last executing test programs:

20.820229977s ago: executing program 2 (id=1439):
r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000000)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x8, 0x1038, 0x1410, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x5, 0x1, 0x3, 0x0, 0x0, 0x0, {0x9, 0x21, 0x0, 0x0, 0x1, {0x22, 0x5}}}}]}}]}}, 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000080)={0xffffffffffffffff, 0x18000000000002a0, 0xcb, 0x0, &(0x7f0000000100)="b9ff03076844268cb89e14f005dd1be0ffff00fe3a21632f77fbac14141de007031762079f4b4d2f87e5feca6aab845013f2325f1a3901050b038da1880b25181aa59d943be3f4aed50ea5a6b8686731cb89ef77123c899b699eeaa8eaa0073461119663906400f30c0600000000000059b6d3296e8ca31bce1d8392078b72f24996ae17dffc2e43c8174b54b620636894aaacf28ff62616363c70a440aec4014caf28c0adc043084617d7ecf41e9d134589d46e5dfc4ca5780d38cae870b9a1df48b238190da450296b0a", 0x0, 0x8, 0x60000000, 0x0, 0x0, 0x0, 0x0}, 0x50)
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
r2 = landlock_create_ruleset(&(0x7f0000000000)={0x1080, 0x1}, 0x18, 0x0)
landlock_restrict_self(r2, 0x1)
bind$inet6(r1, &(0x7f0000000080)={0xa, 0x14e22, 0x0, @ipv4={'\x00', '\xff\xff', @empty}}, 0x1c)
syz_usb_control_io(r0, &(0x7f0000000040)={0x2c, &(0x7f00000001c0)=ANY=[@ANYBLOB="000092000000"], 0x0, 0x0, 0x0, 0x0}, 0x0)
r3 = syz_open_dev$vcsu(&(0x7f0000000200), 0x7fffffffffffffff, 0x40)
openat(r3, &(0x7f0000000240)='./file0\x00', 0x88e00, 0x3)

17.054805024s ago: executing program 0 (id=1447):
r0 = landlock_create_ruleset(&(0x7f0000000000)={0x604, 0x6, 0x1}, 0x18, 0x1)
r1 = syz_usb_connect(0x0, 0x2d, &(0x7f0000000040)=ANY=[@ANYBLOB="12010000fdc01a40f30c74933bbc0000000109021b0001000000000904000001a7a00f00090582"], 0x0)
syz_usb_control_io$printer(r1, 0x0, 0x0)
landlock_add_rule$LANDLOCK_RULE_NET_PORT(r0, 0x2, &(0x7f0000000080)={0x3, 0x3}, 0x0)
gettid()
gettid()
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0600000004000000080000000d"], 0x48)
bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50)
close(0x3)
getpid()

14.587040219s ago: executing program 2 (id=1451):
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
openat$ttyprintk(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x2, 0x0)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r2, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000700)={{0x14}, [@NFT_MSG_NEWRULE={0x54, 0x6, 0xa, 0x40b, 0x0, 0x0, {0x2, 0x0, 0xfffe}, [@NFTA_RULE_EXPRESSIONS={0x2c, 0x4, 0x0, 0x1, [{0x28, 0x1, 0x0, 0x1, @ct={{0x7}, @val={0x1c, 0x2, 0x0, 0x1, [@NFTA_CT_DREG={0x8, 0x1, 0x1, 0x0, 0x2}, @NFTA_CT_KEY={0x8, 0x2, 0x1, 0x0, 0xf}, @NFTA_CT_DIRECTION={0x5}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN_ID={0x8, 0xb, 0x1, 0x0, 0x4}]}, @NFT_MSG_DELOBJ={0x88, 0x14, 0xa, 0x3, 0x0, 0x0, {0x2, 0x0, 0x6}, [@NFTA_OBJ_USERDATA={0x3f, 0x8, "31c1fc69e474db5b6d5b476778442f57342024f272fb561728ce1cd2c9a93331e498a07e26ea689e45ad04c92ccc16cd5949256d465e108e9dfb95"}, @NFTA_OBJ_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_OBJ_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_OBJ_USERDATA={0x1b, 0x8, "f42cf31f3adbc59726108c41cca7784cff3cf11e828794"}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x5}}}, 0x104}, 0x1, 0x0, 0x0, 0x840}, 0x20000054)
r3 = syz_open_dev$ndb(&(0x7f00000001c0), 0x0, 0x80)
ioctl$NBD_SET_BLKSIZE(r3, 0xab01, 0x100)
openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0)
r4 = socket$vsock_stream(0x28, 0x1, 0x0)
connect$vsock_stream(r4, &(0x7f0000000000), 0x10)
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r5, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000005c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x200c0810}, 0x44004)
sendmsg$NFT_BATCH(r5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000540)=ANY=[@ANYRESDEC=r4], 0x68}}, 0x4000000)
r6 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_MSG_GETFLOWTABLE(r6, 0x0, 0x0)
socket$kcm(0x10, 0x2, 0x0)
syz_open_dev$sndctrl(&(0x7f0000000180), 0x2, 0x0)
r7 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000140)='hugetlb.1GB.rsvd.usage_in_bytes\x00', 0x275a, 0x0)
r8 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_DELETE(r8, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000240)=ANY=[@ANYBLOB="e40000000201010800000000000000000a000000d00001800c000280050001000000000014000180080001000000000008000200000000002c00018014000300ff01000000000000000000000000000114000400ff0100000000000000000000000000010c00028005000100000000004700028005000100010000000600064000000000060005"], 0xe4}}, 0x0)
r9 = openat$smackfs_cipsonum(0xffffffffffffff9c, &(0x7f00000010c0)='/sys/fs/smackfs/direct\x00', 0x2, 0x0)
preadv(r9, &(0x7f00000006c0)=[{&(0x7f0000000600)=""/148, 0x94}], 0x1, 0x9, 0xa)
r10 = openat$binfmt(0xffffffffffffff9c, 0x0, 0x41, 0x1ff)
write$binfmt_script(r10, &(0x7f0000000100)={'#! ', './file0'}, 0xb)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x10012, r7, 0x0)
ioctl$DRM_IOCTL_MODE_SETPLANE(r7, 0xc03064b7, &(0x7f00000006c0)={0x0, 0x0, 0x0, 0xe8, 0x4, 0x5, 0x5, 0x8, 0xfffffffe, 0x7, 0x14ae, 0x3})
socket$can_raw(0x1d, 0x3, 0x1)

14.519373004s ago: executing program 4 (id=1452):
r0 = socket$inet6(0xa, 0x3, 0x5)
memfd_secret(0x0)
connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e22, 0x0, @loopback, 0x5}, 0x1c)
r1 = socket$inet6_sctp(0xa, 0x5, 0x84)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x5, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x1)
sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce)
r2 = getpid()
prctl$PR_SCHED_CORE(0x3e, 0x1, r2, 0x2, 0x0)
r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r3, &(0x7f0000002000)=""/102400, 0x19000)
setsockopt$IP6T_SO_SET_REPLACE(r1, 0x29, 0x40, &(0x7f0000000b00)=@raw={'raw\x00', 0x8, 0x3, 0x428, 0xd0, 0xffffffff, 0xffffffff, 0x0, 0xffffffff, 0x358, 0xffffffff, 0xffffffff, 0x358, 0xffffffff, 0x3, 0x0, {[{{@ipv6={@private0, @mcast2, [], [], 'veth0_macvtap\x00', 'dvmrp1\x00'}, 0x0, 0xa8, 0xd0}, @common=@unspec=@NFQUEUE0={0x28}}, {{@ipv6={@remote, @ipv4={'\x00', '\xff\xff', @dev}, [], [], 'wg1\x00', 'gre0\x00'}, 0x0, 0x258, 0x288, 0x0, {}, [@common=@inet=@hashlimit1={{0x58}, {'pim6reg\x00', {0x0, 0x0, 0x5, 0x0, 0x0, 0x7, 0x3ff}}}, @common=@inet=@hashlimit3={{0x158}, {'wg1\x00', {0x3, 0x0, 0x41, 0x0, 0x0, 0x1000, 0x6, 0x3}}}]}, @common=@unspec=@CONNMARK={0x30}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28, '\x00', 0x7}}}}, 0x488)
sendmmsg$inet6(r0, &(0x7f0000003cc0)=[{{0x0, 0x0, &(0x7f0000003980), 0x171}}], 0x400000000000172, 0x4000000)
r4 = syz_usb_connect(0x5, 0x3f, 0x0, 0x0)
openat$nullb(0xffffffffffffff9c, &(0x7f0000000040), 0x800, 0x0)
syz_usb_control_io(r4, 0x0, 0x0)
syz_usb_control_io(r4, 0x0, 0x0)
syz_open_dev$char_usb(0xc, 0xb4, 0x0)
write$binfmt_register(0xffffffffffffffff, 0x0, 0x0)

13.200509778s ago: executing program 2 (id=1455):
r0 = socket$inet6_udplite(0xa, 0x2, 0x88)
sendmmsg$inet6(r0, &(0x7f0000000d80)=[{{&(0x7f0000000000)={0xa, 0x4e21, 0x0, @remote, 0x9}, 0x1c, &(0x7f0000000500)=[{&(0x7f00000005c0)="a41669198f2ac09a7356d4166c24cb71589ae086005cf4b4234fcbcf7d768792129f74e9147590fd3a28684e870be4618ebafb122ae51fcfe5f777f1855f4dc14dfb70f0795490449c4a2295d7066c535cf4787a98a68c0749b9d2bf20eb9dd68efea6a1c592a2bb4dfdf25974432d58300c30e266a43317bc049db953e2900b48434bcb50cea37ea6ae7adfaa56ab8f98c23eced576bae59968a2fab233e7e527e2c8232d5d52aab09996c25b4d0e25f6ca10dc772be61fa6f81eafefb93b5ce6720e68500c668875e9ad20d2308944dd0ba6be", 0xd4}, {&(0x7f0000000480)="d20cabfc069f1309c77dc4c9a872f47e0011e34dbf73724805ea5374124247f97f52e967602b6ea968", 0x29}, {&(0x7f00000004c0)="349705af5b5836b0fface89422f788a2e9aae92710847760f33640308f169c67d5bd6ab41b594922b870c0bfc5ea29346403947c909f992712d3c05308f3", 0x3e}, {&(0x7f00000006c0)="f7080afeab328f5ecf42e4a555ac828f5366605812b10ca05bcc06098860dafa4683117968680ebb20af296c7199e074acc5a0e12d4090ff7be052e8adeac65247181ad06bb6161e841430d8261bec6309e6665cc4007d01f248f1ab1745dd89a94eb56cc7484f4ec2f870ef835e27193a4ef4bb1fab25d818be7c2b982f24e14aca792ea2391d4e07fa44f0ffa61c015de986b1eec9a91ad8c6b49d98", 0x9d}], 0x4, &(0x7f00000020c0)=ANY=[@ANYBLOB="38020000000000002900000036000000004300000000000004013f040100c910ff010000000000000000000000000001c910fc0000000000000000000000000000000001000740000000000e07010101000000010000000200000000000000000000000000000001000000010000002000000000000000ffffffff00000000ffffffffffffff7f06aeb07c1c192077cc9e7c45705803ad5588ca8b194d23f748fe792cfa3d32221f25d73b8ffe64a4ddda6efcfb7483b588194d29c7a04395d8500965a9a1d07879040c44db1d5d6f618d2ab920f0bf168ddc9acc6a51edd1230760d4ae8bf30f5f82a78e8114849ee8e37364560400000035bfa8197ef2ba99103ee5f5aae28ec5c8e2675db11530f5c466d55f2244d479dc653c854406155eada3eaeb90d39149b8d13bab75a9bd1452c8c76284b9ddfbeff41344e64f1771d78a706e1c5a6d63f1c954e24a1e73f75c26e9f09ec9b606cc3470f11c4842db651926bd2263a4a0a8fe80de8b2f9cb176e51819d5f4d10a5d1f0488d5e46953fbfd750f6137fbebe89a8d462158a87f9622355104b4f68d7a6d3ad85c373ea52a25afad37ffb743a5c361158087904b09fcc806d032bac00ee0e0251fc032446e45a3e12417ff4703526ffc45f71567857777927903799e0ba453334186009d22e38099c67b5350c7e82136bba947a18fb61d36fcba1f9efe3d79485d06252702833dc8ee417f40bb9064878fb89dd75a49135e5df148c4ad1e1d5626b44c8112d822f4c9a05e693fd5ae5595627f8684016b37a2bf6d0040030000000000002900000037000000006500000000000000fb1a63687c244e6df3aecb13d6eb957495b669cc032f6d0a11a5e16eed9937b046c9dc1a61dcf9754b767df4735c3f8c37b4d5cd15a99c5a19cc62c921ad4e90d6e3695e85000000a53600d5031b5735acafb556e22279975f958ad437c76573e544506e58455772eb11493af933099a5dc7e9e0c8b907e68e23e59d7b94bc774309e2047132758b60955301f277a9032b0bc47e660b243e9e2126733f13ab99055a0999068ada35a38d105a5efe6c7115774effe28695ecae3944413b7764eefde26ed571d857b2cb2dd1b2a4a84c1fec0799cf90f57f7a6d35e2b60cd425b9372ae4a27f453e5d7da2eacd3b98cdb10cec9152d5829c2511eb0f9600a0cd280f3d08849b6cd43d25e3dcd62f7c7dee6123a2682daf4aa9a856b31e9204c5c2b80b84dbeec05d93a64a550f1ebc326488cd620c6fe1aa266a0ce5b24be03b5037786e037cc85ed61f362e081fb694e12e54fcb9eb0f86d6d91fd159023a073278f84d6ada8f9aa25ec223d268f3291b25392c941740932bd1a82f40a8fc586db23d2f6240ce883e3c1dc1e0d07fc3aa73a9ac82a1538d129c9e66cb6a8100abe95bc4064581e8c01ce65ba3ea751db5d8c0a1173fe62b2fd2d415042a97ade4d274a466b6d997eed6bf5d7a305ead804c36b9e1c314b26676ed83412417610d3cf4d07e5b24cf3de9c790ae93850e0f8bba047b710cf340c78a80cef5f6665a647681ff5f7b6ecce8ab65e26406b6a6e0e72ff8501c545bffc00f034dc3a5b251390ae68bb61d936dc9a24e6f66c72e7911c51c716dfd4304566fb32e6c2745d232f990d0bbe0ddf9dc58398dda292c07b16da766a37c60bd9993b4f21e641036a8afa2ccdb47d7990d5a007faccb2f86664179f2e229723bce870aec3f7f4e529c92add713590ce6c0ea1a0499fb76d32636cfd18b6b39fb48f1a6d46f6ae8f45c47ee8260f9531070d170ab92739be0bdf5b76f8a9b93a5e550dfecab79d2e46085a67024b6be883c79ade2873458fda5a7f4eb62b05634356ee3b45723f4cff19c654ad441ff5b8792df7f18d841c351e195151b1b3532e742a6525c86efdb29653f35ce8e0a41c8c6d39f39531e13aeb1172893eeedd83b6afb939f8e6abc5482696aa48918000000000000002900000037"], 0x590}}], 0x1, 0x8008801)
sendmmsg$inet6(r0, &(0x7f0000019880)=[{{0x0, 0x0, &(0x7f0000019740)=[{&(0x7f0000019940)="69f0", 0x2}], 0x1}}], 0x1, 0x2604082c)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000044c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="54000000020601080000000000000000000000040c000780050015000d41ce55cf00010006000000050005000a00000005000400000000000d000300686173683a6e6574000000000900020073797a3000000000"], 0x54}}, 0x0)
r2 = socket(0x28, 0x5, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r3 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_buf(r3, 0x0, 0x29, &(0x7f00000000c0)="02000000020001000003be8c5ee1768810003c08030300ec", 0x18)
setsockopt$inet_opts(r3, 0x0, 0x9, &(0x7f00000003c0)="1a4bdb783fb2e1afe6acc8453d089e3744501721976874fb8b4256622f1c733959d06e524e4883932430570b8bb5a2bfa9f2f498794b6654bf6cb7f3841454b4167058f7aba57e354578c16fdc17e5d9ef26c56c0f909c5855feead4bdb94eae393f59dc0df57b179a3fcd984eaa1754e4ddc9f49e89b4a2ff6fb29e68bc18828ab2062560ffa918713d3d17d27a65fa8f5e47bf7f32ed95127792c3da8f7a759efa1d4f0a3ca7d22e659613", 0xac)
r4 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x2, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r4}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x100}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r5 = getpid()
sched_setscheduler(r5, 0x2, &(0x7f0000000200)=0x7)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r6=>0xffffffffffffffff, <r7=>0xffffffffffffffff})
connect$unix(r6, &(0x7f000057eff8)=@file={0x0, './cgroup\x00'}, 0x6e)
sendmmsg$unix(r7, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r6, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
setsockopt$SO_RDS_TRANSPORT(0xffffffffffffffff, 0x114, 0x8, &(0x7f00000008c0), 0x4)
ioctl$SIOCSIFMTU(r2, 0x8922, &(0x7f0000000000)={'veth1_macvtap\x00', 0x44})

12.219573075s ago: executing program 3 (id=1456):
setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x7a, 0x4)
setsockopt$SO_ATTACH_FILTER(0xffffffffffffffff, 0x1, 0x1a, &(0x7f0000000140)={0x0, 0x0}, 0x10)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xf, 0x4008032, 0xffffffffffffffff, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15)
socketpair$unix(0x1, 0x0, 0x0, &(0x7f00000000c0)={<r0=>0xffffffffffffffff})
madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x19)
r1 = socket$nl_route(0x10, 0x3, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
mmap$IORING_OFF_SQ_RING(&(0x7f0000a7b000/0x1000)=nil, 0x1000, 0x1000000, 0x100010, 0xffffffffffffffff, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
syz_open_dev$dri(&(0x7f0000000000), 0x1, 0x0)
mount$fuse(0x0, 0x0, 0x0, 0x1010, 0xfffffffffffffffc)
r5 = socket$inet6_tcp(0xa, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000300)={'geneve0\x00', <r6=>0x0})
sendmsg$nl_route_sched(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000480)={&(0x7f0000000080)=@delchain={0x2c, 0x11, 0x1, 0x70bd2b, 0x0, {0x0, 0x0, 0x0, r6, {0x10, 0xf}, {0xffff, 0x5}, {0x7, 0xfff2}}, [@TCA_CHAIN={0x8, 0xb, 0x4}]}, 0x2c}}, 0x0)
madvise(&(0x7f00001f3000/0xd000)=nil, 0xd000, 0xf)
prctl$PR_CAPBSET_READ(0x17, 0x20)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000380)={<r7=>0xffffffffffffffff})
setsockopt$SO_ATTACH_FILTER(r7, 0x1, 0x4a, &(0x7f0000000ac0)={0x0, 0x0}, 0x8)
syz_usb_connect(0x1, 0x24, &(0x7f0000000180)=ANY=[@ANYRESHEX=r0, @ANYBLOB="67799535425beb5944743acf2868c160e33d34ecff64e91e0d0080e44cd14af2be80159b212c0b9f9828dd4bd12c", @ANYRES8=0x0, @ANYRES8=r0], 0x0)

12.189533895s ago: executing program 2 (id=1457):
io_destroy(0x0)
bpf$MAP_CREATE(0x0, 0x0, 0x0)
bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000380)={0x11, 0x4, &(0x7f00000002c0)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000040)='sched_switch\x00', r0}, 0x10)
mkdirat(0xffffffffffffff9c, 0x0, 0x163)
r1 = getpid()
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000280)=0x8)
r2 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeea, 0x8031, 0xffffffffffffffff, 0x28f43000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f0000000180)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$MAP_CREATE(0x0, 0x0, 0x48)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
setitimer(0x1, 0x0, 0x0)
r5 = syz_pidfd_open(r1, 0x0)
setns(r5, 0x24020000)

12.080285089s ago: executing program 1 (id=1458):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r3 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r3, &(0x7f0000000000)={0x26, 'aead\x00', 0x0, 0x0, 'generic-gcm-aesni\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r3, 0x117, 0x1, &(0x7f0000000140)="2c385aa3d49100dc6626c892b6bc436a", 0x10)
r4 = accept4(r3, 0x0, 0x0, 0x0)
sendmsg$alg(r4, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000480)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}, 0x0)
recvmmsg(r4, &(0x7f0000000180)=[{{0x0, 0x0, &(0x7f00000008c0)=[{&(0x7f0000000400)=""/101, 0x65}], 0x1}}], 0x1, 0x60, 0x0)
r5 = socket$inet_tcp(0x2, 0x1, 0x0)
r6 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000100), 0x2, 0x0)
ioctl$VHOST_SET_VRING_NUM(r6, 0x4008af10, &(0x7f00000002c0)={0x2, 0x3})
r7 = fsopen(&(0x7f0000000040)='ceph\x00', 0x0)
fsconfig$FSCONFIG_SET_STRING(r7, 0x1, &(0x7f0000000140)='source', &(0x7f0000000180)='[:::\x00\xfdM\xab\x89\xff\xda\xc7dw2\xa1\xb2\xabuQQ\x14\x97\xc9\xfae\xc7\xa1U\xe2\xbe\"\xb9t\xa0\x0e\xfa\xdb\xf1\xa5.\xd87\xc3p\xa5l\xf8vC\xe2\xe8 \xd5-<#\x186\xe1\xbd\xc0\xc3\xb5N(vj\xa7+<:\xc4\xe00\x01\xdd \x82\x83\xed\x0e\xc4\x1d\xac\xef7\b\xd3Z5\\A\'\x18\xa2\xc3\xab\xc7`\xc3\v\xf3L\x9d[Q\x9e\x11@=\xa1\x9b\xdc\xb1\xef\xc3k<\x97L\xa0\xab\xa6\x1ce\xcd\x99\xb3m\xef\x87\xc5i^N\xbd@\x01\xc0\xb2\x88\xc3\xe2\x96T\xa3\xa5\xeb\x0f\xf2f\xb9$\xd2\x14<L\x19K\xbf\xf7\x9c\xe7 \x12+4.\xa9\xa7\xdc[\xd2\xec\xbe\x1a\xa1\x04\xd3\x9e\x92\x8a\xf7\xdb\xe7f\xdeo\xc1\xa5\xb6T\r)\x1c\xbe\x12\xd1\xef\xc2S\xcci\xc8\x0e\x00]\xe6|\xccK\xc7\r\xfa \x02\xe8\x1b\xc1\x93\xce\x02%\x86\xcb\x94K\v\xe7x\xe3\x06[/\xf9\xa8\x82\x9b\xeeF\x88\xc0f\x82\xb7T\r\x04\xbb\x10\x1d3\xa6', 0x0)
bind$inet(r5, &(0x7f0000000040)={0x2, 0x4e21, @local}, 0x10)
setsockopt$SO_TIMESTAMPING(r5, 0x1, 0x41, &(0x7f0000000440)=0x2803, 0x4)
keyctl$restrict_keyring(0x1d, 0x0, 0x0, 0x0)
connect$inet(r5, &(0x7f0000000180)={0x2, 0x4e21, @local}, 0x10)
r8 = syz_clone(0xa8020000, &(0x7f0000000200)="91b5f95a3730520ae20c7acd091e678b8cd64d29fafabb4d17d780846ba6dc1694b4dd8719acfdba7bcade0bc3d71cdd8e7a11e0ddc61f27b9c4f71ab4b45c61ccd26ca22c4cd5d5ed83427d2c7c60228bff35cb42ce22dc523c83573f6013a5de7b1eb1d00bde6c383c6cf2eeb19c5b55be941c23de9de1ca9a0aa9adfa197e67729710841ab68e6fdaeb0c46fe180824df7cedd534ff", 0x97, &(0x7f0000000000), &(0x7f0000000080), &(0x7f0000000100))
sched_setscheduler(r8, 0x2, &(0x7f0000000140)=0x448)
setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r5, 0x6, 0x16, &(0x7f0000000340)=[@window, @window={0x3, 0x2, 0x1}, @window={0x3, 0x3, 0x4}, @window={0x3, 0x8, 0x6}, @sack_perm, @timestamp, @mss={0x2, 0x1}, @sack_perm], 0x200000000000005d)

11.924742732s ago: executing program 0 (id=1459):
r0 = openat$uhid(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000080)=[{0x6, 0x0, 0x0, 0x7fff0000}]})
preadv2(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x3)
write$UHID_CREATE(r0, &(0x7f0000000240)={0x0, {'syz0\x00', 'syz1\x00', 'syz0\x00', &(0x7f0000000040)=""/2, 0x2, 0xc990, 0x3, 0x0, 0x0, 0xc07}}, 0x11c)
r1 = open(&(0x7f0000000280)='.\x00', 0x0, 0x0)
r2 = open(&(0x7f0000000280)='.\x00', 0xc8180, 0x0)
fcntl$notify(r2, 0x402, 0x8000003d)
r3 = open(&(0x7f0000000280)='.\x00', 0x0, 0x0)
r4 = open(&(0x7f0000000180)='.\x00', 0x0, 0x0)
flock(r4, 0x2)
r5 = open(&(0x7f0000000180)='.\x00', 0x0, 0x0)
flock(r5, 0x2)
r6 = open(&(0x7f0000000180)='.\x00', 0x10000, 0x0)
flock(r6, 0x1)
flock(r6, 0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
timer_create(0x0, &(0x7f0000000680)={0x0, 0x21, 0x0, @tid=0xffffffffffffffff}, &(0x7f0000000100))
timer_settime(0x0, 0x0, &(0x7f0000000500), 0x0)
open(&(0x7f0000000040)='./file1\x00', 0x1850c2, 0x8)
fcntl$notify(r3, 0x402, 0x8000003d)
unshare(0x400)
fcntl$notify(r1, 0x402, 0x2)
syz_init_net_socket$ax25(0x3, 0x2, 0xca)
pipe(&(0x7f00000000c0))
mknod$loop(&(0x7f0000000180)='./file0\x00', 0x6000, 0x0)
creat(&(0x7f00000000c0)='./file0\x00', 0x0)
r7 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r7}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)

10.997025141s ago: executing program 2 (id=1460):
r0 = landlock_create_ruleset(&(0x7f0000000000)={0x604, 0x6, 0x1}, 0x18, 0x1)
r1 = syz_usb_connect(0x0, 0x2d, &(0x7f0000000040)=ANY=[@ANYBLOB="12010000fdc01a40f30c74933bbc0000000109021b0001000000000904000001a7a00f00090582"], 0x0)
syz_usb_control_io$printer(r1, 0x0, 0x0)
landlock_add_rule$LANDLOCK_RULE_NET_PORT(r0, 0x2, &(0x7f0000000080)={0x3, 0x3}, 0x0)
gettid()
gettid()
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0600000004000000080000000d"], 0x48)
bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0x5, 0x400, 0x9, 0x1, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
getpid()

10.012997191s ago: executing program 1 (id=1461):
r0 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000007c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0xffffffff, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000400)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x3122}, {{0x18, 0x1, 0x1, 0x0, r0}}, {}, [], {{}, {}, {0x85, 0x0, 0x0, 0x85}}}, &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0xc, '\x00', 0x0, @fallback=0x33, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000180)='kfree\x00', r1}, 0x10)
r2 = socket$netlink(0x10, 0x3, 0x0)
r3 = socket$packet(0x11, 0x3, 0x300)
r4 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000100)={'batadv_slave_0\x00', <r5=>0x0})
setsockopt$packet_add_memb(r3, 0x107, 0x1, &(0x7f0000000040)={r5, 0x1, 0x6, @local}, 0x10)
setsockopt$packet_add_memb(r3, 0x107, 0x1, &(0x7f0000000000)={r5, 0x11, 0x6}, 0x10)
sendmsg$nl_route_sched(r2, &(0x7f00000003c0)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000280)=@getchain={0x24, 0x11, 0x1, 0x70bd27, 0x0, {0x0, 0x0, 0x0, r5}}, 0x24}, 0x1, 0x0, 0x0, 0x4000}, 0x20008050) (fail_nth: 1)

9.817215186s ago: executing program 4 (id=1462):
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000640)=@newlink={0x30, 0x10, 0x437, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x10, 0x12, 0x0, 0x1, @sit={{0x8}, {0x4}}}]}, 0x30}}, 0x0)

9.06223336s ago: executing program 4 (id=1463):
prlimit64(0x0, 0xe, &(0x7f0000000040)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
socket$inet6_tcp(0xa, 0x1, 0x0)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = socket$inet6_udplite(0xa, 0x2, 0x88)
socket$nl_generic(0x10, 0x3, 0x10)
r4 = socket$inet6_sctp(0xa, 0x5, 0x84)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r4, 0x84, 0x6f, &(0x7f0000000040)={0x0, 0x10, &(0x7f0000000000)=[@in={0x2, 0x4e20, @private=0xa010101}]}, &(0x7f0000000080)=0x10)
getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r4, 0x84, 0x1d, &(0x7f0000000480)={0x1, [<r5=>0x0]}, &(0x7f0000000240)=0x8)
getsockopt$inet_sctp6_SCTP_LOCAL_AUTH_CHUNKS(r4, 0x84, 0x1b, &(0x7f0000000380)={r5}, &(0x7f0000000140)=0x8)
ioctl$sock_SIOCGIFINDEX_80211(r3, 0x8933, &(0x7f00000001c0)={'wlan1\x00'})
r6 = memfd_create(&(0x7f0000000000)='\xf3e\t\x9f\x918\xc0y\x01c\x1fnux\x00sV\ad\xb0l \xfd\xd7\x8e\x7f\x89\xb8\xc5;~\x04\x03~K\xfbP\x84=\xfa\x81\f\x1et\x10\x0e\xcf^9\xbe\\', 0x0)
pwrite64(r6, &(0x7f0000000640)="2f0374c71c", 0x5, 0xe)
copy_file_range(r6, &(0x7f0000000040)=0x2, r6, &(0x7f0000000080)=0x1e0, 0xff, 0x0)
set_mempolicy(0x8006, &(0x7f0000000040)=0xfff, 0x5)
set_mempolicy(0x8000, &(0x7f0000000000)=0xfff, 0xfffffffffffffffc)
syz_usb_connect(0x3, 0x44, &(0x7f0000000c80)={{0x12, 0x1, 0x110, 0x62, 0x4f, 0x20, 0x8, 0x1415, 0x2000, 0x3ed0, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x32, 0x2, 0x7f, 0x6, 0x50, 0x2, [{{0x9, 0x4, 0xc3, 0xb5, 0x0, 0x7b, 0x61, 0x5f, 0x6}}, {{0x9, 0x4, 0xf2, 0x2, 0x1, 0x8f, 0xbe, 0xcb, 0xc, [], [{{0x9, 0x5, 0x80, 0x8, 0x20, 0x7, 0x40, 0x40, [@uac_iso={0x7, 0x25, 0x1, 0x0, 0x47, 0x3}, @uac_iso={0x7, 0x25, 0x1, 0x82, 0x9, 0x9}]}}]}}]}}]}}, 0x0)
ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(0xffffffffffffffff, 0x89f1, &(0x7f0000000140)={'ip6tnl0\x00', &(0x7f00000000c0)={'syztnl2\x00', <r7=>0x0, 0x0, 0x7f, 0x3, 0x200000, 0x3e, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02', 0x7, 0x1, 0xfffffffc}})
r8 = bpf$OBJ_GET_MAP(0x7, &(0x7f00000001c0)=@generic={&(0x7f0000000180)='./file0\x00', 0x0, 0x10}, 0x18)
bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000200), 0x4)
r9 = bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000240), 0x4)
bpf$MAP_CREATE(0x0, &(0x7f0000000340)=@base={0x13, 0x9, 0x6, 0x7, 0x20, r8, 0x5, '\x00', r7, r9, 0xfffffffe, 0x4, 0x2, 0x0, @void, @value, @void, @value}, 0x50)

8.940758892s ago: executing program 3 (id=1464):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r0, 0x6, 0x13, &(0x7f0000000000)=0x100000001, 0x4)
connect$inet6(r0, &(0x7f0000000200)={0xa, 0x0, 0x400000, @empty}, 0x1c)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f00000001c0)=0x8)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x6770c000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r4 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000006900000000000001000000940000000fad413e850000000700000095"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r4}, 0x10)
setsockopt$inet6_tcp_TCP_REPAIR_QUEUE(r0, 0x6, 0x14, &(0x7f0000000280)=0x1, 0x4)
r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000240)='blkio.throttle.io_serviced\x00', 0x275a, 0x0)
write$cgroup_int(r5, &(0x7f0000000000), 0xffffff6a)
sendfile(r0, r5, 0x0, 0xffffffff004) (fail_nth: 1)

7.689276147s ago: executing program 0 (id=1465):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r0, 0x6, 0x13, &(0x7f0000000000)=0x100000001, 0x4)
connect$inet6(r0, &(0x7f0000000200)={0xa, 0x0, 0x400000, @empty}, 0x1c)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f00000001c0)=0x8)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x6770c000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r4 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000006900000000000001000000940000000fad413e850000000700000095"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r4}, 0x10)
setsockopt$inet6_tcp_TCP_REPAIR_QUEUE(r0, 0x6, 0x14, &(0x7f0000000280)=0x1, 0x4)
r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000240)='blkio.throttle.io_serviced\x00', 0x275a, 0x0)
write$cgroup_int(r5, &(0x7f0000000000), 0xffffff6a)
sendfile(r0, r5, 0x0, 0xffffffff004)

7.682453346s ago: executing program 1 (id=1466):
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r0 = bpf$MAP_CREATE(0x0, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
close(0xffffffffffffffff)
bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f0000000080)={r0, 0x0, 0x0}, 0x20)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
write$P9_RVERSION(0xffffffffffffffff, 0x0, 0x15)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f00000001c0)=0x8)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x6770c000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r4 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r4, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000380)={&(0x7f00000000c0)=@newsa={0xf0, 0x10, 0x7, 0x0, 0x0, {{@in6=@mcast2, @in=@multicast2, 0xffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0xee00}, {@in6=@mcast1, 0x0, 0x2b}, @in6=@private0, {0x0, 0x0, 0x2}, {0x0, 0x200000, 0x7}, {0x40000, 0x0, 0xae8}, 0x0, 0x0, 0xa, 0x2, 0x0, 0x70}}, 0xf0}}, 0x0)

7.216705463s ago: executing program 3 (id=1467):
r0 = socket$inet6_udplite(0xa, 0x2, 0x88)
sendmmsg$inet6(r0, &(0x7f0000000d80)=[{{&(0x7f0000000000)={0xa, 0x4e21, 0x0, @remote, 0x9}, 0x1c, &(0x7f0000000500)=[{&(0x7f00000005c0)="a41669198f2ac09a7356d4166c24cb71589ae086005cf4b4234fcbcf7d768792129f74e9147590fd3a28684e870be4618ebafb122ae51fcfe5f777f1855f4dc14dfb70f0795490449c4a2295d7066c535cf4787a98a68c0749b9d2bf20eb9dd68efea6a1c592a2bb4dfdf25974432d58300c30e266a43317bc049db953e2900b48434bcb50cea37ea6ae7adfaa56ab8f98c23eced576bae59968a2fab233e7e527e2c8232d5d52aab09996c25b4d0e25f6ca10dc772be61fa6f81eafefb93b5ce6720e68500c668875e9ad20d2308944dd0ba6be", 0xd4}, {&(0x7f0000000480)="d20cabfc069f1309c77dc4c9a872f47e0011e34dbf73724805ea5374124247f97f52e967602b6ea968", 0x29}, {&(0x7f00000004c0)="349705af5b5836b0fface89422f788a2e9aae92710847760f33640308f169c67d5bd6ab41b594922b870c0bfc5ea29346403947c909f992712d3c05308f3", 0x3e}, {&(0x7f00000006c0)="f7080afeab328f5ecf42e4a555ac828f5366605812b10ca05bcc06098860dafa4683117968680ebb20af296c7199e074acc5a0e12d4090ff7be052e8adeac65247181ad06bb6161e841430d8261bec6309e6665cc4007d01f248f1ab1745dd89a94eb56cc7484f4ec2f870ef835e27193a4ef4bb1fab25d818be7c2b982f24e14aca792ea2391d4e07fa44f0ffa61c015de986b1eec9a91ad8c6b49d98", 0x9d}], 0x4, &(0x7f00000020c0)=ANY=[@ANYBLOB="38020000000000002900000036000000004300000000000004013f040100c910ff010000000000000000000000000001c910fc0000000000000000000000000000000001000740000000000e07010101000000010000000200000000000000000000000000000001000000010000002000000000000000ffffffff00000000ffffffffffffff7f06aeb07c1c192077cc9e7c45705803ad5588ca8b194d23f748fe792cfa3d32221f25d73b8ffe64a4ddda6efcfb7483b588194d29c7a04395d8500965a9a1d07879040c44db1d5d6f618d2ab920f0bf168ddc9acc6a51edd1230760d4ae8bf30f5f82a78e8114849ee8e37364560400000035bfa8197ef2ba99103ee5f5aae28ec5c8e2675db11530f5c466d55f2244d479dc653c854406155eada3eaeb90d39149b8d13bab75a9bd1452c8c76284b9ddfbeff41344e64f1771d78a706e1c5a6d63f1c954e24a1e73f75c26e9f09ec9b606cc3470f11c4842db651926bd2263a4a0a8fe80de8b2f9cb176e51819d5f4d10a5d1f0488d5e46953fbfd750f6137fbebe89a8d462158a87f9622355104b4f68d7a6d3ad85c373ea52a25afad37ffb743a5c361158087904b09fcc806d032bac00ee0e0251fc032446e45a3e12417ff4703526ffc45f71567857777927903799e0ba453334186009d22e38099c67b5350c7e82136bba947a18fb61d36fcba1f9efe3d79485d06252702833dc8ee417f40bb9064878fb89dd75a49135e5df148c4ad1e1d5626b44c8112d822f4c9a05e693fd5ae5595627f8684016b37a2bf6d0040030000000000002900000037000000006500000000000000fb1a63687c244e6df3aecb13d6eb957495b669cc032f6d0a11a5e16eed9937b046c9dc1a61dcf9754b767df4735c3f8c37b4d5cd15a99c5a19cc62c921ad4e90d6e3695e85000000a53600d5031b5735acafb556e22279975f958ad437c76573e544506e58455772eb11493af933099a5dc7e9e0c8b907e68e23e59d7b94bc774309e2047132758b60955301f277a9032b0bc47e660b243e9e2126733f13ab99055a0999068ada35a38d105a5efe6c7115774effe28695ecae3944413b7764eefde26ed571d857b2cb2dd1b2a4a84c1fec0799cf90f57f7a6d35e2b60cd425b9372ae4a27f453e5d7da2eacd3b98cdb10cec9152d5829c2511eb0f9600a0cd280f3d08849b6cd43d25e3dcd62f7c7dee6123a2682daf4aa9a856b31e9204c5c2b80b84dbeec05d93a64a550f1ebc326488cd620c6fe1aa266a0ce5b24be03b5037786e037cc85ed61f362e081fb694e12e54fcb9eb0f86d6d91fd159023a073278f84d6ada8f9aa25ec223d268f3291b25392c941740932bd1a82f40a8fc586db23d2f6240ce883e3c1dc1e0d07fc3aa73a9ac82a1538d129c9e66cb6a8100abe95bc4064581e8c01ce65ba3ea751db5d8c0a1173fe62b2fd2d415042a97ade4d274a466b6d997eed6bf5d7a305ead804c36b9e1c314b26676ed83412417610d3cf4d07e5b24cf3de9c790ae93850e0f8bba047b710cf340c78a80cef5f6665a647681ff5f7b6ecce8ab65e26406b6a6e0e72ff8501c545bffc00f034dc3a5b251390ae68bb61d936dc9a24e6f66c72e7911c51c716dfd4304566fb32e6c2745d232f990d0bbe0ddf9dc58398dda292c07b16da766a37c60bd9993b4f21e641036a8afa2ccdb47d7990d5a007faccb2f86664179f2e229723bce870aec3f7f4e529c92add713590ce6c0ea1a0499fb76d32636cfd18b6b39fb48f1a6d46f6ae8f45c47ee8260f9531070d170ab92739be0bdf5b76f8a9b93a5e550dfecab79d2e46085a67024b6be883c79ade2873458fda5a7f4eb62b05634356ee3b45723f4cff19c654ad441ff5b8792df7f18d841c351e195151b1b3532e742a6525c86efdb29653f35ce8e0a41c8c6d39f39531e13aeb1172893eeedd83b6afb939f8e6abc5482696aa48918000000000000002900000037"], 0x590}}], 0x1, 0x8008801)
sendmmsg$inet6(r0, &(0x7f0000019880)=[{{0x0, 0x0, &(0x7f0000019740)=[{&(0x7f0000019940)="69f0", 0x2}], 0x1}}], 0x1, 0x2604082c)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000044c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="54000000020601080000000000000000000000040c000780050015000d41ce55cf00010006000000050005000a00000005000400000000000d000300686173683a6e6574000000000900020073797a3000000000"], 0x54}}, 0x0)
r2 = socket(0x28, 0x5, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r3 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_buf(r3, 0x0, 0x29, &(0x7f00000000c0)="02000000020001000003be8c5ee1768810003c08030300ec", 0x18)
setsockopt$inet_opts(r3, 0x0, 0x9, &(0x7f00000003c0)="1a4bdb783fb2e1afe6acc8453d089e3744501721976874fb8b4256622f1c733959d06e524e4883932430570b8bb5a2bfa9f2f498794b6654bf6cb7f3841454b4167058f7aba57e354578c16fdc17e5d9ef26c56c0f909c5855feead4bdb94eae393f59dc0df57b179a3fcd984eaa1754e4ddc9f49e89b4a2ff6fb29e68bc18828ab2062560ffa918713d3d17d27a65fa8f5e47bf7f32ed95127792c3da8f7a759efa1d4f0a3ca7d22e659613", 0xac)
r4 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x2, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r4}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x100}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r5 = getpid()
sched_setscheduler(r5, 0x2, &(0x7f0000000200)=0x7)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r6=>0xffffffffffffffff, <r7=>0xffffffffffffffff})
connect$unix(r6, &(0x7f000057eff8)=@file={0x0, './cgroup\x00'}, 0x6e)
sendmmsg$unix(r7, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r6, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
setsockopt$SO_RDS_TRANSPORT(0xffffffffffffffff, 0x114, 0x8, &(0x7f00000008c0), 0x4)
ioctl$SIOCSIFMTU(r2, 0x8922, &(0x7f0000000000)={'veth1_macvtap\x00', 0x44})

6.389188575s ago: executing program 1 (id=1468):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_int(r0, 0x29, 0x46, 0x0, 0x0)
connect$inet6(r0, &(0x7f0000000080), 0x1c)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e20}, 0x1b)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000004002, 0x0)
r4 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)={0x2, 0x4, 0x8, 0x1, 0x80, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000080)=@bpf_lsm={0x6, 0x6, &(0x7f0000000040)=@framed={{0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5b}, [@map_val={0x18, 0x0, 0x2, 0x0, r4}, @ldst={0x3, 0x0, 0x6}]}, &(0x7f0000000180)='syzkaller\x00', 0x2, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x1b, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r5 = dup(r3)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb, 0x13, r5, 0x2000)
mlock(&(0x7f0000000000/0x800000)=nil, 0x800000)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000000)={'bridge_slave_0\x00', 0x401})
openat$kvm(0xffffffffffffff9c, 0x0, 0x40400, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000044082, 0x0)
r6 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route(r6, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000001140)={&(0x7f00000006c0)=@newlink={0x48, 0x10, 0x503, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x14615, 0xef}, [@IFLA_LINKINFO={0x28, 0x12, 0x0, 0x1, @macsec={{0xb}, {0x18, 0x2, 0x0, 0x1, [@IFLA_MACSEC_ICV_LEN={0x5, 0x3, 0x8}, @IFLA_MACSEC_CIPHER_SUITE={0xc, 0x4, 0x9}]}}}]}, 0x48}}, 0x0)

6.345763195s ago: executing program 2 (id=1469):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_int(r0, 0x29, 0x46, 0x0, 0x0)
connect$inet6(r0, &(0x7f0000000080), 0x1c)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e20}, 0x1b)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000004002, 0x0)
r4 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)={0x2, 0x4, 0x8, 0x1, 0x80, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000080)=@bpf_lsm={0x6, 0x6, &(0x7f0000000040)=@framed={{0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5b}, [@map_val={0x18, 0x0, 0x2, 0x0, r4}, @ldst={0x3, 0x0, 0x6}]}, &(0x7f0000000180)='syzkaller\x00', 0x2, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x1b, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r5 = dup(r3)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb, 0x13, r5, 0x2000)
mlock(&(0x7f0000000000/0x800000)=nil, 0x800000)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000000)={'bridge_slave_0\x00', 0x401})
socket$nl_netfilter(0x10, 0x3, 0xc)
openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000044082, 0x0)
r6 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route(r6, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000001140)={&(0x7f00000006c0)=@newlink={0x48, 0x10, 0x503, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x14615, 0xef}, [@IFLA_LINKINFO={0x28, 0x12, 0x0, 0x1, @macsec={{0xb}, {0x18, 0x2, 0x0, 0x1, [@IFLA_MACSEC_ICV_LEN={0x5, 0x3, 0x8}, @IFLA_MACSEC_CIPHER_SUITE={0xc, 0x4, 0x9}]}}}]}, 0x48}}, 0x0)

5.886375854s ago: executing program 4 (id=1470):
io_destroy(0x0)
bpf$MAP_CREATE(0x0, 0x0, 0x0)
bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000380)={0x11, 0x4, &(0x7f00000002c0)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000040)='sched_switch\x00', r0}, 0x10)
mkdirat(0xffffffffffffff9c, 0x0, 0x163)
r1 = getpid()
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000280)=0x8)
r2 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeea, 0x8031, 0xffffffffffffffff, 0x28f43000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f0000000180)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$MAP_CREATE(0x0, 0x0, 0x48)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
setitimer(0x1, 0x0, 0x0)
r5 = syz_pidfd_open(r1, 0x0)
setns(r5, 0x24020000)

5.859753683s ago: executing program 3 (id=1471):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r3 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r3, &(0x7f0000000000)={0x26, 'aead\x00', 0x0, 0x0, 'generic-gcm-aesni\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r3, 0x117, 0x1, &(0x7f0000000140)="2c385aa3d49100dc6626c892b6bc436a", 0x10)
r4 = accept4(r3, 0x0, 0x0, 0x0)
sendmsg$alg(r4, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000480)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}, 0x0)
recvmmsg(r4, &(0x7f0000000180)=[{{0x0, 0x0, &(0x7f00000008c0)=[{&(0x7f0000000400)=""/101, 0x65}], 0x1}}], 0x1, 0x60, 0x0)
r5 = socket$inet_tcp(0x2, 0x1, 0x0)
r6 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000100), 0x2, 0x0)
ioctl$VHOST_SET_VRING_NUM(r6, 0x4008af10, &(0x7f00000002c0)={0x2, 0x3})
r7 = fsopen(&(0x7f0000000040)='ceph\x00', 0x0)
fsconfig$FSCONFIG_SET_STRING(r7, 0x1, &(0x7f0000000140)='source', &(0x7f0000000180)='[:::\x00\xfdM\xab\x89\xff\xda\xc7dw2\xa1\xb2\xabuQQ\x14\x97\xc9\xfae\xc7\xa1U\xe2\xbe\"\xb9t\xa0\x0e\xfa\xdb\xf1\xa5.\xd87\xc3p\xa5l\xf8vC\xe2\xe8 \xd5-<#\x186\xe1\xbd\xc0\xc3\xb5N(vj\xa7+<:\xc4\xe00\x01\xdd \x82\x83\xed\x0e\xc4\x1d\xac\xef7\b\xd3Z5\\A\'\x18\xa2\xc3\xab\xc7`\xc3\v\xf3L\x9d[Q\x9e\x11@=\xa1\x9b\xdc\xb1\xef\xc3k<\x97L\xa0\xab\xa6\x1ce\xcd\x99\xb3m\xef\x87\xc5i^N\xbd@\x01\xc0\xb2\x88\xc3\xe2\x96T\xa3\xa5\xeb\x0f\xf2f\xb9$\xd2\x14<L\x19K\xbf\xf7\x9c\xe7 \x12+4.\xa9\xa7\xdc[\xd2\xec\xbe\x1a\xa1\x04\xd3\x9e\x92\x8a\xf7\xdb\xe7f\xdeo\xc1\xa5\xb6T\r)\x1c\xbe\x12\xd1\xef\xc2S\xcci\xc8\x0e\x00]\xe6|\xccK\xc7\r\xfa \x02\xe8\x1b\xc1\x93\xce\x02%\x86\xcb\x94K\v\xe7x\xe3\x06[/\xf9\xa8\x82\x9b\xeeF\x88\xc0f\x82\xb7T\r\x04\xbb\x10\x1d3\xa6', 0x0)
setsockopt$inet_tcp_int(r5, 0x6, 0x210000000013, &(0x7f00000000c0)=0x100000001, 0x4)
setsockopt$SO_TIMESTAMPING(r5, 0x1, 0x41, &(0x7f0000000440)=0x2803, 0x4)
keyctl$restrict_keyring(0x1d, 0x0, 0x0, 0x0)
connect$inet(r5, &(0x7f0000000180)={0x2, 0x4e21, @local}, 0x10)
r8 = syz_clone(0xa8020000, &(0x7f0000000200)="91b5f95a3730520ae20c7acd091e678b8cd64d29fafabb4d17d780846ba6dc1694b4dd8719acfdba7bcade0bc3d71cdd8e7a11e0ddc61f27b9c4f71ab4b45c61ccd26ca22c4cd5d5ed83427d2c7c60228bff35cb42ce22dc523c83573f6013a5de7b1eb1d00bde6c383c6cf2eeb19c5b55be941c23de9de1ca9a0aa9adfa197e67729710841ab68e6fdaeb0c46fe180824df7cedd534ff", 0x97, &(0x7f0000000000), &(0x7f0000000080), &(0x7f0000000100))
sched_setscheduler(r8, 0x2, &(0x7f0000000140)=0x448)
setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r5, 0x6, 0x16, &(0x7f0000000340)=[@window, @window={0x3, 0x2, 0x1}, @window={0x3, 0x3, 0x4}, @window={0x3, 0x8, 0x6}, @sack_perm, @timestamp, @mss={0x2, 0x1}, @sack_perm], 0x200000000000005d)

4.307882094s ago: executing program 3 (id=1472):
syz_emit_ethernet(0x52, &(0x7f0000000100)=ANY=[@ANYBLOB="aaaaaaaaaaaaaaaaaaaaaabb08004c000078ac1414000a0101004414050300000000000000000a010101000000008903ce070200"/62, @ANYRES32=0x41424344, @ANYRES32=0x41424344, @ANYBLOB='\\'], 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
syz_open_procfs(0x0, &(0x7f0000000040)='autogroup\x00')
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000100)={<r0=>0xffffffffffffffff})
ioctl$sock_SIOCGIFVLAN_DEL_VLAN_CMD(r0, 0x8982, &(0x7f0000002800)={0x1, 'vlan0\x00'})
readv(0xffffffffffffffff, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
r1 = socket$packet(0x11, 0x3, 0x300)
r2 = socket$packet(0x11, 0x2, 0x300)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f00000000c0)={'veth0_to_batadv\x00', <r3=>0x0})
sendto$packet(r2, 0x0, 0x0, 0x20008801, &(0x7f0000000200)={0x11, 0x8100, r3, 0x1, 0x0, 0x6, @remote}, 0x14)
setsockopt$SO_TIMESTAMP(r1, 0x1, 0x40, &(0x7f0000000240)=0x102, 0x4)
recvmmsg(r1, &(0x7f0000002640)=[{{0x0, 0x0, &(0x7f0000000440)=[{&(0x7f0000002840)=""/4096, 0x1000}, {&(0x7f00000002c0)=""/20, 0x14}, {&(0x7f0000000380)=""/186, 0xba}], 0x3, &(0x7f0000000480)=""/217, 0xd9}, 0x5}, {{&(0x7f0000000580)=@x25={0x9, @remote}, 0x80, &(0x7f00000008c0)=[{&(0x7f0000000600)=""/136, 0x88}, {&(0x7f00000006c0)=""/65, 0x41}, {&(0x7f0000000740)=""/81, 0x51}, {&(0x7f00000007c0)=""/100, 0x64}, {&(0x7f0000000840)=""/110, 0x6e}], 0x5, &(0x7f0000000940)=""/134, 0x86}, 0xf990}, {{&(0x7f0000000a00)=@hci, 0x80, &(0x7f0000001e00)=[{&(0x7f0000000a80)=""/17, 0x11}, {&(0x7f0000001b80)=""/205, 0xcd}, {&(0x7f0000001c80)=""/100, 0x64}, {&(0x7f0000000ac0)}, {&(0x7f0000001d00)=""/199, 0xc7}, {&(0x7f0000003a40)=""/4096, 0x1000}, {&(0x7f0000004a40)=""/4096, 0x1000}], 0x7, &(0x7f0000001e80)=""/156, 0x9c}, 0x80000001}, {{0x0, 0x0, &(0x7f00000024c0)=[{&(0x7f0000001f40)=""/32, 0x20}, {&(0x7f0000001f80)=""/55, 0x37}, {&(0x7f0000001fc0)=""/179, 0xb3}, {&(0x7f0000002080)=""/35, 0x23}, {&(0x7f00000020c0)=""/150, 0x96}, {&(0x7f0000002180)=""/206, 0xce}, {&(0x7f0000002280)=""/242, 0xf2}, {&(0x7f0000002380)=""/51, 0x33}, {&(0x7f0000002400)=""/165, 0xa5}], 0x9, &(0x7f0000002580)=""/135, 0x87}, 0x26bf}], 0x4, 0x0, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x3)
sched_setaffinity(0x0, 0x8, &(0x7f00000000c0)=0xa)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r4 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r4, &(0x7f0000019680)=""/102392, 0x18ff8)
socket$kcm(0x11, 0xa, 0x300)
r5 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
syz_usb_connect(0x2, 0x2d, &(0x7f00000010c0)=ANY=[@ANYBLOB="12010000eafa7240936901b0293df400100109021b000124a800800904000001030000000905", @ANYRES16], 0x0)
ioctl$IOMMU_IOAS_ALLOC(r5, 0x3b81, &(0x7f0000000100)={0xc, 0x0, <r6=>0x0})
ioctl$IOMMU_TEST_OP_ADD_RESERVED(r5, 0x3ba0, &(0x7f0000000300)={0x48, 0x1, r6, 0x0, 0x6, 0x9})
ioctl$IOMMU_TEST_OP_ADD_RESERVED(r5, 0x3ba0, &(0x7f0000000b00)={0x48, 0x1, r6, 0x0, 0xffffbffffffffffb, 0x403})
ioctl$IOMMU_TEST_OP_MOCK_DOMAIN_FLAGS(r5, 0x3ba0, &(0x7f0000000140)={0x48, 0x2, r6, 0x0, 0x0, 0x0, 0x0, 0x1})
ioctl$IOMMU_IOAS_MAP$PAGES(r5, 0x3b85, &(0x7f0000000080)={0x28, 0x0, r6, 0x0, &(0x7f0000ffd000/0x3000)=nil, 0x3000})
socketpair$tipc(0x1e, 0x2, 0x0, &(0x7f0000000200)={<r7=>0xffffffffffffffff})
sendmsg$tipc(r7, &(0x7f0000003a00)={&(0x7f0000000080)=@nameseq={0x1e, 0x1, 0x0, {0x1, 0x0, 0x9}}, 0x10, &(0x7f0000000b40)=[{0x0}, {0x0}, {0x0}], 0x3}, 0x0)
recvmsg(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000023c0)=[{&(0x7f0000000b80)=""/4096, 0x1000}], 0x1}, 0x0)
gettid()

4.307497917s ago: executing program 4 (id=1473):
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040), 0x8800, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000000)=0x14)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000180)=0x7)
ioctl$TIOCVHANGUP(r0, 0x5437, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r1, 0x8933, &(0x7f0000000040)={'batadv_slave_1\x00'})
timer_create(0xfffffffffffffffc, 0x0, &(0x7f0000000080)=<r2=>0x0)
timer_settime(r2, 0x0, &(0x7f0000000a40)={{}, {0x0, 0x989680}}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f00000001c0)=0x8)
r3 = getpid()
sched_setaffinity(0x0, 0x0, 0x0)
sched_setscheduler(r3, 0x1, &(0x7f0000000100)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x6770c000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r4=>0xffffffffffffffff})
connect$unix(r4, &(0x7f000057eff8)=@abs, 0x6e)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x300000e, 0x20c44fb6edc09a38, 0xffffffffffffffff, 0x0)
recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x5, &(0x7f0000000000)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r5 = socket$kcm(0x10, 0x3, 0x10)
setsockopt$netlink_NETLINK_RX_RING(r1, 0x10e, 0x6, &(0x7f00000002c0)={0xffffffff, 0xae8, 0xffffffff, 0x9}, 0x10)
sendmsg$kcm(r5, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f0000000040)="1400000016000b63d25a80648c2594f91324fc60", 0x8c0}], 0x1}, 0x0)
dup2(0xffffffffffffffff, 0xffffffffffffffff)
r6 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r7, 0x4020ae46, &(0x7f0000000080)={0x4, 0x0, 0x100000, 0x1000, &(0x7f0000004000/0x1000)=nil})
ioctl$KVM_CAP_DISABLE_QUIRKS2(r7, 0x4068aea3, &(0x7f00000001c0)={0xd5, 0x0, 0xb3})
r8 = ioctl$KVM_CREATE_VCPU(r7, 0xae41, 0x1)
syz_kvm_setup_cpu$x86(r7, r8, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000600)=[@text64={0x40, 0x0}], 0x1, 0x10, 0x0, 0x0)

3.507710231s ago: executing program 0 (id=1474):
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xc, &(0x7f0000000000)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff0000}]})
r0 = socket$kcm(0x10, 0x3, 0x10)
sendmsg$kcm(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f00000002c0)=[{&(0x7f0000000000)="1400000016000b63d25a8064000000000124fc60", 0x14}], 0x1}, 0x0)
r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs2/custom1\x00', 0x2, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000180)={0x20, 0x0, &(0x7f0000000080)=[@increfs_done, @increfs={0x40046304, 0x2}, @exit_looper], 0x38, 0x0, &(0x7f0000000140)="95e8a8881354eca149c38e943b53b53799d9fc9fd6b633666a4532ea950bd6031db798606a6fff2bb03d14b335ffcd0f86dc32ea15c38135"})
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$nl80211(&(0x7f00000000c0), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000100)={'wlan0\x00', <r4=>0x0})
sendmsg$NL80211_CMD_SET_TX_BITRATE_MASK(r2, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)={0x44, r3, 0x1, 0x0, 0x0, {{}, {@val={0x8, 0x3, r4}, @void}}, [@NL80211_ATTR_TX_RATES={0x28, 0x5a, 0x0, 0x1, [@NL80211_BAND_2GHZ={0x4}, @NL80211_BAND_5GHZ={0x20, 0x1, 0x0, 0x1, [@NL80211_TXRATE_HE_GI={0x4, 0x6, 0x1}, @NL80211_TXRATE_LEGACY={0x11, 0x1, [0x18, 0x30, 0xb, 0x4, 0x2, 0x0, 0x48, 0xc, 0x6c, 0xb, 0x18, 0x3, 0x3]}]}]}]}, 0x44}, 0x1, 0x0, 0x0, 0x24040887}, 0x0)
readv(r0, 0x0, 0x0)
pipe(&(0x7f00000001c0)={0xffffffffffffffff, <r5=>0xffffffffffffffff})
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000900)={0x1, &(0x7f00000008c0)=[{0x6, 0x0, 0x0, 0x7fffffff}]})
pipe2(&(0x7f00000002c0)={0xffffffffffffffff, <r6=>0xffffffffffffffff}, 0x0)
vmsplice(r6, 0x0, 0x0, 0x0)
setsockopt$TIPC_GROUP_JOIN(r5, 0x10f, 0x87, &(0x7f0000000200)={0x43, 0x2, 0x2}, 0x10)

2.727790808s ago: executing program 4 (id=1475):
r0 = syz_open_procfs(0x0, &(0x7f0000000480)='net/if_inet6\x00')
preadv(r0, &(0x7f00000000c0)=[{&(0x7f00000021c0)=""/4083, 0xff3}, {&(0x7f0000001100)=""/89, 0x59}], 0x2, 0x36, 0x0)
r1 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000), 0x82000, 0x0)
epoll_ctl$EPOLL_CTL_ADD(r0, 0x1, r1, &(0x7f0000000040))
getpid()
r2 = socket$nl_rdma(0x10, 0x3, 0x14)
sendmsg$RDMA_NLDEV_CMD_STAT_SET(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000000)={0x18, 0x1415, 0x101, 0x1, 0x25dfdbfb, "", [@RDMA_NLDEV_ATTR_DEV_INDEX={0x8}]}, 0x18}}, 0x40)
close_range(r0, r0, 0x2)
r3 = socket$vsock_stream(0x28, 0x1, 0x0)
r4 = syz_open_dev$vbi(&(0x7f0000000200), 0x1, 0x2)
ioctl$VIDIOC_G_SLICED_VBI_CAP(r4, 0xc0745645, &(0x7f0000000300)={0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x9], 0x7})
ioctl$int_in(r3, 0x5421, &(0x7f0000000080)=0xfffffffffbfffffe)
connect$vsock_stream(r3, &(0x7f0000000280)={0x28, 0x0, 0x0, @local}, 0x10)
shutdown(r3, 0x1)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r5=>0xffffffffffffffff})
connect$unix(r5, &(0x7f0000000180)=@abs, 0x6e)
getpeername$l2tp6(r0, &(0x7f0000001180)={0xa, 0x0, 0x0, @empty}, &(0x7f00000011c0)=0x20)
r6 = landlock_create_ruleset(&(0x7f0000000040)={0x3342, 0x3}, 0x18, 0x0)
landlock_restrict_self(r6, 0x5)
connect$inet6(0xffffffffffffffff, &(0x7f0000000240)={0xa, 0x4e21, 0x0, @empty}, 0x1c)
modify_ldt$write(0x1, &(0x7f0000000080)={0x800}, 0x10)

2.540116586s ago: executing program 0 (id=1476):
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0x18, 0x30, 0x1, 0x0, 0x0, {}, [{0x4}]}, 0x18}, 0x1, 0x0, 0x0, 0x804}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
ioctl$DRM_IOCTL_SYNCOBJ_HANDLE_TO_FD_SYNC_FILE(0xffffffffffffffff, 0xc01064c1, &(0x7f00000001c0)={0x0, 0x1, <r1=>0xffffffffffffffff})
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, r1, 0xffffe000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r0, 0x0, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prlimit64(0x0, 0x2, &(0x7f0000000240)={0xfffffffffffffffe}, 0x0)
mprotect(&(0x7f0000ffc000/0x4000)=nil, 0x4008, 0x2)
mkdirat$cgroup_root(0xffffffffffffff9c, 0x0, 0x1ff)
r4 = syz_open_dev$dri(0x0, 0x1ff, 0x0)
r5 = syz_io_uring_setup(0x417d, &(0x7f0000000080)={0x0, 0x1e4d, 0x1, 0x0, 0x10f}, &(0x7f0000000100), &(0x7f0000000140))
r6 = openat$vnet(0xffffffffffffff9c, &(0x7f0000001480), 0x2, 0x0)
r7 = epoll_create1(0x0)
epoll_ctl$EPOLL_CTL_ADD(r7, 0x1, r6, &(0x7f0000000040)={0x4000000c})
io_uring_register$IORING_REGISTER_ENABLE_RINGS(r5, 0xc, 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r4, 0xc02064b2, &(0x7f0000000200)={0x8000, 0x2, 0x4})
r8 = syz_open_dev$dri(&(0x7f0000000000), 0x1ff, 0x0)
ioctl$DRM_IOCTL_MODE_GETRESOURCES(r8, 0xc04064a0, &(0x7f0000000700)={0x0, &(0x7f0000000640)=[<r9=>0x0], 0x0, 0x0, 0x0, 0x1})
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000600)={0x3, 0x3, &(0x7f0000000000)=@framed={{0x7a, 0xa, 0x0, 0xff00, 0x0, 0x71, 0x10, 0x8b}}, &(0x7f0000000480)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80)
ioctl$DRM_IOCTL_MODE_CURSOR(r4, 0xc01c64a3, &(0x7f0000000040)={0x3, r9, 0x10000000, 0x80000001, 0xb, 0x1fd, 0x1})
close_range(r4, 0xffffffffffffffff, 0x0)

1.364385523s ago: executing program 0 (id=1477):
socket$nl_route(0x10, 0x3, 0x0)
prlimit64(0x0, 0xe, 0x0, 0x0)
r0 = add_key$user(&(0x7f0000000100), &(0x7f0000000140)={'syz', 0x3}, &(0x7f0000000180)="8e", 0x1, 0xffffffffffffffff)
pipe2$watch_queue(&(0x7f0000000240)={<r1=>0xffffffffffffffff}, 0x80)
keyctl$KEYCTL_WATCH_KEY(0x20, r0, r1, 0x0)
pipe2$watch_queue(&(0x7f0000000040)={0xffffffffffffffff, <r2=>0xffffffffffffffff}, 0x80)
keyctl$KEYCTL_WATCH_KEY(0x20, r0, r2, 0x17)
setsockopt$CAN_RAW_ERR_FILTER(r2, 0x65, 0x2, &(0x7f0000000000)=0x5, 0x4)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
socket$key(0xf, 0x3, 0x2)
sched_setaffinity(0x0, 0x8, &(0x7f00000000c0)=0xfffffffffffffffe)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
capget(&(0x7f0000000200)={0x19971634}, 0x0)
read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8)
unshare(0x46000200)

1.361013373s ago: executing program 1 (id=1478):
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r0 = bpf$MAP_CREATE(0x0, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
close(0xffffffffffffffff)
bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f0000000080)={r0, 0x0, 0x0}, 0x20)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
write$P9_RVERSION(0xffffffffffffffff, 0x0, 0x15)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f00000001c0)=0x8)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x6770c000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r4 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r4, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000380)={&(0x7f00000000c0)=@newsa={0xf0, 0x10, 0x7, 0x0, 0x0, {{@in6=@mcast2, @in=@multicast2, 0xffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0xee00}, {@in6=@mcast1, 0x0, 0x2b}, @in6=@private0, {0x0, 0x0, 0x2}, {0x0, 0x200000, 0x7}, {0x40000, 0x0, 0xae8}, 0x0, 0x0, 0xa, 0x2, 0x0, 0x70}}, 0xf0}}, 0x0)

267.512614ms ago: executing program 1 (id=1479):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
r1 = signalfd(0xffffffffffffffff, &(0x7f0000000040)={[0xd32]}, 0x8)
read(r1, &(0x7f00000002c0)=""/183, 0xeb)
r2 = syz_io_uring_setup(0x10d, &(0x7f0000000140)={0x0, 0x5885}, &(0x7f0000000340)=<r3=>0x0, &(0x7f0000000280)=<r4=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r3, r4, &(0x7f00000002c0)=@IORING_OP_WRITEV={0x2, 0x0, 0x4004, @fd_index=0x3, 0x0, 0x0})
io_uring_enter(r2, 0x3516, 0x0, 0x0, 0x0, 0x0)
rt_sigprocmask(0x0, &(0x7f0000000000)={[0xfffffffffffffffd]}, 0x0, 0x8)
timer_create(0x3, 0x0, &(0x7f0000000080))
timer_settime(0x0, 0x1, &(0x7f0000000340)={{0x0, 0x989680}, {0x0, 0x9}}, 0x0) (fail_nth: 1)

0s ago: executing program 3 (id=1480):
connect$unix(0xffffffffffffffff, &(0x7f00000000c0)=@file={0x0, './file0\x00'}, 0x6e)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x11, 0x3, &(0x7f0000000040)=ANY=[@ANYBLOB="18000000fcffff180e0000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r0 = socket(0x10, 0x3, 0x0)
connect$netlink(r0, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r4 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x11, 0x5, &(0x7f00000002c0)=ANY=[@ANYBLOB="18050000000000fe000000004b64ffec850000007d000000040000000700000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x2, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r4}, 0xc)
r5 = memfd_create(&(0x7f00000000c0)='[\v\xdbX\xae[\x1a\xa9\xfd\xfa\xad\xd1md\xc8\x85HX\xa9%\f\x1ae\xe0\x00\x00\x00\x00\xfb\xff\x00\x00\x81\x9eG\xd9,\xe2\xc6a\x9f\xe8\xf1\xb3\x86\xe2+Op\xd0\xa2\x82\x1eb;(\xb5\xe1jS\xd6\x91%||\xa0\x8ez\xadT\xc8\f\xe5\x89\xbf3:\x99\x1e\xac`\xc3\xcf\xd3\xae\xd2\a\x11\xa9\xa5^\xff\xf5\x95\xd2q#\xc6\xca\x97\x9d\xcb\x1e\x80\xd6\xd5%N&\xf8#\x80z8Z\xd2}\xf5\xe4\x9f5\x9b\x01\xf9t\xbb\x1er\x14\xdb\xd3\xcd\xfd\xbdnC\xec', 0x0)
execveat(r5, &(0x7f0000000000)='\x00', 0x0, 0x0, 0x1000)
r6 = socket$unix(0x1, 0x5, 0x0)
bind$unix(r6, &(0x7f0000000140)=@abs={0x1}, 0x6e)
socket$unix(0x1, 0x5, 0x0)
socket$unix(0x1, 0x1, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
mkdir(&(0x7f00000000c0)='./bus\x00', 0x0)
mount$bind(&(0x7f00000002c0)='.\x00', 0x0, 0x0, 0x101091, 0x0)
mkdir(&(0x7f0000000440)='./file1\x00', 0x0)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000a00)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}, {@nfs_export_on}]})
rmdir(&(0x7f0000000380)='./file0/../file0\x00')
r7 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$TIOCSETD(r7, 0x5423, &(0x7f0000000080)=0x3)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x8031, 0xffffffffffffffff, 0x0)

kernel console output (not intermixed with test programs):

lid wMaxPacketSize 0
[  556.036632][ T8423] usb 1-1: New USB device found, idVendor=0cf3, idProduct=9374, bcdDevice=bc.3b
[  556.046024][ T8423] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  556.060521][ T8423] usb 1-1: config 0 descriptor??
[  556.067620][ T9700] input: syz1 as /devices/virtual/input/input14
[  556.110144][ T9696] FAULT_INJECTION: forcing a failure.
[  556.110144][ T9696] name failslab, interval 1, probability 0, space 0, times 0
[  556.134415][ T9696] CPU: 0 UID: 0 PID: 9696 Comm: syz.1.1036 Not tainted 6.16.0-rc3-syzkaller #0 PREEMPT(full) 
[  556.134443][ T9696] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  556.134456][ T9696] Call Trace:
[  556.134464][ T9696]  <TASK>
[  556.134473][ T9696]  dump_stack_lvl+0x189/0x250
[  556.134513][ T9696]  ? __pfx____ratelimit+0x10/0x10
[  556.134542][ T9696]  ? __pfx_dump_stack_lvl+0x10/0x10
[  556.134588][ T9696]  ? __pfx__printk+0x10/0x10
[  556.134627][ T9696]  ? __pfx___might_resched+0x10/0x10
[  556.134660][ T9696]  ? fs_reclaim_acquire+0x7d/0x100
[  556.134724][ T9696]  should_fail_ex+0x414/0x560
[  556.134766][ T9696]  should_failslab+0xa8/0x100
[  556.134794][ T9696]  __kmalloc_noprof+0xcb/0x4f0
[  556.134816][ T9696]  ? kfree+0x4d/0x440
[  556.134835][ T9696]  ? tomoyo_realpath_from_path+0xe3/0x5d0
[  556.134870][ T9696]  tomoyo_realpath_from_path+0xe3/0x5d0
[  556.134902][ T9696]  ? tomoyo_domain+0xda/0x130
[  556.134942][ T9696]  ? tomoyo_path_number_perm+0x1bc/0x5a0
[  556.134967][ T9696]  tomoyo_path_number_perm+0x1e8/0x5a0
[  556.134995][ T9696]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  556.135038][ T9696]  ? __lock_acquire+0xab9/0xd20
[  556.135087][ T9696]  ? __fget_files+0x2a/0x420
[  556.135117][ T9696]  ? __fget_files+0x2a/0x420
[  556.135141][ T9696]  ? __fget_files+0x3a0/0x420
[  556.135166][ T9696]  ? __fget_files+0x2a/0x420
[  556.135197][ T9696]  security_file_ioctl+0xcb/0x2d0
[  556.135227][ T9696]  __se_sys_ioctl+0x47/0x170
[  556.135252][ T9696]  do_syscall_64+0xfa/0x3b0
[  556.135280][ T9696]  ? lockdep_hardirqs_on+0x9c/0x150
[  556.135308][ T9696]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  556.135328][ T9696]  ? clear_bhb_loop+0x60/0xb0
[  556.135353][ T9696]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  556.135372][ T9696] RIP: 0033:0x7fe23a38e929
[  556.135391][ T9696] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  556.135409][ T9696] RSP: 002b:00007fe2381f6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  556.135430][ T9696] RAX: ffffffffffffffda RBX: 00007fe23a5b5fa0 RCX: 00007fe23a38e929
[  556.135446][ T9696] RDX: 0000200000001600 RSI: 00000000c080aebe RDI: 0000000000000005
[  556.135459][ T9696] RBP: 00007fe2381f6090 R08: 0000000000000000 R09: 0000000000000000
[  556.135471][ T9696] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  556.135483][ T9696] R13: 0000000000000000 R14: 00007fe23a5b5fa0 R15: 00007ffdd05ee158
[  556.135516][ T9696]  </TASK>
[  556.135564][ T9696] ERROR: Out of memory at tomoyo_realpath_from_path.
[  556.506119][ T8423] ath6kl: Failed to read usb control message: -71
[  556.512806][ T8423] ath6kl: Unable to read the bmi data from the device: -71
[  556.527034][ T9690] bond0: option mode: unable to set because the bond device has slaves
[  556.529486][ T8423] ath6kl: Unable to recv target info: -71
[  556.556490][ T8423] ath6kl: Failed to init ath6kl core: -71
[  556.572531][ T8423] ath6kl_usb 1-1:0.0: probe with driver ath6kl_usb failed with error -71
[  556.643260][ T8423] usb 1-1: USB disconnect, device number 26
[  556.855878][ T9704] ieee802154 phy0 wpan0: encryption failed: -22
[  556.993051][ T9710] FAULT_INJECTION: forcing a failure.
[  556.993051][ T9710] name failslab, interval 1, probability 0, space 0, times 0
[  557.022503][ T9710] CPU: 1 UID: 0 PID: 9710 Comm: syz.1.1040 Not tainted 6.16.0-rc3-syzkaller #0 PREEMPT(full) 
[  557.022534][ T9710] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  557.022547][ T9710] Call Trace:
[  557.022556][ T9710]  <TASK>
[  557.022564][ T9710]  dump_stack_lvl+0x189/0x250
[  557.022600][ T9710]  ? __pfx____ratelimit+0x10/0x10
[  557.022629][ T9710]  ? __pfx_dump_stack_lvl+0x10/0x10
[  557.022659][ T9710]  ? __pfx__printk+0x10/0x10
[  557.022686][ T9710]  ? __pfx___might_resched+0x10/0x10
[  557.022713][ T9710]  ? fs_reclaim_acquire+0x7d/0x100
[  557.022747][ T9710]  should_fail_ex+0x414/0x560
[  557.022776][ T9710]  should_failslab+0xa8/0x100
[  557.022801][ T9710]  kmem_cache_alloc_noprof+0x73/0x3c0
[  557.022820][ T9710]  ? getname_flags+0xb8/0x540
[  557.022845][ T9710]  getname_flags+0xb8/0x540
[  557.022871][ T9710]  do_sys_openat2+0xbc/0x1c0
[  557.022898][ T9710]  ? __pfx_do_sys_openat2+0x10/0x10
[  557.022923][ T9710]  ? ksys_write+0x22a/0x250
[  557.022943][ T9710]  ? __pfx_ksys_write+0x10/0x10
[  557.022964][ T9710]  __x64_sys_openat+0x138/0x170
[  557.022993][ T9710]  do_syscall_64+0xfa/0x3b0
[  557.023016][ T9710]  ? lockdep_hardirqs_on+0x9c/0x150
[  557.023039][ T9710]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  557.023054][ T9710]  ? clear_bhb_loop+0x60/0xb0
[  557.023074][ T9710]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  557.023090][ T9710] RIP: 0033:0x7fe23a38d290
[  557.023104][ T9710] Code: 48 89 44 24 20 75 93 44 89 54 24 0c e8 49 94 02 00 44 8b 54 24 0c 89 da 48 89 ee 41 89 c0 bf 9c ff ff ff b8 01 01 00 00 0f 05 <48> 3d 00 f0 ff ff 77 38 44 89 c7 89 44 24 0c e8 9c 94 02 00 8b 44
[  557.023118][ T9710] RSP: 002b:00007fe2381f5f60 EFLAGS: 00000293 ORIG_RAX: 0000000000000101
[  557.023134][ T9710] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007fe23a38d290
[  557.023146][ T9710] RDX: 0000000000000000 RSI: 00007fe23a410c51 RDI: 00000000ffffff9c
[  557.023186][ T9710] RBP: 00007fe23a410c51 R08: 0000000000000000 R09: 0000000000000000
[  557.023206][ T9710] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000001
[  557.023216][ T9710] R13: 0000000000000001 R14: 00007fe23a5b5fa0 R15: 00007ffdd05ee158
[  557.023241][ T9710]  </TASK>
[  557.243929][ T9712] ieee802154 phy0 wpan0: encryption failed: -22
[  557.408932][ T9717] nvme_fabrics: unknown parameter or missing value '' in ctrl creation request
[  557.436342][ T9716] netlink: 52 bytes leftover after parsing attributes in process `syz.1.1042'.
[  557.768285][ T9721] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  558.264036][ T9731] netlink: 112 bytes leftover after parsing attributes in process `syz.2.1045'.
[  558.325700][ T9731] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=167772160 (335544320 ns) > initial count (40 ns). Using initial count to start timer.
[  559.499984][ T5962] usb 1-1: new high-speed USB device number 27 using dummy_hcd
[  559.839463][ T5962] usb 1-1: Using ep0 maxpacket: 16
[  559.857440][ T5962] usb 1-1: New USB device found, idVendor=06b9, idProduct=4061, bcdDevice= 1.88
[  560.077101][ T5962] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  560.085861][ T5962] usb 1-1: Product: syz
[  560.090549][ T5962] usb 1-1: Manufacturer: syz
[  560.095201][ T5962] usb 1-1: SerialNumber: syz
[  560.116417][ T5962] usb 1-1: config 0 descriptor??
[  560.127459][ T9746] ieee802154 phy0 wpan0: encryption failed: -22
[  560.509446][ T5888] usb 4-1: new high-speed USB device number 26 using dummy_hcd
[  560.629990][ T5962] speedtch 1-1:0.0: speedtch_bind: data interface not found!
[  560.647067][ T5962] speedtch 1-1:0.0: usbatm_usb_probe: bind failed: -19!
[  560.699494][ T5888] usb 4-1: Using ep0 maxpacket: 32
[  560.858012][ T5888] usb 4-1: config 0 has an invalid interface number: 1 but max is 0
[  560.863609][ T5962] usb 1-1: USB disconnect, device number 27
[  561.157015][ T5888] usb 4-1: config 0 has no interface number 0
[  561.251485][ T5888] usb 4-1: New USB device found, idVendor=8086, idProduct=9500, bcdDevice=b6.d8
[  561.261246][ T5888] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  561.269421][ T5888] usb 4-1: Product: syz
[  561.273758][ T5888] usb 4-1: Manufacturer: syz
[  561.299062][ T5888] usb 4-1: SerialNumber: syz
[  561.350308][ T5888] usb 4-1: config 0 descriptor??
[  561.381141][ T5888] usb 4-1: dvb_usb_v2: found a 'Intel CE9500 reference design' in warm state
[  561.432997][ T5888] usb 4-1: selecting invalid altsetting 1
[  561.469203][ T5888] usb 4-1: dvb_usb_ce6230: usb_set_interface() failed=-22
[  561.618816][ T9762] netlink: 32 bytes leftover after parsing attributes in process `syz.1.1056'.
[  561.627916][ T9762] netlink: 216 bytes leftover after parsing attributes in process `syz.1.1056'.
[  561.637360][ T9762] netlink: 216 bytes leftover after parsing attributes in process `syz.1.1056'.
[  561.648693][ T9762] A link change request failed with some changes committed already. Interface batadv0 may have been left with an inconsistent configuration, please check.
[  561.671673][ T5888] usb 4-1: dvb_usb_v2: will pass the complete MPEG2 transport stream to the software demuxer
[  561.821663][ T5888] dvbdev: DVB: registering new adapter (Intel CE9500 reference design)
[  561.869425][ T5888] usb 4-1: media controller created
[  561.903947][ T5888] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  563.004170][ T1302] ieee802154 phy0 wpan0: encryption failed: -22
[  563.011359][ T1302] ieee802154 phy1 wpan1: encryption failed: -22
[  563.390458][ T9767] usb 4-1: dvb_usb_ce6230: usb_control_msg() failed=-110
[  563.451819][ T5888] usb 4-1: dvb_usb_ce6230: usb_control_msg() failed=-32
[  563.654181][ T9774] netlink: 112 bytes leftover after parsing attributes in process `syz.4.1058'.
[  564.048080][ T5888] zl10353_read_register: readreg error (reg=127, ret==-32)
[  564.517445][ T5888] usb 4-1: USB disconnect, device number 26
[  565.695756][ T5904] usb 2-1: new high-speed USB device number 28 using dummy_hcd
[  565.926277][ T5904] usb 2-1: New USB device found, idVendor=04fc, idProduct=504a, bcdDevice=43.02
[  565.939360][ T5904] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  565.972352][ T5904] usb 2-1: Product: syz
[  565.976642][ T5904] usb 2-1: Manufacturer: syz
[  565.995710][ T5904] usb 2-1: SerialNumber: syz
[  566.018786][ T5904] usb 2-1: config 0 descriptor??
[  566.035697][ T5904] gspca_main: sunplus-2.14.0 probing 04fc:504a
[  566.058647][   T30] kauditd_printk_skb: 223 callbacks suppressed
[  566.058666][   T30] audit: type=1326 audit(1750700558.903:1033): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9789 comm="syz.3.1064" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f85f958e929 code=0x7ffc0000
[  566.058981][   T30] audit: type=1326 audit(1750700558.903:1034): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9789 comm="syz.3.1064" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f85f958e929 code=0x7ffc0000
[  566.074275][   T30] audit: type=1326 audit(1750700558.923:1035): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9789 comm="syz.3.1064" exe="/root/syz-executor" sig=0 arch=c000003e syscall=258 compat=0 ip=0x7f85f958e929 code=0x7ffc0000
[  566.074334][   T30] audit: type=1326 audit(1750700558.923:1036): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9789 comm="syz.3.1064" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f85f958e929 code=0x7ffc0000
[  566.074387][   T30] audit: type=1326 audit(1750700558.923:1037): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9789 comm="syz.3.1064" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f85f958e929 code=0x7ffc0000
[  566.109392][ T5962] usb 3-1: new high-speed USB device number 17 using dummy_hcd
[  566.109932][   T30] audit: type=1326 audit(1750700558.963:1038): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9789 comm="syz.3.1064" exe="/root/syz-executor" sig=0 arch=c000003e syscall=161 compat=0 ip=0x7f85f958e929 code=0x7ffc0000
[  566.110205][   T30] audit: type=1326 audit(1750700558.963:1039): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9789 comm="syz.3.1064" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f85f958e929 code=0x7ffc0000
[  566.110393][   T30] audit: type=1326 audit(1750700558.963:1040): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9789 comm="syz.3.1064" exe="/root/syz-executor" sig=0 arch=c000003e syscall=42 compat=0 ip=0x7f85f958e929 code=0x7ffc0000
[  566.112679][   T30] audit: type=1326 audit(1750700558.963:1041): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9789 comm="syz.3.1064" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f85f958e929 code=0x7ffc0000
[  566.145814][   T30] audit: type=1326 audit(1750700558.993:1042): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9789 comm="syz.3.1064" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f85f958e929 code=0x7ffc0000
[  566.309395][ T5962] usb 3-1: Using ep0 maxpacket: 8
[  566.349541][ T5962] usb 3-1: New USB device found, idVendor=1557, idProduct=7720, bcdDevice=b7.eb
[  566.521684][ T5904] usb 2-1: USB disconnect, device number 28
[  566.560869][ T5962] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  566.564390][ T5962] usb 3-1: config 0 descriptor??
[  566.768864][ T5962] asix 3-1:0.0 (unnamed net_device) (uninitialized): invalid hw address, using random
[  567.266159][ T5962] asix 3-1:0.0 (unnamed net_device) (uninitialized): Failed to read reg index 0x0000: -71
[  567.266413][ T5962] asix 3-1:0.0: probe with driver asix failed with error -71
[  567.270668][ T5962] usb 3-1: USB disconnect, device number 17
[  567.459813][ T9802] nvme_fabrics: unknown parameter or missing value '' in ctrl creation request
[  570.329393][ T5867] usb 2-1: new high-speed USB device number 29 using dummy_hcd
[  570.706595][ T5867] usb 2-1: config 0 has an invalid interface number: 1 but max is 0
[  571.600670][ T5867] usb 2-1: config 0 has no interface number 0
[  571.628180][ T5867] usb 2-1: New USB device found, idVendor=18b4, idProduct=fffb, bcdDevice=dc.7b
[  571.638472][ T5867] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  571.774899][ T5867] usb 2-1: Product: syz
[  571.779147][ T5867] usb 2-1: Manufacturer: syz
[  571.789520][ T5867] usb 2-1: SerialNumber: syz
[  571.810921][ T5867] usb 2-1: config 0 descriptor??
[  571.889829][ T5904] usb 1-1: new high-speed USB device number 28 using dummy_hcd
[  572.026142][ T5867] usb 2-1: dvb_usb_v2: found a 'E3C EC168 reference design' in warm state
[  572.052583][ T5867] usb 2-1: dvb_usb_v2: will pass the complete MPEG2 transport stream to the software demuxer
[  572.079755][ T5904] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0
[  572.079913][ T5867] dvbdev: DVB: registering new adapter (E3C EC168 reference design)
[  572.101464][ T5904] usb 1-1: New USB device found, idVendor=0cf3, idProduct=9374, bcdDevice=bc.3b
[  572.113078][ T5867] usb 2-1: media controller created
[  572.119913][ T5904] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  572.149816][ T5904] usb 1-1: config 0 descriptor??
[  572.173499][ T5867] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  572.249434][ T5962] usb 3-1: new full-speed USB device number 18 using dummy_hcd
[  572.294187][ T5867] i2c i2c-1: ec100: i2c rd failed=-32 reg=33
[  572.405529][ T5962] usb 3-1: config 0 has an invalid interface number: 206 but max is 1
[  572.434448][ T5962] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  572.460503][ T5962] usb 3-1: config 0 has 1 interface, different from the descriptor's value: 2
[  572.481679][ T5962] usb 3-1: config 0 has no interface number 0
[  572.495936][ T5962] usb 3-1: config 0 interface 206 altsetting 2 endpoint 0xB has invalid maxpacket 1024, setting to 64
[  572.533267][ T5962] usb 3-1: config 0 interface 206 altsetting 2 endpoint 0xD has invalid maxpacket 1023, setting to 64
[  572.558589][ T5962] usb 3-1: config 0 interface 206 altsetting 2 endpoint 0x8C has invalid maxpacket 30768, setting to 64
[  572.585410][ T5962] usb 3-1: config 0 interface 206 altsetting 2 has 5 endpoint descriptors, different from the interface descriptor's value: 7
[  572.619083][ T5962] usb 3-1: config 0 interface 206 has no altsetting 0
[  572.633593][ T5904] ath6kl: Failed to read usb control message: -71
[  572.640971][ T9833] bond0: option mode: unable to set because the bond device has slaves
[  572.651760][ T5904] ath6kl: Unable to read the bmi data from the device: -71
[  572.873720][ T5904] ath6kl: Unable to recv target info: -71
[  572.884500][ T5962] usb 3-1: New USB device found, idVendor=0499, idProduct=1007, bcdDevice=df.8f
[  572.893845][ T5962] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  572.902029][ T5904] ath6kl: Failed to init ath6kl core: -71
[  572.908434][ T5904] ath6kl_usb 1-1:0.0: probe with driver ath6kl_usb failed with error -71
[  572.924526][ T5962] usb 3-1: Product: syz
[  572.928782][ T5962] usb 3-1: Manufacturer: syz
[  572.944787][ T5962] usb 3-1: SerialNumber: syz
[  572.953414][ T5904] usb 1-1: USB disconnect, device number 28
[  572.972389][ T5962] usb 3-1: config 0 descriptor??
[  572.979085][ T9837] raw-gadget.2 gadget.2: fail, usb_ep_enable returned -22
[  573.300508][ T5962] usb 3-1: Quirk or no altset; falling back to MIDI 1.0
[  573.393062][ T5962] usb 3-1: USB disconnect, device number 18
[  573.651259][ T6642] udevd[6642]: error opening ATTR{/sys/devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.206/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  573.859396][ T5904] usb 4-1: new high-speed USB device number 27 using dummy_hcd
[  574.093462][ T5904] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0
[  574.255081][ T5904] usb 4-1: New USB device found, idVendor=0cf3, idProduct=9374, bcdDevice=bc.3b
[  574.535919][ T5904] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  574.650433][ T5904] usb 4-1: config 0 descriptor??
[  574.913020][ T9845] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1079'.
[  574.930363][ T9874] FAULT_INJECTION: forcing a failure.
[  574.930363][ T9874] name failslab, interval 1, probability 0, space 0, times 0
[  574.957990][ T9845] netlink: 24 bytes leftover after parsing attributes in process `syz.4.1079'.
[  574.968983][ T9874] CPU: 0 UID: 0 PID: 9874 Comm: syz.2.1087 Not tainted 6.16.0-rc3-syzkaller #0 PREEMPT(full) 
[  574.969011][ T9874] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  574.969024][ T9874] Call Trace:
[  574.969032][ T9874]  <TASK>
[  574.969042][ T9874]  dump_stack_lvl+0x189/0x250
[  574.969081][ T9874]  ? __pfx____ratelimit+0x10/0x10
[  574.969112][ T9874]  ? __pfx_dump_stack_lvl+0x10/0x10
[  574.969142][ T9874]  ? __pfx__printk+0x10/0x10
[  574.969168][ T9874]  ? __pfx___might_resched+0x10/0x10
[  574.969196][ T9874]  ? fs_reclaim_acquire+0x7d/0x100
[  574.969229][ T9874]  should_fail_ex+0x414/0x560
[  574.969260][ T9874]  should_failslab+0xa8/0x100
[  574.969286][ T9874]  kmem_cache_alloc_noprof+0x73/0x3c0
[  574.969308][ T9874]  ? getname_flags+0xb8/0x540
[  574.969341][ T9874]  getname_flags+0xb8/0x540
[  574.969373][ T9874]  __x64_sys_execve+0x7a/0xb0
[  574.969398][ T9874]  do_syscall_64+0xfa/0x3b0
[  574.969427][ T9874]  ? lockdep_hardirqs_on+0x9c/0x150
[  574.969456][ T9874]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  574.969476][ T9874]  ? clear_bhb_loop+0x60/0xb0
[  574.969501][ T9874]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  574.969520][ T9874] RIP: 0033:0x7f0094f8e929
[  574.969538][ T9874] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  574.969556][ T9874] RSP: 002b:00007f0095e0e038 EFLAGS: 00000246 ORIG_RAX: 000000000000003b
[  574.969577][ T9874] RAX: ffffffffffffffda RBX: 00007f00951b5fa0 RCX: 00007f0094f8e929
[  574.969592][ T9874] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000200000000000
[  574.969604][ T9874] RBP: 00007f0095e0e090 R08: 0000000000000000 R09: 0000000000000000
[  574.969617][ T9874] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  574.969629][ T9874] R13: 0000000000000000 R14: 00007f00951b5fa0 R15: 00007ffefaae0578
[  574.969661][ T9874]  </TASK>
[  575.156794][    C0] vkms_vblank_simulate: vblank timer overrun
[  575.369176][ T5904] ath6kl: Failed to read usb control message: -71
[  575.376571][ T5904] ath6kl: Unable to read the bmi data from the device: -71
[  575.384646][ T5904] ath6kl: Unable to recv target info: -71
[  575.392570][ T5904] ath6kl: Failed to init ath6kl core: -71
[  575.406237][ T5904] ath6kl_usb 4-1:0.0: probe with driver ath6kl_usb failed with error -71
[  575.423024][ T5904] usb 4-1: USB disconnect, device number 27
[  575.744512][ T9876] bond0: option mode: unable to set because the bond device has slaves
[  575.833596][ T9885] nvme_fabrics: unknown parameter or missing value '' in ctrl creation request
[  577.069499][ T5904] usb 3-1: new high-speed USB device number 19 using dummy_hcd
[  577.989552][ T5904] usb 3-1: Using ep0 maxpacket: 16
[  578.008542][ T5904] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  578.008612][ T5904] usb 3-1: New USB device found, idVendor=04d8, idProduct=00dd, bcdDevice= 0.00
[  578.008636][ T5904] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  578.020341][ T5904] usb 3-1: config 0 descriptor??
[  578.043136][ T9898] FAULT_INJECTION: forcing a failure.
[  578.043136][ T9898] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  578.043173][ T9898] CPU: 1 UID: 0 PID: 9898 Comm: syz.3.1095 Not tainted 6.16.0-rc3-syzkaller #0 PREEMPT(full) 
[  578.043197][ T9898] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  578.043209][ T9898] Call Trace:
[  578.043217][ T9898]  <TASK>
[  578.043226][ T9898]  dump_stack_lvl+0x189/0x250
[  578.043260][ T9898]  ? __pfx____ratelimit+0x10/0x10
[  578.043290][ T9898]  ? __pfx_dump_stack_lvl+0x10/0x10
[  578.043330][ T9898]  ? __pfx__printk+0x10/0x10
[  578.043351][ T9898]  ? __might_fault+0xb0/0x130
[  578.043388][ T9898]  should_fail_ex+0x414/0x560
[  578.043418][ T9898]  _copy_from_user+0x2d/0xb0
[  578.043439][ T9898]  do_sock_getsockopt+0x1cd/0x650
[  578.043467][ T9898]  ? __pfx_do_sock_getsockopt+0x10/0x10
[  578.043490][ T9898]  ? do_syscall_64+0x80/0x3b0
[  578.043519][ T9898]  ? __fget_files+0x3a0/0x420
[  578.043544][ T9898]  ? __fget_files+0x2a/0x420
[  578.043578][ T9898]  __x64_sys_getsockopt+0x1a5/0x250
[  578.043600][ T9898]  ? do_syscall_64+0x80/0x3b0
[  578.043632][ T9898]  ? do_syscall_64+0x80/0x3b0
[  578.043665][ T9898]  do_syscall_64+0xfa/0x3b0
[  578.043693][ T9898]  ? lockdep_hardirqs_on+0x9c/0x150
[  578.043721][ T9898]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  578.043742][ T9898]  ? clear_bhb_loop+0x60/0xb0
[  578.043767][ T9898]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  578.043786][ T9898] RIP: 0033:0x7f85f958e929
[  578.043804][ T9898] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  578.043823][ T9898] RSP: 002b:00007f85fa42e038 EFLAGS: 00000246 ORIG_RAX: 0000000000000037
[  578.043844][ T9898] RAX: ffffffffffffffda RBX: 00007f85f97b5fa0 RCX: 00007f85f958e929
[  578.043859][ T9898] RDX: 0000000000000016 RSI: 0000000000000084 RDI: 0000000000000003
[  578.043872][ T9898] RBP: 00007f85fa42e090 R08: 0000200000000080 R09: 0000000000000000
[  578.043886][ T9898] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  578.043898][ T9898] R13: 0000000000000000 R14: 00007f85f97b5fa0 R15: 00007ffd6b795358
[  578.043931][ T9898]  </TASK>
[  579.001128][ T5904] mcp2221 0003:04D8:00DD.0006: unknown main item tag 0x0
[  579.001210][ T5904] mcp2221 0003:04D8:00DD.0006: unknown main item tag 0x0
[  579.001239][ T5904] mcp2221 0003:04D8:00DD.0006: unknown main item tag 0x0
[  579.001267][ T5904] mcp2221 0003:04D8:00DD.0006: unknown main item tag 0x0
[  579.001295][ T5904] mcp2221 0003:04D8:00DD.0006: unknown main item tag 0x0
[  579.002194][ T5904] mcp2221 0003:04D8:00DD.0006: USB HID v0.05 Device [HID 04d8:00dd] on usb-dummy_hcd.2-1/input0
[  579.225244][ T5904] usb 3-1: USB disconnect, device number 19
[  579.489790][ T5888] usb 1-1: new high-speed USB device number 29 using dummy_hcd
[  579.670390][ T5888] usb 1-1: Using ep0 maxpacket: 8
[  579.694897][ T5888] usb 1-1: config 135 has an invalid interface number: 230 but max is 0
[  579.703624][ T5888] usb 1-1: config 135 has an invalid descriptor of length 0, skipping remainder of the config
[  579.719503][ T5888] usb 1-1: config 135 has no interface number 0
[  579.725997][ T5888] usb 1-1: config 135 interface 230 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 3
[  579.741619][ T5888] usb 1-1: New USB device found, idVendor=18ec, idProduct=3288, bcdDevice=3f.3a
[  579.750750][ T5888] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  579.758742][ T5888] usb 1-1: Product: syz
[  579.763263][ T5888] usb 1-1: Manufacturer: syz
[  579.767900][ T5888] usb 1-1: SerialNumber: syz
[  580.231112][ T9917] ptrace attach of "./syz-executor exec"[5817] was attempted by "./syz-executor exec"[9917]
[  580.324201][ T9358] usb 4-1: new high-speed USB device number 28 using dummy_hcd
[  580.513713][ T9358] usb 4-1: Using ep0 maxpacket: 8
[  580.546567][ T9358] usb 4-1: config 0 has an invalid interface number: 176 but max is 2
[  580.581150][ T9358] usb 4-1: config 0 has an invalid interface number: 49 but max is 2
[  580.598637][ T9358] usb 4-1: config 0 has no interface number 1
[  580.640127][ T9358] usb 4-1: config 0 has no interface number 2
[  580.664109][ T5888] usb 1-1: Found UVC 0.00 device syz (18ec:3288)
[  580.700739][ T5888] usb 1-1: No valid video chain found.
[  580.706459][ T9358] usb 4-1: New USB device found, idVendor=05c6, idProduct=9205, bcdDevice=29.ac
[  580.706814][ T9923] netlink: 'syz.4.1102': attribute type 16 has an invalid length.
[  580.730997][ T5888] usb 1-1: USB disconnect, device number 29
[  580.740516][ T9358] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  580.837646][ T9927] nvme_fabrics: unknown parameter or missing value '' in ctrl creation request
[  581.660935][ T9358] usb 4-1: config 0 descriptor??
[  581.685436][ T9358] qmi_wwan 4-1:0.0: probe with driver qmi_wwan failed with error -22
[  582.108292][ T9913] syz.3.1099: attempt to access beyond end of device
[  582.108292][ T9913] nbd3: rw=4096, sector=0, nr_sectors = 1 limit=0
[  582.172558][ T9358] usb 4-1: Could not set interface, error -71
[  582.249376][ T5888] usb 1-1: new high-speed USB device number 30 using dummy_hcd
[  582.373279][ T9358] usb 4-1: USB disconnect, device number 28
[  583.149614][ T5888] usb 1-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[  583.165072][ T5888] usb 1-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47
[  583.175982][ T5888] usb 1-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[  583.188017][ T5888] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  583.217127][ T9930] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22
[  583.250677][ T5888] usb 1-1: Quirk or no altset; falling back to MIDI 1.0
[  583.298967][ T9948] netlink: 'syz.1.1109': attribute type 4 has an invalid length.
[  583.401593][ T9948] netlink: 'syz.1.1109': attribute type 4 has an invalid length.
[  583.453227][   T30] kauditd_printk_skb: 11 callbacks suppressed
[  583.453246][   T30] audit: type=1326 audit(1750700576.303:1054): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9946 comm="syz.1.1109" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fe23a38e929 code=0x0
[  583.454270][ T5888] usb 1-1: USB disconnect, device number 30
[  583.648456][ T9953] netlink: 52 bytes leftover after parsing attributes in process `syz.4.1112'.
[  583.658506][ T9930] FAULT_INJECTION: forcing a failure.
[  583.658506][ T9930] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  583.759444][ T9930] CPU: 0 UID: 0 PID: 9930 Comm: syz.0.1105 Not tainted 6.16.0-rc3-syzkaller #0 PREEMPT(full) 
[  583.759476][ T9930] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  583.759489][ T9930] Call Trace:
[  583.759497][ T9930]  <TASK>
[  583.759506][ T9930]  dump_stack_lvl+0x189/0x250
[  583.759542][ T9930]  ? __pfx____ratelimit+0x10/0x10
[  583.759578][ T9930]  ? __pfx_dump_stack_lvl+0x10/0x10
[  583.759607][ T9930]  ? __pfx__printk+0x10/0x10
[  583.759641][ T9930]  should_fail_ex+0x414/0x560
[  583.759672][ T9930]  _copy_to_user+0x31/0xb0
[  583.759695][ T9930]  simple_read_from_buffer+0xe1/0x170
[  583.759737][ T9930]  proc_fail_nth_read+0x1df/0x250
[  583.759771][ T9930]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  583.759803][ T9930]  ? rw_verify_area+0x258/0x650
[  583.759826][ T9930]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  583.759856][ T9930]  vfs_read+0x200/0x980
[  583.759886][ T9930]  ? __pfx___mutex_lock+0x10/0x10
[  583.759918][ T9930]  ? __pfx_vfs_read+0x10/0x10
[  583.759943][ T9930]  ? __fget_files+0x2a/0x420
[  583.759974][ T9930]  ? __fget_files+0x3a0/0x420
[  583.759999][ T9930]  ? __fget_files+0x2a/0x420
[  583.760036][ T9930]  ksys_read+0x145/0x250
[  583.760062][ T9930]  ? __pfx_ksys_read+0x10/0x10
[  583.760082][ T9930]  ? rcu_is_watching+0x15/0xb0
[  583.760117][ T9930]  ? do_syscall_64+0xbe/0x3b0
[  583.760152][ T9930]  do_syscall_64+0xfa/0x3b0
[  583.760181][ T9930]  ? lockdep_hardirqs_on+0x9c/0x150
[  583.760209][ T9930]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  583.760230][ T9930]  ? clear_bhb_loop+0x60/0xb0
[  583.760255][ T9930]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  583.760275][ T9930] RIP: 0033:0x7f571458d33c
[  583.760293][ T9930] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[  583.760311][ T9930] RSP: 002b:00007f57154cb030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  583.760332][ T9930] RAX: ffffffffffffffda RBX: 00007f57147b5fa0 RCX: 00007f571458d33c
[  583.760348][ T9930] RDX: 000000000000000f RSI: 00007f57154cb0a0 RDI: 0000000000000004
[  583.760361][ T9930] RBP: 00007f57154cb090 R08: 0000000000000000 R09: 0000000000000000
[  583.760373][ T9930] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  583.760385][ T9930] R13: 0000000000000000 R14: 00007f57147b5fa0 R15: 00007ffe6b51c748
[  583.760418][ T9930]  </TASK>
[  584.475327][ T9958] netlink: 288 bytes leftover after parsing attributes in process `syz.1.1114'.
[  584.969559][ T5888] usb 1-1: new high-speed USB device number 31 using dummy_hcd
[  585.145551][ T5888] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0
[  585.160538][ T9985] FAULT_INJECTION: forcing a failure.
[  585.160538][ T9985] name failslab, interval 1, probability 0, space 0, times 0
[  585.174385][ T5888] usb 1-1: New USB device found, idVendor=0cf3, idProduct=9374, bcdDevice=bc.3b
[  585.185543][ T5888] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  585.193970][ T9985] CPU: 1 UID: 0 PID: 9985 Comm: syz.3.1124 Not tainted 6.16.0-rc3-syzkaller #0 PREEMPT(full) 
[  585.193996][ T9985] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  585.194007][ T9985] Call Trace:
[  585.194015][ T9985]  <TASK>
[  585.194022][ T9985]  dump_stack_lvl+0x189/0x250
[  585.194055][ T9985]  ? __pfx____ratelimit+0x10/0x10
[  585.194083][ T9985]  ? __pfx_dump_stack_lvl+0x10/0x10
[  585.194110][ T9985]  ? __pfx__printk+0x10/0x10
[  585.194135][ T9985]  ? __pfx___might_resched+0x10/0x10
[  585.194162][ T9985]  ? fs_reclaim_acquire+0x7d/0x100
[  585.194193][ T9985]  should_fail_ex+0x414/0x560
[  585.194221][ T9985]  should_failslab+0xa8/0x100
[  585.194248][ T9985]  __kmalloc_noprof+0xcb/0x4f0
[  585.194270][ T9985]  ? kfree+0x4d/0x440
[  585.194287][ T9985]  ? tomoyo_realpath_from_path+0xe3/0x5d0
[  585.194320][ T9985]  tomoyo_realpath_from_path+0xe3/0x5d0
[  585.194351][ T9985]  ? tomoyo_domain+0xda/0x130
[  585.194384][ T9985]  ? tomoyo_path_number_perm+0x1bc/0x5a0
[  585.194407][ T9985]  tomoyo_path_number_perm+0x1e8/0x5a0
[  585.194434][ T9985]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  585.194475][ T9985]  ? __lock_acquire+0xab9/0xd20
[  585.194520][ T9985]  ? __fget_files+0x2a/0x420
[  585.194548][ T9985]  ? __fget_files+0x2a/0x420
[  585.194571][ T9985]  ? __fget_files+0x3a0/0x420
[  585.194593][ T9985]  ? __fget_files+0x2a/0x420
[  585.194621][ T9985]  security_file_ioctl+0xcb/0x2d0
[  585.194649][ T9985]  __se_sys_ioctl+0x47/0x170
[  585.194674][ T9985]  do_syscall_64+0xfa/0x3b0
[  585.194702][ T9985]  ? lockdep_hardirqs_on+0x9c/0x150
[  585.194731][ T9985]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  585.194751][ T9985]  ? clear_bhb_loop+0x60/0xb0
[  585.194775][ T9985]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  585.194795][ T9985] RIP: 0033:0x7f85f958e929
[  585.194811][ T9985] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  585.194839][ T9985] RSP: 002b:00007f85fa42e038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  585.194860][ T9985] RAX: ffffffffffffffda RBX: 00007f85f97b5fa0 RCX: 00007f85f958e929
[  585.194874][ T9985] RDX: 00002000000000c0 RSI: 0000000000000001 RDI: 0000000000000003
[  585.194887][ T9985] RBP: 00007f85fa42e090 R08: 0000000000000000 R09: 0000000000000000
[  585.194898][ T9985] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  585.194910][ T9985] R13: 0000000000000000 R14: 00007f85f97b5fa0 R15: 00007ffd6b795358
[  585.194942][ T9985]  </TASK>
[  585.194951][ T9985] ERROR: Out of memory at tomoyo_realpath_from_path.
[  585.451482][ T5853] usb 3-1: new high-speed USB device number 20 using dummy_hcd
[  585.463442][ T5888] usb 1-1: config 0 descriptor??
[  585.468686][ T9985] program syz.3.1124 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  585.572766][ T9989] netlink: 2 bytes leftover after parsing attributes in process `syz.3.1125'.
[  585.619462][ T5853] usb 3-1: Using ep0 maxpacket: 32
[  585.631337][ T5853] usb 3-1: config 0 has an invalid interface number: 85 but max is 0
[  585.639638][ T5853] usb 3-1: config 0 has no interface number 0
[  585.645991][ T5853] usb 3-1: config 0 interface 85 has no altsetting 0
[  585.666905][ T5853] usb 3-1: New USB device found, idVendor=05ac, idProduct=0219, bcdDevice=f0.72
[  585.678692][ T5853] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  585.697210][ T5853] usb 3-1: Product: syz
[  585.707273][ T5853] usb 3-1: Manufacturer: syz
[  585.717336][ T5853] usb 3-1: SerialNumber: syz
[  585.733793][ T5853] usb 3-1: config 0 descriptor??
[  585.753110][ T5853] appletouch 3-1:0.85: Could not find int-in endpoint
[  585.760794][ T5853] appletouch 3-1:0.85: probe with driver appletouch failed with error -5
[  585.771280][ T5853] usbhid 3-1:0.85: couldn't find an input interrupt endpoint
[  585.896562][ T5888] ath6kl: Failed to read usb control message: -71
[  585.904637][ T9964] bond0: option mode: unable to set because the bond device has slaves
[  585.917054][ T5888] ath6kl: Unable to read the bmi data from the device: -71
[  585.925467][ T5888] ath6kl: Unable to recv target info: -71
[  585.941106][ T5888] ath6kl: Failed to init ath6kl core: -71
[  585.947855][ T5888] ath6kl_usb 1-1:0.0: probe with driver ath6kl_usb failed with error -71
[  586.024584][ T5888] usb 1-1: USB disconnect, device number 31
[  586.286772][ T5853] usb 3-1: USB disconnect, device number 20
[  587.614469][T10007] FAULT_INJECTION: forcing a failure.
[  587.614469][T10007] name fail_futex, interval 1, probability 0, space 0, times 1
[  587.727609][T10007] CPU: 1 UID: 0 PID: 10007 Comm: syz.2.1130 Not tainted 6.16.0-rc3-syzkaller #0 PREEMPT(full) 
[  587.727639][T10007] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  587.727651][T10007] Call Trace:
[  587.727660][T10007]  <TASK>
[  587.727670][T10007]  dump_stack_lvl+0x189/0x250
[  587.727704][T10007]  ? __pfx____ratelimit+0x10/0x10
[  587.727738][T10007]  ? __pfx_dump_stack_lvl+0x10/0x10
[  587.727767][T10007]  ? __pfx__printk+0x10/0x10
[  587.727789][T10007]  ? lockdep_hardirqs_on+0x9c/0x150
[  587.727829][T10007]  should_fail_ex+0x414/0x560
[  587.727859][T10007]  get_futex_key+0x1a8/0x1640
[  587.727895][T10007]  ? look_up_lock_class+0x74/0x170
[  587.727928][T10007]  ? __pfx_get_futex_key+0x10/0x10
[  587.727961][T10007]  ? __lock_acquire+0xab9/0xd20
[  587.727996][T10007]  futex_wake+0xf8/0x560
[  587.728027][T10007]  ? __pfx_futex_wake+0x10/0x10
[  587.728055][T10007]  ? __lock_acquire+0xab9/0xd20
[  587.728092][T10007]  do_futex+0x395/0x420
[  587.728120][T10007]  ? __pfx_do_futex+0x10/0x10
[  587.728143][T10007]  ? __might_fault+0xb0/0x130
[  587.728171][T10007]  mm_release+0x188/0x390
[  587.728201][T10007]  ? __pfx_mm_release+0x10/0x10
[  587.728229][T10007]  ? lockdep_hardirqs_on+0x9c/0x150
[  587.728270][T10007]  exit_mm+0xa8/0x2c0
[  587.728293][T10007]  ? __pfx_exit_mm+0x10/0x10
[  587.728318][T10007]  ? rcu_is_watching+0x15/0xb0
[  587.728360][T10007]  do_exit+0x648/0x22e0
[  587.728388][T10007]  ? do_raw_spin_lock+0x121/0x290
[  587.728412][T10007]  ? __pfx_do_exit+0x10/0x10
[  587.728451][T10007]  do_group_exit+0x21c/0x2d0
[  587.728472][T10007]  ? lockdep_hardirqs_on+0x9c/0x150
[  587.728503][T10007]  get_signal+0x125e/0x1310
[  587.728554][T10007]  arch_do_signal_or_restart+0x9a/0x750
[  587.728583][T10007]  ? __fget_files+0x3a0/0x420
[  587.728614][T10007]  ? __pfx_arch_do_signal_or_restart+0x10/0x10
[  587.728656][T10007]  ? exit_to_user_mode_loop+0x40/0x110
[  587.728687][T10007]  exit_to_user_mode_loop+0x75/0x110
[  587.728714][T10007]  do_syscall_64+0x2bd/0x3b0
[  587.728743][T10007]  ? lockdep_hardirqs_on+0x9c/0x150
[  587.728769][T10007]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  587.728790][T10007]  ? clear_bhb_loop+0x60/0xb0
[  587.728814][T10007]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  587.728833][T10007] RIP: 0033:0x7f0094f8e929
[  587.728851][T10007] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  587.728868][T10007] RSP: 002b:00007f0095ded038 EFLAGS: 00000246 ORIG_RAX: 000000000000002d
[  587.728890][T10007] RAX: fffffffffffffe00 RBX: 00007f00951b6080 RCX: 00007f0094f8e929
[  587.728905][T10007] RDX: 0000000000059000 RSI: 0000200000000080 RDI: 0000000000000006
[  587.728918][T10007] RBP: 00007f0095ded090 R08: 0000000000000000 R09: 0010000000000000
[  587.728932][T10007] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  587.728944][T10007] R13: 0000000000000000 R14: 00007f00951b6080 R15: 00007ffefaae0578
[  587.728976][T10007]  </TASK>
[  587.729390][ T5904] usb 1-1: new high-speed USB device number 32 using dummy_hcd
[  588.191154][ T5904] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  588.194134][T10019] input: syz1 as /devices/virtual/input/input15
[  588.231394][ T5904] usb 1-1: New USB device found, idVendor=0471, idProduct=0304, bcdDevice=e4.df
[  588.245182][ T5904] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  588.283743][ T5904] usb 1-1: config 0 descriptor??
[  588.314507][ T5904] pwc: Askey VC010 type 2 USB webcam detected.
[  589.480938][ T5904] pwc: recv_control_msg error -32 req 02 val 2b00
[  589.493225][ T5904] pwc: recv_control_msg error -32 req 02 val 2700
[  591.340661][ T5904] pwc: recv_control_msg error -71 req 04 val 1000
[  591.342461][ T5904] pwc: recv_control_msg error -71 req 04 val 1300
[  591.349725][ T5904] pwc: recv_control_msg error -71 req 04 val 1400
[  591.352629][ T5904] pwc: recv_control_msg error -71 req 02 val 2000
[  591.359537][ T5904] pwc: recv_control_msg error -71 req 02 val 2100
[  591.359958][ T5904] pwc: recv_control_msg error -71 req 04 val 1500
[  591.360517][ T5904] pwc: recv_control_msg error -71 req 02 val 2500
[  591.360923][ T5904] pwc: recv_control_msg error -71 req 02 val 2400
[  591.361334][ T5904] pwc: recv_control_msg error -71 req 02 val 2600
[  591.361901][ T5904] pwc: recv_control_msg error -71 req 02 val 2900
[  591.362374][ T5904] pwc: recv_control_msg error -71 req 02 val 2800
[  591.362984][ T5904] pwc: recv_control_msg error -71 req 04 val 1100
[  591.369485][ T5904] pwc: recv_control_msg error -71 req 04 val 1200
[  591.372772][ T5904] pwc: Registered as video103.
[  591.375191][ T5904] input: PWC snapshot button as /devices/platform/dummy_hcd.0/usb1/1-1/input/input16
[  591.393713][ T5904] usb 1-1: USB disconnect, device number 32
[  591.570011][ T8423] usb 4-1: new high-speed USB device number 29 using dummy_hcd
[  591.721303][ T8423] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0
[  591.721351][ T8423] usb 4-1: New USB device found, idVendor=0cf3, idProduct=9374, bcdDevice=bc.3b
[  591.721375][ T8423] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  591.724424][ T8423] usb 4-1: config 0 descriptor??
[  592.778588][ T8423] ath6kl: Failed to read usb control message: -71
[  592.778639][ T8423] ath6kl: Unable to read the bmi data from the device: -71
[  592.778655][ T8423] ath6kl: Unable to recv target info: -71
[  592.780896][ T8423] ath6kl: Failed to init ath6kl core: -71
[  592.781428][ T8423] ath6kl_usb 4-1:0.0: probe with driver ath6kl_usb failed with error -71
[  592.787136][ T8423] usb 4-1: USB disconnect, device number 29
[  592.840906][T10049] bond0: option mode: unable to set because the bond device has slaves
[  593.420965][T10070] overlayfs: failed to clone upperpath
[  594.114383][T10074] netlink: 52 bytes leftover after parsing attributes in process `syz.4.1153'.
[  596.022228][T10088] warning: `syz.1.1157' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211
[  598.978261][ T8423] usb 1-1: new high-speed USB device number 33 using dummy_hcd
[  599.139390][ T8423] usb 1-1: Using ep0 maxpacket: 8
[  599.566943][ T8423] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  599.579510][ T8423] usb 1-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xF9, changing to 0x89
[  599.591941][ T8423] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x89 has an invalid bInterval 0, changing to 7
[  599.611904][ T8423] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x89 has invalid maxpacket 59391, setting to 1024
[  599.629839][ T8423] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0xF has an invalid bInterval 0, changing to 7
[  599.641232][ T8423] usb 1-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  599.657472][ T8423] usb 1-1: New USB device found, idVendor=0bc7, idProduct=0008, bcdDevice=4f.c8
[  599.669311][ T8423] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  599.678990][ T8423] usb 1-1: Product: syz
[  599.683687][ T8423] usb 1-1: Manufacturer: syz
[  599.688300][ T8423] usb 1-1: SerialNumber: syz
[  599.697004][ T8423] usb 1-1: config 0 descriptor??
[  599.703115][T10096] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22
[  599.827815][T10121] netlink: 52 bytes leftover after parsing attributes in process `syz.3.1165'.
[  600.789876][T10123] netlink: 52 bytes leftover after parsing attributes in process `syz.2.1166'.
[  601.663197][T10140] netlink: 52 bytes leftover after parsing attributes in process `syz.4.1172'.
[  602.679415][ T8423] rc_core: IR keymap rc-snapstream-firefly not found
[  602.686189][ T8423] Registered IR keymap rc-empty
[  602.693631][ T8423] rc rc0: syz syz as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/rc/rc0
[  602.705316][ T8423] input: syz syz as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/rc/rc0/input17
[  602.784995][ T8423] input: syz syz mouse as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/input/input18
[  602.942065][ T8423] usb 1-1: USB disconnect, device number 33
[  602.948148][    C0] ati_remote 1-1:0.0: ati_remote_irq_in: usb_submit_urb()=-19
[  605.208979][T10171] overlayfs: missing 'lowerdir'
[  605.368918][T10173] FAULT_INJECTION: forcing a failure.
[  605.368918][T10173] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  605.426388][T10178] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1184'.
[  605.439488][T10173] CPU: 0 UID: 0 PID: 10173 Comm: syz.0.1182 Not tainted 6.16.0-rc3-syzkaller #0 PREEMPT(full) 
[  605.439517][T10173] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  605.439530][T10173] Call Trace:
[  605.439538][T10173]  <TASK>
[  605.439546][T10173]  dump_stack_lvl+0x189/0x250
[  605.439581][T10173]  ? __pfx____ratelimit+0x10/0x10
[  605.439611][T10173]  ? __pfx_dump_stack_lvl+0x10/0x10
[  605.439640][T10173]  ? __pfx__printk+0x10/0x10
[  605.439660][T10173]  ? __might_fault+0xb0/0x130
[  605.439696][T10173]  should_fail_ex+0x414/0x560
[  605.439725][T10173]  _copy_from_user+0x2d/0xb0
[  605.439755][T10173]  ___sys_sendmsg+0x158/0x2a0
[  605.439782][T10173]  ? __pfx____sys_sendmsg+0x10/0x10
[  605.439846][T10173]  ? __fget_files+0x2a/0x420
[  605.439872][T10173]  ? __fget_files+0x3a0/0x420
[  605.439909][T10173]  __x64_sys_sendmsg+0x19b/0x260
[  605.439936][T10173]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  605.439971][T10173]  ? __pfx_ksys_write+0x10/0x10
[  605.439991][T10173]  ? rcu_is_watching+0x15/0xb0
[  605.440026][T10173]  ? do_syscall_64+0xbe/0x3b0
[  605.440059][T10173]  do_syscall_64+0xfa/0x3b0
[  605.440086][T10173]  ? lockdep_hardirqs_on+0x9c/0x150
[  605.440114][T10173]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  605.440133][T10173]  ? clear_bhb_loop+0x60/0xb0
[  605.440158][T10173]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  605.440177][T10173] RIP: 0033:0x7f571458e929
[  605.440194][T10173] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  605.440211][T10173] RSP: 002b:00007f57154cb038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  605.440232][T10173] RAX: ffffffffffffffda RBX: 00007f57147b5fa0 RCX: 00007f571458e929
[  605.440247][T10173] RDX: 0000000000000804 RSI: 0000200000000040 RDI: 0000000000000006
[  605.440259][T10173] RBP: 00007f57154cb090 R08: 0000000000000000 R09: 0000000000000000
[  605.440271][T10173] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  605.440282][T10173] R13: 0000000000000000 R14: 00007f57147b5fa0 R15: 00007ffe6b51c748
[  605.440312][T10173]  </TASK>
[  605.689023][T10179] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1186'.
[  606.539349][ T8423] usb 3-1: new high-speed USB device number 21 using dummy_hcd
[  606.647954][T10191] FAULT_INJECTION: forcing a failure.
[  606.647954][T10191] name failslab, interval 1, probability 0, space 0, times 0
[  606.697244][T10191] CPU: 0 UID: 0 PID: 10191 Comm: syz.1.1189 Not tainted 6.16.0-rc3-syzkaller #0 PREEMPT(full) 
[  606.697275][T10191] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  606.697289][T10191] Call Trace:
[  606.697297][T10191]  <TASK>
[  606.697307][T10191]  dump_stack_lvl+0x189/0x250
[  606.697342][T10191]  ? __pfx____ratelimit+0x10/0x10
[  606.697372][T10191]  ? __pfx_dump_stack_lvl+0x10/0x10
[  606.697402][T10191]  ? __pfx__printk+0x10/0x10
[  606.697428][T10191]  ? __pfx___might_resched+0x10/0x10
[  606.697457][T10191]  ? fs_reclaim_acquire+0x7d/0x100
[  606.697490][T10191]  should_fail_ex+0x414/0x560
[  606.697519][T10191]  should_failslab+0xa8/0x100
[  606.697547][T10191]  __kmalloc_noprof+0xcb/0x4f0
[  606.697567][T10191]  ? kfree+0x4d/0x440
[  606.697585][T10191]  ? tomoyo_realpath_from_path+0xe3/0x5d0
[  606.697621][T10191]  tomoyo_realpath_from_path+0xe3/0x5d0
[  606.697660][T10191]  ? tomoyo_domain+0xda/0x130
[  606.697695][T10191]  ? tomoyo_path_number_perm+0x1bc/0x5a0
[  606.697719][T10191]  tomoyo_path_number_perm+0x1e8/0x5a0
[  606.697748][T10191]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  606.697792][T10191]  ? __lock_acquire+0xab9/0xd20
[  606.697842][T10191]  ? __fget_files+0x2a/0x420
[  606.697872][T10191]  ? __fget_files+0x2a/0x420
[  606.697904][T10191]  ? __fget_files+0x3a0/0x420
[  606.697929][T10191]  ? __fget_files+0x2a/0x420
[  606.697960][T10191]  security_file_ioctl+0xcb/0x2d0
[  606.697989][T10191]  __se_sys_ioctl+0x47/0x170
[  606.698013][T10191]  do_syscall_64+0xfa/0x3b0
[  606.698042][T10191]  ? lockdep_hardirqs_on+0x9c/0x150
[  606.698070][T10191]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  606.698089][T10191]  ? clear_bhb_loop+0x60/0xb0
[  606.698114][T10191]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  606.698133][T10191] RIP: 0033:0x7fe23a38e929
[  606.698151][T10191] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  606.698168][T10191] RSP: 002b:00007fe2381f6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  606.698189][T10191] RAX: ffffffffffffffda RBX: 00007fe23a5b5fa0 RCX: 00007fe23a38e929
[  606.698204][T10191] RDX: 0000200000000000 RSI: 00000000000089f4 RDI: 0000000000000004
[  606.698217][T10191] RBP: 00007fe2381f6090 R08: 0000000000000000 R09: 0000000000000000
[  606.698229][T10191] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  606.698240][T10191] R13: 0000000000000000 R14: 00007fe23a5b5fa0 R15: 00007ffdd05ee158
[  606.698273][T10191]  </TASK>
[  606.698282][T10191] ERROR: Out of memory at tomoyo_realpath_from_path.
[  606.969868][ T8423] usb 3-1: Using ep0 maxpacket: 8
[  606.977636][ T8423] usb 3-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  606.989571][ T8423] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7
[  607.000702][ T8423] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0
[  607.013340][ T8423] usb 3-1: New USB device found, idVendor=0e9c, idProduct=0000, bcdDevice=5b.1e
[  607.035612][ T8423] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  607.073950][ T8423] usb 3-1: Product: syz
[  607.521996][ T8423] usb 3-1: Manufacturer: syz
[  607.527947][ T8423] usb 3-1: SerialNumber: syz
[  607.538484][ T8423] usb 3-1: config 0 descriptor??
[  607.586149][ T8423] streamzap 3-1:0.0: streamzap_probe: endpoint Max Packet Size is 0!?!
[  607.658206][T10210] overlayfs: missing 'lowerdir'
[  607.808412][ T5888] usb 3-1: USB disconnect, device number 21
[  607.896876][T10215] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  607.914893][T10215] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  608.023174][T10222] netlink: 'syz.0.1200': attribute type 34 has an invalid length.
[  608.249440][ T5853] usb 4-1: new high-speed USB device number 30 using dummy_hcd
[  608.409361][ T5853] usb 4-1: Using ep0 maxpacket: 32
[  608.420577][ T5853] usb 4-1: config 0 has an invalid interface number: 51 but max is 0
[  608.452136][ T5853] usb 4-1: config 0 has no interface number 0
[  608.486098][ T5853] usb 4-1: New USB device found, idVendor=061d, idProduct=c150, bcdDevice=ce.6f
[  608.513420][ T5853] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  608.548877][ T5853] usb 4-1: Product: syz
[  608.553478][ T5853] usb 4-1: Manufacturer: syz
[  608.558131][ T5853] usb 4-1: SerialNumber: syz
[  608.570004][ T5853] usb 4-1: config 0 descriptor??
[  608.722144][ T5853] quatech2 4-1:0.51: Quatech 2nd gen USB to Serial Driver converter detected
[  609.525386][T10235] nvme_fabrics: unknown parameter or missing value '' in ctrl creation request
[  609.928137][ T5853] usb 4-1: qt2_attach - failed to power on unit: -71
[  609.948531][ T5853] quatech2 4-1:0.51: probe with driver quatech2 failed with error -71
[  610.013822][ T5853] usb 4-1: USB disconnect, device number 30
[  610.044381][T10246] overlayfs: missing 'lowerdir'
[  610.178185][T10250] FAULT_INJECTION: forcing a failure.
[  610.178185][T10250] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  610.229350][ T5888] usb 1-1: new full-speed USB device number 34 using dummy_hcd
[  610.237499][T10250] CPU: 0 UID: 0 PID: 10250 Comm: syz.3.1208 Not tainted 6.16.0-rc3-syzkaller #0 PREEMPT(full) 
[  610.237528][T10250] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  610.237542][T10250] Call Trace:
[  610.237550][T10250]  <TASK>
[  610.237558][T10250]  dump_stack_lvl+0x189/0x250
[  610.237594][T10250]  ? __pfx____ratelimit+0x10/0x10
[  610.237623][T10250]  ? __pfx_dump_stack_lvl+0x10/0x10
[  610.237654][T10250]  ? __pfx__printk+0x10/0x10
[  610.237674][T10250]  ? __might_fault+0xb0/0x130
[  610.237711][T10250]  should_fail_ex+0x414/0x560
[  610.237741][T10250]  _copy_from_user+0x2d/0xb0
[  610.237762][T10250]  do_sock_getsockopt+0x1cd/0x650
[  610.237791][T10250]  ? __pfx_do_sock_getsockopt+0x10/0x10
[  610.237813][T10250]  ? do_syscall_64+0x80/0x3b0
[  610.237842][T10250]  ? __fget_files+0x3a0/0x420
[  610.237869][T10250]  ? __fget_files+0x2a/0x420
[  610.237903][T10250]  __x64_sys_getsockopt+0x1a5/0x250
[  610.237927][T10250]  ? do_syscall_64+0x80/0x3b0
[  610.237958][T10250]  ? do_syscall_64+0x80/0x3b0
[  610.237992][T10250]  do_syscall_64+0xfa/0x3b0
[  610.238021][T10250]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  610.238040][T10250]  ? asm_sysvec_reschedule_ipi+0x1a/0x20
[  610.238059][T10250]  ? clear_bhb_loop+0x60/0xb0
[  610.238083][T10250]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  610.238107][T10250] RIP: 0033:0x7f85f958e929
[  610.238125][T10250] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  610.238143][T10250] RSP: 002b:00007f85fa40d038 EFLAGS: 00000246 ORIG_RAX: 0000000000000037
[  610.238164][T10250] RAX: ffffffffffffffda RBX: 00007f85f97b6080 RCX: 00007f85f958e929
[  610.238179][T10250] RDX: 0000000000000023 RSI: 0000000000000006 RDI: 0000000000000004
[  610.238191][T10250] RBP: 00007f85fa40d090 R08: 0000200000000800 R09: 0000000000000000
[  610.238205][T10250] R10: 0000200000000400 R11: 0000000000000246 R12: 0000000000000001
[  610.238218][T10250] R13: 0000000000000001 R14: 00007f85f97b6080 R15: 00007ffd6b795358
[  610.238250][T10250]  </TASK>
[  610.569436][   T24] usb 3-1: new high-speed USB device number 22 using dummy_hcd
[  610.604770][ T5888] usb 1-1: unable to get BOS descriptor or descriptor too short
[  610.615075][ T5888] usb 1-1: too many configurations: 9, using maximum allowed: 8
[  610.708540][ T5888] usb 1-1: unable to read config index 0 descriptor/start: -71
[  610.724989][ T5888] usb 1-1: can't read configurations, error -71
[  610.731990][   T24] usb 3-1: Using ep0 maxpacket: 16
[  610.745421][   T24] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  610.761499][   T24] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 3
[  610.783875][   T24] usb 3-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  610.793134][   T24] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  610.807650][   T24] usb 3-1: Product: syz
[  610.812258][   T24] usb 3-1: Manufacturer: syz
[  610.816942][   T24] usb 3-1: SerialNumber: syz
[  610.864022][T10256] FAULT_INJECTION: forcing a failure.
[  610.864022][T10256] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  610.877982][T10256] CPU: 0 UID: 0 PID: 10256 Comm: syz.1.1211 Not tainted 6.16.0-rc3-syzkaller #0 PREEMPT(full) 
[  610.878010][T10256] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  610.878023][T10256] Call Trace:
[  610.878031][T10256]  <TASK>
[  610.878040][T10256]  dump_stack_lvl+0x189/0x250
[  610.878076][T10256]  ? __pfx____ratelimit+0x10/0x10
[  610.878106][T10256]  ? __pfx_dump_stack_lvl+0x10/0x10
[  610.878137][T10256]  ? __pfx__printk+0x10/0x10
[  610.878158][T10256]  ? __might_fault+0xb0/0x130
[  610.878195][T10256]  should_fail_ex+0x414/0x560
[  610.878260][T10256]  _copy_from_user+0x2d/0xb0
[  610.878281][T10256]  ___sys_recvmsg+0x12e/0x510
[  610.878314][T10256]  ? __pfx____sys_recvmsg+0x10/0x10
[  610.878366][T10256]  ? __fget_files+0x3a0/0x420
[  610.878404][T10256]  __x64_sys_recvmsg+0x198/0x260
[  610.878433][T10256]  ? __pfx___x64_sys_recvmsg+0x10/0x10
[  610.878474][T10256]  ? __pfx_ksys_write+0x10/0x10
[  610.878495][T10256]  ? rcu_is_watching+0x15/0xb0
[  610.878531][T10256]  ? do_syscall_64+0xbe/0x3b0
[  610.878566][T10256]  do_syscall_64+0xfa/0x3b0
[  610.878595][T10256]  ? lockdep_hardirqs_on+0x9c/0x150
[  610.878623][T10256]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  610.878643][T10256]  ? clear_bhb_loop+0x60/0xb0
[  610.878669][T10256]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  610.878689][T10256] RIP: 0033:0x7fe23a38e929
[  610.878707][T10256] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  610.878725][T10256] RSP: 002b:00007fe2381f6038 EFLAGS: 00000246 ORIG_RAX: 000000000000002f
[  610.878746][T10256] RAX: ffffffffffffffda RBX: 00007fe23a5b5fa0 RCX: 00007fe23a38e929
[  610.878761][T10256] RDX: 0000000040010100 RSI: 0000200000000300 RDI: 0000000000000003
[  610.878774][T10256] RBP: 00007fe2381f6090 R08: 0000000000000000 R09: 0000000000000000
[  610.878786][T10256] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  610.878798][T10256] R13: 0000000000000000 R14: 00007fe23a5b5fa0 R15: 00007ffdd05ee158
[  610.878829][T10256]  </TASK>
[  611.754739][T10268] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1216'.
[  611.791526][T10268] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  611.907664][T10272] FAULT_INJECTION: forcing a failure.
[  611.907664][T10272] name failslab, interval 1, probability 0, space 0, times 0
[  611.939799][T10272] CPU: 1 UID: 0 PID: 10272 Comm: syz.1.1218 Not tainted 6.16.0-rc3-syzkaller #0 PREEMPT(full) 
[  611.939829][T10272] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  611.939843][T10272] Call Trace:
[  611.939851][T10272]  <TASK>
[  611.939864][T10272]  dump_stack_lvl+0x189/0x250
[  611.939899][T10272]  ? __pfx____ratelimit+0x10/0x10
[  611.939929][T10272]  ? __pfx_dump_stack_lvl+0x10/0x10
[  611.939959][T10272]  ? __pfx__printk+0x10/0x10
[  611.939987][T10272]  ? __pfx___might_resched+0x10/0x10
[  611.940015][T10272]  ? fs_reclaim_acquire+0x7d/0x100
[  611.940049][T10272]  should_fail_ex+0x414/0x560
[  611.940080][T10272]  should_failslab+0xa8/0x100
[  611.940109][T10272]  __kmalloc_noprof+0xcb/0x4f0
[  611.940131][T10272]  ? kfree+0x4d/0x440
[  611.940150][T10272]  ? tomoyo_realpath_from_path+0xe3/0x5d0
[  611.940187][T10272]  tomoyo_realpath_from_path+0xe3/0x5d0
[  611.940219][T10272]  ? tomoyo_domain+0xda/0x130
[  611.940259][T10272]  tomoyo_path_perm+0x213/0x4b0
[  611.940284][T10272]  ? tomoyo_path_perm+0x1e3/0x4b0
[  611.940308][T10272]  ? __pfx_tomoyo_path_perm+0x10/0x10
[  611.940343][T10272]  ? vfs_write+0x8d8/0xa90
[  611.940387][T10272]  ? __lock_acquire+0xab9/0xd20
[  611.940436][T10272]  security_file_truncate+0xb1/0x270
[  611.940465][T10272]  do_ftruncate+0x270/0x540
[  611.940496][T10272]  ? __pfx_do_ftruncate+0x10/0x10
[  611.940519][T10272]  ? __fget_files+0x3a0/0x420
[  611.940544][T10272]  ? __fget_files+0x2a/0x420
[  611.940580][T10272]  __x64_sys_ftruncate+0x92/0xf0
[  611.940605][T10272]  do_syscall_64+0xfa/0x3b0
[  611.940633][T10272]  ? lockdep_hardirqs_on+0x9c/0x150
[  611.940661][T10272]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  611.940698][T10272]  ? clear_bhb_loop+0x60/0xb0
[  611.940723][T10272]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  611.940743][T10272] RIP: 0033:0x7fe23a38e929
[  611.940761][T10272] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  611.940778][T10272] RSP: 002b:00007fe2381f6038 EFLAGS: 00000246 ORIG_RAX: 000000000000004d
[  611.940799][T10272] RAX: ffffffffffffffda RBX: 00007fe23a5b5fa0 RCX: 00007fe23a38e929
[  611.940814][T10272] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003
[  611.940825][T10272] RBP: 00007fe2381f6090 R08: 0000000000000000 R09: 0000000000000000
[  611.940837][T10272] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  611.940849][T10272] R13: 0000000000000000 R14: 00007fe23a5b5fa0 R15: 00007ffdd05ee158
[  611.940881][T10272]  </TASK>
[  611.940924][T10272] ERROR: Out of memory at tomoyo_realpath_from_path.
[  612.160785][T10276] overlayfs: missing 'lowerdir'
[  612.750198][ T5888] usb 1-1: new high-speed USB device number 36 using dummy_hcd
[  612.919799][ T5888] usb 1-1: Using ep0 maxpacket: 32
[  612.983071][ T5888] usb 1-1: config 0 has an invalid interface number: 1 but max is 0
[  613.042676][ T5888] usb 1-1: config 0 has no interface number 0
[  613.141163][ T5888] usb 1-1: New USB device found, idVendor=8086, idProduct=9500, bcdDevice=b6.d8
[  613.365715][ T5888] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  613.375189][   T24] usb 3-1: 0:2 : does not exist
[  613.383811][ T5888] usb 1-1: Product: syz
[  613.388057][ T5888] usb 1-1: Manufacturer: syz
[  613.394967][ T5888] usb 1-1: SerialNumber: syz
[  613.427261][   T24] usb 3-1: USB disconnect, device number 22
[  613.450302][ T5888] usb 1-1: config 0 descriptor??
[  613.462600][ T5888] usb 1-1: dvb_usb_v2: found a 'Intel CE9500 reference design' in warm state
[  613.485941][ T5888] usb 1-1: selecting invalid altsetting 1
[  613.491880][ T5888] usb 1-1: dvb_usb_ce6230: usb_set_interface() failed=-22
[  613.543130][ T7800] udevd[7800]: error opening ATTR{/sys/devices/platform/dummy_hcd.2/usb3/3-1/3-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  613.556924][ T5888] usb 1-1: dvb_usb_v2: will pass the complete MPEG2 transport stream to the software demuxer
[  613.601656][ T5888] dvbdev: DVB: registering new adapter (Intel CE9500 reference design)
[  613.604835][T10290] FAULT_INJECTION: forcing a failure.
[  613.604835][T10290] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  613.707749][ T5888] usb 1-1: media controller created
[  613.789422][T10290] CPU: 1 UID: 0 PID: 10290 Comm: syz.3.1225 Not tainted 6.16.0-rc3-syzkaller #0 PREEMPT(full) 
[  613.789452][T10290] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  613.789465][T10290] Call Trace:
[  613.789474][T10290]  <TASK>
[  613.789483][T10290]  dump_stack_lvl+0x189/0x250
[  613.789530][T10290]  ? __pfx____ratelimit+0x10/0x10
[  613.789560][T10290]  ? __pfx_dump_stack_lvl+0x10/0x10
[  613.789588][T10290]  ? __pfx__printk+0x10/0x10
[  613.789608][T10290]  ? __might_fault+0xb0/0x130
[  613.789643][T10290]  should_fail_ex+0x414/0x560
[  613.789672][T10290]  _copy_from_user+0x2d/0xb0
[  613.789692][T10290]  __sys_bpf+0x1ed/0x860
[  613.789720][T10290]  ? __pfx___sys_bpf+0x10/0x10
[  613.789758][T10290]  ? ksys_write+0x22a/0x250
[  613.789783][T10290]  ? __pfx_ksys_write+0x10/0x10
[  613.789803][T10290]  ? rcu_is_watching+0x15/0xb0
[  613.789839][T10290]  __x64_sys_bpf+0x7c/0x90
[  613.789862][T10290]  do_syscall_64+0xfa/0x3b0
[  613.789889][T10290]  ? lockdep_hardirqs_on+0x9c/0x150
[  613.789917][T10290]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  613.789936][T10290]  ? clear_bhb_loop+0x60/0xb0
[  613.789959][T10290]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  613.789976][T10290] RIP: 0033:0x7f85f958e929
[  613.790013][T10290] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  613.790031][T10290] RSP: 002b:00007f85fa42e038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[  613.790052][T10290] RAX: ffffffffffffffda RBX: 00007f85f97b5fa0 RCX: 00007f85f958e929
[  613.790066][T10290] RDX: 0000000000000050 RSI: 0000200000000600 RDI: 000000000000000a
[  613.790079][T10290] RBP: 00007f85fa42e090 R08: 0000000000000000 R09: 0000000000000000
[  613.790091][T10290] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  613.790103][T10290] R13: 0000000000000000 R14: 00007f85f97b5fa0 R15: 00007ffd6b795358
[  613.790136][T10290]  </TASK>
[  614.662475][ T5888] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  615.183021][T10303] xt_cgroup: invalid path, errno=-2
[  615.425035][T10305] FAULT_INJECTION: forcing a failure.
[  615.425035][T10305] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  615.449163][T10307] overlayfs: missing 'lowerdir'
[  615.474424][T10305] CPU: 0 UID: 0 PID: 10305 Comm: syz.3.1230 Not tainted 6.16.0-rc3-syzkaller #0 PREEMPT(full) 
[  615.474453][T10305] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  615.474466][T10305] Call Trace:
[  615.474475][T10305]  <TASK>
[  615.474485][T10305]  dump_stack_lvl+0x189/0x250
[  615.474524][T10305]  ? __pfx____ratelimit+0x10/0x10
[  615.474552][T10305]  ? __pfx_dump_stack_lvl+0x10/0x10
[  615.474580][T10305]  ? __pfx__printk+0x10/0x10
[  615.474596][T10305]  ? __might_fault+0xb0/0x130
[  615.474629][T10305]  should_fail_ex+0x414/0x560
[  615.474653][T10305]  _copy_from_user+0x2d/0xb0
[  615.474669][T10305]  do_ipt_set_ctl+0x696/0xcd0
[  615.474698][T10305]  ? rcu_is_watching+0x15/0xb0
[  615.474722][T10305]  ? __pfx_do_ipt_set_ctl+0x10/0x10
[  615.474759][T10305]  ? __pfx___mutex_lock+0x10/0x10
[  615.474793][T10305]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[  615.474815][T10305]  ? smc_setsockopt+0x181/0xab0
[  615.474839][T10305]  ? __pfx___mutex_lock+0x10/0x10
[  615.474860][T10305]  ? rcu_read_lock_any_held+0xb3/0x120
[  615.474885][T10305]  ? __pfx_rcu_read_lock_any_held+0x10/0x10
[  615.474916][T10305]  ? vfs_write+0x8d8/0xa90
[  615.474940][T10305]  nf_setsockopt+0x26c/0x290
[  615.474970][T10305]  ? __pfx_sock_common_setsockopt+0x10/0x10
[  615.474997][T10305]  smc_setsockopt+0x232/0xab0
[  615.475023][T10305]  ? __pfx_smc_setsockopt+0x10/0x10
[  615.475050][T10305]  ? bpf_lsm_socket_setsockopt+0x9/0x20
[  615.475073][T10305]  ? __pfx_smc_setsockopt+0x10/0x10
[  615.475102][T10305]  do_sock_setsockopt+0x25a/0x3e0
[  615.475123][T10305]  ? __pfx_do_sock_setsockopt+0x10/0x10
[  615.475144][T10305]  ? __fget_files+0x2a/0x420
[  615.475172][T10305]  __x64_sys_setsockopt+0x18b/0x220
[  615.475201][T10305]  do_syscall_64+0xfa/0x3b0
[  615.475227][T10305]  ? lockdep_hardirqs_on+0x9c/0x150
[  615.475267][T10305]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  615.475282][T10305]  ? clear_bhb_loop+0x60/0xb0
[  615.475302][T10305]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  615.475318][T10305] RIP: 0033:0x7f85f958e929
[  615.475333][T10305] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  615.475347][T10305] RSP: 002b:00007f85fa42e038 EFLAGS: 00000246 ORIG_RAX: 0000000000000036
[  615.475368][T10305] RAX: ffffffffffffffda RBX: 00007f85f97b5fa0 RCX: 00007f85f958e929
[  615.475384][T10305] RDX: 0000000000000040 RSI: 0004000000000000 RDI: 0000000000000003
[  615.475395][T10305] RBP: 00007f85fa42e090 R08: 00000000000022f8 R09: 0000000000000000
[  615.475406][T10305] R10: 0000200000002300 R11: 0000000000000246 R12: 0000000000000001
[  615.475416][T10305] R13: 0000000000000000 R14: 00007f85f97b5fa0 R15: 00007ffd6b795358
[  615.475441][T10305]  </TASK>
[  615.785074][ T5888] usb 1-1: dvb_usb_ce6230: usb_control_msg() failed=-110
[  615.815765][ T5888] zl10353_read_register: readreg error (reg=127, ret==-110)
[  615.932332][T10311] netlink: 52 bytes leftover after parsing attributes in process `syz.4.1233'.
[  616.227657][ T5888] usb 1-1: USB disconnect, device number 36
[  616.867556][T10326] FAULT_INJECTION: forcing a failure.
[  616.867556][T10326] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  616.892110][T10326] CPU: 0 UID: 0 PID: 10326 Comm: syz.3.1238 Not tainted 6.16.0-rc3-syzkaller #0 PREEMPT(full) 
[  616.892142][T10326] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  616.892159][T10326] Call Trace:
[  616.892167][T10326]  <TASK>
[  616.892176][T10326]  dump_stack_lvl+0x189/0x250
[  616.892212][T10326]  ? __pfx____ratelimit+0x10/0x10
[  616.892242][T10326]  ? __pfx_dump_stack_lvl+0x10/0x10
[  616.892272][T10326]  ? __pfx__printk+0x10/0x10
[  616.892293][T10326]  ? __might_fault+0xb0/0x130
[  616.892330][T10326]  should_fail_ex+0x414/0x560
[  616.892361][T10326]  _copy_from_user+0x2d/0xb0
[  616.892381][T10326]  ___sys_sendmsg+0x158/0x2a0
[  616.892410][T10326]  ? __pfx____sys_sendmsg+0x10/0x10
[  616.892475][T10326]  ? __fget_files+0x2a/0x420
[  616.892501][T10326]  ? __fget_files+0x3a0/0x420
[  616.892539][T10326]  __x64_sys_sendmsg+0x19b/0x260
[  616.892568][T10326]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  616.892604][T10326]  ? __pfx_ksys_write+0x10/0x10
[  616.892625][T10326]  ? rcu_is_watching+0x15/0xb0
[  616.892661][T10326]  ? do_syscall_64+0xbe/0x3b0
[  616.892696][T10326]  do_syscall_64+0xfa/0x3b0
[  616.892727][T10326]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  616.892747][T10326]  ? asm_sysvec_apic_timer_interrupt+0x1a/0x20
[  616.892767][T10326]  ? clear_bhb_loop+0x60/0xb0
[  616.892793][T10326]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  616.892818][T10326] RIP: 0033:0x7f85f958e929
[  616.892836][T10326] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  616.892853][T10326] RSP: 002b:00007f85fa42e038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  616.892874][T10326] RAX: ffffffffffffffda RBX: 00007f85f97b5fa0 RCX: 00007f85f958e929
[  616.892890][T10326] RDX: 0000000000000000 RSI: 0000200000000200 RDI: 0000000000000003
[  616.892903][T10326] RBP: 00007f85fa42e090 R08: 0000000000000000 R09: 0000000000000000
[  616.892919][T10326] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  616.892947][T10326] R13: 0000000000000000 R14: 00007f85f97b5fa0 R15: 00007ffd6b795358
[  616.892980][T10326]  </TASK>
[  616.896859][   T24] usb 3-1: new high-speed USB device number 23 using dummy_hcd
[  617.396794][   T24] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0
[  617.406922][   T24] usb 3-1: New USB device found, idVendor=0cf3, idProduct=9374, bcdDevice=bc.3b
[  617.416063][   T24] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  618.100299][   T24] usb 3-1: config 0 descriptor??
[  618.398851][ T8423] usb 1-1: new high-speed USB device number 37 using dummy_hcd
[  618.529415][ T5904] usb 4-1: new high-speed USB device number 31 using dummy_hcd
[  619.531520][   T24] ath6kl: Failed to read usb control message: -71
[  619.569610][   T24] ath6kl: Unable to read the bmi data from the device: -71
[  619.576927][   T24] ath6kl: Unable to recv target info: -71
[  619.611951][   T24] ath6kl: Failed to init ath6kl core: -71
[  619.618261][   T24] ath6kl_usb 3-1:0.0: probe with driver ath6kl_usb failed with error -71
[  619.621452][ T8423] usb 1-1: Using ep0 maxpacket: 32
[  619.645815][T10315] bond0: option mode: unable to set because the bond device has slaves
[  619.676719][ T8423] usb 1-1: config 0 has an invalid interface number: 132 but max is 0
[  619.702365][   T24] usb 3-1: USB disconnect, device number 23
[  619.705737][ T8423] usb 1-1: config 0 has no interface number 0
[  619.723973][ T8423] usb 1-1: config 0 interface 132 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0
[  619.734343][ T5904] usb 4-1: Using ep0 maxpacket: 16
[  619.749949][ T5904] usb 4-1: config 1 interface 0 has no altsetting 0
[  619.760496][ T8423] usb 1-1: New USB device found, idVendor=0413, idProduct=6023, bcdDevice=ec.e5
[  619.775932][ T5904] usb 4-1: New USB device found, idVendor=056a, idProduct=0318, bcdDevice= 0.40
[  619.786281][ T8423] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  619.794793][ T5904] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  619.804651][ T8423] usb 1-1: Product: syz
[  619.808879][ T8423] usb 1-1: Manufacturer: syz
[  619.813110][T10347] block nbd0: shutting down sockets
[  619.814181][ T5904] usb 4-1: Product: ꇃ쾸᳖혢챋Ɩℿ뛶晞뫓ၞຕꀟ汦樵㭶Ι牜櫜螥꘺棾㏺篖ﾓ㏸۷匩⹐ꋍ쾑䣷㓩䯖ϖ寊훦砾뒸铲坶Ậꐐ尛䏭俪㳯फ़ꈄṽ鷭㽕ڳ䈟揋騚ꍏ಍ㇶ◶롟흵ᓝ筧᧭ự컱凑ꊅ㎣튭ֵⅇቺ⦘Ӟ쀮걫ȏ갗ᕜ鍗˜璼镳땥函蒾ઇ롆萶縬컐ᖧ∯뷻糥ﳾ犵
[  619.851726][ T8423] usb 1-1: SerialNumber: syz
[  619.863852][ T5904] usb 4-1: Manufacturer: 䟋ࣷ蚼䆘慜ᑯ櫲⏋鱅⭪箟斀⧔ࢋ⊒語Ꮢ徬ᐯ⥬攟轝⏸儔콚矢羑迣⽖뜓떒쁅㳜䢾ࣔᄀ쳥ꓴ橦䓉䂦䕣蠛癔ᯎ蓹伄焓䟂툟쥜劺飵玲坈飿픥遭飭
[  619.887069][ T8423] usb 1-1: config 0 descriptor??
[  619.898543][ T8423] em28xx 1-1:0.132: New device syz syz @ 480 Mbps (0413:6023, interface 132, class 132)
[  619.909636][ T8423] em28xx 1-1:0.132: Video interface 132 found:
[  619.917316][ T5904] usb 4-1: SerialNumber: 搄췱⨞㖫葧衴⃌极辬䜟尻⩳嚔麝ﰊ⿿崉隬퀠돤萱蘼諜䁁
[  620.194261][T10332] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  620.212556][T10332] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  620.250197][T10332] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  620.263059][T10332] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  620.294166][T10332] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  620.332973][T10332] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  620.431284][ T5904] usbhid 4-1:1.0: can't add hid device: -71
[  621.230034][ T8423] em28xx 1-1:0.132: unknown em28xx chip ID (0)
[  621.585939][ T5904] usbhid 4-1:1.0: probe with driver usbhid failed with error -71
[  621.602706][ T5904] usb 4-1: USB disconnect, device number 31
[  621.646363][ T8423] em28xx 1-1:0.132: failed to trigger read from i2c address 0xa0 (error=-5)
[  621.655792][ T8423] em28xx 1-1:0.132: board has no eeprom
[  621.720040][ T8423] em28xx 1-1:0.132: Identified as Leadtek Winfast USB II (card=7)
[  621.727964][ T8423] em28xx 1-1:0.132: analog set to bulk mode.
[  621.741435][ T5962] em28xx 1-1:0.132: Registering V4L2 extension
[  621.799875][ T8423] usb 1-1: USB disconnect, device number 37
[  621.807301][ T8423] em28xx 1-1:0.132: Disconnecting em28xx
[  621.834681][T10369] FAULT_INJECTION: forcing a failure.
[  621.834681][T10369] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  621.904998][T10369] CPU: 1 UID: 0 PID: 10369 Comm: syz.3.1252 Not tainted 6.16.0-rc3-syzkaller #0 PREEMPT(full) 
[  621.905030][T10369] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  621.905043][T10369] Call Trace:
[  621.905052][T10369]  <TASK>
[  621.905061][T10369]  dump_stack_lvl+0x189/0x250
[  621.905097][T10369]  ? __pfx____ratelimit+0x10/0x10
[  621.905127][T10369]  ? __pfx_dump_stack_lvl+0x10/0x10
[  621.905157][T10369]  ? __pfx__printk+0x10/0x10
[  621.905178][T10369]  ? __might_fault+0xb0/0x130
[  621.905224][T10369]  should_fail_ex+0x414/0x560
[  621.905256][T10369]  _copy_from_user+0x2d/0xb0
[  621.905277][T10369]  ___sys_sendmsg+0x158/0x2a0
[  621.905305][T10369]  ? __pfx____sys_sendmsg+0x10/0x10
[  621.905370][T10369]  ? __fget_files+0x2a/0x420
[  621.905397][T10369]  ? __fget_files+0x3a0/0x420
[  621.905436][T10369]  __x64_sys_sendmsg+0x19b/0x260
[  621.905464][T10369]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  621.905500][T10369]  ? __pfx_ksys_write+0x10/0x10
[  621.905521][T10369]  ? rcu_is_watching+0x15/0xb0
[  621.905556][T10369]  ? do_syscall_64+0xbe/0x3b0
[  621.905591][T10369]  do_syscall_64+0xfa/0x3b0
[  621.905619][T10369]  ? lockdep_hardirqs_on+0x9c/0x150
[  621.905647][T10369]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  621.905668][T10369]  ? clear_bhb_loop+0x60/0xb0
[  621.905693][T10369]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  621.905714][T10369] RIP: 0033:0x7f85f958e929
[  621.905732][T10369] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  621.905751][T10369] RSP: 002b:00007f85fa42e038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  621.905773][T10369] RAX: ffffffffffffffda RBX: 00007f85f97b5fa0 RCX: 00007f85f958e929
[  621.905796][T10369] RDX: 0000000028000010 RSI: 0000200000000400 RDI: 0000000000000003
[  621.905809][T10369] RBP: 00007f85fa42e090 R08: 0000000000000000 R09: 0000000000000000
[  621.905822][T10369] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  621.905835][T10369] R13: 0000000000000000 R14: 00007f85f97b5fa0 R15: 00007ffd6b795358
[  621.905867][T10369]  </TASK>
[  622.991659][ T5962] em28xx 1-1:0.132: Config register raw data: 0xffffffed
[  623.005681][ T5962] em28xx 1-1:0.132: AC97 chip type couldn't be determined
[  623.027856][ T5962] em28xx 1-1:0.132: No AC97 audio processor
[  623.073270][ T5962] usb 1-1: Decoder not found
[  623.080285][ T5962] em28xx 1-1:0.132: failed to create media graph
[  623.089418][T10383] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1258'.
[  623.098768][T10383] openvswitch: netlink: nsh attribute has 2338 unknown bytes.
[  623.107595][ T5962] em28xx 1-1:0.132: V4L2 device video103 deregistered
[  623.117931][ T5962] em28xx 1-1:0.132: Remote control support is not available for this card.
[  623.119633][   T24] usb 4-1: new high-speed USB device number 32 using dummy_hcd
[  623.133366][T10383] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  623.152226][ T8423] em28xx 1-1:0.132: Closing input extension
[  623.172179][ T8423] em28xx 1-1:0.132: Freeing device
[  623.289404][   T24] usb 4-1: Using ep0 maxpacket: 16
[  623.301667][   T24] usb 4-1: config 1 contains an unexpected descriptor of type 0x2, skipping
[  623.311039][   T24] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  623.323420][   T24] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 3
[  623.334168][ T5888] usb 3-1: new high-speed USB device number 24 using dummy_hcd
[  623.348699][   T24] usb 4-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  623.358389][   T24] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  623.378330][   T24] usb 4-1: Product: syz
[  623.382850][   T24] usb 4-1: Manufacturer: syz
[  623.387500][   T24] usb 4-1: SerialNumber: syz
[  623.476846][ T8423] usb 1-1: new high-speed USB device number 38 using dummy_hcd
[  623.492035][ T5888] usb 3-1: Using ep0 maxpacket: 8
[  623.502589][ T5888] usb 3-1: New USB device found, idVendor=1557, idProduct=7720, bcdDevice=b7.eb
[  623.512591][ T5888] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  623.530156][ T5888] usb 3-1: config 0 descriptor??
[  623.655221][ T8423] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0
[  623.672098][ T8423] usb 1-1: New USB device found, idVendor=0cf3, idProduct=9374, bcdDevice=bc.3b
[  623.683510][ T8423] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  623.695786][ T8423] usb 1-1: config 0 descriptor??
[  623.736344][T10395] bond0: option mode: unable to set because the bond device has slaves
[  623.748466][ T5888] asix 3-1:0.0 (unnamed net_device) (uninitialized): invalid hw address, using random
[  624.114338][ T8423] ath6kl: Failed to read usb control message: -71
[  624.128880][ T8423] ath6kl: Unable to read the bmi data from the device: -71
[  624.141705][T10371] bond0: option mode: unable to set because the bond device has slaves
[  624.155680][ T8423] ath6kl: Unable to recv target info: -71
[  624.175350][ T8423] ath6kl: Failed to init ath6kl core: -71
[  624.182826][ T8423] ath6kl_usb 1-1:0.0: probe with driver ath6kl_usb failed with error -71
[  624.199161][ T8423] usb 1-1: USB disconnect, device number 38
[  624.232481][ T5888] asix 3-1:0.0 (unnamed net_device) (uninitialized): Failed to read reg index 0x0000: -71
[  624.249154][ T5888] asix 3-1:0.0: probe with driver asix failed with error -71
[  624.270305][ T5888] usb 3-1: USB disconnect, device number 24
[  624.435502][ T1302] ieee802154 phy0 wpan0: encryption failed: -22
[  624.442185][ T1302] ieee802154 phy1 wpan1: encryption failed: -22
[  625.422055][T10405] FAULT_INJECTION: forcing a failure.
[  625.422055][T10405] name failslab, interval 1, probability 0, space 0, times 0
[  625.435559][T10405] CPU: 1 UID: 0 PID: 10405 Comm: syz.2.1265 Not tainted 6.16.0-rc3-syzkaller #0 PREEMPT(full) 
[  625.435586][T10405] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  625.435598][T10405] Call Trace:
[  625.435607][T10405]  <TASK>
[  625.435615][T10405]  dump_stack_lvl+0x189/0x250
[  625.435648][T10405]  ? __pfx____ratelimit+0x10/0x10
[  625.435678][T10405]  ? __pfx_dump_stack_lvl+0x10/0x10
[  625.435706][T10405]  ? __pfx__printk+0x10/0x10
[  625.435734][T10405]  ? __pfx___might_resched+0x10/0x10
[  625.435762][T10405]  ? fs_reclaim_acquire+0x7d/0x100
[  625.435792][T10405]  should_fail_ex+0x414/0x560
[  625.435818][T10405]  should_failslab+0xa8/0x100
[  625.435843][T10405]  __kmalloc_noprof+0xcb/0x4f0
[  625.435861][T10405]  ? kfree+0x4d/0x440
[  625.435878][T10405]  ? tomoyo_realpath_from_path+0xe3/0x5d0
[  625.435910][T10405]  tomoyo_realpath_from_path+0xe3/0x5d0
[  625.435941][T10405]  ? tomoyo_domain+0xda/0x130
[  625.435975][T10405]  ? tomoyo_path_number_perm+0x1bc/0x5a0
[  625.435999][T10405]  tomoyo_path_number_perm+0x1e8/0x5a0
[  625.436026][T10405]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  625.436068][T10405]  ? __lock_acquire+0xab9/0xd20
[  625.436115][T10405]  ? __fget_files+0x2a/0x420
[  625.436154][T10405]  ? __fget_files+0x2a/0x420
[  625.436178][T10405]  ? __fget_files+0x3a0/0x420
[  625.436202][T10405]  ? __fget_files+0x2a/0x420
[  625.436233][T10405]  security_file_ioctl+0xcb/0x2d0
[  625.436262][T10405]  __se_sys_ioctl+0x47/0x170
[  625.436287][T10405]  do_syscall_64+0xfa/0x3b0
[  625.436314][T10405]  ? lockdep_hardirqs_on+0x9c/0x150
[  625.436342][T10405]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  625.436362][T10405]  ? clear_bhb_loop+0x60/0xb0
[  625.436388][T10405]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  625.436406][T10405] RIP: 0033:0x7f0094f8e929
[  625.436425][T10405] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  625.436442][T10405] RSP: 002b:00007f0095e0e038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  625.436462][T10405] RAX: ffffffffffffffda RBX: 00007f00951b5fa0 RCX: 00007f0094f8e929
[  625.436476][T10405] RDX: 0000200000000340 RSI: 00000000c0d05605 RDI: 0000000000000003
[  625.436489][T10405] RBP: 00007f0095e0e090 R08: 0000000000000000 R09: 0000000000000000
[  625.436501][T10405] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  625.436512][T10405] R13: 0000000000000000 R14: 00007f00951b5fa0 R15: 00007ffefaae0578
[  625.436545][T10405]  </TASK>
[  625.436580][T10405] ERROR: Out of memory at tomoyo_realpath_from_path.
[  625.919110][   T24] usb 4-1: 0:2 : does not exist
[  626.133720][   T24] usb 4-1: USB disconnect, device number 32
[  627.174830][ T7800] udevd[7800]: error opening ATTR{/sys/devices/platform/dummy_hcd.3/usb4/4-1/4-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  629.866021][T10436] netlink: 'syz.4.1276': attribute type 9 has an invalid length.
[  630.059861][ T5962] usb 3-1: new high-speed USB device number 25 using dummy_hcd
[  630.259457][ T8423] usb 4-1: new high-speed USB device number 33 using dummy_hcd
[  630.269603][ T5962] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0
[  630.297387][ T5962] usb 3-1: New USB device found, idVendor=0cf3, idProduct=9374, bcdDevice=bc.3b
[  630.315257][ T5962] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  630.342948][ T5962] usb 3-1: config 0 descriptor??
[  630.419445][ T5904] usb 1-1: new high-speed USB device number 39 using dummy_hcd
[  630.429680][ T8423] usb 4-1: Using ep0 maxpacket: 32
[  630.437076][ T8423] usb 4-1: config 0 has an invalid interface number: 1 but max is 0
[  630.446459][ T8423] usb 4-1: config 0 has no interface number 0
[  630.454986][ T8423] usb 4-1: New USB device found, idVendor=8086, idProduct=9500, bcdDevice=b6.d8
[  630.464209][ T8423] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  630.472350][ T8423] usb 4-1: Product: syz
[  630.476563][ T8423] usb 4-1: Manufacturer: syz
[  630.481261][ T8423] usb 4-1: SerialNumber: syz
[  630.488622][ T8423] usb 4-1: config 0 descriptor??
[  630.497682][ T8423] usb 4-1: dvb_usb_v2: found a 'Intel CE9500 reference design' in warm state
[  630.508303][ T8423] usb 4-1: selecting invalid altsetting 1
[  630.514230][ T8423] usb 4-1: dvb_usb_ce6230: usb_set_interface() failed=-22
[  630.523963][ T8423] usb 4-1: dvb_usb_v2: will pass the complete MPEG2 transport stream to the software demuxer
[  630.534714][ T8423] dvbdev: DVB: registering new adapter (Intel CE9500 reference design)
[  630.543139][ T8423] usb 4-1: media controller created
[  630.569382][ T5904] usb 1-1: Using ep0 maxpacket: 32
[  630.576571][ T8423] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  630.586745][ T5904] usb 1-1: config 0 has an invalid interface number: 1 but max is 0
[  630.596343][ T5904] usb 1-1: config 0 has no interface number 0
[  630.617996][ T5904] usb 1-1: New USB device found, idVendor=8086, idProduct=9500, bcdDevice=b6.d8
[  630.627924][ T5904] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  630.636305][ T5904] usb 1-1: Product: syz
[  630.640630][ T5904] usb 1-1: Manufacturer: syz
[  630.645266][ T5904] usb 1-1: SerialNumber: syz
[  630.653782][ T5904] usb 1-1: config 0 descriptor??
[  630.667064][ T5904] usb 1-1: dvb_usb_v2: found a 'Intel CE9500 reference design' in warm state
[  630.676064][ T5904] usb 1-1: selecting invalid altsetting 1
[  630.682275][ T5904] usb 1-1: dvb_usb_ce6230: usb_set_interface() failed=-22
[  630.692980][ T5904] usb 1-1: dvb_usb_v2: will pass the complete MPEG2 transport stream to the software demuxer
[  630.706448][ T5904] dvbdev: DVB: registering new adapter (Intel CE9500 reference design)
[  630.715658][ T5904] usb 1-1: media controller created
[  630.747058][ T5904] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  630.763487][ T5962] ath6kl: Failed to read usb control message: -71
[  630.773623][ T5962] ath6kl: Unable to read the bmi data from the device: -71
[  630.782992][T10439] bond0: option mode: unable to set because the bond device has slaves
[  630.793827][ T5962] ath6kl: Unable to recv target info: -71
[  630.801268][ T5962] ath6kl: Failed to init ath6kl core: -71
[  630.826086][ T5962] ath6kl_usb 3-1:0.0: probe with driver ath6kl_usb failed with error -71
[  630.874569][ T5962] usb 3-1: USB disconnect, device number 25
[  631.837719][ T8423] usb 4-1: dvb_usb_ce6230: usb_control_msg() failed=-110
[  631.877925][ T8423] zl10353_read_register: readreg error (reg=127, ret==-110)
[  632.867261][T10460] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1282'.
[  634.152579][ T5904] usb 1-1: dvb_usb_ce6230: usb_control_msg() failed=-110
[  634.291477][ T5904] zl10353_read_register: readreg error (reg=127, ret==-110)
[  634.332918][T10285] usb 4-1: USB disconnect, device number 33
[  634.535252][T10477] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1288'.
[  634.574797][ T5904] usb 1-1: USB disconnect, device number 39
[  634.739942][T10486] 9pnet_fd: Insufficient options for proto=fd
[  636.999981][ T5819] usb 4-1: new high-speed USB device number 34 using dummy_hcd
[  637.886868][ T5819] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0
[  637.929505][ T5819] usb 4-1: New USB device found, idVendor=0cf3, idProduct=9374, bcdDevice=bc.3b
[  637.962223][ T5819] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  637.997355][ T5819] usb 4-1: config 0 descriptor??
[  638.937337][ T5819] ath6kl: Failed to read usb control message: -71
[  638.959887][ T5819] ath6kl: Unable to read the bmi data from the device: -71
[  638.975821][ T5819] ath6kl: Unable to recv target info: -71
[  638.989458][T10502] bond0: option mode: unable to set because the bond device has slaves
[  639.013670][ T5819] ath6kl: Failed to init ath6kl core: -71
[  639.041656][ T5819] ath6kl_usb 4-1:0.0: probe with driver ath6kl_usb failed with error -71
[  639.050569][T10529] FAULT_INJECTION: forcing a failure.
[  639.050569][T10529] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  639.069432][T10529] CPU: 1 UID: 0 PID: 10529 Comm: syz.1.1302 Not tainted 6.16.0-rc3-syzkaller #0 PREEMPT(full) 
[  639.069454][T10529] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  639.069462][T10529] Call Trace:
[  639.069468][T10529]  <TASK>
[  639.069474][T10529]  dump_stack_lvl+0x189/0x250
[  639.069500][T10529]  ? __pfx____ratelimit+0x10/0x10
[  639.069521][T10529]  ? __pfx_dump_stack_lvl+0x10/0x10
[  639.069542][T10529]  ? __pfx__printk+0x10/0x10
[  639.069556][T10529]  ? __might_fault+0xb0/0x130
[  639.069581][T10529]  should_fail_ex+0x414/0x560
[  639.069602][T10529]  _copy_from_user+0x2d/0xb0
[  639.069615][T10529]  ___sys_sendmsg+0x158/0x2a0
[  639.069635][T10529]  ? __pfx____sys_sendmsg+0x10/0x10
[  639.069685][T10529]  ? __fget_files+0x2a/0x420
[  639.069702][T10529]  ? __fget_files+0x3a0/0x420
[  639.069728][T10529]  __x64_sys_sendmsg+0x19b/0x260
[  639.069747][T10529]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  639.069771][T10529]  ? __pfx_ksys_write+0x10/0x10
[  639.069785][T10529]  ? rcu_is_watching+0x15/0xb0
[  639.069810][T10529]  ? do_syscall_64+0xbe/0x3b0
[  639.069834][T10529]  do_syscall_64+0xfa/0x3b0
[  639.069854][T10529]  ? lockdep_hardirqs_on+0x9c/0x150
[  639.069874][T10529]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  639.069888][T10529]  ? clear_bhb_loop+0x60/0xb0
[  639.069917][T10529]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  639.069929][T10529] RIP: 0033:0x7fe23a38e929
[  639.069941][T10529] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  639.069952][T10529] RSP: 002b:00007fe2381f6038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  639.069965][T10529] RAX: ffffffffffffffda RBX: 00007fe23a5b5fa0 RCX: 00007fe23a38e929
[  639.069975][T10529] RDX: 0000000000000000 RSI: 00002000000000c0 RDI: 0000000000000003
[  639.069983][T10529] RBP: 00007fe2381f6090 R08: 0000000000000000 R09: 0000000000000000
[  639.069992][T10529] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  639.069999][T10529] R13: 0000000000000000 R14: 00007fe23a5b5fa0 R15: 00007ffdd05ee158
[  639.070019][T10529]  </TASK>
[  639.412621][ T5819] usb 4-1: USB disconnect, device number 34
[  639.991937][T10285] usb 1-1: new high-speed USB device number 40 using dummy_hcd
[  640.831408][T10285] usb 1-1: Using ep0 maxpacket: 8
[  640.855947][T10285] usb 1-1: config 13 has an invalid interface number: 130 but max is 3
[  640.893544][T10285] usb 1-1: config 13 has an invalid interface number: 70 but max is 3
[  640.902857][T10285] usb 1-1: config 13 has an invalid interface number: 136 but max is 3
[  640.946407][T10285] usb 1-1: config 13 has an invalid interface number: 211 but max is 3
[  640.963261][T10285] usb 1-1: config 13 has an invalid descriptor of length 179, skipping remainder of the config
[  641.020489][T10285] usb 1-1: config 13 has no interface number 0
[  641.108605][T10285] usb 1-1: config 13 has no interface number 1
[  641.109543][ T5819] usb 3-1: new high-speed USB device number 26 using dummy_hcd
[  641.116093][T10285] usb 1-1: config 13 has no interface number 2
[  641.131007][T10285] usb 1-1: config 13 has no interface number 3
[  641.137802][T10285] usb 1-1: config 13 interface 130 altsetting 253 endpoint 0x2 has an invalid bInterval 55, changing to 7
[  641.152047][T10285] usb 1-1: config 13 interface 130 altsetting 253 endpoint 0x4 has invalid wMaxPacketSize 0
[  641.162677][T10285] usb 1-1: config 13 interface 130 altsetting 253 has an invalid descriptor for endpoint zero, skipping
[  641.174441][T10285] usb 1-1: config 13 interface 130 altsetting 253 has a duplicate endpoint with address 0xC, skipping
[  641.186055][T10285] usb 1-1: config 13 interface 130 altsetting 253 has a duplicate endpoint with address 0x5, skipping
[  641.197540][T10285] usb 1-1: config 13 interface 130 altsetting 253 has a duplicate endpoint with address 0x4, skipping
[  641.209218][T10285] usb 1-1: config 13 interface 130 altsetting 253 endpoint 0xB has invalid maxpacket 1023, setting to 64
[  641.225457][T10285] usb 1-1: config 13 interface 130 altsetting 253 endpoint 0x3 has invalid wMaxPacketSize 0
[  641.236079][T10285] usb 1-1: config 13 interface 130 altsetting 253 bulk endpoint 0x3 has invalid maxpacket 0
[  641.277118][T10285] usb 1-1: config 13 interface 130 altsetting 253 has a duplicate endpoint with address 0xC, skipping
[  641.303347][T10285] usb 1-1: too many endpoints for config 13 interface 70 altsetting 160: 255, using maximum allowed: 30
[  641.331393][ T5819] usb 3-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3
[  641.339354][T10285] usb 1-1: config 13 interface 70 altsetting 160 has 0 endpoint descriptors, different from the interface descriptor's value: 255
[  641.356922][ T5819] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  641.366947][T10285] usb 1-1: config 13 interface 136 altsetting 22 has an invalid descriptor for endpoint zero, skipping
[  641.387437][ T5819] usb 3-1: config 0 descriptor??
[  641.392558][T10285] usb 1-1: config 13 interface 136 altsetting 22 has a duplicate endpoint with address 0x6, skipping
[  641.392589][T10285] usb 1-1: config 13 interface 136 altsetting 22 has an invalid descriptor for endpoint zero, skipping
[  641.412944][ T5819] cp210x 3-1:0.0: cp210x converter detected
[  641.436970][T10285] usb 1-1: config 13 interface 136 altsetting 22 bulk endpoint 0x8 has invalid maxpacket 8
[  641.447529][T10285] usb 1-1: config 13 interface 136 altsetting 22 endpoint 0xD has invalid maxpacket 512, setting to 64
[  641.461716][T10285] usb 1-1: config 13 interface 211 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 2
[  641.493052][T10285] usb 1-1: config 13 interface 130 has no altsetting 0
[  641.515762][T10285] usb 1-1: config 13 interface 70 has no altsetting 0
[  641.526587][T10285] usb 1-1: config 13 interface 136 has no altsetting 0
[  641.542139][T10285] usb 1-1: New USB device found, idVendor=19d2, idProduct=0200, bcdDevice=70.ee
[  641.552151][T10285] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  641.563240][T10285] usb 1-1: Product: Ы
[  641.567482][T10285] usb 1-1: Manufacturer: ࠾
[  641.575678][T10285] usb 1-1: SerialNumber: Ь
[  641.628736][T10534] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22
[  641.636624][T10534] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22
[  641.777666][T10551] overlayfs: failed to resolve './file1': -2
[  641.828665][T10545] openvswitch: netlink: Either Ethernet header or EtherType is required.
[  642.297595][T10558] overlayfs: unescaped trailing colons in lowerdir mount option.
[  642.846417][T10285] option 1-1:13.130: GSM modem (1-port) converter detected
[  643.023814][T10285] usb 1-1: USB disconnect, device number 40
[  643.142615][ T5819] cp210x 3-1:0.0: failed to get vendor val 0x000e size 3: -71
[  643.149736][T10285] option 1-1:13.130: device disconnected
[  643.173551][ T5819] cp210x 3-1:0.0: failed to get vendor val 0x370c size 73: -71
[  643.212276][ T5819] cp210x 3-1:0.0: GPIO initialisation failed: -71
[  643.260013][ T5819] usb 3-1: cp210x converter now attached to ttyUSB0
[  643.273016][T10566] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1316'.
[  643.307478][ T5819] usb 3-1: USB disconnect, device number 26
[  643.352930][ T5819] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0
[  643.374911][ T5819] cp210x 3-1:0.0: device disconnected
[  646.516707][T10598] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1324'.
[  646.526637][T10598] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1324'.
[  646.715673][T10604] FAULT_INJECTION: forcing a failure.
[  646.715673][T10604] name failslab, interval 1, probability 0, space 0, times 0
[  646.775541][T10604] CPU: 0 UID: 0 PID: 10604 Comm: syz.0.1328 Not tainted 6.16.0-rc3-syzkaller #0 PREEMPT(full) 
[  646.775573][T10604] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  646.775587][T10604] Call Trace:
[  646.775595][T10604]  <TASK>
[  646.775606][T10604]  dump_stack_lvl+0x189/0x250
[  646.775642][T10604]  ? __pfx____ratelimit+0x10/0x10
[  646.775673][T10604]  ? __pfx_dump_stack_lvl+0x10/0x10
[  646.775703][T10604]  ? __pfx__printk+0x10/0x10
[  646.775731][T10604]  ? __pfx___might_resched+0x10/0x10
[  646.775760][T10604]  ? fs_reclaim_acquire+0x7d/0x100
[  646.775794][T10604]  should_fail_ex+0x414/0x560
[  646.775825][T10604]  should_failslab+0xa8/0x100
[  646.775854][T10604]  __kmalloc_noprof+0xcb/0x4f0
[  646.775877][T10604]  ? kfree+0x4d/0x440
[  646.775896][T10604]  ? tomoyo_realpath_from_path+0xe3/0x5d0
[  646.775932][T10604]  tomoyo_realpath_from_path+0xe3/0x5d0
[  646.775965][T10604]  ? tomoyo_domain+0xda/0x130
[  646.776010][T10604]  ? tomoyo_path_number_perm+0x1bc/0x5a0
[  646.776036][T10604]  tomoyo_path_number_perm+0x1e8/0x5a0
[  646.776065][T10604]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  646.776110][T10604]  ? __lock_acquire+0xab9/0xd20
[  646.776160][T10604]  ? __fget_files+0x2a/0x420
[  646.776191][T10604]  ? __fget_files+0x2a/0x420
[  646.776215][T10604]  ? __fget_files+0x3a0/0x420
[  646.776240][T10604]  ? __fget_files+0x2a/0x420
[  646.776272][T10604]  security_file_ioctl+0xcb/0x2d0
[  646.776301][T10604]  __se_sys_ioctl+0x47/0x170
[  646.776326][T10604]  do_syscall_64+0xfa/0x3b0
[  646.776356][T10604]  ? lockdep_hardirqs_on+0x9c/0x150
[  646.776385][T10604]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  646.776405][T10604]  ? clear_bhb_loop+0x60/0xb0
[  646.776431][T10604]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  646.776450][T10604] RIP: 0033:0x7f571458e929
[  646.776469][T10604] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  646.776488][T10604] RSP: 002b:00007f57154cb038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  646.776511][T10604] RAX: ffffffffffffffda RBX: 00007f57147b5fa0 RCX: 00007f571458e929
[  646.776526][T10604] RDX: 0000200000000100 RSI: 00000000c0585609 RDI: 0000000000000003
[  646.776539][T10604] RBP: 00007f57154cb090 R08: 0000000000000000 R09: 0000000000000000
[  646.776552][T10604] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  646.776573][T10604] R13: 0000000000000000 R14: 00007f57147b5fa0 R15: 00007ffe6b51c748
[  646.776607][T10604]  </TASK>
[  646.776680][T10604] ERROR: Out of memory at tomoyo_realpath_from_path.
[  648.212604][T10614] netlink: 112 bytes leftover after parsing attributes in process `syz.4.1331'.
[  648.802867][T10618] FAULT_INJECTION: forcing a failure.
[  648.802867][T10618] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  648.821795][T10616] FAULT_INJECTION: forcing a failure.
[  648.821795][T10616] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  648.871444][T10618] CPU: 1 UID: 0 PID: 10618 Comm: syz.0.1332 Not tainted 6.16.0-rc3-syzkaller #0 PREEMPT(full) 
[  648.871470][T10618] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  648.871481][T10618] Call Trace:
[  648.871489][T10618]  <TASK>
[  648.871496][T10618]  dump_stack_lvl+0x189/0x250
[  648.871527][T10618]  ? __pfx____ratelimit+0x10/0x10
[  648.871550][T10618]  ? __pfx_dump_stack_lvl+0x10/0x10
[  648.871574][T10618]  ? __pfx__printk+0x10/0x10
[  648.871602][T10618]  should_fail_ex+0x414/0x560
[  648.871628][T10618]  _copy_to_user+0x31/0xb0
[  648.871645][T10618]  simple_read_from_buffer+0xe1/0x170
[  648.871671][T10618]  proc_fail_nth_read+0x1df/0x250
[  648.871698][T10618]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  648.871724][T10618]  ? rw_verify_area+0x258/0x650
[  648.871746][T10618]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  648.871776][T10618]  vfs_read+0x200/0x980
[  648.871803][T10618]  ? __pfx___mutex_lock+0x10/0x10
[  648.871833][T10618]  ? __pfx_vfs_read+0x10/0x10
[  648.871857][T10618]  ? __fget_files+0x2a/0x420
[  648.871887][T10618]  ? __fget_files+0x3a0/0x420
[  648.871911][T10618]  ? __fget_files+0x2a/0x420
[  648.871946][T10618]  ksys_read+0x145/0x250
[  648.871966][T10618]  ? __fget_files+0x2a/0x420
[  648.872001][T10618]  ? __pfx_ksys_read+0x10/0x10
[  648.872025][T10618]  ? do_syscall_64+0xbe/0x3b0
[  648.872052][T10618]  do_syscall_64+0xfa/0x3b0
[  648.872075][T10618]  ? lockdep_hardirqs_on+0x9c/0x150
[  648.872098][T10618]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  648.872114][T10618]  ? clear_bhb_loop+0x60/0xb0
[  648.872134][T10618]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  648.872150][T10618] RIP: 0033:0x7f571458d33c
[  648.872166][T10618] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[  648.872181][T10618] RSP: 002b:00007f57154cb030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  648.872200][T10618] RAX: ffffffffffffffda RBX: 00007f57147b5fa0 RCX: 00007f571458d33c
[  648.872212][T10618] RDX: 000000000000000f RSI: 00007f57154cb0a0 RDI: 0000000000000004
[  648.872223][T10618] RBP: 00007f57154cb090 R08: 0000000000000000 R09: 0000000000000000
[  648.872233][T10618] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  648.872243][T10618] R13: 0000000000000000 R14: 00007f57147b5fa0 R15: 00007ffe6b51c748
[  648.872270][T10618]  </TASK>
[  648.978683][T10616] CPU: 0 UID: 0 PID: 10616 Comm: syz.3.1333 Not tainted 6.16.0-rc3-syzkaller #0 PREEMPT(full) 
[  648.978716][T10616] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  648.978741][T10616] Call Trace:
[  648.978751][T10616]  <TASK>
[  648.978762][T10616]  dump_stack_lvl+0x189/0x250
[  648.978803][T10616]  ? __pfx____ratelimit+0x10/0x10
[  648.978838][T10616]  ? __pfx_dump_stack_lvl+0x10/0x10
[  648.978870][T10616]  ? __pfx__printk+0x10/0x10
[  648.978895][T10616]  ? __might_fault+0xb0/0x130
[  648.978935][T10616]  should_fail_ex+0x414/0x560
[  648.978970][T10616]  _copy_from_user+0x2d/0xb0
[  648.978990][T10616]  ___sys_recvmsg+0x12e/0x510
[  648.979026][T10616]  ? __pfx____sys_recvmsg+0x10/0x10
[  648.979085][T10616]  ? __fget_files+0x3a0/0x420
[  648.979129][T10616]  do_recvmmsg+0x307/0x770
[  648.979170][T10616]  ? __pfx_do_recvmmsg+0x10/0x10
[  648.979212][T10616]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[  648.979275][T10616]  __x64_sys_recvmmsg+0x190/0x240
[  648.979309][T10616]  ? __pfx___x64_sys_recvmmsg+0x10/0x10
[  648.979337][T10616]  ? rcu_is_watching+0x15/0xb0
[  648.979377][T10616]  ? do_syscall_64+0xbe/0x3b0
[  648.979416][T10616]  do_syscall_64+0xfa/0x3b0
[  648.979447][T10616]  ? lockdep_hardirqs_on+0x9c/0x150
[  648.979480][T10616]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  648.979501][T10616]  ? clear_bhb_loop+0x60/0xb0
[  648.979529][T10616]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  648.979550][T10616] RIP: 0033:0x7f85f958e929
[  648.979573][T10616] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  648.979592][T10616] RSP: 002b:00007f85fa42e038 EFLAGS: 00000246 ORIG_RAX: 000000000000012b
[  648.979616][T10616] RAX: ffffffffffffffda RBX: 00007f85f97b5fa0 RCX: 00007f85f958e929
[  648.979632][T10616] RDX: 0000000000000001 RSI: 0000200000005c80 RDI: 0000000000000003
[  648.979647][T10616] RBP: 00007f85fa42e090 R08: 0000000000000000 R09: 0000000000000000
[  648.979662][T10616] R10: 000000000000058a R11: 0000000000000246 R12: 0000000000000001
[  648.979676][T10616] R13: 0000000000000000 R14: 00007f85f97b5fa0 R15: 00007ffd6b795358
[  648.979712][T10616]  </TASK>
[  650.886837][ T1112] Bluetooth: hci5: Frame reassembly failed (-84)
[  651.805885][ T5820] Bluetooth: hci5: Opcode 0x1003 failed: -110
[  651.925863][T10624] netlink: 24 bytes leftover after parsing attributes in process `syz.0.1337'.
[  651.935367][T10624] netlink: 192 bytes leftover after parsing attributes in process `syz.0.1337'.
[  652.328699][T10644] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  653.512010][ T5904] usb 3-1: new high-speed USB device number 27 using dummy_hcd
[  654.049475][ T5904] usb 3-1: Using ep0 maxpacket: 16
[  654.060979][ T5904] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  654.082297][ T5904] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  654.167101][ T5904] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9
[  654.192907][ T5904] usb 3-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00
[  654.219605][ T5904] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  654.408598][   T30] audit: type=1800 audit(1750700652.253:1055): pid=10659 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz.4.1344" name="nullb0" dev="tmpfs" ino=1423 res=0 errno=0
[  656.009694][ T5904] usb 3-1: config 0 descriptor??
[  656.046706][ T5904] usb 3-1: can't set config #0, error -71
[  656.069812][ T5904] usb 3-1: USB disconnect, device number 27
[  656.740367][ T5904] usb 3-1: new high-speed USB device number 28 using dummy_hcd
[  656.879396][ T8423] usb 4-1: new high-speed USB device number 35 using dummy_hcd
[  656.889512][ T5904] usb 3-1: device descriptor read/64, error -71
[  657.901987][ T8423] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0
[  657.943495][ T8423] usb 4-1: config 1 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0
[  657.958411][ T5904] usb 3-1: new high-speed USB device number 29 using dummy_hcd
[  657.966506][ T8423] usb 4-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  657.985894][ T8423] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.41
[  657.996354][ T8423] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=11
[  658.014268][ T8423] usb 4-1: Product: syz
[  658.018983][ T8423] usb 4-1: Manufacturer: syz
[  658.027999][ T8423] usb 4-1: SerialNumber: syz
[  658.112264][ T5904] usb 3-1: device descriptor read/64, error -71
[  658.234901][ T5904] usb usb3-port1: attempt power cycle
[  658.273895][ T8423] usblp 4-1:1.0: usblp0: USB Unidirectional printer dev 35 if 0 alt 0 proto 1 vid 0x0525 pid 0xA4A8
[  658.321694][T10694] netlink: 24 bytes leftover after parsing attributes in process `syz.1.1355'.
[  658.474260][   T24] usb 4-1: USB disconnect, device number 35
[  658.492442][   T24] usblp0: removed
[  658.619510][ T5904] usb 3-1: new high-speed USB device number 30 using dummy_hcd
[  658.650872][ T5904] usb 3-1: device descriptor read/8, error -71
[  659.049415][ T5904] usb 3-1: new high-speed USB device number 31 using dummy_hcd
[  659.075599][ T5904] usb 3-1: device descriptor read/8, error -71
[  659.190414][ T5904] usb usb3-port1: unable to enumerate USB device
[  659.820040][T10709] netlink: 112 bytes leftover after parsing attributes in process `syz.3.1359'.
[  663.279432][ T5904] usb 4-1: new high-speed USB device number 36 using dummy_hcd
[  663.449511][ T5904] usb 4-1: Using ep0 maxpacket: 8
[  663.473815][ T5904] usb 4-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  663.683201][ T5904] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7
[  663.711538][ T5904] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0
[  664.405616][ T5904] usb 4-1: New USB device found, idVendor=0e9c, idProduct=0000, bcdDevice=5b.1e
[  664.415054][ T5904] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  664.423184][ T5904] usb 4-1: Product: syz
[  664.427397][ T5904] usb 4-1: Manufacturer: syz
[  664.718639][ T5904] usb 4-1: SerialNumber: syz
[  665.198996][ T5904] usb 4-1: config 0 descriptor??
[  665.644648][ T5904] streamzap 4-1:0.0: streamzap_probe: endpoint Max Packet Size is 0!?!
[  665.930909][T10751] netlink: 112 bytes leftover after parsing attributes in process `syz.0.1374'.
[  667.255626][ T5819] usb 4-1: USB disconnect, device number 36
[  668.560813][ T5819] usb 1-1: new high-speed USB device number 41 using dummy_hcd
[  668.852645][ T5819] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  668.879662][ T5819] usb 1-1: New USB device found, idVendor=0471, idProduct=0304, bcdDevice=e4.df
[  668.911215][ T5819] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  668.960250][ T5819] usb 1-1: config 0 descriptor??
[  668.985931][ T5819] pwc: Askey VC010 type 2 USB webcam detected.
[  669.150372][T10774] nvme_fabrics: unknown parameter or missing value '' in ctrl creation request
[  669.474903][ T5819] pwc: recv_control_msg error -32 req 02 val 2b00
[  669.487259][ T5819] pwc: recv_control_msg error -32 req 02 val 2700
[  669.503125][ T5819] pwc: recv_control_msg error -32 req 02 val 2c00
[  669.528566][ T5819] pwc: recv_control_msg error -32 req 04 val 1000
[  669.558018][ T5819] pwc: recv_control_msg error -32 req 04 val 1300
[  669.565886][ T5819] pwc: recv_control_msg error -32 req 04 val 1400
[  669.579819][ T5819] pwc: recv_control_msg error -32 req 02 val 2000
[  669.581107][T10763] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  669.619750][T10763] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  669.668621][ T5819] pwc: recv_control_msg error -32 req 02 val 2100
[  669.836291][ T5819] pwc: recv_control_msg error -32 req 04 val 1500
[  669.848579][ T5819] pwc: recv_control_msg error -32 req 02 val 2500
[  669.868188][ T5819] pwc: recv_control_msg error -32 req 02 val 2400
[  669.871453][T10788] netlink: 52 bytes leftover after parsing attributes in process `syz.3.1385'.
[  670.564893][ T5819] pwc: recv_control_msg error -32 req 02 val 2600
[  671.438525][ T5819] pwc: recv_control_msg error -32 req 02 val 2900
[  671.955139][ T5819] pwc: recv_control_msg error -71 req 04 val 1100
[  671.969976][ T5819] pwc: recv_control_msg error -71 req 04 val 1200
[  672.072565][T10800] netlink: 112 bytes leftover after parsing attributes in process `syz.1.1386'.
[  672.167097][ T5819] pwc: Registered as video103.
[  672.645512][T10806] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1389'.
[  672.674341][ T5819] input: PWC snapshot button as /devices/platform/dummy_hcd.0/usb1/1-1/input/input19
[  672.720521][ T5888] usb 4-1: new high-speed USB device number 37 using dummy_hcd
[  673.009525][ T5888] usb 4-1: Using ep0 maxpacket: 8
[  673.224929][ T5888] usb 4-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  673.363206][ T5819] usb 1-1: USB disconnect, device number 41
[  673.467855][ T5888] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7
[  673.478962][ T5888] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0
[  673.492011][ T5888] usb 4-1: New USB device found, idVendor=0e9c, idProduct=0000, bcdDevice=5b.1e
[  673.501349][ T5888] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  673.510652][ T5888] usb 4-1: Product: syz
[  673.514867][ T5888] usb 4-1: Manufacturer: syz
[  673.519533][ T5888] usb 4-1: SerialNumber: syz
[  673.574034][ T5888] usb 4-1: config 0 descriptor??
[  673.606077][ T5888] streamzap 4-1:0.0: streamzap_probe: endpoint Max Packet Size is 0!?!
[  673.830244][ T5888] usb 4-1: USB disconnect, device number 37
[  675.063975][T10831] binder: BINDER_SET_CONTEXT_MGR already set
[  675.074395][T10831] binder: 10826:10831 ioctl 4018620d 200000000040 returned -16
[  675.176178][T10838] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1395'.
[  675.185282][T10838] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1395'.
[  676.446915][T10834] binder: 10826:10834 ioctl c0306201 2000000003c0 returned -14
[  677.237736][T10847] netlink: 232 bytes leftover after parsing attributes in process `syz.1.1398'.
[  677.311257][T10848] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  677.955817][T10855] 8021q: VLANs not supported on nlmon0
[  679.239773][ T5904] usb 1-1: new high-speed USB device number 42 using dummy_hcd
[  679.573209][ T5904] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0
[  679.706032][ T5904] usb 1-1: New USB device found, idVendor=0cf3, idProduct=9374, bcdDevice=bc.3b
[  679.854448][ T5904] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  680.167606][ T5904] usb 1-1: config 0 descriptor??
[  680.907356][ T5904] ath6kl: Failed to read usb control message: -71
[  680.922597][ T5904] ath6kl: Unable to read the bmi data from the device: -71
[  680.933803][ T5904] ath6kl: Unable to recv target info: -71
[  680.942206][ T5904] ath6kl: Failed to init ath6kl core: -71
[  680.981201][ T5904] ath6kl_usb 1-1:0.0: probe with driver ath6kl_usb failed with error -71
[  681.099560][ T5904] usb 1-1: USB disconnect, device number 42
[  683.072187][T10285] usb 1-1: new low-speed USB device number 43 using dummy_hcd
[  684.119949][T10285] usb 1-1: config 0 has an invalid interface number: 1 but max is 0
[  684.128044][T10285] usb 1-1: config 0 has no interface number 0
[  684.138426][T10285] usb 1-1: config 0 interface 1 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 10
[  684.150312][T10285] usb 1-1: config 0 interface 1 altsetting 0 endpoint 0x82 has invalid maxpacket 159, setting to 8
[  684.234453][T10285] usb 1-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22
[  684.286531][T10285] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  684.371739][   T30] audit: type=1800 audit(1750700682.223:1056): pid=10898 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz.4.1413" name="nullb0" dev="tmpfs" ino=1423 res=0 errno=0
[  684.533633][T10285] usb 1-1: config 0 descriptor??
[  684.540189][T10887] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22
[  684.591043][T10285] iowarrior 1-1:0.1: IOWarrior product=0x1512, serial= interface=1 now attached to iowarrior0
[  685.412140][T10285] usb 1-1: USB disconnect, device number 43
[  685.560649][T10906] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  685.602649][T10906] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  686.021442][ T1302] ieee802154 phy0 wpan0: encryption failed: -22
[  686.028253][ T1302] ieee802154 phy1 wpan1: encryption failed: -22
[  689.038480][ T5904] usb 4-1: new high-speed USB device number 38 using dummy_hcd
[  689.289479][ T5904] usb 4-1: Using ep0 maxpacket: 8
[  689.319495][ T5904] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 13
[  689.363776][ T5904] usb 4-1: New USB device found, idVendor=046d, idProduct=08ae, bcdDevice=11.58
[  689.696364][ T5904] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  689.715292][ T5904] usb 4-1: Product: syz
[  689.725632][ T5904] usb 4-1: Manufacturer: syz
[  689.735803][ T5904] usb 4-1: SerialNumber: syz
[  689.751294][ T5904] usb 4-1: config 0 descriptor??
[  689.771389][ T5904] gspca_main: gspca_zc3xx-2.14.0 probing 046d:08ae
[  690.912139][T10944] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[  690.994497][T10948] capability: warning: `syz.0.1423' uses 32-bit capabilities (legacy support in use)
[  691.497009][T10954] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1421'.
[  691.531506][T10954] netdevsim netdevsim3 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0
[  691.540836][T10954] netdevsim netdevsim3 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0
[  691.549631][T10954] netdevsim netdevsim3 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0
[  691.558399][T10954] netdevsim netdevsim3 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0
[  691.716524][T10954] vxlan0: entered promiscuous mode
[  692.060380][ T5904] gspca_zc3xx: reg_w_i err -110
[  693.470259][ T5904] gspca_zc3xx: Unknown sensor - set to TAS5130C
[  694.574492][ T5904] gspca_zc3xx 4-1:0.0: probe with driver gspca_zc3xx failed with error -110
[  694.603086][ T5904] usb 4-1: USB disconnect, device number 38
[  696.602596][T10987] netlink: 52 bytes leftover after parsing attributes in process `syz.3.1438'.
[  696.910276][T10998] loop2: detected capacity change from 0 to 8
[  697.163678][T10998] Dev loop2: unable to read RDB block 8
[  697.180316][T10998]  loop2: unable to read partition table
[  697.287303][T10998] loop2: partition table beyond EOD, truncated
[  697.383247][T10998] loop_reread_partitions: partition scan of loop2 (�被x������ ) failed (rc=-5)
[  697.892378][T10285] usb 3-1: new high-speed USB device number 32 using dummy_hcd
[  698.428344][T10285] usb 3-1: Using ep0 maxpacket: 8
[  698.450410][T10285] usb 3-1: config 0 interface 0 altsetting 5 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  698.469674][T10285] usb 3-1: config 0 interface 0 altsetting 5 endpoint 0x81 has invalid wMaxPacketSize 0
[  698.479882][T10285] usb 3-1: config 0 interface 0 has no altsetting 0
[  698.486578][T10285] usb 3-1: New USB device found, idVendor=1038, idProduct=1410, bcdDevice= 0.00
[  698.499487][T10285] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  698.525640][T10285] usb 3-1: config 0 descriptor??
[  700.781521][T10285] steelseries 0003:1038:1410.0007: unknown main item tag 0x5
[  700.789039][T10285] steelseries 0003:1038:1410.0007: item fetching failed at offset 4/5
[  700.810278][T10285] steelseries 0003:1038:1410.0007: parse failed
[  700.816752][T10285] steelseries 0003:1038:1410.0007: probe with driver steelseries failed with error -22
[  701.291558][T10285] usb 3-1: USB disconnect, device number 32
[  701.319317][   T24] usb 1-1: new high-speed USB device number 45 using dummy_hcd
[  701.822737][   T24] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0
[  701.858132][   T24] usb 1-1: New USB device found, idVendor=0cf3, idProduct=9374, bcdDevice=bc.3b
[  701.909265][   T24] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  701.940656][   T24] usb 1-1: config 0 descriptor??
[  702.298505][T11041] netlink: 44 bytes leftover after parsing attributes in process `syz.2.1451'.
[  702.349624][T11041] netlink: 43 bytes leftover after parsing attributes in process `syz.2.1451'.
[  702.358807][T11041] netlink: 'syz.2.1451': attribute type 6 has an invalid length.
[  703.030751][T11041] netlink: 'syz.2.1451': attribute type 5 has an invalid length.
[  703.042309][   T24] ath6kl: Failed to read usb control message: -71
[  703.048850][   T24] ath6kl: Unable to read the bmi data from the device: -71
[  703.077297][   T24] ath6kl: Unable to recv target info: -71
[  703.095952][T11041] netlink: 43 bytes leftover after parsing attributes in process `syz.2.1451'.
[  703.122604][   T24] ath6kl: Failed to init ath6kl core: -71
[  703.128955][   T24] ath6kl_usb 1-1:0.0: probe with driver ath6kl_usb failed with error -71
[  703.197988][T11051] openvswitch: netlink: IP tunnel attribute has 16 unknown bytes.
[  703.288520][   T24] usb 1-1: USB disconnect, device number 45
[  703.528485][T11056] netlink: 52 bytes leftover after parsing attributes in process `syz.2.1455'.
[  706.559395][ T1211] usb 3-1: new high-speed USB device number 33 using dummy_hcd
[  706.704272][ T5819] hid-generic C990:0003:0000.0008: unknown main item tag 0x0
[  706.754843][ T5819] hid-generic C990:0003:0000.0008: unknown main item tag 0x0
[  706.790979][ T5819] hid-generic C990:0003:0000.0008: hidraw0: <UNKNOWN> HID v0.00 Device [syz0] on syz1
[  706.808812][T11076] batadv_slave_0: entered promiscuous mode
[  706.831173][T11076] FAULT_INJECTION: forcing a failure.
[  706.831173][T11076] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  706.890877][ T1211] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0
[  706.934729][T11076] CPU: 0 UID: 0 PID: 11076 Comm: syz.1.1461 Not tainted 6.16.0-rc3-syzkaller #0 PREEMPT(full) 
[  706.934760][T11076] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  706.934773][T11076] Call Trace:
[  706.934782][T11076]  <TASK>
[  706.934791][T11076]  dump_stack_lvl+0x189/0x250
[  706.934827][T11076]  ? __pfx____ratelimit+0x10/0x10
[  706.934857][T11076]  ? __pfx_dump_stack_lvl+0x10/0x10
[  706.934887][T11076]  ? __pfx__printk+0x10/0x10
[  706.934908][T11076]  ? __might_fault+0xb0/0x130
[  706.934945][T11076]  should_fail_ex+0x414/0x560
[  706.934975][T11076]  _copy_from_user+0x2d/0xb0
[  706.934996][T11076]  ___sys_sendmsg+0x158/0x2a0
[  706.935025][T11076]  ? __pfx____sys_sendmsg+0x10/0x10
[  706.935090][T11076]  ? __fget_files+0x2a/0x420
[  706.935116][T11076]  ? __fget_files+0x3a0/0x420
[  706.935155][T11076]  __x64_sys_sendmsg+0x19b/0x260
[  706.935183][T11076]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  706.935219][T11076]  ? __pfx_ksys_write+0x10/0x10
[  706.935240][T11076]  ? rcu_is_watching+0x15/0xb0
[  706.935275][T11076]  ? do_syscall_64+0xbe/0x3b0
[  706.935309][T11076]  do_syscall_64+0xfa/0x3b0
[  706.935337][T11076]  ? lockdep_hardirqs_on+0x9c/0x150
[  706.935365][T11076]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  706.935386][T11076]  ? clear_bhb_loop+0x60/0xb0
[  706.935411][T11076]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  706.935431][T11076] RIP: 0033:0x7fe23a38e929
[  706.935449][T11076] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  706.935467][T11076] RSP: 002b:00007fe2381f6038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  706.935490][T11076] RAX: ffffffffffffffda RBX: 00007fe23a5b5fa0 RCX: 00007fe23a38e929
[  706.935506][T11076] RDX: 0000000020008050 RSI: 00002000000003c0 RDI: 0000000000000006
[  706.935519][T11076] RBP: 00007fe2381f6090 R08: 0000000000000000 R09: 0000000000000000
[  706.935533][T11076] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  706.935545][T11076] R13: 0000000000000000 R14: 00007fe23a5b5fa0 R15: 00007ffdd05ee158
[  706.935578][T11076]  </TASK>
[  706.938701][T11075] batadv_slave_0: left promiscuous mode
[  707.166333][ T1211] usb 3-1: New USB device found, idVendor=0cf3, idProduct=9374, bcdDevice=bc.3b
[  707.232140][ T1211] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  707.333621][ T1211] usb 3-1: config 0 descriptor??
[  708.778550][ T1211] ath6kl: Failed to read usb control message: -71
[  708.785200][ T1211] ath6kl: Unable to read the bmi data from the device: -71
[  708.808410][ T1211] ath6kl: Unable to recv target info: -71
[  709.241829][ T1211] ath6kl: Failed to init ath6kl core: -71
[  709.267657][ T1211] ath6kl_usb 3-1:0.0: probe with driver ath6kl_usb failed with error -71
[  709.285492][ T1211] usb 3-1: USB disconnect, device number 33
[  710.571303][T11104] netlink: 52 bytes leftover after parsing attributes in process `syz.3.1467'.
[  713.684696][ T5189] udevd[5189]: worker [8266] /devices/platform/dummy_hcd.1/usb2/2-1 is taking a long time
[  713.933118][T11140] netlink: 'syz.0.1474': attribute type 6 has an invalid length.
[  714.079330][   T24] usb 4-1: new full-speed USB device number 39 using dummy_hcd
[  715.131587][   T24] usb 4-1: config 36 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  715.160490][   T24] usb 4-1: config 36 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 10
[  715.172055][   T24] usb 4-1: config 36 interface 0 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0
[  715.191875][   T24] usb 4-1: New USB device found, idVendor=6993, idProduct=b001, bcdDevice=3d.29
[  715.201675][   T24] usb 4-1: New USB device strings: Mfr=244, Product=0, SerialNumber=16
[  715.219728][   T24] usb 4-1: Manufacturer: syz
[  715.225039][   T24] usb 4-1: SerialNumber: syz
[  716.296806][   T24] yealink 4-1:36.0: invalid payload size 0, expected 16
[  716.312726][   T24] input: Yealink usb-p1k as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:36.0/input/input20
[  716.329188][    C1] yealink 4-1:36.0: urb_ctl_callback - urb status -71
[  716.336347][    C1] yealink 4-1:36.0: urb_ctl_callback - urb status -71
[  716.343476][    C1] yealink 4-1:36.0: urb_ctl_callback - urb status -71
[  716.350630][    C1] yealink 4-1:36.0: urb_ctl_callback - urb status -71
[  716.357634][    C1] yealink 4-1:36.0: urb_ctl_callback - urb status -71
[  716.364632][    C1] yealink 4-1:36.0: urb_ctl_callback - urb status -71
[  716.372032][    C1] yealink 4-1:36.0: urb_ctl_callback - urb status -71
[  716.379044][    C1] yealink 4-1:36.0: urb_ctl_callback - urb status -71
[  716.385871][    C1] yealink 4-1:36.0: urb_ctl_callback - usb_submit_urb failed -90
[  716.422669][   T24] usb 4-1: USB disconnect, device number 39
[  716.532847][T11155] FAULT_INJECTION: forcing a failure.
[  716.532847][T11155] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  716.546108][T11155] CPU: 1 UID: 0 PID: 11155 Comm: syz.1.1479 Not tainted 6.16.0-rc3-syzkaller #0 PREEMPT(full) 
[  716.546135][T11155] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  716.546149][T11155] Call Trace:
[  716.546158][T11155]  <TASK>
[  716.546167][T11155]  dump_stack_lvl+0x189/0x250
[  716.546205][T11155]  ? __pfx____ratelimit+0x10/0x10
[  716.546235][T11155]  ? __pfx_dump_stack_lvl+0x10/0x10
[  716.546265][T11155]  ? __pfx__printk+0x10/0x10
[  716.546286][T11155]  ? __might_fault+0xb0/0x130
[  716.546324][T11155]  should_fail_ex+0x414/0x560
[  716.546354][T11155]  _copy_from_user+0x2d/0xb0
[  716.546374][T11155]  get_itimerspec64+0xa1/0x2f0
[  716.546401][T11155]  ? __mutex_unlock_slowpath+0x1cd/0x700
[  716.546432][T11155]  ? __pfx_get_itimerspec64+0x10/0x10
[  716.546463][T11155]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[  716.546509][T11155]  __x64_sys_timer_settime+0x142/0x240
[  716.546537][T11155]  ? __pfx___x64_sys_timer_settime+0x10/0x10
[  716.546578][T11155]  ? do_syscall_64+0xbe/0x3b0
[  716.546611][T11155]  do_syscall_64+0xfa/0x3b0
[  716.546639][T11155]  ? lockdep_hardirqs_on+0x9c/0x150
[  716.546668][T11155]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  716.546688][T11155]  ? clear_bhb_loop+0x60/0xb0
[  716.546714][T11155]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  716.546733][T11155] RIP: 0033:0x7fe23a38e929
[  716.546752][T11155] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  716.546770][T11155] RSP: 002b:00007fe2381d5038 EFLAGS: 00000246 ORIG_RAX: 00000000000000df
[  716.546791][T11155] RAX: ffffffffffffffda RBX: 00007fe23a5b6080 RCX: 00007fe23a38e929
[  716.546807][T11155] RDX: 0000200000000340 RSI: 0000000000000001 RDI: 0000000000000000
[  716.546821][T11155] RBP: 00007fe2381d5090 R08: 0000000000000000 R09: 0000000000000000
[  716.546834][T11155] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  716.546846][T11155] R13: 0000000000000000 R14: 00007fe23a5b6080 R15: 00007ffdd05ee158
[  716.546879][T11155]  </TASK>
[  716.806143][   T31] INFO: task kworker/1:3:5867 blocked for more than 143 seconds.
[  716.814077][   T31]       Not tainted 6.16.0-rc3-syzkaller #0
[  716.820082][   T31] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[  716.829553][   T31] task:kworker/1:3     state:D stack:21240 pid:5867  tgid:5867  ppid:2      task_flags:0x4208060 flags:0x00004000
[  716.842360][   T31] Workqueue: usb_hub_wq hub_event
[  716.847473][   T31] Call Trace:
[  716.850855][   T31]  <TASK>
[  716.853849][   T31]  __schedule+0x16a2/0x4cb0
[  716.858419][   T31]  ? device_add+0x7b6/0xb50
[  716.863032][   T31]  ? usb_new_device+0xa39/0x16c0
[  716.868035][   T31]  ? worker_thread+0x8a0/0xda0
[  716.872994][   T31]  ? kthread+0x70e/0x8a0
[  716.877310][   T31]  ? schedule+0x165/0x360
[  716.881741][   T31]  ? __lock_acquire+0xab9/0xd20
[  716.886656][   T31]  ? __pfx___schedule+0x10/0x10
[  716.891612][   T31]  ? schedule+0x91/0x360
[  716.895924][   T31]  schedule+0x165/0x360
[  716.900254][   T31]  schedule_timeout+0x9a/0x270
[  716.905082][   T31]  ? __pfx_schedule_timeout+0x10/0x10
[  716.910745][   T31]  ? _raw_spin_unlock_irq+0x23/0x50
[  716.916016][   T31]  ? lockdep_hardirqs_on+0x9c/0x150
[  716.921289][   T31]  ? wait_for_completion+0x267/0x5d0
[  716.927801][   T31]  wait_for_completion+0x2bf/0x5d0
[  716.933078][   T31]  ? __pfx_wait_for_completion+0x10/0x10
[  716.938801][   T31]  i2c_del_adapter+0x581/0x6e0
[  716.943655][   T31]  ? lockdep_hardirqs_on+0x9c/0x150
[  716.948957][   T31]  ? __pfx_i2c_del_adapter+0x10/0x10
[  716.954350][   T31]  ? dvb_usbv2_exit+0x85a/0x9e0
[  716.959674][   T31]  dvb_usbv2_probe+0x4ae/0x41a0
[  716.964657][   T31]  ? __pfx_dvb_usbv2_probe+0x10/0x10
[  716.970652][   T31]  ? __pm_runtime_set_status+0x785/0xa50
[  716.976364][   T31]  usb_probe_interface+0x641/0xbc0
[  716.981958][   T31]  ? __pfx_usb_probe_interface+0x10/0x10
[  717.014401][   T31]  really_probe+0x26a/0x9a0
[  717.023952][   T31]  __driver_probe_device+0x18c/0x2f0
[  717.031174][   T31]  driver_probe_device+0x4f/0x430
[  717.036460][   T31]  __device_attach_driver+0x2ce/0x530
[  717.042534][   T31]  bus_for_each_drv+0x251/0x2e0
[  717.047652][   T31]  ? __pfx___device_attach_driver+0x10/0x10
[  717.054491][   T31]  ? __pfx_bus_for_each_drv+0x10/0x10
[  717.064561][   T31]  __device_attach+0x2b8/0x400
[  717.082446][   T31]  ? __pfx___device_attach+0x10/0x10
[  717.101828][   T31]  ? do_raw_spin_unlock+0x122/0x240
[  717.214638][   T31]  bus_probe_device+0x185/0x260
[  717.220242][   T31]  device_add+0x7b6/0xb50
[  717.224787][   T31]  usb_set_configuration+0x1a87/0x20e0
[  717.245233][   T31]  usb_generic_driver_probe+0x8d/0x150
[  717.251741][   T31]  usb_probe_device+0x1c1/0x390
[  717.257017][   T31]  ? __pfx_usb_probe_device+0x10/0x10
[  717.325413][   T31]  really_probe+0x26a/0x9a0
[  717.595253][   T31]  __driver_probe_device+0x18c/0x2f0
[  718.059299][   T31]  driver_probe_device+0x4f/0x430
[  718.074244][   T31]  __device_attach_driver+0x2ce/0x530
[  718.084488][   T31]  bus_for_each_drv+0x251/0x2e0
[  718.096566][   T31]  ? __pfx___device_attach_driver+0x10/0x10
[  718.102946][   T31]  ? __pfx_bus_for_each_drv+0x10/0x10
[  718.108787][   T31]  __device_attach+0x2b8/0x400
[  718.117924][   T31]  ? __pfx___device_attach+0x10/0x10
[  718.127897][   T31]  ? do_raw_spin_unlock+0x122/0x240
[  718.137565][   T31]  bus_probe_device+0x185/0x260
[  718.144131][   T31]  device_add+0x7b6/0xb50
[  718.148748][   T31]  usb_new_device+0xa39/0x16c0
[  718.173676][   T31]  ? __pfx_usb_new_device+0x10/0x10
[  718.188869][   T31]  ? preempt_schedule_thunk+0x16/0x30
[  718.226151][   T31]  hub_event+0x2941/0x4a00
[  718.231161][   T31]  ? __pfx_hub_event+0x10/0x10
[  718.236110][   T31]  ? process_scheduled_works+0x9ef/0x17b0
[  718.244879][   T31]  ? _raw_spin_unlock_irq+0x23/0x50
[  718.251191][   T31]  ? process_scheduled_works+0x9ef/0x17b0
[  718.263453][   T31]  ? process_scheduled_works+0x9ef/0x17b0
[  718.271368][   T31]  process_scheduled_works+0xade/0x17b0
[  718.277496][   T31]  ? __pfx_process_scheduled_works+0x10/0x10
[  718.285113][   T31]  worker_thread+0x8a0/0xda0
[  718.290544][   T31]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  718.297203][   T31]  ? __kthread_parkme+0x7b/0x200
[  718.302914][   T31]  kthread+0x70e/0x8a0
[  718.307293][   T31]  ? __pfx_worker_thread+0x10/0x10
[  718.312950][   T31]  ? __pfx_kthread+0x10/0x10
[  718.317746][   T31]  ? _raw_spin_unlock_irq+0x23/0x50
[  718.323508][   T31]  ? lockdep_hardirqs_on+0x9c/0x150
[  718.328984][   T31]  ? __pfx_kthread+0x10/0x10
[  718.334321][   T31]  ret_from_fork+0x3fc/0x770
[  718.339138][   T31]  ? __pfx_ret_from_fork+0x10/0x10
[  718.344877][   T31]  ? __switch_to_asm+0x39/0x70
[  718.350537][   T31]  ? __switch_to_asm+0x33/0x70
[  718.355442][   T31]  ? __pfx_kthread+0x10/0x10
[  718.364616][   T31]  ret_from_fork_asm+0x1a/0x30
[  718.372164][   T31]  </TASK>
[  718.440804][   T31] 
[  718.440804][   T31] Showing all locks held in the system:
[  718.467211][   T31] 1 lock held by khungtaskd/31:
[  718.474554][   T31]  #0: ffffffff8e13ee60 (rcu_read_lock){....}-{1:3}, at: debug_show_all_locks+0x2e/0x180
[  718.485167][   T31] 4 locks held by kworker/u8:6/1112:
[  718.491753][   T31] 4 locks held by kworker/u8:7/1148:
[  718.499732][   T31] 2 locks held by getty/5585:
[  718.505356][   T31]  #0: ffff88814c8820a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x25/0x70
[  718.515918][   T31]  #1: ffffc9000332b2f0 (&ldata->atomic_read_lock){+.+.}-{4:4}, at: n_tty_read+0x43e/0x1400
[  718.526542][   T31] 5 locks held by kworker/1:3/5867:
[  718.534680][   T31]  #0: ffff8880216eb948 ((wq_completion)usb_hub_wq){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0
[  718.546573][   T31]  #1: ffffc900043dfbc0 ((work_completion)(&hub->events)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0
[  718.559144][   T31]  #2: ffff888144732198 (&dev->mutex){....}-{4:4}, at: hub_event+0x184/0x4a00
[  718.569291][   T31]  #3: ffff8880216a2198 (&dev->mutex){....}-{4:4}, at: __device_attach+0x88/0x400
[  718.578991][   T31]  #4: ffff88807dc25160 (&dev->mutex){....}-{4:4}, at: __device_attach+0x88/0x400
[  718.588644][   T31] 4 locks held by udevd/8266:
[  718.594758][   T31]  #0: ffff88802f8d4790 (&p->lock){+.+.}-{4:4}, at: seq_read_iter+0xb7/0xe10
[  718.604138][   T31]  #1: ffff88806e8b0488 (&of->mutex#2){+.+.}-{4:4}, at: kernfs_seq_start+0x55/0x3c0
[  718.614056][   T31]  #2: ffff88807f0e35a8 (kn->active#18){++++}-{0:0}, at: kernfs_seq_start+0x75/0x3c0
[  718.631770][   T31]  #3: ffff8880216a2198 (&dev->mutex){....}-{4:4}, at: manufacturer_show+0x26/0xa0
[  718.641719][   T31] 
[  718.644306][   T31] =============================================
[  718.644306][   T31] 
[  718.653374][   T31] NMI backtrace for cpu 1
[  718.653392][   T31] CPU: 1 UID: 0 PID: 31 Comm: khungtaskd Not tainted 6.16.0-rc3-syzkaller #0 PREEMPT(full) 
[  718.653415][   T31] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  718.653427][   T31] Call Trace:
[  718.653435][   T31]  <TASK>
[  718.653444][   T31]  dump_stack_lvl+0x189/0x250
[  718.653477][   T31]  ? __wake_up_klogd+0xd9/0x110
[  718.653504][   T31]  ? __pfx_dump_stack_lvl+0x10/0x10
[  718.653533][   T31]  ? __pfx__printk+0x10/0x10
[  718.653567][   T31]  nmi_cpu_backtrace+0x39e/0x3d0
[  718.653604][   T31]  ? __pfx_nmi_cpu_backtrace+0x10/0x10
[  718.653626][   T31]  ? irqentry_exit+0x74/0x90
[  718.653654][   T31]  ? lockdep_hardirqs_on+0x9c/0x150
[  718.653693][   T31]  ? __pfx_nmi_raise_cpu_backtrace+0x10/0x10
[  718.653722][   T31]  nmi_trigger_cpumask_backtrace+0x17a/0x300
[  718.653750][   T31]  watchdog+0xfee/0x1030
[  718.653778][   T31]  ? watchdog+0x1de/0x1030
[  718.653812][   T31]  kthread+0x70e/0x8a0
[  718.653836][   T31]  ? __pfx_watchdog+0x10/0x10
[  718.653860][   T31]  ? __pfx_kthread+0x10/0x10
[  718.653884][   T31]  ? _raw_spin_unlock_irq+0x23/0x50
[  718.653910][   T31]  ? lockdep_hardirqs_on+0x9c/0x150
[  718.653936][   T31]  ? __pfx_kthread+0x10/0x10
[  718.653958][   T31]  ret_from_fork+0x3fc/0x770
[  718.653988][   T31]  ? __pfx_ret_from_fork+0x10/0x10
[  718.654021][   T31]  ? __switch_to_asm+0x39/0x70
[  718.654039][   T31]  ? __switch_to_asm+0x33/0x70
[  718.654056][   T31]  ? __pfx_kthread+0x10/0x10
[  718.654079][   T31]  ret_from_fork_asm+0x1a/0x30
[  718.654115][   T31]  </TASK>
[  718.654124][   T31] Sending NMI from CPU 1 to CPUs 0:
[  718.813660][    C0] NMI backtrace for cpu 0
[  718.813679][    C0] CPU: 0 UID: 0 PID: 1112 Comm: kworker/u8:6 Not tainted 6.16.0-rc3-syzkaller #0 PREEMPT(full) 
[  718.813699][    C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  718.813711][    C0] Workqueue: bat_events batadv_nc_worker
[  718.813739][    C0] RIP: 0010:lock_acquire+0xc9/0x360
[  718.813763][    C0] Code: fb 10 85 c0 0f 85 eb 00 00 00 65 48 8b 04 25 08 b0 99 92 83 b8 ec 0a 00 00 00 0f 85 d5 00 00 00 48 c7 44 24 30 00 00 00 00 9c <8f> 44 24 30 4c 89 74 24 10 4d 89 fe 4c 8b 7c 24 30 fa 48 c7 c7 f0
[  718.813778][    C0] RSP: 0018:ffffc90003def978 EFLAGS: 00000246
[  718.813792][    C0] RAX: ffff888027001e00 RBX: 0000000000000000 RCX: a8a66b5180041900
[  718.813805][    C0] RDX: 0000000000000000 RSI: ffffffff8b2d08bf RDI: 1ffffffff1c27dcc
[  718.813817][    C0] RBP: ffffffff8b2d08a2 R08: 0000000000000000 R09: 0000000000000000
[  718.813828][    C0] R10: dffffc0000000000 R11: ffffffff8b2d07d0 R12: 0000000000000002
[  718.813840][    C0] R13: ffffffff8e13ee60 R14: 0000000000000000 R15: 0000000000000000
[  718.813851][    C0] FS:  0000000000000000(0000) GS:ffff888125c85000(0000) knlGS:0000000000000000
[  718.813865][    C0] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  718.813876][    C0] CR2: 0000555555f4e5c8 CR3: 0000000077b48000 CR4: 00000000003526f0
[  718.813892][    C0] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[  718.813902][    C0] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[  718.813913][    C0] Call Trace:
[  718.813920][    C0]  <TASK>
[  718.813933][    C0]  ? batadv_nc_worker+0xd2/0x610
[  718.813954][    C0]  ? batadv_nc_worker+0xd2/0x610
[  718.813975][    C0]  batadv_nc_worker+0xef/0x610
[  718.813995][    C0]  ? batadv_nc_worker+0xd2/0x610
[  718.814017][    C0]  ? process_scheduled_works+0x9ef/0x17b0
[  718.814042][    C0]  process_scheduled_works+0xade/0x17b0
[  718.814083][    C0]  ? __pfx_process_scheduled_works+0x10/0x10
[  718.814117][    C0]  worker_thread+0x8a0/0xda0
[  718.814143][    C0]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  718.814171][    C0]  ? __kthread_parkme+0x7b/0x200
[  718.814201][    C0]  kthread+0x70e/0x8a0
[  718.814224][    C0]  ? __pfx_worker_thread+0x10/0x10
[  718.814248][    C0]  ? __pfx_kthread+0x10/0x10
[  718.814265][    C0]  ? _raw_spin_unlock_irq+0x23/0x50
[  718.814287][    C0]  ? lockdep_hardirqs_on+0x9c/0x150
[  718.814309][    C0]  ? __pfx_kthread+0x10/0x10
[  718.814333][    C0]  ret_from_fork+0x3fc/0x770
[  718.814357][    C0]  ? __pfx_ret_from_fork+0x10/0x10
[  718.814382][    C0]  ? __switch_to_asm+0x39/0x70
[  718.814397][    C0]  ? __switch_to_asm+0x33/0x70
[  718.814412][    C0]  ? __pfx_kthread+0x10/0x10
[  718.814429][    C0]  ret_from_fork_asm+0x1a/0x30
[  718.814454][    C0]  </TASK>
[  718.816759][   T31] Kernel panic - not syncing: hung_task: blocked tasks
[  719.085416][   T31] CPU: 0 UID: 0 PID: 31 Comm: khungtaskd Not tainted 6.16.0-rc3-syzkaller #0 PREEMPT(full) 
[  719.095486][   T31] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  719.105545][   T31] Call Trace:
[  719.108971][   T31]  <TASK>
[  719.111930][   T31]  dump_stack_lvl+0x99/0x250
[  719.116659][   T31]  ? __asan_memcpy+0x40/0x70
[  719.121267][   T31]  ? __pfx_dump_stack_lvl+0x10/0x10
[  719.126490][   T31]  ? __pfx__printk+0x10/0x10
[  719.131120][   T31]  panic+0x2db/0x790
[  719.135040][   T31]  ? __pfx_panic+0x10/0x10
[  719.139472][   T31]  ? watchdog+0x101c/0x1030
[  719.143985][   T31]  watchdog+0x102d/0x1030
[  719.148322][   T31]  ? watchdog+0x1de/0x1030
[  719.152758][   T31]  kthread+0x70e/0x8a0
[  719.156860][   T31]  ? __pfx_watchdog+0x10/0x10
[  719.161587][   T31]  ? __pfx_kthread+0x10/0x10
[  719.166211][   T31]  ? _raw_spin_unlock_irq+0x23/0x50
[  719.172446][   T31]  ? lockdep_hardirqs_on+0x9c/0x150
[  719.177682][   T31]  ? __pfx_kthread+0x10/0x10
[  719.182310][   T31]  ret_from_fork+0x3fc/0x770
[  719.187008][   T31]  ? __pfx_ret_from_fork+0x10/0x10
[  719.192132][   T31]  ? __switch_to_asm+0x39/0x70
[  719.196911][   T31]  ? __switch_to_asm+0x33/0x70
[  719.201693][   T31]  ? __pfx_kthread+0x10/0x10
[  719.206301][   T31]  ret_from_fork_asm+0x1a/0x30
[  719.211092][   T31]  </TASK>
[  719.214531][   T31] Kernel Offset: disabled
[  719.218873][   T31] Rebooting in 86400 seconds..