last executing test programs:

1m8.00821137s ago: executing program 2 (id=223):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCETHTOOL(r0, 0x8946, &(0x7f0000000580)={'batadv0\x00', &(0x7f0000000240)=@ethtool_link_settings={0x4d, 0x0, 0xf, 0x4, 0x5, 0x3, 0xff, 0x4, 0x3, 0xfe, [0x9, 0x1b, 0x3, 0x0, 0x10000, 0x8, 0x5, 0x10]}}) (fail_nth: 2)

1m7.946773837s ago: executing program 2 (id=224):
r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='task\x00')
getdents64(r0, &(0x7f0000000000)=""/80, 0x50)
getdents(r0, &(0x7f0000000200)=""/251, 0xfb)
socket$nl_audit(0x10, 0x3, 0x9)
r1 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r1}, &(0x7f0000bbdffc)=<r2=>0x0)
timer_settime(r2, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
close(0xffffffffffffffff)
socketpair$unix(0x1, 0x2, 0x0, 0x0)
sendmsg$alg(0xffffffffffffffff, 0x0, 0x404c0c1)
pselect6(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
r3 = creat(&(0x7f0000000280)='./file0\x00', 0x5b3393367dc26357)
close(r3)
r4 = openat(0xffffffffffffff9c, &(0x7f0000000140)='./cgroup.cpu/cgroup.procs\x00', 0x101c02, 0x26)
write$cgroup_int(r4, &(0x7f00000002c0)=0xec10, 0x12)
connect$inet6(0xffffffffffffffff, 0x0, 0x0)
r5 = socket(0x18, 0x0, 0x2)
mount$9p_fd(0x0, &(0x7f00000001c0)='./file0\x00', &(0x7f0000000200), 0x0, &(0x7f0000000340)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r3, @ANYBLOB=',wfdno=', @ANYRESHEX=r5])
r6 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_TCP_MD5SIG(r6, 0x6, 0xe, &(0x7f0000000300)={@in={{0x2, 0x4e21, @rand_addr=0x64010101}}, 0x0, 0x0, 0x43, 0x0, "ee8b0e650926a96ecc136e7fb980e989db9e8bf9b93129488f651a8de213eb94cd46e19d9c65a018444a131f4da58ae36556dd38ea6c029607462029add09240005c6776267517308a3d40aa1c788df6"}, 0xd8)

1m6.677133453s ago: executing program 2 (id=230):
r0 = syz_open_dev$cec(&(0x7f0000000000), 0xffffffffffffffff, 0x0)
ioctl$CEC_ADAP_S_LOG_ADDRS(r0, 0xc05c6104, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(&(0x7f00000000c0), r1)
ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000080)={'wlan0\x00', <r2=>0x0})
sendmsg$NL80211_CMD_FRAME(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000000)=ANY=[@ANYRES32=0x0, @ANYRES16=0x0, @ANYRESOCT=r1, @ANYRES32=r2, @ANYRES32=r1], 0x3c}, 0x1, 0x0, 0x0, 0x4010}, 0x810)

1m6.594523962s ago: executing program 2 (id=232):
r0 = socket$kcm(0x2d, 0x2, 0x0)
mknod$loop(&(0x7f00000005c0)='./file0\x00', 0x2, 0x0)
utimes(&(0x7f0000001140)='./file0\x00', &(0x7f0000001200))
ioctl$sock_kcm_SIOCKCMCLONE(r0, 0x89e2, &(0x7f0000000340))
ioctl$sock_kcm_SIOCKCMCLONE(r0, 0x89e2, &(0x7f0000000240)={r0})
r1 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000040), 0x28200, 0x0)
r2 = socket(0x11, 0x3, 0xd)
accept4$unix(r2, 0x0, 0x0, 0x0)
r3 = openat$sysfs(0xffffffffffffff9c, &(0x7f00000002c0)='/sys/power/resume', 0x141a82, 0x0)
r4 = syz_init_net_socket$x25(0x9, 0x5, 0x0)
getsockopt$X25_QBITINCL(r4, 0x106, 0x1, 0x0, 0x0)
sendmsg$IPSET_CMD_TEST(r2, &(0x7f0000000100)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x40000000}, 0xc, &(0x7f00000000c0)={&(0x7f0000000380)={0x19c, 0xb, 0x6, 0x5, 0x0, 0x0, {0x2, 0x0, 0x4}, [@IPSET_ATTR_DATA={0xc, 0x7, 0x0, 0x1, [@IPSET_ATTR_TIMEOUT={0x8, 0x6, 0x1, 0x0, 0x7}]}, @IPSET_ATTR_ADT={0x58, 0x8, 0x0, 0x1, [{0x10, 0x7, 0x0, 0x1, @IPSET_ATTR_IP2_TO={0xc, 0x16, 0x0, 0x1, @IPSET_ATTR_IPADDR_IPV4={0x8, 0x1, 0x1, 0x0, @multicast2}}}, {0xc, 0x7, 0x0, 0x1, @IPSET_ATTR_COMMENT={0x5, 0x1a, '\x00'}}, {0x18, 0x7, 0x0, 0x1, @IPSET_ATTR_COMMENT={0x12, 0x1a, 'memory.events\x00'}}, {0x10, 0x7, 0x0, 0x1, @IPSET_ATTR_ETHER={0xa, 0x11, @random="beef992233e7"}}, {0x10, 0x7, 0x0, 0x1, @IPSET_ATTR_IP={0xc, 0x1, 0x0, 0x1, @IPSET_ATTR_IPADDR_IPV4={0x8, 0x1, 0x1, 0x0, @broadcast}}}]}, @IPSET_ATTR_DATA={0x1c, 0x7, 0x0, 0x1, [@IPSET_ATTR_SKBMARK={0xc, 0x1b, 0x1, 0x0, 0x3}, @IPSET_ATTR_NAMEREF={0x9, 0x13, 'syz2\x00'}]}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_ADT={0x68, 0x8, 0x0, 0x1, [{0x18, 0x7, 0x0, 0x1, @IPSET_ATTR_IFACE={0x14, 0x17, 'veth0_to_bridge\x00'}}, {0x10, 0x7, 0x0, 0x1, @IPSET_ATTR_IP_TO={0xc, 0x2, 0x0, 0x1, @IPSET_ATTR_IPADDR_IPV4={0x8, 0x1, 0x1, 0x0, @multicast2}}}, {0x18, 0x7, 0x0, 0x1, @IPSET_ATTR_IFACE={0x14, 0x17, 'veth1_macvtap\x00'}}, {0xc, 0x7, 0x0, 0x1, @IPSET_ATTR_SKBPRIO={0x8, 0x1c, 0x1, 0x0, 0xffffff01}}, {0xc, 0x7, 0x0, 0x1, @IPSET_ATTR_TIMEOUT={0x8, 0x6, 0x1, 0x0, 0xf9e4}}, {0xc, 0x7, 0x0, 0x1, @IPSET_ATTR_MARKMASK={0x8, 0xb, 0x1, 0x0, 0x9}}]}, @IPSET_ATTR_ADT={0x6c, 0x8, 0x0, 0x1, [{0x18, 0x7, 0x0, 0x1, @IPSET_ATTR_IFACE={0x14, 0x17, 'veth0_to_batadv\x00'}}, {0xc, 0x7, 0x0, 0x1, @IPSET_ATTR_MARK={0x8, 0xa, 0x1, 0x0, 0x696382cc}}, {0xc, 0x7, 0x0, 0x1, @IPSET_ATTR_TIMEOUT={0x8, 0x6, 0x1, 0x0, 0x3}}, {0x1c, 0x7, 0x0, 0x1, @IPSET_ATTR_IP={0x18, 0x1, 0x0, 0x1, @IPSET_ATTR_IPADDR_IPV6={0x14, 0x2, 0x1, 0x0, @dev={0xfe, 0x80, '\x00', 0x43}}}}, {0x10, 0x7, 0x0, 0x1, @IPSET_ATTR_NAMEREF={0x9, 0x13, 'syz2\x00'}}, {0xc, 0x7, 0x0, 0x1, @IPSET_ATTR_MARK={0x8, 0xa, 0x1, 0x0, 0x6}}]}, @IPSET_ATTR_DATA={0x20, 0x7, 0x0, 0x1, [@IPSET_ATTR_TIMEOUT={0x8, 0x6, 0x1, 0x0, 0x8}, @IPSET_ATTR_IFACE={0x14, 0x17, 'veth1\x00'}]}, @IPSET_ATTR_LINENO={0x8, 0x9, 0x1, 0x0, 0x1}]}, 0x19c}, 0x1, 0x0, 0x0, 0x4c004}, 0x4000)
sendfile(r3, r1, &(0x7f0000000000)=0x8, 0x264f)
r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x275a, 0x0)
write$cgroup_subtree(r5, &(0x7f0000000000)=ANY=[], 0x32600)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x2000001, 0x12, r5, 0x0)
socket$packet(0x11, 0x2, 0x300)
linkat(r3, &(0x7f0000000140)='./file0\x00', r3, &(0x7f0000000180)='\x00', 0x1000)
write$cgroup_int(r3, &(0x7f0000000040)=0x900, 0x12)

1m5.784108466s ago: executing program 2 (id=240):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = socket$inet6_sctp(0xa, 0x5, 0x84)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r1, 0x84, 0x9, &(0x7f0000000580)={0x0, @in={{0x2, 0x0, @empty}}, 0x0, 0x0, 0x3fc, 0x0, 0x32}, 0x9c)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r1, 0x84, 0x9, &(0x7f0000000000)={0x0, @in6={{0xa, 0x0, 0x0, @private2}}, 0x2ce, 0x800, 0x0, 0x4, 0x8a}, 0x9c)
bind$inet6(r1, &(0x7f00004b8fe4)={0xa, 0x4e23, 0xfffffffc, @loopback}, 0x1c)
sendto$inet6(r1, &(0x7f0000847fff)='X', 0x34000, 0x600, &(0x7f000005ffe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c)
r2 = syz_open_dev$sndpcmp(&(0x7f0000000000), 0x0, 0x0)
ioctl$SNDRV_PCM_IOCTL_FORWARD(r2, 0x81204101, 0xfffffffffffffffe)
r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
r4 = openat$mice(0xffffffffffffff9c, &(0x7f0000000100), 0x41)
write$UHID_CREATE2(r4, 0x0, 0x162)
readahead(r3, 0xf, 0x3)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
r6 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), r5)
sendmsg$NL80211_CMD_FRAME(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000000)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYRES16=r6, @ANYBLOB="010000000000000000003b00000008000300", @ANYRES32, @ANYBLOB="1f003300d0000000080211000001080211000000e78fde50505050505000"], 0x3c}, 0x1, 0x0, 0x0, 0x4010}, 0x10)

1m5.576039954s ago: executing program 2 (id=243):
r0 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
r1 = syz_pidfd_open(r0, 0x0)
process_madvise(r1, 0x0, 0x0, 0x0, 0x0)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r3, &(0x7f0000000000)={0x26, 'aead\x00', 0x0, 0x0, 'aegis128-generic\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r3, 0x117, 0x1, &(0x7f0000000140)="2c385aa3d49100dc6626c892b6bc436a", 0x10)
r4 = accept4(r3, 0x0, 0x0, 0x0)
sendmmsg$alg(r4, &(0x7f0000005440)=[{0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f0000000300)="837648860a5dfc82a052fd9702397eb415d9308a77b2db7e4cb8f4b16328bed8c1ed41e265eec88a50f8d2d90ead2e7fd342ab7e3a6f99504e07253b99e9f99d1cf2f87b3d28ead88c16f413a611c68ff4f2ad5361e11fe9895620b71f245e3e9fd8656e12e71e3670dd47325dee837c2209aef83c8d36f057744441a087249e9a52c22a4c0433e26b45d00ba5d2a0f57d7ea5fbd4a9a2422051ddc763c3455822f936adf00a0a81e1ebc5edbceb3e31a86dd02326", 0xb5}, {&(0x7f0000000700)="6645139124ac07ae1d7233b07a8a1b413ed9d61d0c82f4fed3d2388c54f85578f8e29131888e18d19a7e6680df3f253b792abaa4fc10da1a42127f4e88e9970cda075cbf4fec73d93e189d6f6cedf3eabd0473be669d30c8958e4e0da3e0187f68562ddd285eef44408eba3234482d0fc4dc2e3a172a2497a5311a3875f182f05bf46ab3", 0x84}, {&(0x7f00000000c0)="236802208aba5b29a4ddcd925b0675f499e57e20a5bd56e99bd9240706e114b0", 0x20}], 0x3, &(0x7f00000003c0)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18, 0x4800}], 0x1, 0x4004000)
recvmmsg(r4, &(0x7f0000000180)=[{{0x0, 0x0, &(0x7f0000000200)=[{&(0x7f0000000500)=""/217, 0xd9}, {&(0x7f0000000840)=""/127, 0x7f}, {&(0x7f0000000600)=""/134, 0x86}], 0x3}, 0x4}], 0x1, 0x60, 0x0)
syz_genetlink_get_family_id$nl80211(&(0x7f00000001c0), r2)
sendmsg$nl_generic(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000300)=ANY=[@ANYBLOB="18000000240001030000000000000000010000000400ae"], 0x18}}, 0x4044004)
recvmmsg(r2, &(0x7f0000000080)=[{{0x0, 0x0, 0x0}, 0x4008101}, {{0x0, 0x0, 0x0}, 0x10000}, {{0x0, 0x0, 0x0}, 0x1}, {{0x0, 0x0, &(0x7f00000016c0)=[{&(0x7f0000001740)=""/182, 0xb6}, {&(0x7f00000004c0)=""/262, 0x106}, {&(0x7f0000000040)=""/43, 0x2b}, {&(0x7f0000000440)=""/73, 0x49}, {&(0x7f0000000600)=""/4112, 0x1010}, {&(0x7f0000000340)=""/219, 0xdb}, {&(0x7f0000001640)=""/126, 0x7e}, {&(0x7f0000001a80)=""/4096, 0x1000}], 0x8}, 0x80000000}], 0x4, 0x0, 0x0)
r5 = syz_open_dev$usbfs(&(0x7f0000000000), 0x200, 0x102)
r6 = dup(r5)
ioctl$USBDEVFS_SUBMITURB(r6, 0x8038550a, &(0x7f0000000100)=@urb_type_control={0x2, {}, 0x0, 0x0, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x0, 0xffff}, 0x10007, 0x0, 0x0, 0x0, 0x0, 0x11, 0x0})
mknodat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x21c0, 0x103)
mount$pvfs2(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000100), 0x8000, &(0x7f0000000340)=ANY=[@ANYBLOB=',,u'])
r7 = socket$inet6_mptcp(0xa, 0x1, 0x106)
getsockopt$inet6_tcp_buf(r7, 0x6, 0xd, 0x0, 0x0)
openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/asound/seq/clients\x00', 0x0, 0x0)
r8 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000040), 0x29202, 0x0)
write(r8, &(0x7f0000000380)="fb196dec69a10b2284f761ca101022bcc68752cd2a4ddad8fb4427a23a27b90193ac13a4af86fe765f972d765daff264784bbd7bb9758824e951404b348375ddf05290d0ac0d1193da1090cae4ae32d841f14b4463125af7074084be37266ad8ffda263654000bec6327c11e0e3029907058c64629ad771d9b152fdcc2121b2a355ab2a4754e155e74e1a2618acc20f055d7f69bacaeebdecbcede36c675896677245097c7d87c727afc8890a6acabd6dc660bc389ef8379fb67212653aa766c1d6eca7c7b622835696a5e0ba4c04e7ac7263122337c3dc19d7974310bf43a8251cbc75ff3cffeab3d2e0e9d8e3edbd6bccb93185ab0f08af349c81512f0140643a55eb53a6cae06d378ecc95b7772f3b638d6f34b6ddc61e5014a16be5d7167800e5f992a71983d0698ace86ceb24f3f016bfb640c2833bf3bcba65c329d43e65351c89f9b8a392267438a8c10b0022546cdf39bdd0a57084c8d3a79e97bf75aa5409ff114febd2e48a59d118a4396ff5cee71b8d0b34e63343216281cb47a4a28b329de3104068ec02bd2e849a523c3b92c060dd023c3b9968c3329dd076db9c5f377b94168adc3a766b7f7f941cb4c6b507c77864c839770943f504a7f616b9e7c6b3dc2a81c617c0c6e6f5b0a6d0389ceb0da410e8562bdc5bb88de4a47810a21174488a4d3ef8dcba8a033ecd5f2361c8ba179ed58cf88c335433dfc0f0c1ed5716df27cb1823af02a2ca4f89754f3567b2f51b17f8ef04e8ce3e60e8c1d7773e98a4948f5bf5cee4b0732a78e67ab86a677b0d34cb3f852245e466f05618b844213fe8700cc6fc0b6813ba41a113b524709fb15ad68493da36443f83fc3cc25948dac9f32968e693e3b8c15386fdfd21344cec28e6170b2c94f8d2a6cd1c087297a18c82947e60b97e12742fc0ef6007ec136b3429ba2d4ef1b1fa77428fcc626c6eee96174c2a32a8e0cfa8b7cce8a39a8eef0d921cbf35a2a5ea6c1c8fedeb5bc783502b60392752262e38666f7f2eef6153471ddc469d89f911dadb2aeb40615cba6f5c37cd3ee584aed4f950063dbe223469190cd61281008ca4458373f98f9294115089801dda01deb69d56cdb0e10563a0c78045d6564c41bba6e31ab1e2141d5081624d108c8e8ddaafe7099a7114e2552dd46900f0a5aeaccab141175d377ab872f94d23b083c03cac21abd19ed2307264568e111d5927c08547716b5fdc4db72e4e715c35adb6333a3413b5a4b6b62bd82ab3fc52412929d4945c974ca5e42a2f7ec3f4987f1cc697e4dcbeb25a24c8755038c67da8e6b295f60ce900a5b6fd5a9ef3d50ffcb21ccbae6f05203d135f1bdf20d1d03fa044520cd6e7b5ea79c2f21c76914d47df5961ea77087967fc69836e819ba91d6ed2daf2a21c1100a1bb3320997422234b4d166eeb4c1d6498f508c4fbffdbb6fa8971598782d2d5ad10a38f785592151d406bfa8a3b72f35bcd895acc762182f7f56f851d808c0b872ab787472bcc07f311f442cf2755f3fd737b5ebe059d703306eb51f97de3fc62204d0a8ef4032e720dcf2c7afb2ffc0d07b1fe2da1568f44b0fd9979c2b1c69d4895145931dc6de29c0fbaae24607bf445a73237409b9595780bb173ab5938461120a70f64707cb90fa38dfec31259dab069b4a108d8ff7073de4f28fefe9acb318e725ca1d937e987c54b1b7c88b1ff8d82ee78291a4e80ae588d07b8dfe9303cc80172048992932642502d0a34a1135fd9fe480b891feead766a5d0ea906ea90e7e42800ae1d4c2ec23bf98e307c35ca76606e8b261c9a8ddde2d057bb0cfaaf4233f7a3e0ab5eb2565afc2210c2e33f2d63c51afb7d823acf58e6e602f544872dc3821f9c4fbb5e64eeb30de1df52a406fe25d024dde2cf3ce08230830f6359ab499ca38a4b442d56f28fb8a017657b2c241c10f490d3b7904325098ec40e5d90311b08a23446e107ca4a5ac7146764c9daeaaf7d1e288880296b91387ecb75a8f442c3cf29704460144ce5c03b8d74e689a7ff091e2883c1e4a45cfb8d124caab6d8518c983b1d958921c7d02e0d2f881d8379fa01f76ece37b67a59d6692ddcf34badd6d081bae36b43ab6e961409677bfdc445b3bb67ba9ee779af19cb42de9cf2e18ba6e6859152280f69cecf5fe120aaa5a894d0e125ce24fa33e77a90696a367d88d839663b4ce7f195ce6b158f6204c8e380f0b1be2c41b10d8984d55ba4f51262dbd6e3254660604efe5fc8f6ae5e2b3c0a219650060bc40d839b86c5a07247f36f2bf83d282ca0951b056c1ea748785984d5b686dd74618d4e28090ba47aaf2512d03eb21b7e97fdea9197b75da73d8b9a29b566254bd6654f3f1eec1006b7b671301dcb5051c18435f247d366fae034022f5c965a922fe2225bdb7e757daa2e7c2bf8b03be0d4590895c34bd8582ee1d04939b60e4bd28d6e77a243e14e60e6dc9e07297d5b17f54d1c105f1334e7436c498c6c57179ce4b5a835b076e06e41fec35ef4b962fad389c935f77fa5cae0fb19c4d5b9", 0x701)

50.381669615s ago: executing program 32 (id=243):
r0 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
r1 = syz_pidfd_open(r0, 0x0)
process_madvise(r1, 0x0, 0x0, 0x0, 0x0)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r3, &(0x7f0000000000)={0x26, 'aead\x00', 0x0, 0x0, 'aegis128-generic\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r3, 0x117, 0x1, &(0x7f0000000140)="2c385aa3d49100dc6626c892b6bc436a", 0x10)
r4 = accept4(r3, 0x0, 0x0, 0x0)
sendmmsg$alg(r4, &(0x7f0000005440)=[{0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f0000000300)="837648860a5dfc82a052fd9702397eb415d9308a77b2db7e4cb8f4b16328bed8c1ed41e265eec88a50f8d2d90ead2e7fd342ab7e3a6f99504e07253b99e9f99d1cf2f87b3d28ead88c16f413a611c68ff4f2ad5361e11fe9895620b71f245e3e9fd8656e12e71e3670dd47325dee837c2209aef83c8d36f057744441a087249e9a52c22a4c0433e26b45d00ba5d2a0f57d7ea5fbd4a9a2422051ddc763c3455822f936adf00a0a81e1ebc5edbceb3e31a86dd02326", 0xb5}, {&(0x7f0000000700)="6645139124ac07ae1d7233b07a8a1b413ed9d61d0c82f4fed3d2388c54f85578f8e29131888e18d19a7e6680df3f253b792abaa4fc10da1a42127f4e88e9970cda075cbf4fec73d93e189d6f6cedf3eabd0473be669d30c8958e4e0da3e0187f68562ddd285eef44408eba3234482d0fc4dc2e3a172a2497a5311a3875f182f05bf46ab3", 0x84}, {&(0x7f00000000c0)="236802208aba5b29a4ddcd925b0675f499e57e20a5bd56e99bd9240706e114b0", 0x20}], 0x3, &(0x7f00000003c0)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18, 0x4800}], 0x1, 0x4004000)
recvmmsg(r4, &(0x7f0000000180)=[{{0x0, 0x0, &(0x7f0000000200)=[{&(0x7f0000000500)=""/217, 0xd9}, {&(0x7f0000000840)=""/127, 0x7f}, {&(0x7f0000000600)=""/134, 0x86}], 0x3}, 0x4}], 0x1, 0x60, 0x0)
syz_genetlink_get_family_id$nl80211(&(0x7f00000001c0), r2)
sendmsg$nl_generic(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000300)=ANY=[@ANYBLOB="18000000240001030000000000000000010000000400ae"], 0x18}}, 0x4044004)
recvmmsg(r2, &(0x7f0000000080)=[{{0x0, 0x0, 0x0}, 0x4008101}, {{0x0, 0x0, 0x0}, 0x10000}, {{0x0, 0x0, 0x0}, 0x1}, {{0x0, 0x0, &(0x7f00000016c0)=[{&(0x7f0000001740)=""/182, 0xb6}, {&(0x7f00000004c0)=""/262, 0x106}, {&(0x7f0000000040)=""/43, 0x2b}, {&(0x7f0000000440)=""/73, 0x49}, {&(0x7f0000000600)=""/4112, 0x1010}, {&(0x7f0000000340)=""/219, 0xdb}, {&(0x7f0000001640)=""/126, 0x7e}, {&(0x7f0000001a80)=""/4096, 0x1000}], 0x8}, 0x80000000}], 0x4, 0x0, 0x0)
r5 = syz_open_dev$usbfs(&(0x7f0000000000), 0x200, 0x102)
r6 = dup(r5)
ioctl$USBDEVFS_SUBMITURB(r6, 0x8038550a, &(0x7f0000000100)=@urb_type_control={0x2, {}, 0x0, 0x0, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x0, 0xffff}, 0x10007, 0x0, 0x0, 0x0, 0x0, 0x11, 0x0})
mknodat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x21c0, 0x103)
mount$pvfs2(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000100), 0x8000, &(0x7f0000000340)=ANY=[@ANYBLOB=',,u'])
r7 = socket$inet6_mptcp(0xa, 0x1, 0x106)
getsockopt$inet6_tcp_buf(r7, 0x6, 0xd, 0x0, 0x0)
openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/asound/seq/clients\x00', 0x0, 0x0)
r8 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000040), 0x29202, 0x0)
write(r8, &(0x7f0000000380)="fb196dec69a10b2284f761ca101022bcc68752cd2a4ddad8fb4427a23a27b90193ac13a4af86fe765f972d765daff264784bbd7bb9758824e951404b348375ddf05290d0ac0d1193da1090cae4ae32d841f14b4463125af7074084be37266ad8ffda263654000bec6327c11e0e3029907058c64629ad771d9b152fdcc2121b2a355ab2a4754e155e74e1a2618acc20f055d7f69bacaeebdecbcede36c675896677245097c7d87c727afc8890a6acabd6dc660bc389ef8379fb67212653aa766c1d6eca7c7b622835696a5e0ba4c04e7ac7263122337c3dc19d7974310bf43a8251cbc75ff3cffeab3d2e0e9d8e3edbd6bccb93185ab0f08af349c81512f0140643a55eb53a6cae06d378ecc95b7772f3b638d6f34b6ddc61e5014a16be5d7167800e5f992a71983d0698ace86ceb24f3f016bfb640c2833bf3bcba65c329d43e65351c89f9b8a392267438a8c10b0022546cdf39bdd0a57084c8d3a79e97bf75aa5409ff114febd2e48a59d118a4396ff5cee71b8d0b34e63343216281cb47a4a28b329de3104068ec02bd2e849a523c3b92c060dd023c3b9968c3329dd076db9c5f377b94168adc3a766b7f7f941cb4c6b507c77864c839770943f504a7f616b9e7c6b3dc2a81c617c0c6e6f5b0a6d0389ceb0da410e8562bdc5bb88de4a47810a21174488a4d3ef8dcba8a033ecd5f2361c8ba179ed58cf88c335433dfc0f0c1ed5716df27cb1823af02a2ca4f89754f3567b2f51b17f8ef04e8ce3e60e8c1d7773e98a4948f5bf5cee4b0732a78e67ab86a677b0d34cb3f852245e466f05618b844213fe8700cc6fc0b6813ba41a113b524709fb15ad68493da36443f83fc3cc25948dac9f32968e693e3b8c15386fdfd21344cec28e6170b2c94f8d2a6cd1c087297a18c82947e60b97e12742fc0ef6007ec136b3429ba2d4ef1b1fa77428fcc626c6eee96174c2a32a8e0cfa8b7cce8a39a8eef0d921cbf35a2a5ea6c1c8fedeb5bc783502b60392752262e38666f7f2eef6153471ddc469d89f911dadb2aeb40615cba6f5c37cd3ee584aed4f950063dbe223469190cd61281008ca4458373f98f9294115089801dda01deb69d56cdb0e10563a0c78045d6564c41bba6e31ab1e2141d5081624d108c8e8ddaafe7099a7114e2552dd46900f0a5aeaccab141175d377ab872f94d23b083c03cac21abd19ed2307264568e111d5927c08547716b5fdc4db72e4e715c35adb6333a3413b5a4b6b62bd82ab3fc52412929d4945c974ca5e42a2f7ec3f4987f1cc697e4dcbeb25a24c8755038c67da8e6b295f60ce900a5b6fd5a9ef3d50ffcb21ccbae6f05203d135f1bdf20d1d03fa044520cd6e7b5ea79c2f21c76914d47df5961ea77087967fc69836e819ba91d6ed2daf2a21c1100a1bb3320997422234b4d166eeb4c1d6498f508c4fbffdbb6fa8971598782d2d5ad10a38f785592151d406bfa8a3b72f35bcd895acc762182f7f56f851d808c0b872ab787472bcc07f311f442cf2755f3fd737b5ebe059d703306eb51f97de3fc62204d0a8ef4032e720dcf2c7afb2ffc0d07b1fe2da1568f44b0fd9979c2b1c69d4895145931dc6de29c0fbaae24607bf445a73237409b9595780bb173ab5938461120a70f64707cb90fa38dfec31259dab069b4a108d8ff7073de4f28fefe9acb318e725ca1d937e987c54b1b7c88b1ff8d82ee78291a4e80ae588d07b8dfe9303cc80172048992932642502d0a34a1135fd9fe480b891feead766a5d0ea906ea90e7e42800ae1d4c2ec23bf98e307c35ca76606e8b261c9a8ddde2d057bb0cfaaf4233f7a3e0ab5eb2565afc2210c2e33f2d63c51afb7d823acf58e6e602f544872dc3821f9c4fbb5e64eeb30de1df52a406fe25d024dde2cf3ce08230830f6359ab499ca38a4b442d56f28fb8a017657b2c241c10f490d3b7904325098ec40e5d90311b08a23446e107ca4a5ac7146764c9daeaaf7d1e288880296b91387ecb75a8f442c3cf29704460144ce5c03b8d74e689a7ff091e2883c1e4a45cfb8d124caab6d8518c983b1d958921c7d02e0d2f881d8379fa01f76ece37b67a59d6692ddcf34badd6d081bae36b43ab6e961409677bfdc445b3bb67ba9ee779af19cb42de9cf2e18ba6e6859152280f69cecf5fe120aaa5a894d0e125ce24fa33e77a90696a367d88d839663b4ce7f195ce6b158f6204c8e380f0b1be2c41b10d8984d55ba4f51262dbd6e3254660604efe5fc8f6ae5e2b3c0a219650060bc40d839b86c5a07247f36f2bf83d282ca0951b056c1ea748785984d5b686dd74618d4e28090ba47aaf2512d03eb21b7e97fdea9197b75da73d8b9a29b566254bd6654f3f1eec1006b7b671301dcb5051c18435f247d366fae034022f5c965a922fe2225bdb7e757daa2e7c2bf8b03be0d4590895c34bd8582ee1d04939b60e4bd28d6e77a243e14e60e6dc9e07297d5b17f54d1c105f1334e7436c498c6c57179ce4b5a835b076e06e41fec35ef4b962fad389c935f77fa5cae0fb19c4d5b9", 0x701)

5.890844553s ago: executing program 4 (id=665):
r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000040), 0x28200, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x15)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
read(r0, &(0x7f0000000100)=""/159, 0xfffffe5a)
openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r1 = syz_open_procfs$pagemap(0x0, &(0x7f0000000000))
ioctl$PAGEMAP_SCAN(r1, 0xc0606610, &(0x7f0000000200)={0x60, 0x0, &(0x7f0000245000/0x2000)=nil, &(0x7f00004c7000/0x1000)=nil, 0x0, &(0x7f0000000180)=[{}], 0x1, 0x1bb, 0x0, 0x0, 0x0, 0x55})

5.376457759s ago: executing program 4 (id=669):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
openat$rnullb(0xffffffffffffff9c, &(0x7f0000000000), 0x8600, 0x0)
r1 = socket(0x2, 0x80805, 0x0)
getsockopt$inet_sctp_SCTP_GET_ASSOC_ID_LIST(r1, 0x84, 0x1d, &(0x7f0000000000)={0x1, [<r2=>0x0]}, &(0x7f0000000040)=0x8)
setsockopt$inet_sctp6_SCTP_ASSOCINFO(r1, 0x84, 0x1, &(0x7f0000000480)={r2, 0x101, 0x80, 0x9, 0x100, 0x1}, 0x14)
sendmsg$nl_generic(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000300)=ANY=[@ANYBLOB="18000000240001030000000000000000010000000400ae"], 0x18}, 0x1, 0x0, 0x0, 0x8001}, 0x4000)
r3 = syz_usb_connect(0x2, 0x36, &(0x7f00000005c0)={{0x12, 0x1, 0x0, 0x3a, 0x37, 0x5, 0x20, 0x781, 0x5, 0x5, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x10, 0x0, [{{0x9, 0x4, 0xe6, 0x2, 0x2, 0x5b, 0xbd, 0x97, 0x0, [], [{{0x9, 0x5, 0x2, 0x2, 0x200, 0x2}}, {{0x9, 0x5, 0x82, 0x2, 0x200}}]}}]}}]}}, 0x0)
syz_usb_control_io(r3, 0x0, 0x0)
syz_usb_control_io$printer(r3, 0x0, 0x0)
openat$ttyS3(0xffffffffffffff9c, 0x0, 0x4240, 0x0)
recvmmsg(r0, &(0x7f0000000c00)=[{{0x0, 0x0, 0x0}, 0xfd}, {{0x0, 0x0, 0x0}, 0x4}, {{0x0, 0x0, 0x0}, 0x4001}, {{0x0, 0x0, &(0x7f00000003c0)=[{&(0x7f0000000540)=""/192, 0xc0}, {&(0x7f0000000e80)=""/4067, 0xfe3}, {&(0x7f0000000940)=""/239, 0xef}, {&(0x7f0000000440)=""/126, 0x7e}, {&(0x7f0000000080)=""/238, 0xee}], 0x5}, 0x80000003}], 0x4, 0x10100, 0x0)
openat$misdntimer(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
r4 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_open_dev$video4linux(&(0x7f0000000000), 0x71, 0x0)
syz_genetlink_get_family_id$netlbl_mgmt(&(0x7f0000000040), r4)
ioctl$VIDIOC_TRY_DECODER_CMD(r5, 0xc0585605, &(0x7f0000000180)={0x0, 0x1, @raw_data=[0x0, 0x0, 0x1014, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x800000]})
r6 = syz_genetlink_get_family_id$nfc(&(0x7f0000000100), r4)
sendmsg$NFC_CMD_DEV_UP(r4, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=ANY=[@ANYBLOB="1400005f9cf10166", @ANYRES16=r6, @ANYBLOB="0100230100003402000002000000"], 0x14}, 0x1, 0x0, 0x0, 0x40000}, 0x0)
r7 = openat$rfkill(0xffffffffffffff9c, &(0x7f0000000040), 0x801, 0x0)
write$rfkill(r7, &(0x7f0000000080)={0x0, 0x0, 0x3, 0x1}, 0x8)
r8 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r9 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000540), r4)
ioctl$sock_SIOCGIFINDEX_802154(r8, 0x8933, &(0x7f0000000f40)={'wpan1\x00', <r10=>0x0})
sendmsg$NL802154_CMD_SET_CCA_MODE(r8, &(0x7f0000001000)={0x0, 0x0, &(0x7f0000000fc0)={&(0x7f0000000600)=ANY=[@ANYBLOB="1c0000005676c23bd6782559b8f01c648d210a251a3341a24284d24bc3d34eb91d4aec1be3bf0124c00efd096d44b5244cc083e6b962df5371339e317fe994b131e13d3a8dc94cdd564a6872b997bf429778912c12ea9630b15fcda9f1f0fea9ca126cbc1a3f413283adaf37dd1b5eec37360936bf80a952471bdbe94fdad3a5d0d187298000fe78c7e6a1944173a2d64f0901c27a0d18ecd4500cc470697ccbf3a7159a2bc1674faa824b8afc5f0ad8391917313d56cef2227df948b7de0018c1f0672de50dd71c007c73852ee0edd20146ec01eb03dbe7d89a4490199feaa1654f94cf1afdd852fc91b38c8bac5ce358caa9f17f00000000000000e87dc35bc1fc5b83987905eb83b76cc6f1804fd1d07b20a60f7a75fd52c98b991fe7ee8a9e72341d578aa7d52a164345df8f188d017a0ea2ca7b7895e9c89097d021eed9a25901c82a7e578a53cd2b0b2df3b0a354f9dba05d5e627b4a17923fc794eb649d91260f913ff2e43e9af5d1fd0e68768451fe013b90fca1bfe238451fee6e06c70a6438e6c95eaa087bbc6c1f82f7f830c658c415020f50d8ffbe21200a4b1cbdbbcd97037d36c993eb73de07039c", @ANYRES16=r9, @ANYBLOB="01002abd7000ffdbdf250d00000008000300", @ANYRES32=r10, @ANYBLOB], 0x1c}, 0x1, 0x0, 0x0, 0x889c}, 0x0)
syz_usb_connect(0x0, 0x36, &(0x7f0000000400)=ANY=[@ANYBLOB="120100006e383a10d00701415cec010203010902240001000000000904"], 0x0)
sendmsg$NL802154_CMD_NEW_SEC_DEVKEY(r4, &(0x7f00000004c0)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000480)={&(0x7f0000000200)={0x260, 0x0, 0x200, 0x70bd2c, 0x25dfdbfc, {}, [@NL802154_ATTR_IFINDEX={0x8}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x300000003}, @NL802154_ATTR_IFINDEX={0x8}, @NL802154_ATTR_IFINDEX={0x8, 0x3, r10}, @NL802154_ATTR_SEC_DEVKEY={0x12c, 0x2f, 0x0, 0x1, [@NL802154_DEVKEY_ATTR_ID={0x20, 0x3, 0x0, 0x1, [@NL802154_KEY_ID_ATTR_MODE={0x8, 0x1, 0x3}, @NL802154_KEY_ID_ATTR_SOURCE_EXTENDED={0xc, 0x5, 0x80000001}, @NL802154_KEY_ID_ATTR_MODE={0x8, 0x1, 0x1}]}, @NL802154_DEVKEY_ATTR_EXTENDED_ADDR={0xc}, @NL802154_DEVKEY_ATTR_FRAME_COUNTER={0x8, 0x1, 0x7fffffff}, @NL802154_DEVKEY_ATTR_FRAME_COUNTER={0x8, 0x1, 0x6}, @NL802154_DEVKEY_ATTR_ID={0xc, 0x3, 0x0, 0x1, [@NL802154_KEY_ID_ATTR_MODE={0x8, 0x1, 0x3}]}, @NL802154_DEVKEY_ATTR_ID={0x10, 0x3, 0x0, 0x1, [@NL802154_KEY_ID_ATTR_IMPLICIT={0xc, 0x3, 0x0, 0x1, [@NL802154_DEV_ADDR_ATTR_MODE={0x8}]}]}, @NL802154_DEVKEY_ATTR_ID={0xd0, 0x3, 0x0, 0x1, [@NL802154_KEY_ID_ATTR_SOURCE_SHORT={0x8, 0x4, 0x3}, @NL802154_KEY_ID_ATTR_IMPLICIT={0x34, 0x3, 0x0, 0x1, [@NL802154_DEV_ADDR_ATTR_MODE={0x8}, @NL802154_DEV_ADDR_ATTR_SHORT={0x6}, @NL802154_DEV_ADDR_ATTR_SHORT={0x6, 0x3, 0xaaa0}, @NL802154_DEV_ADDR_ATTR_PAN_ID={0x6}, @NL802154_DEV_ADDR_ATTR_PAN_ID={0x6, 0x1, 0x3}, @NL802154_DEV_ADDR_ATTR_SHORT={0x6}]}, @NL802154_KEY_ID_ATTR_MODE={0x8, 0x1, 0x1}, @NL802154_KEY_ID_ATTR_SOURCE_SHORT={0x8, 0x4, 0x5}, @NL802154_KEY_ID_ATTR_SOURCE_EXTENDED={0xc, 0x5, 0x1ff}, @NL802154_KEY_ID_ATTR_IMPLICIT={0x50, 0x3, 0x0, 0x1, [@NL802154_DEV_ADDR_ATTR_MODE={0x8}, @NL802154_DEV_ADDR_ATTR_EXTENDED={0xc, 0x4, {0xaaaaaaaaaaaa0102}}, @NL802154_DEV_ADDR_ATTR_SHORT={0x6, 0x3, 0xaaa0}, @NL802154_DEV_ADDR_ATTR_EXTENDED={0xc, 0x4, {0xaaaaaaaaaaaa0102}}, @NL802154_DEV_ADDR_ATTR_MODE={0x8, 0x2, 0x3}, @NL802154_DEV_ADDR_ATTR_SHORT={0x6, 0x3, 0xfffe}, @NL802154_DEV_ADDR_ATTR_MODE={0x8, 0x2, 0x3}, @NL802154_DEV_ADDR_ATTR_EXTENDED={0xc, 0x4, {0xaaaaaaaaaaaa0002}}]}, @NL802154_KEY_ID_ATTR_MODE={0x8}, @NL802154_KEY_ID_ATTR_SOURCE_SHORT={0x8, 0x4, 0x3}, @NL802154_KEY_ID_ATTR_SOURCE_SHORT={0x8, 0x4, 0x6}, @NL802154_KEY_ID_ATTR_SOURCE_EXTENDED={0xc, 0x5, 0x5}]}]}, @NL802154_ATTR_SEC_DEVKEY={0xbc, 0x2f, 0x0, 0x1, [@NL802154_DEVKEY_ATTR_FRAME_COUNTER={0x8, 0x1, 0x800}, @NL802154_DEVKEY_ATTR_FRAME_COUNTER={0x8, 0x1, 0x1}, @NL802154_DEVKEY_ATTR_FRAME_COUNTER={0x8}, @NL802154_DEVKEY_ATTR_ID={0x30, 0x3, 0x0, 0x1, [@NL802154_KEY_ID_ATTR_INDEX={0x5}, @NL802154_KEY_ID_ATTR_SOURCE_EXTENDED={0xc, 0x5, 0x790}, @NL802154_KEY_ID_ATTR_SOURCE_EXTENDED={0xc, 0x5, 0x9}, @NL802154_KEY_ID_ATTR_SOURCE_EXTENDED={0xc, 0x5, 0x7f}]}, @NL802154_DEVKEY_ATTR_ID={0x70, 0x3, 0x0, 0x1, [@NL802154_KEY_ID_ATTR_SOURCE_SHORT={0x8, 0x4, 0x10000}, @NL802154_KEY_ID_ATTR_MODE={0x8, 0x1, 0x3}, @NL802154_KEY_ID_ATTR_IMPLICIT={0x1c, 0x3, 0x0, 0x1, [@NL802154_DEV_ADDR_ATTR_PAN_ID={0x6, 0x1, 0xffff}, @NL802154_DEV_ADDR_ATTR_PAN_ID={0x6, 0x1, 0x3}, @NL802154_DEV_ADDR_ATTR_MODE={0x8, 0x2, 0x3}]}, @NL802154_KEY_ID_ATTR_IMPLICIT={0x18, 0x3, 0x0, 0x1, [@NL802154_DEV_ADDR_ATTR_PAN_ID={0x6, 0x1, 0xfffe}, @NL802154_DEV_ADDR_ATTR_EXTENDED={0xc, 0x4, {0xaaaaaaaaaaaa0202}}]}, @NL802154_KEY_ID_ATTR_IMPLICIT={0x18, 0x3, 0x0, 0x1, [@NL802154_DEV_ADDR_ATTR_EXTENDED={0xc, 0x4, {0xaaaaaaaaaaaa0102}}, @NL802154_DEV_ADDR_ATTR_PAN_ID={0x6}]}, @NL802154_KEY_ID_ATTR_SOURCE_SHORT={0x8, 0x4, 0xffff}, @NL802154_KEY_ID_ATTR_SOURCE_SHORT={0x8, 0x4, 0x1e}]}]}, @NL802154_ATTR_SEC_DEVKEY={0x40, 0x2f, 0x0, 0x1, [@NL802154_DEVKEY_ATTR_ID={0x3c, 0x3, 0x0, 0x1, [@NL802154_KEY_ID_ATTR_SOURCE_SHORT={0x8, 0x4, 0x59d}, @NL802154_KEY_ID_ATTR_MODE={0x8}, @NL802154_KEY_ID_ATTR_SOURCE_EXTENDED={0xc, 0x5, 0x429}, @NL802154_KEY_ID_ATTR_SOURCE_EXTENDED={0xc, 0x5, 0x10}, @NL802154_KEY_ID_ATTR_INDEX={0x5, 0x2, 0x2}, @NL802154_KEY_ID_ATTR_SOURCE_SHORT={0x8, 0x4, 0x8001}]}]}]}, 0x260}}, 0x0)
r11 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$netlbl_mgmt(&(0x7f0000000080), r11)

3.163389773s ago: executing program 0 (id=684):
r0 = syz_open_dev$usbfs(&(0x7f0000000c00), 0x71, 0x2081)
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0)
mount(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000040)='sysfs\x00', 0x0, 0x0)
mkdir(&(0x7f0000000300)='./bus\x00', 0x0)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000340)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]})
chdir(&(0x7f00000000c0)='./bus\x00')
chdir(&(0x7f00000000c0)='./bus\x00')
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x275a, 0x0)
ioctl$USBDEVFS_CONTROL(r0, 0xc0185500, &(0x7f0000000340)={0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0})
modify_ldt$read(0x0, &(0x7f0000000840)=""/4096, 0x1000)
r1 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/keys\x00', 0x0, 0x0)
r2 = socket$inet6(0xa, 0x802, 0x88)
setsockopt$inet6_udp_int(r2, 0x11, 0x100000000a, &(0x7f00000003c0)=0x800000001, 0x4)
sendto$inet6(r2, 0x0, 0x0, 0x4040844, &(0x7f0000000180)={0xa, 0xe25, 0xffffff1e, @remote}, 0x1c)
r3 = socket$tipc(0x1e, 0x5, 0x0)
getpeername$tipc(r3, 0x0, 0x0)
read$FUSE(r1, &(0x7f0000008480)={0x2020}, 0x2020)
read$FUSE(r1, &(0x7f000000bd80)={0x2020}, 0x2020)
getdents64(r1, &(0x7f0000000040)=""/222, 0xde)
r4 = socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$IPT_SO_SET_ADD_COUNTERS(r4, 0x0, 0x41, &(0x7f0000000140)=ANY=[@ANYBLOB="73656375726974790000000000000000000000000000000000000000040000000000000098000000"], 0x28)
close_range(r2, r4, 0x0)

3.032765014s ago: executing program 1 (id=686):
r0 = socket$l2tp6(0xa, 0x2, 0x73)
r1 = socket$inet6(0xa, 0x2, 0x0)
setsockopt$sock_int(r1, 0x1, 0xf, &(0x7f0000000000)=0x6, 0xa)
bind$inet6(r1, &(0x7f0000f67fe4)={0xa, 0x4e20, 0x0, @ipv4={'\x00', '\xff\xff', @multicast2}}, 0x1c)
r2 = socket$inet6(0xa, 0x2, 0x0)
r3 = socket(0xa, 0x3, 0x3a)
ioctl$SIOCSIFMTU(r3, 0x8922, &(0x7f0000000000)={'veth0_vlan\x00', 0x200})
bind$inet6(r2, &(0x7f0000000040)={0xa, 0x4e20, 0x0, @remote}, 0x1c)
getsockopt$IP6T_SO_GET_ENTRIES(r0, 0x29, 0x41, 0x0, &(0x7f0000000140))

2.936516317s ago: executing program 0 (id=687):
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
syz_usb_connect(0x0, 0x2d, &(0x7f0000000080)=ANY=[@ANYBLOB="12010000183b9220b113420016580102030109021b00010000000009040000012e459e000905", @ANYRESDEC], 0x0)
prctl$PR_SVE_SET_VL(0x32, 0x25ce1)
shmctl$SHM_STAT_ANY(0x0, 0x20, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$devlink(&(0x7f0000002340), 0xffffffffffffffff)
sendmsg$DEVLINK_CMD_PORT_UNSPLIT(r1, &(0x7f0000002480)={0x0, 0x0, &(0x7f0000002440)={&(0x7f0000002380)={0x3c, r2, 0x1, 0x70bd2d, 0x25dfdbfe, {}, [{{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0x3, 0x1}}}]}, 0x3c}, 0x1, 0x0, 0x0, 0x20000041}, 0x0)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000580), 0xffffffffffffffff)
r5 = socket$inet6_sctp(0xa, 0x1, 0x84)
getsockopt$inet_sctp6_SCTP_GET_PEER_ADDR_INFO(r5, 0x84, 0xf, 0x0, &(0x7f0000000140))
sendmsg$ETHTOOL_MSG_LINKMODES_SET(r3, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000300)=ANY=[@ANYBLOB='D\x00\x00\x00', @ANYRES16=r4, @ANYBLOB="0100feffffff0000000005000000180001801400020073797a5f74756e0000000000000000001800038014000380"], 0x44}}, 0x0)
r6 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0xa0000, 0x0)
r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0)
r8 = ioctl$KVM_CREATE_VCPU(r7, 0xae41, 0x0)
r9 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_DELETE(r9, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000080)={0x24, 0x2, 0x1, 0x101, 0x0, 0x0, {0x5, 0x0, 0x8}, [@CTA_MARK={0x8, 0x8, 0x1, 0x0, 0x4}, @CTA_ZONE={0x6, 0x12, 0x1, 0x0, 0x2}]}, 0x24}, 0x1, 0x0, 0x0, 0x1}, 0x800)
syz_80211_inject_frame(&(0x7f0000000200)=@device_b, &(0x7f00000002c0)=@ctrl_frame=@pspoll={{}, @random=0x4, @initial, @device_b}, 0x10)
ioctl$KVM_CAP_ENFORCE_PV_FEATURE_CPUID(r8, 0x4068aea3, &(0x7f0000000000)={0xbe, 0x0, 0x1})
r10 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000000), 0x101041)
syz_80211_inject_frame(&(0x7f0000000340)=@broadcast, &(0x7f00000005c0)=ANY=[@ANYBLOB="98330500ffffffffffffffffffffffff0802110000016100ffffffffffff08000490e23900555943c84e90aefbb8f9e2561c30fd510fac0a9728ac2ec8552b30a8bed9cdbc4339ad701f12f8bf07b04277ec81c661f5c9741a9d689a17e421669b2fb0a2e731adcac435378f6c4c5adfcd67f730cd722d9537b4b02311c8eaf975d3e3da6f8da9965c3df26daedd26f256cfa8a8e17d9be61013587029c4eb840def8e2228c71de748f6a786231efba352934b60bce1f59539db0b943f92fa00d9bf498b839db9a875412a98a4406d399c002d04024fc74e9533d42b9f71ffee475a9af069d537045179baf6222893ad121838493f449d1db038071a1dd63fb8bf94a3d133a67200342c19aa6f43542a398540c25cc9eb3612df07330fcebbc7c77a13853275121595daeb2ad3b53ca0b6d54bed601eb051d18208a49758e56e0c8d22fbe0fe7638347f82d9e6394244ffdd7994817c5077ffa1118a6fe980fc4e1b163252ffbdc0988298d3352b2226f59ea4baef11626cff46ae08eeb0c6ad9396df5d84526afc8040133a31bd07b58d5bcca1b6e055d3b68bd686df18244ad8eb18c41c0b985487e546322ccdbed0b67401d6f62c44e99d0a494148bdf12292c30980acd230af8fc7938ce8ab770b48062e05b04b4d905ce281351575ffe868c50c6c2991616a8d050744eaf6c8d5da006e1d3a6fdf88057a7b93f3710fe42bcb75802c33a36c2fdd6896e00500bf6692e6129a1edea6c31d01e373c17dc66d31a7abbb317f22bfa2094ef7c71c084f720104a067800ca57bfcb74def704f622a3b4b7dfb643c51c94bc16b24cb626bdc895c44c4757dde88b8c71004440d9605efe1cc38dd6198e2da4d163b0f608c6ce783df4e22fd38ab19703e897c27b7d8d8a41048552aba90f5aac0e7931dc9c393316c315d01252c6fdc905cedb074672888e5ef8dc5f3c884968d8f5b9c365ab179b9e680b2f1f0805e164e3459ff6717e908a3f6091fd499b68da39dbe898af4d7f2da6868643feaa454d3a4edde2be19d925ae1aacd4e4f2f133b6756b8116eeeeac477727de5753109d57ad6c5692397e55757277ead009fb2ef146278762b326221c9dd473b72a828da06da7faf1e69b054c654e8edb6a524e1fb19c79a36a9fb837f145693cea8bff7b66363e9626bdad76cd28560721edfe09d83689b737b8f1b18157558ed6997abdd8bf60eaebd03b6c4aaa9f733270a642f7e92d7c84baab86ff041a015ea1cd103d6daa0f219f8f264b8d823d6ed267b2932fc02c539c2c09927adc3358c03a5569fabecbe7330e36a9181a8065516d2a0ed8deefba90535678d670552f3800d8ca9b74d8c047977a6183489c3b58a397429f8a32206fb6a0ff650cedd88675351305469e779295cd7e9a978791c625c893248abcd977ee72e9836a4d42e4838853f41d0d58bfa8218ff57c417a2ffc7a5314bc74019c32a41f531c8ee495ca311a72681f7d80593d158a4dac85a53a0e64ee1aeb5ceb5fee422366a23cb1a24c963dfd4075f3a5dee0c195ed8b89f88cd9164d2079ddbb960714c00f3668feec5c84ede1ba0ae338748f2ddefcd6e976a431ddc2149dbe25c87c8abdaa7e9882b9cb03982847d29da2e934aef0cb238da5248dca4928178fe0a34d4da24dc97ca8c5d384d423527fdebf1f984a0b1cf08c17b34490238a661481a396f165a5adf37f37ccfc7e2e397ff6f4252692f8f6e19159fd06c539b75dfc34efa023e06602b01d147324f5095ca8645799d6ffa711bf3e89a54ab875efc1618540979500cfe997133b2870bad2161ba3a61bea3d4bc9af34a8e717a3509f0d7232ef03321a49962b048bcb93461cacb7f7becfa619b311b58eab36efb35978f7f1c2ef88ec47ac24c472997a8b271869a3707827a81744dc2f223b2cf6cf18f8fe18e195e92fa8769edf433e1de1f4c9fa555a4513d3f7a107dc17710cf84658518a87472eaf33b46d19ea23645757e51ff89e4a2f237e6e27d07fc3e30c261f3af04689c3d3cab487f6aed4a836aa6f3ba04791a3227d0b4dd5e4d3c7344de621b4b8e5afed02af24cb8fc500b404e617a7a89d9720ebbc87a7f51d3d8a0842c6f3a336649b907b8c85fb7534d029a3b207d68395d2ec60a0af3e978438ebcd17d43c6991c07b25cca381519dfa41c6e6adc193d99ec941b38e8ee991426b4aebb6f4a4c8b0926f7c30618926a93b38dad68655d1a48bb69abb2ccb0842fa753e6cf3e2ab604199482468a57a4ad11abe179b72ad66f475aca2f572fde5645b5e26f8cc1bb5249d8bc753cb1273009318fa9344ba9593aa12d17362813a70d96fc49664b78bf3753161093cfb4aa4cbfd8b98ec35399"], 0x691)
write$sndseq(r10, &(0x7f00000000c0)=[{0x41, 0x0, 0x0, 0xfd, @time, {}, {0xf}, @raw32={[0x4]}}], 0x1c)
r11 = syz_genetlink_get_family_id$netlbl_unlabel(&(0x7f00000001c0), r0)
sendmsg$NLBL_UNLABEL_C_STATICREMOVEDEF(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000280)=ANY=[@ANYRESHEX=r0, @ANYRES16=r11, @ANYBLOB="014000000000000000000674"], 0x78}, 0x1, 0xffffffff00000003}, 0x4000010)
r12 = syz_genetlink_get_family_id$netlbl_unlabel(&(0x7f00000000c0), r0)
sendmsg$NLBL_UNLABEL_C_STATICADD(r0, &(0x7f0000000240)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x8}, 0xc, &(0x7f0000000180)={&(0x7f0000000100)=ANY=[@ANYBLOB='D\x00\x00\x00', @ANYRES16=r12, @ANYBLOB="00042cbd7000dbdbdf25030000002e0073797374656d5f753a6f626a6563745f723a6e65746c6162656cdf6d676d1000000000e0ff003a73300000000000"], 0x44}}, 0x40000)
r13 = syz_genetlink_get_family_id$nl80211(&(0x7f00000003c0), r8)
sendmsg$NL80211_CMD_CHANGE_NAN_CONFIG(r3, &(0x7f00000004c0)={&(0x7f0000000380)={0x10, 0x0, 0x0, 0x40840a0}, 0xc, &(0x7f0000000480)={&(0x7f0000000400)={0x58, r13, 0x20, 0x70bd26, 0x25dfdbfd, {{}, {@void, @val={0xc, 0x99, {0x2e, 0x37}}}}, [@NL80211_ATTR_NAN_MASTER_PREF={0x5, 0xee, 0x8}, @NL80211_ATTR_NAN_MASTER_PREF={0x5, 0xee, 0x9}, @NL80211_ATTR_BANDS={0x8, 0xef, 0xc}, @NL80211_ATTR_NAN_MASTER_PREF={0x5, 0xee, 0xb4}, @NL80211_ATTR_BANDS={0x8}, @NL80211_ATTR_NAN_MASTER_PREF={0x5, 0xee, 0xba}, @NL80211_ATTR_BANDS={0x8, 0xef, 0x9}]}, 0x58}, 0x1, 0x0, 0x0, 0x4000}, 0x0)

2.788884357s ago: executing program 1 (id=689):
r0 = socket$qrtr(0x2a, 0x2, 0x0)
ioctl$sock_qrtr_TIOCOUTQ(r0, 0x8916, &(0x7f0000000200))

2.658958459s ago: executing program 1 (id=690):
openat$rnullb(0xffffffffffffff9c, &(0x7f0000000040), 0x28200, 0x0)
r0 = dup(0xffffffffffffffff)
r1 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000040), 0x8000, 0x0)
sendto$l2tp6(0xffffffffffffffff, 0x0, 0x0, 0x24080010, &(0x7f0000000040)={0xa, 0x0, 0xfffffff5, @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, 0x94, 0xa}, 0x20)
ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000040)={'wlan0\x00'})
r2 = syz_init_net_socket$netrom(0x6, 0x5, 0x0)
ioctl(r2, 0x8b0f, &(0x7f0000000040))
r3 = syz_open_dev$ndb(&(0x7f0000000000), 0x0, 0x0)
ioctl$NBD_SET_SIZE(r3, 0xab02, 0xffffff00)
ioctl$IOMMU_IOAS_ALLOC(r0, 0x3b81, &(0x7f0000000000)={0xc, 0x0, <r4=>0x0})
pselect6(0x40, &(0x7f00000000c0)={0x1, 0x9, 0x8, 0x8000000000000001, 0x1, 0x80000001, 0x4, 0x5}, &(0x7f0000000200)={0x9, 0x80, 0x9, 0x80000000, 0x7, 0x4, 0x5, 0x4}, &(0x7f0000000240)={0x8000, 0x26dd, 0x400, 0x5, 0x3, 0xffffffff00000, 0x8}, &(0x7f0000000280)={0x0, 0x3938700}, &(0x7f0000000300)={&(0x7f00000002c0)={[0x6]}, 0x8})
r5 = gettid()
ioctl$TUNDETACHFILTER(r0, 0x401054d6, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={<r6=>0xffffffffffffffff, <r7=>0xffffffffffffffff})
ppoll(0x0, 0x0, 0x0, &(0x7f0000000080), 0x8)
ioctl$int_in(r6, 0x5452, &(0x7f0000000180)=0xffffffffffffffff)
fcntl$setsig(r6, 0xa, 0x12)
ppoll(&(0x7f0000000100)=[{r7}], 0x1, 0x0, 0x0, 0x0)
dup2(r6, r7)
fcntl$setown(r7, 0x8, r5)
tkill(r5, 0x13)
mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x1000002, 0x200000005c831, 0xffffffffffffffff, 0x0)
ioctl$IOMMU_TEST_OP_ADD_RESERVED(r1, 0x3ba0, &(0x7f0000000440)={0x48, 0x1, r4, 0x0, 0x97, 0x8000000})
ioctl$IOMMU_IOAS_MAP$PAGES(r1, 0x3b85, &(0x7f0000000500)={0x28, 0x6, r4, 0x0, &(0x7f0000800000/0x800000)=nil, 0x800000, 0x80000001})
ioctl$IOMMU_TEST_OP_MOCK_DOMAIN_FLAGS(r1, 0x3ba0, &(0x7f0000000180)={0x48, 0x2, r4})

1.586820473s ago: executing program 1 (id=694):
r0 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0)
ioctl$int_in(r0, 0x40000000af01, 0x0)
ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f0000000200)={0x1, 0x1, 0x0, &(0x7f0000000740)=""/51, 0x0})
r1 = socket$packet(0x11, 0x3, 0x300)
ioctl$VHOST_SET_MEM_TABLE(r0, 0x4008af03, &(0x7f0000000340))
r2 = dup(r1)
ioctl$VHOST_NET_SET_BACKEND(r2, 0x4008af30, &(0x7f0000000000)={0x1, r2})
ioctl$VHOST_NET_SET_BACKEND(r0, 0x4008af30, &(0x7f00000003c0)={0x1})
r3 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000040), 0x28200, 0x0)
read(r3, &(0x7f0000000100)=""/159, 0xfffffe5a)
r4 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000040), 0x16d102, 0x0)
r5 = syz_open_dev$vim2m(&(0x7f00000002c0), 0x2000000f5, 0x2)
r6 = syz_open_dev$tty20(0xc, 0x4, 0x1)
ioctl$TCSETSW(r6, 0x5403, &(0x7f0000000040)={0x3d17, 0x3, 0xcb, 0x8, 0x19, "7e12105588e833bbb1df022dace17a32d211ee"})
ioctl$TIOCSTI(r6, 0x5412, &(0x7f0000000000)=0xd)
ioctl$vim2m_VIDIOC_S_CTRL(r5, 0xc008561c, &(0x7f0000000400)={0xf0f002, 0x5})
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000006, 0x13, r4, 0x0)
mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x3, 0x20000000ec071, 0xffffffffffffffff, 0x1000000000000000)

1.039606727s ago: executing program 3 (id=696):
socket(0x28, 0x2, 0x0)

987.724717ms ago: executing program 4 (id=697):
r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000040), 0x28200, 0x0)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f00000001c0), 0xa2f01, 0x0)
ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x6bf1c2d5adba8c32})
r2 = socket$kcm(0x2, 0xa, 0x2)
ioctl$SIOCSIFHWADDR(r2, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local})
write$tun(r1, &(0x7f0000000000)=ANY=[@ANYBLOB="0a000000bbbbbbbbbbbbaaaaaaaaaabb86dd6d"], 0x4a)
r3 = socket$inet6_sctp(0xa, 0x801, 0x84)
sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000600)={0x0, 0x0, &(0x7f0000000240)=[{&(0x7f0000000140)='.', 0x1}], 0x1}, 0x0)
r4 = socket$inet6_sctp(0xa, 0x801, 0x84)
r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x275a, 0x0)
write$cgroup_subtree(r5, &(0x7f0000000080)=ANY=[], 0x10448)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x2000001, 0x12, r5, 0x0)
getsockopt$bt_hci(r4, 0x84, 0x1, &(0x7f0000001280)=""/4107, &(0x7f00000000c0)=0x100b)
sendto$inet6(r3, &(0x7f00000002c0)="96341c4277392d11c9c2477e38bcad950dba842b91425e936785a8ab779bff070751f0f380d48d5889173f1b25b81685306904a92aabd74a48b09cd8c1ac10cbd14eff43b1b83c25da1112b906df6c9575a6bfd0d6ff98f4cce83835e697db0172682f62e4f1efc41b53c878bcc7bcd9d5ce28aa73e35a4a878c808e87e0a8ae05e26a3f2ece3a7e651ed1c383988c1b047adbecd1ce0def38bfb0067312484fa0f2f4", 0xa3, 0x0, &(0x7f0000000280)={0xa, 0x4e22, 0x0, @empty, 0x8}, 0x1c)
setsockopt$inet_sctp6_SCTP_AUTO_ASCONF(r3, 0x84, 0x1e, &(0x7f0000000180)=0x2, 0x4)
mmap(&(0x7f0000787000/0x4000)=nil, 0x4000, 0xb, 0x202812, r0, 0x7dfff000)

934.359932ms ago: executing program 3 (id=698):
ioctl$sock_qrtr_TIOCOUTQ(0xffffffffffffffff, 0x8916, &(0x7f0000000200))

823.680978ms ago: executing program 3 (id=699):
r0 = socket$inet6_udplite(0xa, 0x2, 0x88)
syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r1 = syz_open_procfs(0x0, &(0x7f00000001c0)='fd/3\x00')
r2 = epoll_create1(0x0)
epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, r1, &(0x7f0000000040))
epoll_ctl$EPOLL_CTL_MOD(r2, 0x3, r1, &(0x7f0000000c40))
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r3, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000440)={{0x14}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x101, 0x0, 0x0, {0x7}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWSET={0x54, 0x9, 0xa, 0x401, 0x0, 0x0, {0x7, 0x0, 0x3}, [@NFTA_SET_ID={0x8}, @NFTA_SET_NAME={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_SET_KEY_LEN={0x8, 0x5, 0x1, 0x0, 0xc}, @NFTA_SET_FLAGS={0x8, 0x3, 0x1, 0x0, 0x8}, @NFTA_SET_DATA_LEN={0x8, 0x7, 0x1, 0x0, 0x31}, @NFTA_SET_DATA_TYPE={0x8}]}, @NFT_MSG_NEWSETELEM={0x30, 0xc, 0xa, 0x101, 0x0, 0x0, {0x7}, [@NFTA_SET_ELEM_LIST_SET={0x9, 0x2, 'syz2\x00'}, @NFTA_SET_ELEM_LIST_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_SET_ELEM_LIST_ELEMENTS={0x4}]}], {0x14, 0x10, 0x1, 0x0, 0x0, {0x0, 0x84}}}, 0xcc}}, 0x0)
getsockopt$inet6_udp_int(r0, 0x11, 0x64, 0x0, &(0x7f0000000080))

805.488052ms ago: executing program 0 (id=700):
r0 = socket(0x29, 0x0, 0xaf)
r1 = syz_open_dev$cec(&(0x7f0000002340), 0x0, 0x0)
ioctl$CEC_S_MODE(r1, 0x40046109, &(0x7f0000000100)=0x401)
r2 = syz_genetlink_get_family_id$batadv(&(0x7f0000000040), r0)
r3 = socket$packet(0x11, 0x3, 0x300)
r4 = syz_open_dev$char_usb(0xc, 0xb4, 0x1c0a)
close_range(r4, r0, 0x0)
socketpair(0x1, 0x100000005, 0x0, &(0x7f0000000000)={<r5=>0xffffffffffffffff})
getpeername$packet(r5, &(0x7f0000000000)={0x11, 0x0, <r6=>0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000040)=0x14)
sendmmsg(r3, &(0x7f0000000440)=[{{&(0x7f0000000700)=@xdp={0x2c, 0x0, r6}, 0x80, &(0x7f00000004c0)=[{&(0x7f0000000180)='O', 0x36}], 0x1}}], 0x1, 0x0)
sendmsg$BATADV_CMD_GET_NEIGHBORS(r0, &(0x7f0000000100)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x2}, 0xc, &(0x7f00000000c0)={&(0x7f0000000080)={0x24, r2, 0x8, 0x70bd2b, 0x25dfdbfc, {}, [@BATADV_ATTR_HARD_IFINDEX={0x8, 0x6, r6}, @BATADV_ATTR_HOP_PENALTY={0x5, 0x35, 0x6}]}, 0x24}, 0x1, 0x0, 0x0, 0x24040004}, 0x24048880)

781.058184ms ago: executing program 1 (id=701):
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='blkio.bfq.avg_queue_size\x00', 0x275a, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x28011, r0, 0x0)
migrate_pages(0x0, 0x4, &(0x7f00000002c0)=0x7f, 0x0)
r1 = syz_open_dev$tty1(0xc, 0x4, 0x1)
ioctl$KDFONTOP_GET(r1, 0x4b3a, &(0x7f0000000000)={0x1, 0x0, 0x0, 0x0, 0x0, 0x0})
r2 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000040), 0x28200, 0x0)
read(r2, &(0x7f0000000100)=""/159, 0xfffffe5a)
ioctl$BLKOPENZONE(r2, 0x40101286, 0x0)
r3 = openat$mice(0xffffffffffffff9c, 0x0, 0x80082)
write$FUSE_CREATE_OPEN(r3, &(0x7f0000000300)={0xa0, 0xfffffffffffffffe, 0x0, {{0x2, 0x2, 0x2, 0x6bf, 0x8, 0x1, {0x6, 0x2, 0x100000001, 0x0, 0x6, 0x1, 0x101, 0x7, 0xe, 0xb000, 0x7, 0x0, 0x0, 0x1, 0x3}}, {0x0, 0x1c}}}, 0xa0)
r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000380), 0x0, 0x0)
r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
mmap(&(0x7f0000001000/0xc00000)=nil, 0xc00000, 0x0, 0x3032, 0xffffffffffffffff, 0x0)
r6 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000040), 0xffffffffffffffff)
r7 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$IPVS_CMD_NEW_SERVICE(r7, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000005c0)={&(0x7f0000000080)={0x14, r6, 0x1}, 0x14}}, 0x0)
r8 = ioctl$KVM_CREATE_VCPU(r5, 0xaece, 0x2)
preadv(r8, &(0x7f00000000c0)=[{&(0x7f00000031c0)=""/166, 0xa6}], 0x1, 0x43a, 0x0)
r9 = openat$nullb(0xffffffffffffff9c, &(0x7f0000001000), 0x169802, 0x0)
r10 = dup(r9)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000006, 0x13, r10, 0x0)
ioctl$BLKRRPART(r10, 0x125f, 0x0)
syz_usb_connect$hid(0x0, 0x3f, &(0x7f0000000080)={{0x12, 0x1, 0x300, 0x0, 0x0, 0x0, 0x10, 0x403, 0x97c1, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x2d, 0x1, 0x1, 0x17, 0x40, 0x8, [{{0x9, 0x4, 0x0, 0xb, 0x1, 0x3, 0x1, 0x3, 0x8, {0x9, 0x21, 0x8, 0x2, 0x1, {0x22, 0x36a}}, {{{0x9, 0x5, 0x81, 0x3, 0x8, 0x6, 0x2}}, [{{0x9, 0x5, 0x2, 0x3, 0x20, 0x0, 0x7, 0x7}}]}}}]}}]}}, &(0x7f00000005c0)={0xa, &(0x7f00000000c0)={0xa, 0x6, 0x110, 0x8, 0xf, 0x3, 0x10, 0x9}, 0x1a, &(0x7f00000001c0)={0x5, 0xf, 0x1a, 0x3, [@ext_cap={0x7, 0x10, 0x2, 0xa, 0x4, 0x0, 0x9}, @ext_cap={0x7, 0x10, 0x2, 0x8, 0x0, 0xd}, @ext_cap={0x7, 0x10, 0x2, 0xa, 0x4, 0xa}]}, 0x6, [{0x95, &(0x7f0000000640)=ANY=[@ANYBLOB="9503ec8f33b8745c150b74b5bb6a397881581b085b00245d60d35338698f0cdd528597b9865e348b91494e8b0f4e4d4bef0acb0781a7e5c1cb06598ad3372090bdff8511896b05d203a56b991ec7219ff4ac0caa3a0dba74bf9bc3b73fda4d29b865724683587b615d1dd6a3c699845b9e2d0f2627c7874e2621e75cfb05bfcfc49ffc84166be1292c7b790d7cce7a2b3700822c0bd4352b9e5610008e95d6d556af487a8bdeb68c7166247993a7ee6f13c1790e3de2b04da090a6323bd5e44e8917bcf98784676ec4b57a4a7bcbf02ea2e5755c90a47050a2ea58b0a46d81c2a6261a308163d6da970d7dc9fd94927d4f079e4ad9dcca0c2a78fc8f6c04666f6040b4c6f1861b87956d6e99e56a12662462f0bdfdec4b6ecec6e8ed0d426461899c75a8ac6dd751b521810a85e9cc68ddc83ca0db725a672033ef70481568711b506af8fba54a1db8e0c977a4b8f0d71d739ee21d67a650601f9ff72a8c78884033d3492999f2f3a2944ade4d0af0446adeb6ebd017af08f995c7a1c86efe86eb1a67a4ad660872d867090eeec6ada1d7"]}, {0x4, &(0x7f00000002c0)=@lang_id={0x4, 0x3, 0x412}}, {0x4, &(0x7f00000003c0)=@lang_id={0x4, 0x3, 0x455}}, {0xeb, &(0x7f0000000400)=@string={0xeb, 0x3, "643c23189c42f068bb1cbe329acbdd6ca9a3d22dd3bd4f0766b1315e77377c770088a6c347c083b93b71060659cf7b2ccae01d7080073956d78ae0a17522107cd67fdea73a8d779d7da0b0e4d3c581566c4bb6f75a0b877ab83db642bc6994486ebb782a04dd2e86aa2e88711223a93a7288624ed055ed9e65045c09717339c55cfd165ef16352e9f2d2cdee7575619b6f29bb6b0f1b22a308155f768677f349f532fc3f5bbab5b43a848c6c5cb390095a55ccff0a874ca2063c52663ee545cf531bbf2dbad3e3e0aa67b3b54768b4627cf916d67a4d285dbd630b4a34799b49bae372dd0a901b101d"}}, {0x52, &(0x7f0000000500)=@string={0x52, 0x3, "ea9e456ffdd741d0005a06f93d737dd30e03e51d2c20dd9850b96501330addc72495cc6ea1e47a9a4eee8b6ce3cc7bccc38f27e908e76ed8f71c0b78b283e32ae5779cf384796f4bec7875658645ccaf"}}, {0x4, &(0x7f0000000580)=@lang_id={0x4, 0x3, 0x300a}}]})

576.136961ms ago: executing program 0 (id=702):
mount$fuse(0x0, 0x0, 0x0, 0x0, &(0x7f0000000140)=ANY=[@ANYBLOB='fd=', @ANYRESHEX, @ANYBLOB])
r0 = syz_init_net_socket$nfc_llcp(0x27, 0x2, 0x1)
connect$unix(r0, &(0x7f0000000100)=@abs={0x27}, 0x6e)

575.473055ms ago: executing program 3 (id=703):
r0 = socket$inet_udp(0x2, 0x2, 0x0)
close(r0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0)
mount$fuse(0x0, 0x0, 0x0, 0xe4460, &(0x7f0000000400)=ANY=[@ANYBLOB, @ANYRESHEX=r0])
mount(0x0, &(0x7f0000000380)='./file1\x00', &(0x7f0000000100)='autofs\x00', 0x0, &(0x7f0000000400))

575.227691ms ago: executing program 4 (id=704):
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$ieee802154(&(0x7f0000000600), r0)
sendmsg$IEEE802154_ADD_IFACE(r0, &(0x7f0000000700)={0x0, 0x0, &(0x7f00000006c0)={0x0}, 0x1, 0x0, 0x0, 0x4011}, 0x0)

452.735265ms ago: executing program 0 (id=705):
r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000040), 0x28200, 0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000000)={0x0, 0x1, 0x1000000000000, 0x2000, &(0x7f0000000000/0x2000)=nil})
openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
mmap(&(0x7f0000787000/0x4000)=nil, 0x4000, 0xb, 0x202812, r0, 0x7dfff000)

434.787736ms ago: executing program 4 (id=706):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000003c0)={{0x14}, [@NFT_MSG_NEWRULE={0x48, 0x6, 0xa, 0x40b, 0x0, 0x0, {0x2}, [@NFTA_RULE_EXPRESSIONS={0x1c, 0x4, 0x0, 0x1, [{0x18, 0x1, 0x0, 0x1, @dup_ipv4={{0x8}, @val={0xc, 0x2, 0x0, 0x1, [@NFTA_DUP_SREG_ADDR={0x8, 0x1, 0x1, 0x0, 0xd}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x7}}}, 0x70}}, 0x4)

434.232523ms ago: executing program 3 (id=707):
r0 = socket$nl_audit(0x10, 0x3, 0x9)
sendmsg$AUDIT_DEL_RULE(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000340)=ANY=[], 0x424}, 0x1, 0x2404, 0x0, 0x4000000}, 0x8050)

247.661321ms ago: executing program 3 (id=708):
r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000040), 0x28200, 0x0)
read(r0, &(0x7f0000000100)=""/159, 0xfffffe5a)
ioctl$BLKOPENZONE(r0, 0x40101286, 0x0)
r1 = openat$mice(0xffffffffffffff9c, 0x0, 0x80082)
write$FUSE_CREATE_OPEN(r1, &(0x7f0000000300)={0xa0, 0xfffffffffffffffe, 0x0, {{0x2, 0x2, 0x2, 0x6bf, 0x8, 0x1, {0x6, 0x2, 0x100000001, 0x0, 0x6, 0x1, 0x101, 0x7, 0xe, 0xb000, 0x7, 0x0, 0x0, 0x1, 0x3}}, {0x0, 0x1c}}}, 0xa0)
r2 = openat$nullb(0xffffffffffffff9c, &(0x7f0000001000), 0x169802, 0x0)
r3 = dup(r2)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000006, 0x13, r3, 0x0)
r4 = socket$pppl2tp(0x18, 0x1, 0x1)
ioctl$SIOCSIFMTU(r4, 0x89f1, &(0x7f0000000040)={'bond0\x00', 0x10000})
ioctl$BLKRRPART(r3, 0x125f, 0x0)

244.120503ms ago: executing program 4 (id=709):
openat$snapshot(0xffffffffffffff9c, &(0x7f0000000000), 0x2501, 0x0) (fail_nth: 9)

157.616216ms ago: executing program 0 (id=710):
r0 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x4, &(0x7f0000000080)=[{&(0x7f0000000200)="2e0400001c00810ce00f80ecdb4cb9f207c804a010000000030006fb0a0002000a0ada1b40d80500c500c50083b8", 0xfec9}], 0x1, 0x0, 0x0, 0x5865}, 0x0)
r1 = openat$rnullb(0xffffffffffffff9c, &(0x7f00000000c0), 0x28200, 0x0)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0)
ioctl$KVM_SET_SREGS(r4, 0x4138ae84, &(0x7f0000000100)={{0x0, 0x0, 0xb, 0x0, 0x8, 0x0, 0x0, 0x2, 0x6, 0x8, 0x9, 0x10}, {0x2, 0x0, 0xc, 0x0, 0x2, 0x0, 0x7, 0x0, 0x5, 0x7, 0x4, 0x4}, {0x2000, 0x5000, 0xc, 0x0, 0x7, 0x4, 0x0, 0x0, 0x3, 0x0, 0x4, 0xfc}, {0x3000, 0xd000, 0x0, 0xff, 0x0, 0x0, 0xff, 0x0, 0x0, 0x0, 0x4}, {0xeeee8000, 0xeeef0000, 0x9, 0x0, 0xfc, 0x4, 0x0, 0x0, 0x0, 0x3c}, {0x0, 0xdddd1000, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0xa, 0x2}, {0xeeee0000, 0xdddd1000, 0xa, 0xfe, 0x0, 0x0, 0x3}, {0x0, 0x0, 0x3, 0x0, 0x0, 0x1, 0x0, 0xa, 0x26}, {0xdddd1000}, {0xdddd1000, 0xffff}, 0xddf8ffdb, 0x0, 0x0, 0x430, 0x0, 0x2501, 0x0, [0x100000, 0x0, 0x2]})
ioctl$KVM_SET_GUEST_DEBUG(r4, 0x4048ae9b, &(0x7f0000000300)={0x170003, 0x0, [0x53b2, 0x9, 0x4, 0x5, 0xffffffffffff1e53, 0x5, 0x9, 0xb82]})
mmap(&(0x7f0000787000/0x4000)=nil, 0x4000, 0x0, 0x10, r1, 0x7dfff000)

0s ago: executing program 1 (id=711):
r0 = socket$qrtr(0x2a, 0x2, 0x0)
bind$qrtr(r0, 0x0, 0x0)
syz_usb_connect(0x0, 0x24, &(0x7f0000000000)={{0x12, 0x1, 0x0, 0x97, 0xff, 0x82, 0x8, 0x2058, 0x1005, 0xc19b, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x8f, 0x0, 0x0, 0xbf, 0x57, 0x5a}}]}}]}}, 0x0)
r1 = syz_open_procfs(0x0, &(0x7f0000000400)='net/ip6_tables_matches\x00')
pread64(r1, &(0x7f0000001b80)=""/4084, 0xff4, 0x7f)
sendmsg$inet6(r1, &(0x7f0000000680)={0x0, 0x0, &(0x7f0000000600)=[{&(0x7f0000000040)="0724b903b73f505eb2b17fa70e5844baf6fe6d8dce3582e28b2f781b0d9967ead941976b713973943cae575c90123c5468fb7132fd0de27bedc1842177df316e6bd5b96a1bbd43db971d6bd0ec7f60e69873eb8d1ab7f148d55e2a42594db5613556635c6bfb47712248f8580841e962d2e2d9", 0x73}, {&(0x7f00000000c0)="01e7b9e76650bd9eefed4eb23b8bccb7aaeb323732128da9ccdc52bf8caa6b9b2075b55d91c3014bae6da4459fdc29fe912ce7276d35d2d7061d1289f0125b1dc041c8a0325a5b0f13d3fe498cf58a060000003333a0a4c8bc28f3961477a5362b1bce6b20ae5ff66ce0893628d29b59e9570cab310600000059d5c80af4d50f21e1c67528dad0298c9b2d4983b937ea329b04b0a2e15e878ed5062e22cd756d4639a9ad5d79769029bedd8f568795addcd3ce825d7fa9940c2c57ecd6ff23ef0fb6bb61126aa509214a1afbbc4d68e33fd828c7a978d11bbc27ffbf00000000000000", 0xe3}, {&(0x7f00000001c0)="93930ba6cbd9ccab1f96dafab8b64fb5ec8169a5160263031cdfe8cbb879d1c363f962c5e511b24faf57b45476d6d199957bf344c926639809b24965a63c6c1ef36cfe975f8812025a0a9c293f702b4f0b6999b478a5aec428b92878e75ce3aa9333d4ac6c155080159674365ac78d92849f21640ec96df8f6310fdb6bf093504538799c0caf21b3a046f046628fd8d090e3df7420e2642c4587", 0x9a}, {&(0x7f0000000280)="8f28e7d18a8499d4b49437d44dcc27c801202efe6c9a5691deed3cf36d7204e35ee194ede06f19b1f78a95b970091a66c5ce028545ebf1ac50648659e5146cbfad7ad51b6f436f0863a9a59d247604bda1d7b330464735b1e9edfef81dac0ea15df45cc5198aa7f5572df7984207cf6850b2400d9bb7c5aa83191c0ad24759a1c70e9370e27fd733e438e6e5a80e61e6c61338ad3c3bfa31574a25e3ec050bb007e90dedfe766476c7344613f773cd861e1b9d8c5f42b7027b4555def12808f92cef8c36a3dc8441935da00cfe1752ba40a9880bc8893809d71197f137df6d8f620977", 0xe3}, {&(0x7f0000000380)="fb8e999f6ee0af18762b298e823e94ebb428d966b58bb6fe6a860cfb73f005993d05e4e3b0dab32ccdf5bfb82779fe72ab060a876c3df25f5518db5c3def40353b89ec3afd4fc66bbc90d8e9a295a410a24d519b5352e2639f2fde6b042ea11357115baf5bf2396f4a949248d4bf737beea1f21b2df8f7fa3f0fb176e6d4110dbc5d", 0x82}, {&(0x7f0000000440)="8a944bf5925b94de8e601e3a49d7b5b4856e4836f12dc6", 0x17}, {&(0x7f0000000480)="c5652323f9a945c9afd6b0295cbb7044b10134b28ecc9bfc54472d0601c8fe70cc4db0263e3f6977e3033bf613850db8af3198060e91cf2764eb", 0x3a}, {&(0x7f0000000500)="be49e2dc0da049f286a5967980f5c9d0cc8c040c926e8e6f49bb27c1efa68c554461fc9ff2e79b4c22f231a8212915bfb3984782ef3c2c4a3c3adcc1c028df3edab15c07dd89b912e3b3a80c69022b1329d9694b5b4eaadec1578a9c02b229ba1da56de1dd11a54304f6e4312e5fa2d7ad23282fdb0e411d526e053b994228c52f07aefbe80d1534397587f5e37a9052d9bd7a1a5e430c50a33529f07bc41fc2402fe075536e689f9b4bc8ad84fd982e5473f082befe7acf32d46d6f248e88affbbf2f4b657239f2b588a9528f5a366f832aff782bb4b3ba65de582cf16917bd9c", 0xe1}], 0x8}, 0x40)

kernel console output (not intermixed with test programs):

6736]  ? trace_contention_end+0x39/0x120
[  133.191619][ T6736]  ? __mutex_lock+0x330/0xe80
[  133.191633][ T6736]  ? __lock_acquire+0xab9/0xd20
[  133.191646][ T6736]  ? nfnetlink_rcv_msg+0x9dc/0x1130
[  133.191672][ T6736]  nfnetlink_rcv_msg+0xb4a/0x1130
[  133.191683][ T6736]  ? nfnetlink_rcv_msg+0x20d/0x1130
[  133.191704][ T6736]  ? __pfx_nfnetlink_rcv_msg+0x10/0x10
[  133.191714][ T6736]  ? kasan_save_free_info+0x46/0x50
[  133.191759][ T6736]  netlink_rcv_skb+0x208/0x470
[  133.191773][ T6736]  ? __pfx_nfnetlink_rcv_msg+0x10/0x10
[  133.191791][ T6736]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  133.191811][ T6736]  ? bpf_lsm_capable+0x9/0x20
[  133.191824][ T6736]  ? security_capable+0x7e/0x2e0
[  133.191840][ T6736]  nfnetlink_rcv+0x26a/0x2520
[  133.191853][ T6736]  ? __dev_queue_xmit+0x1cd7/0x3a70
[  133.191872][ T6736]  ? kmem_cache_alloc_noprof+0x1c1/0x3c0
[  133.191886][ T6736]  ? __dev_queue_xmit+0x27e/0x3a70
[  133.191902][ T6736]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  133.191919][ T6736]  ? __pfx_nfnetlink_rcv+0x10/0x10
[  133.191929][ T6736]  ? __pfx___dev_queue_xmit+0x10/0x10
[  133.191954][ T6736]  ? ref_tracker_free+0x63a/0x7d0
[  133.191967][ T6736]  ? __copy_skb_header+0xa7/0x550
[  133.191983][ T6736]  ? __pfx_ref_tracker_free+0x10/0x10
[  133.191998][ T6736]  ? __skb_clone+0x63/0x7a0
[  133.192015][ T6736]  ? __skb_clone+0x483/0x7a0
[  133.192033][ T6736]  ? skb_clone+0x246/0x3a0
[  133.192050][ T6736]  ? __netlink_deliver_tap+0x807/0x850
[  133.192064][ T6736]  ? netlink_deliver_tap+0x2e/0x1b0
[  133.192081][ T6736]  ? netlink_deliver_tap+0x2e/0x1b0
[  133.192094][ T6736]  ? netlink_deliver_tap+0x2e/0x1b0
[  133.192110][ T6736]  netlink_unicast+0x75b/0x8d0
[  133.192129][ T6736]  netlink_sendmsg+0x805/0xb30
[  133.192149][ T6736]  ? __pfx_netlink_sendmsg+0x10/0x10
[  133.192172][ T6736]  ? aa_sock_msg_perm+0x94/0x160
[  133.192188][ T6736]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  133.192205][ T6736]  ? __pfx_netlink_sendmsg+0x10/0x10
[  133.192219][ T6736]  __sock_sendmsg+0x219/0x270
[  133.192232][ T6736]  ____sys_sendmsg+0x505/0x830
[  133.192250][ T6736]  ? __pfx_____sys_sendmsg+0x10/0x10
[  133.192270][ T6736]  ? import_iovec+0x74/0xa0
[  133.192284][ T6736]  ___sys_sendmsg+0x21f/0x2a0
[  133.192300][ T6736]  ? __pfx____sys_sendmsg+0x10/0x10
[  133.192335][ T6736]  ? __fget_files+0x2a/0x420
[  133.192351][ T6736]  ? __fget_files+0x3a0/0x420
[  133.192372][ T6736]  __x64_sys_sendmsg+0x19b/0x260
[  133.192389][ T6736]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  133.192409][ T6736]  ? __pfx_ksys_write+0x10/0x10
[  133.192427][ T6736]  ? do_syscall_64+0xbe/0x3b0
[  133.192440][ T6736]  do_syscall_64+0xfa/0x3b0
[  133.192450][ T6736]  ? lockdep_hardirqs_on+0x9c/0x150
[  133.192467][ T6736]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  133.192478][ T6736]  ? clear_bhb_loop+0x60/0xb0
[  133.192491][ T6736]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  133.192501][ T6736] RIP: 0033:0x7f343b58e929
[  133.192513][ T6736] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  133.192522][ T6736] RSP: 002b:00007f343c453038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  133.192538][ T6736] RAX: ffffffffffffffda RBX: 00007f343b7b5fa0 RCX: 00007f343b58e929
[  133.192546][ T6736] RDX: 0000000000000000 RSI: 0000200000000080 RDI: 0000000000000003
[  133.192553][ T6736] RBP: 00007f343c453090 R08: 0000000000000000 R09: 0000000000000000
[  133.192560][ T6736] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  133.192566][ T6736] R13: 0000000000000000 R14: 00007f343b7b5fa0 R15: 00007ffd5be5bb58
[  133.192583][ T6736]  </TASK>
[  133.847045][ T6745] FAULT_INJECTION: forcing a failure.
[  133.847045][ T6745] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  133.860732][ T6745] CPU: 1 UID: 0 PID: 6745 Comm: syz.3.295 Not tainted 6.16.0-rc2-syzkaller-00231-g75f5f23f8787 #0 PREEMPT(full) 
[  133.860762][ T6745] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  133.860781][ T6745] Call Trace:
[  133.860792][ T6745]  <TASK>
[  133.860799][ T6745]  dump_stack_lvl+0x189/0x250
[  133.860826][ T6745]  ? __pfx____ratelimit+0x10/0x10
[  133.860854][ T6745]  ? __pfx_dump_stack_lvl+0x10/0x10
[  133.860876][ T6745]  ? __pfx__printk+0x10/0x10
[  133.860911][ T6745]  should_fail_ex+0x414/0x560
[  133.860941][ T6745]  _copy_to_user+0x31/0xb0
[  133.860963][ T6745]  simple_read_from_buffer+0xe1/0x170
[  133.860994][ T6745]  proc_fail_nth_read+0x1df/0x250
[  133.861015][ T6745]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  133.861035][ T6745]  ? rw_verify_area+0x258/0x650
[  133.861050][ T6745]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  133.861061][ T6745]  vfs_read+0x1fd/0x980
[  133.861079][ T6745]  ? __pfx___mutex_lock+0x10/0x10
[  133.861091][ T6745]  ? __pfx_vfs_read+0x10/0x10
[  133.861105][ T6745]  ? __fget_files+0x2a/0x420
[  133.861124][ T6745]  ? __fget_files+0x3a0/0x420
[  133.861140][ T6745]  ? __fget_files+0x2a/0x420
[  133.861160][ T6745]  ksys_read+0x145/0x250
[  133.861176][ T6745]  ? __pfx_ksys_read+0x10/0x10
[  133.861193][ T6745]  ? do_syscall_64+0xbe/0x3b0
[  133.861207][ T6745]  do_syscall_64+0xfa/0x3b0
[  133.861217][ T6745]  ? lockdep_hardirqs_on+0x9c/0x150
[  133.861233][ T6745]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  133.861244][ T6745]  ? clear_bhb_loop+0x60/0xb0
[  133.861257][ T6745]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  133.861268][ T6745] RIP: 0033:0x7f343b58d33c
[  133.861279][ T6745] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[  133.861288][ T6745] RSP: 002b:00007f343c453030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  133.861302][ T6745] RAX: ffffffffffffffda RBX: 00007f343b7b5fa0 RCX: 00007f343b58d33c
[  133.861310][ T6745] RDX: 000000000000000f RSI: 00007f343c4530a0 RDI: 0000000000000003
[  133.861316][ T6745] RBP: 00007f343c453090 R08: 0000000000000000 R09: 0000000000000000
[  133.861323][ T6745] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  133.861329][ T6745] R13: 0000000000000000 R14: 00007f343b7b5fa0 R15: 00007ffd5be5bb58
[  133.861347][ T6745]  </TASK>
[  134.090345][    C1] vkms_vblank_simulate: vblank timer overrun
[  134.209200][ T6748] netlink: 60 bytes leftover after parsing attributes in process `syz.3.296'.
[  134.212390][ T6750] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list
[  134.237541][ T6747] netlink: 60 bytes leftover after parsing attributes in process `syz.3.296'.
[  134.259829][ T6750] netlink: 4 bytes leftover after parsing attributes in process `syz.1.297'.
[  134.487659][ T6757] input: syz0 as /devices/virtual/input/input11
[  135.215345][ T6782] syzkaller1: entered promiscuous mode
[  135.221251][ T6782] syzkaller1: entered allmulticast mode
[  135.490137][ T6791] FAULT_INJECTION: forcing a failure.
[  135.490137][ T6791] name failslab, interval 1, probability 0, space 0, times 0
[  135.503606][ T6791] CPU: 1 UID: 0 PID: 6791 Comm: syz.0.313 Not tainted 6.16.0-rc2-syzkaller-00231-g75f5f23f8787 #0 PREEMPT(full) 
[  135.503630][ T6791] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  135.503640][ T6791] Call Trace:
[  135.503647][ T6791]  <TASK>
[  135.503664][ T6791]  dump_stack_lvl+0x189/0x250
[  135.503691][ T6791]  ? __pfx____ratelimit+0x10/0x10
[  135.503719][ T6791]  ? __pfx_dump_stack_lvl+0x10/0x10
[  135.503738][ T6791]  ? __pfx__printk+0x10/0x10
[  135.503762][ T6791]  ? __pfx___might_resched+0x10/0x10
[  135.503783][ T6791]  ? fs_reclaim_acquire+0x7d/0x100
[  135.503815][ T6791]  should_fail_ex+0x414/0x560
[  135.503844][ T6791]  should_failslab+0xa8/0x100
[  135.503869][ T6791]  __kmalloc_noprof+0xcb/0x4f0
[  135.503890][ T6791]  ? genl_family_rcv_msg_attrs_parse+0xa3/0x2a0
[  135.503917][ T6791]  genl_family_rcv_msg_attrs_parse+0xa3/0x2a0
[  135.503944][ T6791]  genl_family_rcv_msg_doit+0xb8/0x300
[  135.503981][ T6791]  ? __pfx_genl_family_rcv_msg_doit+0x10/0x10
[  135.504013][ T6791]  ? rcu_is_watching+0x15/0xb0
[  135.504038][ T6791]  ? apparmor_capable+0x137/0x1b0
[  135.504066][ T6791]  ? bpf_lsm_capable+0x9/0x20
[  135.504087][ T6791]  ? security_capable+0x7e/0x2e0
[  135.504114][ T6791]  genl_rcv_msg+0x60e/0x790
[  135.504148][ T6791]  ? __pfx_genl_rcv_msg+0x10/0x10
[  135.504172][ T6791]  ? ref_tracker_free+0x63a/0x7d0
[  135.504194][ T6791]  ? __pfx_l2tp_nl_cmd_session_create+0x10/0x10
[  135.504216][ T6791]  ? __pfx_ref_tracker_free+0x10/0x10
[  135.504249][ T6791]  netlink_rcv_skb+0x208/0x470
[  135.504273][ T6791]  ? __pfx_genl_rcv_msg+0x10/0x10
[  135.504300][ T6791]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  135.504343][ T6791]  ? down_read+0x1ad/0x2e0
[  135.504366][ T6791]  genl_rcv+0x28/0x40
[  135.504391][ T6791]  netlink_unicast+0x75b/0x8d0
[  135.504425][ T6791]  netlink_sendmsg+0x805/0xb30
[  135.504461][ T6791]  ? __pfx_netlink_sendmsg+0x10/0x10
[  135.504489][ T6791]  ? aa_sock_msg_perm+0x94/0x160
[  135.504511][ T6791]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  135.504539][ T6791]  ? __pfx_netlink_sendmsg+0x10/0x10
[  135.504563][ T6791]  __sock_sendmsg+0x219/0x270
[  135.504587][ T6791]  ____sys_sendmsg+0x505/0x830
[  135.504620][ T6791]  ? __pfx_____sys_sendmsg+0x10/0x10
[  135.504663][ T6791]  ? import_iovec+0x74/0xa0
[  135.504686][ T6791]  ___sys_sendmsg+0x21f/0x2a0
[  135.504711][ T6791]  ? __pfx____sys_sendmsg+0x10/0x10
[  135.504772][ T6791]  ? __fget_files+0x2a/0x420
[  135.504796][ T6791]  ? __fget_files+0x3a0/0x420
[  135.504834][ T6791]  __x64_sys_sendmsg+0x19b/0x260
[  135.504863][ T6791]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  135.504901][ T6791]  ? __pfx_ksys_write+0x10/0x10
[  135.504923][ T6791]  ? rcu_is_watching+0x15/0xb0
[  135.504951][ T6791]  ? do_syscall_64+0xbe/0x3b0
[  135.504974][ T6791]  do_syscall_64+0xfa/0x3b0
[  135.504991][ T6791]  ? lockdep_hardirqs_on+0x9c/0x150
[  135.505017][ T6791]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  135.505035][ T6791]  ? clear_bhb_loop+0x60/0xb0
[  135.505057][ T6791]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  135.505074][ T6791] RIP: 0033:0x7f357518e929
[  135.505093][ T6791] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  135.505108][ T6791] RSP: 002b:00007f35760a4038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  135.505128][ T6791] RAX: ffffffffffffffda RBX: 00007f35753b5fa0 RCX: 00007f357518e929
[  135.505142][ T6791] RDX: 0000000004000000 RSI: 0000200000000140 RDI: 0000000000000003
[  135.505154][ T6791] RBP: 00007f35760a4090 R08: 0000000000000000 R09: 0000000000000000
[  135.505166][ T6791] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  135.505177][ T6791] R13: 0000000000000000 R14: 00007f35753b5fa0 R15: 00007ffdad420b98
[  135.505210][ T6791]  </TASK>
[  136.190223][ T6803] netlink: 4 bytes leftover after parsing attributes in process `syz.0.315'.
[  136.440211][ T6808] syzkaller1: entered promiscuous mode
[  136.446254][ T6808] syzkaller1: entered allmulticast mode
[  136.575733][ T6812] FAULT_INJECTION: forcing a failure.
[  136.575733][ T6812] name failslab, interval 1, probability 0, space 0, times 0
[  136.590098][ T6812] CPU: 1 UID: 0 PID: 6812 Comm: syz.3.320 Not tainted 6.16.0-rc2-syzkaller-00231-g75f5f23f8787 #0 PREEMPT(full) 
[  136.590125][ T6812] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  136.590137][ T6812] Call Trace:
[  136.590145][ T6812]  <TASK>
[  136.590153][ T6812]  dump_stack_lvl+0x189/0x250
[  136.590180][ T6812]  ? __pfx____ratelimit+0x10/0x10
[  136.590209][ T6812]  ? __pfx_dump_stack_lvl+0x10/0x10
[  136.590230][ T6812]  ? __pfx__printk+0x10/0x10
[  136.590258][ T6812]  ? __pfx___might_resched+0x10/0x10
[  136.590276][ T6812]  ? fs_reclaim_acquire+0x7d/0x100
[  136.590305][ T6812]  should_fail_ex+0x414/0x560
[  136.590332][ T6812]  should_failslab+0xa8/0x100
[  136.590357][ T6812]  kmem_cache_alloc_node_noprof+0x76/0x3c0
[  136.590444][ T6812]  ? __alloc_skb+0x112/0x2d0
[  136.590483][ T6812]  __alloc_skb+0x112/0x2d0
[  136.590508][ T6812]  netlink_ack+0x146/0xa50
[  136.590547][ T6812]  netlink_rcv_skb+0x28c/0x470
[  136.590571][ T6812]  ? __pfx_nfnetlink_rcv_msg+0x10/0x10
[  136.590590][ T6812]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  136.590621][ T6812]  ? bpf_lsm_capable+0x9/0x20
[  136.590643][ T6812]  ? security_capable+0x7e/0x2e0
[  136.590688][ T6812]  nfnetlink_rcv+0x26a/0x2520
[  136.590711][ T6812]  ? __dev_queue_xmit+0x1cd7/0x3a70
[  136.590741][ T6812]  ? kmem_cache_alloc_noprof+0x1c1/0x3c0
[  136.590771][ T6812]  ? __dev_queue_xmit+0x27e/0x3a70
[  136.590796][ T6812]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  136.590825][ T6812]  ? __pfx_nfnetlink_rcv+0x10/0x10
[  136.590843][ T6812]  ? __pfx___dev_queue_xmit+0x10/0x10
[  136.590883][ T6812]  ? ref_tracker_free+0x63a/0x7d0
[  136.590907][ T6812]  ? __copy_skb_header+0xa7/0x550
[  136.590935][ T6812]  ? __pfx_ref_tracker_free+0x10/0x10
[  136.590960][ T6812]  ? __skb_clone+0x63/0x7a0
[  136.590990][ T6812]  ? __skb_clone+0x483/0x7a0
[  136.591020][ T6812]  ? skb_clone+0x246/0x3a0
[  136.591048][ T6812]  ? __netlink_deliver_tap+0x807/0x850
[  136.591070][ T6812]  ? netlink_deliver_tap+0x2e/0x1b0
[  136.591100][ T6812]  ? netlink_deliver_tap+0x2e/0x1b0
[  136.591123][ T6812]  ? netlink_deliver_tap+0x2e/0x1b0
[  136.591151][ T6812]  netlink_unicast+0x75b/0x8d0
[  136.591184][ T6812]  netlink_sendmsg+0x805/0xb30
[  136.591218][ T6812]  ? __pfx_netlink_sendmsg+0x10/0x10
[  136.591253][ T6812]  ? aa_sock_msg_perm+0x94/0x160
[  136.591275][ T6812]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  136.591302][ T6812]  ? __pfx_netlink_sendmsg+0x10/0x10
[  136.591328][ T6812]  __sock_sendmsg+0x219/0x270
[  136.591350][ T6812]  ____sys_sendmsg+0x505/0x830
[  136.591381][ T6812]  ? __pfx_____sys_sendmsg+0x10/0x10
[  136.591417][ T6812]  ? import_iovec+0x74/0xa0
[  136.591440][ T6812]  ___sys_sendmsg+0x21f/0x2a0
[  136.591468][ T6812]  ? __pfx____sys_sendmsg+0x10/0x10
[  136.591533][ T6812]  ? __fget_files+0x2a/0x420
[  136.591560][ T6812]  ? __fget_files+0x3a0/0x420
[  136.591601][ T6812]  __x64_sys_sendmsg+0x19b/0x260
[  136.591631][ T6812]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  136.591667][ T6812]  ? __pfx_ksys_write+0x10/0x10
[  136.591708][ T6812]  ? do_syscall_64+0xbe/0x3b0
[  136.591732][ T6812]  do_syscall_64+0xfa/0x3b0
[  136.591750][ T6812]  ? lockdep_hardirqs_on+0x9c/0x150
[  136.591778][ T6812]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  136.591797][ T6812]  ? clear_bhb_loop+0x60/0xb0
[  136.591820][ T6812]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  136.591838][ T6812] RIP: 0033:0x7f343b58e929
[  136.591857][ T6812] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  136.591873][ T6812] RSP: 002b:00007f343c453038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  136.591894][ T6812] RAX: ffffffffffffffda RBX: 00007f343b7b5fa0 RCX: 00007f343b58e929
[  136.591907][ T6812] RDX: 0000000000000000 RSI: 0000200000000080 RDI: 0000000000000003
[  136.591919][ T6812] RBP: 00007f343c453090 R08: 0000000000000000 R09: 0000000000000000
[  136.591930][ T6812] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  136.591941][ T6812] R13: 0000000000000000 R14: 00007f343b7b5fa0 R15: 00007ffd5be5bb58
[  136.591972][ T6812]  </TASK>
[  137.326014][ T6824] FAULT_INJECTION: forcing a failure.
[  137.326014][ T6824] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  137.350565][ T6824] CPU: 0 UID: 0 PID: 6824 Comm: syz.3.324 Not tainted 6.16.0-rc2-syzkaller-00231-g75f5f23f8787 #0 PREEMPT(full) 
[  137.350594][ T6824] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  137.350605][ T6824] Call Trace:
[  137.350614][ T6824]  <TASK>
[  137.350623][ T6824]  dump_stack_lvl+0x189/0x250
[  137.350652][ T6824]  ? __pfx____ratelimit+0x10/0x10
[  137.350682][ T6824]  ? __pfx_dump_stack_lvl+0x10/0x10
[  137.350716][ T6824]  ? __pfx__printk+0x10/0x10
[  137.350751][ T6824]  should_fail_ex+0x414/0x560
[  137.350784][ T6824]  _copy_from_user+0x2d/0xb0
[  137.350804][ T6824]  get_user_ifreq+0x6c/0x180
[  137.350832][ T6824]  inet_ioctl+0x38c/0x4c0
[  137.350855][ T6824]  ? __pfx_inet_ioctl+0x10/0x10
[  137.350893][ T6824]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  137.350927][ T6824]  ? packet_ioctl+0x270/0x350
[  137.350955][ T6824]  sock_do_ioctl+0xd9/0x300
[  137.350974][ T6824]  ? __pfx_sock_do_ioctl+0x10/0x10
[  137.350989][ T6824]  ? __lock_acquire+0xab9/0xd20
[  137.351022][ T6824]  sock_ioctl+0x576/0x790
[  137.351050][ T6824]  ? __pfx_sock_ioctl+0x10/0x10
[  137.351078][ T6824]  ? __fget_files+0x2a/0x420
[  137.351102][ T6824]  ? __fget_files+0x3a0/0x420
[  137.351128][ T6824]  ? __fget_files+0x2a/0x420
[  137.351155][ T6824]  ? bpf_lsm_file_ioctl+0x9/0x20
[  137.351175][ T6824]  ? __pfx_sock_ioctl+0x10/0x10
[  137.351200][ T6824]  __se_sys_ioctl+0xfc/0x170
[  137.351226][ T6824]  do_syscall_64+0xfa/0x3b0
[  137.351243][ T6824]  ? lockdep_hardirqs_on+0x9c/0x150
[  137.351270][ T6824]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  137.351289][ T6824]  ? clear_bhb_loop+0x60/0xb0
[  137.351312][ T6824]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  137.351328][ T6824] RIP: 0033:0x7f343b58e929
[  137.351345][ T6824] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  137.351361][ T6824] RSP: 002b:00007f343c453038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  137.351381][ T6824] RAX: ffffffffffffffda RBX: 00007f343b7b5fa0 RCX: 00007f343b58e929
[  137.351394][ T6824] RDX: 0000200000000180 RSI: 0000000000008916 RDI: 0000000000000003
[  137.351406][ T6824] RBP: 00007f343c453090 R08: 0000000000000000 R09: 0000000000000000
[  137.351417][ T6824] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  137.351428][ T6824] R13: 0000000000000000 R14: 00007f343b7b5fa0 R15: 00007ffd5be5bb58
[  137.351457][ T6824]  </TASK>
[  137.936066][ T6833] syzkaller1: entered promiscuous mode
[  137.948987][ T6833] syzkaller1: entered allmulticast mode
[  138.069601][ T6835] netlink: 56 bytes leftover after parsing attributes in process `syz.1.329'.
[  138.396032][ T6845] program syz.1.332 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  138.818074][ T6856] syzkaller1: entered promiscuous mode
[  138.825083][ T6856] syzkaller1: entered allmulticast mode
[  140.126059][ T5833] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[  140.135736][ T5833] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[  140.148549][ T5833] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[  140.158339][ T5833] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[  140.171787][ T5833] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[  140.612186][ T6876] chnl_net:caif_netlink_parms(): no params data found
[  141.035035][ T6876] bridge0: port 1(bridge_slave_0) entered blocking state
[  141.056463][ T6876] bridge0: port 1(bridge_slave_0) entered disabled state
[  141.084469][ T6876] bridge_slave_0: entered allmulticast mode
[  141.098480][ T6876] bridge_slave_0: entered promiscuous mode
[  141.122144][ T6876] bridge0: port 2(bridge_slave_1) entered blocking state
[  141.141293][ T6876] bridge0: port 2(bridge_slave_1) entered disabled state
[  141.159047][ T6876] bridge_slave_1: entered allmulticast mode
[  141.183015][ T6876] bridge_slave_1: entered promiscuous mode
[  141.202657][ T6894] syzkaller1: entered promiscuous mode
[  141.208562][ T6894] syzkaller1: entered allmulticast mode
[  141.334896][ T6876] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  141.364182][ T6876] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  141.501593][ T6876] team0: Port device team_slave_0 added
[  141.512790][ T6876] team0: Port device team_slave_1 added
[  141.585957][   T30] audit: type=1326 audit(1750454219.012:2): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6909 comm="syz.0.354" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f357518e929 code=0x0
[  141.645223][ T6876] batman_adv: batadv0: Adding interface: batadv_slave_0
[  141.652750][ T6876] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  141.678844][    C0] vkms_vblank_simulate: vblank timer overrun
[  141.710279][ T6876] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  141.726429][ T6876] batman_adv: batadv0: Adding interface: batadv_slave_1
[  141.734003][ T6876] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  141.760271][    C0] vkms_vblank_simulate: vblank timer overrun
[  141.768219][ T6876] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  141.899632][ T6876] hsr_slave_0: entered promiscuous mode
[  141.929620][ T6876] hsr_slave_1: entered promiscuous mode
[  141.953256][ T6876] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  141.961700][ T6876] Cannot create hsr debugfs directory
[  142.075072][ T6924] syzkaller1: entered promiscuous mode
[  142.084992][ T6924] syzkaller1: entered allmulticast mode
[  142.201123][ T5833] Bluetooth: hci4: command tx timeout
[  142.365169][ T6876] netdevsim netdevsim4 netdevsim0: renamed from eth0
[  142.383302][ T6876] netdevsim netdevsim4 netdevsim1: renamed from eth1
[  142.438022][ T6876] netdevsim netdevsim4 netdevsim2: renamed from eth2
[  142.486436][ T6876] netdevsim netdevsim4 netdevsim3: renamed from eth3
[  142.789931][ T6876] 8021q: adding VLAN 0 to HW filter on device bond0
[  142.842076][ T6876] 8021q: adding VLAN 0 to HW filter on device team0
[  142.887380][   T12] bridge0: port 1(bridge_slave_0) entered blocking state
[  142.894681][   T12] bridge0: port 1(bridge_slave_0) entered forwarding state
[  142.983530][   T12] bridge0: port 2(bridge_slave_1) entered blocking state
[  142.990866][   T12] bridge0: port 2(bridge_slave_1) entered forwarding state
[  143.003242][ T6948] syzkaller1: entered promiscuous mode
[  143.011646][ T6948] syzkaller1: entered allmulticast mode
[  143.112067][ T6957] CUSE: DEVNAME unspecified
[  143.198994][ T6959] FAULT_INJECTION: forcing a failure.
[  143.198994][ T6959] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  143.246907][ T6959] CPU: 1 UID: 0 PID: 6959 Comm: syz.0.372 Not tainted 6.16.0-rc2-syzkaller-00231-g75f5f23f8787 #0 PREEMPT(full) 
[  143.246936][ T6959] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  143.246948][ T6959] Call Trace:
[  143.246955][ T6959]  <TASK>
[  143.246963][ T6959]  dump_stack_lvl+0x189/0x250
[  143.246992][ T6959]  ? __pfx____ratelimit+0x10/0x10
[  143.247020][ T6959]  ? __pfx_dump_stack_lvl+0x10/0x10
[  143.247040][ T6959]  ? __pfx__printk+0x10/0x10
[  143.247074][ T6959]  should_fail_ex+0x414/0x560
[  143.247104][ T6959]  _copy_to_user+0x31/0xb0
[  143.247126][ T6959]  simple_read_from_buffer+0xe1/0x170
[  143.247158][ T6959]  proc_fail_nth_read+0x1df/0x250
[  143.247178][ T6959]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  143.247199][ T6959]  ? rw_verify_area+0x258/0x650
[  143.247221][ T6959]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  143.247240][ T6959]  vfs_read+0x1fd/0x980
[  143.247270][ T6959]  ? __pfx___mutex_lock+0x10/0x10
[  143.247290][ T6959]  ? __pfx_vfs_read+0x10/0x10
[  143.247313][ T6959]  ? __fget_files+0x2a/0x420
[  143.247344][ T6959]  ? __fget_files+0x3a0/0x420
[  143.247367][ T6959]  ? __fget_files+0x2a/0x420
[  143.247400][ T6959]  ksys_read+0x145/0x250
[  143.247427][ T6959]  ? __pfx_ksys_read+0x10/0x10
[  143.247446][ T6959]  ? rcu_is_watching+0x15/0xb0
[  143.247473][ T6959]  ? do_syscall_64+0xbe/0x3b0
[  143.247497][ T6959]  do_syscall_64+0xfa/0x3b0
[  143.247514][ T6959]  ? lockdep_hardirqs_on+0x9c/0x150
[  143.247541][ T6959]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  143.247559][ T6959]  ? clear_bhb_loop+0x60/0xb0
[  143.247582][ T6959]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  143.247599][ T6959] RIP: 0033:0x7f357518d33c
[  143.247628][ T6959] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[  143.247644][ T6959] RSP: 002b:00007f35760a4030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  143.247666][ T6959] RAX: ffffffffffffffda RBX: 00007f35753b5fa0 RCX: 00007f357518d33c
[  143.247679][ T6959] RDX: 000000000000000f RSI: 00007f35760a40a0 RDI: 0000000000000005
[  143.247698][ T6959] RBP: 00007f35760a4090 R08: 0000000000000000 R09: 0000000000000000
[  143.247709][ T6959] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  143.247720][ T6959] R13: 0000000000000000 R14: 00007f35753b5fa0 R15: 00007ffdad420b98
[  143.247750][ T6959]  </TASK>
[  143.928161][ T6876] 8021q: adding VLAN 0 to HW filter on device batadv0
[  144.259575][ T6988] FAULT_INJECTION: forcing a failure.
[  144.259575][ T6988] name failslab, interval 1, probability 0, space 0, times 0
[  144.281170][ T5833] Bluetooth: hci4: command tx timeout
[  144.284164][ T6988] CPU: 1 UID: 0 PID: 6988 Comm: syz.3.381 Not tainted 6.16.0-rc2-syzkaller-00231-g75f5f23f8787 #0 PREEMPT(full) 
[  144.284189][ T6988] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  144.284200][ T6988] Call Trace:
[  144.284207][ T6988]  <TASK>
[  144.284215][ T6988]  dump_stack_lvl+0x189/0x250
[  144.284241][ T6988]  ? __pfx____ratelimit+0x10/0x10
[  144.284267][ T6988]  ? __pfx_dump_stack_lvl+0x10/0x10
[  144.284287][ T6988]  ? __pfx__printk+0x10/0x10
[  144.284312][ T6988]  ? __pfx___might_resched+0x10/0x10
[  144.284330][ T6988]  ? fs_reclaim_acquire+0x7d/0x100
[  144.284359][ T6988]  should_fail_ex+0x414/0x560
[  144.284384][ T6988]  ? __pfx_sock_alloc_inode+0x10/0x10
[  144.284399][ T6988]  should_failslab+0xa8/0x100
[  144.284422][ T6988]  ? __pfx_sock_alloc_inode+0x10/0x10
[  144.284436][ T6988]  kmem_cache_alloc_lru_noprof+0x78/0x3d0
[  144.284455][ T6988]  ? sock_alloc_inode+0x28/0xc0
[  144.284475][ T6988]  ? __pfx_sock_alloc_inode+0x10/0x10
[  144.284490][ T6988]  sock_alloc_inode+0x28/0xc0
[  144.284505][ T6988]  alloc_inode+0x67/0x1b0
[  144.284531][ T6988]  __sock_create+0x12d/0x9f0
[  144.284557][ T6988]  ? look_up_lock_class+0x74/0x170
[  144.284586][ T6988]  mptcp_subflow_create_socket+0xfd/0xb40
[  144.284611][ T6988]  ? __lock_acquire+0xab9/0xd20
[  144.284631][ T6988]  ? __pfx_mptcp_subflow_create_socket+0x10/0x10
[  144.284662][ T6988]  __mptcp_nmpc_sk+0x148/0x750
[  144.284683][ T6988]  ? __local_bh_enable_ip+0x12d/0x1c0
[  144.284702][ T6988]  ? __pfx___mptcp_nmpc_sk+0x10/0x10
[  144.284733][ T6988]  mptcp_setsockopt+0x10c0/0x3460
[  144.284754][ T6988]  ? vfs_write+0x8d8/0xa90
[  144.284780][ T6988]  ? aa_sk_perm+0x81e/0x950
[  144.284795][ T6988]  ? __pfx_mptcp_setsockopt+0x10/0x10
[  144.284819][ T6988]  ? __pfx_aa_sk_perm+0x10/0x10
[  144.284842][ T6988]  ? __lock_acquire+0xab9/0xd20
[  144.284864][ T6988]  ? aa_sock_opt_perm+0x74/0x110
[  144.284882][ T6988]  ? sock_common_setsockopt+0x36/0xc0
[  144.284899][ T6988]  ? __pfx_sock_common_setsockopt+0x10/0x10
[  144.284919][ T6988]  do_sock_setsockopt+0x25a/0x3e0
[  144.284944][ T6988]  ? __pfx_do_sock_setsockopt+0x10/0x10
[  144.284970][ T6988]  ? __fget_files+0x2a/0x420
[  144.285002][ T6988]  __x64_sys_setsockopt+0x18b/0x220
[  144.285029][ T6988]  do_syscall_64+0xfa/0x3b0
[  144.285045][ T6988]  ? lockdep_hardirqs_on+0x9c/0x150
[  144.285069][ T6988]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  144.285085][ T6988]  ? clear_bhb_loop+0x60/0xb0
[  144.285106][ T6988]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  144.285121][ T6988] RIP: 0033:0x7f343b58e929
[  144.285137][ T6988] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  144.285152][ T6988] RSP: 002b:00007f343c453038 EFLAGS: 00000246 ORIG_RAX: 0000000000000036
[  144.285172][ T6988] RAX: ffffffffffffffda RBX: 00007f343b7b5fa0 RCX: 00007f343b58e929
[  144.285184][ T6988] RDX: 0000000000000017 RSI: 0000000000000006 RDI: 0000000000000003
[  144.285195][ T6988] RBP: 00007f343c453090 R08: 0000000000000004 R09: 0000000000000000
[  144.285205][ T6988] R10: 0000200000000240 R11: 0000000000000246 R12: 0000000000000001
[  144.285215][ T6988] R13: 0000000000000000 R14: 00007f343b7b5fa0 R15: 00007ffd5be5bb58
[  144.285243][ T6988]  </TASK>
[  144.285375][ T6988] socket: no more sockets
[  144.860434][ T6876] veth0_vlan: entered promiscuous mode
[  144.886493][ T6876] veth1_vlan: entered promiscuous mode
[  144.948139][ T6876] veth0_macvtap: entered promiscuous mode
[  144.963755][ T6876] veth1_macvtap: entered promiscuous mode
[  144.992733][ T6876] batman_adv: batadv0: Interface activated: batadv_slave_0
[  145.009570][ T6876] batman_adv: batadv0: Interface activated: batadv_slave_1
[  145.030959][ T6876] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  145.039985][ T6876] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  145.055511][ T6876] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  145.064554][ T6876] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  145.177456][   T49] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  145.196875][   T49] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  145.228766][ T7008] binder: BINDER_SET_CONTEXT_MGR already set
[  145.245405][ T1170] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  145.245983][ T7008] binder: 7007:7008 ioctl 4018620d 200000000180 returned -16
[  145.259325][ T1170] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  146.361511][ T5833] Bluetooth: hci4: command tx timeout
[  146.591029][   T24] usb 5-1: new high-speed USB device number 2 using dummy_hcd
[  146.740900][   T24] usb 5-1: Using ep0 maxpacket: 8
[  146.750354][   T24] usb 5-1: New USB device found, idVendor=0ccd, idProduct=10a3, bcdDevice=23.a2
[  146.759561][   T24] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  146.768584][   T24] usb 5-1: Product: syz
[  146.773202][   T24] usb 5-1: Manufacturer: syz
[  146.777840][   T24] usb 5-1: SerialNumber: syz
[  146.784975][   T24] usb 5-1: config 0 descriptor??
[  147.612455][   T24] usb 5-1: dvb_usb_v2: found a 'Terratec H7' in cold state
[  147.983409][ T7037] loop6: detected capacity change from 0 to 63
[  148.005854][ T6870] Buffer I/O error on dev loop6, logical block 0, async page read
[  148.021895][ T6870] Buffer I/O error on dev loop6, logical block 0, async page read
[  148.041787][ T6870] Buffer I/O error on dev loop6, logical block 0, async page read
[  148.050452][ T6870] Buffer I/O error on dev loop6, logical block 0, async page read
[  148.069911][ T6870] Buffer I/O error on dev loop6, logical block 0, async page read
[  148.156957][ T7044] netlink: 12 bytes leftover after parsing attributes in process `syz.1.400'.
[  148.444784][ T5833] Bluetooth: hci4: command tx timeout
[  148.537858][ T7055] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  148.840180][ T7062] fuse: Unknown parameter '0x0000000000000005'
[  149.439229][ T7069] FAULT_INJECTION: forcing a failure.
[  149.439229][ T7069] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  149.476645][ T7069] CPU: 1 UID: 0 PID: 7069 Comm: syz.4.410 Not tainted 6.16.0-rc2-syzkaller-00231-g75f5f23f8787 #0 PREEMPT(full) 
[  149.476673][ T7069] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  149.476685][ T7069] Call Trace:
[  149.476693][ T7069]  <TASK>
[  149.476702][ T7069]  dump_stack_lvl+0x189/0x250
[  149.476730][ T7069]  ? __pfx____ratelimit+0x10/0x10
[  149.476759][ T7069]  ? __pfx_dump_stack_lvl+0x10/0x10
[  149.476780][ T7069]  ? __pfx__printk+0x10/0x10
[  149.476800][ T7069]  ? __might_fault+0xb0/0x130
[  149.476835][ T7069]  should_fail_ex+0x414/0x560
[  149.476866][ T7069]  _copy_from_user+0x2d/0xb0
[  149.476887][ T7069]  csum_and_copy_from_iter_full+0x1e1/0x1eb0
[  149.476936][ T7069]  ? __pfx_csum_and_copy_from_iter_full+0x10/0x10
[  149.476976][ T7069]  ? trace_kmem_cache_alloc+0x1f/0xc0
[  149.477001][ T7069]  ip_generic_getfrag+0x12f/0x2b0
[  149.477034][ T7069]  ? __pfx_ip_generic_getfrag+0x10/0x10
[  149.477065][ T7069]  ? skb_put+0x11b/0x210
[  149.477093][ T7069]  __ip_append_data+0x3b3d/0x40f0
[  149.477135][ T7069]  ? __pfx_raw_getfrag+0x10/0x10
[  149.477186][ T7069]  ? __pfx___ip_append_data+0x10/0x10
[  149.477203][ T7069]  ? ipv4_mtu+0x4b2/0x5c0
[  149.477225][ T7069]  ? ipv4_mtu+0x23/0x5c0
[  149.477249][ T7069]  ? __pfx_ipv4_mtu+0x10/0x10
[  149.477271][ T7069]  ? ip_setup_cork+0x577/0x9a0
[  149.477286][ T7069]  ? lockdep_hardirqs_on+0x9c/0x150
[  149.477317][ T7069]  ip_append_data+0x10e/0x190
[  149.477350][ T7069]  ? __pfx_raw_getfrag+0x10/0x10
[  149.477378][ T7069]  raw_sendmsg+0x13d7/0x18b0
[  149.477425][ T7069]  ? __pfx_raw_sendmsg+0x10/0x10
[  149.477475][ T7069]  ? aa_sk_perm+0x81e/0x950
[  149.477499][ T7069]  ? __pfx_aa_sk_perm+0x10/0x10
[  149.477523][ T7069]  ? tomoyo_socket_sendmsg_permission+0x216/0x300
[  149.477548][ T7069]  ? sock_rps_record_flow+0x19/0x410
[  149.477569][ T7069]  ? inet_sendmsg+0x2f4/0x370
[  149.477587][ T7069]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  149.477629][ T7069]  __sock_sendmsg+0x19c/0x270
[  149.477652][ T7069]  __sys_sendto+0x3bd/0x520
[  149.477678][ T7069]  ? __pfx___sys_sendto+0x10/0x10
[  149.477697][ T7069]  ? __mutex_unlock_slowpath+0x1cd/0x700
[  149.477729][ T7069]  ? __fget_files+0x3a0/0x420
[  149.477768][ T7069]  ? ksys_write+0x22a/0x250
[  149.477794][ T7069]  ? __pfx_ksys_write+0x10/0x10
[  149.477813][ T7069]  ? rcu_is_watching+0x15/0xb0
[  149.477839][ T7069]  __x64_sys_sendto+0xde/0x100
[  149.477864][ T7069]  do_syscall_64+0xfa/0x3b0
[  149.477881][ T7069]  ? lockdep_hardirqs_on+0x9c/0x150
[  149.477905][ T7069]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  149.477923][ T7069]  ? clear_bhb_loop+0x60/0xb0
[  149.477945][ T7069]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  149.477961][ T7069] RIP: 0033:0x7f756378e929
[  149.477979][ T7069] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  149.477993][ T7069] RSP: 002b:00007f7564536038 EFLAGS: 00000246 ORIG_RAX: 000000000000002c
[  149.478015][ T7069] RAX: ffffffffffffffda RBX: 00007f75639b5fa0 RCX: 00007f756378e929
[  149.478028][ T7069] RDX: 0000000000000003 RSI: 00002000000023c0 RDI: 0000000000000003
[  149.478040][ T7069] RBP: 00007f7564536090 R08: 0000200000002400 R09: 0000000000000010
[  149.478051][ T7069] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  149.478062][ T7069] R13: 0000000000000000 R14: 00007f75639b5fa0 R15: 00007ffdd31fe8a8
[  149.478093][ T7069]  </TASK>
[  150.995735][ T7097] FAULT_INJECTION: forcing a failure.
[  150.995735][ T7097] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  151.013265][ T7097] CPU: 0 UID: 0 PID: 7097 Comm: syz.3.422 Not tainted 6.16.0-rc2-syzkaller-00231-g75f5f23f8787 #0 PREEMPT(full) 
[  151.013310][ T7097] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  151.013322][ T7097] Call Trace:
[  151.013330][ T7097]  <TASK>
[  151.013338][ T7097]  dump_stack_lvl+0x189/0x250
[  151.013365][ T7097]  ? __pfx____ratelimit+0x10/0x10
[  151.013394][ T7097]  ? __pfx_dump_stack_lvl+0x10/0x10
[  151.013413][ T7097]  ? __pfx__printk+0x10/0x10
[  151.013445][ T7097]  should_fail_ex+0x414/0x560
[  151.013471][ T7097]  _copy_to_user+0x31/0xb0
[  151.013491][ T7097]  simple_read_from_buffer+0xe1/0x170
[  151.013520][ T7097]  proc_fail_nth_read+0x1df/0x250
[  151.013541][ T7097]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  151.013562][ T7097]  ? rw_verify_area+0x258/0x650
[  151.013586][ T7097]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  151.013607][ T7097]  vfs_read+0x1fd/0x980
[  151.013638][ T7097]  ? __pfx___mutex_lock+0x10/0x10
[  151.013659][ T7097]  ? __pfx_vfs_read+0x10/0x10
[  151.013686][ T7097]  ? __fget_files+0x2a/0x420
[  151.013719][ T7097]  ? __fget_files+0x3a0/0x420
[  151.013745][ T7097]  ? __fget_files+0x2a/0x420
[  151.013784][ T7097]  ksys_read+0x145/0x250
[  151.013811][ T7097]  ? __pfx_ksys_read+0x10/0x10
[  151.013834][ T7097]  ? fput+0xa0/0xd0
[  151.013858][ T7097]  ? do_syscall_64+0xbe/0x3b0
[  151.013883][ T7097]  do_syscall_64+0xfa/0x3b0
[  151.013900][ T7097]  ? lockdep_hardirqs_on+0x9c/0x150
[  151.013929][ T7097]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  151.013948][ T7097]  ? clear_bhb_loop+0x60/0xb0
[  151.013970][ T7097]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  151.013988][ T7097] RIP: 0033:0x7f343b58d33c
[  151.014006][ T7097] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[  151.014023][ T7097] RSP: 002b:00007f343c453030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  151.014046][ T7097] RAX: ffffffffffffffda RBX: 00007f343b7b5fa0 RCX: 00007f343b58d33c
[  151.014060][ T7097] RDX: 000000000000000f RSI: 00007f343c4530a0 RDI: 0000000000000004
[  151.014072][ T7097] RBP: 00007f343c453090 R08: 0000000000000000 R09: 0000000000000000
[  151.014084][ T7097] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  151.014096][ T7097] R13: 0000000000000000 R14: 00007f343b7b5fa0 R15: 00007ffd5be5bb58
[  151.014129][ T7097]  </TASK>
[  151.323015][ T7101] No control pipe specified
[  151.447032][ T7105] netlink: 44 bytes leftover after parsing attributes in process `syz.1.425'.
[  151.670064][ T7105] syz.1.425 (7105) used greatest stack depth: 15960 bytes left
[  152.226880][ T7127] No control pipe specified
[  152.414332][ T5833] Bluetooth: hci3: unexpected subevent 0x05 length: 9 < 12
[  153.099093][ T7150] FAULT_INJECTION: forcing a failure.
[  153.099093][ T7150] name failslab, interval 1, probability 0, space 0, times 0
[  153.116889][ T7150] CPU: 1 UID: 0 PID: 7150 Comm: syz.0.441 Not tainted 6.16.0-rc2-syzkaller-00231-g75f5f23f8787 #0 PREEMPT(full) 
[  153.116919][ T7150] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  153.116930][ T7150] Call Trace:
[  153.116938][ T7150]  <TASK>
[  153.116947][ T7150]  dump_stack_lvl+0x189/0x250
[  153.116977][ T7150]  ? __pfx____ratelimit+0x10/0x10
[  153.117008][ T7150]  ? __pfx_dump_stack_lvl+0x10/0x10
[  153.117030][ T7150]  ? __pfx__printk+0x10/0x10
[  153.117052][ T7150]  ? __local_bh_enable_ip+0x12d/0x1c0
[  153.117073][ T7150]  ? __pfx___local_bh_enable_ip+0x10/0x10
[  153.117096][ T7150]  ? ipt_do_table+0x13dd/0x1640
[  153.117125][ T7150]  should_fail_ex+0x414/0x560
[  153.117156][ T7150]  should_failslab+0xa8/0x100
[  153.117180][ T7150]  __kmalloc_noprof+0xcb/0x4f0
[  153.117201][ T7150]  ? ___neigh_create+0x6d5/0x2260
[  153.117227][ T7150]  ___neigh_create+0x6d5/0x2260
[  153.117271][ T7150]  ip_neigh_gw4+0x289/0x3b0
[  153.117294][ T7150]  ? __pfx_ip_neigh_gw4+0x10/0x10
[  153.117313][ T7150]  ? __lock_acquire+0xab9/0xd20
[  153.117342][ T7150]  ip_finish_output2+0x57a/0x1160
[  153.117368][ T7150]  ? ip_finish_output2+0x452/0x1160
[  153.117386][ T7150]  ? ip_skb_dst_mtu+0x147/0xc50
[  153.117414][ T7150]  ? __pfx_ip_finish_output2+0x10/0x10
[  153.117434][ T7150]  ? ip_skb_dst_mtu+0x970/0xc50
[  153.117462][ T7150]  ? __ip_finish_output+0x336/0x3f0
[  153.117485][ T7150]  ip_send_skb+0x74/0x100
[  153.117522][ T7150]  udp_send_skb+0xaf1/0x14c0
[  153.117565][ T7150]  udp_sendmsg+0x195b/0x2300
[  153.117589][ T7150]  ? __pfx_aa_label_sk_perm+0x10/0x10
[  153.117618][ T7150]  ? __pfx_ip_generic_getfrag+0x10/0x10
[  153.117646][ T7150]  ? __pfx_udp_sendmsg+0x10/0x10
[  153.117673][ T7150]  ? count_memcg_event_mm+0x21/0x260
[  153.117700][ T7150]  ? count_memcg_event_mm+0x21/0x260
[  153.117750][ T7150]  ? sock_rps_record_flow+0x19/0x410
[  153.117772][ T7150]  ? inet_sendmsg+0x29c/0x370
[  153.117788][ T7150]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  153.117820][ T7150]  __sock_sendmsg+0x19c/0x270
[  153.117843][ T7150]  ____sys_sendmsg+0x52d/0x830
[  153.117875][ T7150]  ? __pfx_____sys_sendmsg+0x10/0x10
[  153.117907][ T7150]  ? import_iovec+0x74/0xa0
[  153.117930][ T7150]  ___sys_sendmsg+0x21f/0x2a0
[  153.117958][ T7150]  ? __pfx____sys_sendmsg+0x10/0x10
[  153.118022][ T7150]  ? __fget_files+0x2a/0x420
[  153.118047][ T7150]  ? __fget_files+0x3a0/0x420
[  153.118081][ T7150]  __sys_sendmmsg+0x227/0x430
[  153.118115][ T7150]  ? __pfx___sys_sendmmsg+0x10/0x10
[  153.118136][ T7150]  ? __mutex_unlock_slowpath+0x1cd/0x700
[  153.118182][ T7150]  ? ksys_write+0x22a/0x250
[  153.118207][ T7150]  ? __pfx_ksys_write+0x10/0x10
[  153.118228][ T7150]  ? rcu_is_watching+0x15/0xb0
[  153.118253][ T7150]  __x64_sys_sendmmsg+0xa0/0xc0
[  153.118400][ T7150]  do_syscall_64+0xfa/0x3b0
[  153.118418][ T7150]  ? lockdep_hardirqs_on+0x9c/0x150
[  153.118447][ T7150]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  153.118472][ T7150]  ? clear_bhb_loop+0x60/0xb0
[  153.118565][ T7150]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  153.118585][ T7150] RIP: 0033:0x7f357518e929
[  153.118605][ T7150] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  153.118621][ T7150] RSP: 002b:00007f35760a4038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[  153.118642][ T7150] RAX: ffffffffffffffda RBX: 00007f35753b5fa0 RCX: 00007f357518e929
[  153.118656][ T7150] RDX: 000000000800001d RSI: 0000200000007fc0 RDI: 0000000000000003
[  153.118668][ T7150] RBP: 00007f35760a4090 R08: 0000000000000000 R09: 0000000000000000
[  153.118680][ T7150] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  153.118689][ T7150] R13: 0000000000000000 R14: 00007f35753b5fa0 R15: 00007ffdad420b98
[  153.118721][ T7150]  </TASK>
[  153.502341][    C1] vkms_vblank_simulate: vblank timer overrun
[  153.529863][ T7152] No control pipe specified
[  153.846295][ T5833] Bluetooth: hci3: unexpected subevent 0x05 length: 9 < 12
[  154.125329][ T7168] FAULT_INJECTION: forcing a failure.
[  154.125329][ T7168] name failslab, interval 1, probability 0, space 0, times 0
[  154.150864][ T7168] CPU: 1 UID: 0 PID: 7168 Comm: syz.4.450 Not tainted 6.16.0-rc2-syzkaller-00231-g75f5f23f8787 #0 PREEMPT(full) 
[  154.150897][ T7168] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  154.150908][ T7168] Call Trace:
[  154.150915][ T7168]  <TASK>
[  154.150924][ T7168]  dump_stack_lvl+0x189/0x250
[  154.150954][ T7168]  ? __pfx____ratelimit+0x10/0x10
[  154.150984][ T7168]  ? __pfx_dump_stack_lvl+0x10/0x10
[  154.151007][ T7168]  ? __pfx__printk+0x10/0x10
[  154.151036][ T7168]  ? __pfx___might_resched+0x10/0x10
[  154.151057][ T7168]  ? fs_reclaim_acquire+0x7d/0x100
[  154.151088][ T7168]  should_fail_ex+0x414/0x560
[  154.151119][ T7168]  should_failslab+0xa8/0x100
[  154.151146][ T7168]  __kmalloc_cache_noprof+0x70/0x3d0
[  154.151170][ T7168]  ? sctp_auth_asoc_copy_shkeys+0x14e/0x5a0
[  154.151198][ T7168]  sctp_auth_asoc_copy_shkeys+0x14e/0x5a0
[  154.151229][ T7168]  sctp_association_new+0x15d3/0x25f0
[  154.151271][ T7168]  sctp_connect_new_asoc+0x2c5/0x690
[  154.151307][ T7168]  ? __pfx_sctp_connect_new_asoc+0x10/0x10
[  154.151330][ T7168]  ? __local_bh_enable_ip+0x12d/0x1c0
[  154.151358][ T7168]  ? bpf_lsm_sctp_bind_connect+0x9/0x20
[  154.151378][ T7168]  ? security_sctp_bind_connect+0x7e/0x2e0
[  154.151408][ T7168]  sctp_sendmsg+0x155c/0x2810
[  154.151447][ T7168]  ? __pfx_sctp_sendmsg+0x10/0x10
[  154.151476][ T7168]  ? aa_sk_perm+0x81e/0x950
[  154.151502][ T7168]  ? __pfx_aa_sk_perm+0x10/0x10
[  154.151536][ T7168]  ? sock_rps_record_flow+0x19/0x410
[  154.151559][ T7168]  ? inet_sendmsg+0x2f4/0x370
[  154.151583][ T7168]  __sock_sendmsg+0x19c/0x270
[  154.151608][ T7168]  __sys_sendto+0x3bd/0x520
[  154.151634][ T7168]  ? __pfx___sys_sendto+0x10/0x10
[  154.151654][ T7168]  ? __mutex_unlock_slowpath+0x1cd/0x700
[  154.151689][ T7168]  ? __fget_files+0x3a0/0x420
[  154.151730][ T7168]  ? ksys_write+0x22a/0x250
[  154.151758][ T7168]  ? __pfx_ksys_write+0x10/0x10
[  154.151779][ T7168]  ? rcu_is_watching+0x15/0xb0
[  154.151807][ T7168]  __x64_sys_sendto+0xde/0x100
[  154.151834][ T7168]  do_syscall_64+0xfa/0x3b0
[  154.151852][ T7168]  ? lockdep_hardirqs_on+0x9c/0x150
[  154.151881][ T7168]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  154.151899][ T7168]  ? clear_bhb_loop+0x60/0xb0
[  154.151923][ T7168]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  154.151941][ T7168] RIP: 0033:0x7f756378e929
[  154.151960][ T7168] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  154.151976][ T7168] RSP: 002b:00007f7564536038 EFLAGS: 00000246 ORIG_RAX: 000000000000002c
[  154.151998][ T7168] RAX: ffffffffffffffda RBX: 00007f75639b5fa0 RCX: 00007f756378e929
[  154.152013][ T7168] RDX: 000000000000ffe0 RSI: 0000200000000100 RDI: 0000000000000003
[  154.152025][ T7168] RBP: 00007f7564536090 R08: 0000200000000140 R09: 000000000000001c
[  154.152038][ T7168] R10: 000000002000c851 R11: 0000000000000246 R12: 0000000000000001
[  154.152050][ T7168] R13: 0000000000000000 R14: 00007f75639b5fa0 R15: 00007ffdd31fe8a8
[  154.152082][ T7168]  </TASK>
[  154.467075][    C1] vkms_vblank_simulate: vblank timer overrun
[  154.699943][ T7172] No control pipe specified
[  154.890199][ T7178] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  155.123723][ T7189] FAULT_INJECTION: forcing a failure.
[  155.123723][ T7189] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  155.154313][ T7189] CPU: 0 UID: 0 PID: 7189 Comm: syz.3.459 Not tainted 6.16.0-rc2-syzkaller-00231-g75f5f23f8787 #0 PREEMPT(full) 
[  155.154343][ T7189] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  155.154353][ T7189] Call Trace:
[  155.154361][ T7189]  <TASK>
[  155.154370][ T7189]  dump_stack_lvl+0x189/0x250
[  155.154396][ T7189]  ? __pfx____ratelimit+0x10/0x10
[  155.154425][ T7189]  ? __pfx_dump_stack_lvl+0x10/0x10
[  155.154446][ T7189]  ? __pfx__printk+0x10/0x10
[  155.154467][ T7189]  ? __might_fault+0xb0/0x130
[  155.154500][ T7189]  should_fail_ex+0x414/0x560
[  155.154529][ T7189]  _copy_from_user+0x2d/0xb0
[  155.154550][ T7189]  __se_sys_copy_file_range+0x1b0/0x470
[  155.154568][ T7189]  ? fput+0xa0/0xd0
[  155.154588][ T7189]  ? __pfx___se_sys_copy_file_range+0x10/0x10
[  155.154606][ T7189]  ? __pfx_ksys_write+0x10/0x10
[  155.154624][ T7189]  ? rcu_is_watching+0x15/0xb0
[  155.154649][ T7189]  ? __x64_sys_copy_file_range+0x21/0xf0
[  155.154671][ T7189]  do_syscall_64+0xfa/0x3b0
[  155.154686][ T7189]  ? lockdep_hardirqs_on+0x9c/0x150
[  155.154711][ T7189]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  155.154728][ T7189]  ? clear_bhb_loop+0x60/0xb0
[  155.154748][ T7189]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  155.154764][ T7189] RIP: 0033:0x7f343b58e929
[  155.154779][ T7189] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  155.154795][ T7189] RSP: 002b:00007f343c453038 EFLAGS: 00000246 ORIG_RAX: 0000000000000146
[  155.154815][ T7189] RAX: ffffffffffffffda RBX: 00007f343b7b5fa0 RCX: 00007f343b58e929
[  155.154830][ T7189] RDX: 0000000000000003 RSI: 0000200000000000 RDI: 0000000000000003
[  155.154841][ T7189] RBP: 00007f343c453090 R08: 0000000000000003 R09: 0000000000000000
[  155.154852][ T7189] R10: 0000200000000040 R11: 0000000000000246 R12: 0000000000000001
[  155.154863][ T7189] R13: 0000000000000000 R14: 00007f343b7b5fa0 R15: 00007ffd5be5bb58
[  155.154891][ T7189]  </TASK>
[  155.480067][ T5833] Bluetooth: hci4: unexpected subevent 0x05 length: 9 < 12
[  155.502035][ T7195] No control pipe specified
[  156.008459][ T7206] FAULT_INJECTION: forcing a failure.
[  156.008459][ T7206] name failslab, interval 1, probability 0, space 0, times 0
[  156.021904][ T7206] CPU: 1 UID: 0 PID: 7206 Comm: syz.4.466 Not tainted 6.16.0-rc2-syzkaller-00231-g75f5f23f8787 #0 PREEMPT(full) 
[  156.021929][ T7206] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  156.021940][ T7206] Call Trace:
[  156.021948][ T7206]  <TASK>
[  156.021956][ T7206]  dump_stack_lvl+0x189/0x250
[  156.021983][ T7206]  ? __pfx____ratelimit+0x10/0x10
[  156.022011][ T7206]  ? __pfx_dump_stack_lvl+0x10/0x10
[  156.022031][ T7206]  ? __pfx__printk+0x10/0x10
[  156.022059][ T7206]  ? __pfx___might_resched+0x10/0x10
[  156.022080][ T7206]  ? fs_reclaim_acquire+0x7d/0x100
[  156.022111][ T7206]  should_fail_ex+0x414/0x560
[  156.022142][ T7206]  should_failslab+0xa8/0x100
[  156.022169][ T7206]  kmem_cache_alloc_node_noprof+0x76/0x3c0
[  156.022193][ T7206]  ? __alloc_skb+0x112/0x2d0
[  156.022220][ T7206]  __alloc_skb+0x112/0x2d0
[  156.022247][ T7206]  netlink_ack+0x146/0xa50
[  156.022288][ T7206]  netlink_rcv_skb+0x28c/0x470
[  156.022309][ T7206]  ? __pfx_nfnetlink_rcv_msg+0x10/0x10
[  156.022325][ T7206]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  156.022352][ T7206]  ? bpf_lsm_capable+0x9/0x20
[  156.022369][ T7206]  ? security_capable+0x7e/0x2e0
[  156.022391][ T7206]  nfnetlink_rcv+0x26a/0x2520
[  156.022408][ T7206]  ? __dev_queue_xmit+0x1cd7/0x3a70
[  156.022441][ T7206]  ? _raw_spin_unlock_irqrestore+0x85/0x110
[  156.022462][ T7206]  ? lockdep_hardirqs_on+0x9c/0x150
[  156.022486][ T7206]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  156.022506][ T7206]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  156.022536][ T7206]  ? __pfx_nfnetlink_rcv+0x10/0x10
[  156.022556][ T7206]  ? rcu_preempt_deferred_qs_irqrestore+0x851/0xc40
[  156.022592][ T7206]  ? __pfx_rcu_preempt_deferred_qs_irqrestore+0x10/0x10
[  156.022622][ T7206]  ? rcu_is_watching+0x15/0xb0
[  156.022640][ T7206]  ? rcu_read_unlock_special+0x3fe/0x4c0
[  156.022659][ T7206]  ? skb_clone+0x246/0x3a0
[  156.022684][ T7206]  ? __pfx_rcu_read_unlock_special+0x10/0x10
[  156.022704][ T7206]  ? netlink_deliver_tap+0x2e/0x1b0
[  156.022727][ T7206]  ? netlink_deliver_tap+0x2e/0x1b0
[  156.022751][ T7206]  netlink_unicast+0x75b/0x8d0
[  156.022776][ T7206]  netlink_sendmsg+0x805/0xb30
[  156.022808][ T7206]  ? __pfx_netlink_sendmsg+0x10/0x10
[  156.022829][ T7206]  ? aa_sock_msg_perm+0x94/0x160
[  156.022846][ T7206]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  156.022867][ T7206]  ? __pfx_netlink_sendmsg+0x10/0x10
[  156.022886][ T7206]  __sock_sendmsg+0x219/0x270
[  156.022904][ T7206]  ____sys_sendmsg+0x505/0x830
[  156.022928][ T7206]  ? __pfx_____sys_sendmsg+0x10/0x10
[  156.022955][ T7206]  ? import_iovec+0x74/0xa0
[  156.022974][ T7206]  ___sys_sendmsg+0x21f/0x2a0
[  156.022995][ T7206]  ? __pfx____sys_sendmsg+0x10/0x10
[  156.023045][ T7206]  ? __fget_files+0x2a/0x420
[  156.023066][ T7206]  ? __fget_files+0x3a0/0x420
[  156.023095][ T7206]  __x64_sys_sendmsg+0x19b/0x260
[  156.023116][ T7206]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  156.023144][ T7206]  ? __pfx_ksys_write+0x10/0x10
[  156.023161][ T7206]  ? rcu_is_watching+0x15/0xb0
[  156.023181][ T7206]  ? do_syscall_64+0xbe/0x3b0
[  156.023198][ T7206]  do_syscall_64+0xfa/0x3b0
[  156.023212][ T7206]  ? lockdep_hardirqs_on+0x9c/0x150
[  156.023233][ T7206]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  156.023247][ T7206]  ? clear_bhb_loop+0x60/0xb0
[  156.023265][ T7206]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  156.023280][ T7206] RIP: 0033:0x7f756378e929
[  156.023294][ T7206] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  156.023307][ T7206] RSP: 002b:00007f7564536038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  156.023326][ T7206] RAX: ffffffffffffffda RBX: 00007f75639b5fa0 RCX: 00007f756378e929
[  156.023337][ T7206] RDX: 0000000000000000 RSI: 0000200000000080 RDI: 0000000000000003
[  156.023346][ T7206] RBP: 00007f7564536090 R08: 0000000000000000 R09: 0000000000000000
[  156.023355][ T7206] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  156.023363][ T7206] R13: 0000000000000000 R14: 00007f75639b5fa0 R15: 00007ffdd31fe8a8
[  156.023387][ T7206]  </TASK>
[  156.781989][ T7226] No control pipe specified
[  156.925325][ T7234] syz_tun: entered allmulticast mode
[  157.670907][ T7274] syz_tun: entered allmulticast mode
[  157.927732][ T7285] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  158.432768][ T7312] FAULT_INJECTION: forcing a failure.
[  158.432768][ T7312] name failslab, interval 1, probability 0, space 0, times 0
[  158.448015][ T7312] CPU: 0 UID: 0 PID: 7312 Comm: syz.3.493 Not tainted 6.16.0-rc2-syzkaller-00231-g75f5f23f8787 #0 PREEMPT(full) 
[  158.448045][ T7312] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  158.448057][ T7312] Call Trace:
[  158.448065][ T7312]  <TASK>
[  158.448074][ T7312]  dump_stack_lvl+0x189/0x250
[  158.448104][ T7312]  ? __pfx____ratelimit+0x10/0x10
[  158.448133][ T7312]  ? __pfx_dump_stack_lvl+0x10/0x10
[  158.448155][ T7312]  ? __pfx__printk+0x10/0x10
[  158.448183][ T7312]  ? __pfx___might_resched+0x10/0x10
[  158.448204][ T7312]  ? fs_reclaim_acquire+0x7d/0x100
[  158.448236][ T7312]  should_fail_ex+0x414/0x560
[  158.448267][ T7312]  should_failslab+0xa8/0x100
[  158.448294][ T7312]  __kmalloc_cache_noprof+0x70/0x3d0
[  158.448328][ T7312]  ? genl_start+0x1c9/0x6c0
[  158.448361][ T7312]  genl_start+0x1c9/0x6c0
[  158.448386][ T7312]  ? netlink_lookup+0x30/0x200
[  158.448413][ T7312]  __netlink_dump_start+0x469/0x7e0
[  158.448444][ T7312]  genl_family_rcv_msg_dumpit+0x1e7/0x2c0
[  158.448476][ T7312]  ? __pfx_genl_family_rcv_msg_dumpit+0x10/0x10
[  158.448501][ T7312]  ? genl_get_cmd+0x7d9/0x910
[  158.448527][ T7312]  ? __pfx_genl_start+0x10/0x10
[  158.448547][ T7312]  ? __pfx_genl_dumpit+0x10/0x10
[  158.448566][ T7312]  ? __pfx_genl_done+0x10/0x10
[  158.448593][ T7312]  genl_rcv_msg+0x5da/0x790
[  158.448620][ T7312]  ? __pfx_genl_rcv_msg+0x10/0x10
[  158.448640][ T7312]  ? ref_tracker_free+0x63a/0x7d0
[  158.448658][ T7312]  ? __pfx_nl80211_dump_wiphy+0x10/0x10
[  158.448679][ T7312]  ? __pfx_nl80211_dump_wiphy_done+0x10/0x10
[  158.448702][ T7312]  ? __pfx_ref_tracker_free+0x10/0x10
[  158.448731][ T7312]  netlink_rcv_skb+0x208/0x470
[  158.448749][ T7312]  ? __pfx_genl_rcv_msg+0x10/0x10
[  158.448773][ T7312]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  158.448807][ T7312]  ? down_read+0x1ad/0x2e0
[  158.448826][ T7312]  genl_rcv+0x28/0x40
[  158.448845][ T7312]  netlink_unicast+0x75b/0x8d0
[  158.448872][ T7312]  netlink_sendmsg+0x805/0xb30
[  158.448899][ T7312]  ? __pfx_netlink_sendmsg+0x10/0x10
[  158.448921][ T7312]  ? aa_sock_msg_perm+0x94/0x160
[  158.448938][ T7312]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  158.448960][ T7312]  ? __pfx_netlink_sendmsg+0x10/0x10
[  158.448979][ T7312]  __sock_sendmsg+0x219/0x270
[  158.448997][ T7312]  ____sys_sendmsg+0x505/0x830
[  158.449022][ T7312]  ? __pfx_____sys_sendmsg+0x10/0x10
[  158.449050][ T7312]  ? import_iovec+0x74/0xa0
[  158.449068][ T7312]  ___sys_sendmsg+0x21f/0x2a0
[  158.449090][ T7312]  ? __pfx____sys_sendmsg+0x10/0x10
[  158.449142][ T7312]  ? __fget_files+0x2a/0x420
[  158.449163][ T7312]  ? __fget_files+0x3a0/0x420
[  158.449193][ T7312]  __x64_sys_sendmsg+0x19b/0x260
[  158.449215][ T7312]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  158.449243][ T7312]  ? __pfx_ksys_write+0x10/0x10
[  158.449260][ T7312]  ? rcu_is_watching+0x15/0xb0
[  158.449283][ T7312]  ? do_syscall_64+0xbe/0x3b0
[  158.449300][ T7312]  do_syscall_64+0xfa/0x3b0
[  158.449320][ T7312]  ? lockdep_hardirqs_on+0x9c/0x150
[  158.449342][ T7312]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  158.449356][ T7312]  ? clear_bhb_loop+0x60/0xb0
[  158.449374][ T7312]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  158.449388][ T7312] RIP: 0033:0x7f343b58e929
[  158.449402][ T7312] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  158.449416][ T7312] RSP: 002b:00007f343c453038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  158.449434][ T7312] RAX: ffffffffffffffda RBX: 00007f343b7b5fa0 RCX: 00007f343b58e929
[  158.449445][ T7312] RDX: 0000000000004000 RSI: 0000200000000180 RDI: 0000000000000003
[  158.449454][ T7312] RBP: 00007f343c453090 R08: 0000000000000000 R09: 0000000000000000
[  158.449464][ T7312] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  158.449472][ T7312] R13: 0000000000000000 R14: 00007f343b7b5fa0 R15: 00007ffd5be5bb58
[  158.449497][ T7312]  </TASK>
[  158.889996][ T5835] usb 3-1: dvb_usb_v2: Did not find the firmware file 'dvb-usb-terratec-h7-az6007.fw' (status -110). You can use <kernel_dir>/scripts/get_dvb_firmware to get the firmware
[  158.907640][  T888] usb 4-1: dvb_usb_v2: Did not find the firmware file 'dvb-usb-terratec-h7-az6007.fw' (status -2). You can use <kernel_dir>/scripts/get_dvb_firmware to get the firmware
[  158.911067][   T10] usb 1-1: dvb_usb_v2: Did not find the firmware file 'dvb-usb-terratec-h7-az6007.fw' (status -2). You can use <kernel_dir>/scripts/get_dvb_firmware to get the firmware
[  158.944646][   T10] dvb_usb_az6007 1-1:0.0: probe with driver dvb_usb_az6007 failed with error -2
[  158.944812][   T24] usb 5-1: dvb_usb_v2: Did not find the firmware file 'dvb-usb-terratec-h7-az6007.fw' (status -2). You can use <kernel_dir>/scripts/get_dvb_firmware to get the firmware
[  158.957656][   T10] usb 1-1: USB disconnect, device number 3
[  158.983032][ T5895] usb 2-1: dvb_usb_v2: Did not find the firmware file 'dvb-usb-terratec-h7-az6007.fw' (status -2). You can use <kernel_dir>/scripts/get_dvb_firmware to get the firmware
[  159.000551][ T5895] dvb_usb_az6007 2-1:0.0: probe with driver dvb_usb_az6007 failed with error -2
[  159.014971][ T5895] usb 2-1: USB disconnect, device number 6
[  159.022213][ T5835] dvb_usb_az6007 3-1:0.0: probe with driver dvb_usb_az6007 failed with error -110
[  159.037634][ T5835] usb 3-1: USB disconnect, device number 2
[  159.095230][  T888] dvb_usb_az6007 4-1:0.0: probe with driver dvb_usb_az6007 failed with error -2
[  159.151736][   T24] dvb_usb_az6007 5-1:0.0: probe with driver dvb_usb_az6007 failed with error -2
[  159.177893][  T888] usb 4-1: USB disconnect, device number 3
[  159.238659][   T24] usb 5-1: USB disconnect, device number 2
[  159.561356][  T888] usb 4-1: new high-speed USB device number 4 using dummy_hcd
[  159.590933][   T24] usb 5-1: new high-speed USB device number 3 using dummy_hcd
[  159.721016][  T888] usb 4-1: Using ep0 maxpacket: 8
[  159.731795][  T888] usb 4-1: New USB device found, idVendor=0ccd, idProduct=10a3, bcdDevice=23.a2
[  159.772018][  T888] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  159.780099][  T888] usb 4-1: Product: syz
[  159.798540][  T888] usb 4-1: Manufacturer: syz
[  159.806644][  T888] usb 4-1: SerialNumber: syz
[  159.838478][  T888] usb 4-1: config 0 descriptor??
[  160.086509][  T888] usb 4-1: dvb_usb_v2: found a 'Terratec H7' in warm state
[  160.179941][   T12] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  160.306709][   T12] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  160.443489][   T12] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  160.559783][   T12] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  160.808953][ T7353] Invalid/unusable pipe
[  160.851155][   T24] usb 1-1: new high-speed USB device number 4 using dummy_hcd
[  160.880370][   T12] bridge_slave_1: left allmulticast mode
[  160.890904][   T12] bridge_slave_1: left promiscuous mode
[  160.898085][   T12] bridge0: port 2(bridge_slave_1) entered disabled state
[  160.977796][   T12] bridge_slave_0: left allmulticast mode
[  161.001038][   T12] bridge_slave_0: left promiscuous mode
[  161.020716][   T12] bridge0: port 1(bridge_slave_0) entered disabled state
[  161.029773][   T24] usb 1-1: Using ep0 maxpacket: 8
[  161.062532][   T24] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x7 has invalid wMaxPacketSize 0
[  161.082561][   T24] usb 1-1: New USB device found, idVendor=0af0, idProduct=6751, bcdDevice=75.8b
[  161.096833][ T7359] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  161.108369][   T24] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  161.157822][   T24] usb 1-1: config 0 descriptor??
[  161.190279][   T24] hso 1-1:0.0: Can't find BULK IN endpoint
[  161.294666][  T888] usb write operation failed. (-71)
[  161.332697][  T888] usb 4-1: dvb_usb_v2: will pass the complete MPEG2 transport stream to the software demuxer
[  161.387978][  T888] dvbdev: DVB: registering new adapter (Terratec H7)
[  161.403106][   T43] usb 1-1: USB disconnect, device number 4
[  161.439774][  T888] usb 4-1: media controller created
[  161.457557][  T888] usb read operation failed. (-71)
[  161.467138][  T888] usb write operation failed. (-71)
[  161.495308][  T888] dvb_usb_az6007 4-1:0.0: probe with driver dvb_usb_az6007 failed with error -5
[  161.533188][  T888] usb 4-1: USB disconnect, device number 4
[  161.816466][ T7378] netlink: 40 bytes leftover after parsing attributes in process `syz.3.515'.
[  161.871600][ T7378] FAULT_INJECTION: forcing a failure.
[  161.871600][ T7378] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  161.930879][ T7378] CPU: 1 UID: 0 PID: 7378 Comm: syz.3.515 Not tainted 6.16.0-rc2-syzkaller-00231-g75f5f23f8787 #0 PREEMPT(full) 
[  161.930911][ T7378] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  161.930922][ T7378] Call Trace:
[  161.930930][ T7378]  <TASK>
[  161.930939][ T7378]  dump_stack_lvl+0x189/0x250
[  161.930967][ T7378]  ? __pfx____ratelimit+0x10/0x10
[  161.930998][ T7378]  ? __pfx_dump_stack_lvl+0x10/0x10
[  161.931020][ T7378]  ? __pfx__printk+0x10/0x10
[  161.931055][ T7378]  should_fail_ex+0x414/0x560
[  161.931086][ T7378]  _copy_to_user+0x31/0xb0
[  161.931108][ T7378]  simple_read_from_buffer+0xe1/0x170
[  161.931140][ T7378]  proc_fail_nth_read+0x1df/0x250
[  161.931162][ T7378]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  161.931184][ T7378]  ? rw_verify_area+0x258/0x650
[  161.931208][ T7378]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  161.931228][ T7378]  vfs_read+0x1fd/0x980
[  161.931258][ T7378]  ? __pfx___mutex_lock+0x10/0x10
[  161.931285][ T7378]  ? __pfx_vfs_read+0x10/0x10
[  161.931312][ T7378]  ? __fget_files+0x2a/0x420
[  161.931344][ T7378]  ? __fget_files+0x3a0/0x420
[  161.931370][ T7378]  ? __fget_files+0x2a/0x420
[  161.931407][ T7378]  ksys_read+0x145/0x250
[  161.931434][ T7378]  ? __pfx_ksys_read+0x10/0x10
[  161.931456][ T7378]  ? rcu_is_watching+0x15/0xb0
[  161.931483][ T7378]  ? do_syscall_64+0xbe/0x3b0
[  161.931507][ T7378]  do_syscall_64+0xfa/0x3b0
[  161.931523][ T7378]  ? lockdep_hardirqs_on+0x9c/0x150
[  161.931550][ T7378]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  161.931568][ T7378]  ? clear_bhb_loop+0x60/0xb0
[  161.931590][ T7378]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  161.931606][ T7378] RIP: 0033:0x7f343b58d33c
[  161.931624][ T7378] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[  161.931640][ T7378] RSP: 002b:00007f343c453030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  161.931660][ T7378] RAX: ffffffffffffffda RBX: 00007f343b7b5fa0 RCX: 00007f343b58d33c
[  161.931674][ T7378] RDX: 000000000000000f RSI: 00007f343c4530a0 RDI: 0000000000000004
[  161.931685][ T7378] RBP: 00007f343c453090 R08: 0000000000000000 R09: 0000000000000000
[  161.931695][ T7378] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  161.931706][ T7378] R13: 0000000000000000 R14: 00007f343b7b5fa0 R15: 00007ffd5be5bb58
[  161.931736][ T7378]  </TASK>
[  162.175652][    C1] vkms_vblank_simulate: vblank timer overrun
[  162.322360][ T5895] usb 2-1: new full-speed USB device number 7 using dummy_hcd
[  162.519475][   T12] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  162.535240][   T12] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  162.553140][ T5895] usb 2-1: unable to get BOS descriptor or descriptor too short
[  162.569507][ T5895] usb 2-1: too many configurations: 156, using maximum allowed: 8
[  162.581110][   T12] bond0 (unregistering): Released all slaves
[  162.592673][ T5895] usb 2-1: unable to read config index 0 descriptor/start: -71
[  162.613376][ T5895] usb 2-1: can't read configurations, error -71
[  162.878023][ T7398] Invalid/unusable pipe
[  163.740231][   T12] hsr_slave_0: left promiscuous mode
[  163.769094][   T12] hsr_slave_1: left promiscuous mode
[  163.797833][   T12] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  163.800089][ T7426] Invalid/unusable pipe
[  163.822768][   T12] batman_adv: batadv0: Removing interface: batadv_slave_0
[  163.896724][   T12] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  163.914521][   T12] batman_adv: batadv0: Removing interface: batadv_slave_1
[  164.049734][   T12] veth1_macvtap: left promiscuous mode
[  164.084709][   T12] veth0_macvtap: left promiscuous mode
[  164.090558][   T12] veth1_vlan: left promiscuous mode
[  164.133421][   T12] veth0_vlan: left promiscuous mode
[  164.849391][   T12] team0 (unregistering): Port device team_slave_1 removed
[  164.895606][   T12] team0 (unregistering): Port device team_slave_0 removed
[  165.275864][ T7460] autofs: Bad value for 'fd'
[  165.481535][ T7467] FAULT_INJECTION: forcing a failure.
[  165.481535][ T7467] name failslab, interval 1, probability 0, space 0, times 0
[  165.494953][ T7467] CPU: 0 UID: 0 PID: 7467 Comm: syz.1.541 Not tainted 6.16.0-rc2-syzkaller-00231-g75f5f23f8787 #0 PREEMPT(full) 
[  165.494980][ T7467] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  165.494991][ T7467] Call Trace:
[  165.494999][ T7467]  <TASK>
[  165.495008][ T7467]  dump_stack_lvl+0x189/0x250
[  165.495037][ T7467]  ? __pfx____ratelimit+0x10/0x10
[  165.495065][ T7467]  ? __pfx_dump_stack_lvl+0x10/0x10
[  165.495088][ T7467]  ? __pfx__printk+0x10/0x10
[  165.495113][ T7467]  ? __pfx___might_resched+0x10/0x10
[  165.495132][ T7467]  ? fs_reclaim_acquire+0x7d/0x100
[  165.495163][ T7467]  should_fail_ex+0x414/0x560
[  165.495193][ T7467]  should_failslab+0xa8/0x100
[  165.495219][ T7467]  __kmalloc_noprof+0xcb/0x4f0
[  165.495242][ T7467]  ? genl_family_rcv_msg_attrs_parse+0xa3/0x2a0
[  165.495268][ T7467]  genl_family_rcv_msg_attrs_parse+0xa3/0x2a0
[  165.495296][ T7467]  genl_family_rcv_msg_doit+0xb8/0x300
[  165.495334][ T7467]  ? __pfx_genl_family_rcv_msg_doit+0x10/0x10
[  165.495367][ T7467]  ? rcu_is_watching+0x15/0xb0
[  165.495392][ T7467]  ? apparmor_capable+0x137/0x1b0
[  165.495418][ T7467]  ? bpf_lsm_capable+0x9/0x20
[  165.495450][ T7467]  ? security_capable+0x7e/0x2e0
[  165.495478][ T7467]  genl_rcv_msg+0x60e/0x790
[  165.495513][ T7467]  ? __pfx_genl_rcv_msg+0x10/0x10
[  165.495540][ T7467]  ? __pfx_l2tp_nl_cmd_session_create+0x10/0x10
[  165.495580][ T7467]  netlink_rcv_skb+0x208/0x470
[  165.495605][ T7467]  ? __pfx_genl_rcv_msg+0x10/0x10
[  165.495635][ T7467]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  165.495679][ T7467]  ? down_read+0x1ad/0x2e0
[  165.495703][ T7467]  genl_rcv+0x28/0x40
[  165.495728][ T7467]  netlink_unicast+0x75b/0x8d0
[  165.495764][ T7467]  netlink_sendmsg+0x805/0xb30
[  165.495800][ T7467]  ? __pfx_netlink_sendmsg+0x10/0x10
[  165.495828][ T7467]  ? aa_sock_msg_perm+0x94/0x160
[  165.495849][ T7467]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  165.495876][ T7467]  ? __pfx_netlink_sendmsg+0x10/0x10
[  165.495901][ T7467]  __sock_sendmsg+0x219/0x270
[  165.495926][ T7467]  ____sys_sendmsg+0x505/0x830
[  165.495958][ T7467]  ? __pfx_____sys_sendmsg+0x10/0x10
[  165.495994][ T7467]  ? import_iovec+0x74/0xa0
[  165.496019][ T7467]  ___sys_sendmsg+0x21f/0x2a0
[  165.496048][ T7467]  ? __pfx____sys_sendmsg+0x10/0x10
[  165.496118][ T7467]  ? __fget_files+0x2a/0x420
[  165.496144][ T7467]  ? __fget_files+0x3a0/0x420
[  165.496184][ T7467]  __x64_sys_sendmsg+0x19b/0x260
[  165.496212][ T7467]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  165.496249][ T7467]  ? __pfx_ksys_write+0x10/0x10
[  165.496271][ T7467]  ? rcu_is_watching+0x15/0xb0
[  165.496298][ T7467]  ? do_syscall_64+0xbe/0x3b0
[  165.496322][ T7467]  do_syscall_64+0xfa/0x3b0
[  165.496338][ T7467]  ? lockdep_hardirqs_on+0x9c/0x150
[  165.496366][ T7467]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  165.496385][ T7467]  ? clear_bhb_loop+0x60/0xb0
[  165.496409][ T7467]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  165.496427][ T7467] RIP: 0033:0x7f67c4d8e929
[  165.496455][ T7467] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  165.496471][ T7467] RSP: 002b:00007f67c5b40038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  165.496493][ T7467] RAX: ffffffffffffffda RBX: 00007f67c4fb5fa0 RCX: 00007f67c4d8e929
[  165.496507][ T7467] RDX: 0000000004000000 RSI: 0000200000000140 RDI: 0000000000000005
[  165.496519][ T7467] RBP: 00007f67c5b40090 R08: 0000000000000000 R09: 0000000000000000
[  165.496531][ T7467] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  165.496542][ T7467] R13: 0000000000000000 R14: 00007f67c4fb5fa0 R15: 00007ffec6d85f88
[  165.496575][ T7467]  </TASK>
[  166.023512][ T7445] tun0: tun_chr_ioctl cmd 1074025676
[  166.029342][ T7445] tun0: owner set to 0
[  166.200548][ T7475] netlink: 20 bytes leftover after parsing attributes in process `syz.3.545'.
[  166.458784][ T7485] autofs: Bad value for 'fd'
[  166.465262][ T7481] FAULT_INJECTION: forcing a failure.
[  166.465262][ T7481] name failslab, interval 1, probability 0, space 0, times 0
[  166.558796][ T7481] CPU: 1 UID: 0 PID: 7481 Comm: syz.3.547 Not tainted 6.16.0-rc2-syzkaller-00231-g75f5f23f8787 #0 PREEMPT(full) 
[  166.558826][ T7481] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  166.558837][ T7481] Call Trace:
[  166.558845][ T7481]  <TASK>
[  166.558853][ T7481]  dump_stack_lvl+0x189/0x250
[  166.558883][ T7481]  ? __pfx____ratelimit+0x10/0x10
[  166.558911][ T7481]  ? __pfx_dump_stack_lvl+0x10/0x10
[  166.558932][ T7481]  ? __pfx__printk+0x10/0x10
[  166.558961][ T7481]  ? __pfx___might_resched+0x10/0x10
[  166.558981][ T7481]  ? fs_reclaim_acquire+0x7d/0x100
[  166.559012][ T7481]  should_fail_ex+0x414/0x560
[  166.559042][ T7481]  should_failslab+0xa8/0x100
[  166.559068][ T7481]  kmem_cache_alloc_noprof+0x73/0x3c0
[  166.559090][ T7481]  ? skb_clone+0x212/0x3a0
[  166.559121][ T7481]  skb_clone+0x212/0x3a0
[  166.559144][ T7481]  ? nfnetlink_rcv+0x486/0x2520
[  166.559165][ T7481]  nfnetlink_rcv+0x4b4/0x2520
[  166.559187][ T7481]  ? __dev_queue_xmit+0x1cd7/0x3a70
[  166.559220][ T7481]  ? kmem_cache_alloc_noprof+0x1c1/0x3c0
[  166.559244][ T7481]  ? __dev_queue_xmit+0x27e/0x3a70
[  166.559270][ T7481]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  166.559299][ T7481]  ? __pfx_nfnetlink_rcv+0x10/0x10
[  166.559335][ T7481]  ? ref_tracker_free+0x63a/0x7d0
[  166.559357][ T7481]  ? __copy_skb_header+0xa7/0x550
[  166.559384][ T7481]  ? __pfx_ref_tracker_free+0x10/0x10
[  166.559409][ T7481]  ? __skb_clone+0x63/0x7a0
[  166.559438][ T7481]  ? __skb_clone+0x483/0x7a0
[  166.559471][ T7481]  ? skb_clone+0x246/0x3a0
[  166.559508][ T7481]  ? __netlink_deliver_tap+0x807/0x850
[  166.559530][ T7481]  ? netlink_deliver_tap+0x2e/0x1b0
[  166.559561][ T7481]  ? netlink_deliver_tap+0x2e/0x1b0
[  166.559581][ T7481]  ? netlink_deliver_tap+0x2e/0x1b0
[  166.559609][ T7481]  netlink_unicast+0x75b/0x8d0
[  166.559641][ T7481]  netlink_sendmsg+0x805/0xb30
[  166.559673][ T7481]  ? __pfx_netlink_sendmsg+0x10/0x10
[  166.559699][ T7481]  ? aa_sock_msg_perm+0x94/0x160
[  166.559720][ T7481]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  166.559745][ T7481]  ? __pfx_netlink_sendmsg+0x10/0x10
[  166.559769][ T7481]  __sock_sendmsg+0x219/0x270
[  166.559792][ T7481]  ____sys_sendmsg+0x505/0x830
[  166.559821][ T7481]  ? __pfx_____sys_sendmsg+0x10/0x10
[  166.559855][ T7481]  ? import_iovec+0x74/0xa0
[  166.559877][ T7481]  ___sys_sendmsg+0x21f/0x2a0
[  166.559904][ T7481]  ? __pfx____sys_sendmsg+0x10/0x10
[  166.559963][ T7481]  ? __fget_files+0x2a/0x420
[  166.559990][ T7481]  ? __fget_files+0x3a0/0x420
[  166.560026][ T7481]  __x64_sys_sendmsg+0x19b/0x260
[  166.560052][ T7481]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  166.560085][ T7481]  ? __pfx_ksys_write+0x10/0x10
[  166.560116][ T7481]  ? do_syscall_64+0xbe/0x3b0
[  166.560139][ T7481]  do_syscall_64+0xfa/0x3b0
[  166.560156][ T7481]  ? lockdep_hardirqs_on+0x9c/0x150
[  166.560184][ T7481]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  166.560202][ T7481]  ? clear_bhb_loop+0x60/0xb0
[  166.560225][ T7481]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  166.560242][ T7481] RIP: 0033:0x7f343b58e929
[  166.560260][ T7481] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  166.560277][ T7481] RSP: 002b:00007f343c453038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  166.560298][ T7481] RAX: ffffffffffffffda RBX: 00007f343b7b5fa0 RCX: 00007f343b58e929
[  166.560312][ T7481] RDX: 0000000000000000 RSI: 0000200000000240 RDI: 0000000000000003
[  166.560324][ T7481] RBP: 00007f343c453090 R08: 0000000000000000 R09: 0000000000000000
[  166.560335][ T7481] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  166.560346][ T7481] R13: 0000000000000000 R14: 00007f343b7b5fa0 R15: 00007ffd5be5bb58
[  166.560377][ T7481]  </TASK>
[  166.673004][ T7490] FAULT_INJECTION: forcing a failure.
[  166.673004][ T7490] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  166.675398][    C1] vkms_vblank_simulate: vblank timer overrun
[  166.772228][ T7493] FAULT_INJECTION: forcing a failure.
[  166.772228][ T7493] name failslab, interval 1, probability 0, space 0, times 0
[  166.828684][ T7490] CPU: 0 UID: 0 PID: 7490 Comm: syz.1.552 Not tainted 6.16.0-rc2-syzkaller-00231-g75f5f23f8787 #0 PREEMPT(full) 
[  166.828710][ T7490] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  166.828721][ T7490] Call Trace:
[  166.828728][ T7490]  <TASK>
[  166.828735][ T7490]  dump_stack_lvl+0x189/0x250
[  166.828761][ T7490]  ? __pfx____ratelimit+0x10/0x10
[  166.828787][ T7490]  ? __pfx_dump_stack_lvl+0x10/0x10
[  166.828807][ T7490]  ? __pfx__printk+0x10/0x10
[  166.828826][ T7490]  ? __might_fault+0xb0/0x130
[  166.828859][ T7490]  should_fail_ex+0x414/0x560
[  166.828886][ T7490]  _copy_from_user+0x2d/0xb0
[  166.828904][ T7490]  kstrtouint_from_user+0xc4/0x170
[  166.828930][ T7490]  ? __pfx_kstrtouint_from_user+0x10/0x10
[  166.828971][ T7490]  proc_fail_nth_write+0x88/0x240
[  166.828989][ T7490]  ? __pfx_proc_fail_nth_write+0x10/0x10
[  166.829011][ T7490]  ? __pfx_proc_fail_nth_write+0x10/0x10
[  166.829029][ T7490]  vfs_write+0x27b/0xa90
[  166.829061][ T7490]  ? __pfx_vfs_write+0x10/0x10
[  166.829084][ T7490]  ? __fget_files+0x2a/0x420
[  166.829113][ T7490]  ? __fget_files+0x3a0/0x420
[  166.829135][ T7490]  ? __fget_files+0x2a/0x420
[  166.829168][ T7490]  ksys_write+0x145/0x250
[  166.829259][ T7490]  ? __pfx_ksys_write+0x10/0x10
[  166.829278][ T7490]  ? rcu_is_watching+0x15/0xb0
[  166.829302][ T7490]  ? do_syscall_64+0xbe/0x3b0
[  166.829322][ T7490]  do_syscall_64+0xfa/0x3b0
[  166.829337][ T7490]  ? lockdep_hardirqs_on+0x9c/0x150
[  166.829361][ T7490]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  166.829378][ T7490]  ? clear_bhb_loop+0x60/0xb0
[  166.829399][ T7490]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  166.829425][ T7490] RIP: 0033:0x7f67c4d8d3df
[  166.829443][ T7490] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48
[  166.829457][ T7490] RSP: 002b:00007f67c5b40030 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[  166.829477][ T7490] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f67c4d8d3df
[  166.829489][ T7490] RDX: 0000000000000001 RSI: 00007f67c5b400a0 RDI: 0000000000000007
[  166.829499][ T7490] RBP: 00007f67c5b40090 R08: 0000000000000000 R09: 0000000000000003
[  166.829509][ T7490] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000001
[  166.829519][ T7490] R13: 0000000000000000 R14: 00007f67c4fb5fa0 R15: 00007ffec6d85f88
[  166.829547][ T7490]  </TASK>
[  167.152455][    C1] vkms_vblank_simulate: vblank timer overrun
[  167.214571][ T7493] CPU: 1 UID: 0 PID: 7493 Comm: syz.0.551 Not tainted 6.16.0-rc2-syzkaller-00231-g75f5f23f8787 #0 PREEMPT(full) 
[  167.214600][ T7493] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  167.214611][ T7493] Call Trace:
[  167.214619][ T7493]  <TASK>
[  167.214628][ T7493]  dump_stack_lvl+0x189/0x250
[  167.214655][ T7493]  ? __pfx____ratelimit+0x10/0x10
[  167.214684][ T7493]  ? __pfx_dump_stack_lvl+0x10/0x10
[  167.214705][ T7493]  ? __pfx__printk+0x10/0x10
[  167.214730][ T7493]  ? __nla_validate_parse+0x2400/0x2d40
[  167.214763][ T7493]  should_fail_ex+0x414/0x560
[  167.214788][ T7493]  should_failslab+0xa8/0x100
[  167.214811][ T7493]  kmem_cache_alloc_noprof+0x73/0x3c0
[  167.214829][ T7493]  ? xfrm_state_alloc+0x24/0x2f0
[  167.214849][ T7493]  xfrm_state_alloc+0x24/0x2f0
[  167.214865][ T7493]  xfrm_add_sa+0x17d1/0x4050
[  167.214896][ T7493]  ? __pfx_xfrm_add_sa+0x10/0x10
[  167.214913][ T7493]  ? apparmor_capable+0x137/0x1b0
[  167.214940][ T7493]  ? __nla_parse+0x40/0x60
[  167.214968][ T7493]  xfrm_user_rcv_msg+0x7a0/0xab0
[  167.214994][ T7493]  ? __pfx_xfrm_user_rcv_msg+0x10/0x10
[  167.215050][ T7493]  ? __mutex_trylock_common+0x153/0x260
[  167.215074][ T7493]  ? __pfx___mutex_trylock_common+0x10/0x10
[  167.215098][ T7493]  ? rcu_is_watching+0x15/0xb0
[  167.215118][ T7493]  ? trace_contention_end+0x39/0x120
[  167.215145][ T7493]  netlink_rcv_skb+0x208/0x470
[  167.215167][ T7493]  ? __pfx_xfrm_user_rcv_msg+0x10/0x10
[  167.215190][ T7493]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  167.215227][ T7493]  ? netlink_deliver_tap+0x2e/0x1b0
[  167.215247][ T7493]  ? netlink_deliver_tap+0x2e/0x1b0
[  167.215269][ T7493]  xfrm_netlink_rcv+0x79/0x90
[  167.215290][ T7493]  netlink_unicast+0x75b/0x8d0
[  167.215321][ T7493]  netlink_sendmsg+0x805/0xb30
[  167.215352][ T7493]  ? __pfx_netlink_sendmsg+0x10/0x10
[  167.215376][ T7493]  ? aa_sock_msg_perm+0x94/0x160
[  167.215397][ T7493]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  167.215421][ T7493]  ? __pfx_netlink_sendmsg+0x10/0x10
[  167.215442][ T7493]  __sock_sendmsg+0x219/0x270
[  167.215463][ T7493]  ____sys_sendmsg+0x505/0x830
[  167.215501][ T7493]  ? __pfx_____sys_sendmsg+0x10/0x10
[  167.215534][ T7493]  ? import_iovec+0x74/0xa0
[  167.215556][ T7493]  ___sys_sendmsg+0x21f/0x2a0
[  167.215581][ T7493]  ? __pfx____sys_sendmsg+0x10/0x10
[  167.215650][ T7493]  ? __fget_files+0x2a/0x420
[  167.215673][ T7493]  ? __fget_files+0x3a0/0x420
[  167.215708][ T7493]  __x64_sys_sendmsg+0x19b/0x260
[  167.215733][ T7493]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  167.215765][ T7493]  ? __pfx_ksys_write+0x10/0x10
[  167.215784][ T7493]  ? rcu_is_watching+0x15/0xb0
[  167.215810][ T7493]  ? do_syscall_64+0xbe/0x3b0
[  167.215831][ T7493]  do_syscall_64+0xfa/0x3b0
[  167.215846][ T7493]  ? lockdep_hardirqs_on+0x9c/0x150
[  167.215870][ T7493]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  167.215886][ T7493]  ? clear_bhb_loop+0x60/0xb0
[  167.215907][ T7493]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  167.215923][ T7493] RIP: 0033:0x7f357518e929
[  167.215940][ T7493] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  167.215955][ T7493] RSP: 002b:00007f35760a4038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  167.215975][ T7493] RAX: ffffffffffffffda RBX: 00007f35753b5fa0 RCX: 00007f357518e929
[  167.215988][ T7493] RDX: 0000000000000000 RSI: 0000200000000000 RDI: 0000000000000003
[  167.215998][ T7493] RBP: 00007f35760a4090 R08: 0000000000000000 R09: 0000000000000000
[  167.216009][ T7493] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  167.216019][ T7493] R13: 0000000000000000 R14: 00007f35753b5fa0 R15: 00007ffdad420b98
[  167.216050][ T7493]  </TASK>
[  167.582719][    C1] vkms_vblank_simulate: vblank timer overrun
[  167.759188][ T7511] FAULT_INJECTION: forcing a failure.
[  167.759188][ T7511] name failslab, interval 1, probability 0, space 0, times 0
[  167.810969][ T5875] usb 2-1: new high-speed USB device number 9 using dummy_hcd
[  167.826957][ T7511] CPU: 0 UID: 0 PID: 7511 Comm: syz.0.557 Not tainted 6.16.0-rc2-syzkaller-00231-g75f5f23f8787 #0 PREEMPT(full) 
[  167.826993][ T7511] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  167.827005][ T7511] Call Trace:
[  167.827013][ T7511]  <TASK>
[  167.827022][ T7511]  dump_stack_lvl+0x189/0x250
[  167.827050][ T7511]  ? __pfx____ratelimit+0x10/0x10
[  167.827080][ T7511]  ? __pfx_dump_stack_lvl+0x10/0x10
[  167.827102][ T7511]  ? __pfx__printk+0x10/0x10
[  167.827126][ T7511]  ? __pfx___might_resched+0x10/0x10
[  167.827148][ T7511]  ? fs_reclaim_acquire+0x7d/0x100
[  167.827180][ T7511]  should_fail_ex+0x414/0x560
[  167.827211][ T7511]  should_failslab+0xa8/0x100
[  167.827245][ T7511]  __kmalloc_noprof+0xcb/0x4f0
[  167.827266][ T7511]  ? genl_family_rcv_msg_attrs_parse+0xa3/0x2a0
[  167.827291][ T7511]  genl_family_rcv_msg_attrs_parse+0xa3/0x2a0
[  167.827317][ T7511]  genl_family_rcv_msg_doit+0xb8/0x300
[  167.827352][ T7511]  ? __pfx_genl_family_rcv_msg_doit+0x10/0x10
[  167.827384][ T7511]  ? rcu_is_watching+0x15/0xb0
[  167.827409][ T7511]  ? apparmor_capable+0x137/0x1b0
[  167.827438][ T7511]  ? bpf_lsm_capable+0x9/0x20
[  167.827459][ T7511]  ? security_capable+0x7e/0x2e0
[  167.827486][ T7511]  genl_rcv_msg+0x60e/0x790
[  167.827522][ T7511]  ? __pfx_genl_rcv_msg+0x10/0x10
[  167.827547][ T7511]  ? ref_tracker_free+0x63a/0x7d0
[  167.827571][ T7511]  ? __pfx_l2tp_nl_cmd_session_create+0x10/0x10
[  167.827592][ T7511]  ? __pfx_ref_tracker_free+0x10/0x10
[  167.827627][ T7511]  netlink_rcv_skb+0x208/0x470
[  167.827653][ T7511]  ? __pfx_genl_rcv_msg+0x10/0x10
[  167.827681][ T7511]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  167.827721][ T7511]  ? down_read+0x1ad/0x2e0
[  167.827745][ T7511]  genl_rcv+0x28/0x40
[  167.827771][ T7511]  netlink_unicast+0x75b/0x8d0
[  167.827806][ T7511]  netlink_sendmsg+0x805/0xb30
[  167.827842][ T7511]  ? __pfx_netlink_sendmsg+0x10/0x10
[  167.827870][ T7511]  ? aa_sock_msg_perm+0x94/0x160
[  167.827893][ T7511]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  167.827920][ T7511]  ? __pfx_netlink_sendmsg+0x10/0x10
[  167.827944][ T7511]  __sock_sendmsg+0x219/0x270
[  167.827967][ T7511]  ____sys_sendmsg+0x505/0x830
[  167.827997][ T7511]  ? __pfx_____sys_sendmsg+0x10/0x10
[  167.828031][ T7511]  ? import_iovec+0x74/0xa0
[  167.828055][ T7511]  ___sys_sendmsg+0x21f/0x2a0
[  167.828080][ T7511]  ? __pfx____sys_sendmsg+0x10/0x10
[  167.828140][ T7511]  ? __fget_files+0x2a/0x420
[  167.828165][ T7511]  ? __fget_files+0x3a0/0x420
[  167.828201][ T7511]  __x64_sys_sendmsg+0x19b/0x260
[  167.828239][ T7511]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  167.828274][ T7511]  ? __pfx_ksys_write+0x10/0x10
[  167.828295][ T7511]  ? rcu_is_watching+0x15/0xb0
[  167.828320][ T7511]  ? do_syscall_64+0xbe/0x3b0
[  167.828342][ T7511]  do_syscall_64+0xfa/0x3b0
[  167.828358][ T7511]  ? lockdep_hardirqs_on+0x9c/0x150
[  167.828385][ T7511]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  167.828402][ T7511]  ? clear_bhb_loop+0x60/0xb0
[  167.828426][ T7511]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  167.828444][ T7511] RIP: 0033:0x7f357518e929
[  167.828462][ T7511] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  167.828478][ T7511] RSP: 002b:00007f35760a4038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  167.828499][ T7511] RAX: ffffffffffffffda RBX: 00007f35753b5fa0 RCX: 00007f357518e929
[  167.828511][ T7511] RDX: 0000000004000000 RSI: 0000200000000140 RDI: 0000000000000005
[  167.828523][ T7511] RBP: 00007f35760a4090 R08: 0000000000000000 R09: 0000000000000000
[  167.828534][ T7511] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  167.828545][ T7511] R13: 0000000000000000 R14: 00007f35753b5fa0 R15: 00007ffdad420b98
[  167.828575][ T7511]  </TASK>
[  168.380845][ T5875] usb 2-1: Using ep0 maxpacket: 8
[  168.388026][ T5875] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x7 has invalid wMaxPacketSize 0
[  168.397922][ T5875] usb 2-1: New USB device found, idVendor=0af0, idProduct=6751, bcdDevice=75.8b
[  168.407394][ T5875] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  168.418662][ T5875] usb 2-1: config 0 descriptor??
[  168.428095][ T5875] hso 2-1:0.0: Can't find BULK IN endpoint
[  168.571996][ T7523] syzkaller1: entered promiscuous mode
[  168.602633][ T7523] syzkaller1: entered allmulticast mode
[  168.629450][ T7523] netlink: 20 bytes leftover after parsing attributes in process `syz.3.561'.
[  168.648774][ T5875] usb 2-1: USB disconnect, device number 9
[  168.699162][ T7523] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  168.932793][ T7533] FAULT_INJECTION: forcing a failure.
[  168.932793][ T7533] name failslab, interval 1, probability 0, space 0, times 0
[  168.949471][ T7533] CPU: 1 UID: 0 PID: 7533 Comm: syz.4.564 Not tainted 6.16.0-rc2-syzkaller-00231-g75f5f23f8787 #0 PREEMPT(full) 
[  168.949499][ T7533] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  168.949511][ T7533] Call Trace:
[  168.949519][ T7533]  <TASK>
[  168.949528][ T7533]  dump_stack_lvl+0x189/0x250
[  168.949557][ T7533]  ? __pfx____ratelimit+0x10/0x10
[  168.949586][ T7533]  ? __pfx_dump_stack_lvl+0x10/0x10
[  168.949608][ T7533]  ? __pfx__printk+0x10/0x10
[  168.949635][ T7533]  ? __pfx___might_resched+0x10/0x10
[  168.949655][ T7533]  ? fs_reclaim_acquire+0x7d/0x100
[  168.949687][ T7533]  should_fail_ex+0x414/0x560
[  168.949719][ T7533]  should_failslab+0xa8/0x100
[  168.949745][ T7533]  kmem_cache_alloc_noprof+0x73/0x3c0
[  168.949768][ T7533]  ? skb_clone+0x212/0x3a0
[  168.949797][ T7533]  skb_clone+0x212/0x3a0
[  168.949820][ T7533]  ? nfnetlink_rcv+0x486/0x2520
[  168.949841][ T7533]  nfnetlink_rcv+0x4b4/0x2520
[  168.949864][ T7533]  ? __dev_queue_xmit+0x1cd7/0x3a70
[  168.949896][ T7533]  ? kmem_cache_alloc_noprof+0x1c1/0x3c0
[  168.949920][ T7533]  ? __dev_queue_xmit+0x27e/0x3a70
[  168.949947][ T7533]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  168.949975][ T7533]  ? __pfx_nfnetlink_rcv+0x10/0x10
[  168.950010][ T7533]  ? ref_tracker_free+0x63a/0x7d0
[  168.950034][ T7533]  ? __copy_skb_header+0xa7/0x550
[  168.950060][ T7533]  ? __pfx_ref_tracker_free+0x10/0x10
[  168.950084][ T7533]  ? __skb_clone+0x63/0x7a0
[  168.950114][ T7533]  ? __skb_clone+0x483/0x7a0
[  168.950155][ T7533]  ? skb_clone+0x246/0x3a0
[  168.950184][ T7533]  ? __netlink_deliver_tap+0x807/0x850
[  168.950214][ T7533]  ? netlink_deliver_tap+0x2e/0x1b0
[  168.950242][ T7533]  ? netlink_deliver_tap+0x2e/0x1b0
[  168.950264][ T7533]  ? netlink_deliver_tap+0x2e/0x1b0
[  168.950293][ T7533]  netlink_unicast+0x75b/0x8d0
[  168.950327][ T7533]  netlink_sendmsg+0x805/0xb30
[  168.950361][ T7533]  ? __pfx_netlink_sendmsg+0x10/0x10
[  168.950389][ T7533]  ? aa_sock_msg_perm+0x94/0x160
[  168.950410][ T7533]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  168.950437][ T7533]  ? __pfx_netlink_sendmsg+0x10/0x10
[  168.950470][ T7533]  __sock_sendmsg+0x219/0x270
[  168.950494][ T7533]  ____sys_sendmsg+0x505/0x830
[  168.950525][ T7533]  ? __pfx_____sys_sendmsg+0x10/0x10
[  168.950560][ T7533]  ? import_iovec+0x74/0xa0
[  168.950584][ T7533]  ___sys_sendmsg+0x21f/0x2a0
[  168.950613][ T7533]  ? __pfx____sys_sendmsg+0x10/0x10
[  168.950677][ T7533]  ? __fget_files+0x2a/0x420
[  168.950703][ T7533]  ? __fget_files+0x3a0/0x420
[  168.950748][ T7533]  __x64_sys_sendmsg+0x19b/0x260
[  168.950774][ T7533]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  168.950808][ T7533]  ? __pfx_ksys_write+0x10/0x10
[  168.950828][ T7533]  ? rcu_is_watching+0x15/0xb0
[  168.950853][ T7533]  ? do_syscall_64+0xbe/0x3b0
[  168.950876][ T7533]  do_syscall_64+0xfa/0x3b0
[  168.950892][ T7533]  ? lockdep_hardirqs_on+0x9c/0x150
[  168.950929][ T7533]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  168.950948][ T7533]  ? clear_bhb_loop+0x60/0xb0
[  168.950972][ T7533]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  168.950991][ T7533] RIP: 0033:0x7f756378e929
[  168.951009][ T7533] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  168.951025][ T7533] RSP: 002b:00007f7564536038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  168.951047][ T7533] RAX: ffffffffffffffda RBX: 00007f75639b5fa0 RCX: 00007f756378e929
[  168.951060][ T7533] RDX: 0000000000000000 RSI: 0000200000000240 RDI: 0000000000000003
[  168.951072][ T7533] RBP: 00007f7564536090 R08: 0000000000000000 R09: 0000000000000000
[  168.951084][ T7533] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  168.951096][ T7533] R13: 0000000000000000 R14: 00007f75639b5fa0 R15: 00007ffdd31fe8a8
[  168.951127][ T7533]  </TASK>
[  169.317752][    C1] vkms_vblank_simulate: vblank timer overrun
[  169.467562][ T7538] FAULT_INJECTION: forcing a failure.
[  169.467562][ T7538] name failslab, interval 1, probability 0, space 0, times 0
[  169.531085][ T7538] CPU: 0 UID: 0 PID: 7538 Comm: syz.4.565 Not tainted 6.16.0-rc2-syzkaller-00231-g75f5f23f8787 #0 PREEMPT(full) 
[  169.531116][ T7538] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  169.531128][ T7538] Call Trace:
[  169.531136][ T7538]  <TASK>
[  169.531145][ T7538]  dump_stack_lvl+0x189/0x250
[  169.531174][ T7538]  ? __pfx____ratelimit+0x10/0x10
[  169.531204][ T7538]  ? __pfx_dump_stack_lvl+0x10/0x10
[  169.531234][ T7538]  ? __pfx__printk+0x10/0x10
[  169.531261][ T7538]  ? __pfx___might_resched+0x10/0x10
[  169.531281][ T7538]  ? fs_reclaim_acquire+0x7d/0x100
[  169.531313][ T7538]  should_fail_ex+0x414/0x560
[  169.531344][ T7538]  should_failslab+0xa8/0x100
[  169.531370][ T7538]  kmem_cache_alloc_noprof+0x73/0x3c0
[  169.531392][ T7538]  ? __pmd_alloc+0xc6/0x3b0
[  169.531418][ T7538]  __pmd_alloc+0xc6/0x3b0
[  169.531444][ T7538]  __handle_mm_fault+0xa63/0x5620
[  169.531474][ T7538]  ? mt_find+0x46f/0x5f0
[  169.531503][ T7538]  ? __pfx___handle_mm_fault+0x10/0x10
[  169.531545][ T7538]  ? find_vma+0xe7/0x160
[  169.531566][ T7538]  ? __pfx_find_vma+0x10/0x10
[  169.531593][ T7538]  handle_mm_fault+0x40a/0x8e0
[  169.531627][ T7538]  do_user_addr_fault+0x764/0x1390
[  169.531675][ T7538]  exc_page_fault+0x76/0xf0
[  169.531708][ T7538]  asm_exc_page_fault+0x26/0x30
[  169.531726][ T7538] RIP: 0010:rep_movs_alternative+0x33/0x90
[  169.531752][ T7538] Code: 73 25 85 c9 74 0f 8a 06 88 07 48 ff c7 48 ff c6 48 ff c9 75 f1 c3 cc cc cc cc 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 8b 06 <48> 89 07 48 83 c6 08 48 83 c7 08 83 e9 08 74 db 83 f9 08 73 e8 eb
[  169.531768][ T7538] RSP: 0018:ffffc90004d9fd48 EFLAGS: 00050212
[  169.531789][ T7538] RAX: 0000000000000000 RBX: 0000000000000010 RCX: 0000000000000010
[  169.531802][ T7538] RDX: 0000000000000000 RSI: ffffc90004d9fda0 RDI: 00002000000000c0
[  169.531815][ T7538] RBP: ffffc90004d9fe10 R08: ffffc90004d9fdaf R09: 1ffff920009b3fb5
[  169.531829][ T7538] R10: dffffc0000000000 R11: fffff520009b3fb6 R12: 00002000000000d0
[  169.531842][ T7538] R13: 00007ffffffff000 R14: ffffc90004d9fda0 R15: 00002000000000c0
[  169.531876][ T7538]  _copy_to_user+0x8a/0xb0
[  169.531900][ T7538]  put_timespec64+0xc0/0x120
[  169.531919][ T7538]  ? __pfx_put_timespec64+0x10/0x10
[  169.531950][ T7538]  __x64_sys_clock_gettime+0x208/0x260
[  169.531983][ T7538]  ? __pfx___x64_sys_clock_gettime+0x10/0x10
[  169.532019][ T7538]  ? do_syscall_64+0xbe/0x3b0
[  169.532043][ T7538]  do_syscall_64+0xfa/0x3b0
[  169.532060][ T7538]  ? lockdep_hardirqs_on+0x9c/0x150
[  169.532088][ T7538]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  169.532113][ T7538]  ? clear_bhb_loop+0x60/0xb0
[  169.532137][ T7538]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  169.532155][ T7538] RIP: 0033:0x7f756378e929
[  169.532172][ T7538] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  169.532186][ T7538] RSP: 002b:00007f7564536038 EFLAGS: 00000246 ORIG_RAX: 00000000000000e4
[  169.532205][ T7538] RAX: ffffffffffffffda RBX: 00007f75639b5fa0 RCX: 00007f756378e929
[  169.532226][ T7538] RDX: 0000000000000000 RSI: 00002000000000c0 RDI: 0000000000000003
[  169.532238][ T7538] RBP: 00007f7564536090 R08: 0000000000000000 R09: 0000000000000000
[  169.532250][ T7538] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  169.532261][ T7538] R13: 0000000000000001 R14: 00007f75639b5fa0 R15: 00007ffdd31fe8a8
[  169.532293][ T7538]  </TASK>
[  170.175292][   T30] audit: type=1400 audit(1750454247.602:3): apparmor="DENIED" operation="change_onexec" class="file" info="label not found" error=-2 profile="unconfined" name="/" pid=7545 comm="syz.4.568"
[  171.468351][ T7604] IPVS: set_ctl: invalid protocol: 225 255.255.255.255:20000
[  171.473660][ T7606] netlink: 56 bytes leftover after parsing attributes in process `syz.1.581'.
[  171.492983][ T7606] FAULT_INJECTION: forcing a failure.
[  171.492983][ T7606] name failslab, interval 1, probability 0, space 0, times 0
[  171.505973][ T7606] CPU: 0 UID: 0 PID: 7606 Comm: syz.1.581 Not tainted 6.16.0-rc2-syzkaller-00231-g75f5f23f8787 #0 PREEMPT(full) 
[  171.506001][ T7606] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  171.506012][ T7606] Call Trace:
[  171.506020][ T7606]  <TASK>
[  171.506029][ T7606]  dump_stack_lvl+0x189/0x250
[  171.506058][ T7606]  ? __pfx____ratelimit+0x10/0x10
[  171.506097][ T7606]  ? __pfx_dump_stack_lvl+0x10/0x10
[  171.506126][ T7606]  ? __pfx__printk+0x10/0x10
[  171.506154][ T7606]  ? __pfx___might_resched+0x10/0x10
[  171.506175][ T7606]  ? fs_reclaim_acquire+0x7d/0x100
[  171.506208][ T7606]  should_fail_ex+0x414/0x560
[  171.506238][ T7606]  should_failslab+0xa8/0x100
[  171.506266][ T7606]  kmem_cache_alloc_node_noprof+0x76/0x3c0
[  171.506290][ T7606]  ? __alloc_skb+0x112/0x2d0
[  171.506317][ T7606]  __alloc_skb+0x112/0x2d0
[  171.506345][ T7606]  netlink_ack+0x146/0xa50
[  171.506365][ T7606]  ? __pfx_genl_rcv_msg+0x10/0x10
[  171.506391][ T7606]  ? __pfx_nl802154_pre_doit+0x10/0x10
[  171.506417][ T7606]  ? __pfx_nl802154_post_doit+0x10/0x10
[  171.506462][ T7606]  netlink_rcv_skb+0x28c/0x470
[  171.506486][ T7606]  ? __pfx_genl_rcv_msg+0x10/0x10
[  171.506516][ T7606]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  171.506559][ T7606]  ? down_read+0x1ad/0x2e0
[  171.506583][ T7606]  genl_rcv+0x28/0x40
[  171.506609][ T7606]  netlink_unicast+0x75b/0x8d0
[  171.506643][ T7606]  netlink_sendmsg+0x805/0xb30
[  171.506679][ T7606]  ? __pfx_netlink_sendmsg+0x10/0x10
[  171.506707][ T7606]  ? aa_sock_msg_perm+0x94/0x160
[  171.506730][ T7606]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  171.506758][ T7606]  ? __pfx_netlink_sendmsg+0x10/0x10
[  171.506782][ T7606]  __sock_sendmsg+0x219/0x270
[  171.506806][ T7606]  ____sys_sendmsg+0x505/0x830
[  171.506839][ T7606]  ? __pfx_____sys_sendmsg+0x10/0x10
[  171.506874][ T7606]  ? import_iovec+0x74/0xa0
[  171.506900][ T7606]  ___sys_sendmsg+0x21f/0x2a0
[  171.506928][ T7606]  ? __pfx____sys_sendmsg+0x10/0x10
[  171.506997][ T7606]  ? __fget_files+0x2a/0x420
[  171.507023][ T7606]  ? __fget_files+0x3a0/0x420
[  171.507063][ T7606]  __x64_sys_sendmsg+0x19b/0x260
[  171.507091][ T7606]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  171.507137][ T7606]  ? __pfx_ksys_write+0x10/0x10
[  171.507159][ T7606]  ? rcu_is_watching+0x15/0xb0
[  171.507187][ T7606]  ? do_syscall_64+0xbe/0x3b0
[  171.507211][ T7606]  do_syscall_64+0xfa/0x3b0
[  171.507228][ T7606]  ? lockdep_hardirqs_on+0x9c/0x150
[  171.507257][ T7606]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  171.507277][ T7606]  ? clear_bhb_loop+0x60/0xb0
[  171.507300][ T7606]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  171.507318][ T7606] RIP: 0033:0x7f67c4d8e929
[  171.507336][ T7606] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  171.507352][ T7606] RSP: 002b:00007f67c5b40038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  171.507374][ T7606] RAX: ffffffffffffffda RBX: 00007f67c4fb5fa0 RCX: 00007f67c4d8e929
[  171.507388][ T7606] RDX: 0000000000000800 RSI: 0000200000000100 RDI: 0000000000000004
[  171.507401][ T7606] RBP: 00007f67c5b40090 R08: 0000000000000000 R09: 0000000000000000
[  171.507413][ T7606] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  171.507424][ T7606] R13: 0000000000000000 R14: 00007f67c4fb5fa0 R15: 00007ffec6d85f88
[  171.507456][ T7606]  </TASK>
[  172.147945][ T7618] FAULT_INJECTION: forcing a failure.
[  172.147945][ T7618] name failslab, interval 1, probability 0, space 0, times 0
[  172.210532][ T7618] CPU: 1 UID: 0 PID: 7618 Comm: syz.3.585 Not tainted 6.16.0-rc2-syzkaller-00231-g75f5f23f8787 #0 PREEMPT(full) 
[  172.210563][ T7618] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  172.210575][ T7618] Call Trace:
[  172.210583][ T7618]  <TASK>
[  172.210592][ T7618]  dump_stack_lvl+0x189/0x250
[  172.210621][ T7618]  ? __pfx____ratelimit+0x10/0x10
[  172.210652][ T7618]  ? __pfx_dump_stack_lvl+0x10/0x10
[  172.210675][ T7618]  ? __pfx__printk+0x10/0x10
[  172.210700][ T7618]  ? __pfx___might_resched+0x10/0x10
[  172.210722][ T7618]  ? fs_reclaim_acquire+0x7d/0x100
[  172.210782][ T7618]  should_fail_ex+0x414/0x560
[  172.210811][ T7618]  should_failslab+0xa8/0x100
[  172.210838][ T7618]  __kmalloc_noprof+0xcb/0x4f0
[  172.210859][ T7618]  ? tomoyo_encode+0x28b/0x550
[  172.210904][ T7618]  tomoyo_encode+0x28b/0x550
[  172.210934][ T7618]  tomoyo_realpath_from_path+0x58d/0x5d0
[  172.210975][ T7618]  ? tomoyo_domain+0xd9/0x130
[  172.211010][ T7618]  ? tomoyo_path_number_perm+0x1bc/0x5a0
[  172.211040][ T7618]  tomoyo_path_number_perm+0x1e8/0x5a0
[  172.211071][ T7618]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  172.211125][ T7618]  ? __lock_acquire+0xab9/0xd20
[  172.211168][ T7618]  ? __fget_files+0x2a/0x420
[  172.211198][ T7618]  ? __fget_files+0x2a/0x420
[  172.211223][ T7618]  ? __fget_files+0x3a0/0x420
[  172.211250][ T7618]  ? __fget_files+0x2a/0x420
[  172.211282][ T7618]  security_file_ioctl+0xcb/0x2d0
[  172.211312][ T7618]  __se_sys_ioctl+0x47/0x170
[  172.211339][ T7618]  do_syscall_64+0xfa/0x3b0
[  172.211357][ T7618]  ? lockdep_hardirqs_on+0x9c/0x150
[  172.211386][ T7618]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  172.211412][ T7618]  ? clear_bhb_loop+0x60/0xb0
[  172.211444][ T7618]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  172.211463][ T7618] RIP: 0033:0x7f343b58e929
[  172.211481][ T7618] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  172.211496][ T7618] RSP: 002b:00007f343c432038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  172.211518][ T7618] RAX: ffffffffffffffda RBX: 00007f343b7b6080 RCX: 00007f343b58e929
[  172.211532][ T7618] RDX: 0000200000000000 RSI: 0000000000005412 RDI: 0000000000000003
[  172.211544][ T7618] RBP: 00007f343c432090 R08: 0000000000000000 R09: 0000000000000000
[  172.211557][ T7618] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  172.211569][ T7618] R13: 0000000000000000 R14: 00007f343b7b6080 R15: 00007ffd5be5bb58
[  172.211601][ T7618]  </TASK>
[  172.458146][    C1] vkms_vblank_simulate: vblank timer overrun
[  172.511005][ T7618] ERROR: Out of memory at tomoyo_realpath_from_path.
[  172.534443][ T7626] FAULT_INJECTION: forcing a failure.
[  172.534443][ T7626] name failslab, interval 1, probability 0, space 0, times 0
[  172.595817][ T7626] CPU: 1 UID: 0 PID: 7626 Comm: syz.1.588 Not tainted 6.16.0-rc2-syzkaller-00231-g75f5f23f8787 #0 PREEMPT(full) 
[  172.595847][ T7626] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  172.595858][ T7626] Call Trace:
[  172.595866][ T7626]  <TASK>
[  172.595884][ T7626]  dump_stack_lvl+0x189/0x250
[  172.595913][ T7626]  ? __pfx____ratelimit+0x10/0x10
[  172.595949][ T7626]  ? __pfx_dump_stack_lvl+0x10/0x10
[  172.595971][ T7626]  ? __pfx__printk+0x10/0x10
[  172.595999][ T7626]  ? __pfx___might_resched+0x10/0x10
[  172.596021][ T7626]  ? fs_reclaim_acquire+0x7d/0x100
[  172.596054][ T7626]  should_fail_ex+0x414/0x560
[  172.596092][ T7626]  should_failslab+0xa8/0x100
[  172.596119][ T7626]  kmem_cache_alloc_lru_noprof+0x78/0x3d0
[  172.596143][ T7626]  ? __d_alloc+0x31/0x6f0
[  172.596169][ T7626]  __d_alloc+0x31/0x6f0
[  172.596196][ T7626]  ? security_inode_alloc+0x39/0x330
[  172.596230][ T7626]  d_alloc_pseudo+0x1f/0xb0
[  172.596251][ T7626]  alloc_file_pseudo+0xcc/0x210
[  172.596275][ T7626]  ? __pfx_alloc_file_pseudo+0x10/0x10
[  172.596292][ T7626]  ? evm_inode_alloc_security+0x40/0xb0
[  172.596315][ T7626]  ? security_inode_alloc+0xd5/0x330
[  172.596349][ T7626]  sock_alloc_file+0xb8/0x2e0
[  172.596372][ T7626]  do_accept+0x34b/0x680
[  172.596400][ T7626]  ? __pfx_do_accept+0x10/0x10
[  172.596447][ T7626]  __sys_accept4+0x11c/0x1c0
[  172.596471][ T7626]  ? __pfx___sys_accept4+0x10/0x10
[  172.596493][ T7626]  ? __pfx_ksys_write+0x10/0x10
[  172.596515][ T7626]  ? rcu_is_watching+0x15/0xb0
[  172.596544][ T7626]  __x64_sys_accept4+0x9a/0xb0
[  172.596568][ T7626]  do_syscall_64+0xfa/0x3b0
[  172.596586][ T7626]  ? lockdep_hardirqs_on+0x9c/0x150
[  172.596615][ T7626]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  172.596634][ T7626]  ? clear_bhb_loop+0x60/0xb0
[  172.596658][ T7626]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  172.596676][ T7626] RIP: 0033:0x7f67c4d8e929
[  172.596694][ T7626] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  172.596710][ T7626] RSP: 002b:00007f67c5b40038 EFLAGS: 00000246 ORIG_RAX: 0000000000000120
[  172.596732][ T7626] RAX: ffffffffffffffda RBX: 00007f67c4fb5fa0 RCX: 00007f67c4d8e929
[  172.596745][ T7626] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003
[  172.596756][ T7626] RBP: 00007f67c5b40090 R08: 0000000000000000 R09: 0000000000000000
[  172.596768][ T7626] R10: 0000000000080000 R11: 0000000000000246 R12: 0000000000000001
[  172.596780][ T7626] R13: 0000000000000000 R14: 00007f67c4fb5fa0 R15: 00007ffec6d85f88
[  172.596811][ T7626]  </TASK>
[  172.855506][    C1] vkms_vblank_simulate: vblank timer overrun
[  173.194537][ T7635] netlink: 44 bytes leftover after parsing attributes in process `syz.3.591'.
[  173.210966][ T7635] netlink: 12 bytes leftover after parsing attributes in process `syz.3.591'.
[  173.225652][ T7635] netlink: 8 bytes leftover after parsing attributes in process `syz.3.591'.
[  173.781453][ T5833] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci4/hci4:201'
[  173.794303][ T5833] CPU: 0 UID: 0 PID: 5833 Comm: kworker/u9:2 Not tainted 6.16.0-rc2-syzkaller-00231-g75f5f23f8787 #0 PREEMPT(full) 
[  173.794334][ T5833] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  173.794348][ T5833] Workqueue: hci4 hci_rx_work
[  173.794373][ T5833] Call Trace:
[  173.794381][ T5833]  <TASK>
[  173.794390][ T5833]  dump_stack_lvl+0x189/0x250
[  173.794417][ T5833]  ? kernfs_path_from_node+0x2c/0x260
[  173.794448][ T5833]  ? __pfx_dump_stack_lvl+0x10/0x10
[  173.794473][ T5833]  ? __pfx__printk+0x10/0x10
[  173.794498][ T5833]  ? kernfs_path_from_node+0x2c/0x260
[  173.794515][ T5833]  ? kernfs_path_from_node+0x2c/0x260
[  173.794536][ T5833]  ? kernfs_path_from_node+0x22c/0x260
[  173.794552][ T5833]  ? kernfs_path_from_node+0x2c/0x260
[  173.794575][ T5833]  sysfs_create_dir_ns+0x259/0x280
[  173.794608][ T5833]  ? __pfx_sysfs_create_dir_ns+0x10/0x10
[  173.794642][ T5833]  ? do_raw_spin_unlock+0x122/0x240
[  173.794676][ T5833]  kobject_add_internal+0x59f/0xb40
[  173.794707][ T5833]  kobject_add+0x155/0x220
[  173.794735][ T5833]  ? __pfx_kobject_add+0x10/0x10
[  173.794758][ T5833]  ? _raw_spin_unlock+0x28/0x50
[  173.794792][ T5833]  ? get_device_parent+0x366/0x3a0
[  173.794820][ T5833]  device_add+0x408/0xb50
[  173.794848][ T5833]  hci_conn_add_sysfs+0xd5/0x1e0
[  173.794882][ T5833]  le_conn_complete_evt+0xc3a/0x1220
[  173.794923][ T5833]  ? __pfx_le_conn_complete_evt+0x10/0x10
[  173.794949][ T5833]  ? __mutex_unlock_slowpath+0x1cd/0x700
[  173.794967][ T5833]  ? __asan_memcpy+0x40/0x70
[  173.794990][ T5833]  ? __pfx___mutex_lock+0x10/0x10
[  173.795011][ T5833]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[  173.795030][ T5833]  ? skb_pull_data+0xfb/0x200
[  173.795067][ T5833]  hci_le_conn_complete_evt+0x187/0x450
[  173.795101][ T5833]  hci_event_packet+0x78c/0x1200
[  173.795125][ T5833]  ? __pfx_hci_le_meta_evt+0x10/0x10
[  173.795152][ T5833]  ? __pfx_hci_event_packet+0x10/0x10
[  173.795184][ T5833]  ? kcov_remote_start+0x4d3/0x7f0
[  173.795215][ T5833]  ? warn_bogus_irq_restore+0x30/0x40
[  173.795250][ T5833]  ? hci_send_to_monitor+0xe2/0x570
[  173.795279][ T5833]  hci_rx_work+0x46a/0xe80
[  173.795310][ T5833]  ? process_scheduled_works+0x9ef/0x17b0
[  173.795336][ T5833]  process_scheduled_works+0xae1/0x17b0
[  173.795406][ T5833]  ? __pfx_process_scheduled_works+0x10/0x10
[  173.795459][ T5833]  worker_thread+0x8a0/0xda0
[  173.795487][ T5833]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  173.795526][ T5833]  ? __kthread_parkme+0x7b/0x200
[  173.795564][ T5833]  kthread+0x70e/0x8a0
[  173.795595][ T5833]  ? __pfx_worker_thread+0x10/0x10
[  173.795620][ T5833]  ? __pfx_kthread+0x10/0x10
[  173.795650][ T5833]  ? _raw_spin_unlock_irq+0x23/0x50
[  173.795676][ T5833]  ? lockdep_hardirqs_on+0x9c/0x150
[  173.795705][ T5833]  ? __pfx_kthread+0x10/0x10
[  173.795733][ T5833]  ret_from_fork+0x3f9/0x770
[  173.795759][ T5833]  ? __pfx_ret_from_fork+0x10/0x10
[  173.795787][ T5833]  ? __switch_to_asm+0x39/0x70
[  173.795811][ T5833]  ? __switch_to_asm+0x33/0x70
[  173.795834][ T5833]  ? __pfx_kthread+0x10/0x10
[  173.795862][ T5833]  ret_from_fork_asm+0x1a/0x30
[  173.795907][ T5833]  </TASK>
[  173.795941][ T5833] kobject: kobject_add_internal failed for hci4:201 with -EEXIST, don't try to register things with the same name in the same directory.
[  174.127946][ T5833] Bluetooth: hci4: failed to register connection device
[  174.251010][    T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!!
[  174.353901][ T7676] caif0 speed is unknown, defaulting to 1000
[  174.401213][    T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!!
[  174.409956][    T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!!
[  174.418956][    T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!!
[  174.428056][    T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!!
[  174.437358][    T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!!
[  174.446505][    T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!!
[  174.515253][ T7676] caif0 speed is unknown, defaulting to 1000
[  174.535034][ T7676] caif0 speed is unknown, defaulting to 1000
[  174.571409][    T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!!
[  174.579770][    T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!!
[  175.252256][    T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!!
[  175.448579][ T7692] warning: `syz.3.603' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211
[  175.591429][ T7694] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  176.218312][ T7676] infiniband syz2: set down
[  176.226445][  T888] caif0 speed is unknown, defaulting to 1000
[  176.261143][ T7676] infiniband syz2: added caif0
[  176.268110][ T7676] syz2: rxe_create_cq: returned err = -12
[  176.301032][ T7676] infiniband syz2: Couldn't create ib_mad CQ
[  176.307183][ T7676] infiniband syz2: Couldn't open port 1
[  176.442768][ T7676] RDS/IB: syz2: added
[  176.465315][ T7676] smc: adding ib device syz2 with port count 1
[  176.534237][ T7676] smc:    ib device syz2 port 1 has pnetid 
[  176.550647][   T24] caif0 speed is unknown, defaulting to 1000
[  176.569156][ T7676] caif0 speed is unknown, defaulting to 1000
[  177.177220][ T7676] caif0 speed is unknown, defaulting to 1000
[  177.885252][ T7676] caif0 speed is unknown, defaulting to 1000
[  178.001010][ T7748] binder: 7747:7748 ioctl c00c620f 0 returned -14
[  178.469520][ T7760] netlink: 56 bytes leftover after parsing attributes in process `syz.1.622'.
[  178.521808][ T7676] caif0 speed is unknown, defaulting to 1000
[  179.270910][   T24] usb 4-1: new high-speed USB device number 5 using dummy_hcd
[  179.430967][   T24] usb 4-1: Using ep0 maxpacket: 16
[  179.438509][   T24] usb 4-1: config 0 has an invalid interface number: 174 but max is 0
[  179.459655][   T24] usb 4-1: config 0 has an invalid descriptor of length 12, skipping remainder of the config
[  179.474260][   T24] usb 4-1: config 0 has no interface number 0
[  179.481447][   T24] usb 4-1: config 0 interface 174 altsetting 0 endpoint 0x2 has invalid wMaxPacketSize 0
[  179.491724][   T24] usb 4-1: config 0 interface 174 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 3
[  179.513317][   T10] usb 5-1: new high-speed USB device number 4 using dummy_hcd
[  179.531943][ T5835] usb 1-1: new high-speed USB device number 5 using dummy_hcd
[  179.534215][   T24] usb 4-1: New USB device found, idVendor=106c, idProduct=b770, bcdDevice=7b.dd
[  179.570419][   T24] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  179.590679][   T24] usb 4-1: Product: syz
[  179.600898][   T24] usb 4-1: Manufacturer: syz
[  179.605659][   T24] usb 4-1: SerialNumber: syz
[  179.630710][   T24] usb 4-1: config 0 descriptor??
[  179.653941][   T24] qmi_wwan 4-1:0.174: probe with driver qmi_wwan failed with error -22
[  179.700867][   T10] usb 5-1: Using ep0 maxpacket: 8
[  179.706076][ T5835] usb 1-1: Using ep0 maxpacket: 16
[  179.734683][   T10] usb 5-1: config 0 has an invalid interface number: 151 but max is 0
[  179.743351][ T5835] usb 1-1: config 0 has an invalid interface number: 174 but max is 0
[  179.763782][   T10] usb 5-1: config 0 has no interface number 0
[  179.775684][ T5835] usb 1-1: config 0 has an invalid descriptor of length 12, skipping remainder of the config
[  179.789475][   T10] usb 5-1: config 0 interface 151 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[  179.801530][ T5835] usb 1-1: config 0 has no interface number 0
[  179.816898][   T10] usb 5-1: config 0 interface 151 altsetting 0 has an endpoint descriptor with address 0xA3, changing to 0x83
[  179.829105][ T5835] usb 1-1: config 0 interface 174 altsetting 0 endpoint 0x2 has invalid wMaxPacketSize 0
[  179.839385][ T5835] usb 1-1: config 0 interface 174 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 3
[  179.852773][   T10] usb 5-1: config 0 interface 151 altsetting 0 endpoint 0x83 has invalid maxpacket 64466, setting to 1024
[  179.862347][ T7777] netlink: 4 bytes leftover after parsing attributes in process `syz.3.627'.
[  179.864415][   T10] usb 5-1: config 0 interface 151 altsetting 0 bulk endpoint 0x83 has invalid maxpacket 1024
[  179.883823][   T10] usb 5-1: config 0 interface 151 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 1
[  179.901277][ T5835] usb 1-1: New USB device found, idVendor=106c, idProduct=b770, bcdDevice=7b.dd
[  179.910620][ T5835] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  179.919926][ T5835] usb 1-1: Product: syz
[  179.924476][ T5835] usb 1-1: Manufacturer: syz
[  179.929888][ T5835] usb 1-1: SerialNumber: syz
[  179.936464][   T10] usb 5-1: New USB device found, idVendor=0499, idProduct=500a, bcdDevice=e7.b7
[  179.945880][   T10] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  179.954140][   T10] usb 5-1: Product: syz
[  179.962543][ T5835] usb 1-1: config 0 descriptor??
[  179.969577][   T10] usb 5-1: Manufacturer: syz
[  179.976102][   T10] usb 5-1: SerialNumber: syz
[  179.990222][ T5835] qmi_wwan 1-1:0.174: probe with driver qmi_wwan failed with error -22
[  180.002402][   T10] usb 5-1: config 0 descriptor??
[  180.027353][ T7785] raw-gadget.1 gadget.4: fail, usb_ep_enable returned -22
[  180.048267][   T10] usb 5-1: Quirk or no altset; falling back to MIDI 1.0
[  180.156644][   T10] snd-usb-audio 5-1:0.151: probe with driver snd-usb-audio failed with error -2
[  180.171874][ T7787] netlink: 4 bytes leftover after parsing attributes in process `syz.0.632'.
[  180.229953][ T5843] udevd[5843]: error opening ATTR{/sys/devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.151/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  180.279418][ T5835] usb 5-1: USB disconnect, device number 4
[  181.340867][ T5835] usb 5-1: new high-speed USB device number 5 using dummy_hcd
[  181.521130][ T5835] usb 5-1: Using ep0 maxpacket: 8
[  181.529662][ T5835] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x7 has invalid wMaxPacketSize 0
[  181.540006][ T5835] usb 5-1: New USB device found, idVendor=0af0, idProduct=6751, bcdDevice=75.8b
[  181.549323][ T5835] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  181.565126][ T5835] usb 5-1: config 0 descriptor??
[  181.573670][ T5835] hso 5-1:0.0: Can't find BULK IN endpoint
[  181.751025][ T5916] usb 2-1: new high-speed USB device number 10 using dummy_hcd
[  181.775858][  T888] usb 5-1: USB disconnect, device number 5
[  181.891557][ T5916] usb 2-1: device descriptor read/64, error -71
[  182.063434][   T43] usb 4-1: USB disconnect, device number 5
[  182.131107][ T5916] usb 2-1: new high-speed USB device number 11 using dummy_hcd
[  182.281063][ T5916] usb 2-1: device descriptor read/64, error -71
[  182.392044][ T5916] usb usb2-port1: attempt power cycle
[  182.459238][ T5835] usb 1-1: USB disconnect, device number 5
[  182.740883][ T5916] usb 2-1: new high-speed USB device number 12 using dummy_hcd
[  182.766892][ T5916] usb 2-1: device descriptor read/8, error -71
[  183.012323][ T5842] Bluetooth: hci0: Malformed Event: 0x2f
[  183.030865][ T5916] usb 2-1: new high-speed USB device number 13 using dummy_hcd
[  183.071658][ T5916] usb 2-1: device descriptor read/8, error -71
[  183.191528][ T5916] usb usb2-port1: unable to enumerate USB device
[  183.379242][ T7872] netlink: 'syz.4.655': attribute type 29 has an invalid length.
[  183.418824][ T7872] netlink: 'syz.4.655': attribute type 29 has an invalid length.
[  184.471039][   T10] usb 1-1: new high-speed USB device number 6 using dummy_hcd
[  184.641860][   T10] usb 1-1: Using ep0 maxpacket: 32
[  184.677660][   T10] usb 1-1: New USB device found, idVendor=0ac8, idProduct=0321, bcdDevice=6f.be
[  184.690352][   T10] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  184.725117][   T10] usb 1-1: config 0 descriptor??
[  184.747130][   T10] gspca_main: vc032x-2.14.0 probing 0ac8:0321
[  184.833870][ T5835] usb 5-1: new full-speed USB device number 6 using dummy_hcd
[  184.950976][   T10] gspca_vc032x: reg_r err -32
[  184.955797][   T10] gspca_vc032x: I2c Bus Busy Wait 00
[  184.981519][   T10] gspca_vc032x: I2c Bus Busy Wait 00
[  185.011104][   T10] gspca_vc032x: I2c Bus Busy Wait 00
[  185.021385][ T5835] usb 5-1: config 0 has an invalid interface number: 230 but max is 0
[  185.029832][ T5835] usb 5-1: config 0 has no interface number 0
[  185.047724][   T10] gspca_vc032x: I2c Bus Busy Wait 00
[  185.068914][   T10] gspca_vc032x: I2c Bus Busy Wait 00
[  185.077115][ T5835] usb 5-1: config 0 interface 230 altsetting 2 endpoint 0x2 has invalid maxpacket 512, setting to 64
[  185.088541][   T10] gspca_vc032x: I2c Bus Busy Wait 00
[  185.102939][   T10] gspca_vc032x: I2c Bus Busy Wait 00
[  185.111238][ T5835] usb 5-1: config 0 interface 230 altsetting 2 endpoint 0x82 has invalid maxpacket 512, setting to 64
[  185.129884][   T10] gspca_vc032x: I2c Bus Busy Wait 00
[  185.149090][   T10] gspca_vc032x: I2c Bus Busy Wait 00
[  185.157576][ T5835] usb 5-1: config 0 interface 230 has no altsetting 0
[  185.172120][   T10] gspca_vc032x: I2c Bus Busy Wait 00
[  185.177525][   T10] gspca_vc032x: I2c Bus Busy Wait 00
[  185.205957][   T10] gspca_vc032x: I2c Bus Busy Wait 00
[  185.216387][   T10] gspca_vc032x: I2c Bus Busy Wait 00
[  185.222471][ T5835] usb 5-1: New USB device found, idVendor=0781, idProduct=0005, bcdDevice= 0.05
[  185.250908][ T5835] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  185.259512][ T5835] usb 5-1: Product: syz
[  185.263948][   T10] gspca_vc032x: I2c Bus Busy Wait 00
[  185.269457][   T10] gspca_vc032x: I2c Bus Busy Wait 00
[  185.283968][   T10] gspca_vc032x: I2c Bus Busy Wait 00
[  185.289822][   T10] gspca_vc032x: I2c Bus Busy Wait 00
[  185.301757][ T5835] usb 5-1: Manufacturer: syz
[  185.306422][ T5835] usb 5-1: SerialNumber: syz
[  185.321300][   T10] gspca_vc032x: I2c Bus Busy Wait 00
[  185.326687][   T10] gspca_vc032x: Unknown sensor...
[  185.335554][ T5835] usb 5-1: config 0 descriptor??
[  185.360033][ T7913] raw-gadget.1 gadget.4: fail, usb_ep_enable returned -22
[  185.373193][   T10] vc032x 1-1:0.0: probe with driver vc032x failed with error -22
[  185.385933][ T7913] raw-gadget.1 gadget.4: fail, usb_ep_enable returned -22
[  185.426697][   T10] usb 1-1: USB disconnect, device number 6
[  185.439258][ T5835] ums-usbat 5-1:0.230: USB Mass Storage device detected
[  185.503473][ T5835] ums-usbat 5-1:0.230: Quirks match for vid 0781 pid 0005: 1
[  186.353966][ T7981] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  186.394756][ T7981] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  186.682679][ T7988] kvm: pic: non byte write
[  186.780522][ T7994] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off.
[  187.330936][   T43] usb 1-1: new high-speed USB device number 7 using dummy_hcd
[  187.406461][ T8021] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  187.519557][ T7978] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[  187.526726][ T7978] Bluetooth: hci0: Error when powering off device on rfkill (-4)
[  187.540898][   T43] usb 1-1: Using ep0 maxpacket: 32
[  187.556380][   T43] usb 1-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0x31, changing to 0x1
[  187.570647][ T7978] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[  187.580728][ T7978] Bluetooth: hci2: Error when powering off device on rfkill (-4)
[  187.590820][   T43] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x1 has invalid maxpacket 13364, setting to 64
[  187.623406][   T43] usb 1-1: New USB device found, idVendor=13b1, idProduct=0042, bcdDevice=58.16
[  187.624618][ T7978] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[  187.635815][   T43] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  187.657787][   T43] usb 1-1: Product: syz
[  187.657837][ T8026] netlink: 60 bytes leftover after parsing attributes in process `syz.3.693'.
[  187.662625][   T43] usb 1-1: Manufacturer: syz
[  187.674514][ T7978] Bluetooth: hci3: Error when powering off device on rfkill (-4)
[  187.677414][   T43] usb 1-1: SerialNumber: syz
[  187.711793][   T43] usb 1-1: config 0 descriptor??
[  187.717809][ T8024] netlink: 60 bytes leftover after parsing attributes in process `syz.3.693'.
[  187.776857][   T43] usb 1-1: Warning: ath10k USB support is incomplete, don't expect anything to work!
[  188.129253][ T8003] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  188.244001][ T8003] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  188.256379][ T7978] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[  188.270877][ T7978] Bluetooth: hci4: Error when powering off device on rfkill (-4)
[  188.453188][ T4499] usb 1-1: Failed to submit usb control message: -71
[  188.454803][ T5875] usb 1-1: USB disconnect, device number 7
[  188.487766][ T4499] usb 1-1: unable to send the bmi data to the device: -71
[  188.505544][ T8048] FAULT_INJECTION: forcing a failure.
[  188.505544][ T8048] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  188.508969][ T4499] usb 1-1: unable to get target info from device
[  188.582344][ T4499] usb 1-1: could not get target info (-71)
[  188.593112][ T8048] CPU: 0 UID: 0 PID: 8048 Comm: syz.3.695 Not tainted 6.16.0-rc2-syzkaller-00231-g75f5f23f8787 #0 PREEMPT(full) 
[  188.593144][ T8048] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  188.593155][ T8048] Call Trace:
[  188.593164][ T8048]  <TASK>
[  188.593172][ T8048]  dump_stack_lvl+0x189/0x250
[  188.593200][ T8048]  ? __pfx____ratelimit+0x10/0x10
[  188.593231][ T8048]  ? __pfx_dump_stack_lvl+0x10/0x10
[  188.593253][ T8048]  ? __pfx__printk+0x10/0x10
[  188.593290][ T8048]  should_fail_ex+0x414/0x560
[  188.593319][ T8048]  _copy_to_user+0x31/0xb0
[  188.593341][ T8048]  udp_lib_getsockopt+0x41e/0x4b0
[  188.593370][ T8048]  ? __pfx_udp_lib_getsockopt+0x10/0x10
[  188.593405][ T8048]  do_sock_getsockopt+0x35d/0x650
[  188.593433][ T8048]  ? __pfx_do_sock_getsockopt+0x10/0x10
[  188.593456][ T8048]  ? do_syscall_64+0x40/0x3b0
[  188.593474][ T8048]  ? __fget_files+0x3a0/0x420
[  188.593500][ T8048]  ? __fget_files+0x2a/0x420
[  188.593534][ T8048]  __x64_sys_getsockopt+0x1a5/0x250
[  188.593558][ T8048]  ? do_syscall_64+0x40/0x3b0
[  188.593579][ T8048]  ? do_syscall_64+0x40/0x3b0
[  188.593601][ T8048]  do_syscall_64+0xfa/0x3b0
[  188.593622][ T8048]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  188.593640][ T8048]  ? asm_sysvec_apic_timer_interrupt+0x1a/0x20
[  188.593658][ T8048]  ? clear_bhb_loop+0x60/0xb0
[  188.593681][ T8048]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  188.593698][ T8048] RIP: 0033:0x7f343b58e929
[  188.593717][ T8048] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  188.593733][ T8048] RSP: 002b:00007f343c453038 EFLAGS: 00000246 ORIG_RAX: 0000000000000037
[  188.593755][ T8048] RAX: ffffffffffffffda RBX: 00007f343b7b5fa0 RCX: 00007f343b58e929
[  188.593770][ T8048] RDX: 0000000000000064 RSI: 0000000000000011 RDI: 0000000000000003
[  188.593781][ T8048] RBP: 00007f343c453090 R08: 0000200000000080 R09: 0000000000000000
[  188.593794][ T8048] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  188.593805][ T8048] R13: 0000000000000000 R14: 00007f343b7b5fa0 R15: 00007ffd5be5bb58
[  188.593835][ T8048]  </TASK>
[  188.608845][ T4499] usb 1-1: could not probe fw (-71)
[  188.899715][ T5835] ums-usbat 5-1:0.230: probe with driver ums-usbat failed with error -5
[  188.963843][ T5835] usb 5-1: USB disconnect, device number 6
[  189.319798][ T8069] autofs: Unknown parameter '0x0000000000000003'
[  189.696854][ T8090] random: crng reseeded on system resumption
[  189.758039][ T8090] FAULT_INJECTION: forcing a failure.
[  189.758039][ T8090] name failslab, interval 1, probability 0, space 0, times 0
[  189.793386][ T8093] netlink: 830 bytes leftover after parsing attributes in process `syz.0.710'.
[  189.827069][ T8093] team0: default FDB implementation only supports local addresses
[  189.838186][ T8090] CPU: 0 UID: 0 PID: 8090 Comm: syz.4.709 Not tainted 6.16.0-rc2-syzkaller-00231-g75f5f23f8787 #0 PREEMPT(full) 
[  189.838218][ T8090] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  189.838229][ T8090] Call Trace:
[  189.838238][ T8090]  <TASK>
[  189.838246][ T8090]  dump_stack_lvl+0x189/0x250
[  189.838276][ T8090]  ? __pfx____ratelimit+0x10/0x10
[  189.838306][ T8090]  ? __pfx_dump_stack_lvl+0x10/0x10
[  189.838328][ T8090]  ? __pfx__printk+0x10/0x10
[  189.838358][ T8090]  ? __lock_acquire+0xab9/0xd20
[  189.838383][ T8090]  should_fail_ex+0x414/0x560
[  189.838414][ T8090]  should_failslab+0xa8/0x100
[  189.838441][ T8090]  __kmalloc_cache_noprof+0x70/0x3d0
[  189.838463][ T8090]  ? async_schedule_node_domain+0x5b/0x120
[  189.838484][ T8090]  ? __pfx___async_dev_cache_fw_image+0x10/0x10
[  189.838515][ T8090]  async_schedule_node_domain+0x5b/0x120
[  189.838539][ T8090]  dev_cache_fw_image+0x364/0x3e0
[  189.838575][ T8090]  ? __pfx_dev_cache_fw_image+0x10/0x10
[  189.838609][ T8090]  ? __pfx_dev_cache_fw_image+0x10/0x10
[  189.838639][ T8090]  dpm_for_each_dev+0x56/0xb0
[  189.838669][ T8090]  fw_pm_notify+0x200/0x2a0
[  189.838695][ T8090]  ? __pfx_fw_pm_notify+0x10/0x10
[  189.838722][ T8090]  ? __pfx_autoremove_wake_function+0x10/0x10
[  189.838750][ T8090]  ? blocking_notifier_call_chain_robust+0x65/0x100
[  189.838785][ T8090]  notifier_call_chain+0x1b3/0x3e0
[  189.838818][ T8090]  blocking_notifier_call_chain_robust+0x85/0x100
[  189.838848][ T8090]  pm_notifier_call_chain_robust+0x2c/0x60
[  189.838870][ T8090]  snapshot_open+0x133/0x280
[  189.838893][ T8090]  ? __pfx_snapshot_open+0x10/0x10
[  189.838911][ T8090]  misc_open+0x2bc/0x330
[  189.838942][ T8090]  chrdev_open+0x4cc/0x5e0
[  189.839067][ T8090]  ? __pfx_chrdev_open+0x10/0x10
[  189.839109][ T8090]  ? __pfx_chrdev_open+0x10/0x10
[  189.839134][ T8090]  do_dentry_open+0xdf3/0x1970
[  189.839173][ T8090]  vfs_open+0x3b/0x340
[  189.839188][ T8090]  ? path_openat+0x2ecd/0x3830
[  189.839213][ T8090]  path_openat+0x2ee5/0x3830
[  189.839233][ T8090]  ? arch_stack_walk+0xfc/0x150
[  189.839294][ T8090]  ? __pfx_path_openat+0x10/0x10
[  189.839311][ T8090]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  189.839349][ T8090]  do_filp_open+0x1fa/0x410
[  189.839367][ T8090]  ? __lock_acquire+0xab9/0xd20
[  189.839389][ T8090]  ? __pfx_do_filp_open+0x10/0x10
[  189.839441][ T8090]  ? _raw_spin_unlock+0x28/0x50
[  189.839469][ T8090]  ? alloc_fd+0x64c/0x6c0
[  189.839512][ T8090]  do_sys_openat2+0x121/0x1c0
[  189.839537][ T8090]  ? __pfx_do_sys_openat2+0x10/0x10
[  189.839559][ T8090]  ? ksys_write+0x22a/0x250
[  189.839588][ T8090]  ? __pfx_ksys_write+0x10/0x10
[  189.839616][ T8090]  __x64_sys_openat+0x138/0x170
[  189.839645][ T8090]  do_syscall_64+0xfa/0x3b0
[  189.839664][ T8090]  ? lockdep_hardirqs_on+0x9c/0x150
[  189.839701][ T8090]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  189.839721][ T8090]  ? clear_bhb_loop+0x60/0xb0
[  189.839746][ T8090]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  189.839765][ T8090] RIP: 0033:0x7f756378e929
[  189.839784][ T8090] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  189.839801][ T8090] RSP: 002b:00007f7564536038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[  189.839823][ T8090] RAX: ffffffffffffffda RBX: 00007f75639b5fa0 RCX: 00007f756378e929
[  189.839837][ T8090] RDX: 0000000000002501 RSI: 0000200000000000 RDI: ffffffffffffff9c
[  189.839850][ T8090] RBP: 00007f7564536090 R08: 0000000000000000 R09: 0000000000000000
[  189.839862][ T8090] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  189.839873][ T8090] R13: 0000000000000001 R14: 00007f75639b5fa0 R15: 00007ffdd31fe8a8
[  189.839909][ T8090]  </TASK>
[  190.201197][    C0] vkms_vblank_simulate: vblank timer overrun
[  190.215634][ T8090] 
[  190.218218][ T8090] ============================================
[  190.224373][ T8090] WARNING: possible recursive locking detected
[  190.230643][ T8090] 6.16.0-rc2-syzkaller-00231-g75f5f23f8787 #0 Not tainted
[  190.237855][ T8090] --------------------------------------------
[  190.244038][ T8090] syz.4.709/8090 is trying to acquire lock:
[  190.249949][ T8090] ffffffff8ed27a28 (fw_lock){+.+.}-{4:4}, at: assign_fw+0x52/0x890
[  190.258331][ T8090] 
[  190.258331][ T8090] but task is already holding lock:
[  190.265891][ T8090] ffffffff8ed27a28 (fw_lock){+.+.}-{4:4}, at: fw_pm_notify+0x1e8/0x2a0
[  190.274412][ T8090] 
[  190.274412][ T8090] other info that might help us debug this:
[  190.282663][ T8090]  Possible unsafe locking scenario:
[  190.282663][ T8090] 
[  190.290384][ T8090]        CPU0
[  190.293700][ T8090]        ----
[  190.296986][ T8090]   lock(fw_lock);
[  190.300802][ T8090]   lock(fw_lock);
[  190.304614][ T8090] 
[  190.304614][ T8090]  *** DEADLOCK ***
[  190.304614][ T8090] 
[  190.312776][ T8090]  May be due to missing lock nesting notation
[  190.312776][ T8090] 
[  190.321459][ T8090] 5 locks held by syz.4.709/8090:
[  190.326484][ T8090]  #0: ffffffff8ebd46c8 (misc_mtx){+.+.}-{4:4}, at: misc_open+0x51/0x330
[  190.335119][ T8090]  #1: ffffffff8e1ee168 (system_transition_mutex){+.+.}-{4:4}, at: lock_system_sleep+0x4a/0x70
[  190.345480][ T8090]  #2: ffffffff8e212650 ((pm_chain_head).rwsem){++++}-{4:4}, at: blocking_notifier_call_chain_robust+0x65/0x100
[  190.357334][ T8090]  #3: ffffffff8ed27a28 (fw_lock){+.+.}-{4:4}, at: fw_pm_notify+0x1e8/0x2a0
[  190.366142][ T8090]  #4: ffffffff8ed22aa8 (dpm_list_mtx){+.+.}-{4:4}, at: dpm_for_each_dev+0x29/0xb0
[  190.375567][ T8090] 
[  190.375567][ T8090] stack backtrace:
[  190.381480][ T8090] CPU: 1 UID: 0 PID: 8090 Comm: syz.4.709 Not tainted 6.16.0-rc2-syzkaller-00231-g75f5f23f8787 #0 PREEMPT(full) 
[  190.381503][ T8090] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  190.381512][ T8090] Call Trace:
[  190.381522][ T8090]  <TASK>
[  190.381530][ T8090]  dump_stack_lvl+0x189/0x250
[  190.381552][ T8090]  ? __pfx_dump_stack_lvl+0x10/0x10
[  190.381569][ T8090]  ? __pfx__printk+0x10/0x10
[  190.381584][ T8090]  ? print_lock_name+0xde/0x100
[  190.381600][ T8090]  print_deadlock_bug+0x28b/0x2a0
[  190.381617][ T8090]  validate_chain+0x1a3f/0x2140
[  190.381636][ T8090]  ? _raw_spin_unlock_irqrestore+0x85/0x110
[  190.381657][ T8090]  ? lockdep_hardirqs_on+0x9c/0x150
[  190.381681][ T8090]  __lock_acquire+0xab9/0xd20
[  190.381697][ T8090]  ? assign_fw+0x52/0x890
[  190.381715][ T8090]  lock_acquire+0x120/0x360
[  190.381728][ T8090]  ? assign_fw+0x52/0x890
[  190.381746][ T8090]  ? kasan_save_free_info+0x46/0x50
[  190.381768][ T8090]  ? kmem_cache_free+0x18f/0x400
[  190.381784][ T8090]  ? __async_dev_cache_fw_image+0x7f/0x280
[  190.381807][ T8090]  __mutex_lock+0x182/0xe80
[  190.381819][ T8090]  ? assign_fw+0x52/0x890
[  190.381836][ T8090]  ? path_openat+0x2ee5/0x3830
[  190.381851][ T8090]  ? do_filp_open+0x1fa/0x410
[  190.381874][ T8090]  ? __x64_sys_openat+0x138/0x170
[  190.381893][ T8090]  ? do_syscall_64+0xfa/0x3b0
[  190.381905][ T8090]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  190.381921][ T8090]  ? assign_fw+0x52/0x890
[  190.381939][ T8090]  ? __pfx___mutex_lock+0x10/0x10
[  190.381956][ T8090]  ? kasan_quarantine_put+0xdd/0x220
[  190.382029][ T8090]  ? lockdep_hardirqs_on+0x9c/0x150
[  190.382051][ T8090]  assign_fw+0x52/0x890
[  190.382069][ T8090]  ? _request_firmware+0xe57/0x15b0
[  190.382087][ T8090]  ? kmem_cache_free+0x18f/0x400
[  190.382105][ T8090]  _request_firmware+0xeea/0x15b0
[  190.382124][ T8090]  ? __lock_acquire+0xab9/0xd20
[  190.382143][ T8090]  ? __pfx__request_firmware+0x10/0x10
[  190.382161][ T8090]  ? _raw_spin_unlock_irqrestore+0x85/0x110
[  190.382181][ T8090]  ? lockdep_hardirqs_on+0x9c/0x150
[  190.382201][ T8090]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  190.382222][ T8090]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  190.382242][ T8090]  ? async_schedule_node_domain+0xa5/0x120
[  190.382257][ T8090]  __async_dev_cache_fw_image+0x7f/0x280
[  190.382279][ T8090]  ? __pfx___async_dev_cache_fw_image+0x10/0x10
[  190.382302][ T8090]  async_schedule_node_domain+0xde/0x120
[  190.382317][ T8090]  dev_cache_fw_image+0x364/0x3e0
[  190.382339][ T8090]  ? __pfx_dev_cache_fw_image+0x10/0x10
[  190.382361][ T8090]  ? __pfx_dev_cache_fw_image+0x10/0x10
[  190.382382][ T8090]  dpm_for_each_dev+0x56/0xb0
[  190.382403][ T8090]  fw_pm_notify+0x200/0x2a0
[  190.382428][ T8090]  ? __pfx_fw_pm_notify+0x10/0x10
[  190.382448][ T8090]  ? __pfx_autoremove_wake_function+0x10/0x10
[  190.382475][ T8090]  ? blocking_notifier_call_chain_robust+0x65/0x100
[  190.382496][ T8090]  notifier_call_chain+0x1b3/0x3e0
[  190.382515][ T8090]  blocking_notifier_call_chain_robust+0x85/0x100
[  190.382535][ T8090]  pm_notifier_call_chain_robust+0x2c/0x60
[  190.382549][ T8090]  snapshot_open+0x133/0x280
[  190.382563][ T8090]  ? __pfx_snapshot_open+0x10/0x10
[  190.382577][ T8090]  misc_open+0x2bc/0x330
[  190.382596][ T8090]  chrdev_open+0x4cc/0x5e0
[  190.382618][ T8090]  ? __pfx_chrdev_open+0x10/0x10
[  190.382645][ T8090]  ? __pfx_chrdev_open+0x10/0x10
[  190.382664][ T8090]  do_dentry_open+0xdf3/0x1970
[  190.382682][ T8090]  vfs_open+0x3b/0x340
[  190.382694][ T8090]  ? path_openat+0x2ecd/0x3830
[  190.382710][ T8090]  path_openat+0x2ee5/0x3830
[  190.382725][ T8090]  ? arch_stack_walk+0xfc/0x150
[  190.382752][ T8090]  ? __pfx_path_openat+0x10/0x10
[  190.382768][ T8090]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  190.382787][ T8090]  do_filp_open+0x1fa/0x410
[  190.382802][ T8090]  ? __lock_acquire+0xab9/0xd20
[  190.382817][ T8090]  ? __pfx_do_filp_open+0x10/0x10
[  190.382843][ T8090]  ? _raw_spin_unlock+0x28/0x50
[  190.382863][ T8090]  ? alloc_fd+0x64c/0x6c0
[  190.382885][ T8090]  do_sys_openat2+0x121/0x1c0
[  190.382900][ T8090]  ? __pfx_do_sys_openat2+0x10/0x10
[  190.382914][ T8090]  ? ksys_write+0x22a/0x250
[  190.382933][ T8090]  ? __pfx_ksys_write+0x10/0x10
[  190.382951][ T8090]  __x64_sys_openat+0x138/0x170
[  190.382974][ T8090]  do_syscall_64+0xfa/0x3b0
[  190.382987][ T8090]  ? lockdep_hardirqs_on+0x9c/0x150
[  190.383008][ T8090]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  190.383021][ T8090]  ? clear_bhb_loop+0x60/0xb0
[  190.383037][ T8090]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  190.383056][ T8090] RIP: 0033:0x7f756378e929
[  190.383072][ T8090] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  190.383086][ T8090] RSP: 002b:00007f7564536038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[  190.383103][ T8090] RAX: ffffffffffffffda RBX: 00007f75639b5fa0 RCX: 00007f756378e929
[  190.383115][ T8090] RDX: 0000000000002501 RSI: 0000200000000000 RDI: ffffffffffffff9c
[  190.383125][ T8090] RBP: 00007f7564536090 R08: 0000000000000000 R09: 0000000000000000
[  190.383135][ T8090] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  190.383144][ T8090] R13: 0000000000000001 R14: 00007f75639b5fa0 R15: 00007ffdd31fe8a8
[  190.383159][ T8090]  </TASK>
[  194.523682][ T1305] ieee802154 phy0 wpan0: encryption failed: -22
[  194.531305][ T1305] ieee802154 phy1 wpan1: encryption failed: -22