw_spin_unlock_irq+0x23/0x50
[  496.999989][   T12]  ? lockdep_hardirqs_on+0x9c/0x150
[  497.000005][   T12]  ? __pfx_kthread+0x10/0x10
[  497.000026][   T12]  ret_from_fork+0x3fc/0x770
[  497.000042][   T12]  ? __pfx_ret_from_fork+0x10/0x10
[  497.000059][   T12]  ? __switch_to_asm+0x39/0x70
[  497.000078][   T12]  ? __switch_to_asm+0x33/0x70
[  497.000097][   T12]  ? __pfx_kthread+0x10/0x10
[  497.000118][   T12]  ret_from_fork_asm+0x1a/0x30
[  497.000144][   T12]  </TASK>
[  497.355619][   T12] veth1_macvtap: left promiscuous mode
[  497.363156][   T12] veth0_macvtap: left promiscuous mode
SYZFAIL: failed to recv rpc
fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor)
[  497.368844][   T12] veth1_vlan: left promiscuous mode
[  497.374252][   T12] veth0_vlan: left promiscuous mode
[  497.760020][   T12] team0 (unregistering): Port device team_slave_1 removed
[  497.787331][   T12] team0 (unregistering): Port device team_slave_0 removed
[  497.876114][   T12] team0 (unregistering): Port device dummy0 removed
[  497.904268][ T9557] kthread_run failed with err -4
[  498.092905][ T9733] pim6reg: entered allmulticast mode
[  498.098421][ T9724] pim6reg: left allmulticast mode
[  498.624936][   T12] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  498.714614][   T12] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  498.779482][   T12] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  498.825013][   T12] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  499.178923][   T12] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  499.245860][   T12] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  499.291840][   T12] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  499.335854][   T12] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  499.647621][   T12] bridge_slave_1: left allmulticast mode
[  499.653530][   T12] bridge_slave_1: left promiscuous mode
[  499.659331][   T12] bridge0: port 2(bridge_slave_1) entered disabled state
[  499.668166][   T12] bridge_slave_0: left allmulticast mode
[  499.674582][   T12] bridge_slave_0: left promiscuous mode
[  499.680251][   T12] bridge0: port 1(bridge_slave_0) entered disabled state
[  499.689674][   T12] bridge_slave_1: left allmulticast mode
[  499.695764][   T12] bridge_slave_1: left promiscuous mode
[  499.702229][   T12] bridge0: port 2(bridge_slave_1) entered disabled state
[  499.710194][   T12] bridge_slave_0: left allmulticast mode
[  499.715936][   T12] bridge_slave_0: left promiscuous mode
[  499.721649][   T12] bridge0: port 1(bridge_slave_0) entered disabled state
[  499.730277][   T12] bridge_slave_1: left allmulticast mode
[  499.736086][   T12] bridge_slave_1: left promiscuous mode
[  499.742181][   T12] bridge0: port 2(bridge_slave_1) entered disabled state
[  499.750682][   T12] bridge_slave_0: left allmulticast mode
[  499.756345][   T12] bridge_slave_0: left promiscuous mode
[  499.762908][   T12] bridge0: port 1(bridge_slave_0) entered disabled state
[  499.772572][   T12] bridge_slave_1: left allmulticast mode
[  499.778210][   T12] bridge_slave_1: left promiscuous mode
[  499.784177][   T12] bridge0: port 2(bridge_slave_1) entered disabled state
[  499.792192][   T12] bridge_slave_0: left allmulticast mode
[  499.797922][   T12] bridge_slave_0: left promiscuous mode
[  499.803597][   T12] bridge0: port 1(bridge_slave_0) entered disabled state
[  499.915254][   T12] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  499.925047][   T12] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  499.934449][   T12] bond0 (unregistering): Released all slaves
[  499.992491][   T12] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  500.002511][   T12] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  500.012109][   T12] bond0 (unregistering): Released all slaves
[  500.085795][   T12] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  500.096589][   T12] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  500.106043][   T12] bond0 (unregistering): Released all slaves
[  500.132631][   T12] bond1 (unregistering): (slave ip6gretap1): Releasing backup interface
[  500.141027][   T12] bond1 (unregistering): (slave ip6gretap1): the permanent HWaddr of slave - 7e:1f:8a:97:ea:4b - is still in use by bond - set the HWaddr of slave to a different address to avoid conflicts
[  500.317875][   T12] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  500.327240][   T12] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  500.337022][   T12] bond0 (unregistering): Released all slaves
[  500.346428][   T12] bond1 (unregistering): (slave veth3): Releasing backup interface
[  500.354922][   T12] bond1 (unregistering): Released all slaves
[  500.425265][   T12] bond2 (unregistering): Released all slaves
[  500.904888][   T12] hsr_slave_0: left promiscuous mode
[  500.911580][   T12] hsr_slave_1: left promiscuous mode
[  500.917318][   T12] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  500.925494][   T12] batman_adv: batadv0: Removing interface: batadv_slave_0
[  500.934661][   T12] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  500.942569][   T12] batman_adv: batadv0: Removing interface: batadv_slave_1
[  500.954260][   T12] hsr_slave_0: left promiscuous mode
[  500.960241][   T12] hsr_slave_1: left promiscuous mode
[  500.966468][   T12] batman_adv: batadv0: Removing interface: batadv_slave_0
[  500.974331][   T12] batman_adv: batadv0: Removing interface: batadv_slave_1
[  500.985962][   T12] hsr_slave_0: left promiscuous mode
[  500.994770][   T12] hsr_slave_1: left promiscuous mode
[  501.004486][   T12] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  501.012527][   T12] batman_adv: batadv0: Removing interface: batadv_slave_0
[  501.020132][   T12] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  501.028654][   T12] batman_adv: batadv0: Removing interface: batadv_slave_1
[  501.039504][   T12] hsr_slave_0: left promiscuous mode
[  501.046163][   T12] hsr_slave_1: left promiscuous mode
[  501.052647][   T12] batman_adv: batadv0: Removing interface: batadv_slave_0
[  501.060210][   T12] batman_adv: batadv0: Removing interface: batadv_slave_1
[  501.075408][   T12] veth1_macvtap: left promiscuous mode
[  501.081925][   T12] veth0_macvtap: left promiscuous mode
[  501.088137][   T12] veth0_macvtap: left promiscuous mode
[  501.094398][   T12] veth1_vlan: left allmulticast mode
[  501.099726][   T12] veth1_vlan: left promiscuous mode
[  501.105159][   T12] veth0_vlan: left promiscuous mode
[  501.229957][   T12] team0 (unregistering): Port device team_slave_1 removed
[  501.250170][   T12] team0 (unregistering): Port device team_slave_0 removed
[  501.334918][ T1300] ieee802154 phy0 wpan0: encryption failed: -22
[  501.341347][ T1300] ieee802154 phy1 wpan1: encryption failed: -22
[  501.394472][   T12] team0 (unregistering): Port device team_slave_1 removed
[  501.413659][   T12] team0 (unregistering): Port device team_slave_0 removed
[  501.565921][   T12] team0 (unregistering): Port device team_slave_1 removed
[  501.578697][   T12] team0 (unregistering): Port device team_slave_0 removed
[  501.851246][   T12] team0 (unregistering): Port device team_slave_1 removed
[  501.876695][   T12] team0 (unregistering): Port device team_slave_0 removed