last executing test programs:

1m30.389147519s ago: executing program 3 (id=802):
sendmsg$unix(0xffffffffffffffff, 0x0, 0x800)
syz_emit_ethernet(0x3e, &(0x7f0000000500)={@local, @random="00e300", @void, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x0, 0x0, 0x14, 0x0, 0x0, 0x0, 0x1, 0x0, @empty, @multicast1}, @time_exceeded={0x4, 0x1, 0x0, 0x3, 0x0, 0x0, {0x5, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @rand_addr=0x64010102, @dev}}}}}}, 0x0)
sendmsg$netlink(0xffffffffffffffff, &(0x7f0000002ac0)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000280)=ANY=[], 0xdd12}], 0x1}, 0x10)
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000080)=0x3)
syz_usb_control_io$uac1(0xffffffffffffffff, 0x0, &(0x7f00000004c0)={0x44, &(0x7f0000000280)=ANY=[@ANYBLOB="000001"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1b, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
ioctl$SIOCSIFHWADDR(0xffffffffffffffff, 0x89b1, &(0x7f0000000900)={'wlan1\x00', @random='\x00\x00\x00 \x00'})
r1 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000040), 0x1a01, 0x0)
ioctl$EVIOCGPROP(r1, 0x40047438, &(0x7f0000000180)=""/246)
writev(r1, &(0x7f0000000440)=[{&(0x7f0000000280)="c021", 0x1700}], 0x1)

1m29.649004415s ago: executing program 3 (id=805):
bpf$BPF_GET_BTF_INFO(0xf, &(0x7f0000000440)={0xffffffffffffffff, 0x20, &(0x7f0000000400)={&(0x7f00000000c0)=""/11, 0xb, 0x0, &(0x7f0000000340)=""/184, 0xb8}}, 0x10)
bpf$TOKEN_CREATE(0x24, &(0x7f0000000480), 0x8)
mkdirat(0xffffffffffffff9c, 0x0, 0x0)
setsockopt$inet_sctp6_SCTP_AUTH_KEY(0xffffffffffffffff, 0x84, 0x17, 0x0, 0x9)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f00000003c0)={0x500000, 0x80100008b}, 0x0)
sched_setaffinity(0x0, 0x11, &(0x7f0000000180)=0x1400200bce)
sched_setscheduler(0x0, 0x1, &(0x7f0000002200)=0x1)
read$msr(0xffffffffffffffff, &(0x7f0000002700)=""/102392, 0x18ff8)
r0 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_fanout_data(r0, 0x107, 0x16, 0x0, 0x0)
pipe2(0x0, 0x84880)
r1 = syz_open_dev$admmidi(&(0x7f0000000140), 0x20, 0x0)
openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000080), 0x80383, 0x0)
read$midi(r1, 0x0, 0x43)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000040), 0xe042, 0x0)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x0)
sendto$inet6(0xffffffffffffffff, 0x0, 0x0, 0x48004, 0x0, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x804}, 0x0)
getpid()
socket$inet_icmp(0x2, 0x2, 0x1)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000019140)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e)

1m28.854641045s ago: executing program 3 (id=808):
syz_usb_connect(0x2, 0x2d, 0x0, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20000008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000040)=0x7)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f0000000180)=@abs={0x0, 0x0, 0x10000000}, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
r3 = socket$netlink(0x10, 0x3, 0x8000000004)
writev(r3, &(0x7f0000000180)=[{&(0x7f00000001c0)="580000001500add427323b472545b45602117fffffff81000e22d991000000000000a80013007b00090080007f000001e809000000ff0000f03ac7100003ffffffffffffffffffffffe7ee000000deff0000000200000000", 0x58}], 0x1)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, &(0x7f0000000280)=ANY=[@ANYBLOB="18000000000000000000000000000000850000000500000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
msgctl$IPC_INFO(0x0, 0x3, &(0x7f0000000380)=""/176)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.net/syz0\x00', 0x1ff)
r4 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
r5 = getpid()
r6 = syz_pidfd_open(r5, 0x0)
open_by_handle_at(r6, &(0x7f0000000300)=ANY=[@ANYBLOB="150000c104bf00fe00000005"], 0x850001)
r7 = openat$cgroup_ro(r4, &(0x7f0000000380)='devices.list\x00', 0x0, 0x0)
preadv(r7, &(0x7f00000000c0)=[{&(0x7f0000000240)=""/140, 0x8c}], 0x1, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000140)={0x1e, 0x3, &(0x7f0000000000)=ANY=[@ANYBLOB="1800000000000000000000000000000095f0ff0000000000"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x24, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r8 = socket$nl_rdma(0x10, 0x3, 0x14)
sendmsg$RDMA_NLDEV_CMD_RES_GET(r8, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000100)=ANY=[@ANYBLOB="180000000914010000007c0000000000080001"], 0x18}}, 0x0)
sendmsg$IPCTNL_MSG_CT_NEW(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000b00)=ANY=[@ANYBLOB="c40000000001010400000000000000000a00006f5c0001802c00018014000300fe88000000000000000000000000010114000400ff0100000000000000000000000000012c00018013000300fe80000000000000000000000000001814000400200100000000000000000000000000003c0002802c00018014000300fe8000000000000000000000000000aa14000400ff0100000000000000000000000000010c0002800500010000000000080007400021807600000010000d800c000380060002004e"], 0xc4}}, 0x800)

1m25.68075585s ago: executing program 3 (id=812):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x2, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r1 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x100}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r2 = getpid()
sched_setscheduler(r2, 0x2, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs={0x0, 0x0, 0xfffffffe}, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
add_key(&(0x7f0000000040)='ceph\x00', 0x0, &(0x7f00000000c0)="010001000000000000001000015b097ead85847817353d2dbad05dd5", 0x1c, 0xfffffffffffffffd)
pread64(r1, &(0x7f0000000180), 0x0, 0x7fff)
socket(0x15, 0x805, 0x9)
r5 = syz_open_dev$swradio(&(0x7f0000001e40), 0x1, 0x2)
ioctl$VIDIOC_G_FMT(r5, 0xc0d05604, &(0x7f0000001e80)={0xb, @vbi={0x101, 0x101, 0x7, 0x3447504d, [0x4, 0x7], [0x7, 0xd], 0x108}})

1m20.061807551s ago: executing program 3 (id=826):
prlimit64(0x0, 0xe, &(0x7f00000007c0)={0xb, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240), 0x28801, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0), 0x42280, 0x0)
close(r2)
syz_kvm_setup_syzos_vm$x86(r2, &(0x7f0000bfe000/0x400000)=nil)
ioctl$KVM_SET_MEMORY_ATTRIBUTES(r2, 0x4020aed2, &(0x7f0000000080)={0xf000, 0x280000, 0x8})
unshare(0x80)
bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x7, 0x6, &(0x7f0000000000)=ANY=[@ANYBLOB="05000000000000007111ae00000000008510000002000000850000000500000095000000000000009500a50500000000"], &(0x7f0000000080)='GPL\x00', 0x5, 0x29e, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x6, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x70)
r3 = socket$kcm(0xa, 0x1, 0x0)
r4 = socket$kcm(0xa, 0x2, 0x0)
mlock2(&(0x7f0000f64000/0x13000)=nil, 0x13000, 0x1)
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="1000000004000000080000000200000000000000", @ANYRES32=r4], 0x50)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff)
r5 = socket$kcm(0xa, 0x5, 0x0)
ioctl$sock_kcm_SIOCKCMCLONE(r4, 0x8916, &(0x7f0000000000)={r5})
ioctl$INCFS_IOC_GET_FILLED_BLOCKS(r2, 0x80286722, &(0x7f0000000040)={&(0x7f00000000c0)=""/81, 0x51, 0xfffffffb, 0xfffff46c})
ioctl$sock_kcm_SIOCKCMCLONE(r3, 0x8936, 0x0)
r6 = socket(0x2a, 0x2, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000400)={&(0x7f00000005c0)=@newqdisc={0x24}, 0x24}}, 0x0)
getsockname$packet(r6, &(0x7f0000000180)={0x11, 0x0, <r7=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000001c0)=0x14)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000380)=@newqdisc={0x2c, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r7, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_drr={0x8}]}, 0x2c}}, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000440)=@newtfilter={0x44, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r7, {0x1, 0x4}, {}, {0xfff3, 0x1}}, [@filter_kind_options=@f_flower={{0xb}, {0x14, 0x2, [@TCA_FLOWER_KEY_ETH_TYPE={0x6, 0x8, 0x86dd}, @TCA_FLOWER_KEY_IPV4_SRC={0x8, 0xa, @multicast2}]}}]}, 0x44}, 0x1, 0x0, 0x0, 0x44000}, 0x24000000)

1m17.0036761s ago: executing program 3 (id=833):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000000)='cq_schedule\x00', r0}, 0x18)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
openat$fb0(0xffffffffffffff9c, &(0x7f00000000c0), 0x12b900, 0x0)
socket$packet(0x11, 0x2, 0x300)
socket$kcm(0x28, 0x5, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x0, 0x4, &(0x7f00000000c0)=ANY=[@ANYBLOB="18006daaed13ff00000000000000000028"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
r4 = socket$kcm(0x10, 0x2, 0x4)
socket$kcm(0x28, 0x1, 0x0)
sendmsg$inet(r4, &(0x7f0000000540)={0x0, 0xc027, &(0x7f0000000340)=[{&(0x7f00000000c0)="98eb000014006bcd9e", 0xeb98}], 0x1, 0x0, 0x0, 0x1f000000}, 0x600)

1m1.918384316s ago: executing program 32 (id=833):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000000)='cq_schedule\x00', r0}, 0x18)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
openat$fb0(0xffffffffffffff9c, &(0x7f00000000c0), 0x12b900, 0x0)
socket$packet(0x11, 0x2, 0x300)
socket$kcm(0x28, 0x5, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x0, 0x4, &(0x7f00000000c0)=ANY=[@ANYBLOB="18006daaed13ff00000000000000000028"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
r4 = socket$kcm(0x10, 0x2, 0x4)
socket$kcm(0x28, 0x1, 0x0)
sendmsg$inet(r4, &(0x7f0000000540)={0x0, 0xc027, &(0x7f0000000340)=[{&(0x7f00000000c0)="98eb000014006bcd9e", 0xeb98}], 0x1, 0x0, 0x0, 0x1f000000}, 0x600)

19.576847076s ago: executing program 0 (id=954):
prlimit64(0x0, 0xe, &(0x7f00000007c0)={0xb, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240), 0x28801, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0), 0x42280, 0x0)
ioctl$KVM_CHECK_EXTENSION(r3, 0xae01, 0x1)
ioctl$KVM_SET_MEMORY_ATTRIBUTES(r2, 0x4020aed2, &(0x7f0000000080)={0xf000, 0x280000, 0x8})

16.25890071s ago: executing program 0 (id=958):
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000380)=@bpf_tracing={0x1a, 0x29, &(0x7f0000000100)=ANY=[@ANYRES32, @ANYRES32, @ANYRES8], 0x0, 0xe, 0x0, 0x0, 0x40f00, 0x1, '\x00', 0x0, 0x18, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x169a0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x1, @void, @value}, 0x94)
bpf$MAP_CREATE(0x0, &(0x7f0000000300)=ANY=[], 0x50)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e24}, 0x6e)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r2 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000001840), 0x2982, 0x0)
openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/stat\x00', 0x0, 0x0)
ioctl$TCXONC(r2, 0x540a, 0x2)
setsockopt$MRT_INIT(0xffffffffffffffff, 0x0, 0xc8, 0x0, 0x0)
r3 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$IPSET_CMD_ADD(r3, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000240)={0x0}, 0x1, 0x0, 0x0, 0x40}, 0x4001)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000140)={0x1e, 0x4, &(0x7f0000000000)=@framed={{}, [@ldst={0x1, 0x2, 0x3, 0x2, 0x1, 0x11}]}, &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x24, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80)
r4 = socket$nl_generic(0x11, 0x3, 0x10)
syz_emit_ethernet(0x2a, &(0x7f0000000000)={@link_local, @empty, @void, {@ipv4={0x800, @igmp={{0x5, 0x4, 0x0, 0x0, 0x1c, 0x0, 0x0, 0x0, 0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x2f}, @broadcast}, {0x11, 0x7c, 0x0, @loopback}}}}}, 0x0)
sendmsg(r4, &(0x7f0000000640)={&(0x7f00000000c0)=@caif=@dgm={0x25, 0xd}, 0x80, &(0x7f00000005c0)=[{&(0x7f0000000000)="4ba72c4cfd81685544f46c3f0800", 0x36}], 0x2, 0x0, 0x0, 0x11000000}, 0x0)
setsockopt$MRT_ADD_VIF(0xffffffffffffffff, 0x0, 0xca, 0x0, 0x0)
r5 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r5, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000001f40)={&(0x7f00000004c0)=@updpolicy={0xfc, 0x19, 0x1, 0x0, 0x0, {{@in=@loopback, @in=@local, 0x0, 0x0, 0x0, 0x0, 0xa, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff}, {0x0, 0x80, 0x0, 0x0, 0x0, 0xffffffffffffffff}, {0x8, 0xa00, 0x40800000000000, 0x800000000000000}}, [@tmpl={0x44, 0x5, [{{@in=@local, 0x0, 0x3c}, 0x0, @in=@broadcast, 0x0, 0x0, 0x3}]}]}, 0xfc}}, 0x0)
r6 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r6, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000640)=@migrate={0xec, 0x21, 0x1, 0x0, 0x0, {{@in6=@private2, @in6=@private2, 0x0, 0x0, 0x0, 0x0, 0xa, 0xe0}}, [@migrate={0x9c, 0x11, [{@in=@local, @in6=@local, @in6=@empty, @in=@dev={0xac, 0x14, 0x14, 0x14}, 0x3c, 0x0, 0x0, 0x3500, 0xa, 0x8}, {@in6=@ipv4={'\x00', '\xff\xff', @loopback}, @in6=@private2={0xfc, 0x2, '\x00', 0x2}, @in=@rand_addr=0x64010102, @in6=@private2, 0x3c, 0x0, 0x0, 0x0, 0x8, 0x2}]}]}, 0xec}}, 0x0)
setsockopt$MRT_ADD_VIF(0xffffffffffffffff, 0x0, 0xca, &(0x7f0000000140)={0x1, 0x1, 0x4, 0x5, @vifc_lcl_addr=@remote, @loopback}, 0x10)
syz_emit_ethernet(0x3e, &(0x7f0000000040)={@local, @remote, @void, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x0, 0x0, 0x30, 0x0, 0x20, 0xfc, 0x2, 0x0, @rand_addr=0x1c, @multicast1=0xe0000300}, @dest_unreach={0x3, 0x6, 0x0, 0x0, 0xfa, 0x9, {0x5, 0x4, 0x0, 0x3d, 0xfff6, 0x65, 0x5, 0x1, 0x4, 0x3, @private=0xa010102, @local}}}}}}, 0x0)

14.457509781s ago: executing program 0 (id=963):
r0 = socket(0x200000000000011, 0x2, 0x0)
bind$packet(r0, &(0x7f0000000080)={0x11, 0x800, 0x0, 0x1, 0x0, 0x6, @random="933c547ecfa7"}, 0x14)
pipe2(&(0x7f00000000c0)={<r1=>0xffffffffffffffff}, 0x840)
sendmsg$IPCTNL_MSG_CT_DELETE(r1, &(0x7f0000000280)={&(0x7f0000000300)={0x10, 0x0, 0x0, 0x10}, 0xc, &(0x7f0000000200)={&(0x7f0000000440)=ANY=[@ANYBLOB="a80000000201010100000000050000000000000968000d8008000200e00000020c000380060001004e210e0008000200ac1414bb2c000380060002004e220000060001004e200000060002004e210000060001004e210000060001004e22000014000380060001004e210000060002004e23000008000200ffffffff2400198008000100400200000800020004000000080002000008000008000200180300000600124000040000"], 0xa8}, 0x1, 0x0, 0x0, 0x4008051}, 0x20040804)
r2 = socket$igmp(0x2, 0x3, 0x2)
setsockopt$MRT_ADD_VIF(r2, 0x0, 0xca, &(0x7f0000003d80)={0x0, 0x0, 0x0, 0x0, @vifc_lcl_addr=@local, @dev}, 0x10)
syz_emit_ethernet(0x2a, &(0x7f0000000240)={@local, @broadcast, @void, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x0, 0x0, 0x1c, 0x0, 0x0, 0x0, 0x2, 0x0, @empty, @multicast1=0xe0000300}, @echo_reply={0x0, 0x0, 0x0, 0x68, 0xd2}}}}}, 0x0)
mknod$loop(&(0x7f0000000140)='./file0\x00', 0x0, 0x1)
mount$bpf(0x0, 0x0, 0x0, 0x40018, &(0x7f0000000340)={[{}]})
mount(&(0x7f0000000100)=@nbd={'/dev/nbd', 0x0}, &(0x7f0000000040)='./file0\x00', &(0x7f0000000080)='omfs\x00', 0x0, &(0x7f0000000340))
r3 = socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$TIPC_NL_MEDIA_SET(r3, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000100)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYRES16=r4, @ANYBLOB="010000000000000000000c000000280005801c0002800800000100000000030081000000080001000000000008000100756470000000"], 0x3c}}, 0x0)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
r5 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
r6 = openat$ptp0(0xffffffffffffff9c, &(0x7f0000000000), 0x80042, 0x0)
ioctl$PTP_PEROUT_REQUEST2(r6, 0x40383d0c, &(0x7f0000000240)={{0x81, 0x404006}, {0x6, 0x8000}, 0x1000, 0x801003})
syz_open_dev$vbi(&(0x7f00000002c0), 0x0, 0x2)
ioctl$SG_IO(r5, 0x2285, &(0x7f00000005c0)={0x53, 0x0, 0x6, 0x0, @scatter={0x0, 0x3, 0x0}, &(0x7f0000000040)="ba8d7acda0b2", 0x0, 0x0, 0x0, 0x0, 0x0})

14.071875844s ago: executing program 5 (id=967):
r0 = syz_usb_connect(0x0, 0x24, &(0x7f00000001c0)=ANY=[@ANYBLOB="120100009dea7840b418fbff7bdc01020301090212000100000000090401"], 0x0)
syz_usb_control_io$cdc_ecm(r0, 0x0, &(0x7f00000008c0)={0x1c, &(0x7f0000000100)=ANY=[@ANYBLOB="00000100000001"], 0x0, 0x0})
r1 = syz_open_dev$I2C(&(0x7f0000000000), 0x1, 0x402)
r2 = getpgrp(0xffffffffffffffff)
kcmp(r2, r2, 0x1, 0xffffffffffffffff, 0xffffffffffffffff)
ioctl$I2C_RDWR(r1, 0x707, &(0x7f0000000080)={&(0x7f0000000040)=[{0x4, 0x5201, 0x2, &(0x7f0000000300)='/G'}], 0x1})
syz_usb_control_io$hid(r0, &(0x7f0000000280)={0x24, &(0x7f0000000140)={0x0, 0x10, 0x5e, {0x5e, 0x5, "7e2f75ba2f090b4842e93e05e33c848f9ee4d2e1495f533eb8c93115ef20f3eba55e421dcaeef76a354ad9ae6e321703448a500c2bca4256dcf63796d675caad4d6d0172eec49f38c00b77f2098e4a80aa1f5895726e5649165e04ad"}}, &(0x7f00000000c0)={0x0, 0x3, 0x4, @lang_id={0x4, 0x3, 0x40c}}, &(0x7f0000000200)={0x0, 0x22, 0xa, {[@main=@item_4={0x3, 0x0, 0xa, "fae472a2"}, @global=@item_4={0x3, 0x1, 0x5, "44b1860a"}]}}, &(0x7f0000000240)={0x0, 0x21, 0x9, {0x9, 0x21, 0xb, 0x6, 0x1, {0x22, 0x6bd}}}}, &(0x7f0000000480)={0x2c, &(0x7f0000000340)={0x20, 0x16, 0x2d, "c5c163944e61ec29d278c944147fdcc41b402fc718746e56df8c01f6e106c67468e72b3bbb0e5610d4bd2fbbf6"}, &(0x7f00000002c0)={0x0, 0xa, 0x1, 0x14}, &(0x7f00000003c0)={0x0, 0x8, 0x1, 0x6}, &(0x7f0000000400)={0x20, 0x1, 0xa, "e25c4dc1e7fb8fa6a705"}, 0x0})
syz_usb_control_io$cdc_ecm(r0, 0x0, 0x0)

14.065852219s ago: executing program 0 (id=968):
prlimit64(0x0, 0xe, &(0x7f00000007c0)={0xb, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240), 0x28801, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0), 0x42280, 0x0)
ioctl$KVM_CHECK_EXTENSION(r3, 0xae01, 0x1)
ioctl$KVM_SET_MEMORY_ATTRIBUTES(r2, 0x4020aed2, &(0x7f0000000080)={0xf000, 0x280000, 0x8})

13.927039455s ago: executing program 4 (id=971):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000280), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000011ac0)={'wlan0\x00', <r2=>0x0})
sendmsg$NL80211_CMD_TRIGGER_SCAN(r0, &(0x7f0000000e80)={0x0, 0x0, &(0x7f0000000e40)={&(0x7f0000000000)={0x30, r1, 0x1, 0x709d27, 0x25dfdbfb, {{}, {@val={0x8, 0x3, r2}, @val={0xc, 0x99, {0xfc, 0x57}}}}, [@NL80211_ATTR_SCHED_SCAN_RELATIVE_RSSI={0x5, 0xf6, 0x40}]}, 0x30}, 0x1, 0x0, 0x0, 0x20004080}, 0x40004)
statx(r0, &(0x7f0000000040)='./file0\x00', 0x1000, 0x7ff, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, <r3=>0x0})
newfstatat(0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x0, <r4=>0x0}, 0x4000)
setresgid(r3, 0xffffffffffffffff, r4)

9.696882598s ago: executing program 5 (id=973):
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000380)=@bpf_tracing={0x1a, 0x29, &(0x7f0000000100)=ANY=[@ANYRES32, @ANYRES32, @ANYRES8], 0x0, 0xe, 0x0, 0x0, 0x40f00, 0x1, '\x00', 0x0, 0x18, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x169a0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x1, @void, @value}, 0x94)
bpf$MAP_CREATE(0x0, &(0x7f0000000300)=ANY=[], 0x50)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e24}, 0x6e)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r2 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000001840), 0x2982, 0x0)
openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/stat\x00', 0x0, 0x0)
ioctl$TCXONC(r2, 0x540a, 0x2)
setsockopt$MRT_INIT(0xffffffffffffffff, 0x0, 0xc8, 0x0, 0x0)
r3 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$IPSET_CMD_ADD(r3, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000240)={0x0}, 0x1, 0x0, 0x0, 0x40}, 0x4001)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000140)={0x1e, 0x4, &(0x7f0000000000)=@framed={{}, [@ldst={0x1, 0x2, 0x3, 0x2, 0x1, 0x11}]}, &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x24, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80)
r4 = socket$nl_generic(0x11, 0x3, 0x10)
syz_emit_ethernet(0x2a, &(0x7f0000000000)={@link_local, @empty, @void, {@ipv4={0x800, @igmp={{0x5, 0x4, 0x0, 0x0, 0x1c, 0x0, 0x0, 0x0, 0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x2f}, @broadcast}, {0x11, 0x7c, 0x0, @loopback}}}}}, 0x0)
sendmsg(r4, &(0x7f0000000640)={&(0x7f00000000c0)=@caif=@dgm={0x25, 0xd}, 0x80, &(0x7f00000005c0)=[{&(0x7f0000000000)="4ba72c4cfd81685544f46c3f0800", 0x36}], 0x2, 0x0, 0x0, 0x11000000}, 0x0)
setsockopt$MRT_ADD_VIF(0xffffffffffffffff, 0x0, 0xca, 0x0, 0x0)
r5 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r5, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000001f40)={&(0x7f00000004c0)=@updpolicy={0xfc, 0x19, 0x1, 0x0, 0x0, {{@in=@loopback, @in=@local, 0x0, 0x0, 0x0, 0x0, 0xa, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff}, {0x0, 0x80, 0x0, 0x0, 0x0, 0xffffffffffffffff}, {0x8, 0xa00, 0x40800000000000, 0x800000000000000}}, [@tmpl={0x44, 0x5, [{{@in=@local, 0x0, 0x3c}, 0x0, @in=@broadcast, 0x0, 0x0, 0x3}]}]}, 0xfc}}, 0x0)
r6 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r6, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000640)=@migrate={0xec, 0x21, 0x1, 0x0, 0x0, {{@in6=@private2, @in6=@private2, 0x0, 0x0, 0x0, 0x0, 0xa, 0xe0}}, [@migrate={0x9c, 0x11, [{@in=@local, @in6=@local, @in6=@empty, @in=@dev={0xac, 0x14, 0x14, 0x14}, 0x3c, 0x0, 0x0, 0x3500, 0xa, 0x8}, {@in6=@ipv4={'\x00', '\xff\xff', @loopback}, @in6=@private2={0xfc, 0x2, '\x00', 0x2}, @in=@rand_addr=0x64010102, @in6=@private2, 0x3c, 0x0, 0x0, 0x0, 0x8, 0x2}]}]}, 0xec}}, 0x0)
setsockopt$MRT_ADD_VIF(0xffffffffffffffff, 0x0, 0xca, &(0x7f0000000140)={0x1, 0x1, 0x4, 0x5, @vifc_lcl_addr=@remote, @loopback}, 0x10)
syz_emit_ethernet(0x3e, &(0x7f0000000040)={@local, @remote, @void, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x0, 0x0, 0x30, 0x0, 0x20, 0xfc, 0x2, 0x0, @rand_addr=0x1c, @multicast1=0xe0000300}, @dest_unreach={0x3, 0x6, 0x0, 0x0, 0xfa, 0x9, {0x5, 0x4, 0x0, 0x3d, 0xfff6, 0x65, 0x5, 0x1, 0x4, 0x3, @private=0xa010102, @local}}}}}}, 0x0)

9.273858385s ago: executing program 4 (id=975):
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080))
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x12, 0x4, &(0x7f0000000000)=ANY=[@ANYBLOB="1800000001000000000000001c000000711204000000000095"], &(0x7f0000000040)='syzkaller\x00', 0x4, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x1d, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x3, @void, @value}, 0x94)
socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$l2tp(&(0x7f0000000080), 0xffffffffffffffff)
socket$nl_xfrm(0x10, 0x3, 0x6)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x0, 0x5}, 0x38)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x11, 0x5, &(0x7f00000002c0)=ANY=[@ANYBLOB="18050000000000fe000000004b64ffec850000007d000000040000000700000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r0}, 0x18)
r3 = socket$rds(0x15, 0x5, 0x0)
bind$rds(r3, &(0x7f0000000080)={0x2, 0x0, @loopback}, 0x10)
sendmsg$rds(r3, &(0x7f0000000100)={&(0x7f0000000040)={0x2, 0x0, @local}, 0x10, 0x0, 0x0, &(0x7f0000000400)=[@mask_cswp={0x58, 0x114, 0x9, {{0xe, 0x7}, &(0x7f0000000140)=0x6, 0x0, 0x6, 0x2, 0x7ff, 0x4, 0x22, 0xfffffffffffffffa}}], 0x58, 0x8004}, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x804}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r4 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r4, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r5=>0xffffffffffffffff})
connect$unix(r5, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)

9.177253656s ago: executing program 0 (id=976):
sendmsg$unix(0xffffffffffffffff, 0x0, 0x800)
syz_emit_ethernet(0x3e, &(0x7f0000000500)={@local, @random="00e300", @void, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x0, 0x0, 0x14, 0x0, 0x0, 0x0, 0x1, 0x0, @empty, @multicast1}, @time_exceeded={0x4, 0x1, 0x0, 0x3, 0x0, 0x0, {0x5, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @rand_addr=0x64010102, @dev}}}}}}, 0x0)
sendmsg$netlink(0xffffffffffffffff, &(0x7f0000002ac0)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000280)=ANY=[@ANYBLOB="02011400012918000e3580009f0001140000002f0600ac141430e0000003808a8972bd0b72e41082b1a3d206"], 0xdd12}], 0x1}, 0x10)
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000080)=0x3)
syz_usb_control_io$uac1(0xffffffffffffffff, 0x0, &(0x7f00000004c0)={0x44, &(0x7f0000000280)=ANY=[@ANYBLOB="000001"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1b, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
ioctl$SIOCSIFHWADDR(0xffffffffffffffff, 0x89b1, &(0x7f0000000900)={'wlan1\x00', @random='\x00\x00\x00 \x00'})
r1 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000040), 0x1a01, 0x0)
ioctl$EVIOCGPROP(r1, 0x40047438, &(0x7f0000000180)=""/246)
writev(r1, &(0x7f0000000440)=[{&(0x7f0000000280)="c021", 0x1700}], 0x1)

8.63296929s ago: executing program 1 (id=979):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x2, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r1 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x100}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, 0x0)
connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@abs={0x0, 0x0, 0xfffffffe}, 0x6e)
sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, 0x0)
add_key(&(0x7f0000000040)='ceph\x00', 0x0, &(0x7f00000000c0)="010001000000000000001000015b097ead85847817353d2dbad05dd5", 0x1c, 0xfffffffffffffffd)
pread64(r1, &(0x7f0000000180), 0x0, 0x7fff)
socket(0x15, 0x805, 0x9)
r3 = syz_open_dev$swradio(&(0x7f0000001e40), 0x1, 0x2)
ioctl$VIDIOC_G_FMT(r3, 0xc0d05604, &(0x7f0000001e80)={0xb, @vbi={0x101, 0x101, 0x7, 0x3447504d, [0x4, 0x7], [0x7, 0xd], 0x108}})

8.569880024s ago: executing program 0 (id=980):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
mbind(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x4005, &(0x7f0000000040)=0x81, 0x5, 0x0)
mlock(&(0x7f0000ffc000/0x2000)=nil, 0x2000)
r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r0, 0xae60)
r1 = ioctl$KVM_CREATE_VCPU(r0, 0xae41, 0x0)
ioctl$KVM_SET_IRQCHIP(r0, 0x8208ae63, &(0x7f00000003c0)={0x1, 0x0, @ioapic={0xdddd0000, 0x0, 0x3, 0x3, 0x0, [{0x9, 0xe, 0x7, '\x00', 0x2}, {0x3, 0x4, 0x3, '\x00', 0x81}, {0x2, 0x4, 0x1, '\x00', 0x9}, {0x14, 0xc3, 0x2, '\x00', 0x10}, {0x7, 0x5, 0x10, '\x00', 0xc}, {0xff, 0xc0, 0xf0, '\x00', 0x23}, {0x3, 0x0, 0x0, '\x00', 0x6}, {0x0, 0x58, 0xe, '\x00', 0x3}, {0x4, 0x4, 0x7, '\x00', 0x2}, {0x6, 0x1, 0x10, '\x00', 0x1}, {0x4, 0x24, 0x6, '\x00', 0x9}, {0x3, 0xc, 0x77, '\x00', 0x7}, {0xd5, 0x4, 0x7f}, {0x48, 0xe, 0x40, '\x00', 0x5}, {0x0, 0x2, 0x3, '\x00', 0x6}, {0x6, 0x3, 0x9, '\x00', 0xb}, {0x8, 0x3, 0x4, '\x00', 0xd}, {0x7, 0x7}, {0x9, 0x7, 0x3, '\x00', 0x1}, {0x3, 0x8, 0x9c, '\x00', 0x6}, {0xc, 0x1, 0x2}, {0x7, 0x9, 0x1, '\x00', 0x9}, {0xf7, 0x5, 0x7, '\x00', 0x7}, {0x70, 0x6, 0x6, '\x00', 0x2}]}})
socket$packet(0x11, 0x2, 0x300)
socket$packet(0x11, 0xa, 0x300)
r2 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_int(r2, 0x107, 0xf, 0x0, 0x0)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000300)={'ip6_vti0\x00', <r3=>0x0})
sendto$packet(r2, &(0x7f0000000180)="10030600e0ff020004004788aa96a13bb1000011", 0x14, 0x0, &(0x7f0000000140)={0x11, 0x0, r3}, 0x14)
ioctl$KVM_SET_REGS(r1, 0x4090ae82, 0x0)
syz_init_net_socket$bt_rfcomm(0x1f, 0x3, 0x3)
getsockopt$CAN_RAW_RECV_OWN_MSGS(0xffffffffffffffff, 0x65, 0x4, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
setsockopt$packet_add_memb(r2, 0x107, 0x1, &(0x7f0000000100)={0x0, 0x1, 0x6, @multicast}, 0x10)
r4 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r4, &(0x7f0000019680)=""/102392, 0x18ff8)
ioperm(0x0, 0x7fff, 0x15f9)
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000280)={{0x14}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x3, 0x0, 0x0, {0x7, 0x0, 0x4}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWSET={0x50, 0x9, 0xa, 0x401, 0x0, 0x0, {0x7, 0x0, 0x3}, [@NFTA_SET_ID={0x8}, @NFTA_SET_KEY_LEN={0x8, 0x5, 0x1, 0x0, 0xd}, @NFTA_SET_EXPRESSIONS={0x24, 0x12, 0x0, 0x1, [{0x20, 0x1, 0x0, 0x1, @connlimit={{0xe}, @val={0xc, 0x2, 0x0, 0x1, [@NFTA_CONNLIMIT_COUNT={0x8, 0x1, 0x1, 0x0, 0x8}]}}}]}, @NFTA_SET_FLAGS={0x8, 0x3, 0x1, 0x0, 0x120}]}], {0x14, 0x10, 0x1, 0x0, 0x0, {0x0, 0x84}}}, 0x98}}, 0x20050800)
munlockall() (fail_nth: 1)
socket$pppl2tp(0x18, 0x1, 0x1)

8.318361672s ago: executing program 1 (id=981):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000a40), 0x40400, 0x0)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x17, 0x3, &(0x7f00000001c0)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x1c, '\x00', 0x0, @cgroup_sysctl=0x12, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r2 = openat$procfs(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/partitions\x00', 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0)
setsockopt$IP_VS_SO_SET_TIMEOUT(r2, 0x0, 0x48a, &(0x7f0000000280)={0x7, 0x3}, 0xc)
r5 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f00000002c0)={0x0, r1}, 0x10)
mmap(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x0, 0x1010, r5, 0x409b7000)
r6 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$pppl2tp(0xffffffffffffffff, &(0x7f0000000240)=@pppol2tpin6={0x18, 0x1, {0x0, r6, 0x29, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @rand_addr=' \x01\x00'}}}, 0x32)
ioctl$KVM_SET_GUEST_DEBUG(r4, 0x4048ae9b, &(0x7f0000000380)={0xf0001, 0x0, [0x40000000000, 0x64f, 0x6, 0x6, 0xfffffffffffffffc, 0x4ffff, 0x27]})
bind$inet6(r2, &(0x7f0000000200)={0xa, 0x4e22, 0x4, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', 0x8}, 0x1c)
syz_kvm_setup_cpu$x86(r3, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000080)=[@textreal={0x8, &(0x7f0000000000)="f20f1c0166b864912c870f23c80f21f866350c0080000f23f80f01fc0f20e06635000010000f22e00f20c06635000000400f22c00f1c9700000f01c566b9a001000066b80400000066ba000000000f30c0dbb6660f3adf932700de", 0x5b}], 0x1, 0x0, 0x0, 0x0)
setsockopt$inet6_tcp_TCP_CONGESTION(r2, 0x6, 0xd, &(0x7f00000001c0)='bbr\x00', 0x4)
ioctl$KVM_RUN(r4, 0xae80, 0x0)

8.193616139s ago: executing program 5 (id=982):
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000380)=@bpf_tracing={0x1a, 0x29, &(0x7f0000000100)=ANY=[@ANYRES32, @ANYRES32, @ANYRES8], 0x0, 0xe, 0x0, 0x0, 0x40f00, 0x1, '\x00', 0x0, 0x18, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x169a0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x1, @void, @value}, 0x94)
bpf$MAP_CREATE(0x0, &(0x7f0000000300)=ANY=[], 0x50)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e24}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r3 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000001840), 0x2982, 0x0)
r4 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/stat\x00', 0x0, 0x0)
sendfile(r3, r4, 0x0, 0x20000023896)
setsockopt$MRT_INIT(0xffffffffffffffff, 0x0, 0xc8, 0x0, 0x0)
r5 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$IPSET_CMD_ADD(r5, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000240)={0x0}, 0x1, 0x0, 0x0, 0x40}, 0x4001)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000140)={0x1e, 0x4, &(0x7f0000000000)=@framed={{}, [@ldst={0x1, 0x2, 0x3, 0x2, 0x1, 0x11}]}, &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x24, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80)
r6 = socket$nl_generic(0x11, 0x3, 0x10)
syz_emit_ethernet(0x2a, &(0x7f0000000000)={@link_local, @empty, @void, {@ipv4={0x800, @igmp={{0x5, 0x4, 0x0, 0x0, 0x1c, 0x0, 0x0, 0x0, 0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x2f}, @broadcast}, {0x11, 0x7c, 0x0, @loopback}}}}}, 0x0)
sendmsg(r6, &(0x7f0000000640)={&(0x7f00000000c0)=@caif=@dgm={0x25, 0xd}, 0x80, &(0x7f00000005c0)=[{&(0x7f0000000000)="4ba72c4cfd81685544f46c3f0800", 0x36}], 0x2, 0x0, 0x0, 0x11000000}, 0x0)
setsockopt$MRT_ADD_VIF(0xffffffffffffffff, 0x0, 0xca, 0x0, 0x0)
r7 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r7, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000001f40)={&(0x7f00000004c0)=@updpolicy={0xfc, 0x19, 0x1, 0x0, 0x0, {{@in=@loopback, @in=@local, 0x0, 0x0, 0x0, 0x0, 0xa, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff}, {0x0, 0x80, 0x0, 0x0, 0x0, 0xffffffffffffffff}, {0x8, 0xa00, 0x40800000000000, 0x800000000000000}}, [@tmpl={0x44, 0x5, [{{@in=@local, 0x0, 0x3c}, 0x0, @in=@broadcast, 0x0, 0x0, 0x3}]}]}, 0xfc}}, 0x0)
r8 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r8, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000640)=@migrate={0xec, 0x21, 0x1, 0x0, 0x0, {{@in6=@private2, @in6=@private2, 0x0, 0x0, 0x0, 0x0, 0xa, 0xe0}}, [@migrate={0x9c, 0x11, [{@in=@local, @in6=@local, @in6=@empty, @in=@dev={0xac, 0x14, 0x14, 0x14}, 0x3c, 0x0, 0x0, 0x3500, 0xa, 0x8}, {@in6=@ipv4={'\x00', '\xff\xff', @loopback}, @in6=@private2={0xfc, 0x2, '\x00', 0x2}, @in=@rand_addr=0x64010102, @in6=@private2, 0x3c, 0x0, 0x0, 0x0, 0x8, 0x2}]}]}, 0xec}}, 0x0)
setsockopt$MRT_ADD_VIF(0xffffffffffffffff, 0x0, 0xca, &(0x7f0000000140)={0x1, 0x1, 0x4, 0x5, @vifc_lcl_addr=@remote, @loopback}, 0x10)

6.964949095s ago: executing program 5 (id=983):
r0 = syz_usb_connect(0x0, 0x24, &(0x7f00000001c0)=ANY=[@ANYBLOB="120100009dea7840b418fbff7bdc01020301090212000100000000090401"], 0x0)
syz_usb_control_io$cdc_ecm(r0, 0x0, &(0x7f00000008c0)={0x1c, &(0x7f0000000100)=ANY=[@ANYBLOB="00000100000001"], 0x0, 0x0})
r1 = syz_open_dev$I2C(&(0x7f0000000000), 0x1, 0x402)
r2 = getpgrp(0xffffffffffffffff)
kcmp(r2, r2, 0x1, 0xffffffffffffffff, 0xffffffffffffffff)
ioctl$I2C_RDWR(r1, 0x707, &(0x7f0000000080)={&(0x7f0000000040)=[{0x4, 0x5201, 0x2, &(0x7f0000000300)='/G'}], 0x1})
syz_usb_control_io$hid(r0, &(0x7f0000000280)={0x24, &(0x7f0000000140)={0x0, 0x10, 0x5e, {0x5e, 0x5, "7e2f75ba2f090b4842e93e05e33c848f9ee4d2e1495f533eb8c93115ef20f3eba55e421dcaeef76a354ad9ae6e321703448a500c2bca4256dcf63796d675caad4d6d0172eec49f38c00b77f2098e4a80aa1f5895726e5649165e04ad"}}, &(0x7f00000000c0)={0x0, 0x3, 0x4, @lang_id={0x4, 0x3, 0x40c}}, &(0x7f0000000200)={0x0, 0x22, 0xa, {[@main=@item_4={0x3, 0x0, 0xa, "fae472a2"}, @global=@item_4={0x3, 0x1, 0x5, "44b1860a"}]}}, &(0x7f0000000240)={0x0, 0x21, 0x9, {0x9, 0x21, 0xb, 0x6, 0x1, {0x22, 0x6bd}}}}, &(0x7f0000000480)={0x2c, &(0x7f0000000340)={0x20, 0x16, 0x2d, "c5c163944e61ec29d278c944147fdcc41b402fc718746e56df8c01f6e106c67468e72b3bbb0e5610d4bd2fbbf6"}, &(0x7f00000002c0)={0x0, 0xa, 0x1, 0x14}, &(0x7f00000003c0)={0x0, 0x8, 0x1, 0x6}, &(0x7f0000000400)={0x20, 0x1, 0xa, "e25c4dc1e7fb8fa6a705"}, 0x0})
syz_usb_control_io$cdc_ecm(r0, 0x0, 0x0)

6.77466914s ago: executing program 1 (id=984):
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1)
r0 = syz_init_net_socket$x25(0x9, 0x5, 0x0)
listen(r0, 0x0)
prctl$PR_SET_SECUREBITS(0x1c, 0x1d)
r1 = signalfd4(0xffffffffffffffff, &(0x7f00000000c0), 0x8, 0x0)
faccessat2(r1, &(0x7f0000001400)='\x00', 0x0, 0x1100)
ioctl$SIOCX25SFACILITIES(r0, 0x89e3, &(0x7f0000000000)={0x4054, 0xabe, 0x4, 0xe, 0x1, 0x81})
ioctl$AUTOFS_DEV_IOCTL_CLOSEMOUNT(0xffffffffffffffff, 0xc0189375, &(0x7f0000000180)={{0x1, 0x1, 0x18, <r2=>r0}, './cgroup/../file0\x00'})
syz_genetlink_get_family_id$smc(&(0x7f0000000140), r2) (async)
syz_genetlink_get_family_id$smc(&(0x7f0000000140), r2)
open(&(0x7f0000000280)='.\x00', 0x0, 0x0) (async)
r3 = open(&(0x7f0000000280)='.\x00', 0x0, 0x0)
fcntl$notify(r3, 0x402, 0x5) (async)
fcntl$notify(r3, 0x402, 0x5)
open(&(0x7f00000000c0)='.\x00', 0x0, 0x0) (async)
r4 = open(&(0x7f00000000c0)='.\x00', 0x0, 0x0)
mkdir(&(0x7f0000000000)='./cgroup/../file0\x00', 0x19a) (async)
mkdir(&(0x7f0000000000)='./cgroup/../file0\x00', 0x19a)
pipe(&(0x7f0000000080)={0xffffffffffffffff, <r5=>0xffffffffffffffff})
openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
openat$cgroup_int(r5, &(0x7f0000000200)='blkio.throttle.write_bps_device\x00', 0x2, 0x0) (async)
r6 = openat$cgroup_int(r5, &(0x7f0000000200)='blkio.throttle.write_bps_device\x00', 0x2, 0x0)
sendfile(r6, r6, 0x0, 0x93)
fcntl$notify(r4, 0x402, 0x8000001f)
r7 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_EXP_DELETE(r7, &(0x7f0000000900)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000780)={0x20, 0x2, 0x2, 0x301, 0x0, 0x0, {0x3, 0x0, 0x1}, [@CTA_EXPECT_TUPLE={0x4}, @CTA_EXPECT_ZONE={0x6, 0x7, 0x1, 0x0, 0x4}]}, 0x20}, 0x1, 0x0, 0x0, 0x6000}, 0x80)
ioctl$TIOCGSOFTCAR(r4, 0x5419, &(0x7f0000000100))
r8 = open(&(0x7f0000000040)='./file0\x00', 0x4001, 0x0)
fcntl$notify(r8, 0x402, 0x36) (async)
fcntl$notify(r8, 0x402, 0x36)

6.525111392s ago: executing program 1 (id=986):
socket$nl_route(0x10, 0x3, 0x0)
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = syz_open_dev$vim2m(&(0x7f0000000180), 0x100000, 0x2)
ioctl$vim2m_VIDIOC_ENUM_FMT(r1, 0xc0405602, &(0x7f0000000100)={0x4, 0x1, 0x0, "ba7802000000169916ea42230659006b79b299fc817c031a5406000600", 0x59555956})
r2 = socket$netlink(0x10, 0x3, 0x0)
r3 = socket(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r3, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={0x0, 0x14}}, 0x0)
r4 = syz_open_procfs(0x0, &(0x7f00000042c0)='mounts\x00')
pread64(r4, &(0x7f0000002240)=""/237, 0xfecf, 0x4eb)
getsockname$packet(r3, &(0x7f00000002c0)={0x11, 0x0, <r5=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14)
sendmsg$nl_route_sched(r2, &(0x7f00000001c0)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000900)=@newqdisc={0x30, 0x24, 0xf1d, 0x0, 0x0, {0x0, 0x0, 0x0, r5, {}, {0xfff1, 0xffff}}, [@qdisc_kind_options=@q_clsact={0xb}]}, 0x30}}, 0x4000800)
r6 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000380)={0x11, 0x3, &(0x7f0000000180)=@framed, &(0x7f0000000340)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000080)='contention_end\x00', r6}, 0x10)
sendmsg$nl_route_sched(r0, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x10}, 0x0)

5.588711301s ago: executing program 2 (id=988):
socket$nl_route(0x10, 0x3, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x1)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400010bce)
r0 = landlock_create_ruleset(&(0x7f0000000040)={0x3342, 0x3}, 0x18, 0x0)
landlock_restrict_self(r0, 0x5)
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
connect$inet6(r1, &(0x7f0000000000)={0xa, 0x4e21, 0x0, @empty}, 0x11)
r2 = syz_open_dev$MSR(&(0x7f0000000380), 0x0, 0x0)
read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8)
io_setup(0x1, &(0x7f00000004c0)=<r3=>0x0)
r4 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x101042, 0x0)
io_submit(r3, 0x2, &(0x7f0000000100)=[&(0x7f0000000280)={0xffffff7f00000000, 0x0, 0x0, 0x1, 0x0, r4, &(0x7f0000000140)}, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x1, 0x401, r4, &(0x7f00000003c0)="f3e1", 0x2, 0x2, 0x0, 0x0, r4}])

5.473197788s ago: executing program 1 (id=989):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)={{0x14}, [@NFT_MSG_NEWRULE={0x58, 0x6, 0xa, 0x40b, 0x0, 0x0, {0x2}, [@NFTA_RULE_EXPRESSIONS={0x2c, 0x4, 0x0, 0x1, [{0x28, 0x1, 0x0, 0x1, @ct={{0x7}, @val={0x1c, 0x2, 0x0, 0x1, [@NFTA_CT_DREG={0x8, 0x1, 0x1, 0x0, 0x2}, @NFTA_CT_KEY={0x8, 0x2, 0x1, 0x0, 0x15}, @NFTA_CT_DIRECTION={0x5}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14}}, 0x80}}, 0x0) (fail_nth: 1)

4.912448507s ago: executing program 4 (id=990):
sendmsg$unix(0xffffffffffffffff, 0x0, 0x800)
syz_emit_ethernet(0x3e, &(0x7f0000000500)={@local, @random="00e300", @void, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x0, 0x0, 0x14, 0x0, 0x0, 0x0, 0x1, 0x0, @empty, @multicast1}, @time_exceeded={0x4, 0x1, 0x0, 0x3, 0x0, 0x0, {0x5, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @rand_addr=0x64010102, @dev}}}}}}, 0x0)
sendmsg$netlink(0xffffffffffffffff, &(0x7f0000002ac0)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000280)=ANY=[@ANYBLOB="02011400012918000e3580009f0001140000002f0600ac141430e0000003808a8972bd0b72e41082b1a3d2061fd7fd"], 0xdd12}], 0x1}, 0x10)
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000080)=0x3)
syz_usb_control_io$uac1(0xffffffffffffffff, 0x0, &(0x7f00000004c0)={0x44, &(0x7f0000000280)=ANY=[@ANYBLOB="000001"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1b, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
ioctl$SIOCSIFHWADDR(0xffffffffffffffff, 0x89b1, &(0x7f0000000900)={'wlan1\x00', @random='\x00\x00\x00 \x00'})
r1 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000040), 0x1a01, 0x0)
ioctl$EVIOCGPROP(r1, 0x40047438, &(0x7f0000000180)=""/246)
writev(r1, &(0x7f0000000440)=[{&(0x7f0000000280)="c021", 0x1700}], 0x1)

4.643944126s ago: executing program 1 (id=991):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f00000002c0)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x20040, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000600)=[@text64={0x40, &(0x7f0000000640)="430fc73f0f2390b9800000c00f3235010000000f300f20d835080000000f22d8c4e18173f53866baf80cb83879e487ef66bafc0cec66b88e008ec02d1aa80000460f1c460041ae", 0x47}], 0x1, 0x74, 0x0, 0x0)
sendmsg$NL80211_CMD_START_P2P_DEVICE(r0, &(0x7f0000000440)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000000380)={&(0x7f00000006c0)=ANY=[@ANYBLOB="fb04e848d5e2ab0e5b35128cea00dc8cac779c88fa632202d92ff8d73ee1690fb03a0bb7ffab9dd02070314bb781b8df19a7f3d4b695691738845d167857972f1c932f36be9b10ea63ceb438e62d5f8c20157cec124635bdb8d1997b1daf4a1c938631ed7d0543ee3c9c03a1901d5d957db78f3b4129399712ba752d1fc9d00a345fbaa183221c1b0a666986f4cbc4f834e287f77f1b4b63b0523b36d47fe136137ccf887c093caceb07304286e52c6310d2fd648a3ed7ed9f0a28a615ea8446a976041b510f81b9601dc5b5717dc14471cd16f95b37381738bef809bf41b59a57924f5a34d22b67416ad0dfde6c954839fcf12c782a1d24248cb825c0908c9166910aa51e01273f5f6cae6215b8b2d0", @ANYRES16=0x0, @ANYBLOB="00012bbd7000fedbdf255900000008000300", @ANYRES32=0x0, @ANYBLOB="0c0099000500000074000000"], 0x28}}, 0x0)
ioctl$KVM_RUN(r5, 0xae80, 0x0)

4.521201123s ago: executing program 2 (id=992):
r0 = socket$inet6(0xa, 0x3, 0x5)
sendmmsg(r0, &(0x7f0000001500)=[{{&(0x7f0000000180)=@l2tp6={0xa, 0x500, 0x4, @remote, 0x0, 0x3}, 0x80, 0x0}, 0x5b4}], 0x1, 0x0)

4.482438131s ago: executing program 2 (id=993):
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000004c0)=@updpolicy={0x13c, 0x19, 0x1, 0x70bd2a, 0x20, {{@in=@private, @in=@remote, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x3c, 0x0, 0xffffffffffffffff}, {0x0, 0x0, 0x0, 0x100000000, 0xca8}, {0x3}, 0xff}, [@tmpl={0x84, 0x5, [{{@in6=@remote, 0x4d5, 0x3c}, 0x0, @in6=@mcast2}, {{@in6=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, 0xfffffffa, 0x3c}, 0x0, @in=@multicast1, 0x0, 0x7d0e69533e2776f8, 0x3, 0xd, 0x0, 0x9}]}]}, 0x13c}, 0x1, 0x0, 0x0, 0x20040041}, 0x0)

4.207552856s ago: executing program 2 (id=994):
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000380)=@bpf_tracing={0x1a, 0x29, &(0x7f0000000100)=ANY=[@ANYRES32, @ANYRES32, @ANYRES8], 0x0, 0xe, 0x0, 0x0, 0x40f00, 0x1, '\x00', 0x0, 0x18, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x169a0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x1, @void, @value}, 0x94)
bpf$MAP_CREATE(0x0, &(0x7f0000000300)=ANY=[], 0x50)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e24}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r3 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000001840), 0x2982, 0x0)
r4 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/stat\x00', 0x0, 0x0)
sendfile(r3, r4, 0x0, 0x20000023896)
setsockopt$MRT_INIT(0xffffffffffffffff, 0x0, 0xc8, 0x0, 0x0)
r5 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$IPSET_CMD_ADD(r5, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000240)={0x0}, 0x1, 0x0, 0x0, 0x40}, 0x4001)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000140)={0x1e, 0x4, &(0x7f0000000000)=@framed={{}, [@ldst={0x1, 0x2, 0x3, 0x2, 0x1, 0x11}]}, &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x24, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80)
r6 = socket$nl_generic(0x11, 0x3, 0x10)
syz_emit_ethernet(0x2a, &(0x7f0000000000)={@link_local, @empty, @void, {@ipv4={0x800, @igmp={{0x5, 0x4, 0x0, 0x0, 0x1c, 0x0, 0x0, 0x0, 0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x2f}, @broadcast}, {0x11, 0x7c, 0x0, @loopback}}}}}, 0x0)
sendmsg(r6, &(0x7f0000000640)={&(0x7f00000000c0)=@caif=@dgm={0x25, 0xd}, 0x80, &(0x7f00000005c0)=[{&(0x7f0000000000)="4ba72c4cfd81685544f46c3f0800", 0x36}], 0x2, 0x0, 0x0, 0x11000000}, 0x0)
setsockopt$MRT_ADD_VIF(0xffffffffffffffff, 0x0, 0xca, 0x0, 0x0)
r7 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r7, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000001f40)={&(0x7f00000004c0)=@updpolicy={0xfc, 0x19, 0x1, 0x0, 0x0, {{@in=@loopback, @in=@local, 0x0, 0x0, 0x0, 0x0, 0xa, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff}, {0x0, 0x80, 0x0, 0x0, 0x0, 0xffffffffffffffff}, {0x8, 0xa00, 0x40800000000000, 0x800000000000000}}, [@tmpl={0x44, 0x5, [{{@in=@local, 0x0, 0x3c}, 0x0, @in=@broadcast, 0x0, 0x0, 0x3}]}]}, 0xfc}}, 0x0)
r8 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r8, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000640)=@migrate={0xec, 0x21, 0x1, 0x0, 0x0, {{@in6=@private2, @in6=@private2, 0x0, 0x0, 0x0, 0x0, 0xa, 0xe0}}, [@migrate={0x9c, 0x11, [{@in=@local, @in6=@local, @in6=@empty, @in=@dev={0xac, 0x14, 0x14, 0x14}, 0x3c, 0x0, 0x0, 0x3500, 0xa, 0x8}, {@in6=@ipv4={'\x00', '\xff\xff', @loopback}, @in6=@private2={0xfc, 0x2, '\x00', 0x2}, @in=@rand_addr=0x64010102, @in6=@private2, 0x3c, 0x0, 0x0, 0x0, 0x8, 0x2}]}]}, 0xec}}, 0x0)
syz_emit_ethernet(0x3e, &(0x7f0000000040)={@local, @remote, @void, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x0, 0x0, 0x30, 0x0, 0x20, 0xfc, 0x2, 0x0, @rand_addr=0x1c, @multicast1=0xe0000300}, @dest_unreach={0x3, 0x6, 0x0, 0x0, 0xfa, 0x9, {0x5, 0x4, 0x0, 0x3d, 0xfff6, 0x65, 0x5, 0x1, 0x4, 0x3, @private=0xa010102, @local}}}}}}, 0x0)

3.868962404s ago: executing program 4 (id=995):
r0 = socket(0x10, 0x80002, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00'}, 0x18)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000140)=@newtaction={0x14, 0x30, 0x53b, 0x0, 0x0, {0x9}, [{0x4}]}, 0x18}}, 0x0)

3.065903324s ago: executing program 2 (id=996):
close(0x3)
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="10080000040100000800000002"], 0x50)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x6, 0xc, &(0x7f00000001c0)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bc82000000000000a6020000f8ffffffb703000008000000b7030000000000008500000033000000"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000380)={{r0}, &(0x7f0000000080), &(0x7f0000000240)=r1}, 0x20)
r2 = socket$inet6_udplite(0xa, 0x2, 0x88)
ioctl$sock_inet6_SIOCSIFADDR(r2, 0x8916, &(0x7f0000000040)={@private1, 0x60})
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0)
r3 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r3, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
openat$btrfs_control(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
pipe(&(0x7f0000000580))
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, 0x1, 0x5, 0x0, @void, @value}, 0x28)
r4 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000006c0)={0x18, 0xb, &(0x7f0000000640)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020000000000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f00000004c0)='GPL\x00', 0x1, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000002c0)='contention_begin\x00', r4, 0x0, 0xd}, 0x18)
bpf$MAP_CREATE(0x0, &(0x7f0000000700)=@base={0xe, 0x2, 0x100, 0x9, 0x84, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x3, 0x0, 0x4, 0x0, @void, @value, @void, @value}, 0x50)
r5 = openat$kvm(0xffffffffffffff9c, 0x0, 0x20042, 0x0)
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x2, 0x31, 0xffffffffffffffff, 0x0)
madvise(&(0x7f00000ec000/0x800000)=nil, 0x800000, 0x17)
prctl$PR_SET_VMA(0x53564d41, 0x0, &(0x7f0000ffb000/0x4000)=nil, 0x4000, 0x0)
r6 = openat$vimc0(0xffffffffffffff9c, &(0x7f0000000dc0), 0x2, 0x0)
ioctl$VIDIOC_QUERYBUF_DMABUF(r6, 0xc0585609, &(0x7f0000000e00)={0xce, 0x4, 0x4, 0x20, 0x1, {0x77359400}, {0x2, 0x2, 0x9, 0x38, 0x86, 0x8, "eaf8d356"}, 0x3, 0x4, {}, 0x3})
ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0)
r7 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r7, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000044c0)={&(0x7f00000003c0)=ANY=[@ANYBLOB="580000000206010200000000000000000c0000000c00078008001240000600000500010006000000050005000a00000005000400000000000900020073797a310000000011000300686173683a69700000000000000080007b2492000699c56473db61d82447b01f3950c3130ed48601d84364f41ea238e05a2385ee4f584721188b092bb3bab6ba1278eaf6e7c40c00fb1d5d9c8b3f5d7d3e0b1c0cf55b469b40eb903073db758409c54dcfab3b803ad69852b5415908deacb2be6e5ac4c699e6d1ec798b86b830e42eb9165b9693f904c432154e"], 0x58}}, 0x0)
socket$kcm(0x29, 0x2, 0x0)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000300)={r1, 0x18000000000002a0, 0xe, 0x20, &(0x7f0000000280)="b9ff03076804268c989e14f088a8", 0x0, 0x3f, 0x60000000, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x21}, 0x50)

2.92779799s ago: executing program 5 (id=997):
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$netlbl_cipso(&(0x7f0000000040), r0)
sendmsg$NLBL_CIPSOV4_C_ADD(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000540)=ANY=[@ANYBLOB='h\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="0100000000000000000001000000080001000000000004000480080002000100000018000c80149e2180080009000000000008000a000000000028000880240007800800050000000000080006"], 0x68}}, 0x0)
r2 = syz_open_dev$MSR(&(0x7f0000000000), 0x9, 0x0)
read$msr(r2, &(0x7f00000000c0)=""/124, 0xd1)
syz_genetlink_get_family_id$netlbl_mgmt(&(0x7f0000000080), r0)

2.089097252s ago: executing program 4 (id=998):
socket$nl_generic(0x10, 0x3, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
syz_emit_ethernet(0x8e, &(0x7f0000000000)=ANY=[], 0x0)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f07ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000180)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sendfile(r1, 0xffffffffffffffff, 0x0, 0x101)
mmap$binder(&(0x7f00008d6000/0x2000)=nil, 0x2000, 0x1, 0x11, 0xffffffffffffffff, 0x5)
r3 = memfd_create(0x0, 0x7)
execveat(r3, &(0x7f0000000000)='\x00', 0x0, 0x0, 0x1000)
symlink(&(0x7f00000049c0)='.\x00', &(0x7f00000059c0)='./file0\x00')
ioctl$VIDIOC_TRY_DECODER_CMD(0xffffffffffffffff, 0xc0485661, 0x0)
r4 = socket$packet(0x11, 0x2, 0x300)
r5 = socket$packet(0x11, 0x3, 0x300)
ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000080)={'veth0\x00', <r6=>0x0})
setsockopt$packet_int(r5, 0x107, 0x14, &(0x7f0000000180)=0x19ca, 0x4)
setsockopt$packet_int(r5, 0x107, 0xf, &(0x7f0000000000)=0xf3f, 0x4)
sendto$packet(r5, &(0x7f00000000c0)="3f03fe7f0302140006001e0089e9aaa911d7c2290f0086dd1327c9167c643c4a1b7880610cc96655b1b141ab059b24d0fbc50df71548a3f6c5609063382a0c153cfdf9435e3ffe46", 0xe90c, 0x0, &(0x7f0000000540)={0xc9, 0x0, r6, 0x1, 0x0, 0x6, @multicast}, 0x14)
sendto$packet(r4, &(0x7f0000000040)="da415f2709380a41cfa0efb561e96d43a52086c4590ccf8751d50fab012fb0ea4b45c3094531", 0x26, 0x4000000, &(0x7f00000000c0)={0x11, 0x11, r6, 0x1, 0x1, 0x6, @multicast}, 0x14)

2.104078ms ago: executing program 2 (id=999):
mkdir(&(0x7f0000000400)='./bus\x00', 0x3c2)
mkdir(&(0x7f0000000300)='./bus\x00', 0x0)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000004c0), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f00000001c0)=[@text64={0x40, &(0x7f0000000140)="48b800800000000000000f23c80f21f8350c00a0000f23f80f32b917020000b84d190000ba000000000f3067650f01c80f01d1c4e1fdd7d2c421f9e6a33e990000b98d0a00000f320f184e383e66410fc77709", 0x53}], 0x1, 0x45, 0x0, 0x0)
ioctl$KVM_SET_MSRS(0xffffffffffffffff, 0x4008ae89, &(0x7f0000000300)=ANY=[@ANYBLOB="0100000000000000"])
r2 = socket$rxrpc(0x21, 0x2, 0xa)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x60140, 0x0)
r3 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r3, 0xae60)
r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x2)
r5 = socket$netlink(0x10, 0x3, 0x0)
r6 = socket$netlink(0x10, 0x3, 0x0)
r7 = socket(0x10, 0x803, 0x0)
sendmsg$IPVS_CMD_SET_INFO(r7, &(0x7f0000000b00)={0x0, 0x0, &(0x7f0000000240)={0x0}}, 0x0)
getsockname$packet(r7, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000280)=0x14)
sendmsg$nl_route(r6, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000380)=ANY=[], 0x3c}, 0x1, 0x0, 0x0, 0x24000010}, 0x20000090)
sendmsg$nl_route(r5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f00000005c0)=ANY=[@ANYBLOB="6c00000010001fff109e00008000000000000000", @ANYRES32=0x0, @ANYRES16, @ANYRES8=0x0], 0x6c}, 0x1, 0x0, 0x0, 0x1}, 0x4044000)
ioctl$KVM_SET_MP_STATE(r4, 0x4004ae99, &(0x7f0000000300)=0x4)
bind$rxrpc(r2, &(0x7f0000000000)=@in4={0x21, 0x4, 0x2, 0x10, {0x2, 0x0, @empty}}, 0x24)
connect$rxrpc(r2, &(0x7f0000000340)=@in4={0x21, 0xffff, 0x2, 0x10, {0x2, 0x4e24, @multicast1}}, 0x24)
prlimit64(0x0, 0xe, &(0x7f00000007c0)={0x6, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
writev(0xffffffffffffffff, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)

808.374µs ago: executing program 5 (id=1000):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000380)=@base={0x5, 0x4, 0x4, 0x4, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000006c0)={0x18, 0xb, 0x0, &(0x7f00000004c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
openat$snapshot(0xffffffffffffff9c, &(0x7f0000000000), 0x260040, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000300)='rcu_utilization\x00', r1}, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f0000000a40)={0x15, 0x17, &(0x7f0000000880)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r0}, {}, {}, {0x85, 0x0, 0x0, 0xa0}}, {{0x6, 0x0, 0x2, 0x9, 0x0, 0x6, 0xe7030000}, {0x4, 0x0, 0x0, 0x6}}, [@printk={@llx, {0x5, 0x3, 0x3, 0xa, 0x9}, {0x5, 0x1, 0xa, 0x1, 0x9}, {0x7, 0x0, 0x3}, {}, {}, {0x14}}], {{0x4, 0x1, 0x5, 0x3}, {0x5, 0x0, 0xb, 0x3, 0x0, 0x2}}}, &(0x7f00000000c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x2e, '\x00', 0x0, @sk_reuseport, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)

0s ago: executing program 4 (id=1001):
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x8031, 0xffffffffffffffff, 0x9a974000)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x800000, 0x0)
ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
mremap(&(0x7f000099b000/0x2000)=nil, 0x2000, 0x3000, 0x3, &(0x7f0000a87000/0x3000)=nil)
madvise(&(0x7f000042f000/0x800000)=nil, 0x800000, 0x15)

kernel console output (not intermixed with test programs):

  ? clear_bhb_loop+0x60/0xb0
[  164.668773][ T6471]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  164.668790][ T6471] RIP: 0033:0x7f391d78d33c
[  164.668805][ T6471] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[  164.668819][ T6471] RSP: 002b:00007f391e5b4030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  164.668837][ T6471] RAX: ffffffffffffffda RBX: 00007f391d9b5fa0 RCX: 00007f391d78d33c
[  164.668850][ T6471] RDX: 000000000000000f RSI: 00007f391e5b40a0 RDI: 0000000000000004
[  164.668860][ T6471] RBP: 00007f391e5b4090 R08: 0000000000000000 R09: 0000000000000000
[  164.668871][ T6471] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  164.668881][ T6471] R13: 0000000000000000 R14: 00007f391d9b5fa0 R15: 00007ffc3a696638
[  164.668907][ T6471]  </TASK>
[  165.030686][ T5876] usb 2-1: new high-speed USB device number 3 using dummy_hcd
[  165.079795][   T10] usb 1-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08
[  165.116811][   T10] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  165.143439][   T10] usb 1-1: Product: syz
[  165.165859][   T10] usb 1-1: Manufacturer: syz
[  165.181515][   T10] usb 1-1: SerialNumber: syz
[  165.190640][ T5876] usb 2-1: Using ep0 maxpacket: 8
[  165.215248][ T5876] usb 2-1: New USB device found, idVendor=2770, idProduct=9120, bcdDevice=6c.77
[  165.224930][   T10] usb 1-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested
[  165.239193][ T5876] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  165.262447][    T9] usb 1-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008
[  165.276706][ T5876] usb 2-1: Product: syz
[  165.286883][ T5876] usb 2-1: Manufacturer: syz
[  165.304297][ T5876] usb 2-1: SerialNumber: syz
[  165.381769][ T5876] usb 2-1: config 0 descriptor??
[  165.424002][ T5876] gspca_main: sq905-2.14.0 probing 2770:9120
[  165.467374][    C0] usb 1-1: ath: unknown panic pattern!
[  165.592486][ T6486] atomic_op ffff888025fc6198 conn xmit_atomic 0000000000000000
[  166.487488][ T5876] gspca_sq905: sq905_command: usb_control_msg failed 2 (-110)
[  166.499723][   T24] usb 1-1: USB disconnect, device number 5
[  166.517281][    C0] dummy_hcd dummy_hcd.0: timer fired with no URBs pending?
[  166.524723][    T9] ath9k_htc 1-1:1.0: ath9k_htc: Target is unresponsive
[  166.547174][    T9] ath9k_htc: Failed to initialize the device
[  166.974693][ T5876] sq905 2-1:0.0: probe with driver sq905 failed with error -110
[  166.976100][   T24] usb 1-1: ath9k_htc: USB layer deinitialized
[  166.991028][ T5876] usb 2-1: USB disconnect, device number 3
[  169.262768][ T6505] FAULT_INJECTION: forcing a failure.
[  169.262768][ T6505] name failslab, interval 1, probability 0, space 0, times 0
[  169.275646][ T6505] CPU: 1 UID: 0 PID: 6505 Comm: syz.1.149 Not tainted 6.16.0-rc1-syzkaller-00101-g27605c8c0f69 #0 PREEMPT(full) 
[  169.275673][ T6505] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  169.275685][ T6505] Call Trace:
[  169.275693][ T6505]  <TASK>
[  169.275701][ T6505]  dump_stack_lvl+0x189/0x250
[  169.275738][ T6505]  ? __pfx____ratelimit+0x10/0x10
[  169.275770][ T6505]  ? __pfx_dump_stack_lvl+0x10/0x10
[  169.275801][ T6505]  ? __pfx__printk+0x10/0x10
[  169.275838][ T6505]  should_fail_ex+0x414/0x560
[  169.275871][ T6505]  should_failslab+0xa8/0x100
[  169.275901][ T6505]  __kmalloc_noprof+0xcb/0x4f0
[  169.275924][ T6505]  ? blk_rq_map_user_iov+0x153/0x18c0
[  169.275953][ T6505]  ? blk_rq_map_user_iov+0x3d3/0x18c0
[  169.275986][ T6505]  blk_rq_map_user_iov+0x3d3/0x18c0
[  169.276036][ T6505]  ? __pfx_blk_rq_map_user_iov+0x10/0x10
[  169.276066][ T6505]  ? register_lock_class+0x51/0x320
[  169.276109][ T6505]  ? import_ubuf+0xfb/0x1d0
[  169.276132][ T6505]  blk_rq_map_user_io+0x252/0x3a0
[  169.276163][ T6505]  ? __pfx___mutex_trylock_common+0x10/0x10
[  169.276203][ T6505]  ? __pfx_blk_rq_map_user_io+0x10/0x10
[  169.276231][ T6505]  ? rcu_is_watching+0x15/0xb0
[  169.276271][ T6505]  ? sg_common_write+0xb85/0x13d0
[  169.276297][ T6505]  ? __mutex_unlock_slowpath+0x1cd/0x700
[  169.276335][ T6505]  ? __pfx___mutex_lock+0x10/0x10
[  169.276354][ T6505]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[  169.276386][ T6505]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  169.276422][ T6505]  ? sg_link_reserve+0x28e/0x540
[  169.276448][ T6505]  sg_common_write+0xcd8/0x13d0
[  169.276488][ T6505]  ? __pfx_sg_common_write+0x10/0x10
[  169.276510][ T6505]  ? capable+0x89/0xe0
[  169.276541][ T6505]  ? scsi_cmd_allowed+0x24/0x810
[  169.276575][ T6505]  ? sg_allow_access+0xdb/0x120
[  169.276598][ T6505]  sg_new_write+0x5a6/0x7b0
[  169.276624][ T6505]  ? __pfx_sg_new_write+0x10/0x10
[  169.276683][ T6505]  sg_ioctl+0x11af/0x2230
[  169.276727][ T6505]  ? __pfx_sg_ioctl+0x10/0x10
[  169.276766][ T6505]  ? ksys_write+0x1e1/0x250
[  169.276796][ T6505]  ? bpf_lsm_file_ioctl+0x9/0x20
[  169.276826][ T6505]  ? __pfx_sg_ioctl+0x10/0x10
[  169.276859][ T6505]  __se_sys_ioctl+0xfc/0x170
[  169.276884][ T6505]  do_syscall_64+0xfa/0x3b0
[  169.276902][ T6505]  ? lockdep_hardirqs_on+0x9c/0x150
[  169.276933][ T6505]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  169.276954][ T6505]  ? clear_bhb_loop+0x60/0xb0
[  169.276980][ T6505]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  169.277000][ T6505] RIP: 0033:0x7fe48af8e929
[  169.277020][ T6505] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  169.277036][ T6505] RSP: 002b:00007fe48beb7038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  169.277058][ T6505] RAX: ffffffffffffffda RBX: 00007fe48b1b5fa0 RCX: 00007fe48af8e929
[  169.277073][ T6505] RDX: 00002000000005c0 RSI: 0000000000002285 RDI: 0000000000000003
[  169.277086][ T6505] RBP: 00007fe48beb7090 R08: 0000000000000000 R09: 0000000000000000
[  169.277099][ T6505] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  169.277111][ T6505] R13: 0000000000000000 R14: 00007fe48b1b5fa0 R15: 00007ffe6f5fc8c8
[  169.277143][ T6505]  </TASK>
[  169.603563][ T6507] sg_write: data in/out 124/1 bytes for SCSI command 0x1c-- guessing data in;
[  169.603563][ T6507]    program syz.2.151 not setting count and/or reply_len properly
[  169.633891][ T6507] vcan2: entered promiscuous mode
[  169.960818][ T5876] usb 3-1: new high-speed USB device number 3 using dummy_hcd
[  170.150764][ T6516] 9pnet_fd: Insufficient options for proto=fd
[  170.761807][ T5876] usb 3-1: device descriptor read/64, error -71
[  171.560665][ T5876] usb 3-1: new high-speed USB device number 4 using dummy_hcd
[  171.919550][ T5876] usb 3-1: device descriptor read/64, error -71
[  172.168065][ T5876] usb usb3-port1: attempt power cycle
[  173.420173][ T6538] syz.4.157: attempt to access beyond end of device
[  173.420173][ T6538] nbd4: rw=0, sector=0, nr_sectors = 1 limit=0
[  174.320790][ T5897] usb 4-1: new high-speed USB device number 3 using dummy_hcd
[  175.111286][ T6554] sg_write: data in/out 124/1 bytes for SCSI command 0x1c-- guessing data in;
[  175.111286][ T6554]    program syz.1.163 not setting count and/or reply_len properly
[  175.355412][ T6554] vcan2: entered promiscuous mode
[  176.058281][ T5897] usb 4-1: config 0 has an invalid interface number: 1 but max is 0
[  176.215011][ T6551] tmpfs: Bad value for 'grpquota_inode_hardlimit'
[  176.369474][ T5897] usb 4-1: config 0 has no interface number 0
[  176.381938][ T5897] usb 4-1: New USB device found, idVendor=18b4, idProduct=fffb, bcdDevice=dc.7b
[  176.400801][ T5897] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  176.408890][ T5897] usb 4-1: Product: syz
[  176.414725][ T5897] usb 4-1: Manufacturer: syz
[  176.419394][ T5897] usb 4-1: SerialNumber: syz
[  176.458921][ T5897] usb 4-1: config 0 descriptor??
[  178.048876][ T5897] usb 4-1: can't set config #0, error -71
[  178.260109][   T30] audit: type=1400 audit(1749819110.703:3): lsm=SMACK fn=smack_file_receive action=denied subject="w" object="_" requested=w pid=6562 comm="syz.4.166" path="socket:[10582]" dev="sockfs" ino=10582
[  178.282112][ T6564] process 'syz.4.166' launched '/dev/fd/13' with NULL argv: empty string added
[  178.304494][ T5897] usb 4-1: USB disconnect, device number 3
[  178.357711][   T30] audit: type=1400 audit(1749819110.743:4): lsm=SMACK fn=smack_socket_sock_rcv_skb action=denied subject="_" object="w" requested=w pid=6562 comm="syz.4.166" saddr=127.0.0.1 daddr=127.0.0.1 netif=lo
[  180.131221][ T6577] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  181.087765][ T6593] sg_write: data in/out 124/1 bytes for SCSI command 0x1c-- guessing data in;
[  181.087765][ T6593]    program syz.0.174 not setting count and/or reply_len properly
[  181.291396][ T6593] vcan1: entered promiscuous mode
[  181.407330][ T6595] affs: No valid root block on device nbd3
[  184.017177][ T5897] usb 1-1: new high-speed USB device number 6 using dummy_hcd
[  184.241907][ T5897] usb 1-1: config 127 has an invalid interface number: 140 but max is 0
[  184.276828][ T5897] usb 1-1: config 127 has no interface number 0
[  184.334540][ T5897] usb 1-1: config 127 interface 140 altsetting 0 endpoint 0xA has invalid maxpacket 1023, setting to 64
[  184.346283][   T10] usb 3-1: new high-speed USB device number 6 using dummy_hcd
[  184.463896][ T5897] usb 1-1: config 127 interface 140 altsetting 0 has a duplicate endpoint with address 0xC, skipping
[  184.566566][ T5897] usb 1-1: config 127 interface 140 altsetting 0 endpoint 0x9 has invalid maxpacket 512, setting to 64
[  184.661169][ T5897] usb 1-1: New USB device found, idVendor=0f3d, idProduct=68a3, bcdDevice=42.02
[  184.715879][ T5897] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  184.733261][   T10] usb 3-1: New USB device found, idVendor=a168, idProduct=0618, bcdDevice=e3.a4
[  184.752282][   T10] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  184.889054][ T6611] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22
[  184.901800][ T5897] sierra 1-1:127.140: Sierra USB modem converter detected
[  184.943939][   T10] usb 3-1: Product: syz
[  184.948287][   T10] usb 3-1: Manufacturer: syz
[  185.056188][   T10] usb 3-1: SerialNumber: syz
[  185.646246][   T10] usb 3-1: config 0 descriptor??
[  185.659090][   T10] gspca_main: gspca_sn9c20x-2.14.0 probing a168:0618
[  186.008642][   T10] gspca_sn9c20x: Write register 1000 failed -71
[  186.460338][   T10] gspca_sn9c20x: Device initialization failed
[  186.690742][   T10] gspca_sn9c20x 3-1:0.0: probe with driver gspca_sn9c20x failed with error -71
[  186.712597][   T10] usb 3-1: USB disconnect, device number 6
[  186.737405][ T5897] usb 1-1: Sierra USB modem converter now attached to ttyUSB0
[  187.518421][ T5897] usb 1-1: USB disconnect, device number 6
[  187.939573][ T5897] sierra ttyUSB0: Sierra USB modem converter now disconnected from ttyUSB0
[  188.190269][ T5897] sierra 1-1:127.140: device disconnected
[  188.665421][ T6646] FAULT_INJECTION: forcing a failure.
[  188.665421][ T6646] name failslab, interval 1, probability 0, space 0, times 0
[  188.678466][ T6646] CPU: 0 UID: 0 PID: 6646 Comm: syz.2.188 Not tainted 6.16.0-rc1-syzkaller-00101-g27605c8c0f69 #0 PREEMPT(full) 
[  188.678495][ T6646] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  188.678508][ T6646] Call Trace:
[  188.678518][ T6646]  <TASK>
[  188.678527][ T6646]  dump_stack_lvl+0x189/0x250
[  188.678577][ T6646]  ? __pfx____ratelimit+0x10/0x10
[  188.678610][ T6646]  ? __pfx_dump_stack_lvl+0x10/0x10
[  188.678642][ T6646]  ? __pfx__printk+0x10/0x10
[  188.678668][ T6646]  ? __pfx___might_resched+0x10/0x10
[  188.678699][ T6646]  ? fs_reclaim_acquire+0x7d/0x100
[  188.678735][ T6646]  should_fail_ex+0x414/0x560
[  188.678769][ T6646]  should_failslab+0xa8/0x100
[  188.678799][ T6646]  __kmalloc_noprof+0xcb/0x4f0
[  188.678824][ T6646]  ? genl_family_rcv_msg_attrs_parse+0xa3/0x2a0
[  188.678864][ T6646]  genl_family_rcv_msg_attrs_parse+0xa3/0x2a0
[  188.678906][ T6646]  genl_start+0x180/0x6c0
[  188.678948][ T6646]  ? __rcu_read_unlock+0x84/0xe0
[  188.678981][ T6646]  __netlink_dump_start+0x469/0x7e0
[  188.679016][ T6646]  genl_family_rcv_msg_dumpit+0x1e7/0x2c0
[  188.679053][ T6646]  ? __pfx_genl_family_rcv_msg_dumpit+0x10/0x10
[  188.679084][ T6646]  ? genl_get_cmd+0x496/0x910
[  188.679121][ T6646]  ? __pfx_genl_start+0x10/0x10
[  188.679150][ T6646]  ? __pfx_genl_dumpit+0x10/0x10
[  188.679178][ T6646]  ? __pfx_genl_done+0x10/0x10
[  188.679211][ T6646]  ? __pfx_preempt_schedule_irq+0x10/0x10
[  188.679255][ T6646]  genl_rcv_msg+0x5da/0x790
[  188.679294][ T6646]  ? __pfx_genl_rcv_msg+0x10/0x10
[  188.679323][ T6646]  ? __pfx_genl_rcv+0x10/0x10
[  188.679351][ T6646]  ? __pfx_netdev_nl_napi_get_dumpit+0x10/0x10
[  188.679395][ T6646]  netlink_rcv_skb+0x208/0x470
[  188.679421][ T6646]  ? __pfx_genl_rcv_msg+0x10/0x10
[  188.679454][ T6646]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  188.679499][ T6646]  ? down_read+0x1ad/0x2e0
[  188.679524][ T6646]  genl_rcv+0x28/0x40
[  188.679552][ T6646]  netlink_unicast+0x75b/0x8d0
[  188.679588][ T6646]  netlink_sendmsg+0x805/0xb30
[  188.679625][ T6646]  ? __pfx_netlink_sendmsg+0x10/0x10
[  188.679662][ T6646]  ? __pfx_netlink_sendmsg+0x10/0x10
[  188.679690][ T6646]  __sock_sendmsg+0x219/0x270
[  188.679727][ T6646]  ____sys_sendmsg+0x505/0x830
[  188.679761][ T6646]  ? __pfx_____sys_sendmsg+0x10/0x10
[  188.679800][ T6646]  ? import_iovec+0x74/0xa0
[  188.679826][ T6646]  ___sys_sendmsg+0x21f/0x2a0
[  188.679856][ T6646]  ? __pfx____sys_sendmsg+0x10/0x10
[  188.679926][ T6646]  ? __fget_files+0x2a/0x420
[  188.679961][ T6646]  ? __fget_files+0x3a0/0x420
[  188.680003][ T6646]  __x64_sys_sendmsg+0x19b/0x260
[  188.680034][ T6646]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  188.680073][ T6646]  ? __pfx_ksys_write+0x10/0x10
[  188.680105][ T6646]  ? do_syscall_64+0xbe/0x3b0
[  188.680129][ T6646]  do_syscall_64+0xfa/0x3b0
[  188.680150][ T6646]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  188.680171][ T6646]  ? asm_sysvec_reschedule_ipi+0x1a/0x20
[  188.680191][ T6646]  ? clear_bhb_loop+0x60/0xb0
[  188.680217][ T6646]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  188.680238][ T6646] RIP: 0033:0x7f391d78e929
[  188.680262][ T6646] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  188.680280][ T6646] RSP: 002b:00007f391e572038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  188.680306][ T6646] RAX: ffffffffffffffda RBX: 00007f391d9b6160 RCX: 00007f391d78e929
[  188.680321][ T6646] RDX: 0000000000000000 RSI: 0000200000000200 RDI: 0000000000000008
[  188.680334][ T6646] RBP: 00007f391e572090 R08: 0000000000000000 R09: 0000000000000000
[  188.680347][ T6646] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  188.680359][ T6646] R13: 0000000000000000 R14: 00007f391d9b6160 R15: 00007ffc3a696638
[  188.680393][ T6646]  </TASK>
[  196.901724][ T6692] capability: warning: `syz.0.198' uses deprecated v2 capabilities in a way that may be insecure
[  197.791619][    T9] usb 2-1: new high-speed USB device number 4 using dummy_hcd
[  197.875387][ T6702] =======================================================
[  197.875387][ T6702] WARNING: The mand mount option has been deprecated and
[  197.875387][ T6702]          and is ignored by this kernel. Remove the mand
[  197.875387][ T6702]          option from the mount to silence this warning.
[  197.875387][ T6702] =======================================================
[  197.910644][ T6702] tmpfs: Unknown parameter '��01777777777777777777777'
[  198.601101][    T9] usb 2-1: config 0 has an invalid interface number: 1 but max is 0
[  198.638722][    T9] usb 2-1: config 0 has no interface number 0
[  198.673455][    T9] usb 2-1: New USB device found, idVendor=18b4, idProduct=fffb, bcdDevice=dc.7b
[  198.690290][    T9] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  198.710858][    T9] usb 2-1: Product: syz
[  198.715211][    T9] usb 2-1: Manufacturer: syz
[  198.722785][    T9] usb 2-1: SerialNumber: syz
[  198.772955][    T9] usb 2-1: config 0 descriptor??
[  199.115582][ T6712] 9pnet_fd: Insufficient options for proto=fd
[  199.645475][ T1303] ieee802154 phy0 wpan0: encryption failed: -22
[  199.657053][ T1303] ieee802154 phy1 wpan1: encryption failed: -22
[  200.141601][ T6716] FAULT_INJECTION: forcing a failure.
[  200.141601][ T6716] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  200.163461][    T9] usb 2-1: dvb_usb_v2: found a 'E3C EC168 reference design' in warm state
[  200.174042][ T6716] CPU: 0 UID: 0 PID: 6716 Comm: syz.0.205 Not tainted 6.16.0-rc1-syzkaller-00101-g27605c8c0f69 #0 PREEMPT(full) 
[  200.174072][ T6716] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  200.174086][ T6716] Call Trace:
[  200.174094][ T6716]  <TASK>
[  200.174104][ T6716]  dump_stack_lvl+0x189/0x250
[  200.174142][ T6716]  ? __pfx____ratelimit+0x10/0x10
[  200.174176][ T6716]  ? __pfx_dump_stack_lvl+0x10/0x10
[  200.174208][ T6716]  ? __pfx__printk+0x10/0x10
[  200.174229][ T6716]  ? __might_fault+0xb0/0x130
[  200.174267][ T6716]  should_fail_ex+0x414/0x560
[  200.174309][ T6716]  _copy_from_user+0x2d/0xb0
[  200.174331][ T6716]  __se_sys_mount+0x18a/0x410
[  200.174361][ T6716]  ? __pfx_handle_softirqs+0x10/0x10
[  200.174397][ T6716]  ? __pfx___se_sys_mount+0x10/0x10
[  200.174432][ T6716]  ? do_syscall_64+0xbe/0x3b0
[  200.174450][ T6716]  ? __x64_sys_mount+0x20/0xc0
[  200.174481][ T6716]  do_syscall_64+0xfa/0x3b0
[  200.174502][ T6716]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  200.174522][ T6716]  ? asm_sysvec_apic_timer_interrupt+0x1a/0x20
[  200.174544][ T6716]  ? clear_bhb_loop+0x60/0xb0
[  200.174570][ T6716]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  200.174591][ T6716] RIP: 0033:0x7f8cdd78e929
[  200.174610][ T6716] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  200.174628][ T6716] RSP: 002b:00007f8cde6de038 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[  200.174650][ T6716] RAX: ffffffffffffffda RBX: 00007f8cdd9b5fa0 RCX: 00007f8cdd78e929
[  200.174665][ T6716] RDX: 0000200000000100 RSI: 0000200000000040 RDI: 0000000000000000
[  200.174679][ T6716] RBP: 00007f8cde6de090 R08: 0000200000000140 R09: 0000000000000000
[  200.174693][ T6716] R10: 0000000000000080 R11: 0000000000000246 R12: 0000000000000001
[  200.174705][ T6716] R13: 0000000000000000 R14: 00007f8cdd9b5fa0 R15: 00007fff824bcdb8
[  200.174738][ T6716]  </TASK>
[  200.420765][ T6716] 9pnet: p9_errstr2errno: server reported unknown error 18446744073709
[  200.429209][    T9] usb 2-1: dvb_usb_v2: will pass the complete MPEG2 transport stream to the software demuxer
[  200.429552][    T9] dvbdev: DVB: registering new adapter (E3C EC168 reference design)
[  200.464326][    T9] usb 2-1: media controller created
[  200.520840][    T9] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  201.002661][ T6724] 9pnet_fd: Insufficient options for proto=fd
[  201.523048][    T9] i2c i2c-1: ec100: i2c rd failed=-32 reg=33
[  201.751578][    T9] usb 2-1: USB disconnect, device number 4
[  201.892505][ T6733] netlink: 8 bytes leftover after parsing attributes in process `syz.0.210'.
[  203.479003][ T6758] FAULT_INJECTION: forcing a failure.
[  203.479003][ T6758] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  203.669717][ T6758] CPU: 0 UID: 0 PID: 6758 Comm: syz.2.218 Not tainted 6.16.0-rc1-syzkaller-00101-g27605c8c0f69 #0 PREEMPT(full) 
[  203.669748][ T6758] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  203.669761][ T6758] Call Trace:
[  203.669770][ T6758]  <TASK>
[  203.669779][ T6758]  dump_stack_lvl+0x189/0x250
[  203.669816][ T6758]  ? __pfx____ratelimit+0x10/0x10
[  203.669849][ T6758]  ? __pfx_dump_stack_lvl+0x10/0x10
[  203.669879][ T6758]  ? __pfx__printk+0x10/0x10
[  203.669900][ T6758]  ? __might_fault+0xb0/0x130
[  203.669938][ T6758]  should_fail_ex+0x414/0x560
[  203.669970][ T6758]  _copy_from_iter+0x1db/0x16f0
[  203.670006][ T6758]  ? rcu_is_watching+0x15/0xb0
[  203.670038][ T6758]  ? kmem_cache_alloc_node_noprof+0x217/0x3c0
[  203.670066][ T6758]  ? __pfx__copy_from_iter+0x10/0x10
[  203.670100][ T6758]  ? __build_skb_around+0x257/0x3e0
[  203.670129][ T6758]  ? netlink_sendmsg+0x642/0xb30
[  203.670153][ T6758]  ? skb_put+0x11b/0x210
[  203.670181][ T6758]  netlink_sendmsg+0x6b2/0xb30
[  203.670218][ T6758]  ? __pfx_netlink_sendmsg+0x10/0x10
[  203.670253][ T6758]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  203.670279][ T6758]  ? __pfx_netlink_sendmsg+0x10/0x10
[  203.670306][ T6758]  __sock_sendmsg+0x219/0x270
[  203.670342][ T6758]  ____sys_sendmsg+0x505/0x830
[  203.670376][ T6758]  ? __pfx_____sys_sendmsg+0x10/0x10
[  203.670413][ T6758]  ? import_iovec+0x74/0xa0
[  203.670438][ T6758]  ___sys_sendmsg+0x21f/0x2a0
[  203.670467][ T6758]  ? __pfx____sys_sendmsg+0x10/0x10
[  203.670532][ T6758]  ? __fget_files+0x2a/0x420
[  203.670564][ T6758]  ? __fget_files+0x3a0/0x420
[  203.670603][ T6758]  __x64_sys_sendmsg+0x19b/0x260
[  203.670633][ T6758]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  203.670671][ T6758]  ? __pfx_ksys_write+0x10/0x10
[  203.670702][ T6758]  ? rcu_is_watching+0x15/0xb0
[  203.670739][ T6758]  ? do_syscall_64+0xbe/0x3b0
[  203.670763][ T6758]  do_syscall_64+0xfa/0x3b0
[  203.670781][ T6758]  ? lockdep_hardirqs_on+0x9c/0x150
[  203.670812][ T6758]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  203.670832][ T6758]  ? clear_bhb_loop+0x60/0xb0
[  203.670859][ T6758]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  203.670879][ T6758] RIP: 0033:0x7f391d78e929
[  203.670898][ T6758] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  203.670916][ T6758] RSP: 002b:00007f391e5b4038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  203.670938][ T6758] RAX: ffffffffffffffda RBX: 00007f391d9b5fa0 RCX: 00007f391d78e929
[  203.670953][ T6758] RDX: 0000000000000004 RSI: 0000200000000600 RDI: 0000000000000003
[  203.670966][ T6758] RBP: 00007f391e5b4090 R08: 0000000000000000 R09: 0000000000000000
[  203.670979][ T6758] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  203.670991][ T6758] R13: 0000000000000000 R14: 00007f391d9b5fa0 R15: 00007ffc3a696638
[  203.671022][ T6758]  </TASK>
[  205.004687][ T6765] sctp: failed to load transform for md5: -2
[  209.248684][   T30] audit: type=1800 audit(1749819141.513:5): pid=6806 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz.3.228" name="bus" dev="overlay" ino=263 res=0 errno=0
[  211.500780][ T6820] atomic_op ffff888034e8f998 conn xmit_atomic 0000000000000000
[  212.671045][ T6817] Bluetooth: hci0: command 0x0406 tx timeout
[  212.681850][ T6817] Bluetooth: hci4: command 0x0406 tx timeout
[  212.793888][ T6817] Bluetooth: hci2: command 0x0406 tx timeout
[  212.800129][ T6817] Bluetooth: hci3: command 0x0406 tx timeout
[  212.808461][ T6817] Bluetooth: hci1: command 0x0406 tx timeout
[  212.841529][ T6826] xt_CT: No such helper "snmp"
[  213.061673][ T6835] netlink: 4083 bytes leftover after parsing attributes in process `syz.0.235'.
[  215.559328][ T6854] kthread_run failed with err -4
[  215.963428][ T6863] Cannot find add_set index 0 as target
[  216.553500][ T6856] sctp: failed to load transform for md5: -2
[  219.890348][ T6875] netlink: 104 bytes leftover after parsing attributes in process `syz.2.243'.
[  222.380768][ T6907] 9pnet_fd: Insufficient options for proto=fd
[  222.476232][ T6898] tmpfs: Bad value for 'grpquota_inode_hardlimit'
[  226.648705][ T6942] netlink: 4 bytes leftover after parsing attributes in process `syz.3.260'.
[  226.770637][   T24] usb 2-1: new high-speed USB device number 5 using dummy_hcd
[  226.963425][   T24] usb 2-1: device descriptor read/64, error -71
[  227.750783][   T24] usb 2-1: new high-speed USB device number 6 using dummy_hcd
[  228.500698][   T24] usb 2-1: device descriptor read/64, error -71
[  228.681240][   T24] usb usb2-port1: attempt power cycle
[  228.697371][ T6956] xt_CT: You must specify a L4 protocol and not use inversions on it
[  228.771707][ T6957] sg_write: data in/out 124/1 bytes for SCSI command 0x1c-- guessing data in;
[  228.771707][ T6957]    program syz.3.264 not setting count and/or reply_len properly
[  229.019672][ T6957] vcan2: entered promiscuous mode
[  229.121363][   T24] usb 2-1: new high-speed USB device number 7 using dummy_hcd
[  229.176446][   T24] usb 2-1: device descriptor read/8, error -71
[  229.638639][   T24] usb 2-1: new high-speed USB device number 8 using dummy_hcd
[  230.091644][   T24] usb 2-1: device descriptor read/8, error -71
[  230.138652][ T6977] 9pnet_fd: Insufficient options for proto=fd
[  230.268424][   T24] usb usb2-port1: unable to enumerate USB device
[  230.520847][ T6982] tmpfs: Bad value for 'grpquota_inode_hardlimit'
[  231.301483][    T9] usb 3-1: new high-speed USB device number 7 using dummy_hcd
[  231.375834][ T6993] No control pipe specified
[  231.460976][    T9] usb 3-1: Using ep0 maxpacket: 8
[  231.480516][    T9] usb 3-1: config 5 has an invalid interface number: 52 but max is 1
[  231.510796][    T9] usb 3-1: config 5 has an invalid descriptor of length 0, skipping remainder of the config
[  231.544466][    T9] usb 3-1: config 5 has 1 interface, different from the descriptor's value: 2
[  231.602110][    T9] usb 3-1: config 5 has no interface number 0
[  231.659090][    T9] usb 3-1: New USB device found, idVendor=04b4, idProduct=0002, bcdDevice=e2.5c
[  231.690061][    T9] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  231.721531][    T9] usb 3-1: Product: syz
[  231.740772][    T9] usb 3-1: Manufacturer: syz
[  231.761344][    T9] usb 3-1: SerialNumber: syz
[  232.723409][    T9] cytherm 3-1:5.52: Cypress thermometer device now attached
[  232.745440][    T9] usb 3-1: USB disconnect, device number 7
[  232.754206][    T9] cytherm 3-1:5.52: Cypress thermometer now disconnected
[  233.252706][ T7005] ref_tracker: memory allocation failure, unreliable refcount tracker.
[  233.933014][ T7017] xt_CT: You must specify a L4 protocol and not use inversions on it
[  234.501601][   T10] usb 1-1: new high-speed USB device number 7 using dummy_hcd
[  235.182045][   T10] usb 1-1: config 0 has an invalid interface number: 1 but max is 0
[  235.225238][   T10] usb 1-1: config 0 has no interface number 0
[  235.299820][ T7031] lo speed is unknown, defaulting to 1000
[  235.306407][ T7031] lo speed is unknown, defaulting to 1000
[  235.321627][ T7031] lo speed is unknown, defaulting to 1000
[  235.359361][ T7031] iwpm_register_pid: Unable to send a nlmsg (client = 2)
[  235.430055][ T7031] infiniband syz0: RDMA CMA: cma_listen_on_dev, error -98
[  235.952635][   T10] usb 1-1: New USB device found, idVendor=18b4, idProduct=fffb, bcdDevice=dc.7b
[  235.957257][ T7031] lo speed is unknown, defaulting to 1000
[  235.993770][   T10] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  236.030066][   T10] usb 1-1: Product: syz
[  236.062833][   T10] usb 1-1: Manufacturer: syz
[  236.067518][   T10] usb 1-1: SerialNumber: syz
[  236.092549][ T7031] lo speed is unknown, defaulting to 1000
[  236.099743][ T7031] lo speed is unknown, defaulting to 1000
[  236.106889][ T7031] lo speed is unknown, defaulting to 1000
[  236.120608][ T7031] lo speed is unknown, defaulting to 1000
[  237.017086][   T10] usb 1-1: config 0 descriptor??
[  237.065532][ T7041] kthread_run failed with err -4
[  237.272805][   T10] usb 1-1: can't set config #0, error -71
[  237.324827][   T10] usb 1-1: USB disconnect, device number 7
[  237.947654][ T7053] tmpfs: Bad value for 'grpquota_inode_hardlimit'
[  238.086856][ T5938] usb 2-1: new high-speed USB device number 9 using dummy_hcd
[  238.893440][ T5938] usb 2-1: New USB device found, idVendor=056e, idProduct=4010, bcdDevice=20.1c
[  238.954817][ T5938] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  238.999375][ T5938] usb 2-1: config 0 descriptor??
[  239.222956][   T24] usb 4-1: new high-speed USB device number 4 using dummy_hcd
[  239.441335][   T24] usb 4-1: Using ep0 maxpacket: 16
[  239.505556][   T24] usb 4-1: New USB device found, idVendor=0471, idProduct=0327, bcdDevice=61.a4
[  239.657610][   T24] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  240.006060][ T7051] netlink: 87 bytes leftover after parsing attributes in process `syz.1.292'.
[  240.026855][   T24] usb 4-1: config 0 descriptor??
[  240.077571][   T24] gspca_main: sonixj-2.14.0 probing 0471:0327
[  240.219616][ T5938] pegasus 2-1:0.0: probe with driver pegasus failed with error -121
[  240.918308][   T24] gspca_sonixj: reg_r err -110
[  241.363067][   T24] sonixj 4-1:0.0: probe with driver sonixj failed with error -110
[  241.542535][ T7086] 9pnet_fd: Insufficient options for proto=fd
[  241.933475][   T24] usb 4-1: USB disconnect, device number 4
[  241.945226][ T7081] kthread_run failed with err -4
[  241.991662][ T5938] usb 2-1: USB disconnect, device number 9
[  242.292750][ T7092] sg_write: data in/out 124/1 bytes for SCSI command 0x1c-- guessing data in;
[  242.292750][ T7092]    program syz.1.305 not setting count and/or reply_len properly
[  242.789687][ T7092] vcan3: entered promiscuous mode
[  243.384418][ T7106] siw: device registration error -23
[  244.208274][ T7111] FAULT_INJECTION: forcing a failure.
[  244.208274][ T7111] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  244.222007][ T7111] CPU: 0 UID: 0 PID: 7111 Comm: syz.0.309 Not tainted 6.16.0-rc1-syzkaller-00101-g27605c8c0f69 #0 PREEMPT(full) 
[  244.222036][ T7111] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  244.222049][ T7111] Call Trace:
[  244.222057][ T7111]  <TASK>
[  244.222066][ T7111]  dump_stack_lvl+0x189/0x250
[  244.222104][ T7111]  ? __pfx____ratelimit+0x10/0x10
[  244.222136][ T7111]  ? __pfx_dump_stack_lvl+0x10/0x10
[  244.222167][ T7111]  ? __pfx__printk+0x10/0x10
[  244.222202][ T7111]  should_fail_ex+0x414/0x560
[  244.222234][ T7111]  _copy_to_user+0x31/0xb0
[  244.222258][ T7111]  simple_read_from_buffer+0xe1/0x170
[  244.222291][ T7111]  proc_fail_nth_read+0x1df/0x250
[  244.222332][ T7111]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  244.222366][ T7111]  ? rw_verify_area+0x258/0x650
[  244.222388][ T7111]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  244.222420][ T7111]  vfs_read+0x200/0x980
[  244.222450][ T7111]  ? __pfx___mutex_lock+0x10/0x10
[  244.222470][ T7111]  ? __pfx_vfs_read+0x10/0x10
[  244.222495][ T7111]  ? __fget_files+0x2a/0x420
[  244.222528][ T7111]  ? __fget_files+0x3a0/0x420
[  244.222554][ T7111]  ? __fget_files+0x2a/0x420
[  244.222592][ T7111]  ksys_read+0x145/0x250
[  244.222619][ T7111]  ? __pfx_ksys_read+0x10/0x10
[  244.222640][ T7111]  ? rcu_is_watching+0x15/0xb0
[  244.222676][ T7111]  ? do_syscall_64+0xbe/0x3b0
[  244.222698][ T7111]  do_syscall_64+0xfa/0x3b0
[  244.222717][ T7111]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  244.222741][ T7111]  ? asm_sysvec_apic_timer_interrupt+0x1a/0x20
[  244.222763][ T7111]  ? clear_bhb_loop+0x60/0xb0
[  244.222789][ T7111]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  244.222810][ T7111] RIP: 0033:0x7f8cdd78d33c
[  244.222828][ T7111] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[  244.222846][ T7111] RSP: 002b:00007f8cde6de030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  244.222868][ T7111] RAX: ffffffffffffffda RBX: 00007f8cdd9b5fa0 RCX: 00007f8cdd78d33c
[  244.222884][ T7111] RDX: 000000000000000f RSI: 00007f8cde6de0a0 RDI: 0000000000000005
[  244.222897][ T7111] RBP: 00007f8cde6de090 R08: 0000000000000000 R09: 0000000000000000
[  244.222910][ T7111] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  244.222922][ T7111] R13: 0000000000000000 R14: 00007f8cdd9b5fa0 R15: 00007fff824bcdb8
[  244.222955][ T7111]  </TASK>
[  244.257010][ T7102] lo speed is unknown, defaulting to 1000
[  246.969175][ T7136] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  247.381037][ T7136] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  247.704390][ T7136] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  248.976278][ T7162] netlink: 16 bytes leftover after parsing attributes in process `syz.2.323'.
[  249.122771][ T7166] FAULT_INJECTION: forcing a failure.
[  249.122771][ T7166] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  249.200672][ T7166] CPU: 0 UID: 0 PID: 7166 Comm: syz.0.325 Not tainted 6.16.0-rc1-syzkaller-00101-g27605c8c0f69 #0 PREEMPT(full) 
[  249.200701][ T7166] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  249.200710][ T7166] Call Trace:
[  249.200716][ T7166]  <TASK>
[  249.200723][ T7166]  dump_stack_lvl+0x189/0x250
[  249.200749][ T7166]  ? __pfx____ratelimit+0x10/0x10
[  249.200771][ T7166]  ? __pfx_dump_stack_lvl+0x10/0x10
[  249.200791][ T7166]  ? __pfx__printk+0x10/0x10
[  249.200815][ T7166]  should_fail_ex+0x414/0x560
[  249.200837][ T7166]  strncpy_from_user+0x36/0x290
[  249.200857][ T7166]  getname_flags+0xf3/0x540
[  249.200887][ T7166]  __se_sys_mq_unlink+0xe2/0x420
[  249.200906][ T7166]  ? __pfx___se_sys_mq_unlink+0x10/0x10
[  249.200922][ T7166]  ? rcu_is_watching+0x15/0xb0
[  249.200948][ T7166]  ? do_syscall_64+0xbe/0x3b0
[  249.200964][ T7166]  do_syscall_64+0xfa/0x3b0
[  249.200976][ T7166]  ? lockdep_hardirqs_on+0x9c/0x150
[  249.200997][ T7166]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  249.201011][ T7166]  ? clear_bhb_loop+0x60/0xb0
[  249.201028][ T7166]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  249.201042][ T7166] RIP: 0033:0x7f8cdd78e929
[  249.201055][ T7166] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  249.201067][ T7166] RSP: 002b:00007f8cde6de038 EFLAGS: 00000246 ORIG_RAX: 00000000000000f1
[  249.201082][ T7166] RAX: ffffffffffffffda RBX: 00007f8cdd9b5fa0 RCX: 00007f8cdd78e929
[  249.201093][ T7166] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000200000000340
[  249.201101][ T7166] RBP: 00007f8cde6de090 R08: 0000000000000000 R09: 0000000000000000
[  249.201110][ T7166] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  249.201118][ T7166] R13: 0000000000000001 R14: 00007f8cdd9b5fa0 R15: 00007fff824bcdb8
[  249.201142][ T7166]  </TASK>
[  249.788185][ T7175] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  250.297578][ T7181] sg_write: data in/out 124/1 bytes for SCSI command 0x1c-- guessing data in;
[  250.297578][ T7181]    program syz.0.329 not setting count and/or reply_len properly
[  250.435978][ T7136] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  250.552295][ T7181] vcan2: entered promiscuous mode
[  251.324908][ T7136] netdevsim netdevsim4 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[  251.458228][ T7185] sg_write: data in/out 124/1 bytes for SCSI command 0x1c-- guessing data in;
[  251.458228][ T7185]    program syz.1.330 not setting count and/or reply_len properly
[  251.940357][ T7136] netdevsim netdevsim4 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[  251.976157][ T7186] vcan4: entered promiscuous mode
[  251.995504][ T7136] netdevsim netdevsim4 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[  252.087492][ T7136] netdevsim netdevsim4 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[  252.600167][ T7191] syz_tun: entered allmulticast mode
[  252.693409][ T7191] syz.3.334: attempt to access beyond end of device
[  252.693409][ T7191] nbd3: rw=0, sector=0, nr_sectors = 1 limit=0
[  252.957120][ T7200] atomic_op ffff88807be0a998 conn xmit_atomic 0000000000000000
[  253.818324][ T7199] netlink: 8 bytes leftover after parsing attributes in process `syz.3.334'.
[  254.411812][ T7205] syz_tun: left allmulticast mode
[  256.325234][ T5897] usb 4-1: new high-speed USB device number 5 using dummy_hcd
[  256.416487][ T7227] overlayfs: failed to resolve './bus': -2
[  256.850500][ T5897] usb 4-1: config 0 has an invalid interface number: 64 but max is 0
[  256.899065][ T5897] usb 4-1: config 0 has an invalid descriptor of length 48, skipping remainder of the config
[  256.997681][ T5897] usb 4-1: config 0 has no interface number 0
[  257.083146][ T5897] usb 4-1: New USB device found, idVendor=046d, idProduct=0823, bcdDevice=39.48
[  257.102712][ T5897] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  257.151096][ T5897] usb 4-1: Product: syz
[  257.155564][ T5897] usb 4-1: Manufacturer: syz
[  257.161070][ T5897] usb 4-1: SerialNumber: syz
[  257.177018][ T5897] usb 4-1: config 0 descriptor??
[  257.377751][ T7241] sg_write: data in/out 124/1 bytes for SCSI command 0x1c-- guessing data in;
[  257.377751][ T7241]    program syz.0.343 not setting count and/or reply_len properly
[  257.700080][ T7245] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  257.744011][ T7245] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  258.145751][ T5897] usb 4-1: Found UVC 0.00 device syz (046d:0823)
[  258.171100][ T5897] usb 4-1: No valid video chain found.
[  258.218941][ T5897] usb 4-1: USB disconnect, device number 5
[  258.369548][ T7241] vcan3: entered promiscuous mode
[  259.766146][ T7256] atomic_op ffff88807b6ac198 conn xmit_atomic 0000000000000000
[  260.549821][ T7262] vcan3: entered promiscuous mode
[  260.981262][ T7264] netlink: 76 bytes leftover after parsing attributes in process `syz.1.349'.
[  261.075051][ T1303] ieee802154 phy0 wpan0: encryption failed: -22
[  261.081687][ T1303] ieee802154 phy1 wpan1: encryption failed: -22
[  261.240848][   T10] usb 5-1: new high-speed USB device number 2 using dummy_hcd
[  261.711063][   T10] usb 5-1: Using ep0 maxpacket: 8
[  261.777208][   T10] usb 5-1: New USB device found, idVendor=1557, idProduct=7720, bcdDevice=b7.eb
[  261.858575][   T10] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  262.030053][   T10] usb 5-1: config 0 descriptor??
[  262.793880][ T7266] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  263.234761][ T7266] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  264.896694][   T10] asix 5-1:0.0 (unnamed net_device) (uninitialized): Failed to write reg index 0x0000: -71
[  264.913302][   T10] asix 5-1:0.0: probe with driver asix failed with error -71
[  264.935361][   T10] usb 5-1: USB disconnect, device number 2
[  265.200393][ T7301] netlink: 12 bytes leftover after parsing attributes in process `syz.1.361'.
[  265.383805][ T5897] usb 4-1: new high-speed USB device number 6 using dummy_hcd
[  265.601814][ T5897] usb 4-1: Using ep0 maxpacket: 32
[  265.619212][ T5897] usb 4-1: unable to get BOS descriptor or descriptor too short
[  265.659817][ T5897] usb 4-1: config 127 has an invalid interface number: 51 but max is 0
[  265.700287][ T5897] usb 4-1: config 127 has no interface number 0
[  265.737566][ T5897] usb 4-1: config 127 interface 51 has no altsetting 0
[  265.775856][ T5897] usb 4-1: New USB device found, idVendor=1410, idProduct=a005, bcdDevice=53.d4
[  265.810276][   T30] audit: type=1326 audit(1749819198.253:6): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7305 comm="syz.1.362" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe48af8e929 code=0x7ffc0000
[  265.851224][ T5897] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  265.869605][ T5897] usb 4-1: Product: syz
[  265.879710][ T5897] usb 4-1: Manufacturer: syz
[  265.892673][ T5897] usb 4-1: SerialNumber: syz
[  266.380958][ T7297] netlink: 4 bytes leftover after parsing attributes in process `syz.3.359'.
[  269.342185][ T7316] sctp: failed to load transform for md5: -2
[  270.005877][ T5897] usb 4-1: USB disconnect, device number 6
[  270.659408][ T7338] FAULT_INJECTION: forcing a failure.
[  270.659408][ T7338] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  270.674181][ T7337] netlink: 16 bytes leftover after parsing attributes in process `syz.3.369'.
[  270.680985][ T7338] CPU: 0 UID: 0 PID: 7338 Comm: syz.2.368 Not tainted 6.16.0-rc1-syzkaller-00101-g27605c8c0f69 #0 PREEMPT(full) 
[  270.681020][ T7338] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  270.681036][ T7338] Call Trace:
[  270.681046][ T7338]  <TASK>
[  270.681056][ T7338]  dump_stack_lvl+0x189/0x250
[  270.681101][ T7338]  ? __pfx____ratelimit+0x10/0x10
[  270.681147][ T7338]  ? __pfx_dump_stack_lvl+0x10/0x10
[  270.681184][ T7338]  ? __pfx__printk+0x10/0x10
[  270.681209][ T7338]  ? __might_fault+0xb0/0x130
[  270.681253][ T7338]  should_fail_ex+0x414/0x560
[  270.681292][ T7338]  _copy_from_user+0x2d/0xb0
[  270.681319][ T7338]  ___sys_sendmsg+0x158/0x2a0
[  270.681357][ T7338]  ? __pfx____sys_sendmsg+0x10/0x10
[  270.681433][ T7338]  ? __fget_files+0x2a/0x420
[  270.681466][ T7338]  ? __fget_files+0x3a0/0x420
[  270.681511][ T7338]  __x64_sys_sendmsg+0x19b/0x260
[  270.681545][ T7338]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  270.681589][ T7338]  ? __pfx_ksys_write+0x10/0x10
[  270.681615][ T7338]  ? rcu_is_watching+0x15/0xb0
[  270.681658][ T7338]  ? do_syscall_64+0xbe/0x3b0
[  270.681685][ T7338]  do_syscall_64+0xfa/0x3b0
[  270.681705][ T7338]  ? lockdep_hardirqs_on+0x9c/0x150
[  270.681741][ T7338]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  270.681766][ T7338]  ? clear_bhb_loop+0x60/0xb0
[  270.681795][ T7338]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  270.681819][ T7338] RIP: 0033:0x7f391d78e929
[  270.681841][ T7338] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  270.681862][ T7338] RSP: 002b:00007f391e5b4038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  270.681887][ T7338] RAX: ffffffffffffffda RBX: 00007f391d9b5fa0 RCX: 00007f391d78e929
[  270.681905][ T7338] RDX: 0000000000040000 RSI: 0000200000003b00 RDI: 0000000000000004
[  270.681920][ T7338] RBP: 00007f391e5b4090 R08: 0000000000000000 R09: 0000000000000000
[  270.681934][ T7338] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  270.681949][ T7338] R13: 0000000000000000 R14: 00007f391d9b5fa0 R15: 00007ffc3a696638
[  270.681985][ T7338]  </TASK>
[  271.126120][ T7337] netlink: 16 bytes leftover after parsing attributes in process `syz.3.369'.
[  271.579899][ T7337] netlink: 5 bytes leftover after parsing attributes in process `syz.3.369'.
[  272.394394][ T7347] netlink: 4 bytes leftover after parsing attributes in process `syz.2.371'.
[  273.798210][ T7363] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[  273.950633][ T5897] usb 2-1: new high-speed USB device number 10 using dummy_hcd
[  275.170332][ T5897] usb 2-1: config 0 has an invalid interface number: 1 but max is 0
[  275.178730][ T5897] usb 2-1: config 0 has no interface number 0
[  275.284188][ T5897] usb 2-1: New USB device found, idVendor=18b4, idProduct=fffb, bcdDevice=dc.7b
[  275.306171][ T5897] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  275.326140][ T5897] usb 2-1: Product: syz
[  275.364779][ T5897] usb 2-1: Manufacturer: syz
[  275.369461][ T5897] usb 2-1: SerialNumber: syz
[  275.409206][ T5897] usb 2-1: config 0 descriptor??
[  275.610834][    T9] usb 4-1: new full-speed USB device number 7 using dummy_hcd
[  275.669043][ T5897] usb 2-1: dvb_usb_v2: found a 'E3C EC168 reference design' in warm state
[  275.710196][ T5897] usb 2-1: dvb_usb_v2: will pass the complete MPEG2 transport stream to the software demuxer
[  275.725126][ T5897] dvbdev: DVB: registering new adapter (E3C EC168 reference design)
[  275.747749][ T5897] usb 2-1: media controller created
[  275.789741][ T7382] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  275.926408][    T9] usb 4-1: config 0 contains an unexpected descriptor of type 0x2, skipping
[  276.044623][    T9] usb 4-1: config 0 has an invalid interface number: 2 but max is -1
[  276.154358][    T9] usb 4-1: config 0 has an invalid interface number: 2 but max is -1
[  276.310433][ T5897] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  276.318913][    T9] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  276.329552][    T9] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 0
[  276.340116][    T9] usb 4-1: config 0 has no interface number 0
[  276.346638][    T9] usb 4-1: config 0 interface 2 altsetting 1 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[  276.625292][    T9] usb 4-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  276.636675][    T9] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  276.645760][    T9] usb 4-1: Product: syz
[  276.646021][ T5897] i2c i2c-1: ec100: i2c rd failed=-32 reg=33
[  276.658302][    T9] usb 4-1: Manufacturer: syz
[  276.666536][    T9] usb 4-1: SerialNumber: syz
[  276.681722][    T9] usb 4-1: config 0 descriptor??
[  276.735166][ T7387] atomic_op ffff8880306bb198 conn xmit_atomic 0000000000000000
[  277.152678][    T9] usb 4-1: No MIDI 2.0 at altset 1, falling back to MIDI 1.0
[  277.160395][    T9] usb 4-1: MIDIStreaming interface descriptor not found
[  277.295132][ T5897] usb 2-1: USB disconnect, device number 10
[  277.493509][    T9] usb 4-1: USB disconnect, device number 7
[  277.969884][ T6478] udevd[6478]: error opening ATTR{/sys/devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.2/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  278.407086][ T7403] netlink: 76 bytes leftover after parsing attributes in process `syz.4.388'.
[  279.150848][ T5143] Bluetooth: hci3: command 0x0406 tx timeout
[  282.293732][ T7433] ceph: No mds server is up or the cluster is laggy
[  282.382819][   T24] libceph: connect (1)[c::]:6789 error -101
[  282.410127][   T24] libceph: mon0 (1)[c::]:6789 connect error
[  282.960665][    T9] usb 3-1: new high-speed USB device number 8 using dummy_hcd
[  283.178834][    T9] usb 3-1: config 0 has an invalid interface number: 1 but max is 0
[  283.222997][    T9] usb 3-1: config 0 has no interface number 0
[  283.269202][    T9] usb 3-1: New USB device found, idVendor=18b4, idProduct=fffb, bcdDevice=dc.7b
[  283.337062][    T9] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  283.351956][ T7446] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  283.387116][    T9] usb 3-1: Product: syz
[  283.427584][    T9] usb 3-1: Manufacturer: syz
[  283.456667][    T9] usb 3-1: SerialNumber: syz
[  283.517499][    T9] usb 3-1: config 0 descriptor??
[  283.540002][ T7450] netlink: 20 bytes leftover after parsing attributes in process `syz.1.398'.
[  283.773960][    T9] usb 3-1: dvb_usb_v2: found a 'E3C EC168 reference design' in warm state
[  283.813280][    T9] usb 3-1: dvb_usb_v2: will pass the complete MPEG2 transport stream to the software demuxer
[  283.862764][    T9] dvbdev: DVB: registering new adapter (E3C EC168 reference design)
[  283.916135][    T9] usb 3-1: media controller created
[  283.960355][    T9] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  284.275338][ T7458] FAULT_INJECTION: forcing a failure.
[  284.275338][ T7458] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  284.288889][ T7458] CPU: 0 UID: 0 PID: 7458 Comm: syz.0.401 Not tainted 6.16.0-rc1-syzkaller-00101-g27605c8c0f69 #0 PREEMPT(full) 
[  284.288918][ T7458] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  284.288934][ T7458] Call Trace:
[  284.288943][ T7458]  <TASK>
[  284.288952][ T7458]  dump_stack_lvl+0x189/0x250
[  284.288999][ T7458]  ? __pfx____ratelimit+0x10/0x10
[  284.289033][ T7458]  ? __pfx_dump_stack_lvl+0x10/0x10
[  284.289065][ T7458]  ? __pfx__printk+0x10/0x10
[  284.289088][ T7458]  ? __might_fault+0xb0/0x130
[  284.289128][ T7458]  should_fail_ex+0x414/0x560
[  284.289161][ T7458]  _copy_to_iter+0x1db/0x16f0
[  284.289203][ T7458]  ? irqentry_exit+0x74/0x90
[  284.289237][ T7458]  ? __pfx__copy_to_iter+0x10/0x10
[  284.289279][ T7458]  ? seq_read_iter+0xbdb/0xe10
[  284.289309][ T7458]  seq_read_iter+0xbeb/0xe10
[  284.289355][ T7458]  proc_reg_read_iter+0x1b4/0x280
[  284.289379][ T7458]  vfs_read+0x4d0/0x980
[  284.289415][ T7458]  ? __pfx_vfs_read+0x10/0x10
[  284.289465][ T7458]  ksys_read+0x145/0x250
[  284.289492][ T7458]  ? __pfx_ksys_read+0x10/0x10
[  284.289514][ T7458]  ? rcu_is_watching+0x15/0xb0
[  284.289552][ T7458]  ? do_syscall_64+0xbe/0x3b0
[  284.289576][ T7458]  do_syscall_64+0xfa/0x3b0
[  284.289597][ T7458]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  284.289618][ T7458]  ? asm_sysvec_reschedule_ipi+0x1a/0x20
[  284.289638][ T7458]  ? clear_bhb_loop+0x60/0xb0
[  284.289665][ T7458]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  284.289686][ T7458] RIP: 0033:0x7f8cdd78e929
[  284.289706][ T7458] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  284.289724][ T7458] RSP: 002b:00007f8cde69c038 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  284.289746][ T7458] RAX: ffffffffffffffda RBX: 00007f8cdd9b6160 RCX: 00007f8cdd78e929
[  284.289761][ T7458] RDX: 0000000000002024 RSI: 0000200000000ac0 RDI: 0000000000000005
[  284.289775][ T7458] RBP: 00007f8cde69c090 R08: 0000000000000000 R09: 0000000000000000
[  284.289788][ T7458] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  284.289800][ T7458] R13: 0000000000000000 R14: 00007f8cdd9b6160 R15: 00007fff824bcdb8
[  284.289834][ T7458]  </TASK>
[  284.564496][    T9] i2c i2c-1: ec100: i2c rd failed=-32 reg=33
[  284.939925][    T9] usb 3-1: USB disconnect, device number 8
[  285.754790][ T7474] netlink: 'syz.2.406': attribute type 1 has an invalid length.
[  286.117347][ T7479] netlink: 'syz.4.408': attribute type 10 has an invalid length.
[  286.431920][ T7479] bond0: (slave dummy0): Enslaving as an active interface with an up link
[  287.778352][   T10] usb 5-1: new high-speed USB device number 3 using dummy_hcd
[  288.535583][ T7496] netlink: 168 bytes leftover after parsing attributes in process `syz.0.412'.
[  288.690662][   T10] usb 5-1: device descriptor read/64, error -71
[  289.230666][   T10] usb 5-1: new high-speed USB device number 4 using dummy_hcd
[  289.245137][   T30] audit: type=1800 audit(1749819221.583:7): pid=7499 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz.3.414" name="bus" dev="overlay" ino=456 res=0 errno=0
[  290.021194][   T10] usb 5-1: device descriptor read/64, error -71
[  290.237111][   T10] usb usb5-port1: attempt power cycle
[  291.344092][ T7516] FAULT_INJECTION: forcing a failure.
[  291.344092][ T7516] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  291.861167][ T7516] CPU: 1 UID: 60929 PID: 7516 Comm: syz.3.420 Not tainted 6.16.0-rc1-syzkaller-00101-g27605c8c0f69 #0 PREEMPT(full) 
[  291.861204][ T7516] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  291.861217][ T7516] Call Trace:
[  291.861226][ T7516]  <TASK>
[  291.861235][ T7516]  dump_stack_lvl+0x189/0x250
[  291.861273][ T7516]  ? __pfx____ratelimit+0x10/0x10
[  291.861306][ T7516]  ? __pfx_dump_stack_lvl+0x10/0x10
[  291.861349][ T7516]  ? __pfx__printk+0x10/0x10
[  291.861371][ T7516]  ? __might_fault+0xb0/0x130
[  291.861410][ T7516]  should_fail_ex+0x414/0x560
[  291.861444][ T7516]  _copy_to_iter+0x1db/0x16f0
[  291.861479][ T7516]  ? __pfx___up_read+0x10/0x10
[  291.861508][ T7516]  ? __pfx__copy_to_iter+0x10/0x10
[  291.861540][ T7516]  ? traverse+0x53a/0x570
[  291.861577][ T7516]  seq_read_iter+0x2e4/0xe10
[  291.861624][ T7516]  vfs_read+0x4d0/0x980
[  291.861659][ T7516]  ? __pfx_vfs_read+0x10/0x10
[  291.861695][ T7516]  ? __fget_files+0x2a/0x420
[  291.861734][ T7516]  __x64_sys_pread64+0x193/0x220
[  291.861764][ T7516]  ? __pfx___x64_sys_pread64+0x10/0x10
[  291.861788][ T7516]  ? rcu_is_watching+0x15/0xb0
[  291.861825][ T7516]  ? do_syscall_64+0xbe/0x3b0
[  291.861850][ T7516]  do_syscall_64+0xfa/0x3b0
[  291.861871][ T7516]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  291.861891][ T7516]  ? asm_sysvec_reschedule_ipi+0x1a/0x20
[  291.861912][ T7516]  ? clear_bhb_loop+0x60/0xb0
[  291.861938][ T7516]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  291.861959][ T7516] RIP: 0033:0x7f22d278e929
[  291.861978][ T7516] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  291.861996][ T7516] RSP: 002b:00007f22d3681038 EFLAGS: 00000246 ORIG_RAX: 0000000000000011
[  291.862018][ T7516] RAX: ffffffffffffffda RBX: 00007f22d29b5fa0 RCX: 00007f22d278e929
[  291.862033][ T7516] RDX: 000000000000fecf RSI: 0000200000002240 RDI: 0000000000000003
[  291.862047][ T7516] RBP: 00007f22d3681090 R08: 0000000000000000 R09: 0000000000000000
[  291.862060][ T7516] R10: 00000000000004eb R11: 0000000000000246 R12: 0000000000000001
[  291.862072][ T7516] R13: 0000000000000000 R14: 00007f22d29b5fa0 R15: 00007ffe4e289a38
[  291.862105][ T7516]  </TASK>
[  293.223791][ T7526] syz.4.423: attempt to access beyond end of device
[  293.223791][ T7526] nbd4: rw=0, sector=0, nr_sectors = 1 limit=0
[  293.318636][ T7529] netlink: 8 bytes leftover after parsing attributes in process `syz.4.423'.
[  295.278482][ T7537] kthread_run failed with err -4
[  295.876759][ T7551] netlink: 1680 bytes leftover after parsing attributes in process `syz.1.430'.
[  296.001795][ T5897] usb 1-1: new high-speed USB device number 8 using dummy_hcd
[  296.180686][ T5897] usb 1-1: Using ep0 maxpacket: 8
[  296.211601][ T5897] usb 1-1: config 1 has an invalid descriptor of length 49, skipping remainder of the config
[  296.240461][ T5897] usb 1-1: config 1 has 2 interfaces, different from the descriptor's value: 3
[  296.258909][ T5897] usb 1-1: config 1 has no interface number 1
[  296.288196][ T5897] usb 1-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  296.308383][ T5897] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  296.319282][ T5897] usb 1-1: Product: syz
[  296.324709][ T5897] usb 1-1: Manufacturer: syz
[  296.329500][ T5897] usb 1-1: SerialNumber: syz
[  296.614938][   T30] audit: type=1326 audit(1749819229.063:8): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7565 comm="syz.3.432" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f22d278e929 code=0x7ffc0000
[  296.851936][   T30] audit: type=1326 audit(1749819229.063:9): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7565 comm="syz.3.432" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f22d278e929 code=0x7ffc0000
[  296.905611][   T30] audit: type=1326 audit(1749819229.083:10): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7565 comm="syz.3.432" exe="/root/syz-executor" sig=0 arch=c000003e syscall=84 compat=0 ip=0x7f22d278e929 code=0x7ffc0000
[  296.987436][   T30] audit: type=1326 audit(1749819229.083:11): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7565 comm="syz.3.432" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f22d278e929 code=0x7ffc0000
[  297.009172][ T5897] usb 1-1: 2:1 : no or invalid class specific endpoint descriptor
[  297.035877][ T5897] usb 1-1: 2:1 : sample bitwidth 54 in over sample bytes 4
[  297.065266][ T5897] usb 1-1: 2:1 : invalid UAC_FORMAT_TYPE desc
[  297.091121][   T30] audit: type=1326 audit(1749819229.083:12): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7565 comm="syz.3.432" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f22d278e929 code=0x7ffc0000
[  297.150694][   T30] audit: type=1326 audit(1749819229.083:13): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7565 comm="syz.3.432" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7f22d278e929 code=0x7ffc0000
[  297.229482][ T5897] usb 1-1: USB disconnect, device number 8
[  297.240113][   T30] audit: type=1326 audit(1749819229.083:14): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7565 comm="syz.3.432" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f22d278e929 code=0x7ffc0000
[  297.375334][   T30] audit: type=1326 audit(1749819229.083:15): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7565 comm="syz.3.432" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f22d278e929 code=0x7ffc0000
[  297.551209][   T30] audit: type=1326 audit(1749819229.083:16): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7565 comm="syz.3.432" exe="/root/syz-executor" sig=0 arch=c000003e syscall=203 compat=0 ip=0x7f22d278e929 code=0x7ffc0000
[  297.610627][   T30] audit: type=1326 audit(1749819229.083:17): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7565 comm="syz.3.432" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f22d278e929 code=0x7ffc0000
[  298.111076][    T9] usb 4-1: new high-speed USB device number 8 using dummy_hcd
[  298.743846][    T9] usb 4-1: config 0 has an invalid interface number: 1 but max is 0
[  298.767135][    T9] usb 4-1: config 0 has no interface number 0
[  298.781246][    T9] usb 4-1: New USB device found, idVendor=18b4, idProduct=fffb, bcdDevice=dc.7b
[  298.796603][    T9] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  298.808471][    T9] usb 4-1: Product: syz
[  298.826297][    T9] usb 4-1: Manufacturer: syz
[  298.891288][    T9] usb 4-1: SerialNumber: syz
[  298.920179][    T9] usb 4-1: config 0 descriptor??
[  298.978382][ T7598] syz_tun: entered allmulticast mode
[  299.133305][ T7598] syz.2.437: attempt to access beyond end of device
[  299.133305][ T7598] nbd2: rw=0, sector=0, nr_sectors = 1 limit=0
[  299.190803][    T9] usb 4-1: dvb_usb_v2: found a 'E3C EC168 reference design' in warm state
[  299.208130][    T9] usb 4-1: dvb_usb_v2: will pass the complete MPEG2 transport stream to the software demuxer
[  299.240890][    T9] dvbdev: DVB: registering new adapter (E3C EC168 reference design)
[  299.241670][ T7601] netlink: 8 bytes leftover after parsing attributes in process `syz.2.437'.
[  299.248979][    T9] usb 4-1: media controller created
[  299.372146][ T7596] syz_tun: left allmulticast mode
[  299.382631][    T9] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  299.762651][    T9] i2c i2c-1: ec100: i2c rd failed=-71 reg=33
[  300.679173][    T9] usb 4-1: USB disconnect, device number 8
[  301.475303][ T7634] 9pnet_fd: Insufficient options for proto=fd
[  302.530656][ T5938] usb 4-1: new high-speed USB device number 9 using dummy_hcd
[  302.740874][ T5938] usb 4-1: Using ep0 maxpacket: 8
[  302.798313][ T5938] usb 4-1: config 1 has an invalid descriptor of length 49, skipping remainder of the config
[  302.855302][ T5938] usb 4-1: config 1 has 2 interfaces, different from the descriptor's value: 3
[  302.871458][ T5938] usb 4-1: config 1 has no interface number 1
[  302.884930][ T5938] usb 4-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  302.897813][ T5938] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  302.928548][ T5938] usb 4-1: Product: syz
[  302.944715][ T5938] usb 4-1: Manufacturer: syz
[  302.974130][ T5938] usb 4-1: SerialNumber: syz
[  304.013597][ T5938] usb 4-1: 2:1 : no or invalid class specific endpoint descriptor
[  304.022357][ T5938] usb 4-1: 2:1 : sample bitwidth 54 in over sample bytes 4
[  304.029613][ T5938] usb 4-1: 2:1 : invalid UAC_FORMAT_TYPE desc
[  304.204352][ T5883] libceph: connect (1)[c::]:6789 error -101
[  304.687974][ T5883] libceph: mon0 (1)[c::]:6789 connect error
[  304.694231][ T7653] ceph: No mds server is up or the cluster is laggy
[  304.770936][ T5938] usb 4-1: USB disconnect, device number 9
[  304.979946][ T6476] udevd[6476]: error opening ATTR{/sys/devices/platform/dummy_hcd.3/usb4/4-1/4-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  305.618941][ T7674] 9pnet_fd: Insufficient options for proto=fd
[  311.751994][ T7725] netlink: 'syz.1.461': attribute type 20 has an invalid length.
[  316.591448][ T7783] FAULT_INJECTION: forcing a failure.
[  316.591448][ T7783] name failslab, interval 1, probability 0, space 0, times 0
[  316.669658][ T7783] CPU: 0 UID: 0 PID: 7783 Comm: syz.1.472 Not tainted 6.16.0-rc1-syzkaller-00101-g27605c8c0f69 #0 PREEMPT(full) 
[  316.669684][ T7783] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  316.669704][ T7783] Call Trace:
[  316.669711][ T7783]  <TASK>
[  316.669719][ T7783]  dump_stack_lvl+0x189/0x250
[  316.669747][ T7783]  ? __pfx____ratelimit+0x10/0x10
[  316.669769][ T7783]  ? __pfx_dump_stack_lvl+0x10/0x10
[  316.669791][ T7783]  ? __pfx__printk+0x10/0x10
[  316.669808][ T7783]  ? __pfx___might_resched+0x10/0x10
[  316.669830][ T7783]  ? fs_reclaim_acquire+0x7d/0x100
[  316.669855][ T7783]  should_fail_ex+0x414/0x560
[  316.669878][ T7783]  should_failslab+0xa8/0x100
[  316.669899][ T7783]  __kmalloc_cache_noprof+0x70/0x3d0
[  316.669917][ T7783]  ? iopt_area_add_access+0x1ec/0x420
[  316.669936][ T7783]  iopt_area_add_access+0x1ec/0x420
[  316.669957][ T7783]  iommufd_access_pin_pages+0x6b1/0xc00
[  316.669986][ T7783]  ? __pfx_iommufd_access_pin_pages+0x10/0x10
[  316.670013][ T7783]  iommufd_test+0x3ce3/0x5170
[  316.670041][ T7783]  ? __pfx_iommufd_test+0x10/0x10
[  316.670061][ T7783]  ? __lock_acquire+0xab9/0xd20
[  316.670089][ T7783]  ? __might_fault+0xb0/0x130
[  316.670125][ T7783]  iommufd_fops_ioctl+0x449/0x520
[  316.670150][ T7783]  ? __pfx_iommufd_fops_ioctl+0x10/0x10
[  316.670183][ T7783]  ? __fget_files+0x3a0/0x420
[  316.670202][ T7783]  ? __fget_files+0x2a/0x420
[  316.670224][ T7783]  ? bpf_lsm_file_ioctl+0x9/0x20
[  316.670245][ T7783]  ? __pfx_iommufd_fops_ioctl+0x10/0x10
[  316.670268][ T7783]  __se_sys_ioctl+0xfc/0x170
[  316.670286][ T7783]  do_syscall_64+0xfa/0x3b0
[  316.670305][ T7783]  ? lockdep_hardirqs_on+0x9c/0x150
[  316.670328][ T7783]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  316.670343][ T7783]  ? clear_bhb_loop+0x60/0xb0
[  316.670361][ T7783]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  316.670375][ T7783] RIP: 0033:0x7fe48af8e929
[  316.670389][ T7783] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  316.670401][ T7783] RSP: 002b:00007fe48beb7038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  316.670417][ T7783] RAX: ffffffffffffffda RBX: 00007fe48b1b5fa0 RCX: 00007fe48af8e929
[  316.670428][ T7783] RDX: 0000200000000400 RSI: 0000000000003ba0 RDI: 0000000000000003
[  316.670438][ T7783] RBP: 00007fe48beb7090 R08: 0000000000000000 R09: 0000000000000000
[  316.670447][ T7783] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  316.670455][ T7783] R13: 0000000000000000 R14: 00007fe48b1b5fa0 R15: 00007ffe6f5fc8c8
[  316.670478][ T7783]  </TASK>
[  316.937412][ T7778] IPVS: set_ctl: invalid protocol: 136 10.1.1.2:20004
[  319.001497][ T7809] overlayfs: failed to resolve './file1': -2
[  321.674104][ T7820] kthread_run failed with err -4
[  322.726338][ T1303] ieee802154 phy0 wpan0: encryption failed: -22
[  322.783217][ T1303] ieee802154 phy1 wpan1: encryption failed: -22
[  329.489263][ T7856] Bluetooth: MGMT ver 1.23
[  331.223819][ T7875] tmpfs: Bad value for 'grpquota_inode_hardlimit'
[  331.235677][ T7876] sg_write: data in/out 124/1 bytes for SCSI command 0x1c-- guessing data in;
[  331.235677][ T7876]    program syz.0.492 not setting count and/or reply_len properly
[  331.939504][ T7882] atomic_op ffff88806d5d2198 conn xmit_atomic 0000000000000000
[  332.256049][ T7872] vcan4: entered promiscuous mode
[  333.095091][ T7887] vcan5: entered promiscuous mode
[  334.254123][ T7903] 9pnet_fd: Insufficient options for proto=fd
[  335.414961][ T7907] lo speed is unknown, defaulting to 1000
[  335.770622][   T10] usb 5-1: new full-speed USB device number 6 using dummy_hcd
[  336.097549][   T10] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10
[  336.337752][   T10] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x3 has invalid wMaxPacketSize 0
[  336.582227][   T10] usb 5-1: New USB device found, idVendor=0525, idProduct=a4a5, bcdDevice= 0.40
[  336.601408][   T10] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1
[  336.609475][   T10] usb 5-1: SerialNumber: syz
[  336.659164][   T10] cdc_ether 5-1:1.0: probe with driver cdc_ether failed with error -22
[  336.695046][   T10] usb-storage 5-1:1.0: USB Mass Storage device detected
[  336.755028][   T10] usb-storage 5-1:1.0: Quirks match for vid 0525 pid a4a5: 10000
[  336.802802][   T10] scsi host1: usb-storage 5-1:1.0
[  341.151115][   T24] usb 5-1: USB disconnect, device number 6
[  341.279350][ T7946] syz_tun: entered allmulticast mode
[  341.288373][ T7946] syz.0.507: attempt to access beyond end of device
[  341.288373][ T7946] nbd0: rw=0, sector=0, nr_sectors = 1 limit=0
[  341.551053][ T7952] netlink: 168 bytes leftover after parsing attributes in process `syz.4.508'.
[  342.143877][ T7948] syz_tun: left allmulticast mode
[  342.306335][ T7956] netlink: 168 bytes leftover after parsing attributes in process `syz.1.509'.
[  343.611423][ T7970] sg_write: data in/out 124/1 bytes for SCSI command 0x1c-- guessing data in;
[  343.611423][ T7970]    program syz.4.514 not setting count and/or reply_len properly
[  343.618846][ T7958] tmpfs: Bad value for 'grpquota_inode_hardlimit'
[  344.272468][ T7969] vcan1: entered promiscuous mode
[  344.532809][ T7976] netlink: 168 bytes leftover after parsing attributes in process `syz.1.515'.
[  345.531387][ T7981] FAULT_INJECTION: forcing a failure.
[  345.531387][ T7981] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  345.587487][ T7981] CPU: 0 UID: 0 PID: 7981 Comm: syz.4.517 Not tainted 6.16.0-rc1-syzkaller-00101-g27605c8c0f69 #0 PREEMPT(full) 
[  345.587519][ T7981] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  345.587532][ T7981] Call Trace:
[  345.587540][ T7981]  <TASK>
[  345.587548][ T7981]  dump_stack_lvl+0x189/0x250
[  345.587586][ T7981]  ? __pfx____ratelimit+0x10/0x10
[  345.587618][ T7981]  ? __pfx_dump_stack_lvl+0x10/0x10
[  345.587649][ T7981]  ? __pfx__printk+0x10/0x10
[  345.587670][ T7981]  ? __might_fault+0xb0/0x130
[  345.587706][ T7981]  should_fail_ex+0x414/0x560
[  345.587738][ T7981]  _copy_from_user+0x2d/0xb0
[  345.587760][ T7981]  __sys_bpf+0x1ed/0x860
[  345.587789][ T7981]  ? __pfx___sys_bpf+0x10/0x10
[  345.587830][ T7981]  ? ksys_write+0x22a/0x250
[  345.587856][ T7981]  ? __pfx_ksys_write+0x10/0x10
[  345.587877][ T7981]  ? rcu_is_watching+0x15/0xb0
[  345.587915][ T7981]  __x64_sys_bpf+0x7c/0x90
[  345.587939][ T7981]  do_syscall_64+0xfa/0x3b0
[  345.587957][ T7981]  ? lockdep_hardirqs_on+0x9c/0x150
[  345.588005][ T7981]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  345.588027][ T7981]  ? clear_bhb_loop+0x60/0xb0
[  345.588053][ T7981]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  345.588073][ T7981] RIP: 0033:0x7f1f05f8e929
[  345.588091][ T7981] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  345.588109][ T7981] RSP: 002b:00007f1f06e79038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[  345.588130][ T7981] RAX: ffffffffffffffda RBX: 00007f1f061b5fa0 RCX: 00007f1f05f8e929
[  345.588154][ T7981] RDX: 0000000000000048 RSI: 0000200000000600 RDI: 000000000000000a
[  345.588167][ T7981] RBP: 00007f1f06e79090 R08: 0000000000000000 R09: 0000000000000000
[  345.588179][ T7981] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  345.588190][ T7981] R13: 0000000000000000 R14: 00007f1f061b5fa0 R15: 00007ffee095e7d8
[  345.588221][ T7981]  </TASK>
[  348.163989][ T8001] netlink: 52 bytes leftover after parsing attributes in process `syz.4.520'.
[  348.360532][ T8004] sg_write: data in/out 124/1 bytes for SCSI command 0x1c-- guessing data in;
[  348.360532][ T8004]    program syz.3.522 not setting count and/or reply_len properly
[  348.979636][ T8003] vcan4: entered promiscuous mode
[  349.055878][ T8006] netlink: 16 bytes leftover after parsing attributes in process `syz.2.523'.
[  349.124446][ T8006] ip6gretap0: entered promiscuous mode
[  349.153178][ T8006] ip6gretap0: left promiscuous mode
[  350.030827][   T51] Bluetooth: hci4: command 0x0406 tx timeout
[  350.362223][ T5883] usb 1-1: new high-speed USB device number 9 using dummy_hcd
[  351.133663][ T8023] bond0: entered promiscuous mode
[  351.343171][ T5883] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  351.357047][ T8023] bond_slave_0: entered promiscuous mode
[  351.379511][ T8023] bond_slave_1: entered promiscuous mode
[  353.666189][ T5883] usb 1-1: New USB device found, idVendor=0471, idProduct=0304, bcdDevice=e4.df
[  355.116074][ T5883] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  355.470971][ T5883] usb 1-1: config 0 descriptor??
[  355.551967][ T5883] usb 1-1: can't set config #0, error -71
[  355.630782][ T5883] usb 1-1: USB disconnect, device number 9
[  356.751040][ T8040] IPVS: set_ctl: invalid protocol: 136 10.1.1.2:20004
[  357.584617][ T8054] IPVS: set_ctl: invalid protocol: 136 10.1.1.2:20004
[  357.594707][ T8057] sg_write: data in/out 124/1 bytes for SCSI command 0x1c-- guessing data in;
[  357.594707][ T8057]    program syz.3.536 not setting count and/or reply_len properly
[  358.064051][ T8057] vcan5: entered promiscuous mode
[  358.349691][ T8062] tmpfs: Bad value for 'grpquota_inode_hardlimit'
[  358.830692][   T30] kauditd_printk_skb: 15 callbacks suppressed
[  358.830711][   T30] audit: type=1326 audit(1749819291.273:33): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8067 comm="syz.2.540" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f391d78e929 code=0x7ffc0000
[  358.928729][ T8072] loop8: detected capacity change from 0 to 1
[  358.998234][ T8072] Dev loop8: unable to read RDB block 1
[  359.027748][ T8072]  loop8: unable to read partition table
[  359.038085][ T8072] loop8: partition table beyond EOD, truncated
[  359.054573][ T8072] loop_reread_partitions: partition scan of loop8 (�被x�^>�� �) failed (rc=-5)
[  359.087856][   T30] audit: type=1326 audit(1749819291.283:34): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8067 comm="syz.2.540" exe="/root/syz-executor" sig=0 arch=c000003e syscall=107 compat=0 ip=0x7f391d78e929 code=0x7ffc0000
[  359.109951][   T30] audit: type=1326 audit(1749819291.283:35): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8067 comm="syz.2.540" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f391d78e929 code=0x7ffc0000
[  359.131571][   T30] audit: type=1326 audit(1749819291.283:36): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8067 comm="syz.2.540" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f391d78d290 code=0x7ffc0000
[  359.160353][   T30] audit: type=1326 audit(1749819291.283:37): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8067 comm="syz.2.540" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f391d78e929 code=0x7ffc0000
[  359.193017][   T30] audit: type=1326 audit(1749819291.283:38): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8067 comm="syz.2.540" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f391d78e929 code=0x7ffc0000
[  359.215624][ T8069] atomic_op ffff88804da02998 conn xmit_atomic 0000000000000000
[  359.655469][   T30] audit: type=1326 audit(1749819291.283:39): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8067 comm="syz.2.540" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f391d78e929 code=0x7ffc0000
[  359.681868][   T30] audit: type=1326 audit(1749819291.283:40): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8067 comm="syz.2.540" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f391d78e929 code=0x7ffc0000
[  359.773908][   T30] audit: type=1326 audit(1749819291.283:41): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8067 comm="syz.2.540" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f391d78e929 code=0x7ffc0000
[  359.880159][   T30] audit: type=1326 audit(1749819291.283:42): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8067 comm="syz.2.540" exe="/root/syz-executor" sig=0 arch=c000003e syscall=300 compat=0 ip=0x7f391d78e929 code=0x7ffc0000
[  363.018711][ T8104] netlink: 76 bytes leftover after parsing attributes in process `syz.1.548'.
[  366.177587][ T8139] syz.4.558 calls setitimer() with new_value NULL pointer. Misfeature support will be removed
[  369.006393][ T8183] 9pnet_fd: Insufficient options for proto=fd
[  370.612625][ T8189] lo: entered allmulticast mode
[  370.625413][ T8189] syz.3.577: attempt to access beyond end of device
[  370.625413][ T8189] nbd3: rw=0, sector=0, nr_sectors = 1 limit=0
[  371.564018][ T8189] lo: left allmulticast mode
[  373.084920][ T8211] netlink: 168 bytes leftover after parsing attributes in process `syz.2.581'.
[  374.697022][ T8219] netlink: 8 bytes leftover after parsing attributes in process `syz.2.583'.
[  376.694999][ T8236] 9pnet_fd: Insufficient options for proto=fd
[  378.094083][ T8244] syz.4.591: attempt to access beyond end of device
[  378.094083][ T8244] nbd4: rw=0, sector=0, nr_sectors = 1 limit=0
[  378.264367][ T8251] atomic_op ffff88802a298198 conn xmit_atomic 0000000000000000
[  378.598887][ T8253] sg_write: data in/out 124/1 bytes for SCSI command 0x1c-- guessing data in;
[  378.598887][ T8253]    program syz.0.593 not setting count and/or reply_len properly
[  378.702598][ T8253] vcan6: entered promiscuous mode
[  380.233665][ T8260] IPVS: set_ctl: invalid protocol: 136 10.1.1.2:20004
[  380.738067][ T8275] netlink: 12 bytes leftover after parsing attributes in process `syz.0.600'.
[  381.761239][ T8282] netlink: 168 bytes leftover after parsing attributes in process `syz.0.602'.
[  382.266864][ T8292] 9pnet_fd: Insufficient options for proto=fd
[  383.808610][ T8298] atomic_op ffff888077592998 conn xmit_atomic 0000000000000000
[  383.971165][ T1303] ieee802154 phy0 wpan0: encryption failed: -22
[  383.980789][ T1303] ieee802154 phy1 wpan1: encryption failed: -22
[  384.091691][ T8301] syz_tun: entered allmulticast mode
[  384.101662][ T8301] netlink: 8 bytes leftover after parsing attributes in process `syz.2.608'.
[  384.258231][ T8301] syz_tun: left allmulticast mode
[  384.379375][ T8306] sg_write: data in/out 124/1 bytes for SCSI command 0x1c-- guessing data in;
[  384.379375][ T8306]    program syz.1.609 not setting count and/or reply_len properly
[  384.961757][ T8306] vcan5: entered promiscuous mode
[  387.047997][ T8325] No control pipe specified
[  387.056616][ T8319] IPVS: set_ctl: invalid protocol: 136 10.1.1.2:20004
[  388.184120][ T8333] netlink: 12 bytes leftover after parsing attributes in process `syz.2.615'.
[  389.704285][ T8350] atomic_op ffff888059718198 conn xmit_atomic 0000000000000000
[  390.253940][ T8358] syz_tun: entered allmulticast mode
[  390.603276][ T8358] netlink: 8 bytes leftover after parsing attributes in process `syz.0.621'.
[  390.773592][ T8358] syz_tun: left allmulticast mode
[  392.247644][ T8377] No control pipe specified
[  394.996742][ T8391] IPVS: set_ctl: invalid protocol: 136 10.1.1.2:20004
[  397.103856][ T8411] atomic_op ffff888025fc2198 conn xmit_atomic 0000000000000000
[  398.700340][ T8422] syz_tun: entered allmulticast mode
[  398.731763][ T8422] netlink: 8 bytes leftover after parsing attributes in process `syz.2.637'.
[  398.763370][ T8423] netlink: 12 bytes leftover after parsing attributes in process `syz.3.636'.
[  398.798862][ T8422] syz_tun: left allmulticast mode
[  399.031193][ T8431] cgroup2: Unknown parameter 'trans'
[  399.333424][ T8434] No control pipe specified
[  402.020021][ T8447] IPVS: set_ctl: invalid protocol: 136 10.1.1.2:20004
[  402.932468][ T8466] vcan0: entered promiscuous mode
[  403.825839][ T8480] syz_tun: entered allmulticast mode
[  403.895367][ T8480] syz.1.650: attempt to access beyond end of device
[  403.895367][ T8480] nbd1: rw=0, sector=0, nr_sectors = 1 limit=0
[  404.120786][ T8486] netlink: 8 bytes leftover after parsing attributes in process `syz.1.650'.
[  405.015155][ T8486] syz_tun: left allmulticast mode
[  405.296648][ T8495] No control pipe specified
[  405.528108][ T8491] atomic_op ffff88804da05198 conn xmit_atomic 0000000000000000
[  408.528839][ T8519] sg_write: data in/out 124/1 bytes for SCSI command 0x1c-- guessing data in;
[  408.528839][ T8519]    program syz.2.660 not setting count and/or reply_len properly
[  408.980234][ T8520] vcan3: entered promiscuous mode
[  411.190432][ T8534] cgroup2: Unknown parameter 'trans'
[  413.032016][ T8551] syz_tun: entered allmulticast mode
[  413.061012][ T8551] syz.1.668: attempt to access beyond end of device
[  413.061012][ T8551] nbd1: rw=0, sector=0, nr_sectors = 1 limit=0
[  413.145504][ T8551] netlink: 8 bytes leftover after parsing attributes in process `syz.1.668'.
[  413.183480][ T8551] syz_tun: left allmulticast mode
[  413.702915][ T8560] netlink: 76 bytes leftover after parsing attributes in process `syz.1.671'.
[  414.600674][ T5938] usb 1-1: new high-speed USB device number 10 using dummy_hcd
[  416.647921][ T5938] usb 1-1: config 0 has an invalid interface number: 1 but max is 0
[  416.841501][ T5938] usb 1-1: config 0 has no interface number 0
[  416.869901][ T5938] usb 1-1: New USB device found, idVendor=18b4, idProduct=fffb, bcdDevice=dc.7b
[  416.884017][ T8586] 9pnet_fd: Insufficient options for proto=fd
[  416.902604][ T5938] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  416.934467][ T5938] usb 1-1: Product: syz
[  417.040911][ T5938] usb 1-1: Manufacturer: syz
[  417.045595][ T5938] usb 1-1: SerialNumber: syz
[  417.233128][ T5938] usb 1-1: config 0 descriptor??
[  417.346903][ T8595] overlayfs: failed to resolve './file0': -2
[  417.365951][ T8595] No control pipe specified
[  418.234205][ T5938] dvb_usb_ec168 1-1:0.1: probe with driver dvb_usb_ec168 failed with error -71
[  419.713522][ T5938] usb 1-1: USB disconnect, device number 10
[  423.581601][ T8638] netlink: 76 bytes leftover after parsing attributes in process `syz.4.689'.
[  424.944914][ T5938] usb 5-1: new high-speed USB device number 7 using dummy_hcd
[  425.152722][ T5938] usb 5-1: config 0 has an invalid interface number: 1 but max is 0
[  425.192313][ T5938] usb 5-1: config 0 has no interface number 0
[  425.209499][ T5938] usb 5-1: New USB device found, idVendor=18b4, idProduct=fffb, bcdDevice=dc.7b
[  425.258020][ T5938] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  425.284611][ T5938] usb 5-1: Product: syz
[  425.297104][ T5938] usb 5-1: Manufacturer: syz
[  425.309588][ T5938] usb 5-1: SerialNumber: syz
[  425.332827][ T5938] usb 5-1: config 0 descriptor??
[  425.570101][ T5938] usb 5-1: dvb_usb_v2: found a 'E3C EC168 reference design' in warm state
[  425.586143][ T5938] usb 5-1: dvb_usb_v2: will pass the complete MPEG2 transport stream to the software demuxer
[  425.693548][ T5938] dvbdev: DVB: registering new adapter (E3C EC168 reference design)
[  425.701919][ T5938] usb 5-1: media controller created
[  425.729795][ T5938] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  427.030303][ T5938] i2c i2c-1: ec100: i2c rd failed=-32 reg=33
[  427.581069][ T5938] usb 5-1: USB disconnect, device number 7
[  428.358532][ T8684] netlink: 76 bytes leftover after parsing attributes in process `syz.2.701'.
[  429.828199][ T8702] sg_write: data in/out 124/1 bytes for SCSI command 0x1c-- guessing data in;
[  429.828199][ T8702]    program syz.2.705 not setting count and/or reply_len properly
[  431.126940][ T8702] vcan4: entered promiscuous mode
[  431.695761][ T8708] vcan6: entered promiscuous mode
[  432.294263][ T8715] atomic_op ffff888027d32198 conn xmit_atomic 0000000000000000
[  432.532416][ T5904] usb 2-1: new high-speed USB device number 11 using dummy_hcd
[  432.736379][ T5904] usb 2-1: config 0 has an invalid interface number: 1 but max is 0
[  432.830731][ T5904] usb 2-1: config 0 has no interface number 0
[  432.851678][ T5904] usb 2-1: New USB device found, idVendor=18b4, idProduct=fffb, bcdDevice=dc.7b
[  432.916048][ T5904] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  432.981218][ T8728] IPVS: set_ctl: invalid protocol: 136 10.1.1.2:20004
[  433.065992][ T5904] usb 2-1: Product: syz
[  433.070255][ T5904] usb 2-1: Manufacturer: syz
[  433.075413][ T5904] usb 2-1: SerialNumber: syz
[  433.099313][ T5904] usb 2-1: config 0 descriptor??
[  433.531340][ T5904] usb 2-1: dvb_usb_v2: found a 'E3C EC168 reference design' in warm state
[  433.548207][ T5904] usb 2-1: dvb_usb_v2: will pass the complete MPEG2 transport stream to the software demuxer
[  433.548433][ T5904] dvbdev: DVB: registering new adapter (E3C EC168 reference design)
[  433.548467][ T5904] usb 2-1: media controller created
[  433.565899][ T5904] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  434.208282][ T5938] usb 2-1: USB disconnect, device number 11
[  439.474259][ T8758] vcan2: entered promiscuous mode
[  440.847793][ T8776] IPVS: set_ctl: invalid protocol: 136 10.1.1.2:20004
[  441.253698][ T8785] sg_write: data in/out 124/1 bytes for SCSI command 0x1c-- guessing data in;
[  441.253698][ T8785]    program syz.1.725 not setting count and/or reply_len properly
[  441.730838][ T8795] atomic_op ffff888025fc2998 conn xmit_atomic 0000000000000000
[  442.049380][ T5897] usb 5-1: new high-speed USB device number 8 using dummy_hcd
[  442.148003][ T8787] vcan6: entered promiscuous mode
[  442.224260][ T5897] usb 5-1: config 0 has an invalid interface number: 1 but max is 0
[  442.234214][ T5897] usb 5-1: config 0 has no interface number 0
[  442.243433][ T5897] usb 5-1: New USB device found, idVendor=18b4, idProduct=fffb, bcdDevice=dc.7b
[  442.266778][ T5897] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  442.307285][ T5897] usb 5-1: Product: syz
[  442.320719][ T5897] usb 5-1: Manufacturer: syz
[  442.325367][ T5897] usb 5-1: SerialNumber: syz
[  442.364614][ T5897] usb 5-1: config 0 descriptor??
[  442.586469][ T5897] usb 5-1: dvb_usb_v2: found a 'E3C EC168 reference design' in warm state
[  442.612268][ T5897] usb 5-1: dvb_usb_v2: will pass the complete MPEG2 transport stream to the software demuxer
[  442.670640][ T5897] dvbdev: DVB: registering new adapter (E3C EC168 reference design)
[  442.684262][ T5897] usb 5-1: media controller created
[  442.730096][ T5897] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  443.039937][ T5897] i2c i2c-1: ec100: i2c rd failed=-32 reg=33
[  443.117223][ T8802] lo: entered allmulticast mode
[  443.147753][ T8802] syz.3.730: attempt to access beyond end of device
[  443.147753][ T8802] nbd3: rw=0, sector=0, nr_sectors = 1 limit=0
[  443.172633][ T5897] usb 5-1: USB disconnect, device number 8
[  443.221162][ T8802] netlink: 8 bytes leftover after parsing attributes in process `syz.3.730'.
[  443.298185][ T8805] lo: left allmulticast mode
[  444.825360][ T8818] vcan7: entered promiscuous mode
[  445.493255][ T1303] ieee802154 phy0 wpan0: encryption failed: -22
[  445.501349][ T1303] ieee802154 phy1 wpan1: encryption failed: -22
[  446.710523][ T8832] IPVS: set_ctl: invalid protocol: 136 10.1.1.2:20004
[  448.081914][ T8853] sg_write: data in/out 124/1 bytes for SCSI command 0x1c-- guessing data in;
[  448.081914][ T8853]    program syz.4.743 not setting count and/or reply_len properly
[  448.545508][ T8853] vcan3: entered promiscuous mode
[  448.610815][ T8855] syz_tun: entered allmulticast mode
[  448.619587][ T8855] netlink: 8 bytes leftover after parsing attributes in process `syz.2.742'.
[  448.722579][ T8855] syz_tun: left allmulticast mode
[  449.157716][ T8862] sg_write: data in/out 124/1 bytes for SCSI command 0x1c-- guessing data in;
[  449.157716][ T8862]    program syz.3.746 not setting count and/or reply_len properly
[  449.199724][   T24] usb 3-1: new high-speed USB device number 9 using dummy_hcd
[  450.321898][   T24] usb 3-1: config 0 has an invalid interface number: 1 but max is 0
[  450.329972][   T24] usb 3-1: config 0 has no interface number 0
[  450.352962][   T24] usb 3-1: New USB device found, idVendor=18b4, idProduct=fffb, bcdDevice=dc.7b
[  450.377294][   T24] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  450.405054][ T8862] vcan8: entered promiscuous mode
[  450.410265][   T24] usb 3-1: Product: syz
[  450.420819][   T24] usb 3-1: Manufacturer: syz
[  450.425475][   T24] usb 3-1: SerialNumber: syz
[  450.501980][   T24] usb 3-1: config 0 descriptor??
[  450.541226][ T8875] atomic_op ffff88802b69b198 conn xmit_atomic 0000000000000000
[  450.550811][ T8876] sg_write: data in/out 124/1 bytes for SCSI command 0x1c-- guessing data in;
[  450.550811][ T8876]    program syz.0.748 not setting count and/or reply_len properly
[  450.852096][   T24] usb 3-1: dvb_usb_v2: found a 'E3C EC168 reference design' in warm state
[  450.863486][   T24] usb 3-1: dvb_usb_v2: will pass the complete MPEG2 transport stream to the software demuxer
[  450.877768][   T24] dvbdev: DVB: registering new adapter (E3C EC168 reference design)
[  450.886117][   T24] usb 3-1: media controller created
[  450.945827][   T24] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  451.007661][ T8879] netlink: 168 bytes leftover after parsing attributes in process `syz.3.749'.
[  451.161701][ T8876] vcan7: entered promiscuous mode
[  451.181487][   T24] i2c i2c-1: ec100: i2c rd failed=-32 reg=33
[  451.308881][   T24] usb 3-1: USB disconnect, device number 9
[  452.187018][ T8890] IPVS: set_ctl: invalid protocol: 136 10.1.1.2:20004
[  453.058555][ T8896] syz_tun: entered allmulticast mode
[  453.067988][ T8896] netlink: 8 bytes leftover after parsing attributes in process `syz.2.755'.
[  453.207564][ T8896] syz_tun: left allmulticast mode
[  454.469697][    T9] usb 5-1: new high-speed USB device number 9 using dummy_hcd
[  454.731071][    T9] usb 5-1: config 0 has an invalid interface number: 1 but max is 0
[  454.739151][    T9] usb 5-1: config 0 has no interface number 0
[  454.756208][    T9] usb 5-1: New USB device found, idVendor=18b4, idProduct=fffb, bcdDevice=dc.7b
[  454.831019][    T9] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  454.839122][    T9] usb 5-1: Product: syz
[  454.860279][    T9] usb 5-1: Manufacturer: syz
[  455.038607][    T9] usb 5-1: SerialNumber: syz
[  455.723069][ T8921] sg_write: data in/out 124/1 bytes for SCSI command 0x1c-- guessing data in;
[  455.723069][ T8921]    program syz.2.760 not setting count and/or reply_len properly
[  455.752129][    T9] usb 5-1: config 0 descriptor??
[  455.970327][    T9] usb 5-1: dvb_usb_v2: found a 'E3C EC168 reference design' in warm state
[  456.349963][ T8926] netlink: 168 bytes leftover after parsing attributes in process `syz.3.761'.
[  456.350645][    T9] usb 5-1: dvb_usb_v2: will pass the complete MPEG2 transport stream to the software demuxer
[  456.370719][    T9] dvbdev: DVB: registering new adapter (E3C EC168 reference design)
[  456.379858][    T9] usb 5-1: media controller created
[  456.445541][    T9] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  456.593959][ T8922] vcan5: entered promiscuous mode
[  456.862465][    T9] i2c i2c-1: ec100: i2c rd failed=-32 reg=33
[  456.904841][    T9] usb 5-1: USB disconnect, device number 9
[  457.023349][ T8931] No control pipe specified
[  458.019800][ T8937] 9pnet_fd: Insufficient options for proto=fd
[  466.179517][ T8965] IPVS: set_ctl: invalid protocol: 136 10.1.1.2:20004
[  466.505420][ T8975] sg_write: data in/out 124/1 bytes for SCSI command 0x1c-- guessing data in;
[  466.505420][ T8975]    program syz.4.774 not setting count and/or reply_len properly
[  466.537552][ T8975] vcan4: entered promiscuous mode
[  467.802730][ T8989] No control pipe specified
[  468.127509][ T8995] 9pnet_fd: Insufficient options for proto=fd
[  468.157494][ T8996] atomic_op ffff888079613198 conn xmit_atomic 0000000000000000
[  471.996375][ T9031] lo: entered allmulticast mode
[  472.019366][ T9031] netlink: 8 bytes leftover after parsing attributes in process `syz.3.788'.
[  472.106410][ T9027] IPVS: set_ctl: invalid protocol: 136 10.1.1.2:20004
[  472.427858][ T9031] lo: left allmulticast mode
[  475.203351][ T9057] 9pnet_fd: Insufficient options for proto=fd
[  476.816302][ T9073] sg_write: data in/out 124/1 bytes for SCSI command 0x1c-- guessing data in;
[  476.816302][ T9073]    program syz.1.798 not setting count and/or reply_len properly
[  476.865220][ T9073] vcan7: entered promiscuous mode
[  478.209673][ T9094] IPVS: set_ctl: invalid protocol: 136 10.1.1.2:20004
[  480.599465][ T9113] atomic_op ffff88807e35a998 conn xmit_atomic 0000000000000000
[  483.320187][ T9131] cgroup2: Unknown parameter 'trans'
[  483.955322][ T9143] overlayfs: failed to resolve './file1': -2
[  483.971133][ T9143] No control pipe specified
[  486.093703][ T9158] sg_write: data in/out 124/1 bytes for SCSI command 0x1c-- guessing data in;
[  486.093703][ T9158]    program syz.4.821 not setting count and/or reply_len properly
[  486.128229][ T9158] vcan5: entered promiscuous mode
[  490.658468][ T9189] overlayfs: failed to resolve './file1': -2
[  490.755611][ T9194] No control pipe specified
[  499.795560][ T9248] No control pipe specified
[  506.835292][ T1303] ieee802154 phy0 wpan0: encryption failed: -22
[  506.842033][ T1303] ieee802154 phy1 wpan1: encryption failed: -22
[  507.805390][ T5978] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  507.841915][   T51] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[  507.851503][   T51] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[  507.862105][   T51] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[  507.871991][   T51] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[  507.883516][   T51] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[  507.930370][ T5978] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  508.124737][ T9299] lo speed is unknown, defaulting to 1000
[  509.009884][ T5978] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  509.954611][   T51] Bluetooth: hci3: command tx timeout
[  510.331714][ T5978] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  510.390917][ T9313] netlink: 76 bytes leftover after parsing attributes in process `syz.4.861'.
[  511.002608][ T9326] overlayfs: failed to resolve './file1': -2
[  511.100701][ T9327] No control pipe specified
[  512.055858][   T51] Bluetooth: hci3: command tx timeout
[  512.433932][ T9339] 9pnet_fd: Insufficient options for proto=fd
[  514.180545][   T51] Bluetooth: hci3: command tx timeout
[  514.250237][ T9299] chnl_net:caif_netlink_parms(): no params data found
[  515.037270][ T5978] bridge_slave_1: left allmulticast mode
[  515.046080][ T5978] bridge_slave_1: left promiscuous mode
[  515.054092][ T5978] bridge0: port 2(bridge_slave_1) entered disabled state
[  515.113645][ T5978] bridge_slave_0: left allmulticast mode
[  515.136634][ T5978] bridge_slave_0: left promiscuous mode
[  515.146744][ T5978] bridge0: port 1(bridge_slave_0) entered disabled state
[  515.306915][ T9356] syz.2.872: attempt to access beyond end of device
[  515.306915][ T9356] nbd2: rw=0, sector=0, nr_sectors = 1 limit=0
[  516.190584][   T51] Bluetooth: hci3: command tx timeout
[  516.444622][ T5978] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  516.457951][ T5978] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  516.469997][ T5978] bond0 (unregistering): Released all slaves
[  516.714274][ T9356] netlink: 8 bytes leftover after parsing attributes in process `syz.2.872'.
[  516.841367][ T9365] No control pipe specified
[  518.501905][ T9376] 9pnet_fd: Insufficient options for proto=fd
[  518.631404][ T5904] usb 2-1: new high-speed USB device number 12 using dummy_hcd
[  519.465745][ T5904] usb 2-1: config 0 has an invalid interface number: 1 but max is 0
[  519.480506][ T5904] usb 2-1: config 0 has no interface number 0
[  519.489142][ T5904] usb 2-1: New USB device found, idVendor=18b4, idProduct=fffb, bcdDevice=dc.7b
[  519.498625][ T5904] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  519.506730][ T5904] usb 2-1: Product: syz
[  519.511130][ T5904] usb 2-1: Manufacturer: syz
[  519.515764][ T5904] usb 2-1: SerialNumber: syz
[  519.523615][ T5904] usb 2-1: config 0 descriptor??
[  519.907701][ T5904] usb 2-1: dvb_usb_v2: found a 'E3C EC168 reference design' in warm state
[  519.922289][ T5904] usb 2-1: dvb_usb_v2: will pass the complete MPEG2 transport stream to the software demuxer
[  519.957120][ T5904] dvbdev: DVB: registering new adapter (E3C EC168 reference design)
[  519.974945][ T5904] usb 2-1: media controller created
[  520.027081][ T5904] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  520.157850][ T9299] bridge0: port 1(bridge_slave_0) entered blocking state
[  520.175114][ T9299] bridge0: port 1(bridge_slave_0) entered disabled state
[  520.197698][ T9299] bridge_slave_0: entered allmulticast mode
[  520.224677][ T9299] bridge_slave_0: entered promiscuous mode
[  520.291181][ T9299] bridge0: port 2(bridge_slave_1) entered blocking state
[  520.337366][ T9299] bridge0: port 2(bridge_slave_1) entered disabled state
[  520.520844][ T9299] bridge_slave_1: entered allmulticast mode
[  520.528797][ T9299] bridge_slave_1: entered promiscuous mode
[  520.605494][ T9398] netlink: 76 bytes leftover after parsing attributes in process `syz.4.882'.
[  520.682219][ T5904] usb 2-1: USB disconnect, device number 12
[  521.694269][ T9410] netlink: 168 bytes leftover after parsing attributes in process `syz.2.885'.
[  522.145945][ T9299] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  522.194798][ T9299] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  522.291882][ T5978] hsr_slave_0: left promiscuous mode
[  522.314374][ T5978] hsr_slave_1: left promiscuous mode
[  523.636958][ T5978] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  524.411110][ T5978] batman_adv: batadv0: Removing interface: batadv_slave_0
[  524.443855][ T5978] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  524.465355][ T5978] batman_adv: batadv0: Removing interface: batadv_slave_1
[  524.551393][ T5978] veth1_macvtap: left promiscuous mode
[  524.560874][ T5978] veth0_macvtap: left promiscuous mode
[  524.572168][ T5978] veth1_vlan: left promiscuous mode
[  524.594955][ T5978] veth0_vlan: left promiscuous mode
[  527.113128][ T9446] atomic_op ffff888059174198 conn xmit_atomic 0000000000000000
[  527.848137][ T5978] team0 (unregistering): Port device team_slave_1 removed
[  527.925120][ T5978] team0 (unregistering): Port device team_slave_0 removed
[  528.388461][ T9459] cgroup2: Unknown parameter 'trans'
[  531.028174][ T9299] team0: Port device team_slave_0 added
[  531.041054][ T9299] team0: Port device team_slave_1 added
[  533.039462][ T9484] 9pnet_fd: Insufficient options for proto=fd
[  533.706278][ T9299] batman_adv: batadv0: Adding interface: batadv_slave_0
[  533.734852][ T9299] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  533.797614][ T9299] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  533.816569][ T9489] 9pnet_fd: Insufficient options for proto=fd
[  533.977184][ T9299] batman_adv: batadv0: Adding interface: batadv_slave_1
[  533.992043][ T9299] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  534.021888][ T9299] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  534.370735][ T9495] atomic_op ffff88806e9c0998 conn xmit_atomic 0000000000000000
[  534.399861][ T9494] syz.0.908: attempt to access beyond end of device
[  534.399861][ T9494] nbd0: rw=0, sector=0, nr_sectors = 1 limit=0
[  535.277446][ T9299] hsr_slave_0: entered promiscuous mode
[  535.284444][ T9299] hsr_slave_1: entered promiscuous mode
[  535.291240][ T9299] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  535.299792][ T9299] Cannot create hsr debugfs directory
[  535.482868][ T9494] netlink: 8 bytes leftover after parsing attributes in process `syz.0.908'.
[  535.497863][ T9502] cgroup2: Unknown parameter 'trans'
[  535.567876][ T9504] netlink: 8 bytes leftover after parsing attributes in process `syz.2.910'.
[  537.044851][ T9299] netdevsim netdevsim5 netdevsim0: renamed from eth0
[  537.060302][ T9299] netdevsim netdevsim5 netdevsim1: renamed from eth1
[  537.088209][ T9299] netdevsim netdevsim5 netdevsim2: renamed from eth2
[  537.113848][ T9299] netdevsim netdevsim5 netdevsim3: renamed from eth3
[  538.161835][ T9299] 8021q: adding VLAN 0 to HW filter on device bond0
[  538.385216][ T9299] 8021q: adding VLAN 0 to HW filter on device team0
[  538.434068][ T5978] bridge0: port 1(bridge_slave_0) entered blocking state
[  538.441335][ T5978] bridge0: port 1(bridge_slave_0) entered forwarding state
[  538.532951][ T5978] bridge0: port 2(bridge_slave_1) entered blocking state
[  538.540134][ T5978] bridge0: port 2(bridge_slave_1) entered forwarding state
[  538.642585][ T9299] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[  538.654177][ T9299] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  539.154422][ T9541] 9pnet_fd: Insufficient options for proto=fd
[  539.384367][ T9549] 9pnet_fd: Insufficient options for proto=fd
[  539.622357][ T9299] 8021q: adding VLAN 0 to HW filter on device batadv0
[  539.661498][ T9558] netlink: 12 bytes leftover after parsing attributes in process `syz.2.921'.
[  540.171561][ T9570] vcan8: entered promiscuous mode
[  541.642856][ T9299] veth0_vlan: entered promiscuous mode
[  541.710907][ T5883] usb 1-1: new high-speed USB device number 11 using dummy_hcd
[  541.826544][ T9299] veth1_vlan: entered promiscuous mode
[  541.885208][ T9299] veth0_macvtap: entered promiscuous mode
[  541.898704][ T9299] veth1_macvtap: entered promiscuous mode
[  541.922353][ T9592] x_tables: duplicate underflow at hook 1
[  541.940881][ T9299] batman_adv: batadv0: Interface activated: batadv_slave_0
[  541.957462][ T9592] Bluetooth: hci0: invalid len left 7, exp >= 71
[  541.963630][ T5883] usb 1-1: config 0 has an invalid interface number: 1 but max is 0
[  541.971164][ T9299] batman_adv: batadv0: Interface activated: batadv_slave_1
[  541.974282][ T5883] usb 1-1: config 0 has no interface number 0
[  541.995020][ T9299] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  542.001935][ T5883] usb 1-1: New USB device found, idVendor=18b4, idProduct=fffb, bcdDevice=dc.7b
[  542.009298][ T9299] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  542.021627][ T5883] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  542.021658][ T5883] usb 1-1: Product: syz
[  542.021675][ T5883] usb 1-1: Manufacturer: syz
[  542.021692][ T5883] usb 1-1: SerialNumber: syz
[  542.026650][ T5883] usb 1-1: config 0 descriptor??
[  542.034428][ T9299] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  542.034467][ T9299] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  542.196668][   T49] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  542.214864][   T49] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  542.263285][   T49] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  542.276960][   T49] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  542.285813][ T5883] usb 1-1: dvb_usb_v2: found a 'E3C EC168 reference design' in warm state
[  542.300817][ T5883] usb 1-1: dvb_usb_v2: will pass the complete MPEG2 transport stream to the software demuxer
[  542.384913][ T9599] netlink: 168 bytes leftover after parsing attributes in process `syz.2.932'.
[  542.391236][ T5883] dvbdev: DVB: registering new adapter (E3C EC168 reference design)
[  542.428840][ T5883] usb 1-1: media controller created
[  543.016121][ T5883] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  543.118259][ T9602] netlink: 4 bytes leftover after parsing attributes in process `syz.1.933'.
[  543.127400][ T5883] i2c i2c-1: ec100: i2c rd failed=-32 reg=33
[  543.170543][ T9602] FAULT_INJECTION: forcing a failure.
[  543.170543][ T9602] name failslab, interval 1, probability 0, space 0, times 0
[  543.210775][ T9602] CPU: 1 UID: 0 PID: 9602 Comm: syz.1.933 Not tainted 6.16.0-rc1-syzkaller-00101-g27605c8c0f69 #0 PREEMPT(full) 
[  543.210810][ T9602] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  543.210828][ T9602] Call Trace:
[  543.210841][ T9602]  <TASK>
[  543.210851][ T9602]  dump_stack_lvl+0x189/0x250
[  543.210891][ T9602]  ? __pfx____ratelimit+0x10/0x10
[  543.210925][ T9602]  ? __pfx_dump_stack_lvl+0x10/0x10
[  543.210958][ T9602]  ? __pfx__printk+0x10/0x10
[  543.210987][ T9602]  ? __pfx___might_resched+0x10/0x10
[  543.211017][ T9602]  ? fs_reclaim_acquire+0x7d/0x100
[  543.211054][ T9602]  should_fail_ex+0x414/0x560
[  543.211088][ T9602]  should_failslab+0xa8/0x100
[  543.211119][ T9602]  kmem_cache_alloc_node_noprof+0x76/0x3c0
[  543.211145][ T9602]  ? rtnl_prop_list_size+0x1ba/0x1e0
[  543.211177][ T9602]  ? __alloc_skb+0x112/0x2d0
[  543.211216][ T9602]  __alloc_skb+0x112/0x2d0
[  543.211246][ T9602]  rtmsg_ifinfo_build_skb+0x84/0x260
[  543.211290][ T9602]  rtnetlink_event+0x1b7/0x270
[  543.211318][ T9602]  notifier_call_chain+0x1b3/0x3e0
[  543.211361][ T9602]  call_netdevice_notifiers+0x88/0xc0
[  543.211383][ T9602]  ? __pfx_call_netdevice_notifiers+0x10/0x10
[  543.211403][ T9602]  ? nla_memcpy+0x5b/0xc0
[  543.211446][ T9602]  do_setlink+0xb27/0x41c0
[  543.211490][ T9602]  ? __pfx_do_setlink+0x10/0x10
[  543.211516][ T9602]  ? _printk+0xcf/0x120
[  543.211538][ T9602]  ? __pfx____ratelimit+0x10/0x10
[  543.211582][ T9602]  ? __lock_acquire+0xab9/0xd20
[  543.211621][ T9602]  ? __mutex_trylock_common+0x153/0x260
[  543.211659][ T9602]  ? __pfx___mutex_trylock_common+0x10/0x10
[  543.211699][ T9602]  ? rcu_is_watching+0x15/0xb0
[  543.211732][ T9602]  ? trace_contention_end+0x39/0x120
[  543.211754][ T9602]  ? __mutex_lock+0x330/0xe80
[  543.211792][ T9602]  ? rtnl_newlink+0x8db/0x1c70
[  543.211813][ T9602]  ? rcu_is_watching+0x15/0xb0
[  543.211846][ T9602]  ? __pfx___mutex_lock+0x10/0x10
[  543.211877][ T9602]  ? ns_capable+0x8a/0xf0
[  543.211910][ T9602]  ? rtnl_link_get_net_capable+0x16a/0x350
[  543.211940][ T9602]  rtnl_newlink+0x149f/0x1c70
[  543.211962][ T9602]  ? netlink_sendmsg+0x805/0xb30
[  543.212001][ T9602]  ? __pfx_rtnl_newlink+0x10/0x10
[  543.212051][ T9602]  ? kasan_quarantine_put+0xdd/0x220
[  543.212074][ T9602]  ? lockdep_hardirqs_on+0x9c/0x150
[  543.212113][ T9602]  ? nlmon_xmit+0xb0/0x100
[  543.212144][ T9602]  ? kmem_cache_free+0x18f/0x400
[  543.212178][ T9602]  ? __local_bh_enable_ip+0x12d/0x1c0
[  543.212210][ T9602]  ? lockdep_hardirqs_on+0x9c/0x150
[  543.212242][ T9602]  ? __local_bh_enable_ip+0x12d/0x1c0
[  543.212273][ T9602]  ? __pfx___local_bh_enable_ip+0x10/0x10
[  543.212320][ T9602]  ? __dev_queue_xmit+0x27e/0x3a70
[  543.212371][ T9602]  ? __dev_queue_xmit+0x27e/0x3a70
[  543.212399][ T9602]  ? __dev_queue_xmit+0x27e/0x3a70
[  543.212430][ T9602]  ? __dev_queue_xmit+0x1cd7/0x3a70
[  543.212467][ T9602]  ? __lock_acquire+0xab9/0xd20
[  543.212524][ T9602]  ? __pfx_rtnl_newlink+0x10/0x10
[  543.212547][ T9602]  rtnetlink_rcv_msg+0x7cc/0xb70
[  543.212574][ T9602]  ? rtnetlink_rcv_msg+0x1ab/0xb70
[  543.212596][ T9602]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  543.212616][ T9602]  ? ref_tracker_free+0x63a/0x7d0
[  543.212644][ T9602]  ? __copy_skb_header+0xa7/0x550
[  543.212674][ T9602]  ? __pfx_ref_tracker_free+0x10/0x10
[  543.212702][ T9602]  ? __skb_clone+0x63/0x7a0
[  543.212740][ T9602]  netlink_rcv_skb+0x208/0x470
[  543.212772][ T9602]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  543.212798][ T9602]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  543.212839][ T9602]  ? netlink_deliver_tap+0x2e/0x1b0
[  543.212864][ T9602]  ? netlink_deliver_tap+0x2e/0x1b0
[  543.212896][ T9602]  netlink_unicast+0x75b/0x8d0
[  543.212931][ T9602]  netlink_sendmsg+0x805/0xb30
[  543.212968][ T9602]  ? __pfx_netlink_sendmsg+0x10/0x10
[  543.213004][ T9602]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  543.213030][ T9602]  ? __pfx_netlink_sendmsg+0x10/0x10
[  543.213058][ T9602]  __sock_sendmsg+0x219/0x270
[  543.213096][ T9602]  ____sys_sendmsg+0x505/0x830
[  543.213131][ T9602]  ? __pfx_____sys_sendmsg+0x10/0x10
[  543.213170][ T9602]  ? import_iovec+0x74/0xa0
[  543.213195][ T9602]  ___sys_sendmsg+0x21f/0x2a0
[  543.213227][ T9602]  ? __pfx____sys_sendmsg+0x10/0x10
[  543.213333][ T9602]  ? __fget_files+0x2a/0x420
[  543.213361][ T9602]  ? __fget_files+0x3a0/0x420
[  543.213401][ T9602]  __x64_sys_sendmsg+0x19b/0x260
[  543.213431][ T9602]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  543.213469][ T9602]  ? __pfx_ksys_write+0x10/0x10
[  543.213491][ T9602]  ? rcu_is_watching+0x15/0xb0
[  543.213526][ T9602]  ? do_syscall_64+0xbe/0x3b0
[  543.213550][ T9602]  do_syscall_64+0xfa/0x3b0
[  543.213568][ T9602]  ? lockdep_hardirqs_on+0x9c/0x150
[  543.213598][ T9602]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  543.213619][ T9602]  ? clear_bhb_loop+0x60/0xb0
[  543.213645][ T9602]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  543.213665][ T9602] RIP: 0033:0x7fe48af8e929
[  543.213685][ T9602] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  543.213704][ T9602] RSP: 002b:00007fe48beb7038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  543.213726][ T9602] RAX: ffffffffffffffda RBX: 00007fe48b1b5fa0 RCX: 00007fe48af8e929
[  543.213742][ T9602] RDX: 0000000000000000 RSI: 0000200000000140 RDI: 0000000000000003
[  543.213755][ T9602] RBP: 00007fe48beb7090 R08: 0000000000000000 R09: 0000000000000000
[  543.213775][ T9602] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  543.213787][ T9602] R13: 0000000000000000 R14: 00007fe48b1b5fa0 R15: 00007ffe6f5fc8c8
[  543.213820][ T9602]  </TASK>
[  543.755345][ T5883] usb 1-1: USB disconnect, device number 11
[  543.858302][ T5938] lo speed is unknown, defaulting to 1000
[  543.865100][   T43] lo speed is unknown, defaulting to 1000
[  544.099184][ T9610] netlink: 12 bytes leftover after parsing attributes in process `syz.1.935'.
[  544.225767][ T9614] No control pipe specified
[  545.690674][ T9621] vcan6: entered promiscuous mode
[  545.818799][ T9624] sg_write: data in/out 124/1 bytes for SCSI command 0x1c-- guessing data in;
[  545.818799][ T9624]    program syz.0.937 not setting count and/or reply_len properly
[  546.055240][ T9624] vcan9: entered promiscuous mode
[  547.239830][ T9645] syz.4.945: attempt to access beyond end of device
[  547.239830][ T9645] nbd4: rw=0, sector=0, nr_sectors = 1 limit=0
[  547.256053][ T9645] netlink: 8 bytes leftover after parsing attributes in process `syz.4.945'.
[  547.390735][ T5904] usb 2-1: new high-speed USB device number 13 using dummy_hcd
[  547.595267][ T5904] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  547.638189][ T5904] usb 2-1: New USB device found, idVendor=0471, idProduct=0304, bcdDevice=e4.df
[  547.658942][ T5904] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  547.671323][ T5904] usb 2-1: config 0 descriptor??
[  547.686766][ T5904] pwc: Askey VC010 type 2 USB webcam detected.
[  547.694424][ T9653] netlink: 4 bytes leftover after parsing attributes in process `syz.5.949'.
[  547.921782][ T5883] usb 5-1: new high-speed USB device number 10 using dummy_hcd
[  548.350366][ T5904] pwc: recv_control_msg error -32 req 02 val 2b00
[  548.392102][ T5904] pwc: recv_control_msg error -32 req 02 val 2700
[  548.421033][ T5904] pwc: recv_control_msg error -32 req 02 val 2c00
[  548.462103][ T5904] pwc: recv_control_msg error -32 req 04 val 1000
[  548.500049][ T5904] pwc: recv_control_msg error -32 req 04 val 1300
[  548.537970][ T5904] pwc: recv_control_msg error -71 req 04 val 1400
[  548.573454][ T5904] pwc: recv_control_msg error -71 req 02 val 2000
[  548.621934][ T5904] pwc: recv_control_msg error -71 req 02 val 2100
[  548.654515][ T5904] pwc: recv_control_msg error -71 req 04 val 1500
[  548.691628][ T5904] pwc: recv_control_msg error -71 req 02 val 2500
[  548.729141][ T5904] pwc: recv_control_msg error -71 req 02 val 2400
[  548.758038][ T5904] pwc: recv_control_msg error -71 req 02 val 2600
[  548.870807][ T5883] usb 5-1: config 0 has an invalid interface number: 1 but max is 0
[  548.881811][ T5883] usb 5-1: config 0 has no interface number 0
[  548.881926][ T5904] pwc: recv_control_msg error -71 req 02 val 2900
[  548.891529][ T5883] usb 5-1: New USB device found, idVendor=18b4, idProduct=fffb, bcdDevice=dc.7b
[  548.902287][ T9668] vcan1: entered promiscuous mode
[  548.908722][ T5883] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  548.949380][ T5883] usb 5-1: Product: syz
[  548.967908][ T5883] usb 5-1: Manufacturer: syz
[  548.988919][ T5883] usb 5-1: SerialNumber: syz
[  549.328823][ T5883] usb 5-1: config 0 descriptor??
[  549.348597][ T5904] pwc: recv_control_msg error -71 req 02 val 2800
[  549.386862][ T5904] pwc: recv_control_msg error -71 req 04 val 1100
[  550.430786][ T5883] dvb_usb_ec168 5-1:0.1: probe with driver dvb_usb_ec168 failed with error -110
[  550.712590][ T5904] pwc: recv_control_msg error -71 req 04 val 1200
[  551.484120][ T5904] pwc: Registered as video103.
[  551.566697][ T9674] netlink: 168 bytes leftover after parsing attributes in process `syz.5.956'.
[  551.931858][ T5904] input: PWC snapshot button as /devices/platform/dummy_hcd.1/usb2/2-1/input/input5
[  552.010451][   T10] usb 5-1: USB disconnect, device number 10
[  552.064671][ T5904] usb 2-1: USB disconnect, device number 13
[  552.849758][ T9684] syz.2.959: attempt to access beyond end of device
[  552.849758][ T9684] nbd2: rw=0, sector=0, nr_sectors = 1 limit=0
[  552.936256][ T9687] netlink: 8 bytes leftover after parsing attributes in process `syz.2.959'.
[  554.039011][ T9695] syz_tun: entered allmulticast mode
[  554.070249][ T9695] syz.0.963: attempt to access beyond end of device
[  554.070249][ T9695] nbd0: rw=0, sector=0, nr_sectors = 1 limit=0
[  554.154591][ T9695] netlink: 8 bytes leftover after parsing attributes in process `syz.0.963'.
[  554.540538][ T5904] usb 6-1: new high-speed USB device number 2 using dummy_hcd
[  556.235316][ T5904] usb 6-1: config 0 has an invalid interface number: 1 but max is 0
[  557.672893][ T5904] usb 6-1: config 0 has no interface number 0
[  558.471655][ T9715] IPVS: set_ctl: invalid protocol: 136 10.1.1.2:20004
[  558.552540][ T5904] usb 6-1: string descriptor 0 read error: -71
[  558.558968][ T5904] usb 6-1: New USB device found, idVendor=18b4, idProduct=fffb, bcdDevice=dc.7b
[  558.573366][ T5904] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  558.826096][ T5904] usb 6-1: config 0 descriptor??
[  558.837656][ T5904] usb 6-1: can't set config #0, error -71
[  558.883364][ T9719] syz.1.972: attempt to access beyond end of device
[  558.883364][ T9719] nbd1: rw=0, sector=0, nr_sectors = 1 limit=0
[  558.901750][ T5904] usb 6-1: USB disconnect, device number 2
[  558.958212][ T9719] netlink: 8 bytes leftover after parsing attributes in process `syz.1.972'.
[  559.264198][ T9732] atomic_op ffff88804dbf3198 conn xmit_atomic 0000000000000000
[  559.583125][ T9735] netlink: 76 bytes leftover after parsing attributes in process `syz.2.977'.
[  560.171604][ T9748] FAULT_INJECTION: forcing a failure.
[  560.171604][ T9748] name failslab, interval 1, probability 0, space 0, times 0
[  560.185005][ T9748] CPU: 0 UID: 0 PID: 9748 Comm: syz.0.980 Not tainted 6.16.0-rc1-syzkaller-00101-g27605c8c0f69 #0 PREEMPT(full) 
[  560.185036][ T9748] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  560.185050][ T9748] Call Trace:
[  560.185060][ T9748]  <TASK>
[  560.185071][ T9748]  dump_stack_lvl+0x189/0x250
[  560.185112][ T9748]  ? __pfx____ratelimit+0x10/0x10
[  560.185145][ T9748]  ? __pfx_dump_stack_lvl+0x10/0x10
[  560.185179][ T9748]  ? __pfx__printk+0x10/0x10
[  560.185209][ T9748]  ? __pfx___might_resched+0x10/0x10
[  560.185247][ T9748]  should_fail_ex+0x414/0x560
[  560.185282][ T9748]  should_failslab+0xa8/0x100
[  560.185322][ T9748]  kmem_cache_alloc_noprof+0x73/0x3c0
[  560.185349][ T9748]  ? mas_alloc_nodes+0x2e9/0x8e0
[  560.185388][ T9748]  mas_alloc_nodes+0x2e9/0x8e0
[  560.185430][ T9748]  mas_preallocate+0x39e/0x6b0
[  560.185468][ T9748]  ? __pfx_mas_preallocate+0x10/0x10
[  560.185509][ T9748]  ? __asan_memset+0x22/0x50
[  560.185541][ T9748]  commit_merge+0x1fd/0x700
[  560.185578][ T9748]  ? __vma_enter_locked+0x1f4/0x380
[  560.185613][ T9748]  ? __pfx_commit_merge+0x10/0x10
[  560.185661][ T9748]  ? vma_modify+0xe96/0x1970
[  560.185687][ T9748]  vma_modify+0x1363/0x1970
[  560.185729][ T9748]  vma_modify_flags+0x1e8/0x230
[  560.185755][ T9748]  ? __pfx_vma_modify_flags+0x10/0x10
[  560.185804][ T9748]  mlock_fixup+0x22a/0x360
[  560.185834][ T9748]  apply_mlockall_flags+0x2f0/0x3c0
[  560.185861][ T9748]  ? __pfx_apply_mlockall_flags+0x10/0x10
[  560.185892][ T9748]  ? __pfx_down_write_killable+0x10/0x10
[  560.185918][ T9748]  ? __pfx_ksys_write+0x10/0x10
[  560.185941][ T9748]  ? rcu_is_watching+0x15/0xb0
[  560.185980][ T9748]  __ia32_sys_munlockall+0x10a/0x220
[  560.186020][ T9748]  do_syscall_64+0xfa/0x3b0
[  560.186042][ T9748]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  560.186064][ T9748]  ? asm_sysvec_call_function_single+0x1a/0x20
[  560.186086][ T9748]  ? clear_bhb_loop+0x60/0xb0
[  560.186113][ T9748]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  560.186134][ T9748] RIP: 0033:0x7f8cdd78e929
[  560.186154][ T9748] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  560.186174][ T9748] RSP: 002b:00007f8cde6bd038 EFLAGS: 00000246 ORIG_RAX: 0000000000000098
[  560.186197][ T9748] RAX: ffffffffffffffda RBX: 00007f8cdd9b6080 RCX: 00007f8cdd78e929
[  560.186213][ T9748] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  560.186226][ T9748] RBP: 00007f8cde6bd090 R08: 0000000000000000 R09: 0000000000000000
[  560.186239][ T9748] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  560.186252][ T9748] R13: 0000000000000000 R14: 00007f8cdd9b6080 R15: 00007fff824bcdb8
[  560.186286][ T9748]  </TASK>
[  560.187109][ T9748] vmg ffffc9000b05fc40 dumped because: VM_WARN_ON_VMG(prev && start <= prev->vm_start)
[  560.640716][ T9748] vmg ffffc9000b05fc40 state: mm ffff88802890d400 pgoff 200000ffc
[  560.640716][ T9748] vmi ffffc9000b05fde0 [200000ffc000,200000ffe000)
[  560.640716][ T9748] prev ffff8880793dc8c0 middle ffff8880793dc8c0 next 0000000000000000 target 0000000000000000
[  560.640716][ T9748] start 200000ffc000 end 200000ffe000 flags 8100077
[  560.640716][ T9748] file 0000000000000000 anon_vma ffff8880347f5110 policy ffff88801b6860f0
[  560.640716][ T9748] uffd_ctx 0000000000000000
[  560.640716][ T9748] anon_name 0000000000000000
[  560.640716][ T9748] state 0
[  560.640716][ T9748] just_expand 0
[  560.640716][ T9748] __adjust_middle_start 0 __adjust_next_start 0
[  560.640716][ T9748] __remove_middle 0 __remove_next 0
[  561.350559][ T9748] vmg ffffc9000b05fc40 mm:
[  561.355046][ T9748] mm ffff88802890d400 task_size 140737488351232
[  561.355046][ T9748] mmap_base 140243003928576 mmap_legacy_base 47389791240192
[  561.355046][ T9748] pgd ffff88806ea62000 mm_users 3 mm_count 1 pgtables_bytes 122880 map_count 35
[  561.355046][ T9748] hiwater_rss 14ed hiwater_vm 5f8d total_vm 5fcf locked_vm 2
[  561.355046][ T9748] pinned_vm 0 data_vm 23db exec_vm 1a4 stack_vm 21
[  561.355046][ T9748] start_code 7f8cdd649000 end_code 7f8cdd7eadb9 start_data 7f8cdd990000 end_data 7f8cdd990000
[  561.355046][ T9748] start_brk 5555928cb000 brk 5555928ff000 start_stack 7fff824bd620
[  561.355046][ T9748] arg_start 7fff824bef6d arg_end 7fff824bef81 env_start 7fff824bef81 env_end 7fff824befe9
[  561.355046][ T9748] binfmt ffffffff8e2b4580 flags 800007fd
[  561.355046][ T9748] ioctx_table 0000000000000000
[  561.355046][ T9748] owner ffff88806e30bc00 exe_file ffff88802d802a80
[  561.355046][ T9748] notifier_subscriptions 0000000000000000
[  561.355046][ T9748] numa_next_scan 4294993169 numa_scan_offset 0 numa_scan_seq 0
[  561.355046][ T9748] tlb_flush_pending 0
[  561.355046][ T9748] def_flags: 0x0()
[  561.529494][ T9748] vmg ffffc9000b05fc40 prev:
[  561.535596][ T9748] vma ffff8880793dc8c0 start 0000200000ffc000 end 0000200000ffe000 mm ffff88802890d400
[  561.535596][ T9748] prot 25 anon_vma ffff8880347f5110 vm_ops 0000000000000000
[  561.535596][ T9748] pgoff 200000ffc file 0000000000000000 private_data 0000000000000000
[  561.535596][ T9748] refcnt 1
[  561.535596][ T9748] flags: 0x8102077(read|write|exec|mayread|maywrite|mayexec|locked|account|softdirty)
[  561.577947][ T9748] vmg ffffc9000b05fc40 middle:
[  561.586280][ T9748] vma ffff8880793dc8c0 start 0000200000ffc000 end 0000200000ffe000 mm ffff88802890d400
[  561.586280][ T9748] prot 25 anon_vma ffff8880347f5110 vm_ops 0000000000000000
[  561.586280][ T9748] pgoff 200000ffc file 0000000000000000 private_data 0000000000000000
[  561.586280][ T9748] refcnt 1
[  561.586280][ T9748] flags: 0x8102077(read|write|exec|mayread|maywrite|mayexec|locked|account|softdirty)
[  561.688305][ T9748] vmg ffffc9000b05fc40 next: (NULL)
[  561.725491][ T9748] vmg ffffc9000b05fc40 vmi:
[  561.742704][ T9748] MAS: tree=ffff88802890d440 enode=ffff888032e2c80c 
[  561.742737][ T9748] (ma_active)
[  561.771628][   T10] usb 6-1: new high-speed USB device number 3 using dummy_hcd
[  562.298929][   T10] usb 6-1: config 0 has an invalid interface number: 1 but max is 0
[  562.473260][ T9748] Store Type: 
[  562.473281][ T9748] node_store
[  562.486287][ T9748] [7/11] index=200000ffc000 last=200000ffdfff
[  562.495052][   T10] usb 6-1: config 0 has no interface number 0
[  562.500510][ T9748]      min=0 max=5555928ecfff alloc=0000000000000000, depth=0, flags=0
[  562.558776][ T9748] maple_tree(ffff88802890d440) flags 30B, height 2 root ffff888024b1e21e
[  562.566020][   T10] usb 6-1: New USB device found, idVendor=18b4, idProduct=fffb, bcdDevice=dc.7b
[  562.583716][   T10] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  562.597754][   T10] usb 6-1: Product: syz
[  562.602940][   T10] usb 6-1: Manufacturer: syz
[  562.604122][ T9748] 0-ffffffffffffffff: node ffff888024b1e200 depth 0 type 3 parent ffff88802890d441 contents: 3555918ca000 
[  562.607734][   T10] usb 6-1: SerialNumber: syz
[  562.639317][ T9748] 2a3748cf8000 1af000 ffff80007db41000 0 0 0 0 0 0 | 03 03| ffff888032e2c80c 5555928ECFFF ffff8880347fd00c 7F8CDD5FFFFF ffff888030ec8e0c 7F8CDE69DFFF ffff888030ec800c FFFFFFFFFFFFFFFF 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000
[  562.703117][   T10] usb 6-1: config 0 descriptor??
[  562.719759][ T9748]   0-5555928ecfff: node ffff888032e2c800 depth 1 type 1 parent ffff888024b1e206 contents: 0000000000000000 110C22FFFF ffff88802f27fdc0 110E22FFFF 0000000000000000 1B2F31FFFF ffff8880793dc500 1B2F35FFFF 0000000000000000 1FFFFFFFEFFF ffff8880793dc000 1FFFFFFFFFFF ffff8880334a6b40 200000FFBFFF ffff8880793dc8c0 200000FFDFFF ffff88804ea45000 200000FFFFFF ffff888078275000 200001000FFF 0000000000000000 5555928CAFFF ffff888078275140 5555928ECFFF 0000000000000000 0 0000000000000000 0 0000000000000000 0 000000000000000b
[  562.767797][ T9748]     0-110c22ffff: 0000000000000000
[  562.799236][ T9748]     110c230000-110e22ffff: ffff88802f27fdc0
[  562.853682][ T9748]     110e230000-1b2f31ffff: 0000000000000000
[  562.866219][ T9748]     1b2f320000-1b2f35ffff: ffff8880793dc500
[  563.139899][   T10] usb 6-1: dvb_usb_v2: found a 'E3C EC168 reference design' in warm state
[  563.329706][ T9748]     1b2f360000-1fffffffefff: 0000000000000000
[  563.339163][   T10] usb 6-1: dvb_usb_v2: will pass the complete MPEG2 transport stream to the software demuxer
[  563.352115][ T9748]     1ffffffff000-1fffffffffff: ffff8880793dc000
[  563.359389][   T10] dvbdev: DVB: registering new adapter (E3C EC168 reference design)
[  563.372508][ T9778] FAULT_INJECTION: forcing a failure.
[  563.372508][ T9778] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  563.391923][ T9778] CPU: 1 UID: 0 PID: 9778 Comm: syz.1.989 Not tainted 6.16.0-rc1-syzkaller-00101-g27605c8c0f69 #0 PREEMPT(full) 
[  563.391950][ T9778] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  563.391960][ T9778] Call Trace:
[  563.391967][ T9778]  <TASK>
[  563.391973][ T9778]  dump_stack_lvl+0x189/0x250
[  563.392000][ T9778]  ? __pfx____ratelimit+0x10/0x10
[  563.392024][ T9778]  ? __pfx_dump_stack_lvl+0x10/0x10
[  563.392047][ T9778]  ? __pfx__printk+0x10/0x10
[  563.392062][ T9778]  ? __might_fault+0xb0/0x130
[  563.392089][ T9778]  should_fail_ex+0x414/0x560
[  563.392113][ T9778]  _copy_from_user+0x2d/0xb0
[  563.392128][ T9778]  ___sys_sendmsg+0x158/0x2a0
[  563.392151][ T9778]  ? __pfx____sys_sendmsg+0x10/0x10
[  563.392196][ T9778]  ? __fget_files+0x2a/0x420
[  563.392229][ T9778]  ? __fget_files+0x3a0/0x420
[  563.392255][ T9778]  __x64_sys_sendmsg+0x19b/0x260
[  563.392275][ T9778]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  563.392300][ T9778]  ? __pfx_ksys_write+0x10/0x10
[  563.392314][ T9778]  ? rcu_is_watching+0x15/0xb0
[  563.392339][ T9778]  ? do_syscall_64+0xbe/0x3b0
[  563.392355][ T9778]  do_syscall_64+0xfa/0x3b0
[  563.392367][ T9778]  ? lockdep_hardirqs_on+0x9c/0x150
[  563.392388][ T9778]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  563.392402][ T9778]  ? clear_bhb_loop+0x60/0xb0
[  563.392419][ T9778]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  563.392433][ T9778] RIP: 0033:0x7fe48af8e929
[  563.392445][ T9778] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  563.392458][ T9778] RSP: 002b:00007fe48beb7038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  563.392473][ T9778] RAX: ffffffffffffffda RBX: 00007fe48b1b5fa0 RCX: 00007fe48af8e929
[  563.392483][ T9778] RDX: 0000000000000000 RSI: 0000200000000000 RDI: 0000000000000003
[  563.392492][ T9778] RBP: 00007fe48beb7090 R08: 0000000000000000 R09: 0000000000000000
[  563.392501][ T9778] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  563.392509][ T9778] R13: 0000000000000000 R14: 00007fe48b1b5fa0 R15: 00007ffe6f5fc8c8
[  563.392531][ T9778]  </TASK>
[  563.420730][ T9748]     200000000000-200000ffbfff: 
[  563.611574][   T10] usb 6-1: media controller created
[  563.656916][   T10] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  563.665731][ T9748] ffff8880334a6b40
[  563.669485][ T9748]     200000ffc000-200000ffdfff: ffff8880793dc8c0
[  563.679397][ T9748]     200000ffe000-200000ffffff: ffff88804ea45000
[  563.694438][ T9748]     200001000000-200001000fff: ffff888078275000
[  563.728988][ T9748]     200001001000-5555928cafff: 0000000000000000
[  563.749550][ T9748]     5555928cb000-5555928ecfff: ffff888078275140
[  563.762041][   T10] i2c i2c-1: ec100: i2c rd failed=-32 reg=33
[  563.775735][ T9748]   5555928ed000-7f8cdd5fffff: node ffff8880347fd000 depth 1 type 1 parent ffff888024b1e20e contents: ffff888078275500 5555928FEFFF 0000000000000000 7F8CDB5F6FFF ffff888078275280 7F8CDB5F7FFF ffff8880323ef140 7F8CDBDF7FFF ffff8880323ef780 7F8CDBDF8FFF ffff8880323ef500 7F8CDC5F8FFF ffff888031c3a8c0 7F8CDC5FAFFF ffff888032cbadc0 7F8CDC9FAFFF ffff8880326f0140 7F8CDC9FCFFF ffff888020eb2b40 7F8CDCDFCFFF ffff888020eb2640 7F8CDCDFEFFF ffff8880349573c0 7F8CDD1FEFFF ffff888052da0780 7F8CDD1FFFFF ffff888052da0500 7F8CDD5FFFFF 0000000000000000 0 000000000000000d
[  563.831112][ T9748]     5555928ed000-5555928fefff: ffff888078275500
[  563.837591][ T9748]     5555928ff000-7f8cdb5f6fff: 0000000000000000
[  563.853640][ T9748]     7f8cdb5f7000-7f8cdb5f7fff: ffff888078275280
[  563.874357][ T9748]     7f8cdb5f8000-7f8cdbdf7fff: ffff8880323ef140
[  563.887642][ T9748]     7f8cdbdf8000-7f8cdbdf8fff: ffff8880323ef780
[  563.910315][ T9748]     7f8cdbdf9000-7f8cdc5f8fff: ffff8880323ef500
[  563.925327][   T10] usb 6-1: USB disconnect, device number 3
[  564.076719][ T9748]     7f8cdc5f9000-7f8cdc5fafff: ffff888031c3a8c0
[  564.083472][ T9748]     7f8cdc5fb000-7f8cdc9fafff: ffff888032cbadc0
[  564.096651][ T9748]     7f8cdc9fb000-7f8cdc9fcfff: ffff8880326f0140
[  564.349623][ T9748]     7f8cdc9fd000-7f8cdcdfcfff: ffff888020eb2b40
[  564.357040][ T9748]     7f8cdcdfd000-7f8cdcdfefff: ffff888020eb2640
[  564.367033][ T9748]     7f8cdcdff000-7f8cdd1fefff: ffff8880349573c0
[  564.377770][ T9748]     7f8cdd1ff000-7f8cdd1fffff: ffff888052da0780
[  564.387469][ T9748]     7f8cdd200000-7f8cdd5fffff: ffff888052da0500
[  565.042989][ T9748]   7f8cdd600000-7f8cde69dfff: node ffff888030ec8e00 depth 1 type 1 parent ffff888024b1e216 contents: ffff888052da0b40 7F8CDD648FFF ffff888052da0c80 7F8CDD7EAFFF ffff888052da0000 7F8CDD898FFF ffff888052da0640 7F8CDD97DFFF ffff888052da0140 7F8CDD986FFF 0000000000000000 7F8CDD98FFFF ffff888052da0280 7F8CDE4EDFFF 0000000000000000 7F8CDE69CFFF ffff8880335dca00 7F8CDE69DFFF 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000008
[  565.407290][ T9748]     7f8cdd600000-7f8cdd648fff: ffff888052da0b40
[  565.452389][ T9748]     7f8cdd649000-7f8cdd7eafff: ffff888052da0c80
[  565.784662][ T9748]     7f8cdd7eb000-7f8cdd898fff: ffff888052da0000
[  565.860923][ T9748]     7f8cdd899000-7f8cdd97dfff: ffff888052da0640
[  565.867653][ T9748]     7f8cdd97e000-7f8cdd986fff: ffff888052da0140
[  565.874435][ T9748]     7f8cdd987000-7f8cdd98ffff: 0000000000000000
[  565.883824][ T9748]     7f8cdd990000-7f8cde4edfff: ffff888052da0280
[  565.890895][ T9748]     7f8cde4ee000-7f8cde69cfff: 0000000000000000
[  565.934396][ T9748]     7f8cde69d000-7f8cde69dfff: ffff8880335dca00
[  567.057269][ T9748]   7f8cde69e000-ffffffffffffffff: node ffff888030ec8000 depth 1 type 1 parent ffff888024b1e21e contents: ffff8880334a6dc0 7F8CDE6BDFFF ffff8880335dc780 7F8CDE6BEFFF ffff8880334a6000 7F8CDE6DEFFF ffff888052da08c0 7F8CDE6E2FFF ffff8880334a6640 7F8CDE6E4FFF ffff8880334a6500 7F8CDE6E6FFF 0000000000000000 7FFF8249DFFF ffff8880334a6280 7FFF824BEFFF 0000000000000000 FFFFFFFFFFFFFFFF 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000000 0 0000000000000008
[  567.132710][ T9804] netlink: 16 bytes leftover after parsing attributes in process `syz.5.997'.
[  567.144862][ T9804] netlink: 20 bytes leftover after parsing attributes in process `syz.5.997'.
[  567.154828][ T9748]     7f8cde69e000-7f8cde6bdfff: ffff8880334a6dc0
[  567.180530][ T9748]     7f8cde6be000-7f8cde6befff: ffff8880335dc780
[  567.425205][ T9748]     7f8cde6bf000-7f8cde6defff: ffff8880334a6000
[  567.453276][ T9748]     7f8cde6df000-7f8cde6e2fff: ffff888052da08c0
[  567.459758][ T9748]     7f8cde6e3000-7f8cde6e4fff: ffff8880334a6640
[  568.126879][ T9748]     7f8cde6e5000-7f8cde6e6fff: ffff8880334a6500
[  568.245823][ T9748]     7f8cde6e7000-7fff8249dfff: 0000000000000000
[  568.265468][ T9748]     7fff8249e000-7fff824befff: ffff8880334a6280
[  568.278074][ T1303] ieee802154 phy0 wpan0: encryption failed: -22
[  568.285016][ T1303] ieee802154 phy1 wpan1: encryption failed: -22
[  568.366882][ T9748]     7fff824bf000-ffffffffffffffff: 0000000000000000
[  568.420888][ T9748] ------------[ cut here ]------------
[  568.426435][ T9748] WARNING: CPU: 1 PID: 9748 at mm/vma.c:821 vma_modify+0x153d/0x1970
[  568.434727][ T9748] Modules linked in:
[  568.438882][ T9748] CPU: 1 UID: 0 PID: 9748 Comm: syz.0.980 Not tainted 6.16.0-rc1-syzkaller-00101-g27605c8c0f69 #0 PREEMPT(full) 
[  568.450892][ T9748] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  568.461060][ T9748] RIP: 0010:vma_modify+0x153d/0x1970
[  568.466379][ T9748] Code: 0b 90 e9 9d ed ff ff e8 d1 8a ad ff 90 0f 0b 90 e9 a6 ec ff ff e8 c3 8a ad ff 4c 89 f7 48 c7 c6 e0 7f 96 8b e8 f4 26 f3 ff 90 <0f> 0b 90 e9 4f ed ff ff e8 a6 8a ad ff e9 52 ee ff ff e8 9c 8a ad
[  568.486189][ T9748] RSP: 0018:ffffc9000b05fb38 EFLAGS: 00010286
[  568.492558][ T9748] RAX: ffffffff8b57a8cd RBX: ffff8880793dc8c0 RCX: ffff88802b321e00
[  568.500634][ T9748] RDX: 0000000000000000 RSI: ffffffffffffffff RDI: ffffffffffffffff
[  568.508654][ T9748] RBP: 0000200000ffc000 R08: 0000000000000003 R09: 0000000000000004
[  568.516751][ T9748] R10: dffffc0000000000 R11: fffffbfff1bfa9ec R12: 0000200000ffc000
[  568.524836][ T9748] R13: ffffc9000b05fc60 R14: ffffc9000b05fc40 R15: 1ffff9200160bf8c
[  568.532949][ T9748] FS:  00007f8cde6bd6c0(0000) GS:ffff888125d86000(0000) knlGS:0000000000000000
[  568.542329][ T9748] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  568.548981][ T9748] CR2: 00007f391d84db82 CR3: 000000006ea62000 CR4: 00000000003526f0
[  568.557120][ T9748] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[  568.565307][ T9748] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[  568.573426][ T9748] Call Trace:
[  568.576763][ T9748]  <TASK>
[  568.579763][ T9748]  vma_modify_flags+0x1e8/0x230
[  568.584758][ T9748]  ? __pfx_vma_modify_flags+0x10/0x10
[  568.590219][ T9748]  mlock_fixup+0x22a/0x360
[  568.594754][ T9748]  apply_mlockall_flags+0x2f0/0x3c0
[  568.600020][ T9748]  ? __pfx_apply_mlockall_flags+0x10/0x10
[  568.605897][ T9748]  ? __pfx_down_write_killable+0x10/0x10
[  568.611636][ T9748]  ? __pfx_ksys_write+0x10/0x10
[  568.616544][ T9748]  ? rcu_is_watching+0x15/0xb0
[  568.621443][ T9748]  __ia32_sys_munlockall+0x10a/0x220
[  568.626800][ T9748]  do_syscall_64+0xfa/0x3b0
[  568.631425][ T9748]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  568.637550][ T9748]  ? asm_sysvec_call_function_single+0x1a/0x20
[  568.643921][ T9748]  ? clear_bhb_loop+0x60/0xb0
[  568.648671][ T9748]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  568.654676][ T9748] RIP: 0033:0x7f8cdd78e929
[  568.659147][ T9748] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  568.679147][ T9748] RSP: 002b:00007f8cde6bd038 EFLAGS: 00000246 ORIG_RAX: 0000000000000098
[  568.687683][ T9748] RAX: ffffffffffffffda RBX: 00007f8cdd9b6080 RCX: 00007f8cdd78e929
[  568.695766][ T9748] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  568.703807][ T9748] RBP: 00007f8cde6bd090 R08: 0000000000000000 R09: 0000000000000000
[  568.711879][ T9748] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  568.719886][ T9748] R13: 0000000000000000 R14: 00007f8cdd9b6080 R15: 00007fff824bcdb8
[  568.727963][ T9748]  </TASK>
[  568.731056][ T9748] Kernel panic - not syncing: kernel: panic_on_warn set ...
[  568.738382][ T9748] CPU: 1 UID: 0 PID: 9748 Comm: syz.0.980 Not tainted 6.16.0-rc1-syzkaller-00101-g27605c8c0f69 #0 PREEMPT(full) 
[  568.750307][ T9748] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  568.760406][ T9748] Call Trace:
[  568.763715][ T9748]  <TASK>
[  568.766655][ T9748]  dump_stack_lvl+0x99/0x250
[  568.771282][ T9748]  ? __asan_memcpy+0x40/0x70
[  568.775900][ T9748]  ? __pfx_dump_stack_lvl+0x10/0x10
[  568.781115][ T9748]  ? __pfx__printk+0x10/0x10
[  568.785726][ T9748]  panic+0x2db/0x790
[  568.789643][ T9748]  ? __pfx_panic+0x10/0x10
[  568.794093][ T9748]  __warn+0x31b/0x4b0
[  568.798089][ T9748]  ? vma_modify+0x153d/0x1970
[  568.802787][ T9748]  ? vma_modify+0x153d/0x1970
[  568.807472][ T9748]  report_bug+0x2be/0x4f0
[  568.811820][ T9748]  ? vma_modify+0x153d/0x1970
[  568.816511][ T9748]  ? vma_modify+0x153d/0x1970
[  568.821194][ T9748]  ? vma_modify+0x153f/0x1970
[  568.825876][ T9748]  handle_bug+0x84/0x160
[  568.830128][ T9748]  exc_invalid_op+0x1a/0x50
[  568.834662][ T9748]  asm_exc_invalid_op+0x1a/0x20
[  568.839539][ T9748] RIP: 0010:vma_modify+0x153d/0x1970
[  568.844833][ T9748] Code: 0b 90 e9 9d ed ff ff e8 d1 8a ad ff 90 0f 0b 90 e9 a6 ec ff ff e8 c3 8a ad ff 4c 89 f7 48 c7 c6 e0 7f 96 8b e8 f4 26 f3 ff 90 <0f> 0b 90 e9 4f ed ff ff e8 a6 8a ad ff e9 52 ee ff ff e8 9c 8a ad
[  568.864452][ T9748] RSP: 0018:ffffc9000b05fb38 EFLAGS: 00010286
[  568.870534][ T9748] RAX: ffffffff8b57a8cd RBX: ffff8880793dc8c0 RCX: ffff88802b321e00
[  568.878513][ T9748] RDX: 0000000000000000 RSI: ffffffffffffffff RDI: ffffffffffffffff
[  568.886491][ T9748] RBP: 0000200000ffc000 R08: 0000000000000003 R09: 0000000000000004
[  568.894468][ T9748] R10: dffffc0000000000 R11: fffffbfff1bfa9ec R12: 0000200000ffc000
[  568.902443][ T9748] R13: ffffc9000b05fc60 R14: ffffc9000b05fc40 R15: 1ffff9200160bf8c
[  568.910446][ T9748]  ? mt_dump_node+0x18cd/0x26b0
[  568.915323][ T9748]  ? vma_modify+0x153c/0x1970
[  568.920015][ T9748]  vma_modify_flags+0x1e8/0x230
[  568.924874][ T9748]  ? __pfx_vma_modify_flags+0x10/0x10
[  568.930267][ T9748]  mlock_fixup+0x22a/0x360
[  568.934721][ T9748]  apply_mlockall_flags+0x2f0/0x3c0
[  568.939958][ T9748]  ? __pfx_apply_mlockall_flags+0x10/0x10
[  568.945707][ T9748]  ? __pfx_down_write_killable+0x10/0x10
[  568.951455][ T9748]  ? __pfx_ksys_write+0x10/0x10
[  568.956338][ T9748]  ? rcu_is_watching+0x15/0xb0
[  568.961137][ T9748]  __ia32_sys_munlockall+0x10a/0x220
[  568.966451][ T9748]  do_syscall_64+0xfa/0x3b0
[  568.970974][ T9748]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  568.977050][ T9748]  ? asm_sysvec_call_function_single+0x1a/0x20
[  568.983211][ T9748]  ? clear_bhb_loop+0x60/0xb0
[  568.987912][ T9748]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  568.993814][ T9748] RIP: 0033:0x7f8cdd78e929
[  568.998266][ T9748] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  569.017889][ T9748] RSP: 002b:00007f8cde6bd038 EFLAGS: 00000246 ORIG_RAX: 0000000000000098
[  569.026318][ T9748] RAX: ffffffffffffffda RBX: 00007f8cdd9b6080 RCX: 00007f8cdd78e929
[  569.034308][ T9748] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  569.042293][ T9748] RBP: 00007f8cde6bd090 R08: 0000000000000000 R09: 0000000000000000
[  569.050278][ T9748] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  569.058278][ T9748] R13: 0000000000000000 R14: 00007f8cdd9b6080 R15: 00007fff824bcdb8
[  569.066362][ T9748]  </TASK>
[  569.094144][ T9748] Kernel Offset: disabled
[  569.098544][ T9748] Rebooting in 86400 seconds..