last executing test programs:

8m8.675825661s ago: executing program 2 (id=3117):
connect$netlink(0xffffffffffffffff, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
getpid()
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r1, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sysinfo(&(0x7f0000000000)=""/196)
r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000000)=0x15)
ioctl$TCSETS(r2, 0x404c4701, &(0x7f0000000040)={0x1, 0x0, 0x0, 0x0, 0x14, "3eccd8fd0000000000000010000000040100"})

8m0.469671352s ago: executing program 2 (id=3132):
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r1}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x2}, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
keyctl$set_reqkey_keyring(0xf, 0xfffffffb)
bind$inet(r0, &(0x7f0000000040)={0x2, 0x4e22, @empty}, 0x67)
r5 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
sendmsg$netlink(r5, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000), 0x0, 0x0, 0x0, 0x20004085}, 0x0)
setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f00000005c0)='syz_tun\x00', 0x10)
r6 = socket$inet_udp(0x2, 0x2, 0x0)
syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff)
connect$inet(r6, 0x0, 0x0)
sendmmsg(r6, &(0x7f0000007fc0), 0x800001d, 0xf00)
r7 = socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$IP_VS_SO_SET_ADD(r7, 0x0, 0x482, &(0x7f0000000040)={0x100000011, @multicast2, 0x0, 0x0, 'lblc\x00', 0xa43531a02e0465ec, 0x56dc, 0x6f}, 0x2c)
sendto$inet(r0, 0x0, 0x0, 0x20000844, &(0x7f0000000080)={0x2, 0x0, @remote}, 0x10)

7m51.300650853s ago: executing program 2 (id=3146):
r0 = socket$alg(0x26, 0x5, 0x0)
sched_setscheduler(0x0, 0x1, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
socket$nl_generic(0x10, 0x3, 0x10)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0)
r2 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
r3 = syz_open_dev$media(&(0x7f0000000080), 0x1, 0x0)
ioctl$MEDIA_IOC_REQUEST_ALLOC(r3, 0x80047c05, 0x0)
writev(r2, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
openat$ptmx(0xffffffffffffff9c, 0x0, 0x0, 0x0)
writev(r1, 0x0, 0x0)
bind$alg(r0, &(0x7f0000000080)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb-cast5-avx\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000300)="c99bfa0018", 0x5)
r4 = accept4(r0, 0x0, 0x0, 0x0)
syz_genetlink_get_family_id$devlink(0x0, r4)

7m49.554454454s ago: executing program 2 (id=3149):
bpf$MAP_CREATE(0x0, 0x0, 0x50)
write$UHID_INPUT(0xffffffffffffffff, 0x0, 0x0)
r0 = openat$dma_heap(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$DMA_HEAP_IOCTL_ALLOC(r0, 0xc0184800, 0x0)
ioctl$DMA_BUF_SET_NAME_A(0xffffffffffffffff, 0x40046201, 0x0)
connect$inet(0xffffffffffffffff, &(0x7f0000000180)={0x2, 0x4e21, @local}, 0x10)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000080)=@ipv6_newroute={0x1c, 0x18, 0xffffffffffffffff, 0x0, 0x0, {0xa, 0x0, 0x0, 0x0, 0xfe, 0x0, 0xfd, 0x9}}, 0x1c}}, 0x0)
socket$inet6(0xa, 0x3, 0xff)
openat(0xffffffffffffff9c, 0x0, 0x88040, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000600)=@bridge_getneigh={0xc4, 0x1e, 0x2, 0x70bd2c, 0x25dfdbff, {0x7, 0x0, 0x0, 0x0, 0x40a08, 0x120}, [@IFLA_MAP={0x20, 0xe, {0x3, 0x8, 0x8000000000000001, 0x8001, 0x5, 0xf6}}, @IFLA_PROP_LIST={0x7c, 0x34, 0x0, 0x1, [{0x14, 0x35, 'bond_slave_0\x00'}, {0x14, 0x35, 'virt_wifi0\x00'}, {0x14, 0x35, 'lo\x00'}, {0x14, 0x35, 'veth1_vlan\x00'}, {0x14, 0x35, 'veth1_to_bond\x00'}, {0x14, 0x35, 'veth0_macvtap\x00'}]}, @IFLA_MASTER={0x8}]}, 0xc4}, 0x1, 0x11}, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r2, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000000)=ANY=[@ANYRES32=0x0, @ANYBLOB="8304050000000000800012800e00010069703665727370616e0000006c000280140006002001000000000000000000000000000214000600fc020000000000000000000000000001060002000030000014000700fc020000000000000000000000000000040012000500", @ANYRES32=0x0, @ANYBLOB], 0xa0}}, 0x0)

7m49.101950312s ago: executing program 2 (id=3151):
sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000e80)={0x0, 0x0, &(0x7f0000000e40)={0x0, 0xcc}, 0x1, 0x0, 0x0, 0x80}, 0x4000000)
socketpair$unix(0x1, 0x3, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
ioctl$vim2m_VIDIOC_S_FMT(0xffffffffffffffff, 0xc0d05605, &(0x7f0000000140)={0x3, @pix={0x434c, 0x8, 0x584e4f53, 0x4, 0x2, 0x7, 0x0, 0x5, 0x1, 0x4, 0x2, 0x7}})
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
ioctl$VHOST_SET_VRING_BASE(0xffffffffffffffff, 0xaf01, 0x0)
syz_genetlink_get_family_id$ethtool(&(0x7f0000000000), 0xffffffffffffffff)
sendmsg$ETHTOOL_MSG_LINKMODES_GET(0xffffffffffffffff, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000040)=ANY=[@ANYBLOB="14000000", @ANYBLOB="ad430000000001000000"], 0x14}, 0x1, 0x0, 0x0, 0x20000054}, 0x0)
set_mempolicy(0x2, &(0x7f0000000080)=0x51e1, 0x3ff)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000140)='./file1\x00', 0x401c2, 0x0)
ftruncate(r1, 0x8800000)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000100)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
recvmmsg(r3, &(0x7f00000034c0)=[{{0x0, 0x0, &(0x7f0000001e40)=[{&(0x7f0000000b80)=""/4096, 0x20001b80}, {&(0x7f0000001b80)=""/112, 0x70}], 0x2, 0x0, 0xa0028cb4}}], 0x40000000000013c, 0x700, 0x0)
sendfile(r2, r1, 0x0, 0x578410eb)
r4 = getpid()
process_vm_readv(r4, &(0x7f00000007c0), 0x0, &(0x7f0000008640)=[{&(0x7f0000008480)=""/95, 0x5f}], 0x1, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x8)
timer_create(0x0, &(0x7f0000000000)={0x0, 0x21}, &(0x7f0000000100))
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0)
syz_usb_connect$printer(0x0, 0x36, &(0x7f0000000040)=ANY=[@ANYBLOB="1201000000030020f003176c400000000001090224725100000000090400001207010300090501020000000000090582020002"], 0x0)

7m47.356128241s ago: executing program 2 (id=3153):
openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x275a, 0x0)
r0 = socket$netlink(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$devlink(&(0x7f0000000040), 0xffffffffffffffff)
r2 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt$inet_sctp6_SCTP_ENABLE_STREAM_RESET(r2, 0x84, 0x76, &(0x7f0000000100)={0x0, 0x7}, 0x8)
setsockopt$inet_sctp6_SCTP_RECONFIG_SUPPORTED(r2, 0x84, 0x75, &(0x7f0000000440)={0x0, 0x9}, 0x8)
bind$inet6(r2, &(0x7f00000002c0)={0xa, 0x4e23, 0x0, @loopback}, 0x1c)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000100)={'team_slave_1\x00', <r3=>0x0})
sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x24040084)
r4 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000740)={0x0, &(0x7f0000000900)=""/78, 0x0, 0x4e, 0x0, 0x3a0cd7e9, 0x10000}, 0x28)
r5 = bpf$MAP_CREATE(0x0, &(0x7f0000000400)=@base={0x9, 0x5, 0x200, 0x40, 0x0, 0x1}, 0x50)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000200), &(0x7f00000003c0), 0x7fff, r5}, 0x38)
bpf$MAP_GET_NEXT_KEY(0x15, &(0x7f00000001c0)={r5, &(0x7f0000000080), &(0x7f0000000180)=""/29}, 0x20)
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000a00)={0x1, <r6=>0xffffffffffffffff}, 0x4)
r7 = bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000a40)={0xffffffffffffffff, 0x400, 0x8}, 0xc)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000bc0)={{0x1, <r8=>0xffffffffffffffff}, &(0x7f0000000b40), &(0x7f0000000b80)}, 0x20)
r9 = bpf$MAP_CREATE(0x0, &(0x7f0000000c00)=@base={0x1, 0x10, 0x3, 0x8, 0x0, 0xffffffffffffffff, 0x1, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x2, 0x1}, 0x50)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000d40)={0x11, 0x5, &(0x7f0000000480)=@framed={{0x18, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x3}, [@map_fd={0x18, 0x9}]}, &(0x7f0000000600)='syzkaller\x00', 0x323, 0xdc, &(0x7f00000007c0)=""/220, 0x40f00, 0x21, '\x00', r3, 0x0, r4, 0x8, &(0x7f0000000980)={0x4, 0x5}, 0x8, 0x10, &(0x7f00000009c0)={0x4, 0x4, 0x4, 0x6}, 0x10, 0x0, 0x0, 0x7, &(0x7f0000000c80)=[r5, r0, r6, r7, 0xffffffffffffffff, r8, r9], &(0x7f0000000cc0)=[{0x1, 0x2, 0xb, 0x9}, {0x2, 0x3, 0xe, 0x2}, {0x5, 0x5, 0x7, 0xa}, {0x0, 0x4, 0x4, 0x1}, {0x3, 0x2, 0x5, 0x9}, {0x5, 0x2, 0xc, 0x7}, {0x3, 0x4, 0xd}], 0x10, 0xf}, 0x94)
sendmmsg$inet6(r2, &(0x7f0000001500)=[{{&(0x7f00000000c0)={0xa, 0x4e23, 0x1, @loopback}, 0x1c, &(0x7f0000000580)=[{&(0x7f00000003c0)='\t', 0x1}], 0x1}}], 0x1, 0x0)
setsockopt$inet_sctp6_SCTP_RESET_ASSOC(r2, 0x84, 0x78, &(0x7f00000008c0), 0x4)
socket$pppoe(0x18, 0x1, 0x0)
sendmsg$DEVLINK_CMD_RATE_NEW(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000700)={&(0x7f0000000300)={0x34, r1, 0x1, 0x0, 0x25dfdbfb, {0x25}, [@handle=@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}]}, 0x34}, 0x1, 0x0, 0x0, 0x41}, 0x0)
r10 = socket$inet6(0xa, 0x2, 0x0)
setsockopt$inet6_IPV6_XFRM_POLICY(r10, 0x29, 0x23, &(0x7f00000004c0)={{{@in=@remote, @in6=@private0, 0x0, 0x0, 0x0, 0x0, 0xa}, {}, {}, 0x0, 0x0, 0x0, 0x0, 0x3}, {{@in6=@mcast2, 0x0, 0x2b}, 0x0, @in=@empty}}, 0xe8)
socket$key(0xf, 0x3, 0x2)

7m31.533809063s ago: executing program 32 (id=3153):
openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x275a, 0x0)
r0 = socket$netlink(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$devlink(&(0x7f0000000040), 0xffffffffffffffff)
r2 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt$inet_sctp6_SCTP_ENABLE_STREAM_RESET(r2, 0x84, 0x76, &(0x7f0000000100)={0x0, 0x7}, 0x8)
setsockopt$inet_sctp6_SCTP_RECONFIG_SUPPORTED(r2, 0x84, 0x75, &(0x7f0000000440)={0x0, 0x9}, 0x8)
bind$inet6(r2, &(0x7f00000002c0)={0xa, 0x4e23, 0x0, @loopback}, 0x1c)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000100)={'team_slave_1\x00', <r3=>0x0})
sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x24040084)
r4 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000740)={0x0, &(0x7f0000000900)=""/78, 0x0, 0x4e, 0x0, 0x3a0cd7e9, 0x10000}, 0x28)
r5 = bpf$MAP_CREATE(0x0, &(0x7f0000000400)=@base={0x9, 0x5, 0x200, 0x40, 0x0, 0x1}, 0x50)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000200), &(0x7f00000003c0), 0x7fff, r5}, 0x38)
bpf$MAP_GET_NEXT_KEY(0x15, &(0x7f00000001c0)={r5, &(0x7f0000000080), &(0x7f0000000180)=""/29}, 0x20)
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000a00)={0x1, <r6=>0xffffffffffffffff}, 0x4)
r7 = bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000a40)={0xffffffffffffffff, 0x400, 0x8}, 0xc)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000bc0)={{0x1, <r8=>0xffffffffffffffff}, &(0x7f0000000b40), &(0x7f0000000b80)}, 0x20)
r9 = bpf$MAP_CREATE(0x0, &(0x7f0000000c00)=@base={0x1, 0x10, 0x3, 0x8, 0x0, 0xffffffffffffffff, 0x1, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x2, 0x1}, 0x50)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000d40)={0x11, 0x5, &(0x7f0000000480)=@framed={{0x18, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x3}, [@map_fd={0x18, 0x9}]}, &(0x7f0000000600)='syzkaller\x00', 0x323, 0xdc, &(0x7f00000007c0)=""/220, 0x40f00, 0x21, '\x00', r3, 0x0, r4, 0x8, &(0x7f0000000980)={0x4, 0x5}, 0x8, 0x10, &(0x7f00000009c0)={0x4, 0x4, 0x4, 0x6}, 0x10, 0x0, 0x0, 0x7, &(0x7f0000000c80)=[r5, r0, r6, r7, 0xffffffffffffffff, r8, r9], &(0x7f0000000cc0)=[{0x1, 0x2, 0xb, 0x9}, {0x2, 0x3, 0xe, 0x2}, {0x5, 0x5, 0x7, 0xa}, {0x0, 0x4, 0x4, 0x1}, {0x3, 0x2, 0x5, 0x9}, {0x5, 0x2, 0xc, 0x7}, {0x3, 0x4, 0xd}], 0x10, 0xf}, 0x94)
sendmmsg$inet6(r2, &(0x7f0000001500)=[{{&(0x7f00000000c0)={0xa, 0x4e23, 0x1, @loopback}, 0x1c, &(0x7f0000000580)=[{&(0x7f00000003c0)='\t', 0x1}], 0x1}}], 0x1, 0x0)
setsockopt$inet_sctp6_SCTP_RESET_ASSOC(r2, 0x84, 0x78, &(0x7f00000008c0), 0x4)
socket$pppoe(0x18, 0x1, 0x0)
sendmsg$DEVLINK_CMD_RATE_NEW(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000700)={&(0x7f0000000300)={0x34, r1, 0x1, 0x0, 0x25dfdbfb, {0x25}, [@handle=@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}]}, 0x34}, 0x1, 0x0, 0x0, 0x41}, 0x0)
r10 = socket$inet6(0xa, 0x2, 0x0)
setsockopt$inet6_IPV6_XFRM_POLICY(r10, 0x29, 0x23, &(0x7f00000004c0)={{{@in=@remote, @in6=@private0, 0x0, 0x0, 0x0, 0x0, 0xa}, {}, {}, 0x0, 0x0, 0x0, 0x0, 0x3}, {{@in6=@mcast2, 0x0, 0x2b}, 0x0, @in=@empty}}, 0xe8)
socket$key(0xf, 0x3, 0x2)

38.919022036s ago: executing program 5 (id=4098):
bpf$ENABLE_STATS(0x20, 0x0, 0x0)
r0 = socket$vsock_stream(0x28, 0x1, 0x0)
bind$vsock_stream(r0, &(0x7f0000000440)={0x28, 0x0, 0x2710, @host}, 0x10)
listen(r0, 0x0)
r1 = socket$vsock_stream(0x28, 0x1, 0x0)
connect$vsock_stream(r1, &(0x7f0000000080)={0x28, 0x0, 0x2710}, 0x10)
r2 = accept4(r0, 0x0, 0x0, 0x0)
sendmmsg(r1, &(0x7f0000000e80)=[{{0x0, 0x0, &(0x7f0000000780)=[{&(0x7f0000000240)="7c220752098d1a03003fb4d50b17b9653538f559e8ca1a63dfa1a8f54135abe90913a7bb3930c14e8d1808268429578d92871b8681b42a7a264d4c578a7c26845616d98fc09729e3d8c0aa68e95af732c067f9dd1d9fdd4ee2008561e5a690de23248e60f4ab6390f520377d0a68cc822a17c773be19ee5b51b2428acd21725b17f5fadc10e18e574983e260010d619f74dd4c30", 0x94}], 0x1, &(0x7f0000000480)=ANY=[], 0x170}}, {{0x0, 0x0, &(0x7f0000000700)=[{&(0x7f0000000f40)="f48f2d", 0x7313485bca3e9141}], 0x1}}], 0x2, 0x0)
recvmsg$kcm(r2, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000140)=""/150, 0x96}], 0x5}, 0x0)
r3 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x7fff7ffc}]})
close_range(r3, 0xffffffffffffffff, 0x0)
r4 = openat$ttyprintk(0xffffffffffffff9c, &(0x7f0000000040), 0x21041, 0x0)
ioctl$TIOCSETD(r4, 0x5423, &(0x7f00000000c0)=0x19)
writev(r4, &(0x7f0000006380)=[{&(0x7f0000007480)="7acd", 0x2}, {0x0}], 0x2)
r5 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000900)={0x3, 0xc, &(0x7f00000006c0)=ANY=[@ANYBLOB="180200008000000000000000000000008500000053000000180100002020692500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000004000000850000000600000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x28, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x1}, 0x94)
r6 = openat$fb0(0xffffffffffffff9c, &(0x7f0000000000), 0x191000, 0x0)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000280)={0x12, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB="1800000000000200000000000000000073010600000000009500"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0xa}, 0x94)
ioctl$FBIOPUTCMAP(r6, 0x4605, &(0x7f00000001c0)={0x5, 0x2, &(0x7f0000000040)=[0x5, 0x0], &(0x7f00000000c0)=[0x4], &(0x7f0000000140)=[0x800, 0x8, 0x1ff, 0x4, 0x6, 0x7, 0x0, 0x7], &(0x7f0000000180)=[0x1ff, 0x100]})
timer_create(0xfffffffc, 0x0, &(0x7f0000000040)=<r7=>0x0)
timer_settime(r7, 0x1, &(0x7f000006b000)={{0x0, 0x989680}, {0x0, 0x9}}, 0x0)
clock_gettime(0x0, &(0x7f0000000200)={<r8=>0x0, <r9=>0x0})
timer_settime(r7, 0x0, &(0x7f0000000240)={{r8, r9+10000000}}, &(0x7f0000000340))
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000002c0)={r5, 0x0, 0xe, 0x0, &(0x7f0000000100)="e0b9547ed387dbe9abc89b6f5bec", 0x0, 0xe00, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x48)

38.488640843s ago: executing program 5 (id=4099):
socket$inet6(0xa, 0x0, 0x5)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000300)={&(0x7f0000000440)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x7c, 0x7c, 0x2, [@var, @func_proto={0x0, 0x6, 0x0, 0xd, 0x0, [{}, {}, {}, {}, {}, {}]}, @func, @volatile, @volatile, @const={0x0, 0x0, 0x0, 0xa, 0x2}]}}, 0x0, 0x96}, 0x20)
r0 = socket$inet_mptcp(0x2, 0x1, 0x106)
pipe(&(0x7f00000000c0)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
io_setup(0x3ff, &(0x7f0000000500)=<r3=>0x0)
io_submit(r3, 0x2, &(0x7f0000000300)=[&(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x81, r1, 0x0, 0x0, 0x5}, &(0x7f0000000080)={0x0, 0x0, 0x8, 0x5, 0x0, r2, 0x0}])
ioctl$sock_ipv6_tunnel_SIOCGET6RD(0xffffffffffffffff, 0x89f8, &(0x7f0000000700)={'syztnl1\x00', &(0x7f0000000680)={'ip_vti0\x00', <r4=>0x0, 0x80, 0x0, 0x5c, 0xffff, {{0x16, 0x4, 0x2, 0x9, 0x58, 0x65, 0x0, 0x4, 0x2b, 0x0, @multicast2, @broadcast, {[@ssrr={0x89, 0x7, 0xb1, [@broadcast]}, @timestamp_addr={0x44, 0x14, 0xee, 0x1, 0x6, [{@loopback, 0x8}, {@multicast1, 0x1}]}, @rr={0x7, 0xb, 0x9c, [@empty, @private=0xa010102]}, @end, @ssrr={0x89, 0x1b, 0xa8, [@remote, @remote, @remote, @private=0xa010102, @multicast2, @rand_addr=0x64010102]}]}}}}})
setsockopt$inet_mreqn(r0, 0x0, 0x23, &(0x7f0000000740)={@initdev={0xac, 0x1e, 0x0, 0x0}, @broadcast, r4}, 0xc)
r5 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000140)={&(0x7f0000000000)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0xc, 0xc, 0x2, [@struct]}}, 0x0, 0x26, 0x0, 0x1}, 0x28)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000500)={0x6, 0x3, &(0x7f0000000200)=ANY=[@ANYBLOB="05000000000000007fa3d1aa000000009500000000000000"], &(0x7f0000000280)='GPL\x00', 0x5, 0xe2, &(0x7f00000002c0)=""/226, 0x0, 0x0, '\x00', 0x0, 0x25, r5, 0x8, 0x0, 0x0, 0x10, &(0x7f00000004c0), 0x2}, 0x80)
r6 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x80000}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r6}, 0x18)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r7 = getpid()
sched_setscheduler(r7, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r8=>0xffffffffffffffff, <r9=>0xffffffffffffffff})
connect$unix(r8, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r9, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r8, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r10 = socket$inet6_udp(0xa, 0x2, 0x0)
setsockopt$IP6T_SO_SET_REPLACE(r10, 0x29, 0x40, &(0x7f0000000e40)=@raw={'raw\x00', 0x3c1, 0x3, 0x4c0, 0x0, 0x18c, 0x203, 0x8000000, 0x19030000, 0x3f0, 0x2e0, 0x2e0, 0x3f0, 0x2e0, 0x3, 0x0, {[{{@uncond, 0x300, 0x2d8, 0x300, 0x0, {}, [@common=@unspec=@bpf0={{0x230}, {0x13, [{0x1d}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, 0x0, 0x0, 0xe}, {}, {0x0, 0x0, 0x3}, {0x2}, {}, {0x0, 0x0, 0x0, 0x1}, {}, {}, {0x16}, {}, {}, {0x7}, {}, {0x0, 0x0, 0x0, 0x101}, {}, {}, {}, {}, {}, {}, {0xfffe}, {}, {}, {}, {0x0, 0xfd}, {}, {0x7a04}, {}, {}, {}, {}, {}, {}, {0x0, 0x0, 0x0, 0x800}, {}, {0xb84, 0x0, 0x0, 0xf00}, {0x0, 0x1, 0x0, 0x3}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x4}]}}]}, @common=@unspec=@NFQUEUE3={0x28, 'NFQUEUE\x00', 0x3, {0x0, 0x4}}}, {{@uncond, 0x0, 0xa8, 0xf0}, @common=@unspec=@IDLETIMER={0x48, 'IDLETIMER\x00', 0x0, {0xb, 'syz1\x00', {0x6c8}}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x520)
r11 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r12 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r13 = syz_genetlink_get_family_id$ieee802154(&(0x7f0000000340), r12)
sendmsg$IEEE802154_LLSEC_DEL_KEY(r11, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={&(0x7f00000004c0)=ANY=[@ANYBLOB='8\x00\x00\x00', @ANYRES16=r13, @ANYBLOB="010026bd7000fbdbdf252800000005002e000f0000000c002d000200aaaaaaaaaaaa05002b000300000008000200", @ANYRES32=r12], 0x38}}, 0x40850)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.events\x00', 0x275a, 0x0)
syz_genetlink_get_family_id$nl802154(&(0x7f00000003c0), r11)

36.99971127s ago: executing program 5 (id=4103):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0), 0x28801, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
close(r1)
ioctl$KVM_CHECK_EXTENSION(r0, 0xae01, 0x1)
syz_kvm_setup_syzos_vm$x86(r1, &(0x7f0000bff000/0x400000)=nil)
ioctl$KVM_SET_MEMORY_ATTRIBUTES(r1, 0x4020aed2, &(0x7f0000000900)={0x100000, 0x399000, 0x8})
ioctl$KVM_SET_MEMORY_ATTRIBUTES(r1, 0x4020aed2, &(0x7f0000000000)={0x3000, 0x308000, 0x8})

36.195516395s ago: executing program 5 (id=4106):
bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0xc, 0x4, &(0x7f0000000100)=ANY=[@ANYBLOB="180200000700000000000000000000b7850000002800000095"], &(0x7f0000000000)='syzkaller\x00', 0x2, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x28, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)

35.616553621s ago: executing program 5 (id=4108):
r0 = getpid()
bpf$MAP_CREATE(0x0, &(0x7f0000000580)=ANY=[@ANYBLOB="1800272c88840920c48284d89e0000040000000200000020000000e72f93648457f9021d3ed322dbbe1b040000", @ANYRES64=r0, @ANYRES16, @ANYRES32, @ANYRESHEX=0x0, @ANYBLOB="f396e880d70050fc59e9149012b31179d506f904cdbeea7630d1ebe86ce673358a61ec30198e4b0f8f11b1dde42aa04c8516e8ea10e404332cd286be72164d114c5e5a199277c9af4317462d4f5c6b9d99379abdf999030aadc2da7f975d2c9f6c16d116154c2038e48d359c987180960ea0aad723102a7f85273fea6d43e991e596fd8b963112666db212c7c0c53ca882cf2670e00f428f5e56"], 0x50)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0)
ioctl$TUNSETIFF(r1, 0x400454ca, 0x0)
r2 = getpgrp(0xffffffffffffffff)
socket$inet_udp(0x2, 0x2, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
r3 = socket$inet6_udp(0xa, 0x2, 0x0)
setsockopt$inet6_int(r3, 0x29, 0x13, 0x0, 0x0)
rt_sigprocmask(0x1, &(0x7f0000000200)={[0xf3]}, 0x0, 0x8)
r4 = gettid()
tkill(r4, 0x11)
pselect6(0x40, &(0x7f0000000040)={0xa, 0xbc, 0x3ff, 0x100000001, 0x7, 0x4, 0x4, 0x5}, 0x0, 0x0, &(0x7f0000000240), &(0x7f00000002c0)={&(0x7f0000000280)={[0x3]}, 0x8})
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(r4, 0x2, &(0x7f00000000c0)=0xfffffc23)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
ioctl$sock_SIOCGIFINDEX_80211(r3, 0x8933, 0x0)
prlimit64(r2, 0x5, &(0x7f0000000180)={0x3, 0x80}, &(0x7f0000000380))
sendmsg$NL80211_CMD_GET_STATION(0xffffffffffffffff, &(0x7f00000003c0)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x100000}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x4000000}, 0x4c8d0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
r5 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r5, &(0x7f0000004c00)=""/102392, 0x18ff8)
r6 = socket(0x23, 0x1, 0x0)
setsockopt$IP_VS_SO_SET_ADD(r6, 0x0, 0x482, &(0x7f0000000000)={0x11, @loopback, 0x0, 0x0, 'lblcr\x00', 0x0, 0x0, 0xfffffffc}, 0x2c)
socket(0x11, 0x800000003, 0x0)
socket$netlink(0x10, 0x3, 0x4)
socket$nl_route(0x10, 0x3, 0x0)
bind$inet(0xffffffffffffffff, &(0x7f0000000080)={0x2, 0x4e21, @multicast1}, 0x10)
futex(&(0x7f000000cffc), 0x8c, 0x1, 0x0, &(0x7f0000048000), 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)

33.414482905s ago: executing program 5 (id=4113):
r0 = semget$private(0x0, 0x4000000009, 0x42a)
r1 = socket(0x8, 0x6, 0xffffe0da)
r2 = socket$packet(0x11, 0x2, 0x300)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000080)={'ip6tnl0\x00', <r3=>0x0})
sendmsg$nl_route_sched(r1, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000000c0)=@newqdisc={0x3c, 0x24, 0x3fe3aa0262d8c583, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_fq_pie={{0xb}, {0xc, 0x8002, [@TCA_FQ_PIE_BETA={0x8, 0x6, 0x16}]}}]}, 0x3c}}, 0x0)
semop(r0, &(0x7f00000002c0)=[{0x0, 0xff}], 0x1)
semop(r0, &(0x7f00000001c0)=[{0x3, 0x7, 0x1800}, {0x3, 0x0, 0x1000}], 0x2)
semop(r0, &(0x7f0000000200), 0x53)
r4 = openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0)
r5 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nfc(&(0x7f0000000100), r5)
r6 = socket(0x40000000015, 0x5, 0x0)
setsockopt$SO_RDS_TRANSPORT(r6, 0x114, 0x8, &(0x7f00000008c0), 0x4)
ioctl$sock_kcm_SIOCKCMATTACH(r6, 0x89e0, &(0x7f0000000280))
ioctl$sock_kcm_SIOCKCMATTACH(r6, 0x89e0, &(0x7f0000000080))
socket$nl_route(0x10, 0x3, 0x0)
bpf$PROG_LOAD_XDP(0x5, &(0x7f00000006c0)={0x6, 0x4, &(0x7f0000000000)=ANY=[@ANYBLOB="18020000f2ffffff0000000000000000850000001700000095"], &(0x7f0000000080)='GPL\x00', 0x5, 0x0, 0x0, 0x0, 0x43, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x20000000}, 0x94)
socket$inet_udp(0x2, 0x2, 0x0)
r7 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$TIOCSETD(r7, 0x5423, &(0x7f00000000c0)=0x3)
ioctl$TIOCSSOFTCAR(r7, 0x541a, 0x0)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000040)='./cgroup.net/syz0\x00', 0x1ff)
r8 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000040), 0x200002, 0x0)
r9 = openat$cgroup_devices(r8, &(0x7f0000000200)='devices.deny\x00', 0x2, 0x0)
syz_open_dev$vim2m(&(0x7f0000000000), 0x3, 0x2)
r10 = socket$tipc(0x1e, 0x2, 0x0)
bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000400)=ANY=[@ANYRES64, @ANYRES64=r10, @ANYBLOB="130000000000000044"], 0x20)
ioctl$IOCTL_GET_NCIDEV_IDX(r4, 0x0, &(0x7f0000000300))
socket$inet_tcp(0x2, 0x1, 0x0)
sendmsg$NFC_CMD_DEV_UP(r5, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000900)=ANY=[@ANYRES32=r9, @ANYBLOB="52702f23abac2c22ecb01361fca756f240eeb9389cde11089999295521187a21db4d3a237017763777ff46b8c831e3d3b408b336cb8df59ccb5428d2935db62e29eba7a3cd12a7e1351904ba3409fd9a5655653b9245421311146bfd698a8eeba12b81e2384e08b8cdd0d49cbb37b5728381f720e54fae6fa53f72b2db1878098615e310f5b67a8bb2acd921545234a3abafbe8c4664deff222c3e2df104fc2310869b0a2e45962431a1a700dc406115fea0f36878564e10ef5c13a4ca5d42441b35029561159630316d06785486ed2a617d9c977b3b686655dd2480cc27adeab41d3b05b29029816bc198f98ecd7fcd12881adae63bf885680abf9d611098268145f61e38dec6034c2d836b9c47213be6983c0d558e6d08bcd5bae38c933c4144a4293fbce85faf6ae39b6c6a8b831a4c", @ANYBLOB="bee84007768a109c84d19eccc67f964f584357d0edf550cbe3deb57ef6f1e7d44797e3ae1e28cdf498106749eabb9be3ec6f4cdb61ff6d1ae64fe639401ae9f9f2c9adedbb6691f0e692e34241a3267426f892160edb6fd6320bec292f15a2a77f2228748b91852e222f7eada32798033fbe4ec3c1ede616dd9a9340a4338495f89969ba16849923a275a3b40cf46267d86ef763ea62243b0b2f692ae683fff4c7e90bc83e789af6e804010c5dc9a466adb5035b44ed793381dfa68cd3ae4c8f8d016c2a12577d6f024d8b5385ef50ea19", @ANYRES16=0x0, @ANYBLOB], 0x1c}, 0x1, 0x0, 0x0, 0x8000024}, 0x40000)

28.536929476s ago: executing program 4 (id=4124):
r0 = openat$audio1(0xffffffffffffff9c, &(0x7f0000000240), 0x88002, 0x0)
ioctl$SNDCTL_DSP_SETFRAGMENT(r0, 0xc004500a, &(0x7f0000000040)=0x13)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000de0000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000007200000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f00000000c0)='netlink_extack\x00', r1}, 0x10)
r2 = socket(0x10, 0x3, 0x0)
sendmsg$nl_route(r2, &(0x7f0000000080)={0xffffffffffffffff, 0x0, &(0x7f00000001c0)={&(0x7f00000000c0)=ANY=[@ANYBLOB="200000006800010000000000fddbdf2502f8ffffff000000080005"], 0x20}, 0x1, 0x0, 0x0, 0x4402}, 0x0)
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000140)='io_uring_poll_arm\x00', 0xffffffffffffffff, 0x0, 0x4}, 0x18)
sendmsg$IPCTNL_MSG_TIMEOUT_DEFAULT_SET(r3, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000340)=ANY=[@ANYBLOB="740000000300090c0004800800024000000080050003003a0000000500030084000000440004800800044000000003080006400000c3f008000840000000020800034000000005080004400000000708000340000000020800094508da57ca3b84b842553b62d65b9a3a2764e91affbd7cb051f2066d5af875a962fa0140fc249ce37afaf8242bc72ea6e6267e621e22ef3b1cdb4f5223744c013d6b14d99889cc263931c472e21086a128d778a5c504602520e0b46287b6c466175b0801010000cc2b3ec298e35a04a892f54a4f5f0c772ce81109c1fb3f7681b08bda684cc7db3d5a0a4c15ea966ba642c35ee1a144ef942190c8000000000000000000"], 0x74}, 0x1, 0x0, 0x0, 0xc000044}, 0x20000014)
r4 = syz_io_uring_setup(0x236, &(0x7f0000000980)={0x0, 0x0, 0x10100}, &(0x7f0000000300)=<r5=>0x0, &(0x7f0000000000)=<r6=>0x0)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xc, &(0x7f0000000180)={0x2, &(0x7f00000000c0)=[{0x3ff, 0x81, 0x40, 0xfffffffa}, {0x5, 0xa, 0x9, 0x5}]})
syz_io_uring_submit(r5, r6, &(0x7f0000000200)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x0, 0x0, @fd_index=0x3})
syz_emit_ethernet(0x66, &(0x7f0000000280)=ANY=[@ANYBLOB="0180c249df00000eaaaaaaaaaa00080045030058ffff0000002f907800000000e0000001248022eb0000000010000800000086dd88a888be86ddffff10fe00000100000000000000080022eb00000000200000000200000000000009000000000800655800000000"], 0x0)
io_uring_enter(r4, 0x2def, 0x0, 0x0, 0x0, 0x0)

28.536426597s ago: executing program 1 (id=4125):
r0 = socket$inet_mptcp(0x2, 0x1, 0x106)
connect$inet(r0, &(0x7f0000000000)={0x2, 0x4e22, @empty}, 0x10)

28.437979316s ago: executing program 1 (id=4126):
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$ieee802154(&(0x7f0000000140), r0)
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r2, 0x6, 0x13, &(0x7f0000000000)=0x100000001, 0x4)
connect$inet6(r2, &(0x7f0000000100)={0xa, 0x0, 0x0, @loopback}, 0x1c)
setsockopt$inet6_tcp_TCP_ULP(r2, 0x6, 0x1f, &(0x7f00000000c0), 0x4)
r3 = syz_usb_connect(0x5, 0x24, &(0x7f0000000080)=ANY=[@ANYBLOB="1201000007794608cd0c39007b90000000010902120001fc0000000904"], 0x0)
syz_usb_control_io$cdc_ecm(r3, 0x0, 0x0)
r4 = syz_open_dev$I2C(&(0x7f0000000000), 0x1, 0x402)
preadv(r4, &(0x7f0000002300)=[{&(0x7f00000012c0)=""/214, 0xd6}], 0x1, 0x6, 0xfffefff6)
read$FUSE(0xffffffffffffffff, 0x0, 0x0)
setsockopt$inet6_tcp_TLS_TX(r2, 0x11a, 0x1, &(0x7f0000000340)=@gcm_256={{0x304}, '\x00', "376a31a11e8e279cec092f071cc80f218d360356a936a7e3971a8c35c47e5804", '\x00', "fffffffffffffffd"}, 0x38)
writev(r2, &(0x7f0000000080)=[{&(0x7f00000002c0)="ec", 0xfdef}], 0x1)
setsockopt$inet6_tcp_int(r2, 0x6, 0x19, &(0x7f00000000c0)=0x5, 0x4)
sendmsg$IEEE802154_LLSEC_ADD_DEVKEY(0xffffffffffffffff, &(0x7f00000002c0)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x44020}, 0xc, 0x0}, 0x5)
sendmsg$IEEE802154_ADD_IFACE(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000000c0)=ANY=[@ANYBLOB='D\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="01000000000000000000220000000a0001007770616e3000000005002000000004000500200000000000050020000000000009001f"], 0x44}, 0x1, 0x0, 0x0, 0x880}, 0x44)

28.245719561s ago: executing program 4 (id=4129):
r0 = syz_kvm_setup_syzos_vm$x86(0xffffffffffffffff, &(0x7f0000c00000/0x400000)=nil)
r1 = openat$kvm(0x0, &(0x7f0000000040), 0x1c9800, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
syz_kvm_setup_syzos_vm$x86(r2, &(0x7f0000c00000/0x400000)=nil)
r3 = syz_kvm_add_vcpu$x86(r0, &(0x7f0000000000)={0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="010000000000000088000000000000001000000000000000420000c744240233d8cecbc7442406000000000f011c24660f3881"], 0xa0})
ioctl$KVM_SET_NESTED_STATE(r3, 0x4080aebf, &(0x7f0000000280)={{0x1, 0x0, 0xffffffffffffff36, {0xdddd1000, 0x5000}}, "62f555e0f9c836012c959487e9bafeb15cd459417d251d183362d146a5da275fa7c56e36b8c00cef93e8c26aa3746b883077791cbe55f78b96385e58790dd65124a4dcba480eb9743ad8475f0b30f5b9416ca2edc503e89e3945b9d5d584c4df4c96ea383d0b551dfc6b747010953240f12f85a79fe0e371a9ab0b2ab1ba3e8f37a3385dc9068a628ce6a05183bfd67d45bed9bc3ef1f275746b8709c5c239c2cb101ddbe79b4d3fbba5e6d12c03df76c97488a62d484e587dbc864c37c59eec5adf0ad0e353e39c5d44e5f47e68de2add4a385cc934ed1fa08515f94481fac14eb4de2f788e9a5b66c5db80c6d4c0e4618f96f1d39fced38274c741fb07503cae134c348be7c8860eb3f8eeab8caad6fa9f13f4c7319f0870ef5688d9ed7681871592c434a3e7e5e635314bfe433a70f580a63e670107ef600f0f4825b9fca1b3d182248f0fef5d1c1ed9dbc73ec60bf12ce7af6c1e7d45204601cbfa843b993fcad8644955b7ca9e2b5ca81f49a7b8eb9ff5ecb069ec4c69ae21fa57c464d10a3b2473809563b8dcc22644a0c09b2f4872707fd8bd4d56c2a31f6cb187089e9da60a5c1945337ab749213ff681e940e8d9388ea943d0c29b2c48e281b6aed6fe5f7276390321b330442616da11a79adcee0d31bdf1381fc0d23e4a5cb84329df1957abecf66840f9464cdfb2f46e36ef2c6db74a429cbb70590cf9b9e16a7b11d5f254b41567a29b3f77b28cdb3ed5a4073b143c7c3b2b060e13f7035c029a19162d72b1a5e7ea04bfca6150bd8baf9b8e41cfe9bad45b8596649a0b878c19092dba346bb9e9e069d5bbacf3d3b0e66977b14dffd0a82a233a6371545b672800470de178a220a9dbb4cdeb86f936986e980c5589676dea2d7071018347a94e7e5ad6aeadbd597f352b18c46fc34c94498357e3c97721f9f03b1ba0527712bfd3242cb98d9232882e09022b9da6404a0a3f94cf6002e36cbf701ef7c4bb6135d7d3127699fe61cc2d0f9c5877b3f7a005830711571d74ca5e3c6fd8d118a0df3e154bd6374754c5066124c209323589e7b9d6969ddf6bdcab805012a1ebb639460d08555398815761562a38fd995734ef997b1f9c036de55f228baf772ac899b4aed71e681f189870eb03915fe187e0e55272f6a69ec5876f1ab90fe34b7eda6379bdb95e83153a2160162a6fcb6beda89f1f8dd33a8c6c543117b6b4440f5ffab5ab3c34c756b7dd1c280efdfe3261c7133cd41217ab9198313da6d8fc7bbdae005c40f9704d531f5ebb7045bdb79ecf25983dafb4acb98e44743d7e6b64ff65cba7e7f2b8d53d18ca16e2de188204ecbbd499d70ad852ce30d4fdb0d8408014e3a3de2517cd82971b193e406b744cd5ccc0c2df864bca7a4e0af41ddb8501db2af788a6bad5518d848010986d48e952af942494859d166825cdd54912d0d32ff115efdbd1592325cdc047938a2c9f137f9bb198235a1d83a938acefac6f56946110b522bdb69e2a853965c11fc5a487c1df9510a03ed86baf365f49a30a67f93cfd5eed0fdebfcebcf96b0351826e06d13108fbfa3f85932d5ad00cda467dc39af4d3a33bdc28abcce3a392f219b46736c9e8b870f35dc5f1132c6b00994b78f586ed7af901b05063938e6464ab164befd046facdccd2e984f9c7f7d2d7c0cc8a5904f79895168f4af168102f52ce771719a6b89ae2f8787c3b6a3e4641824cf99c4c3cf7b4b3079b1b5bf7e671ae1920382d459202faf2091d9d85e9baf2a6ab7a6d7f380580f5931379b76a70ce84330dc000c8b4c58ca825d287ab2c1c0d7f6821b6c60dcc206a516a7c8a5cdb12c3c176f2bf3e199444c48503f4c0037225f535b0f9f0882c2001b05fe64c74d99b7267d3978814da995d0a7e61ff03b9d39817dd656544398f713f917f2cf220cfd29b3e59eb8a401fce9b57ba8bc87b0e2685a07d51a0dcbe655769630e36173fb991d710213b4b367c5bce5a8ccd633f553107d1096449c883730df2e07e9deaec2d8c3f8171ca097276dae33e0f9009a82ec90f07ed3200af689263c07f60eb182d3e8305e947a700a5ac208e4c8323534e6e0f51c015a18a396971a8089688cdaf64e7884de54542f35772a41fae7661319e92e62259ae79635b3d888a173fe92a222cf294c569d092e41c6ad59a2c1bff78d506cc8fa28b03eb0aaf19d7e218402c8e19dbfcf5680143bc0a71bfb6a1e68ebf42d634ad8205f0774195d032e8d5bcfbc36bd737141f8be4e7279ed1231921a8e916995aaaf577c64b51b34ef72c9c7b7ccd6a0765ba5162525ce436bfae6d977c11570066622584599f4817bfbea9fb9ad549146a5403d8b9a29827f5dc4f8dae4cc0849c3d7a93fe148f43d465d246a974137f28cc17185adabb9b49d93c6bfe502dc47576c85c5145e0c211a42809959b1a8dd0bb42d9e1831a55bfbb681aacb0b62b4a9298c5d5f5834d0b0cbe626c17b128cdf53a03bc21fe1c7648a96697d8b078d3a6570289ef0e7ebc5bff6a64cfa65276713532fd54147043e0c3b74282dfb6d1e1c137eae1ecb3d3d39a5ace7e48cb0dc94a2c8cfb12742f5538e141207717505fe8b46a2492f7e3e77990b935df524b07efab69e8404ba0670dc27cb9feebb1cc89fbb36c5bab9123e1d56e75bebe2d31a1a4e259d01b70aef3a9479c38bc72e245ae3e6520a6acb16eabb011551c856957e687cbc53e4d6fb89a83c7f54bc5ca3a4f4d933e0b8ec873d7a288e51d8e1a9f7a96b8e7275ab2ca388be30485bfba4c430b7ba98d37873327f53e6ffc5fcc315325cd530747b1217aa9715a80e4391e510ff8c2d4e696cb8a56f7e7328618ec24933834d87e12ddc8c6b5e0349cdbe81a815a0bea4903872bd762e223eeae89961219f8b7ac866b075797d055ba08d5f5b25e402c9d8164c8a18a29df5c7e0250836e04400142e2eb1ae31fd305773bf3352384e023933cc12e2665b90ba7d28cd4199af329817a5fb212e458b5a645773581272a75c294ff564122cf7d96e8f3d14d9876ab09f9e7a2fe184ac2183b50bdba3be95c9d3c0c854492a1beb59e5020fd1bc28c3b70b081e5bfd82176e0987b58fead13096b7b055afe0a6a50af2277eb646224b0705ced3ce3901306e1eacb4906df54f72d4706f6ea6a3f111d9fa0efb2693ca41fb0394d3fd65e85508af36de513c6f1acbb50f386c5d5e712d8f4a720b8b035247ad6167b837000abeb38237c093e5159873dda350801b3f343f53df555c4856e857b0426579ab60adbdbf3db0a5bd58f01a27224a010fde1b679ccb4ffe7069c117958b57372f444d84507bb0f4dbfa44e03cc0cecc93f7af7143340fa28ccf9d49ade9f396063aa5b7ce397574f28ecde2f58655acaead943cc49f26a0a387ad68136f8f4b13fcdd3d5be006b494564c766ebc926140d45c84bd02e6a3e947e7e2dfc5ce301a66a0974b2f5ffa906cb2ae660370ae010224a81bca39e1521cbe7340445b0d6f44c628ed297f5860685ded2acfa10c1b4aac4439c65768d48a175e43fb25c4c85c05b04c0955f1aaa4fd0c18f6ac540b66bd856b8ac32837e8b3082453e4b8f10375f6b32b2af80240dc602bc340a9e107b42a4204bd6bb0889e46a415ff5c24df7ffbe9eca2dddf7ad64c4eb018624cb0a2fa92ffa23bc7c503972fdf208da2f4ff1af3ba19a96b390f209608a3b8c5f19d7117adf3a222b886b04e300a8c8b25afc52201d8afdb0f8d1377c028de8eafabd75759a44ddbb2f4376ffae20629fe08ba10c768fec6f011c61ab155573b48f5141d9ff02ad2c317eaa86becf9d4f007aebd0b152fe7b55aca593b6678bd4333f220fa61e8124657d3dcab9ecb1258857cba8e61861a921222957d4c346bfe81eb0274843ff7fee27dcebf6bd29fd05687e7e85c213c95426b976e07012ebd5e0592082229a8a5bd1b580678b3c204fe6305465c03ceffa908b8150a99c3e32ae4bd095d75ff180fa02e64c471180fa468caaff9fcee94f8fdb55ab9f06dfed97ee710807d1fca7e6b103c1600b7455fd9d8e42c1146938a02cf8c2c8f0ed074398cff451d0ba2d660885e4fb3c384a52fb8d841d8b7bb2c5463aeb015cbbf54f394875e20f6b3574d65ed39c44f2c6d5b0507ff6196dbcd2b69ba0be1d44565958560c5e9688807a74161f8749b78cd558fde84dc2527b344ab773870e184615ad2ccada1ef750ef8b44cd16cb362faf22ba66f6476d0294d6a22483d78a6855a1bd13f151dc80a358224c86021393bdddb093928863475512a6110acb6ec55039ace9c45792478222155ae2177df549934e202c2865b54132ec8a489c5e6bd0a2d3f27ae107d62f95d131279ee8a0c180e3c61bdee4cf53a7fdf60dfcbb443ee3f2218de76f5e33cf8db2f824c63bf15784d022b121cc69761cc80116774dabb549c1c63f9f99bbe66b4351d8274c73754b7e7475dd8030223c8f830bb77bee7346643f2614601d06a52fae4f53bab4ee047552d9bdd0fa5fd7e4f7674f226f04ab733b7369a62ecfa9a47aed6c350594f9f0a211277a89dbff52abe7638f9d4f37370b784abd7f174b5f3b3a68149935cbb6c88a17c9876c8dd1b501c5f3a424bdfe44b177b1799384c28723b7150a61184d006052f8e14e6e77bf3a9164d596ddb341bebae2f2dbd175af59cce8b121ebfee73fad3eed15d87de5b64abc1758396da2508ee3f20bebd93b6d25b6377989ec5424022a0086699478e6860750e9c926c59bcd0cac3e9dbb1f0b0124c2bd69b535573c9617aab0fec4e3faa69512d9a76aad0df282e9dea80422655d7d001b09fdb53930243d3615df8f0bd598430a23de65f6d882166e84a00306fe079973e5322976a43c72b245358e3ceaa926f60b474f81a482fe2137f06cbd4dbffd476c88a4ab0ad32692719467f5afced5894bc15c3f8d830ebffa8ee431b58a2ad355c2872a0f03ba034dbbf730b74de1aaadc634c08b9fe5402a16a7c79ba3f5a4b318b26d4968143343dfcc79106e606d76e488e0cc6cf76df6c076c766bdd27f2a759339ee2da94e5983c7a0e196deebc51ddf909dca31e2ef491be6f9ded1bf2fb50f5322ba94306fb0c6d67a57f58d7a3d30a4a58322d3f0968b7a44e4017c5caf29e2221f5250a8868ed1525e6fa62d0cc79fbfb92d05921542d84339e33305cfd0624e246f742644638e360051f396eb058c68c5f66f5db3c830cc567b0a2601c2354a7f800d7c815c4744e2fabb00cda287aa74c924ab6afcc92e422ef618bd681bea1a9ec7234e67b9690309be0eab273e67f03e6ae349bcb468251954fdc19edd6fb0c09e4306465f2029d08e137bd7e84716a9e9b29c0fb2e5a55256fd878304baea76c9379265ca36a04e69df2782589c1911b8ae314c017ea5685110880b036aa76c4a19dd240664b6f4098aa2bf51b90678098993ebdb39166194b44f35a81709570398f00f0f8a1e9cd004e02cc1ccb63f56b79268dce0dc70438dda8f2885f4f199922a28f04fdac1b4be1a690cd4fdf0c7ff0252768373496e8e6db9068cd492aaea485ffef09c7351d5555eb3545a1048af936a19c5b08a3d47baed2f8cef2f8ae7443acf81b61fa2d0c1cecfe1881d3b2d8882810a014baff0570a389f5424c8e98f64a35e411bd560c5cb5b9ed3f846cc46b4c537691e13bcc3e55762a427534a7354914dac303c3263b8765f861f453e470c4567ba9cb6c13cf17c24bac9ef1f40d9fa5b0b9b5e9d4c082886b80caebaa44fb38934e7bbf184d28c2bc3ac824d1626fccf542eb3", "9986796767d9fd0fda908f894acb12cdce55740ac5c480c3a3291bc10f5ae80fc048fd49821940b8aab380c250e8b64e7629e1ea8236830b784a414ae62716bb5b957d61e75a09f18fad215aec29525458397e4c494bc6a2340c615f0e8c6dfd57d0bdb781f3062f58ddc25ca307e4a9816ee98a7ff97669e571bb3d047a785f93b2aec21f2173bf7eb483327c51f9a4f1ee34d8c5c2bb59d4df7aa879bcb8f6c9f1cd59b6dd2b68a8dc427421a5312819800d471e8b2fd4eac6885cb5fec1504e1d5914850712a421e8c8b6573ef49802f6e0939cc69b8e512762759c8463c49bf0eede745a1c0a083c8901b41c0668f343247f2ffc215eb8b693f3f66619c23a7c6a2d8fcc09cb8f22e9a82c74b149374a4717ab6d1f5d2f03611e9dc5a2fa14e5ff5ebc62d433a8487c71be97deecc9abbec781147f0aef4a01e9a1776a0feb903a9a99b483858a1db2925a6e3319260302c77ac47e0f5645a22ae58ee9a30e5fb287d6dd37a2dc4b6ef5135dc116156028c050720216ba767992608333a67537ad40421161524ac1e1fecadf09a1e487a447554a4a630e597637f196bb0578efdefcd7c81531dc4829e936e775be839e847744ff3c2958455094497703e57d749156f7b2f5489a9a50c5a46febf1dc3e4de3fbc941e225d7086b87180dc37a8a131bc024481d9953731165f48e9c64f014b6c803bfbf694a585f627ae76106c73b6a4b75b0e69521d4a6afba4c7124dfa3bd7703209b183b5226da8f2d28a9bd698c56f27a65c4e99f17dfdab71f1eceaeee7dfc3cce8eb3e4da0f0ba0067382b76d81256332942332bcdb2549f73bae3cbde7afda7f55de4c66a5c735cca09f6a69a078d358a0e6cfecf5f75bb8f98269784b57a0dacbf70c7e50fb6d825e12aaaada902badc93a39c97b17d2aad056223076c61dda9c8b0bc725e19b643662e98ba15f3cd9112fb3626143eb133ff63b28479e6a493e3da73775a4e5cd8e4056056b4b2e95071ba1f39b2e20845366ff10506e1cdab955d7553f1ccf7fa48b016d056f88c096a80a84bc80bcfeb2ae63d9de7b7d1dfc13fbedcd1dea588e314acb93f36b689cacbe7a0493a200e2140f5af57a4a9aac1d7e8aa4700a9b8e7df328c48aa74283e1f2aa65cf282f1e8a510652f181cb8d275e3b9c439f520f0cad22499907450b18b599f61573934a9702e669a2841ce927162823f5e78474a5dccc89f17b69a13f8678db56116d16e7b615d6c0d5035c01046db298f1709df8e026db208a49234869cb152fe8372d1dd92cbe5a9a1af7ca24da40e627bd3a0bf1bce4fa4ca7f84f1d653659fbc1673929644f206f921fb45998f14be6f973f17d12057f404794ac33bb9537bbfa2db701a6786d61e80c80ae0277cfd596bc00a64122b2c0679c9b53a23448bdb30748d256b74fd397190de0fb1b788635ed90ab3ba1f3ad5a6626fd32d443dc6ef612a98fcad01dc4adec4008f107781f75736a060debc3e435fce322fa9062e7d9dc61eff2066ccd198c4c79c27293a3ba32a5112a9b0e1a1f0038c4302ae0034324c275250958708f63771713dd77795a85024d5c1988193dbecdc5e270660c63186354d0aa8c94a5f4656008087eba2a80740c0751269aecfb19e44769b7103f4ce75e2217ef19fd082279d6b5365bb9e48a5a52228d2e3d2a8700008add626c77c8d86cbe79a18544b5c22d6c259b61d2a2cadc23790f78eea04f904d03e07bdc69c969a65a0c3fa12b84b603b9190dd861db36a31a2a23454a291a497aa5eddf301d08408c5cf2a7637983d0adf416f0d374b6f329e4c6cc70423e068bc52c29b9f3d90c3ceb980e5e72d6ba116bae4c1814daf96525df4edfdc36128ccb867484bb742ac67d390d51223ec9100672da49675e7bc60376231009fa7f7045521d0c848da8b90b2e1aed06e21b836e358def56699171f51c4edd7cabb5de5a8d69e0f8c8a6b43537bc487236ed0bf58a574028de77ec1075989eca2f30379c457c86c6fe881db3c14b37b528e6bbc71dec6e31f82a5dfa31b2a1198e494880f3bbcbf3fdd63e76555453abf5e80f5108484352c9e7281be00cbc90193ed93c8318e8798bb226d5117d5b53e882bda1d85c0245eaf3f07e54a86d40b39f3ae637e6042036d0be12f547208b104107b4b0de9b141755e785ab100d99d27e92152d40542395258648982065618d2500ffb7aa3bbe721a54d198cbc9f3aa92b43f22aff291823be272a68d5157ab0ba948cc2cb6a66d359162188db0866bfb7d174f453101b63112df10561f2b8181b45ed6fd59ae773a021f312b4cc24abe897981de1dba2687551ee15d56cf8423d553cdf870eee38c8aea321ade420398d4e4d1ec47332e4b45059cc212613dc3d4f1cfeb8eb0620da33cb4fa1067e008e9ffebe062943a519aec5da9cab4f606c3a306f609270d85ef7c34231a361b5bf4736a6b9c14fc567bcd10466cc59897f904bcf724efcab14d13d02a61a3bc9f92fdedbfba255cd90ced87762143f6e9fbf3cbc1415742c3fefc3d7d472016eea3732c79b607d391f66dc961d33a06f81af3e8cf0a31470e35ff37396ff5af91057bdb2173a565cd269373c34f80f663abc217848b28359d6605b7f0b76ba125b19627fd4abee6fa91840a7b06345619f0930723bae7f5e016d9ac81995d320d47e1888ff033bab4269a2e8f9e237c5b2a37c59af2f7b48bac346dc1398de210ef5bc852b3e518a909c4f7843d1d0b139f47be1b53a6aff54ebb29adcc0ce1ae08260fdb6f1b591c18d256a201f28263771e8ddb36cc25ab46b63b3b26756ad560510ce6eed1cec2bb27387d95502327507fcaab937b8be866f165af119cf6cf333e8043be2378e8650f5f08e089897867b0e95cf0b24fb9d33ea0288fb08d3f69efaf96b53e2d813a545091283c082540abbc70cb80eefbadd77986f1ec79e0349e0bd04896e36de3467c938c57776c33ddd8de665e99554b7a3be004031f314ae2a91ca4c2f8f3b05c4dd77cc8aca8da6174c2116213ce7f3d941715d9b3e82f1dd35b464f0d7b28aff912e22783320cfe8bc44d634d0e86be66f78348b6319b4ce7b82b743396fd52c2be18e5998b58bb887ef8211aaa0c2251a80aa919882aee8cf01c0ad7c2d55f1249d84d8e960cde236989e6565b3b4afda3644cb10bddf9fdaa965c537bc92714920baa9940292e497dd4d25e59aced4117bf98e9f80b226b12dec2c6d1ee03b477114e5fcac102290ff321301c24190a6f6fc192737752904cf02b03eaa631e86add86b751e26fe5b9bec2c41dfe6f776bc74498fd98aa175884c7d66ac9be1ee54b8a8372e4f19530c013483181b471dd3649f70a69209d9204c337a543d2f15d24faec1b2515a4ea73e786f7efedd994f892b6501c07da2bc9e5f30a3b499f68521cd2cddc17ecde8d8d5d437a60e9680891b988aee820ff69b23073a2f981b6777aac61f3b2d073e060119a9cb5437a29b90b4b2280b8d33ddf1bac2e169d58dc61c3091b311146d711eaee9b81e0aba60a5bd577956d149c449a7cf669da9cc7e1a8dc43a293efa14ae800af36e84d1feeba889bf180fd62ed7b671da4727f35cbac893fca3ebfb88eb7148c18b08084f2fc67f0d1de982a4d3d49ee7bbb0b62f2240992042ec71816d649a1e16c0ee0485c18a2ef56d48b8c847f4437ec0dbceb6be97c6355aad410b03d5b2f6d2f82415ab7b16534545339fbad40e0bd5267bfc15eba537c8e44547d0ae4e3fb800db23a560ad4ac5929a168c04b407e02d100b7f6fcd877a6acb8e1a1e2b5cf9054ccfc066be7e7357471fb418af6f376c080feec6686c7865d02087beeddda86b997abf6449ccf7535d954c1f6e98cbf42d662e6ac9742ca3551ae9beac32db3328f4af227ee8d5896e58d139d9494c3d3293d68d40259bb77e953203b5c615ee47d1243282b5abe64d5e1e65272f50132b97912442470791e7c9787896f4c7c284f53d677ccba5ac990508c749f6188ce13880946143a677f81a87994ec1f205814fe02028faec4236c91a071b57378b879888546eb6c2ba6e9e6316d854eaba6a5e4770ce875336c9ae19e400fa77f7ee20b1bbada742875845520c74a502d13f93338b14ba06db9483e233bcd4ed807c5031cc5f08e6b1ceebe672fc3ab464769fd4fa01331fc6d8322aa5f019a1b1bd83ee1f80117a749bca27df6fbd42abfb78b680c0418cc4a94a84b4edf3bff81a6b2d00ce987425dbbd043afcf7d8451f8267fed87c30cb0295ceae4892b80cf045c260913cc1be6f428077486fd9c548cb2eb50f501c26ea75df51abd13d8d990df05f6f99e3b1f766f7d9b96ec1ebb3e049b93fdf7ad593a29c59d27c828deeb596f088913926cb37eeb0e544b089329e9ff9eb328d6ab19fe9fe36e88e70101f041a4967f500f0c6c41d65a02936673012477c7e9ce18225003d5df048476522f24414aa72dc223af6eb6f0902b717a49fcec98739f75b3ce449b8356b31f3803c53ddf12b9839092e005a8dc2e2163dda50c1bc419f8a16e029e1bd06731b2537ab2f5be050c1dc07edacd301d5d7590f0462c566be0456ae35eb34d3bea801645bb89935d20c79f8d2e496049b2bbfcbda5b943b0e4c57c1c842ed24f8509ef2257652d6fc491ca3e9fb41a7f4ccb0bc80ef049418ce235b2fe67fdbe1d53781871187b5ec576234cd2f443cc70848724a2c56fd4147338656628552ff41d24b132d5c82cfe08d51388cbdbfab729de805e96e1a977f9c71b80a2171e32d192bd02f76fa0c0ff3a39fb44cd6d651444196cff54e325f0f3bfb3cb5b354de0864648e741074bb0aada73215c2dd3ca29a6f0fba470bd12b0230d18795e3ffa8390102600f3201d2c6230bba3afc71d3a0554eba4362515300395782195a7a9e9249178466a02ded2db88edc7770d162a5f6227292aa0eebc018e814caeff69904bcbbb54ccf03665312daee061341db9c7915cf64da55feadb5a7d21680eb5d7c1ad33245f9ea22cabdf307419b883588f3689629bf2e73c293f3acf35588bac03ca269892fe2e5f2caed291bc76a8bb851d8ae4c6f26dc1712c0ef4c4722255940d2908cc90e5b7e735e4ada7271b9c1239f5e278555af2b99cb44caaff1450e7942ab1c89ea0003ba27e3f6caae4bce3b203badd471ef454f60e1da6fe44193b130b3b7459956d8e569fea1674517b19433f949b41747648013b493b192d393130048d11243bfebe7758200d8828fa214439fdac0c1fbd0fd1b8a2a5b0b75fdf9bd43cb3429256075d980c8708a9ce60eb7b465f8d53e2a8bb8d713ec93c3a6ba90a55eb4e4f5c72f11eacbd2949657de43f5bca7fbe7a01b48461009937e3f6a7a3157add383fef8336ab43cceb5be4dd714d1c010ca5cbc7b097a6cc0bfd0b85f48e6fb8b36516f670572dabe87cf330219279d76811bddffc0d7c3d8cee770eb0e7058d92faf0ba8c57a67f6fdffb4d51daec920c023b16073333b0173df4776665a7092099916db73499760bdd5ed8dd6c3daad452fea39f3c5cbf22fd2efb2e627f536b6ac7493adb8d2b8569bc0082df50e792fad4b7accfdf349803aeef0b6c92a31687ff14dc360164f7ad97c712ae050aec577f618e7652de1ae5fc19b3d9bdab4758b8549e2607b9f5d0ccdff0b762a4355209d3b9ce59678ef016482d82920f372d55c918bb4508f2e32a674e7a12feff736a8a6a7cebb8add976a4e4327ce8ac20aabc5834281ed43d37e14cda3a8f0d3bd568a5cb53ecb510ed5c24"})
ioctl$KVM_RUN(r3, 0xae80, 0x0)

27.729037855s ago: executing program 4 (id=4131):
pipe(&(0x7f0000000080)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$sock_inet_udp_SIOCINQ(r0, 0x5761, 0x0)
ioctl$DRM_IOCTL_SET_VERSION(r0, 0xc0106407, &(0x7f0000000540)={0x4, 0x68f, 0x2, 0x2})
r1 = socket$packet(0x11, 0x2, 0x300)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000040)={'xfrm0\x00', <r2=>0x0})
r3 = socket$packet(0x11, 0x3, 0x300)
r4 = syz_usb_connect(0x0, 0x24, &(0x7f0000000000)=ANY=[@ANYBLOB="12010000d3e457201e040b40e73e000000010902120001000000000904"], 0x0)
syz_usb_control_io$hid(r4, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r4, 0x0, 0x0)
syz_usb_control_io$hid(r4, &(0x7f0000000080)={0x24, &(0x7f00000000c0)=ANY=[], 0x0, 0x0, 0x0}, 0x0)
syz_usb_control_io$cdc_ncm(r4, 0x0, 0x0)
r5 = socket$inet(0xa, 0x801, 0x84)
connect$inet(r5, &(0x7f0000004cc0)={0x2, 0x4e22, @remote={0xac, 0x14, 0xffffffffffffffff}}, 0x10)
listen(r5, 0x28)
r6 = accept4(r5, 0x0, 0x0, 0x0)
getsockopt$inet_sctp6_SCTP_PRIMARY_ADDR(r6, 0x84, 0x7a, &(0x7f0000000340)={0x0, @in6={{0xa, 0x3, 0x4, @mcast1}}}, &(0x7f0000000040)=0x84)
ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000580)={'team_slave_0\x00'})
syz_usb_connect$cdc_ecm(0x6, 0x5b, &(0x7f00000000c0)={{0x12, 0x1, 0x300, 0x2, 0x0, 0x0, 0x8, 0x525, 0xa4a1, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x49, 0x1, 0x1, 0xe, 0xa0, 0x8, [{{0x9, 0x4, 0x0, 0x8b, 0x3, 0x2, 0x6, 0x0, 0x3e, {{0xa, 0x24, 0x6, 0x0, 0x0, "0efa536e98"}, {0x5, 0x24, 0x0, 0xfff9}, {0xd, 0x24, 0xf, 0x1, 0x5, 0x8, 0x7, 0x1}}, {[{{0x9, 0x5, 0x81, 0x3, 0x400, 0x0, 0x1, 0xfb}}], {{0x9, 0x5, 0x82, 0x2, 0x3ff, 0x6, 0x7}}, {{0x9, 0x5, 0x3, 0x2, 0x20, 0x19, 0x9, 0xa1}}}}}]}}]}}, &(0x7f00000004c0)={0xa, &(0x7f0000000140)={0xa, 0x6, 0x200, 0x4, 0x1, 0xf, 0x40, 0x2}, 0x127, &(0x7f0000000280)={0x5, 0xf, 0x127, 0x6, [@ext_cap={0x7, 0x10, 0x2, 0xa, 0x4, 0x9, 0xd}, @wireless={0xb, 0x10, 0x1, 0x8, 0x10, 0x8a, 0xed, 0x1000, 0x1}, @wireless={0xb, 0x10, 0x1, 0x2, 0x8, 0xc, 0x21, 0x2, 0x80}, @generic={0x90, 0x10, 0x1, "2e83d6ddb2888987434169c455c868a58bd04154969e06a6bdede0e2b0a6c89ab2aa5f91213816e72d9eb5c9fd2b7d5540ef8238226f205d2886219211755bed6134b53968a67b935b4a9e2710928e12d27bb4349189bdb9db9ed40aa0f39763cbaed00db40a16cb27a8e46fe465c5336fb1edfd5028e5e21e0c6407cad2314e5fa5de52441af8d860368f8143"}, @wireless={0xb, 0x10, 0x1, 0x4, 0x0, 0xaa, 0x49, 0x3, 0x9}, @generic={0x6a, 0x10, 0x4, "c4a3dd4086d9e87551705ddad22c0bff7d1828fc3a51f58969a56f61d28151fbe449930339de4e277033fe6b85032878c254b459006f3a4e65438e2bcc68d26ff93bfa0cafd7c214520282b4ee13ea5c7f20d0b5c9e8f34c6af3f7f7b441b8cfcaefd6cf0383dc"}]}, 0x5, [{0x4, &(0x7f00000001c0)=@lang_id={0x4, 0x3, 0x2001}}, {0x4, &(0x7f0000000200)=@lang_id={0x4, 0x3, 0x446}}, {0x75, &(0x7f00000003c0)=@string={0x75, 0x3, "d23d2a20edacf46705389213ccb3142635fac860421ee6f5aa17af701fee7d8dd776e1d3d6dabbb780cef391ed578ad9f9bac79a9cf7ae9097b80c4a36c5251e0d1a8f1c491b7cad3ba62386b0f0a68e8484e0ff98b10711020a780078074f2493463aa0fa0cd8ce40baaf855b7569a2c7ec2c"}}, {0x4, &(0x7f0000000440)=@lang_id={0x4, 0x3, 0x2401}}, {0x4, &(0x7f0000000480)=@lang_id={0x4, 0x3, 0x412}}]})
sendto$packet(r3, &(0x7f0000000180)='`', 0xcc, 0x0, &(0x7f0000000240)={0x6, 0x0, r2, 0x1, 0x0, 0x6, @random="4a99fee2a74d"}, 0x14)

26.360850844s ago: executing program 1 (id=4138):
openat$dsp(0xffffffffffffff9c, &(0x7f00000003c0), 0xa8202, 0x0) (async)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200))
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90) (async)
r0 = syz_io_uring_setup(0x1458, &(0x7f00000004c0)={0x0, 0x3, 0x10180, 0x2000, 0x3ae}, &(0x7f0000000100)=<r1=>0x0, &(0x7f00000002c0)=<r2=>0x0) (async)
sendmsg$IPSET_CMD_TYPE(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000180)=ANY=[@ANYBLOB='9'], 0x38}}, 0x4000)
r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpu.stat\x00', 0x275a, 0x0)
write$UHID_CREATE2(r3, &(0x7f0000000180)=ANY=[], 0x118)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x5, 0x12, r3, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_WRITEV={0x2, 0x9, 0x4004, @fd, 0x7925, 0x0, 0x0, 0x18, 0x1, {0x3}}) (async)
io_uring_enter(r0, 0x2d3e, 0xfffffffd, 0x0, 0x0, 0x0) (async)
mount$9p_tcp(0x0, &(0x7f0000000040)='./cgroup\x00', &(0x7f0000000080), 0x800000, &(0x7f00000000c0)={'trans=tcp,', {'port', 0x3d, 0x4e24}, 0x2c, {[{@msize}, {@directio}], [{@subj_user={'subj_user', 0x3d, 'tmpfs\x00'}}]}})

26.309340769s ago: executing program 1 (id=4139):
setsockopt$ARPT_SO_SET_REPLACE(0xffffffffffffffff, 0xa02000000000000, 0x60, &(0x7f0000000000)={'filter\x00', 0xb001, 0x4, 0x3e8, 0x218, 0x0, 0x130, 0x300, 0x300, 0x300, 0x7fffffe, 0x0, {[{{@arp={@local, @empty, 0x0, 0x0, 0x0, 0x0, {}, {@mac=@local}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 'pimreg\x00', 'veth0_to_bridge\x00'}, 0xc0, 0x130}, @unspec=@NFLOG={0x70, 'NFLOG\x00', 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, "f67b23ffdfa27f907a03732da3acbc6518e62a77ca06f258762e88c0d9f9d2f413b94a105f4bdf01425ce81c5d000000000000000500ffffffff00"}}}, {{@arp={@multicast2, @empty, 0x0, 0x0, 0x0, 0x0, {}, {}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 'veth0_to_team\x00', 'ip6tnl0\x00'}, 0xc0, 0xe8}, @unspec=@CLASSIFY={0x28}}, {{@uncond, 0xc0, 0xe8}, @unspec=@NFQUEUE3={0x28}}], {{'\x00', 0xc0, 0xe8}, {0x28}}}}, 0x438)
r0 = openat$kvm(0xffffff9c, &(0x7f00000000c0), 0x800, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x1000, &(0x7f0000000000/0x1000)=nil})
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x2, 0x7, 0x7, 0x0, 0x10002, 0x10000000000, 0x804002004c4, 0x40001001, 0x8000000000000001, 0x0, 0x0, 0x5, 0x0, 0xb, 0x0, 0x7], 0xeeee8000, 0x2113c0})
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)

26.123004848s ago: executing program 1 (id=4140):
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl802154(&(0x7f0000000200), r0)
sendmsg$NL802154_CMD_GET_WPAN_PHY(r0, 0x0, 0x0)

25.973220035s ago: executing program 1 (id=4141):
r0 = socket$inet_mptcp(0x2, 0x1, 0x106)
socket$nl_netfilter(0x10, 0x3, 0xc)
r1 = socket$inet6_mptcp(0xa, 0x1, 0x106)
bind$inet6(r1, &(0x7f0000000040)={0xa, 0x4e22, 0x0, @empty}, 0x1c)
listen(r1, 0x0)
syz_emit_ethernet(0x7d, &(0x7f0000000440)=ANY=[@ANYBLOB="01000000004500136f0000000000e98f78640101fd833b3a3c5b713222000000000000000000", @ANYRES32=0x41424344, @ANYRES16=0x0, @ANYBLOB="5c0200009078000092bc6154acaf226469b2e948b8c1feb072b5698428c19d0e4cec85abc227debc87dcc9146dd5352e62bb1ebfdd86f99a387c7960d767fd98738a117160b7733ad8a167ca14bef7", @ANYRESOCT=0x0], 0x0)
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x50)
r2 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r2, 0x84, 0x9, 0x0, 0x0)
r3 = socket(0x15, 0x3, 0x0)
r4 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
r5 = socket$netlink(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)={0xffffffffffffffff, <r6=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000000)={'macsec0\x00', <r7=>0x0})
sendmsg$nl_route(r5, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000240)=ANY=[@ANYBLOB="480000001000010010000000ffdbdf2500000000", @ANYRES32=r7, @ANYBLOB="20000000280e0400280012800b0001006d61637365630000180002800500030008"], 0x48}, 0x1, 0x0, 0x0, 0x24008001}, 0x0)
ioctl$TIOCSETD(r4, 0x5423, &(0x7f0000000080)=0x2)
ioctl$TIOCSTI(r4, 0x5412, &(0x7f0000000180)=0x7d)
r8 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl$sock_SIOCGIFINDEX(r8, 0x8933, &(0x7f00000002c0)={'bridge_slave_0\x00', <r9=>0x0})
sendmsg$nl_route(r3, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)=ANY=[@ANYBLOB="2c00020000030000000000000000080019000000000000000001000000000000", @ANYRES32=0x0, @ANYBLOB="08000300", @ANYRES32=r9, @ANYBLOB], 0x2c}, 0x1, 0x0, 0x0, 0x4000040}, 0x0)
bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e24, @broadcast}, 0x10)
writev(r0, &(0x7f0000000200)=[{&(0x7f00000000c0)='X', 0x8030000}], 0x1)
r10 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
r11 = socket$nl_rdma(0x10, 0x3, 0x14)
sendmsg$RDMA_NLDEV_CMD_RES_MR_GET(r11, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000300)=ANY=[@ANYBLOB="20000000181401002bbd7074070000000000000000000000080003", @ANYRES16=r2], 0x20}}, 0x0)
sendmsg$netlink(r10, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000005d00)=ANY=[@ANYBLOB="140100002d00010000000000fcdbdf250401f2800800180005ac0f"], 0x114}], 0x1, 0x0, 0x0, 0x4000010}, 0x4)
socket$netlink(0x10, 0x3, 0x0)
syz_open_procfs(0x0, &(0x7f0000000340)='mountinfo\x00')
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000400)={0x1, &(0x7f0000000380)=[{0x6, 0x0, 0x0, 0x7fffffff}]})
shmget$private(0x0, 0x1000, 0x100, &(0x7f0000ffd000/0x1000)=nil)

25.43702512s ago: executing program 4 (id=4142):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x1c1341, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f00000000c0)={'syzkaller0\x00', 0x84aebfbd6349b7f2})
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
close(r1)
r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
close(r2)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180))
ioctl$SIOCSIFHWADDR(r2, 0x8943, &(0x7f0000002280)={'syzkaller0\x00'})
ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @link_local})

23.237557446s ago: executing program 4 (id=4146):
r0 = socket$kcm(0x10, 0x2, 0x0)
recvmsg(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f0000002040)=""/4082, 0xff2}, {&(0x7f0000000140)=""/104, 0x68}, {&(0x7f0000000240)=""/107, 0x6b}, {&(0x7f0000001040)=""/4065, 0xfe1}, {&(0x7f00000004c0)=""/225, 0xe1}], 0x5}, 0x124)
sendmsg$inet(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f0000000fc0)="5c00000012006bab9a3fe3d86e17aa0a046b4877c4aaf68187bae53dca2ba35bda6a876c1d0048007ea608649e7524765f0ef82e3c0000a705259a3651f60a84c9f4d4938037e70e4509c5bb00000000e513aeac9bf2bee150d5fe86", 0x5c}], 0x1, 0x0, 0x0, 0x1f00c00e}, 0x0)

22.979365372s ago: executing program 4 (id=4151):
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl802154(&(0x7f0000000200), r0)
sendmsg$NL802154_CMD_GET_WPAN_PHY(r0, 0x0, 0x0)

21.801048444s ago: executing program 0 (id=4153):
r0 = socket$kcm(0x2, 0x200000000000001, 0x106)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000300)=ANY=[@ANYBLOB="18000000240001030000000000000000010000000400ae"], 0x18}, 0x1, 0x0, 0x0, 0x8001}, 0x4000)
recvmmsg(r1, &(0x7f0000000640)=[{{0x0, 0x0, 0x0}, 0xfe}, {{0x0, 0x0, 0x0}, 0xbc}, {{0x0, 0x0, 0x0}, 0xc3}, {{0x0, 0x0, &(0x7f0000000100)=[{&(0x7f0000000740)=""/184, 0xb8}, {&(0x7f0000000440)=""/84, 0x54}, {&(0x7f0000002900)=""/4113, 0x1011}, {&(0x7f00000005c0)=""/64, 0x40}, {&(0x7f0000000880)=""/231, 0xe7}], 0x5}}], 0x4, 0x4022, 0x0)
ioctl$sock_kcm_SIOCKCMCLONE(r0, 0x89e2, &(0x7f0000000340)={r0})
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
close(r2)
socket$inet6_mptcp(0xa, 0x1, 0x106)
bind$inet6(r0, &(0x7f0000000040)={0xa, 0x4e60, 0x7226, @ipv4={'\x00', '\xff\xff', @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x5}, 0x1c)
openat$fuse(0xffffffffffffff9c, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000600)={0x9, 0x20000008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x3, 0x8, &(0x7f0000003900)=ANY=[@ANYBLOB="620af8ff0c200021bfa100000000000007010000f8ffffffb702000003000000bd120000000000008500000006000000b70000000000000095000000000000003faf4f1e7f2aa3d9b18ed81c0c869b51ec6c0af4e0e4a9446c7670568982b4e020f698393aa0f3881f9c24aa56f15199fad0093c59d66b5ece9f36c70d0f13905ea23c22624c9f87f9793f50bb546040677b0c5077da80fb982c1e9400e693146cea484a415b76966118b64f751a0f241b07080008002d75593a286cecc93e64c227c95aa0b784625704f07a72c234664c0af9360a1f7a5e6b607130c89f18c0c1089d8b853289e01aa27ae8b09e00e79ab20b0b8e1148f49faf2ad0000000000000006fa03c6468972089b302d7bf6023cdcedb5e0125ebbc08dee510cb2364149215108333719acd97cfa107d40224edc5465a932b77e74e802a0d42bc6099ad2300000080006ef6c1ff0900000000000010c63a949e8b7955394ffa82b8e942c89112f4ab87b1bfeda7be586602d985430cea0162ab3fcf4591c926abfb0767192302000000b0eea24492a660583eecb42cbcd3de3a83209da17a0faf60fd6ad9b97aa5fa68480366c9c6fd6fa5043aa3926b81e3b59c95c25a573dc2edcaea2b1a52496dfcaf99431412fd134a996382a1a04d5bb924cfe5f3185418d605ffff9c4d2ec7c32f2095e63c80aff9fa740b5b7632f32030916f89c6dad7603f2ba2a790d62d6faec2fed44da4928b30142ba11de6c5d50b83bae613402216b5054d1e7c13b1355d6f4a8245ffa4997da9c77af4c0eb97fca585ec6bf5af51d564beb6d952aab9c70764b0a8a7583c90b3433b809bdb9fbd48bc873495cbff8a326eea31ae4e0f7505ebf6c9d13330ca005ace1a84521f14518c9b476fccbd6c712016219848624b87cec2dbe98223a0eb4fa39f6b5c02e6d6d90756ff57902a8f57000000009700cf0b4b8bc2294133000000000000000000030000000000000000000000000010008bc0d9559711e6e8861c46495ba585a4b2d02edc3e28dd271c896249ed85b980680b00002b435ac15fc0288d9b2a169cdcacc413038dafb7a2c8cb482bac0ac502d9ba96ffffff7f0000100000000000007d5ad897ef3b7cda42013d53046da21b40216e14ba2d6ad5656bfff17addaedab25b30002abbba7fa725f38400be7c1f001b2cd317902f19e385be9e48dccff729433282830689da6b53b263339863297771429d120000003341bf4abacac95900fca0493cf29b33dcc9ffffffffffffffd39fec2271ff01589646efd1cf870cd7bb2366fde41f94290c2a5ff870ce41fd3467decb05cfd9fcb32c8ed1dbd9d10a64c1083d5e71b5565b1768ee58969c41595229df17bcad70fb4021428ce970275d13b78100788f11f76161d46ea3abe0fa4d30dc94ef241875f3b4ce0232fcea69c271d7fa29822aea68a660e717a04becff0f719197724f4fce1093b62d7e8c7123d8ec571be54c72d978cf906df0042e36acd37d7f9e119f2c06f815312e0cfe222a06f56dd022c074eb8a322fb0bf47c0a8d154b405c37feaf3dd95f6ef2ae582786105c7df8be5877050c91301bb997316dbf17866fb84d4173731efe895ff2e1c5560926e90109b598502d3e959efc71f665c4d75cf2458e3546c1c776da64fb5abee0acfd235f2f4632c9062ece84c99a061887a20639b41c8c12ee86c50804042b3fb5aac518a75f9e7d7101d5e186c489b3a06fb99e0aa7f23a054de2f4d92d6bd72ee2c9fdc75aaaf1e3e483b4ad05573af40326993947d9a631bcbf3583784acbda216550d7aec6b79e30cbd128f54c2d3335457acf37331766e472391e358c3b377327ac9ecc34f24c9ae153ec60ac0694dc55bff9f5f45f90400000000000000d6b2c5ea1393fdf24285bf16b99c9cc0ad1857216f1a985f369191ae954febb3df464bfe0f7f3ee9afe7befb89d2777399f5874c553aeb3729cffe86e66964ae09bb6d163118e4cbe024fd4500f8ff0700000000cc9d8046c216c1f895778cb25122a2a9f9b444aeadea2a40da8daccf080842a486721737390cbf3a74cb2003016f1514216bdf57d2a40d40b51ab63e96ec8485b3b8a8c9ae3d14f93100c2e0893862eef552fcde2981f48c482bde8a168c3f5db2fea6f26e4a4304e50c349f4f9ecee27defc93871c5f99b355b72d538ba4958ea8e4aa37094191e10096e7e60fc3541a2c905a1a95e9571bf38ae1981c4238ecaee6f75cd0a6881bd1517a8250ddc8674152f94e3a409e2a3bce109b60000000000000000d6d5210d7503000000a87a27602b81f76386f1535bef1497f92186086e29c6bc5a1fad6ec9a31137abf9a404abde7750898b1bd627e873f8703be8672d70d1ab57075228a9f46ed9bd1f08fb8191bbab2dc51de3a61f0868afc4294859323e6c257a45319f18101288d139bd3da20fed05a8fe64680b0a3fc22dd70400000000946912d6c98cd1a9fbe1e7d58c08acaf30235b918a31d2eca55f74a23641f61f2d5b308cf0d031b0c7f0ced69993e9960ff5f76015e6009556237badf4e7965bbe2777e808fcba821aa8e8c5c39609ff854352cb4900000000000000000000000000c1fee30a3f7a85d1b29e58c77685efc0ceb1c8e5729c66418d169fc03aa188546b3ad2a182068e1e3a0e2505bc7f41019645466a53f1c96e0d4b3bc19faa5449209b083dbd334b47f067bbab40743b2a42010082008df75cf43f8ecc8d3726602111b40e761fd21081920382f14d12ca3c3431ee97471c7868dcda7eaa69eb7f7f80572fdd11bb1d0d1280fbc22bf73468788df51710d7d31c632fc5ed1762eb0b428ee751c47d8e894f745a868404a0bf35f0121008b722b1eaa6aedfa1bf2e7ccb2d61d5d76331945ecefa26b8471d42645288d7226bbd9ccd628ab84875f2c50ba891cea592b0430a537a395dc73bda367bf12cb7d81691a5fe8c47be395656a297e9df0e71f96756ea5cce7daac4be290159f6bcd75f0dda9de5532e71ae9e48b0ed0254a83100000000f6fbb869604d51a36a54c832e45b2569dc0d90b075225fde44c4e0973171ad47d6b0fdf9743af932cd6db49a47613808bad959710300000000000000832d0a45fa4242e24c7e800003c9e8095e02985f28e678f66422436f949e2ab8f162d7e3f855e378f4a1f40b0c6fb2d4b205a800b6d713acebc5b014e61a543a5a194f9ac18d76b5440e3b1a569e7397f6cafa86966d7ba19e720413267a6ccea9c439671d2c680f2753ca184eeeb843450368acb4383a01d25eb3d1e23e0f2645d1cdfa9fa410632f95a5f622f851c66ee7e30393cd7a4d67ff2a49c4f93c0984b5c2d4523497e4d64f95f08493564a1df87111c9bf3194fef97dcecc467ace45feeb685c5870d05f88a0f463db88d377442e1349acaf766218b54a9d624778e1c4e064c98e494198276eb2df7766411bef0ebb5000000000006065d635b0b7a00ee767221d8af9753387e0cd8d718f54a29df6eba3bd4c440e6e2172e3fcc01b8babb757b5c59217b80d0db3ba582814a604e4ef7a803e9ca7c85b35c9b93a9e0885e238b44ae1c2e64cce3b27083b8246829e64056000302bffff15405bd5f2eba20000000000000000000000000000000000009a9823fd8fbc5aa16509945ed032b48ea12d8e0588dc52702e4084913a06d468d0928bad76d697e1f85ab030e788d38788ee5b5428d4a971cc97db9fd231088e570735ce129e7e77fc2777692664a1488fd8d6dff4dad618fd54f529d4555c6507009ee69dd1bc55258789b24052137e9637f3efbab71720f88c3c44b3b7486f979e8a3174b531f573fe0e5239c000be2733c49546f6e8a9175ec6f14dbf72cac91643b2fd99c29eca28a3c2e60d5e5b8795fae16a7c3ea57e728eca35eaf0155a39f97580e079175426c088a0208040982a0000000000000000000000000051ceaaf0159fe61f2eade7603d0a7a56fb09cd119ac06adb6597155ae47846892bb423c024d8cbe9240b71ec6dc2124d3a19e2d714b273d95d1d3aa737cb04a33615ff2a730e51067d5d675d7122361c37c61a43b5afd865b60d4cae891b73220f17d25985a7f76834995e53a93a1c7b9eef267df691ca983a0b15bda7f6c5c1ca7aa50261a3089a1ebf0734c9b07e8951ff023263ad5aed8cfb49b49e128c697724c057d22c5df5aef27ce3db11d5ad5527d149d076e1a87e2df27c0cb8a67ad026bf953e88f10447e125c2c0f1aebee1f3390a9e3ddad4e2a6e0f6e4569fdefa19e870e04acf9493b963f98e23cfc665e4f465fa3f801e1957c399e45f61d3459b1c606204368bb931345af2823c487d2fd99db6ea6e008e7ffa06ca861551189d155bd077a79fe2c7e961352e56824f727d21d41eae78bfec4a2d7a7edbc8ef958c5ea599f7c25bf71c2340558aa12fdd24a88aaad5921aee7dae6a2f3009d9cb43ab4898d0f0aa565431b6abe585d75db04d1c9ba0b9de4ae8b0d3132bc6810cc9a693979f55174a72e1df9fdef35bc470f9e6e591982757f45c52c645d891bf63bb21fb66926ebe1a8525611fc3e8bb8795c36dc2a86b5ab46ff33cc74f61751b2dae92676db85c8d0c721b7ea4544bf51c95c86fcac1f434d09d1ee4928aafe23de66fed972e0dddfb33f64e48701b049239e7f552d816441d11c4c2647c014462344359198d97c4b6e9ed31ca18987b64de079b2bed641e8a92f13ca70844c65cb423d01950b0ebf44bd28e09c05d9ae5dd689fb880fb18d042219f5ac60c3a03b085abf3e8e3efc842a8d328733461f04c99607061c65ed14c61322a5ac2d371a95b8ad867ec92d13a4fa4ae033a09673866cd77f4bcdaaa05207166b19a8758d8855400d8c6a7242dc207251e8797eca24ea4f487663e60f2f5e1f1424958fd148f846830e88a42d93e1fe9c0b4a4a268921738938aa9f3cb3811ac87c54c8ebc8bcfb4613cc3a997ff1579edbd4ade8020e3ad001b072b1a751b588ac4639f35a58e00a50c0270608c7a7f10132b1c25b9ea81232fbef665f6212f875b2a0000000000000000000000000000cf7b6c4ba9bec153d6834bfef080df374703a8ff56a63ec1fe5f2e05a79e3cace7283dd68d41e94420c325fe4dae144fde5ec25a87d625cab20753a77b323fa3783c8b675859b9012647885a242adfee2fe812ecbe5191e0a15142f7349e7627cc39d724e2e34e7a24154f26ae3125b36d0504965295d0453902ac7079b11a3a1e655e482331e3dc35b2e7e4e3ea99064fe5b9c8ae0ca3e5fd653f3286a99d81ce4eba765c38d097391ad4babac38ce5b4344e24a361cd54e5"], &(0x7f0000000380)='GPL\x00', 0x9, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x5}, 0x10, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x3}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000540)='rcu_utilization\x00', r3}, 0x10)
r4 = getpid()
sched_setscheduler(r4, 0x2, &(0x7f0000000200)=0x6)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x0, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff})
r7 = syz_open_dev$tty1(0xc, 0x4, 0x1)
connect$unix(r5, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e24}, 0x6e)
sendmmsg$unix(r6, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r5, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
open(0x0, 0x10f0c2, 0x0)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
r8 = creat(&(0x7f0000001180)='./file0\x00', 0x8)
ioctl$VT_RESIZE(r7, 0x5609, &(0x7f0000000040)={0x3, 0x2})
pread64(r8, 0x0, 0x0, 0x100)
r9 = socket$inet6(0xa, 0x3, 0x7)
setsockopt$inet6_IPV6_XFRM_POLICY(r9, 0x29, 0x23, &(0x7f0000000340)={{{@in6=@dev, @in6=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, 0x0, 0x0, 0x0, 0x0, 0xa}, {0x0, 0x0, 0x0, 0x0, 0x8000}, {}, 0x0, 0x0, 0x1}, {{@in6=@loopback, 0x0, 0x33}, 0x0, @in=@dev, 0x200, 0x0, 0x0, 0x7}}, 0xe8)

20.533144665s ago: executing program 0 (id=4154):
r0 = socket$inet(0x2, 0x4000000000000001, 0x0)
setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f00000004c0)=0x79, 0x4)
socket$nl_netfilter(0x10, 0x3, 0xc)
syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff)
socketpair(0x18, 0x1, 0x0, 0x0)
ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000080)={0x80000000005, 0x100000001000087}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x43, &(0x7f0000000040)=0x2)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
socket$inet6_sctp(0xa, 0x5, 0x84)
ioctl$IOMMU_TEST_OP_MOCK_DOMAIN(0xffffffffffffffff, 0x3ba0, &(0x7f0000000200)={0x48, 0x2, 0x0, 0x0, 0x0, 0x0, <r2=>0x0})
ioctl$IOMMU_HWPT_ALLOC$NONE(0xffffffffffffffff, 0x3b89, &(0x7f00000001c0)={0x28, 0x0, r2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
ioctl$IOMMU_TEST_OP_CREATE_ACCESS(0xffffffffffffffff, 0x3ba0, &(0x7f0000000100)={0x48, 0x5, 0x0, 0x0, 0xffffffffffffffff, 0x1})
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000040)='contention_end\x00'}, 0x18)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={0x0, 0xd8}}, 0x0)
bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @local}, 0x10)
sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10)
pwritev(0xffffffffffffffff, &(0x7f0000000440), 0x0, 0x8a, 0x3)
setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000100)='bbr\x00', 0x4)
sendmmsg$inet(r0, &(0x7f0000000e80)=[{{0x0, 0x0, &(0x7f0000000bc0)=[{&(0x7f0000000c40)="5c5eafd3ae55a73702d6befaee97f47f4be65587e1fca708cee084691e4587d887a5eaab43ac5edc4886496910cd7a153cd84b93208c7b1a625b3ea990092389b19dab4f61e30ee60a4d7e51ffc9a5accbe20844356dd0ce192542d5e58d80657b3b5fb7a3d39337df9305959f", 0x6d}, {&(0x7f0000000500)="4c56c5661eb2897219a486044736a64f1a175ba0", 0x14}, {&(0x7f00000009c0)="8e6487afea5aec79e9dd3278cbb24985e6724be49d1ae08bb9913a5a6d6d6c26d88eb3edece901ad9bfd123a88c27d6e6ea618a42a970bcac49fc3bf5b87b58ba3d1a7dc24d12855a6c54a36b5089658d9482bd0a9a1b9b0d4de13e864e592216f04f31decfaa9", 0x67}, {&(0x7f0000000a40)="71918a5d581601244a3d864d7c74a12529e10637660163c939c6e23c3e3bc3bcfc79d3e47b9d80fc8fc812a2ae2adf778cf426ff4d090e8ad2d1144acb5a392c984f3190aafff8b0f1c5852274bab67df6ce8641ebef383c1503c3c19e1e8b133206cc193d38b8ebf8f76678b320950e8741221069da77cd76e5ff56fce3f0eee2b1922024929b3128ed46411f05a167211c3adf5dea2ab84c4e8c7a20cd114dcc56307f6e4e44cc4d", 0xa9}], 0x4}}, {{0x0, 0x0, &(0x7f0000000e40)=[{&(0x7f0000001800)="353a35d6094e4ee7d764b6993f65136c5d6b84d9b1324a0b25e094700c9a66f9181738098f32e3e48859c3878d53a9752474da0d6af299d849d48f2fa2c8c807d7a1521da940585790ff1e6f9da83e32b751d1af9cfac640c1361f5ae8b99c187dafe9ea854120f6eaab11e7fdeb3f2152ebdbc21520ca01f64bb821576deef4ed6696cdddc1768b5b4fbd68a687cb6ba52ecf5cc6f8f05062f26de19d6aaaeb6cbca00e46685f77d2b3e8dd9d0d099e799cd5a76c67ab283f790366f7f744508edc9e48fa101b89215bd330c4e706c1f09d781a5a50aef5e424a7a88b3241a338ca7411cda28aa167b5628b79e8a7d588efb69636181b9c54f6d296386c95f8a08e27d5792dcb20fa3b5b4f60c71f310b31bb1ab4a825c2dc10fac150a17d92bb51849d9eea53c78d427d8d1036dc906084046fcae09499c220ef50c2c7c475f392bc288eb5efb8032d1ade92e88e50a05a95dd5c6cbbdfb086fa53bca14d40c8c3f7149b39b16b7c7370978389366174db5fbc99dbe958f8c1690c", 0x17c}], 0x1}}], 0x2, 0x0)
setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000000600)=0xdfa, 0x4)
sendto$inet(r0, &(0x7f0000000580)="17", 0x59a, 0x10008095, 0x0, 0x0)

19.92414992s ago: executing program 0 (id=4155):
r0 = openat$comedi(0xffffff9c, &(0x7f0000000040)='/dev/comedi3\x00', 0x2000, 0x0)
ioctl$COMEDI_DEVCONFIG(r0, 0x40946400, &(0x7f0000000080)={'rti800\x00', [0xf0, 0x80008000, 0x1, 0xa, 0x0, 0x0, 0x1, 0xf, 0x1000, 0x1, 0x8, 0x1, 0x6, 0x4, 0xffff, 0x6, 0xffffffa7, 0x9, 0xfffffffd, 0x5, 0x3ff, 0x10000, 0x800, 0xe2df, 0x9, 0x1, 0x4, 0x3, 0x7, 0x5, 0x5]}) (fail_nth: 1)

19.456306575s ago: executing program 0 (id=4158):
r0 = openat$comedi(0xffffffffffffff9c, &(0x7f0000000040)='/dev/comedi4\x00', 0x181001, 0x0)
ioctl$COMEDI_INSNLIST(r0, 0x8010640b, 0x0)

19.321497394s ago: executing program 0 (id=4159):
creat(&(0x7f0000000240)='./file0\x00', 0x0)
pipe2$9p(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000500)=ANY=[@ANYBLOB="1500000065ffff048000000800395032303030"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f0000000080)={0x18, 0x0, 0x0, {0x4}}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137)
mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000040), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r2}, 0x2c, {[{@cache_mmap}], [], 0x6b}})
chmod(&(0x7f0000000180)='./file0\x00', 0x1d0)
r3 = creat(&(0x7f0000000140)='./file0\x00', 0x0)
pwritev2(r3, &(0x7f0000000100)=[{&(0x7f0000000540)="a6aa", 0x2}], 0x1, 0x8800000, 0x8000, 0x4) (fail_nth: 1)

18.813684543s ago: executing program 0 (id=4161):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$ETHTOOL_MSG_LINKMODES_SET(r1, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f00000000c0)={0x20, r2, 0x301, 0x0, 0x0, {0x1c}, [@ETHTOOL_A_LINKMODES_HEADER={0xc, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x3}]}]}, 0x20}}, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000240)=@base={0x1, 0x100001, 0x5, 0x4, 0x1}, 0x48)
r4 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000040)={&(0x7f0000000240)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0xc, 0xc, 0x5, [@typedef={0x3}]}, {0x0, [0x30, 0x0, 0x5f]}}, 0x0, 0x29}, 0x20)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000440)={0x6, 0x2, &(0x7f0000000740)=@raw=[@cb_func={0x18, 0x0, 0x4, 0x0, 0x8}], &(0x7f0000000140)='syzkaller\x00', 0x9, 0xff, &(0x7f0000000340)=""/255, 0x0, 0x0, '\x00', 0x0, 0x25, r4, 0x9, &(0x7f0000000000)={0xfffffffe}, 0x8}, 0x94)
bpf$MAP_LOOKUP_ELEM(0x1, &(0x7f00000000c0)={r3, &(0x7f0000000340), 0x0}, 0x20)
r5 = socket(0x400000000010, 0x3, 0x0)
r6 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r7=>0x0})
sendmsg$nl_route_sched(r5, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r7, {0x0, 0x1}, {0xffff, 0xffff}, {0x0, 0x9}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8, 0x2, {0x1}}}]}, 0x38}}, 0x0)
sendmsg$nl_route_sched(r5, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000080)=@newtfilter={0x54, 0x2c, 0xd27, 0x30bd29, 0x25dfdbfd, {0x0, 0x0, 0x0, r7, {0x0, 0xfff1}, {}, {0x7, 0x10}}, [@filter_kind_options=@f_flow={{0x9}, {0x24, 0x2, [@TCA_FLOW_MODE={0x8, 0x2, 0x1}, @TCA_FLOW_XOR={0x8, 0x7, 0x1ff}, @TCA_FLOW_KEYS={0x8, 0x1, 0x681e}, @TCA_FLOW_BASECLASS={0x8, 0x3, {0xa, 0xfff3}}]}}]}, 0x54}, 0x1, 0x0, 0x0, 0x10}, 0x2008c014)

18.269500512s ago: executing program 33 (id=4113):
r0 = semget$private(0x0, 0x4000000009, 0x42a)
r1 = socket(0x8, 0x6, 0xffffe0da)
r2 = socket$packet(0x11, 0x2, 0x300)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000080)={'ip6tnl0\x00', <r3=>0x0})
sendmsg$nl_route_sched(r1, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000000c0)=@newqdisc={0x3c, 0x24, 0x3fe3aa0262d8c583, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_fq_pie={{0xb}, {0xc, 0x8002, [@TCA_FQ_PIE_BETA={0x8, 0x6, 0x16}]}}]}, 0x3c}}, 0x0)
semop(r0, &(0x7f00000002c0)=[{0x0, 0xff}], 0x1)
semop(r0, &(0x7f00000001c0)=[{0x3, 0x7, 0x1800}, {0x3, 0x0, 0x1000}], 0x2)
semop(r0, &(0x7f0000000200), 0x53)
r4 = openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0)
r5 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nfc(&(0x7f0000000100), r5)
r6 = socket(0x40000000015, 0x5, 0x0)
setsockopt$SO_RDS_TRANSPORT(r6, 0x114, 0x8, &(0x7f00000008c0), 0x4)
ioctl$sock_kcm_SIOCKCMATTACH(r6, 0x89e0, &(0x7f0000000280))
ioctl$sock_kcm_SIOCKCMATTACH(r6, 0x89e0, &(0x7f0000000080))
socket$nl_route(0x10, 0x3, 0x0)
bpf$PROG_LOAD_XDP(0x5, &(0x7f00000006c0)={0x6, 0x4, &(0x7f0000000000)=ANY=[@ANYBLOB="18020000f2ffffff0000000000000000850000001700000095"], &(0x7f0000000080)='GPL\x00', 0x5, 0x0, 0x0, 0x0, 0x43, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x20000000}, 0x94)
socket$inet_udp(0x2, 0x2, 0x0)
r7 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$TIOCSETD(r7, 0x5423, &(0x7f00000000c0)=0x3)
ioctl$TIOCSSOFTCAR(r7, 0x541a, 0x0)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000040)='./cgroup.net/syz0\x00', 0x1ff)
r8 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000040), 0x200002, 0x0)
r9 = openat$cgroup_devices(r8, &(0x7f0000000200)='devices.deny\x00', 0x2, 0x0)
syz_open_dev$vim2m(&(0x7f0000000000), 0x3, 0x2)
r10 = socket$tipc(0x1e, 0x2, 0x0)
bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000400)=ANY=[@ANYRES64, @ANYRES64=r10, @ANYBLOB="130000000000000044"], 0x20)
ioctl$IOCTL_GET_NCIDEV_IDX(r4, 0x0, &(0x7f0000000300))
socket$inet_tcp(0x2, 0x1, 0x0)
sendmsg$NFC_CMD_DEV_UP(r5, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000900)=ANY=[@ANYRES32=r9, @ANYBLOB="52702f23abac2c22ecb01361fca756f240eeb9389cde11089999295521187a21db4d3a237017763777ff46b8c831e3d3b408b336cb8df59ccb5428d2935db62e29eba7a3cd12a7e1351904ba3409fd9a5655653b9245421311146bfd698a8eeba12b81e2384e08b8cdd0d49cbb37b5728381f720e54fae6fa53f72b2db1878098615e310f5b67a8bb2acd921545234a3abafbe8c4664deff222c3e2df104fc2310869b0a2e45962431a1a700dc406115fea0f36878564e10ef5c13a4ca5d42441b35029561159630316d06785486ed2a617d9c977b3b686655dd2480cc27adeab41d3b05b29029816bc198f98ecd7fcd12881adae63bf885680abf9d611098268145f61e38dec6034c2d836b9c47213be6983c0d558e6d08bcd5bae38c933c4144a4293fbce85faf6ae39b6c6a8b831a4c", @ANYBLOB="bee84007768a109c84d19eccc67f964f584357d0edf550cbe3deb57ef6f1e7d44797e3ae1e28cdf498106749eabb9be3ec6f4cdb61ff6d1ae64fe639401ae9f9f2c9adedbb6691f0e692e34241a3267426f892160edb6fd6320bec292f15a2a77f2228748b91852e222f7eada32798033fbe4ec3c1ede616dd9a9340a4338495f89969ba16849923a275a3b40cf46267d86ef763ea62243b0b2f692ae683fff4c7e90bc83e789af6e804010c5dc9a466adb5035b44ed793381dfa68cd3ae4c8f8d016c2a12577d6f024d8b5385ef50ea19", @ANYRES16=0x0, @ANYBLOB], 0x1c}, 0x1, 0x0, 0x0, 0x8000024}, 0x40000)

18.261825045s ago: executing program 3 (id=4163):
r0 = socket$inet6_udp(0xa, 0x2, 0x0) (async)
rseq(&(0x7f0000000400), 0x20, 0x0, 0x0) (async)
clock_nanosleep(0x9, 0x0, &(0x7f00000004c0)={0x0, 0x3938700}, 0x0) (async)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000002a00), 0x800, 0x0)
syz_open_dev$video(&(0x7f0000000440), 0x9, 0x80) (async)
ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000000)={'wlan1\x00', 0x4000}) (async, rerun: 64)
socket$igmp(0x2, 0x3, 0x2) (async, rerun: 64)
r2 = pidfd_getfd(0xffffffffffffffff, r0, 0x0)
ioctl$AUTOFS_DEV_IOCTL_EXPIRE(r2, 0xc018937c, &(0x7f0000000480)={{0x1, 0x1, 0x18, <r3=>r0, {0x6}}, './file0\x00'}) (async, rerun: 32)
bpf$MAP_CREATE(0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="1000000004000000f10296430100000000004c"], 0x48) (rerun: 32)
bpf$MAP_CREATE(0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="100000000400000004000000"], 0x48)
mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x0)
mount$fuse(0x0, 0x0, 0x0, 0xfc5cd7921c2c19c4, &(0x7f0000000400)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=0x0]) (async, rerun: 32)
mount(0x0, &(0x7f0000000380)='./file1\x00', &(0x7f0000000040)='autofs\x00', 0x0, &(0x7f0000000400)) (async, rerun: 32)
r4 = openat$vmci(0xffffffffffffff9c, &(0x7f0000000240), 0x2, 0x0)
ioctl$IOCTL_VMCI_VERSION2(r4, 0x7a7, &(0x7f0000000100)=0x80000) (async)
ioctl$IOCTL_VMCI_INIT_CONTEXT(r4, 0x7a0, &(0x7f0000000140)={@local}) (async)
ioctl$IOCTL_VMCI_DATAGRAM_SEND(r4, 0x7ab, &(0x7f0000000040)={&(0x7f0000000280)={{@local}, {@local, 0x6}, 0x400, "787c2ce2fba15d4e9f8e96bc11e2ca247a20c3e26661b174fe1825253be9e8480cb4f3524914f59ba189c1429727ef39b4164f93bb821987b3b7f73495bc8e745304668e0e46798c7f5917ea8428d41cab5612336f04000300000000008e9c1c86a394feb64fb06f77dadbcb20fc62741432b7dca37007d68e98fe46135d6a1c5ed42102f58daa5211319db84aa9abac734be47c908dc3ffa3aa7b61ec16d3d1209fc618f6c4532ea582628502ac46d167db6d53d8f3184df68414e6b6ec0109664c570e155654e03d58dadd0e5a7bab42bbb4a9afdefc115eb1609e7b50dbd94b94ba09000000000000001c9e4a41d3e16af21d6c897a1121bc14de16e78d6d7f2ae79db44e302539fd926e0b91e0fc589e2fa19b218d0508b5ce3ad40d03936693ca5aa41ddc07cf492874569ab037e0530e38245b98131ae0c9afd871df5f51331938764f5a7dd96890edd467b2fbc335ed081729b5ea722a98b34d0dac6de995de4ee263c81b2567b3f87e0897857edd5d7e97d61fc67076eab4846010d4828cc879f95cddb69ff6438f2a109285c46d8224c36069d30c3c9cf4a6800ae224111136bd9c1e06c4bfc4685d7bb6a72345772b3ce9bf105490743dc4b700f24ce6b250b95e6c383fe44967a55d140baf0ec339e3815b29a2246cb5c953048c43266485bbd9d0caecf00e9501a4433b54930cba54e06607ada2f5d818e4804294fcf53058e58e0d33d4aa6dc943811056908fe9116e65cdddac1d2fb24d1eacee389af38b7e5a7056d0de50c6b49fb38388cf28c2d6dd3dbbab84ffbef4b0c02a77f018e8a9749a557909e6aa96185d268dad7744b094d8c6134b89efe26674d65f908f9c3a8c201f661fc26efe0eff248d3a473fe32a5b3643bfad8f186c2af3fbaa1d38560c1244c79a0e48893eefb792af281650f34f6c2d9a6c622aba234b63586713cb66179a0897d98ee5228569c32c1a682807c8db7eb197ccbbd6549db86a6a9aebbf5dc14060f22e2b07d6166f43c25ae0c88be7a4dc38e7ed08972a355b0e5d6fc43b8e5594fa6b36a36a44bb94b75eaff11dc17105f54beda54da2a1ea1acfab354745057dd2e7725f2c8450b19fdf37e19f6ce43449e9191f5a5beb4a1bc176f6130052e83acefd8ff18d592bb75f15f86c9113e4bd67ad420c33ae706cdc10060277b83ef30a50d4ac19c9a791b309377aa20a4743bbb799abc3ba58071b628c9ba8103bbfe389939e55296ec9b4f8d3a03aff30ce9aa0dd6e5158a672be8f3da8349ed4ad82f6ca67ee29e8b234840cf7846e604e5b8135abd94d71fe0a79180e75d4e193ea8df466c087b660fe984943751a9f6df8545699701d478c2b3daa949155770e74835bcd972de27afd20b02ce0e504c15b0237437200"}, 0x418, 0x7fffffff}) (async)
ioctl$IOCTL_VMCI_DATAGRAM_RECEIVE(r4, 0x7ac, &(0x7f0000000080)={&(0x7f0000000e00)={{@host, 0x6}, {@local, 0x2}, 0x400, "475133a375bedd6cc832a35d6c452fd3d63542e93db08d2d1bb9b150dda3504e5ac9bc16ca74999e486fc0f613e1408762fe9421cd2522a92ce6f8caeb23b19eb797b6fded41395c1b5572910cb0ad5eb0712f626af7a10d5aa0199ff18195aedd38dbe3535df38ec619073fb7d3e1a56fa9f289c8115eee6e7cd0bc7b6d6c57c4a87e7b82c7649237e3cc5a40cb3f3f56b6b23aca9d836d2633b75d857627eda159b5a3b0a9852f112d415dbe4c03a82706bc74e0bf4319b16e3f7ec5707922b976915abc6c4177f035c9e2bd26f7aa6ad0fab25747cd89bb869344229c7a08f879397c1504e385482457126bd521c969afe98990cac4a81dc8eb05884b2d5661a759ad24951fc8c0c4f1dbc30c61dd890d245b33b85839f59e004232b87fab79be5f749d02eaf8d0718d66d06394f950fa1807120732a8985d23561bbe4286bf6e43df5980749d765ce5ed1c32ad964cea5c5dbbca185c19710ab248f038adfa5ef57efddae34a82557d3bbe36b9a534f65087ae16156b63daf77fcd153099d7990f6ae6bcb13bf967a5d63386996b327e8ddf5098651549e73974a38258a2c555ed9824a3f500144bad34b34551f252c7062c53afa41dcccbed8690fc203f414018a7f7f576c7bb093cde5da9c36d1eb977b9e83e847b272a7f27d1a6e7f8404293015fd62115d4b9f4cd9ad2f3bac5bc57ae3c62d77a50dc140a13bcab7d95fca5f614b14cf8beea5d6beb547768b6b83e7b3ccc09f85672262d211f99d2bd9ec164d7a54204121c139b25f2ee62cccb671f8a01d411d1222c8e5735eb0bcc9914878ff930abe2694ff51fb93981ea820ef09588a99e77f1b7836abf79f4e7808ed21b9837e08fbcce77f878c30fe33d47322f8a08fe0333a55bde0f85136ef10c1afc48b45eda24d00b610d9c92986cbadd900866de22f23291fae4255103e87b7b2189f5816abb79452551e00814f5b8578fc6b150a02deb9eb549f42f2b2eab5a89473e6a36d30ba45971a290e933cae0b955e3e4448cc5b84cca0187169c34f9804dd1bc5ff484bff311e53daef37d5e9fe24347488c167a43c1c095147a5f0757c291e8a89139d2571765d283527086b558cbfe67fe6923db647631de4813fae77e43fa2d2055e35319c903a3b85018aba52ffe8ba5613537a0fae6db05477c236d871d362935976379ff54bbb522a55154a14e74cd6ed8404d0f9b2943303286b551696268cd7a90cb9c03020cdbc18a74d22d7f90ff012f77243ccd43b1e5341a83d870919a75bf7308d50e87f91f222ef04cbcfe7bebc9a3935b01dc4b145e05a6dc3b08df4fc3a77a713c5f46364539e60ef2756ec1365efedb660973b532721033a51e68a9d56fee29257cb65a719fb2a2452e52d8b98a0b7929f89eb19d6a91dc4ce962f93fe5353305a47c8491e6621aa3986927414bb3ab"}, 0x418, 0x800}) (async)
chdir(&(0x7f0000000080)='./file1\x00')
creat(&(0x7f0000000040)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x94) (async)
r5 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
ioctl$SNDCTL_SEQ_OUTOFBAND(r5, 0x40085112, &(0x7f0000000040)=@e={0xff, 0x3, 0x0, 0x0, @SEQ_NOTEON}) (async)
mmap(&(0x7f0000ffb000/0x4000)=nil, 0x4000, 0x1000008, 0x4010, r5, 0x6c1a4000) (async)
setsockopt$MRT_ASSERT(r3, 0x0, 0xcf, &(0x7f0000001240)=0x1, 0x4) (async)
socket(0x400000000010, 0x3, 0x0) (async)
socket$unix(0x1, 0x1, 0x0)
setsockopt$MRT_ADD_VIF(r3, 0x0, 0xca, &(0x7f00000002c0)={0x1, 0x4, 0x0, 0xc, @vifc_lcl_ifindex, @initdev={0xac, 0x1e, 0x1, 0x0}}, 0x10) (async)
setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000001640)=@filter={'filter\x00', 0x2, 0x4, 0x348, 0xffffffff, 0x0, 0xd0, 0xd0, 0xfeffffff, 0xffffffff, 0x2d0, 0x2d0, 0x2d0, 0xffffffff, 0x4, 0x0, {[{{@uncond, 0x2f2, 0xa8, 0xd0}, @REJECT={0x28, 'REJECT\x00', 0x0, {0x6}}}, {{@uncond, 0x0, 0xa8, 0xd8}, @common=@inet=@SET2={0x30, 'SET\x00', 0x2, {{0x1, 0x5, 0x2}, {0xffffffffffffffff, 0x1}, 0x4000008, 0xfffffffa}}}, {{@ipv6={@loopback, @private0, [0xffffffff, 0x72461aef259440bc, 0xffffff00, 0x7fffff80], [0xff000000, 0xffffffff, 0x0, 0xffffffff], 'bond_slave_0\x00', 'macvtap0\x00', {}, {}, 0x6, 0x8, 0x6, 0x8}, 0x0, 0xa8, 0xd0, 0x0, {}, [@common=@icmp6={{}, {0xe, '\\X'}}, @common=@frag={{}, {[0x6, 0x9], 0xfca8, 0x5, 0x1}}]}, @REJECT={0x0, 'REJECT\x00', 0x0, {0x4}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x3bc) (async)
ioctl$KVM_CAP_DISABLE_QUIRKS2(r2, 0x4068aea3, &(0x7f0000000500)={0xd5, 0x0, 0x4})

18.039195241s ago: executing program 3 (id=4164):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0xd7aeb000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0)
mkdir(&(0x7f00000000c0)='./bus\x00', 0x0)
lsetxattr$security_evm(0x0, &(0x7f00000003c0), &(0x7f0000000400)=@v2={0x3, 0x1, 0x8, 0x7}, 0x9, 0x1)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000a00)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]})
chdir(0x0)
r3 = socket$inet6(0xa, 0x3, 0x8000000003c)
connect$inet6(r3, &(0x7f0000000140)={0xa, 0xffff, 0x0, @mcast2, 0x9}, 0x1c)
r4 = socket$igmp6(0xa, 0x3, 0x2)
bpf$ENABLE_STATS(0x20, 0x0, 0x0)
r5 = socket$packet(0x11, 0x2, 0x300)
setsockopt$SO_ATTACH_FILTER(r5, 0x1, 0x1a, &(0x7f0000000040)={0x2, &(0x7f0000000000)=[{0x50, 0x20}, {0x6}]}, 0x10)
setsockopt$IP6T_SO_SET_REPLACE(r4, 0x29, 0x40, &(0x7f0000000b00)=@raw={'raw\x00', 0x8, 0x3, 0x428, 0xd0, 0xffffffff, 0xffffffff, 0x0, 0xffffffff, 0x358, 0xffffffff, 0xffffffff, 0x358, 0xffffffff, 0x3, 0x0, {[{{@ipv6={@private0, @mcast2, [], [], 'veth0_macvtap\x00', 'dvmrp1\x00'}, 0x0, 0xa8, 0xd0}, @common=@unspec=@NFQUEUE0={0x28}}, {{@ipv6={@remote, @ipv4={'\x00', '\xff\xff', @dev}, [], [], 'wg1\x00', 'gre0\x00'}, 0x0, 0x258, 0x288, 0x0, {}, [@common=@inet=@hashlimit1={{0x58}, {'pim6reg\x00', {0x0, 0x0, 0x5, 0x0, 0x0, 0x7, 0x3ff}}}, @common=@inet=@hashlimit3={{0x158}, {'wg1\x00', {0x3, 0x0, 0x41, 0x0, 0x0, 0x1000, 0x6, 0x3}}}]}, @common=@unspec=@CONNMARK={0x30}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28, '\x00', 0x7}}}}, 0x488)
sendmsg(r3, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000100), 0x0, 0x0, 0x0, 0x2c}, 0x44004)
r6 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0)
write$binfmt_script(r6, 0x0, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r6, 0x4000)

16.829179197s ago: executing program 3 (id=4165):
socket$inet6_sctp(0xa, 0x5, 0x84)
syz_open_dev$cec(&(0x7f00000021c0), 0xffffffffffffffff, 0xd2ec0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
r1 = creat(&(0x7f0000000580)='./file1\x00', 0x0)
r2 = fanotify_init(0xf00, 0x1)
fanotify_mark(r2, 0x105, 0x40009975, r1, 0x0)
fallocate(0xffffffffffffffff, 0x0, 0x1000000, 0x3)
r3 = socket$inet6(0xa, 0x3, 0x8000000003c)
connect$inet6(r3, &(0x7f0000000140)={0xa, 0x0, 0x0, @dev, 0x9}, 0x1c)
setsockopt$IP6T_SO_SET_REPLACE(r3, 0x29, 0x40, &(0x7f0000000b00)=@raw={'raw\x00', 0x8, 0x3, 0x3d0, 0xd0, 0xffffffff, 0xffffffff, 0x0, 0xffffffff, 0x300, 0xffffffff, 0xffffffff, 0x300, 0xffffffff, 0x3, 0x0, {[{{@ipv6={@private0, @mcast2, [], [], 'veth0_macvtap\x00', 'dvmrp1\x00', {}, {}, 0x0, 0x0, 0x1}, 0x0, 0xa8, 0xd0}, @common=@unspec=@NFQUEUE0={0x28}}, {{@ipv6={@remote, @ipv4={'\x00', '\xff\xff', @dev={0xac, 0x14, 0x14, 0x32}}, [], [], 'wg1\x00', 'gre0\x00', {0xff}}, 0x0, 0x200, 0x230, 0x0, {}, [@common=@inet=@hashlimit3={{0x158}, {'wg1\x00', {0x3, 0x0, 0x41, 0x0, 0x0, 0x1000, 0x6, 0x3}}}]}, @common=@unspec=@CONNMARK={0x30}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28, '\x00', 0x7}}}}, 0x430)
r4 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r4, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000240)=@newtaction={0xe8, 0x30, 0xffff, 0x0, 0x0, {}, [{0xd4, 0x1, [@m_ife={0xd0, 0x1, 0x0, 0x0, {{0x8}, {0xa8, 0x2, 0x0, 0x1, [@TCA_IFE_DMAC={0xa, 0x3, @link_local}, @TCA_IFE_METALST={0x18, 0x6, [@IFE_META_PRIO={0x4, 0x3, @void}, @IFE_META_PRIO={0x8}, @IFE_META_TCINDEX={0x6, 0x5, @val=0xe}]}, @TCA_IFE_TYPE={0x6}, @TCA_IFE_TYPE={0x6}, @TCA_IFE_DMAC={0xa, 0x3, @local}, @TCA_IFE_METALST={0xc, 0x6, [@IFE_META_PRIO={0x4, 0x3, @void}, @IFE_META_PRIO={0x4, 0x3, @void}]}, @TCA_IFE_PARMS={0x1c}, @TCA_IFE_TYPE={0x6}, @TCA_IFE_SMAC={0xa, 0x4, @dev}, @TCA_IFE_METALST={0x28, 0x6, [@IFE_META_TCINDEX={0x4, 0x5, @void}, @IFE_META_TCINDEX={0x6}, @IFE_META_TCINDEX={0x4, 0x5, @void}, @IFE_META_SKBMARK={0x4, 0x1, @void}, @IFE_META_TCINDEX={0x6}, @IFE_META_PRIO={0x8}]}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xe8}}, 0x0)

15.916869642s ago: executing program 3 (id=4166):
openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0) (async)
r0 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
write$sequencer(r0, &(0x7f00000002c0)=ANY=[], 0x4)
r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
syz_init_net_socket$bt_hci(0x1f, 0x3, 0x5)
close(0x4)
r2 = syz_open_procfs$namespace(0x0, &(0x7f0000000200)='ns/pid_for_children\x00')
openat$nullb(0xffffffffffffff9c, 0x0, 0x4000000105680, 0x0) (async)
openat$nullb(0xffffffffffffff9c, 0x0, 0x4000000105680, 0x0)
prlimit64(0xffffffffffffffff, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x13) (async)
sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x13)
r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0xf4802, 0x0) (async)
r4 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0xf4802, 0x0)
ioctl$TUNSETIFF(r4, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
close(r2)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000500)) (async)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000500))
ioctl$SIOCSIFHWADDR(r3, 0x8914, &(0x7f00000000c0)={'syzkaller0\x00', @broadcast}) (async)
ioctl$SIOCSIFHWADDR(r3, 0x8914, &(0x7f00000000c0)={'syzkaller0\x00', @broadcast})
r5 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x3c3482, 0x0)
ioctl$TUNSETIFF(r5, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x4000000000000001, 0x0, 0x2, 0x0) (async)
prctl$PR_SCHED_CORE(0x3e, 0x4000000000000001, 0x0, 0x2, 0x0)
r6 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r6, &(0x7f0000019680)=""/102392, 0x18ff8)
mknodat$loop(0xffffffffffffffff, 0x0, 0x8000, 0x1)
r7 = fsopen(0x0, 0x0)
name_to_handle_at(0xffffffffffffffff, &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r7, 0x6, 0x0, 0x0, 0x0)
ioctl$SG_IO(0xffffffffffffffff, 0x2285, &(0x7f0000000040)={0x53, 0x0, 0x7b, 0x0, @buffer={0x2, 0x0, 0x0}, &(0x7f0000000680)="bb794f8cb0494003803f2bb6b93699837e00d812383fb4029479a9efa658d76be64aaa84261c78573a19b1de0d8dff20a694ce92176902baae344e116fb77aa85da076666f39ed962610de816a8a24aea5bf53c9527c47577b43df66801e6b118bad4b217f2a679e0e1693ebbbbe06db59c5484ab3acce40fb9606", 0x0, 0x0, 0x0, 0x0, 0x0})
sendmsg$inet(r1, &(0x7f0000000600)={&(0x7f0000000000)={0x2, 0x4e20, @local}, 0x10, &(0x7f0000000480)}, 0x20008810) (async)
sendmsg$inet(r1, &(0x7f0000000600)={&(0x7f0000000000)={0x2, 0x4e20, @local}, 0x10, &(0x7f0000000480)}, 0x20008810)
socket$nl_netfilter(0x10, 0x3, 0xc) (async)
r8 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r8, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000100)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a01030000000000000000010000000900010073797a300000000040000000030a01020000000000000000010000000900030073797a320000000014000480080002400000000008000140000000000900010073797a300000000068000000060a010400000000000000000100000008000b40000000000900010073797a3000000000400004803c0001800a0001006c696d69740000002c0002800c000240000000008000000108000540000000000c0001400000000000"], 0xf0}}, 0x4000800)
syz_open_dev$sndctrl(0x0, 0x0, 0x0) (async)
syz_open_dev$sndctrl(0x0, 0x0, 0x0)

15.24931353s ago: executing program 3 (id=4167):
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x4, 0xe, &(0x7f00000015c0)=ANY=[@ANYBLOB="b7020000b0ffffffbfa30000000000000703000000feffff7a0af0ff2300000079a4f0ff00000000b7060000ffffffff2d64050000000000650404000100010104040000f1000000b7030000000000006a0a00fe000000008500000032000000b700000001000000950000000000000075cdc4b57b0c65752a3ad50000007ddd0000cb450063dedba767ade51f7f1f66acd19100002000000000000000ff7f0000b52f17cee19d0001000000000000000000cb04fcbb4e4d0b9bafe3ba431351a58a885ba9918d37b056b9bbd11b6b9f6cf7db6d574620260000000000008062d77e85cef4a2ab938f65aac33c4d620de2c9b7dc10d7d313f9f57606b83b994fc4051ade12f41deff6df6a936b4ec3827c739bb39aad16cc75fe369258673b5df11cc2afb53611cc32a790bc0b80e80eae8f5e64be2c9d2d29db3d36dd0cf8f79a015c7bd3f15aa6aadbeab2a01685108e61aa00000000000000000000000000c67c6c6a06e828e5216f601b19db1af1b5d356d0f062137d866d11be4ba3f0151fdbbd4e97d62ecc645e143a60f10800000000000000826151e3b42bcae95239ef5ca2a730a00c87c493db0300e63fda97a296820000000001000000eecc952a3fd2c46f3c1cde71a19d1a2982492a210e00d2bfea3b8d188df2eff8d56aaae7d32a2e180022537395019f02ec4b85f6aad7faca088de9b26797a8446b16c28d85f225992dbdd5bb01ba51508951c7a7d6ca0916c3a12912715649c2b1c7192a4251b59d378d3f00000000000000665c8b7e89eddfc3783f6c9129a7c5f8ee5f50579e2f638f7eb12f63be72a3d81ab324d6e417b1c2cbfdcada0a16e31790e26cf19588a7e0496ee2782224cf30f810da86cf1a3204f4c9404f5d7321a4fefc4d1c9139ca4b65b99909950000006b42077ca60fdecb2717e21f8f187b1866108b6e8c71e2603217606637ece1fa89917e131f4034a8383e99c3568fd04201b37cd92ca6ebf94a2d8310f7032775cfd75652f87b039d5430b3c6643e9146d2478ce31344b554aca7670000000000000010c65608fda6ed5d08e7a796042aa127d874105787d0347aa37801faff5b9050803a19ff6205aa5c263e407a2f7de56f7a0000e094fa4e3f05528caab5a430c08dd810bc97204b767dd969721a26aa740000000000bc433fe2d0a6ef2a8a91cd3cb305aa80dadef8b0caca780000000000000000863e21db415a222bb1a7ab94bfe4a74157d794f9d0430c2c0eb563350559829865a3dd08fb31bd0801e09aa3ee45e61a56fc83076451cff7632e49a41eadb5044a0d5f73d6932161ae5e9ce218a35cd8e7b747887b1a74798982d0b492c3f0ff53189d80733eb04f8124877b648ff438f7d66c7efcc09a8f3330b6c22d14e80db8e5608bdeab9388b758a15f4ce70390c214bc6838798f5b9b0b500d4e8b5174f329b8501c6feb7a6982bcea74a0f2ced7fa2059234a8d10b7f0597151d5c9067d57d85f4ae933eaf5174ba122f3f702ef8695578d3c08562c9fc185f0f65d11b4c58ae52500cbe99cde3758a5cbe6093dd328ac820e2de309d25a324647aadffcecf0f3bbaeda7af4436d9ffbce1b240a2f5e346eba8812e6329e01b087bde7da4a6448f478102e90c8134f531de08d4cf4f6f35b15a202544c0ced0c1715fd3a90099f785a13a2412bedba2981dd22bd9d736c00000000000000000000000000000000eb6fec8d7d2f77f4d470a9caa5b1bfc00cd1d40830ac35f229f8ffe1c02a63d3c2d9"], &(0x7f0000000340)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000)={0x2}, 0x8, 0x10, &(0x7f0000000100), 0x10}, 0x57)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000140)={r0, 0x702, 0xe80, 0x0, &(0x7f0000000580)="e460334470d8d400eb00c15286dd", 0x0, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) (fail_nth: 1)

15.056705717s ago: executing program 3 (id=4168):
socket$unix(0x1, 0x2, 0x0)
syz_genetlink_get_family_id$nl80211(&(0x7f00000000c0), 0xffffffffffffffff)
sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000600)={0x0, 0xc, &(0x7f0000000000)=[{&(0x7f0000000080)="2e00000010008188e6b62aa73772cc9f1ba1f848480000005e140602000000000e000a000f000000028000001294", 0x2e}], 0x1}, 0x0)
ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000140)={'wlan1\x00'})
sendmsg$NL80211_CMD_NEW_INTERFACE(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000340)=ANY=[], 0x50}, 0x1, 0x0, 0x0, 0x91}, 0x24044884)
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0)
close(r0)
socket$inet_sctp(0x2, 0x5, 0x84)
ioctl$SIOCSIFHWADDR(r0, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @link_local})

10.515030314s ago: executing program 34 (id=4141):
r0 = socket$inet_mptcp(0x2, 0x1, 0x106)
socket$nl_netfilter(0x10, 0x3, 0xc)
r1 = socket$inet6_mptcp(0xa, 0x1, 0x106)
bind$inet6(r1, &(0x7f0000000040)={0xa, 0x4e22, 0x0, @empty}, 0x1c)
listen(r1, 0x0)
syz_emit_ethernet(0x7d, &(0x7f0000000440)=ANY=[@ANYBLOB="01000000004500136f0000000000e98f78640101fd833b3a3c5b713222000000000000000000", @ANYRES32=0x41424344, @ANYRES16=0x0, @ANYBLOB="5c0200009078000092bc6154acaf226469b2e948b8c1feb072b5698428c19d0e4cec85abc227debc87dcc9146dd5352e62bb1ebfdd86f99a387c7960d767fd98738a117160b7733ad8a167ca14bef7", @ANYRESOCT=0x0], 0x0)
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x50)
r2 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r2, 0x84, 0x9, 0x0, 0x0)
r3 = socket(0x15, 0x3, 0x0)
r4 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
r5 = socket$netlink(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)={0xffffffffffffffff, <r6=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000000)={'macsec0\x00', <r7=>0x0})
sendmsg$nl_route(r5, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000240)=ANY=[@ANYBLOB="480000001000010010000000ffdbdf2500000000", @ANYRES32=r7, @ANYBLOB="20000000280e0400280012800b0001006d61637365630000180002800500030008"], 0x48}, 0x1, 0x0, 0x0, 0x24008001}, 0x0)
ioctl$TIOCSETD(r4, 0x5423, &(0x7f0000000080)=0x2)
ioctl$TIOCSTI(r4, 0x5412, &(0x7f0000000180)=0x7d)
r8 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl$sock_SIOCGIFINDEX(r8, 0x8933, &(0x7f00000002c0)={'bridge_slave_0\x00', <r9=>0x0})
sendmsg$nl_route(r3, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)=ANY=[@ANYBLOB="2c00020000030000000000000000080019000000000000000001000000000000", @ANYRES32=0x0, @ANYBLOB="08000300", @ANYRES32=r9, @ANYBLOB], 0x2c}, 0x1, 0x0, 0x0, 0x4000040}, 0x0)
bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e24, @broadcast}, 0x10)
writev(r0, &(0x7f0000000200)=[{&(0x7f00000000c0)='X', 0x8030000}], 0x1)
r10 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
r11 = socket$nl_rdma(0x10, 0x3, 0x14)
sendmsg$RDMA_NLDEV_CMD_RES_MR_GET(r11, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000300)=ANY=[@ANYBLOB="20000000181401002bbd7074070000000000000000000000080003", @ANYRES16=r2], 0x20}}, 0x0)
sendmsg$netlink(r10, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000005d00)=ANY=[@ANYBLOB="140100002d00010000000000fcdbdf250401f2800800180005ac0f"], 0x114}], 0x1, 0x0, 0x0, 0x4000010}, 0x4)
socket$netlink(0x10, 0x3, 0x0)
syz_open_procfs(0x0, &(0x7f0000000340)='mountinfo\x00')
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000400)={0x1, &(0x7f0000000380)=[{0x6, 0x0, 0x0, 0x7fffffff}]})
shmget$private(0x0, 0x1000, 0x100, &(0x7f0000ffd000/0x1000)=nil)

7.513238155s ago: executing program 35 (id=4151):
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl802154(&(0x7f0000000200), r0)
sendmsg$NL802154_CMD_GET_WPAN_PHY(r0, 0x0, 0x0)

3.505779957s ago: executing program 36 (id=4161):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$ETHTOOL_MSG_LINKMODES_SET(r1, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f00000000c0)={0x20, r2, 0x301, 0x0, 0x0, {0x1c}, [@ETHTOOL_A_LINKMODES_HEADER={0xc, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x3}]}]}, 0x20}}, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000240)=@base={0x1, 0x100001, 0x5, 0x4, 0x1}, 0x48)
r4 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000040)={&(0x7f0000000240)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0xc, 0xc, 0x5, [@typedef={0x3}]}, {0x0, [0x30, 0x0, 0x5f]}}, 0x0, 0x29}, 0x20)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000440)={0x6, 0x2, &(0x7f0000000740)=@raw=[@cb_func={0x18, 0x0, 0x4, 0x0, 0x8}], &(0x7f0000000140)='syzkaller\x00', 0x9, 0xff, &(0x7f0000000340)=""/255, 0x0, 0x0, '\x00', 0x0, 0x25, r4, 0x9, &(0x7f0000000000)={0xfffffffe}, 0x8}, 0x94)
bpf$MAP_LOOKUP_ELEM(0x1, &(0x7f00000000c0)={r3, &(0x7f0000000340), 0x0}, 0x20)
r5 = socket(0x400000000010, 0x3, 0x0)
r6 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r7=>0x0})
sendmsg$nl_route_sched(r5, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r7, {0x0, 0x1}, {0xffff, 0xffff}, {0x0, 0x9}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8, 0x2, {0x1}}}]}, 0x38}}, 0x0)
sendmsg$nl_route_sched(r5, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000080)=@newtfilter={0x54, 0x2c, 0xd27, 0x30bd29, 0x25dfdbfd, {0x0, 0x0, 0x0, r7, {0x0, 0xfff1}, {}, {0x7, 0x10}}, [@filter_kind_options=@f_flow={{0x9}, {0x24, 0x2, [@TCA_FLOW_MODE={0x8, 0x2, 0x1}, @TCA_FLOW_XOR={0x8, 0x7, 0x1ff}, @TCA_FLOW_KEYS={0x8, 0x1, 0x681e}, @TCA_FLOW_BASECLASS={0x8, 0x3, {0xa, 0xfff3}}]}}]}, 0x54}, 0x1, 0x0, 0x0, 0x10}, 0x2008c014)

0s ago: executing program 37 (id=4168):
socket$unix(0x1, 0x2, 0x0)
syz_genetlink_get_family_id$nl80211(&(0x7f00000000c0), 0xffffffffffffffff)
sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000600)={0x0, 0xc, &(0x7f0000000000)=[{&(0x7f0000000080)="2e00000010008188e6b62aa73772cc9f1ba1f848480000005e140602000000000e000a000f000000028000001294", 0x2e}], 0x1}, 0x0)
ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000140)={'wlan1\x00'})
sendmsg$NL80211_CMD_NEW_INTERFACE(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000340)=ANY=[], 0x50}, 0x1, 0x0, 0x0, 0x91}, 0x24044884)
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0)
close(r0)
socket$inet_sctp(0x2, 0x5, 0x84)
ioctl$SIOCSIFHWADDR(r0, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @link_local})

kernel console output (not intermixed with test programs):

.637781][T16934] usb 4-1: config 0 descriptor??
[ 1386.664587][T18887] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1388.104469][T18907] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1388.483186][T18911] program syz.1.3422 is using a deprecated SCSI ioctl, please convert it to SG_IO
[ 1388.586586][T18912] program syz.1.3422 is using a deprecated SCSI ioctl, please convert it to SG_IO
[ 1388.658309][T18912] sd 0:0:1:0: ioctl_internal_command: ILLEGAL REQUEST asc=0x20 ascq=0x0
[ 1391.040527][T16934] usblp 4-1:0.0: usblp0: USB Bidirectional printer dev 15 if 0 alt 0 proto 3 vid 0x03F0 pid 0x6C17
[ 1391.394033][T16934] usb 4-1: USB disconnect, device number 15
[ 1391.512116][T16934] usblp0: removed
[ 1391.545964][T18937] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[ 1391.834434][ T5838] usb 5-1: new high-speed USB device number 9 using dummy_hcd
[ 1395.606167][T18983] tipc: Enabling of bearer <udp:syz2> rejected, already enabled
[ 1397.124439][T16934] usb 5-1: new high-speed USB device number 10 using dummy_hcd
[ 1397.576938][T19001] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1403.728366][ T5890] usb 5-1: new high-speed USB device number 11 using dummy_hcd
[ 1410.991977][T19117] overlayfs: missing 'lowerdir'
[ 1412.821150][T16934] usb 4-1: new high-speed USB device number 16 using dummy_hcd
[ 1416.834633][T17441] usb 2-1: new high-speed USB device number 14 using dummy_hcd
[ 1417.555131][T17441] usb 2-1: Using ep0 maxpacket: 32
[ 1418.334402][   T48] usb 5-1: new high-speed USB device number 12 using dummy_hcd
[ 1418.684380][T17441] usb 2-1: device descriptor read/all, error -71
[ 1419.699517][T15433] usb 6-1: new high-speed USB device number 6 using dummy_hcd
[ 1421.864533][T19224] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[ 1423.275251][ T1301] ieee802154 phy0 wpan0: encryption failed: -22
[ 1423.281720][ T1301] ieee802154 phy1 wpan1: encryption failed: -22
[ 1425.897981][T19250] loop6: detected capacity change from 0 to 524287999
[ 1434.499792][T19327] loop6: detected capacity change from 0 to 524287999
[ 1442.846711][T16934] usb 4-1: new high-speed USB device number 17 using dummy_hcd
[ 1443.025272][T16934] usb 4-1: Using ep0 maxpacket: 32
[ 1443.027227][T16934] usb 4-1: config index 0 descriptor too short (expected 29220, got 36)
[ 1443.027254][T16934] usb 4-1: config 0 has too many interfaces: 81, using maximum allowed: 32
[ 1443.027274][T16934] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 81
[ 1443.027320][T16934] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0
[ 1443.027340][T16934] usb 4-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0
[ 1443.027362][T16934] usb 4-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18
[ 1443.027401][T16934] usb 4-1: New USB device found, idVendor=03f0, idProduct=6c17, bcdDevice= 0.40
[ 1443.027423][T16934] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1443.093356][T16934] usb 4-1: config 0 descriptor??
[ 1443.924556][T16934] usb 4-1: can't set config #0, error -71
[ 1443.934549][T16934] usb 4-1: USB disconnect, device number 17
[ 1444.063069][T19411] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[ 1444.069217][T19411] Bluetooth: hci1: Opcode 0x0406 failed: -4
[ 1444.158788][T19411] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[ 1444.593300][T19411] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[ 1444.620379][T19411] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[ 1444.636473][T19411] Bluetooth: hci5: Opcode 0x0c1a failed: -4
[ 1444.813761][T19411] Bluetooth: hci5: Opcode 0x0406 failed: -4
[ 1445.803791][T16934] usb 5-1: new high-speed USB device number 13 using dummy_hcd
[ 1445.939585][T10832] Bluetooth: hci1: command 0x0c1a tx timeout
[ 1446.164626][T10832] Bluetooth: hci3: command 0x0c1a tx timeout
[ 1446.494686][ T5903] usb 4-1: new high-speed USB device number 18 using dummy_hcd
[ 1446.654466][T10832] Bluetooth: hci5: command 0x0419 tx timeout
[ 1446.660659][T18418] Bluetooth: hci2: command 0x0c1a tx timeout
[ 1446.666897][T10832] Bluetooth: hci4: command 0x0c1a tx timeout
[ 1448.007806][ T5842] Bluetooth: hci1: command 0x0c1a tx timeout
[ 1448.932442][ T5842] Bluetooth: hci5: command 0x0419 tx timeout
[ 1450.853914][T19490] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[ 1450.860224][T19490] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[ 1450.866304][T19490] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[ 1450.872289][T19490] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[ 1450.878368][T19490] Bluetooth: hci5: Opcode 0x0c1a failed: -4
[ 1452.804358][T18418] Bluetooth: hci1: command 0x0c1a tx timeout
[ 1453.126181][ T5842] Bluetooth: hci2: command 0x0c1a tx timeout
[ 1453.132680][ T5842] Bluetooth: hci4: command 0x0c1a tx timeout
[ 1453.138940][ T5842] Bluetooth: hci3: command 0x0c1a tx timeout
[ 1453.145428][T18418] Bluetooth: hci5: command 0x0419 tx timeout
[ 1459.668626][T19569] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[ 1459.674860][T19569] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[ 1459.680892][T19569] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[ 1459.687012][T19569] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[ 1459.692978][T19569] Bluetooth: hci5: Opcode 0x0c1a failed: -4
[ 1461.556804][T19606] netlink: 100 bytes leftover after parsing attributes in process `syz.3.3572'.
[ 1461.650640][T19612] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[ 1461.683621][T19606] netdevsim netdevsim3 netdevsim0: entered promiscuous mode
[ 1461.764468][T18418] Bluetooth: hci5: command 0x0419 tx timeout
[ 1462.129760][T18418] Bluetooth: hci2: command 0x0c1a tx timeout
[ 1462.137746][T10832] Bluetooth: hci4: command 0x0c1a tx timeout
[ 1462.143973][T10832] Bluetooth: hci3: command 0x0c1a tx timeout
[ 1462.165130][ T5842] Bluetooth: hci1: command 0x0c1a tx timeout
[ 1463.984690][T19639] slcan: can't register candev
[ 1463.989799][T19639] Falling back ldisc for ttyS3.
[ 1464.598964][T19646] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[ 1464.605118][T19646] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[ 1464.611104][T19646] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[ 1464.617265][T19646] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[ 1464.623248][T19646] Bluetooth: hci5: Opcode 0x0c1a failed: -4
[ 1464.868861][T19662] netdevsim netdevsim0 netdevsim0: entered promiscuous mode
[ 1464.926781][T19662] A link change request failed with some changes committed already. Interface netdevsim0 may have been left with an inconsistent configuration, please check.
[ 1465.016143][T19664] bridge3: trying to set multicast startup query interval below minimum, setting to 100 (1000ms)
[ 1466.564739][T18418] Bluetooth: hci1: command 0x0c1a tx timeout
[ 1466.644479][T18418] Bluetooth: hci5: command 0x0419 tx timeout
[ 1466.650546][T18418] Bluetooth: hci4: command 0x0c1a tx timeout
[ 1466.657238][T18418] Bluetooth: hci2: command 0x0c1a tx timeout
[ 1466.663281][T18418] Bluetooth: hci3: command 0x0c1a tx timeout
[ 1466.942519][T19698] xt_SECMARK: only valid in 'mangle' or 'security' table, not 'filter'
[ 1466.952059][T19698] ubi: mtd0 is already attached to ubi31
[ 1468.963115][T19715] overlayfs: failed to resolve './file0': -2
[ 1469.265103][T19714] netlink: 64 bytes leftover after parsing attributes in process `syz.5.3593'.
[ 1470.464694][T19723] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[ 1470.470750][T19723] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[ 1470.476917][T19723] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[ 1470.482889][T19723] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[ 1470.489020][T19723] Bluetooth: hci5: Opcode 0x0c1a failed: -4
[ 1471.651041][T19753] program syz.3.3601 is using a deprecated SCSI ioctl, please convert it to SG_IO
[ 1471.660498][T19753] sd 0:0:1:0: ioctl_internal_command: ILLEGAL REQUEST asc=0x20 ascq=0x0
[ 1472.569801][T14172] Bluetooth: hci5: command 0x0419 tx timeout
[ 1472.575968][T18418] Bluetooth: hci2: command 0x0c1a tx timeout
[ 1472.582006][T18418] Bluetooth: hci4: command 0x0c1a tx timeout
[ 1472.582065][ T5842] Bluetooth: hci3: command 0x0c1a tx timeout
[ 1472.588235][T19615] Bluetooth: hci1: command 0x0c1a tx timeout
[ 1472.670670][T19767] xt_SECMARK: only valid in 'mangle' or 'security' table, not 'filter'
[ 1472.681023][T19767] ubi: mtd0 is already attached to ubi31
[ 1474.971524][ T5838] usb 1-1: new high-speed USB device number 25 using dummy_hcd
[ 1475.264910][ T5838] usb 1-1: Using ep0 maxpacket: 16
[ 1475.275078][ T5838] usb 1-1: config 0 has no interfaces?
[ 1475.296062][ T5838] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[ 1475.316376][ T5838] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1
[ 1475.355194][ T5838] usb 1-1: SerialNumber: syz
[ 1475.396508][ T5838] usb 1-1: config 0 descriptor??
[ 1475.831235][ T5838] usb 1-1: USB disconnect, device number 25
[ 1483.654348][T13674] usb 2-1: new high-speed USB device number 16 using dummy_hcd
[ 1484.415962][T13674] usb 2-1: Using ep0 maxpacket: 16
[ 1484.423759][T13674] usb 2-1: config 0 has no interfaces?
[ 1484.430935][T13674] usb 2-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[ 1484.453034][T13674] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1
[ 1484.477791][T13674] usb 2-1: SerialNumber: syz
[ 1484.588273][ T1301] ieee802154 phy0 wpan0: encryption failed: -22
[ 1484.596289][ T1301] ieee802154 phy1 wpan1: encryption failed: -22
[ 1484.830821][T13674] usb 2-1: config 0 descriptor??
[ 1485.488477][T13674] usb 2-1: can't set config #0, error -71
[ 1485.538018][T13674] usb 2-1: USB disconnect, device number 16
[ 1485.795988][T19922] ubi: mtd0 is already attached to ubi31
[ 1491.384337][ T5932] usb 4-1: new high-speed USB device number 19 using dummy_hcd
[ 1491.902829][ T5932] usb 4-1: Using ep0 maxpacket: 16
[ 1491.992917][ T5932] usb 4-1: config 0 has no interfaces?
[ 1492.044756][T19991] futex_wake_op: syz.4.3659 tries to shift op by -1; fix this program
[ 1492.188295][ T5932] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[ 1492.199147][ T5932] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1
[ 1492.209427][ T5932] usb 4-1: SerialNumber: syz
[ 1492.231292][ T5932] usb 4-1: config 0 descriptor??
[ 1492.475332][ T5932] usb 4-1: USB disconnect, device number 19
[ 1500.407937][   T48] usb 6-1: new high-speed USB device number 7 using dummy_hcd
[ 1500.586871][   T48] usb 6-1: Using ep0 maxpacket: 16
[ 1500.647288][T19615] Bluetooth: hci4: command 0x0c1a tx timeout
[ 1500.678475][   T48] usb 6-1: config 0 has no interfaces?
[ 1500.874526][   T48] usb 6-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[ 1500.909501][   T48] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1
[ 1501.001040][   T48] usb 6-1: SerialNumber: syz
[ 1501.263343][   T48] usb 6-1: config 0 descriptor??
[ 1501.921600][T20065] netlink: 68 bytes leftover after parsing attributes in process `syz.5.3673'.
[ 1501.937042][ T5903] usb 6-1: USB disconnect, device number 7
[ 1504.132490][T20111] futex_wake_op: syz.1.3683 tries to shift op by -1; fix this program
[ 1504.325673][T20114] overlayfs: failed to resolve './file0': -2
[ 1508.911318][T17441] usb 2-1: new high-speed USB device number 17 using dummy_hcd
[ 1509.324658][T17441] usb 2-1: Using ep0 maxpacket: 16
[ 1509.336064][T17441] usb 2-1: config 0 has no interfaces?
[ 1509.343388][T17441] usb 2-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[ 1509.353189][T17441] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1
[ 1509.372010][T17441] usb 2-1: SerialNumber: syz
[ 1509.399672][T17441] usb 2-1: config 0 descriptor??
[ 1509.878665][T20170] netlink: 68 bytes leftover after parsing attributes in process `syz.1.3692'.
[ 1510.099581][   T48] usb 2-1: USB disconnect, device number 17
[ 1512.371939][T20215] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3704'.
[ 1516.458925][T20269] overlayfs: failed to resolve './file0': -2
[ 1521.365885][T20338] overlayfs: failed to resolve './file0': -2
[ 1522.916925][T20362] program syz.4.3730 is using a deprecated SCSI ioctl, please convert it to SG_IO
[ 1522.934950][T20362] sd 0:0:1:0: ioctl_internal_command: ILLEGAL REQUEST asc=0x20 ascq=0x0
[ 1528.082440][T20412] fuse: Bad value for 'fd'
[ 1528.098655][T20404] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[ 1528.116222][T20404] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[ 1528.122241][T20404] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[ 1528.152621][T20415] program syz.0.3743 is using a deprecated SCSI ioctl, please convert it to SG_IO
[ 1528.165278][T20415] sd 0:0:1:0: ioctl_internal_command: ILLEGAL REQUEST asc=0x20 ascq=0x0
[ 1528.233177][T20404] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[ 1528.947535][T20404] Bluetooth: hci5: Opcode 0x0c1a failed: -4
[ 1530.192223][T18418] Bluetooth: hci3: command 0x0c1a tx timeout
[ 1530.192220][T19615] Bluetooth: hci4: command 0x0c1a tx timeout
[ 1530.192268][T18418] Bluetooth: hci1: command 0x0c1a tx timeout
[ 1530.281115][T18418] Bluetooth: hci2: command 0x0c1a tx timeout
[ 1530.964462][T19615] Bluetooth: hci5: command 0x0419 tx timeout
[ 1534.567642][T20460] overlayfs: failed to resolve './file0': -2
[ 1536.633887][T20477] xt_SECMARK: only valid in 'mangle' or 'security' table, not 'filter'
[ 1536.644827][T20477] ubi: mtd0 is already attached to ubi31
[ 1537.886275][ T5932] usb 5-1: new high-speed USB device number 14 using dummy_hcd
[ 1538.222456][ T5932] usb 5-1: Using ep0 maxpacket: 16
[ 1538.243602][ T5932] usb 5-1: config 0 has no interfaces?
[ 1538.262459][ T5932] usb 5-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[ 1538.379850][ T5932] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1
[ 1538.501169][ T5932] usb 5-1: SerialNumber: syz
[ 1538.545230][ T5932] usb 5-1: config 0 descriptor??
[ 1539.640126][T20488] netlink: 12 bytes leftover after parsing attributes in process `syz.4.3757'.
[ 1539.701568][T20488] vlan2: entered promiscuous mode
[ 1539.712849][T20488] bond0: entered promiscuous mode
[ 1539.726779][T20488] bond_slave_0: entered promiscuous mode
[ 1539.750660][T20488] bond_slave_1: entered promiscuous mode
[ 1539.914670][ T5903] usb 5-1: USB disconnect, device number 14
[ 1539.943669][T20514] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[ 1540.133449][T20514] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[ 1540.147480][T20514] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[ 1540.164147][T20514] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[ 1540.176872][T20514] Bluetooth: hci5: Opcode 0x0c1a failed: -4
[ 1540.298149][T20532] can0: slcan on ttyS3.
[ 1540.978286][T20532] can0 (unregistered): slcan off ttyS3.
[ 1542.039680][T19615] Bluetooth: hci1: command 0x0c1a tx timeout
[ 1542.214446][T19615] Bluetooth: hci2: command 0x0c1a tx timeout
[ 1542.214648][T18418] Bluetooth: hci4: command 0x0c1a tx timeout
[ 1542.221477][T19615] Bluetooth: hci3: command 0x0c1a tx timeout
[ 1542.244639][T19615] Bluetooth: hci5: command 0x0419 tx timeout
[ 1545.393099][T20577] netlink: 8 bytes leftover after parsing attributes in process `syz.5.3775'.
[ 1545.937177][ T1301] ieee802154 phy0 wpan0: encryption failed: -22
[ 1545.943536][ T1301] ieee802154 phy1 wpan1: encryption failed: -22
[ 1546.096126][T20577] 8021q: adding VLAN 0 to HW filter on device macvlan2
[ 1547.435693][T20591] netlink: 16 bytes leftover after parsing attributes in process `syz.1.3779'.
[ 1548.374334][ T5890] usb 5-1: new high-speed USB device number 15 using dummy_hcd
[ 1548.553856][ T5890] usb 5-1: Using ep0 maxpacket: 16
[ 1548.794362][ T5890] usb 5-1: config 0 has no interfaces?
[ 1548.804626][ T5890] usb 5-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[ 1548.813698][ T5890] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1
[ 1548.822366][ T5890] usb 5-1: SerialNumber: syz
[ 1548.830100][ T5890] usb 5-1: config 0 descriptor??
[ 1549.106077][T20604] netlink: 12 bytes leftover after parsing attributes in process `syz.4.3781'.
[ 1549.136134][T20604] vlan2: entered promiscuous mode
[ 1549.503159][ T5890] usb 5-1: USB disconnect, device number 15
[ 1550.755854][T20646] overlayfs: failed to resolve './file0': -2
[ 1554.385070][T20698] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3797'.
[ 1556.190049][T20729] overlayfs: failed to resolve './file0': -2
[ 1556.872554][T20737] overlayfs: failed to resolve './file0': -2
[ 1558.763929][T20753] can0: slcan on ttyS3.
[ 1559.385714][T20753] can0 (unregistered): slcan off ttyS3.
[ 1561.338116][T20771] ubi: mtd0 is already attached to ubi31
[ 1562.543603][T20783] can0: slcan on ttyS3.
[ 1563.777297][T20783] can0 (unregistered): slcan off ttyS3.
[ 1565.194403][T20799] xt_SECMARK: only valid in 'mangle' or 'security' table, not 'filter'
[ 1565.204717][T20799] ubi: mtd0 is already attached to ubi31
[ 1566.315938][T20803] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[ 1566.323510][T20803] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[ 1566.331065][T20803] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[ 1566.338541][T20803] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[ 1566.348370][T20803] Bluetooth: hci5: Opcode 0x0c1a failed: -4
[ 1568.353278][T18418] Bluetooth: hci1: command 0x0c1a tx timeout
[ 1568.484479][T18418] Bluetooth: hci5: command 0x0419 tx timeout
[ 1568.490585][T19615] Bluetooth: hci2: command 0x0c1a tx timeout
[ 1568.496749][ T5842] Bluetooth: hci4: command 0x0c1a tx timeout
[ 1568.496785][T10832] Bluetooth: hci3: command 0x0c1a tx timeout
[ 1570.404806][T20833] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[ 1570.457053][T20833] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[ 1570.572727][T20833] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[ 1570.828924][T20833] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[ 1571.015604][T20833] Bluetooth: hci5: Opcode 0x0c1a failed: -4
[ 1572.494592][T10832] Bluetooth: hci3: command 0x0c1a tx timeout
[ 1572.502103][T10832] Bluetooth: hci1: command 0x0c1a tx timeout
[ 1572.906201][T10832] Bluetooth: hci4: command 0x0c1a tx timeout
[ 1572.912411][T10832] Bluetooth: hci2: command 0x0c1a tx timeout
[ 1573.044575][T18418] Bluetooth: hci5: command 0x0419 tx timeout
[ 1573.218154][T20856] bridge0: trying to set multicast startup query interval below minimum, setting to 100 (1000ms)
[ 1573.232076][T20856] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1573.240536][T20856] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1575.631745][T20884] netlink: 'syz.0.3841': attribute type 72 has an invalid length.
[ 1581.824710][T20956] program syz.4.3857 is using a deprecated SCSI ioctl, please convert it to SG_IO
[ 1581.906479][T20955] program syz.4.3857 is using a deprecated SCSI ioctl, please convert it to SG_IO
[ 1582.066113][T20955] sd 0:0:1:0: ioctl_internal_command: ILLEGAL REQUEST asc=0x20 ascq=0x0
[ 1584.710230][T20987] netlink: 4 bytes leftover after parsing attributes in process `syz.5.3863'.
[ 1589.347765][T21031] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[ 1589.353829][T21031] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[ 1589.359960][T21031] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[ 1589.366047][T21031] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[ 1589.372064][T21031] Bluetooth: hci5: Opcode 0x0c1a failed: -4
[ 1590.824289][T21056] program syz.3.3877 is using a deprecated SCSI ioctl, please convert it to SG_IO
[ 1590.840755][T21056] sd 0:0:1:0: ioctl_internal_command: ILLEGAL REQUEST asc=0x20 ascq=0x0
[ 1591.444843][T10832] Bluetooth: hci5: command 0x0419 tx timeout
[ 1591.444986][T18418] Bluetooth: hci2: command 0x0c1a tx timeout
[ 1591.452651][T10832] Bluetooth: hci4: command 0x0c1a tx timeout
[ 1591.456953][T19615] Bluetooth: hci3: command 0x0c1a tx timeout
[ 1591.463464][T10832] Bluetooth: hci1: command 0x0c1a tx timeout
[ 1592.434921][T21081] program syz.5.3882 is using a deprecated SCSI ioctl, please convert it to SG_IO
[ 1592.445108][T21081] sd 0:0:1:0: ioctl_internal_command: ILLEGAL REQUEST asc=0x20 ascq=0x0
[ 1596.906007][T21118] program syz.3.3889 is using a deprecated SCSI ioctl, please convert it to SG_IO
[ 1596.915715][T21118] sd 0:0:1:0: ioctl_internal_command: ILLEGAL REQUEST asc=0x20 ascq=0x0
[ 1598.906840][ T5932] usb 1-1: new high-speed USB device number 26 using dummy_hcd
[ 1599.084421][ T5932] usb 1-1: Using ep0 maxpacket: 16
[ 1599.111064][ T5932] usb 1-1: config 0 has no interfaces?
[ 1599.173413][ T5932] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[ 1599.204312][ T5932] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1
[ 1599.212436][ T5932] usb 1-1: SerialNumber: syz
[ 1599.268526][ T5932] usb 1-1: config 0 descriptor??
[ 1600.166378][T21127] netlink: 68 bytes leftover after parsing attributes in process `syz.0.3891'.
[ 1600.404671][ T5932] usb 1-1: USB disconnect, device number 26
[ 1600.431500][T21144] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[ 1600.595614][T21144] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[ 1600.610257][T21144] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[ 1600.618861][T21144] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[ 1600.891136][T21144] Bluetooth: hci5: Opcode 0x0c1a failed: -4
[ 1602.495016][T10832] Bluetooth: hci1: command 0x0c1a tx timeout
[ 1602.654527][T10832] Bluetooth: hci2: command 0x0c1a tx timeout
[ 1602.660794][T10832] Bluetooth: hci4: command 0x0c1a tx timeout
[ 1602.664432][T18418] Bluetooth: hci3: command 0x0c1a tx timeout
[ 1602.966279][T18418] Bluetooth: hci5: command 0x0419 tx timeout
[ 1603.904502][T16934] usb 5-1: new high-speed USB device number 16 using dummy_hcd
[ 1604.065325][T16934] usb 5-1: Using ep0 maxpacket: 16
[ 1604.109372][T16934] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1604.190720][T16934] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1604.206746][T17441] usb 4-1: new high-speed USB device number 20 using dummy_hcd
[ 1604.553667][T16934] usb 5-1: New USB device found, idVendor=0c70, idProduct=f00a, bcdDevice= 0.00
[ 1604.572917][T16934] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1604.630190][T16934] usb 5-1: config 0 descriptor??
[ 1604.714674][T17441] usb 4-1: Using ep0 maxpacket: 8
[ 1604.725753][T17441] usb 4-1: New USB device found, idVendor=0ccd, idProduct=0039, bcdDevice=90.7b
[ 1604.745656][T17441] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1604.791785][T17441] pvrusb2: Hardware description: Terratec Grabster AV400
[ 1604.810137][T17441] pvrusb2: **********
[ 1604.814168][T17441] pvrusb2: ***WARNING*** Support for this device (Terratec Grabster AV400) is experimental.
[ 1604.827801][T17441] pvrusb2: Important functionality might not be entirely working.
[ 1604.878207][T17441] pvrusb2: Please consider contacting the driver author to help with further stabilization of the driver.
[ 1604.906987][T21204] FAULT_INJECTION: forcing a failure.
[ 1604.906987][T21204] name failslab, interval 1, probability 0, space 0, times 1
[ 1604.927931][T17441] pvrusb2: **********
[ 1604.933583][T21206] program syz.0.3906 is using a deprecated SCSI ioctl, please convert it to SG_IO
[ 1604.949699][T21206] sd 0:0:1:0: ioctl_internal_command: ILLEGAL REQUEST asc=0x20 ascq=0x0
[ 1604.963999][T21204] CPU: 0 UID: 0 PID: 21204 Comm: syz.1.3905 Not tainted 6.16.0-rc4-syzkaller-00123-g4c06e63b9203 #0 PREEMPT(full) 
[ 1604.964023][T21204] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 1604.964034][T21204] Call Trace:
[ 1604.964042][T21204]  <TASK>
[ 1604.964049][T21204]  dump_stack_lvl+0x189/0x250
[ 1604.964075][T21204]  ? __pfx____ratelimit+0x10/0x10
[ 1604.964097][T21204]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1604.964114][T21204]  ? __pfx__printk+0x10/0x10
[ 1604.964137][T21204]  ? __pfx___might_resched+0x10/0x10
[ 1604.964156][T21204]  ? fs_reclaim_acquire+0x7d/0x100
[ 1604.964177][T21204]  should_fail_ex+0x414/0x560
[ 1604.964202][T21204]  should_failslab+0xa8/0x100
[ 1604.964217][T21204]  __kmalloc_noprof+0xcb/0x4f0
[ 1604.964237][T21204]  ? tomoyo_encode+0x28b/0x550
[ 1604.964259][T21204]  tomoyo_encode+0x28b/0x550
[ 1604.964283][T21204]  tomoyo_realpath_from_path+0x58d/0x5d0
[ 1604.964302][T21204]  ? tomoyo_domain+0xda/0x130
[ 1604.964324][T21204]  ? tomoyo_path_number_perm+0x1bc/0x5a0
[ 1604.964346][T21204]  tomoyo_path_number_perm+0x1e8/0x5a0
[ 1604.964370][T21204]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[ 1604.964407][T21204]  ? __lock_acquire+0xab9/0xd20
[ 1604.964444][T21204]  ? __fget_files+0x2a/0x420
[ 1604.964463][T21204]  ? __fget_files+0x2a/0x420
[ 1604.964478][T21204]  ? __fget_files+0x3a0/0x420
[ 1604.964492][T21204]  ? __fget_files+0x2a/0x420
[ 1604.964512][T21204]  security_file_ioctl+0xcb/0x2d0
[ 1604.964538][T21204]  __se_sys_ioctl+0x47/0x170
[ 1604.964562][T21204]  do_syscall_64+0xfa/0x3b0
[ 1604.964578][T21204]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1604.964599][T21204]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1604.964616][T21204]  ? clear_bhb_loop+0x60/0xb0
[ 1604.964635][T21204]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1604.964651][T21204] RIP: 0033:0x7f4848f8e929
[ 1604.964677][T21204] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1604.964693][T21204] RSP: 002b:00007f4846df6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1604.964712][T21204] RAX: ffffffffffffffda RBX: 00007f48491b6080 RCX: 00007f4848f8e929
[ 1604.964725][T21204] RDX: 0000000000000000 RSI: 000000000000541b RDI: 0000000000000005
[ 1604.964735][T21204] RBP: 00007f4846df6090 R08: 0000000000000000 R09: 0000000000000000
[ 1604.964745][T21204] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1604.964755][T21204] R13: 0000000000000000 R14: 00007f48491b6080 R15: 00007ffc77d61568
[ 1604.964784][T21204]  </TASK>
[ 1605.276877][T21204] ERROR: Out of memory at tomoyo_realpath_from_path.
[ 1605.352566][ T2344] pvrusb2: Invalid write control endpoint
[ 1605.480793][T21193] pvrusb2: Invalid write control endpoint
[ 1605.533213][ T2344] pvrusb2: Invalid write control endpoint
[ 1605.566756][ T2344] pvrusb2: ***WARNING*** Detected a wedged cx25840 chip; the device will not work.
[ 1605.578558][T21218] loop8: detected capacity change from 0 to 7
[ 1605.635545][T21218] Dev loop8: unable to read RDB block 7
[ 1605.643007][ T2344] pvrusb2: ***WARNING*** Try power cycling the pvrusb2 device.
[ 1605.661372][T21218]  loop8: unable to read partition table
[ 1605.717069][ T2344] pvrusb2: ***WARNING*** Disabling further access to the device to prevent other foul-ups.
[ 1605.770649][T21218] loop8: partition table beyond EOD, truncated
[ 1605.866249][T21218] loop_reread_partitions: partition scan of loop8 (þ被xü^>à– �) failed (rc=-5)
[ 1605.908777][ T2344] pvrusb2: Device being rendered inoperable
[ 1605.987690][ T2344] cx25840 1-0044: Unable to detect h/w, assuming cx23887
[ 1606.049520][ T2344] cx25840 1-0044: cx23887 A/V decoder found @ 0x88 (pvrusb2_a)
[ 1606.237076][ T2344] pvrusb2: Attached sub-driver cx25840
[ 1606.264295][ T2344] pvrusb2: ***WARNING*** pvrusb2 device hardware appears to be jammed and I can't clear it.
[ 1606.324358][ T2344] pvrusb2: You might need to power cycle the pvrusb2 device in order to recover.
[ 1606.661104][T16934] usbhid 5-1:0.0: can't add hid device: -71
[ 1606.841387][T16934] usbhid 5-1:0.0: probe with driver usbhid failed with error -71
[ 1606.856849][T15433] usb 4-1: USB disconnect, device number 20
[ 1606.868527][T16934] usb 5-1: USB disconnect, device number 16
[ 1607.375623][ T1301] ieee802154 phy0 wpan0: encryption failed: -22
[ 1607.382149][ T1301] ieee802154 phy1 wpan1: encryption failed: -22
[ 1608.554163][T21242] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[ 1608.588184][T21242] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[ 1608.674575][T21242] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[ 1608.689058][T21242] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[ 1608.744591][T21242] Bluetooth: hci5: Opcode 0x0c1a failed: -4
[ 1609.135386][T21257] netlink: 'syz.5.3915': attribute type 20 has an invalid length.
[ 1609.674384][T17441] usb 6-1: new high-speed USB device number 8 using dummy_hcd
[ 1609.794689][T21238] syz.1.3911 (21238): drop_caches: 2
[ 1609.876832][T17441] usb 6-1: config 0 has an invalid interface number: 119 but max is 0
[ 1609.970500][T17441] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1610.054284][T21270] program syz.4.3918 is using a deprecated SCSI ioctl, please convert it to SG_IO
[ 1610.069199][T17441] usb 6-1: config 0 has no interface number 0
[ 1610.096758][T17441] usb 6-1: too many endpoints for config 0 interface 119 altsetting 111: 102, using maximum allowed: 30
[ 1610.118509][T21270] sd 0:0:1:0: ioctl_internal_command: ILLEGAL REQUEST asc=0x20 ascq=0x0
[ 1610.127120][T17441] usb 6-1: config 0 interface 119 altsetting 111 has 0 endpoint descriptors, different from the interface descriptor's value: 102
[ 1610.127154][T17441] usb 6-1: config 0 interface 119 has no altsetting 0
[ 1610.127188][T17441] usb 6-1: New USB device found, idVendor=0471, idProduct=0304, bcdDevice=e4.df
[ 1610.127209][T17441] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1610.131774][T17441] usb 6-1: config 0 descriptor??
[ 1610.692394][T21279] can0: slcan on ttyS3.
[ 1610.829256][T18418] Bluetooth: hci3: command 0x0c1a tx timeout
[ 1610.835857][T18418] Bluetooth: hci1: command 0x0c1a tx timeout
[ 1610.843029][T18418] Bluetooth: hci2: command 0x0c1a tx timeout
[ 1610.849704][T18418] Bluetooth: hci4: command 0x0c1a tx timeout
[ 1610.857374][T19615] Bluetooth: hci5: command 0x0419 tx timeout
[ 1611.116405][T21273] can0 (unregistered): slcan off ttyS3.
[ 1611.340846][T21257] netlink: 'syz.5.3915': attribute type 27 has an invalid length.
[ 1612.599596][T17441] usb 6-1: string descriptor 0 read error: -71
[ 1612.678574][T17441] usb 6-1: USB disconnect, device number 8
[ 1614.027543][T21304] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[ 1614.061356][T21304] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[ 1614.098764][T21304] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[ 1614.105348][T21304] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[ 1614.111568][T21304] Bluetooth: hci5: Opcode 0x0c1a failed: -4
[ 1614.464541][T16934] usb 1-1: new high-speed USB device number 28 using dummy_hcd
[ 1615.327885][T16934] usb 1-1: Using ep0 maxpacket: 32
[ 1616.124396][T18418] Bluetooth: hci1: command 0x0c1a tx timeout
[ 1616.131013][ T5842] Bluetooth: hci3: command 0x0c1a tx timeout
[ 1616.164357][ T5842] Bluetooth: hci5: command 0x0419 tx timeout
[ 1616.170867][T19615] Bluetooth: hci4: command 0x0c1a tx timeout
[ 1616.177728][T18418] Bluetooth: hci2: command 0x0c1a tx timeout
[ 1616.364669][T16934] usb 1-1: device descriptor read/all, error -71
[ 1617.029207][T21360] program syz.1.3934 is using a deprecated SCSI ioctl, please convert it to SG_IO
[ 1617.091850][T21360] sd 0:0:1:0: ioctl_internal_command: ILLEGAL REQUEST asc=0x20 ascq=0x0
[ 1617.514318][T16934] usb 1-1: new full-speed USB device number 29 using dummy_hcd
[ 1618.328960][T21372] FAULT_INJECTION: forcing a failure.
[ 1618.328960][T21372] name fail_usercopy, interval 1, probability 0, space 0, times 1
[ 1618.359814][T21370] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[ 1618.478843][T21372] CPU: 1 UID: 0 PID: 21372 Comm: syz.5.3937 Not tainted 6.16.0-rc4-syzkaller-00123-g4c06e63b9203 #0 PREEMPT(full) 
[ 1618.478863][T21372] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 1618.478869][T21372] Call Trace:
[ 1618.478874][T21372]  <TASK>
[ 1618.478879][T21372]  dump_stack_lvl+0x189/0x250
[ 1618.478897][T21372]  ? __pfx____ratelimit+0x10/0x10
[ 1618.478913][T21372]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1618.478924][T21372]  ? __pfx__printk+0x10/0x10
[ 1618.478937][T21372]  ? __might_fault+0xb0/0x130
[ 1618.478959][T21372]  should_fail_ex+0x414/0x560
[ 1618.478976][T21372]  _copy_from_user+0x2d/0xb0
[ 1618.478989][T21372]  do_fb_ioctl+0x329/0x750
[ 1618.479004][T21372]  ? __pfx_do_fb_ioctl+0x10/0x10
[ 1618.479027][T21372]  ? __asan_memset+0x22/0x50
[ 1618.479042][T21372]  ? __pfx_smack_file_ioctl+0x10/0x10
[ 1618.479061][T21372]  ? __fget_files+0x3a0/0x420
[ 1618.479071][T21372]  ? __fget_files+0x2a/0x420
[ 1618.479082][T21372]  ? bpf_lsm_file_ioctl+0x9/0x20
[ 1618.479092][T21372]  ? __pfx_fb_ioctl+0x10/0x10
[ 1618.479105][T21372]  __se_sys_ioctl+0xfc/0x170
[ 1618.479119][T21372]  do_syscall_64+0xfa/0x3b0
[ 1618.479128][T21372]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1618.479142][T21372]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1618.479152][T21372]  ? clear_bhb_loop+0x60/0xb0
[ 1618.479164][T21372]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1618.479172][T21372] RIP: 0033:0x7ff44918e929
[ 1618.479182][T21372] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1618.479190][T21372] RSP: 002b:00007ff449f41038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1618.479202][T21372] RAX: ffffffffffffffda RBX: 00007ff4493b5fa0 RCX: 00007ff44918e929
[ 1618.479209][T21372] RDX: 0000200000000100 RSI: 0000000000004601 RDI: 0000000000000003
[ 1618.479215][T21372] RBP: 00007ff449f41090 R08: 0000000000000000 R09: 0000000000000000
[ 1618.479221][T21372] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1618.479227][T21372] R13: 0000000000000000 R14: 00007ff4493b5fa0 R15: 00007ffc49baa208
[ 1618.479242][T21372]  </TASK>
[ 1618.689766][    C1] vkms_vblank_simulate: vblank timer overrun
[ 1618.794581][T21370] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[ 1618.809142][T21370] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[ 1618.828109][T21370] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[ 1618.964808][T21370] Bluetooth: hci5: Opcode 0x0c1a failed: -4
[ 1619.323977][T21378] capability: warning: `syz.5.3939' uses deprecated v2 capabilities in a way that may be insecure
[ 1619.368673][   T30] audit: type=1400 audit(1751676017.391:2): lsm=SMACK fn=smack_file_ioctl action=denied subject="w" object="_" requested=w pid=21374 comm="syz.5.3939" path="/dev/snd/controlC0" dev="devtmpfs" ino=1292
[ 1620.404364][T18418] Bluetooth: hci1: command 0x0c1a tx timeout
[ 1620.913758][T18418] Bluetooth: hci2: command 0x0c1a tx timeout
[ 1620.921637][ T5842] Bluetooth: hci4: command 0x0c1a tx timeout
[ 1620.921657][T18418] Bluetooth: hci3: command 0x0c1a tx timeout
[ 1621.049252][T18418] Bluetooth: hci5: command 0x0419 tx timeout
[ 1621.148832][T21348] syz.0.3933 (21348): drop_caches: 2
[ 1621.587935][T21420] FAULT_INJECTION: forcing a failure.
[ 1621.587935][T21420] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1621.624940][T21420] CPU: 0 UID: 0 PID: 21420 Comm: syz.0.3949 Not tainted 6.16.0-rc4-syzkaller-00123-g4c06e63b9203 #0 PREEMPT(full) 
[ 1621.624968][T21420] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 1621.624979][T21420] Call Trace:
[ 1621.624986][T21420]  <TASK>
[ 1621.624995][T21420]  dump_stack_lvl+0x189/0x250
[ 1621.625019][T21420]  ? __pfx____ratelimit+0x10/0x10
[ 1621.625043][T21420]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1621.625061][T21420]  ? __pfx__printk+0x10/0x10
[ 1621.625082][T21420]  ? __might_fault+0xb0/0x130
[ 1621.625115][T21420]  should_fail_ex+0x414/0x560
[ 1621.625143][T21420]  _copy_from_user+0x2d/0xb0
[ 1621.625163][T21420]  ___sys_sendmsg+0x158/0x2a0
[ 1621.625187][T21420]  ? __pfx____sys_sendmsg+0x10/0x10
[ 1621.625243][T21420]  ? __fget_files+0x2a/0x420
[ 1621.625259][T21420]  ? __fget_files+0x3a0/0x420
[ 1621.625286][T21420]  __x64_sys_sendmsg+0x19b/0x260
[ 1621.625309][T21420]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[ 1621.625339][T21420]  ? __pfx_ksys_write+0x10/0x10
[ 1621.625367][T21420]  ? do_syscall_64+0xbe/0x3b0
[ 1621.625388][T21420]  do_syscall_64+0xfa/0x3b0
[ 1621.625402][T21420]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1621.625452][T21420]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1621.625468][T21420]  ? clear_bhb_loop+0x60/0xb0
[ 1621.625489][T21420]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1621.625505][T21420] RIP: 0033:0x7fa40258e929
[ 1621.625521][T21420] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1621.625535][T21420] RSP: 002b:00007fa4033d0038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 1621.625554][T21420] RAX: ffffffffffffffda RBX: 00007fa4027b6080 RCX: 00007fa40258e929
[ 1621.625567][T21420] RDX: 000000000400c014 RSI: 0000200000000200 RDI: 0000000000000005
[ 1621.625578][T21420] RBP: 00007fa4033d0090 R08: 0000000000000000 R09: 0000000000000000
[ 1621.625589][T21420] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1621.625600][T21420] R13: 0000000000000001 R14: 00007fa4027b6080 R15: 00007fff843557f8
[ 1621.625627][T21420]  </TASK>
[ 1621.836727][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1622.404433][T15433] usb 2-1: new high-speed USB device number 18 using dummy_hcd
[ 1622.726210][T15433] usb 2-1: Using ep0 maxpacket: 16
[ 1622.747077][T21422] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[ 1623.325757][T21422] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[ 1623.357000][T21422] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[ 1623.369263][T15433] usb 2-1: unable to get BOS descriptor or descriptor too short
[ 1623.471262][T15433] usb 2-1: config 8 has an invalid interface number: 132 but max is 0
[ 1623.485737][T15433] usb 2-1: config 8 has an invalid descriptor of length 0, skipping remainder of the config
[ 1623.501473][T21422] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[ 1623.519160][T15433] usb 2-1: config 8 has no interface number 0
[ 1623.525638][T21422] Bluetooth: hci5: Opcode 0x0c1a failed: -4
[ 1623.531907][T15433] usb 2-1: config 8 interface 132 altsetting 252 has 0 endpoint descriptors, different from the interface descriptor's value: 3
[ 1623.592102][T15433] usb 2-1: config 8 interface 132 has no altsetting 0
[ 1623.633840][T15433] usb 2-1: New USB device found, idVendor=07cf, idProduct=1001, bcdDevice=8f.8b
[ 1623.653319][T15433] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1623.677865][T15433] usb 2-1: Product: syz
[ 1623.682081][T15433] usb 2-1: Manufacturer: syz
[ 1623.701729][T15433] usb 2-1: SerialNumber: syz
[ 1624.247639][T15433] usb-storage 2-1:8.132: USB Mass Storage device detected
[ 1624.398899][T15433] usb-storage 2-1:8.132: Quirks match for vid 07cf pid 1001: a
[ 1624.804522][T18418] Bluetooth: hci1: command 0x0c1a tx timeout
[ 1625.078058][T21451] slcan: can't register candev
[ 1625.083281][T21451] Falling back ldisc for ttyS3.
[ 1625.198127][T15433] usb 2-1: USB disconnect, device number 18
[ 1625.364573][ T5842] Bluetooth: hci3: command 0x0c1a tx timeout
[ 1625.370687][T18418] Bluetooth: hci4: command 0x0c1a tx timeout
[ 1625.540250][T18418] Bluetooth: hci2: command 0x0c1a tx timeout
[ 1625.610076][T18418] Bluetooth: hci5: command 0x0419 tx timeout
[ 1625.937614][T21473] FAULT_INJECTION: forcing a failure.
[ 1625.937614][T21473] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1625.952281][T21473] CPU: 0 UID: 0 PID: 21473 Comm: syz.1.3961 Not tainted 6.16.0-rc4-syzkaller-00123-g4c06e63b9203 #0 PREEMPT(full) 
[ 1625.952306][T21473] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 1625.952317][T21473] Call Trace:
[ 1625.952324][T21473]  <TASK>
[ 1625.952331][T21473]  dump_stack_lvl+0x189/0x250
[ 1625.952355][T21473]  ? __pfx____ratelimit+0x10/0x10
[ 1625.952379][T21473]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1625.952398][T21473]  ? __pfx__printk+0x10/0x10
[ 1625.952439][T21473]  should_fail_ex+0x414/0x560
[ 1625.952467][T21473]  _copy_from_user+0x2d/0xb0
[ 1625.952487][T21473]  copy_from_sockptr+0x48/0x70
[ 1625.952509][T21473]  ip6_mroute_setsockopt+0x8a5/0xf00
[ 1625.952540][T21473]  ? __pfx_ip6_mroute_setsockopt+0x10/0x10
[ 1625.952585][T21473]  ? do_ipv6_setsockopt+0x42a/0x2fb0
[ 1625.952614][T21473]  do_ipv6_setsockopt+0x445/0x2fb0
[ 1625.952646][T21473]  ? __pfx_do_ipv6_setsockopt+0x10/0x10
[ 1625.952666][T21473]  ? irqentry_exit+0x74/0x90
[ 1625.952695][T21473]  ? __pfx___schedule+0x10/0x10
[ 1625.952726][T21473]  ? finish_task_switch+0x26b/0x950
[ 1625.952755][T21473]  ? rcu_is_watching+0x15/0xb0
[ 1625.952775][T21473]  ? trace_irq_disable+0x37/0x110
[ 1625.952798][T21473]  ? preempt_schedule_irq+0xde/0x150
[ 1625.952819][T21473]  ? __pfx_preempt_schedule_irq+0x10/0x10
[ 1625.952850][T21473]  ? irqentry_exit+0x74/0x90
[ 1625.952872][T21473]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1625.952910][T21473]  ipv6_setsockopt+0x59/0x170
[ 1625.952939][T21473]  rawv6_setsockopt+0x23b/0x5b0
[ 1625.952960][T21473]  ? __lock_acquire+0xab9/0xd20
[ 1625.952979][T21473]  ? __pfx_rawv6_setsockopt+0x10/0x10
[ 1625.953004][T21473]  ? sock_common_setsockopt+0x36/0xc0
[ 1625.953022][T21473]  ? __pfx_sock_common_setsockopt+0x10/0x10
[ 1625.953042][T21473]  do_sock_setsockopt+0x25a/0x3e0
[ 1625.953065][T21473]  ? __pfx_do_sock_setsockopt+0x10/0x10
[ 1625.953090][T21473]  ? __fget_files+0x2a/0x420
[ 1625.953116][T21473]  __x64_sys_setsockopt+0x18b/0x220
[ 1625.953143][T21473]  do_syscall_64+0xfa/0x3b0
[ 1625.953160][T21473]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1625.953176][T21473]  ? asm_sysvec_reschedule_ipi+0x1a/0x20
[ 1625.953192][T21473]  ? clear_bhb_loop+0x60/0xb0
[ 1625.953213][T21473]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1625.953230][T21473] RIP: 0033:0x7f4848f8e929
[ 1625.953246][T21473] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1625.953260][T21473] RSP: 002b:00007f4846dd5038 EFLAGS: 00000246 ORIG_RAX: 0000000000000036
[ 1625.953280][T21473] RAX: ffffffffffffffda RBX: 00007f48491b6160 RCX: 00007f4848f8e929
[ 1625.953293][T21473] RDX: 00000000000000ca RSI: 0000000000000029 RDI: 0000000000000009
[ 1625.953304][T21473] RBP: 00007f4846dd5090 R08: 000000000000000c R09: 0000000000000000
[ 1625.953315][T21473] R10: 0000200000000100 R11: 0000000000000246 R12: 0000000000000001
[ 1625.953326][T21473] R13: 0000000000000000 R14: 00007f48491b6160 R15: 00007ffc77d61568
[ 1625.953355][T21473]  </TASK>
[ 1626.240196][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1627.941688][T21487] FAULT_INJECTION: forcing a failure.
[ 1627.941688][T21487] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1628.171497][T21487] CPU: 0 UID: 0 PID: 21487 Comm: syz.1.3966 Not tainted 6.16.0-rc4-syzkaller-00123-g4c06e63b9203 #0 PREEMPT(full) 
[ 1628.171526][T21487] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 1628.171537][T21487] Call Trace:
[ 1628.171544][T21487]  <TASK>
[ 1628.171552][T21487]  dump_stack_lvl+0x189/0x250
[ 1628.171576][T21487]  ? __pfx____ratelimit+0x10/0x10
[ 1628.171600][T21487]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1628.171620][T21487]  ? __pfx__printk+0x10/0x10
[ 1628.171658][T21487]  should_fail_ex+0x414/0x560
[ 1628.171686][T21487]  _copy_to_user+0x31/0xb0
[ 1628.171709][T21487]  simple_read_from_buffer+0xe1/0x170
[ 1628.171742][T21487]  proc_fail_nth_read+0x1df/0x250
[ 1628.171764][T21487]  ? __pfx_proc_fail_nth_read+0x10/0x10
[ 1628.171786][T21487]  ? rw_verify_area+0x258/0x650
[ 1628.171807][T21487]  ? __pfx_proc_fail_nth_read+0x10/0x10
[ 1628.171827][T21487]  vfs_read+0x1fd/0x980
[ 1628.171855][T21487]  ? __pfx___mutex_lock+0x10/0x10
[ 1628.171873][T21487]  ? __pfx_vfs_read+0x10/0x10
[ 1628.171896][T21487]  ? __fget_files+0x2a/0x420
[ 1628.171918][T21487]  ? __fget_files+0x3a0/0x420
[ 1628.171933][T21487]  ? __fget_files+0x2a/0x420
[ 1628.171959][T21487]  ksys_read+0x145/0x250
[ 1628.171983][T21487]  ? __pfx_ksys_read+0x10/0x10
[ 1628.172003][T21487]  ? rcu_is_watching+0x15/0xb0
[ 1628.172027][T21487]  ? do_syscall_64+0xbe/0x3b0
[ 1628.172048][T21487]  do_syscall_64+0xfa/0x3b0
[ 1628.172066][T21487]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1628.172082][T21487]  ? asm_sysvec_reschedule_ipi+0x1a/0x20
[ 1628.172098][T21487]  ? clear_bhb_loop+0x60/0xb0
[ 1628.172119][T21487]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1628.172135][T21487] RIP: 0033:0x7f4848f8d33c
[ 1628.172151][T21487] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[ 1628.172165][T21487] RSP: 002b:00007f4849d10030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[ 1628.172190][T21487] RAX: ffffffffffffffda RBX: 00007f48491b5fa0 RCX: 00007f4848f8d33c
[ 1628.172203][T21487] RDX: 000000000000000f RSI: 00007f4849d100a0 RDI: 0000000000000004
[ 1628.172214][T21487] RBP: 00007f4849d10090 R08: 0000000000000000 R09: 0000000000000000
[ 1628.172225][T21487] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1628.172236][T21487] R13: 0000000000000000 R14: 00007f48491b5fa0 R15: 00007ffc77d61568
[ 1628.172265][T21487]  </TASK>
[ 1628.405367][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1628.763198][T21489] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[ 1629.742695][T21489] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[ 1629.798882][T21502] vhci_hcd vhci_hcd.0: pdev(4) rhport(0) sockfd(7)
[ 1629.805495][T21502] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed)
[ 1629.816262][T21502] vhci_hcd vhci_hcd.0: Device attached
[ 1629.836668][T21489] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[ 1629.883903][T21506] libceph: resolve '.' (ret=-3): failed
[ 1629.899480][T21489] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[ 1630.054518][T21489] Bluetooth: hci5: Opcode 0x0c1a failed: -4
[ 1630.060571][T21503] vhci_hcd: connection closed
[ 1630.063809][ T9356] vhci_hcd: stop threads
[ 1630.076471][ T9356] vhci_hcd: release socket
[ 1630.087133][ T9356] vhci_hcd: disconnect device
[ 1630.094360][T16934] usb 41-1: new high-speed USB device number 2 using vhci_hcd
[ 1630.102221][T16934] usb 41-1: enqueue for inactive port 0
[ 1630.205198][T21511] can0: slcan on ttyS3.
[ 1630.759070][T21511] can0 (unregistered): slcan off ttyS3.
[ 1630.804577][T18418] Bluetooth: hci1: command 0x0c1a tx timeout
[ 1630.840607][T16934] vhci_hcd: vhci_device speed not set
[ 1631.400104][T21526] netlink: 8 bytes leftover after parsing attributes in process `syz.5.3971'.
[ 1631.584330][ T5932] usb 5-1: new high-speed USB device number 17 using dummy_hcd
[ 1631.754683][ T5932] usb 5-1: Using ep0 maxpacket: 8
[ 1631.773686][ T5932] usb 5-1: config index 0 descriptor too short (expected 30, got 18)
[ 1631.782209][T18418] Bluetooth: hci3: command 0x0c1a tx timeout
[ 1631.810834][ T5932] usb 5-1: New USB device found, idVendor=1660, idProduct=0932, bcdDevice=80.ea
[ 1631.833529][ T5932] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1631.844837][T18418] Bluetooth: hci4: command 0x0c1a tx timeout
[ 1631.852794][ T5932] usb 5-1: Product: syz
[ 1631.857514][ T5932] usb 5-1: Manufacturer: syz
[ 1631.863507][ T5932] usb 5-1: SerialNumber: syz
[ 1631.896856][ T5932] usb 5-1: config 0 descriptor??
[ 1631.968827][T18418] Bluetooth: hci2: command 0x0c1a tx timeout
[ 1631.976275][ T5932] dvb-usb: found a 'Medion MD95700 (MDUSBTV-HYBRID)' in warm state.
[ 1631.993647][ T5932] usb 5-1: setting power ON
[ 1632.000532][ T5932] dvb-usb: bulk message failed: -22 (2/0)
[ 1632.017417][ T5932] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer.
[ 1632.027984][ T5932] dvbdev: DVB: registering new adapter (Medion MD95700 (MDUSBTV-HYBRID))
[ 1632.039130][ T5932] usb 5-1: media controller created
[ 1632.075459][ T5932] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[ 1632.084806][T18418] Bluetooth: hci5: command 0x0419 tx timeout
[ 1632.105957][T21525] process 'syz.4.3974' launched './file1' with NULL argv: empty string added
[ 1632.128364][ T5932] usb 5-1: selecting invalid altsetting 6
[ 1632.144271][ T5932] usb 5-1: digital interface selection failed (-22)
[ 1632.161168][ T5932] dvb-usb: no frontend was attached by 'Medion MD95700 (MDUSBTV-HYBRID)'
[ 1632.165002][T21525] netlink: 12 bytes leftover after parsing attributes in process `syz.4.3974'.
[ 1632.179810][ T5932] usb 5-1: setting power OFF
[ 1632.191994][ T5932] dvb-usb: bulk message failed: -22 (2/0)
[ 1632.203213][T21525] netlink: 8 bytes leftover after parsing attributes in process `syz.4.3974'.
[ 1632.213491][T21525] netlink: 8 bytes leftover after parsing attributes in process `syz.4.3974'.
[ 1632.264323][ T5932] dvb-usb: Medion MD95700 (MDUSBTV-HYBRID) successfully initialized and connected.
[ 1632.282857][ T5932] (NULL device *): no alternate interface
[ 1632.484623][ T5890] usb 6-1: new high-speed USB device number 9 using dummy_hcd
[ 1632.899242][ T5890] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1632.931857][ T5890] usb 6-1: config 0 has 0 interfaces, different from the descriptor's value: 1
[ 1633.008866][ T5890] usb 6-1: New USB device found, idVendor=0cf3, idProduct=9374, bcdDevice=bc.3b
[ 1633.086858][ T5890] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1633.183856][ T5890] usb 6-1: config 0 descriptor??
[ 1633.265381][T21554] 8021q: adding VLAN 0 to HW filter on device ipvlan2
[ 1633.272890][T21554] team0: Device ipvlan2 is already an upper device of the team interface
[ 1633.541889][T21562] FAULT_INJECTION: forcing a failure.
[ 1633.541889][T21562] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1633.555379][T21562] CPU: 0 UID: 0 PID: 21562 Comm: syz.5.3975 Not tainted 6.16.0-rc4-syzkaller-00123-g4c06e63b9203 #0 PREEMPT(full) 
[ 1633.555403][T21562] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 1633.555414][T21562] Call Trace:
[ 1633.555422][T21562]  <TASK>
[ 1633.555429][T21562]  dump_stack_lvl+0x189/0x250
[ 1633.555452][T21562]  ? __pfx____ratelimit+0x10/0x10
[ 1633.555475][T21562]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1633.555492][T21562]  ? __pfx__printk+0x10/0x10
[ 1633.555529][T21562]  ? __might_fault+0xb0/0x130
[ 1633.555561][T21562]  should_fail_ex+0x414/0x560
[ 1633.555588][T21562]  _copy_from_iter+0x1db/0x16f0
[ 1633.555610][T21562]  ? rcu_is_watching+0x15/0xb0
[ 1633.555629][T21562]  ? kmem_cache_alloc_node_noprof+0x217/0x3c0
[ 1633.555652][T21562]  ? __pfx__copy_from_iter+0x10/0x10
[ 1633.555670][T21562]  ? __build_skb_around+0x257/0x3e0
[ 1633.555692][T21562]  ? netlink_sendmsg+0x642/0xb30
[ 1633.555709][T21562]  ? skb_put+0x11b/0x210
[ 1633.555731][T21562]  netlink_sendmsg+0x6b2/0xb30
[ 1633.555748][T21562]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1633.555789][T21562]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 1633.555812][T21562]  ? bpf_lsm_socket_sendmsg+0x4/0x20
[ 1633.555836][T21562]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[ 1633.555855][T21562]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 1633.555875][T21562]  __sock_sendmsg+0x219/0x270
[ 1633.555902][T21562]  ____sys_sendmsg+0x505/0x830
[ 1633.555927][T21562]  ? __pfx_____sys_sendmsg+0x10/0x10
[ 1633.555956][T21562]  ? import_iovec+0x74/0xa0
[ 1633.555978][T21562]  ___sys_sendmsg+0x21f/0x2a0
[ 1633.555999][T21562]  ? __pfx____sys_sendmsg+0x10/0x10
[ 1633.556051][T21562]  ? __fget_files+0x2a/0x420
[ 1633.556065][T21562]  ? __fget_files+0x3a0/0x420
[ 1633.556089][T21562]  __x64_sys_sendmsg+0x19b/0x260
[ 1633.556110][T21562]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[ 1633.556138][T21562]  ? __pfx_ksys_write+0x10/0x10
[ 1633.556157][T21562]  ? rcu_is_watching+0x15/0xb0
[ 1633.556180][T21562]  ? do_syscall_64+0xbe/0x3b0
[ 1633.556200][T21562]  do_syscall_64+0xfa/0x3b0
[ 1633.556216][T21562]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1633.556232][T21562]  ? asm_sysvec_call_function_single+0x1a/0x20
[ 1633.556248][T21562]  ? clear_bhb_loop+0x60/0xb0
[ 1633.556268][T21562]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1633.556284][T21562] RIP: 0033:0x7ff44918e929
[ 1633.556300][T21562] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1633.556314][T21562] RSP: 002b:00007ff449f20038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 1633.556333][T21562] RAX: ffffffffffffffda RBX: 00007ff4493b6080 RCX: 00007ff44918e929
[ 1633.556345][T21562] RDX: 0000000004000084 RSI: 0000200000000000 RDI: 0000000000000008
[ 1633.556357][T21562] RBP: 00007ff449f20090 R08: 0000000000000000 R09: 0000000000000000
[ 1633.556367][T21562] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1633.556377][T21562] R13: 0000000000000000 R14: 00007ff4493b6080 R15: 00007ffc49baa208
[ 1633.556405][T21562]  </TASK>
[ 1634.356951][ T5890] usb 6-1: USB disconnect, device number 9
[ 1634.380791][ T5932] dvb-usb: Medion MD95700 (MDUSBTV-HYBRID) successfully deinitialized and disconnected.
[ 1634.425170][ T5932] usb 5-1: USB disconnect, device number 17
[ 1634.702516][T21571] can0: slcan on ttyS3.
[ 1635.238246][T21560] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[ 1635.261568][T21560] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[ 1635.264901][T21571] can0 (unregistered): slcan off ttyS3.
[ 1635.344588][T21560] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[ 1635.360058][T21560] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[ 1635.368402][T21560] Bluetooth: hci5: Opcode 0x0c1a failed: -4
[ 1636.625527][T21592] =======================================================
[ 1636.625527][T21592] WARNING: The mand mount option has been deprecated and
[ 1636.625527][T21592]          and is ignored by this kernel. Remove the mand
[ 1636.625527][T21592]          option from the mount to silence this warning.
[ 1636.625527][T21592] =======================================================
[ 1636.661276][T21592] kAFS: No cell specified
[ 1637.147274][T21602] FAULT_INJECTION: forcing a failure.
[ 1637.147274][T21602] name failslab, interval 1, probability 0, space 0, times 0
[ 1637.160265][T21602] CPU: 1 UID: 0 PID: 21602 Comm: syz.1.3989 Not tainted 6.16.0-rc4-syzkaller-00123-g4c06e63b9203 #0 PREEMPT(full) 
[ 1637.160289][T21602] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 1637.160300][T21602] Call Trace:
[ 1637.160307][T21602]  <TASK>
[ 1637.160315][T21602]  dump_stack_lvl+0x189/0x250
[ 1637.160340][T21602]  ? __pfx____ratelimit+0x10/0x10
[ 1637.160364][T21602]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1637.160383][T21602]  ? __pfx__printk+0x10/0x10
[ 1637.160409][T21602]  ? __pfx___might_resched+0x10/0x10
[ 1637.160426][T21602]  ? fs_reclaim_acquire+0x7d/0x100
[ 1637.160449][T21602]  should_fail_ex+0x414/0x560
[ 1637.160477][T21602]  should_failslab+0xa8/0x100
[ 1637.160495][T21602]  __kmalloc_cache_noprof+0x70/0x3d0
[ 1637.160518][T21602]  ? wakeup_source_sysfs_add+0x57/0x280
[ 1637.160544][T21602]  wakeup_source_sysfs_add+0x57/0x280
[ 1637.160569][T21602]  wakeup_source_register+0x18a/0x380
[ 1637.160593][T21602]  ep_modify+0x2c9/0xb20
[ 1637.160622][T21602]  ? __pfx_ep_modify+0x10/0x10
[ 1637.160644][T21602]  ? rcu_is_watching+0x15/0xb0
[ 1637.160665][T21602]  ? __fget_files+0x2a/0x420
[ 1637.160680][T21602]  ? safesetid_security_capable+0xa9/0x1a0
[ 1637.160705][T21602]  ? bpf_lsm_capable+0x9/0x20
[ 1637.160732][T21602]  do_epoll_ctl+0x6b5/0xe90
[ 1637.160764][T21602]  __x64_sys_epoll_ctl+0x163/0x1a0
[ 1637.160789][T21602]  ? __pfx___x64_sys_epoll_ctl+0x10/0x10
[ 1637.160818][T21602]  ? do_syscall_64+0xbe/0x3b0
[ 1637.160839][T21602]  do_syscall_64+0xfa/0x3b0
[ 1637.160853][T21602]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1637.160875][T21602]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1637.160892][T21602]  ? clear_bhb_loop+0x60/0xb0
[ 1637.160912][T21602]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1637.160929][T21602] RIP: 0033:0x7f4848f8e929
[ 1637.160945][T21602] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1637.160960][T21602] RSP: 002b:00007f4846dd5038 EFLAGS: 00000246 ORIG_RAX: 00000000000000e9
[ 1637.160979][T21602] RAX: ffffffffffffffda RBX: 00007f48491b6160 RCX: 00007f4848f8e929
[ 1637.160992][T21602] RDX: 0000000000000005 RSI: 0000000000000003 RDI: 0000000000000003
[ 1637.161003][T21602] RBP: 00007f4846dd5090 R08: 0000000000000000 R09: 0000000000000000
[ 1637.161013][T21602] R10: 0000200000000140 R11: 0000000000000246 R12: 0000000000000001
[ 1637.161024][T21602] R13: 0000000000000001 R14: 00007f48491b6160 R15: 00007ffc77d61568
[ 1637.161054][T21602]  </TASK>
[ 1637.404053][T18418] Bluetooth: hci3: command 0x0c1a tx timeout
[ 1637.410795][T18418] Bluetooth: hci1: command 0x0c1a tx timeout
[ 1637.418178][T18418] Bluetooth: hci4: command 0x0c1a tx timeout
[ 1637.494375][ T5842] Bluetooth: hci5: command 0x0419 tx timeout
[ 1637.494384][T18418] Bluetooth: hci2: command 0x0c1a tx timeout
[ 1638.162245][T21620] program syz.1.3992 is using a deprecated SCSI ioctl, please convert it to SG_IO
[ 1638.168876][T21622] FAULT_INJECTION: forcing a failure.
[ 1638.168876][T21622] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1638.204731][T21620] sd 0:0:1:0: ioctl_internal_command: ILLEGAL REQUEST asc=0x20 ascq=0x0
[ 1638.225939][T21622] CPU: 0 UID: 0 PID: 21622 Comm: syz.0.3993 Not tainted 6.16.0-rc4-syzkaller-00123-g4c06e63b9203 #0 PREEMPT(full) 
[ 1638.225964][T21622] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 1638.225974][T21622] Call Trace:
[ 1638.225981][T21622]  <TASK>
[ 1638.225989][T21622]  dump_stack_lvl+0x189/0x250
[ 1638.226012][T21622]  ? __pfx____ratelimit+0x10/0x10
[ 1638.226034][T21622]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1638.226051][T21622]  ? __pfx__printk+0x10/0x10
[ 1638.226082][T21622]  should_fail_ex+0x414/0x560
[ 1638.226110][T21622]  _copy_to_user+0x31/0xb0
[ 1638.226132][T21622]  simple_read_from_buffer+0xe1/0x170
[ 1638.226160][T21622]  proc_fail_nth_read+0x1df/0x250
[ 1638.226181][T21622]  ? __pfx_proc_fail_nth_read+0x10/0x10
[ 1638.226202][T21622]  ? rw_verify_area+0x258/0x650
[ 1638.226221][T21622]  ? __pfx_proc_fail_nth_read+0x10/0x10
[ 1638.226241][T21622]  vfs_read+0x1fd/0x980
[ 1638.226268][T21622]  ? __pfx___mutex_lock+0x10/0x10
[ 1638.226287][T21622]  ? __pfx_vfs_read+0x10/0x10
[ 1638.226310][T21622]  ? __fget_files+0x2a/0x420
[ 1638.226331][T21622]  ? __fget_files+0x3a0/0x420
[ 1638.226345][T21622]  ? __fget_files+0x2a/0x420
[ 1638.226371][T21622]  ksys_read+0x145/0x250
[ 1638.226395][T21622]  ? __pfx_ksys_read+0x10/0x10
[ 1638.226414][T21622]  ? rcu_is_watching+0x15/0xb0
[ 1638.226446][T21622]  ? do_syscall_64+0xbe/0x3b0
[ 1638.226466][T21622]  do_syscall_64+0xfa/0x3b0
[ 1638.226482][T21622]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1638.226503][T21622]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1638.226518][T21622]  ? clear_bhb_loop+0x60/0xb0
[ 1638.226538][T21622]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1638.226553][T21622] RIP: 0033:0x7fa40258d33c
[ 1638.226569][T21622] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[ 1638.226583][T21622] RSP: 002b:00007fa4033f1030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[ 1638.226602][T21622] RAX: ffffffffffffffda RBX: 00007fa4027b5fa0 RCX: 00007fa40258d33c
[ 1638.226614][T21622] RDX: 000000000000000f RSI: 00007fa4033f10a0 RDI: 0000000000000004
[ 1638.226625][T21622] RBP: 00007fa4033f1090 R08: 0000000000000000 R09: 0000000000000000
[ 1638.226636][T21622] R10: 0000000000000005 R11: 0000000000000246 R12: 0000000000000001
[ 1638.226647][T21622] R13: 0000000000000000 R14: 00007fa4027b5fa0 R15: 00007fff843557f8
[ 1638.226677][T21622]  </TASK>
[ 1639.133172][T21629] slcan: can't register candev
[ 1639.138297][T21629] Falling back ldisc for ttyS3.
[ 1639.816867][T21653] FAULT_INJECTION: forcing a failure.
[ 1639.816867][T21653] name failslab, interval 1, probability 0, space 0, times 0
[ 1639.855343][T21656] FAULT_INJECTION: forcing a failure.
[ 1639.855343][T21656] name failslab, interval 1, probability 0, space 0, times 0
[ 1639.898996][T21653] CPU: 1 UID: 0 PID: 21653 Comm: syz.4.4001 Not tainted 6.16.0-rc4-syzkaller-00123-g4c06e63b9203 #0 PREEMPT(full) 
[ 1639.899024][T21653] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 1639.899035][T21653] Call Trace:
[ 1639.899043][T21653]  <TASK>
[ 1639.899051][T21653]  dump_stack_lvl+0x189/0x250
[ 1639.899075][T21653]  ? __pfx____ratelimit+0x10/0x10
[ 1639.899100][T21653]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1639.899119][T21653]  ? __pfx__printk+0x10/0x10
[ 1639.899146][T21653]  ? __pfx___might_resched+0x10/0x10
[ 1639.899164][T21653]  ? fs_reclaim_acquire+0x7d/0x100
[ 1639.899188][T21653]  should_fail_ex+0x414/0x560
[ 1639.899217][T21653]  should_failslab+0xa8/0x100
[ 1639.899236][T21653]  __kmalloc_noprof+0xcb/0x4f0
[ 1639.899257][T21653]  ? kfree+0x4d/0x440
[ 1639.899274][T21653]  ? tomoyo_realpath_from_path+0xe3/0x5d0
[ 1639.899298][T21653]  tomoyo_realpath_from_path+0xe3/0x5d0
[ 1639.899324][T21653]  ? tomoyo_domain+0xda/0x130
[ 1639.899347][T21653]  ? tomoyo_path_number_perm+0x1bc/0x5a0
[ 1639.899370][T21653]  tomoyo_path_number_perm+0x1e8/0x5a0
[ 1639.899395][T21653]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[ 1639.899434][T21653]  ? __lock_acquire+0xab9/0xd20
[ 1639.899470][T21653]  ? __fget_files+0x2a/0x420
[ 1639.899490][T21653]  ? __fget_files+0x2a/0x420
[ 1639.899505][T21653]  ? __fget_files+0x3a0/0x420
[ 1639.899521][T21653]  ? __fget_files+0x2a/0x420
[ 1639.899542][T21653]  security_file_ioctl+0xcb/0x2d0
[ 1639.899567][T21653]  __se_sys_ioctl+0x47/0x170
[ 1639.899592][T21653]  do_syscall_64+0xfa/0x3b0
[ 1639.899607][T21653]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1639.899629][T21653]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1639.899647][T21653]  ? clear_bhb_loop+0x60/0xb0
[ 1639.899667][T21653]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1639.899682][T21653] RIP: 0033:0x7fc54778e929
[ 1639.899697][T21653] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1639.899710][T21653] RSP: 002b:00007fc54869d038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1639.899728][T21653] RAX: ffffffffffffffda RBX: 00007fc5479b5fa0 RCX: 00007fc54778e929
[ 1639.899739][T21653] RDX: 0000000000000000 RSI: 000000000000640f RDI: 0000000000000003
[ 1639.899749][T21653] RBP: 00007fc54869d090 R08: 0000000000000000 R09: 0000000000000000
[ 1639.899760][T21653] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1639.899769][T21653] R13: 0000000000000000 R14: 00007fc5479b5fa0 R15: 00007fff9e80f1c8
[ 1639.899797][T21653]  </TASK>
[ 1639.899804][T21653] ERROR: Out of memory at tomoyo_realpath_from_path.
[ 1639.904180][T21656] CPU: 0 UID: 0 PID: 21656 Comm: syz.1.4002 Not tainted 6.16.0-rc4-syzkaller-00123-g4c06e63b9203 #0 PREEMPT(full) 
[ 1639.904205][T21656] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 1639.904215][T21656] Call Trace:
[ 1639.904226][T21656]  <TASK>
[ 1639.904234][T21656]  dump_stack_lvl+0x189/0x250
[ 1639.904256][T21656]  ? __pfx____ratelimit+0x10/0x10
[ 1639.904279][T21656]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1639.904297][T21656]  ? __pfx__printk+0x10/0x10
[ 1639.904322][T21656]  ? __pfx___might_resched+0x10/0x10
[ 1639.904339][T21656]  ? fs_reclaim_acquire+0x7d/0x100
[ 1639.904362][T21656]  should_fail_ex+0x414/0x560
[ 1639.904388][T21656]  should_failslab+0xa8/0x100
[ 1639.904406][T21656]  __kmalloc_noprof+0xcb/0x4f0
[ 1639.904426][T21656]  ? kfree+0x4d/0x440
[ 1639.904444][T21656]  ? tomoyo_realpath_from_path+0xe3/0x5d0
[ 1639.904467][T21656]  tomoyo_realpath_from_path+0xe3/0x5d0
[ 1639.904487][T21656]  ? tomoyo_domain+0xda/0x130
[ 1639.904509][T21656]  ? tomoyo_path_number_perm+0x1bc/0x5a0
[ 1639.904532][T21656]  tomoyo_path_number_perm+0x1e8/0x5a0
[ 1639.904557][T21656]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[ 1639.904596][T21656]  ? __lock_acquire+0xab9/0xd20
[ 1639.904631][T21656]  ? __fget_files+0x2a/0x420
[ 1639.904650][T21656]  ? __fget_files+0x2a/0x420
[ 1639.904664][T21656]  ? __fget_files+0x3a0/0x420
[ 1639.904678][T21656]  ? __fget_files+0x2a/0x420
[ 1639.904698][T21656]  security_file_ioctl+0xcb/0x2d0
[ 1639.904723][T21656]  __se_sys_ioctl+0x47/0x170
[ 1639.904746][T21656]  do_syscall_64+0xfa/0x3b0
[ 1639.904762][T21656]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1639.904783][T21656]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1639.904800][T21656]  ? clear_bhb_loop+0x60/0xb0
[ 1639.904820][T21656]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1639.904835][T21656] RIP: 0033:0x7f4848f8e929
[ 1639.904850][T21656] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1639.904865][T21656] RSP: 002b:00007f4849d10038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1639.904883][T21656] RAX: ffffffffffffffda RBX: 00007f48491b5fa0 RCX: 00007f4848f8e929
[ 1639.904895][T21656] RDX: 0000000000000000 RSI: 000000008020640d RDI: 0000000000000003
[ 1639.904905][T21656] RBP: 00007f4849d10090 R08: 0000000000000000 R09: 0000000000000000
[ 1639.904916][T21656] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1639.904926][T21656] R13: 0000000000000000 R14: 00007f48491b5fa0 R15: 00007ffc77d61568
[ 1639.904953][T21656]  </TASK>
[ 1639.906287][T21656] ERROR: Out of memory at tomoyo_realpath_from_path.
[ 1640.100726][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1640.287496][T21669] netlink: 'syz.5.4005': attribute type 2 has an invalid length.
[ 1640.704406][T21673] can0: slcan on ttyS3.
[ 1641.136987][T21673] can0 (unregistered): slcan off ttyS3.
[ 1641.204369][T17441] usb 4-1: new high-speed USB device number 21 using dummy_hcd
[ 1641.285723][T21680] FAULT_INJECTION: forcing a failure.
[ 1641.285723][T21680] name failslab, interval 1, probability 0, space 0, times 0
[ 1641.331481][T21680] CPU: 1 UID: 0 PID: 21680 Comm: syz.4.4010 Not tainted 6.16.0-rc4-syzkaller-00123-g4c06e63b9203 #0 PREEMPT(full) 
[ 1641.331509][T21680] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 1641.331520][T21680] Call Trace:
[ 1641.331527][T21680]  <TASK>
[ 1641.331536][T21680]  dump_stack_lvl+0x189/0x250
[ 1641.331559][T21680]  ? __pfx____ratelimit+0x10/0x10
[ 1641.331583][T21680]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1641.331601][T21680]  ? __pfx__printk+0x10/0x10
[ 1641.331628][T21680]  ? __pfx___might_resched+0x10/0x10
[ 1641.331646][T21680]  ? fs_reclaim_acquire+0x7d/0x100
[ 1641.331668][T21680]  should_fail_ex+0x414/0x560
[ 1641.331696][T21680]  should_failslab+0xa8/0x100
[ 1641.331714][T21680]  __kmalloc_noprof+0xcb/0x4f0
[ 1641.331734][T21680]  ? kfree+0x4d/0x440
[ 1641.331752][T21680]  ? tomoyo_realpath_from_path+0xe3/0x5d0
[ 1641.331776][T21680]  tomoyo_realpath_from_path+0xe3/0x5d0
[ 1641.331796][T21680]  ? tomoyo_domain+0xda/0x130
[ 1641.331820][T21680]  ? tomoyo_path_number_perm+0x1bc/0x5a0
[ 1641.331843][T21680]  tomoyo_path_number_perm+0x1e8/0x5a0
[ 1641.331869][T21680]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[ 1641.331910][T21680]  ? __lock_acquire+0xab9/0xd20
[ 1641.331947][T21680]  ? __fget_files+0x2a/0x420
[ 1641.331967][T21680]  ? __fget_files+0x2a/0x420
[ 1641.331982][T21680]  ? __fget_files+0x3a0/0x420
[ 1641.331997][T21680]  ? __fget_files+0x2a/0x420
[ 1641.332018][T21680]  security_file_ioctl+0xcb/0x2d0
[ 1641.332044][T21680]  __se_sys_ioctl+0x47/0x170
[ 1641.332069][T21680]  do_syscall_64+0xfa/0x3b0
[ 1641.332085][T21680]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1641.332107][T21680]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1641.332124][T21680]  ? clear_bhb_loop+0x60/0xb0
[ 1641.332145][T21680]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1641.332160][T21680] RIP: 0033:0x7fc54778e929
[ 1641.332176][T21680] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1641.332191][T21680] RSP: 002b:00007fc54869d038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1641.332209][T21680] RAX: ffffffffffffffda RBX: 00007fc5479b5fa0 RCX: 00007fc54778e929
[ 1641.332222][T21680] RDX: 00002000000002c0 RSI: 000000008050640a RDI: 0000000000000003
[ 1641.332234][T21680] RBP: 00007fc54869d090 R08: 0000000000000000 R09: 0000000000000000
[ 1641.332245][T21680] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1641.332255][T21680] R13: 0000000000000000 R14: 00007fc5479b5fa0 R15: 00007fff9e80f1c8
[ 1641.332290][T21680]  </TASK>
[ 1641.332552][T21680] ERROR: Out of memory at tomoyo_realpath_from_path.
[ 1641.536144][T17441] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1641.657543][T21662] netlink: 36 bytes leftover after parsing attributes in process `syz.5.4005'.
[ 1641.768218][T17441] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1641.792922][T17441] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[ 1641.811744][T21689] FAULT_INJECTION: forcing a failure.
[ 1641.811744][T21689] name failslab, interval 1, probability 0, space 0, times 0
[ 1641.828053][T17441] usb 4-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[ 1641.858043][T21689] CPU: 0 UID: 0 PID: 21689 Comm: syz.5.4013 Not tainted 6.16.0-rc4-syzkaller-00123-g4c06e63b9203 #0 PREEMPT(full) 
[ 1641.858070][T21689] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 1641.858081][T21689] Call Trace:
[ 1641.858088][T21689]  <TASK>
[ 1641.858096][T21689]  dump_stack_lvl+0x189/0x250
[ 1641.858119][T21689]  ? __pfx____ratelimit+0x10/0x10
[ 1641.858143][T21689]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1641.858161][T21689]  ? __pfx__printk+0x10/0x10
[ 1641.858187][T21689]  ? __pfx___might_resched+0x10/0x10
[ 1641.858205][T21689]  ? fs_reclaim_acquire+0x7d/0x100
[ 1641.858228][T21689]  should_fail_ex+0x414/0x560
[ 1641.858256][T21689]  should_failslab+0xa8/0x100
[ 1641.858273][T21689]  __kmalloc_noprof+0xcb/0x4f0
[ 1641.858293][T21689]  ? kfree+0x4d/0x440
[ 1641.858311][T21689]  ? tomoyo_realpath_from_path+0xe3/0x5d0
[ 1641.858336][T21689]  tomoyo_realpath_from_path+0xe3/0x5d0
[ 1641.858356][T21689]  ? tomoyo_domain+0xda/0x130
[ 1641.858380][T21689]  ? tomoyo_path_number_perm+0x1bc/0x5a0
[ 1641.858403][T21689]  tomoyo_path_number_perm+0x1e8/0x5a0
[ 1641.858428][T21689]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[ 1641.858468][T21689]  ? __lock_acquire+0xab9/0xd20
[ 1641.858505][T21689]  ? __fget_files+0x2a/0x420
[ 1641.858525][T21689]  ? __fget_files+0x2a/0x420
[ 1641.858539][T21689]  ? __fget_files+0x3a0/0x420
[ 1641.858554][T21689]  ? __fget_files+0x2a/0x420
[ 1641.858573][T21689]  security_file_ioctl+0xcb/0x2d0
[ 1641.858600][T21689]  __se_sys_ioctl+0x47/0x170
[ 1641.858623][T21689]  do_syscall_64+0xfa/0x3b0
[ 1641.858639][T21689]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1641.858660][T21689]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1641.858675][T21689]  ? clear_bhb_loop+0x60/0xb0
[ 1641.858694][T21689]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1641.858709][T21689] RIP: 0033:0x7ff44918e929
[ 1641.858724][T21689] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1641.858736][T21689] RSP: 002b:00007ff449f41038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1641.858754][T21689] RAX: ffffffffffffffda RBX: 00007ff4493b5fa0 RCX: 00007ff44918e929
[ 1641.858765][T21689] RDX: 0000000000000000 RSI: 0000000000006405 RDI: 0000000000000004
[ 1641.858776][T21689] RBP: 00007ff449f41090 R08: 0000000000000000 R09: 0000000000000000
[ 1641.858785][T21689] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1641.858795][T21689] R13: 0000000000000000 R14: 00007ff4493b5fa0 R15: 00007ffc49baa208
[ 1641.858822][T21689]  </TASK>
[ 1641.858829][T21689] ERROR: Out of memory at tomoyo_realpath_from_path.
[ 1642.141583][T17441] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1642.204053][T17441] usb 4-1: config 0 descriptor??
[ 1642.883248][T17441] plantronics 0003:047F:FFFF.0003: reserved main item tag 0xd
[ 1643.084557][T17441] plantronics 0003:047F:FFFF.0003: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.3-1/input0
[ 1643.248660][T17441] usb 4-1: USB disconnect, device number 21
[ 1644.108199][T21721] fido_id[21721]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.3/usb4/report_descriptor': No such file or directory
[ 1644.325724][T21732] can0: slcan on ttyS3.
[ 1644.464655][T21732] can0 (unregistered): slcan off ttyS3.
[ 1644.725268][T21737] FAULT_INJECTION: forcing a failure.
[ 1644.725268][T21737] name failslab, interval 1, probability 0, space 0, times 0
[ 1644.850831][T21737] CPU: 0 UID: 0 PID: 21737 Comm: syz.3.4021 Not tainted 6.16.0-rc4-syzkaller-00123-g4c06e63b9203 #0 PREEMPT(full) 
[ 1644.850858][T21737] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 1644.850868][T21737] Call Trace:
[ 1644.850875][T21737]  <TASK>
[ 1644.850882][T21737]  dump_stack_lvl+0x189/0x250
[ 1644.850904][T21737]  ? __pfx____ratelimit+0x10/0x10
[ 1644.850928][T21737]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1644.850944][T21737]  ? __pfx__printk+0x10/0x10
[ 1644.850969][T21737]  ? __pfx___might_resched+0x10/0x10
[ 1644.850985][T21737]  ? fs_reclaim_acquire+0x7d/0x100
[ 1644.851007][T21737]  should_fail_ex+0x414/0x560
[ 1644.851034][T21737]  should_failslab+0xa8/0x100
[ 1644.851052][T21737]  __kmalloc_noprof+0xcb/0x4f0
[ 1644.851072][T21737]  ? kfree+0x4d/0x440
[ 1644.851089][T21737]  ? tomoyo_realpath_from_path+0xe3/0x5d0
[ 1644.851112][T21737]  tomoyo_realpath_from_path+0xe3/0x5d0
[ 1644.851131][T21737]  ? tomoyo_domain+0xda/0x130
[ 1644.851153][T21737]  ? tomoyo_path_number_perm+0x1bc/0x5a0
[ 1644.851177][T21737]  tomoyo_path_number_perm+0x1e8/0x5a0
[ 1644.851203][T21737]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[ 1644.851237][T21737]  ? __lock_acquire+0xab9/0xd20
[ 1644.851270][T21737]  ? __fget_files+0x2a/0x420
[ 1644.851290][T21737]  ? __fget_files+0x2a/0x420
[ 1644.851305][T21737]  ? __fget_files+0x3a0/0x420
[ 1644.851320][T21737]  ? __fget_files+0x2a/0x420
[ 1644.851339][T21737]  security_file_ioctl+0xcb/0x2d0
[ 1644.851364][T21737]  __se_sys_ioctl+0x47/0x170
[ 1644.851388][T21737]  do_syscall_64+0xfa/0x3b0
[ 1644.851401][T21737]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1644.851423][T21737]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1644.851439][T21737]  ? clear_bhb_loop+0x60/0xb0
[ 1644.851459][T21737]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1644.851475][T21737] RIP: 0033:0x7f959438e929
[ 1644.851490][T21737] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1644.851504][T21737] RSP: 002b:00007f959518c038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1644.851522][T21737] RAX: ffffffffffffffda RBX: 00007f95945b5fa0 RCX: 00007f959438e929
[ 1644.851534][T21737] RDX: 0000200000000100 RSI: 0000000080506409 RDI: 0000000000000003
[ 1644.851544][T21737] RBP: 00007f959518c090 R08: 0000000000000000 R09: 0000000000000000
[ 1644.851554][T21737] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1644.851564][T21737] R13: 0000000000000000 R14: 00007f95945b5fa0 R15: 00007fffcef809b8
[ 1644.851590][T21737]  </TASK>
[ 1644.913783][T21737] ERROR: Out of memory at tomoyo_realpath_from_path.
[ 1644.917079][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1645.136949][T21744] FAULT_INJECTION: forcing a failure.
[ 1645.136949][T21744] name failslab, interval 1, probability 0, space 0, times 0
[ 1645.159978][T21744] CPU: 1 UID: 0 PID: 21744 Comm: syz.5.4024 Not tainted 6.16.0-rc4-syzkaller-00123-g4c06e63b9203 #0 PREEMPT(full) 
[ 1645.160002][T21744] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 1645.160012][T21744] Call Trace:
[ 1645.160020][T21744]  <TASK>
[ 1645.160027][T21744]  dump_stack_lvl+0x189/0x250
[ 1645.160052][T21744]  ? __pfx____ratelimit+0x10/0x10
[ 1645.160076][T21744]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1645.160094][T21744]  ? __pfx__printk+0x10/0x10
[ 1645.160121][T21744]  ? __pfx___might_resched+0x10/0x10
[ 1645.160140][T21744]  ? fs_reclaim_acquire+0x7d/0x100
[ 1645.160164][T21744]  should_fail_ex+0x414/0x560
[ 1645.160192][T21744]  should_failslab+0xa8/0x100
[ 1645.160211][T21744]  __kmalloc_noprof+0xcb/0x4f0
[ 1645.160231][T21744]  ? kfree+0x4d/0x440
[ 1645.160249][T21744]  ? tomoyo_realpath_from_path+0xe3/0x5d0
[ 1645.160274][T21744]  tomoyo_realpath_from_path+0xe3/0x5d0
[ 1645.160295][T21744]  ? tomoyo_domain+0xda/0x130
[ 1645.160319][T21744]  ? tomoyo_path_number_perm+0x1bc/0x5a0
[ 1645.160343][T21744]  tomoyo_path_number_perm+0x1e8/0x5a0
[ 1645.160368][T21744]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[ 1645.160410][T21744]  ? __lock_acquire+0xab9/0xd20
[ 1645.160447][T21744]  ? __fget_files+0x2a/0x420
[ 1645.160468][T21744]  ? __fget_files+0x2a/0x420
[ 1645.160483][T21744]  ? __fget_files+0x3a0/0x420
[ 1645.160499][T21744]  ? __fget_files+0x2a/0x420
[ 1645.160520][T21744]  security_file_ioctl+0xcb/0x2d0
[ 1645.160546][T21744]  __se_sys_ioctl+0x47/0x170
[ 1645.160570][T21744]  do_syscall_64+0xfa/0x3b0
[ 1645.160586][T21744]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1645.160609][T21744]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1645.160626][T21744]  ? clear_bhb_loop+0x60/0xb0
[ 1645.160647][T21744]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1645.160663][T21744] RIP: 0033:0x7ff44918e929
[ 1645.160679][T21744] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1645.160693][T21744] RSP: 002b:00007ff449f41038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1645.160713][T21744] RAX: ffffffffffffffda RBX: 00007ff4493b5fa0 RCX: 00007ff44918e929
[ 1645.160725][T21744] RDX: 00002000000001c0 RSI: 00000000c02c640e RDI: 0000000000000003
[ 1645.160737][T21744] RBP: 00007ff449f41090 R08: 0000000000000000 R09: 0000000000000000
[ 1645.160748][T21744] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1645.160759][T21744] R13: 0000000000000000 R14: 00007ff4493b5fa0 R15: 00007ffc49baa208
[ 1645.160788][T21744]  </TASK>
[ 1645.160796][T21744] ERROR: Out of memory at tomoyo_realpath_from_path.
[ 1646.317840][T21772] veth1_macvtap: left promiscuous mode
[ 1646.349598][T21772] macsec0: entered promiscuous mode
[ 1646.376641][T21772] macsec0: entered allmulticast mode
[ 1646.422500][T21773] veth1_macvtap: entered promiscuous mode
[ 1646.440581][T21773] veth1_macvtap: entered allmulticast mode
[ 1646.500954][T21773] macsec0: left promiscuous mode
[ 1646.514796][T21773] macsec0: left allmulticast mode
[ 1646.542556][T21773] veth1_macvtap: left allmulticast mode
[ 1648.030991][   T30] audit: type=1800 audit(1751676045.091:3): pid=21781 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz.5.4031" name="bus" dev="overlay" ino=885 res=0 errno=0
[ 1648.355824][T21791] syzkaller0: entered promiscuous mode
[ 1648.361522][T21791] syzkaller0: entered allmulticast mode
[ 1648.644300][T21797] can0: slcan on ttyS3.
[ 1649.124998][T21797] can0 (unregistered): slcan off ttyS3.
[ 1649.431570][T21803] ALSA: mixer_oss: invalid OSS volume ''
[ 1649.732256][T21812] FAULT_INJECTION: forcing a failure.
[ 1649.732256][T21812] name failslab, interval 1, probability 0, space 0, times 0
[ 1649.764912][T21814] FAULT_INJECTION: forcing a failure.
[ 1649.764912][T21814] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1649.768003][T21812] CPU: 1 UID: 0 PID: 21812 Comm: syz.5.4039 Not tainted 6.16.0-rc4-syzkaller-00123-g4c06e63b9203 #0 PREEMPT(full) 
[ 1649.768027][T21812] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 1649.768038][T21812] Call Trace:
[ 1649.768045][T21812]  <TASK>
[ 1649.768053][T21812]  dump_stack_lvl+0x189/0x250
[ 1649.768077][T21812]  ? __pfx____ratelimit+0x10/0x10
[ 1649.768100][T21812]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1649.768118][T21812]  ? __pfx__printk+0x10/0x10
[ 1649.768144][T21812]  ? __pfx___might_resched+0x10/0x10
[ 1649.768160][T21812]  ? fs_reclaim_acquire+0x7d/0x100
[ 1649.768183][T21812]  should_fail_ex+0x414/0x560
[ 1649.768210][T21812]  should_failslab+0xa8/0x100
[ 1649.768228][T21812]  __kmalloc_noprof+0xcb/0x4f0
[ 1649.768248][T21812]  ? kfree+0x4d/0x440
[ 1649.768265][T21812]  ? tomoyo_realpath_from_path+0xe3/0x5d0
[ 1649.768288][T21812]  tomoyo_realpath_from_path+0xe3/0x5d0
[ 1649.768315][T21812]  ? tomoyo_domain+0xda/0x130
[ 1649.768338][T21812]  ? tomoyo_path_number_perm+0x1bc/0x5a0
[ 1649.768361][T21812]  tomoyo_path_number_perm+0x1e8/0x5a0
[ 1649.768386][T21812]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[ 1649.768425][T21812]  ? __lock_acquire+0xab9/0xd20
[ 1649.768461][T21812]  ? __fget_files+0x2a/0x420
[ 1649.768480][T21812]  ? __fget_files+0x2a/0x420
[ 1649.768494][T21812]  ? __fget_files+0x3a0/0x420
[ 1649.768509][T21812]  ? __fget_files+0x2a/0x420
[ 1649.768528][T21812]  security_file_ioctl+0xcb/0x2d0
[ 1649.768554][T21812]  __se_sys_ioctl+0x47/0x170
[ 1649.768577][T21812]  do_syscall_64+0xfa/0x3b0
[ 1649.768592][T21812]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1649.768614][T21812]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1649.768630][T21812]  ? clear_bhb_loop+0x60/0xb0
[ 1649.768649][T21812]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1649.768665][T21812] RIP: 0033:0x7ff44918e929
[ 1649.768680][T21812] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1649.768694][T21812] RSP: 002b:00007ff449f41038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1649.768712][T21812] RAX: ffffffffffffffda RBX: 00007ff4493b5fa0 RCX: 00007ff44918e929
[ 1649.768725][T21812] RDX: 0000200000000000 RSI: 000000008010640b RDI: 0000000000000003
[ 1649.768735][T21812] RBP: 00007ff449f41090 R08: 0000000000000000 R09: 0000000000000000
[ 1649.768745][T21812] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1649.768754][T21812] R13: 0000000000000000 R14: 00007ff4493b5fa0 R15: 00007ffc49baa208
[ 1649.768782][T21812]  </TASK>
[ 1649.768789][T21812] ERROR: Out of memory at tomoyo_realpath_from_path.
[ 1649.829402][T21814] CPU: 0 UID: 0 PID: 21814 Comm: syz.0.4042 Not tainted 6.16.0-rc4-syzkaller-00123-g4c06e63b9203 #0 PREEMPT(full) 
[ 1649.829428][T21814] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 1649.829438][T21814] Call Trace:
[ 1649.829446][T21814]  <TASK>
[ 1649.829452][T21814]  dump_stack_lvl+0x189/0x250
[ 1649.829477][T21814]  ? __pfx____ratelimit+0x10/0x10
[ 1649.829501][T21814]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1649.829519][T21814]  ? __pfx__printk+0x10/0x10
[ 1649.829558][T21814]  should_fail_ex+0x414/0x560
[ 1649.829586][T21814]  _copy_to_user+0x31/0xb0
[ 1649.829608][T21814]  simple_read_from_buffer+0xe1/0x170
[ 1649.829636][T21814]  proc_fail_nth_read+0x1df/0x250
[ 1649.829657][T21814]  ? __pfx_proc_fail_nth_read+0x10/0x10
[ 1649.829677][T21814]  ? rw_verify_area+0x258/0x650
[ 1649.829699][T21814]  ? __pfx_proc_fail_nth_read+0x10/0x10
[ 1649.829718][T21814]  vfs_read+0x1fd/0x980
[ 1649.829744][T21814]  ? __pfx___mutex_lock+0x10/0x10
[ 1649.829761][T21814]  ? __pfx_vfs_read+0x10/0x10
[ 1649.829787][T21814]  ? __fget_files+0x2a/0x420
[ 1649.829808][T21814]  ? __fget_files+0x3a0/0x420
[ 1649.829822][T21814]  ? __fget_files+0x2a/0x420
[ 1649.829847][T21814]  ksys_read+0x145/0x250
[ 1649.829870][T21814]  ? __pfx_ksys_read+0x10/0x10
[ 1649.829888][T21814]  ? rcu_is_watching+0x15/0xb0
[ 1649.829912][T21814]  ? do_syscall_64+0xbe/0x3b0
[ 1649.829932][T21814]  do_syscall_64+0xfa/0x3b0
[ 1649.829946][T21814]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1649.829967][T21814]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1649.829984][T21814]  ? clear_bhb_loop+0x60/0xb0
[ 1649.830003][T21814]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1649.830019][T21814] RIP: 0033:0x7fa40258d33c
[ 1649.830034][T21814] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[ 1649.830047][T21814] RSP: 002b:00007fa4033f1030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[ 1649.830065][T21814] RAX: ffffffffffffffda RBX: 00007fa4027b5fa0 RCX: 00007fa40258d33c
[ 1649.830077][T21814] RDX: 000000000000000f RSI: 00007fa4033f10a0 RDI: 0000000000000004
[ 1649.830088][T21814] RBP: 00007fa4033f1090 R08: 0000000000000000 R09: 0000000000000000
[ 1649.830099][T21814] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1649.830108][T21814] R13: 0000000000000000 R14: 00007fa4027b5fa0 R15: 00007fff843557f8
[ 1649.830136][T21814]  </TASK>
[ 1649.849670][T21816] netlink: 4 bytes leftover after parsing attributes in process `syz.1.4044'.
[ 1649.904375][   T30] audit: type=1326 audit(1751676047.941:4): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=21817 comm="syz.4.4043" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc54778e929 code=0x7ffc0000
[ 1649.904427][   T30] audit: type=1326 audit(1751676047.941:5): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=21817 comm="syz.4.4043" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc54778e929 code=0x7ffc0000
[ 1650.456130][T21832] FAULT_INJECTION: forcing a failure.
[ 1650.456130][T21832] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1650.505274][T21832] CPU: 0 UID: 0 PID: 21832 Comm: syz.0.4045 Not tainted 6.16.0-rc4-syzkaller-00123-g4c06e63b9203 #0 PREEMPT(full) 
[ 1650.505301][T21832] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 1650.505312][T21832] Call Trace:
[ 1650.505319][T21832]  <TASK>
[ 1650.505327][T21832]  dump_stack_lvl+0x189/0x250
[ 1650.505351][T21832]  ? __pfx____ratelimit+0x10/0x10
[ 1650.505375][T21832]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1650.505392][T21832]  ? __pfx__printk+0x10/0x10
[ 1650.505426][T21832]  should_fail_ex+0x414/0x560
[ 1650.505454][T21832]  _copy_to_user+0x31/0xb0
[ 1650.505476][T21832]  simple_read_from_buffer+0xe1/0x170
[ 1650.505511][T21832]  proc_fail_nth_read+0x1df/0x250
[ 1650.505534][T21832]  ? __pfx_proc_fail_nth_read+0x10/0x10
[ 1650.505555][T21832]  ? rw_verify_area+0x258/0x650
[ 1650.505576][T21832]  ? __pfx_proc_fail_nth_read+0x10/0x10
[ 1650.505595][T21832]  vfs_read+0x1fd/0x980
[ 1650.505622][T21832]  ? __pfx___mutex_lock+0x10/0x10
[ 1650.505641][T21832]  ? __pfx_vfs_read+0x10/0x10
[ 1650.505664][T21832]  ? __fget_files+0x2a/0x420
[ 1650.505685][T21832]  ? __fget_files+0x3a0/0x420
[ 1650.505699][T21832]  ? __fget_files+0x2a/0x420
[ 1650.505724][T21832]  ksys_read+0x145/0x250
[ 1650.505747][T21832]  ? __pfx_ksys_read+0x10/0x10
[ 1650.505773][T21832]  ? do_syscall_64+0xbe/0x3b0
[ 1650.505793][T21832]  do_syscall_64+0xfa/0x3b0
[ 1650.505808][T21832]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1650.505830][T21832]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1650.505847][T21832]  ? clear_bhb_loop+0x60/0xb0
[ 1650.505868][T21832]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1650.505885][T21832] RIP: 0033:0x7fa40258d33c
[ 1650.505901][T21832] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[ 1650.505915][T21832] RSP: 002b:00007fa4033f1030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[ 1650.505934][T21832] RAX: ffffffffffffffda RBX: 00007fa4027b5fa0 RCX: 00007fa40258d33c
[ 1650.505947][T21832] RDX: 000000000000000f RSI: 00007fa4033f10a0 RDI: 0000000000000004
[ 1650.505958][T21832] RBP: 00007fa4033f1090 R08: 0000000000000000 R09: 0000000000000000
[ 1650.505968][T21832] R10: 0000000000000800 R11: 0000000000000246 R12: 0000000000000001
[ 1650.505979][T21832] R13: 0000000000000000 R14: 00007fa4027b5fa0 R15: 00007fff843557f8
[ 1650.506008][T21832]  </TASK>
[ 1651.233780][T21855] can0: slcan on ttyS3.
[ 1651.346161][T15433] usb 1-1: new high-speed USB device number 30 using dummy_hcd
[ 1651.476444][T21855] can0 (unregistered): slcan off ttyS3.
[ 1651.774326][T15433] usb 1-1: Using ep0 maxpacket: 16
[ 1651.845013][T15433] usb 1-1: New USB device found, idVendor=0471, idProduct=0327, bcdDevice=61.a4
[ 1651.876633][T15433] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1651.973589][T15433] usb 1-1: config 0 descriptor??
[ 1651.991797][T21860] FAULT_INJECTION: forcing a failure.
[ 1651.991797][T21860] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1652.005536][T21860] CPU: 1 UID: 0 PID: 21860 Comm: syz.5.4053 Not tainted 6.16.0-rc4-syzkaller-00123-g4c06e63b9203 #0 PREEMPT(full) 
[ 1652.005561][T21860] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 1652.005572][T21860] Call Trace:
[ 1652.005579][T21860]  <TASK>
[ 1652.005587][T21860]  dump_stack_lvl+0x189/0x250
[ 1652.005610][T21860]  ? __pfx____ratelimit+0x10/0x10
[ 1652.005634][T21860]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1652.005653][T21860]  ? __pfx__printk+0x10/0x10
[ 1652.005674][T21860]  ? __might_fault+0xb0/0x130
[ 1652.005708][T21860]  should_fail_ex+0x414/0x560
[ 1652.005736][T21860]  _copy_from_user+0x2d/0xb0
[ 1652.005755][T21860]  ___sys_sendmsg+0x158/0x2a0
[ 1652.005779][T21860]  ? __pfx____sys_sendmsg+0x10/0x10
[ 1652.005835][T21860]  ? __fget_files+0x2a/0x420
[ 1652.005851][T21860]  ? __fget_files+0x3a0/0x420
[ 1652.005878][T21860]  __x64_sys_sendmsg+0x19b/0x260
[ 1652.005900][T21860]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[ 1652.005929][T21860]  ? rcu_is_watching+0x15/0xb0
[ 1652.005952][T21860]  ? do_syscall_64+0xbe/0x3b0
[ 1652.005971][T21860]  do_syscall_64+0xfa/0x3b0
[ 1652.005986][T21860]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1652.006006][T21860]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1652.006022][T21860]  ? clear_bhb_loop+0x60/0xb0
[ 1652.006041][T21860]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1652.006056][T21860] RIP: 0033:0x7ff44918e929
[ 1652.006071][T21860] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1652.006084][T21860] RSP: 002b:00007ff449f41038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 1652.006103][T21860] RAX: ffffffffffffffda RBX: 00007ff4493b5fa0 RCX: 00007ff44918e929
[ 1652.006114][T21860] RDX: 0000000000004000 RSI: 0000200000000000 RDI: 0000000000000003
[ 1652.006126][T21860] RBP: 00007ff449f41090 R08: 0000000000000000 R09: 0000000000000000
[ 1652.006137][T21860] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1652.006147][T21860] R13: 0000000000000000 R14: 00007ff4493b5fa0 R15: 00007ffc49baa208
[ 1652.006171][T21860]  </TASK>
[ 1652.017219][T15433] gspca_main: sonixj-2.14.0 probing 0471:0327
[ 1652.262762][T21866] FAULT_INJECTION: forcing a failure.
[ 1652.262762][T21866] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1652.305903][T21868] netlink: 32 bytes leftover after parsing attributes in process `syz.1.4054'.
[ 1652.344077][T21866] CPU: 1 UID: 0 PID: 21866 Comm: syz.5.4056 Not tainted 6.16.0-rc4-syzkaller-00123-g4c06e63b9203 #0 PREEMPT(full) 
[ 1652.344104][T21866] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 1652.344115][T21866] Call Trace:
[ 1652.344122][T21866]  <TASK>
[ 1652.344131][T21866]  dump_stack_lvl+0x189/0x250
[ 1652.344154][T21866]  ? __pfx____ratelimit+0x10/0x10
[ 1652.344178][T21866]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1652.344197][T21866]  ? __pfx__printk+0x10/0x10
[ 1652.344221][T21866]  ? __might_fault+0xb0/0x130
[ 1652.344250][T21866]  should_fail_ex+0x414/0x560
[ 1652.344277][T21866]  _copy_from_user+0x2d/0xb0
[ 1652.344297][T21866]  ___sys_sendmsg+0x158/0x2a0
[ 1652.344320][T21866]  ? __pfx____sys_sendmsg+0x10/0x10
[ 1652.344382][T21866]  ? __fget_files+0x2a/0x420
[ 1652.344398][T21866]  ? __fget_files+0x3a0/0x420
[ 1652.344425][T21866]  __x64_sys_sendmsg+0x19b/0x260
[ 1652.344447][T21866]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[ 1652.344475][T21866]  ? __pfx_ksys_write+0x10/0x10
[ 1652.344493][T21866]  ? rcu_is_watching+0x15/0xb0
[ 1652.344518][T21866]  ? do_syscall_64+0xbe/0x3b0
[ 1652.344538][T21866]  do_syscall_64+0xfa/0x3b0
[ 1652.344550][T21866]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1652.344571][T21866]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1652.344587][T21866]  ? clear_bhb_loop+0x60/0xb0
[ 1652.344607][T21866]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1652.344622][T21866] RIP: 0033:0x7ff44918e929
[ 1652.344638][T21866] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1652.344654][T21866] RSP: 002b:00007ff449f41038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 1652.344672][T21866] RAX: ffffffffffffffda RBX: 00007ff4493b5fa0 RCX: 00007ff44918e929
[ 1652.344685][T21866] RDX: 0000000000000000 RSI: 0000200000000280 RDI: 0000000000000003
[ 1652.344696][T21866] RBP: 00007ff449f41090 R08: 0000000000000000 R09: 0000000000000000
[ 1652.344707][T21866] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1652.344717][T21866] R13: 0000000000000000 R14: 00007ff4493b5fa0 R15: 00007ffc49baa208
[ 1652.344744][T21866]  </TASK>
[ 1653.375304][T15433] gspca_sonixj: i2c_w8 err -71
[ 1653.398422][T15433] sonixj 1-1:0.0: probe with driver sonixj failed with error -71
[ 1653.423321][T15433] usb 1-1: USB disconnect, device number 30
[ 1653.508883][T21881] comedi comedi4: bad chanlist[0]=0x0000b8eb chan=47339 range length=2
[ 1653.600068][T21884] comedi comedi4: bad chanlist[0]=0x0000b8eb chan=47339 range length=2
[ 1654.406272][T21901] can0: slcan on ttyS3.
[ 1654.666601][T21888] can0 (unregistered): slcan off ttyS3.
[ 1654.714770][T21911] Invalid logical block size (3)
[ 1655.008756][T21919] FAULT_INJECTION: forcing a failure.
[ 1655.008756][T21919] name failslab, interval 1, probability 0, space 0, times 0
[ 1655.044799][T21919] CPU: 0 UID: 0 PID: 21919 Comm: syz.5.4072 Not tainted 6.16.0-rc4-syzkaller-00123-g4c06e63b9203 #0 PREEMPT(full) 
[ 1655.044825][T21919] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 1655.044836][T21919] Call Trace:
[ 1655.044843][T21919]  <TASK>
[ 1655.044850][T21919]  dump_stack_lvl+0x189/0x250
[ 1655.044874][T21919]  ? __pfx____ratelimit+0x10/0x10
[ 1655.044907][T21919]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1655.044925][T21919]  ? __pfx__printk+0x10/0x10
[ 1655.044952][T21919]  ? __pfx___might_resched+0x10/0x10
[ 1655.044970][T21919]  ? fs_reclaim_acquire+0x7d/0x100
[ 1655.044996][T21919]  should_fail_ex+0x414/0x560
[ 1655.045023][T21919]  should_failslab+0xa8/0x100
[ 1655.045039][T21919]  __kmalloc_noprof+0xcb/0x4f0
[ 1655.045058][T21919]  ? kfree+0x4d/0x440
[ 1655.045075][T21919]  ? tomoyo_realpath_from_path+0xe3/0x5d0
[ 1655.045098][T21919]  tomoyo_realpath_from_path+0xe3/0x5d0
[ 1655.045117][T21919]  ? tomoyo_domain+0xda/0x130
[ 1655.045140][T21919]  ? tomoyo_path_number_perm+0x1bc/0x5a0
[ 1655.045164][T21919]  tomoyo_path_number_perm+0x1e8/0x5a0
[ 1655.045189][T21919]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[ 1655.045230][T21919]  ? __lock_acquire+0xab9/0xd20
[ 1655.045268][T21919]  ? __fget_files+0x2a/0x420
[ 1655.045289][T21919]  ? __fget_files+0x2a/0x420
[ 1655.045304][T21919]  ? __fget_files+0x3a0/0x420
[ 1655.045319][T21919]  ? __fget_files+0x2a/0x420
[ 1655.045339][T21919]  security_file_ioctl+0xcb/0x2d0
[ 1655.045366][T21919]  __se_sys_ioctl+0x47/0x170
[ 1655.045391][T21919]  do_syscall_64+0xfa/0x3b0
[ 1655.045406][T21919]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1655.045429][T21919]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1655.045445][T21919]  ? clear_bhb_loop+0x60/0xb0
[ 1655.045466][T21919]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1655.045482][T21919] RIP: 0033:0x7ff44918e929
[ 1655.045498][T21919] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1655.045512][T21919] RSP: 002b:00007ff449f41038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1655.045531][T21919] RAX: ffffffffffffffda RBX: 00007ff4493b5fa0 RCX: 00007ff44918e929
[ 1655.045544][T21919] RDX: 0000200000000080 RSI: 00000000c008ae88 RDI: 0000000000000005
[ 1655.045555][T21919] RBP: 00007ff449f41090 R08: 0000000000000000 R09: 0000000000000000
[ 1655.045566][T21919] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1655.045576][T21919] R13: 0000000000000000 R14: 00007ff4493b5fa0 R15: 00007ffc49baa208
[ 1655.045605][T21919]  </TASK>
[ 1655.045613][T21919] ERROR: Out of memory at tomoyo_realpath_from_path.
[ 1655.882825][T21944] overlayfs: failed to resolve './file0': -2
[ 1657.739930][T21971] FAULT_INJECTION: forcing a failure.
[ 1657.739930][T21971] name failslab, interval 1, probability 0, space 0, times 0
[ 1657.891928][T21971] CPU: 0 UID: 0 PID: 21971 Comm: syz.5.4082 Not tainted 6.16.0-rc4-syzkaller-00123-g4c06e63b9203 #0 PREEMPT(full) 
[ 1657.891956][T21971] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 1657.891967][T21971] Call Trace:
[ 1657.891975][T21971]  <TASK>
[ 1657.891983][T21971]  dump_stack_lvl+0x189/0x250
[ 1657.892008][T21971]  ? __pfx____ratelimit+0x10/0x10
[ 1657.892031][T21971]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1657.892051][T21971]  ? __pfx__printk+0x10/0x10
[ 1657.892078][T21971]  ? __pfx___might_resched+0x10/0x10
[ 1657.892096][T21971]  ? fs_reclaim_acquire+0x7d/0x100
[ 1657.892120][T21971]  should_fail_ex+0x414/0x560
[ 1657.892148][T21971]  should_failslab+0xa8/0x100
[ 1657.892167][T21971]  __kmalloc_noprof+0xcb/0x4f0
[ 1657.892187][T21971]  ? kfree+0x4d/0x440
[ 1657.892205][T21971]  ? tomoyo_realpath_from_path+0xe3/0x5d0
[ 1657.892229][T21971]  tomoyo_realpath_from_path+0xe3/0x5d0
[ 1657.892250][T21971]  ? tomoyo_domain+0xda/0x130
[ 1657.892274][T21971]  ? tomoyo_path_number_perm+0x1bc/0x5a0
[ 1657.892297][T21971]  tomoyo_path_number_perm+0x1e8/0x5a0
[ 1657.892323][T21971]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[ 1657.892344][T21971]  ? rcu_is_watching+0x15/0xb0
[ 1657.892366][T21971]  ? __pfx___schedule+0x10/0x10
[ 1657.892385][T21971]  ? __schedule+0x16c0/0x4cb0
[ 1657.892420][T21971]  ? __lock_acquire+0xab9/0xd20
[ 1657.892458][T21971]  ? __fget_files+0x2a/0x420
[ 1657.892478][T21971]  ? __fget_files+0x2a/0x420
[ 1657.892494][T21971]  ? __fget_files+0x3a0/0x420
[ 1657.892509][T21971]  ? __fget_files+0x2a/0x420
[ 1657.892531][T21971]  security_file_ioctl+0xcb/0x2d0
[ 1657.892556][T21971]  __se_sys_ioctl+0x47/0x170
[ 1657.892581][T21971]  do_syscall_64+0xfa/0x3b0
[ 1657.892599][T21971]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1657.892615][T21971]  ? asm_sysvec_reschedule_ipi+0x1a/0x20
[ 1657.892632][T21971]  ? clear_bhb_loop+0x60/0xb0
[ 1657.892652][T21971]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1657.892669][T21971] RIP: 0033:0x7ff44918e929
[ 1657.892691][T21971] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1657.892706][T21971] RSP: 002b:00007ff449f41038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1657.892726][T21971] RAX: ffffffffffffffda RBX: 00007ff4493b5fa0 RCX: 00007ff44918e929
[ 1657.892740][T21971] RDX: 0000200000000100 RSI: 00000000c0d05605 RDI: 0000000000000003
[ 1657.892751][T21971] RBP: 00007ff449f41090 R08: 0000000000000000 R09: 0000000000000000
[ 1657.892762][T21971] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1657.892773][T21971] R13: 0000000000000000 R14: 00007ff4493b5fa0 R15: 00007ffc49baa208
[ 1657.892803][T21971]  </TASK>
[ 1658.182424][T21971] ERROR: Out of memory at tomoyo_realpath_from_path.
[ 1658.316280][T21976] netlink: 300 bytes leftover after parsing attributes in process `syz.4.4084'.
[ 1658.775224][T21986] dummy0: entered promiscuous mode
[ 1659.401085][T22001] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1659.870634][T22015] trusted_key: encrypted_key: insufficient parameters specified
[ 1659.881441][T22015] mmap: syz.1.4090 (22015) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst.
[ 1662.117536][T22042] overlayfs: failed to resolve './file0': -2
[ 1663.647344][T22071] FAULT_INJECTION: forcing a failure.
[ 1663.647344][T22071] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1663.748257][T22073] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list
[ 1663.964406][T22071] CPU: 1 UID: 0 PID: 22071 Comm: syz.0.4105 Not tainted 6.16.0-rc4-syzkaller-00123-g4c06e63b9203 #0 PREEMPT(full) 
[ 1663.964433][T22071] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 1663.964444][T22071] Call Trace:
[ 1663.964452][T22071]  <TASK>
[ 1663.964460][T22071]  dump_stack_lvl+0x189/0x250
[ 1663.964483][T22071]  ? __pfx____ratelimit+0x10/0x10
[ 1663.964507][T22071]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1663.964525][T22071]  ? __pfx__printk+0x10/0x10
[ 1663.964545][T22071]  ? __might_fault+0xb0/0x130
[ 1663.964580][T22071]  should_fail_ex+0x414/0x560
[ 1663.964606][T22071]  _copy_from_user+0x2d/0xb0
[ 1663.964623][T22071]  __sys_bpf+0x1ed/0x860
[ 1663.964646][T22071]  ? __pfx___sys_bpf+0x10/0x10
[ 1663.964679][T22071]  ? ksys_write+0x22a/0x250
[ 1663.964703][T22071]  ? __pfx_ksys_write+0x10/0x10
[ 1663.964722][T22071]  ? rcu_is_watching+0x15/0xb0
[ 1663.964746][T22071]  __x64_sys_bpf+0x7c/0x90
[ 1663.964768][T22071]  do_syscall_64+0xfa/0x3b0
[ 1663.964784][T22071]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1663.964804][T22071]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1663.964819][T22071]  ? clear_bhb_loop+0x60/0xb0
[ 1663.964838][T22071]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1663.964854][T22071] RIP: 0033:0x7fa40258e929
[ 1663.964871][T22071] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1663.964885][T22071] RSP: 002b:00007fa4033f1038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[ 1663.964904][T22071] RAX: ffffffffffffffda RBX: 00007fa4027b5fa0 RCX: 00007fa40258e929
[ 1663.964917][T22071] RDX: 0000000000000050 RSI: 0000200000000600 RDI: 000000000000000a
[ 1663.964928][T22071] RBP: 00007fa4033f1090 R08: 0000000000000000 R09: 0000000000000000
[ 1663.964938][T22071] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1663.964949][T22071] R13: 0000000000000000 R14: 00007fa4027b5fa0 R15: 00007fff843557f8
[ 1663.964976][T22071]  </TASK>
[ 1664.599184][T22079] netlink: 260 bytes leftover after parsing attributes in process `syz.0.4107'.
[ 1664.687967][T22077] warning: `syz.1.4102' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211
[ 1664.734587][T22083] netlink: 'syz.0.4107': attribute type 4 has an invalid length.
[ 1664.764210][T22083] netlink: 3657 bytes leftover after parsing attributes in process `syz.0.4107'.
[ 1665.580703][T22097] 9pnet_virtio: no channels available for device syz
[ 1665.885698][T22104] overlayfs: failed to resolve './file0': -2
[ 1666.709722][T22113] overlayfs: workdir and upperdir must reside under the same mount
[ 1667.028061][T22120] comedi comedi4: bad chanlist[0]=0x000007ff chan=2047 range length=2
[ 1667.117342][T22120] input: syz1 as /devices/virtual/input/input25
[ 1667.396187][T22137] evm: overlay not supported
[ 1667.564660][   T48] usb 4-1: new high-speed USB device number 22 using dummy_hcd
[ 1667.814742][   T48] usb 4-1: Using ep0 maxpacket: 8
[ 1667.975077][   T48] usb 4-1: unable to get BOS descriptor or descriptor too short
[ 1668.014656][   T48] usb 4-1: config 4 has an invalid interface number: 147 but max is 0
[ 1668.055301][   T48] usb 4-1: config 4 contains an unexpected descriptor of type 0x2, skipping
[ 1668.098762][   T48] usb 4-1: config 4 has no interface number 0
[ 1668.121530][   T48] usb 4-1: New USB device found, idVendor=04f2, idProduct=b746, bcdDevice=8e.6e
[ 1668.218399][   T48] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1668.281783][   T48] usb 4-1: Product: syz
[ 1668.303495][   T48] usb 4-1: Manufacturer: syz
[ 1668.322329][   T48] usb 4-1: SerialNumber: syz
[ 1668.394646][T22142] binder: 22141:22142 unknown command 0
[ 1668.410777][T22142] binder: 22141:22142 ioctl c0306201 200000000180 returned -22
[ 1668.585771][T22120] ntfs3(nullb0): Primary boot signature is not NTFS.
[ 1668.596445][T22120] ntfs3(nullb0): try to read out of volume at offset 0x3e7ffffe00
[ 1668.677919][T22151] netlink: 20 bytes leftover after parsing attributes in process `syz.1.4114'.
[ 1668.688457][T22120] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1668.794395][T16934] usb 1-1: new high-speed USB device number 31 using dummy_hcd
[ 1668.818160][ T1301] ieee802154 phy0 wpan0: encryption failed: -22
[ 1668.825047][T22120] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1668.833070][ T1301] ieee802154 phy1 wpan1: encryption failed: -22
[ 1669.232199][T16934] usb 1-1: New USB device found, idVendor=1645, idProduct=0008, bcdDevice=cf.36
[ 1669.374329][T16934] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1669.416097][T16934] usb 1-1: config 0 descriptor??
[ 1669.423169][T22133] FAULT_INJECTION: forcing a failure.
[ 1669.423169][T22133] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1669.572643][T22133] CPU: 0 UID: 0 PID: 22133 Comm: syz.4.4118 Not tainted 6.16.0-rc4-syzkaller-00123-g4c06e63b9203 #0 PREEMPT(full) 
[ 1669.572671][T22133] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 1669.572681][T22133] Call Trace:
[ 1669.572689][T22133]  <TASK>
[ 1669.572697][T22133]  dump_stack_lvl+0x189/0x250
[ 1669.572722][T22133]  ? __pfx____ratelimit+0x10/0x10
[ 1669.572748][T22133]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1669.572767][T22133]  ? __pfx__printk+0x10/0x10
[ 1669.572814][T22133]  should_fail_ex+0x414/0x560
[ 1669.572843][T22133]  _copy_to_user+0x31/0xb0
[ 1669.572867][T22133]  simple_read_from_buffer+0xe1/0x170
[ 1669.572896][T22133]  proc_fail_nth_read+0x1df/0x250
[ 1669.572917][T22133]  ? __pfx_proc_fail_nth_read+0x10/0x10
[ 1669.572940][T22133]  ? rw_verify_area+0x258/0x650
[ 1669.572961][T22133]  ? __pfx_proc_fail_nth_read+0x10/0x10
[ 1669.572981][T22133]  vfs_read+0x1fd/0x980
[ 1669.573009][T22133]  ? __pfx___mutex_lock+0x10/0x10
[ 1669.573027][T22133]  ? __pfx_vfs_read+0x10/0x10
[ 1669.573051][T22133]  ? __fget_files+0x2a/0x420
[ 1669.573073][T22133]  ? __fget_files+0x3a0/0x420
[ 1669.573088][T22133]  ? __fget_files+0x2a/0x420
[ 1669.573114][T22133]  ksys_read+0x145/0x250
[ 1669.573138][T22133]  ? __pfx_ksys_read+0x10/0x10
[ 1669.573172][T22133]  ? do_syscall_64+0xbe/0x3b0
[ 1669.573192][T22133]  do_syscall_64+0xfa/0x3b0
[ 1669.573211][T22133]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1669.573227][T22133]  ? asm_sysvec_reschedule_ipi+0x1a/0x20
[ 1669.573243][T22133]  ? clear_bhb_loop+0x60/0xb0
[ 1669.573264][T22133]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1669.573281][T22133] RIP: 0033:0x7fc54778d33c
[ 1669.573296][T22133] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[ 1669.573311][T22133] RSP: 002b:00007fc54869d030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[ 1669.573330][T22133] RAX: ffffffffffffffda RBX: 00007fc5479b5fa0 RCX: 00007fc54778d33c
[ 1669.573343][T22133] RDX: 000000000000000f RSI: 00007fc54869d0a0 RDI: 0000000000000003
[ 1669.573354][T22133] RBP: 00007fc54869d090 R08: 0000000000000000 R09: 0000000000000000
[ 1669.573365][T22133] R10: 0000000040000043 R11: 0000000000000246 R12: 0000000000000001
[ 1669.573375][T22133] R13: 0000000000000000 R14: 00007fc5479b5fa0 R15: 00007fff9e80f1c8
[ 1669.573404][T22133]  </TASK>
[ 1669.806331][T16934] kaweth 1-1:0.0: Firmware present in device.
[ 1669.844095][T16934] kaweth 1-1:0.0: Statistics collection: 0
[ 1669.863968][T16934] kaweth 1-1:0.0: Multicast filter limit: 0
[ 1669.873747][T16934] kaweth 1-1:0.0: MTU: 0
[ 1669.893466][T16934] kaweth 1-1:0.0: Read MAC address 00:00:00:00:00:00
[ 1670.435212][ T5842] Bluetooth: hci1: command 0x0c1a tx timeout
[ 1670.464343][ T5890] Bluetooth: hci1: Opcode 0x0c1a failed: -110
[ 1670.569139][ T5890] Bluetooth: hci1: Error when powering off device on rfkill (-110)
[ 1670.608320][T16934] kaweth 1-1:0.0: probe with driver kaweth failed with error -5
[ 1670.634522][   T48] usb 4-1: Found UVC 0.02 device syz (04f2:b746)
[ 1670.651345][   T48] usb 4-1: No valid video chain found.
[ 1670.662715][T16934] usb 1-1: USB disconnect, device number 31
[ 1670.676656][   T48] usb 4-1: USB disconnect, device number 22
[ 1672.069140][T22190] FAULT_INJECTION: forcing a failure.
[ 1672.069140][T22190] name failslab, interval 1, probability 0, space 0, times 0
[ 1672.093326][T22190] CPU: 0 UID: 0 PID: 22190 Comm: syz.0.4130 Not tainted 6.16.0-rc4-syzkaller-00123-g4c06e63b9203 #0 PREEMPT(full) 
[ 1672.093354][T22190] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 1672.093365][T22190] Call Trace:
[ 1672.093373][T22190]  <TASK>
[ 1672.093381][T22190]  dump_stack_lvl+0x189/0x250
[ 1672.093407][T22190]  ? __pfx____ratelimit+0x10/0x10
[ 1672.093431][T22190]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1672.093450][T22190]  ? __pfx__printk+0x10/0x10
[ 1672.093477][T22190]  ? __pfx___might_resched+0x10/0x10
[ 1672.093495][T22190]  ? fs_reclaim_acquire+0x7d/0x100
[ 1672.093518][T22190]  should_fail_ex+0x414/0x560
[ 1672.093546][T22190]  should_failslab+0xa8/0x100
[ 1672.093565][T22190]  __kmalloc_noprof+0xcb/0x4f0
[ 1672.093587][T22190]  ? kfree+0x4d/0x440
[ 1672.093604][T22190]  ? tomoyo_realpath_from_path+0xe3/0x5d0
[ 1672.093627][T22190]  tomoyo_realpath_from_path+0xe3/0x5d0
[ 1672.093648][T22190]  ? tomoyo_domain+0xda/0x130
[ 1672.093672][T22190]  ? tomoyo_path_number_perm+0x1bc/0x5a0
[ 1672.093695][T22190]  tomoyo_path_number_perm+0x1e8/0x5a0
[ 1672.093722][T22190]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[ 1672.093763][T22190]  ? __lock_acquire+0xab9/0xd20
[ 1672.093799][T22190]  ? __fget_files+0x2a/0x420
[ 1672.093820][T22190]  ? __fget_files+0x2a/0x420
[ 1672.093836][T22190]  ? __fget_files+0x3a0/0x420
[ 1672.093851][T22190]  ? __fget_files+0x2a/0x420
[ 1672.093883][T22190]  security_file_ioctl+0xcb/0x2d0
[ 1672.093910][T22190]  __se_sys_ioctl+0x47/0x170
[ 1672.093935][T22190]  do_syscall_64+0xfa/0x3b0
[ 1672.093951][T22190]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1672.093973][T22190]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1672.093991][T22190]  ? clear_bhb_loop+0x60/0xb0
[ 1672.094011][T22190]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1672.094027][T22190] RIP: 0033:0x7fa40258e929
[ 1672.094043][T22190] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1672.094058][T22190] RSP: 002b:00007fa4033f1038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1672.094077][T22190] RAX: ffffffffffffffda RBX: 00007fa4027b5fa0 RCX: 00007fa40258e929
[ 1672.094090][T22190] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000005
[ 1672.094100][T22190] RBP: 00007fa4033f1090 R08: 0000000000000000 R09: 0000000000000000
[ 1672.094111][T22190] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1672.094122][T22190] R13: 0000000000000000 R14: 00007fa4027b5fa0 R15: 00007fff843557f8
[ 1672.094150][T22190]  </TASK>
[ 1672.094158][T22190] ERROR: Out of memory at tomoyo_realpath_from_path.
[ 1672.350787][T17441] usb 4-1: new high-speed USB device number 23 using dummy_hcd
[ 1672.358446][ T5932] usb 2-1: new high-speed USB device number 19 using dummy_hcd
[ 1672.525934][ T5932] usb 2-1: Using ep0 maxpacket: 8
[ 1672.535674][T17441] usb 4-1: New USB device found, idVendor=1604, idProduct=8001, bcdDevice=44.1f
[ 1672.538198][T22207] netlink: 'syz.0.4132': attribute type 29 has an invalid length.
[ 1672.554581][T17441] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1672.563553][T22207] netlink: 'syz.0.4132': attribute type 29 has an invalid length.
[ 1672.575081][T17441] usb 4-1: Product: syz
[ 1672.579433][ T5932] usb 2-1: New USB device found, idVendor=0ccd, idProduct=0039, bcdDevice=90.7b
[ 1672.589040][ T5932] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1672.597997][T17441] usb 4-1: Manufacturer: syz
[ 1672.613447][T17441] usb 4-1: SerialNumber: syz
[ 1672.631514][ T5932] pvrusb2: Hardware description: Terratec Grabster AV400
[ 1672.645360][T17441] usb 4-1: config 0 descriptor??
[ 1672.661173][ T5932] pvrusb2: **********
[ 1672.682014][ T5932] pvrusb2: ***WARNING*** Support for this device (Terratec Grabster AV400) is experimental.
[ 1672.699104][ T5932] pvrusb2: Important functionality might not be entirely working.
[ 1672.715427][ T5932] pvrusb2: Please consider contacting the driver author to help with further stabilization of the driver.
[ 1672.736577][ T5932] pvrusb2: **********
[ 1672.744508][T15433] usb 5-1: new high-speed USB device number 18 using dummy_hcd
[ 1672.830715][ T2344] pvrusb2: Invalid write control endpoint
[ 1672.904574][T15433] usb 5-1: Using ep0 maxpacket: 32
[ 1672.912031][T15433] usb 5-1: New USB device found, idVendor=041e, idProduct=400b, bcdDevice=3e.e7
[ 1672.929264][T15433] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1672.955789][T15433] usb 5-1: config 0 descriptor??
[ 1672.974182][T15433] gspca_main: sunplus-2.14.0 probing 041e:400b
[ 1672.981426][ T2344] pvrusb2: Invalid write control endpoint
[ 1672.981833][ T2344] pvrusb2: ***WARNING*** Detected a wedged cx25840 chip; the device will not work.
[ 1672.981848][ T2344] pvrusb2: ***WARNING*** Try power cycling the pvrusb2 device.
[ 1672.981856][ T2344] pvrusb2: ***WARNING*** Disabling further access to the device to prevent other foul-ups.
[ 1672.981865][ T2344] pvrusb2: Device being rendered inoperable
[ 1672.988577][ T2344] cx25840 1-0044: Unable to detect h/w, assuming cx23887
[ 1673.033642][T22182] pvrusb2: Attempted to execute control transfer when device not ok
[ 1673.049588][ T5932] usb 2-1: USB disconnect, device number 19
[ 1673.067587][ T2344] cx25840 1-0044: cx23887 A/V decoder found @ 0x88 (pvrusb2_a)
[ 1673.115308][ T2344] pvrusb2: Attached sub-driver cx25840
[ 1673.120824][ T2344] pvrusb2: ***WARNING*** pvrusb2 device hardware appears to be jammed and I can't clear it.
[ 1673.162439][ T2344] pvrusb2: You might need to power cycle the pvrusb2 device in order to recover.
[ 1673.308490][T22227] FAULT_INJECTION: forcing a failure.
[ 1673.308490][T22227] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1673.322494][T22227] CPU: 0 UID: 0 PID: 22227 Comm: syz.0.4136 Not tainted 6.16.0-rc4-syzkaller-00123-g4c06e63b9203 #0 PREEMPT(full) 
[ 1673.322523][T22227] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 1673.322534][T22227] Call Trace:
[ 1673.322541][T22227]  <TASK>
[ 1673.322549][T22227]  dump_stack_lvl+0x189/0x250
[ 1673.322574][T22227]  ? __pfx____ratelimit+0x10/0x10
[ 1673.322598][T22227]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1673.322617][T22227]  ? __pfx__printk+0x10/0x10
[ 1673.322637][T22227]  ? __might_fault+0xb0/0x130
[ 1673.322672][T22227]  should_fail_ex+0x414/0x560
[ 1673.322699][T22227]  _copy_from_user+0x2d/0xb0
[ 1673.322719][T22227]  do_sock_getsockopt+0x1cd/0x650
[ 1673.322743][T22227]  ? __pfx_do_sock_getsockopt+0x10/0x10
[ 1673.322762][T22227]  ? do_syscall_64+0x40/0x3b0
[ 1673.322779][T22227]  ? __fget_files+0x3a0/0x420
[ 1673.322794][T22227]  ? __fget_files+0x2a/0x420
[ 1673.322824][T22227]  __x64_sys_getsockopt+0x1a5/0x250
[ 1673.322844][T22227]  ? do_syscall_64+0x40/0x3b0
[ 1673.322862][T22227]  ? do_syscall_64+0x40/0x3b0
[ 1673.322881][T22227]  do_syscall_64+0xfa/0x3b0
[ 1673.322896][T22227]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1673.322919][T22227]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1673.322937][T22227]  ? clear_bhb_loop+0x60/0xb0
[ 1673.322957][T22227]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1673.322973][T22227] RIP: 0033:0x7fa40258e929
[ 1673.322989][T22227] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1673.323003][T22227] RSP: 002b:00007fa4033f1038 EFLAGS: 00000246 ORIG_RAX: 0000000000000037
[ 1673.323022][T22227] RAX: ffffffffffffffda RBX: 00007fa4027b5fa0 RCX: 00007fa40258e929
[ 1673.323035][T22227] RDX: 0000000000000023 RSI: 0000000000000006 RDI: 0000000000000003
[ 1673.323045][T22227] RBP: 00007fa4033f1090 R08: 0000200000000040 R09: 0000000000000000
[ 1673.323056][T22227] R10: 0000200000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1673.323068][T22227] R13: 0000000000000000 R14: 00007fa4027b5fa0 R15: 00007fff843557f8
[ 1673.323096][T22227]  </TASK>
[ 1673.765382][ T5842] Bluetooth: hci3: command 0x0c1a tx timeout
[ 1673.772874][ T5890] Bluetooth: hci3: Opcode 0x0c1a failed: -110
[ 1673.784343][ T5890] Bluetooth: hci3: Error when powering off device on rfkill (-110)
[ 1673.879307][T22155] usb 1-1: new high-speed USB device number 32 using dummy_hcd
[ 1674.056945][T22155] usb 1-1: config 0 has an invalid interface number: 235 but max is 0
[ 1674.075637][T22155] usb 1-1: config 0 has no interface number 0
[ 1674.082720][T22155] usb 1-1: config 0 interface 235 altsetting 0 bulk endpoint 0x87 has invalid maxpacket 1024
[ 1674.097457][T22155] usb 1-1: New USB device found, idVendor=eb1a, idProduct=2800, bcdDevice=8c.f6
[ 1674.112302][T22155] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1674.123122][T22155] usb 1-1: Product: syz
[ 1674.132689][T22155] usb 1-1: Manufacturer: syz
[ 1674.144388][T22155] usb 1-1: SerialNumber: syz
[ 1674.155613][T22155] usb 1-1: config 0 descriptor??
[ 1674.167744][T22233] raw-gadget.1 gadget.0: fail, usb_ep_enable returned -22
[ 1674.197500][T15433] gspca_sunplus: reg_w_riv err -71
[ 1674.202925][T15433] sunplus 5-1:0.0: probe with driver sunplus failed with error -71
[ 1674.229568][T15433] usb 5-1: USB disconnect, device number 18
[ 1674.267968][T22251] netlink: 12 bytes leftover after parsing attributes in process `syz.1.4141'.
[ 1674.293006][T22251] netlink: 16 bytes leftover after parsing attributes in process `syz.1.4141'.
[ 1674.310163][T22251] netlink: 248 bytes leftover after parsing attributes in process `syz.1.4141'.
[ 1674.391754][T22233] fuse: Bad value for 'fd'
[ 1674.822379][T22271] syzkaller0: default qdisc (pfifo_fast) fail, fallback to noqueue
[ 1675.048143][T22278] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1675.098254][T22278] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1676.088272][ T5842] Bluetooth: hci4: command 0x0c1a tx timeout
[ 1676.094618][ T5890] Bluetooth: hci4: Opcode 0x0c1a failed: -110
[ 1676.101037][ T5890] Bluetooth: hci4: Error when powering off device on rfkill (-110)
[ 1676.829968][ T5932] usb 4-1: USB disconnect, device number 23
[ 1677.116859][T22306] netlink: 60 bytes leftover after parsing attributes in process `syz.4.4146'.
[ 1677.137928][T22301] netlink: 60 bytes leftover after parsing attributes in process `syz.4.4146'.
[ 1677.222608][T22310] overlay: Unknown parameter 'pcr'
[ 1677.535598][T17441] usb 4-1: new high-speed USB device number 24 using dummy_hcd
[ 1677.695261][T17441] usb 4-1: device descriptor read/64, error -71
[ 1677.957944][T17441] usb 4-1: new high-speed USB device number 25 using dummy_hcd
[ 1678.104894][T17441] usb 4-1: device descriptor read/64, error -71
[ 1678.235020][T17441] usb usb4-port1: attempt power cycle
[ 1679.444529][ T5842] Bluetooth: hci2: command 0x0c1a tx timeout
[ 1679.458145][ T5890] Bluetooth: hci2: Opcode 0x0c1a failed: -110
[ 1679.475297][ T5890] Bluetooth: hci2: Error when powering off device on rfkill (-110)
[ 1679.538324][T17441] usb 4-1: new high-speed USB device number 26 using dummy_hcd
[ 1679.566518][T17441] usb 4-1: device descriptor read/8, error -71
[ 1679.976346][T17441] usb 4-1: new high-speed USB device number 27 using dummy_hcd
[ 1680.205149][T17441] usb 4-1: device descriptor read/8, error -71
[ 1680.315654][T22372] FAULT_INJECTION: forcing a failure.
[ 1680.315654][T22372] name failslab, interval 1, probability 0, space 0, times 0
[ 1680.346809][T17441] usb usb4-port1: unable to enumerate USB device
[ 1680.363235][T22376] comedi comedi3: rti800: I/O port conflict (0xf0,16)
[ 1680.397543][T22372] CPU: 0 UID: 0 PID: 22372 Comm: syz.0.4155 Not tainted 6.16.0-rc4-syzkaller-00123-g4c06e63b9203 #0 PREEMPT(full) 
[ 1680.397571][T22372] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 1680.397581][T22372] Call Trace:
[ 1680.397589][T22372]  <TASK>
[ 1680.397596][T22372]  dump_stack_lvl+0x189/0x250
[ 1680.397621][T22372]  ? __pfx____ratelimit+0x10/0x10
[ 1680.397645][T22372]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1680.397664][T22372]  ? __pfx__printk+0x10/0x10
[ 1680.397690][T22372]  ? __pfx___might_resched+0x10/0x10
[ 1680.397708][T22372]  ? fs_reclaim_acquire+0x7d/0x100
[ 1680.397732][T22372]  should_fail_ex+0x414/0x560
[ 1680.397760][T22372]  should_failslab+0xa8/0x100
[ 1680.397779][T22372]  __kmalloc_noprof+0xcb/0x4f0
[ 1680.397800][T22372]  ? kfree+0x4d/0x440
[ 1680.397818][T22372]  ? tomoyo_realpath_from_path+0xe3/0x5d0
[ 1680.397843][T22372]  tomoyo_realpath_from_path+0xe3/0x5d0
[ 1680.397863][T22372]  ? tomoyo_domain+0xda/0x130
[ 1680.397887][T22372]  ? tomoyo_path_number_perm+0x1bc/0x5a0
[ 1680.397910][T22372]  tomoyo_path_number_perm+0x1e8/0x5a0
[ 1680.397936][T22372]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[ 1680.397976][T22372]  ? __lock_acquire+0xab9/0xd20
[ 1680.398023][T22372]  ? __fget_files+0x2a/0x420
[ 1680.398044][T22372]  ? __fget_files+0x2a/0x420
[ 1680.398059][T22372]  ? __fget_files+0x3a0/0x420
[ 1680.398075][T22372]  ? __fget_files+0x2a/0x420
[ 1680.398095][T22372]  security_file_ioctl+0xcb/0x2d0
[ 1680.398122][T22372]  __se_sys_ioctl+0x47/0x170
[ 1680.398147][T22372]  do_syscall_64+0xfa/0x3b0
[ 1680.398163][T22372]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1680.398185][T22372]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1680.398202][T22372]  ? clear_bhb_loop+0x60/0xb0
[ 1680.398223][T22372]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1680.398239][T22372] RIP: 0033:0x7fa40258e929
[ 1680.398254][T22372] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1680.398269][T22372] RSP: 002b:00007fa4033f1038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1680.398288][T22372] RAX: ffffffffffffffda RBX: 00007fa4027b5fa0 RCX: 00007fa40258e929
[ 1680.398301][T22372] RDX: 0000200000000080 RSI: 0000000040946400 RDI: 0000000000000003
[ 1680.398313][T22372] RBP: 00007fa4033f1090 R08: 0000000000000000 R09: 0000000000000000
[ 1680.398323][T22372] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1680.398333][T22372] R13: 0000000000000000 R14: 00007fa4027b5fa0 R15: 00007fff843557f8
[ 1680.398362][T22372]  </TASK>
[ 1680.398370][T22372] ERROR: Out of memory at tomoyo_realpath_from_path.
[ 1680.684475][T22372] comedi comedi3: rti800: I/O port conflict (0xf0,16)
[ 1681.084861][T22389] FAULT_INJECTION: forcing a failure.
[ 1681.084861][T22389] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1681.099446][T22389] CPU: 1 UID: 0 PID: 22389 Comm: syz.0.4159 Not tainted 6.16.0-rc4-syzkaller-00123-g4c06e63b9203 #0 PREEMPT(full) 
[ 1681.099471][T22389] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 1681.099481][T22389] Call Trace:
[ 1681.099488][T22389]  <TASK>
[ 1681.099496][T22389]  dump_stack_lvl+0x189/0x250
[ 1681.099525][T22389]  ? __pfx____ratelimit+0x10/0x10
[ 1681.099548][T22389]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1681.099566][T22389]  ? __pfx__printk+0x10/0x10
[ 1681.099599][T22389]  should_fail_ex+0x414/0x560
[ 1681.099628][T22389]  _copy_to_user+0x31/0xb0
[ 1681.099650][T22389]  simple_read_from_buffer+0xe1/0x170
[ 1681.099679][T22389]  proc_fail_nth_read+0x1df/0x250
[ 1681.099701][T22389]  ? __pfx_proc_fail_nth_read+0x10/0x10
[ 1681.099723][T22389]  ? rw_verify_area+0x258/0x650
[ 1681.099744][T22389]  ? __pfx_proc_fail_nth_read+0x10/0x10
[ 1681.099764][T22389]  vfs_read+0x1fd/0x980
[ 1681.099792][T22389]  ? __pfx___mutex_lock+0x10/0x10
[ 1681.099810][T22389]  ? __pfx_vfs_read+0x10/0x10
[ 1681.099834][T22389]  ? __fget_files+0x2a/0x420
[ 1681.099856][T22389]  ? __fget_files+0x3a0/0x420
[ 1681.099871][T22389]  ? __fget_files+0x2a/0x420
[ 1681.099898][T22389]  ksys_read+0x145/0x250
[ 1681.099922][T22389]  ? __pfx_ksys_read+0x10/0x10
[ 1681.099941][T22389]  ? rcu_is_watching+0x15/0xb0
[ 1681.099966][T22389]  ? do_syscall_64+0xbe/0x3b0
[ 1681.099986][T22389]  do_syscall_64+0xfa/0x3b0
[ 1681.100001][T22389]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1681.100024][T22389]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1681.100040][T22389]  ? clear_bhb_loop+0x60/0xb0
[ 1681.100059][T22389]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1681.100076][T22389] RIP: 0033:0x7fa40258d33c
[ 1681.100092][T22389] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[ 1681.100106][T22389] RSP: 002b:00007fa4033f1030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[ 1681.100126][T22389] RAX: ffffffffffffffda RBX: 00007fa4027b5fa0 RCX: 00007fa40258d33c
[ 1681.100139][T22389] RDX: 000000000000000f RSI: 00007fa4033f10a0 RDI: 0000000000000008
[ 1681.100150][T22389] RBP: 00007fa4033f1090 R08: 0000000000000000 R09: 0000000000000004
[ 1681.100161][T22389] R10: 0000000008800000 R11: 0000000000000246 R12: 0000000000000001
[ 1681.100173][T22389] R13: 0000000000000000 R14: 00007fa4027b5fa0 R15: 00007fff843557f8
[ 1681.100210][T22389]  </TASK>
[ 1681.334322][    C1] vkms_vblank_simulate: vblank timer overrun
[ 1682.244533][ T5842] Bluetooth: hci5: command 0x0419 tx timeout
[ 1682.425551][ T5890] Bluetooth: hci5: Opcode 0x0c1a failed: -110
[ 1682.433400][ T5890] Bluetooth: hci5: Error when powering off device on rfkill (-110)
[ 1682.604691][T22439] overlayfs: failed to resolve './file0': -2
[ 1684.382330][T22450] netlink: 8 bytes leftover after parsing attributes in process `syz.3.4166'.
[ 1684.921417][T22454] FAULT_INJECTION: forcing a failure.
[ 1684.921417][T22454] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1684.934782][T22454] CPU: 1 UID: 0 PID: 22454 Comm: syz.3.4167 Not tainted 6.16.0-rc4-syzkaller-00123-g4c06e63b9203 #0 PREEMPT(full) 
[ 1684.934806][T22454] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 1684.934817][T22454] Call Trace:
[ 1684.934824][T22454]  <TASK>
[ 1684.934832][T22454]  dump_stack_lvl+0x189/0x250
[ 1684.934854][T22454]  ? __pfx____ratelimit+0x10/0x10
[ 1684.934878][T22454]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1684.934896][T22454]  ? __pfx__printk+0x10/0x10
[ 1684.934917][T22454]  ? __might_fault+0xb0/0x130
[ 1684.934959][T22454]  should_fail_ex+0x414/0x560
[ 1684.934986][T22454]  _copy_from_user+0x2d/0xb0
[ 1684.935006][T22454]  __sys_bpf+0x1ed/0x860
[ 1684.935031][T22454]  ? __pfx___sys_bpf+0x10/0x10
[ 1684.935067][T22454]  ? ksys_write+0x22a/0x250
[ 1684.935091][T22454]  ? __pfx_ksys_write+0x10/0x10
[ 1684.935120][T22454]  __x64_sys_bpf+0x7c/0x90
[ 1684.935142][T22454]  do_syscall_64+0xfa/0x3b0
[ 1684.935158][T22454]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1684.935180][T22454]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1684.935197][T22454]  ? clear_bhb_loop+0x60/0xb0
[ 1684.935217][T22454]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1684.935232][T22454] RIP: 0033:0x7f959438e929
[ 1684.935248][T22454] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1684.935263][T22454] RSP: 002b:00007f959518c038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[ 1684.935282][T22454] RAX: ffffffffffffffda RBX: 00007f95945b5fa0 RCX: 00007f959438e929
[ 1684.935295][T22454] RDX: 0000000000000050 RSI: 0000200000000140 RDI: 000000000000000a
[ 1684.935306][T22454] RBP: 00007f959518c090 R08: 0000000000000000 R09: 0000000000000000
[ 1684.935317][T22454] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1684.935327][T22454] R13: 0000000000000000 R14: 00007f95945b5fa0 R15: 00007fffcef809b8
[ 1684.935357][T22454]  </TASK>
[ 1696.755041][   T48] usb 1-1: USB disconnect, device number 32
[ 1730.250570][ T1301] ieee802154 phy0 wpan0: encryption failed: -22
[ 1730.257406][ T1301] ieee802154 phy1 wpan1: encryption failed: -22
[ 1791.698451][ T1301] ieee802154 phy0 wpan0: encryption failed: -22
[ 1791.704927][ T1301] ieee802154 phy1 wpan1: encryption failed: -22
[ 1829.444472][   T31] INFO: task dhcpcd:5502 blocked for more than 143 seconds.
[ 1829.451803][   T31]       Not tainted 6.16.0-rc4-syzkaller-00123-g4c06e63b9203 #0
[ 1829.459535][   T31] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[ 1829.468251][   T31] task:dhcpcd          state:D stack:24800 pid:5502  tgid:5502  ppid:1      task_flags:0x400140 flags:0x00004002
[ 1829.480232][   T31] Call Trace:
[ 1829.483510][   T31]  <TASK>
[ 1829.486508][   T31]  __schedule+0x16a2/0x4cb0
SYZFAIL: failed to recv rpc
fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor)
[ 1829.491032][   T31]  ? schedule+0x165/0x360
[ 1829.495525][   T31]  ? __pfx___schedule+0x10/0x10
[ 1829.501023][   T31]  ? schedule+0x91/0x360
[ 1829.505375][   T31]  schedule+0x165/0x360
[ 1829.509549][   T31]  schedule_preempt_disabled+0x13/0x30
[ 1829.515086][   T31]  __mutex_lock+0x724/0xe80
[ 1829.519597][   T31]  ? unwind_get_return_address+0x4d/0x90
[ 1829.525310][   T31]  ? __mutex_lock+0x51b/0xe80
[ 1829.530003][   T31]  ? genl_rcv_msg+0x10d/0x790
[ 1829.535868][   T31]  ? __pfx___mutex_lock+0x10/0x10
[ 1829.540929][   T31]  ? stack_trace_save+0x9c/0xe0
[ 1829.554287][   T31]  ? radix_tree_lookup+0x240/0x290
[ 1829.559448][   T31]  genl_rcv_msg+0x10d/0x790
[ 1829.563971][   T31]  ? __lock_acquire+0xab9/0xd20
[ 1829.609987][   T31]  ? __pfx_genl_rcv_msg+0x10/0x10
[ 1829.615275][   T31]  netlink_rcv_skb+0x205/0x470
[ 1829.620061][   T31]  ? __pfx_genl_rcv_msg+0x10/0x10
[ 1829.625354][   T31]  ? __pfx_netlink_rcv_skb+0x10/0x10
[ 1829.630978][   T31]  ? down_read+0x1ad/0x2e0
[ 1829.635629][   T31]  genl_rcv+0x28/0x40
[ 1829.639620][   T31]  netlink_unicast+0x758/0x8d0
[ 1829.644642][   T31]  netlink_sendmsg+0x805/0xb30
[ 1829.649422][   T31]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 1829.655014][   T31]  ? __lock_acquire+0xab9/0xd20
[ 1829.659874][   T31]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[ 1829.665306][   T31]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 1829.670612][   T31]  __sock_sendmsg+0x219/0x270
[ 1829.675427][   T31]  ____sys_sendmsg+0x505/0x830
[ 1829.680214][   T31]  ? __pfx_____sys_sendmsg+0x10/0x10
[ 1829.685686][   T31]  ? import_iovec+0x74/0xa0
[ 1829.690198][   T31]  ___sys_sendmsg+0x21f/0x2a0
[ 1829.694932][   T31]  ? __pfx____sys_sendmsg+0x10/0x10
[ 1829.700175][   T31]  __x64_sys_sendmsg+0x19b/0x260
[ 1829.705174][   T31]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[ 1829.710647][   T31]  ? __secure_computing+0xe2/0x2a0
[ 1829.715898][   T31]  do_syscall_64+0xfa/0x3b0
[ 1829.720406][   T31]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1829.725675][   T31]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1829.731749][   T31]  ? clear_bhb_loop+0x60/0xb0
[ 1829.736513][   T31]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1829.742406][   T31] RIP: 0033:0x7f27f6ae2407
[ 1829.746917][   T31] RSP: 002b:00007ffc74d09680 EFLAGS: 00000202 ORIG_RAX: 000000000000002e
[ 1829.755689][   T31] RAX: ffffffffffffffda RBX: 00007f27f6a58740 RCX: 00007f27f6ae2407
[ 1829.763670][   T31] RDX: 0000000000000000 RSI: 00007ffc74d09700 RDI: 000000000000000e
[ 1829.771742][   T31] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[ 1829.779790][   T31] R10: 0000000000000000 R11: 0000000000000202 R12: 0000556fdb8dbe10
[ 1829.787827][   T31] R13: 000000000000000e R14: 00007ffc74d0e200 R15: 00005570049915c0
[ 1829.795944][   T31]  </TASK>
[ 1829.799288][   T31] INFO: task kworker/1:4:5890 blocked for more than 143 seconds.
[ 1829.807230][   T31]       Not tainted 6.16.0-rc4-syzkaller-00123-g4c06e63b9203 #0
[ 1829.814928][   T31] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[ 1829.823594][   T31] task:kworker/1:4     state:D stack:23080 pid:5890  tgid:5890  ppid:2      task_flags:0x4208060 flags:0x00004000
[ 1829.835669][   T31] Workqueue: events rfkill_op_handler
[ 1829.841065][   T31] Call Trace:
[ 1829.850386][   T31]  <TASK>
[ 1829.853332][   T31]  __schedule+0x16a2/0x4cb0
[ 1829.858232][   T31]  ? schedule+0x165/0x360
[ 1829.862581][   T31]  ? __pfx___schedule+0x10/0x10
[ 1829.867635][   T31]  ? schedule+0x91/0x360
[ 1829.871893][   T31]  schedule+0x165/0x360
[ 1829.876184][   T31]  schedule_preempt_disabled+0x13/0x30
[ 1829.881650][   T31]  __mutex_lock+0x724/0xe80
[ 1829.886213][   T31]  ? __lock_acquire+0xab9/0xd20
[ 1829.891065][   T31]  ? __mutex_lock+0x51b/0xe80
[ 1829.895799][   T31]  ? nfc_rfkill_set_block+0x50/0x2e0
[ 1829.901087][   T31]  ? __pfx___mutex_lock+0x10/0x10
[ 1829.906196][   T31]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1829.911413][   T31]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[ 1829.917375][   T31]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[ 1829.923714][   T31]  ? kobject_uevent_env+0x36b/0x8c0
[ 1829.929044][   T31]  ? __pfx_nfc_rfkill_set_block+0x10/0x10
[ 1829.935027][   T31]  nfc_rfkill_set_block+0x50/0x2e0
[ 1829.940148][   T31]  ? __pfx_nfc_rfkill_set_block+0x10/0x10
[ 1829.946359][   T31]  rfkill_set_block+0x1cf/0x440
[ 1829.951227][   T31]  rfkill_epo+0x7e/0x180
[ 1829.955526][   T31]  rfkill_op_handler+0x84/0x240
[ 1829.960378][   T31]  ? process_scheduled_works+0x9ef/0x17b0
[ 1829.966482][   T31]  process_scheduled_works+0xae1/0x17b0
[ 1829.972046][   T31]  ? __pfx_process_scheduled_works+0x10/0x10
[ 1829.978085][   T31]  worker_thread+0x8a0/0xda0
[ 1829.982687][   T31]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[ 1829.989219][   T31]  ? __kthread_parkme+0x7b/0x200
[ 1829.994156][   T31]  kthread+0x711/0x8a0
[ 1829.998370][   T31]  ? __pfx_worker_thread+0x10/0x10
[ 1830.003485][   T31]  ? __pfx_kthread+0x10/0x10
[ 1830.008100][   T31]  ? _raw_spin_unlock_irq+0x23/0x50
[ 1830.013309][   T31]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1830.018551][   T31]  ? __pfx_kthread+0x10/0x10
[ 1830.023151][   T31]  ret_from_fork+0x3fc/0x770
[ 1830.027783][   T31]  ? __pfx_ret_from_fork+0x10/0x10
[ 1830.032898][   T31]  ? __switch_to_asm+0x39/0x70
[ 1830.037704][   T31]  ? __switch_to_asm+0x33/0x70
[ 1830.042470][   T31]  ? __pfx_kthread+0x10/0x10
[ 1830.047137][   T31]  ret_from_fork_asm+0x1a/0x30
[ 1830.051936][   T31]  </TASK>
[ 1830.055058][   T31] INFO: task kworker/1:2:13674 blocked for more than 143 seconds.
[ 1830.062867][   T31]       Not tainted 6.16.0-rc4-syzkaller-00123-g4c06e63b9203 #0
[ 1830.070570][   T31] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[ 1830.079290][   T31] task:kworker/1:2     state:D stack:24296 pid:13674 tgid:13674 ppid:2      task_flags:0x4208060 flags:0x00004000
[ 1830.091954][   T31] Workqueue: events rfkill_global_led_trigger_worker
[ 1830.098815][   T31] Call Trace:
[ 1830.102136][   T31]  <TASK>
[ 1830.105333][   T31]  __schedule+0x16a2/0x4cb0
[ 1830.109859][   T31]  ? schedule+0x165/0x360
[ 1830.114205][   T31]  ? preempt_schedule+0xae/0xc0
[ 1830.119125][   T31]  ? __pfx___schedule+0x10/0x10
[ 1830.123963][   T31]  ? preempt_schedule+0xae/0xc0
[ 1830.128852][   T31]  ? schedule+0x91/0x360
[ 1830.133104][   T31]  schedule+0x165/0x360
[ 1830.137319][   T31]  schedule_preempt_disabled+0x13/0x30
[ 1830.142798][   T31]  __mutex_lock+0x724/0xe80
[ 1830.147322][   T31]  ? look_up_lock_class+0x74/0x170
[ 1830.152460][   T31]  ? __mutex_lock+0x51b/0xe80
[ 1830.157230][   T31]  ? rfkill_global_led_trigger_worker+0x27/0xd0
[ 1830.163481][   T31]  ? __pfx___mutex_lock+0x10/0x10
[ 1830.168693][   T31]  ? process_scheduled_works+0x9ef/0x17b0
[ 1830.174491][   T31]  ? process_scheduled_works+0x9ef/0x17b0
[ 1830.180217][   T31]  rfkill_global_led_trigger_worker+0x27/0xd0
[ 1830.186373][   T31]  ? process_scheduled_works+0x9ef/0x17b0
[ 1830.192112][   T31]  process_scheduled_works+0xae1/0x17b0
[ 1830.197918][   T31]  ? __pfx_process_scheduled_works+0x10/0x10
[ 1830.203932][   T31]  worker_thread+0x8a0/0xda0
[ 1830.208600][   T31]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[ 1830.215122][   T31]  ? __kthread_parkme+0x7b/0x200
[ 1830.220062][   T31]  kthread+0x711/0x8a0
[ 1830.224159][   T31]  ? __pfx_worker_thread+0x10/0x10
[ 1830.229310][   T31]  ? __pfx_kthread+0x10/0x10
[ 1830.233909][   T31]  ? _raw_spin_unlock_irq+0x23/0x50
[ 1830.239163][   T31]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1830.244393][   T31]  ? __pfx_kthread+0x10/0x10
[ 1830.248974][   T31]  ret_from_fork+0x3fc/0x770
[ 1830.253550][   T31]  ? __pfx_ret_from_fork+0x10/0x10
[ 1830.258777][   T31]  ? __switch_to_asm+0x39/0x70
[ 1830.263551][   T31]  ? __switch_to_asm+0x33/0x70
[ 1830.268342][   T31]  ? __pfx_kthread+0x10/0x10
[ 1830.272956][   T31]  ret_from_fork_asm+0x1a/0x30
[ 1830.277846][   T31]  </TASK>
[ 1830.280911][   T31] INFO: task syz.5.4113:22116 blocked for more than 144 seconds.
[ 1830.293227][   T31]       Not tainted 6.16.0-rc4-syzkaller-00123-g4c06e63b9203 #0
[ 1830.301070][   T31] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[ 1830.309838][   T31] task:syz.5.4113      state:D stack:25096 pid:22116 tgid:22116 ppid:17596  task_flags:0x400040 flags:0x00004006
[ 1830.321968][   T31] Call Trace:
[ 1830.325316][   T31]  <TASK>
[ 1830.328264][   T31]  __schedule+0x16a2/0x4cb0
[ 1830.332799][   T31]  ? __lock_acquire+0xa60/0xd20
[ 1830.337731][   T31]  ? schedule+0x165/0x360
[ 1830.342084][   T31]  ? __pfx___schedule+0x10/0x10
[ 1830.347001][   T31]  ? schedule+0x91/0x360
[ 1830.351257][   T31]  schedule+0x165/0x360
[ 1830.355519][   T31]  schedule_preempt_disabled+0x13/0x30
[ 1830.360994][   T31]  __mutex_lock+0x724/0xe80
[ 1830.365594][   T31]  ? kobject_put+0x43f/0x480
[ 1830.370187][   T31]  ? __mutex_lock+0x51b/0xe80
[ 1830.374903][   T31]  ? rfkill_unregister+0xc8/0x220
[ 1830.379938][   T31]  ? __pfx___mutex_lock+0x10/0x10
[ 1830.385016][   T31]  ? __pfx_device_del+0x10/0x10
[ 1830.389879][   T31]  rfkill_unregister+0xc8/0x220
[ 1830.394830][   T31]  nfc_unregister_device+0x96/0x2a0
[ 1830.400033][   T31]  ? __pfx_virtual_ncidev_close+0x10/0x10
[ 1830.405801][   T31]  virtual_ncidev_close+0x56/0x90
[ 1830.410833][   T31]  __fput+0x44c/0xa70
[ 1830.414873][   T31]  task_work_run+0x1d4/0x260
[ 1830.419476][   T31]  ? __pfx_task_work_run+0x10/0x10
[ 1830.424645][   T31]  ? exit_to_user_mode_loop+0x40/0x110
[ 1830.430105][   T31]  exit_to_user_mode_loop+0xec/0x110
[ 1830.435462][   T31]  do_syscall_64+0x2bd/0x3b0
[ 1830.440059][   T31]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1830.446159][   T31]  ? asm_sysvec_reschedule_ipi+0x1a/0x20
[ 1830.451800][   T31]  ? clear_bhb_loop+0x60/0xb0
[ 1830.456547][   T31]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1830.462443][   T31] RIP: 0033:0x7ff44918e929
[ 1830.466875][   T31] RSP: 002b:00007ffc49baa368 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4
[ 1830.475379][   T31] RAX: 0000000000000000 RBX: 00007ff4493b7ba0 RCX: 00007ff44918e929
[ 1830.483349][   T31] RDX: 0000000000000000 RSI: 000000000000001e RDI: 0000000000000003
[ 1830.491399][   T31] RBP: 00007ff4493b7ba0 R08: 0000000000000204 R09: 0000001e49baa65f
[ 1830.499394][   T31] R10: 00007ff4493b7ac0 R11: 0000000000000246 R12: 000000000019728b
[ 1830.507390][   T31] R13: 00007ff4493b6080 R14: ffffffffffffffff R15: 00007ffc49baa480
[ 1830.515472][   T31]  </TASK>
[ 1830.518503][   T31] INFO: task syz.1.4141:22251 blocked for more than 144 seconds.
[ 1830.526264][   T31]       Not tainted 6.16.0-rc4-syzkaller-00123-g4c06e63b9203 #0
[ 1830.533891][   T31] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[ 1830.542579][   T31] task:syz.1.4141      state:D stack:24616 pid:22251 tgid:22249 ppid:16483  task_flags:0x400140 flags:0x00004006
[ 1830.554599][   T31] Call Trace:
[ 1830.557876][   T31]  <TASK>
[ 1830.560793][   T31]  __schedule+0x16a2/0x4cb0
[ 1830.565466][   T31]  ? __lock_acquire+0xab9/0xd20
[ 1830.570389][   T31]  ? schedule+0x165/0x360
[ 1830.574780][   T31]  ? __pfx___schedule+0x10/0x10
[ 1830.579664][   T31]  ? schedule+0x91/0x360
[ 1830.583909][   T31]  schedule+0x165/0x360
[ 1830.588112][   T31]  schedule_preempt_disabled+0x13/0x30
[ 1830.593575][   T31]  __mutex_lock+0x724/0xe80
[ 1830.598175][   T31]  ? __mutex_lock+0x51b/0xe80
[ 1830.602865][   T31]  ? rfkill_register+0x37/0x8e0
[ 1830.607752][   T31]  ? __pfx___mutex_lock+0x10/0x10
[ 1830.612779][   T31]  ? netdev_run_todo+0xe1d/0xea0
[ 1830.617773][   T31]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1830.622977][   T31]  ? __pfx_netdev_run_todo+0x10/0x10
[ 1830.628341][   T31]  ? __pfx_mod_delayed_work_on+0x10/0x10
[ 1830.633982][   T31]  rfkill_register+0x37/0x8e0
[ 1830.638727][   T31]  wiphy_register+0x1f3c/0x26b0
[ 1830.643601][   T31]  ? __pfx_wiphy_register+0x10/0x10
[ 1830.648827][   T31]  ? minstrel_ht_alloc+0x6dd/0x7e0
[ 1830.653945][   T31]  ? ieee80211_init_rate_ctrl_alg+0x56d/0x5f0
[ 1830.660039][   T31]  ieee80211_register_hw+0x33e1/0x4120
[ 1830.665554][   T31]  ? ieee80211_register_hw+0x1481/0x4120
[ 1830.671194][   T31]  ? __pfx_ieee80211_register_hw+0x10/0x10
[ 1830.677082][   T31]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[ 1830.683434][   T31]  ? __hrtimer_setup+0x187/0x210
[ 1830.688403][   T31]  ? __pfx_mac80211_hwsim_beacon+0x10/0x10
[ 1830.694259][   T31]  mac80211_hwsim_new_radio+0x2f0e/0x5340
[ 1830.700002][   T31]  ? __pfx__printk+0x10/0x10
[ 1830.704663][   T31]  ? __pfx_mac80211_hwsim_new_radio+0x10/0x10
[ 1830.710744][   T31]  ? __nla_validate_parse+0x251c/0x2d40
[ 1830.716411][   T31]  ? __sock_sendmsg+0x219/0x270
[ 1830.721270][   T31]  ? ____sys_sendmsg+0x505/0x830
[ 1830.726580][   T31]  hwsim_new_radio_nl+0xea4/0x1b10
[ 1830.731709][   T31]  ? __pfx___nla_validate_parse+0x10/0x10
[ 1830.737506][   T31]  ? __pfx_hwsim_new_radio_nl+0x10/0x10
[ 1830.743064][   T31]  ? __nla_parse+0x40/0x60
[ 1830.747510][   T31]  ? genl_family_rcv_msg_attrs_parse+0x1c9/0x2a0
[ 1830.753848][   T31]  genl_family_rcv_msg_doit+0x215/0x300
[ 1830.759473][   T31]  ? __pfx_genl_family_rcv_msg_doit+0x10/0x10
[ 1830.765615][   T31]  ? bpf_lsm_capable+0x9/0x20
[ 1830.770295][   T31]  ? security_capable+0x7e/0x2e0
[ 1830.775272][   T31]  genl_rcv_msg+0x60e/0x790
[ 1830.779787][   T31]  ? __pfx_genl_rcv_msg+0x10/0x10
[ 1830.784853][   T31]  ? __pfx_hwsim_new_radio_nl+0x10/0x10
[ 1830.790409][   T31]  netlink_rcv_skb+0x205/0x470
[ 1830.795276][   T31]  ? __pfx_genl_rcv_msg+0x10/0x10
[ 1830.800306][   T31]  ? __pfx_netlink_rcv_skb+0x10/0x10
[ 1830.805723][   T31]  ? down_read+0x1ad/0x2e0
[ 1830.810152][   T31]  genl_rcv+0x28/0x40
[ 1830.814118][   T31]  netlink_unicast+0x758/0x8d0
[ 1830.818937][   T31]  netlink_sendmsg+0x805/0xb30
[ 1830.823733][   T31]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 1830.829095][   T31]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[ 1830.834467][   T31]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 1830.839764][   T31]  __sock_sendmsg+0x219/0x270
[ 1830.844477][   T31]  ____sys_sendmsg+0x505/0x830
[ 1830.849252][   T31]  ? __pfx_____sys_sendmsg+0x10/0x10
[ 1830.854628][   T31]  ? import_iovec+0x74/0xa0
[ 1830.859158][   T31]  ___sys_sendmsg+0x21f/0x2a0
[ 1830.863841][   T31]  ? __pfx____sys_sendmsg+0x10/0x10
[ 1830.869131][   T31]  ? __fget_files+0x2a/0x420
[ 1830.873730][   T31]  ? __fget_files+0x3a0/0x420
[ 1830.878495][   T31]  __x64_sys_sendmsg+0x19b/0x260
[ 1830.883445][   T31]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[ 1830.889277][   T31]  ? rcu_is_watching+0x15/0xb0
[ 1830.894060][   T31]  ? do_syscall_64+0xbe/0x3b0
[ 1830.898781][   T31]  do_syscall_64+0xfa/0x3b0
[ 1830.903288][   T31]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1830.908522][   T31]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1830.914694][   T31]  ? clear_bhb_loop+0x60/0xb0
[ 1830.919387][   T31]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1830.925331][   T31] RIP: 0033:0x7f4848f8e929
[ 1830.929758][   T31] RSP: 002b:00007f4849d10038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 1830.938241][   T31] RAX: ffffffffffffffda RBX: 00007f48491b5fa0 RCX: 00007f4848f8e929
[ 1830.946274][   T31] RDX: 0000000000000004 RSI: 00002000000003c0 RDI: 000000000000000e
[ 1830.954336][   T31] RBP: 00007f4849010b39 R08: 0000000000000000 R09: 0000000000000000
[ 1830.962330][   T31] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 1830.970594][   T31] R13: 0000000000000000 R14: 00007f48491b5fa0 R15: 00007ffc77d61568
[ 1830.978656][   T31]  </TASK>
[ 1830.981690][   T31] INFO: task syz.4.4151:22314 blocked for more than 144 seconds.
[ 1830.989445][   T31]       Not tainted 6.16.0-rc4-syzkaller-00123-g4c06e63b9203 #0
[ 1830.997122][   T31] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[ 1831.005924][   T31] task:syz.4.4151      state:D stack:28328 pid:22314 tgid:22313 ppid:18333  task_flags:0x400140 flags:0x00004004
[ 1831.017883][   T31] Call Trace:
[ 1831.021148][   T31]  <TASK>
[ 1831.024064][   T31]  __schedule+0x16a2/0x4cb0
[ 1831.028600][   T31]  ? __lock_acquire+0xab9/0xd20
[ 1831.033471][   T31]  ? __lock_acquire+0xab9/0xd20
[ 1831.038388][   T31]  ? schedule+0x165/0x360
[ 1831.042731][   T31]  ? __pfx___schedule+0x10/0x10
[ 1831.047734][   T31]  ? schedule+0x91/0x360
[ 1831.051994][   T31]  schedule+0x165/0x360
[ 1831.056196][   T31]  schedule_preempt_disabled+0x13/0x30
[ 1831.061674][   T31]  __mutex_lock+0x724/0xe80
[ 1831.066242][   T31]  ? unwind_get_return_address+0x4d/0x90
[ 1831.071891][   T31]  ? __mutex_lock+0x51b/0xe80
[ 1831.076620][   T31]  ? genl_rcv_msg+0x10d/0x790
[ 1831.081318][   T31]  ? __pfx___mutex_lock+0x10/0x10
[ 1831.086395][   T31]  ? stack_trace_save+0x9c/0xe0
[ 1831.091273][   T31]  ? radix_tree_lookup+0x240/0x290
[ 1831.096463][   T31]  genl_rcv_msg+0x10d/0x790
[ 1831.100978][   T31]  ? __lock_acquire+0xab9/0xd20
[ 1831.105868][   T31]  ? __pfx_genl_rcv_msg+0x10/0x10
[ 1831.110911][   T31]  netlink_rcv_skb+0x205/0x470
[ 1831.115704][   T31]  ? __pfx_genl_rcv_msg+0x10/0x10
[ 1831.120744][   T31]  ? __pfx_netlink_rcv_skb+0x10/0x10
[ 1831.127036][   T31]  ? down_read+0x1ad/0x2e0
[ 1831.131483][   T31]  genl_rcv+0x28/0x40
[ 1831.135737][   T31]  netlink_unicast+0x758/0x8d0
[ 1831.140500][   T31]  netlink_sendmsg+0x805/0xb30
[ 1831.145326][   T31]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 1831.150621][   T31]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[ 1831.155970][   T31]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 1831.161264][   T31]  __sock_sendmsg+0x219/0x270
[ 1831.165995][   T31]  __sys_sendto+0x3bd/0x520
[ 1831.170516][   T31]  ? __pfx___sys_sendto+0x10/0x10
[ 1831.175603][   T31]  ? count_memcg_event_mm+0x21/0x260
[ 1831.180905][   T31]  ? exc_page_fault+0x76/0xf0
[ 1831.185671][   T31]  ? do_user_addr_fault+0xc8a/0x1390
[ 1831.190978][   T31]  __x64_sys_sendto+0xde/0x100
[ 1831.195793][   T31]  do_syscall_64+0xfa/0x3b0
[ 1831.200307][   T31]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1831.205573][   T31]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1831.211643][   T31]  ? clear_bhb_loop+0x60/0xb0
[ 1831.216365][   T31]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1831.222263][   T31] RIP: 0033:0x7fc5477907bc
[ 1831.226767][   T31] RSP: 002b:00007fc54869bec0 EFLAGS: 00000293 ORIG_RAX: 000000000000002c
[ 1831.235209][   T31] RAX: ffffffffffffffda RBX: 00007fc54869bfc0 RCX: 00007fc5477907bc
[ 1831.243162][   T31] RDX: 0000000000000024 RSI: 00007fc54869c010 RDI: 0000000000000004
[ 1831.251178][   T31] RBP: 0000000000000000 R08: 00007fc54869bf14 R09: 000000000000000c
[ 1831.259166][   T31] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000004
[ 1831.267171][   T31] R13: 00007fc54869bf68 R14: 00007fc54869c010 R15: 0000000000000000
[ 1831.275184][   T31]  </TASK>
[ 1831.278198][   T31] INFO: task syz.0.4161:22401 blocked for more than 145 seconds.
[ 1831.286327][   T31]       Not tainted 6.16.0-rc4-syzkaller-00123-g4c06e63b9203 #0
[ 1831.293965][   T31] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[ 1831.302691][   T31] task:syz.0.4161      state:D stack:28328 pid:22401 tgid:22399 ppid:17908  task_flags:0x400040 flags:0x00004004
[ 1831.314689][   T31] Call Trace:
[ 1831.317992][   T31]  <TASK>
[ 1831.320933][   T31]  __schedule+0x16a2/0x4cb0
[ 1831.325514][   T31]  ? __lock_acquire+0xab9/0xd20
[ 1831.330385][   T31]  ? schedule+0x165/0x360
[ 1831.334798][   T31]  ? __pfx___schedule+0x10/0x10
[ 1831.339664][   T31]  ? schedule+0x91/0x360
[ 1831.343903][   T31]  schedule+0x165/0x360
[ 1831.348118][   T31]  schedule_preempt_disabled+0x13/0x30
[ 1831.353583][   T31]  __mutex_lock+0x724/0xe80
[ 1831.358142][   T31]  ? __mutex_lock+0x51b/0xe80
[ 1831.362828][   T31]  ? genl_rcv_msg+0x10d/0x790
[ 1831.367661][   T31]  ? __pfx___mutex_lock+0x10/0x10
[ 1831.372712][   T31]  ? __pfx___dev_queue_xmit+0x10/0x10
[ 1831.378131][   T31]  ? radix_tree_lookup+0x240/0x290
[ 1831.383253][   T31]  genl_rcv_msg+0x10d/0x790
[ 1831.387792][   T31]  ? __pfx_genl_rcv_msg+0x10/0x10
[ 1831.392911][   T31]  ? ref_tracker_free+0x63a/0x7d0
[ 1831.397985][   T31]  ? __copy_skb_header+0xa7/0x550
[ 1831.403017][   T31]  ? __pfx_ref_tracker_free+0x10/0x10
[ 1831.408471][   T31]  netlink_rcv_skb+0x205/0x470
[ 1831.413245][   T31]  ? __pfx_genl_rcv_msg+0x10/0x10
[ 1831.418296][   T31]  ? __pfx_netlink_rcv_skb+0x10/0x10
[ 1831.423594][   T31]  ? down_read+0x1ad/0x2e0
[ 1831.428054][   T31]  genl_rcv+0x28/0x40
[ 1831.432046][   T31]  netlink_unicast+0x758/0x8d0
[ 1831.436868][   T31]  netlink_sendmsg+0x805/0xb30
[ 1831.441643][   T31]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 1831.446996][   T31]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[ 1831.452300][   T31]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 1831.457662][   T31]  __sock_sendmsg+0x219/0x270
[ 1831.462369][   T31]  __sys_sendto+0x3bd/0x520
[ 1831.466947][   T31]  ? __pfx___sys_sendto+0x10/0x10
[ 1831.471984][   T31]  ? count_memcg_event_mm+0x21/0x260
[ 1831.477311][   T31]  ? exc_page_fault+0x76/0xf0
[ 1831.481998][   T31]  ? do_user_addr_fault+0xc8a/0x1390
[ 1831.487329][   T31]  __x64_sys_sendto+0xde/0x100
[ 1831.492100][   T31]  do_syscall_64+0xfa/0x3b0
[ 1831.496636][   T31]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1831.501844][   T31]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1831.507955][   T31]  ? clear_bhb_loop+0x60/0xb0
[ 1831.512635][   T31]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1831.518569][   T31] RIP: 0033:0x7fa4025907bc
[ 1831.522989][   T31] RSP: 002b:00007fa4033efec0 EFLAGS: 00000293 ORIG_RAX: 000000000000002c
[ 1831.531436][   T31] RAX: ffffffffffffffda RBX: 00007fa4033effc0 RCX: 00007fa4025907bc
[ 1831.539449][   T31] RDX: 0000000000000020 RSI: 00007fa4033f0010 RDI: 0000000000000005
[ 1831.547459][   T31] RBP: 0000000000000000 R08: 00007fa4033eff14 R09: 000000000000000c
[ 1831.555466][   T31] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000005
[ 1831.563419][   T31] R13: 00007fa4033eff68 R14: 00007fa4033f0010 R15: 0000000000000000
[ 1831.571457][   T31]  </TASK>
[ 1831.574534][   T31] INFO: task syz-executor:22447 blocked for more than 145 seconds.
[ 1831.582430][   T31]       Not tainted 6.16.0-rc4-syzkaller-00123-g4c06e63b9203 #0
[ 1831.590123][   T31] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[ 1831.598803][   T31] task:syz-executor    state:D stack:27096 pid:22447 tgid:22447 ppid:1      task_flags:0x400040 flags:0x00004000
[ 1831.610751][   T31] Call Trace:
[ 1831.614015][   T31]  <TASK>
[ 1831.617000][   T31]  __schedule+0x16a2/0x4cb0
[ 1831.621520][   T31]  ? __lock_acquire+0xa61/0xd20
[ 1831.626416][   T31]  ? schedule+0x165/0x360
[ 1831.630756][   T31]  ? __pfx___schedule+0x10/0x10
[ 1831.635664][   T31]  ? schedule+0x91/0x360
[ 1831.639922][   T31]  schedule+0x165/0x360
[ 1831.644067][   T31]  schedule_preempt_disabled+0x13/0x30
[ 1831.649568][   T31]  __mutex_lock+0x724/0xe80
[ 1831.654079][   T31]  ? __mutex_lock+0x51b/0xe80
[ 1831.658790][   T31]  ? rfkill_register+0x37/0x8e0
[ 1831.663652][   T31]  ? __pfx___mutex_lock+0x10/0x10
[ 1831.668718][   T31]  ? __raw_spin_lock_init+0x45/0x100
[ 1831.674008][   T31]  ? __init_waitqueue_head+0xa9/0x150
[ 1831.679435][   T31]  ? device_initialize+0x24b/0x440
[ 1831.684666][   T31]  rfkill_register+0x37/0x8e0
[ 1831.689370][   T31]  hci_register_dev+0x3f5/0x890
[ 1831.694208][   T31]  vhci_create_device+0x39c/0x6e0
[ 1831.699292][   T31]  vhci_write+0x3ce/0x4a0
[ 1831.703606][   T31]  vfs_write+0x548/0xa90
[ 1831.707907][   T31]  ? __pfx_vhci_write+0x10/0x10
[ 1831.712768][   T31]  ? __pfx_vfs_write+0x10/0x10
[ 1831.717589][   T31]  ? count_memcg_event_mm+0x21/0x260
[ 1831.722904][   T31]  ksys_write+0x145/0x250
[ 1831.727279][   T31]  ? __pfx_ksys_write+0x10/0x10
[ 1831.732140][   T31]  ? do_syscall_64+0xbe/0x3b0
[ 1831.736922][   T31]  do_syscall_64+0xfa/0x3b0
[ 1831.741431][   T31]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1831.746654][   T31]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1831.752725][   T31]  ? clear_bhb_loop+0x60/0xb0
[ 1831.757463][   T31]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1831.763358][   T31] RIP: 0033:0x7f5a1bd8d3a0
[ 1831.767954][   T31] RSP: 002b:00007ffe00722e38 EFLAGS: 00000202 ORIG_RAX: 0000000000000001
[ 1831.776415][   T31] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007f5a1bd8d3a0
[ 1831.784434][   T31] RDX: 0000000000000002 RSI: 00007ffe00722e4a RDI: 00000000000000ca
[ 1831.792404][   T31] RBP: 00007f5a1bfb6738 R08: 0000000000000000 R09: 00007f5a1caed6c0
[ 1831.800415][   T31] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000000000008
[ 1831.808423][   T31] R13: 0000000000000003 R14: 0000000000000009 R15: 0000000000000000
[ 1831.816461][   T31]  </TASK>
[ 1831.819491][   T31] INFO: task syz.3.4168:22456 blocked for more than 145 seconds.
[ 1831.827264][   T31]       Not tainted 6.16.0-rc4-syzkaller-00123-g4c06e63b9203 #0
[ 1831.834921][   T31] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[ 1831.843594][   T31] task:syz.3.4168      state:D stack:28312 pid:22456 tgid:22455 ppid:16797  task_flags:0x400040 flags:0x00004004
[ 1831.855648][   T31] Call Trace:
[ 1831.858944][   T31]  <TASK>
[ 1831.861887][   T31]  __schedule+0x16a2/0x4cb0
[ 1831.866464][   T31]  ? __lock_acquire+0xab9/0xd20
[ 1831.871320][   T31]  ? schedule+0x165/0x360
[ 1831.875706][   T31]  ? __pfx___schedule+0x10/0x10
[ 1831.880583][   T31]  ? schedule+0x91/0x360
[ 1831.884887][   T31]  schedule+0x165/0x360
[ 1831.889059][   T31]  schedule_preempt_disabled+0x13/0x30
[ 1831.894558][   T31]  __mutex_lock+0x724/0xe80
[ 1831.899068][   T31]  ? __mutex_lock+0x51b/0xe80
[ 1831.903733][   T31]  ? genl_rcv_msg+0x10d/0x790
[ 1831.908467][   T31]  ? __pfx___mutex_lock+0x10/0x10
[ 1831.913501][   T31]  ? __pfx___dev_queue_xmit+0x10/0x10
[ 1831.918912][   T31]  ? radix_tree_lookup+0x240/0x290
[ 1831.924031][   T31]  genl_rcv_msg+0x10d/0x790
[ 1831.928662][   T31]  ? __pfx_genl_rcv_msg+0x10/0x10
[ 1831.933811][   T31]  ? ref_tracker_free+0x63a/0x7d0
[ 1831.938943][   T31]  ? __copy_skb_header+0xa7/0x550
[ 1831.943982][   T31]  ? __pfx_ref_tracker_free+0x10/0x10
[ 1831.949411][   T31]  netlink_rcv_skb+0x205/0x470
[ 1831.954180][   T31]  ? __pfx_genl_rcv_msg+0x10/0x10
[ 1831.959245][   T31]  ? __pfx_netlink_rcv_skb+0x10/0x10
[ 1831.964600][   T31]  ? down_read+0x1ad/0x2e0
[ 1831.969040][   T31]  genl_rcv+0x28/0x40
[ 1831.973007][   T31]  netlink_unicast+0x758/0x8d0
[ 1831.978487][   T31]  netlink_sendmsg+0x805/0xb30
[ 1831.983294][   T31]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 1831.988644][   T31]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[ 1831.993946][   T31]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 1831.999265][   T31]  __sock_sendmsg+0x219/0x270
[ 1832.003936][   T31]  __sys_sendto+0x3bd/0x520
[ 1832.008530][   T31]  ? __pfx___sys_sendto+0x10/0x10
[ 1832.013577][   T31]  ? count_memcg_event_mm+0x21/0x260
[ 1832.018912][   T31]  ? exc_page_fault+0x76/0xf0
[ 1832.023598][   T31]  ? do_user_addr_fault+0xc8a/0x1390
[ 1832.028939][   T31]  __x64_sys_sendto+0xde/0x100
[ 1832.033744][   T31]  do_syscall_64+0xfa/0x3b0
[ 1832.038285][   T31]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1832.043489][   T31]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1832.049576][   T31]  ? clear_bhb_loop+0x60/0xb0
[ 1832.054295][   T31]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1832.060191][   T31] RIP: 0033:0x7f95943907bc
[ 1832.064647][   T31] RSP: 002b:00007f959518aec0 EFLAGS: 00000293 ORIG_RAX: 000000000000002c
[ 1832.073063][   T31] RAX: ffffffffffffffda RBX: 00007f959518afc0 RCX: 00007f95943907bc
[ 1832.081069][   T31] RDX: 0000000000000020 RSI: 00007f959518b010 RDI: 0000000000000004
[ 1832.089118][   T31] RBP: 0000000000000000 R08: 00007f959518af14 R09: 000000000000000c
[ 1832.097161][   T31] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000004
[ 1832.105181][   T31] R13: 00007f959518af68 R14: 00007f959518b010 R15: 0000000000000000
[ 1832.113178][   T31]  </TASK>
[ 1832.116272][   T31] 
[ 1832.116272][   T31] Showing all locks held in the system:
[ 1832.123987][   T31] 1 lock held by khungtaskd/31:
[ 1832.128870][   T31]  #0: ffffffff8e13ee20 (rcu_read_lock){....}-{1:3}, at: debug_show_all_locks+0x2e/0x180
[ 1832.138802][   T31] 2 locks held by dhcpcd/5502:
[ 1832.143543][   T31]  #0: ffffffff8f5704b0 (cb_lock){++++}-{4:4}, at: genl_rcv+0x19/0x40
[ 1832.151749][   T31]  #1: ffffffff8f5702c8 (genl_mutex){+.+.}-{4:4}, at: genl_rcv_msg+0x10d/0x790
[ 1832.160771][   T31] 2 locks held by getty/5599:
[ 1832.165569][   T31]  #0: ffff88814d9b00a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x25/0x70
[ 1832.175580][   T31]  #1: ffffc9000333b2f0 (&ldata->atomic_read_lock){+.+.}-{4:4}, at: n_tty_read+0x43e/0x1400
[ 1832.185780][   T31] 4 locks held by kworker/1:4/5890:
[ 1832.190974][   T31]  #0: ffff88801a480d48 ((wq_completion)events){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0
[ 1832.202004][   T31]  #1: ffffc900044bfbc0 ((rfkill_op_work).work){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0
[ 1832.213036][   T31]  #2: ffffffff8f7e5428 (rfkill_global_mutex){+.+.}-{4:4}, at: rfkill_epo+0x4c/0x180
[ 1832.222576][   T31]  #3: ffff88805ae1d100 (&dev->mutex){....}-{4:4}, at: nfc_rfkill_set_block+0x50/0x2e0
[ 1832.232337][   T31] 3 locks held by kworker/1:2/13674:
[ 1832.237675][   T31]  #0: ffff88801a480d48 ((wq_completion)events){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0
[ 1832.248757][   T31]  #1: ffffc90003a27bc0 ((work_completion)(&rfkill_global_led_trigger_work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0
[ 1832.262335][   T31]  #2: ffffffff8f7e5428 (rfkill_global_mutex){+.+.}-{4:4}, at: rfkill_global_led_trigger_worker+0x27/0xd0
[ 1832.273740][   T31] 3 locks held by kworker/u8:8/17183:
[ 1832.279160][   T31]  #0: ffff8880b8639e18 (&rq->__lock){-.-.}-{2:2}, at: raw_spin_rq_lock_nested+0x2a/0x140
[ 1832.289138][   T31]  #1: ffff8880b8623f08 (&per_cpu_ptr(group->pcpu, cpu)->seq){-.-.}-{0:0}, at: psi_task_switch+0x39e/0x6d0
[ 1832.300572][   T31]  #2: ffff8880b8625958 (&base->lock){-.-.}-{2:2}, at: __mod_timer+0x1ae/0xf30
[ 1832.309622][   T31] 2 locks held by syz.5.4113/22116:
[ 1832.314862][   T31]  #0: ffff88805ae1d100 (&dev->mutex){....}-{4:4}, at: nfc_unregister_device+0x63/0x2a0
[ 1832.324722][   T31]  #1: ffffffff8f7e5428 (rfkill_global_mutex){+.+.}-{4:4}, at: rfkill_unregister+0xc8/0x220
[ 1832.335131][   T31] 3 locks held by syz.1.4141/22251:
[ 1832.340329][   T31]  #0: ffffffff8f5704b0 (cb_lock){++++}-{4:4}, at: genl_rcv+0x19/0x40
[ 1832.348654][   T31]  #1: ffffffff8f5702c8 (genl_mutex){+.+.}-{4:4}, at: genl_rcv_msg+0x10d/0x790
[ 1832.357742][   T31]  #2: ffffffff8f7e5428 (rfkill_global_mutex){+.+.}-{4:4}, at: rfkill_register+0x37/0x8e0
[ 1832.367899][   T31] 2 locks held by syz.4.4151/22314:
[ 1832.373090][   T31]  #0: ffffffff8f5704b0 (cb_lock){++++}-{4:4}, at: genl_rcv+0x19/0x40
[ 1832.381326][   T31]  #1: ffffffff8f5702c8 (genl_mutex){+.+.}-{4:4}, at: genl_rcv_msg+0x10d/0x790
[ 1832.390443][   T31] 2 locks held by syz.0.4161/22401:
[ 1832.395716][   T31]  #0: ffffffff8f5704b0 (cb_lock){++++}-{4:4}, at: genl_rcv+0x19/0x40
[ 1832.403940][   T31]  #1: ffffffff8f5702c8 (genl_mutex){+.+.}-{4:4}, at: genl_rcv_msg+0x10d/0x790
[ 1832.413046][   T31] 2 locks held by syz-executor/22447:
[ 1832.418743][   T31]  #0: ffff88805d0fb118 (&data->open_mutex){+.+.}-{4:4}, at: vhci_create_device+0x34/0x6e0
[ 1832.428821][   T31]  #1: ffffffff8f7e5428 (rfkill_global_mutex){+.+.}-{4:4}, at: rfkill_register+0x37/0x8e0
[ 1832.438829][   T31] 2 locks held by syz.3.4168/22456:
[ 1832.444022][   T31]  #0: ffffffff8f5704b0 (cb_lock){++++}-{4:4}, at: genl_rcv+0x19/0x40
[ 1832.452244][   T31]  #1: ffffffff8f5702c8 (genl_mutex){+.+.}-{4:4}, at: genl_rcv_msg+0x10d/0x790
[ 1832.461274][   T31] 2 locks held by syz-executor/22461:
[ 1832.466692][   T31]  #0: ffff88807a034118 (&data->open_mutex){+.+.}-{4:4}, at: vhci_create_device+0x34/0x6e0
[ 1832.476767][   T31]  #1: ffffffff8f7e5428 (rfkill_global_mutex){+.+.}-{4:4}, at: rfkill_register+0x37/0x8e0
[ 1832.486719][   T31] 2 locks held by syz-executor/22464:
[ 1832.492085][   T31]  #0: ffff888035be2918 (&data->open_mutex){+.+.}-{4:4}, at: vhci_create_device+0x34/0x6e0
[ 1832.502146][   T31]  #1: ffffffff8f7e5428 (rfkill_global_mutex){+.+.}-{4:4}, at: rfkill_register+0x37/0x8e0
[ 1832.512140][   T31] 2 locks held by syz-executor/22469:
[ 1832.517585][   T31]  #0: ffff8880244c0918 (&data->open_mutex){+.+.}-{4:4}, at: vhci_create_device+0x34/0x6e0
[ 1832.527877][   T31]  #1: ffffffff8f7e5428 (rfkill_global_mutex){+.+.}-{4:4}, at: rfkill_register+0x37/0x8e0
[ 1832.537930][   T31] 2 locks held by syz-executor/22471:
[ 1832.543305][   T31]  #0: ffff88807a676918 (&data->open_mutex){+.+.}-{4:4}, at: vhci_create_device+0x34/0x6e0
[ 1832.553379][   T31]  #1: ffffffff8f7e5428 (rfkill_global_mutex){+.+.}-{4:4}, at: rfkill_register+0x37/0x8e0
[ 1832.563360][   T31] 2 locks held by syz-executor/22474:
[ 1832.568770][   T31]  #0: ffff8880277a3918 (&data->open_mutex){+.+.}-{4:4}, at: vhci_create_device+0x34/0x6e0
[ 1832.578917][   T31]  #1: ffffffff8f7e5428 (rfkill_global_mutex){+.+.}-{4:4}, at: rfkill_register+0x37/0x8e0
[ 1832.588896][   T31] 2 locks held by syz-executor/22477:
[ 1832.594318][   T31]  #0: ffff88807d54c918 (&data->open_mutex){+.+.}-{4:4}, at: vhci_create_device+0x34/0x6e0
[ 1832.604392][   T31]  #1: ffffffff8f7e5428 (rfkill_global_mutex){+.+.}-{4:4}, at: rfkill_register+0x37/0x8e0
[ 1832.614391][   T31] 2 locks held by syz-executor/22480:
[ 1832.619761][   T31]  #0: ffff88806c687918 (&data->open_mutex){+.+.}-{4:4}, at: vhci_create_device+0x34/0x6e0
[ 1832.629801][   T31]  #1: ffffffff8f7e5428 (rfkill_global_mutex){+.+.}-{4:4}, at: rfkill_register+0x37/0x8e0
[ 1832.639927][   T31] 2 locks held by syz-executor/22482:
[ 1832.647368][   T31]  #0: ffff88805a34b118 (&data->open_mutex){+.+.}-{4:4}, at: vhci_create_device+0x34/0x6e0
[ 1832.657523][   T31]  #1: ffffffff8f7e5428 (rfkill_global_mutex){+.+.}-{4:4}, at: rfkill_register+0x37/0x8e0
[ 1832.667568][   T31] 2 locks held by syz-executor/22485:
[ 1832.672955][   T31]  #0: ffff88803581e118 (&data->open_mutex){+.+.}-{4:4}, at: vhci_create_device+0x34/0x6e0
[ 1832.683054][   T31]  #1: ffffffff8f7e5428 (rfkill_global_mutex){+.+.}-{4:4}, at: rfkill_register+0x37/0x8e0
[ 1832.693041][   T31] 2 locks held by syz-executor/22488:
[ 1832.698479][   T31]  #0: ffff8880557ba918 (&data->open_mutex){+.+.}-{4:4}, at: vhci_create_device+0x34/0x6e0
[ 1832.708533][   T31]  #1: ffffffff8f7e5428 (rfkill_global_mutex){+.+.}-{4:4}, at: rfkill_register+0x37/0x8e0
[ 1832.718509][   T31] 2 locks held by syz-executor/22491:
[ 1832.723872][   T31]  #0: ffff88805ab73118 (&data->open_mutex){+.+.}-{4:4}, at: vhci_create_device+0x34/0x6e0
[ 1832.734083][   T31]  #1: ffffffff8f7e5428 (rfkill_global_mutex){+.+.}-{4:4}, at: rfkill_register+0x37/0x8e0
[ 1832.744098][   T31] 2 locks held by syz-executor/22494:
[ 1832.749634][   T31]  #0: ffff888058055118 (&data->open_mutex){+.+.}-{4:4}, at: vhci_create_device+0x34/0x6e0
[ 1832.759683][   T31]  #1: ffffffff8f7e5428 (rfkill_global_mutex){+.+.}-{4:4}, at: rfkill_register+0x37/0x8e0
[ 1832.769656][   T31] 2 locks held by syz-executor/22497:
[ 1832.775097][   T31]  #0: ffff8880293b4118 (&data->open_mutex){+.+.}-{4:4}, at: vhci_create_device+0x34/0x6e0
[ 1832.785206][   T31]  #1: ffffffff8f7e5428 (rfkill_global_mutex){+.+.}-{4:4}, at: rfkill_register+0x37/0x8e0
[ 1832.795196][   T31] 2 locks held by syz-executor/22500:
[ 1832.800587][   T31]  #0: ffff88807b7ce918 (&data->open_mutex){+.+.}-{4:4}, at: vhci_create_device+0x34/0x6e0
[ 1832.810742][   T31]  #1: ffffffff8f7e5428 (rfkill_global_mutex){+.+.}-{4:4}, at: rfkill_register+0x37/0x8e0
[ 1832.820740][   T31] 
[ 1832.823066][   T31] =============================================
[ 1832.823066][   T31] 
[ 1832.831614][   T31] NMI backtrace for cpu 0
[ 1832.831628][   T31] CPU: 0 UID: 0 PID: 31 Comm: khungtaskd Not tainted 6.16.0-rc4-syzkaller-00123-g4c06e63b9203 #0 PREEMPT(full) 
[ 1832.831647][   T31] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 1832.831657][   T31] Call Trace:
[ 1832.831663][   T31]  <TASK>
[ 1832.831669][   T31]  dump_stack_lvl+0x189/0x250
[ 1832.831691][   T31]  ? __wake_up_klogd+0xd9/0x110
[ 1832.831714][   T31]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1832.831731][   T31]  ? __pfx__printk+0x10/0x10
[ 1832.831762][   T31]  nmi_cpu_backtrace+0x39e/0x3d0
[ 1832.831786][   T31]  ? __pfx_nmi_cpu_backtrace+0x10/0x10
[ 1832.831804][   T31]  ? _printk+0xcf/0x120
[ 1832.831827][   T31]  ? __pfx__printk+0x10/0x10
[ 1832.831848][   T31]  ? __pfx_nmi_raise_cpu_backtrace+0x10/0x10
[ 1832.831875][   T31]  nmi_trigger_cpumask_backtrace+0x17a/0x300
[ 1832.831899][   T31]  watchdog+0xfee/0x1030
[ 1832.831924][   T31]  ? watchdog+0x1de/0x1030
[ 1832.831955][   T31]  kthread+0x711/0x8a0
[ 1832.831979][   T31]  ? __pfx_watchdog+0x10/0x10
[ 1832.832001][   T31]  ? __pfx_kthread+0x10/0x10
[ 1832.832022][   T31]  ? _raw_spin_unlock_irq+0x23/0x50
[ 1832.832043][   T31]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1832.832064][   T31]  ? __pfx_kthread+0x10/0x10
[ 1832.832084][   T31]  ret_from_fork+0x3fc/0x770
[ 1832.832104][   T31]  ? __pfx_ret_from_fork+0x10/0x10
[ 1832.832126][   T31]  ? __switch_to_asm+0x39/0x70
[ 1832.832144][   T31]  ? __switch_to_asm+0x33/0x70
[ 1832.832161][   T31]  ? __pfx_kthread+0x10/0x10
[ 1832.832182][   T31]  ret_from_fork_asm+0x1a/0x30
[ 1832.832215][   T31]  </TASK>
[ 1832.832222][   T31] Sending NMI from CPU 0 to CPUs 1:
[ 1832.989007][    C1] NMI backtrace for cpu 1
[ 1832.989022][    C1] CPU: 1 UID: 0 PID: 0 Comm: swapper/1 Not tainted 6.16.0-rc4-syzkaller-00123-g4c06e63b9203 #0 PREEMPT(full) 
[ 1832.989040][    C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 1832.989049][    C1] RIP: 0010:pv_native_safe_halt+0x13/0x20
[ 1832.989073][    C1] Code: c3 dd 02 00 cc cc cc 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 66 90 0f 00 2d 63 f5 1f 00 f3 0f 1e fa fb f4 <e9> 98 dd 02 00 cc cc cc cc cc cc cc cc 90 90 90 90 90 90 90 90 90
[ 1832.989085][    C1] RSP: 0018:ffffc90000197de0 EFLAGS: 000002c2
[ 1832.989098][    C1] RAX: 0c4db54c523dbd00 RBX: ffffffff81975c88 RCX: 0c4db54c523dbd00
[ 1832.989109][    C1] RDX: 0000000000000001 RSI: ffffffff8d9833bd RDI: ffffffff8be1bc40
[ 1832.989120][    C1] RBP: ffffc90000197f20 R08: ffff8880b8732f5b R09: 1ffff110170e65eb
[ 1832.989130][    C1] R10: dffffc0000000000 R11: ffffed10170e65ec R12: ffffffff8fa0b2f0
[ 1832.989141][    C1] R13: 0000000000000001 R14: 0000000000000001 R15: 1ffff11003ad4b40
[ 1832.989150][    C1] FS:  0000000000000000(0000) GS:ffff888125d51000(0000) knlGS:0000000000000000
[ 1832.989162][    C1] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 1832.989172][    C1] CR2: 00005561572fe1d0 CR3: 000000000df38000 CR4: 00000000003526f0
[ 1832.989185][    C1] Call Trace:
[ 1832.989191][    C1]  <TASK>
[ 1832.989196][    C1]  default_idle+0x13/0x20
[ 1832.989211][    C1]  default_idle_call+0x74/0xb0
[ 1832.989226][    C1]  do_idle+0x1e8/0x510
[ 1832.989245][    C1]  ? __pfx_do_idle+0x10/0x10
[ 1832.989257][    C1]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1832.989284][    C1]  cpu_startup_entry+0x44/0x60
[ 1832.989298][    C1]  start_secondary+0x101/0x110
[ 1832.989316][    C1]  common_startup_64+0x13e/0x147
[ 1832.989340][    C1]  </TASK>
[ 1832.990162][   T31] Kernel panic - not syncing: hung_task: blocked tasks
[ 1833.163603][   T31] CPU: 1 UID: 0 PID: 31 Comm: khungtaskd Not tainted 6.16.0-rc4-syzkaller-00123-g4c06e63b9203 #0 PREEMPT(full) 
[ 1833.175389][   T31] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 1833.185425][   T31] Call Trace:
[ 1833.188687][   T31]  <TASK>
[ 1833.191600][   T31]  dump_stack_lvl+0x99/0x250
[ 1833.196179][   T31]  ? __asan_memcpy+0x40/0x70
[ 1833.200752][   T31]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1833.206033][   T31]  ? __pfx__printk+0x10/0x10
[ 1833.210650][   T31]  panic+0x2db/0x790
[ 1833.214549][   T31]  ? __pfx_panic+0x10/0x10
[ 1833.218947][   T31]  ? nmi_backtrace_stall_check+0x433/0x440
[ 1833.224745][   T31]  ? preempt_schedule_thunk+0x16/0x30
[ 1833.230106][   T31]  ? nmi_trigger_cpumask_backtrace+0x2b6/0x300
[ 1833.236253][   T31]  watchdog+0x102d/0x1030
[ 1833.240577][   T31]  ? watchdog+0x1de/0x1030
[ 1833.244988][   T31]  kthread+0x711/0x8a0
[ 1833.249044][   T31]  ? __pfx_watchdog+0x10/0x10
[ 1833.253710][   T31]  ? __pfx_kthread+0x10/0x10
[ 1833.258287][   T31]  ? _raw_spin_unlock_irq+0x23/0x50
[ 1833.263469][   T31]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1833.268650][   T31]  ? __pfx_kthread+0x10/0x10
[ 1833.273219][   T31]  ret_from_fork+0x3fc/0x770
[ 1833.277793][   T31]  ? __pfx_ret_from_fork+0x10/0x10
[ 1833.282888][   T31]  ? __switch_to_asm+0x39/0x70
[ 1833.287642][   T31]  ? __switch_to_asm+0x33/0x70
[ 1833.292387][   T31]  ? __pfx_kthread+0x10/0x10
[ 1833.296962][   T31]  ret_from_fork_asm+0x1a/0x30
[ 1833.301714][   T31]  </TASK>
[ 1833.304964][   T31] Kernel Offset: disabled
[ 1833.309280][   T31] Rebooting in 86400 seconds..