last executing test programs:

9m41.225858035s ago: executing program 3 (id=354):
unshare(0x24020400)
r0 = socket$kcm(0x1e, 0x1, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$devlink(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$DEVLINK_CMD_SB_OCC_SNAPSHOT(r1, &(0x7f0000000140)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000000100)={&(0x7f0000000080)={0x64, r2, 0x100, 0x70bd26, 0x25dfdbfe, {}, [{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0xb, 0x6}}, {@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0xb, 0x401}}]}, 0x64}, 0x1, 0x0, 0x0, 0x4000081}, 0x40810)
sendmsg$kcm(r0, &(0x7f0000000540)={&(0x7f0000000280)=@tipc=@name={0x1e, 0x2, 0x0, {{0x1, 0x1}}}, 0x80, &(0x7f00000004c0)=[{0x0, 0x2}], 0x1}, 0x0)
syz_usb_connect$cdc_ncm(0x3, 0x6e, &(0x7f00000001c0)={{0x12, 0x1, 0x300, 0x2, 0x0, 0x0, 0x20, 0x525, 0xa4a1, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x5c, 0x2, 0x1, 0x7, 0x20, 0xae, {{0x9, 0x4, 0x0, 0x0, 0x1, 0x2, 0xd, 0x0, 0x0, {{0x5}, {0x5, 0x24, 0x0, 0xffff}, {0xd, 0x24, 0xf, 0x1, 0x3, 0x5, 0x68}, {0x6, 0x24, 0x1a, 0x2, 0x9}}, {{0x9, 0x5, 0x81, 0x3, 0x40, 0x2, 0x8, 0x5}}}, {}, {0x9, 0x4, 0x1, 0x1, 0x2, 0x2, 0xd, 0x0, 0x0, "", {{{0x9, 0x5, 0x82, 0x2, 0x20, 0x5, 0x0, 0xe}}, {{0x9, 0x5, 0x3, 0x2, 0x10, 0x81, 0xf, 0x5}}}}}}}]}}, &(0x7f0000000a40)={0x0, 0x0, 0x0, 0x0})

9m38.555038741s ago: executing program 3 (id=369):
socket$inet6_udp(0xa, 0x2, 0x0)
r0 = socket$inet(0xa, 0x801, 0x84)
listen(r0, 0x5)
socket$inet(0xa, 0x801, 0x84) (async)
r1 = socket$inet(0xa, 0x801, 0x84)
listen(r1, 0xfffffffd) (async)
listen(r1, 0xfffffffd)
socket$inet(0xa, 0x801, 0x84) (async)
r2 = socket$inet(0xa, 0x801, 0x84)
listen(r2, 0x8)
socket$inet(0xa, 0x801, 0x85) (async)
r3 = socket$inet(0xa, 0x801, 0x85)
listen(r3, 0x8) (async)
listen(r3, 0x8)
r4 = socket$inet6(0xa, 0x0, 0x8)
listen(r4, 0x7)
r5 = socket$inet6_sctp(0xa, 0x801, 0x84)
sendto$inet6(r5, &(0x7f0000000140)="c2", 0x1, 0x0, &(0x7f0000000000)={0xa, 0x0, 0x0, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01'}, 0x1c) (async)
sendto$inet6(r5, &(0x7f0000000140)="c2", 0x1, 0x0, &(0x7f0000000000)={0xa, 0x0, 0x0, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01'}, 0x1c)
r6 = socket$netlink(0x10, 0x3, 0x4)
writev(r6, &(0x7f0000000000)=[{&(0x7f0000000140)="480000001400190d09004beafd0d8c560a84476080ffe00600000000590000a2bc5603ca00000f7f89000000200000000101ff0000000309ff5bffff00c7e5ed5e00000000000000", 0x40b}], 0x1)
r7 = socket$alg(0x26, 0x5, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x102}, 0x0) (async)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x102}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000240)=0x7)
r8 = getpid()
sched_setscheduler(r8, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r9=>0xffffffffffffffff, <r10=>0xffffffffffffffff})
connect$unix(r9, &(0x7f000057eff8)=@abs={0x0, 0x0, 0xfffffffe}, 0x6e) (async)
connect$unix(r9, &(0x7f000057eff8)=@abs={0x0, 0x0, 0xfffffffe}, 0x6e)
sendmmsg$unix(r10, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r9, &(0x7f0000002f00)=[{{&(0x7f0000000280)=@ll={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, 0x80, &(0x7f0000000780)=[{&(0x7f0000000300)=""/193, 0xc1}, {&(0x7f0000000400)=""/92, 0x5c}, {&(0x7f0000000480)=""/107, 0x6b}, {&(0x7f0000000040)}, {&(0x7f0000000500)=""/70, 0x46}, {&(0x7f0000000580)=""/206, 0xce}, {&(0x7f0000000680)=""/252, 0xfc}], 0x7, &(0x7f0000000800)=""/4096, 0x1000}}, {{&(0x7f0000001800)=@in6={0xa, 0x0, 0x0, @loopback}, 0x80, &(0x7f0000001c40)=[{&(0x7f0000000100)=""/7, 0x7}, {&(0x7f0000001880)=""/167, 0xa7}, {&(0x7f0000001940)=""/242, 0xf2}, {&(0x7f0000001a40)=""/103, 0x67}, {&(0x7f0000001ac0)=""/114, 0x72}, {&(0x7f0000001b40)=""/214, 0xd6}], 0x6, &(0x7f0000001cc0)=""/4096, 0x1000}, 0x10001}, {{&(0x7f0000002cc0)=@x25, 0x80, &(0x7f0000002e80)=[{&(0x7f0000002d40)=""/152, 0x98}, {&(0x7f00000001c0)=""/2, 0x2}, {&(0x7f0000002e00)}, {&(0x7f0000002e40)=""/55, 0x37}], 0x4, &(0x7f0000002ec0)=""/27, 0x1b}, 0x1}], 0x3, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
bind$alg(r7, &(0x7f0000000080)={0x26, 'hash\x00', 0x0, 0x0, 'crc32c-generic\x00'}, 0x58)
accept4(r7, 0x0, 0x0, 0x0) (async)
r11 = accept4(r7, 0x0, 0x0, 0x0)
recvmmsg$unix(r11, &(0x7f0000003700)=[{{0x0, 0x700, 0x0, 0x0, 0x0, 0x500}}], 0x600, 0x0, 0x0) (async)
recvmmsg$unix(r11, &(0x7f0000003700)=[{{0x0, 0x700, 0x0, 0x0, 0x0, 0x500}}], 0x600, 0x0, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)

9m38.186335888s ago: executing program 3 (id=372):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = getpid()
ioctl$AUTOFS_DEV_IOCTL_ISMOUNTPOINT(0xffffffffffffffff, 0xc018937e, &(0x7f0000000000)={{0x1, 0x1, 0x18, <r3=>r0, {0x4}}, './file0\x00'})
r4 = socket$alg(0x26, 0x5, 0x0)
syz_open_dev$vim2m(&(0x7f0000000100), 0xffffffffffffffff, 0x2)
bind$alg(r4, &(0x7f0000000040)={0x26, 'aead\x00', 0x0, 0x0, 'aegis128-generic\x00'}, 0x58)
setsockopt$ALG_SET_AEAD_AUTHSIZE(r4, 0x117, 0x5, 0x0, 0x5)
syz_kvm_setup_cpu$x86(r1, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000080)=[@textreal={0x8, &(0x7f0000000040)="0f01dfd9d00cca6526f7a8ae1e0f01c2baf80c66b80267fd8666efbafc0ced303bf20f0766b96c0200000f322e260f017f00", 0x32}], 0x1, 0x7b, &(0x7f00000000c0)=[@cstype0, @cstype3={0x5, 0xd}], 0x2)
process_vm_readv(r2, &(0x7f0000008400)=[{&(0x7f0000000300)=""/54, 0x7ffff000}, {&(0x7f0000006180)=""/152, 0x98}], 0x2, &(0x7f0000008640)=[{&(0x7f0000008480)=""/95, 0x7ffff000}], 0x286, 0x0)
syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000600)=[@text64={0x40, 0x0}], 0x1, 0x10, 0x0, 0x0)

9m37.635231041s ago: executing program 3 (id=373):
r0 = socket$inet6_udplite(0xa, 0x2, 0x88)
connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x1, @ipv4={'\x00', '\xff\xff', @remote}}, 0x1c)
setsockopt$inet6_mreq(r0, 0x29, 0x1b, &(0x7f0000000180)={@empty}, 0x14)
setsockopt$inet6_IPV6_ADDRFORM(r0, 0x29, 0x1, &(0x7f0000000040), 0x4)
socket$nl_route(0x10, 0x3, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000000300)=""/102392, 0x18ff8)
r2 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x7)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000080), 0x48c00, 0x0)
r3 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r3, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
r4 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000100), 0x1c3902, 0x0)
r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f00000002c0)=ANY=[@ANYBLOB="18000000000000000000000000000000180100000800000000000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000000032ce8500000004000000850000000500000095"], &(0x7f0000000200)='GPL\x00', 0x5, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000000)='global_dirty_state\x00', r5}, 0x10)
sendfile(r4, r4, 0x0, 0x200000)
ioctl$UI_ABS_SETUP(r2, 0x401c5504, &(0x7f00000000c0)={0x3, {0x200, 0xbfa, 0x4, 0x2, 0x8, 0xea39}})
fsconfig$FSCONFIG_CMD_CREATE(0xffffffffffffffff, 0x8, 0x0, 0x0, 0x0)
socket$kcm(0x2d, 0x2, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000280)='./file0\x00', 0x0)
mount$bind(&(0x7f0000000000)='.\x00', &(0x7f0000000200)='./file0/../file0\x00', 0x0, 0x101091, 0x0)
mount$bind(&(0x7f0000000440)='./file0/../file0\x00', &(0x7f00000000c0)='./file0/file0\x00', 0x0, 0x8b101a, 0x0)
mount$bind(0x0, &(0x7f0000000340)='./file0/file0\x00', 0x0, 0x20000, 0x0)
mount$bind(&(0x7f0000000100)='./file0\x00', &(0x7f0000000180)='./file0\x00', 0x0, 0x18d811, 0x0)

9m36.606009953s ago: executing program 3 (id=376):
r0 = socket(0x10, 0x3, 0x0)
sendmsg$BATADV_CMD_GET_MCAST_FLAGS(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000001c0)=ANY=[@ANYRESDEC], 0x24}, 0x1, 0x0, 0x0, 0x50}, 0x0)
recvmmsg$unix(r0, &(0x7f0000008f40)=[{{0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000004740)=""/199, 0xc7}, {&(0x7f0000004840)=""/220, 0xdc}, {&(0x7f0000004a40)=""/159, 0x9f}, {&(0x7f0000004b00)=""/213, 0xd5}, {&(0x7f0000004c00)=""/4096, 0x1000}, {&(0x7f0000005c00)=""/253, 0xfd}, {&(0x7f0000000500)=""/240, 0xf0}], 0x7}}], 0x1, 0x0, 0x0)
write(r0, &(0x7f0000000100)="1400000052004f7fb3e4bf80a000080000000000", 0x14)

9m36.306839131s ago: executing program 3 (id=377):
socketpair$tipc(0x1e, 0x2, 0x0, 0x0)
openat$dsp1(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r0 = socket$inet6(0xa, 0x80001, 0x0)
setsockopt$inet6_group_source_req(r0, 0x29, 0x2e, &(0x7f0000000200)={0x1, {{0xa, 0x0, 0x0, @mcast1={0xff, 0x7}}}, {{0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @local}}}}, 0x108)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
r1 = io_uring_setup(0x6dde, &(0x7f00000002c0)={0x0, 0x62af, 0x1, 0x0, 0xfffffffe})
io_uring_register$IORING_REGISTER_FILES_UPDATE2(r1, 0xe, &(0x7f0000001180)={0x0, 0x0, &(0x7f0000000040)=[{0x0, 0xfdfffffffffffffe}], 0x0, 0x7, 0xfd}, 0x20)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r2, &(0x7f0000000300)=""/102392, 0x18ff8)
futex(&(0x7f000000cffc)=0x1, 0x800000000006, 0x0, 0x0, 0x0, 0x0)
socket$inet(0x2, 0x2, 0x1)
munmap(&(0x7f0000584000/0x800000)=nil, 0x800000)
munmap(&(0x7f0000470000/0x400000)=nil, 0xe06500)
r3 = openat$comedi(0xffffff9c, &(0x7f0000000040)='/dev/comedi2\x00', 0x8a400, 0x0)
ioctl$COMEDI_DEVCONFIG(r3, 0x40946400, &(0x7f0000000140)={'dt2814\x00', [0xb000, 0x5, 0x0, 0x2, 0x2, 0x8f, 0x1007, 0x10, 0x1002, 0xffffffff, 0x3, 0x7, 0xaa, 0x1, 0x5, 0x1, 0x8, 0x3, 0x9, 0x89, 0x108, 0x3, 0x7, 0xa, 0x5, 0x1, 0xb0c4, 0xc, 0x8, 0x400002, 0x2]})
ioctl$TCSETSF(0xffffffffffffffff, 0x5404, 0x0)
r4 = socket$inet6_icmp(0xa, 0x2, 0x3a)
r5 = socket$inet6(0xa, 0x2, 0x3a)
sendmmsg$inet6(r5, &(0x7f0000000e40)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000000300)=ANY=[], 0x18}}], 0x1, 0x4000880)
bind$inet6(r4, &(0x7f0000000240)={0xa, 0x4e23, 0x1, @empty, 0x3}, 0x1c)
fgetxattr(r4, &(0x7f0000000080)=ANY=[@ANYBLOB="627472666e000000000000000000020fefb7a50cc3992f8dc0bd0c8b345b49d19e42d64dd79f"], &(0x7f0000019300)=""/237, 0xed)
read$FUSE(0xffffffffffffffff, &(0x7f000001b5c0)={0x2020}, 0x2020)
read$FUSE(0xffffffffffffffff, &(0x7f0000002680)={0x2020}, 0x2020)
r6 = syz_open_procfs(0x0, &(0x7f00000003c0)='net/mcfilter6\x00')
preadv(r6, &(0x7f00000000c0)=[{&(0x7f00000194c0)=""/136, 0x88}], 0x1, 0x111, 0x0)
syz_genetlink_get_family_id$mptcp(0x0, 0xffffffffffffffff)
sendmsg$MPTCP_PM_CMD_ANNOUNCE(0xffffffffffffffff, 0x0, 0x4040)

9m35.826896499s ago: executing program 32 (id=377):
socketpair$tipc(0x1e, 0x2, 0x0, 0x0)
openat$dsp1(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r0 = socket$inet6(0xa, 0x80001, 0x0)
setsockopt$inet6_group_source_req(r0, 0x29, 0x2e, &(0x7f0000000200)={0x1, {{0xa, 0x0, 0x0, @mcast1={0xff, 0x7}}}, {{0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @local}}}}, 0x108)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
r1 = io_uring_setup(0x6dde, &(0x7f00000002c0)={0x0, 0x62af, 0x1, 0x0, 0xfffffffe})
io_uring_register$IORING_REGISTER_FILES_UPDATE2(r1, 0xe, &(0x7f0000001180)={0x0, 0x0, &(0x7f0000000040)=[{0x0, 0xfdfffffffffffffe}], 0x0, 0x7, 0xfd}, 0x20)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r2, &(0x7f0000000300)=""/102392, 0x18ff8)
futex(&(0x7f000000cffc)=0x1, 0x800000000006, 0x0, 0x0, 0x0, 0x0)
socket$inet(0x2, 0x2, 0x1)
munmap(&(0x7f0000584000/0x800000)=nil, 0x800000)
munmap(&(0x7f0000470000/0x400000)=nil, 0xe06500)
r3 = openat$comedi(0xffffff9c, &(0x7f0000000040)='/dev/comedi2\x00', 0x8a400, 0x0)
ioctl$COMEDI_DEVCONFIG(r3, 0x40946400, &(0x7f0000000140)={'dt2814\x00', [0xb000, 0x5, 0x0, 0x2, 0x2, 0x8f, 0x1007, 0x10, 0x1002, 0xffffffff, 0x3, 0x7, 0xaa, 0x1, 0x5, 0x1, 0x8, 0x3, 0x9, 0x89, 0x108, 0x3, 0x7, 0xa, 0x5, 0x1, 0xb0c4, 0xc, 0x8, 0x400002, 0x2]})
ioctl$TCSETSF(0xffffffffffffffff, 0x5404, 0x0)
r4 = socket$inet6_icmp(0xa, 0x2, 0x3a)
r5 = socket$inet6(0xa, 0x2, 0x3a)
sendmmsg$inet6(r5, &(0x7f0000000e40)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000000300)=ANY=[], 0x18}}], 0x1, 0x4000880)
bind$inet6(r4, &(0x7f0000000240)={0xa, 0x4e23, 0x1, @empty, 0x3}, 0x1c)
fgetxattr(r4, &(0x7f0000000080)=ANY=[@ANYBLOB="627472666e000000000000000000020fefb7a50cc3992f8dc0bd0c8b345b49d19e42d64dd79f"], &(0x7f0000019300)=""/237, 0xed)
read$FUSE(0xffffffffffffffff, &(0x7f000001b5c0)={0x2020}, 0x2020)
read$FUSE(0xffffffffffffffff, &(0x7f0000002680)={0x2020}, 0x2020)
r6 = syz_open_procfs(0x0, &(0x7f00000003c0)='net/mcfilter6\x00')
preadv(r6, &(0x7f00000000c0)=[{&(0x7f00000194c0)=""/136, 0x88}], 0x1, 0x111, 0x0)
syz_genetlink_get_family_id$mptcp(0x0, 0xffffffffffffffff)
sendmsg$MPTCP_PM_CMD_ANNOUNCE(0xffffffffffffffff, 0x0, 0x4040)

16.666991004s ago: executing program 2 (id=3001):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_IOEVENTFD(r1, 0x4040ae79, &(0x7f0000000080)={0xb8e8, 0xffff1000, 0x1, r0, 0x4})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000fe7000/0x18000)=nil, &(0x7f0000000000)=[@text64={0x40, 0x0}], 0x1, 0x1, 0x0, 0x0)
ioctl$KVM_GET_MSRS_cpu(r2, 0xc008ae88, &(0x7f00000001c0)={0x1, 0x0, [{0x488, 0x0, 0x7fffffff}]})
syz_open_dev$vim2m(&(0x7f0000000040), 0x1, 0x2)
openat$6lowpan_enable(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0)

15.662981903s ago: executing program 2 (id=3006):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000380)={0x18, 0x4, 0x0, &(0x7f0000000140)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x20, '\x00', 0x0, 0x2}, 0x94)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x7)
add_key$user(&(0x7f00000002c0), &(0x7f0000000300)={'syz', 0x0}, &(0x7f0000000280)="d25a9850a9d77f10", 0x8, 0xfffffffffffffffe)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000018c0)={&(0x7f00000000c0)=ANY=[@ANYBLOB="480000001000050400"/18], 0x48}, 0x1, 0x0, 0x0, 0x4000011}, 0x0)
add_key$user(&(0x7f00000003c0), &(0x7f0000000440), &(0x7f00000000c0), 0xc9, 0xfffffffffffffffd)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x20042, 0x0)
add_key$user(&(0x7f0000000080), 0x0, 0x0, 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = dup(r1)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000840)={0x1fe, 0x2, 0x2000, 0x1000, &(0x7f0000003000/0x1000)=nil})
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x2)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000040)=[@text64={0x40, 0x0}], 0x1, 0x11, 0x0, 0x0)
syz_kvm_setup_cpu$x86(r1, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000200)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_RUN(r3, 0xae80, 0x0)

15.401184416s ago: executing program 2 (id=3011):
r0 = creat(&(0x7f00000001c0)='./file0\x00', 0x0) (async)
r1 = openat$fuse(0xffffffffffffff9c, &(0x7f00000001c0), 0x2, 0x0)
mount$fuse(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000080), 0x0, &(0x7f0000002380)={{'fd', 0x3d, r1}, 0x2c, {'rootmode', 0x3d, 0x8000}}) (async)
read$FUSE(r1, &(0x7f0000000200)={0x2020, 0x0, <r2=>0x0, <r3=>0x0, <r4=>0x0}, 0x2020) (async)
r5 = open(&(0x7f00000000c0)='./file0\x00', 0x129282, 0x0)
mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000040), 0x2000, &(0x7f0000004640)={'trans=fd,', {'rfdno', 0x3d, r5}, 0x2c, {'wfdno', 0x3d, r0}, 0x2c, {[{@aname={'aname', 0x3d, '\x00\xd2D\xb2K\x94\xad\x14\xdf\\\t\x9d#\xefEY\x86\x97\x01\xa3\xa6\b\x008/\xea\xf9W\x11\xbd\x0e\xe6\xb8\x8d\x03\xca\xf0\x881\x7f\x04\xc5*`b3\xe8%5\xeexZ\bii\v\xea\t\xfd\xbc\xc2\xbf?g\x8d\xe05\xcd\x0e_\xf3\x03\x84`W\x85\x00\x10\xab\xd1W\xf0\x92\x86\x86\x05\x00\x00\x00\xaa\xb1.n\xbf\xc8\xd1\xa5\r\xc7\x04O\xde\xd3w\xe1\xdd\x11g3\x15}\xe0\xc5V\xc3\x97J\x10\x17\xd9\x1c\xf9\xfc:>\x0ea\x81*\x15\x14\xfe\xec\x1d@~\x0f9\xce\xb0\xa5\xe3\x12\x04\xef\x12\xd2J$)7/R8\x0eS\xa7\x14\xfdz\x80g\xd5\x9d\x8e{\xeb\xc9\x19\xf4\xf3k\v\xd0\xeaP\xd8p\xf4\n\xe0\x81\x9c\x9a\xd4o\xc2\xb3\xbc\xd2\x8d3\x87\f\xe1C\xb6\x8ct\x97\xeb\xe9\\\x9c\xb8bs#\xf7*\x1c\xb4g\x9d\xaa,F\xd9\xefI\x91c\xce\x97St&\x97\x9fy\x81\xe7\x90\x9c\x06\xbe[\xdbt\xb3\x84\x98\x87$\xbc\xf8?R\xdae\xa0\x10E\"U\x99\x9f\x92\r\x94&i\x13'}}, {@posixacl}, {@cache_fscache}, {@debug={'debug', 0x3d, 0x80}}, {@dfltuid={'dfltuid', 0x3d, r3}}, {@noextend}, {@version_L}, {@afid={'afid', 0x3d, 0x9}}, {@cache_loose}, {@cache_readahead}], [{@rootcontext={'rootcontext', 0x3d, 'root'}}, {@fowner_lt={'fowner<', r3}}]}}) (async)
write$FUSE_INIT(r1, &(0x7f0000002300)={0x50, 0x0, r2, {0x7, 0x9, 0x0, 0xffffffff90809082, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, 0x0, 0x2}}, 0x50)
syz_fuse_handle_req(r1, &(0x7f0000007080)="f5201a6b6542be6cbad26e239346ffe3dbc7125e4eb0daba2e9ba73337e45b1a2c2828afbe1d99c856f2d7c9b91364a83e3c477d5e9569cf8787de2fd830003be5c3bbb4a246c4e13764c6e255ef511c263c70adb80380cc2b3247fb61ebddd2b945820fc646375953f1322be813b875bf64256ac7a8debe881f8352dc9fd70b9473bf07932110a5d1a94144b2ab0b4cd92458041eef085b29b5c115df0d7db2bea67006c66b64015fc980343e5ff451373afc63f2ae21d63cddeb3b0c53bbb4e0e31663f5b1b53de22517869df6114ac9047ee98a692b4f0e3e7cfc4e42368f217cc705f2bc5d10454ab30eda651c6ee29f0cc5a6ca7b384949955785844742121b5734a8cf3f3fe1d3e5c2085da26a028ba6c84d5cbce6afbe13cbb179d4c251e1d2d68e8c7d9c34eee698ceeb6e40aed55c62c45d8c7fcb2cfe95ce261238ca5c4458647ed7a001788e991e3d2ecfc77bedec164efda9e4a5d5f03043628fd8b5f906371c52e7de2e760b820dce5c3629610a48a036cd54f23ec3ef274f8da724f45c482505864c87359d4411cad79d7434c9a9d79323410b671880a344b933a47d735abd0e63308cf7f6e15790a50ccbcce072526952c763775066125af0fcde57ba3c514301aef17391c76adfc2419829a88e0d91b947d278cd03d94ce98ec639a6163eaa9755b1813685080ce588251fbd4240a7f65cdc1074503b0fe49b24996e52c6899ac90014d9a58566e841bcac357ed59f7e727475be4f7a526a5b420c5d6ababab7e7f8ba6ef6f3455a5aed80f4aaadb58fb38f725d524b4fd63238e07936d62e81ef46bb7346d7f55c4fdbe7606b1053f6faf6d80612311823efe1e6522fd5bbb77c52c868362f263e56ea1447b612d681828561adefdd28fb855fd81f27e2698cc02bbcf7d653cf8dc9eea252f2b1f48c0d2ab70ece454daf9b5829d7106eb8ca8807eebd07d1bf6af6a4523577db893995778759e1be294aea8edb9226a9acbd44f98f60641f87195521491e621b10cc2032434f319e76743601a0bcc99fb3636389172a790e25260de7cb58961f9ad44d16c7604402bbca8cf82be528a64107c0dd114fd3458c471e97888c1c739dc678b43b202c603946cb5720a1e7331282a48afb12b461c41b6fd92b97c6960ac9f664f509b02c8267d722f372b007befada669d4cc36fb931763ffd8744b10e78cb849d40f88d190778a70f902faa4f34cae0b9e163b59b1bae96a933afecbc6a768f1d7ae20bf2771f28c1a3d333ae0b6f691d2f985e1ed6d0e1c29d7db36234b9bec18a1ee98b9ae90e4706d1c952f6059cc4d64bfc14152a88443f260d179c705df71e006a60981fefaa8a51c9c368680b830967b01b60734b9924335d7700b083bd7e87b3ad2f3d497e914368a15c5456d08861fb7513e96acb49935dc3f46fcaa297cdbdc759cb8a5a2515a482ca60440da8b7d5a8c79659d99e3892f9086b372d78622d3689267652c4dd60754cb8eb45028b0c237adff5ffaeaf78ed5a541c57feeb014a53e2a98042d5712d5f7a779b7a12bc120b8cf6df35b258fe1ad7ebdbee88d25355560fad504dce4bd878df5e43c55e765ac324dd8d65ce29c2a93f9e085bb51ff75dbbf314ed6aa3a36330fd146d28654c659f1c6c5089c3619be1c7707be835500fb15bf873ab35517b743207621346db75d16fb21624c04ceddda2d607642004f611db7414e1c593ef38c62e4d27a8b7833436609c284a46edc9b973e790aba0bf4c6bc0069ce9372c6c7b93d15740771ddf9c704338f4af870c649ecdaeab106b1242dbb74c284bfb5d87aa688d27befe1dc0d1019fde1842e89eee67e11f925672ebff47e4503e02fa989297e9468baa6f94b5e0ed2d957efc3b77a10181597c7fb2c94e62db50e46c46d10c1127573bae01166170467b7641d7e07dcd879f04b8dc08dcf460bef8e83aae33151a72eddf9ccac4eb95c48cb4008ba3fea542b2e3c6c4c07850cd4ca551536a20d18ed18852baaaf7339908583aae41f08f3c6f5811cd730e849dc8382e8bdf3519ab900d38a0a9822400d619b52a957b1bbe8384619e5d65588a2ca6bf068ca27fce9aa0448a60d04b3b230db3a939409ec7df45d70a944b34baaf0bf951d205667c8281e9e87468d1a2f6edf79a7d5df12a8564e56d3a952efa4c4be2b09be2c3d699b05268e8cfe998a9f37b8714c92647ada8a8129bc4084624c6f1059f834193deef961f5dbfe500c1bf781f45441984d52800d81d814a82ec4f859c7217146ac447c8462612574a1a8603148ed46bf3e195d417bbe43aa6bf83ea8fb525941ef8dd56149bd6fdcbf626609ddb699e40e83fa4792b39384eb0d1b78c97c6798537b192753caed3a5eaa4a33d54b473b43851cb282cd857ae11a4d34c6b53fc1c334f8ec42672295b88a326b65d338a70bb3d5d866ff55a9ce0345c7a890cd6dee36012c76d862802c9cbaf1abbab99dc898eb432f50474ae6c202121d19f8d0467fcb1279457accf9b777c75390756762dde795d94aaba4c1729f559adc33966fbf517fc91fae21bd8ef22e914bbe6bae774246749ad63d8d16f21c9aebc80a97be408443ae60af610dd3ad9964b2401e049b09dbb46f6126d3d534a7786bb3663719943111231d18e51ed534b1e28807c062280924e5d53a8a1316ca2b5936911a267d5b799fd7d8e5e725271d5b8eb90e3dd9ef9eb1400c68eb8f88622f548af7df4846758cfb74aeb48588d1820f504e97ae1d818feb7113175b04e7c0bae6239672c987253cdf0e9845119f3f200d40f586ab986312144c3525acb78a5784f5707217105bae651e0c000792f4e88c1a924d33fbe5474a71b1e193a8d3a6a65dc485f2a299e7d07a6cf621260dcfc5d79c9243618f57507ca025baa53b3e684667f23dfb8ab9065cc548ad5c881bceb5d937462ea850fc197f5ae8c9489815b2cff853895e987e684195a094d8460ee52ef9d8f6fa0ba01092f0cdffcc7a682ca3125058ce9ed0064d7d0a868b0419b49ded3d93f0c7e1d700288350ff4c130cf6e0b507ce6064623294536c8fc4011b9b40299bfe02144806411d5b36997db26033a5ddeecd6bf3faefd3ca0a6cb70b0561106b2dabb06cf88bb6fa283e43dcd2fa1f33063183e15450385ba6fed4436502211d3181351db793a76ae11ebde2b23f340b7522748a4602ec469b88eb7f3d1325baa536ab8096c58c6f2b4863a541f618112643e194a5873cdae4172bb3005743782d8af22dbf23ab60e7d0f4ceb3ef0975f747d192e80608f35c46e23e1ecee1839558bc5c146dd97aba7651dfd2401fb8aec4eda71b1b15a2570130f0f5ff489ad4355a708a6eafa9752eb5c9f7a83f43c3e3b317e7e68133573f585fc27c5cfc0d90016f5be8594e1cfac36b24570cebb5be46d3f5917441ccadc355536b8b9b455b87667edd802b77178251afdefe9a4b5f0ff7e59fa5cf9b449e18bc4bf8154f15913128a2584f7d60a3c09f467233783690df422d3d9982200eb604ec2ef50830bba6f82e8b91823808fac0b07bc0e51a671c32dea0f2f9aa2cfbbc91cdf54b719b6009ce750bab1680cac77398b2a619d550161fa70e7e8b86fb535f8797fca75708efba7f0d95da4ac235d9de68a50c998a72c0c2da90f511ea456f776c881b8416b894cd835ad13c62b035ef4d220a66c86c1c00de534690e42d064bf4fff946af98aec3f9490d6f0586e891d272a4bfb776ab84bd693af6526c4b09beab2460634d929bcc61cf75b041f067e7b503ecd6a80934e169ebb0ac926a85b53cb1d7b63eee6abcd9e250834da6e4da23b3b3d90c2f726861760ca14b78d5e895eb7fa2e8b39f724a0371412b1c94c6a42f1beeae2328e353971531bddcda730b6a0d90f7c58e3ce5953cf5a6c9e3fd657c92fe4b5b8b0b659353944afa5c69c309527d6d4039e78c675c8d2f527fbcb2b765864fed987f785221862bd7deb66e6676ddebdd19cf4cb26869f562928dc98088bb69281615fc6a2dafc466e70ff9ea1a411e1a3ba3f94ed7d429796afc9f0c95da19a4db691c36407985e5f08473dd8afd9de88b2c26b6ebd2ea35177238e18dfc36d579a80074c06f5cca60cf6d64d27eeb121c6c8e5e09aa3165c101068cb748694695e803540d947f33740d30616001448173ef57bbcb82fcb213348a2a58e2d14480b1ce1ad346729631b91f7e343e37abd8e787274ff4598acc99cc58f3578979e6e6a1926333bd8818a256b58e67c6f77145ee26f24998cab89021423e03326c175adaa8ea905122553948ece311cbcb770222e7f4f373398497c8c301480d031fc53c2a7018d91777cec253e89e28a82d15e01c12c0ccae1b56ecff35b90b19769bff4b786d4624679abe852780e9e4b9985e0564ee604027dc2a60f65d2fcf1d354e163a8465f77eb67e2a6c9fa89ea0768f9cf117fd1ea8969e592da11d34f6f9b7adb24f3261dd14199fea6da6b5d31f825b3706492b3305cbf6ef553fadfcad51a0484f09a8d2491c8a937fdd36d9e0b94fb6bdca6e80a6079739cc1d455fd735e89fe89938a7132dc0c9f181953dd9cf2d106a3f1478b46ddf35aae9bc6932227d79ac4f534967be2cbc30fa254658b61752b534257fcda6338c36710bd8db219ec394b41e7fe541f9086ce19d28e13d2b3c384745fc88ed0cb5ef414e23e8782f99307c49121a733875e9fb9c8559d8ad6bab256dde2bfdee4286c1419b80acf55dd09da71116c0fa902d8e89465c313c311f272a11cd17417372dc74e01f3ba1a9afd8bcb9fad57cde63ad59a6999caaa359e6e5b4216dd3b0bc8d310e28c8a1232cefcbd5070d0537097e370433bc1017b7b1c4efa694a25b4385bccbdf79affb0b6d203b3cefe637fd6f7b51f5ec297471c874a57145b254bd14b89fe62709c94ca3cae304739294c7b4a871768e11cb7a2db0aaeff4abbd00c70b4d4e5e8f8c6d34afe3d619404e20ccf628f7902c17ab1200644fe465751587800d59acb3abd1f8a832a03f1634c0b7e4fb3086fd21c046d7430a1faadbd9b1625ee70c1071bede890f1c07113aed9b1a35ab0fb823e2cb38d2ee6376800f63d28326ec3be129333e1024d17c46198e329779a79f4ee69b56374268fefdd29995e411052bcc92318c636aa9fa634f3e537712f720a52cd95d5472cdd6b4eb66bd1ed2c41cb37c615eb486855671d964ba46ee44eb61ffcb0b22b20632ce3222e4c3037f348d5dec196f9e2bcc2335284f5529e4de9e6b4b84fc559de63357bc8ca0a00c16bdea79372b13abb251fd4bc52f1f732811b65b4c51715da133b20caba229244060fdec0ad4c47fdf1963b6aa1acf998585c59867b5afcd08958dceb9937a97e87b2153f45970ca77e5524c5160c69963717630795e3a4768e2521617bc211926e5cb08edea70cae99c6d7eff4c1e041c7ab0d3473d6ceb3cbc24a9f45c5818896463360490911b1fb77a24aa3b394e3ee1155ea2fbc6686db2c715670dc9187b33f3051b4b894b616bdf7fb287113c315413d83e0540676fe9a48d523bef3280611165fb77c7bb33c0a087fc06e7702fc7d8ea4f7aa264c7ed332af03ae3e392bc0f96ec11e3bca6604ccb7941043fb043b4880de676efaf3f0fba185e90db8e8e6718058fd1d26c49d0a163264d4aaf7094d02d6898f75c6edf2e49edf7b0a645018220535e8694baa1e910df6e493c0812c2cbb16966cb22af208279947f9490f2f5d3a49596050604f920af8fa41c5a339609659f331f24fa0aec3787d052a02541137dd1ccdc30970a879e4a42e491137bb3cddf2c87ea6368bc4d9aad9089af50b71d56bd296d891ac2fbec84303486739a44850680353efa2203d7fcfa00d9cd81433adcad3e6aac009784b63a3b7aca58155b24274b2d41de998321bdf0229ce74a0c61a24d74ceb30d4ba766632c4a48d9db4e3b3334830b12f3136158fb16fa745c2ebad16b65b279d28332894755de3e7ae2aa88f9e2af8a46200c427540eb68907152ee7d53212b55c170ab67c47c884db89757b09dc035ea59fe2be1f384b3edef6925c399753832d32296100ca4e2699154d6ed86bc145e92d699e43c2269ed359a004aee75ac5e730dffec87f239328bc95cc281a9c0bba661f6d36ac11d1151851c70cf39fbbabff2190b619294db73008e3d32acb0b29aa3d28d1e50784dbe35eb911d838bd710336612170666ea5f42b72c32be4d83c4ff61987acd1b1f0cebe281806af8ad4b6e7041431bcb8a93cf0f44826821b0bb9c053468b4d8d034c084ba1c8dfcad9fac6ec379da5425492dc6f7791b1b25d50bd9a930ead9e4faf5b557eebe4461320476a7ae12b0dcc9d171f6d2737b824db7259e62915779dc5e8a08bc69c0c68784202aa3462bdff06af76bdf9f106dd6228211534c4433717947dfaca4b7b61a21d706217e3718b5ccac40c3c4692bd59f222d0c2e98af1ff1919256d7b0540ed69b11f212a9598c7499ba634d1677ecf17517e207d40baed5aa0e25b7e70b6b16f6d6f0c36a146db0644ababd31bc50f5039b3bc4f12b603da2675e121b09fe92c69548dfb9df18d0e50c1387280b7bb1366bf5bbabfcef5557a05ce24df1a02f22f791e06c5e3e21e5fd6db7f2c90ffb83b154b0fd9866c46609dc10b274954caf80e83693f5581f23fd765a18aa4e294bbf7a8721015ea6a6e1ba64f79f6609924d43757fd0752024af79e296415b42de3428f14d9d89f84c2e076a0821cc8921fff677ec7b91178bcbd755ece28477a6bd01fd429d824ddfb62edcdab7c4495edc5a3d27826ea4bddaeacfa7cb17632cee0095ca55d3973812033d96ec5e5ed6880b3a998b4998fb7441e11dd060515bdbfd5aa32aac6ae1fceb8e92d7e8985949946a458ca2f69637de6b92410986f8fa5ba4b1598d8383fdbff2e004dee71500302e3e9270371b39237260bde0888702c7b2bcff69192bd381cfe59b197b9dbe5e2eee27b64c17e95a1dade453a6f29dc8bef1bdd34a92a5275972a2cb18f6f553f99c6098f50198b68cd35d2877d9cdd15074422b43b03170f23138dda44b62b5e161705405d2e9a007f8cc9ec7920d1a6e947ccc57b1a51a728fe1afcb84115fe48be15c894cce96391ab3cdc1bd9aa4cf58213c15d1a849c3f38c8ee34b208766129bbb493558c139f2bfc39df29fc73422127823fc9c993f20d9df9e0acaf0b1729437458e0a857ebfe4a373fd491952a475e9c391b7ee02b79554807c0f12293aa385a3c6b18bfbfc690a7aa9bc85d8adb705eac642ec8611ac62d09d2a6892cd671629d457c2191eb5940114113ed8cd4e8411d96200d3d66f947baa7915610c396402d38f109837d29c8e937fb6223a9d0d605a3d91312908fb5a7df36122c35f7e47855d526915c3a7cea432ca4524fcae3b5c6fbad196c1efef0d129d9b3f9d23104fc3c8a90dbcea0400311e51de50c5abb62fcbedf998ebc1cf23fd76bcc2aea2451f6d0d3b8fdd337ce8d24d7ce2a5b29318df58adb0006d4295c138b4b03060134802626e31a5da92b5a7a8677132523affbdc8d958b955eb4615370497429cd3767f2f708c2cadc233bc3e5efc8c837385749da08c6dd573e3b105ce459d659f790dcaf53c1d0b4d8e0c64b6bce15559e59e66b3b0b2695703e9bd5b1c5bb3c5b1028441391f8fbeadc032e890fe5e3be78569056d147a891f4bc85406e78f962b532eb436b0e047a7d3c88bb89455ffbf1da360207af5d827e9fbbedd8393a828a92382329ff444d9a8128c40e302453550426de4babcdee45108e79533b9747fd21b8f775a76e1d4d54a8a98a65ee3c183be34172877c26e600c89949ced85004d69c24d4fee6f87d2ff24900d41577c78dfbff698d438c0e26ebe15d7b75b49a5b2a5c627da3b13f6458aeff3f0a1944a339b4be5e13d58a71928bb77053beaf7b68568205b62f5a4a9b3c0fef441ede90f012047b0cf2228481fab85d94219ce9f417e4e2b6018b319270a6b6f0de93d0147842f582bd4e41f00720626be2b2f9116875ea4f92e380bcfc33058505ee0336e10c71a5abf6f32c72fe68c68c166454db8e101b3a271f04e4dda8947743e0ac408c73cff69c10e7c015c6b078bab0a1c7aab14a26df087b2b4c859e684aebadff5033d1ebd6c6589a27ac75a075e6ef801f5dece0dbd1e477bb70d2b8553a88b13e304e00735e183feab89edf469cb90c0a5bbf778809a9996f4e72b16417672cd97bdd1c0baa64ea2d782aea9d58ea357b54d06f316076b5c413417061b3c7485b534fcc8bf25d2adf043b47a3d47f0755fe6225bba7569fe672d3507c8e15f7139ef7f606c616c52733413befb248eee53c4a9a16f952ac56e18e221626c4f51eb90c1314167c9677a7eb7004b9b42fd6ec21dd38d5b9032c441166be3f8e9dfed39fb0e654ca3126003decf8e50bf8ace994e16fdbe3f53a36a11ed6f06d1bb8e54f574a83035eba379f2453f2346d11414cafbde87cb5d66b650a5e25ebaced402188c1b4b941e788e1af908fff3ef84c1dadef0550687f0b6aeef6063dc1c8c8efe09d611253efb4d288ea407ef3c043aacc3dfc19a18449b38fb97d9fc0bb67de3e1744f782d3a9d1fc449c3a902b1ec8789e336f731a51cc7fefc43736e04942167fbfdac9f15c5b3f921aaa3df0c9709c21339ce890cd4054828615f18fd12548258440a06dbec3d72719b3e9f5f9967525f90f16993cab09c9eab2b27b29c959c002dbb028cc96297d40822772c16b4b786cc57cd581c02f143d6e728eeac1ab4eca6170748002c0e2269611a2b402f9fa8190d9216b1e1b7de8f81074b8dbb665f0d69c52cf573d07ca0752fd6fe7da88dcf4a915ab1533f5686b766393fe9bf1aeef9d17414d1803708e61973dd205097eb1ed466c8dcfb2c7710caf9df713a11c774fd0469880534ae2ccd1e40216ffa145f0fc832b166896810a678f3a47dd24bc2e6835c16e405a444971068dbd47926f430871121be8f19c8ac4fd0a9e3ff7cd961f90f24265de455694cc291de76437953ac314b1791acbe96d3fcae4fa397287a02eac86f13c931f4d4f49ad52cf1db0efdf7027ee8e468d64d316a2208ae33d8fc3274861b41f2e064c99fbba37b7a0c46a3df8dc4589de7ac28df63ed697a48011c863049345c371f10f7d53a56947e348d07e4ff71eaaaf9aaa09bf1147b80d62a60dcec6d7dd4cbf52f2b0b89d2c7de1f16d63ccc0260b0982fcf105736b50001c19eda998426284713670aab21ce128a80b57920d8c3436edb859d4afd7ed835985b5bec01df5447e66ee8511b28671646e71c0669ab2203c4c9a020000279ba87f089d04924cb33ff82f59da9399ce3f20932c073289938e4e7101d357cce920a2aae72f94d6e1aaf9a3905f4da18a7ee849a39f0d1e83adc67ffab826490d4bfff1f80e8c2c180b08e013daf6d054be660390fc4f872b8d60f14951f05ac0dcb4c4281f71ac2d4cb4d68ffdfe8f5c43160d99ea0077486219bb9400a8fc1faacf12878379a7ea5eae2adbbe2871c1664bea1985d594963935019446d605a61ff79802e114a34610d002cf27e0f4b96c6ff880785307161813f48b68c6f9130a6faee6f332e77755fb68b68248ec113030575b1c262c2430c000d11b269ce4e98a32eea3af403630e83aeaaed1420c9fd66eadcf34d6d1fbe457c5216481ddaf6b397912630999fbc5298eab15ab3cce9de7741367264a4e30a61ff7f1d5e7e64290218d9f6f5c9898cd23ee1ac35ab8d3691bf3df31cef54c161bdf3093390ad2322b6f71f22199ac68c5eab4aa7523b4957202751b675fe82c9d42432c92c2fec148da6e5514e9d5f2618d5a616cdbc4a560b3e36eb6cb8baca3251d8e819ea8f552f07ecca0664a7ef22a3a6c11d023eade70f1b872cf58e89c625f561e4858877e39d324dd448b041e4435b676ce0e86de9045e8b9e8305ae60cb7a41c01ce2318af7f9fa011d24aac2b2d31360ce7b437c46df5756d94d1005a0359b57534c49d1e8e173ba183666a19ff6e6c63388250985249eb40f0f981a2bc34e8196e9c468b1bf329c4ac9cf5f19e46734b1238f99f1e6d8c95ecca9cfafc15c756bb4780b675ec9781bfdb583bd91a7df33ed49daec1d65d14f26d7cfadb9e1de06e922939e924b034e4d128cd66a2f7a87c9399c622922e6e33af68c5115053f42c519a054e295b5f8e420630dc116bb2562ac87a6402e4635bd6c6b95943820f86acd5f48ac519b06f1b0bf1c7a70d69e84c95600e017a67e64536197447b810c21cf86a9d09c37aaf6cc39333b414844ce883cec0ffb23e36d5560e9ff6922a9237a6503c72346ebebf57e59c13e7320f670e1826c802b9cc674b55284ddb061e6e38b16c58532497709028ccc4c000604d4a72b3255170a217ac411ea68e64fb3b63653b985abc42bf21629775a05812ef159992320c3cb93805bbebb250e2f9f92b2c8795c388fea24de5e70d45f8ad1764a6e39a1d588191f77fd7bd0408252c784deef806464edc1b4d3de83df34f1b615e10ba20948ca9f28c4f435163e1f5a6fdd0bc8ef397c25b7d704e1ff1dca065022b99778c05ad39f806c3f7ae4278b768eac09b7d317ec5e07db3fc5579a29fb42658ba66c68afb3b8401b2e09c13bc0652309b26cfab2febc3e96a6da6341e6e860468aca74caf06bfc576124594c3f123d5e987319862b0700bd257cff3ea8abff23ebf1a62e575741db2902761578de5c72f4d37bf9186c2391dfff0fcdf2969df27ac0c34d3f07feb0d1887de871e96916add75c15ce2f795749ceadacca94df5808a1629ccd906b3776e7c2a9e94393243de87656432ec21be389731be9821fc035859fffd503f9c8279bd4a36f3be1e3ba0beecaaf6ee44203d8b76c4ca97da38f63fd07ed7812601ab9095a77d52397ecc31819b91d3c28f639bda94c46a5d527abe34bc579338a4db395c57dbeec31a37685ee8121284b63583e026783e47d58deaad78a17e9a946ae7a3db89d8d78d9f37ee5861de7ca92e7335dade99819ecfd63770413b17de97bf403a6d97e163f7eead7d8c182b77cc3d0e0f28f30839445ef751bcf4f21b5803a4e8754fd9a3addb2553ad1d81879addbdc2668e5f2e15926ed805ce7b4ae01be9677c322d59d619cfc806a4946f59010aac481e49d0a0b2ccd0fbd88abf07d4912a081c81633f4a6e0e68eceee686d58a43c45d3bec1046d3bb8d7fc727dda7cfe22af174219bc8e928ca15ff9ce2c707bcea190f8fdeb86a2dc99d7ca81b78efdb0062f1967bb66132164d227e149aa52f39af5e763705373c864323a5885dc6061b5a2ee5501d0b1aa465d93052f29d033a750b1b9cc85fddc0cf168ddc62fb2d1570458d246906fbb689bc8ee3864901eb43f96c19482a7ba7a52fe08b241a32aa9a2774359132b5e1905a08ba37244265070f6d69a428a5834f10d9ba45f476f9e88e856ac223d8cf6ff04894faa2590ecd0a3f6938d661d8aecf6223ae99c414962a86fdc1c2599cee39e9f0153a57ed809bd90023c8d688cc1aa7b5eec5fcd01d07d001", 0x2000, &(0x7f0000006dc0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000006600)={0x20}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
read$FUSE(r1, &(0x7f00000024c0)={0x2020, 0x0, <r6=>0x0, <r7=>0x0}, 0x2020)
write$FUSE_INTERRUPT(r1, &(0x7f0000002240)={0x10, 0xffffffffffffffda, r6}, 0x10) (async)
syz_fuse_handle_req(r1, &(0x7f0000009080)="d37f438c8ff0a793bb0fd85e80a3add0f8f65f17e46f60227e8b09439e47ae441d91f7c50d52383be1a08cfa58969071ef9251774b2aa82db4b537beb0834e94c9f625097a9fd8ae5d86ccc28ae9a5fbf7a931329d6c0aa28650849abea29afd035f5eb12f8126d5b8c277c8c14f25965396c229226cf8b0c6da769454f1981c1b0a8180b80469005a03d24fee1d6f5543a43d7156a0da6f40f6e4344cdfe5f96f373459fabd8c1fb029f3cbb965f11e04c92468dc54884926996135312816573b5f052907705fb31ed724a8097b4eb9a547bd0a4f9c66421393b19fe59fbc07bc8c6319225509823784428ca5f20741130774b9090811966d1de850ef61c965ba07e2fe52380c4bee79f58db0931b3d0c06cfac96c9e8676eb0e10ddcecb47f17e8c4ea80d3f67a9e04f5edae06ec33863b9fb5edf40c87fbdc5a00936d260eb32c3df5a905d3041a54d0fade7b220027169911111af6142645e771ce84efdff5ef5f3fe5b1efdb67ba83dd9f94008f787ecee2ec9849c34a8699900b3151e799fb1704100f2075cf313f719efba77efdfdf5e37379232785af24729608cf1099a9eeb643813fe492fbd86788f43e231fe0a6f3f0bf302efeaffa32890b1e48818959d7d2aabb83f062e356a81605f55da96df097b11471c46947910bb3e5e40a5a5c92077231d68efaec50b848907d1e37e18d885f5bd95d939ade1852a5e2f516781e1868f0894c8c0872c84d9c80fcfe085ac88e2a8caf63b3444f6d5f63c4582e766f1fb06a204d7b8c266e29bb43e04f42dc241b0f6926ea4b0340f0b3ac232d92677f2ec099b17361d988b72311e5e93d6d93ca3bb711c5fb979684f67f6ba32901b8adb223fea467157c55e8d5540743af46d36e6670fe21254ed91e207044db3424d42a63d780f2269ca3427aeb73632fb93dd42b07eff0f5ed90707423066f834c2881ae5272af5b3c04c6b9cadb8b234d24c5341696960a23f242837d91d6751695e9f07577bb81aea171df43b27c44ca5b815e66f63848403320ffdf2926f500b16e7496b835ae7a09288847cbb232e2e271cd732e38309d41ffb55391dc4a157e0c02505f54430a70a9ac197f5573a0b11722aec13a9adea4d8e0022810ca28414964d40cbcbf9d2704aa82637e13d561c4fed2ed602be375e547a7fa7198e6a75293abb3903d0b8204ba21dd369a79159cdd810162c2a2ee722bf4e43b7679dfb8b4ac9e768fb3d391fc4f1839f2e91f1c62050b8154cafb6dd19a3f8716a5c072725c5dad281281605ac02632d041accf07bed8135f4cab566db7e01c6902be5728fb01cd6b17edb8870e3417897a604ec795c440334b1bf9b6180ac13d13298b80b8f4352b0bb36ac151607d6ebedae06f8a0582ecd3963a6df647c38c64402ab29ed79533efbe311df5c29d9f1928371e99094f3e7d8aa3d277fe0e3471c6746ca5dab72d6ec161e05b46829c7b437cbbfd82e8606153f23205f051002e23a17906056a50a0d402814df2bfc1de9906b2ab651770a482315e06146af144acf0beea22a5a9bc61931d293483d0f3bf04e62e89cce3e3ee781b3340f59f8a026228e6f3cab05f23ea71334eadcaa1068f1b67f1eee3ee1698e92bc68759a3534069de9132ef7d853f4e20dc1cac32b42a995da861ee19c52e8387528db1ff0245807a1fb19c1670bc3c56f44db0333d7568eef79964f00d6d242a3735cf372c844d6cfcd9bd8934f14dbd5cb907108190fb7ed919840429d4da052d95a242e93db7f07c2c1f8f141026e15a767cc9386b31a18ecc82c4603354236446e9c79ad6899049648b4244446dad02225c5837fb8b033ce4db1fb044df7131bc99316434f232b8049701d33235e581341c5bb08208703e4daa83c0d4e1ab73e8c0724d0e9d6be114927acd0b792ab9464dd3b67963ed235243ebbc16e6af057e984fffc2554582cdd6548d9a929a89b39650a12511ea208ea9553703ec994318d50cea6a632724b08b0af3c11a4ca9d95dba675112563fbd166463cde649917402548547d54cede66d711d805060beed06c79be0c682dde2548a899bb121926ac690ecf1220764874c37810abc3c64291fef538f8959ed50a4b9f6058b8c45735fc783f3ec592c022b066583950037fed74e12f0fc8f04db78cae682c706fdc3783a206167336ff9e4707ce741893beec04916626c4ed07db0a73bfa5d786e3f3585e4b7b37f3968f08f8971963fef1a7b7311d4bef7b5a5d72d3c40297da80d995d866220e005713d69b5dec9a4481301e9aa6ba8a6bb1f911c1d9f827838edb81348231f3da450c1044c9c722d31a1fadccbbac0d82de32f2a46c0a083ec89e2baf21b2b1655702e7d58b950df5904f76f129d15c93f95550e3b52c72eb79a1e09aa253c35fce97977f881f61acc6268c2596b755f1838b390565d780929c4c6ba4c8d417775facfffce5c0bcc1f075913f5477563d06b3583c3bdcc7330bd6d1a8bdcce29f8452668a9f2a613f21d5195ba1a1bf134e80be88ee8fdd994936b1b40a0f2e98723d8bc53aef7b5af884f5fccd3eaf2dda01278be0b26eccd63cf68278e06e59889b8b9327550b615df368d99bd6d19636477c4d592e365b0c8c43a23d434ec3d622184f325d6d1c8b704aeac87359d9c09012deb32db9bc034fbf10b4662d6618b4d849a9546f00ed3265c22807072482b0ea4eacad35e10bded78ddc4e4025c7ba521b709e4923cfa8b6964fff4ef513965c4c71a77447daf08f7ddd10f2319b57c8075046ed4820e135f883fd4358edf30fc9965b16885aeb0f82cef2556f67bd33c44edad1a2e3bafe648f5e3797a62931218a468f637832f7ec481526824ebb8de5c207733c54313add8a24131f6de8eb8ddab462b5ac7693f7b278b38728449c9d595af99ba5b1548fd942b7b8538456a261a3ee3a7d18fb3e6180b6cfc9adc76a1defa797b57bcbcb9cb47fdeb2316fd2d913dd4aa0239638fc5c3d29df965aec2ade1f556ad58c9159c9f1b6e05691f476c5ff73230eb74a891f7b285de923d1cab7cf1fe2c82cc6ebcee9dd0be04bbc4d01b2ba8c2525fc4120ffae3df6bfe44663ee532ceb5a21db4f2204386f84e2f51666af55cda90dba169a9cd1adeadd7c90322af2656c3166fee2dc39b2db56e2e18b6f7a24bb7b0494320d2000d629e93427d224587dedb5c196b1796fec0c526a8a0355951045677733b33cb42ec170f137b934c4c6e141a8f8ebbeb1970797a29225901780f96521939b2edf85b1a456e9f97d02782104583757126159f264d9ed95e801561d63f0ca075543813c732e75deb01e585fb5b7bdbd7311d9f346e512b36e972489988f53f42118bbfefd3a52ff1fb97f47eaab7f8baa8e1f397bf877588c1c898690885273e47c1bdce3f220f80828fb7489283d5529756514842974a55cd95aa5a75a18627897836311486300bde4fec1c312c735e5ba3419028cbeeaef709d97752a12f83650aec7305232f22f90b8718113f06b3cf48cae0b365c456aa17610a78454fb81020c84ab51e27891dfe6e3820bb8c4ce0a5f72c72f2523b10be64a3c05f76e7bcb7b6c9aab9e49bc0c2b6044b66c475988f0a078f53912a9c442a40243da943376c8f75e74eac306c61004f6a88a818e3e992c0ccadf44e48c95472359c79f04462598dd467cc140e665e57b9b98702096750b82f291ee11b80a9064dc4a0c790107ac0aca2166e4a964aeadab9ec1ed1ca686b36ff00f75a3a131c09e3297d0471b689475941d09e09c62d94840a6083b1e8d80c22c9e10f3575cf53fe80702e0ef82f43bb13a1128a4f76a1728da93d86a5c86fe831334442deb1e003c96cc40a65ee721e219c06c01e75176d1035ec855258d3fc565f0d6eb31910c3c4e4450c65755ca563f0d877861df816160dbccce49865e0c6e9dc7cc281481b9f6bb8dee95d6a572421f1b2dc1995e0a3fde00ae6073015ae4176519e586ef434df534667d30ab103b7815f5a992e51004471ecdbbd8d9d464e7c24124a928b5aa925458825024ad03ad526a5b08ba1b30fef04288035749c266612bdd5caf4ed5245f67f5fccaabc6b2d8994c395dc7f8ce00089f4eacefb18e65a2d9d04136cd9172ce5aedad596d11fdd4b599f7f544f92a398042821b7c1e6ffdf053a35f95f9997791bbf6a0ecbc69531d14b2fd6b18dce4267816ef2fc135b24d76be1b59e35fd76796e9fd92dcb38c08968d9be724eb8a22575e7a7e2649f2a27fb3fac57f6aa53917ae27cd8efc4b6469de6155c3b9654a70ca7fa318682d1fbbf7e3e9f85f3fdf91f96eba538c899f3aebb79fa0ff96f122859061c2aca2a2fbac5640807cc7dec2a5f37a84cfe69af9775a703281d271a38ce08adcfe26ad3df7d0a1065393791dcb526634ceb5c33061fd83b4e1c72fa175585e0f839c9651002896fc7a6ced33919105de91d17083c8f6985e24ffd0fb35dd558af58cab9003e1fb7f87075704396ff677ae7a99725ac2c50c3a9edb15cce24de9a734f81f5187099b2ec316c6cf536c628445799bfc13803c6e94fa844de4b294b6f9b7f96ecf666c1088eee0997dc3d925e45fe9157ff86699e68ad786e973468de54ca6c9156c2e30541e97fb7b845ec2acdbfab05a03009de8260b444c48c0e64940a441d56446b33c698631f480dbcd6f8726e4c287c262bbb6de251c930e717797af777283e0575e8e1304af50cdc493f429dcbfa518e592550e980bf4516ff177a725c59ed0f8d9384bf9bbfe024560062eaf58bc6dd4ad29d71a39f02e00f6ca44ea68b9019387add513c767693d5535e46b3ff697aaeaeffe8e85b86ae877586fd706fbdcc492208c1b61556b80af1f80b018391a4d42e030d89e57c8c8c323c23805551954bcfeffb2c08f9043f24db22a9285f9edb6c66e1091b9dd8e51a228dac137df945491c53014a79b3e033305b1678d7664afc79bd04b0c397c0fb4a12fe3116b24e4d42830e3fb611b337f449c1e0e9667b09690b37789e45cc3007f4a56539c782fa41cbc30f8b213f36e03a1bcee413ae9b4706561c5c68e0ad645423eb5e799ca52a0cbb7e9468a7a0e253b5ea76f6a79a5dc9d72d5aab07703a814922f1fbe1eba0336659ae0acc46b46088b895846435a02bbacd4663f652c0e1289411bada43f1335d48d8ca7a021a60c8a19a8a894aa3375758a140bd040e24aabb0736f79ad95f2090a78418360cfba57398dbf3645bd6c964e53923ded0751512e8cadb650ab833ec3167e8bf385bfbbba46e0845e745810d0133cea434ddab18ef066caea680f16604baf0ee56b1f631f5ccf754fc79285af9d17d99346f7bcd7048dcbb3f0fbd6c2aaa415821f73e4ef5c09fffa911a7ecda2961342d0db95a92d597e8755e41fda1e39c65efc82ca82b22172b3e2017ec5bfbbdbecccc318190eca29ca4dfe393afbbaede3fbc53aa54fde14a1d98a3f0e673bd710d73a978cd7b37901915811c1a8478c61c4021792bd07d42a0e4f7f367139fd78ad1b6cc23c94bfc98bf73c8891c5c69c00c0aa4ba3d76472543fd8d2fef44f4fa928906a60f726a7aed2c6435ea80ffa1d91efc4a605b48845a1e66a7a79c92a869549383256e7724f796aa893c3a86c8c501dcef329d79d7ad5836cd41d48d0ddee68cd5dce8e59724bcf7a0d6872deae7dd15939db46b978fdb77158c3076ecc720b3fe3fefff15b28f7f1304c375a435f20c714576dfc8c9f53af9b6dd7d7ba14d8fe4408f8ffbd61aa0f1194e3c57d63519f96e42fdc97e7adfd686fdbef39bdca9a2716b337e406a909f3b2eed19e24408e8dbe91b5aa98fa62b6fb6f9f13dee6a5da24b24cd2cd859029aabb2bace5492de4985a19c508d2062e6b580bac1a55a41aecabf0d63f48315a6497f11a5a09bdfd1649203eedcd03069cac0bde4f7691e57e2a054e1c192f6d78f2647af7cfffc4daad033521b87103c5bbb81eafb0ff72c4cfc7beab3cd7074ed50f23021e917e85a0ea2dec4dd0d7f8efa68f15a1296ca768fac34f630014743eeeed57f80165e268c1cef7d5d385edb955195a3e44b8b388dcab72083fc2dc23d71913bb98ef2a34ad6df1675b936e294ebba47dbd74daa8098fcb627a1e17616d8775cf1fdec8676d57ce31bd4bfbe821a03ef251f651ce97dbae57f99c6755470e9cdd17699c568ada69a64621dd5625d95b0b550c596292b1816b9516cc7d8f02f8be32afda1f4357419b28363cec40c7429e7687531fb00de4d2e03fe4ca448e66ad17c58d909df244f4f7ed265164b42273187816e0872e6818b8bdf48097d108f4c67ffa10038f7d2a705b4489c9af1284a7b34dec3e5b56f350c880277fca26427e0746eece173de1ae1104b7822a9fd45b262e5f3ce16a64dfa69e84f077296144f0c119bd2aac2251f463b3e8177dc259088c8a1794953b248b95e7c6e6f91ed45a7d3bce7e91ec72b98c06ba6c625bfdefc69c7416d89a0b1f3bcab5aed96370d74c6812ef0338368756f83f4be0331cde6d11d9a917483f25beda96af71882c3d4d1b3785932fa0bc93d611c919dcb116699db1a3d26ad6826937a984fa121fac7a45ff220520f702ee942793dbf7023b98c9cca4f150bccd29f26aff58e2255aa73fb7a7abd24b501bd403f24900d42e88c57494ab5ef8bacc07ff9904b100d709cc9b1018cacfa42d839476b7aeceeb2236e2c1151d441b167036bef84069401d67a1473d5d11cc109bd39a1fca5d5aa347c4fd5f6f3c12a8f5d1ec344dc1717f5e8e1aae6d7b7c42aa633ffdcb46c32ac667d933cb9fdaf6d83eefe77d8733a59fcf394d063efa474df67697f881991a34fa79bb78f3b19e9b29cc7b03ca7390b0ca6064a961f3fed249db4ff2c01840373b6242034cbac645d59743f1a90f372ee0c17efade2cef03e3f0edc640dfb629c6b98dc2f28ce06aff3574a2cbdb4b06fba31b2dfe34bba7e34e02a786fa4473d5ba847f4f1e644c1bad62ebd5ca9306219ad6beacb8a54ba299e1bad887293f1b65ff956ea2a562e290df607a608503afee3ae180d600f1d14a9459cd5a399c7e2c7bbde19c11ac869d34ea5e990a759e346c3d538108a277894d6ec7bc6fcd65862a2d9d0696551a4a37379feafb313a09f2575c52641db9f46f4cc5e851f67ce633572b6ffcea7b7c24b44b40d32e55e4f3b426e464c07741648f30d51fe3eb162cadcecf21b7182cc915ffd887e85c385b5989f87910c5c990d639f8d2cd9234c534400088ef49733c94f39131fd51d784a407a07eae6d5359acfa35994ec3760ca3866404a5faed0fb210ce1b849868a6007c8e839ac7518172928277bf2dc43d163d2a0f6146cca1738ec3526762e8e2caf69606a3980bd08fba42ec7cbf48d315e45b834bfb14221de8259250c4ae9590520288c73bfc7d8076d3fe46b772491173ea0daa76cb5cb40637a038ce734d72c0c020494062843715e762d71a8f8518fa7d837391c06b62c96efc17651158657db8ea9a57634b0b5628b06fd5d568fb02185a63a6beb56013cfb4fd1695b102fb58f39161232af39f6d87c5ff6af247df3d549b7f6f81cddf4e3cb12b18634e69df5af55127f72670a3104ce5aba7877c32ee4b0cfa076247a95750e830a240b092baec2f473e83581e5799d69593247f0e78ad8e44c0e0d09fc55888107c4badcdb20b2c82d5915b3b03060e53d199b20b29ad6742655bf62343421f826daf1a3c0c493c96bf719bdf0a8dc9a4fc3f75bcebec3aebfd898ef161cd4e2e33a142c36f673cd8da72edae4f691a4271881d326d77fca0af396bc1eaf9e9d2a047562f91f0e87972e3ae5abb75e352f28c81351c4be6a34e5a01b8ed8461f14e21d1afc9260d838b43e9e2ae078d64b6c718232bcd2b26d3c57beb3c605e00c6f9c1031a3bae4b1872ba5d6c23199253929f1cf57a2e961d798ca9d315fa6b9855c8e7efcc24ccde498a3f1ba23755360044f024753f886f97016bd45a56d802f3e9e040a84f6c46cd5aa99fd4471b97cdb0bd8d265853fb79c42b4cad7eda49ca08d3cefffee2d3f1b5f083a06ea4be4b0acf84ca27e5a8d579d3135f3e59bd5b823b2bef7708189f54c8f0d576e4c6bdbf932b55bc792bb302cddc5c555e4903eff45b493f9498f7bf184035335ad1ba1547795a443c9afb30f932e7d1b042fe1690cd34d98e2331cbe38108be26f8ed615590e8bd99fd01b700b21e6ed61de92297d8b447c723089cee359ccd4517328d54ebc43a3f9173698c4362a6130508c9a0ea57b9a8a74a997a21e3e2a7223ad3debd80f70aff2eba5a862aa667052462bf6635eca2dd3350ef70fda58f8492d34c5b819c802f97b8765680c39fcab3b92f8a8be88a93b5bfc1dbba3fbfd3051c4443e766f4cc6a9d0f96b66a081e9316a44efe5973479ae74bf13c18711218f75d7f4e6f70b0a34ff2a1aec8d1e3181a65b4d5f21f0c19789a2ff90ae5e1298e707628e97e6a5048ac29d916193577506a7f5a9cfb0c73d16a67a2e1f872c8026891e98df07579877460c845bf967f87d75295ed29ddf626340f313bb35a04f9304e34773eda19650f25a08b2bd603297d9edd7f7d1b88d0b18e7bc35b0593961e7403a03550a20a0eab83cb00e659f5fccc189d14b28f11b8f55db517ab124b3718e70868d2131c74640bc682ee785a75cf960a79fead7965d0798d98e386598efb5ce92b0ceeec4e63e2eee3a15642ac72691517c4197a667de3e57a56e2d6e4ecb5a2bc401f90ec2239baf6a9a418267fe2228f7776c7f932a048cd9aada01c2e6d9466ecc434ba61eb97a0d6eb00e719940b3dca3ae25b94e9040ee238184eeaf46e51b61d855ce476d10dd9cb09df18c585304bc4f9e88060e4bdd6e624dd90d7ae8874c0af1e17e67d3bb27babd15880cc61f22b6a0b24df6d03faa13f0c918a7b960f47d939934d9ae90edc40251fb53c9fde3ee255e49c8541d995a644d35b46ab202e56ad1de3da1c5ee587f167b398392d0fba4a43eedeaccb0ba16f571055381fe3885490c71e0805b1b3186bf2652b9a9df69d8d1232cf704fddfb5e7d3ff78ba5ae3b843f4f9b82161e223343240c33a9cd21eb312806163ebb2e60bc98b68b3d95bdd923f6ea831083c13ca65e4a06e999b2d01650ed218d72c5b776fd21ae21d14e23e9074de20d6d16520b1061aa4db3b5b8077b1c43aa375c68a6243ad582a148dc6878ceb2ab6792cac38ef21765df51171436a412f60f5dc68fba51aae8c4909efa690340fd8a63cbfa4af6235c1c904a20578f54b9c91b1fb8017d05321e0bb9eda1502c1506f3d2939977af87d1f9329e237c129d5cb65e093396f016eb0c2f0aa5cab92a00259f6056532ef188be500fec4cd4614e29daf5b41da2b4742b02999e651c42d2f405344a232e36278785dc7a681d0ee2014ce3214f44ff9d2c3e083e18c299cd7cc8ddea4b805c673cb7479a553f28349235d37874ae3da878a5b6321e501c2b77470dd15b35ace69b1b8e3ba20cce47acb8350f206d136dfdcea697bf558bf3426bb1e0ebcf2797a1c7a181fad43b8c68633b361d40868c279896eb1c628656a9b57dcde8444ff92f2cc1d2dfa1998054487d8fcf11b852019ac21ae0582b1c8f4ff90f31d862e20740d7b803b0f109a8d1506137ca58167e8be1d13e6a5590e2bf2af5cbb7e79db2f4cdec83983463e1e830f54f8534e4c660039c0d372c7c757be3498f6be9ff6b6d13b88ca0ee07a0fd4df8cb13de0fa094cd3b9eb87032a6aaa757a6391ccf98fa7f9d99065b4f747e70ca497af77fbad520c589445d3401c67972ff7e274571b8c35a17ae78de90c81f791a69d70975208153f94ac7199c45de1ca5746887ec677452fd1a018b7287ac45e14ecdf1876229964153cfe6b39f1d50a9be63a0eb10016607ff338751cf9bb97c917d532be1174d0410e26dcfab873769b71db87758c0ad015b1db4b7565e244925ea0dc24313ac65f0355abcfa96c786b8ab7b32166bbf4c7ddae0d3f63d1aad63a9b105e05825aa012e075ba3e1c20b757e1dce75f6fe14e891a20988d365cb5e69206a1b7d8caf2effc73eb577330cb56495fbeaa6b7aef3467a32f53634e468208a8e55d626f98a2b51d39b48341c27306e59c0fc5c8058719b526eac245ce857288976abdfc9be1d4f220817f879c15cf0a258f89cd8269113821b0a1073165923748c6e8e0331ae9e7df11e62a80bf28559850cce385a98e0f48209ebcf69e8938a7605e96f4ffcf580b6c1df742766458763dc91b34035c12396b06ca5995b8feee35e1a3891cca0402fb9e739d8f8aa1a637b7c8c2c458493a323fbe5a76f866e2d9adf0d1d76950bc527a969f61c8519508eb5a93447d212e209c724aa16a949d8be1b14c8711d4c85e728e9d50b5b78b76242f9d59d866a86da0f129201a5b665611360ab3f4b678746cbba1b47884d2bfe4d3e38bf441fac354654c5077620cdf5870fda1fd5ca2bf4780d474a27cb660dd9d7ea83d423240c7ffe743dbefa3b922ac6d5f9544a7d5477dc44761a1d47633f67fe220f37630d678daeb62360b5f4f5d40493169f6554897c5d05c4909834fb2ef1494f8bbbf9e986761b931a26b0ab76b88d4f9b9bd9a024dc39819e0a139eefba8f617401811b4a7b97212aa82965e6008447979d19bfeacceedd48a24d65b8a1705d686fa8c44100d27dca9bc764b74345e1da71bfd9604e2f5bfdd28097f90e98f91ca81b08e827f7a3e742e6c019691afb612042a375985b01b94b3eb61a484fc2ece84f53ba5738273c80047663ec335d31f1ce43c6205a78fe7712626e8e6ff691b5bb9fe1a41909db60d8644d73936c4eb663bbfef030499c8c7d31f4eacae3cbf736a1eba6f85008139ba7eaf5f1ef8804f617e56c820c24f139b7036887f2ed2de32fd63574d0359ad4026e67c550b4ae960a2ce234a20e076da3f91a7ed60bd59a38e1acd7941a66bf3e755a431cead3f01600c6e47564167340f3f853efae37b036988bf4b30849d9dd5d0d09b1799bf9fadca76c497a1345018c8724065291bd8cc633e06359b72040a7673ffe5e86c240d043963bf2d76a0fbf50243a63d45d7f3358e1b9d1f3cbffd7e60429afee778f305e7d8f07c3e49a104f3a4e92118ce84cd11839f507656757d6e89ff296cf792ca2f1429aa80c8092b970d6f065eda3fb25b6b8a699561f8fe5236bbbc96f15860e29326a5a2671a88545a65e587d986615998a124a97820a65f81779b3101086e6f261177a66858d788c5c66521408a9e70238719614aa6232a3ef7a33e99d3b1dcdc20c33e8124b1dabe50ce9e4eadf34685560039e7d7e08f038f2004da7703bc4a30a28409719092e6640e743ee8a4e75dea106314a26ed5cae5d02bf9c8b0e96020a6b7941db7f0c311476f377a992caccff7f1919062f9db36ba72b29e9dc0880fb8eb24f41e0a6cbaa487058c6fbe6b062b372e0b84c9fcfd64d84724b6cda7fb3f582abaa6757782b20f9c1fad78f98273129caaa9496c1dbbbd167b52bae60dc327d1e18d82450ff9b6b108a0f20cbee500", 0x2000, &(0x7f0000002440)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f00000045c0)={0x78, 0x0, 0x6, {0x8, 0xa, 0x0, {0x0, 0x6, 0x1, 0x3fffffffffe, 0x4, 0x100000000004, 0xe767, 0x8, 0x10000, 0x4000, 0xbfffffff, r7, r4, 0x9, 0x2}}}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) (async)
r8 = syz_open_dev$loop(&(0x7f0000000100), 0xf01c, 0x0)
r9 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cgroup.stat\x00', 0x275a, 0x0)
r10 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r11 = syz_genetlink_get_family_id$ieee802154(&(0x7f0000000240), r10) (async)
r12 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$IEEE802154_LLSEC_DEL_KEY(r12, &(0x7f0000001bc0)={0x0, 0x0, &(0x7f0000001b80)={&(0x7f0000001b00)={0x30, r11, 0x1, 0x70bd28, 0x25dfdbfb, {}, [@IEEE802154_ATTR_LLSEC_KEY_ID={0x5, 0x2e, 0x8}, @IEEE802154_ATTR_DEV_NAME={0xa, 0x1, 'wpan1\x00'}, @IEEE802154_ATTR_LLSEC_KEY_MODE={0x5, 0x2b, 0x3}]}, 0x30}, 0x1, 0x0, 0x0, 0x40000c4}, 0x0) (async)
write$binfmt_script(r9, &(0x7f0000000880)={'#! ', './file1/../file0', [{0x20, 'cgroup.stat,Zz\r\xca~\x84\xb5\xcdgF\x00\x93E^\xbd\xb0\xe1\v\x9b\xed\xc8\xf4\xdd\xc8|\x8a\x9bJx\xa8\xda{\x1bn\xb0e\xcdk\x83gD\x81w\xc9\x115e\xd33G\x99\x87B\xe8\xb9\xee\x16\xed\x9b+\x92|\x05q'}, {0x20, '\x00\xd2D\xb2K\x94\xad\x14\xdf\\\t\x9d#\xefEY\x86\x97\x01\xa3\xa6\b\x008/\xea\xf9W\x11\xbd\x0e\xe6\xb8\x8d\x03\xca\xf0\x881\x7f\x04\xc5*`b3\xe8%5\xeexZ\bii\v\xea\t\xfd\xbc\xc2\xbf?g\x8d\xe05\xcd\x0e_\xf3\x03\x84`W\x85\x00\x10\xab\xd1W\xf0\x92\x86\x86\x05\x00\x00\x00\xaa\xb1.n\xbf\xc8\xd1\xa5\r\xc7\x04O\xde\xd3w\xe1\xdd\x11g3\x15}\xe0\xc5V\xc3\x97J\x10\x17\xd9\x1c\xf9\xfc:>\x0ea\x81*\x15\x14\xfe\xec\x1d@~\x0f9\xce\xb0\xa5\xe3\x12\x04\xef\x12\xd2J$)7/R8\x0eS\xa7\x14\xfdz\x80g\xd5\x9d\x8e{\xeb\xc9\x19\xf4\xf3k\v\xd0\xeaP\xd8p\xf4\n\xe0\x81\x9c\x9a\xd4o\xc2\xb3\xbc\xd2\x8d3\x87\f\xe1C\xb6\x8ct\x97\xeb\xe9\\\x9c\xb8bs#\xf7*\x1c\xb4g\x9d\xaa,F\xd9\xefI\x91c\xce\x97St&\x97\x9fy\x81\xe7\x90\x9c\x06\xbe[\xdbt\xb3\x84\x98\x87$\xbc\xf8?R\xdae\xa0\x10E\"U\x99\x9f\x92\r\x94&i\x13'}, {0x20, '[\'+!\x11\\'}, {0x20, '\xb9,\xec\x89]\xab\xc9\xf3\xe5\xda\xb7El O\xeb,\xc9\xae\xcc[N\xd0o\xe7\x03\x1f\x84\xc4\xb6T\x18\xac\f\x10\x18c\xb8g\xb1\x97\xa9{\xd4A]\x1d\xeb\xeb\xdaO}\xd6\xbd$\xac\xfa\xae\xb3\x8f\xe0\xf7\xac\xb7\x12\xce\f\x83\x02G\xc7\xe9\xe1\xea\xfd\xcf\xaf\\\xea\xdd\x91\xc6\r\x00\x00\xd8\xa9\xaa\xd66R\x94\x05\x8e\xc9\xe7;\xeb\x87\xeb^~\xf9dY\x8cl\x01\xcd\xc9\xfd\x0e\xfeI\xe9\x16\xc5_<\xff ]}Y\x85\f\xcb4'}, {0x20, '{@Y\xf4\xe4lC\n\x00\xc7t\xe9\xf2\xb1?77g\xa3\xb2t\x1c\x02`\x98\x12\xc3\xce\x1e\x0f\xcd\xb908|\x82\xb2Wv\xb2*\x15\xe4\xdf\xc8b<X\xe6\xdb\x12r\xf2\x1c?\xae\x9a\xf7BO\xc6\xdd\xd3z\xfbv)\xf9\xaaw\xd3.\xf2?\x99\xaby\xf4>9\xda\xfcIgF\x1c\x03\xa8\xcdM\x88\xb0\xcdy\xc95\xf2\"i8\xbda\xe5\xda\xf7\xee\x8c\xc3\x99k\xfd1\xea\'q\x85\xb9\x1eS9\x99\xac\xd7W`'}]}, 0x26f) (async)
ioctl$LOOP_CONFIGURE(r8, 0x4c0a, &(0x7f00000002c0)={r9, 0x0, {0x2a00, 0x80010000, 0x0, 0x0, 0x0, 0x0, 0x0, 0xa, 0x1c, "fee8a2ab78fc5e3ed1e00d96072000001ea89de2b7fb00003c00110000000000000000000000000000000000000000ff0700", "2809e8dbe108598948224ad54afac11d875397bdb22d0000b420a1a93c5240f45f819e01177d3d458dd4992861ac00", "90be8b1c551265406c7f306003d8a0f4bd00"}}) (async)
socket$igmp6(0xa, 0x3, 0x2)

15.251088694s ago: executing program 2 (id=3013):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000480)=ANY=[@ANYBLOB="1801000021000000000000003b810000850000006d000000850000005000000095"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x3}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000400)='mm_migrate_pages\x00', r0, 0x0, 0x5}, 0x18)
mbind(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x0, 0x0, 0x0, 0x2)
syz_usb_connect(0x0, 0x24, &(0x7f0000000340)={{0x12, 0x1, 0x0, 0x32, 0xe, 0xa5, 0x8, 0x5dc, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x0, 0x54, 0xa2, 0x3e}}]}}]}}, 0x0)

13.251086426s ago: executing program 2 (id=3021):
prctl$PR_SET_TIMERSLACK(0x1d, 0x6)
syz_usb_connect(0x0, 0x36, &(0x7f0000000040)=ANY=[@ANYRES8], 0x0)

10.101384852s ago: executing program 2 (id=3043):
r0 = openat$vhost_vsock(0xffffffffffffff9c, 0x0, 0x2, 0x0)
ioctl$VHOST_SET_VRING_BASE(r0, 0x4008af12, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, 0x0, 0x0) (async)
write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, 0x0, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000d00), 0xffffffffffffffff)
sendmsg$TIPC_NL_NET_SET(r1, &(0x7f0000000e00)={0x0, 0x0, &(0x7f0000000dc0)={&(0x7f0000000d40)={0x24, r2, 0x1, 0x70bd2b, 0x25dfdbff, {}, [@TIPC_NLA_NET={0x10, 0x7, 0x0, 0x1, [@TIPC_NLA_NET_NODEID={0xc, 0x3, 0x8}]}]}, 0x24}}, 0x10)
write$RDMA_USER_CM_CMD_SET_OPTION(0xffffffffffffffff, &(0x7f0000000080)={0xe, 0x18, 0xfa00, @ib_path={0x0}}, 0x20)
ioctl$DRM_IOCTL_MODE_GETRESOURCES(0xffffffffffffffff, 0xc04064a0, 0x0) (async)
ioctl$DRM_IOCTL_MODE_GETRESOURCES(0xffffffffffffffff, 0xc04064a0, 0x0)
close(0xffffffffffffffff)
syz_kvm_setup_syzos_vm$x86(0xffffffffffffffff, &(0x7f0000bff000/0x400000)=nil)
r3 = socket$inet_tcp(0x2, 0x1, 0x0)
r4 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000540), 0xffffffffffffffff)
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) (async)
r6 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_802154(r6, 0x8933, &(0x7f0000000340)={'wpan0\x00', <r7=>0x0})
sendmsg$NL802154_CMD_GET_SEC_DEVKEY(r4, &(0x7f0000000700)={0x0, 0x0, &(0x7f00000006c0)={&(0x7f00000001c0)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r5, @ANYBLOB="01072bbd7000000000001900000008000300", @ANYRES32=r7], 0x1c}}, 0x0)
setsockopt$inet_tcp_TCP_REPAIR_QUEUE(r3, 0x6, 0x14, &(0x7f0000000000)=0x1, 0x4) (async)
setsockopt$inet_tcp_TCP_REPAIR_QUEUE(r3, 0x6, 0x14, &(0x7f0000000000)=0x1, 0x4)
r8 = fanotify_init(0x200, 0x0)
fanotify_mark(r8, 0x8, 0x4800003e, 0xffffffffffffffff, 0x0) (async)
fanotify_mark(r8, 0x8, 0x4800003e, 0xffffffffffffffff, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000200)={0x8, 0x8a}, 0x0) (async)
prlimit64(0x0, 0xe, &(0x7f0000000200)={0x8, 0x8a}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x3)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) (async)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) (async)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r9 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r9, &(0x7f0000019680)=""/102392, 0x18ff8)
ioctl$vim2m_VIDIOC_STREAMOFF(0xffffffffffffffff, 0x40045612, 0x0)
bpf$TOKEN_CREATE(0x24, &(0x7f0000000040)={0x0, r0}, 0x8)
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000000c0)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0xffffffff}, 0x50) (async)
r10 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000000c0)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0xffffffff}, 0x50)
bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0xb, 0x1c, &(0x7f0000000d80)=@ringbuf={{0x18, 0x8, 0x0, 0x0, 0xfffffff7}, {{0x18, 0x1, 0x1, 0x0, r10}, {}, {}, {0x85, 0x0, 0x0, 0x5}}, {{0x5, 0x0, 0x3}}, [@snprintf={{0x7, 0x0, 0xb, 0x2, 0x0, 0x0, 0xffffff1f}, {0x3, 0x3, 0x3, 0xa, 0x9}, {0x6, 0x0, 0xd, 0x9, 0x0, 0x0, 0xffffff1f}, {0x3, 0x3, 0x3, 0xa, 0xa}, {0x7, 0x1, 0xb, 0x7, 0x2}, {0x7, 0x0, 0x0, 0x8, 0x0, 0x0, 0xfffffdff}, {0x7, 0x1, 0xb, 0x4, 0x9}, {}, {0x4, 0x0, 0x6}, {0x18, 0x2, 0x2, 0x0, r10}, {}, {0x46, 0x8, 0xfff0, 0x76}}], {{0x7, 0x1, 0xb, 0x8}, {0x6, 0x0, 0x5, 0x8}, {0x85, 0x0, 0x0, 0x5}}}, &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000}, 0x94)

4.931961745s ago: executing program 4 (id=3067):
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket(0x10, 0x3, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
r3 = socket(0x10, 0x803, 0x2)
syz_genetlink_get_family_id$mptcp(&(0x7f00000000c0), r3)
r4 = syz_open_dev$vim2m(&(0x7f0000000080), 0x2, 0x2)
ioctl$vim2m_VIDIOC_ENUM_FMT(r4, 0xc0405602, &(0x7f00000000c0)={0x9, 0x1, 0x2, "17427415e0076770e65a0460635e6692dcbd2e342b37a3841adfa248e59281a8", 0x584e4f53})
getsockname$packet(r3, &(0x7f0000000180)={0x11, 0x0, <r5=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000003c0)=0x14)
sendmsg$nl_route(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffff11ffffffff000000", @ANYRES32=r5, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000001c0)=@newqdisc={0x2c, 0x24, 0x5820a61ca228651, 0x0, 0x0, {0x0, 0x0, 0x0, r5, {0x0, 0x9}, {0xffff, 0xffff}, {0x0, 0x10}}, [@qdisc_kind_options=@q_qfg={0x8}]}, 0x2c}}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000800)=@newtfilter={0x68, 0x28, 0xd27, 0x1000004, 0x25dfdbfc, {0x0, 0x0, 0x0, r5, {0xd, 0x9}, {0x4}, {0x3, 0xa}}, [@filter_kind_options=@f_cgroup={{0xb}, {0x38, 0x2, [@TCA_CGROUP_ACT={0x34, 0x1, [@m_skbedit={0x30, 0x0, 0x0, 0x0, {{0xc}, {0x4}, {0x4}, {0xc, 0x7, {0x1}}, {0xc, 0x8, {0x1, 0x1}}}}]}]}}]}, 0x68}}, 0x4000)

4.894267205s ago: executing program 5 (id=3068):
r0 = syz_open_dev$vim2m(&(0x7f00000001c0), 0x4, 0x2) (async)
r1 = socket$nl_route(0x10, 0x3, 0x0) (async)
r2 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000007d40)=ANY=[@ANYBLOB="0200000004000000080000000100000080"], 0x48) (async)
timer_create(0x0, &(0x7f00000000c0)={0x0, 0x21, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000300)=<r3=>0x0) (async)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, 0x0) (async)
r4 = socket$inet_mptcp(0x2, 0x1, 0x106) (async)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x5, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000100)=0x2)
sendmsg$NL80211_CMD_REGISTER_BEACONS(0xffffffffffffffff, &(0x7f0000000580)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x200}, 0xc, &(0x7f0000000540)={&(0x7f0000000500)={0x1c, 0x0, 0x200, 0x70bd28, 0x25dfdbfc, {{}, {@val={0x8, 0x1, 0x3f}, @void, @void}}, [""]}, 0x1c}, 0x1, 0x0, 0x0, 0x20008001}, 0x814)
sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce) (async)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r5 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r5, &(0x7f0000002000)=""/102400, 0x19000)
fsopen(0x0, 0x1) (async)
r6 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r6, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) (async)
sendmsg$NFT_BATCH(r6, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000b00)={&(0x7f0000000440)=ANY=[@ANYRESHEX=r4], 0xa0}}, 0x0)
fcntl$lock(0xffffffffffffffff, 0x25, &(0x7f0000000040)={0x0, 0x0, 0x8000, 0x402}) (async)
mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1) (async)
timer_settime(r3, 0x1, &(0x7f0000000040)={{0x77359400}, {0x0, 0x3938700}}, 0x0) (async)
bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f00000004c0)={{r2, <r7=>0xffffffffffffffff}, &(0x7f0000000040), &(0x7f00000000c0)='%pI4   \x00'}, 0x20)
mkdir(&(0x7f00000020c0)='./file0\x00', 0x0)
utimensat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0, 0x0) (async)
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000080)={r7}, 0x4)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000002c0)={0xffffffffffffffff, 0x0, 0xe, 0x0, &(0x7f0000000100)="b34715ecd04550d3abc89b6f7bec", 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)
r8 = syz_open_dev$vim2m(&(0x7f0000000040), 0x40000000e, 0x2)
ioctl$vim2m_VIDIOC_ENUM_FMT(r8, 0xc0405602, &(0x7f0000000000)={0x3a, 0x2, 0x457f1c9146f8f874, "464905e100000000000000007f00", 0xb5315241}) (async)
sendmsg$nl_route(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000080)=@newlink={0x58, 0x10, 0x401, 0x70bd2c, 0x1800, {0x0, 0x0, 0x0, 0x0, 0x1503, 0x8200}, [@IFLA_LINKINFO={0x38, 0x12, 0x0, 0x1, @macsec={{0xb}, {0x28, 0x2, 0x0, 0x1, [@IFLA_MACSEC_CIPHER_SUITE={0xc, 0x4, 0xa10d}, @IFLA_MACSEC_ENCRYPT={0x5, 0x7, 0xd3}, @IFLA_MACSEC_INC_SCI={0x5, 0x9, 0xa}, @IFLA_MACSEC_ENCRYPT={0x5, 0x7, 0x10}]}}}]}, 0x58}, 0x1, 0x0, 0x0, 0x24000000}, 0x0) (async)
ioctl$vim2m_VIDIOC_REQBUFS(r0, 0xc0145608, &(0x7f0000000000)={0x20, 0x1, 0x4}) (async)
ioctl$vim2m_VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f0000000340)={0x0, 0x2, 0x4, {0x1, @win={{}, 0x0, 0x6, 0x0, 0x0, 0x0}}})

4.806765533s ago: executing program 1 (id=3069):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000440)={0x6, 0xf, &(0x7f0000000500)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x82ce485}, {}, {}, [], {{}, {0x7, 0x0, 0xb, 0x2, 0x0, 0x0, 0x2}, {0x85, 0x0, 0x0, 0x84}}}, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x9}, 0x94)
r3 = socket$packet(0x11, 0x2, 0x300)
setsockopt$packet_int(r3, 0x107, 0x8, &(0x7f0000000100)=0x40049, 0x4)
recvmmsg(r3, &(0x7f0000000480)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f00000003c0)=""/11, 0xb}}], 0x4000000000002d9, 0x10022, 0x0)
socket(0x2, 0x3, 0x1)
r4 = socket$inet6_tcp(0xa, 0x1, 0x0)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0)
bind$inet6(r4, &(0x7f0000d84000)={0xa, 0x2, 0x0, @loopback, 0x7}, 0x1c)
setsockopt$inet6_tcp_int(r4, 0x6, 0x2000000000000022, &(0x7f0000000200)=0x1, 0x4)
sendto$inet6(r4, &(0x7f0000000380)="e8", 0x1, 0x20000045, &(0x7f00000001c0)={0xa, 0x2, 0x7f, @empty}, 0x1c)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
setsockopt$inet6_tcp_TCP_CONGESTION(r4, 0x6, 0xd, &(0x7f00000000c0)='hybla\x00', 0x6)
shutdown(r4, 0x1)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
syz_kvm_add_vcpu$x86(0x0, &(0x7f0000000140)={0x0, &(0x7f0000000480)=ANY=[@ANYBLOB="0100000000000000560000000000000066ba2000b0e2ee"], 0x6e})
ioctl$KVM_SET_IRQCHIP(r1, 0x8208ae63, &(0x7f0000000880)={0x0, 0x0, @pic={0x2a, 0xc0, 0x7, 0x6, 0xfb, 0x0, 0x3, 0x4, 0x3, 0x0, 0x3, 0x58, 0x9e, 0x6, 0x5, 0x7f}})
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000000)={[0x35, 0xfff, 0x0, 0x180, 0x4, 0x14, 0xf1, 0x0, 0x7fffffffffffe, 0x5, 0x5, 0x6, 0x0, 0x45, 0x4, 0xbdb], 0x1, 0x1c4213})
syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$ETHTOOL_MSG_WOL_SET(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={0x0}, 0x1, 0x0, 0x0, 0x804}, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)

4.479061488s ago: executing program 5 (id=3070):
r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000000)=ANY=[@ANYBLOB="12013f00000000407f04ffff000000000001090224000100000000090400001503000000092140000001220f00090581d7"], 0x0)
syz_usb_control_io$hid(r0, 0x0, 0x0)
syz_usb_control_io$hid(r0, &(0x7f00000002c0)={0x24, 0x0, 0x0, &(0x7f0000000200)={0x0, 0x22, 0xa, {[@global=@item_012={0x0, 0x1, 0xa}, @global=@item_012={0x1, 0x1, 0x9, "f5"}, @global=@item_012={0x1, 0x1, 0x7, "84"}, @main=@item_4={0x3, 0x0, 0xb, "9e3ce0b2"}]}}, 0x0}, 0x0)
r1 = syz_open_dev$hiddev(&(0x7f0000000540), 0x0, 0x0)
ioctl$HIDIOCSUSAGES(r1, 0x501c4814, 0x0)
ioctl$HIDIOCAPPLICATION(r1, 0x4802, 0x4)

4.362513092s ago: executing program 4 (id=3071):
pipe(&(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = socket$inet_udp(0x2, 0x2, 0x0)
close(r2)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000640), 0xffffffffffffffff)
r4 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX_80211(r4, 0x8933, &(0x7f0000000100)={'wlan1\x00'})
sendmsg$NL80211_CMD_FRAME(r3, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000000)=ANY=[], 0x398}}, 0x0)
write$binfmt_misc(r1, &(0x7f0000000000), 0xfffffecc)
splice(r0, 0x0, r2, 0x0, 0x4ffe6, 0x0)

3.958803042s ago: executing program 0 (id=3072):
r0 = socket(0x10, 0x3, 0x4)
sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000000)=@newqdisc={0x68, 0x14, 0xf0b, 0xfffffffe, 0x0, {0x2, 0x0, 0x0, 0x0, {0xd}, {0xb, 0x9}, {0x4, 0xffe0}}, [@TCA_STAB={0x44, 0x8, 0x0, 0x1, [{{0x1c, 0x1, {0x0, 0xfc, 0x1ff, 0x6, 0x0, 0x0, 0x7e}}, {0x4}}, {{0x1c, 0x1, {0x0, 0x4, 0x3, 0x7, 0x2, 0x4, 0x34}}, {0x4}}]}]}, 0x68}}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x0, 0x0, &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='sched_switch\x00', r4}, 0x10)
r5 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000001000)=ANY=[@ANYBLOB="030000000400e900040000d10a00000000000040", @ANYRES32=0x1, @ANYBLOB='\b\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="00000000010000000100"/28], 0x50)
r6 = bpf$MAP_CREATE(0x0, &(0x7f00000010c0)=@base={0x8, 0x4, 0x7fdf, 0x1, 0x0, r5}, 0x50)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040), 0x0, 0x2931b90f, r6}, 0x38)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000040000000000000000000000000a20000000000a05000000000000000000070000010900010073797a30000000003c000000090a010400000000000000000700000008000a40000000000900020073597a31000000000900010073797a300000000008000540000000218c0000000c0a01030000000000000000070000000900020073797a31000000000900010073797a3000000000600003805c000080080003400000000250000b80200001800a00010071756f7461000000100002800c00014000000000000000002c0001800a0001006c696d69740000001c0002800c00024000000000100000000c0001"], 0x110}}, 0x0)
r7 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r7, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000400)=ANY=[@ANYBLOB="340000003e0007010000000000000000017c00000400fc800c000180060006006558000008000280040011"], 0x34}, 0x1, 0x0, 0x0, 0xc000}, 0xc010)

3.7508845s ago: executing program 1 (id=3073):
syz_open_dev$video(&(0x7f0000000140), 0xe8, 0x480182) (async)
r0 = syz_open_dev$video(&(0x7f0000000140), 0xe8, 0x480182)
socket$inet_udplite(0x2, 0x2, 0x88) (async)
r1 = socket$inet_udplite(0x2, 0x2, 0x88)
setsockopt$IPT_SO_SET_REPLACE(r1, 0x0, 0x40, &(0x7f0000000b00)=@raw={'raw\x00', 0x8, 0x3, 0x3f0, 0x0, 0x25, 0x148, 0x158, 0x60, 0x358, 0x2a8, 0x2a8, 0x358, 0x2a8, 0x3, 0x0, {[{{@uncond, 0x0, 0x110, 0x158, 0x0, {0x200003ae, 0x7f00}, [@common=@inet=@hashlimit1={{0x58}, {'geneve0\x00', {0x5e, 0x0, 0x9, 0x0, 0x2, 0xffffffff, 0x7, 0x18}}}, @common=@unspec=@ipvs={{0x48}, {@ipv4=@broadcast, [0x0, 0xffffff00, 0x0, 0xff], 0x4e21, 0x3c, 0x5, 0x4e21, 0x8, 0x8}}]}, @common=@unspec=@IDLETIMER={0x48, 'IDLETIMER\x00', 0x0, {0x6, 'syz0\x00'}}}, {{@ip={@empty, @empty, 0xff000000, 0x0, 'syzkaller0\x00', 'veth0_to_team\x00'}, 0x0, 0x1a0, 0x200, 0x0, {}, [@common=@inet=@recent0={{0xf8}, {0x0, 0x3, 0x2, 0x4, 'syz0\x00', 0x4}}, @common=@unspec=@statistic={{0x38}, {0x0, 0x0, 0x0, 0x80000, 0x8000}}]}, @common=@SET={0x60}}], {{'\x00', 0xc8, 0x70, 0x98}, {0x28}}}}, 0x450)
socket$nl_xfrm(0x10, 0x3, 0x6) (async)
r2 = socket$nl_xfrm(0x10, 0x3, 0x6)
setsockopt$netlink_NETLINK_ADD_MEMBERSHIP(r2, 0x10e, 0x1, &(0x7f0000000400)=0x1, 0x4) (async)
setsockopt$netlink_NETLINK_ADD_MEMBERSHIP(r2, 0x10e, 0x1, &(0x7f0000000400)=0x1, 0x4)
r3 = socket$inet6(0xa, 0x3, 0x88)
setsockopt$inet6_IPV6_XFRM_POLICY(r3, 0x29, 0x23, &(0x7f00000007c0)={{{@in=@broadcast, @in6=@remote, 0x4e22, 0x0, 0x0, 0x3, 0x2}, {0x0, 0x200000000, 0x40000000007, 0x20000a0de, 0x100000000, 0x4, 0x200000003, 0x9}, {0x5}, 0x1, 0x0, 0x1, 0x0, 0x3, 0x3}, {{@in6=@mcast1, 0x0, 0x6c}, 0xa, @in=@dev={0xac, 0x14, 0x14, 0x1a}, 0x3502, 0x1, 0x8, 0x0, 0x9075}}, 0xe8)
connect$inet6(r3, &(0x7f0000000000)={0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @dev={0xac, 0x14, 0x14, 0x4}}}, 0x1c) (async)
connect$inet6(r3, &(0x7f0000000000)={0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @dev={0xac, 0x14, 0x14, 0x4}}}, 0x1c)
ioctl$VIDIOC_S_PARM(r0, 0xc0cc5616, &(0x7f0000000440)={0xa, @raw_data="5dd04c6a0590bce5483a56ec4e00f09645243da49d2623e3bf30f959b822330ebfbd9bc2bb4fca0c283f4118dc217c32b1af958573fd026b004a2b8f804c8231f1857a042cbd116b3ffc7a96a6e73d4145a18bba38c257a36401b810488260a816b80250b7167155384604b1ef3bb50cf41119eaa90b804f6f0c10c0fb3aec186a6e1b70b2741a094f8dd2c1416aef6eb886e37aca53606f519e9509488c45baee73ceb1e5427b6a8e36fbed21a6b6d92eea0adc4203984024785c92763286c0313140ab1b58b391"}) (async)
ioctl$VIDIOC_S_PARM(r0, 0xc0cc5616, &(0x7f0000000440)={0xa, @raw_data="5dd04c6a0590bce5483a56ec4e00f09645243da49d2623e3bf30f959b822330ebfbd9bc2bb4fca0c283f4118dc217c32b1af958573fd026b004a2b8f804c8231f1857a042cbd116b3ffc7a96a6e73d4145a18bba38c257a36401b810488260a816b80250b7167155384604b1ef3bb50cf41119eaa90b804f6f0c10c0fb3aec186a6e1b70b2741a094f8dd2c1416aef6eb886e37aca53606f519e9509488c45baee73ceb1e5427b6a8e36fbed21a6b6d92eea0adc4203984024785c92763286c0313140ab1b58b391"})
socketpair(0x1, 0x1, 0x0, &(0x7f0000000000))
bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x19, 0x4, 0x4, 0x2, 0x0, 0xffffffffffffffff, 0x1000, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x80}, 0x50)
r4 = socket$inet6_tcp(0xa, 0x1, 0x0)
listen(r4, 0x0)
r5 = gettid()
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={<r6=>0xffffffffffffffff, <r7=>0xffffffffffffffff})
ioctl$int_in(r6, 0x5452, &(0x7f0000b28000)=0x20003)
fcntl$setsig(r6, 0xa, 0x12)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000400)={<r8=>0xffffffffffffffff})
syz_open_dev$usbfs(&(0x7f0000000040), 0x76, 0x40702) (async)
r9 = syz_open_dev$usbfs(&(0x7f0000000040), 0x76, 0x40702)
ioctl$USBDEVFS_CONNECTINFO(r9, 0x80045505, &(0x7f00000001c0)) (async)
ioctl$USBDEVFS_CONNECTINFO(r9, 0x80045505, &(0x7f00000001c0))
bind$alg(r9, &(0x7f00000002c0)={0x26, 'hash\x00', 0x0, 0x0, 'mcryptd(hmac(sha256-avx2))\x00'}, 0x58)
pselect6(0x40, &(0x7f0000004600)={0x2, 0x40000, 0x8, 0x7, 0xffffffffffffffe8, 0x401, 0xffffffff, 0xfffffffffffffffe}, 0x0, &(0x7f0000000240)={0x9, 0xfff, 0xd3, 0x5, 0x7, 0x400, 0x9, 0xa1}, &(0x7f00000046c0)={0x0, 0x3938700}, 0x0)
ioctl$sock_SIOCINQ(r8, 0x541b, &(0x7f0000000200))
poll(&(0x7f0000b2c000)=[{r7}], 0x2c, 0xffffffffffbffff8) (async)
poll(&(0x7f0000b2c000)=[{r7}], 0x2c, 0xffffffffffbffff8)
timer_create(0x0, &(0x7f00000000c0)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000100))
timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x3938700}, {0x0, 0x3938700}}, 0x0) (async)
timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x3938700}, {0x0, 0x3938700}}, 0x0)
gettid()
rt_sigaction(0x16, &(0x7f0000000080)={0x0, 0x90000003, 0x0}, 0x0, 0x8, &(0x7f0000000200))
tkill(r5, 0x36)
dup2(r6, r7)

3.113283062s ago: executing program 1 (id=3074):
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket(0x10, 0x3, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
r3 = socket(0x10, 0x803, 0x2)
syz_genetlink_get_family_id$mptcp(&(0x7f00000000c0), r3)
getsockname$packet(r3, &(0x7f0000000180)={0x11, 0x0, <r4=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000003c0)=0x14)
sendmsg$nl_route(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffff11ffffffff000000", @ANYRES32=r4, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000001c0)=@newqdisc={0x2c, 0x24, 0x5820a61ca228651, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {0x0, 0x9}, {0xffff, 0xffff}, {0x0, 0x10}}, [@qdisc_kind_options=@q_qfg={0x8}]}, 0x2c}}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000800)=@newtfilter={0x68, 0x28, 0xd27, 0x1000004, 0x25dfdbfc, {0x0, 0x0, 0x0, r4, {0xd, 0x9}, {0x4}, {0x3, 0xa}}, [@filter_kind_options=@f_cgroup={{0xb}, {0x38, 0x2, [@TCA_CGROUP_ACT={0x34, 0x1, [@m_skbedit={0x30, 0x0, 0x0, 0x0, {{0xc}, {0x4}, {0x4}, {0xc, 0x7, {0x1}}, {0xc, 0x8, {0x1, 0x1}}}}]}]}}]}, 0x68}, 0x1, 0x0, 0x0, 0x1000000}, 0x4000)

3.112347212s ago: executing program 4 (id=3075):
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.net/syz1\x00', 0x1ff)
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$IPT_SO_SET_REPLACE(r0, 0x0, 0x40, &(0x7f0000000080)=@filter={'filter\x00', 0xe, 0x4, 0x320, 0xffffffff, 0x98, 0x0, 0x0, 0xffffffff, 0xffffffff, 0x288, 0x288, 0x288, 0xffffffff, 0x4, &(0x7f0000000040), {[{{@ip={@multicast1, @remote, 0xffffffff, 0xffffffff, 'syz_tun\x00', 'ipvlan1\x00', {0xff}, {0xff}, 0x2e, 0x2, 0x10}, 0x0, 0x70, 0x98}, @REJECT={0x28, 'REJECT\x00', 0x0, {0x3}}}, {{@ip={@rand_addr=0x64010101, @rand_addr=0x64010101, 0xffffffff, 0xff, 'virt_wifi0\x00', 'veth1_to_bond\x00', {0xff}, {}, 0x49, 0x2, 0x20}, 0x0, 0xa0, 0x100, 0x0, {}, [@common=@addrtype={{0x30}, {0x80d, 0x288, 0x1, 0x1}}]}, @common=@SET={0x60, 'SET\x00', 0x0, {{0x2, [0x6, 0x0, 0x7, 0x2, 0x4], 0x5, 0x2}, {0x4, [0x0, 0x6, 0x4, 0x1, 0x2], 0x1}}}}, {{@ip={@multicast1, @multicast2, 0xff, 0xff, 'ip6tnl0\x00', 'veth0_vlan\x00', {0xff}, {0xff}, 0x6, 0x1, 0x52}, 0x0, 0xc8, 0xf0, 0x0, {}, [@common=@ah={{0x30}, {[0x8, 0x200]}}, @common=@ttl={{0x28}, {0x0, 0x40}}]}, @common=@unspec=@CONNSECMARK={0x28, 'CONNSECMARK\x00', 0x0, {0x1}}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x380)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000400)='./cgroup.cpu/syz0\x00', 0x1ff)
mkdir(&(0x7f0000000440)='./file0\x00', 0x40)
openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000480)='./cgroup.net/syz0\x00', 0x200002, 0x0)
r1 = socket$can_bcm(0x1d, 0x2, 0x2)
connect$can_bcm(r1, &(0x7f00000004c0), 0x10)
fcntl$notify(r0, 0x402, 0x80000000)
r2 = mmap$IORING_OFF_SQES(&(0x7f0000ff9000/0x4000)=nil, 0x4000, 0x2, 0x810, 0xffffffffffffffff, 0x10000000)
r3 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
syz_io_uring_submit(0x0, r2, &(0x7f0000000500)=@IORING_OP_READ_FIXED={0x4, 0x4, 0x0, @fd_index=0x2, 0xed, 0xffffffffffffffff, 0xd, 0x6, 0x1, {0x3, r3}})
write$RDMA_USER_CM_CMD_CREATE_ID(r1, &(0x7f0000000580)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000540), 0x106, 0x4}}, 0x20)
r4 = accept$inet(0xffffffffffffffff, &(0x7f00000005c0)={0x2, 0x0, @broadcast}, &(0x7f0000000600)=0x10)
getsockopt$inet_mreq(r4, 0x0, 0x20, &(0x7f0000000640)={@multicast1, @multicast1}, &(0x7f0000000680)=0x8)
syz_open_dev$vim2m(&(0x7f00000006c0), 0x7f, 0x2)
getsockopt$ARPT_SO_GET_INFO(r0, 0x0, 0x60, &(0x7f0000000700)={'filter\x00', 0x0, [0x1, 0x7ff, 0xe0de]}, &(0x7f0000000780)=0x44)
clock_gettime(0x0, &(0x7f0000000800)={<r5=>0x0, <r6=>0x0})
futex(&(0x7f00000007c0), 0x6, 0x2, &(0x7f0000000840)={r5, r6+60000000}, &(0x7f0000000880)=0x2, 0x0)
setsockopt$inet_tcp_TCP_REPAIR_QUEUE(r4, 0x6, 0x14, &(0x7f00000008c0)=0x2, 0x4)
r7 = openat$vmci(0xffffffffffffff9c, &(0x7f0000000900), 0x2, 0x0)
ioctl$IOCTL_VMCI_NOTIFICATIONS_RECEIVE(r7, 0x7a6, &(0x7f0000000940)={0x5, 0x5, 0x7fffffffffffffff, 0x5, 0x8, 0xa00})
r8 = syz_genetlink_get_family_id$ethtool(&(0x7f00000009c0), 0xffffffffffffffff)
ioctl$sock_ipv6_tunnel_SIOCCHGTUNNEL(0xffffffffffffffff, 0x89f3, &(0x7f0000000a80)={'ip6tnl0\x00', &(0x7f0000000a00)={'ip6tnl0\x00', <r9=>0x0, 0x29, 0x90, 0x6, 0x200, 0x60, @local, @empty, 0x1, 0x20, 0x4, 0x1}})
ioctl$ifreq_SIOCGIFINDEX_vcan(r4, 0x8933, &(0x7f0000000ac0)={'vxcan0\x00', <r10=>0x0})
sendmsg$ETHTOOL_MSG_TSINFO_GET(0xffffffffffffffff, &(0x7f0000000bc0)={&(0x7f0000000980)={0x10, 0x0, 0x0, 0x1000}, 0xc, &(0x7f0000000b80)={&(0x7f0000000b00)={0x80, r8, 0x300, 0x70bd2b, 0x25dfdbff, {}, [@HEADER={0x6c, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x3}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r9}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r10}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x2}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x2}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'geneve1\x00'}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x1}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'macvlan1\x00'}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x2}, @ETHTOOL_A_HEADER_FLAGS={0x8}]}]}, 0x80}, 0x1, 0x0, 0x0, 0x840}, 0x0)
syz_emit_vhci(&(0x7f0000000c00)=@HCI_VENDOR_PKT={0xff, 0x40}, 0x2)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000c40)='./cgroup.cpu/syz0\x00', 0x1ff)
r11 = openat$incfs(0xffffffffffffff9c, &(0x7f0000000c80)='.log\x00', 0x8000, 0x8)
ioctl$SNDRV_TIMER_IOCTL_STOP(r11, 0x54a1)

2.92633376s ago: executing program 0 (id=3076):
bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x1f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x94)
r0 = socket$inet_udp(0x2, 0x2, 0x0)
bind$inet(r0, &(0x7f0000000040)={0x2, 0x4e20, @private=0xa010101}, 0x10)
pipe(&(0x7f0000000d00))
r1 = socket$inet_udp(0x2, 0x2, 0x0)
close(r1)
bind$inet(r1, &(0x7f0000000140)={0x2, 0x2, @local}, 0x10)
capset(&(0x7f0000000000)={0x20080522}, &(0x7f0000000280)={0x8000, 0x0, 0xfffffffd, 0x74a, 0xfffffffe})
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
listen(r2, 0x220c)
r3 = socket$inet6_tcp(0xa, 0x1, 0x0)
listen(r3, 0x3)
r4 = socket$inet6_tcp(0xa, 0x1, 0x0)
listen(r4, 0x0)
r5 = socket$inet6_tcp(0xa, 0x1, 0x0)
listen(r5, 0x0)
r6 = socket$inet6_tcp(0xa, 0x1, 0x0)
listen(r6, 0x0)
r7 = socket$inet6_tcp(0xa, 0x1, 0x0)
listen(r7, 0x0)
r8 = socket$inet6_tcp(0xa, 0x1, 0x0)
listen(r8, 0x0)
r9 = socket$netlink(0x10, 0x3, 0x8000000004)
writev(r9, &(0x7f0000000040)=[{&(0x7f0000000200)="580000001400192340834b80040d8c560a0677bc45ff810500000000000058000b380400945f64009400050028925a01000000000000008000f0fffeffe809000000fff5dd0000001000010002081000418e00000004fcff", 0x7d}], 0x1)

2.766845884s ago: executing program 0 (id=3077):
r0 = socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x25, &(0x7f0000000200)=0x5d4c, 0x4)
bind$inet(r0, &(0x7f00000001c0)={0x2, 0x0, @local}, 0x10)
connect$inet(r0, &(0x7f0000000480)={0x2, 0x0, @multicast2}, 0x10)
sendmmsg(r0, &(0x7f0000007fc0), 0x800001d, 0x0)
setsockopt$MRT6_ADD_MFC_PROXY(0xffffffffffffffff, 0x29, 0xd2, &(0x7f0000000600)={{0xa, 0x0, 0x8, @local}, {0xa, 0x1, 0x0, @empty}}, 0x5c)
socket$inet_smc(0x2b, 0x1, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$inet(0xffffffffffffffff, &(0x7f0000001b00)={0x0, 0x0, 0x0, 0x0, &(0x7f0000001d80)=ANY=[@ANYBLOB="28010000000000000100000001"], 0x128}, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
sendmsg$inet(r2, &(0x7f0000001b00)={0x0, 0x0, 0x0, 0x0, &(0x7f0000001d80)=ANY=[], 0x128}, 0x0)
r3 = ioctl$TUNGETDEVNETNS(0xffffffffffffffff, 0x54e3, 0x0)
ioctl$NS_GET_PARENT(r3, 0xb702, 0x0)
recvmsg$unix(r1, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000900), 0x100}, 0x0)
r4 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r4, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000140)=ANY=[@ANYBLOB="0c04000010000104000000000000000000480000", @ANYRES32=r4, @ANYBLOB="101000000000000008000d0005000000e4031680a40001800c0007"], 0x40c}}, 0x2004c040)
recvfrom(r0, 0x0, 0x0, 0x40010001, 0x0, 0x0)
recvmmsg(r0, &(0x7f0000000040), 0x291962b, 0x45833af92e4b39ff, 0x0)
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x122, 0x0)

2.40188366s ago: executing program 5 (id=3078):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000380)={0x18, 0x4, 0x0, &(0x7f0000000140)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x20, '\x00', 0x0, 0x2}, 0x94)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x7)
r0 = add_key$user(&(0x7f00000002c0), &(0x7f0000000300)={'syz', 0x0}, &(0x7f0000000280)="d25a9850a9d77f10", 0x8, 0xfffffffffffffffe)
r1 = add_key$user(&(0x7f00000003c0), &(0x7f0000000440), &(0x7f00000000c0), 0xc9, 0xfffffffffffffffd)
keyctl$dh_compute(0x17, &(0x7f0000000140)={r0, r1, r0}, &(0x7f00000000c0)=""/83, 0xfffffffffffffe4f, 0x0)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x20042, 0x0)
add_key$user(&(0x7f0000000080), 0x0, 0x0, 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
r4 = dup(r3)
ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000000840)={0x1fe, 0x2, 0x2000, 0x1000, &(0x7f0000003000/0x1000)=nil})
r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x2)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000040)=[@text64={0x40, 0x0}], 0x1, 0x11, 0x0, 0x0)
syz_kvm_setup_cpu$x86(r3, r5, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000200)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_RUN(r5, 0xae80, 0x0)

2.029329083s ago: executing program 4 (id=3079):
r0 = syz_open_dev$cec(&(0x7f0000000300), 0x0, 0x40000)
ioctl$CEC_ADAP_S_LOG_ADDRS(r0, 0xc05c6104, &(0x7f00000000c0)={'\x00', 0x0, 0x5, 0x3, 0x7, 0x0, "000000ff00070000000900", '\x00', "05030400", '!\x00', ["0000a600000031000000001e", "20dfa1000000ec0000000001", "0c671dcf7f90001e00", "000000000100"]})

1.961821977s ago: executing program 5 (id=3080):
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000000)=@setneightbl={0x24, 0x43, 0x20, 0x70bd2d, 0x25dfdbfb, {0x2}, [@NDTA_NAME={0x5, 0x1, '\x00'}, @NDTA_THRESH3={0x8, 0x4, 0xffff}]}, 0x24}, 0x1, 0xba01, 0x0, 0x4c805}, 0x0) (async)
openat$sw_sync(0xffffffffffffff9c, &(0x7f0000000080), 0x80340, 0x0)

1.902900516s ago: executing program 1 (id=3081):
r0 = inotify_init1(0x80000)
inotify_add_watch(r0, &(0x7f0000000240)='.\x00', 0x20000626) (async)
r1 = socket$unix(0x1, 0x5, 0x0)
bind$unix(r1, &(0x7f0000000100)=@abs={0x1, 0x0, 0x4e24}, 0x6e) (async)
r2 = socket$alg(0x26, 0x5, 0x0) (async)
r3 = fanotify_init(0xf00, 0x0) (async)
r4 = openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='.\x00', 0x0, 0x0)
fanotify_mark(r3, 0x455, 0x40000008, r4, 0x0)
fanotify_mark(r3, 0x41, 0x8000038, r4, 0x0) (async)
fanotify_mark(r3, 0x80, 0x10, r4, 0x0)
bind$alg(r2, &(0x7f0000000240)={0x26, 'hash\x00', 0x0, 0x0, 'cbcmac(des3_ede-generic)\x00'}, 0x58)
mmap(&(0x7f00009fd000/0x600000)=nil, 0x600000, 0x300000d, 0x6031, 0xffffffffffffffff, 0x0) (async)
setsockopt$ALG_SET_KEY(r2, 0x117, 0x1, &(0x7f0000c18000)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18) (async)
bind$unix(r1, &(0x7f0000000040)=@file={0x1, './file0\x00'}, 0x6e) (async)
mount(&(0x7f0000000080)=@nullb, &(0x7f0000000100)='.\x00', &(0x7f0000000000)='iso9660\x00', 0x2000000, 0x0) (async)
ioctl$ifreq_SIOCGIFINDEX_team(r1, 0x8933, &(0x7f00000000c0))

1.89612013s ago: executing program 4 (id=3082):
socketpair$unix(0x1, 0x3, 0x0, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x8)
bpf$BPF_PROG_DETACH(0x9, &(0x7f0000000380)=ANY=[@ANYRES32, @ANYRES32, @ANYRES32=0x0], 0x20)
r0 = bpf$MAP_CREATE(0x100000000000000, &(0x7f0000000440)=ANY=[@ANYBLOB="0a00000009000000080000000200000000000000", @ANYRES32, @ANYBLOB="00f6ffffff00"/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x48)
r1 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000040)={0x3, 0x6, &(0x7f0000000300)=@framed={{0x18, 0x2}, [@map_fd={0x18, 0x3, 0x1, 0x0, r0}, @call={0x85, 0x0, 0x0, 0xc0}]}, &(0x7f0000000000)='GPL\x00'}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000140)={r1, 0x18000000000002a0, 0xe, 0x0, &(0x7f0000000200)="9e36d448b388dd965f7a33120825", 0x0, 0xbffffffe, 0xe8030000, 0x0, 0x0, 0x0, 0x0}, 0x50)
syz_open_dev$vim2m(0x0, 0x7, 0x2)
madvise(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x19)
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5)

1.845914089s ago: executing program 5 (id=3083):
r0 = openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0)
r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$nfc(&(0x7f0000000040), r1)
ioctl$IOCTL_GET_NCIDEV_IDX(r0, 0x0, &(0x7f00000000c0)=<r3=>0x0)
sendmsg$NFC_CMD_DEV_UP(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000740)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r2, @ANYBLOB="010026bd70003c0200000200000008000100", @ANYRES32=r3], 0x1c}}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000240)=0x7)
r4 = getpid()
sched_setscheduler(r4, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff})
connect$unix(r5, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r6, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r5, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r7 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bind$bt_hci(r7, &(0x7f0000000000)={0x1f, 0xffffffffffffffff, 0x3}, 0x6)
ioctl$SIOCX25SFACILITIES(0xffffffffffffffff, 0x89e3, &(0x7f0000000080)={0x37, 0x800000, 0x8, 0x9, 0x8000})
write$bt_hci(r7, &(0x7f0000000080)=ANY=[], 0x6)
rseq(0x0, 0x0, 0x1, 0x0)
r8 = socket$xdp(0x2c, 0x3, 0x0)
setsockopt$XDP_UMEM_FILL_RING(r8, 0x11b, 0x5, 0x0, 0x0)
lseek(0xffffffffffffffff, 0x3, 0x1)
r9 = openat2$dir(0xffffffffffffff9c, 0x0, &(0x7f0000000280)={0x20000, 0x30, 0x6}, 0x18)
symlinkat(&(0x7f0000000100)='./file0\x00', r9, &(0x7f00000002c0)='./file0\x00')
connect$inet6(0xffffffffffffffff, &(0x7f0000000180)={0xa, 0x4000, 0x0, @ipv4={'\x00', '\xff\xff', @remote}, 0xd}, 0x1c)
syz_io_uring_setup(0xc88, &(0x7f0000000300)={0x0, 0xfffffffd, 0x80, 0x3, 0x357}, 0x0, &(0x7f00000001c0)=<r10=>0x0)
syz_io_uring_submit(0x0, r10, &(0x7f0000000000)=@IORING_OP_WRITEV={0x2, 0x40, 0x0, @fd_index=0x3, 0x0, &(0x7f0000000440)=[{&(0x7f0000000580)="1a", 0x1}, {0x0, 0x47}], 0x2})
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x8031, 0xffffffffffffffff, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x19)

1.804556629s ago: executing program 0 (id=3084):
pipe(&(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = socket$inet_udp(0x2, 0x2, 0x0)
close(r2)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000640), 0xffffffffffffffff)
r5 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX_80211(r5, 0x8933, &(0x7f0000000100)={'wlan1\x00', <r6=>0x0})
sendmsg$NL80211_CMD_FRAME(r3, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000000)=ANY=[@ANYBLOB="98030000", @ANYRES16=r4, @ANYBLOB="010028057000fcdbdf253b00000008000300", @ANYRES32=r6], 0x398}}, 0x0)
write$binfmt_misc(r1, &(0x7f0000000000), 0xfffffecc)
splice(r0, 0x0, r2, 0x0, 0x4ffe6, 0x0)

1.395004442s ago: executing program 1 (id=3085):
r0 = socket(0x10, 0x3, 0x4)
sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000000)=@newqdisc={0x68, 0x14, 0xf0b, 0xfffffffe, 0x0, {0x2, 0x0, 0x0, 0x0, {0xd}, {0xb, 0x9}, {0x4, 0xffe0}}, [@TCA_STAB={0x44, 0x8, 0x0, 0x1, [{{0x1c, 0x1, {0x0, 0xfc, 0x1ff, 0x6, 0x0, 0x0, 0x7e}}, {0x4}}, {{0x1c, 0x1, {0x0, 0x4, 0x3, 0x7, 0x2, 0x4, 0x34}}, {0x4}}]}]}, 0x68}}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x0, 0x0, &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='sched_switch\x00', r4}, 0x10)
r5 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000001000)=ANY=[@ANYBLOB="030000000400e900040000d10a00000000000040", @ANYRES32=0x1, @ANYBLOB='\b\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="00000000010000000100"/28], 0x50)
r6 = bpf$MAP_CREATE(0x0, &(0x7f00000010c0)=@base={0x8, 0x4, 0x7fdf, 0x1, 0x0, r5}, 0x50)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040), 0x0, 0x2931b90f, r6}, 0x38)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000040000000000000000000000000a20000000000a05000000000000000000070000010900010073797a30000000003c000000090a010400000000000000000700000008000a40000000000900020073597a31000000000900010073797a300000000008000540000000218c0000000c0a01030000000000000000070000000900020073797a31000000000900010073797a3000000000600003805c000080080003400000000250000b80200001800a00010071756f7461000000100002800c00014000000000000000002c0001800a0001006c696d69740000001c0002800c00024000000000100000000c0001"], 0x110}}, 0x0)
r7 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r7, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000400)=ANY=[@ANYBLOB="340000003e0007010000000000000000017c00000400fc800c000180060006006558000008000280040011"], 0x34}, 0x1, 0x0, 0x0, 0xc000}, 0xc010)

258.649839ms ago: executing program 0 (id=3086):
r0 = socket$inet6(0xa, 0x5, 0x0)
setsockopt$inet_int(r0, 0x0, 0xf, &(0x7f0000000340)=0xfffffffffffffff9, 0x4)
setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_ADD(r0, 0x84, 0x64, &(0x7f0000000200)=[@in6={0xa, 0x4e24, 0x0, @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, 0x8}], 0x1c)
setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_ADD(r0, 0x84, 0x64, &(0x7f0000000100)=[@in={0x2, 0x0, @loopback}, @in6={0xa, 0x0, 0x0, @private0}], 0x2c)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000044c0)={&(0x7f0000002480)={0x1c, 0x2, 0x6, 0x401, 0x0, 0x0, {0x0, 0x0, 0x6}, [@IPSET_ATTR_PROTOCOL={0x5}]}, 0x1c}}, 0x0)
setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_REM(r0, 0x84, 0x65, &(0x7f0000000000)=[@in={0x2, 0x0, @loopback}, @in={0x2, 0x4e25, @remote}], 0x20)

197.102575ms ago: executing program 4 (id=3087):
r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000000)=ANY=[@ANYBLOB="12013f00000000407f04ffff000000000001090224000100000000090400001503000000092140000001220f00090581d7"], 0x0)
syz_usb_control_io$hid(r0, 0x0, 0x0)
syz_usb_control_io$hid(r0, &(0x7f00000002c0)={0x24, 0x0, 0x0, &(0x7f0000000200)={0x0, 0x22, 0xa, {[@global=@item_012={0x0, 0x1, 0xa}, @global=@item_012={0x1, 0x1, 0x9, "f5"}, @global=@item_012={0x1, 0x1, 0x7, "84"}, @main=@item_4={0x3, 0x0, 0xb, "9e3ce0b2"}]}}, 0x0}, 0x0)
r1 = syz_open_dev$hiddev(&(0x7f0000000540), 0x0, 0x0)
ioctl$HIDIOCSUSAGES(r1, 0x501c4814, 0x0)
ioctl$HIDIOCAPPLICATION(r1, 0x4802, 0x4)

147.383294ms ago: executing program 1 (id=3088):
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000006680))
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan1\x00', <r2=>0x0})
pipe(&(0x7f0000000080)={<r3=>0xffffffffffffffff})
r4 = socket$inet_udp(0x2, 0x2, 0x0)
close(r4)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
r6 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000640), 0xffffffffffffffff)
r7 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r7, 0x8933, &(0x7f0000000480)={'wlan1\x00', <r8=>0x0})
r9 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff)
sendmsg$NL80211_CMD_REMAIN_ON_CHANNEL(r7, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000004c0)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYRES16=r9, @ANYBLOB="010000000000000000003700000008000300", @ANYRES32=r8, @ANYBLOB="08002600901500000800570080"], 0x2c}}, 0x80)
ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000100)={'wlan1\x00', <r10=>0x0})
sendmsg$NL80211_CMD_FRAME(r5, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000000)=ANY=[@ANYBLOB="98030000", @ANYRES16=r6, @ANYBLOB="010028057000fcdbdf253b00000008000300", @ANYRES32=r10, @ANYBLOB="04008e00080057001b0a000004006c000500190107000000080026006c090000560333"], 0x398}}, 0x0)
splice(r3, 0x0, r4, 0x0, 0x4ffe6, 0x0)
sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0)
pipe(&(0x7f0000000080)={<r11=>0xffffffffffffffff, <r12=>0xffffffffffffffff})
r13 = socket$inet_udp(0x2, 0x2, 0x0)
close(r13)
openat$nullb(0xffffffffffffff9c, &(0x7f0000000040), 0x801, 0x0)
write$binfmt_misc(r12, &(0x7f0000000000), 0xfffffecc)
splice(r11, 0x0, r13, 0x0, 0x4ffe6, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x8031, 0xffffffffffffffff, 0x0)

58.994259ms ago: executing program 0 (id=3089):
sendmsg$NLBL_CIPSOV4_C_ADD(0xffffffffffffffff, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000000040)=ANY=[@ANYBLOB="d0000000", @ANYRES16, @ANYBLOB="0100000000000000000001000000080001000000000004"], 0xd0}}, 0x0)
mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1)
timer_settime(0x0, 0x1, &(0x7f0000000040)={{}, {0x77359400}}, 0x0)
mkdir(&(0x7f0000000400)='./file0\x00', 0x0)
syz_open_dev$evdev(&(0x7f0000000180), 0x0, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3, 0x8031, 0xffffffffffffffff, 0x0)
mbind(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x2, &(0x7f0000000080)=0x9, 0x8, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff})
sendmmsg$unix(r0, &(0x7f00000bd000), 0x4000153, 0x8080)
syz_init_net_socket$rose(0xb, 0x5, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r0, &(0x7f00000008c0)=[{{&(0x7f0000000380)=@abs={0x0, 0x0, 0x4e20}, 0x6e, &(0x7f0000000500)=[{&(0x7f0000000440)="922f2b94f092696c4060a0d501a50f84aa126c0d178aba5da7030c1ac4dafd9fc2a1b3d980bd1090bc5a92e0e419a0c7fc4821c571e62ec9140234a2fba828c71209f8ce1381437b3e2b04200afbe022ede9769d515816c6b70e2a0b2bdfb5d589a26a4690ef5423", 0x68}, {&(0x7f00000005c0)="fada11e8ca8d47191dd6f6d644af0948ac7ab491fffa026cda67ef455e756cd6c0cebf3a87e5d7f79236fe4b14e98ec3ea670a244a7232e60224c6b5edc01b3b880dcc6d3440268264abc292532574be1c910c43fc66f36e828a8c445b0c10ac830c76666cfa254c147284fc0e1760a7d0e90e762166096c85cea839cd953efc882ab54052189dd8013fed7e5b", 0x8d}, {&(0x7f00000004c0)="e9e9cc2aaa956009657baef6fcee805dde", 0x11}], 0x3, &(0x7f0000000800)=ANY=[@ANYBLOB="1c000000000000000100000002000000", @ANYRES32=r1, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="000000001000000000000000010000000100000014000000000000000100000001000000", @ANYRES32=r0, @ANYBLOB="00130000140000000000000001000000010000b7", @ANYRES32=r0, @ANYBLOB='\x00\x00\x00\x00'], 0x60, 0x8001}}], 0x1, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
close(0xffffffffffffffff)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000040)={'wlan0\x00'})
ioctl(0xffffffffffffffff, 0x8b26, &(0x7f0000000040))
r3 = socket$inet6_sctp(0xa, 0x801, 0x84)
socket$caif_seqpacket(0x25, 0x5, 0x3)
connect$inet6(r3, &(0x7f0000000100)={0xa, 0x0, 0x0, @private1, 0x200000}, 0x1c)
sendto$inet6(r3, &(0x7f00000001c0)='O', 0x1, 0x80, &(0x7f0000000280)={0xa, 0x0, 0x0, @private2}, 0x1c)
shutdown(r3, 0x1)
accept4$rose(0xffffffffffffffff, &(0x7f0000000000)=@full={0xb, @remote, @bcast, 0x0, [@null, @bcast, @remote, @netrom, @netrom]}, 0x0, 0x80800)
getsockopt$inet_sctp6_SCTP_STATUS(r3, 0x84, 0xe, &(0x7f00000002c0)={0x0, 0xb, 0x1761, 0x10, 0x2, 0x0, 0x1, 0x4, {0x0, @in={{0x2, 0x4e23, @empty}}, 0xffffff2b, 0x80000000, 0x7ff, 0x3, 0x400}}, &(0x7f00000000c0)=0xb0)

0s ago: executing program 5 (id=3090):
poll(&(0x7f0000000180)=[{0xffffffffffffffff, 0x2002}], 0x1, 0x7f) (async)
r0 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r0, 0x8933, &(0x7f0000000180))
writev(r0, &(0x7f00000002c0)=[{&(0x7f00000001c0)="c0c7d7fe8ef68f5c1d74232dcaa5a6e2718162e9050a5ff4e4ae91c2d67b8d9b8e557de87f4064154320ef9435d37a465b8c5b2fd33e4ce2529927a51b59e15fd2ba135bf68ce88033315fb6d3bbd1bbb13c9c61b7f6f0c49a1e57c658405dea09ca82b315871227d1a82d8b7f14d7", 0x6f}, {&(0x7f0000000140)="667e712872cf86436706e9a4", 0xc}, {&(0x7f0000000240)="5ed6e97ab1213f76074f2b11e6c3e63ceda95e76f48c5f0c41a000b22da8d8ef6674a750008494d0ff91ef6e644e60cebfaf6a43cec71cc9702a751934b42fe31dab73d3422e629c8110a920312aede16905374de3cd39f335", 0x59}], 0x3) (async)
syz_clone(0x810000, 0x0, 0x0, 0x0, 0x0, 0x0)
r1 = socket(0x2a, 0x2, 0x0)
sendmsg$NFT_MSG_GETTABLE(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={0x0}, 0x1, 0x0, 0x0, 0x4000}, 0x8000) (async, rerun: 32)
getsockopt$inet6_buf(r1, 0x29, 0x2e, &(0x7f0000000000)=""/245, &(0x7f0000000100)=0xf5) (rerun: 32)

kernel console output (not intermixed with test programs):

O error on dev loop7, logical block 0, async page read
[  618.874194][    C1] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  618.883394][    C1] Buffer I/O error on dev loop7, logical block 0, async page read
[  618.893293][    C1] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  618.902441][    C1] Buffer I/O error on dev loop7, logical block 0, async page read
[  618.910404][T14504] ldm_validate_partition_table(): Disk read failed.
[  618.910934][    C1] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  618.926165][    C1] Buffer I/O error on dev loop7, logical block 0, async page read
[  618.966968][T14509] Invalid logical block size (6)
[  619.017141][    C1] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  619.026390][    C1] Buffer I/O error on dev loop7, logical block 0, async page read
[  619.044232][T14508] netlink: 16 bytes leftover after parsing attributes in process `syz.4.2437'.
[  619.056399][    C1] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  619.065619][    C1] Buffer I/O error on dev loop7, logical block 0, async page read
[  619.076051][    C0] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  619.085256][    C0] Buffer I/O error on dev loop7, logical block 0, async page read
[  619.093253][T14504] Dev loop7: unable to read RDB block 0
[  619.101384][T14513] netlink: 4 bytes leftover after parsing attributes in process `syz.5.2439'.
[  619.110581][T14513] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  619.118347][T14513] batman_adv: batadv0: Removing interface: batadv_slave_1
[  619.131449][T14513] batman_adv: batadv0: Interface deactivated: virt_wifi0
[  619.138594][T14513] batman_adv: batadv0: Removing interface: virt_wifi0
[  619.151237][T14504]  loop7: unable to read partition table
[  619.171756][T14513] bond0: (slave batadv0): Releasing backup interface
[  619.179092][T14513] batadv0 (unregistering): left promiscuous mode
[  619.203596][T14504] loop7: partition table beyond EOD, truncated
[  619.211647][T14504] loop_reread_partitions: partition scan of loop7 (úùƒ-ÿà‰ü�¾CêjÌ–) failed (rc=-5)
[  619.768755][T14526] usb usb8: usbfs: process 14526 (syz.1.2442) did not claim interface 0 before use
[  619.837257][T14526] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2442'.
[  619.968194][T14532] devpts: Invalid uid '0x00000000ffffffff'
[  621.004801][T14550] netlink: 4 bytes leftover after parsing attributes in process `syz.5.2449'.
[  623.755769][   T43] usb 5-1: new high-speed USB device number 64 using dummy_hcd
[  623.836436][T14601] trusted_key: encrypted_key: insufficient parameters specified
[  624.145598][   T43] usb 5-1: Using ep0 maxpacket: 32
[  624.157379][   T43] usb 5-1: New USB device found, idVendor=0fd9, idProduct=0025, bcdDevice=29.40
[  624.185080][   T43] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  624.985801][ T1301] ieee802154 phy1 wpan1: encryption failed: -22
[  625.036881][   T43] usb 5-1: config 0 descriptor??
[  626.018634][   T43] dvb-usb: found a 'Elgato EyeTV Sat' in cold state, will try to load a firmware
[  626.029794][   T43] usb 5-1: Direct firmware load for dvb-usb-az6027-03.fw failed with error -2
[  626.039472][   T43] usb 5-1: Falling back to sysfs fallback for: dvb-usb-az6027-03.fw
[  626.685575][ T5924] usb 2-1: new high-speed USB device number 61 using dummy_hcd
[  626.885844][ T5924] usb 2-1: Using ep0 maxpacket: 32
[  626.933733][ T5924] usb 2-1: config 0 has an invalid interface number: 182 but max is 0
[  626.999466][ T5924] usb 2-1: config 0 has no interface number 0
[  627.019293][ T5924] usb 2-1: config 0 interface 182 has no altsetting 0
[  627.054653][ T5924] usb 2-1: New USB device found, idVendor=046d, idProduct=0900, bcdDevice=2a.74
[  627.076510][ T5924] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  627.106649][ T5924] usb 2-1: Product: syz
[  627.118499][ T5924] usb 2-1: Manufacturer: syz
[  627.132378][ T5924] usb 2-1: SerialNumber: syz
[  627.160185][ T5924] usb 2-1: config 0 descriptor??
[  627.181478][ T5924] gspca_main: spca500-2.14.0 probing 046d:0900
[  627.419767][ T5924] gspca_spca500: reg write: error -71
[  627.440786][ T5924] gspca_spca500: reg write: error -71
[  627.452324][ T5924] gspca_spca500: reg write: error -71
[  627.464052][ T5924] gspca_spca500: reg write: error -71
[  627.477058][ T5924] gspca_spca500: reg write: error -71
[  627.510308][ T5924] gspca_spca500: reg write: error -71
[  627.530088][ T5924] gspca_spca500: reg write: error -71
[  627.546619][ T5924] gspca_spca500: reg write: error -71
[  627.558248][ T5924] gspca_spca500: reg write: error -71
[  627.587959][ T5924] gspca_spca500: reg write: error -71
[  627.613533][ T5924] gspca_spca500: reg write: error -71
[  627.644723][ T5924] gspca_spca500: reg write: error -71
[  627.666324][ T5924] gspca_spca500: reg write: error -71
[  627.689298][ T5924] gspca_spca500: reg write: error -71
[  627.895857][ T5924] usb 2-1: USB disconnect, device number 61
[  628.782031][T14650] nfs: Deprecated parameter 'nointr'
[  628.853993][T14652] overlayfs: missing 'lowerdir'
[  629.146538][T14660] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2480'.
[  629.621595][T14669] netlink: 14601 bytes leftover after parsing attributes in process `syz.1.2482'.
[  629.644036][T14669] netlink: 'syz.1.2482': attribute type 83 has an invalid length.
[  629.956252][ T5846] usb 2-1: new high-speed USB device number 62 using dummy_hcd
[  630.164405][ T5846] usb 2-1: config 0 has an invalid interface number: 137 but max is 0
[  630.607502][ T5846] usb 2-1: config 0 has no interface number 0
[  630.630486][ T5846] usb 2-1: config 0 interface 137 altsetting 0 endpoint 0x2 has an invalid bInterval 0, changing to 7
[  630.665001][ T5846] usb 2-1: New USB device found, idVendor=2040, idProduct=b111, bcdDevice=d6.70
[  630.683477][ T5846] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  630.700654][ T5846] usb 2-1: Product: syz
[  630.709793][ T5846] usb 2-1: Manufacturer: syz
[  630.714430][ T5846] usb 2-1: SerialNumber: syz
[  630.804732][ T5846] usb 2-1: config 0 descriptor??
[  630.870382][T14692] overlayfs: missing 'lowerdir'
[  631.044319][T14687] netlink: 8 bytes leftover after parsing attributes in process `syz.5.2487'.
[  631.063641][ T5846] usb 2-1: USB disconnect, device number 62
[  631.232315][T14704] loop6: detected capacity change from 0 to 63
[  631.305830][T14704] loop6: detected capacity change from 63 to 524287999
[  631.313572][T14704] buffer_io_error: 5 callbacks suppressed
[  631.313587][T14704] Buffer I/O error on dev loop6, logical block 0, async page read
[  631.328600][T14704] Buffer I/O error on dev loop6, logical block 0, async page read
[  631.337003][T14704] Buffer I/O error on dev loop6, logical block 0, async page read
[  631.345037][T14704] Buffer I/O error on dev loop6, logical block 0, async page read
[  631.353444][T14704] Buffer I/O error on dev loop6, logical block 0, async page read
[  631.362590][T14704] Buffer I/O error on dev loop6, logical block 0, async page read
[  631.371905][T14704] Buffer I/O error on dev loop6, logical block 0, async page read
[  631.380339][T14704] Buffer I/O error on dev loop6, logical block 0, async page read
[  631.388839][T14704] ldm_validate_partition_table(): Disk read failed.
[  631.397300][T14704] Buffer I/O error on dev loop6, logical block 0, async page read
[  631.406156][T14704] Buffer I/O error on dev loop6, logical block 0, async page read
[  631.414323][T14704] Dev loop6: unable to read RDB block 0
[  631.420820][T14704]  loop6: unable to read partition table
[  631.427217][T14704] loop_reread_partitions: partition scan of loop6 (ùùÕã™YçDYÁ3-º¥QÞ{k§;éHüç
;j½¶&IÃ}TxìÔ`�+ä) failed (rc=-5)
[  631.495563][   T24] usb 1-1: new high-speed USB device number 62 using dummy_hcd
[  631.587549][T14713] netlink: 4 bytes leftover after parsing attributes in process `syz.5.2497'.
[  631.650283][   T24] usb 1-1: Using ep0 maxpacket: 8
[  631.714495][T14720] netlink: 4 bytes leftover after parsing attributes in process `syz.5.2497'.
[  631.736649][   T24] usb 1-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2d.ea
[  631.764111][   T24] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  631.811109][   T24] usb 1-1: Product: syz
[  631.830921][   T24] usb 1-1: Manufacturer: syz
[  631.910769][   T24] usb 1-1: SerialNumber: syz
[  631.916664][   T24] usb 1-1: config 0 descriptor??
[  632.188583][   T24] usb 1-1: dvb_usb_v2: found a 'TerraTec NOXON DAB Stick' in warm state
[  632.758820][T14740] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore
[  632.775898][T14740] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent
[  633.350996][ T5846] usb 2-1: new high-speed USB device number 63 using dummy_hcd
[  633.525645][ T5846] usb 2-1: Using ep0 maxpacket: 32
[  633.533903][ T5846] usb 2-1: config 0 has an invalid interface number: 151 but max is 0
[  633.546288][ T5846] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  633.567088][ T5846] usb 2-1: config 0 has no interface number 0
[  633.573712][ T5846] usb 2-1: config 0 interface 151 altsetting 0 bulk endpoint 0x8D has invalid maxpacket 528
[  633.584212][ T5846] usb 2-1: config 0 interface 151 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0
[  633.598856][ T5846] usb 2-1: config 0 interface 151 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 0
[  633.614123][ T5846] usb 2-1: New USB device found, idVendor=0403, idProduct=e548, bcdDevice=ad.d6
[  633.625511][ T5846] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  633.633769][ T5846] usb 2-1: Product: syz
[  633.638131][ T5846] usb 2-1: Manufacturer: syz
[  633.647182][ T5846] usb 2-1: SerialNumber: syz
[  633.666531][ T5846] usb 2-1: config 0 descriptor??
[  633.672611][T14746] raw-gadget.2 gadget.1: fail, usb_ep_enable returned -22
[  633.682799][ T5846] ftdi_sio 2-1:0.151: FTDI USB Serial Device converter detected
[  633.692609][ T5846] ftdi_sio ttyUSB0: unknown device type: 0xadd6
[  633.834639][   T24] dvb_usb_rtl28xxu 1-1:0.0: probe with driver dvb_usb_rtl28xxu failed with error -32
[  633.885836][  T977] usb 2-1: USB disconnect, device number 63
[  633.893558][  T977] ftdi_sio 2-1:0.151: device disconnected
[  634.010018][   T30] kauditd_printk_skb: 35 callbacks suppressed
[  634.010035][   T30] audit: type=1326 audit(1755928698.002:248): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14695 comm="syz.0.2491" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa3d1b8ebe9 code=0x7fc00000
[  634.041577][   T24] usb 1-1: USB disconnect, device number 62
[  635.657385][T14778] overlayfs: failed to resolve './file0': -2
[  636.197700][ T5170] usb 3-1: new high-speed USB device number 62 using dummy_hcd
[  636.283591][T14782] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2515'.
[  636.375780][ T5170] usb 3-1: Using ep0 maxpacket: 8
[  636.400101][ T5170] usb 3-1: unable to get BOS descriptor or descriptor too short
[  636.410142][ T5170] usb 3-1: config 4 has an invalid interface number: 146 but max is 0
[  636.421713][ T5170] usb 3-1: config 4 has no interface number 0
[  636.431523][ T5170] usb 3-1: config 4 interface 146 has no altsetting 0
[  636.446619][T14786] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore
[  636.460634][ T5170] usb 3-1: New USB device found, idVendor=13d8, idProduct=0021, bcdDevice=af.79
[  636.488314][T14786] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent
[  636.493520][ T5170] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  636.515014][ T5170] usb 3-1: Product: syz
[  636.525137][ T5170] usb 3-1: Manufacturer: syz
[  636.540194][ T5170] usb 3-1: SerialNumber: syz
[  636.605655][   T24] usb 1-1: new full-speed USB device number 63 using dummy_hcd
[  637.089410][   T24] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10
[  637.104635][T14810] dvmrp1: entered allmulticast mode
[  637.110503][   T24] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  637.124448][   T24] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 4
[  637.145570][   T24] usb 1-1: New USB device found, idVendor=056a, idProduct=005d, bcdDevice= 0.00
[  637.154754][   T24] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  637.182106][   T24] usb 1-1: config 0 descriptor??
[  637.670891][T14785] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2514'.
[  637.762093][   T24] wacom 0003:056A:005D.0019: unbalanced collection at end of report description
[  638.052530][   T24] wacom 0003:056A:005D.0019: parse failed
[  638.061308][   T24] wacom 0003:056A:005D.0019: probe with driver wacom failed with error -22
[  638.078043][   T24] usb 1-1: USB disconnect, device number 63
[  639.023043][T14834] fanotify: failed to encode fid (type=0, len=0, err=-2)
[  639.077432][ T5170] comedi comedi5: could not set alternate setting 3 in high speed
[  639.085649][ T5170] usbduxsigma 3-1:4.146: driver 'usbduxsigma' failed to auto-configure device.
[  639.098332][ T5170] usbduxsigma 3-1:4.146: probe with driver usbduxsigma failed with error -71
[  639.110580][ T5170] usb 3-1: USB disconnect, device number 62
[  639.212037][T14842] FAULT_INJECTION: forcing a failure.
[  639.212037][T14842] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  639.227240][T14842] CPU: 1 UID: 0 PID: 14842 Comm: syz.0.2533 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) 
[  639.227267][T14842] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  639.227278][T14842] Call Trace:
[  639.227286][T14842]  <TASK>
[  639.227295][T14842]  dump_stack_lvl+0x189/0x250
[  639.227322][T14842]  ? __pfx____ratelimit+0x10/0x10
[  639.227343][T14842]  ? __pfx_dump_stack_lvl+0x10/0x10
[  639.227365][T14842]  ? __pfx__printk+0x10/0x10
[  639.227389][T14842]  ? __might_fault+0xb0/0x130
[  639.227420][T14842]  should_fail_ex+0x414/0x560
[  639.227446][T14842]  _copy_from_iter+0x1db/0x16f0
[  639.227475][T14842]  ? rcu_is_watching+0x15/0xb0
[  639.227497][T14842]  ? kmem_cache_alloc_node_noprof+0x217/0x3c0
[  639.227519][T14842]  ? __pfx__copy_from_iter+0x10/0x10
[  639.227544][T14842]  ? __build_skb_around+0x257/0x3e0
[  639.227576][T14842]  ? netlink_sendmsg+0x642/0xb30
[  639.227601][T14842]  ? skb_put+0x11b/0x210
[  639.227632][T14842]  netlink_sendmsg+0x6b2/0xb30
[  639.227669][T14842]  ? __pfx_netlink_sendmsg+0x10/0x10
[  639.227705][T14842]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  639.227724][T14842]  ? __pfx_netlink_sendmsg+0x10/0x10
[  639.227752][T14842]  __sock_sendmsg+0x21c/0x270
[  639.227778][T14842]  sock_write_iter+0x258/0x330
[  639.227802][T14842]  ? __pfx_sock_write_iter+0x10/0x10
[  639.227835][T14842]  ? __lock_acquire+0xab9/0xd20
[  639.227863][T14842]  do_iter_readv_writev+0x56b/0x7f0
[  639.227887][T14842]  ? __pfx_do_iter_readv_writev+0x10/0x10
[  639.227912][T14842]  ? bpf_lsm_file_permission+0x9/0x20
[  639.227933][T14842]  ? security_file_permission+0x75/0x290
[  639.227956][T14842]  ? rw_verify_area+0x258/0x650
[  639.227988][T14842]  vfs_writev+0x31a/0x960
[  639.228016][T14842]  ? __lock_acquire+0xab9/0xd20
[  639.228035][T14842]  ? __pfx_vfs_writev+0x10/0x10
[  639.228074][T14842]  ? __fget_files+0x2a/0x420
[  639.228101][T14842]  ? __fget_files+0x3a0/0x420
[  639.228125][T14842]  ? __fget_files+0x2a/0x420
[  639.228155][T14842]  do_writev+0x14d/0x2d0
[  639.228181][T14842]  ? __pfx_do_writev+0x10/0x10
[  639.228207][T14842]  ? rcu_is_watching+0x15/0xb0
[  639.228233][T14842]  ? do_syscall_64+0xbe/0x3b0
[  639.228259][T14842]  do_syscall_64+0xfa/0x3b0
[  639.228279][T14842]  ? lockdep_hardirqs_on+0x9c/0x150
[  639.228300][T14842]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  639.228319][T14842]  ? clear_bhb_loop+0x60/0xb0
[  639.228343][T14842]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  639.228362][T14842] RIP: 0033:0x7fa3d1b8ebe9
[  639.228379][T14842] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  639.228396][T14842] RSP: 002b:00007fa3d2a41038 EFLAGS: 00000246 ORIG_RAX: 0000000000000014
[  639.228417][T14842] RAX: ffffffffffffffda RBX: 00007fa3d1db5fa0 RCX: 00007fa3d1b8ebe9
[  639.228432][T14842] RDX: 0000000000000001 RSI: 0000200000000040 RDI: 000000000000000d
[  639.228445][T14842] RBP: 00007fa3d2a41090 R08: 0000000000000000 R09: 0000000000000000
[  639.228457][T14842] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  639.228469][T14842] R13: 00007fa3d1db6038 R14: 00007fa3d1db5fa0 R15: 00007fff45d6a378
[  639.228502][T14842]  </TASK>
[  640.382117][T14854] netlink: 72 bytes leftover after parsing attributes in process `syz.0.2536'.
[  640.457094][    T9] usb 2-1: new full-speed USB device number 64 using dummy_hcd
[  640.939581][    T9] usb 2-1: unable to get BOS descriptor or descriptor too short
[  640.949395][    T9] usb 2-1: not running at top speed; connect to a high speed hub
[  640.959048][    T9] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  640.969639][    T9] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 3
[  640.982227][    T9] usb 2-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  640.991901][    T9] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  641.007420][    T9] usb 2-1: Product: syz
[  641.021219][    T9] usb 2-1: Manufacturer: syz
[  641.026417][    T9] usb 2-1: SerialNumber: syz
[  642.346183][    T9] usb 2-1: 0:2 : does not exist
[  642.458813][    T9] usb 2-1: USB disconnect, device number 64
[  642.740328][T14899] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2549'.
[  643.176230][T14912] netlink: 76 bytes leftover after parsing attributes in process `syz.2.2554'.
[  643.365504][ T5170] usb 2-1: new low-speed USB device number 65 using dummy_hcd
[  643.409657][T14920] 9pnet_fd: Insufficient options for proto=fd
[  643.652216][ T5170] usb 2-1: device descriptor read/64, error -71
[  644.271799][T14932] netlink: 92 bytes leftover after parsing attributes in process `syz.4.2562'.
[  644.445721][ T5170] usb 2-1: new low-speed USB device number 66 using dummy_hcd
[  644.585850][ T5170] usb 2-1: device descriptor read/64, error -71
[  644.698908][ T5170] usb usb2-port1: attempt power cycle
[  645.316926][T14950] netlink: 'syz.4.2568': attribute type 3 has an invalid length.
[  645.435804][ T5170] usb 2-1: new low-speed USB device number 67 using dummy_hcd
[  645.486043][ T5170] usb 2-1: device descriptor read/8, error -71
[  645.525760][ T5953] usb 3-1: new full-speed USB device number 63 using dummy_hcd
[  645.583808][T14957] 9pnet_fd: Insufficient options for proto=fd
[  645.692972][ T5953] usb 3-1: New USB device found, idVendor=09c0, idProduct=0203, bcdDevice=d3.43
[  645.705503][ T5953] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  645.727614][ T5170] usb 2-1: new low-speed USB device number 68 using dummy_hcd
[  645.747774][ T5953] usb 3-1: config 0 descriptor??
[  645.758481][ T5953] dvb-usb: found a 'Genpix SkyWalker-1 DVB-S receiver' in warm state.
[  645.785820][T14963] netlink: 20 bytes leftover after parsing attributes in process `syz.5.2573'.
[  645.816513][ T5170] usb 2-1: device descriptor read/8, error -71
[  645.886270][T14965] netlink: 28 bytes leftover after parsing attributes in process `syz.5.2574'.
[  645.926600][ T5170] usb usb2-port1: unable to enumerate USB device
[  646.229869][ T5953] gp8psk: usb out operation failed.
[  646.235753][ T5953] dvb-usb: This USB2.0 device cannot be run on a USB1.1 port. (it lacks a hardware PID filter)
[  646.263232][ T5953] dvb-usb: Genpix SkyWalker-1 DVB-S receiver error while loading driver (-19)
[  646.278371][ T5953] usb 3-1: USB disconnect, device number 63
[  646.406010][    T9] usb 1-1: new high-speed USB device number 64 using dummy_hcd
[  647.070475][    T9] usb 1-1: New USB device found, idVendor=0582, idProduct=008d, bcdDevice=7a.ac
[  647.105509][    T9] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  647.148240][    T9] usb 1-1: Product: syz
[  647.152505][    T9] usb 1-1: Manufacturer: syz
[  647.170042][    T9] usb 1-1: SerialNumber: syz
[  647.194429][    T9] usb 1-1: config 0 descriptor??
[  647.246646][    T9] usb 1-1: interface 1 not found
[  647.491200][ T5953] usb 1-1: USB disconnect, device number 64
[  647.665051][T15007] netlink: 28 bytes leftover after parsing attributes in process `syz.5.2585'.
[  647.864398][T15010] can0: slcan on ttyS3.
[  648.346581][T14984] can0 (unregistered): slcan off ttyS3.
[  648.711840][T15019] netlink: 'syz.5.2586': attribute type 12 has an invalid length.
[  648.720002][T15019] netlink: 9472 bytes leftover after parsing attributes in process `syz.5.2586'.
[  648.855517][  T977] usb 2-1: new high-speed USB device number 69 using dummy_hcd
[  649.148379][   T30] audit: type=1326 audit(1755928713.122:249): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15021 comm="syz.2.2589" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7ff7ec78ebe9 code=0x0
[  649.170047][  T977] usb 2-1: Using ep0 maxpacket: 8
[  649.190515][  T977] usb 2-1: config 148 has an invalid interface number: 144 but max is 0
[  649.207925][  T977] usb 2-1: config 148 has no interface number 0
[  649.214427][  T977] usb 2-1: config 148 interface 144 has no altsetting 0
[  649.222058][   T30] audit: type=1326 audit(1755928713.202:250): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15024 comm="syz.0.2590" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa3d1b8ebe9 code=0x7ffc0000
[  649.252776][  T977] usb 2-1: New USB device found, idVendor=03f0, idProduct=311d, bcdDevice=4a.a4
[  649.261600][T15025] dlm: plock device version mismatch: kernel (1.2.0), user (1.3.2)
[  649.271008][  T977] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  649.285489][   T30] audit: type=1326 audit(1755928713.202:251): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15024 comm="syz.0.2590" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa3d1b8ebe9 code=0x7ffc0000
[  649.315659][  T977] usb 2-1: Product: syz
[  649.326774][  T977] usb 2-1: Manufacturer: syz
[  649.331581][  T977] usb 2-1: SerialNumber: syz
[  649.353193][   T30] audit: type=1326 audit(1755928713.202:252): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15024 comm="syz.0.2590" exe="/root/syz-executor" sig=0 arch=c000003e syscall=131 compat=0 ip=0x7fa3d1b8ebe9 code=0x7ffc0000
[  649.378300][   T30] audit: type=1326 audit(1755928713.202:253): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15024 comm="syz.0.2590" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa3d1b8ebe9 code=0x7ffc0000
[  649.408762][   T30] audit: type=1326 audit(1755928713.202:254): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15024 comm="syz.0.2590" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa3d1b8ebe9 code=0x7ffc0000
[  649.585701][   T30] audit: type=1326 audit(1755928713.202:255): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15024 comm="syz.0.2590" exe="/root/syz-executor" sig=0 arch=c000003e syscall=444 compat=0 ip=0x7fa3d1b8ebe9 code=0x7ffc0000
[  650.402807][  T977] usb 2-1: USB disconnect, device number 69
[  650.461551][   T30] audit: type=1326 audit(1755928713.202:256): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15024 comm="syz.0.2590" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa3d1b8ebe9 code=0x7ffc0000
[  650.492589][   T30] audit: type=1326 audit(1755928713.202:257): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15024 comm="syz.0.2590" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa3d1b8ebe9 code=0x7ffc0000
[  650.614137][T15037] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  650.621810][T15037] syzkaller0: entered promiscuous mode
[  651.727301][ T5846] tipc: Node number set to 4163765085
[  652.226886][T15037] syzkaller0: entered allmulticast mode
[  652.312479][   T30] audit: type=1326 audit(1755928713.202:258): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15024 comm="syz.0.2590" exe="/root/syz-executor" sig=0 arch=c000003e syscall=54 compat=0 ip=0x7fa3d1b8ebe9 code=0x7ffc0000
[  652.372433][T15037] tipc: Resetting bearer <eth:syzkaller0>
[  652.404129][T15036] tipc: Resetting bearer <eth:syzkaller0>
[  652.521505][T15036] tipc: Disabling bearer <eth:syzkaller0>
[  653.541012][T15060] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  653.606075][T15063] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2598'.
[  653.713597][T15065] xt_hashlimit: max too large, truncated to 1048576
[  653.731888][T15060] netlink: 600 bytes leftover after parsing attributes in process `syz.4.2598'.
[  653.768241][T15060] netlink: 20 bytes leftover after parsing attributes in process `syz.4.2598'.
[  653.811206][T15060] netlink: 20 bytes leftover after parsing attributes in process `syz.4.2598'.
[  653.820586][T15060] netlink: 32 bytes leftover after parsing attributes in process `syz.4.2598'.
[  654.025577][ T5953] usb 1-1: new high-speed USB device number 65 using dummy_hcd
[  654.214502][ T5953] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  654.525839][ T5953] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  654.682588][ T5953] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  654.701255][ T5953] usb 1-1: Product: syz
[  654.719455][ T5953] usb 1-1: Manufacturer: syz
[  654.734323][ T5953] usb 1-1: SerialNumber: syz
[  654.788624][T15062] syz.2.2597: vmalloc error: size 268435456, failed to allocated page array size 524288, mode:0xdc2(GFP_KERNEL|__GFP_HIGHMEM|__GFP_ZERO), nodemask=(null),cpuset=syz2,mems_allowed=0-1
[  654.817497][T15062] CPU: 0 UID: 0 PID: 15062 Comm: syz.2.2597 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) 
[  654.817527][T15062] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  654.817540][T15062] Call Trace:
[  654.817549][T15062]  <TASK>
[  654.817558][T15062]  dump_stack_lvl+0x189/0x250
[  654.817591][T15062]  ? __pfx_dump_stack_lvl+0x10/0x10
[  654.817614][T15062]  ? __pfx__printk+0x10/0x10
[  654.817640][T15062]  ? cpuset_print_current_mems_allowed+0x1f/0x360
[  654.817665][T15062]  ? cpuset_print_current_mems_allowed+0x1f/0x360
[  654.817692][T15062]  ? cpuset_print_current_mems_allowed+0x2ee/0x360
[  654.817731][T15062]  warn_alloc+0x214/0x310
[  654.817761][T15062]  ? __pfx_warn_alloc+0x10/0x10
[  654.817793][T15062]  ? __get_vm_area_node+0x28f/0x300
[  654.817816][T15062]  ? __do_replace+0xb4/0xaa0
[  654.817839][T15062]  __vmalloc_node_range_noprof+0x67e/0x12f0
[  654.817860][T15062]  ? stack_depot_save_flags+0x40/0x900
[  654.817906][T15062]  ? translate_table+0x1b4d/0x1f90
[  654.817939][T15062]  ? __pfx___vmalloc_node_range_noprof+0x10/0x10
[  654.817973][T15062]  ? __do_replace+0xb4/0xaa0
[  654.817992][T15062]  vzalloc_noprof+0xb2/0xf0
[  654.818013][T15062]  ? __do_replace+0xb4/0xaa0
[  654.818034][T15062]  __do_replace+0xb4/0xaa0
[  654.818056][T15062]  ? __pfx_translate_table+0x10/0x10
[  654.818093][T15062]  ? __pfx___do_replace+0x10/0x10
[  654.818122][T15062]  ? _copy_from_user+0x94/0xb0
[  654.818155][T15062]  do_arpt_set_ctl+0xa2a/0xf10
[  654.818178][T15062]  ? __mutex_trylock_common+0x153/0x260
[  654.818205][T15062]  ? __pfx_do_arpt_set_ctl+0x10/0x10
[  654.818229][T15062]  ? rcu_is_watching+0x15/0xb0
[  654.818268][T15062]  ? __mutex_unlock_slowpath+0x1cd/0x700
[  654.818294][T15062]  ? __pfx___mutex_lock+0x10/0x10
[  654.818317][T15062]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[  654.818359][T15062]  nf_setsockopt+0x26c/0x290
[  654.818391][T15062]  ? __pfx_sock_common_setsockopt+0x10/0x10
[  654.818419][T15062]  do_sock_setsockopt+0x179/0x1b0
[  654.818452][T15062]  __x64_sys_setsockopt+0x13f/0x1b0
[  654.818487][T15062]  do_syscall_64+0xfa/0x3b0
[  654.818508][T15062]  ? lockdep_hardirqs_on+0x9c/0x150
[  654.818529][T15062]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  654.818548][T15062]  ? clear_bhb_loop+0x60/0xb0
[  654.818573][T15062]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  654.818592][T15062] RIP: 0033:0x7ff7ec78ebe9
[  654.818611][T15062] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  654.818629][T15062] RSP: 002b:00007ff7ed526038 EFLAGS: 00000246 ORIG_RAX: 0000000000000036
[  654.818651][T15062] RAX: ffffffffffffffda RBX: 00007ff7ec9b5fa0 RCX: 00007ff7ec78ebe9
[  654.818666][T15062] RDX: 0000000000000060 RSI: 0000000000000000 RDI: 0000000000000004
[  654.818679][T15062] RBP: 00007ff7ec811e19 R08: 0000000000000068 R09: 0000000000000000
[  654.818692][T15062] R10: 0000200000000180 R11: 0000000000000246 R12: 0000000000000000
[  654.818711][T15062] R13: 00007ff7ec9b6038 R14: 00007ff7ec9b5fa0 R15: 00007ffe20a04998
[  654.818744][T15062]  </TASK>
[  654.818776][T15062] Mem-Info:
[  655.135330][T15062] active_anon:4381 inactive_anon:12340 isolated_anon:0
[  655.135330][T15062]  active_file:10298 inactive_file:48047 isolated_file:0
[  655.135330][T15062]  unevictable:786 dirty:238 writeback:0
[  655.135330][T15062]  slab_reclaimable:11692 slab_unreclaimable:102340
[  655.135330][T15062]  mapped:36130 shmem:10397 pagetables:1228
[  655.135330][T15062]  sec_pagetables:0 bounce:0
[  655.135330][T15062]  kernel_misc_reclaimable:0
[  655.135330][T15062]  free:1275077 free_pcp:19695 free_cma:0
[  655.187669][T15062] Node 0 active_anon:17524kB inactive_anon:49360kB active_file:40900kB inactive_file:192188kB unevictable:1608kB isolated(anon):0kB isolated(file):0kB mapped:144436kB dirty:952kB writeback:0kB shmem:40052kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:11756kB pagetables:4664kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB
[  655.255486][T15062] Node 1 active_anon:0kB inactive_anon:0kB active_file:292kB inactive_file:0kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:84kB dirty:0kB writeback:0kB shmem:1536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:48kB pagetables:148kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB
[  655.307310][T15062] Node 0 DMA free:15360kB boost:0kB min:204kB low:252kB high:300kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[  655.343231][T15062] lowmem_reserve[]: 0 2500 2502 2502 2502
[  655.375581][ T5953] cdc_ncm 1-1:1.0: failed GET_NTB_PARAMETERS
[  655.379300][T15062] Node 0 
[  655.381660][ T5953] cdc_ncm 1-1:1.0: bind() failure
[  655.381695][T15062] DMA32 free:1185140kB boost:0kB min:34264kB low:42828kB high:51392kB reserved_highatomic:0KB free_highatomic:0KB active_anon:17520kB inactive_anon:45720kB active_file:39136kB inactive_file:192120kB unevictable:1608kB writepending:952kB present:3129332kB managed:2560996kB mlocked:0kB bounce:0kB free_pcp:67444kB local_pcp:52368kB free_cma:0kB
[  655.401993][ T5953] cdc_ncm 1-1:1.1: CDC Union missing and no IAD found
[  655.490924][ T5953] cdc_ncm 1-1:1.1: bind() failure
[  655.525871][ T5953] usb 1-1: USB disconnect, device number 65
[  655.548360][T15062] lowmem_reserve[]: 0 0 1 1 1
[  655.553264][T15062] Node 0 Normal free:20kB boost:0kB min:24kB low:28kB high:32kB reserved_highatomic:0KB free_highatomic:0KB active_anon:4kB inactive_anon:40kB active_file:1764kB inactive_file:68kB unevictable:0kB writepending:0kB present:1048580kB managed:1904kB mlocked:0kB bounce:0kB free_pcp:8kB local_pcp:8kB free_cma:0kB
[  655.584827][T15062] lowmem_reserve[]: 0 0 0 0 0
[  655.591268][T15062] Node 1 Normal free:3900204kB boost:0kB min:55612kB low:69512kB high:83412kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:292kB inactive_file:0kB unevictable:1536kB writepending:0kB present:4194300kB managed:4111164kB mlocked:0kB bounce:0kB free_pcp:16896kB local_pcp:8000kB free_cma:0kB
[  655.625539][T15062] lowmem_reserve[]: 0 0 0 0 0
[  655.630552][T15062] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB
[  655.732084][T15062] Node 0 DMA32: 501*4kB (ME) 422*8kB (ME) 119*16kB (UME) 166*32kB (UME) 87*64kB (ME) 7*128kB (ME) 7*256kB (UME) 12*512kB (UM) 13*1024kB (UM) 13*2048kB (UM) 273*4096kB (UM) = 1185140kB
[  655.778394][T15062] Node 0 Normal: 1*4kB (M) 0*8kB 1*16kB (M) 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 20kB
[  655.792883][T15062] Node 1 Normal: 199*4kB (UME) 50*8kB (UME) 38*16kB (UME) 259*32kB (UE) 83*64kB (UME) 20*128kB (UM) 7*256kB (UM) 3*512kB (ME) 2*1024kB (ME) 1*2048kB (E) 946*4096kB (UM) = 3900204kB
[  655.835707][T15062] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[  655.848683][T15062] Node 0 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB
[  655.861988][T15062] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[  655.875598][T15062] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB
[  656.147483][T15062] 64955 total pagecache pages
[  656.157134][T15062] 0 pages in swap cache
[  656.161482][T15062] Free swap  = 124996kB
[  656.165817][T15062] Total swap = 124996kB
[  656.170097][T15062] 2097051 pages RAM
[  656.174062][T15062] 0 pages HighMem/MovableOnly
[  656.283711][T15062] 424695 pages reserved
[  656.288247][T15062] 0 pages cma reserved
[  658.480576][  T977] usb 1-1: new high-speed USB device number 66 using dummy_hcd
[  658.561332][T15135] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2618'.
[  658.605719][T15135] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2618'.
[  658.677351][  T977] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  658.703988][  T977] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  658.733353][  T977] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  658.765050][  T977] usb 1-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  658.779574][  T977] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  658.811665][  T977] usb 1-1: config 0 descriptor??
[  659.189209][ T5170] usb 3-1: new high-speed USB device number 64 using dummy_hcd
[  659.325636][ T5953] usb 2-1: new high-speed USB device number 70 using dummy_hcd
[  659.345659][ T5170] usb 3-1: Using ep0 maxpacket: 16
[  659.358640][ T5170] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  659.372318][ T5170] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  659.384510][ T5170] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 3
[  659.400879][ T5170] usb 3-1: New USB device found, idVendor=0955, idProduct=7214, bcdDevice=ed.00
[  659.411635][ T5170] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  659.426328][ T5170] usb 3-1: config 0 descriptor??
[  659.431355][  T977] usbhid 1-1:0.0: can't add hid device: -71
[  659.438155][  T977] usbhid 1-1:0.0: probe with driver usbhid failed with error -71
[  659.450501][  T977] usb 1-1: USB disconnect, device number 66
[  659.485626][ T5953] usb 2-1: Using ep0 maxpacket: 8
[  659.497210][ T5953] usb 2-1: config 179 has an invalid interface number: 65 but max is 0
[  659.515546][ T5953] usb 2-1: config 179 has no interface number 0
[  659.522017][ T5953] usb 2-1: config 179 interface 65 altsetting 0 endpoint 0xF has an invalid bInterval 0, changing to 7
[  659.543666][ T5953] usb 2-1: config 179 interface 65 altsetting 0 endpoint 0xF has invalid wMaxPacketSize 0
[  659.565542][ T5953] usb 2-1: config 179 interface 65 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7
[  659.586278][ T5953] usb 2-1: config 179 interface 65 altsetting 0 endpoint 0x83 has invalid maxpacket 58368, setting to 1024
[  659.604885][ T5953] usb 2-1: config 179 interface 65 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 23
[  659.619796][ T5953] usb 2-1: New USB device found, idVendor=12ab, idProduct=90a3, bcdDevice=1e.eb
[  659.629260][ T5953] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  659.659040][ T5953] xpad 2-1:179.65: xpad_try_sending_next_out_packet - usb_submit_urb failed with result -90
[  659.671766][ T5953] xpad 2-1:179.65: probe with driver xpad failed with error -90
[  659.889294][ T5953] usb 2-1: USB disconnect, device number 70
[  660.123727][ T5170] usbhid 3-1:0.0: can't add hid device: -71
[  660.140052][ T5170] usbhid 3-1:0.0: probe with driver usbhid failed with error -71
[  660.290296][ T5170] usb 3-1: USB disconnect, device number 64
[  661.192333][T15177] ubi31: attaching mtd0
[  661.282453][T15177] ubi31: attaching mtd0
[  662.106127][T15196] netlink: 60 bytes leftover after parsing attributes in process `syz.1.2634'.
[  662.115554][T15194] netlink: 60 bytes leftover after parsing attributes in process `syz.1.2634'.
[  665.267792][T15220] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(10)
[  665.274411][T15220] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed)
[  665.282293][T15220] vhci_hcd vhci_hcd.0: Device attached
[  665.395188][T15226] 9pnet_fd: Insufficient options for proto=fd
[  665.420745][T15230] fuse: Bad value for 'user_id'
[  665.437258][T15230] fuse: Bad value for 'user_id'
[  665.483261][T15221] vhci_hcd: connection closed
[  665.483759][T13289] vhci_hcd: stop threads
[  665.494499][T13289] vhci_hcd: release socket
[  665.504793][T13289] vhci_hcd: disconnect device
[  665.537066][ T5924] usb 35-1: new high-speed USB device number 3 using vhci_hcd
[  665.554539][ T5924] usb 35-1: enqueue for inactive port 0
[  665.648256][ T5924] vhci_hcd: vhci_device speed not set
[  665.932930][T15240] trusted_key: encrypted_key: insufficient parameters specified
[  666.596503][T15247] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2652'.
[  667.366774][T15271] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2657'.
[  667.625753][  T977] usb 2-1: new high-speed USB device number 71 using dummy_hcd
[  667.805628][  T977] usb 2-1: Using ep0 maxpacket: 32
[  667.907781][T15290] trusted_key: encrypted_key: insufficient parameters specified
[  668.605559][  T977] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  668.682091][  T977] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  668.728738][  T977] usb 2-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40
[  668.895717][  T977] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  668.926659][  T977] usb 2-1: config 0 descriptor??
[  668.947768][  T977] hub 2-1:0.0: USB hub found
[  668.983748][T15294] 9pnet_fd: Insufficient options for proto=fd
[  669.139186][  T977] hub 2-1:0.0: 2 ports detected
[  669.301043][T15303] netlink: 4 bytes leftover after parsing attributes in process `syz.5.2668'.
[  669.371679][T15304] IPVS: sh: UDP 224.0.0.2:0 - no destination available
[  669.445667][ T5846] usb 1-1: new high-speed USB device number 67 using dummy_hcd
[  669.547859][  T977] usb 2-1: USB disconnect, device number 71
[  669.615708][ T5846] usb 1-1: Using ep0 maxpacket: 32
[  669.624339][ T5846] usb 1-1: config index 0 descriptor too short (expected 35577, got 27)
[  669.633040][ T5846] usb 1-1: config 1 has too many interfaces: 92, using maximum allowed: 32
[  669.642038][ T5846] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  669.652239][ T5846] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 92
[  669.661285][ T5846] usb 1-1: config 1 has no interface number 0
[  669.668367][ T5846] usb 1-1: New USB device found, idVendor=0e41, idProduct=5051, bcdDevice=d5.e8
[  669.677556][ T5846] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  669.690996][ T5846] snd_usb_pod 1-1:1.1: Line 6 Pocket POD found
[  669.920289][T15300] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  669.929162][T15300] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  670.341807][T15322] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2672'.
[  670.944445][T15336] trusted_key: encrypted_key: insufficient parameters specified
[  672.392307][T15362] netlink: 4 bytes leftover after parsing attributes in process `syz.5.2681'.
[  672.541893][T15367] 9pnet_fd: Insufficient options for proto=fd
[  672.782190][ T5846] snd_usb_pod 1-1:1.1: set_interface failed
[  672.798665][ T5846] snd_usb_pod 1-1:1.1: Line 6 Pocket POD now disconnected
[  672.820487][ T5846] snd_usb_pod 1-1:1.1: probe with driver snd_usb_pod failed with error -71
[  672.841505][ T5846] usb 1-1: USB disconnect, device number 67
[  673.295941][T15372] netlink: 12 bytes leftover after parsing attributes in process `syz.5.2684'.
[  673.716806][T15383] trusted_key: encrypted_key: insufficient parameters specified
[  674.248946][ T5910] usb 1-1: new high-speed USB device number 68 using dummy_hcd
[  675.085775][ T5910] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  675.125745][ T5910] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  675.192787][T15392] trusted_key: encrypted_key: master key parameter '00N004093' is invalid
[  675.235824][ T5910] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  675.249091][ T5910] usb 1-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  675.259679][ T5910] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  675.289061][ T5910] usb 1-1: config 0 descriptor??
[  675.681288][T15406] netlink: 16 bytes leftover after parsing attributes in process `syz.5.2693'.
[  675.947717][ T5910] usbhid 1-1:0.0: can't add hid device: -71
[  675.962441][ T5910] usbhid 1-1:0.0: probe with driver usbhid failed with error -71
[  676.016256][ T5170] usb 2-1: new high-speed USB device number 72 using dummy_hcd
[  676.016792][ T5910] usb 1-1: USB disconnect, device number 68
[  676.218170][ T5170] usb 2-1: Using ep0 maxpacket: 16
[  676.261669][ T5170] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  676.303372][ T5170] usb 2-1: New USB device found, idVendor=05e3, idProduct=0502, bcdDevice=9d.03
[  676.350666][ T5170] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  676.376617][ T5170] usb 2-1: Product: syz
[  676.380901][ T5170] usb 2-1: Manufacturer: syz
[  676.385603][ T5170] usb 2-1: SerialNumber: syz
[  676.426739][ T5170] usb 2-1: config 0 descriptor??
[  676.443279][ T5170] gl620a 2-1:0.0: probe with driver gl620a failed with error -22
[  676.715797][ T5170] usb 2-1: USB disconnect, device number 72
[  676.876212][T15420] netlink: 12 bytes leftover after parsing attributes in process `syz.5.2698'.
[  677.397956][T15427] trusted_key: encrypted_key: insufficient parameters specified
[  678.156535][T15430] netlink: 92 bytes leftover after parsing attributes in process `syz.1.2700'.
[  679.611583][T15454] netlink: 36 bytes leftover after parsing attributes in process `syz.0.2708'.
[  679.679715][T15461] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2709'.
[  679.953937][ T5170] usb 2-1: new high-speed USB device number 73 using dummy_hcd
[  680.463585][ T5170] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  680.502127][ T5170] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  680.633176][ T5170] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  680.646728][ T5170] usb 2-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  680.655994][ T5170] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  680.705031][ T5170] usb 2-1: config 0 descriptor??
[  680.856093][T15481] trusted_key: encrypted_key: insufficient parameters specified
[  682.292046][ T5170] usbhid 2-1:0.0: can't add hid device: -71
[  682.299070][ T5170] usbhid 2-1:0.0: probe with driver usbhid failed with error -71
[  682.324350][ T5170] usb 2-1: USB disconnect, device number 73
[  683.050597][T15518] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2724'.
[  684.190555][T15537] trusted_key: encrypted_key: insufficient parameters specified
[  684.946074][   T30] kauditd_printk_skb: 59 callbacks suppressed
[  684.946091][   T30] audit: type=1326 audit(1755929516.926:318): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15545 comm="syz.5.2731" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6a81d8ebe9 code=0x7ffc0000
[  685.065121][   T30] audit: type=1326 audit(1755929516.926:319): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15545 comm="syz.5.2731" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f6a81d8ebe9 code=0x7ffc0000
[  685.102274][   T30] audit: type=1326 audit(1755929516.926:320): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15545 comm="syz.5.2731" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6a81d8ebe9 code=0x7ffc0000
[  685.204325][   T30] audit: type=1326 audit(1755929516.926:321): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15545 comm="syz.5.2731" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6a81d8ebe9 code=0x7ffc0000
[  685.283868][   T30] audit: type=1326 audit(1755929516.926:322): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15545 comm="syz.5.2731" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f6a81d8ebe9 code=0x7ffc0000
[  685.337809][   T30] audit: type=1326 audit(1755929516.926:323): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15545 comm="syz.5.2731" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6a81d8ebe9 code=0x7ffc0000
[  685.391484][   T30] audit: type=1326 audit(1755929516.926:324): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15545 comm="syz.5.2731" exe="/root/syz-executor" sig=0 arch=c000003e syscall=54 compat=0 ip=0x7f6a81d8ebe9 code=0x7ffc0000
[  685.450456][   T30] audit: type=1326 audit(1755929516.926:325): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15545 comm="syz.5.2731" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6a81d8ebe9 code=0x7ffc0000
[  685.557190][   T30] audit: type=1326 audit(1755929516.926:326): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15545 comm="syz.5.2731" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6a81d8ebe9 code=0x7ffc0000
[  685.605717][   T30] audit: type=1326 audit(1755929516.926:327): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15545 comm="syz.5.2731" exe="/root/syz-executor" sig=0 arch=c000003e syscall=54 compat=0 ip=0x7f6a81d8ebe9 code=0x7ffc0000
[  685.757602][ T1301] ieee802154 phy1 wpan1: encryption failed: -22
[  685.904834][    T9] usb 3-1: new high-speed USB device number 65 using dummy_hcd
[  685.983376][T15563] netlink: 'syz.5.2735': attribute type 18 has an invalid length.
[  686.042884][T15563] netdevsim netdevsim5 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0
[  686.051900][T15563] netdevsim netdevsim5 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0
[  686.060951][T15563] netdevsim netdevsim5 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0
[  686.069855][T15563] netdevsim netdevsim5 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0
[  686.119108][    T9] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  686.131366][    T9] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  686.146720][    T9] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  686.161030][    T9] usb 3-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  686.175878][    T9] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  686.192235][T15553] syz.0.2732 (15553): drop_caches: 2
[  686.212093][    T9] usb 3-1: config 0 descriptor??
[  686.919927][T15580] trusted_key: encrypted_key: insufficient parameters specified
[  687.264780][    T9] usbhid 3-1:0.0: can't add hid device: -71
[  687.288198][    T9] usbhid 3-1:0.0: probe with driver usbhid failed with error -71
[  687.312584][ T5846] usb 2-1: new high-speed USB device number 74 using dummy_hcd
[  687.342132][    T9] usb 3-1: USB disconnect, device number 65
[  687.487459][ T5846] usb 2-1: New USB device found, idVendor=17e9, idProduct=8b4e, bcdDevice=9c.08
[  687.597913][ T5846] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  687.831473][ T5846] usb 2-1: config 0 descriptor??
[  688.117273][ T5846] udl 2-1:0.0: [drm] Unrecognized vendor firmware descriptor
[  688.843415][T15618] netdevsim netdevsim0 netdevsim0: entered promiscuous mode
[  688.850994][T15618] netdevsim netdevsim0 netdevsim0: left allmulticast mode
[  688.858318][T15618] A link change request failed with some changes committed already. Interface netdevsim0 may have been left with an inconsistent configuration, please check.
[  689.054293][T15621] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2749'.
[  690.250438][T15634] overlayfs: failed to clone upperpath
[  690.494525][T15637] trusted_key: encrypted_key: insufficient parameters specified
[  691.223412][   T43] dvb-usb: did not find the firmware file 'dvb-usb-az6027-03.fw' (status -110). You can use <kernel_dir>/scripts/get_dvb_firmware to get the firmware
[  691.637814][   T43] dvb_usb_az6027 5-1:0.0: probe with driver dvb_usb_az6027 failed with error -110
[  691.647984][ T5846] [drm:udl_init] *ERROR* Selecting channel failed
[  691.669228][   T43] usb 5-1: USB disconnect, device number 64
[  691.681714][ T5846] [drm] Initialized udl 0.0.1 for 2-1:0.0 on minor 2
[  691.693150][ T5846] [drm] Initialized udl on minor 2
[  691.713510][ T5846] udl 2-1:0.0: [drm] *ERROR* Read EDID byte 0 failed err ffffffb9
[  691.722525][ T5846] udl 2-1:0.0: [drm] Cannot find any crtc or sizes
[  691.733740][ T5170] udl 2-1:0.0: [drm] *ERROR* Read EDID byte 0 failed err ffffffb9
[  691.743761][ T5846] usb 2-1: USB disconnect, device number 74
[  691.753239][T15643] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2755'.
[  691.769870][ T5170] udl 2-1:0.0: [drm] Cannot find any crtc or sizes
[  691.833309][T15649] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2755'.
[  691.858665][T15651] netlink: 12 bytes leftover after parsing attributes in process `syz.5.2758'.
[  692.187849][  T977] usb 1-1: new high-speed USB device number 69 using dummy_hcd
[  692.322210][T15662] sd 0:0:1:0: ioctl_internal_command: ILLEGAL REQUEST asc=0x20 ascq=0x0
[  693.287951][  T977] usb 1-1: Using ep0 maxpacket: 32
[  693.549622][  T977] usb 1-1: config 0 has an invalid interface number: 235 but max is 0
[  693.559248][  T977] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  693.570287][  T977] usb 1-1: config 0 has 2 interfaces, different from the descriptor's value: 1
[  693.580081][  T977] usb 1-1: config 0 has no interface number 1
[  693.586296][  T977] usb 1-1: config 0 interface 235 altsetting 0 endpoint 0x1 has invalid maxpacket 1024, setting to 64
[  693.598370][  T977] usb 1-1: config 0 interface 235 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  694.119578][  T977] usb 1-1: New USB device found, idVendor=085a, idProduct=0009, bcdDevice=a3.47
[  694.129084][  T977] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  694.137312][  T977] usb 1-1: Product: syz
[  694.141652][  T977] usb 1-1: Manufacturer: syz
[  694.146310][  T977] usb 1-1: SerialNumber: syz
[  694.173869][  T977] usb 1-1: config 0 descriptor??
[  694.232047][T15664] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2763'.
[  694.416484][T15654] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  694.432547][T15675] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off.
[  694.445377][T15654] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  694.462086][T15654] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  694.485824][T15654] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  694.522567][T15654] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  694.531718][T15654] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  694.540666][T15654] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  694.611643][T15654] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  694.659306][T15654] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  694.711195][T15654] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  694.744188][  T977] kaweth 1-1:0.235: Firmware present in device.
[  694.859876][T15684] trusted_key: encrypted_key: insufficient parameters specified
[  695.357179][  T977] kaweth 1-1:0.235: Error reading configuration (-71), no net device created
[  695.381198][  T977] kaweth 1-1:0.235: probe with driver kaweth failed with error -5
[  695.444591][T15690] binder: 15689:15690 ioctl c0306201 0 returned -14
[  695.453324][  T977] kaweth 1-1:0.0: Firmware present in device.
[  695.470348][  T977] kaweth 1-1:0.0: Error reading configuration (-71), no net device created
[  695.494129][  T977] kaweth 1-1:0.0: probe with driver kaweth failed with error -5
[  695.509591][  T977] usb 1-1: USB disconnect, device number 69
[  695.605047][T15692] syz.5.2772 (15692) used greatest stack depth: 17992 bytes left
[  695.936553][ T5910] usb 3-1: new full-speed USB device number 66 using dummy_hcd
[  695.990879][    C0] ip6_tunnel: ip6gre1 xmit: Local address not yet configured!
[  696.062744][T15708] overlayfs: "xino=on" is useless with all layers on same fs, ignore.
[  696.103273][ T5910] usb 3-1: config 252 has an invalid interface number: 107 but max is 0
[  696.123878][ T5910] usb 3-1: config 252 has no interface number 0
[  697.768739][ T5910] usb 3-1: config 252 interface 107 altsetting 0 endpoint 0x83 has invalid wMaxPacketSize 0
[  697.810880][ T5910] usb 3-1: config 252 interface 107 altsetting 0 endpoint 0x8A has invalid wMaxPacketSize 0
[  697.862274][ T5910] usb 3-1: New USB device found, idVendor=10f0, idProduct=2002, bcdDevice=d7.67
[  697.898667][ T5910] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  697.906800][ T5910] usb 3-1: Product: syz
[  697.937363][ T5910] usb 3-1: Manufacturer: syz
[  697.952571][ T5910] usb 3-1: SerialNumber: syz
[  698.885702][ T5910] usb 3-1: USB disconnect, device number 66
[  699.423394][T15732] trusted_key: encrypted_key: insufficient parameters specified
[  700.009254][T15729] netlink: 8 bytes leftover after parsing attributes in process `syz.5.2784'.
[  700.651756][T15734] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2785'.
[  700.726509][T15738] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2785'.
[  701.061243][T15746] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore
[  701.070208][T15746] overlayfs: missing 'lowerdir'
[  703.238206][T15784] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2801'.
[  704.659610][ T5846] usb 3-1: new high-speed USB device number 67 using dummy_hcd
[  704.771783][T15807] netlink: 96 bytes leftover after parsing attributes in process `syz.5.2807'.
[  704.830830][ T5846] usb 3-1: Using ep0 maxpacket: 8
[  704.838251][ T5846] usb 3-1: config 150 has an invalid interface number: 204 but max is 1
[  704.849518][ T5846] usb 3-1: config 150 has no interface number 0
[  704.856708][ T5846] usb 3-1: config 150 interface 204 has no altsetting 0
[  704.871889][ T5846] usb 3-1: config 150 interface 1 has no altsetting 0
[  704.885102][ T5846] usb 3-1: New USB device found, idVendor=04e2, idProduct=1424, bcdDevice=c7.eb
[  704.898390][ T5846] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  704.907468][ T5846] usb 3-1: Product: syz
[  704.912177][ T5846] usb 3-1: Manufacturer: syz
[  704.916884][ T5846] usb 3-1: SerialNumber: syz
[  704.971534][T15815] netlink: 4 bytes leftover after parsing attributes in process `syz.5.2809'.
[  704.999953][   T43] usb 2-1: new high-speed USB device number 75 using dummy_hcd
[  705.144341][T15815] erspan0: entered promiscuous mode
[  705.159582][   T43] usb 2-1: Using ep0 maxpacket: 16
[  705.174533][   T43] usb 2-1: config 1 interface 0 altsetting 13 has 2 endpoint descriptors, different from the interface descriptor's value: 1
[  705.188079][   T43] usb 2-1: config 1 interface 0 has no altsetting 0
[  705.233778][T15815] macvtap0: entered promiscuous mode
[  705.255773][   T43] usb 2-1: New USB device found, idVendor=046d, idProduct=c216, bcdDevice= 0.40
[  705.258356][T15815] macvtap0: entered allmulticast mode
[  705.266190][   T43] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  705.286525][ T5846] xr_serial 3-1:150.204: xr_serial converter detected
[  705.293484][T15815] erspan0: entered allmulticast mode
[  705.297666][   T43] usb 2-1: Product: �
[  705.303296][   T43] usb 2-1: Manufacturer: 텠ꘛ듴쳀뱥敹䧬䚇慙虼׋㸉
[  705.313464][   T43] usb 2-1: SerialNumber: ⦞渣ê埘䄋莟鈱מּ꒪蹗ⓖ㭷䓜੉�褵⦤⶘쳘ᔫ﻽蹅Ꚃⶈ뉀鑫䌯�ᖜ﬛䎑䪹⾔�ꨆ賤�辔�樸ស膑⹌塯줽鈿⃋Ѽ൨�븺�⭋餦沘ಙਰ맮죻�岪⸙⯅늟骧悧�劕緕㊊ꋘᲷ�
[  705.391255][T15797] netlink: 16402 bytes leftover after parsing attributes in process `syz.2.2803'.
[  705.981499][   T43] usbhid 2-1:1.0: can't add hid device: -71
[  706.000367][   T43] usbhid 2-1:1.0: probe with driver usbhid failed with error -71
[  706.051210][   T43] usb 2-1: USB disconnect, device number 75
[  706.113749][ T5846] xr_serial ttyUSB0: Failed to set reg 0x0e: -71
[  706.128735][ T5846] xr_serial ttyUSB0: probe with driver xr_serial failed with error -71
[  706.175665][ T5846] usb 3-1: USB disconnect, device number 67
[  706.197840][ T5846] xr_serial 3-1:150.204: device disconnected
[  706.205591][T15831] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2812'.
[  706.593788][T15838] mac80211_hwsim hwsim6 wlan0: entered promiscuous mode
[  707.494150][T15838] mac80211_hwsim hwsim6 wlan0: entered allmulticast mode
[  707.518816][T15838] A link change request failed with some changes committed already. Interface wlan0 may have been left with an inconsistent configuration, please check.
[  708.290871][T14837] usb 2-1: new high-speed USB device number 76 using dummy_hcd
[  708.563210][T14837] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  708.685330][T14837] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  708.798481][T14837] usb 2-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40
[  708.808827][T14837] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  708.929536][T14837] usb 2-1: config 0 descriptor??
[  709.039184][T15875] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2825'.
[  709.048658][ T5924] usb 5-1: new high-speed USB device number 65 using dummy_hcd
[  709.744352][T15878] usb usb1: usbfs: interface 0 claimed by hub while 'syz.1.2819' sets config #1
[  709.759898][ T5924] usb 5-1: Using ep0 maxpacket: 32
[  709.811752][ T5924] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  709.877748][ T5924] usb 5-1: New USB device found, idVendor=0c72, idProduct=000c, bcdDevice=d4.09
[  709.887902][ T5924] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  709.896882][ T5924] usb 5-1: Product: syz
[  709.924851][ T5924] usb 5-1: Manufacturer: syz
[  709.980089][T14837] usbhid 2-1:0.0: can't add hid device: -71
[  709.987698][T14837] usbhid 2-1:0.0: probe with driver usbhid failed with error -71
[  709.995736][ T5924] usb 5-1: SerialNumber: syz
[  710.062140][T14837] usb 2-1: USB disconnect, device number 76
[  710.065600][ T5924] usb 5-1: config 0 descriptor??
[  710.371405][ T5924] peak_usb 5-1:0.0 can0: sending cmd f=0x6 n=0x1 failure: -22
[  710.401212][ T5924] peak_usb 5-1:0.0: unable to read PCAN-USB serial number (err -22)
[  710.445839][T15888] veth0: entered promiscuous mode
[  710.500929][ T5924] peak_usb 5-1:0.0: probe with driver peak_usb failed with error -22
[  710.535627][ T5924] usb 5-1: USB disconnect, device number 65
[  710.721560][ T5846] usb 3-1: new full-speed USB device number 68 using dummy_hcd
[  710.880166][ T5910] usb 1-1: new high-speed USB device number 70 using dummy_hcd
[  710.883190][ T5846] usb 3-1: config 1 has an invalid descriptor of length 116, skipping remainder of the config
[  710.904428][ T5846] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 3
[  710.919075][ T5846] usb 3-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  710.932736][ T5846] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  710.941401][ T5846] usb 3-1: Product: syz
[  710.946532][ T5846] usb 3-1: Manufacturer: syz
[  710.951907][ T5846] usb 3-1: SerialNumber: syz
[  711.042773][ T5910] usb 1-1: unable to get BOS descriptor or descriptor too short
[  711.055096][ T5910] usb 1-1: config 1 interface 0 has no altsetting 0
[  711.067168][ T5910] usb 1-1: New USB device found, idVendor=07c0, idProduct=1125, bcdDevice= 0.40
[  711.078856][ T5910] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  711.087897][ T5910] usb 1-1: Product: syz
[  711.094553][ T5910] usb 1-1: Manufacturer: syz
[  711.099312][ T5910] usb 1-1: SerialNumber: syz
[  711.166296][ T5846] usb 3-1: 0:2 : does not exist
[  711.188685][ T5846] usb 3-1: 5:0: failed to get current value for ch 0 (-22)
[  711.201892][T15886] veth0: left promiscuous mode
[  711.241143][ T5924] usb 2-1: new high-speed USB device number 77 using dummy_hcd
[  711.248741][ T5846] usb 3-1: USB disconnect, device number 68
[  711.325086][ T5910] usbhid 1-1:1.0: can't add hid device: -71
[  711.337129][ T5910] usbhid 1-1:1.0: probe with driver usbhid failed with error -71
[  711.348134][ T5910] usb 1-1: USB disconnect, device number 70
[  711.411852][ T5924] usb 2-1: config 0 has an invalid interface number: 1 but max is 0
[  711.420310][ T5924] usb 2-1: config 0 has no interface number 0
[  711.426615][ T5924] usb 2-1: config 0 interface 1 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  711.438035][ T5924] usb 2-1: config 0 interface 1 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  711.449314][ T5924] usb 2-1: New USB device found, idVendor=04d9, idProduct=a055, bcdDevice= 0.18
[  711.459734][ T5924] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  711.472202][ T5924] usb 2-1: config 0 descriptor??
[  711.695420][ T5924] input: HID 04d9:a055 as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.1/0003:04D9:A055.001A/input/input46
[  711.800546][ T5924] holtek_kbd 0003:04D9:A055.001A: input,hidraw0: USB HID v0.00 Keyboard [HID 04d9:a055] on usb-dummy_hcd.1-1/input1
[  711.843042][T15926] kvm: requested 4190 ns i8254 timer period limited to 200000 ns
[  711.869764][T15926] kvm: pic: non byte read
[  711.887965][T15926] kvm: pic: level sensitive irq not supported
[  711.888547][T15926] kvm: pic: non byte read
[  711.909213][ T5924] usb 2-1: USB disconnect, device number 77
[  711.928006][T15926] kvm: pic: level sensitive irq not supported
[  711.928348][T15926] kvm: pic: non byte read
[  711.941756][T15926] kvm: pic: level sensitive irq not supported
[  711.942090][T15926] kvm: pic: non byte read
[  711.974969][T15926] kvm: pic: level sensitive irq not supported
[  711.975492][T15926] kvm: pic: non byte read
[  711.998577][T15926] kvm: pic: level sensitive irq not supported
[  711.998737][T15926] kvm: pic: non byte read
[  712.004948][T15931] netfs: Couldn't get user pages (rc=-14)
[  712.391588][T15937] sp0: Synchronizing with TNC
[  712.742057][T15936] [U] è
[  712.840363][ T5924] usb 2-1: new high-speed USB device number 78 using dummy_hcd
[  712.870711][ T5910] usb 3-1: new high-speed USB device number 69 using dummy_hcd
[  713.300910][ T5924] usb 2-1: Using ep0 maxpacket: 32
[  713.308406][ T5924] usb 2-1: config 2 has an invalid interface number: 66 but max is 0
[  713.323518][ T5924] usb 2-1: config 2 has no interface number 0
[  713.329753][ T5924] usb 2-1: config 2 interface 66 altsetting 0 endpoint 0xC has an invalid bInterval 0, changing to 7
[  713.342924][ T5924] usb 2-1: config 2 interface 66 altsetting 0 endpoint 0xC has invalid wMaxPacketSize 0
[  713.356868][ T5924] usb 2-1: New USB device found, idVendor=046d, idProduct=08c6, bcdDevice= b.5d
[  713.372047][ T5924] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  713.380344][ T5924] usb 2-1: Product: syz
[  713.384616][ T5910] usb 3-1: Using ep0 maxpacket: 32
[  713.389838][ T5924] usb 2-1: Manufacturer: syz
[  713.394760][ T5924] usb 2-1: SerialNumber: syz
[  713.401730][ T5910] usb 3-1: unable to get BOS descriptor or descriptor too short
[  713.416529][ T5910] usb 3-1: config 1 interface 0 has no altsetting 0
[  713.424726][ T5924] usb 2-1: Found UVC 0.00 device syz (046d:08c6)
[  713.431621][ T5924] usb 2-1: No valid video chain found.
[  713.439912][ T5910] usb 3-1: New USB device found, idVendor=05ac, idProduct=0230, bcdDevice= 0.40
[  713.458837][ T5910] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  713.468692][ T5910] usb 3-1: Product: syz
[  713.473374][ T5910] usb 3-1: Manufacturer: syz
[  713.477009][T15960] No such timeout policy "syz0"
[  713.478101][ T5910] usb 3-1: SerialNumber: syz
[  713.494001][T15961] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2850'.
[  713.503911][T15960] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2850'.
[  713.704536][ T5910] input: bcm5974 as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:1.0/input/input47
[  713.733271][ T5194] bcm5974 3-1:1.0: could not read from device
[  713.746458][ T5194] bcm5974 3-1:1.0: could not read from device
[  713.753815][ T5910] usb 3-1: USB disconnect, device number 69
[  713.867952][    T9] usb 2-1: USB disconnect, device number 78
[  714.150464][ T5924] usb 1-1: new high-speed USB device number 71 using dummy_hcd
[  714.299442][T15994] netlink: 'syz.2.2859': attribute type 3 has an invalid length.
[  714.323123][T15994] netlink: 201372 bytes leftover after parsing attributes in process `syz.2.2859'.
[  714.348844][ T5924] usb 1-1: device descriptor read/64, error -71
[  714.606378][ T5924] usb 1-1: new high-speed USB device number 72 using dummy_hcd
[  714.629517][T16006] btrfs: Unexpected value for 'acl'
[  714.654861][T16006] netlink: 24 bytes leftover after parsing attributes in process `syz.1.2862'.
[  714.762812][ T5924] usb 1-1: device descriptor read/64, error -71
[  714.891239][ T5924] usb usb1-port1: attempt power cycle
[  716.688858][ T5924] usb 1-1: new high-speed USB device number 73 using dummy_hcd
[  716.854136][ T5924] usb 1-1: device descriptor read/8, error -71
[  717.150877][ T5924] usb 1-1: new high-speed USB device number 74 using dummy_hcd
[  717.206021][T16039] netlink: 48 bytes leftover after parsing attributes in process `syz.0.2873'.
[  717.215207][T16039] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2873'.
[  717.226163][T16039] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2873'.
[  717.381406][ T5924] usb 1-1: device not accepting address 74, error -71
[  717.388608][ T5924] usb usb1-port1: unable to enumerate USB device
[  718.410312][T16058] QAT: failed to copy from user.
[  718.439281][T16061] netlink: 92 bytes leftover after parsing attributes in process `syz.1.2878'.
[  718.647310][T16062] netlink: 56 bytes leftover after parsing attributes in process `syz.1.2878'.
[  720.008527][T16071] sch_tbf: burst 19872 is lower than device lo mtu (65550) !
[  720.051531][T16073] sch_tbf: burst 19872 is lower than device lo mtu (65550) !
[  720.066705][T16072] hugetlbfs: Bad value '%' for mount option 'size'
[  720.066705][T16072] 
[  720.242442][T16081] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2887'.
[  725.654741][T16123] netlink: 20 bytes leftover after parsing attributes in process `syz.1.2897'.
[  726.038716][T16134] netlink: 8 bytes leftover after parsing attributes in process `syz.5.2901'.
[  726.051747][T16134] netlink: 4 bytes leftover after parsing attributes in process `syz.5.2901'.
[  726.271909][   T43] usb 5-1: new high-speed USB device number 66 using dummy_hcd
[  726.612275][T16145] ref_ctr_offset mismatch. inode: 0xb72 offset: 0x0 ref_ctr_offset(old): 0x200000000000 ref_ctr_offset(new): 0x0
[  727.122583][   T43] usb 5-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[  727.147511][   T43] usb 5-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47
[  727.176530][   T43] usb 5-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[  727.196333][T16150] netlink: 'syz.2.2907': attribute type 64 has an invalid length.
[  727.210221][   T43] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  727.273294][T16155] netlink: 'syz.2.2907': attribute type 4 has an invalid length.
[  727.276145][T16150] netlink: 164 bytes leftover after parsing attributes in process `syz.2.2907'.
[  727.324959][T16132] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22
[  727.532445][   T43] usb 5-1: Quirk or no altset; falling back to MIDI 1.0
[  727.747703][    T9] usb 5-1: USB disconnect, device number 66
[  728.008848][ T3469] netdevsim netdevsim5 netdevsim3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  728.061170][ T3469] netdevsim netdevsim5 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  728.246221][ T3469] netdevsim netdevsim5 netdevsim2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  728.266912][ T3469] netdevsim netdevsim5 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  728.517057][ T5158] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  728.529033][ T5158] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  728.566945][ T5158] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  728.737697][ T5158] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  728.752709][ T5158] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  728.905216][ T5840] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  728.915290][ T5840] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  728.925254][ T5840] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  728.941693][ T5840] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  728.969178][ T5840] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  729.022229][ T3469] netdevsim netdevsim5 netdevsim1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  729.041925][ T3469] netdevsim netdevsim5 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  729.063293][T16186] netlink: 'syz.2.2916': attribute type 3 has an invalid length.
[  729.296466][ T5846] usb 5-1: new high-speed USB device number 67 using dummy_hcd
[  729.334074][ T3469] netdevsim netdevsim5 netdevsim0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  729.352303][ T3469] netdevsim netdevsim5 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  729.652119][T16200] netlink: 32 bytes leftover after parsing attributes in process `syz.2.2919'.
[  729.662316][T16200] netlink: 28 bytes leftover after parsing attributes in process `syz.2.2919'.
[  729.774357][ T5924] usb 2-1: new high-speed USB device number 80 using dummy_hcd
[  730.056050][ T5924] usb 2-1: Using ep0 maxpacket: 16
[  730.093354][ T5846] usb 5-1: Using ep0 maxpacket: 32
[  730.098260][ T5924] usb 2-1: config 1 contains an unexpected descriptor of type 0x2, skipping
[  730.112530][ T5846] usb 5-1: config 4 has an invalid interface number: 3 but max is 0
[  730.116012][ T5924] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  730.120682][ T5846] usb 5-1: config 4 contains an unexpected descriptor of type 0x1, skipping
[  730.166440][ T5924] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 3
[  730.190947][ T5924] usb 2-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  730.221994][ T5924] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  730.256985][ T5846] usb 5-1: config 4 has no interface number 0
[  730.263268][ T5846] usb 5-1: config 4 interface 3 altsetting 9 endpoint 0x7 has invalid maxpacket 1536, setting to 64
[  730.265087][ T5924] usb 2-1: Product: syz
[  730.274755][ T5846] usb 5-1: config 4 interface 3 altsetting 9 endpoint 0x6 has invalid maxpacket 512, setting to 64
[  730.274790][ T5846] usb 5-1: config 4 interface 3 altsetting 9 endpoint 0x9 has an invalid bInterval 64, changing to 7
[  730.274817][ T5846] usb 5-1: config 4 interface 3 altsetting 9 endpoint 0xA has invalid maxpacket 1023, setting to 64
[  730.274855][ T5846] usb 5-1: config 4 interface 3 altsetting 9 has a duplicate endpoint with address 0xA, skipping
[  730.274876][ T5846] usb 5-1: config 4 interface 3 altsetting 9 has an invalid descriptor for endpoint zero, skipping
[  730.274902][ T5846] usb 5-1: config 4 interface 3 altsetting 9 has a duplicate endpoint with address 0x7, skipping
[  730.274923][ T5846] usb 5-1: config 4 interface 3 altsetting 9 endpoint 0xB has invalid maxpacket 1023, setting to 64
[  730.310109][ T5924] usb 2-1: Manufacturer: syz
[  730.367268][ T5924] usb 2-1: SerialNumber: syz
[  730.409364][ T5846] usb 5-1: config 4 interface 3 has no altsetting 0
[  730.430320][ T5846] usb 5-1: New USB device found, idVendor=19d2, idProduct=0133, bcdDevice=fa.e0
[  730.462434][ T5846] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  730.491007][ T5846] usb 5-1: Product: syz
[  730.502410][ T5846] usb 5-1: Manufacturer: syz
[  730.507055][ T5846] usb 5-1: SerialNumber: syz
[  730.535034][ T3469] bridge_slave_1: left promiscuous mode
[  730.544496][ T3469] bridge0: port 2(bridge_slave_1) entered disabled state
[  730.571236][ T3469] bridge_slave_0: left allmulticast mode
[  730.582528][ T3469] bridge_slave_0: left promiscuous mode
[  730.598626][ T3469] bridge0: port 1(bridge_slave_0) entered disabled state
[  730.839437][T16197] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  730.866539][T16197] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  730.910154][T16197] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[  730.960622][ T5846] usb 5-1: USB disconnect, device number 67
[  731.033754][ T5840] Bluetooth: hci0: command tx timeout
[  731.046568][ T5924] usb 2-1: 0:2 : does not exist
[  731.076822][ T5924] usb 2-1: 1:0: cannot get min/max values for control 4 (id 1)
[  731.086190][T16221] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  731.147424][ T5924] usb 2-1: USB disconnect, device number 80
[  731.277880][ T3469] erspan0 (unregistering): left allmulticast mode
[  731.608186][ T3469] dvmrp1 (unregistering): left allmulticast mode
[  732.029291][T16239] netlink: 12 bytes leftover after parsing attributes in process `syz.4.2930'.
[  733.112940][ T5840] Bluetooth: hci0: command tx timeout
[  733.635409][ T3469] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  733.644437][ T3469] bond_slave_0: left promiscuous mode
[  733.651936][ T3469] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  733.662942][ T3469] bond0 (unregistering): (slave team0): Releasing backup interface
[  733.675963][ T3469] team0: left promiscuous mode
[  733.681051][ T3469] team_slave_0: left promiscuous mode
[  733.688389][ T3469] team_slave_1: left promiscuous mode
[  733.695909][ T3469] bond0 (unregistering): Released all slaves
[  733.730484][T16176] chnl_net:caif_netlink_parms(): no params data found
[  734.176725][T16269] overlay: Unknown parameter 'y^\@\+\'
[  734.347649][T16272] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2936'.
[  735.202099][ T5840] Bluetooth: hci0: command tx timeout
[  735.249870][T16176] bridge0: port 1(bridge_slave_0) entered blocking state
[  735.266282][T16176] bridge0: port 1(bridge_slave_0) entered disabled state
[  735.295355][T16176] bridge_slave_0: entered allmulticast mode
[  735.372219][T16176] bridge_slave_0: entered promiscuous mode
[  735.888838][T16282] bond0: left promiscuous mode
[  735.896851][T16282] bond_slave_0: left promiscuous mode
[  735.906374][T16285] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  735.920494][T16285] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  735.929805][T16282] bond_slave_1: left promiscuous mode
[  735.938989][T16282] 8021q: adding VLAN 0 to HW filter on device bond0
[  735.956437][T16282] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  735.972399][T16176] bridge0: port 2(bridge_slave_1) entered blocking state
[  736.034977][T16176] bridge0: port 2(bridge_slave_1) entered disabled state
[  736.052497][T16176] bridge_slave_1: entered allmulticast mode
[  736.078793][T16176] bridge_slave_1: entered promiscuous mode
[  736.153223][  T977] usb 2-1: new high-speed USB device number 81 using dummy_hcd
[  736.225620][T16176] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  736.246503][T16305] FAULT_INJECTION: forcing a failure.
[  736.246503][T16305] name failslab, interval 1, probability 0, space 0, times 0
[  736.264984][T16305] CPU: 0 UID: 0 PID: 16305 Comm: syz.2.2947 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) 
[  736.265014][T16305] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  736.265026][T16305] Call Trace:
[  736.265034][T16305]  <TASK>
[  736.265043][T16305]  dump_stack_lvl+0x189/0x250
[  736.265071][T16305]  ? __pfx____ratelimit+0x10/0x10
[  736.265092][T16305]  ? __pfx_dump_stack_lvl+0x10/0x10
[  736.265114][T16305]  ? __pfx__printk+0x10/0x10
[  736.265145][T16305]  ? __pfx___might_resched+0x10/0x10
[  736.265166][T16305]  ? fs_reclaim_acquire+0x7d/0x100
[  736.265195][T16305]  should_fail_ex+0x414/0x560
[  736.265222][T16305]  should_failslab+0xa8/0x100
[  736.265245][T16305]  __kmalloc_cache_noprof+0x70/0x3d0
[  736.265265][T16305]  ? binder_transaction+0x1736/0x6470
[  736.265299][T16305]  binder_transaction+0x1736/0x6470
[  736.265335][T16305]  ? ima_match_policy+0x10b/0x2150
[  736.265364][T16305]  ? register_lock_class+0x51/0x320
[  736.265400][T16305]  ? __lock_acquire+0xab9/0xd20
[  736.265438][T16305]  ? __lock_acquire+0xab9/0xd20
[  736.265461][T16305]  ? __pfx_binder_transaction+0x10/0x10
[  736.265497][T16305]  ? __lock_acquire+0xab9/0xd20
[  736.265526][T16305]  ? __might_fault+0xb0/0x130
[  736.265567][T16305]  binder_ioctl_write_read+0xd6a/0xa000
[  736.265606][T16305]  ? is_bpf_text_address+0x26/0x2b0
[  736.265623][T16305]  ? kernel_text_address+0xa5/0xe0
[  736.265647][T16305]  ? __pfx_stack_trace_consume_entry+0x10/0x10
[  736.265679][T16305]  ? __pfx_binder_ioctl_write_read+0x10/0x10
[  736.265706][T16305]  ? stack_trace_save+0x9c/0xe0
[  736.265727][T16305]  ? stack_depot_save_flags+0x40/0x900
[  736.265750][T16305]  ? kasan_save_track+0x4f/0x80
[  736.265770][T16305]  ? kasan_save_track+0x3e/0x80
[  736.265788][T16305]  ? kasan_save_free_info+0x46/0x50
[  736.265805][T16305]  ? __kasan_slab_free+0x62/0x70
[  736.265816][T16305]  ? kfree+0x18e/0x440
[  736.265837][T16305]  ? tomoyo_path_number_perm+0x47a/0x5a0
[  736.265852][T16305]  ? security_file_ioctl+0xcb/0x2d0
[  736.265866][T16305]  ? __se_sys_ioctl+0x47/0x170
[  736.265884][T16305]  ? do_syscall_64+0xfa/0x3b0
[  736.265898][T16305]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  736.265932][T16305]  ? __pfx_binder_debug+0x10/0x10
[  736.265953][T16305]  ? do_raw_spin_lock+0x121/0x290
[  736.265986][T16305]  ? _raw_spin_unlock+0x28/0x50
[  736.266010][T16305]  ? binder_get_thread+0x178/0x6d0
[  736.266039][T16305]  binder_ioctl+0x3e0/0x19c0
[  736.266059][T16305]  ? tomoyo_path_number_perm+0x1bc/0x5a0
[  736.266075][T16305]  ? tomoyo_path_number_perm+0x1bc/0x5a0
[  736.266090][T16305]  ? tomoyo_path_number_perm+0x4e2/0x5a0
[  736.266103][T16305]  ? tomoyo_path_number_perm+0x1bc/0x5a0
[  736.266118][T16305]  ? __pfx_binder_ioctl+0x10/0x10
[  736.266136][T16305]  ? smack_log+0xef/0x3f0
[  736.266156][T16305]  ? __pfx_smack_log+0x10/0x10
[  736.266175][T16305]  ? smk_access+0x14c/0x4e0
[  736.266199][T16305]  ? smk_tskacc+0x2fc/0x370
[  736.266222][T16305]  ? smack_file_ioctl+0x2a9/0x340
[  736.266238][T16305]  ? __pfx_smack_file_ioctl+0x10/0x10
[  736.266260][T16305]  ? __fget_files+0x2a/0x420
[  736.266276][T16305]  ? __fget_files+0x3a0/0x420
[  736.266291][T16305]  ? __fget_files+0x2a/0x420
[  736.266309][T16305]  ? bpf_lsm_file_ioctl+0x9/0x20
[  736.266334][T16305]  ? __pfx_binder_ioctl+0x10/0x10
[  736.266355][T16305]  __se_sys_ioctl+0xfc/0x170
[  736.266378][T16305]  do_syscall_64+0xfa/0x3b0
[  736.266394][T16305]  ? lockdep_hardirqs_on+0x9c/0x150
[  736.266411][T16305]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  736.266425][T16305]  ? clear_bhb_loop+0x60/0xb0
[  736.266442][T16305]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  736.266456][T16305] RIP: 0033:0x7ff7ec78ebe9
[  736.266471][T16305] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  736.266484][T16305] RSP: 002b:00007ff7ed526038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  736.266500][T16305] RAX: ffffffffffffffda RBX: 00007ff7ec9b5fa0 RCX: 00007ff7ec78ebe9
[  736.266512][T16305] RDX: 0000200000000300 RSI: 00000000c0306201 RDI: 0000000000000004
[  736.266522][T16305] RBP: 00007ff7ed526090 R08: 0000000000000000 R09: 0000000000000000
[  736.266531][T16305] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  736.266540][T16305] R13: 00007ff7ec9b6038 R14: 00007ff7ec9b5fa0 R15: 00007ffe20a04998
[  736.266565][T16305]  </TASK>
[  736.702944][T16176] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  736.743377][  T977] usb 2-1: Using ep0 maxpacket: 8
[  736.758141][  T977] usb 2-1: New USB device found, idVendor=05dc, idProduct=0001, bcdDevice= 0.01
[  736.767491][  T977] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  736.782093][  T977] usb 2-1: config 0 descriptor??
[  736.787465][    T9] usb 5-1: new high-speed USB device number 68 using dummy_hcd
[  736.799064][  T977] ums-jumpshot 2-1:0.0: USB Mass Storage device detected
[  736.822468][  T977] ums-jumpshot 2-1:0.0: Quirks match for vid 05dc pid 0001: 2
[  736.826624][T16176] team0: Port device team_slave_0 added
[  736.945592][T16312] openvswitch: netlink: Either Ethernet header or EtherType is required.
[  736.945798][T16313] openvswitch: netlink: Either Ethernet header or EtherType is required.
[  736.996504][T16176] team0: Port device team_slave_1 added
[  736.998316][   T43] usb 2-1: USB disconnect, device number 81
[  737.105089][T16176] batman_adv: batadv0: Adding interface: batadv_slave_0
[  737.112184][T16176] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  737.144922][T16176] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  737.155626][    C0] vcan0: j1939_tp_rxtimer: 0xffff888057f03c00: rx timeout, send abort
[  737.164398][    C0] vcan0: j1939_xtp_rx_abort_one: 0xffff888057f03c00: 0x40000: (3) A timeout occurred and this is the connection abort to close the session.
[  737.188355][T16176] batman_adv: batadv0: Adding interface: batadv_slave_1
[  737.196548][T16176] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  737.227851][T16176] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  737.273466][ T5840] Bluetooth: hci0: command tx timeout
[  737.299449][T16325] netlink: 12 bytes leftover after parsing attributes in process `syz.4.2952'.
[  737.379291][T16176] hsr_slave_0: entered promiscuous mode
[  737.387859][T16176] hsr_slave_1: entered promiscuous mode
[  737.395176][T16176] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  737.405807][T16176] Cannot create hsr debugfs directory
[  737.411576][T16325] netlink: 'syz.4.2952': attribute type 1 has an invalid length.
[  737.427189][ T3469] hsr_slave_0: left promiscuous mode
[  737.435716][ T3469] hsr_slave_1: left promiscuous mode
[  737.475332][ T3469] veth1_vlan: left promiscuous mode
[  737.481897][ T3469] veth0_vlan: left promiscuous mode
[  737.487315][T16327] netlink: 12 bytes leftover after parsing attributes in process `syz.4.2953'.
[  737.585550][T16331] FAULT_INJECTION: forcing a failure.
[  737.585550][T16331] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  737.610193][T16331] CPU: 1 UID: 0 PID: 16331 Comm: syz.4.2953 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) 
[  737.610237][T16331] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  737.610249][T16331] Call Trace:
[  737.610257][T16331]  <TASK>
[  737.610267][T16331]  dump_stack_lvl+0x189/0x250
[  737.610293][T16331]  ? __pfx____ratelimit+0x10/0x10
[  737.610315][T16331]  ? __pfx_dump_stack_lvl+0x10/0x10
[  737.610337][T16331]  ? __pfx__printk+0x10/0x10
[  737.610363][T16331]  ? __might_fault+0xb0/0x130
[  737.610393][T16331]  should_fail_ex+0x414/0x560
[  737.610418][T16331]  _copy_from_user+0x2d/0xb0
[  737.610444][T16331]  ___sys_sendmsg+0x158/0x2a0
[  737.610475][T16331]  ? __pfx____sys_sendmsg+0x10/0x10
[  737.610537][T16331]  ? __fget_files+0x2a/0x420
[  737.610556][T16331]  ? __fget_files+0x3a0/0x420
[  737.610584][T16331]  __x64_sys_sendmsg+0x19b/0x260
[  737.610614][T16331]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  737.610652][T16331]  ? __pfx_ksys_write+0x10/0x10
[  737.610676][T16331]  ? do_syscall_64+0xbe/0x3b0
[  737.610701][T16331]  do_syscall_64+0xfa/0x3b0
[  737.610720][T16331]  ? lockdep_hardirqs_on+0x9c/0x150
[  737.610740][T16331]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  737.610758][T16331]  ? clear_bhb_loop+0x60/0xb0
[  737.610781][T16331]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  737.610799][T16331] RIP: 0033:0x7f158338ebe9
[  737.610815][T16331] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  737.610830][T16331] RSP: 002b:00007f15841e7038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  737.610849][T16331] RAX: ffffffffffffffda RBX: 00007f15835b6180 RCX: 00007f158338ebe9
[  737.610863][T16331] RDX: 0000000000004000 RSI: 0000200000000200 RDI: 0000000000000003
[  737.610875][T16331] RBP: 00007f15841e7090 R08: 0000000000000000 R09: 0000000000000000
[  737.610887][T16331] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  737.610898][T16331] R13: 00007f15835b6218 R14: 00007f15835b6180 R15: 00007ffe9e7528d8
[  737.610929][T16331]  </TASK>
[  737.869719][T16333] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2955'.
[  738.001322][T16340] FAULT_INJECTION: forcing a failure.
[  738.001322][T16340] name failslab, interval 1, probability 0, space 0, times 0
[  738.016379][T16340] CPU: 0 UID: 0 PID: 16340 Comm: syz.0.2957 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) 
[  738.016406][T16340] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  738.016419][T16340] Call Trace:
[  738.016426][T16340]  <TASK>
[  738.016435][T16340]  dump_stack_lvl+0x189/0x250
[  738.016461][T16340]  ? __pfx____ratelimit+0x10/0x10
[  738.016482][T16340]  ? __pfx_dump_stack_lvl+0x10/0x10
[  738.016504][T16340]  ? __pfx__printk+0x10/0x10
[  738.016536][T16340]  ? __pfx___might_resched+0x10/0x10
[  738.016555][T16340]  ? fs_reclaim_acquire+0x7d/0x100
[  738.016584][T16340]  should_fail_ex+0x414/0x560
[  738.016610][T16340]  should_failslab+0xa8/0x100
[  738.016634][T16340]  __kmalloc_cache_noprof+0x70/0x3d0
[  738.016653][T16340]  ? binder_transaction+0x181e/0x6470
[  738.016689][T16340]  binder_transaction+0x181e/0x6470
[  738.016717][T16340]  ? ima_match_policy+0x10b/0x2150
[  738.016747][T16340]  ? register_lock_class+0x51/0x320
[  738.016783][T16340]  ? __lock_acquire+0xab9/0xd20
[  738.016826][T16340]  ? __lock_acquire+0xab9/0xd20
[  738.016849][T16340]  ? __pfx_binder_transaction+0x10/0x10
[  738.016885][T16340]  ? __lock_acquire+0xab9/0xd20
[  738.016915][T16340]  ? __might_fault+0xb0/0x130
[  738.016960][T16340]  binder_ioctl_write_read+0xd6a/0xa000
[  738.017003][T16340]  ? is_bpf_text_address+0x26/0x2b0
[  738.017026][T16340]  ? kernel_text_address+0xa5/0xe0
[  738.017059][T16340]  ? __pfx_stack_trace_consume_entry+0x10/0x10
[  738.017099][T16340]  ? __pfx_binder_ioctl_write_read+0x10/0x10
[  738.017125][T16340]  ? stack_trace_save+0x9c/0xe0
[  738.017152][T16340]  ? stack_depot_save_flags+0x40/0x900
[  738.017189][T16340]  ? kasan_save_track+0x4f/0x80
[  738.017216][T16340]  ? kasan_save_track+0x3e/0x80
[  738.017241][T16340]  ? kasan_save_free_info+0x46/0x50
[  738.017264][T16340]  ? __kasan_slab_free+0x62/0x70
[  738.017280][T16340]  ? kfree+0x18e/0x440
[  738.017305][T16340]  ? tomoyo_path_number_perm+0x47a/0x5a0
[  738.017324][T16340]  ? security_file_ioctl+0xcb/0x2d0
[  738.017344][T16340]  ? __se_sys_ioctl+0x47/0x170
[  738.017369][T16340]  ? do_syscall_64+0xfa/0x3b0
[  738.017389][T16340]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  738.017430][T16340]  ? __pfx_binder_debug+0x10/0x10
[  738.017456][T16340]  ? do_raw_spin_lock+0x121/0x290
[  738.017499][T16340]  ? _raw_spin_unlock+0x28/0x50
[  738.017527][T16340]  ? binder_get_thread+0x178/0x6d0
[  738.017560][T16340]  binder_ioctl+0x3e0/0x19c0
[  738.017587][T16340]  ? tomoyo_path_number_perm+0x1bc/0x5a0
[  738.017609][T16340]  ? tomoyo_path_number_perm+0x1bc/0x5a0
[  738.017630][T16340]  ? tomoyo_path_number_perm+0x4e2/0x5a0
[  738.017649][T16340]  ? tomoyo_path_number_perm+0x1bc/0x5a0
[  738.017670][T16340]  ? __pfx_binder_ioctl+0x10/0x10
[  738.017695][T16340]  ? smack_log+0xef/0x3f0
[  738.017722][T16340]  ? __pfx_smack_log+0x10/0x10
[  738.017749][T16340]  ? smk_access+0x14c/0x4e0
[  738.017782][T16340]  ? smk_tskacc+0x2fc/0x370
[  738.017813][T16340]  ? smack_file_ioctl+0x2a9/0x340
[  738.017835][T16340]  ? __pfx_smack_file_ioctl+0x10/0x10
[  738.017865][T16340]  ? __fget_files+0x2a/0x420
[  738.017885][T16340]  ? __fget_files+0x3a0/0x420
[  738.017905][T16340]  ? __fget_files+0x2a/0x420
[  738.017930][T16340]  ? bpf_lsm_file_ioctl+0x9/0x20
[  738.017953][T16340]  ? __pfx_binder_ioctl+0x10/0x10
[  738.017980][T16340]  __se_sys_ioctl+0xfc/0x170
[  738.018010][T16340]  do_syscall_64+0xfa/0x3b0
[  738.018031][T16340]  ? lockdep_hardirqs_on+0x9c/0x150
[  738.018051][T16340]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  738.018070][T16340]  ? clear_bhb_loop+0x60/0xb0
[  738.018093][T16340]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  738.018113][T16340] RIP: 0033:0x7fa3d1b8ebe9
[  738.018131][T16340] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  738.018148][T16340] RSP: 002b:00007fa3d2a41038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  738.018179][T16340] RAX: ffffffffffffffda RBX: 00007fa3d1db5fa0 RCX: 00007fa3d1b8ebe9
[  738.018194][T16340] RDX: 0000200000000300 RSI: 00000000c0306201 RDI: 0000000000000004
[  738.018207][T16340] RBP: 00007fa3d2a41090 R08: 0000000000000000 R09: 0000000000000000
[  738.018219][T16340] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  738.018231][T16340] R13: 00007fa3d1db6038 R14: 00007fa3d1db5fa0 R15: 00007fff45d6a378
[  738.018264][T16340]  </TASK>
[  738.840196][ T5846] usb 1-1: new full-speed USB device number 75 using dummy_hcd
[  738.884344][ T3469] team0 (unregistering): Port device team_slave_1 removed
[  738.950080][ T3469] team0 (unregistering): Port device team_slave_0 removed
[  738.999266][ T5846] usb 1-1: config 0 has an invalid interface number: 214 but max is 0
[  739.009326][ T5846] usb 1-1: config 0 has no interface number 0
[  739.017036][ T5846] usb 1-1: config 0 interface 214 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 10
[  739.028348][ T5846] usb 1-1: config 0 interface 214 altsetting 0 endpoint 0x83 has invalid wMaxPacketSize 0
[  739.041728][ T5846] usb 1-1: New USB device found, idVendor=0596, idProduct=0001, bcdDevice= 5.f5
[  739.051177][ T5846] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  739.060379][ T5846] usb 1-1: Product: syz
[  739.067152][ T5846] usb 1-1: Manufacturer: syz
[  739.071794][ T5846] usb 1-1: SerialNumber: syz
[  739.079270][ T5846] usb 1-1: config 0 descriptor??
[  739.708273][T16339] netlink: 'syz.2.2955': attribute type 1 has an invalid length.
[  739.724855][ T5846] usbtouchscreen 1-1:0.214: Failed to read FW rev: -71
[  739.732050][ T5846] usbtouchscreen 1-1:0.214: probe with driver usbtouchscreen failed with error -71
[  739.776657][ T5846] usb 1-1: USB disconnect, device number 75
[  739.828464][T16354] random: crng reseeded on system resumption
[  740.223583][  T977] usb 2-1: new high-speed USB device number 82 using dummy_hcd
[  740.249360][ T3469] IPVS: stop unused estimator thread 0...
[  740.393637][  T977] usb 2-1: Using ep0 maxpacket: 8
[  740.411556][  T977] usb 2-1: config 0 has an invalid interface number: 46 but max is 0
[  740.479804][  T977] usb 2-1: config 0 has no interface number 0
[  740.585492][  T977] usb 2-1: config 0 interface 46 has no altsetting 0
[  740.606322][  T977] usb 2-1: New USB device found, idVendor=2c42, idProduct=16f8, bcdDevice=f3.33
[  740.624537][  T977] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  740.649613][  T977] usb 2-1: Product: syz
[  740.659844][  T977] usb 2-1: Manufacturer: syz
[  740.669076][  T977] usb 2-1: SerialNumber: syz
[  740.689527][  T977] usb 2-1: config 0 descriptor??
[  740.924964][  T977] f81534a_ctrl 2-1:0.46: failed to set register 0x116: -5
[  740.954547][  T977] f81534a_ctrl 2-1:0.46: failed to enable ports: -5
[  740.978114][  T977] f81534a_ctrl 2-1:0.46: probe with driver f81534a_ctrl failed with error -5
[  741.035144][  T977] usb 2-1: USB disconnect, device number 82
[  741.231810][T16176] netdevsim netdevsim5 netdevsim0: renamed from eth0
[  741.274448][T16176] netdevsim netdevsim5 netdevsim1: renamed from eth1
[  741.309163][T16176] netdevsim netdevsim5 netdevsim2: renamed from eth2
[  741.349950][T16176] netdevsim netdevsim5 netdevsim3: renamed from eth3
[  741.409668][T16374] syzkaller1: entered promiscuous mode
[  741.417052][T16374] syzkaller1: entered allmulticast mode
[  741.522879][T16382] FAULT_INJECTION: forcing a failure.
[  741.522879][T16382] name failslab, interval 1, probability 0, space 0, times 0
[  741.560099][T16382] CPU: 1 UID: 0 PID: 16382 Comm: syz.1.2967 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) 
[  741.560129][T16382] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  741.560142][T16382] Call Trace:
[  741.560151][T16382]  <TASK>
[  741.560160][T16382]  dump_stack_lvl+0x189/0x250
[  741.560187][T16382]  ? __pfx____ratelimit+0x10/0x10
[  741.560209][T16382]  ? __pfx_dump_stack_lvl+0x10/0x10
[  741.560230][T16382]  ? __pfx__printk+0x10/0x10
[  741.560261][T16382]  ? __pfx___might_resched+0x10/0x10
[  741.560282][T16382]  ? fs_reclaim_acquire+0x7d/0x100
[  741.560310][T16382]  should_fail_ex+0x414/0x560
[  741.560337][T16382]  should_failslab+0xa8/0x100
[  741.560360][T16382]  __kmalloc_cache_noprof+0x70/0x3d0
[  741.560380][T16382]  ? binder_transaction+0x181e/0x6470
[  741.560415][T16382]  binder_transaction+0x181e/0x6470
[  741.560483][T16382]  ? __lock_acquire+0xab9/0xd20
[  741.560507][T16382]  ? __pfx_binder_transaction+0x10/0x10
[  741.560543][T16382]  ? __lock_acquire+0xab9/0xd20
[  741.560572][T16382]  ? __might_fault+0xb0/0x130
[  741.560613][T16382]  binder_ioctl_write_read+0xd6a/0xa000
[  741.560656][T16382]  ? is_bpf_text_address+0x26/0x2b0
[  741.560680][T16382]  ? kernel_text_address+0xa5/0xe0
[  741.560712][T16382]  ? __pfx_stack_trace_consume_entry+0x10/0x10
[  741.560750][T16382]  ? __pfx_binder_ioctl_write_read+0x10/0x10
[  741.560777][T16382]  ? stack_trace_save+0x9c/0xe0
[  741.560804][T16382]  ? stack_depot_save_flags+0x40/0x900
[  741.560835][T16382]  ? kasan_save_track+0x4f/0x80
[  741.560868][T16382]  ? kasan_save_track+0x3e/0x80
[  741.560893][T16382]  ? kasan_save_free_info+0x46/0x50
[  741.560917][T16382]  ? __kasan_slab_free+0x62/0x70
[  741.560933][T16382]  ? kfree+0x18e/0x440
[  741.560959][T16382]  ? tomoyo_path_number_perm+0x47a/0x5a0
[  741.560979][T16382]  ? security_file_ioctl+0xcb/0x2d0
[  741.560999][T16382]  ? __se_sys_ioctl+0x47/0x170
[  741.561024][T16382]  ? do_syscall_64+0xfa/0x3b0
[  741.561045][T16382]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  741.561086][T16382]  ? __pfx_binder_debug+0x10/0x10
[  741.561111][T16382]  ? do_raw_spin_lock+0x121/0x290
[  741.561154][T16382]  ? _raw_spin_unlock+0x28/0x50
[  741.561182][T16382]  ? binder_get_thread+0x178/0x6d0
[  741.561215][T16382]  binder_ioctl+0x3e0/0x19c0
[  741.561242][T16382]  ? tomoyo_path_number_perm+0x1bc/0x5a0
[  741.561265][T16382]  ? tomoyo_path_number_perm+0x1bc/0x5a0
[  741.561286][T16382]  ? tomoyo_path_number_perm+0x4e2/0x5a0
[  741.561306][T16382]  ? tomoyo_path_number_perm+0x1bc/0x5a0
[  741.561328][T16382]  ? __pfx_binder_ioctl+0x10/0x10
[  741.561353][T16382]  ? smack_log+0xef/0x3f0
[  741.561381][T16382]  ? __pfx_smack_log+0x10/0x10
[  741.561409][T16382]  ? smk_access+0x14c/0x4e0
[  741.561442][T16382]  ? smk_tskacc+0x2fc/0x370
[  741.561474][T16382]  ? smack_file_ioctl+0x2a9/0x340
[  741.561496][T16382]  ? __pfx_smack_file_ioctl+0x10/0x10
[  741.561526][T16382]  ? __fget_files+0x2a/0x420
[  741.561547][T16382]  ? __fget_files+0x3a0/0x420
[  741.561567][T16382]  ? __fget_files+0x2a/0x420
[  741.561592][T16382]  ? bpf_lsm_file_ioctl+0x9/0x20
[  741.561615][T16382]  ? __pfx_binder_ioctl+0x10/0x10
[  741.561642][T16382]  __se_sys_ioctl+0xfc/0x170
[  741.561673][T16382]  do_syscall_64+0xfa/0x3b0
[  741.561694][T16382]  ? lockdep_hardirqs_on+0x9c/0x150
[  741.561714][T16382]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  741.561734][T16382]  ? clear_bhb_loop+0x60/0xb0
[  741.561758][T16382]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  741.561778][T16382] RIP: 0033:0x7fda1eb8ebe9
[  741.561796][T16382] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  741.561813][T16382] RSP: 002b:00007fda1f973038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  741.561834][T16382] RAX: ffffffffffffffda RBX: 00007fda1edb5fa0 RCX: 00007fda1eb8ebe9
[  741.561857][T16382] RDX: 0000200000000300 RSI: 00000000c0306201 RDI: 0000000000000004
[  741.561871][T16382] RBP: 00007fda1f973090 R08: 0000000000000000 R09: 0000000000000000
[  741.561883][T16382] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  741.561896][T16382] R13: 00007fda1edb6038 R14: 00007fda1edb5fa0 R15: 00007ffdf03fbec8
[  741.561928][T16382]  </TASK>
[  741.984809][T16176] 8021q: adding VLAN 0 to HW filter on device bond0
[  742.005140][T16176] 8021q: adding VLAN 0 to HW filter on device team0
[  742.037074][ T6527] bridge0: port 1(bridge_slave_0) entered blocking state
[  742.044362][ T6527] bridge0: port 1(bridge_slave_0) entered forwarding state
[  742.094847][ T6527] bridge0: port 2(bridge_slave_1) entered blocking state
[  742.102245][ T6527] bridge0: port 2(bridge_slave_1) entered forwarding state
[  742.148032][T16392] netlink: 16 bytes leftover after parsing attributes in process `syz.0.2969'.
[  742.192888][T16392] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2969'.
[  742.680397][T16392] macvlan3: entered promiscuous mode
[  742.692310][T16392] bond0: entered promiscuous mode
[  742.698681][T16392] bond_slave_0: entered promiscuous mode
[  742.720975][T16392] bond_slave_1: entered promiscuous mode
[  742.729114][T16392] 8021q: adding VLAN 0 to HW filter on device macvlan3
[  744.006556][T16413] trusted_key: encrypted_key: insufficient parameters specified
[  744.400794][T16176] 8021q: adding VLAN 0 to HW filter on device batadv0
[  744.411666][T16416] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2974'.
[  744.851202][T16431] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  744.873082][T16431] binder: BINDER_SET_CONTEXT_MGR already set
[  744.879227][T16431] binder: 16419:16431 ioctl 4018620d 200000000240 returned -16
[  745.386568][T16436] netfs: Couldn't get user pages (rc=-14)
[  745.433852][T16430] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off.
[  745.554097][T16439] FAULT_INJECTION: forcing a failure.
[  745.554097][T16439] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  745.568637][T16439] CPU: 1 UID: 0 PID: 16439 Comm: syz.0.2980 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) 
[  745.568664][T16439] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  745.568676][T16439] Call Trace:
[  745.568685][T16439]  <TASK>
[  745.568693][T16439]  dump_stack_lvl+0x189/0x250
[  745.568721][T16439]  ? __pfx____ratelimit+0x10/0x10
[  745.568742][T16439]  ? __pfx_dump_stack_lvl+0x10/0x10
[  745.568764][T16439]  ? __pfx__printk+0x10/0x10
[  745.568792][T16439]  ? __pfx_binder_debug+0x10/0x10
[  745.568829][T16439]  should_fail_ex+0x414/0x560
[  745.568855][T16439]  _copy_to_user+0x31/0xb0
[  745.568884][T16439]  binder_ioctl_write_read+0x9517/0xa000
[  745.568927][T16439]  ? is_bpf_text_address+0x26/0x2b0
[  745.568951][T16439]  ? kernel_text_address+0xa5/0xe0
[  745.568982][T16439]  ? __pfx_stack_trace_consume_entry+0x10/0x10
[  745.569020][T16439]  ? __pfx_binder_ioctl_write_read+0x10/0x10
[  745.569042][T16439]  ? stack_trace_save+0x9c/0xe0
[  745.569066][T16439]  ? stack_depot_save_flags+0x40/0x900
[  745.569093][T16439]  ? kasan_save_track+0x4f/0x80
[  745.569116][T16439]  ? kasan_save_track+0x3e/0x80
[  745.569139][T16439]  ? kasan_save_free_info+0x46/0x50
[  745.569158][T16439]  ? __kasan_slab_free+0x62/0x70
[  745.569171][T16439]  ? kfree+0x18e/0x440
[  745.569193][T16439]  ? tomoyo_path_number_perm+0x47a/0x5a0
[  745.569209][T16439]  ? security_file_ioctl+0xcb/0x2d0
[  745.569225][T16439]  ? __se_sys_ioctl+0x47/0x170
[  745.569246][T16439]  ? do_syscall_64+0xfa/0x3b0
[  745.569263][T16439]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  745.569297][T16439]  ? __pfx_binder_debug+0x10/0x10
[  745.569317][T16439]  ? do_raw_spin_lock+0x121/0x290
[  745.569352][T16439]  ? _raw_spin_unlock+0x28/0x50
[  745.569375][T16439]  ? binder_get_thread+0x178/0x6d0
[  745.569401][T16439]  binder_ioctl+0x3e0/0x19c0
[  745.569425][T16439]  ? tomoyo_path_number_perm+0x1bc/0x5a0
[  745.569443][T16439]  ? tomoyo_path_number_perm+0x1bc/0x5a0
[  745.569459][T16439]  ? tomoyo_path_number_perm+0x4e2/0x5a0
[  745.569475][T16439]  ? tomoyo_path_number_perm+0x1bc/0x5a0
[  745.569500][T16439]  ? __pfx_binder_ioctl+0x10/0x10
[  745.569521][T16439]  ? smack_log+0xef/0x3f0
[  745.569545][T16439]  ? __pfx_smack_log+0x10/0x10
[  745.569567][T16439]  ? smk_access+0x14c/0x4e0
[  745.569595][T16439]  ? smk_tskacc+0x2fc/0x370
[  745.569621][T16439]  ? smack_file_ioctl+0x2a9/0x340
[  745.569638][T16439]  ? __pfx_smack_file_ioctl+0x10/0x10
[  745.569662][T16439]  ? __fget_files+0x2a/0x420
[  745.569679][T16439]  ? __fget_files+0x3a0/0x420
[  745.569696][T16439]  ? __fget_files+0x2a/0x420
[  745.569719][T16439]  ? bpf_lsm_file_ioctl+0x9/0x20
[  745.569738][T16439]  ? __pfx_binder_ioctl+0x10/0x10
[  745.569761][T16439]  __se_sys_ioctl+0xfc/0x170
[  745.569786][T16439]  do_syscall_64+0xfa/0x3b0
[  745.569803][T16439]  ? lockdep_hardirqs_on+0x9c/0x150
[  745.569819][T16439]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  745.569835][T16439]  ? clear_bhb_loop+0x60/0xb0
[  745.569854][T16439]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  745.569870][T16439] RIP: 0033:0x7fa3d1b8ebe9
[  745.569885][T16439] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  745.569900][T16439] RSP: 002b:00007fa3d2a41038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  745.569919][T16439] RAX: ffffffffffffffda RBX: 00007fa3d1db5fa0 RCX: 00007fa3d1b8ebe9
[  745.569931][T16439] RDX: 0000200000000300 RSI: 00000000c0306201 RDI: 0000000000000004
[  745.569942][T16439] RBP: 00007fa3d2a41090 R08: 0000000000000000 R09: 0000000000000000
[  745.569953][T16439] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  745.569963][T16439] R13: 00007fa3d1db6038 R14: 00007fa3d1db5fa0 R15: 00007fff45d6a378
[  745.569989][T16439]  </TASK>
[  745.570001][T16439] binder: 16438:16439 ioctl c0306201 200000000300 returned -14
[  746.273754][T16176] veth0_vlan: entered promiscuous mode
[  746.823244][T16176] veth1_vlan: entered promiscuous mode
[  747.201982][T16176] veth0_macvtap: entered promiscuous mode
[  747.203795][ T1301] ieee802154 phy1 wpan1: encryption failed: -22
[  747.267706][T16176] veth1_macvtap: entered promiscuous mode
[  747.360515][T16176] batman_adv: batadv0: Interface activated: batadv_slave_0
[  747.417272][T16176] batman_adv: batadv0: Interface activated: batadv_slave_1
[  747.483689][T16176] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  747.501966][T16176] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  747.511211][T16176] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  747.520991][T16176] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  747.713276][ T3510] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  747.755747][ T3510] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  747.892810][T16465] trusted_key: encrypted_key: insufficient parameters specified
[  748.593052][ T3469] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  748.619788][ T3469] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  748.622600][T16467] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2988'.
[  749.822750][T16486] FAULT_INJECTION: forcing a failure.
[  749.822750][T16486] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  749.858597][T16486] CPU: 1 UID: 0 PID: 16486 Comm: syz.2.2992 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) 
[  749.858627][T16486] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  749.858640][T16486] Call Trace:
[  749.858649][T16486]  <TASK>
[  749.858659][T16486]  dump_stack_lvl+0x189/0x250
[  749.858688][T16486]  ? __pfx____ratelimit+0x10/0x10
[  749.858710][T16486]  ? __pfx_dump_stack_lvl+0x10/0x10
[  749.858734][T16486]  ? __pfx__printk+0x10/0x10
[  749.858773][T16486]  should_fail_ex+0x414/0x560
[  749.858800][T16486]  _copy_to_user+0x31/0xb0
[  749.858830][T16486]  simple_read_from_buffer+0xe1/0x170
[  749.858856][T16486]  proc_fail_nth_read+0x1df/0x250
[  749.858884][T16486]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  749.858910][T16486]  ? rw_verify_area+0x258/0x650
[  749.858939][T16486]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  749.858964][T16486]  vfs_read+0x200/0x980
[  749.859012][T16486]  ? __pfx___mutex_lock+0x10/0x10
[  749.859035][T16486]  ? __pfx_vfs_read+0x10/0x10
[  749.859066][T16486]  ? __fget_files+0x2a/0x420
[  749.859090][T16486]  ? __fget_files+0x3a0/0x420
[  749.859110][T16486]  ? __fget_files+0x2a/0x420
[  749.859141][T16486]  ksys_read+0x145/0x250
[  749.859159][T16486]  ? __fget_files+0x3a0/0x420
[  749.859182][T16486]  ? __pfx_ksys_read+0x10/0x10
[  749.859204][T16486]  ? do_syscall_64+0xbe/0x3b0
[  749.859230][T16486]  do_syscall_64+0xfa/0x3b0
[  749.859250][T16486]  ? lockdep_hardirqs_on+0x9c/0x150
[  749.859271][T16486]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  749.859291][T16486]  ? clear_bhb_loop+0x60/0xb0
[  749.859316][T16486]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  749.859335][T16486] RIP: 0033:0x7ff7ec78d5fc
[  749.859353][T16486] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[  749.859371][T16486] RSP: 002b:00007ff7ed526030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  749.859392][T16486] RAX: ffffffffffffffda RBX: 00007ff7ec9b5fa0 RCX: 00007ff7ec78d5fc
[  749.859407][T16486] RDX: 000000000000000f RSI: 00007ff7ed5260a0 RDI: 0000000000000006
[  749.859421][T16486] RBP: 00007ff7ed526090 R08: 0000000000000000 R09: 0000000000000000
[  749.859435][T16486] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  749.859448][T16486] R13: 00007ff7ec9b6038 R14: 00007ff7ec9b5fa0 R15: 00007ffe20a04998
[  749.859480][T16486]  </TASK>
[  750.233497][T16496] netlink: 48 bytes leftover after parsing attributes in process `syz.1.2994'.
[  750.797067][T16490] netfs: Couldn't get user pages (rc=-14)
[  751.080395][T16516] trusted_key: encrypted_key: insufficient parameters specified
[  752.995212][ T5170] usb 2-1: new low-speed USB device number 83 using dummy_hcd
[  753.059712][ T5917] hid (null): unknown global tag 0xc
[  753.082969][ T5917] hid-generic C990:0003:007F.001B: collection stack underflow
[  753.101876][ T5917] hid-generic C990:0003:007F.001B: item 0 2 0 12 parsing failed
[  753.110788][ T5917] hid-generic C990:0003:007F.001B: probe with driver hid-generic failed with error -22
[  753.308749][ T5170] usb 2-1: No LPM exit latency info found, disabling LPM.
[  753.318228][ T5170] usb 2-1: config 1 contains an unexpected descriptor of type 0x1, skipping
[  753.327265][ T5170] usb 2-1: config 1 has an invalid descriptor of length 1, skipping remainder of the config
[  753.337420][ T5170] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 3
[  753.350260][ T5170] usb 2-1: string descriptor 0 read error: -22
[  753.357605][ T5170] usb 2-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  753.366752][ T5170] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  753.453054][T16564] trusted_key: encrypted_key: insufficient parameters specified
[  753.892098][ T5170] usb 2-1: 0:2 : does not exist
[  753.935374][T14837] usb 3-1: new high-speed USB device number 70 using dummy_hcd
[  754.109089][    T9] usb 2-1: USB disconnect, device number 83
[  754.185551][T14837] usb 3-1: Using ep0 maxpacket: 8
[  754.192452][T14837] usb 3-1: New USB device found, idVendor=05dc, idProduct=0001, bcdDevice= 0.01
[  754.201645][T14837] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  754.211491][T14837] usb 3-1: config 0 descriptor??
[  754.220293][T14837] ums-jumpshot 3-1:0.0: USB Mass Storage device detected
[  754.229633][T14837] ums-jumpshot 3-1:0.0: Quirks match for vid 05dc pid 0001: 2
[  754.335404][ T5917] usb 6-1: new full-speed USB device number 5 using dummy_hcd
[  754.422477][    T9] usb 3-1: USB disconnect, device number 70
[  754.499090][ T5917] usb 6-1: config 0 has an invalid interface number: 93 but max is 0
[  754.507733][ T5917] usb 6-1: config 0 has no interface number 0
[  754.516416][ T5917] usb 6-1: New USB device found, idVendor=10b8, idProduct=1bb4, bcdDevice=34.65
[  754.525865][ T5917] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  754.533928][ T5917] usb 6-1: Product: syz
[  754.538231][ T5917] usb 6-1: Manufacturer: syz
[  754.542875][ T5917] usb 6-1: SerialNumber: syz
[  754.551321][ T5917] usb 6-1: config 0 descriptor??
[  754.764754][ T5917] dvb-usb: found a 'DiBcom TFE7090PVR reference design' in cold state, will try to load a firmware
[  754.788148][ T5917] dvb-usb: downloading firmware from file 'dvb-usb-dib0700-1.20.fw'
[  754.808717][T16580] netfs: Couldn't get user pages (rc=-14)
[  754.822082][ T5917] dib0700: firmware download failed at 7 with -22
[  754.860225][ T5917] usb 6-1: USB disconnect, device number 5
[  755.175495][T14837] usb 5-1: new full-speed USB device number 69 using dummy_hcd
[  755.345374][ T5846] usb 3-1: new high-speed USB device number 71 using dummy_hcd
[  755.357625][T14837] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  755.378759][T14837] usb 5-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFC, changing to 0x8C
[  755.400691][T14837] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x8C has an invalid bInterval 0, changing to 10
[  755.422538][T14837] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x8C has invalid maxpacket 212, setting to 64
[  755.454464][T14837] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  755.505748][ T5846] usb 3-1: device descriptor read/64, error -71
[  755.533062][T14837] usb 5-1: New USB device found, idVendor=045e, idProduct=0284, bcdDevice=a4.8f
[  755.544982][T14837] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  755.581024][T14837] usb 5-1: Product: syz
[  755.594423][T14837] usb 5-1: Manufacturer: syz
[  755.608290][T14837] usb 5-1: SerialNumber: syz
[  755.627672][T14837] usb 5-1: config 0 descriptor??
[  755.634302][T16583] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22
[  755.775358][T14837] rc_core: IR keymap rc-xbox-dvd not found
[  755.789171][T14837] Registered IR keymap rc-empty
[  755.798069][ T5846] usb 3-1: new high-speed USB device number 72 using dummy_hcd
[  755.817235][T14837] rc rc0: syz syz as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/rc/rc0
[  755.856320][T14837] input: syz syz as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/rc/rc0/input49
[  755.944139][T14837] usb 5-1: USB disconnect, device number 69
[  755.950333][    C1] xbox_remote 5-1:0.0: xbox_remote_irq_in: usb_submit_urb()=-19
[  755.960023][ T5846] usb 3-1: device descriptor read/64, error -71
[  756.088366][ T5846] usb usb3-port1: attempt power cycle
[  756.328659][T16607] fuse: Unknown parameter 'ÿÿÿÿ0x0000000000000006'
[  756.445574][ T5846] usb 3-1: new high-speed USB device number 73 using dummy_hcd
[  756.476179][ T5846] usb 3-1: device descriptor read/8, error -71
[  756.502342][T16618] netlink: 12 bytes leftover after parsing attributes in process `syz.4.3031'.
[  756.535586][T16618] netlink: 'syz.4.3031': attribute type 1 has an invalid length.
[  756.544461][T16618] FAULT_INJECTION: forcing a failure.
[  756.544461][T16618] name failslab, interval 1, probability 0, space 0, times 0
[  756.557473][T16618] CPU: 0 UID: 0 PID: 16618 Comm: syz.4.3031 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) 
[  756.557488][T16618] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  756.557495][T16618] Call Trace:
[  756.557500][T16618]  <TASK>
[  756.557506][T16618]  dump_stack_lvl+0x189/0x250
[  756.557531][T16618]  ? __pfx____ratelimit+0x10/0x10
[  756.557551][T16618]  ? __pfx_dump_stack_lvl+0x10/0x10
[  756.557571][T16618]  ? __pfx__printk+0x10/0x10
[  756.557601][T16618]  ? __pfx___might_resched+0x10/0x10
[  756.557619][T16618]  ? fs_reclaim_acquire+0x7d/0x100
[  756.557635][T16618]  should_fail_ex+0x414/0x560
[  756.557651][T16618]  should_failslab+0xa8/0x100
[  756.557664][T16618]  __kmalloc_cache_noprof+0x70/0x3d0
[  756.557674][T16618]  ? qfq_change_class+0xb65/0x10a0
[  756.557690][T16618]  qfq_change_class+0xb65/0x10a0
[  756.557711][T16618]  ? __pfx_qfq_change_class+0x10/0x10
[  756.557741][T16618]  ? lockdep_rtnl_is_held+0x26/0x40
[  756.557759][T16618]  ? qdisc_lookup+0x179/0x6d0
[  756.557782][T16618]  tc_ctl_tclass+0xaa0/0x1500
[  756.557815][T16618]  ? __pfx_tc_ctl_tclass+0x10/0x10
[  756.557828][T16618]  ? rcu_is_watching+0x15/0xb0
[  756.557840][T16618]  ? trace_contention_end+0x39/0x120
[  756.557854][T16618]  ? __mutex_lock+0x330/0xe80
[  756.557867][T16618]  ? __dev_queue_xmit+0x1cd7/0x3a70
[  756.557897][T16618]  ? __pfx_tc_ctl_tclass+0x10/0x10
[  756.557908][T16618]  rtnetlink_rcv_msg+0x779/0xb70
[  756.557924][T16618]  ? rtnetlink_rcv_msg+0x1ab/0xb70
[  756.557937][T16618]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  756.557950][T16618]  ? ref_tracker_free+0x63a/0x7d0
[  756.557960][T16618]  ? __copy_skb_header+0xa7/0x550
[  756.557972][T16618]  ? __pfx_ref_tracker_free+0x10/0x10
[  756.557989][T16618]  netlink_rcv_skb+0x205/0x470
[  756.558005][T16618]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  756.558019][T16618]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  756.558041][T16618]  ? netlink_deliver_tap+0x2e/0x1b0
[  756.558055][T16618]  ? netlink_deliver_tap+0x2e/0x1b0
[  756.558072][T16618]  netlink_unicast+0x75c/0x8e0
[  756.558092][T16618]  netlink_sendmsg+0x805/0xb30
[  756.558112][T16618]  ? __pfx_netlink_sendmsg+0x10/0x10
[  756.558131][T16618]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  756.558142][T16618]  ? __pfx_netlink_sendmsg+0x10/0x10
[  756.558157][T16618]  __sock_sendmsg+0x21c/0x270
[  756.558171][T16618]  ____sys_sendmsg+0x505/0x830
[  756.558189][T16618]  ? __pfx_____sys_sendmsg+0x10/0x10
[  756.558211][T16618]  ? import_iovec+0x74/0xa0
[  756.558227][T16618]  ___sys_sendmsg+0x21f/0x2a0
[  756.558244][T16618]  ? __pfx____sys_sendmsg+0x10/0x10
[  756.558280][T16618]  ? __fget_files+0x2a/0x420
[  756.558292][T16618]  ? __fget_files+0x3a0/0x420
[  756.558309][T16618]  __x64_sys_sendmsg+0x19b/0x260
[  756.558332][T16618]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  756.558353][T16618]  ? __pfx_ksys_write+0x10/0x10
[  756.558362][T16618]  ? rcu_is_watching+0x15/0xb0
[  756.558376][T16618]  ? do_syscall_64+0xbe/0x3b0
[  756.558391][T16618]  do_syscall_64+0xfa/0x3b0
[  756.558401][T16618]  ? lockdep_hardirqs_on+0x9c/0x150
[  756.558413][T16618]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  756.558423][T16618]  ? clear_bhb_loop+0x60/0xb0
[  756.558436][T16618]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  756.558446][T16618] RIP: 0033:0x7f158338ebe9
[  756.558458][T16618] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  756.558468][T16618] RSP: 002b:00007f1584229038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  756.558480][T16618] RAX: ffffffffffffffda RBX: 00007f15835b5fa0 RCX: 00007f158338ebe9
[  756.558488][T16618] RDX: 0000000000004000 RSI: 0000200000000200 RDI: 0000000000000003
[  756.558494][T16618] RBP: 00007f1584229090 R08: 0000000000000000 R09: 0000000000000000
[  756.558501][T16618] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  756.558507][T16618] R13: 00007f15835b6038 R14: 00007f15835b5fa0 R15: 00007ffe9e7528d8
[  756.558525][T16618]  </TASK>
[  756.946685][T14837] usb 6-1: new high-speed USB device number 6 using dummy_hcd
[  757.000342][T16620] kernel read not supported for file /blkio.throttle.io_service_bytes_recursive (pid: 16620 comm: syz.0.3032)
[  757.015476][   T30] kauditd_printk_skb: 8 callbacks suppressed
[  757.015497][   T30] audit: type=1800 audit(1755929589.989:336): pid=16620 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed comm="syz.0.3032" name="blkio.throttle.io_service_bytes_recursive" dev="mqueue" ino=53775 res=0 errno=0
[  757.115962][ T5846] usb 3-1: new high-speed USB device number 74 using dummy_hcd
[  757.136657][ T5846] usb 3-1: device descriptor read/8, error -71
[  757.152134][T14837] usb 6-1: New USB device found, idVendor=055f, idProduct=c230, bcdDevice=b6.ac
[  757.158473][T16627] netlink: 56 bytes leftover after parsing attributes in process `syz.4.3035'.
[  757.162303][T14837] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  757.187987][T14837] usb 6-1: Product: syz
[  757.197840][T14837] usb 6-1: Manufacturer: syz
[  757.206887][T14837] usb 6-1: SerialNumber: syz
[  757.222448][T14837] usb 6-1: config 0 descriptor??
[  757.256996][ T5846] usb usb3-port1: unable to enumerate USB device
[  757.267591][T14837] gspca_main: sunplus-2.14.0 probing 055f:c230
[  757.536910][    T9] usb 6-1: USB disconnect, device number 6
[  757.690315][T16641] netlink: 8 bytes leftover after parsing attributes in process `syz.4.3041'.
[  757.857956][T16643] netlink: 28 bytes leftover after parsing attributes in process `syz.4.3041'.
[  757.867135][T16643] netlink: 28 bytes leftover after parsing attributes in process `syz.4.3041'.
[  757.875701][T14837] usb 1-1: new high-speed USB device number 76 using dummy_hcd
[  758.036811][T14837] usb 1-1: Using ep0 maxpacket: 8
[  758.054016][T14837] usb 1-1: config 8 has an invalid interface number: 125 but max is 0
[  758.062456][T14837] usb 1-1: config 8 has no interface number 0
[  758.075163][T14837] usb 1-1: New USB device found, idVendor=0402, idProduct=5602, bcdDevice=26.ec
[  758.120771][T14837] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  758.149280][T14837] usb 1-1: Product: syz
[  758.153513][T14837] usb 1-1: Manufacturer: syz
[  758.170329][T14837] usb 1-1: SerialNumber: syz
[  758.198526][T14837] gspca_main: ALi m5602-2.14.0 probing 0402:5602
[  758.288232][T16646] Bluetooth: MGMT ver 1.23
[  760.487704][T16667] 9pnet_fd: Insufficient options for proto=fd
[  760.578415][T14837] gspca_m5602: Failed to find a sensor
[  760.583940][T14837] ALi m5602 1-1:8.125: ALi m5602 webcam failed
[  760.601594][ T5158] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[  760.614383][ T5158] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[  760.640334][ T5158] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[  760.664790][T14837] usb 1-1: USB disconnect, device number 76
[  760.676883][ T5158] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[  760.692724][ T5158] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[  761.464966][T16684] binder: BINDER_SET_CONTEXT_MGR already set
[  761.483075][T16684] binder: 16681:16684 ioctl 4018620d 200000000040 returned -16
[  761.503968][   T49] netdevsim netdevsim2 netdevsim3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  761.520551][T16684] binder: BINDER_SET_CONTEXT_MGR already set
[  761.526860][T16684] binder: 16681:16684 ioctl 4018620d 200000000240 returned -16
[  761.534634][   T49] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  761.737622][T16694] PKCS8: Unsupported PKCS#8 version
[  761.855193][   T49] netdevsim netdevsim2 netdevsim2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  761.898583][   T49] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  761.938799][T16700] netlink: 12 bytes leftover after parsing attributes in process `syz.5.3057'.
[  762.287975][   T49] netdevsim netdevsim2 netdevsim1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  762.338226][   T49] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  762.575305][T16700] netlink: 'syz.5.3057': attribute type 1 has an invalid length.
[  762.577259][T16710] netlink: 12 bytes leftover after parsing attributes in process `syz.4.3060'.
[  762.726384][ T5840] Bluetooth: hci3: command tx timeout
[  762.978091][   T49] netdevsim netdevsim2  (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  763.001234][   T49] netdevsim netdevsim2  (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  763.341671][T16672] chnl_net:caif_netlink_parms(): no params data found
[  763.638620][T16732] netlink: 12 bytes leftover after parsing attributes in process `syz.4.3067'.
[  763.786140][T16732] netlink: 'syz.4.3067': attribute type 1 has an invalid length.
[  763.923405][T16672] bridge0: port 1(bridge_slave_0) entered blocking state
[  763.941096][T16672] bridge0: port 1(bridge_slave_0) entered disabled state
[  763.955590][T16672] bridge_slave_0: entered allmulticast mode
[  763.973846][T16672] bridge_slave_0: entered promiscuous mode
[  764.010287][   T49] bridge_slave_1: left promiscuous mode
[  764.029291][   T49] bridge0: port 2(bridge_slave_1) entered disabled state
[  764.048564][   T49] bridge_slave_0: left allmulticast mode
[  764.054342][   T49] bridge_slave_0: left promiscuous mode
[  764.075348][ T5910] usb 6-1: new high-speed USB device number 7 using dummy_hcd
[  764.083302][   T49] bridge0: port 1(bridge_slave_0) entered disabled state
[  764.261673][ T5910] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  764.283648][ T5910] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  764.315305][ T5910] usb 6-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  764.340663][ T5910] usb 6-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  764.363172][ T5910] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  764.562124][ T5910] usb 6-1: config 0 descriptor??
[  764.669142][T16761] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3072'.
[  764.679300][T16761] openvswitch: netlink: push_nsh: missing base or metadata attributes
[  764.687886][T16761] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  764.796504][ T5840] Bluetooth: hci3: command tx timeout
[  765.280462][T16766] netlink: 12 bytes leftover after parsing attributes in process `syz.1.3074'.
[  765.305992][T16767] x_tables: duplicate underflow at hook 2
[  765.338833][ T5910] usbhid 6-1:0.0: can't add hid device: -71
[  765.344960][ T5910] usbhid 6-1:0.0: probe with driver usbhid failed with error -71
[  765.375973][ T5910] usb 6-1: USB disconnect, device number 7
[  765.499520][   T49] team0: Port device bridge1 removed
[  766.059222][   T49] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  766.071100][   T49] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  766.082313][   T49] bond0 (unregistering): Released all slaves
[  766.100104][T16672] bridge0: port 2(bridge_slave_1) entered blocking state
[  766.107558][T16672] bridge0: port 2(bridge_slave_1) entered disabled state
[  766.114952][T16672] bridge_slave_1: entered allmulticast mode
[  766.123194][T16672] bridge_slave_1: entered promiscuous mode
[  766.209136][T16772] netlink: 'syz.1.3074': attribute type 1 has an invalid length.
[  766.222156][T16775] netdevsim netdevsim0 netdevsim1: left allmulticast mode
[  766.257394][T16775] netlink: 148 bytes leftover after parsing attributes in process `syz.0.3077'.
[  766.283722][T16775] A link change request failed with some changes committed already. Interface netdevsim1 may have been left with an inconsistent configuration, please check.
[  766.439543][T16672] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  766.479464][   T49] : left promiscuous mode
[  766.619275][T16672] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  766.876767][ T5840] Bluetooth: hci3: command tx timeout
[  766.946127][T16810] Bluetooth: MGMT ver 1.23
[  767.468724][T16815] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3085'.
[  767.478108][T16815] openvswitch: netlink: push_nsh: missing base or metadata attributes
[  767.486438][T16815] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  768.218312][   T49] tipc: Left network mode
[  768.224462][T16672] team0: Port device team_slave_0 added
[  768.286689][T16672] team0: Port device team_slave_1 added
[  768.335825][   T49] 
[  768.338208][   T49] ======================================================
[  768.345218][   T49] WARNING: possible circular locking dependency detected
[  768.352238][   T49] 6.16.0-syzkaller #0 Not tainted
[  768.357248][   T49] ------------------------------------------------------
[  768.364253][   T49] kworker/u8:3/49 is trying to acquire lock:
[  768.370219][   T49] ffff88807c2b0e00 (team->team_lock_key#5){+.+.}-{4:4}, at: team_del_slave+0x32/0x1c0
[  768.379811][   T49] 
[  768.379811][   T49] but task is already holding lock:
[  768.387165][   T49] ffff888055bf8768 (&rdev->wiphy.mtx){+.+.}-{4:4}, at: ieee80211_remove_interfaces+0x133/0x6d0
[  768.397523][   T49] 
[  768.397523][   T49] which lock already depends on the new lock.
[  768.397523][   T49] 
[  768.407916][   T49] 
[  768.407916][   T49] the existing dependency chain (in reverse order) is:
[  768.416918][   T49] 
[  768.416918][   T49] -> #1 (&rdev->wiphy.mtx){+.+.}-{4:4}:
[  768.424652][   T49]        lock_acquire+0x120/0x360
[  768.429674][   T49]        __mutex_lock+0x182/0xe80
[  768.434712][   T49]        ieee80211_open+0xed/0x1f0
[  768.439851][   T49]        __dev_open+0x470/0x880
[  768.444712][   T49]        netif_open+0xaa/0x170
[  768.449478][   T49]        dev_open+0x125/0x260
[  768.454158][   T49]        team_add_slave+0xb36/0x2840
[  768.459446][   T49]        do_set_master+0x530/0x6d0
[  768.464560][   T49]        do_setlink+0xcf0/0x41c0
[  768.469496][   T49]        rtnl_newlink+0x160b/0x1c70
[  768.474690][   T49]        rtnetlink_rcv_msg+0x7cc/0xb70
[  768.480145][   T49]        netlink_rcv_skb+0x205/0x470
[  768.485435][   T49]        netlink_unicast+0x75c/0x8e0
[  768.490719][   T49]        netlink_sendmsg+0x805/0xb30
[  768.496001][   T49]        __sock_sendmsg+0x21c/0x270
[  768.501199][   T49]        ____sys_sendmsg+0x505/0x830
[  768.506485][   T49]        ___sys_sendmsg+0x21f/0x2a0
[  768.511685][   T49]        __x64_sys_sendmsg+0x19b/0x260
[  768.517144][   T49]        do_syscall_64+0xfa/0x3b0
[  768.522168][   T49]        entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  768.528583][   T49] 
[  768.528583][   T49] -> #0 (team->team_lock_key#5){+.+.}-{4:4}:
[  768.536759][   T49]        validate_chain+0xb9b/0x2140
[  768.542046][   T49]        __lock_acquire+0xab9/0xd20
[  768.547236][   T49]        lock_acquire+0x120/0x360
[  768.552269][   T49]        __mutex_lock+0x182/0xe80
[  768.557305][   T49]        team_del_slave+0x32/0x1c0
[  768.562426][   T49]        team_device_event+0x285/0xa20
[  768.567882][   T49]        notifier_call_chain+0x1b3/0x3e0
[  768.573512][   T49]        unregister_netdevice_many_notify+0x15d8/0x2320
[  768.580445][   T49]        unregister_netdevice_queue+0x33c/0x380
[  768.586681][   T49]        _cfg80211_unregister_wdev+0x165/0x590
[  768.592838][   T49]        ieee80211_remove_interfaces+0x49a/0x6d0
[  768.599162][   T49]        ieee80211_unregister_hw+0x5d/0x2c0
[  768.605056][   T49]        mac80211_hwsim_del_radio+0x275/0x460
[  768.611127][   T49]        hwsim_exit_net+0x584/0x640
[  768.616324][   T49]        ops_undo_list+0x497/0x990
[  768.621436][   T49]        cleanup_net+0x4c5/0x800
[  768.626375][   T49]        process_scheduled_works+0xade/0x17b0
[  768.632442][   T49]        worker_thread+0x8a0/0xda0
[  768.637547][   T49]        kthread+0x70e/0x8a0
[  768.642136][   T49]        ret_from_fork+0x3fc/0x770
[  768.647240][   T49]        ret_from_fork_asm+0x1a/0x30
[  768.652528][   T49] 
[  768.652528][   T49] other info that might help us debug this:
[  768.652528][   T49] 
[  768.662748][   T49]  Possible unsafe locking scenario:
[  768.662748][   T49] 
[  768.670205][   T49]        CPU0                    CPU1
[  768.675570][   T49]        ----                    ----
[  768.680930][   T49]   lock(&rdev->wiphy.mtx);
[  768.685434][   T49]                                lock(team->team_lock_key#5);
[  768.692899][   T49]                                lock(&rdev->wiphy.mtx);
[  768.699917][   T49]   lock(team->team_lock_key#5);
[  768.704861][   T49] 
[  768.704861][   T49]  *** DEADLOCK ***
[  768.704861][   T49] 
[  768.712995][   T49] 5 locks held by kworker/u8:3/49:
[  768.718097][   T49]  #0: ffff88801b2fb948 ((wq_completion)netns){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0
[  768.729854][   T49]  #1: ffffc90000b97bc0 (net_cleanup_work){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0
[  768.740389][   T49]  #2: ffffffff8f4fd310 (pernet_ops_rwsem){++++}-{4:4}, at: cleanup_net+0xf7/0x800
[  768.749714][   T49]  #3: ffffffff8f509f08 (rtnl_mutex){+.+.}-{4:4}, at: ieee80211_unregister_hw+0x55/0x2c0
[  768.759560][   T49]  #4: ffff888055bf8768 (&rdev->wiphy.mtx){+.+.}-{4:4}, at: ieee80211_remove_interfaces+0x133/0x6d0
[  768.770356][   T49] 
[  768.770356][   T49] stack backtrace:
[  768.776238][   T49] CPU: 0 UID: 0 PID: 49 Comm: kworker/u8:3 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) 
[  768.776259][   T49] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  768.776271][   T49] Workqueue: netns cleanup_net
[  768.776295][   T49] Call Trace:
[  768.776304][   T49]  <TASK>
[  768.776312][   T49]  dump_stack_lvl+0x189/0x250
[  768.776338][   T49]  ? __pfx_dump_stack_lvl+0x10/0x10
[  768.776356][   T49]  ? __pfx__printk+0x10/0x10
[  768.776378][   T49]  ? print_lock_name+0xde/0x100
[  768.776398][   T49]  print_circular_bug+0x2ee/0x310
[  768.776420][   T49]  check_noncircular+0x134/0x160
[  768.776442][   T49]  validate_chain+0xb9b/0x2140
[  768.776463][   T49]  ? lockdep_hardirqs_on+0x9c/0x150
[  768.776485][   T49]  __lock_acquire+0xab9/0xd20
[  768.776502][   T49]  ? team_del_slave+0x32/0x1c0
[  768.776523][   T49]  lock_acquire+0x120/0x360
[  768.776538][   T49]  ? team_del_slave+0x32/0x1c0
[  768.776560][   T49]  ? __mutex_trylock_common+0x153/0x260
[  768.776582][   T49]  __mutex_lock+0x182/0xe80
[  768.776600][   T49]  ? team_del_slave+0x32/0x1c0
[  768.776621][   T49]  ? rcu_is_watching+0x15/0xb0
[  768.776642][   T49]  ? team_del_slave+0x32/0x1c0
[  768.776664][   T49]  ? __pfx___mutex_lock+0x10/0x10
[  768.776682][   T49]  ? bond_netdev_event+0xd9/0xe80
[  768.776707][   T49]  ? __pfx___mutex_lock+0x10/0x10
[  768.776725][   T49]  ? __pfx_bond_netdev_event+0x10/0x10
[  768.776751][   T49]  team_del_slave+0x32/0x1c0
[  768.776774][   T49]  team_device_event+0x285/0xa20
[  768.776791][   T49]  notifier_call_chain+0x1b3/0x3e0
[  768.776813][   T49]  unregister_netdevice_many_notify+0x15d8/0x2320
[  768.776838][   T49]  ? __pfx_unregister_netdevice_many_notify+0x10/0x10
[  768.776859][   T49]  ? __lock_acquire+0xab9/0xd20
[  768.776881][   T49]  unregister_netdevice_queue+0x33c/0x380
[  768.776900][   T49]  ? __pfx_unregister_netdevice_queue+0x10/0x10
[  768.776921][   T49]  _cfg80211_unregister_wdev+0x165/0x590
[  768.776946][   T49]  ieee80211_remove_interfaces+0x49a/0x6d0
[  768.776966][   T49]  ? __pfx_synchronize_rcu+0x10/0x10
[  768.776986][   T49]  ? __pfx_ieee80211_remove_interfaces+0x10/0x10
[  768.777005][   T49]  ? rcu_is_watching+0x15/0xb0
[  768.777025][   T49]  ieee80211_unregister_hw+0x5d/0x2c0
[  768.777052][   T49]  mac80211_hwsim_del_radio+0x275/0x460
[  768.777079][   T49]  ? __pfx_mac80211_hwsim_del_radio+0x10/0x10
[  768.777107][   T49]  hwsim_exit_net+0x584/0x640
[  768.777128][   T49]  ? __pfx_hwsim_exit_net+0x10/0x10
[  768.777150][   T49]  ? __ip_vs_dev_cleanup_batch+0x238/0x260
[  768.777175][   T49]  ops_undo_list+0x497/0x990
[  768.777200][   T49]  ? __pfx_ops_undo_list+0x10/0x10
[  768.777225][   T49]  cleanup_net+0x4c5/0x800
[  768.777248][   T49]  ? __pfx_cleanup_net+0x10/0x10
[  768.777270][   T49]  ? _raw_spin_unlock_irq+0x23/0x50
[  768.777285][   T49]  ? process_scheduled_works+0x9ef/0x17b0
[  768.777302][   T49]  ? process_scheduled_works+0x9ef/0x17b0
[  768.777319][   T49]  process_scheduled_works+0xade/0x17b0
[  768.777351][   T49]  ? __pfx_process_scheduled_works+0x10/0x10
[  768.777374][   T49]  worker_thread+0x8a0/0xda0
[  768.777393][   T49]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  768.777421][   T49]  ? __kthread_parkme+0x7b/0x200
[  768.777443][   T49]  kthread+0x70e/0x8a0
[  768.777465][   T49]  ? __pfx_worker_thread+0x10/0x10
[  768.777482][   T49]  ? __pfx_kthread+0x10/0x10
[  768.777503][   T49]  ? _raw_spin_unlock_irq+0x23/0x50
[  768.777517][   T49]  ? lockdep_hardirqs_on+0x9c/0x150
[  768.777533][   T49]  ? __pfx_kthread+0x10/0x10
[  768.777553][   T49]  ret_from_fork+0x3fc/0x770
[  768.777570][   T49]  ? __pfx_ret_from_fork+0x10/0x10
[  768.777587][   T49]  ? __switch_to_asm+0x39/0x70
[  768.777606][   T49]  ? __switch_to_asm+0x33/0x70
[  768.777625][   T49]  ? __pfx_kthread+0x10/0x10
[  768.777646][   T49]  ret_from_fork_asm+0x1a/0x30
[  768.777672][   T49]  </TASK>
[  769.145608][T14837] usb 5-1: new high-speed USB device number 70 using dummy_hcd
[  769.156064][T16830] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3088'.
[  769.169558][   T49] team0: Port device wlan1 removed
[  769.182322][ T5840] Bluetooth: hci3: command tx timeout
[  769.198567][T16672] batman_adv: batadv0: Adding interface: batadv_slave_0
[  769.207020][T16672] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  769.235924][T16672] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  769.248676][T16672] batman_adv: batadv0: Adding interface: batadv_slave_1
[  769.257595][T16672] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  769.283975][T16672] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  769.321280][T16672] hsr_slave_0: entered promiscuous mode
[  769.328142][T16672] hsr_slave_1: entered promiscuous mode
[  769.334339][T16672] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  769.342463][T16672] Cannot create hsr debugfs directory
[  769.437303][T14837] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  769.449869][T14837] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  769.460994][T14837] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  769.474086][T14837] usb 5-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  769.483197][T14837] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  769.493501][T14837] usb 5-1: config 0 descriptor??
[  769.537484][T16822] caif:caif_disconnect_client(): nothing to disconnect
[  769.559610][   T49] hsr_slave_0: left promiscuous mode
[  769.575885][   T49] hsr_slave_1: left promiscuous mode
[  769.581824][   T49] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  769.595719][   T49] batman_adv: batadv0: Removing interface: batadv_slave_0
[  769.611342][   T49] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  769.625352][   T49] batman_adv: batadv0: Removing interface: batadv_slave_1
[  769.648664][   T49] veth1_macvtap: left promiscuous mode
[  769.654286][   T49] veth0_macvtap: left promiscuous mode
[  769.675401][   T49] veth1_vlan: left promiscuous mode
[  769.680778][   T49] veth0_vlan: left promiscuous mode
[  769.903881][   T49] team0 (unregistering): Port device team_slave_1 removed
[  769.942299][   T49] team0 (unregistering): Port device team_slave_0 removed
[  770.113036][T14837] usbhid 5-1:0.0: can't add hid device: -71
[  770.119641][T14837] usbhid 5-1:0.0: probe with driver usbhid failed with error -71
[  770.129206][T14837] usb 5-1: USB disconnect, device number 70
[  770.442032][T16672] netdevsim netdevsim2 netdevsim0: renamed from eth0
[  770.462253][T16672] netdevsim netdevsim2 netdevsim1: renamed from eth1
[  770.481681][T16672] netdevsim netdevsim2 netdevsim2: renamed from eth2
[  770.509225][T16672] netdevsim netdevsim2 netdevsim3: renamed from eth3
[  770.551638][T16672] 8021q: adding VLAN 0 to HW filter on device bond0
[  770.564755][   T49] IPVS: stop unused estimator thread 0...
[  770.571851][T16672] 8021q: adding VLAN 0 to HW filter on device team0
[  770.587051][T13289] bridge0: port 1(bridge_slave_0) entered blocking state
[  770.594174][T13289] bridge0: port 1(bridge_slave_0) entered forwarding state
[  770.608705][   T49] ------------[ cut here ]------------
[  770.614217][   T49] WARNING: CPU: 1 PID: 49 at net/xfrm/xfrm_state.c:3284 xfrm_state_fini+0x270/0x2f0
[  770.622096][T16672] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[  770.623670][   T49] Modules linked in:
[  770.636132][T16672] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  770.638116][   T49] CPU: 1 UID: 0 PID: 49 Comm: kworker/u8:3 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) 
[  770.658356][   T49] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  770.668504][   T49] Workqueue: netns cleanup_net
[  770.673407][   T49] RIP: 0010:xfrm_state_fini+0x270/0x2f0
[  770.679038][   T49] Code: c1 e8 03 42 80 3c 28 00 74 08 48 89 df e8 d8 e3 10 f8 48 8b 3b 5b 41 5c 41 5d 41 5e 41 5f 5d e9 36 f4 f1 f7 e8 81 fc b0 f7 90 <0f> 0b 90 e9 fd fd ff ff e8 73 fc b0 f7 90 0f 0b 90 e9 60 fe ff ff
[  770.679372][T13289] bridge0: port 2(bridge_slave_1) entered blocking state
[  770.698683][   T49] RSP: 0018:ffffc90000b97898 EFLAGS: 00010293
[  770.698707][   T49] RAX: ffffffff8a0f293f RBX: ffff88805d962080 RCX: ffff88801d6fbc00
[  770.698724][   T49] RDX: 0000000000000000 RSI: ffffffff8be1ba20 RDI: ffff88801d6fbc00
[  770.698740][   T49] RBP: ffffc90000b979b0 R08: ffffffff8fa0b3f7 R09: 1ffffffff1f4167e
[  770.698757][   T49] R10: dffffc0000000000 R11: fffffbfff1f4167f R12: ffffffff8f6054a0
[  770.698773][   T49] R13: 1ffff92000172f40 R14: ffff88805d963540 R15: dffffc0000000000
[  770.698789][   T49] FS:  0000000000000000(0000) GS:ffff888125d57000(0000) knlGS:0000000000000000
[  770.705944][T13289] bridge0: port 2(bridge_slave_1) entered forwarding state
[  770.768398][   T49] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  770.775022][   T49] CR2: 00007fe8998e35c0 CR3: 0000000034be8000 CR4: 00000000003526f0
[  770.783162][   T49] Call Trace:
[  770.786544][   T49]  <TASK>
[  770.789498][   T49]  xfrm_net_exit+0x2d/0x70
[  770.793955][   T49]  ops_undo_list+0x497/0x990
[  770.798636][   T49]  ? __pfx_ops_undo_list+0x10/0x10
[  770.803793][   T49]  cleanup_net+0x4c5/0x800
[  770.808341][   T49]  ? __pfx_cleanup_net+0x10/0x10
[  770.813315][   T49]  ? _raw_spin_unlock_irq+0x23/0x50
[  770.818774][   T49]  ? process_scheduled_works+0x9ef/0x17b0
[  770.824510][   T49]  ? process_scheduled_works+0x9ef/0x17b0
[  770.830335][   T49]  process_scheduled_works+0xade/0x17b0
[  770.835965][   T49]  ? __pfx_process_scheduled_works+0x10/0x10
[  770.841981][   T49]  worker_thread+0x8a0/0xda0
[  770.846680][   T49]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  770.853044][   T49]  ? __kthread_parkme+0x7b/0x200
[  770.858031][   T49]  kthread+0x70e/0x8a0
[  770.862127][   T49]  ? __pfx_worker_thread+0x10/0x10
[  770.867315][   T49]  ? __pfx_kthread+0x10/0x10
[  770.871926][   T49]  ? _raw_spin_unlock_irq+0x23/0x50
[  770.877520][   T49]  ? lockdep_hardirqs_on+0x9c/0x150
[  770.882808][   T49]  ? __pfx_kthread+0x10/0x10
[  770.887465][   T49]  ret_from_fork+0x3fc/0x770
[  770.892089][   T49]  ? __pfx_ret_from_fork+0x10/0x10
[  770.897269][   T49]  ? __switch_to_asm+0x39/0x70
[  770.902154][   T49]  ? __switch_to_asm+0x33/0x70
[  770.906988][   T49]  ? __pfx_kthread+0x10/0x10
[  770.911605][   T49]  ret_from_fork_asm+0x1a/0x30
[  770.916434][   T49]  </TASK>
[  770.919480][   T49] Kernel panic - not syncing: kernel: panic_on_warn set ...
[  770.926773][   T49] CPU: 1 UID: 0 PID: 49 Comm: kworker/u8:3 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) 
[  770.936681][   T49] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  770.946756][   T49] Workqueue: netns cleanup_net
[  770.951563][   T49] Call Trace:
[  770.954863][   T49]  <TASK>
[  770.957815][   T49]  dump_stack_lvl+0x99/0x250
[  770.962432][   T49]  ? __asan_memcpy+0x40/0x70
[  770.967054][   T49]  ? __pfx_dump_stack_lvl+0x10/0x10
[  770.972261][   T49]  ? __pfx__printk+0x10/0x10
[  770.976861][   T49]  panic+0x2db/0x790
[  770.980762][   T49]  ? __pfx_panic+0x10/0x10
[  770.985185][   T49]  ? ret_from_fork_asm+0x1a/0x30
[  770.990126][   T49]  __warn+0x31b/0x4b0
[  770.994113][   T49]  ? xfrm_state_fini+0x270/0x2f0
[  770.999076][   T49]  ? xfrm_state_fini+0x270/0x2f0
[  771.004036][   T49]  report_bug+0x2be/0x4f0
[  771.008372][   T49]  ? xfrm_state_fini+0x270/0x2f0
[  771.013313][   T49]  ? xfrm_state_fini+0x270/0x2f0
[  771.018250][   T49]  ? xfrm_state_fini+0x272/0x2f0
[  771.023190][   T49]  handle_bug+0x84/0x160
[  771.027435][   T49]  exc_invalid_op+0x1a/0x50
[  771.031942][   T49]  asm_exc_invalid_op+0x1a/0x20
[  771.036794][   T49] RIP: 0010:xfrm_state_fini+0x270/0x2f0
[  771.042349][   T49] Code: c1 e8 03 42 80 3c 28 00 74 08 48 89 df e8 d8 e3 10 f8 48 8b 3b 5b 41 5c 41 5d 41 5e 41 5f 5d e9 36 f4 f1 f7 e8 81 fc b0 f7 90 <0f> 0b 90 e9 fd fd ff ff e8 73 fc b0 f7 90 0f 0b 90 e9 60 fe ff ff
[  771.061959][   T49] RSP: 0018:ffffc90000b97898 EFLAGS: 00010293
[  771.068031][   T49] RAX: ffffffff8a0f293f RBX: ffff88805d962080 RCX: ffff88801d6fbc00
[  771.076039][   T49] RDX: 0000000000000000 RSI: ffffffff8be1ba20 RDI: ffff88801d6fbc00
[  771.084014][   T49] RBP: ffffc90000b979b0 R08: ffffffff8fa0b3f7 R09: 1ffffffff1f4167e
[  771.092164][   T49] R10: dffffc0000000000 R11: fffffbfff1f4167f R12: ffffffff8f6054a0
[  771.100141][   T49] R13: 1ffff92000172f40 R14: ffff88805d963540 R15: dffffc0000000000
[  771.108290][   T49]  ? xfrm_state_fini+0x26f/0x2f0
[  771.113241][   T49]  ? xfrm_state_fini+0x26f/0x2f0
[  771.118185][   T49]  xfrm_net_exit+0x2d/0x70
[  771.122597][   T49]  ops_undo_list+0x497/0x990
[  771.127192][   T49]  ? __pfx_ops_undo_list+0x10/0x10
[  771.132315][   T49]  cleanup_net+0x4c5/0x800
[  771.136751][   T49]  ? __pfx_cleanup_net+0x10/0x10
[  771.141691][   T49]  ? _raw_spin_unlock_irq+0x23/0x50
[  771.146894][   T49]  ? process_scheduled_works+0x9ef/0x17b0
[  771.152612][   T49]  ? process_scheduled_works+0x9ef/0x17b0
[  771.158338][   T49]  process_scheduled_works+0xade/0x17b0
[  771.163893][   T49]  ? __pfx_process_scheduled_works+0x10/0x10
[  771.169877][   T49]  worker_thread+0x8a0/0xda0
[  771.174470][   T49]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  771.180811][   T49]  ? __kthread_parkme+0x7b/0x200
[  771.185755][   T49]  kthread+0x70e/0x8a0
[  771.189833][   T49]  ? __pfx_worker_thread+0x10/0x10
[  771.194946][   T49]  ? __pfx_kthread+0x10/0x10
[  771.199556][   T49]  ? _raw_spin_unlock_irq+0x23/0x50
[  771.204787][   T49]  ? lockdep_hardirqs_on+0x9c/0x150
[  771.209988][   T49]  ? __pfx_kthread+0x10/0x10
[  771.214580][   T49]  ret_from_fork+0x3fc/0x770
[  771.219166][   T49]  ? __pfx_ret_from_fork+0x10/0x10
[  771.224279][   T49]  ? __switch_to_asm+0x39/0x70
[  771.229045][   T49]  ? __switch_to_asm+0x33/0x70
[  771.233813][   T49]  ? __pfx_kthread+0x10/0x10
[  771.238408][   T49]  ret_from_fork_asm+0x1a/0x30
[  771.243178][   T49]  </TASK>
[  771.246448][   T49] Kernel Offset: disabled
[  771.250769][   T49] Rebooting in 86400 seconds..