last executing test programs:

10.657899233s ago: executing program 1 (id=932):
mkdirat(0xffffffffffffff9c, &(0x7f00000001c0)='./file0\x00', 0x10)
bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0xf, 0x3, &(0x7f0000000440)=@framed, &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_device, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x80)
openat(0xffffffffffffff9c, &(0x7f0000000200)='./cgroup\x00', 0x900, 0xda)
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r0, 0x6, 0x13, &(0x7f0000000000)=0x100000001, 0x4)
connect$inet6(r0, &(0x7f0000000200)={0xa, 0x0, 0x2, @loopback}, 0x1c)
setsockopt$inet6_tcp_TCP_ULP(r0, 0x6, 0x1f, &(0x7f00000000c0), 0x4)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x82a}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x7)
r1 = getpid()
bpf$PROG_LOAD(0x5, 0x0, 0x0)
sched_setscheduler(r1, 0x2, &(0x7f0000000040)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbee2, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e21}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
keyctl$KEYCTL_PKEY_SIGN(0x1b, 0x0, 0x0, 0x0, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
bind$unix(0xffffffffffffffff, &(0x7f0000000100)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e)
r4 = socket$unix(0x1, 0x2, 0x0)
connect$unix(r4, &(0x7f0000000180)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e)
setsockopt$inet6_tcp_TCP_REPAIR_QUEUE(r0, 0x6, 0x14, &(0x7f0000000080)=0x1, 0x4)
setsockopt$inet6_tcp_TLS_TX(r0, 0x11a, 0x1, &(0x7f0000000140)=@gcm_128={{0x303}, "87ee8ac6c46dad33", "2607080d7f4fcf00fd4ef2dece6c7c58", '\x00', '#\x00'}, 0x28)
futex(0x0, 0x7, 0x1, 0x0, 0x0, 0x1)

9.363516968s ago: executing program 1 (id=936):
r0 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000340)=@newtaction={0x64, 0x30, 0x80d, 0x0, 0x300, {}, [{0x50, 0x1, [@m_ct={0x4c, 0x1, 0x0, 0x0, {{0x7}, {0x24, 0x2, 0x0, 0x1, [@TCA_CT_ZONE={0x6, 0x4, 0x800}, @TCA_CT_PARMS={0x18, 0x1, {0x2, 0x8, 0xffffffffffffffff, 0x4, 0x8}}]}, {0x4}, {0xc}, {0xc, 0x8, {0x0, 0x1}}}}]}]}, 0x64}, 0x1, 0x0, 0x0, 0x1}, 0x48080)

9.160729497s ago: executing program 1 (id=940):
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bind$bt_hci(r0, &(0x7f0000000000)={0x1f, 0xffff, 0x3}, 0x6)
write(r0, &(0x7f0000000340)="18000000010003", 0x7)
mkdirat(0xffffffffffffff9c, &(0x7f0000000280)='./file0\x00', 0x100)
socket(0x840000000002, 0x3, 0xff)
io_uring_setup(0x0, 0x0)
r1 = io_uring_setup(0x2c49, &(0x7f0000002240)={0x0, 0x0, 0x0, 0x3})
io_uring_register$IORING_REGISTER_EVENTFD_ASYNC(r1, 0x18, &(0x7f0000000000), 0x1)
socket$inet_icmp_raw(0x2, 0x3, 0x1)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000280)=0x2)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8)
syz_usb_connect(0x4, 0x63, &(0x7f00000002c0)={{0x12, 0x1, 0x0, 0xa1, 0xba, 0x14, 0x10, 0xb3c, 0xc002, 0xa39b, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x51, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x90, 0x0, 0x6, 0xee, 0x23, 0x3e, 0x0, [], [{{0x9, 0x5, 0x0, 0x10, 0x3ff, 0x9, 0x68, 0x80}}, {{0x9, 0x5, 0x2, 0x10, 0x40, 0x2, 0x2, 0x63}}, {{0x9, 0x5, 0x9, 0x10, 0x10, 0x0, 0x6, 0x1}}, {{0x9, 0x5, 0xf5ee16fb96974caa, 0x11, 0x400, 0x40, 0x0, 0xb3}}, {{0x9, 0x5, 0xf, 0x0, 0x40, 0x8, 0x5, 0x6, [@uac_iso={0x7, 0x25, 0x1, 0x1, 0x2, 0x45d5}]}}, {{0x9, 0x5, 0xb, 0x8, 0x8, 0x82, 0x6, 0x3, [@generic={0x2, 0xc}]}}]}}]}}]}}, 0x0)
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r3, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000340)={{0x14}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x3, 0x0, 0x0, {0x7}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWSET={0x70, 0x9, 0xa, 0x401, 0x0, 0x0, {0x7}, [@NFTA_SET_ID={0x8}, @NFTA_SET_NAME={0x9, 0x2, 'syz0\x00'}, @NFTA_SET_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_SET_KEY_LEN={0x8, 0x5, 0x1, 0x0, 0xd}, @NFTA_SET_EXPRESSIONS={0x2c, 0x12, 0x0, 0x1, [{0x14, 0x1, 0x0, 0x1, @last={{0x9}, @val={0x4}}}, {0x14, 0x1, 0x0, 0x1, @quota={{0xa}, @val={0x4}}}]}, @NFTA_SET_FLAGS={0x8, 0x3, 0x1, 0x0, 0x110}]}], {0x14, 0x10, 0x1, 0x0, 0x0, {0xa, 0x84}}}, 0xb8}}, 0x20050800)
r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='cpuacct.usage_sys\x00', 0x275a, 0x0)
bind$rose(r4, &(0x7f0000000040)=@full={0xb, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0x0}, @default, 0x2, [@remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x2}, @default, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x2}, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x2}]}, 0x40)
fcntl$lock(r2, 0x6, &(0x7f0000000000)={0x0, 0x0, 0x8})
fcntl$lock(r4, 0x26, 0x0)
fcntl$lock(r4, 0x26, &(0x7f0000000280)={0x1, 0x0, 0x2f, 0x9})
syz_usb_connect(0x5, 0x24, &(0x7f00000000c0)={{0x12, 0x1, 0x200, 0xe1, 0xf7, 0x8, 0x20, 0x3275, 0x85, 0xf769, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x2, 0x1, 0x40, 0x2, [{{0x9, 0x4, 0xbe, 0xc, 0x0, 0x7c, 0x56, 0x76, 0x80}}]}}]}}, &(0x7f0000000dc0)={0x0, 0x0, 0x0, 0x0, 0x2, [{0x2, 0x0}, {0x30, &(0x7f0000000c40)=ANY=[@ANYBLOB="30039dd9d7dfe8"]}]})
fcntl$lock(r4, 0x7, &(0x7f0000000140)={0x1, 0x1, 0x7, 0x90})

7.582948269s ago: executing program 2 (id=944):
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200))
openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x8946, &(0x7f0000000340)={'ip6tnl0\x00', &(0x7f00000002c0)=@ethtool_cmd={0x4f, 0x6, 0x8, 0x4fec, 0x4, 0x8, 0x1, 0x4, 0x2, 0x3, 0x95, 0x400, 0xfff7, 0x8, 0x6, 0xc3, [0x1, 0x9]}})
sendmsg$nl_generic(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x14}}, 0x0)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000a40), 0x40400, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r1 = openat$procfs(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/partitions\x00', 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
r4 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$pppl2tp(0xffffffffffffffff, &(0x7f0000000240)=@pppol2tpin6={0x18, 0x1, {0x0, r4, 0x9, 0x0, 0x1, 0x0, {0xa, 0x1, 0x0, @rand_addr=' \x01\x00', 0xfffffffe}}}, 0x32)
ioctl$KVM_SET_GUEST_DEBUG(r3, 0x4048ae9b, &(0x7f0000000300)={0x70001, 0x0, [0x40000000000, 0x64f, 0x6, 0x6, 0xfffffffffffffffc, 0x4ffff, 0x29]})
bind$inet6(r1, &(0x7f0000000200)={0xa, 0x4e21, 0x4, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', 0x8}, 0x1c)
syz_kvm_setup_cpu$x86(r2, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000080)=[@textreal={0x8, &(0x7f0000000000)="f20f1c0166b864912c870f23c80f21f866350c0080000f23f80f01fc0f20e06635000010000f22e00f20c06635000000400f22c00f1c9700000f01c566b9a001000066b80400000066ba000000000f30c0dbb6660f3adf932700de", 0x5b}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_RUN(r3, 0xae80, 0x0)

6.901985621s ago: executing program 3 (id=945):
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000300)={0x6, 0x10, &(0x7f0000000580)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf09000000000000550901000700000095000000000000006100000600000000bf91000000000000b7020000000000008500000000000000b700000000000000950000000000000060196912bf8bed129121bb22faf6c7f85805ed09fdb7048b325afa3086e6fea310568bd551217363fc977f29f449cf87d8ac8cdfcaf0c0e615e4c2706210cca97abea2d25edf6d0bf96ffe90149cd0f2a881b918efe1c88f1ed97cd9005d9f12b4449ad0"], &(0x7f0000000100)='GPL\x00', 0x4, 0x103, &(0x7f0000000140)=""/259}, 0x23)
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
sendto$inet(r0, &(0x7f0000000000)="620e820c9a512d88e10251b215cdf0d3dcee5d2980dacd77e7defa7b0a54a055393ccc8508", 0x25, 0x0, &(0x7f0000000040)={0x2, 0x4e21, @multicast2}, 0x10)

6.847407292s ago: executing program 3 (id=946):
mkdirat(0xffffffffffffff9c, &(0x7f00000001c0)='./file0\x00', 0x10)
bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0xf, 0x3, &(0x7f0000000440)=@framed, &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_device, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x80)
openat(0xffffffffffffff9c, &(0x7f0000000200)='./cgroup\x00', 0x900, 0xda)
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r0, 0x6, 0x13, &(0x7f0000000000)=0x100000001, 0x4)
connect$inet6(r0, &(0x7f0000000200)={0xa, 0x0, 0x2, @loopback}, 0x1c)
setsockopt$inet6_tcp_TCP_ULP(r0, 0x6, 0x1f, &(0x7f00000000c0), 0x4)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x82a}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x7)
r1 = getpid()
bpf$PROG_LOAD(0x5, 0x0, 0x0)
sched_setscheduler(r1, 0x2, &(0x7f0000000040)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbee2, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e21}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
keyctl$KEYCTL_PKEY_SIGN(0x1b, 0x0, 0x0, 0x0, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
bind$unix(0xffffffffffffffff, &(0x7f0000000100)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e)
r4 = socket$unix(0x1, 0x2, 0x0)
connect$unix(r4, &(0x7f0000000180)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e)
setsockopt$inet6_tcp_TCP_REPAIR_QUEUE(r0, 0x6, 0x14, &(0x7f0000000080)=0x1, 0x4)
setsockopt$inet6_tcp_TLS_TX(r0, 0x11a, 0x1, &(0x7f0000000140)=@gcm_128={{0x303}, "87ee8ac6c46dad33", "2607080d7f4fcf00fd4ef2dece6c7c58", '\x00', '#\x00'}, 0x28)
futex(0x0, 0x7, 0x1, 0x0, 0x0, 0x1)

6.790779363s ago: executing program 0 (id=947):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20000008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x1, &(0x7f0000000200)=0x7)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0xb, &(0x7f0000000380)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020000000000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000300)='rcu_utilization\x00', r3}, 0x10)
syz_emit_ethernet(0x32, &(0x7f0000000080)={@link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x1}, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x1f}, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0x24, 0x0, 0x2, 0x0, 0x11, 0x0, @empty, @empty}, {0x0, 0x7, 0x10, 0x0, @gue={{0x2, 0x1, 0x3, 0xfd, 0x100, @val=0x80}}}}}}}, 0x0)
r4 = socket$inet_udp(0x2, 0x2, 0x0)
bind$inet(r4, 0x0, 0x0)
r5 = socket$inet6_tcp(0xa, 0x1, 0x0)
openat$audio1(0xffffffffffffff9c, &(0x7f0000001300), 0x20002, 0x0)
connect$inet6(r5, 0x0, 0x0)
r6 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="180000000020000000000000f9ffff0b85000000ae000000850000000700000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000480)={&(0x7f0000000040)='sys_exit\x00', r6}, 0x90)
openat2$dir(0xffffffffffffff9c, 0x0, 0x0, 0x0)
setsockopt$inet6_tcp_TCP_ULP(r5, 0x6, 0x1f, &(0x7f00000002c0), 0xffb2)
r7 = add_key$keyring(&(0x7f00000001c0), &(0x7f0000000240)={'syz', 0x1}, 0x0, 0x0, 0xfffffffffffffffe)
keyctl$KEYCTL_MOVE(0x1e, r7, r7, 0x0, 0x0)
r8 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r8, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000001340)={0x12bc, 0x3c, 0x107, 0xfffffffc, 0x25dfdbff, {0x2, 0x7c}, [@nested={0x12a6, 0x48, 0x0, 0x1, [@typed={0x8, 0x92, 0x0, 0x0, @fd=r5}, @nested={0x17c, 0x1a, 0x0, 0x1, [@typed={0xc, 0x124, 0x0, 0x0, @str='keyring\x00'}, @typed={0x8, 0xce, 0x0, 0x0, @pid}, @nested={0x14e, 0x7f, 0x0, 0x1, [@typed={0x14, 0x113, 0x0, 0x0, @ipv6=@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01'}, @nested={0x4, 0xae}, @generic="8f5fe9db90ab165a251e3a6b5f8d74b93eb7e1cfb553c7d8f8928c6eb8720b3e57d3c4cbd2a7c60fdcf33e25d564a74b3b529f27c4bf4f4f5484826fc3979c", @generic="d3a85a60ef6df3cab8300e91c72c095fe423ae688779a78116b35c2bfb8fb98fad22219d2786377a5e9e1c2228068dd69bf7d530223c7cd7c59519cd460450313595fe362c533b8f31188374db4e0c1354deae2128488ef55c49aaf2df77606592a27295e019c9490d47ddb14dc641f5865c5d0c4e288c254f587500833dafeb49942604b1d6f32cba954cc11135eb6c657c598c5aa63a3914f1600f5798d5abb4642afdd49e50f9cb4164d77185c8acbd91a888cf52f750bc0074a13bef8f915951d6313ad7bd02482e27510f9819983a4bb766d26397c78f439089c5c2ce", @typed={0x14, 0x63, 0x0, 0x0, @ipv6=@private2={0xfc, 0x2, '\x00', 0x1}}]}, @nested={0x8, 0x36, 0x0, 0x1, [@nested={0x4, 0xdf}]}, @nested={0x4, 0x13}, @typed={0x8, 0x8b, 0x0, 0x0, @ipv4=@loopback}]}, @generic="74a041e2b69f776987b3420ec356e343ae1575e8b202476b36b70f9aa301fb72dd496c77fe3f3b4b05baadf7fe4ed93c3a17a5b502c83f0224214f9ed61bb559922932c1cf00acef7e9846be219cc2d0b352ba1ac55ddd12101638258d7c2b14425d587929272c7cd493d35a59962d9792ed928c5325e7c5fe0b9d710c20f92df8ca8990570652a309f14ed5386692c104b32eafa259adda550803876db93520d7fbab49a5d4ab04f8370b32e50e7888ac1fb573a4f2eacea7a9e6c694ba8356ef16263524ea69fe188bd6f37f7ee9bd21c2a4108da6beb868ecef60e8d95eadf1f84fa386dd7406c2072baa3311625dddebdf270df0800893c1f6ea9f6d74a62750f2c81cd66d16aa6d7bef5c3b57138b464708f19392b68f5d18ea59ffa9836a72d5c5380687cadaf94fabe720e1cf1b38aa5be5f10af47b134c752407adbd60e9802d2eaa4956b6804c4b2d90ab627bb3c65a47077b0a8d9aba6ec4ae725dc88883dd564235a2a729e47f29dead60a9409385cc65b65d945807afa866aa8176400fbbd5e11a430fa8fd7de96d858bd06b5f6aaa215060eae6a39b9c7a5c181d61bf7dd72f7efc32cb0887c41ca57fb5feff5c1f9901669945f91c68d17bdd0405ab0f19df2cffbf07b83e5e6a6638bb1a14fbd475e4353f7d634878472ba74eca4a746284f77bb8dd8e2b4f786bb7ffc82a897b43dfbd34e9583a434da99da89451b18aa4b7104b244abbac6d118e3bd7f819db3391954d0da0a0e1c5131f75a30313daa8f2be8eb5a9c33fa2013638bfd00f44e799bf8d2eeed1ad5a223d022cea74beb31a6c5cf1f97b32e85f475c612d5d08b8e6fe5f9a9d30cf7d511f02bc957df9bf7103bed0a97ec5a8f121733e7135e09ead6b59b6c4878124518baa16b892c408b0bc18425005fd81a2e5991cf6118315e43e655e47d4999ec618b5032c2f6b5610cef830a5c5385e4b0f6ad87c85dab4418e126bf09603f031e7dc0d7729844c15d6f96d9f53b396680dcb9792fe3500a52a0a5d79c45e58985f0345ab6b022618ed278d529baf0a092f5a7d79edcd0f5f4d84bb64fce5859942b2aa11d05e2647d8f5401c3e48bbd556bc5d07f6a375725eb931eadf7630c401a5620d1d044531aa2123001f1ecb8335e11ab391ba98615bab7d16929c9d50f22f876356edb9ee5cc6b8d821e210b8ff29e153f7643ebbae2d52db99e8a78e87974f29493476ce906bdb8af96c2790dd664ac587118c750060d6ba027e6e2b5c934803aa3b67688765a861aba762f46cc354729e83cffc2cd064b7750daa3f02cf194925bbcd6b9bbeb1aa7465440141cb7c5e7437e6619e68b39f6a73abbc1398edb5d2c70f56e8b8f6eb1974b050db287093448e3ba9aa2f001d47b95e18de4eda5367e04f44b4d208da6232e4e468cb62af558c528603d4ca28ef160b2327901afb501c4c0c91188d4328198a054e41b10731695f8ce11dee5d850fc398da5c686d21d6d0743265716f4949dc68801cb95de192e87a7027846c79674972d1ff2c8e1515b214193839a9650b07554fbb5910de9acc7723461ff31b6f8cad60947b92de9c1c4e06d2780d8807fa35ca5f9069057dc50c1c9e0c7b6cbf80470680695e9f2f034a03b6099afaa57fa5641b64584892d526f6b653790f06c9a0f699adc830529e3b591dcadfe95d6cf29c64fc7752dea2cbca365ce27af2b66403fe61f95733a8e91f6f1131641365cc2f510a239571747bb09e7c7e6c3ec53bfaf1e102574d3ff7c1ec7f061ac95c44b1fa44ebd77cc58ea91319dc7300f8fc996cf7921aac9d207f33798f614d611b8dff0d9fd5045eda1ffd082346184a72e25cb9db8b7d7f36854fbd42101b77d06372ee67a2217cfa7e90de36cea1e13c6bc5c7256008aad6a1fd7a201b847179cc4f781a5c2574ff98d59c368eeba44a07facc2a6f04e1a56c63635d3cd745e369be9c7136530f7b0838bd5783b8cbfcda2c6cae6d4bae6f2d409f2c9a3742b6292033fb1938915ff581cc9c3698f572d4eb7fba45028031edaf8e755c1fbec9c9d8eca52d6f0d4c68abf963c890ecf489eb8e46acc9ad3237a5c0554fa18293ca4ec3e80ae4a8a949f62a14afd23ec2607855b45efdd9fce058002826cf3232fe4f637f86274a6bc726a3f513c5085f13cb4469a7a4e7614d5abd8e41b8023ac815ca6cca000d3c8932d3e4030c0974b37bb5df66e55b469316e82297f769259b52effd69c6272965866c05fb6f33561f3dc55648f26530cd876a4168b3864a07ce741db2b28fadaa6c26693626a7980ae64ac837a83206172519c54f18f0f28bb901fe93cf91c3c35bc0e96cff6f1f40d22bbd4806c741e179a807a060214c18948a4d4056c51e97b2ac1893e4aa13b556af4910cb4cab972f2a32a73eed452d2efc5d551279a3780ca2aae4e9cc1f5d446aca414abe141ee0b9816ac3c6b7531a5594c371d5c9d143202d15d0e9891334ac62180e2eac5f539024b92f77a3dec4d09d473323cfb233d2102fef6f28cbac1794d12462a38891058c5280b7a4c30f4397484970b298a93d3781f81c0638290f219f73ea2dab9b6337f769d839c6be9e4b50db600be50f9455605d3264177c55474ba8bee815e58c87cf58b3e55163299dd30e800e44e763de4261b01fb6ff618ec94fd30ee124fb87b79842359817861fcd9582510420495fde9a8bd34e44948d7b13051613809dd104e4d0d3922f39cddec40146d1bfb077a9829c8c11e0b9eb56eb2c661b12d2c79d055d76632d700b6e85cbe5813465b81e4b89f53ffa586b6237b7e507dc6ade8229cc36ddf9b6a11d50c5c64ddc383d3936bfa1e4bfc8c3df71e10309706fbb65578612aa462fc59aa96e242d2cefc7bdaea14c8e5d7f159fc765107e41a82f2feeb93801b7524503df70cb4f81f5ce1d3f7440905156ef60f57ca85759ff8dd9038ce754fc121a06481c3324d5af1309362b38b11b73fd482ad74064e638ba24938f31b37bfbdb6e9513850eb8daa04cd7b7c6b196cdd041bb6fcd690176a597449b7835806b2b8fd78c5c40b408ff94c10cf6b04df6ec0528dc1568ed42e05647bf26253e42fe54a23c6b9d7f869940383bf011578582c044f5cecd3c01182a2fcca45b86fd6b9ee599d7d3427b09ee459d675dadf6a7b3a18ce30a9afab5d10e3e14ae41f8ec3bf3fa7a40c8c5d7def1490c0809b7fea8e592a640f6e3d99d5a83d7356f0d0919a48f79b5b588039f0f6b3b6859904091e7540654575e9705aaf4cf7b8bbbd427196bde1d21ec8d18fc0d167c6b81938fc2f48fac08036091e3f7c75be6e61a6136be4deb7886145dc28d9f1b015e2a2934f57c87b4fa684281d909fd81b9ba316cfa8a7336f667aa93bc5bdecb0fcd00d0389c1714452d20037c7bd6f52d151ab26d0776a739f79eb44ad3a245a20b9e790537f8a4eb00686dfad3b44f9847c86533c225fc42a33e89acd6a27b858da6128b5251290755f1f31e8d543af45890405339b5311b4379db4e82a3bc15c7bb71f47bfccec933a2307a367ee3cdc43d36f3900353f9d84f5ce18c5942ce74ff400a0dfbde99cabcafc5db3b42d795c3a92b6366f06d8c5b3ae794b8ef5a64f4460bab8b887d2608fc86ce69d965ffc55cccd63aba107ce28e9f33cad4f71d0bdefe72ba88006eb6e533eb10320d9fe35489426be4453d965084db8723a9c58b4339c7be5b33eb6be4d437e64bc7f9d4975922a9777cb717e4ce67677c975982967c78cc1c66265563cbbd12301013ad709c871e0ce2626d95440dcd2ce58e0b975ac560753412fb2a9b9ed0b45fa854bbad290da7b8f53694a6acee284ce171a0a597a95db76636cebb5f519e56f322ba989a0a2bca532da9b9d023210b3613000ebc3b2cd7b287155484020fe8a49e47ce352f05ce5ef4ae262b8375d0d2ec194c5b7d463450200f8207cb9c4123163caca78d8277da03f79fd633c1c497dab878f9a0670998bb28de421bb55bf9498d1edeed07926b6ba664e37c608118a0523fd770346fe18b20a34e75c2c0321106593f3b805fde6000f23cf4c731b68476fac9384fbde3981928ba4b952cc26a1bbcef7c465fd3fbd6203d91768b58e1299dad7a080e82610bb44af32250be72ed759a9ab9a97f23637a482994c39fd5a2004890226d7446645c9ff3b34647c4c9e5463ee78a92d588cab7a02edf89dd493834de0710fa770f9da32da8e27d4d6b2b19ce9fc562f9f329992a616c57c45b57afae4f59ea56aa2590c6513726e98108846474237567d2e9f7c9a51a861da47fc7da1b0537cbef82db7a1cbc983820dc7258bfea73dacce525825029e735a28efdd194d769ce2185f311281a55d72df12d2bbbaa82740aaa81fe307d166a3e091aadb73a349ce5dde2c74924be4f93e2432b6a0dbe3d6dadfd914437c0731b13551dd54a1b8e25dc2d7ecc5df45fb0d961baa6dc191d7faee0a9a5f9210975c74878f96d68d081a58916f67551b5adffd8688a84f110013f7e1eea3f5c9d716030229a276064564e8b7b3634a7f45ee46c2cd55f04c4cb40e4c39c79d28afd90a3a272d3f577aac0b0026728b420366ce1ac5abf28df4677041fc5016414cae4f73635c61ac6c5b03cca3b7419c860e276bc91b2c67f9bb7f2bcabdf43bd434669fa99871ea00271b9ac294d6f42cacd8d6e92113bcb719b7003c7fe2e38ddb885d010262141952c37c4d9444ca2cd3c99299be8051387f2a8151d5f2d55e5ea2c59036e3298c88ead90e6d41c5e3973391f7b162fe3c3116157971c11d89cef608a60bb2dcec0757899d2674dfc1fc2a1d795af4d132efc0fef436338acd7aa7ac8c33e9741fcc2c996049e43af2754b54f0b65d80e346421ea970f16a3f5846f0dd76c1012b44fb441de1c5062f7b19bb08279886157924353acedb91def281cbbeab9f71eed858b79f05fe3ee47ed0dea0145cecc97e751278ec009ddbee4e7e9badc213393906a27708474518a657fb0dfb4e97d410dd9d18edb4abbc8a972982a05f82bdc3aaba603f2a30ca28a8450842b5da76aba11e88bb22ab97bffab947f8c894a6914c919e6454b9a64f78725957220146a2f5799303008a7fa7deae982853faf3817b8fa4d4348af5d6a4ea17d79d50481bf5852ab6df2c0de004d5424b3e11f669e8c7d14305432b40e472074d395f9b4e6f8c9c3b99cef8a1d9436afff7d6f98220d3809983b659e05d5367346b3a2ec7ec1fa141b0981b841026d8a4001beec162b6b0e565fa98538b0da1a96a97ebfb2e0f9789e906b764cce70fb9d07ae3d85110fb0a04c69f750e2c39703d677ccce2f3173116859b68f66075769154f7121fe489ddf75b7dd964c726eaced227312ae5566cd21e5b2ba8719d8401940cccc88100535cfa9a035d548f72ecac36cc1fe481fd67ca19d452cf6237aa207671bbc781040d261255cac0653a76bcfc26e348e1a4a59157f5b2dbcecaf38e5c4a7f9920e4af96989703a7c9b4905da672bd463d990018cf5c665e7299b19d8753a6b819f1bb0bd8e6b6fdf665f7e52bad7a2537c436932ea3ade574695142b25ebaad20d105c6a2c24462f1eb412056141372b9737ee2150cb5fd9a5a5de7b31990fa8ce307943f4f1617e83ba24c4cf4d6ec387202efb99e6c2109547646af3384cb260c69bb02e1824642048b036ab4d745473e84d24147218a5012f44d239966533d0b6c090ad6bdf716c307849b3920b9657b3826a3c4da324de7fbea27228538c72b73019964d6b0a9361a170d30f1f35", @typed={0xc, 0x3, 0x0, 0x0, @u64=0x4}, @nested={0x3f, 0x12c, 0x0, 0x1, [@typed={0x8, 0x85, 0x0, 0x0, @fd=r3}, @generic="1fc968e24a13f26c8775a3198a90e4", @nested={0x8, 0x94, 0x0, 0x1, [@nested={0x4, 0x9f}]}, @nested={0x1c, 0x6e, 0x0, 0x1, [@typed={0x4b, 0x1c, 0x0, 0x0, @pid=r0}, @nested={0x4, 0x93}, @nested={0x4, 0x4c}, @nested={0x4, 0x150}, @nested={0x4, 0x6a}]}]}, @generic="3150fa91794fda3779d2afd86ab26eee6460dffe1aecb65d08a2ec27bdbb87fd7e545321cc2b0223a66565be66a79a0fdff5e41fd0d64a284b0eb48088c3d76619867829aeff105b7b54f5b287975240b75bee01e02aaed1fa27937fb513d0974f110d82fb7234744e9e0218e54e8b16f9467bae7ebd3c02a6f6e844ff924c57e1a3135bf0afd31e3ae943713a64b68eaa9f4fff3237062bfa88683f5497d8be6d559b130ad2f2dd5c28572e4b23024c6e26530f9325fc7f41c62293a811ba37ca75f27d15166f6bdc12f18696786b531f99"]}]}, 0x12bc}, 0x1, 0x0, 0x0, 0x88c4}, 0x0)
r9 = openat$sw_sync(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$SW_SYNC_IOC_CREATE_FENCE(r9, 0xc0285700, &(0x7f0000000140)={0xffffffff, "030000000000000023000000debd12ffff00000000000000000020000400"})
openat$fb0(0xffffffffffffff9c, 0x0, 0x800, 0x0)
syz_io_uring_setup(0xbdc, &(0x7f0000000640)={0x0, 0xec25, 0x8, 0x0, 0x40000335}, &(0x7f0000000500), &(0x7f0000000300))
syz_open_procfs(0x0, &(0x7f00000001c0)='maps\x00')

6.097120421s ago: executing program 2 (id=948):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000400)={0x17, 0x5, &(0x7f0000001980)=@framed={{0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2e78}, [@map_idx_val={0x18, 0x0, 0x6, 0x0, 0x9, 0x0, 0x0, 0x0, 0x2}]}, &(0x7f0000000140)='GPL\x00', 0xd, 0xfe7, &(0x7f0000001e00)=""/4071, 0x40f00, 0xd, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value=0x102}, 0x94)

5.970714019s ago: executing program 1 (id=949):
sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000480)={0x0, 0x0, &(0x7f00000000c0)={0x0, 0xfc}, 0x1, 0x0, 0x0, 0x60004800}, 0x40000)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x3, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x18)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
getpid()
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
r3 = syz_open_dev$vcsu(&(0x7f00000001c0), 0x8000, 0x400e00)
ioctl$NBD_PRINT_DEBUG(r3, 0xab06)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
creat(&(0x7f0000000580)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x0)
listen(0xffffffffffffffff, 0x0)
connect$unix(0xffffffffffffffff, &(0x7f0000000280)=@file={0x0, './file0\x00'}, 0xfffffffffffffc45)
r4 = syz_open_dev$video4linux(&(0x7f0000000080), 0x6d6b, 0x480)
ioctl$VIDIOC_QUERYMENU(r4, 0xc008561c, &(0x7f0000000000)={0x980900, 0x81, @value=0x327})
openat$null(0xffffffffffffff9c, &(0x7f0000000000), 0x6040, 0x0)
r5 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(r5, 0xc01064b5, &(0x7f0000000140)={&(0x7f0000000100)=[0x0], 0x1})
ioctl$DRM_IOCTL_MODE_SETGAMMA(r5, 0xc02064a5, &(0x7f0000000500)={0x0, 0x0, 0x0, 0x0, 0x0})

5.854088636s ago: executing program 2 (id=950):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x2, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x0, 0x3, 0x0, 0x3d70000000, &(0x7f0000ffe000/0x2000)=nil})
ioctl$KVM_CAP_SPLIT_IRQCHIP(r1, 0x4068aea3, &(0x7f0000000000)={0x79, 0x0, 0x56d})
r2 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000040), 0x62181)
r3 = syz_open_dev$dri(&(0x7f0000000000), 0x1, 0x0)
mmap(&(0x7f0000002000/0x3000)=nil, 0x3000, 0x1000004, 0x13, r3, 0x100000000)
ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r2, 0xc08c5332, &(0x7f0000000280)={0x0, 0x200, 0x0, 'queue1\x00'})
poll(&(0x7f0000000080)=[{r2, 0x81}], 0x1, 0x2000009d)
write$sndseq(r2, &(0x7f0000000000)=[{0x84, 0x77, 0x0, 0x0, @tick=0x1f000000, {}, {}, @raw32={[0x2600]}}], 0xffc8)
ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x2)

5.711242559s ago: executing program 3 (id=951):
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000004c0)=ANY=[@ANYBLOB="3c010000190001000000000000000000e0000001000000000000000000000000fe8000000000000000000000000000aa4e220000000000000a00000000000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="00000000000000000104000000000000feffffffffffffff030000000000000000000000000000000000000000000000000000000000000001000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001000000000000008400050020010000000000000000000000000000000000002b00000000000000000000000000000000000000000500000000000002000700000000000000000000000000e00000020000000000000000000000004000000033"], 0x13c}}, 0x20040880)
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
bind$inet6(r1, &(0x7f0000000040)={0xa, 0x4e22, 0x8000, @empty, 0x3}, 0x1c)
listen(r1, 0x3)
syz_emit_ethernet(0x4a, &(0x7f0000000240)={@local, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x1}, @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, '\x00', 0x14, 0x6, 0x1, @remote, @local, {[], {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x0, 0x5, 0x2, 0xb00}}}}}}}, 0x0)

5.692863977s ago: executing program 0 (id=952):
unshare(0x60480)
mkdirat(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', 0x84)
syz_open_procfs(0x0, &(0x7f0000000000)='net/xfrm_stat\x00')
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20000008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x11, 0x8, &(0x7f0000003900)=ANY=[@ANYBLOB="620af8ff0c200021bfa100000000000007010000f8ffffffb702000003000000bd120000000000008500000006000000b70000000000000095000000000000003faf4f1e7f2aa3d9b18ed81c0c869b51ec6c0af4e0e4a9446c7670568982b4e020f698393aa0f3881f9c24aa56f15199fad0093c59d66b5ece9f36c70d0f13905ea23c22624c9f87f9793f50bb546040677b0c5077da80fb982c1e9400e693146cea484a415b76966118b64f751a0f241b07080008002d75593a286cecc93e64c227c95aa0b784625704f07a72c234664c0af9360a1f7a5e6b607130c89f18c0c1089d8b853289e01aa27ae8b09e00e79ab20b0b8e1148f49faf2ad0000000000000006fa03c6468972089b302d7bf6023cdcedb5e0125ebbc08dee510cb2364149215108333719acd97cfa107d40224edc5465a932b77e74e802a0d42bc6099ad2300000080006ef6c1ff0900000000000010c63a949e8b7955394ffa82b8e942c89112f4ab87b1bfeda7be586602d985430cea0162ab3fcf4591c926abfb0767192302000000b0eea24492a660583eecb42cbcd3de3a83209da17a0faf60fd6ad9b97aa5fa68480366c9c6fd6fa5043aa3926b81e3b59c95c25a573dc2edcaea2b1a52496dfcaf99431412fd134a996382a1a04d5bb924cfe5f3185418d605ffff9c4d2ec7c32f2095e63c80aff9fa740b5b7632f32030916f89c6dad7603f2ba2a790d62d6faec2fed44da4928b30142ba11de6c5d50b83bae613402216b5054d1e7c13b1355d6f4a8245ffa4997da9c77af4c0eb97fca585ec6bf5af51d564beb6d952aab9c70764b0a8a7583c90b3433b809bdb9fbd48bc873495cbff8a326eea31ae4e0f7505ebf6c9d13330ca005ace1a84521f14518c9b476fccbd6c712016219848624b87cec2dbe98223a0eb4fa39f6b5c02e6d6d90756ff57902a8f57000000009700cf0b4b8bc2294133000000000000000000030000000000000000000000000010008bc0d9559711e6e8861c46495ba585a4b2d02edc3e28dd271c896249ed85b980680b00002b435ac15fc0288d9b2a169cdcacc413038dafb7a2c8cb482bac0ac502d9ba96ffffff7f0000100000000000007d5ad897ef3b7cda42013d53046da21b40216e14ba2d6ad5656bfff17addaedab25b30002abbba7fa725f38400be7c1f001b2cd317902f19e385be9e48dccff729433282830689da6b53b263339863297771429d120000003341bf4abacac95900fca0493cf29b33dcc9ffffffffffffffd39fec2271ff01589646efd1cf870cd7bb2366fde41f94290c2a5ff870ce41fd3467decb05cfd9fcb32c8ed1dbd9d10a64c1083d5e71b5565b1768ee58969c41595229df17bcad70fb4021428ce970275d13b78100788f11f76161d46ea3abe0fa4d30dc94ef241875f3b4ce0232fcea69c271d7fa29822aea68a660e717a04becff0f719197724f4fce1093b62d7e8c7123d8ec571be54c72d978cf906df0042e36acd37d7f9e119f2c06f815312e0cfe222a06f56dd022c074eb8a322fb0bf47c0a8d154b405c37feaf3dd95f6ef2ae582786105c7df8be5877050c91301bb997316dbf17866fb84d4173731efe895ff2e1c5560926e90109b598502d3e959efc71f665c4d75cf2458e3546c1c776da64fb5abee0acfd235f2f4632c9062ece84c99a061887a20639b41c8c12ee86c50804042b3fb5aac518a75f9e7d7101d5e186c489b3a06fb99e0aa7f23a054de2f4d92d6bd72ee2c9fdc75aaaf1e3e483b4ad05573af40326993947d9a631bcbf3583784acbda216550d7aec6b79e30cbd128f54c2d3335457acf37331766e472391e358c3b377327ac9ecc34f24c9ae153ec60ac0694dc55bff9f5f45f90400000000000000d6b2c5ea1393fdf24285bf16b99c9cc0ad1857216f1a985f369191ae954febb3df464bfe0f7f3ee9afe7befb89d2777399f5874c553aeb3729cffe86e66964ae09bb6d163118e4cbe024fd4500f8ff0700000000cc9d8046c216c1f895778cb25122a2a9f9b444aeadea2a40da8daccf080842a486721737390cbf3a74cb2003016f1514216bdf57d2a40d40b51ab63e96ec8485b3b8a8c9ae3d14f93100c2e0893862eef552fcde2981f48c482bde8a168c3f5db2fea6f26e4a4304e50c349f4f9ecee27defc93871c5f99b355b72d538ba4958ea8e4aa37094191e10096e7e60fc3541a2c905a1a95e9571bf38ae1981c4238ecaee6f75cd0a6881bd1517a8250ddc8674152f94e3a409e2a3bce109b60000000000000000d6d5210d7503000000a87a27602b81f76386f1535bef1497f92186086e29c6bc5a1fad6ec9a31137abf9a404abde7750898b1bd627e873f8703be8672d70d1ab57075228a9f46ed9bd1f08fb8191bbab2dc51de3a61f0868afc4294859323e6c257a45319f18101288d139bd3da20fed05a8fe64680b0a3fc22dd70400000000946912d6c98cd1a9fbe1e7d58c08acaf30235b918a31d2eca55f74a23641f61f2d5b308cf0d031b0c7f0ced69993e9960ff5f76015e6009556237badf4e7965bbe2777e808fcba821aa8e8c5c39609ff854352cb4900000000000000000000000000c1fee30a3f7a85d1b29e58c77685efc0ceb1c8e5729c66418d169fc03aa188546b3ad2a182068e1e3a0e2505bc7f41019645466a53f1c96e0d4b3bc19faa5449209b083dbd334b47f067bbab40743b2a42010082008df75cf43f8ecc8d3726602111b40e761fd21081920382f14d12ca3c3431ee97471c7868dcda7eaa69eb7f7f80572fdd11bb1d0d1280fbc22bf73468788df51710d7d31c632fc5ed1762eb0b428ee751c47d8e894f745a868404a0bf35f0121008b722b1eaa6aedfa1bf2e7ccb2d61d5d76331945ecefa26b8471d42645288d7226bbd9ccd628ab84875f2c50ba891cea592b0430a537a395dc73bda367bf12cb7d81691a5fe8c47be395656a297e9df0e71f96756ea5cce7daac4be290159f6bcd75f0dda9de5532e71ae9e48b0ed0254a83100000000f6fbb869604d51a36a54c832e45b2569dc0d90b075225fde44c4e0973171ad47d6b0fdf9743af932cd6db49a47613808bad959710300000000000000832d0a45fa4242e24c7e800003c9e8095e02985f28e678f66422436f949e2ab8f162d7e3f855e378f4a1f40b0c6fb2d4b205a800b6d713acebc5b014e61a543a5a194f9ac18d76b5440e3b1a569e7397f6cafa86966d7ba19e720413267a6ccea9c439671d2c680f2753ca184eeeb843450368acb4383a01d25eb3d1e23e0f2645d1cdfa9fa410632f95a5f622f851c66ee7e30393cd7a4d67ff2a49c4f93c0984b5c2d4523497e4d64f95f08493564a1df87111c9bf3194fef97dcecc467ace45feeb685c5870d05f88a0f463db88d377442e1349acaf766218b54a9d624778e1c4e064c98e494198276eb2df7766411bef0ebb5000000000006065d635b0b7a00ee767221d8af9753387e0cd8d718f54a29df6eba3bd4c440e6e2172e3fcc01b8babb757b5c59217b80d0db3ba582814a604e4ef7a803e9ca7c85b35c9b93a9e0885e238b44ae1c2e64cce3b27083b8246829e64056000302bffff15405bd5f2eba20000000000000000000000000000000000009a9823fd8fbc5aa16509945ed032b48ea12d8e0588dc52702e4084913a06d468d0928bad76d697e1f85ab030e788d38788ee5b5428d4a971cc97db9fd231088e570735ce129e7e77fc2777692664a1488fd8d6dff4dad618fd54f529d4555c6507009ee69dd1bc55258789b24052137e9637f3efbab71720f88c3c44b3b7486f979e8a3174b531f573fe0e5239c000be2733c49546f6e8a9175ec6f14dbf72cac91643b2fd99c29eca28a3c2e60d5e5b8795fae16a7c3ea57e728eca35eaf0155a39f97580e079175426c088a0208040982a0000000000000000000000000051ceaaf0159fe61f2eade7603d0a7a56fb09cd119ac06adb6597155ae47846892bb423c024d8cbe9240b71ec6dc2124d3a19e2d714b273d95d1d3aa737cb04a33615ff2a730e51067d5d675d7122361c37c61a43b5afd865b60d4cae891b73220f17d25985a7f76834995e53a93a1c7b9eef267df691ca983a0b15bda7f6c5c1ca7aa50261a3089a1ebf0734c9b07e8951ff023263ad5aed8cfb49b49e128c697724c057d22c5df5aef27ce3db11d5ad5527d149d076e1a87e2df27c0cb8a67ad026bf953e88f10447e125c2c0f1aebee1f3390a9e3ddad4e2a6e0f6e4569fdefa19e870e04acf9493b963f98e23cfc665e4f465fa3f801e1957c399e45f61d3459b1c606204368bb931345af2823c487d2fd99db6ea6e008e7ffa06ca861551189d155bd077a79fe2c7e961352e56824f727d21d41eae78bfec4a2d7a7edbc8ef958c5ea599f7c25bf71c2340558aa12fdd24a88aaad5921aee7dae6a2f3009d9cb43ab4898d0f0aa565431b6abe585d75db04d1c9ba0b9de4ae8b0d3132bc6810cc9a693979f55174a72e1df9fdef35bc470f9e6e591982757f45c52c645d891bf63bb21fb66926ebe1a8525611fc3e8bb8795c36dc2a86b5ab46ff33cc74f61751b2dae92676db85c8d0c721b7ea4544bf51c95c86fcac1f434d09d1ee4928aafe23de66fed972e0dddfb33f64e48701b049239e7f552d816441d11c4c2647c014462344359198d97c4b6e9ed31ca18987b64de079b2bed641e8a92f13ca70844c65cb423d01950b0ebf44bd28e09c05d9ae5dd689fb880fb18d042219f5ac60c3a03b085abf3e8e3efc842a8d328733461f04c99607061c65ed14c61322a5ac2d371a95b8ad867ec92d13a4fa4ae033a09673866cd77f4bcdaaa05207166b19a8758d8855400d8c6a7242dc207251e8797eca24ea4f487663e60f2f5e1f1424958fd148f846830e88a42d93e1fe9c0b4a4a268921738938aa9f3cb3811ac87c54c8ebc8bcfb4613cc3a997ff1579edbd4ade8020e3ad001b072b1a751b588ac4639f35a58e00a50c0270608c7a7f10132b1c25b9ea81232fbef665f6212f875b2a0000000000000000000000000000cf7b6c4ba9bec153d6834bfef080df374703a8ff56a63ec1fe5f2e05a79e3cace7283dd68d41e94420c325fe4dae144fde5ec25a87d625cab20753a77b323fa3783c8b675859b9012647885a242adfee2fe812ecbe5191e0a15142f7349e7627cc39d724e2e34e7a24154f26ae3125b36d0504965295d0453902ac7079b11a3a1e655e482331e3dc35b2e7e4e3ea99064fe5b9c8ae0ca3e5fd653f3286a99d81ce4eba765c38d097391ad4babac38ce5b4344e24a361cd54e5"], &(0x7f0000000380)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000), 0x10}, 0x2e)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000002c0)={&(0x7f00000003c0)='rcu_utilization\x00', r0}, 0x18)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x0, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r4 = syz_open_dev$tty1(0xc, 0x4, 0x1)
sendmsg$IPCTNL_MSG_EXP_NEW(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={0x0, 0x14}}, 0x0)
ioctl$TCXONC(0xffffffffffffffff, 0x540a, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000a80)={0x11, 0x3, &(0x7f0000000200)=@framed={{0x18, 0x0, 0x0, 0x0, 0xfffffffc}}, &(0x7f0000000100)='GPL\x00', 0x2, 0x0, 0x0, 0x41000, 0x4}, 0x94)
r5 = syz_open_dev$vim2m(&(0x7f0000000240), 0x6, 0x2)
ioctl$vim2m_VIDIOC_REQBUFS(r5, 0xc0145608, &(0x7f00000000c0)={0x2, 0x1, 0x1})
ioctl$vim2m_VIDIOC_STREAMOFF(r5, 0x40045612, &(0x7f0000000100)=0x1)
ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, &(0x7f0000000040)=0x7)
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
openat$smack_thread_current(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0)
r6 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000040), 0x42, 0x0)
mount$fuse(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f00000001c0)=ANY=[@ANYRES32=r4, @ANYRESHEX=r6, @ANYRES16, @ANYRESDEC=0x0, @ANYRES16, @ANYRES64=r3, @ANYBLOB=',\x00'])
r7 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0)
dup(r7)
read$FUSE(r6, &(0x7f0000009800)={0x2020}, 0x2047)

5.274159858s ago: executing program 3 (id=953):
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl802154(&(0x7f00000003c0), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_802154(r0, 0x8933, &(0x7f0000000180)={'wpan0\x00', <r2=>0x0})
sendmsg$NL802154_CMD_SET_SEC_PARAMS(r0, &(0x7f00000016c0)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000001500)=ANY=[@ANYBLOB='X\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="490900000000000000001500000004002b8008000300", @ANYRES32=r2, @ANYBLOB="08002a0000000000050029000100000020002b8004000380080001"], 0x58}, 0x1, 0x0, 0x0, 0x20004005}, 0x0)
r3 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000040), r0)
sendmsg$NL802154_CMD_DEL_SEC_KEY(r0, &(0x7f0000000100)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x20}, 0xc, &(0x7f00000000c0)={&(0x7f0000000080)={0x1c, r3, 0x200, 0x70bd28, 0x25dfdbfc, {}, [@NL802154_ATTR_IFINDEX={0x8, 0x3, r2}]}, 0x1c}, 0x1, 0x0, 0x0, 0x4000091}, 0x200408c4)

4.952163731s ago: executing program 3 (id=955):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan1\x00', <r2=>0x0})
sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0)
sendmsg$NL80211_CMD_CONNECT(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)={0x44, r1, 0x5, 0xf00, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @NL80211_ATTR_MAC={0xa, 0x6, @from_mac}, @NL80211_ATTR_AUTH_TYPE={0x8}, @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}]]}, 0x44}}, 0x0)
syz_80211_inject_frame(&(0x7f00000002c0)=@device_b, &(0x7f0000000300)=@mgmt_frame=@probe_response={{{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void}, 0x36)
nanosleep(&(0x7f0000000340)={0x0, 0x2faf080}, &(0x7f0000000380))
syz_80211_inject_frame(&(0x7f00000003c0)=@device_b, &(0x7f0000000400)=@mgmt_frame=@auth={{{}, {}, @device_b, @device_a, @from_mac, {0x0, 0x1}}, 0x0, 0x2, 0x0, @void}, 0x1e)
nanosleep(&(0x7f0000000440)={0x0, 0x2faf080}, &(0x7f0000000480))
syz_80211_inject_frame(&(0x7f00000004c0)=@device_b, &(0x7f0000000500)=@mgmt_frame=@assoc_resp={{{}, {}, @device_b, @device_a, @from_mac, {0x0, 0x2}}, 0x1, 0x0, @default, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void}, 0x28)

4.77280276s ago: executing program 4 (id=956):
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$nl_rdma(0x10, 0x3, 0x14)
sendmsg$RDMA_NLDEV_CMD_RES_MR_GET(r0, &(0x7f00000000c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x2}, 0xc, &(0x7f0000000080)={&(0x7f0000000040)={0x20, 0x140d, 0x2, 0x70bd2c, 0x25dfdbfe, "", [@RDMA_NLDEV_ATTR_PORT_INDEX={0x8, 0x3, 0x4}, @RDMA_NLDEV_ATTR_PORT_INDEX={0x8}]}, 0x20}, 0x1, 0x0, 0x0, 0x20040804}, 0x20000000)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFNL_MSG_CTHELPER_GET(r1, &(0x7f00000001c0)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f0000000180)={&(0x7f0000000140)={0x40, 0x1, 0x9, 0x3, 0x0, 0x0, {0x7, 0x0, 0x4}, [@NFCTH_QUEUE_NUM={0x8, 0x3, 0x1, 0x0, 0x8}, @NFCTH_PRIV_DATA_LEN={0x8, 0x5, 0x1, 0x0, 0x6}, @NFCTH_NAME={0x9, 0x1, 'syz1\x00'}, @NFCTH_STATUS={0x8, 0x6, 0x1, 0x0, 0x1}, @NFCTH_PRIV_DATA_LEN={0x8, 0x5, 0x1, 0x0, 0x1c}]}, 0x40}, 0x1, 0x0, 0x0, 0x24004004}, 0x4800)
madvise(&(0x7f0000bff000/0x400000)=nil, 0x400000, 0xd)
r2 = socket$can_raw(0x1d, 0x3, 0x1)
ioctl$sock_SIOCGIFVLAN_GET_VLAN_VID_CMD(r2, 0x8982, &(0x7f0000000200))
r3 = memfd_secret(0x80000)
r4 = openat$nvme_fabrics(0xffffffffffffff9c, &(0x7f0000000240), 0x20000, 0x0)
ioctl$SYNC_IOC_MERGE(r3, 0xc0303e03, &(0x7f0000000280)={"7a15835a85f3795ac6f3b03a9c27d63a619f6f744b7b8a37f9168a45f9c54621", r4})
ioctl$KVM_SET_MSRS(r3, 0x4008ae89, &(0x7f00000002c0)={0x9, 0x0, [{0xb7f}, {0x0, 0x0, 0x7}, {0x332, 0x0, 0x5}, {0x302, 0x0, 0x7}, {0x92b, 0x0, 0x1}, {0x222, 0x0, 0x6a}, {0x560, 0x0, 0x5}, {0x8f4, 0x0, 0x3}, {0x381, 0x0, 0x4}]})
write$RDMA_USER_CM_CMD_CREATE_ID(r4, &(0x7f00000003c0)={0x0, 0x18, 0xfa00, {0x3, &(0x7f0000000380), 0x111, 0x5}}, 0x20)
r5 = syz_open_dev$loop(&(0x7f0000000400), 0x6d, 0x40400)
ioctl$LOOP_CHANGE_FD(r5, 0x4c06, r1)
write$binfmt_format(r3, &(0x7f0000000440)='1\x00', 0x2)
ioctl$IOCTL_GET_NCIDEV_IDX(r4, 0x0, &(0x7f0000000480)=<r6=>0x0)
bind$nfc_llcp(r4, &(0x7f00000004c0)={0x27, r6, 0xffffffffffffffff, 0x7, 0x8, 0x2, "06ec6b87c5ec83c9bffc3eee1cdae476ccd7aa35949bcc265515356e369cf8523ebd3e27f0be88fa49598e252b57ae34d27d73364390bf0bb634d03d86bea3", 0xb}, 0x60)
getsockopt$inet_mreqn(r4, 0x0, 0x23, &(0x7f0000000540)={@multicast1, @local, <r7=>0x0}, &(0x7f0000000580)=0xc)
ioctl$sock_inet6_SIOCSIFADDR(r3, 0x8916, &(0x7f00000005c0)={@private0={0xfc, 0x0, '\x00', 0x1}, 0x33, r7})
r8 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000640), r3)
sendmsg$ETHTOOL_MSG_COALESCE_SET(r4, &(0x7f0000000700)={&(0x7f0000000600)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f00000006c0)={&(0x7f0000000680)={0x14, r8, 0x1, 0x70bd28, 0x25dfdbfc}, 0x14}, 0x1, 0x0, 0x0, 0x4}, 0xc084)
setsockopt$SO_J1939_SEND_PRIO(r3, 0x6b, 0x3, &(0x7f0000000740)=0x2, 0x4)
ftruncate(r1, 0xfffffffffffffffa)
fsetxattr$security_ima(r4, &(0x7f0000000780), &(0x7f00000007c0)=@md5={0x1, "245f472af9923fd723fbe033c3ea57d4"}, 0x11, 0x0)
ioctl$LOOP_SET_STATUS(r3, 0x4c02, &(0x7f0000000800)={0x0, {}, 0x0, {}, 0x8001, 0x2, 0x1b, 0x1, "c46a39bd27725fa99336f3e100d42690bd374668cc50ae23af4075fa7db0fc8014de25829980a3a3dfd86a08101d611d3564ddeadeff523c0c6ac35d13c804ae", "0ed34508a0c2210e61ec88eee2858d09230049f2e6c692f825a30bad06364934", [0xe8e4, 0x430]})
ioctl$UFFDIO_CONTINUE(r3, 0xc020aa07, &(0x7f00000008c0)={{&(0x7f0000ffd000/0x3000)=nil, 0x3000}, 0x1})
openat$6lowpan_enable(0xffffffffffffff9c, &(0x7f0000000900), 0x2, 0x0)
mbind(&(0x7f0000cd2000/0x1000)=nil, 0x1000, 0x2, &(0x7f0000000940)=0x400, 0x7, 0x1)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r3, 0x8933, &(0x7f0000000980))

4.641847144s ago: executing program 0 (id=957):
r0 = socket(0x2, 0x3, 0x5)
socket$nl_generic(0x10, 0x3, 0x10)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000680)={0x11, 0x3, &(0x7f0000000100)=ANY=[], 0x0}, 0x94)
r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000680)={0x11, 0x3, &(0x7f0000000100)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x3}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f00000001c0)='inet_sk_error_report\x00', r2}, 0x10)
r3 = socket$kcm(0xa, 0x1, 0x106)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000300)={0xffffffffffffffff, <r4=>0xffffffffffffffff})
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r5 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r5, &(0x7f0000019680)=""/102392, 0x18ff8)
r6 = bpf$MAP_CREATE(0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="1e00000004000000040000000800000020", @ANYRES32, @ANYBLOB="040000000000000000002731a379a911b885713b", @ANYRES32=0x0, @ANYRES32, @ANYBLOB="0500000002000000000000000a00"/24, @ANYRES32, @ANYBLOB], 0x50)
getsockopt$inet_pktinfo(r0, 0x0, 0x8, &(0x7f0000000080)={<r7=>0x0, @rand_addr, @remote}, &(0x7f0000000280)=0xc)
r8 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000540)={&(0x7f0000000840)=ANY=[@ANYBLOB="9feb010018000000000000001800000018000000050000000000000000000003000000000200000004000000faffffff00005f5f0055b0e4b1766e2b74bf50bd2289b7aea25d727da2b6c8407f218fe58606db73987ede14112efa90d1d649adabeb251e2b47a065bcc60f965f2253d850ab060f6f516335eae3344145fbc4ea50fcfd810b6a03306b40a286acf51433e3c7fe"], &(0x7f0000000440)=""/221, 0x35, 0xdd, 0x1, 0x1, 0x10000}, 0x28)
syz_io_uring_complete(0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="1400fdffffff02000000000e830000000000000000", @ANYRES32=r6, @ANYBLOB="1100"/20, @ANYRES32=r7, @ANYRES32=r8, @ANYBLOB="01000000040000000100"/20, @ANYRES32, @ANYBLOB='\x00\x00\x00\x00'], 0x50)
openat$rfkill(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
close_range(r1, r5, 0x2)
sendmsg$inet(r4, 0x0, 0x10)
sendmsg$kcm(r3, &(0x7f0000000140)={0x0, 0x0, 0x0}, 0x20000011)
r9 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000680)=ANY=[@ANYBLOB="0200000004000000080000000100000080000000", @ANYRES32=0x0, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\b\x00\x00\x00\x00\x00\x00\x00\x00\x00', @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB='\x00'/27], 0x50)
r10 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r11 = syz_genetlink_get_family_id$nbd(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$NBD_CMD_CONNECT(r10, &(0x7f0000001ac0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000a40)=ANY=[@ANYBLOB='0\x00\x00\x00', @ANYRES16=r11, @ANYBLOB="010028bd7000f7dbdf2501000000100007800c00018008000100", @ANYRES32=r9, @ANYBLOB], 0x30}, 0x1, 0x0, 0x0, 0x20004000}, 0x0)
sendmsg$kcm(r3, &(0x7f0000000780)={&(0x7f0000000000)=@in6={0xa, 0x0, 0x0, @dev={0xfe, 0x80, '\x00', 0xd}, 0x2}, 0x80, 0x0}, 0xe07e872420dfefca)
r12 = socket$kcm(0x10, 0x3, 0x10)
sendmsg$kcm(r12, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f0000000140)="1400000023000b6c8cfffdfccabb00f90429fc60", 0x14}], 0x1}, 0x2400c000)
syz_open_procfs(0x0, 0x0)

4.620708015s ago: executing program 4 (id=958):
openat$ptmx(0xffffffffffffff9c, &(0x7f0000000100), 0x800, 0x0)
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
r1 = socket$inet6_sctp(0xa, 0x5, 0x84)
r2 = socket$inet6_udp(0xa, 0x2, 0x0)
r3 = socket$inet(0x2, 0x4000000000000001, 0x0)
syz_open_procfs(0x0, &(0x7f00000042c0)='mounts\x00')
sendmmsg$inet(r3, 0x0, 0x0, 0xc0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
r4 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r4, &(0x7f0000019680)=""/102392, 0x18ff8)
open(0x0, 0x0, 0x0)
open(0x0, 0x0, 0x0)
sendto$inet(r3, 0x0, 0x0, 0x11, 0x0, 0x0)
setsockopt$IP6T_SO_SET_REPLACE(r2, 0x29, 0x40, &(0x7f0000001540)=@raw={'raw\x00', 0x3c1, 0x3, 0x14d8, 0x1290, 0x5802, 0x294, 0x1290, 0x294, 0x1408, 0x325, 0x378, 0x1408, 0x378, 0x3, 0x0, {[{{@ipv6={@loopback, @empty, [0xb4010000, 0x0, 0x0, 0xff000000], [], 'pimreg0\x00', 'macsec0\x00', {0xff}, {}, 0x0, 0x0, 0x3}, 0x0, 0x1228, 0x1290, 0x52020000, {}, [@common=@inet=@hashlimit2={{0x150}, {'gre0\x00', {0x0, 0x4, 0x60, 0x0, 0x0, 0x6, 0x7fffffff, 0x0, 0x8}}}, @common=@unspec=@cgroup1={{0x1030}, {0x0, 0xfc, 0xfd, 0x0, './cgroup.net/syz1\x00'}}]}, @unspec=@CT2={0x68, 'CT\x00', 0x2, {0x0, 0x0, 0x0, 0x0, 'netbios-ns\x00', 'syz1\x00'}}}, {{@uncond, 0x0, 0x108, 0x178, 0x0, {}, [@common=@ah={{0x30}}, @common=@frag={{0x30}, {[0x0, 0x101]}}]}, @common=@unspec=@NFLOG={0x70, 'NFLOG\x00', 0x0, {0xcfd, 0x8000, 0x8, 0x1, 0x0, "40384e1aa968ae1a869c8ce9a46b9ff41931137193fc6c2a5d28667be0e6c0e8dd7ab2a2560d636022502c16f2d80f7e97c47fa0a3d21b373dc257058a128931"}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x1538)
r5 = socket$inet6(0xa, 0x3, 0x8000000003c)
connect$inet6(r5, &(0x7f0000000140)={0xa, 0x0, 0x0, @dev, 0x9}, 0x1c)
setsockopt$IP6T_SO_SET_REPLACE(r1, 0x29, 0x40, &(0x7f0000000b00)=@raw={'raw\x00', 0x8, 0x3, 0x428, 0xd0, 0xffffffff, 0xffffffff, 0x0, 0xffffffff, 0x358, 0xffffffff, 0xffffffff, 0x358, 0xffffffff, 0x3, 0x0, {[{{@ipv6={@private0, @mcast2, [], [], 'veth0_macvtap\x00', 'dvmrp1\x00'}, 0x0, 0xa8, 0xd0}, @common=@unspec=@NFQUEUE0={0x28}}, {{@ipv6={@remote, @ipv4={'\x00', '\xff\xff', @dev}, [], [], 'wg1\x00', 'gre0\x00'}, 0x0, 0x258, 0x288, 0x0, {}, [@common=@inet=@hashlimit1={{0x58}, {'pim6reg\x00', {0x0, 0x0, 0x5, 0x0, 0x0, 0x7, 0x3ff}}}, @common=@inet=@hashlimit3={{0x158}, {'wg1\x00', {0x3, 0x0, 0x41, 0x0, 0x0, 0x1000, 0x6, 0x3}}}]}, @common=@unspec=@CONNMARK={0x30}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28, '\x00', 0x7}}}}, 0x488)
bpf$PROG_LOAD(0x5, &(0x7f0000caefb8)={0x8, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_skb}, 0x94)
sendmsg(r5, &(0x7f00000000c0)={0x0, 0x9584, &(0x7f0000000100)=[{&(0x7f0000000000)="2c10", 0x5dc}], 0x1, 0x0, 0x0, 0x2c}, 0x44004)
bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x16, 0x5, &(0x7f0000000bc0)=ANY=[], &(0x7f0000000b00)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x1a, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
sendmsg$nl_xfrm(r0, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000004c0)=@updpolicy={0x13c, 0x19, 0x1, 0x0, 0x1, {{@in6=@initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, @in=@remote, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff}, {0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x800}, {0x0, 0x0, 0x0, 0x2000000000}}, [@tmpl={0x84, 0x5, [{{@in6=@remote, 0x0, 0x33}, 0x0, @in=@broadcast, 0x0, 0x2, 0x0, 0x0, 0xffffffff, 0x0, 0x40}, {{@in=@remote, 0x0, 0x32}, 0x0, @in6=@private1, 0x0, 0x5}]}]}, 0x13c}, 0x1, 0x0, 0x0, 0x1}, 0x0)

3.757062076s ago: executing program 0 (id=959):
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bind$bt_hci(r0, &(0x7f0000000000)={0x1f, 0xffff, 0x3}, 0x6)
write(r0, &(0x7f0000000340)="18000000010003", 0x7)
mkdirat(0xffffffffffffff9c, &(0x7f0000000280)='./file0\x00', 0x100)
socket(0x840000000002, 0x3, 0xff)
io_uring_setup(0x0, 0x0)
r1 = io_uring_setup(0x2c49, &(0x7f0000002240)={0x0, 0x0, 0x0, 0x3})
io_uring_register$IORING_REGISTER_EVENTFD_ASYNC(r1, 0x18, &(0x7f0000000000), 0x1)
socket$inet_icmp_raw(0x2, 0x3, 0x1)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000280)=0x2)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8)
syz_usb_connect(0x4, 0x80, &(0x7f00000002c0)={{0x12, 0x1, 0x0, 0xa1, 0xba, 0x14, 0x10, 0xb3c, 0xc002, 0xa39b, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x6e, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x90, 0x0, 0x6, 0xee, 0x23, 0x3e, 0x0, [], [{{0x9, 0x5, 0x0, 0x10, 0x3ff, 0x9, 0x68, 0x80}}, {{0x9, 0x5, 0x2, 0x10, 0x40, 0x2, 0x2, 0x63}}, {{0x9, 0x5, 0x9, 0x10, 0x10, 0x0, 0x6, 0x1}}, {{0x9, 0x5, 0xf5ee16fb96974caa, 0x11, 0x400, 0x40, 0x0, 0xb3}}, {{0x9, 0x5, 0xf, 0x0, 0x40, 0x8, 0x5, 0x6, [@uac_iso={0x7, 0x25, 0x1, 0x1, 0x2, 0x45d5}]}}, {{0x9, 0x5, 0xb, 0x8, 0x8, 0x82, 0x6, 0x3, [@generic={0x1f, 0xc, "598c305f17a7f9f540d141c4a79533b54438d0ac02e76bc54debbd15a9"}]}}]}}]}}]}}, 0x0)
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r3, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000340)={{0x14}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x3, 0x0, 0x0, {0x7}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWSET={0x70, 0x9, 0xa, 0x401, 0x0, 0x0, {0x7}, [@NFTA_SET_ID={0x8}, @NFTA_SET_NAME={0x9, 0x2, 'syz0\x00'}, @NFTA_SET_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_SET_KEY_LEN={0x8, 0x5, 0x1, 0x0, 0xd}, @NFTA_SET_EXPRESSIONS={0x2c, 0x12, 0x0, 0x1, [{0x14, 0x1, 0x0, 0x1, @last={{0x9}, @val={0x4}}}, {0x14, 0x1, 0x0, 0x1, @quota={{0xa}, @val={0x4}}}]}, @NFTA_SET_FLAGS={0x8, 0x3, 0x1, 0x0, 0x110}]}], {0x14, 0x10, 0x1, 0x0, 0x0, {0xa, 0x84}}}, 0xb8}}, 0x20050800)
r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='cpuacct.usage_sys\x00', 0x275a, 0x0)
bind$rose(r4, &(0x7f0000000040)=@full={0xb, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0x0}, @default, 0x2, [@remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x2}, @default, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x2}, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x2}]}, 0x40)
fcntl$lock(r2, 0x6, &(0x7f0000000000)={0x0, 0x0, 0x8})
fcntl$lock(r4, 0x26, 0x0)
fcntl$lock(r4, 0x26, &(0x7f0000000280)={0x1, 0x0, 0x2f, 0x9})
syz_usb_connect(0x5, 0x24, &(0x7f00000000c0)={{0x12, 0x1, 0x200, 0xe1, 0xf7, 0x8, 0x20, 0x3275, 0x85, 0xf769, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x2, 0x1, 0x40, 0x2, [{{0x9, 0x4, 0xbe, 0xc, 0x0, 0x7c, 0x56, 0x76, 0x80}}]}}]}}, &(0x7f0000000dc0)={0x0, 0x0, 0x0, 0x0, 0x2, [{0x2, 0x0}, {0x30, &(0x7f0000000c40)=ANY=[@ANYBLOB="30039dd9d7dfe8"]}]})
fcntl$lock(r4, 0x7, &(0x7f0000000140)={0x1, 0x1, 0x7, 0x90})

3.640261572s ago: executing program 2 (id=960):
munmap(&(0x7f0000002000/0x2000)=nil, 0x2000)
socketpair$unix(0x1, 0x5, 0x0, 0x0) (async)
r0 = socket$nl_netfilter(0x10, 0x3, 0xc) (async)
prlimit64(0x0, 0xb, 0x0, 0x0) (async)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0) (async)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) (async)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000003c0)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x1}}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x401, 0x0, 0x0, {0x1, 0x0, 0x8003}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWCHAIN={0x2c, 0x3, 0xa, 0x101, 0x0, 0x0, {0x1}, [@NFTA_CHAIN_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_CHAIN_NAME={0x9, 0x3, 'syz2\x00'}]}, @NFT_MSG_NEWRULE={0xa4, 0x6, 0xa, 0x401, 0x0, 0x0, {0x1}, [@NFTA_RULE_CHAIN_ID={0x8}, @NFTA_RULE_EXPRESSIONS={0x7c, 0x4, 0x0, 0x1, [{0x34, 0x1, 0x0, 0x1, @exthdr={{0xb}, @val={0x24, 0x2, 0x0, 0x1, [@NFTA_EXTHDR_DREG={0x8, 0x1, 0x1, 0x0, 0xc}, @NFTA_EXTHDR_OFFSET={0x8}, @NFTA_EXTHDR_LEN={0x8, 0x4, 0x1, 0x0, 0x22}, @NFTA_EXTHDR_TYPE={0x5, 0x2, 0x7}]}}}, {0x44, 0x1, 0x0, 0x1, @bitwise={{0xc}, @val={0x34, 0x2, 0x0, 0x1, [@NFTA_BITWISE_LEN={0x8, 0x3, 0x1, 0x0, 0x2}, @NFTA_BITWISE_SREG={0x8, 0x1, 0x1, 0x0, 0x14}, @NFTA_BITWISE_DREG={0x8, 0x2, 0x1, 0x0, 0x12}, @NFTA_BITWISE_XOR={0xc, 0x5, 0x0, 0x1, [@NFTA_DATA_VALUE={0x5, 0x1, "8f"}]}, @NFTA_BITWISE_MASK={0xc, 0x4, 0x0, 0x1, [@NFTA_DATA_VALUE={0x6, 0x1, "8a95"}]}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x7}}}, 0x118}}, 0x0) (async)
syz_emit_ethernet(0x4a, &(0x7f0000000800)={@local, @multicast, @void, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x0, 0x0, 0x3c, 0x0, 0x0, 0x0, 0x6, 0x0, @rand_addr=0x64010102, @local}, {{0x0, 0x0, 0x41424344, 0x41424344, 0x0, 0x6, 0xa, 0x0, 0x0, 0x0, 0x0, {[@generic={0x0, 0x2}, @md5sig={0x1d, 0x12, "910000000000006f00"}]}}}}}}}, 0x0)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7) (async)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) (async)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f0000000180)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc) (async)
sendmsg$IPSET_CMD_ADD(0xffffffffffffffff, 0x0, 0x4000084) (async)
sched_setscheduler(r2, 0x2, &(0x7f0000000240)=0x8) (async)
read$msr(0xffffffffffffffff, &(0x7f0000019680)=""/102392, 0x18ff8) (async)
r5 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
ptrace(0x10, r5) (async)
ptrace$getregset(0x4204, r5, 0x202, &(0x7f0000000100)={0x0}) (async)
sendmsg$NFT_BATCH(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a010c0000000000000000010000000900010073797a31000000000000010000000900030073797a320000000014000480080002400000000008000140000000050900010073797a31000000004c000000050a01020000000000000000010020000c00024000000000000000010900010073797a3100000000200004801400030076657468315f6d6163767461700000000800014000000005140000001100010000000000000000000000000a00"/212], 0xd4}}, 0x0)
r6 = syz_open_procfs(0x0, &(0x7f0000000000)='ns\x00')
renameat2(r6, &(0x7f0000000380)='./cgroup\x00', r6, &(0x7f00000003c0)='./mnt\x00', 0x5)

3.490906471s ago: executing program 3 (id=961):
syz_open_dev$loop(&(0x7f0000000100), 0xf01c, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cgroup.stat\x00', 0x275a, 0x0)
landlock_create_ruleset(&(0x7f0000000000)={0x25, 0x2, 0x1}, 0x18, 0x0)
r0 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000040)={0x0, 0x6}, 0x4)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x0, &(0x7f00000001c0)=0xa)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x6770c000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r4 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000006900000000000001000000940000000fad413e850000000700000095"], &(0x7f0000000180)='GPL\x00', 0x40, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r4}, 0x10)
timer_delete(0x0)
ioctl$sock_ipv4_tunnel_SIOCDELTUNNEL(0xffffffffffffffff, 0x89f2, 0x0)
setsockopt$packet_fanout_data(r0, 0x107, 0x16, &(0x7f0000000100)={0x3, &(0x7f0000000180)=[{0x28, 0x0, 0x0, 0xfffff034}, {0x40}, {0x6}]}, 0x10)
syz_emit_ethernet(0x3e, &(0x7f0000000280)=ANY=[@ANYBLOB="ffffffffffffaaaaaaaaaa000800450000300000000000019078ac1e0001ac14aa0c009078000000004500000000000000006c000000000000ac1414aa"], 0x0)
socket$netlink(0x10, 0x3, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
r5 = syz_init_net_socket$802154_raw(0x24, 0x3, 0x0)
bind$802154_raw(r5, &(0x7f0000000000)={0x2, @long={0x3, 0x0, {0xaaaaaaaaaaaa0302}}}, 0x14)
openat$ocfs2_control(0xffffffffffffff9c, &(0x7f00000000c0), 0x4001, 0x0)
ioctl$sock_SIOCSIFVLAN_SET_VLAN_EGRESS_PRIORITY_CMD(r5, 0x8983, &(0x7f0000000340)={0x3, 'veth1_to_batadv\x00', {0x1}, 0x7})
r6 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000000)={'bridge0\x00'})

3.093981474s ago: executing program 2 (id=962):
mkdirat(0xffffffffffffff9c, &(0x7f00000001c0)='./file0\x00', 0x10)
bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0xf, 0x3, &(0x7f0000000440)=@framed, &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_device, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x80)
openat(0xffffffffffffff9c, &(0x7f0000000200)='./cgroup\x00', 0x900, 0xda)
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r0, 0x6, 0x13, &(0x7f0000000000)=0x100000001, 0x4)
connect$inet6(r0, &(0x7f0000000200)={0xa, 0x0, 0x2, @loopback}, 0x1c)
setsockopt$inet6_tcp_TCP_ULP(r0, 0x6, 0x1f, &(0x7f00000000c0), 0x4)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x82a}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x7)
r1 = getpid()
bpf$PROG_LOAD(0x5, 0x0, 0x0)
sched_setscheduler(r1, 0x2, &(0x7f0000000040)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbee2, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e21}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
keyctl$KEYCTL_PKEY_SIGN(0x1b, 0x0, 0x0, 0x0, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
bind$unix(0xffffffffffffffff, &(0x7f0000000100)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e)
r4 = socket$unix(0x1, 0x2, 0x0)
connect$unix(r4, &(0x7f0000000180)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e)
setsockopt$inet6_tcp_TCP_REPAIR_QUEUE(r0, 0x6, 0x14, &(0x7f0000000080)=0x1, 0x4)
sendmsg$inet(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000009c0)=[{&(0x7f0000000240)="6e37cff5b582e082d58cb23de3c19dc4971d9b59ddb52ae25a3ca48e8d5284721b4b722d1fd011fc3144e4ceb18b32b5b819d56f4aa3fe1aaf904aa0", 0x3c}, {0x0}], 0x2}, 0x0)
futex(0x0, 0x7, 0x1, 0x0, 0x0, 0x1)

3.079408629s ago: executing program 4 (id=963):
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]})
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000000850000002d00000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000140)='kmem_cache_free\x00', r0}, 0x10)
fsync(0xffffffffffffffff)
capset(&(0x7f0000000040)={0x20080522}, &(0x7f0000000080))
r1 = socket(0x10, 0x3, 0x4)
sendmsg$nl_route_sched(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000080)=@newqdisc={0x24, 0x14, 0x100, 0xfffffffe, 0x8, {0x2, 0x0, 0x0, 0x0, {0x9a05a5ec0f9808cd, 0xb}, {0xfff1, 0x5}, {0x6, 0xffff}}}, 0x24}, 0x1, 0x0, 0x0, 0x8100}, 0x4000)

2.790564743s ago: executing program 1 (id=964):
mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x0)
pipe2$9p(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000080)=ANY=[@ANYBLOB="1500000065ffff097b000008003950323030302e4c"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f0000000100)={0x18}, 0x18)
write$FUSE_DIRENTPLUS(r2, &(0x7f0000000440)=ANY=[@ANYBLOB="b0000000000000ab284dc9a94095f54e34f11a5a480d2115805745f8a24d"], 0xb0)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137)
mount$9p_fd(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000b80), 0x0, &(0x7f0000000000)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r2])
chdir(0x0)
utimensat(0xffffffffffffff9c, &(0x7f0000000340)='.\x00', 0x0, 0x0)
mknodat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0xffffc000, 0x0)

2.590015791s ago: executing program 4 (id=965):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x3, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x18)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
mknod(0x0, 0x8001420, 0x1)
r4 = socket$inet6(0xa, 0x80002, 0x0)
setsockopt$inet6_udp_int(r4, 0x11, 0x67, &(0x7f0000000040)=0x401, 0x4)
connect$inet6(r4, &(0x7f0000000000)={0xa, 0x4e27, 0xffffffff, @mcast2, 0x7}, 0x1c)
sendmmsg$inet6(r4, &(0x7f0000003cc0)=[{{0x0, 0x0, &(0x7f0000003980), 0x171, 0x0, 0x1f4}}], 0x400000000000172, 0x4001c00)
r5 = bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=ANY=[], 0x48)
bpf$MAP_CREATE(0x0, &(0x7f0000000040)=@base={0xd, 0x6, 0x4, 0x1, 0x1, r5}, 0x50)
close(0x3)
connect(r4, &(0x7f0000001340)=@in6={0xa, 0x4e21, 0x7, @ipv4={'\x00', '\xff\xff', @multicast2}, 0x1}, 0x80)

2.115136423s ago: executing program 2 (id=966):
setsockopt$SO_TIMESTAMP(0xffffffffffffffff, 0x1, 0x3e, &(0x7f00000000c0)=0x4e24e15c, 0x4)
socket$inet6(0xa, 0x80002, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x6, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x2)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
write$sndseq(0xffffffffffffffff, &(0x7f0000000000)=[{0x84, 0x77, 0x0, 0x0, @tick, {}, {}, @raw32}], 0xffc8)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$MSR(&(0x7f0000000100), 0x0, 0x0)
read$msr(r0, &(0x7f0000032680)=""/102400, 0x19000)
r1 = syz_open_procfs(0x0, &(0x7f00000003c0)='net/mcfilter6\x00')
r2 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000200)='/proc/bus/input/handlers\x00', 0x0, 0x0)
close(r2)
statx(r2, 0x0, 0x1000, 0x6000, 0x0)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000b40)={0x11, 0x8, &(0x7f00000017c0)=ANY=[@ANYBLOB="620af8ff0c200021bfa100000000000007010000f8ffffffb702000003000000bd120000000000008500000006000000b70000000000000095000000000000003faf4f2aa3d9b18ed812a2e2c49e8020a6f4e0e4f698393aa0f3881f9c24aa56f15199fad0093c59d66b5ece9f36c70d0f13905ea23c22624c9f87f9793f50bb546000677b0c5077da80fb982c1e9400e693146cea484a415b76966118b64f751a0f241b072e90080008002d75593a286cecc93e64c227c95aa0b784625704f07a72c234664c0af9360a1f7a5e6b607130c89f18c0c1089d8b853289d01aa27ae8b09e00e79ab20b0b8e1148f49faf2ad0000000000000006fa03c6468972089b302d7bf6023cdcedb5e0125ebbc08dee510cb2364149215108333719acd97cfa107d40224edc5467a932b77674e802a0d42bc6099ad238af770b5ed8925161729298700000080006ef6c1ff0900000000000010c63a949e8b7955394ffa82b8e942c89112f4ab87b1bfeda7be586602d985430cea0162ab3fcf4591c926abfb076719237c8d0e60b0eea24492a660583eecdbf5bcd3de3a83209da17a0faf60fd6ad9b97aa5fa68480366c9c6fd6fa5043aa3926b81e3b59c95c25a573dc2edcaea2b1a52496dfcaf99431412fd134a996382a1a04d5bb924cfe5f3185418d605ffff9c4d2ec7c32f2095e63c80aff9fa740b5b7632f32030916f89c6dad7603f2ba2a790d62d6faec2fed44da4928b30142ba11de6c5d50b83bae613402216b5054d1e7c13b1355d6f4a8245ffa4997da9c77af4c0eb97fca585ec6bf58351d564beb6d952aab9c70764b0a8a7583c90b3433b809b5b9fbd48bc873495cbff8a326eea31ae4e0f7505ebf6c9d13330ca006bce1a84521f14518c9b476fccbd6c712016219848624b87cec2dbe98223a0eb4fa39f6b5c02e6d6d90756ff57902a8f57000000009700cf0b4b8bc2294133000000000000000000030000000000000000000000000010008bc0d9559711e6e8861c46495ba585a4b2d02edc3e28dd271c896249ed3957f813567f7a95435ac15fc0288d9b2a169cdcacc413b48dafb7a2c8cb482bac0ac559eaf39027ceb379a902d9ba96ffffff7f0000100000000000007d5ad897ef3b7cda42013d53046da21b40216e14ba2d6ad5656bfff17addaedab25b30002abbba7fa725f38400be7c1f001b2cd317902f19e385be9e48dccff7a1ef3282830689da6b53b263339863297771429d120000003341bf4abacac94500fca0493cf29b33dcc9ffffffffffffffd39f6ce0c6ff01589646efd1cf870cd7bb2366fdf870ce5dfd3467decb05cfd9fcb32c8ed1dbd9d10a64c1083d5e71b5565b1768ee58969c41595229df17bcad70fb4021428ce970275d13b78100788f11f761038b75d4fe32b561d46ea3abe0fa4d30dc94ef241875f3b4ce0232fcea69c271d7fa29822aea68a660e717a04becff0f719197724f4fce1293b62d7e8c7123d8ec571be54c72d978cf906df0042e36acd37d7f9e119f2c06f815312e0cfe222a06f56dd000c074eb8a322fb0bf47c0a8d154b405c37feaf3dd95f6ef2acd1fe582786105c7df8be5877050c91301fb997316dbf17866fb84d4173731efe895ff2e1c55ef08235a0126e01254c44060926e90109b598502d3e959efc71f665c4d75cf2458e3542c9062ece84c99a861887a20639b41c8c12ee86c50804042b3eac1f879b136345cf67ca3fb5aac518a75f9e7d7101d5e186c489b3a06fb99e0aa7f23a054de2f4d92d6bd72ee2c9fdc74aaaf1e3e483b4ad05573af40326993947d9a631bcbf3583784acbda216550d7ad333545794f37331766e472391e358c3b377327ac9ecc34f24c9ae153ec60ac0694dc55bff9f5f4df90400000000000000d6b2c5ea139376f24285bf16b99c9cc0ad1857216f1a985f369191ae954febb3df464bfe0f7f3ee9afe7befb89d2777399f5874c553aeb3729cffe86e66964ae09bb6d163118e4cbe024fd4500f8ff070000001e48418046c216c1f895778cb25122a2a998de0842a486721737390cbf3a74cb2003016f1514216bdf57d2a40dddb51ab63e96ec84ac3571f02f647b3385b3b8a8c9ae3d14f93100c2e0893862eef552fcde2981f48c482bde8a168c3f5db2fea6f26e4a4304e50c349f4f9ecee27defc93871c5f99b355b72d538ba2f58ea8e4aa37094191e10096e7e60fc3541a2c905a1a95e9571bf38ae1981c4238ecaee6f75cd0a6881bd1517a8250df986741517abf11389b751f4e109b60000000000000000d6d5210d7560eb92d6a97a27602b81f76386f1535bef1497f92186086e29c6bc5a1fad6ec9a31137abf9a404abde7750898b1bd627e87306703be8672d70d1ab57075228a9f46ed9bd1f08fb8191bbab2dc51de3a61f0868afc4294859323e7a45319f18101288d139bd3da230ed05a8fe64680b0a3f9f2dd704e4214de5946912d6c98cd1a9fbe1e7d58c08acaf30235b9100000000a55f74a23641f61f2d5b308cf0d031b0c7f0ced69993e9960ff5f76015e6009756237badf4e7965bbe2777e808fcba821aa8e8c5c39609ff854356cb4900000000000000000000000000c1fee30a3f7a85d1b29e58c776f4b4ce07e1c6fa66fcfc7a228805f76785efc0ceb1c8e5729c66418d169fc03aa18854693ad2a182068e1e3a0e2505bc7f41019645466ac96e0d4b3bc19faa5449209b083dbd334b47f067bbab40743b2a428f1da1f68df75cf43f8ecc8d3726602111b40e761fd21081920382f14d12ca3c3431ee97471c7868dcda7e478950aa69eb7f7f80572fdd11bb1d0d1280fbc22bf73468788df51710d7d31c632fc5ed1762eb0b428ee751c47d8e894f745a868404a0bf35f0121008b722b1eaa6aedfa1bf2e7ccb2d61d5d76331945e20fa26b8471d42645288d7226bbd9c9e9e1cc9eb3d541e407cc2dae5e690cd628ab848753203b458b97ec1afb079b4b4ba686fcdf240430a537a395dc73bda367bf12cb7d81691a5fe8c47be395656a297e9df0e71f96756ea5cce7db3c4be290159f6bcd75f0dda9de5532e71ae9e48b0ed1254a83100000000f6fbb869604d51a36a54c832e45b2569dc0d90b075225fde44c4e0973171ad47d6b70ebc660309e1e245b0fdf9743af932cd6db49a47613808bad959719c0000000000378ac2e24c7e800003c9e8095e02985f28e678f66422436f949e2ab8f162d7e3f855e378f4a1f40b0c6fb2d4b205a800b6d713acebc5b014e61a543a5a194f9ac18d76b5440e3b1a569e7397f6ca0400966d7ba19e720413267a6ccea9c439671d2c680f2753ca184eeeb843450368acb4383a01d25eb3d1e23e0f2645d1cdfa9fa410632f95a5f622f851c66ee7e3030108000000000000c4f93c0984b5c2d4523497e4d64f95f08493564a1df87111c9bffef97dcecc467ace456597685c5870d05f88a0f463db88d377442e1349acaf766218b54a9d624778e1c4cba6e6390a9f302c6eb2df7766411bef0ebb5000000000006065d6735eb7a00e127c0000000000000000000000bfb0bba79344643b1d8daa9f38e4b62c1e2af68c6f5054b078acd74b4a9c944e4505da485a3a4154387a0a88370d9ed9467b09c5888a06431df3f68abf0b366c4d5f8bea7b29c257ed756dff7a21c6b661cbdd43de65afd7f661d5c84f915c90e3d6ea012b68b787eb01d8320000000000000060176dacba0ec503a37fae6b472ec369c79ee6a420c0fd8d8d82fe136d5af6c30bfeb0a7275babfdb96a127aa9386e0671c6454245a18c1c8c49552cff5d27b547cdc34c0858c77a47a9ff86ee9fbd9ceda428716a4218821176d8067997527230fa67d26950d3e4f2750fa7c872874ad3a2d11f9f6eb08e6d7b6fa257b04d8ce36360f524e3dfd2211641f3d2637d86b80681eca50ce0eecafdd22d41fa515c15591e70ded4b70efac3cb42fb352d82e8f7573e8ed8248da356fa91a252976d3a4d8c1843a8d5bb7f5f1028453a0562a3ea93117076dd4940b7df50d78289fe66197525f6095f8662d232970bef61b03fa83027963a1a2e07cfee30c0d0b4c5877f93b3637ca21eab5afcf5d4638dfe8f9202aaad51c979049dd76d65368cbd4187d9f74257c7c4a23ac4a34eec5aa17e78c5167216f5e72138d20f8325dd5f8f96c32189c904eaef580987f1ce601a7cdc35461db9981ac42f9e24b0699bbe4e3d986e38952b0b7938eefd9e7a292bbb66367ad77045fdc18855c81c031dedd185c723238373fc698d676791d04f1ff5f0825a6619e844882f31ed190233d58ecee949e310bf2b1a51b8a33ae65a06d2b6ad386bf8dc49dd328bcd75d1843a13d68560175a18af7efc3c0f20e32f84f6aaaf000000000000000000000013a6c66bce74a8fb9092023df695da2714a7933d699d42de2bc4a85e0a0e22228290a7a7553ab93a16e42553ed86869a02df2f47d4088fac1772d3cd955c81cbf91c2ca7942942f61723b558079b82547844f92df2499c4b2c2ef2539e5daa8d8727baaa6b5755e6f83bbfca000000000000000000000509619f5f0cbc72eebc653946d3552236f0dfe485cfa71bd69f4ded6e131128c3875b785875addfcbd5931c12adbef75535e694f3a19f28f9f99fa32e8ff66e7b1ff674434fb63ba0e28aadccf77d387525c98e81476058c958eaccfa7d251d0671222dc9d06485f7f690d3d4227bd21bd7ff8338617705b7faec47c86789a488b43d0fedf1b0ee05d65c677ced1e8214b2f6cb74d73886eb"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000000), 0xffffffffffffff7e}, 0x48)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000080)='sched_switch\x00', r3}, 0x10)
r4 = bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x10, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="b4000000000000007910480000000000610400000000000095000080"], &(0x7f0000003ff6)='GPL\x00', 0x2, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sk_msg}, 0x48)
close(r4)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff})
r7 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="0f00000004000000040000001200000000000000", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/18], 0x48)
bpf$BPF_PROG_DETACH(0x8, &(0x7f0000000080)={@map=r7, 0xffffffffffffffff, 0x5}, 0x10)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000740)={{r7}, &(0x7f00000006c0), &(0x7f0000000700)=r6}, 0x20)
sendmsg$inet(r5, &(0x7f0000000980)={0x0, 0x6000, &(0x7f0000000900)=[{&(0x7f0000000640)='U', 0xa00120}], 0x1, 0x0, 0x0, 0x6000}, 0x20)
r8 = bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0xe, 0x4, &(0x7f0000000540)=ANY=[@ANYBLOB="b4050000fdff7f006110580000000000c60000000000000095000000000000009f33ef60916e6e713f1eeb0b725ad99b817fd98cd8073a46b08b94214d816f770600dcca55f21f3ca9e822d182054d54d53cd2b6db714e4beb4147000001000000008f2b9000f22425e4097ed62cbc891061017cfa6f6148a1c1e43f00001bde60beac671e8e8fdecb03588aa623fa71f31bf0f871ab5c2ff88afc60027f4e5b5271ed58e835cf0d0000000098b51fe68db8d9dbe87dcff414ed000000000000000000000000000000000000000000000000000000b347abe6352a080f8140e5fd10747b6ecdb3542646bf636e3d6e700e5b0500000000000000eb9e1403e6c8f7a187eaf60f3a17f0f046a307a403c19d9829c90bd2114252581567acae715cbe1b57d5cda432c5b910400623d24195405f2e76ccb7b37b41215c184e731fb1"], &(0x7f0000003ff6)='GPL\x00', 0x4, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sk_skb, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x366, 0x10, &(0x7f0000000000), 0x1dd}, 0x48)
r9 = bpf$MAP_CREATE(0x0, &(0x7f0000000200)=@base={0xf, 0x4, 0x4, 0x12}, 0x48)
bpf$BPF_PROG_DETACH(0x8, &(0x7f00000002c0)=ANY=[@ANYRES32=r9, @ANYRES32=r8, @ANYBLOB='&'], 0x10)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000000c0)={{r9}, &(0x7f0000000000), &(0x7f0000000080)=r4}, 0x20)
read$alg(r1, &(0x7f0000000e80)=""/4096, 0x1000)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={0x0}, 0x18)

1.259222655s ago: executing program 1 (id=967):
openat$procfs(0xffffffffffffff9c, &(0x7f0000000280)='/proc/meminfo\x00', 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
io_setup(0x222, &(0x7f0000000180))
creat(&(0x7f0000000080)='./file0\x00', 0x0)
r1 = socket(0x10, 0x3, 0x0)
bind$netlink(r1, &(0x7f0000177ff4)={0x10, 0x0, 0x1}, 0xc)
write(r1, &(0x7f0000000140)="2600000022004701050000070000000000000020002b1f000a4a51f1ee839cd53400b017ca5b", 0x26)
connect$netlink(r1, &(0x7f00000014c0)=@proc={0x10, 0x0, 0x1}, 0xc)
setsockopt$sock_int(r1, 0x1, 0x8, &(0x7f0000b4bffc), 0x4)
r2 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r2}, &(0x7f0000bbdffc))
timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
write(r1, &(0x7f0000000000)='\"', 0xfdef)

1.066251397s ago: executing program 4 (id=968):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
r1 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
r2 = socket(0x1, 0x2, 0x0)
getsockopt$sock_cred(r2, 0x1, 0x11, &(0x7f0000caaffb)={0x0, <r3=>0x0}, &(0x7f0000cab000)=0xc)
setresuid(0x0, r3, 0x0)
sendmsg$netlink(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f0000000740)=ANY=[@ANYBLOB="14020000140001002dbd7000000000000a"], 0x214}], 0x1}, 0x0)
sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000400)={{0x14}, [@NFT_MSG_NEWSET={0x48, 0x9, 0xa, 0x401, 0x0, 0x0, {0x1}, [@NFTA_SET_ID={0x8}, @NFTA_SET_NAME={0x9, 0x2, 'syz2\x00'}, @NFTA_SET_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_SET_DESC={0xc, 0x9, 0x0, 0x1, [@NFTA_SET_DESC_SIZE={0x8, 0x1, 0x1, 0x0, 0x3c1f}]}, @NFTA_SET_KEY_LEN={0x8, 0x5, 0x1, 0x0, 0x2d}]}], {0x14, 0x10}}, 0x70}}, 0x0)

587.427799ms ago: executing program 0 (id=969):
r0 = socket(0x2, 0x3, 0x5)
socket$nl_generic(0x10, 0x3, 0x10)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000680)={0x11, 0x3, &(0x7f0000000100)=ANY=[], 0x0}, 0x94)
r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000680)={0x11, 0x3, &(0x7f0000000100)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x3}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f00000001c0)='inet_sk_error_report\x00', r2}, 0x10)
r3 = socket$kcm(0xa, 0x1, 0x106)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000300)={0xffffffffffffffff, <r4=>0xffffffffffffffff})
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r5 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r5, &(0x7f0000019680)=""/102392, 0x18ff8)
r6 = bpf$MAP_CREATE(0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="1e00000004000000040000000800000020", @ANYRES32, @ANYBLOB="040000000000000000002731a379a911b885713b", @ANYRES32=0x0, @ANYRES32, @ANYBLOB="0500000002000000000000000a00"/24, @ANYRES32, @ANYBLOB], 0x50)
getsockopt$inet_pktinfo(r0, 0x0, 0x8, &(0x7f0000000080)={<r7=>0x0, @rand_addr, @remote}, &(0x7f0000000280)=0xc)
r8 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000540)={&(0x7f0000000840)=ANY=[@ANYBLOB="9feb010018000000000000001800000018000000050000000000000000000003000000000200000004000000faffffff00005f5f0055b0e4b1766e2b74bf50bd2289b7aea25d727da2b6c8407f218fe58606db73987ede14112efa90d1d649adabeb251e2b47a065bcc60f965f2253d850ab060f6f516335eae3344145fbc4ea50fcfd810b6a03306b40a286acf51433e3c7fe"], &(0x7f0000000440)=""/221, 0x35, 0xdd, 0x1, 0x1, 0x10000}, 0x28)
syz_io_uring_complete(0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="1400fdffffff02000000000e830000000000000000", @ANYRES32=r6, @ANYBLOB="1100"/20, @ANYRES32=r7, @ANYRES32=r8, @ANYBLOB="01000000040000000100"/20, @ANYRES32, @ANYBLOB='\x00\x00\x00\x00'], 0x50)
openat$rfkill(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
close_range(r1, r5, 0x2)
sendmsg$inet(r4, 0x0, 0x10)
sendmsg$kcm(r3, &(0x7f0000000140)={0x0, 0x0, 0x0}, 0x20000011)
r9 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000680)=ANY=[@ANYBLOB="0200000004000000080000000100000080000000", @ANYRES32=0x0, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\b\x00\x00\x00\x00\x00\x00\x00\x00\x00', @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB='\x00'/27], 0x50)
r10 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r11 = syz_genetlink_get_family_id$nbd(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$NBD_CMD_CONNECT(r10, &(0x7f0000001ac0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000a40)=ANY=[@ANYBLOB='0\x00\x00\x00', @ANYRES16=r11, @ANYBLOB="010028bd7000f7dbdf2501000000100007800c00018008000100", @ANYRES32=r9, @ANYBLOB], 0x30}, 0x1, 0x0, 0x0, 0x20004000}, 0x0)
sendmsg$kcm(r3, &(0x7f0000000780)={&(0x7f0000000000)=@in6={0xa, 0x0, 0x0, @dev={0xfe, 0x80, '\x00', 0xd}, 0x2}, 0x80, 0x0}, 0xe07e872420dfefca)
r12 = socket$kcm(0x10, 0x3, 0x10)
sendmsg$kcm(r12, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f0000000140)="1400000023000b6c8cfffdfccabb00f90429fc60", 0x14}], 0x1}, 0x2400c000)
syz_open_procfs(0x0, 0x0)

251.530008ms ago: executing program 4 (id=970):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000140)={0x5, 0x0, 0x0, 0x2000, &(0x7f0000fe5000/0x2000)=nil})
r3 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000540), 0x2, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r3, &(0x7f0000000480)={0x0, 0x18, 0xfa00, {0x0, &(0x7f00000002c0)={<r4=>0xffffffffffffffff}, 0x13f}}, 0x20)
write$RDMA_USER_CM_CMD_SET_OPTION(r3, &(0x7f0000000380)={0xe, 0x18, 0xfa00, @ib_path={&(0x7f00000006c0)=[{0x26, 0x0, [0x7, 0x9, 0x6, 0x1, 0x75, 0x8, 0x3, 0x9, 0xffffff81, 0x214, 0x3, 0x3, 0x7, 0x7, 0x5, 0x5]}, {0x20, 0x0, [0x7, 0x547d, 0x1, 0xcec3, 0x9, 0x5, 0xe, 0xe1, 0x1ff, 0x9, 0xca31, 0x400000, 0x0, 0x1ff, 0x3, 0x4]}, {0x27, 0x0, [0x8001, 0x5, 0x6, 0xc96, 0xc, 0x5, 0x1000, 0x8, 0xff, 0x78, 0x0, 0xff, 0x0, 0x633, 0x1, 0x6]}], r4, 0x1, 0x1, 0xd8}}, 0x20)
ioctl$KVM_SET_MSRS(r2, 0x4008ae89, &(0x7f0000000200)=ANY=[@ANYRES8=r1])
r5 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)={0x14, 0x15, 0x301, 0x0, 0x0, {0xb}}, 0x14}}, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
sendmsg$NLBL_UNLABEL_C_STATICADD(r5, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000100)={0x0}, 0x8, 0x3000000000002}, 0x0)
r6 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r0, 0xae04)
mmap$KVM_VCPU(&(0x7f0000fe5000/0x1000)=nil, r6, 0x1, 0x11, r2, 0x0)
r7 = syz_open_dev$evdev(&(0x7f0000000000), 0x2, 0x280000)
ioctl$EVIOCGLED(r7, 0x80404519, &(0x7f0000000680)=""/4096)
ioctl$KVM_CAP_ENFORCE_PV_FEATURE_CPUID(r2, 0x4068aea3, &(0x7f0000000600)={0xbe, 0x0, 0x1})
ioctl$KVM_RUN(r2, 0xae80, 0x0)

0s ago: executing program 0 (id=971):
r0 = syz_io_uring_setup(0x126b, &(0x7f00000006c0)={0x0, 0x72de}, &(0x7f0000000140), &(0x7f0000000780))
capset(&(0x7f0000000000)={0x20080522}, &(0x7f0000000040))
r1 = syz_open_dev$sg(&(0x7f0000000100), 0xf9ba, 0x28540)
ioctl$SCSI_IOCTL_SEND_COMMAND(r1, 0x1, &(0x7f00000002c0)={0x0, 0x401, 0xae})
io_uring_register$IORING_REGISTER_FILES_UPDATE(r0, 0x6, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)=[0xffffffffffffffff]}, 0x20)

kernel console output (not intermixed with test programs):

rex 4-1:0.50: USB YUREX #0 now disconnected
[  111.791045][ T5829] usb 1-1: Product: syz
[  111.801794][ T5829] usb 1-1: Manufacturer: syz
[  111.818063][ T5829] usb 1-1: SerialNumber: syz
[  111.833459][ T5829] usb 1-1: config 0 descriptor??
[  111.844088][ T5829] hub 1-1:0.153: bad descriptor, ignoring hub
[  111.853148][ T5829] hub 1-1:0.153: probe with driver hub failed with error -5
[  111.874640][ T5829] sierra 1-1:0.153: Sierra USB modem converter detected
[  112.266198][ T6166] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  112.277676][ T6166] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  114.987332][ T6191] netlink: 8 bytes leftover after parsing attributes in process `syz.3.64'.
[  114.997042][ T6191] bridge_slave_0: entered promiscuous mode
[  115.635697][ T5829] usb 1-1: USB disconnect, device number 5
[  116.110168][ T5829] sierra 1-1:0.153: device disconnected
[  117.697019][ T6225] netlink: 12 bytes leftover after parsing attributes in process `syz.1.72'.
[  117.706128][ T6225] nbd: must specify a size in bytes for the device
[  118.788863][ T6235] FAULT_INJECTION: forcing a failure.
[  118.788863][ T6235] name fail_usercopy, interval 1, probability 0, space 0, times 1
[  118.813769][ T6235] CPU: 1 UID: 0 PID: 6235 Comm: syz.0.78 Not tainted 6.16.0-rc4-syzkaller #0 PREEMPT(full) 
[  118.813793][ T6235] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  118.813806][ T6235] Call Trace:
[  118.813817][ T6235]  <TASK>
[  118.813824][ T6235]  dump_stack_lvl+0x189/0x250
[  118.813861][ T6235]  ? __pfx____ratelimit+0x10/0x10
[  118.813886][ T6235]  ? __pfx_dump_stack_lvl+0x10/0x10
[  118.813912][ T6235]  ? __pfx__printk+0x10/0x10
[  118.813929][ T6235]  ? __might_fault+0xb0/0x130
[  118.813961][ T6235]  should_fail_ex+0x414/0x560
[  118.813986][ T6235]  _copy_from_user+0x2d/0xb0
[  118.814013][ T6235]  kvm_arch_vcpu_ioctl+0x638/0x2a40
[  118.814035][ T6235]  ? __lock_acquire+0xab9/0xd20
[  118.814056][ T6235]  ? kvm_arch_vcpu_ioctl+0x5f8/0x2a40
[  118.814079][ T6235]  ? __pfx_kvm_arch_vcpu_ioctl+0x10/0x10
[  118.814103][ T6235]  ? __lock_acquire+0xab9/0xd20
[  118.814143][ T6235]  ? is_bpf_text_address+0x26/0x2b0
[  118.814172][ T6235]  ? is_bpf_text_address+0x292/0x2b0
[  118.814195][ T6235]  ? is_bpf_text_address+0x26/0x2b0
[  118.814222][ T6235]  ? kernel_text_address+0xa5/0xe0
[  118.814243][ T6235]  ? __kernel_text_address+0xd/0x40
[  118.814262][ T6235]  ? unwind_get_return_address+0x4d/0x90
[  118.814286][ T6235]  ? __pfx_stack_trace_consume_entry+0x10/0x10
[  118.814303][ T6235]  ? arch_stack_walk+0xfc/0x150
[  118.814341][ T6235]  ? stack_trace_save+0x9c/0xe0
[  118.814360][ T6235]  ? stack_depot_save_flags+0x40/0x900
[  118.814389][ T6235]  ? kasan_save_track+0x4f/0x80
[  118.814406][ T6235]  ? kasan_save_track+0x3e/0x80
[  118.814454][ T6235]  ? __lock_acquire+0xab9/0xd20
[  118.814502][ T6235]  ? __mutex_trylock_common+0x153/0x260
[  118.814535][ T6235]  ? __pfx___mutex_trylock_common+0x10/0x10
[  118.814568][ T6235]  ? rcu_is_watching+0x15/0xb0
[  118.814596][ T6235]  ? trace_contention_end+0x39/0x120
[  118.814614][ T6235]  ? __mutex_lock+0x330/0xe80
[  118.814644][ T6235]  ? kasan_quarantine_put+0xdd/0x220
[  118.814668][ T6235]  ? kvm_vcpu_ioctl+0x22e/0xe90
[  118.814688][ T6235]  ? __pfx___mutex_lock+0x10/0x10
[  118.814716][ T6235]  ? tomoyo_path_number_perm+0x1bc/0x5a0
[  118.814740][ T6235]  ? tomoyo_path_number_perm+0x1bc/0x5a0
[  118.814762][ T6235]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  118.814791][ T6235]  kvm_vcpu_ioctl+0x74d/0xe90
[  118.814815][ T6235]  ? __pfx_kvm_vcpu_ioctl+0x10/0x10
[  118.814841][ T6235]  ? __lock_acquire+0xab9/0xd20
[  118.814868][ T6235]  ? __asan_memset+0x22/0x50
[  118.814885][ T6235]  ? smack_file_ioctl+0x302/0x340
[  118.814908][ T6235]  ? __pfx_smack_file_ioctl+0x10/0x10
[  118.814938][ T6235]  ? __fget_files+0x2a/0x420
[  118.814962][ T6235]  ? __fget_files+0x3a0/0x420
[  118.814984][ T6235]  ? __fget_files+0x2a/0x420
[  118.815012][ T6235]  ? bpf_lsm_file_ioctl+0x9/0x20
[  118.815036][ T6235]  ? __pfx_kvm_vcpu_ioctl+0x10/0x10
[  118.815064][ T6235]  __se_sys_ioctl+0xfc/0x170
[  118.815090][ T6235]  do_syscall_64+0xfa/0x3b0
[  118.815115][ T6235]  ? lockdep_hardirqs_on+0x9c/0x150
[  118.815140][ T6235]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  118.815158][ T6235]  ? clear_bhb_loop+0x60/0xb0
[  118.815180][ T6235]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  118.815198][ T6235] RIP: 0033:0x7fa952b8e929
[  118.815221][ T6235] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  118.815236][ T6235] RSP: 002b:00007fa9509f6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  118.815255][ T6235] RAX: ffffffffffffffda RBX: 00007fa952db5fa0 RCX: 00007fa952b8e929
[  118.815269][ T6235] RDX: 0000200000000100 RSI: 000000004008ae89 RDI: 0000000000000005
[  118.815280][ T6235] RBP: 00007fa9509f6090 R08: 0000000000000000 R09: 0000000000000000
[  118.815291][ T6235] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  118.815302][ T6235] R13: 0000000000000000 R14: 00007fa952db5fa0 R15: 00007ffe82dec228
[  118.815331][ T6235]  </TASK>
[  119.130437][ T6244] netlink: 12 bytes leftover after parsing attributes in process `syz.3.80'.
[  119.879211][ T5827] usb 3-1: new full-speed USB device number 2 using dummy_hcd
[  120.379428][ T5827] usb 3-1: New USB device found, idVendor=13d3, idProduct=3224, bcdDevice=cb.0d
[  120.570974][ T5827] usb 3-1: New USB device strings: Mfr=1, Product=12, SerialNumber=3
[  120.585660][ T5827] usb 3-1: Product: syz
[  120.590782][ T5827] usb 3-1: Manufacturer: syz
[  120.611453][ T5827] usb 3-1: SerialNumber: syz
[  120.658398][ T5827] dvb-usb: found a 'DigitalNow TinyUSB 2 DVB-t Receiver' in warm state.
[  120.717323][ T5994] usb 5-1: new high-speed USB device number 2 using dummy_hcd
[  120.808891][ T6269] warning: `syz.0.88' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211
[  120.859324][ T5994] usb 5-1: device descriptor read/64, error -71
[  121.339075][ T5827] dvb-usb: This USB2.0 device cannot be run on a USB1.1 port. (it lacks a hardware PID filter)
[  121.352680][ T5827] dvb-usb: DigitalNow TinyUSB 2 DVB-t Receiver error while loading driver (-19)
[  121.385211][ T5994] usb 5-1: new high-speed USB device number 3 using dummy_hcd
[  121.558730][ T5994] usb 5-1: device descriptor read/64, error -71
[  121.677827][ T5827] usb 3-1: USB disconnect, device number 2
[  121.707415][ T5994] usb usb5-port1: attempt power cycle
[  121.784481][ T6274] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  121.934514][ T6276] netlink: 'syz.3.90': attribute type 1 has an invalid length.
[  122.073334][ T6282] capability: warning: `syz.0.91' uses deprecated v2 capabilities in a way that may be insecure
[  122.125206][ T5994] usb 5-1: new high-speed USB device number 4 using dummy_hcd
[  122.207927][ T5994] usb 5-1: device descriptor read/8, error -71
[  122.545364][ T5994] usb 5-1: new high-speed USB device number 5 using dummy_hcd
[  122.568873][ T5994] usb 5-1: device descriptor read/8, error -71
[  122.693126][ T5994] usb usb5-port1: unable to enumerate USB device
[  123.284559][ T6294] IPVS: set_ctl: invalid protocol: 43 172.20.20.45:20002
[  124.656790][ T6310] sd 0:0:1:0: ioctl_internal_command: ILLEGAL REQUEST asc=0x20 ascq=0x0
[  124.703066][ T6316] FAULT_INJECTION: forcing a failure.
[  124.703066][ T6316] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  124.724431][ T6316] CPU: 0 UID: 0 PID: 6316 Comm: syz.0.101 Not tainted 6.16.0-rc4-syzkaller #0 PREEMPT(full) 
[  124.724448][ T6316] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  124.724456][ T6316] Call Trace:
[  124.724461][ T6316]  <TASK>
[  124.724466][ T6316]  dump_stack_lvl+0x189/0x250
[  124.724489][ T6316]  ? __pfx____ratelimit+0x10/0x10
[  124.724506][ T6316]  ? __pfx_dump_stack_lvl+0x10/0x10
[  124.724524][ T6316]  ? __pfx__printk+0x10/0x10
[  124.724536][ T6316]  ? __might_fault+0xb0/0x130
[  124.724559][ T6316]  should_fail_ex+0x414/0x560
[  124.724576][ T6316]  _copy_from_iter+0x1db/0x16f0
[  124.724596][ T6316]  ? rcu_is_watching+0x15/0xb0
[  124.724615][ T6316]  ? kmem_cache_alloc_node_noprof+0x217/0x3c0
[  124.724631][ T6316]  ? __pfx__copy_from_iter+0x10/0x10
[  124.724649][ T6316]  ? __build_skb_around+0x257/0x3e0
[  124.724663][ T6316]  ? netlink_sendmsg+0x642/0xb30
[  124.724675][ T6316]  ? skb_put+0x11b/0x210
[  124.724690][ T6316]  netlink_sendmsg+0x6b2/0xb30
[  124.724709][ T6316]  ? __pfx_netlink_sendmsg+0x10/0x10
[  124.724727][ T6316]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  124.724742][ T6316]  ? __pfx_netlink_sendmsg+0x10/0x10
[  124.724755][ T6316]  __sock_sendmsg+0x219/0x270
[  124.724775][ T6316]  ____sys_sendmsg+0x505/0x830
[  124.724792][ T6316]  ? __pfx_____sys_sendmsg+0x10/0x10
[  124.724812][ T6316]  ? import_iovec+0x74/0xa0
[  124.724832][ T6316]  ___sys_sendmsg+0x21f/0x2a0
[  124.724848][ T6316]  ? __pfx____sys_sendmsg+0x10/0x10
[  124.724885][ T6316]  ? __fget_files+0x2a/0x420
[  124.724900][ T6316]  ? __fget_files+0x3a0/0x420
[  124.724929][ T6316]  __x64_sys_sendmsg+0x19b/0x260
[  124.724945][ T6316]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  124.724966][ T6316]  ? __pfx_ksys_write+0x10/0x10
[  124.724984][ T6316]  ? do_syscall_64+0xbe/0x3b0
[  124.725004][ T6316]  do_syscall_64+0xfa/0x3b0
[  124.725021][ T6316]  ? lockdep_hardirqs_on+0x9c/0x150
[  124.725038][ T6316]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  124.725050][ T6316]  ? clear_bhb_loop+0x60/0xb0
[  124.725065][ T6316]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  124.725085][ T6316] RIP: 0033:0x7fa952b8e929
[  124.725101][ T6316] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  124.725114][ T6316] RSP: 002b:00007fa9509d5038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  124.725132][ T6316] RAX: ffffffffffffffda RBX: 00007fa952db6080 RCX: 00007fa952b8e929
[  124.725143][ T6316] RDX: 0000000000000000 RSI: 0000200000000280 RDI: 0000000000000003
[  124.725154][ T6316] RBP: 00007fa9509d5090 R08: 0000000000000000 R09: 0000000000000000
[  124.725164][ T6316] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  124.725173][ T6316] R13: 0000000000000001 R14: 00007fa952db6080 R15: 00007ffe82dec228
[  124.725199][ T6316]  </TASK>
[  124.995768][    C0] vkms_vblank_simulate: vblank timer overrun
[  125.723027][ T6318] netlink: 12 bytes leftover after parsing attributes in process `syz.1.102'.
[  125.733249][ T6318] nbd: must specify a size in bytes for the device
[  126.298959][ T6323] netlink: 20 bytes leftover after parsing attributes in process `syz.0.103'.
[  128.831480][ T6338] syz.1.106: attempt to access beyond end of device
[  128.831480][ T6338] loop1: rw=2048, sector=2, nr_sectors = 1 limit=0
[  128.855727][ T6338] hfsplus: unable to find HFS+ superblock
[  128.866061][ T6332] netdevsim netdevsim0 netdevsim0: entered allmulticast mode
[  131.579977][ T6362] FAULT_INJECTION: forcing a failure.
[  131.579977][ T6362] name failslab, interval 1, probability 0, space 0, times 1
[  131.594022][ T6362] CPU: 0 UID: 0 PID: 6362 Comm: syz.1.114 Not tainted 6.16.0-rc4-syzkaller #0 PREEMPT(full) 
[  131.594046][ T6362] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  131.594056][ T6362] Call Trace:
[  131.594063][ T6362]  <TASK>
[  131.594071][ T6362]  dump_stack_lvl+0x189/0x250
[  131.594100][ T6362]  ? __pfx____ratelimit+0x10/0x10
[  131.594125][ T6362]  ? __pfx_dump_stack_lvl+0x10/0x10
[  131.594150][ T6362]  ? __pfx__printk+0x10/0x10
[  131.594173][ T6362]  ? __pfx___might_resched+0x10/0x10
[  131.594197][ T6362]  ? fs_reclaim_acquire+0x7d/0x100
[  131.594225][ T6362]  should_fail_ex+0x414/0x560
[  131.594250][ T6362]  should_failslab+0xa8/0x100
[  131.594274][ T6362]  __kmalloc_noprof+0xcb/0x4f0
[  131.594292][ T6362]  ? kfree+0x4d/0x440
[  131.594307][ T6362]  ? tomoyo_realpath_from_path+0xe3/0x5d0
[  131.594337][ T6362]  tomoyo_realpath_from_path+0xe3/0x5d0
[  131.594363][ T6362]  ? tomoyo_domain+0xda/0x130
[  131.594393][ T6362]  ? tomoyo_path_number_perm+0x1bc/0x5a0
[  131.594414][ T6362]  tomoyo_path_number_perm+0x1e8/0x5a0
[  131.594437][ T6362]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  131.594460][ T6362]  ? sb_end_write+0xe9/0x1c0
[  131.594485][ T6362]  ? vfs_write+0x8d8/0xa90
[  131.594542][ T6362]  ? ksys_write+0x1e1/0x250
[  131.594567][ T6362]  security_file_ioctl+0xcb/0x2d0
[  131.594591][ T6362]  __se_sys_ioctl+0x47/0x170
[  131.594612][ T6362]  do_syscall_64+0xfa/0x3b0
[  131.594634][ T6362]  ? lockdep_hardirqs_on+0x9c/0x150
[  131.594658][ T6362]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  131.594674][ T6362]  ? clear_bhb_loop+0x60/0xb0
[  131.594695][ T6362]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  131.594712][ T6362] RIP: 0033:0x7f3843f8e929
[  131.594727][ T6362] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  131.594741][ T6362] RSP: 002b:00007f3844d6b038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  131.594759][ T6362] RAX: ffffffffffffffda RBX: 00007f38441b5fa0 RCX: 00007f3843f8e929
[  131.594771][ T6362] RDX: 0000200000000300 RSI: 0000000080104592 RDI: 0000000000000003
[  131.594783][ T6362] RBP: 00007f3844d6b090 R08: 0000000000000000 R09: 0000000000000000
[  131.594793][ T6362] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  131.594802][ T6362] R13: 0000000000000000 R14: 00007f38441b5fa0 R15: 00007ffde3b22b18
[  131.594830][ T6362]  </TASK>
[  131.594836][ T6362] ERROR: Out of memory at tomoyo_realpath_from_path.
[  132.108965][ T6366] netlink: 12 bytes leftover after parsing attributes in process `syz.3.115'.
[  132.118531][ T6366] nbd: must specify a size in bytes for the device
[  132.706891][ T1302] ieee802154 phy0 wpan0: encryption failed: -22
[  133.725716][ T6378] sctp: [Deprecated]: syz.4.116 (pid 6378) Use of struct sctp_assoc_value in delayed_ack socket option.
[  133.725716][ T6378] Use struct sctp_sack_info instead
[  134.904211][   T30] audit: type=1326 audit(1751304166.037:2): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6383 comm="syz.1.119" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3843f8e929 code=0x7ffc0000
[  134.928053][ T6395] sd 0:0:1:0: ioctl_internal_command: ILLEGAL REQUEST asc=0x20 ascq=0x0
[  134.971460][   T30] audit: type=1326 audit(1751304166.067:3): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6383 comm="syz.1.119" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f3843f8e929 code=0x7ffc0000
[  135.024570][   T30] audit: type=1326 audit(1751304166.067:4): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6383 comm="syz.1.119" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3843f8e929 code=0x7ffc0000
[  135.055405][   T30] audit: type=1326 audit(1751304166.067:5): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6383 comm="syz.1.119" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3843f8e929 code=0x7ffc0000
[  135.098536][   T30] audit: type=1326 audit(1751304166.067:6): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6383 comm="syz.1.119" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f3843f8e929 code=0x7ffc0000
[  135.166354][   T30] audit: type=1326 audit(1751304166.067:7): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6383 comm="syz.1.119" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3843f8e929 code=0x7ffc0000
[  135.189939][   T30] audit: type=1326 audit(1751304166.067:8): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6383 comm="syz.1.119" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f3843f8e929 code=0x7ffc0000
[  135.211999][   T30] audit: type=1326 audit(1751304166.067:9): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6383 comm="syz.1.119" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3843f8e929 code=0x7ffc0000
[  135.234842][   T30] audit: type=1326 audit(1751304166.067:10): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6383 comm="syz.1.119" exe="/root/syz-executor" sig=0 arch=c000003e syscall=46 compat=0 ip=0x7f3843f8e929 code=0x7ffc0000
[  135.317869][   T30] audit: type=1326 audit(1751304166.067:11): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6383 comm="syz.1.119" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3843f8e929 code=0x7ffc0000
[  137.535147][ T6419] syz.1.129: attempt to access beyond end of device
[  137.535147][ T6419] nbd1: rw=0, sector=64, nr_sectors = 1 limit=0
[  137.627830][ T6419] syz.1.129: attempt to access beyond end of device
[  137.627830][ T6419] nbd1: rw=0, sector=256, nr_sectors = 1 limit=0
[  137.664294][ T6419] UDF-fs: error (device nbd1): udf_read_tagged: read failed, block=256, location=256
[  137.674740][ T6419] syz.1.129: attempt to access beyond end of device
[  137.674740][ T6419] nbd1: rw=0, sector=512, nr_sectors = 1 limit=0
[  137.690544][ T6419] UDF-fs: error (device nbd1): udf_read_tagged: read failed, block=512, location=512
[  137.712514][ T6419] syz.1.129: attempt to access beyond end of device
[  137.712514][ T6419] nbd1: rw=0, sector=64, nr_sectors = 2 limit=0
[  137.913910][ T6419] syz.1.129: attempt to access beyond end of device
[  137.913910][ T6419] nbd1: rw=0, sector=512, nr_sectors = 2 limit=0
[  137.977791][ T6419] UDF-fs: error (device nbd1): udf_read_tagged: read failed, block=256, location=256
[  138.781622][ T6419] syz.1.129: attempt to access beyond end of device
[  138.781622][ T6419] nbd1: rw=0, sector=1024, nr_sectors = 2 limit=0
[  138.820656][ T6419] UDF-fs: error (device nbd1): udf_read_tagged: read failed, block=512, location=512
[  138.873077][ T6419] syz.1.129: attempt to access beyond end of device
[  138.873077][ T6419] nbd1: rw=0, sector=64, nr_sectors = 4 limit=0
[  138.956032][ T6433] netlink: 260 bytes leftover after parsing attributes in process `syz.3.132'.
[  139.055474][ T6419] syz.1.129: attempt to access beyond end of device
[  139.055474][ T6419] nbd1: rw=0, sector=1024, nr_sectors = 4 limit=0
[  139.089985][ T6419] UDF-fs: error (device nbd1): udf_read_tagged: read failed, block=256, location=256
[  139.446097][ T6419] syz.1.129: attempt to access beyond end of device
[  139.446097][ T6419] nbd1: rw=0, sector=2048, nr_sectors = 4 limit=0
[  139.485302][ T6419] UDF-fs: error (device nbd1): udf_read_tagged: read failed, block=512, location=512
[  139.530906][ T6419] syz.1.129: attempt to access beyond end of device
[  139.530906][ T6419] nbd1: rw=0, sector=64, nr_sectors = 8 limit=0
[  139.578718][ T6419] UDF-fs: error (device nbd1): udf_read_tagged: read failed, block=256, location=256
[  139.679462][ T6419] UDF-fs: error (device nbd1): udf_read_tagged: read failed, block=512, location=512
[  139.733862][ T6419] UDF-fs: warning (device nbd1): udf_fill_super: No partition found (1)
[  139.746189][ T6444] FAULT_INJECTION: forcing a failure.
[  139.746189][ T6444] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  139.815274][ T6444] CPU: 1 UID: 0 PID: 6444 Comm: syz.0.136 Not tainted 6.16.0-rc4-syzkaller #0 PREEMPT(full) 
[  139.815300][ T6444] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  139.815310][ T6444] Call Trace:
[  139.815318][ T6444]  <TASK>
[  139.815325][ T6444]  dump_stack_lvl+0x189/0x250
[  139.815357][ T6444]  ? __pfx____ratelimit+0x10/0x10
[  139.815381][ T6444]  ? __pfx_dump_stack_lvl+0x10/0x10
[  139.815407][ T6444]  ? __pfx__printk+0x10/0x10
[  139.815424][ T6444]  ? __might_fault+0xb0/0x130
[  139.815456][ T6444]  should_fail_ex+0x414/0x560
[  139.815480][ T6444]  _copy_from_user+0x2d/0xb0
[  139.815508][ T6444]  ___sys_sendmsg+0x158/0x2a0
[  139.815531][ T6444]  ? __pfx____sys_sendmsg+0x10/0x10
[  139.815604][ T6444]  ? __might_fault+0xb0/0x130
[  139.815628][ T6444]  __sys_sendmmsg+0x227/0x430
[  139.815653][ T6444]  ? __pfx___sys_sendmmsg+0x10/0x10
[  139.815671][ T6444]  ? __mutex_unlock_slowpath+0x1cd/0x700
[  139.815721][ T6444]  ? ksys_write+0x22a/0x250
[  139.815743][ T6444]  ? __pfx_ksys_write+0x10/0x10
[  139.815760][ T6444]  ? rcu_is_watching+0x15/0xb0
[  139.815791][ T6444]  __x64_sys_sendmmsg+0xa0/0xc0
[  139.815814][ T6444]  do_syscall_64+0xfa/0x3b0
[  139.815838][ T6444]  ? lockdep_hardirqs_on+0x9c/0x150
[  139.815861][ T6444]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  139.815878][ T6444]  ? clear_bhb_loop+0x60/0xb0
[  139.815899][ T6444]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  139.815916][ T6444] RIP: 0033:0x7fa952b8e929
[  139.815931][ T6444] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  139.815946][ T6444] RSP: 002b:00007fa9509f6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[  139.815964][ T6444] RAX: ffffffffffffffda RBX: 00007fa952db5fa0 RCX: 00007fa952b8e929
[  139.815977][ T6444] RDX: 040000000000009f RSI: 00002000000002c0 RDI: 0000000000000004
[  139.815988][ T6444] RBP: 00007fa9509f6090 R08: 0000000000000000 R09: 0000000000000000
[  139.815998][ T6444] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  139.816008][ T6444] R13: 0000000000000000 R14: 00007fa952db5fa0 R15: 00007ffe82dec228
[  139.816035][ T6444]  </TASK>
[  141.201127][ T6461] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(3)
[  141.207829][ T6461] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed)
[  141.490320][ T6461] vhci_hcd vhci_hcd.0: Device attached
[  141.775574][ T6461] bridge_slave_0: left allmulticast mode
[  141.781266][ T6461] bridge_slave_0: left promiscuous mode
[  141.797935][ T6461] bridge0: port 1(bridge_slave_0) entered disabled state
[  141.813834][ T6461] bridge_slave_1: left allmulticast mode
[  141.824162][ T6461] bridge_slave_1: left promiscuous mode
[  141.830764][ T6461] bridge0: port 2(bridge_slave_1) entered disabled state
[  141.937523][  T977] usb 35-1: new high-speed USB device number 2 using vhci_hcd
[  141.968404][ T6470] netlink: 'syz.1.141': attribute type 10 has an invalid length.
[  142.200108][ T6461] bond0: (slave bond_slave_0): Releasing backup interface
[  142.790746][ T5829] usb 1-1: new high-speed USB device number 6 using dummy_hcd
[  142.816345][ T6461] bond0: (slave bond_slave_1): Releasing backup interface
[  143.015924][ T5829] usb 1-1: Using ep0 maxpacket: 32
[  143.032336][ T5829] usb 1-1: config 0 has an invalid interface number: 146 but max is 0
[  143.044865][ T5829] usb 1-1: config 0 has no interface number 0
[  143.064841][ T5829] usb 1-1: config 0 interface 146 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[  143.085855][ T6461] team0: Port device team_slave_0 removed
[  143.093010][ T5829] usb 1-1: config 0 interface 146 altsetting 0 has an endpoint descriptor with address 0xE3, changing to 0x83
[  143.136770][ T6461] team0: Port device team_slave_1 removed
[  143.161825][ T6461] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  143.170666][ T5829] usb 1-1: config 0 interface 146 altsetting 0 endpoint 0x83 has invalid maxpacket 33307, setting to 1024
[  143.171097][ T6461] batman_adv: batadv0: Removing interface: batadv_slave_0
[  143.227421][ T5829] usb 1-1: config 0 interface 146 altsetting 0 bulk endpoint 0x83 has invalid maxpacket 1024
[  143.255885][ T5829] usb 1-1: config 0 interface 146 altsetting 0 has an endpoint descriptor with address 0xF2, changing to 0x82
[  143.269257][ T6461] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  143.280616][ T5829] usb 1-1: config 0 interface 146 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0
[  143.291175][ T6461] batman_adv: batadv0: Removing interface: batadv_slave_1
[  143.322968][ T5829] usb 1-1: config 0 interface 146 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 0
[  143.363324][ T5829] usb 1-1: config 0 interface 146 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0
[  143.404047][ T5829] usb 1-1: config 0 interface 146 altsetting 0 has 4 endpoint descriptors, different from the interface descriptor's value: 3
[  143.458701][ T5829] usb 1-1: New USB device found, idVendor=05da, idProduct=009a, bcdDevice=62.95
[  143.471229][ T5829] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  143.493879][ T5829] usb 1-1: Product: syz
[  143.508898][ T6470] 8021q: adding VLAN 0 to HW filter on device bond0
[  143.513116][ T5829] usb 1-1: Manufacturer: syz
[  143.543942][ T5829] usb 1-1: SerialNumber: syz
[  143.551888][ T6470] team0: Port device bond0 added
[  143.560216][ T6463] vhci_hcd: connection reset by peer
[  143.582045][ T3491] vhci_hcd: stop threads
[  143.587465][ T5829] usb 1-1: config 0 descriptor??
[  143.595784][ T3491] vhci_hcd: release socket
[  143.623967][ T3491] vhci_hcd: disconnect device
[  143.629380][ T6469] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22
[  143.648347][ T5829] microtek usb (rev 0.4.3): can only deal with bulk endpoints; endpoint 1 is not bulk.
[  143.673041][ T5829] microtek usb (rev 0.4.3): couldn't find an output bulk endpoint. Bailing out.
[  143.868970][ T5829] usb 1-1: USB disconnect, device number 6
[  144.095320][ T6470] syz.1.141 (6470) used greatest stack depth: 18952 bytes left
[  144.096768][ T6486] netlink: 12 bytes leftover after parsing attributes in process `syz.2.148'.
[  144.111985][ T6486] nbd: must specify a size in bytes for the device
[  144.934402][ T6497] bio_check_eod: 2 callbacks suppressed
[  144.934416][ T6497] syz.1.149: attempt to access beyond end of device
[  144.934416][ T6497] loop1: rw=2048, sector=2, nr_sectors = 1 limit=0
[  144.976542][ T6497] hfsplus: unable to find HFS+ superblock
[  146.717346][ T6515] bridge_slave_1: entered allmulticast mode
[  146.839705][ T6515] fuse: Bad value for 'fd'
[  147.032502][ T6523] netlink: 12 bytes leftover after parsing attributes in process `syz.3.160'.
[  147.041743][ T6523] nbd: must specify a size in bytes for the device
[  147.126098][  T977] vhci_hcd: vhci_device speed not set
[  147.405523][ T5829] usb 1-1: new high-speed USB device number 7 using dummy_hcd
[  147.413318][    C0] raw-gadget.0 gadget.0: ignoring, device is not running
[  147.545721][ T5829] usb 1-1: device descriptor read/64, error -32
[  147.765659][ T6530] netlink: 12 bytes leftover after parsing attributes in process `syz.1.162'.
[  147.774744][ T6530] nbd: must specify a size in bytes for the device
[  148.107747][ T5829] usb 1-1: new high-speed USB device number 8 using dummy_hcd
[  148.359616][ T5829] usb 1-1: Using ep0 maxpacket: 16
[  148.370045][ T5829] usb 1-1: config 0 has an invalid interface number: 194 but max is 0
[  148.388563][ T5829] usb 1-1: config 0 has no interface number 0
[  148.407609][ T5829] usb 1-1: New USB device found, idVendor=0a2c, idProduct=0008, bcdDevice=b4.25
[  148.433640][ T5829] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  149.015290][ T5829] usb 1-1: Product: syz
[  149.019931][ T5829] usb 1-1: Manufacturer: syz
[  149.025013][ T5829] usb 1-1: SerialNumber: syz
[  149.037645][ T5829] usb 1-1: config 0 descriptor??
[  149.046353][ T5829] cypress_cy7c63 1-1:0.194: Cypress CY7C63xxx device now attached
[  149.648277][ T6517] tipc: Started in network mode
[  149.655452][ T6517] tipc: Node identity 7f000001, cluster identity 4711
[  149.774665][ T6517] tipc: Enabled bearer <udp:syz2>, priority 10
[  149.872579][ T5829] usb 1-1: USB disconnect, device number 8
[  149.895954][ T5829] cypress_cy7c63 1-1:0.194: Cypress CY7C63xxx device now disconnected
[  150.776632][ T5829] tipc: Node number set to 2130706433
[  151.798684][ T6562] capability: warning: `syz.0.170' uses 32-bit capabilities (legacy support in use)
[  152.921960][ T6573] nbd: socks must be embedded in a SOCK_ITEM attr
[  153.200607][ T6576] netlink: 12 bytes leftover after parsing attributes in process `syz.0.174'.
[  153.210089][ T6576] nbd: must specify a size in bytes for the device
[  153.556957][ T6567] netlink: 12 bytes leftover after parsing attributes in process `syz.3.172'.
[  153.565970][ T6567] nbd: must specify a size in bytes for the device
[  154.256689][ T6015] udevd[6015]: inotify_add_watch(7, /dev/nbd0, 10) failed: No such file or directory
[  155.616904][ T5899] usb 4-1: new high-speed USB device number 3 using dummy_hcd
[  156.009684][ T5899] usb 4-1: Using ep0 maxpacket: 16
[  156.200196][ T5899] usb 4-1: New USB device found, idVendor=1604, idProduct=8007, bcdDevice=af.a6
[  156.371407][ T5899] usb 4-1: New USB device strings: Mfr=1, Product=23, SerialNumber=3
[  157.035241][ T5899] usb 4-1: Product: syz
[  157.055486][ T5899] usb 4-1: Manufacturer: syz
[  157.060192][ T5899] usb 4-1: SerialNumber: syz
[  157.076048][ T5899] usb 4-1: config 0 descriptor??
[  158.360126][ T6639] netlink: 12 bytes leftover after parsing attributes in process `syz.4.190'.
[  158.369334][ T6639] nbd: must specify a size in bytes for the device
[  159.858689][ T5899] usb 4-1: USB disconnect, device number 3
[  162.128903][ T6689] netlink: 28 bytes leftover after parsing attributes in process `syz.1.202'.
[  162.136820][ T6686] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci4/hci4:200/input5
[  162.158433][ T6689] netlink: 28 bytes leftover after parsing attributes in process `syz.1.202'.
[  162.745288][ T5938] usb 2-1: new high-speed USB device number 3 using dummy_hcd
[  162.915305][ T5938] usb 2-1: Using ep0 maxpacket: 16
[  162.944307][ T5938] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  163.017506][ T5938] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  163.067958][ T5938] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9
[  163.166116][ T5938] usb 2-1: New USB device found, idVendor=0457, idProduct=07da, bcdDevice= 0.00
[  163.243446][ T5938] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  163.323068][ T5938] usb 2-1: config 0 descriptor??
[  163.468114][ T6713] could not allocate digest TFM handle poly1305-generic
[  163.962833][ T5938] usbhid 2-1:0.0: can't add hid device: -71
[  164.327706][ T5938] usbhid 2-1:0.0: probe with driver usbhid failed with error -71
[  164.352185][ T5938] usb 2-1: USB disconnect, device number 3
[  164.995246][ T5870] usb 4-1: new high-speed USB device number 4 using dummy_hcd
[  165.010272][ T6736] netlink: 'syz.0.219': attribute type 1 has an invalid length.
[  165.018820][ T6736] netlink: 224 bytes leftover after parsing attributes in process `syz.0.219'.
[  165.069636][ T6736] netlink: 68 bytes leftover after parsing attributes in process `syz.0.219'.
[  165.245407][ T5870] usb 4-1: config index 0 descriptor too short (expected 23569, got 27)
[  165.253850][ T5870] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x3 has invalid wMaxPacketSize 0
[  165.365036][ T5870] usb 4-1: New USB device found, idVendor=03eb, idProduct=0002, bcdDevice=ba.c0
[  165.415308][ T5870] usb 4-1: New USB device strings: Mfr=5, Product=0, SerialNumber=0
[  165.436333][ T5870] usb 4-1: Manufacturer: syz
[  165.452045][ T5870] usb 4-1: config 0 descriptor??
[  165.483840][ T5870] igorplugusb 4-1:0.0: endpoint incorrect
[  165.960403][ T5870] usb 4-1: USB disconnect, device number 4
[  173.103685][ T6839] FAULT_INJECTION: forcing a failure.
[  173.103685][ T6839] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  173.117007][ T6839] CPU: 0 UID: 0 PID: 6839 Comm: syz.1.250 Not tainted 6.16.0-rc4-syzkaller #0 PREEMPT(full) 
[  173.117028][ T6839] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  173.117038][ T6839] Call Trace:
[  173.117045][ T6839]  <TASK>
[  173.117052][ T6839]  dump_stack_lvl+0x189/0x250
[  173.117081][ T6839]  ? __pfx____ratelimit+0x10/0x10
[  173.117104][ T6839]  ? __pfx_dump_stack_lvl+0x10/0x10
[  173.117129][ T6839]  ? __pfx__printk+0x10/0x10
[  173.117146][ T6839]  ? __might_fault+0xb0/0x130
[  173.117178][ T6839]  should_fail_ex+0x414/0x560
[  173.117202][ T6839]  _copy_from_user+0x2d/0xb0
[  173.117229][ T6839]  ___sys_sendmsg+0x158/0x2a0
[  173.117252][ T6839]  ? __pfx____sys_sendmsg+0x10/0x10
[  173.117303][ T6839]  ? __fget_files+0x2a/0x420
[  173.117324][ T6839]  ? __fget_files+0x3a0/0x420
[  173.117354][ T6839]  __x64_sys_sendmsg+0x19b/0x260
[  173.117377][ T6839]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  173.117406][ T6839]  ? __pfx_ksys_write+0x10/0x10
[  173.117423][ T6839]  ? rcu_is_watching+0x15/0xb0
[  173.117459][ T6839]  ? do_syscall_64+0xbe/0x3b0
[  173.117487][ T6839]  do_syscall_64+0xfa/0x3b0
[  173.117510][ T6839]  ? lockdep_hardirqs_on+0x9c/0x150
[  173.117532][ T6839]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  173.117549][ T6839]  ? clear_bhb_loop+0x60/0xb0
[  173.117570][ T6839]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  173.117587][ T6839] RIP: 0033:0x7f3843f8e929
[  173.117602][ T6839] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  173.117616][ T6839] RSP: 002b:00007f3844d4a038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  173.117634][ T6839] RAX: ffffffffffffffda RBX: 00007f38441b6080 RCX: 00007f3843f8e929
[  173.117647][ T6839] RDX: 0000000000000000 RSI: 0000200000000280 RDI: 0000000000000005
[  173.117657][ T6839] RBP: 00007f3844d4a090 R08: 0000000000000000 R09: 0000000000000000
[  173.117667][ T6839] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  173.117677][ T6839] R13: 0000000000000000 R14: 00007f38441b6080 R15: 00007ffde3b22b18
[  173.117704][ T6839]  </TASK>
[  173.322862][    C0] vkms_vblank_simulate: vblank timer overrun
[  174.445160][ T5899] usb 2-1: new high-speed USB device number 4 using dummy_hcd
[  174.655616][ T5899] usb 2-1: Using ep0 maxpacket: 16
[  174.666289][ T5899] usb 2-1: too many configurations: 60, using maximum allowed: 8
[  174.687967][ T5899] usb 2-1: config 0 has no interfaces?
[  174.712120][ T5899] usb 2-1: config 0 has no interfaces?
[  174.747297][ T5899] usb 2-1: config 0 has no interfaces?
[  175.023094][ T5899] usb 2-1: config 0 has no interfaces?
[  175.272980][ T5899] usb 2-1: config 0 has no interfaces?
[  175.284279][ T5899] usb 2-1: config 0 has no interfaces?
[  175.298000][ T5899] usb 2-1: config 0 has no interfaces?
[  175.305869][ T5899] usb 2-1: config 0 has no interfaces?
[  175.316319][ T5899] usb 2-1: New USB device found, idVendor=0471, idProduct=032c, bcdDevice=ba.e9
[  175.331030][ T5899] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=204
[  175.339461][ T5899] usb 2-1: Product: syz
[  175.530246][ T5899] usb 2-1: Manufacturer: syz
[  175.534975][ T5899] usb 2-1: SerialNumber: syz
[  175.586667][ T5899] usb 2-1: config 0 descriptor??
[  176.222250][ T5899] usb 2-1: USB disconnect, device number 4
[  176.834021][ T6876] netlink: 12 bytes leftover after parsing attributes in process `syz.0.262'.
[  176.844646][ T6876] nbd: must specify a size in bytes for the device
[  177.686213][ T6881] netlink: 40 bytes leftover after parsing attributes in process `syz.2.263'.
[  179.940031][ T6899] netlink: 260 bytes leftover after parsing attributes in process `syz.2.268'.
[  180.560263][ T6906] netlink: 1964 bytes leftover after parsing attributes in process `syz.1.270'.
[  180.631117][ T6906] netlink: 60 bytes leftover after parsing attributes in process `syz.1.270'.
[  186.075519][ T6978] netlink: 12 bytes leftover after parsing attributes in process `syz.2.287'.
[  186.085042][ T6978] nbd: must specify a size in bytes for the device
[  189.829459][ T7015] netlink: 260 bytes leftover after parsing attributes in process `syz.1.295'.
[  192.219213][ T7033] =======================================================
[  192.219213][ T7033] WARNING: The mand mount option has been deprecated and
[  192.219213][ T7033]          and is ignored by this kernel. Remove the mand
[  192.219213][ T7033]          option from the mount to silence this warning.
[  192.219213][ T7033] =======================================================
[  194.020419][ T1302] ieee802154 phy0 wpan0: encryption failed: -22
[  194.881441][ T7069] netlink: 260 bytes leftover after parsing attributes in process `syz.0.309'.
[  194.891460][ T5831] Bluetooth: hci1: ACL packet for unknown connection handle 1
[  200.210351][ T7117] xt_CT: You must specify a L4 protocol and not use inversions on it
[  200.569094][ T7120] netlink: 48 bytes leftover after parsing attributes in process `syz.1.324'.
[  200.661397][ T7120] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
[  200.669020][ T7120] IPv6: NLM_F_CREATE should be set when creating new route
[  201.245378][ T7120] netlink: 'syz.1.324': attribute type 9 has an invalid length.
[  201.455350][ T5829] usb 5-1: new high-speed USB device number 6 using dummy_hcd
[  201.495136][   T10] usb 2-1: new high-speed USB device number 5 using dummy_hcd
[  201.737683][ T5829] usb 5-1: Using ep0 maxpacket: 8
[  201.745567][ T5829] usb 5-1: config 12 has an invalid interface number: 59 but max is 1
[  201.753765][ T5829] usb 5-1: config 12 has an invalid descriptor of length 247, skipping remainder of the config
[  201.764507][ T5829] usb 5-1: config 12 has 1 interface, different from the descriptor's value: 2
[  201.773563][ T5829] usb 5-1: config 12 has no interface number 0
[  201.779861][ T5829] usb 5-1: config 12 interface 59 altsetting 11 has an invalid descriptor for endpoint zero, skipping
[  201.795758][ T5829] usb 5-1: config 12 interface 59 altsetting 11 has 1 endpoint descriptor, different from the interface descriptor's value: 8
[  201.810255][ T5829] usb 5-1: config 12 interface 59 has no altsetting 0
[  201.890476][   T10] usb 2-1: config 0 has an invalid interface number: 64 but max is 0
[  201.989503][   T10] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  202.013714][ T5829] usb 5-1: New USB device found, idVendor=24c6, idProduct=4879, bcdDevice= a.00
[  202.050891][   T10] usb 2-1: config 0 has no interface number 0
[  202.058490][ T5829] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  202.084944][ T5829] usb 5-1: Product: 
[  202.113471][   T10] usb 2-1: New USB device found, idVendor=046d, idProduct=0823, bcdDevice= 0.07
[  202.179858][ T5829] usb 5-1: Manufacturer: 倃
[  202.184925][   T10] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  202.194083][ T5829] usb 5-1: SerialNumber: à “
[  202.202370][   T10] usb 2-1: Product: syz
[  202.226319][   T10] usb 2-1: Manufacturer: syz
[  202.238725][   T10] usb 2-1: SerialNumber: syz
[  202.259223][   T10] usb 2-1: config 0 descriptor??
[  202.986487][ T7120] sctp: [Deprecated]: syz.1.324 (pid 7120) Use of int in maxseg socket option.
[  202.986487][ T7120] Use struct sctp_assoc_value instead
[  203.016279][ T5829] usb 5-1: USB disconnect, device number 6
[  203.031951][   T24] usb 2-1: USB disconnect, device number 5
[  205.029929][ T7179] Illegal XDP return value 4294967274 on prog  (id 104) dev syz_tun, expect packet loss!
[  205.998217][ T7185] netlink: 8 bytes leftover after parsing attributes in process `syz.3.343'.
[  206.329418][ T5826] Bluetooth: hci1: command 0x0406 tx timeout
[  206.329448][ T5142] Bluetooth: hci0: command 0x0406 tx timeout
[  206.336381][ T5826] Bluetooth: hci2: command 0x0406 tx timeout
[  206.341606][ T5142] Bluetooth: hci3: command 0x0406 tx timeout
[  207.108831][ T5899] usb 5-1: new high-speed USB device number 7 using dummy_hcd
[  207.761211][ T5899] usb 5-1: New USB device found, idVendor=0856, idProduct=ac31, bcdDevice=93.1e
[  207.775230][ T5899] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  207.785407][ T5899] usb 5-1: Product: syz
[  207.789600][ T5899] usb 5-1: Manufacturer: syz
[  207.795264][ T5899] usb 5-1: SerialNumber: syz
[  208.900578][ T5899] usb 5-1: config 0 descriptor??
[  209.180109][ T7231] IPv6: addrconf: prefix option has invalid lifetime
[  209.637694][ T5899] mos7840 5-1:0.0: required endpoints missing
[  209.646388][ T5899] usb 5-1: USB disconnect, device number 7
[  210.714160][ T7246] FAULT_INJECTION: forcing a failure.
[  210.714160][ T7246] name failslab, interval 1, probability 0, space 0, times 0
[  210.730723][ T7246] CPU: 0 UID: 0 PID: 7246 Comm: syz.0.360 Not tainted 6.16.0-rc4-syzkaller #0 PREEMPT(full) 
[  210.730745][ T7246] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  210.730756][ T7246] Call Trace:
[  210.730762][ T7246]  <TASK>
[  210.730767][ T7246]  dump_stack_lvl+0x189/0x250
[  210.730799][ T7246]  ? __pfx____ratelimit+0x10/0x10
[  210.730817][ T7246]  ? __pfx_dump_stack_lvl+0x10/0x10
[  210.730836][ T7246]  ? __pfx__printk+0x10/0x10
[  210.730853][ T7246]  ? __pfx___might_resched+0x10/0x10
[  210.730871][ T7246]  ? fs_reclaim_acquire+0x7d/0x100
[  210.730893][ T7246]  should_fail_ex+0x414/0x560
[  210.730912][ T7246]  should_failslab+0xa8/0x100
[  210.730930][ T7246]  __kmalloc_noprof+0xcb/0x4f0
[  210.730944][ T7246]  ? kfree+0x4d/0x440
[  210.730956][ T7246]  ? tomoyo_realpath_from_path+0xe3/0x5d0
[  210.730979][ T7246]  tomoyo_realpath_from_path+0xe3/0x5d0
[  210.730998][ T7246]  ? tomoyo_domain+0xda/0x130
[  210.731026][ T7246]  ? tomoyo_path_number_perm+0x1bc/0x5a0
[  210.731041][ T7246]  tomoyo_path_number_perm+0x1e8/0x5a0
[  210.731059][ T7246]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  210.731086][ T7246]  ? __lock_acquire+0xab9/0xd20
[  210.731117][ T7246]  ? __fget_files+0x2a/0x420
[  210.731137][ T7246]  ? __fget_files+0x2a/0x420
[  210.731153][ T7246]  ? __fget_files+0x3a0/0x420
[  210.731169][ T7246]  ? __fget_files+0x2a/0x420
[  210.731188][ T7246]  security_file_ioctl+0xcb/0x2d0
[  210.731206][ T7246]  __se_sys_ioctl+0x47/0x170
[  210.731222][ T7246]  do_syscall_64+0xfa/0x3b0
[  210.731242][ T7246]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  210.731254][ T7246]  ? asm_sysvec_call_function_single+0x1a/0x20
[  210.731267][ T7246]  ? clear_bhb_loop+0x60/0xb0
[  210.731283][ T7246]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  210.731296][ T7246] RIP: 0033:0x7fa952b8e929
[  210.731310][ T7246] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  210.731321][ T7246] RSP: 002b:00007fa9509d5038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  210.731338][ T7246] RAX: ffffffffffffffda RBX: 00007fa952db6080 RCX: 00007fa952b8e929
[  210.731348][ T7246] RDX: 00002000000001c0 RSI: 0000000040045431 RDI: 0000000000000006
[  210.731356][ T7246] RBP: 00007fa9509d5090 R08: 0000000000000000 R09: 0000000000000000
[  210.731364][ T7246] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  210.731371][ T7246] R13: 0000000000000000 R14: 00007fa952db6080 R15: 00007ffe82dec228
[  210.731391][ T7246]  </TASK>
[  210.731417][ T7246] ERROR: Out of memory at tomoyo_realpath_from_path.
[  211.283967][ T7248] netlink: 32 bytes leftover after parsing attributes in process `syz.4.361'.
[  213.665115][ T5892] usb 1-1: new high-speed USB device number 9 using dummy_hcd
[  213.842870][ T5892] usb 1-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  213.868540][ T5892] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7
[  213.902587][ T5892] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0
[  213.931061][ T5892] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  213.974186][ T5892] usb 1-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  214.003698][ T5892] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  214.039455][ T5892] usb 1-1: config 0 descriptor??
[  215.127065][ T7278] netlink: 12 bytes leftover after parsing attributes in process `syz.3.369'.
[  215.137372][ T7278] nbd: must specify a size in bytes for the device
[  215.724242][ T7282] netlink: 12 bytes leftover after parsing attributes in process `syz.4.370'.
[  215.733972][ T7282] nbd: must specify a size in bytes for the device
[  216.132550][ T7255] syz.1.364 (7255) used greatest stack depth: 18592 bytes left
[  216.269771][ T7266] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  216.309700][ T7266] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  216.415235][ T5892] usbhid 1-1:0.0: can't add hid device: -71
[  216.421349][ T5892] usbhid 1-1:0.0: probe with driver usbhid failed with error -71
[  216.431905][ T5892] usb 1-1: USB disconnect, device number 9
[  219.513428][ T7299] workqueue: Failed to create a rescuer kthread for wq "nfc2_nci_rx_wq": -EINTR
[  220.418778][ T7313] netlink: 28 bytes leftover after parsing attributes in process `syz.1.378'.
[  220.458277][ T7313] netlink: 'syz.1.378': attribute type 8 has an invalid length.
[  220.530186][ T7313] A link change request failed with some changes committed already. Interface vlan0 may have been left with an inconsistent configuration, please check.
[  220.614433][ T7320] bridge_slave_0: left allmulticast mode
[  220.631375][ T7320] bridge_slave_0: left promiscuous mode
[  220.637818][ T7320] bridge0: port 1(bridge_slave_0) entered disabled state
[  220.653650][ T7320] bridge_slave_1: left allmulticast mode
[  220.663604][ T7320] bridge_slave_1: left promiscuous mode
[  220.669674][ T7320] bridge0: port 2(bridge_slave_1) entered disabled state
[  220.684206][ T7320] bond0: (slave bond_slave_0): Releasing backup interface
[  220.854810][ T7320] bond0: (slave bond_slave_1): Releasing backup interface
[  221.346675][ T7320] team0: Port device team_slave_0 removed
[  221.366905][ T7320] team0: Port device team_slave_1 removed
[  221.397661][ T7320] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  221.413335][ T7327] syz.2.383: attempt to access beyond end of device
[  221.413335][ T7327] loop2: rw=2048, sector=2, nr_sectors = 1 limit=0
[  221.426832][ T7327] hfsplus: unable to find HFS+ superblock
[  221.471895][ T7320] batman_adv: batadv0: Removing interface: batadv_slave_0
[  222.109397][ T7320] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  222.136806][ T7320] batman_adv: batadv0: Removing interface: batadv_slave_1
[  222.173616][ T7322] netlink: 20 bytes leftover after parsing attributes in process `syz.0.382'.
[  222.848307][ T7333] netlink: 12 bytes leftover after parsing attributes in process `syz.2.384'.
[  222.857451][ T7333] nbd: must specify a size in bytes for the device
[  223.953189][ T7340] kvm: vcpu 0: requested 8 ns lapic timer period limited to 200000 ns
[  224.000742][ T7340] netlink: 4 bytes leftover after parsing attributes in process `syz.4.388'.
[  225.031249][ T5832] Bluetooth: hci0: unknown advertising packet type: 0x82
[  225.031305][ T5832] Bluetooth: hci0: Dropping invalid advertising data
[  225.051763][ T5832] Bluetooth: hci0: unknown advertising packet type: 0xf2
[  225.051790][ T5832] Bluetooth: hci0: Malformed LE Event: 0x02
[  225.166273][ T7367] program syz.0.393 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  225.254530][ T7364] syz.2.395: attempt to access beyond end of device
[  225.254530][ T7364] loop2: rw=2048, sector=2, nr_sectors = 1 limit=0
[  225.268625][ T7364] hfsplus: unable to find HFS+ superblock
[  225.372349][ T7370] netlink: 196 bytes leftover after parsing attributes in process `syz.1.394'.
[  225.372385][ T7369] netlink: 'syz.1.394': attribute type 11 has an invalid length.
[  225.519164][ T7369] netlink: 140 bytes leftover after parsing attributes in process `syz.1.394'.
[  227.416350][ T7387] netlink: 12 bytes leftover after parsing attributes in process `syz.3.400'.
[  227.425410][ T7387] nbd: must specify a size in bytes for the device
[  228.291343][ T7396] IPv6: Can't replace route, no match found
[  228.693819][ T7399] fuse: Bad value for 'fd'
[  229.744738][ T7405] netlink: 56 bytes leftover after parsing attributes in process `syz.1.406'.
[  230.405907][ T7413] netlink: 'syz.2.408': attribute type 27 has an invalid length.
[  231.605996][ T7423] xt_CHECKSUM: CHECKSUM should be avoided.  If really needed, restrict with "-p udp" and only use in OUTPUT
[  232.815017][ T7437] netlink: 12 bytes leftover after parsing attributes in process `syz.2.412'.
[  232.824496][ T7437] nbd: must specify a size in bytes for the device
[  239.538631][ T7501] netlink: 8 bytes leftover after parsing attributes in process `syz.3.432'.
[  239.551164][ T7501] openvswitch: netlink: nsh attribute has 65520 unknown bytes.
[  239.605367][ T7501] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  239.626958][ T5827] kernel write not supported for file /sg0 (pid: 5827 comm: kworker/1:3)
[  239.767368][ T5827] libceph: connect (1)[c::]:6789 error -101
[  239.773854][ T5827] libceph: mon0 (1)[c::]:6789 connect error
[  239.835125][ T5994] usb 1-1: new high-speed USB device number 10 using dummy_hcd
[  239.862761][ T7507] ceph: No mds server is up or the cluster is laggy
[  239.887887][ T7513] Bluetooth: hci0: invalid length 0, exp 2 for type 1
[  239.990347][ T5994] usb 1-1: unable to get BOS descriptor or descriptor too short
[  240.025165][ T5994] usb 1-1: config 1 interface 0 altsetting 13 bulk endpoint 0x1 has invalid maxpacket 8
[  240.049340][ T5994] usb 1-1: config 1 interface 0 has no altsetting 0
[  240.081246][ T5994] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40
[  240.096927][ T5892] usb 2-1: new high-speed USB device number 6 using dummy_hcd
[  240.113233][ T5994] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  240.141735][ T5994] usb 1-1: Product: syz
[  240.819929][ T5892] usb 2-1: Using ep0 maxpacket: 16
[  240.835310][ T5994] usb 1-1: Manufacturer: syz
[  240.840893][ T5994] usb 1-1: SerialNumber: syz
[  240.847520][ T5892] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  240.897730][ T5892] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  240.913691][ T7503] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22
[  241.101206][ T5892] usb 2-1: New USB device found, idVendor=0dac, idProduct=024b, bcdDevice= 0.04
[  241.118600][ T5892] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  241.160110][ T5892] usb 2-1: config 0 descriptor??
[  241.992303][ T5994] usb 1-1: USB disconnect, device number 10
[  242.360790][ T5892] hid (null): invalid report_size 24312
[  242.376347][ T5892] hid (null): report_id 1312380026 is invalid
[  242.404860][ T5892] hid (null): unknown global tag 0xe
[  242.557666][ T5892] hid-generic 0003:0DAC:024B.0001: unknown main item tag 0x6
[  242.705621][ T5892] hid-generic 0003:0DAC:024B.0001: invalid report_size 24312
[  242.720461][ T5892] hid-generic 0003:0DAC:024B.0001: item 0 2 1 7 parsing failed
[  242.740071][ T5892] hid-generic 0003:0DAC:024B.0001: probe with driver hid-generic failed with error -22
[  242.763289][ T5892] usb 2-1: USB disconnect, device number 6
[  248.117573][ T7574] lo speed is unknown, defaulting to 1000
[  248.146413][ T7574] lo speed is unknown, defaulting to 1000
[  248.171819][ T7574] lo speed is unknown, defaulting to 1000
[  248.728907][ T7574] infiniband syz2: set active
[  248.733814][ T7574] infiniband syz2: added lo
[  248.740467][ T7574] syz2: rxe_create_cq: returned err = -12
[  248.746448][ T7574] infiniband syz2: Couldn't create ib_mad CQ
[  248.752540][ T7574] infiniband syz2: Couldn't open port 1
[  248.768000][   T24] lo speed is unknown, defaulting to 1000
[  248.859673][ T7574] RDS/IB: syz2: added
[  248.864164][ T7574] smc: adding ib device syz2 with port count 1
[  248.870683][ T7574] smc:    ib device syz2 port 1 has pnetid 
[  248.879224][ T7574] lo speed is unknown, defaulting to 1000
[  248.933840][   T24] lo speed is unknown, defaulting to 1000
[  249.369667][ T7574] lo speed is unknown, defaulting to 1000
[  249.499356][ T7574] lo speed is unknown, defaulting to 1000
[  249.629079][ T7574] lo speed is unknown, defaulting to 1000
[  249.771082][ T7574] lo speed is unknown, defaulting to 1000
[  250.178064][ T7584] netlink: 264 bytes leftover after parsing attributes in process `syz.4.455'.
[  250.501370][ T7583] netlink: 72 bytes leftover after parsing attributes in process `syz.2.454'.
[  250.647456][ T7568] netlink: 40 bytes leftover after parsing attributes in process `syz.3.452'.
[  250.666089][ T7568] hfsplus: unable to find HFS+ superblock
[  250.710020][ T7578] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(14)
[  250.716684][ T7578] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed)
[  250.735265][ T7578] vhci_hcd vhci_hcd.0: Device attached
[  250.834148][ T7578] vhci_hcd vhci_hcd.0: pdev(0) rhport(1) sockfd(16)
[  250.840806][ T7578] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed)
[  250.962569][ T7578] vhci_hcd vhci_hcd.0: Device attached
[  251.031600][   T10] usb 33-1: new low-speed USB device number 2 using vhci_hcd
[  251.035388][ T7591] vhci_hcd: Failed attach request for unsupported USB speed: UNKNOWN
[  251.232404][ T7600] vhci_hcd vhci_hcd.0: pdev(0) rhport(3) sockfd(24)
[  251.239060][ T7600] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed)
[  251.758869][ T7600] vhci_hcd vhci_hcd.0: Device attached
[  251.955761][ T7578] vhci_hcd: Failed attach request for unsupported USB speed: UNKNOWN
[  252.142822][ T7604] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(18)
[  252.149469][ T7604] vhci_hcd vhci_hcd.0: devid(0) speed(5) speed_str(super-speed)
[  252.745406][ T7578] vhci_hcd vhci_hcd.0: pdev(0) rhport(5) sockfd(29)
[  252.752072][ T7578] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed)
[  252.871489][ T7619] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
[  252.878890][ T7619] IPv6: NLM_F_CREATE should be set when creating new route
[  252.886328][ T7619] IPv6: NLM_F_CREATE should be set when creating new route
[  252.893566][ T7619] IPv6: NLM_F_CREATE should be set when creating new route
[  253.725372][ T7604] vhci_hcd vhci_hcd.0: Device attached
[  253.762958][ T7591] vhci_hcd: Failed attach request for unsupported USB speed: UNKNOWN
[  253.806608][ T7578] vhci_hcd vhci_hcd.0: Device attached
[  254.853149][ T7601] vhci_hcd: connection closed
[  254.853952][ T7605] vhci_hcd: connection closed
[  254.854712][ T7590] vhci_hcd: connection closed
[  254.868144][   T59] vhci_hcd: stop threads
[  254.877184][ T7588] vhci_hcd: connection reset by peer
[  254.885354][ T7616] vhci_hcd: connection closed
[  254.892805][   T59] vhci_hcd: release socket
[  254.903756][   T59] vhci_hcd: disconnect device
[  254.929022][   T59] vhci_hcd: stop threads
[  254.953660][   T59] vhci_hcd: release socket
[  254.976789][   T59] vhci_hcd: disconnect device
[  255.449126][ T1302] ieee802154 phy0 wpan0: encryption failed: -22
[  255.614393][   T59] vhci_hcd: stop threads
[  255.619095][   T59] vhci_hcd: release socket
[  255.624006][   T59] vhci_hcd: disconnect device
[  255.630110][   T59] vhci_hcd: stop threads
[  255.645072][   T59] vhci_hcd: release socket
[  255.658904][   T59] vhci_hcd: disconnect device
[  255.671097][   T59] vhci_hcd: stop threads
[  255.678291][   T59] vhci_hcd: release socket
[  255.683997][   T59] vhci_hcd: disconnect device
[  255.799367][ T7636] overlayfs: failed to resolve './file1': -2
[  256.418976][   T10] vhci_hcd: vhci_device speed not set
[  258.338068][ T7662] netlink: 12 bytes leftover after parsing attributes in process `syz.0.474'.
[  258.351469][ T7662] nbd: must specify a size in bytes for the device
[  258.788307][ T5892] usb usb34-port1: attempt power cycle
[  259.379429][ T7678] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
[  259.756298][ T5892] usb usb34-port1: unable to enumerate USB device
[  263.200969][ T7707] netlink: 12 bytes leftover after parsing attributes in process `syz.4.488'.
[  263.210789][ T7707] nbd: must specify a size in bytes for the device
[  267.216598][ T7746] overlay: Unknown parameter '\
'
[  268.337866][ T7763] tmpfs: Bad value for 'mpol'
[  269.878420][ T7764] netlink: 12 bytes leftover after parsing attributes in process `syz.2.504'.
[  269.888765][ T7764] nbd: must specify a size in bytes for the device
[  274.345627][ T5938] usb 5-1: new high-speed USB device number 8 using dummy_hcd
[  274.513633][ T7809] netlink: 12 bytes leftover after parsing attributes in process `syz.3.517'.
[  274.527033][ T7809] nbd: must specify a size in bytes for the device
[  274.675175][ T5938] usb 5-1: Using ep0 maxpacket: 32
[  274.707814][ T5938] usb 5-1: config 2 has an invalid interface number: 190 but max is 0
[  274.728328][ T5938] usb 5-1: config 2 has no interface number 0
[  274.897337][ T5938] usb 5-1: config 2 interface 190 has no altsetting 0
[  274.928972][ T5938] usb 5-1: language id specifier not provided by device, defaulting to English
[  274.967220][ T5938] usb 5-1: New USB device found, idVendor=3275, idProduct=0085, bcdDevice=f7.69
[  274.983020][ T5938] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  274.995592][ T5938] usb 5-1: Product: syz
[  275.805914][ T5938] usb 5-1: Manufacturer: 񷟗è
[  275.895121][ T5938] usb 5-1: SerialNumber: syz
[  275.966694][ T7818] cgroup: Invalid name
[  277.182162][ T5938] usb 5-1: USB disconnect, device number 8
[  277.198392][ T7829] xt_CT: No such helper "snmp"
[  277.320764][ T5899] libceph: connect (1)[c::]:6789 error -101
[  277.328669][ T5899] libceph: mon0 (1)[c::]:6789 connect error
[  277.376691][ T7839] ceph: No mds server is up or the cluster is laggy
[  278.291120][ T7854] netlink: 12 bytes leftover after parsing attributes in process `syz.4.529'.
[  278.300438][ T7854] nbd: must specify a size in bytes for the device
[  279.835136][ T5899] usb 4-1: new high-speed USB device number 5 using dummy_hcd
[  280.116170][ T5899] usb 4-1: config 0 interface 0 altsetting 8 endpoint 0x81 has invalid wMaxPacketSize 0
[  280.392252][ T5899] usb 4-1: config 0 interface 0 has no altsetting 0
[  280.468238][ T5899] usb 4-1: New USB device found, idVendor=1b1c, idProduct=1c04, bcdDevice= 0.00
[  280.886409][ T5899] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  280.926724][ T5899] usb 4-1: config 0 descriptor??
[  281.335244][   T24] usb 2-1: new high-speed USB device number 7 using dummy_hcd
[  282.048353][ T5899] corsair-psu 0003:1B1C:1C04.0002: hidraw0: USB HID v0.01 Device [HID 1b1c:1c04] on usb-dummy_hcd.3-1/input0
[  282.065096][   T24] usb 2-1: Using ep0 maxpacket: 32
[  282.080646][   T24] usb 2-1: config 2 has an invalid interface number: 190 but max is 0
[  282.093570][   T24] usb 2-1: config 2 has no interface number 0
[  282.106898][   T24] usb 2-1: config 2 interface 190 has no altsetting 0
[  282.189703][ T5899] corsair-psu 0003:1B1C:1C04.0002: unable to initialize device (-71)
[  282.205677][   T24] usb 2-1: language id specifier not provided by device, defaulting to English
[  282.235994][   T24] usb 2-1: New USB device found, idVendor=3275, idProduct=0085, bcdDevice=f7.69
[  282.263219][ T5899] corsair-psu 0003:1B1C:1C04.0002: probe with driver corsair-psu failed with error -71
[  282.342584][   T24] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  282.355121][   T24] usb 2-1: Product: syz
[  282.373067][   T24] usb 2-1: Manufacturer: 񷟗è
[  282.378537][   T24] usb 2-1: SerialNumber: syz
[  282.384885][ T5899] usb 4-1: USB disconnect, device number 5
[  283.659070][ T7896] netlink: 12 bytes leftover after parsing attributes in process `syz.3.542'.
[  283.668175][ T7896] nbd: must specify a size in bytes for the device
[  284.114201][ T7901] netlink: 'syz.4.543': attribute type 3 has an invalid length.
[  284.127661][ T7901] netlink: 666 bytes leftover after parsing attributes in process `syz.4.543'.
[  285.079858][ T5938] usb 5-1: new high-speed USB device number 9 using dummy_hcd
[  285.087488][  T977] usb 3-1: new full-speed USB device number 3 using dummy_hcd
[  285.156168][   T24] usb 2-1: USB disconnect, device number 7
[  285.204988][ T7911] pimreg: entered allmulticast mode
[  285.434078][  T977] usb 3-1: unable to get BOS descriptor or descriptor too short
[  285.561960][ T7919] netlink: 92 bytes leftover after parsing attributes in process `syz.1.546'.
[  286.019143][  T977] usb 3-1: not running at top speed; connect to a high speed hub
[  286.048101][ T5938] usb 5-1: Using ep0 maxpacket: 8
[  286.083687][  T977] usb 3-1: config 1 has an invalid interface number: 38 but max is 0
[  286.095823][  T977] usb 3-1: config 1 has no interface number 0
[  286.102504][  T977] usb 3-1: config 1 interface 38 altsetting 3 endpoint 0x5 has invalid wMaxPacketSize 0
[  286.246456][  T977] usb 3-1: config 1 interface 38 has no altsetting 0
[  286.254474][ T5938] usb 5-1: New USB device found, idVendor=2770, idProduct=930c, bcdDevice=8d.6a
[  286.271022][ T5938] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  286.301915][  T977] usb 3-1: New USB device found, idVendor=133e, idProduct=0815, bcdDevice=fd.63
[  286.370114][ T5938] usb 5-1: Product: syz
[  286.378318][  T977] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  286.428126][ T5938] usb 5-1: Manufacturer: syz
[  286.450251][  T977] usb 3-1: Product: syz
[  286.459317][ T5938] usb 5-1: SerialNumber: syz
[  286.484470][  T977] usb 3-1: Manufacturer: syz
[  286.526008][ T5938] usb 5-1: config 0 descriptor??
[  286.542138][  T977] usb 3-1: SerialNumber: syz
[  286.561579][ T5938] gspca_main: sq930x-2.14.0 probing 2770:930c
[  286.785137][   T10] usb 1-1: new high-speed USB device number 11 using dummy_hcd
[  286.960791][   T10] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  287.078247][  T977] snd-usb-audio 3-1:1.38: probe with driver snd-usb-audio failed with error -22
[  287.078426][   T10] usb 1-1: config 0 interface 0 altsetting 4 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  287.176460][  T977] usb 3-1: USB disconnect, device number 3
[  287.233377][   T10] usb 1-1: config 0 interface 0 altsetting 4 endpoint 0x81 has invalid wMaxPacketSize 0
[  287.247011][   T10] usb 1-1: config 0 interface 0 has no altsetting 0
[  287.358117][ T7931] syzkaller1: entered promiscuous mode
[  287.375225][ T5938] gspca_sq930x: ucbus_write failed -71
[  287.380792][ T5938] sq930x 5-1:0.0: probe with driver sq930x failed with error -71
[  287.401078][   T10] usb 1-1: New USB device found, idVendor=0458, idProduct=5015, bcdDevice= 0.00
[  287.402090][ T7931] syzkaller1: entered allmulticast mode
[  287.423276][   T10] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  287.423897][ T5938] usb 5-1: USB disconnect, device number 9
[  287.491439][   T10] usb 1-1: config 0 descriptor??
[  288.574040][ T7922] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  288.588272][ T7922] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  288.637828][   T10] usbhid 1-1:0.0: can't add hid device: -71
[  288.656136][   T10] usbhid 1-1:0.0: probe with driver usbhid failed with error -71
[  288.758090][   T10] usb 1-1: USB disconnect, device number 11
[  288.858977][ T7950] netlink: 'syz.3.557': attribute type 5 has an invalid length.
[  288.875675][ T7950] netlink: 199836 bytes leftover after parsing attributes in process `syz.3.557'.
[  289.653534][ T5938] usb 3-1: new high-speed USB device number 4 using dummy_hcd
[  289.925345][ T5938] usb 3-1: Using ep0 maxpacket: 32
[  289.983099][ T5938] usb 3-1: config 2 has an invalid interface number: 190 but max is 0
[  290.010384][ T5938] usb 3-1: config 2 has no interface number 0
[  290.165154][ T5938] usb 3-1: config 2 interface 190 has no altsetting 0
[  290.187870][ T5938] usb 3-1: language id specifier not provided by device, defaulting to English
[  290.204788][ T5938] usb 3-1: New USB device found, idVendor=3275, idProduct=0085, bcdDevice=f7.69
[  290.214161][ T5938] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  290.222441][ T5938] usb 3-1: Product: syz
[  290.227390][ T5938] usb 3-1: Manufacturer: 񷟗è
[  290.232274][ T5938] usb 3-1: SerialNumber: syz
[  290.238632][ T7963] fuse: Bad value for 'fd'
[  292.250583][ T5938] usb 3-1: USB disconnect, device number 4
[  293.365089][ T5832] Bluetooth: hci4: command 0x0406 tx timeout
[  297.594619][ T8028] syz.0.576: attempt to access beyond end of device
[  297.594619][ T8028] loop0: rw=2048, sector=2, nr_sectors = 1 limit=0
[  297.608474][ T8028] hfsplus: unable to find HFS+ superblock
[  298.849882][ T8043] FAULT_INJECTION: forcing a failure.
[  298.849882][ T8043] name failslab, interval 1, probability 0, space 0, times 0
[  298.862723][ T8043] CPU: 1 UID: 0 PID: 8043 Comm: syz.4.582 Not tainted 6.16.0-rc4-syzkaller #0 PREEMPT(full) 
[  298.862738][ T8043] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  298.862752][ T8043] Call Trace:
[  298.862758][ T8043]  <TASK>
[  298.862763][ T8043]  dump_stack_lvl+0x189/0x250
[  298.862787][ T8043]  ? __pfx____ratelimit+0x10/0x10
[  298.862805][ T8043]  ? __pfx_dump_stack_lvl+0x10/0x10
[  298.862823][ T8043]  ? __pfx__printk+0x10/0x10
[  298.862839][ T8043]  ? __pfx___might_resched+0x10/0x10
[  298.862857][ T8043]  ? fs_reclaim_acquire+0x7d/0x100
[  298.862877][ T8043]  should_fail_ex+0x414/0x560
[  298.862895][ T8043]  should_failslab+0xa8/0x100
[  298.862912][ T8043]  __kmalloc_noprof+0xcb/0x4f0
[  298.862926][ T8043]  ? security_prepare_creds+0x52/0x390
[  298.862946][ T8043]  security_prepare_creds+0x52/0x390
[  298.862968][ T8043]  prepare_creds+0x497/0x6c0
[  298.862984][ T8043]  smk_write_relabel_self+0x22b/0x4e0
[  298.863006][ T8043]  ? __pfx_smk_write_relabel_self+0x10/0x10
[  298.863030][ T8043]  vfs_writev+0x4b6/0x960
[  298.863050][ T8043]  ? __pfx_smk_write_relabel_self+0x10/0x10
[  298.863070][ T8043]  ? __pfx_vfs_writev+0x10/0x10
[  298.863097][ T8043]  ? __fget_files+0x2a/0x420
[  298.863117][ T8043]  ? __fget_files+0x3a0/0x420
[  298.863133][ T8043]  ? __fget_files+0x2a/0x420
[  298.863155][ T8043]  do_writev+0x14d/0x2d0
[  298.863174][ T8043]  ? __pfx_do_writev+0x10/0x10
[  298.863195][ T8043]  ? do_syscall_64+0xbe/0x3b0
[  298.863216][ T8043]  do_syscall_64+0xfa/0x3b0
[  298.863233][ T8043]  ? lockdep_hardirqs_on+0x9c/0x150
[  298.863250][ T8043]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  298.863263][ T8043]  ? clear_bhb_loop+0x60/0xb0
[  298.863278][ T8043]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  298.863290][ T8043] RIP: 0033:0x7f23b798e929
[  298.863301][ T8043] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  298.863312][ T8043] RSP: 002b:00007f23b88d8038 EFLAGS: 00000246 ORIG_RAX: 0000000000000014
[  298.863325][ T8043] RAX: ffffffffffffffda RBX: 00007f23b7bb5fa0 RCX: 00007f23b798e929
[  298.863334][ T8043] RDX: 0000000000000002 RSI: 0000200000000780 RDI: 0000000000000005
[  298.863342][ T8043] RBP: 00007f23b88d8090 R08: 0000000000000000 R09: 0000000000000000
[  298.863349][ T8043] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  298.863356][ T8043] R13: 0000000000000000 R14: 00007f23b7bb5fa0 R15: 00007ffd8a903bf8
[  298.863375][ T8043]  </TASK>
[  301.312727][ T8056] 9pnet_fd: Insufficient options for proto=fd
[  301.856232][ T8066] overlayfs: overlapping lowerdir path
[  301.898144][ T8066] netlink: 44 bytes leftover after parsing attributes in process `syz.3.589'.
[  301.999988][ T8066] hfs: unable to load iocharset "io#harset"
[  302.558688][ T8073] overlay: Unknown parameter 'fsname'
[  302.643320][ T8077] syz.0.591: attempt to access beyond end of device
[  302.643320][ T8077] loop0: rw=2048, sector=2, nr_sectors = 1 limit=0
[  302.656817][ T8077] hfsplus: unable to find HFS+ superblock
[  303.179347][ T8079] netlink: 32 bytes leftover after parsing attributes in process `syz.4.592'.
[  304.212713][ T8094] openvswitch: netlink: Either Ethernet header or EtherType is required.
[  305.224341][ T8104] 9pnet_fd: Insufficient options for proto=fd
[  307.849197][ T5892] usb 2-1: new high-speed USB device number 8 using dummy_hcd
[  308.346054][ T5892] usb 2-1: Using ep0 maxpacket: 8
[  308.400887][ T5892] usb 2-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2e.04
[  308.410298][ T5892] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  308.424008][ T5892] usb 2-1: Product: syz
[  308.434120][ T5892] usb 2-1: Manufacturer: syz
[  308.465113][ T5892] usb 2-1: SerialNumber: syz
[  308.565443][ T5892] usb 2-1: config 0 descriptor??
[  308.801663][ T5892] usb 2-1: dvb_usb_v2: found a 'TerraTec NOXON DAB Stick' in warm state
[  308.835196][ T7907] usb 5-1: new high-speed USB device number 10 using dummy_hcd
[  309.038494][ T7907] usb 5-1: Using ep0 maxpacket: 8
[  309.044434][ T7907] usb 5-1: too many configurations: 65, using maximum allowed: 8
[  309.089139][ T7907] usb 5-1: New USB device found, idVendor=1044, idProduct=800d, bcdDevice=57.5c
[  309.105052][ T7907] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  309.123469][ T7907] usb 5-1: Product: syz
[  309.132957][ T7907] usb 5-1: Manufacturer: syz
[  309.148020][ T7907] usb 5-1: SerialNumber: syz
[  309.164266][ T7907] usb 5-1: config 0 descriptor??
[  309.204801][ T5892] dvb_usb_rtl28xxu 2-1:0.0: probe with driver dvb_usb_rtl28xxu failed with error -71
[  309.261824][ T5892] usb 2-1: USB disconnect, device number 8
[  309.371484][ T8146] 9pnet_fd: Insufficient options for proto=fd
[  309.395672][ T8132] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  309.404621][ T8132] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  309.418452][ T7907] usb 5-1: bad CDC descriptors
[  309.428030][ T7907] usb 5-1: USB disconnect, device number 10
[  309.825184][  T977] usb 1-1: new full-speed USB device number 12 using dummy_hcd
[  310.076204][  T977] usb 1-1: config 8 has an invalid interface number: 223 but max is 0
[  310.293496][  T977] usb 1-1: config 8 contains an unexpected descriptor of type 0x1, skipping
[  310.329313][  T977] usb 1-1: config 8 has an invalid descriptor of length 0, skipping remainder of the config
[  310.341979][  T977] usb 1-1: config 8 has no interface number 0
[  310.355359][  T977] usb 1-1: config 8 interface 223 altsetting 0 endpoint 0x7 has invalid maxpacket 15872, setting to 64
[  310.373942][  T977] usb 1-1: config 8 interface 223 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  310.406381][  T977] usb 1-1: New USB device found, idVendor=a6da, idProduct=7458, bcdDevice=2d.4d
[  310.504844][  T977] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  310.512988][  T977] usb 1-1: Product: syz
[  310.517253][  T977] usb 1-1: Manufacturer: syz
[  310.521888][  T977] usb 1-1: SerialNumber: syz
[  310.659534][ T7907] usb 2-1: new high-speed USB device number 9 using dummy_hcd
[  311.501119][ T8151] netlink: 8 bytes leftover after parsing attributes in process `syz.0.614'.
[  311.510095][ T8151] netlink: 32 bytes leftover after parsing attributes in process `syz.0.614'.
[  312.323035][ T7907] usb 2-1: Using ep0 maxpacket: 16
[  312.417651][ T7907] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x83 has invalid wMaxPacketSize 0
[  312.745323][ T7907] usb 2-1: New USB device found, idVendor=134c, idProduct=0002, bcdDevice=ec.7e
[  312.754552][ T7907] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  313.424013][ T7907] usb 2-1: Product: syz
[  313.468969][  T977] usb 1-1: USB disconnect, device number 12
[  313.499305][ T7907] usb 2-1: Manufacturer: syz
[  313.504059][ T7907] usb 2-1: SerialNumber: syz
[  313.776673][ T7907] usb 2-1: config 0 descriptor??
[  313.830167][ T7907] usb 2-1: can't set config #0, error -71
[  313.875669][ T7907] usb 2-1: USB disconnect, device number 9
[  314.041311][ T8189] 9pnet_fd: Insufficient options for proto=fd
[  314.236767][ T8188] hsr0: entered promiscuous mode
[  314.242479][ T8188] netlink: 4 bytes leftover after parsing attributes in process `syz.3.622'.
[  314.792118][ T8188] hsr_slave_0: left promiscuous mode
[  314.798686][ T8188] hsr_slave_1: left promiscuous mode
[  314.840987][ T8188] hsr0 (unregistering): left promiscuous mode
[  316.896216][ T1302] ieee802154 phy0 wpan0: encryption failed: -22
[  318.759289][ T8244] 9pnet_fd: Insufficient options for proto=fd
[  320.134958][ T8277] input: syz0 as /devices/virtual/input/input6
[  321.561191][ T8288] program syz.4.651 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  321.573154][ T8288] openvswitch: netlink: Multiple metadata blocks provided
[  321.780917][ T8298] 9pnet_fd: Insufficient options for proto=fd
[  321.895185][   T10] usb 5-1: new high-speed USB device number 11 using dummy_hcd
[  322.077239][ T7907] usb 4-1: new high-speed USB device number 6 using dummy_hcd
[  322.112180][   T10] usb 5-1: device descriptor read/64, error -71
[  322.234158][ T8311] evm: overlay not supported
[  323.795123][   T10] usb 5-1: new high-speed USB device number 12 using dummy_hcd
[  324.288688][ T8310] netlink: 28 bytes leftover after parsing attributes in process `syz.2.657'.
[  325.606461][ T8310] netlink: 28 bytes leftover after parsing attributes in process `syz.2.657'.
[  325.834367][   T10] usb 5-1: device descriptor read/64, error -71
[  325.891941][ T7907] usb 4-1: device descriptor read/all, error -71
[  325.956787][  T977] usb 1-1: new full-speed USB device number 13 using dummy_hcd
[  325.985125][   T10] usb usb5-port1: attempt power cycle
[  326.681586][  T977] usb 1-1: config 1 interface 0 altsetting 1 endpoint 0x81 has an invalid bInterval 0, changing to 10
[  326.706815][  T977] usb 1-1: config 1 interface 0 has no altsetting 0
[  326.957819][  T977] usb 1-1: New USB device found, idVendor=1781, idProduct=0898, bcdDevice= 0.40
[  326.970387][  T977] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  326.979002][  T977] usb 1-1: Product: syz
[  326.983506][  T977] usb 1-1: Manufacturer: syz
[  327.369458][  T977] usb 1-1: SerialNumber: syz
[  327.474663][  T977] usb 1-1: can't set config #1, error -71
[  327.576621][  T977] usb 1-1: USB disconnect, device number 13
[  327.783733][ T8346] 9pnet_fd: Insufficient options for proto=fd
[  327.985309][ T7907] usb 5-1: new high-speed USB device number 14 using dummy_hcd
[  328.535182][ T5892] usb 2-1: new high-speed USB device number 10 using dummy_hcd
[  329.621387][ T5892] usb 2-1: New USB device found, idVendor=1604, idProduct=8001, bcdDevice=44.1f
[  329.635067][ T5892] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  329.643122][ T5892] usb 2-1: Product: syz
[  329.675286][ T5892] usb 2-1: Manufacturer: syz
[  329.681446][ T5892] usb 2-1: SerialNumber: syz
[  329.756195][ T5892] usb 2-1: config 0 descriptor??
[  330.491702][ T7907] usb 2-1: USB disconnect, device number 10
[  330.964288][ T8382] veth1_to_bond: entered allmulticast mode
[  331.084542][ T8386] 9pnet_fd: Insufficient options for proto=fd
[  331.434744][ T8381] veth1_to_bond: left allmulticast mode
[  331.589648][ T8398] 9pnet_fd: Insufficient options for proto=fd
[  333.815139][ T8183] usb 1-1: new high-speed USB device number 14 using dummy_hcd
[  333.975198][ T8183] usb 1-1: Using ep0 maxpacket: 8
[  333.977780][ T8421] netlink: 12 bytes leftover after parsing attributes in process `syz.1.686'.
[  333.982358][ T8183] usb 1-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  333.989501][ T8421] nbd: must specify a size in bytes for the device
[  334.058316][ T8183] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  334.117062][ T8183] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  334.202593][ T8183] usb 1-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  334.316722][ T8183] usb 1-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  334.351523][ T8183] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  334.791315][ T8183] usb 1-1: GET_CAPABILITIES returned 0
[  335.248327][ T8432] openvswitch: netlink: Missing key (keys=40, expected=80)
[  335.604686][ T8183] usbtmc 1-1:16.0: can't read capabilities
[  336.693928][ T8183] usb 1-1: USB disconnect, device number 14
[  336.805482][ T8447] 9pnet_fd: Insufficient options for proto=fd
[  336.939854][ T8454] netlink: 'syz.2.699': attribute type 6 has an invalid length.
[  336.962563][ T8454] netlink: 199836 bytes leftover after parsing attributes in process `syz.2.699'.
[  336.985560][ T5827] usb 4-1: new full-speed USB device number 8 using dummy_hcd
[  337.308237][ T5827] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10
[  337.424095][ T5827] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  337.560222][ T5827] usb 4-1: New USB device found, idVendor=04f3, idProduct=0754, bcdDevice= 0.00
[  337.674713][ T5827] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  337.939508][ T5827] usb 4-1: config 0 descriptor??
[  338.140164][ T8459] netlink: 12 bytes leftover after parsing attributes in process `syz.0.700'.
[  338.149403][ T8459] nbd: must specify a size in bytes for the device
[  338.822186][ T8461] C: renamed from team_slave_0 (while UP)
[  338.922168][ T8461] netlink: 'syz.0.701': attribute type 1 has an invalid length.
[  338.962351][ T8461] netlink: 'syz.0.701': attribute type 3 has an invalid length.
[  339.027437][ T8461] netlink: 100 bytes leftover after parsing attributes in process `syz.0.701'.
[  339.059599][ T8461] A link change request failed with some changes committed already. Interface C may have been left with an inconsistent configuration, please check.
[  339.184038][ T8443] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[  339.239449][ T8443] Bluetooth: hci0: Opcode 0x0406 failed: -4
[  339.348785][ T8443] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[  339.360394][ T8443] Bluetooth: hci1: Opcode 0x0406 failed: -4
[  339.457138][ T8443] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[  339.466446][ T8443] Bluetooth: hci2: Opcode 0x0406 failed: -4
[  339.513072][ T8443] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[  339.560566][ T8443] Bluetooth: hci3: Opcode 0x0406 failed: -4
[  339.751003][ T8443] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[  339.868501][ T8443] Bluetooth: hci4: Opcode 0x0406 failed: -4
[  340.035180][ T5827] usbhid 4-1:0.0: can't add hid device: -71
[  340.041454][ T5827] usbhid 4-1:0.0: probe with driver usbhid failed with error -71
[  340.071937][ T5827] usb 4-1: USB disconnect, device number 8
[  340.939897][ T8499] 9pnet_fd: Insufficient options for proto=fd
[  341.216269][ T5831] Bluetooth: hci0: command 0x0406 tx timeout
[  341.367020][ T5831] Bluetooth: hci1: command 0x0406 tx timeout
[  341.562095][ T5831] Bluetooth: hci3: command 0x0406 tx timeout
[  341.575040][ T5831] Bluetooth: hci2: command 0x0406 tx timeout
[  341.734884][ T8514] netlink: 12 bytes leftover after parsing attributes in process `syz.4.711'.
[  341.743963][ T8514] nbd: must specify a size in bytes for the device
[  341.919331][ T5832] Bluetooth: hci4: command 0x0406 tx timeout
[  342.079131][   T10] usb 4-1: new high-speed USB device number 9 using dummy_hcd
[  342.488435][   T10] usb 4-1: Using ep0 maxpacket: 8
[  342.504528][   T10] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  342.706017][   T10] usb 4-1: New USB device found, idVendor=1345, idProduct=3008, bcdDevice= 0.00
[  342.715586][   T10] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  342.761804][   T10] usb 4-1: config 0 descriptor??
[  342.802391][ T8520] FAULT_INJECTION: forcing a failure.
[  342.802391][ T8520] name failslab, interval 1, probability 0, space 0, times 0
[  342.833543][ T8520] CPU: 1 UID: 0 PID: 8520 Comm: syz.4.715 Not tainted 6.16.0-rc4-syzkaller #0 PREEMPT(full) 
[  342.833565][ T8520] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  342.833576][ T8520] Call Trace:
[  342.833583][ T8520]  <TASK>
[  342.833591][ T8520]  dump_stack_lvl+0x189/0x250
[  342.833622][ T8520]  ? __pfx____ratelimit+0x10/0x10
[  342.833647][ T8520]  ? __pfx_dump_stack_lvl+0x10/0x10
[  342.833670][ T8520]  ? __pfx__printk+0x10/0x10
[  342.833691][ T8520]  ? __pfx___might_resched+0x10/0x10
[  342.833715][ T8520]  ? fs_reclaim_acquire+0x7d/0x100
[  342.833743][ T8520]  should_fail_ex+0x414/0x560
[  342.833768][ T8520]  should_failslab+0xa8/0x100
[  342.833793][ T8520]  __kmalloc_cache_noprof+0x70/0x3d0
[  342.833814][ T8520]  ? p9_fd_create+0xf4/0x3f0
[  342.833844][ T8520]  p9_fd_create+0xf4/0x3f0
[  342.833867][ T8520]  ? kfree+0x18e/0x440
[  342.833889][ T8520]  p9_client_create+0x7fa/0xfe0
[  342.833940][ T8520]  ? __pfx_p9_client_create+0x10/0x10
[  342.833980][ T8520]  ? __raw_spin_lock_init+0x45/0x100
[  342.834004][ T8520]  v9fs_session_init+0x1d7/0x19a0
[  342.834055][ T8520]  ? __pfx_v9fs_session_init+0x10/0x10
[  342.834089][ T8520]  ? v9fs_mount+0xb2/0xa10
[  342.834109][ T8520]  ? __kasan_kmalloc+0x93/0xb0
[  342.834132][ T8520]  ? v9fs_mount+0xb2/0xa10
[  342.834154][ T8520]  v9fs_mount+0xc8/0xa10
[  342.834175][ T8520]  ? __kasan_kmalloc+0x93/0xb0
[  342.834196][ T8520]  ? __pfx_v9fs_mount+0x10/0x10
[  342.834215][ T8520]  ? rcu_is_watching+0x15/0xb0
[  342.834241][ T8520]  ? cap_capable+0x11f/0x460
[  342.834264][ T8520]  legacy_get_tree+0xfd/0x1a0
[  342.834286][ T8520]  ? __pfx_v9fs_mount+0x10/0x10
[  342.834307][ T8520]  vfs_get_tree+0x8f/0x2b0
[  342.834331][ T8520]  do_new_mount+0x24a/0xa40
[  342.834361][ T8520]  __se_sys_mount+0x317/0x410
[  342.834389][ T8520]  ? __pfx___se_sys_mount+0x10/0x10
[  342.834409][ T8520]  ? rcu_is_watching+0x15/0xb0
[  342.834437][ T8520]  ? do_syscall_64+0xbe/0x3b0
[  342.834460][ T8520]  ? __x64_sys_mount+0x20/0xc0
[  342.834485][ T8520]  do_syscall_64+0xfa/0x3b0
[  342.834512][ T8520]  ? lockdep_hardirqs_on+0x9c/0x150
[  342.834536][ T8520]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  342.834553][ T8520]  ? clear_bhb_loop+0x60/0xb0
[  342.834574][ T8520]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  342.834590][ T8520] RIP: 0033:0x7f23b798e929
[  342.834606][ T8520] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  342.834620][ T8520] RSP: 002b:00007f23b88d8038 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[  342.834639][ T8520] RAX: ffffffffffffffda RBX: 00007f23b7bb5fa0 RCX: 00007f23b798e929
[  342.834651][ T8520] RDX: 0000200000000180 RSI: 00002000000001c0 RDI: 0000000000000000
[  342.834663][ T8520] RBP: 00007f23b88d8090 R08: 0000200000000040 R09: 0000000000000000
[  342.834674][ T8520] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  342.834684][ T8520] R13: 0000000000000000 R14: 00007f23b7bb5fa0 R15: 00007ffd8a903bf8
[  342.834710][ T8520]  </TASK>
[  343.125496][    C1] vkms_vblank_simulate: vblank timer overrun
[  343.285356][ T5831] Bluetooth: hci0: command 0x0406 tx timeout
[  343.314278][ T8524] binder: 8506:8524 ioctl c0306201 200000000340 returned -14
[  343.470383][ T5831] Bluetooth: hci1: command 0x0406 tx timeout
[  343.504907][   T10] sony 0003:1345:3008.0003: hiddev0,hidraw0: USB HID v80.07 Device [HID 1345:3008] on usb-dummy_hcd.3-1/input0
[  343.776016][ T5832] Bluetooth: hci3: command 0x0406 tx timeout
[  343.782338][ T5831] Bluetooth: hci2: command 0x0406 tx timeout
[  344.005162][ T5831] Bluetooth: hci4: command 0x0406 tx timeout
[  344.036349][   T10] sony 0003:1345:3008.0003: failed to claim input
[  344.198441][   T10] usb 4-1: USB disconnect, device number 9
[  344.651818][ T8536] 9pnet_fd: Insufficient options for proto=fd
[  344.675820][ T8532] fido_id[8532]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.3/usb4/report_descriptor': No such file or directory
[  345.205497][ T5829] usb 1-1: new high-speed USB device number 15 using dummy_hcd
[  345.221051][ T8543] netlink: 'syz.2.722': attribute type 1 has an invalid length.
[  345.229732][ T8543] netlink: 4 bytes leftover after parsing attributes in process `syz.2.722'.
[  345.240189][ T8543] netlink: 44 bytes leftover after parsing attributes in process `syz.2.722'.
[  345.365642][ T5829] usb 1-1: Using ep0 maxpacket: 32
[  345.863883][ T5827] usb 5-1: new high-speed USB device number 15 using dummy_hcd
[  346.161933][ T5829] usb 1-1: config 2 has an invalid interface number: 190 but max is 0
[  346.170477][ T5829] usb 1-1: config 2 has no interface number 0
[  346.176911][ T5829] usb 1-1: config 2 interface 190 has no altsetting 0
[  346.187276][ T5829] usb 1-1: language id specifier not provided by device, defaulting to English
[  346.200405][ T5829] usb 1-1: New USB device found, idVendor=3275, idProduct=0085, bcdDevice=f7.69
[  346.210126][ T5829] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  346.223028][ T8548] netlink: 4 bytes leftover after parsing attributes in process `syz.3.724'.
[  346.232132][ T5829] usb 1-1: Product: syz
[  346.242016][ T5829] usb 1-1: Manufacturer: 񷟗è
[  346.247449][ T5829] usb 1-1: SerialNumber: syz
[  346.265218][   T10] usb 3-1: new high-speed USB device number 5 using dummy_hcd
[  346.296841][ T5827] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x86 has an invalid bInterval 0, changing to 7
[  346.337540][ T5827] usb 5-1: New USB device found, idVendor=2040, idProduct=5530, bcdDevice=a8.82
[  346.359162][ T5829] usb 1-1: USB disconnect, device number 15
[  346.376711][ T5827] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  346.394821][ T8550] netlink: 12 bytes leftover after parsing attributes in process `syz.3.724'.
[  346.416147][   T10] usb 3-1: device descriptor read/64, error -71
[  346.424810][ T5827] usb 5-1: config 0 descriptor??
[  346.443662][ T5827] smsusb:smsusb_probe: board id=8, interface number 0
[  346.474869][ T5827] smsusb:smsusb_probe: Device initialized with return code -19
[  346.985460][ T8183] usb 4-1: new high-speed USB device number 10 using dummy_hcd
[  346.994506][   T10] usb 3-1: new high-speed USB device number 6 using dummy_hcd
[  347.425135][ T8183] usb 4-1: Using ep0 maxpacket: 32
[  347.433795][ T8183] usb 4-1: unable to get BOS descriptor or descriptor too short
[  347.453400][ T8183] usb 4-1: config 6 has an invalid interface number: 165 but max is 0
[  347.456764][   T10] usb 3-1: device descriptor read/64, error -71
[  347.462599][ T8183] usb 4-1: config 6 has no interface number 0
[  347.474541][ T8183] usb 4-1: config 6 interface 165 altsetting 0 has an endpoint descriptor with address 0xDB, changing to 0x8B
[  347.494437][ T8183] usb 4-1: New USB device found, idVendor=0403, idProduct=faf0, bcdDevice=24.f7
[  347.504609][ T8183] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  347.516435][ T8183] usb 4-1: Product: syz
[  347.521092][ T8183] usb 4-1: Manufacturer: syz
[  347.527833][ T8183] usb 4-1: SerialNumber: syz
[  347.557061][ T8564] dvmrp0: entered allmulticast mode
[  347.562891][ T8565] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  347.584572][ T8565] syzkaller0: entered promiscuous mode
[  347.590686][ T8565] syzkaller0: entered allmulticast mode
[  347.595470][   T10] usb usb3-port1: attempt power cycle
[  347.722549][ T8567] tipc: Resetting bearer <eth:syzkaller0>
[  347.739752][ T8567] tipc: Disabling bearer <eth:syzkaller0>
[  347.752582][ T8548] netlink: 8 bytes leftover after parsing attributes in process `syz.3.724'.
[  347.838457][ T5892] usb 2-1: new high-speed USB device number 11 using dummy_hcd
[  347.945093][   T10] usb 3-1: new high-speed USB device number 7 using dummy_hcd
[  347.965797][   T10] usb 3-1: device descriptor read/8, error -71
[  347.985091][ T5892] usb 2-1: device descriptor read/64, error -71
[  348.174172][ T5829] usb 5-1: USB disconnect, device number 15
[  348.208625][   T10] usb 3-1: new high-speed USB device number 8 using dummy_hcd
[  348.226842][ T5892] usb 2-1: new high-speed USB device number 12 using dummy_hcd
[  348.255557][   T10] usb 3-1: device descriptor read/8, error -71
[  348.378142][ T5892] usb 2-1: device descriptor read/64, error -71
[  348.384771][   T10] usb usb3-port1: unable to enumerate USB device
[  348.448693][ T8578] 9pnet_fd: Insufficient options for proto=fd
[  348.485324][ T5892] usb usb2-port1: attempt power cycle
[  348.998870][ T5892] usb 2-1: new high-speed USB device number 13 using dummy_hcd
[  349.101916][ T8587] syz.0.735: attempt to access beyond end of device
[  349.101916][ T8587] loop0: rw=2048, sector=2, nr_sectors = 1 limit=0
[  349.115363][ T8587] hfsplus: unable to find HFS+ superblock
[  349.795750][ T5892] usb 2-1: device descriptor read/8, error -71
[  350.265254][ T5892] usb 2-1: new high-speed USB device number 14 using dummy_hcd
[  350.324933][ T8183] ftdi_sio 4-1:6.165: FTDI USB Serial Device converter detected
[  350.346465][ T5892] usb 2-1: device descriptor read/8, error -71
[  350.347153][ T8183] ftdi_sio ttyUSB0: unknown device type: 0x24f7
[  350.375614][ T8183] usb 4-1: USB disconnect, device number 10
[  350.400627][ T8183] ftdi_sio 4-1:6.165: device disconnected
[  350.541740][   T10] usb 5-1: new high-speed USB device number 16 using dummy_hcd
[  350.550160][ T5892] usb usb2-port1: unable to enumerate USB device
[  351.132105][   T10] usb 5-1: Using ep0 maxpacket: 32
[  351.148478][   T10] usb 5-1: config 2 has an invalid interface number: 190 but max is 0
[  351.160295][   T10] usb 5-1: config 2 has no interface number 0
[  351.177375][   T10] usb 5-1: config 2 interface 190 has no altsetting 0
[  351.282059][   T10] usb 5-1: language id specifier not provided by device, defaulting to English
[  351.293369][ T8601] loop2: detected capacity change from 0 to 7
[  351.303640][ T8601] Dev loop2: unable to read RDB block 7
[  351.313179][   T10] usb 5-1: New USB device found, idVendor=3275, idProduct=0085, bcdDevice=f7.69
[  351.325424][ T8601]  loop2: unable to read partition table
[  351.331304][ T8601] loop2: partition table beyond EOD, truncated
[  351.334338][   T10] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  351.372259][   T10] usb 5-1: Product: syz
[  351.375157][ T8601] loop_reread_partitions: partition scan of loop2 (þ被xü—ŸÑà– ) failed (rc=-5)
[  351.385020][   T10] usb 5-1: Manufacturer: 񷟗è
[  351.400013][   T10] usb 5-1: SerialNumber: syz
[  352.279941][ T8613] MTD: Attempt to mount non-MTD device "/dev/nullb0"
[  352.289163][ T8613] VFS: Can't find a romfs filesystem on dev nullb0.
[  352.289163][ T8613] 
[  352.924118][ T8627] hugetlbfs: syz.0.747 (8627): Using mlock ulimits for SHM_HUGETLB is obsolete
[  353.645698][   T10] usb 5-1: USB disconnect, device number 16
[  353.820036][ T8635] process 'syz.0.750' launched './file0' with NULL argv: empty string added
[  354.228013][ T8637] netlink: 36 bytes leftover after parsing attributes in process `syz.3.748'.
[  354.276762][   T10] usb 1-1: new high-speed USB device number 16 using dummy_hcd
[  354.839718][   T10] usb 1-1: config 0 has no interfaces?
[  354.852336][   T10] usb 1-1: New USB device found, idVendor=056d, idProduct=0000, bcdDevice=39.00
[  355.074214][   T10] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  355.083206][   T10] usb 1-1: Product: syz
[  355.335383][   T10] usb 1-1: Manufacturer: syz
[  355.342034][   T10] usb 1-1: SerialNumber: syz
[  355.579110][   T10] usb 1-1: config 0 descriptor??
[  355.809832][   T10] usb 1-1: USB disconnect, device number 16
[  356.300393][ T5892] usb 5-1: new high-speed USB device number 17 using dummy_hcd
[  356.555220][ T5892] usb 5-1: device descriptor read/64, error -71
[  356.802573][ T5892] usb 5-1: new high-speed USB device number 18 using dummy_hcd
[  357.094612][ T5892] usb 5-1: device descriptor read/64, error -71
[  357.339242][ T5892] usb usb5-port1: attempt power cycle
[  357.515440][ T5829] usb 3-1: new high-speed USB device number 9 using dummy_hcd
[  357.805154][ T5829] usb 3-1: Using ep0 maxpacket: 32
[  357.814076][ T5829] usb 3-1: config 2 has an invalid interface number: 190 but max is 0
[  357.828271][ T5829] usb 3-1: config 2 has no interface number 0
[  357.841679][ T5829] usb 3-1: config 2 interface 190 has no altsetting 0
[  357.879397][ T5829] usb 3-1: language id specifier not provided by device, defaulting to English
[  357.903032][ T5829] usb 3-1: New USB device found, idVendor=3275, idProduct=0085, bcdDevice=f7.69
[  357.918047][ T5829] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  357.935212][ T5829] usb 3-1: Product: syz
[  357.969956][ T5829] usb 3-1: Manufacturer: 񷟗è
[  358.025497][ T5892] usb 5-1: new high-speed USB device number 19 using dummy_hcd
[  358.139149][ T5829] usb 3-1: SerialNumber: syz
[  358.300849][ T5892] usb 5-1: device descriptor read/8, error -71
[  358.636497][ T5892] usb 5-1: new high-speed USB device number 20 using dummy_hcd
[  358.890160][ T5892] usb 5-1: device descriptor read/8, error -71
[  358.958547][ T8687] netlink: 8 bytes leftover after parsing attributes in process `syz.0.764'.
[  359.035328][ T5892] usb usb5-port1: unable to enumerate USB device
[  360.472076][ T5829] usb 3-1: USB disconnect, device number 9
[  360.515704][   T30] kauditd_printk_skb: 10 callbacks suppressed
[  360.515720][   T30] audit: type=1326 audit(1751304391.637:22): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8701 comm="syz.1.770" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3843f8e929 code=0x7ffc0000
[  360.614911][   T30] audit: type=1326 audit(1751304391.637:23): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8701 comm="syz.1.770" exe="/root/syz-executor" sig=0 arch=c000003e syscall=22 compat=0 ip=0x7f3843f8e929 code=0x7ffc0000
[  360.683381][   T30] audit: type=1326 audit(1751304391.637:24): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8701 comm="syz.1.770" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3843f8e929 code=0x7ffc0000
[  360.783448][   T30] audit: type=1326 audit(1751304391.637:25): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8701 comm="syz.1.770" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f3843f8e929 code=0x7ffc0000
[  360.878422][   T30] audit: type=1326 audit(1751304391.637:26): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8701 comm="syz.1.770" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3843f8e929 code=0x7ffc0000
[  360.972563][   T30] audit: type=1326 audit(1751304391.647:27): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8701 comm="syz.1.770" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3843f8e929 code=0x7ffc0000
[  360.986306][ T8711] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  361.060931][   T30] audit: type=1326 audit(1751304391.657:28): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8701 comm="syz.1.770" exe="/root/syz-executor" sig=0 arch=c000003e syscall=48 compat=0 ip=0x7f3843f8e929 code=0x7ffc0000
[  361.089623][   T30] audit: type=1326 audit(1751304391.657:29): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8701 comm="syz.1.770" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3843f8e929 code=0x7ffc0000
[  361.211129][   T30] audit: type=1326 audit(1751304391.657:30): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8701 comm="syz.1.770" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3843f8e929 code=0x7ffc0000
[  361.267050][   T30] audit: type=1326 audit(1751304391.657:31): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8701 comm="syz.1.770" exe="/root/syz-executor" sig=0 arch=c000003e syscall=275 compat=0 ip=0x7f3843f8e929 code=0x7ffc0000
[  361.345389][ T8721] netlink: 'syz.2.777': attribute type 27 has an invalid length.
[  361.965105][   T10] usb 2-1: new high-speed USB device number 15 using dummy_hcd
[  362.440190][   T10] usb 2-1: Using ep0 maxpacket: 32
[  362.876784][   T10] usb 2-1: too many configurations: 101, using maximum allowed: 8
[  362.896111][   T10] usb 2-1: unable to read config index 0 descriptor/start: -61
[  362.903794][   T10] usb 2-1: can't read configurations, error -61
[  363.085015][   T10] usb 2-1: new high-speed USB device number 16 using dummy_hcd
[  363.353263][ T5829] usb 1-1: new high-speed USB device number 17 using dummy_hcd
[  363.405042][   T10] usb 2-1: Using ep0 maxpacket: 32
[  363.412366][   T10] usb 2-1: too many configurations: 101, using maximum allowed: 8
[  363.422342][   T10] usb 2-1: unable to read config index 0 descriptor/start: -61
[  363.441407][   T10] usb 2-1: can't read configurations, error -61
[  363.448711][   T10] usb usb2-port1: attempt power cycle
[  363.535133][ T5829] usb 1-1: Using ep0 maxpacket: 32
[  363.549041][ T5829] usb 1-1: config 2 has an invalid interface number: 190 but max is 0
[  363.563671][ T5829] usb 1-1: config 2 has no interface number 0
[  363.580919][ T5829] usb 1-1: config 2 interface 190 has no altsetting 0
[  363.598531][ T5829] usb 1-1: language id specifier not provided by device, defaulting to English
[  363.614099][ T5829] usb 1-1: New USB device found, idVendor=3275, idProduct=0085, bcdDevice=f7.69
[  363.624403][ T5829] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  363.633706][ T5829] usb 1-1: Product: syz
[  363.638024][ T5829] usb 1-1: Manufacturer: 񷟗è
[  363.642908][ T5829] usb 1-1: SerialNumber: syz
[  363.758140][ T5899] usb 4-1: new high-speed USB device number 11 using dummy_hcd
[  363.795078][ T8183] usb 5-1: new full-speed USB device number 21 using dummy_hcd
[  363.795201][   T10] usb 2-1: new high-speed USB device number 17 using dummy_hcd
[  363.835733][   T10] usb 2-1: Using ep0 maxpacket: 32
[  363.841829][   T10] usb 2-1: too many configurations: 101, using maximum allowed: 8
[  363.871613][   T10] usb 2-1: unable to read config index 0 descriptor/start: -61
[  363.879407][   T10] usb 2-1: can't read configurations, error -61
[  363.907072][ T5899] usb 4-1: device descriptor read/64, error -71
[  363.958965][ T8183] usb 5-1: config 0 has an invalid interface number: 133 but max is 0
[  363.971505][ T8183] usb 5-1: config 0 has no interface number 0
[  363.980754][ T8183] usb 5-1: New USB device found, idVendor=06cd, idProduct=0121, bcdDevice=dd.3d
[  363.991267][ T8183] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  363.999712][ T8183] usb 5-1: Product: syz
[  364.004107][ T8183] usb 5-1: Manufacturer: syz
[  364.009200][ T8183] usb 5-1: SerialNumber: syz
[  364.023620][ T8183] usb 5-1: config 0 descriptor??
[  364.035869][   T10] usb 2-1: new high-speed USB device number 18 using dummy_hcd
[  364.068151][   T10] usb 2-1: Using ep0 maxpacket: 32
[  364.077362][   T10] usb 2-1: too many configurations: 101, using maximum allowed: 8
[  364.090979][   T10] usb 2-1: unable to read config index 0 descriptor/start: -61
[  364.102767][   T10] usb 2-1: can't read configurations, error -61
[  364.113027][   T10] usb usb2-port1: unable to enumerate USB device
[  364.145141][ T5899] usb 4-1: new high-speed USB device number 12 using dummy_hcd
[  364.286435][ T5899] usb 4-1: device descriptor read/64, error -71
[  364.405837][ T5899] usb usb4-port1: attempt power cycle
[  364.813518][ T8779] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  365.342516][ T5899] usb 4-1: new high-speed USB device number 13 using dummy_hcd
[  365.370724][ T5899] usb 4-1: device descriptor read/8, error -71
[  365.592035][ T8183] keyspan 5-1:0.133: Keyspan 1 port adapter converter detected
[  365.625492][ T5899] usb 4-1: new high-speed USB device number 14 using dummy_hcd
[  365.627049][ T8183] keyspan 5-1:0.133: found no endpoint descriptor for endpoint 81
[  365.666947][ T5899] usb 4-1: device descriptor read/8, error -71
[  365.813561][ T8183] keyspan 5-1:0.133: found no endpoint descriptor for endpoint 1
[  365.814246][ T5899] usb usb4-port1: unable to enumerate USB device
[  365.857621][ T8183] keyspan 5-1:0.133: found no endpoint descriptor for endpoint 2
[  365.867426][ T8787] netlink: 212376 bytes leftover after parsing attributes in process `syz.1.789'.
[  365.879058][ T8787] netlink: 40 bytes leftover after parsing attributes in process `syz.1.789'.
[  365.895426][ T5829] usb 1-1: USB disconnect, device number 17
[  365.916072][ T8183] usb 5-1: Keyspan 1 port adapter converter now attached to ttyUSB0
[  365.977799][ T8183] usb 5-1: USB disconnect, device number 21
[  366.012676][ T8183] keyspan_1 ttyUSB0: Keyspan 1 port adapter converter now disconnected from ttyUSB0
[  366.057390][ T8183] keyspan 5-1:0.133: device disconnected
[  367.468542][ T8814] syz.0.796: attempt to access beyond end of device
[  367.468542][ T8814] loop0: rw=2048, sector=2, nr_sectors = 1 limit=0
[  367.482188][ T8814] hfsplus: unable to find HFS+ superblock
[  369.281620][ T8830] netlink: 8 bytes leftover after parsing attributes in process `syz.4.800'.
[  370.475337][ T5899] usb 4-1: new high-speed USB device number 15 using dummy_hcd
[  370.994872][ T8183] usb 2-1: new low-speed USB device number 19 using dummy_hcd
[  371.022819][ T8855] netlink: 'syz.2.807': attribute type 1 has an invalid length.
[  371.035885][ T5899] usb 4-1: Using ep0 maxpacket: 32
[  371.053504][ T5899] usb 4-1: config 2 has an invalid interface number: 190 but max is 0
[  371.079015][ T5899] usb 4-1: config 2 has no interface number 0
[  371.095340][ T8855] 8021q: adding VLAN 0 to HW filter on device bond1
[  371.100193][ T5899] usb 4-1: config 2 interface 190 has no altsetting 0
[  371.109573][   T10] usb 1-1: new full-speed USB device number 18 using dummy_hcd
[  371.122493][ T5899] usb 4-1: language id specifier not provided by device, defaulting to English
[  371.202358][ T8855] veth3: entered promiscuous mode
[  371.218030][ T8855] bond1: (slave veth3): Enslaving as a backup interface with a down link
[  371.242154][ T5899] usb 4-1: New USB device found, idVendor=3275, idProduct=0085, bcdDevice=f7.69
[  371.254566][ T8183] usb 2-1: config 0 has an invalid interface number: 1 but max is 0
[  371.269401][ T8183] usb 2-1: config 0 has no interface number 0
[  371.269399][ T5899] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  371.269423][ T5899] usb 4-1: Product: syz
[  371.275747][ T8183] usb 2-1: config 0 interface 1 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 10
[  371.296816][ T5899] usb 4-1: Manufacturer: 񷟗è
[  371.307430][   T10] usb 1-1: config 0 interface 0 altsetting 251 endpoint 0x9 has invalid wMaxPacketSize 0
[  371.319294][ T5899] usb 4-1: SerialNumber: syz
[  371.333863][ T8183] usb 2-1: config 0 interface 1 altsetting 0 endpoint 0x82 has invalid maxpacket 159, setting to 8
[  371.339167][   T10] usb 1-1: config 0 interface 0 has no altsetting 0
[  371.375076][ T8183] usb 2-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22
[  371.392809][   T10] usb 1-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b
[  371.404721][ T8183] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  371.435799][ T8183] usb 2-1: config 0 descriptor??
[  371.441389][ T8840] raw-gadget.1 gadget.1: fail, usb_ep_enable returned -22
[  371.455776][   T10] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  371.463814][   T10] usb 1-1: Product: syz
[  371.478196][ T8183] iowarrior 2-1:0.1: IOWarrior product=0x1512, serial= interface=1 now attached to iowarrior0
[  371.494774][   T10] usb 1-1: Manufacturer: syz
[  371.527766][   T10] usb 1-1: SerialNumber: syz
[  371.736758][   T10] usb 1-1: config 0 descriptor??
[  371.977411][   T10] usb 1-1: selecting invalid altsetting 0
[  373.367369][   T10] usb 1-1: USB disconnect, device number 18
[  374.797528][ T8877] x_tables: unsorted entry at hook 1
[  376.256926][    C1] iowarrior 2-1:0.1: iowarrior_callback - usb_submit_urb failed with result -1
[  376.709091][ T8886] syz.3.814 uses old SIOCAX25GETINFO
[  376.762102][ T5899] usb 4-1: USB disconnect, device number 15
[  377.523299][ T5878] udevd[5878]: error opening ATTR{/sys/devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  377.594726][ T5892] usb 2-1: USB disconnect, device number 19
[  377.685556][ T8896] binder: 8894:8896 ioctl c0306201 200000000240 returned -11
[  378.188986][ T8906] bridge0: port 1(team0) entered blocking state
[  378.196468][ T8906] bridge0: port 1(team0) entered disabled state
[  378.203759][ T8906] team0: entered allmulticast mode
[  378.222446][ T8906] team0: entered promiscuous mode
[  378.620376][ T1302] ieee802154 phy0 wpan0: encryption failed: -22
[  378.684071][ T8909] netlink: 248 bytes leftover after parsing attributes in process `syz.0.821'.
[  378.798394][ T8903] 9pnet: Could not find request transport: fd0x0000000000000003
[  379.448018][ T8919] syz.3.823: attempt to access beyond end of device
[  379.448018][ T8919] loop3: rw=2048, sector=2, nr_sectors = 1 limit=0
[  379.461609][ T8919] hfsplus: unable to find HFS+ superblock
[  380.441435][ T8937] syz.3.828: attempt to access beyond end of device
[  380.441435][ T8937] loop3: rw=2048, sector=2, nr_sectors = 1 limit=0
[  380.455420][ T8937] hfsplus: unable to find HFS+ superblock
[  380.645129][ T5832] Bluetooth: hci4: command 0x0406 tx timeout
[  382.150331][ T8961] netlink: 4 bytes leftover after parsing attributes in process `syz.4.835'.
[  382.328045][ T8965] netlink: 24 bytes leftover after parsing attributes in process `syz.0.833'.
[  382.472186][ T5938] IPVS: starting estimator thread 0...
[  382.527582][ T8967] FAULT_INJECTION: forcing a failure.
[  382.527582][ T8967] name failslab, interval 1, probability 0, space 0, times 0
[  382.682835][ T8967] CPU: 1 UID: 0 PID: 8967 Comm: syz.3.836 Not tainted 6.16.0-rc4-syzkaller #0 PREEMPT(full) 
[  382.682859][ T8967] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  382.682869][ T8967] Call Trace:
[  382.682876][ T8967]  <TASK>
[  382.682884][ T8967]  dump_stack_lvl+0x189/0x250
[  382.682915][ T8967]  ? __pfx____ratelimit+0x10/0x10
[  382.682940][ T8967]  ? __pfx_dump_stack_lvl+0x10/0x10
[  382.682964][ T8967]  ? __pfx__printk+0x10/0x10
[  382.682984][ T8967]  ? lock_acquire+0x175/0x360
[  382.683006][ T8967]  ? __pfx___might_resched+0x10/0x10
[  382.683039][ T8967]  should_fail_ex+0x414/0x560
[  382.683063][ T8967]  should_failslab+0xa8/0x100
[  382.683087][ T8967]  kmem_cache_alloc_noprof+0x73/0x3c0
[  382.683107][ T8967]  ? getname_flags+0xb8/0x540
[  382.683134][ T8967]  getname_flags+0xb8/0x540
[  382.683157][ T8967]  ? preempt_schedule_thunk+0x16/0x30
[  382.683180][ T8967]  user_path_at+0x24/0x60
[  382.683197][ T8967]  do_fchownat+0x105/0x270
[  382.683224][ T8967]  ? __pfx_do_fchownat+0x10/0x10
[  382.683247][ T8967]  ? __pfx_ksys_write+0x10/0x10
[  382.683281][ T8967]  __x64_sys_chown+0x82/0xa0
[  382.683307][ T8967]  do_syscall_64+0xfa/0x3b0
[  382.683334][ T8967]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  382.683350][ T8967]  ? asm_sysvec_reschedule_ipi+0x1a/0x20
[  382.683367][ T8967]  ? clear_bhb_loop+0x60/0xb0
[  382.683388][ T8967]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  382.683405][ T8967] RIP: 0033:0x7f024c78e929
[  382.683420][ T8967] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  382.683436][ T8967] RSP: 002b:00007f024a5d5038 EFLAGS: 00000246 ORIG_RAX: 000000000000005c
[  382.683455][ T8967] RAX: ffffffffffffffda RBX: 00007f024c9b6080 RCX: 00007f024c78e929
[  382.683467][ T8967] RDX: 000000000000ee01 RSI: 0000000000000000 RDI: 00002000000003c0
[  382.683478][ T8967] RBP: 00007f024a5d5090 R08: 0000000000000000 R09: 0000000000000000
[  382.683489][ T8967] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  382.683500][ T8967] R13: 0000000000000000 R14: 00007f024c9b6080 R15: 00007fff19ccb778
[  382.683526][ T8967]  </TASK>
[  382.999597][ T8968] IPVS: using max 29 ests per chain, 69600 per kthread
[  383.192472][ T8971] 9pnet: Could not find request transport: fd0x0000000000000003
[  385.995857][ T5892] usb 5-1: new high-speed USB device number 22 using dummy_hcd
[  386.185193][ T5892] usb 5-1: Using ep0 maxpacket: 32
[  386.216826][ T5892] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  386.272717][ T5892] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  387.067980][ T9045] vlan2: entered allmulticast mode
[  387.073202][ T9045] vlan1: entered allmulticast mode
[  387.078473][ T9045] veth0_vlan: entered allmulticast mode
[  387.787874][ T5892] usb 5-1: New USB device found, idVendor=0403, idProduct=6030, bcdDevice= 0.00
[  387.797034][ T5892] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  387.812844][ T5892] usb 5-1: config 0 descriptor??
[  388.829983][ T5892] ft260 0003:0403:6030.0004: item fetching failed at offset 0/2
[  388.873039][ T5892] ft260 0003:0403:6030.0004: failed to parse HID
[  388.902811][ T5892] ft260 0003:0403:6030.0004: probe with driver ft260 failed with error -22
[  390.270081][ T8183] usb 5-1: USB disconnect, device number 22
[  390.315180][ T5938] usb 3-1: new high-speed USB device number 10 using dummy_hcd
[  390.467531][ T9087] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  390.486959][ T5938] usb 3-1: Using ep0 maxpacket: 16
[  390.495035][   T30] kauditd_printk_skb: 16 callbacks suppressed
[  390.495049][   T30] audit: type=1326 audit(1751304421.617:48): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9085 comm="syz.0.866" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fa952b8e929 code=0x0
[  390.536066][ T5938] usb 3-1: too many endpoints for config 0 interface 0 altsetting 0: 253, using maximum allowed: 30
[  390.555077][ T5938] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  390.566230][ T5938] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 253
[  390.579441][ T5938] usb 3-1: New USB device found, idVendor=0b05, idProduct=1a30, bcdDevice= 0.00
[  390.596666][ T5938] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  390.636576][ T5938] usb 3-1: config 0 descriptor??
[  390.735461][ T9094] futex_wake_op: syz.3.867 tries to shift op by -1; fix this program
[  390.764477][ T9093] netlink: 4 bytes leftover after parsing attributes in process `syz.3.867'.
[  390.985053][ T5892] usb 5-1: new full-speed USB device number 23 using dummy_hcd
[  391.072500][ T5938] hid (null): unknown global tag 0xd
[  391.105624][ T5938] asus 0003:0B05:1A30.0005: unknown main item tag 0x6
[  391.125192][ T5892] usb 5-1: device descriptor read/64, error -71
[  391.125751][ T5938] asus 0003:0B05:1A30.0005: unknown global tag 0xd
[  391.157352][ T5938] asus 0003:0B05:1A30.0005: item 0 1 1 13 parsing failed
[  391.177166][ T5938] asus 0003:0B05:1A30.0005: Asus hid parse failed: -22
[  391.210406][ T5938] asus 0003:0B05:1A30.0005: probe with driver asus failed with error -22
[  391.478416][ T5938] usb 3-1: USB disconnect, device number 10
[  391.517207][ T9103] netlink: 2384 bytes leftover after parsing attributes in process `syz.3.869'.
[  391.635275][ T5892] usb 5-1: new full-speed USB device number 24 using dummy_hcd
[  391.646379][ T5832] Bluetooth: hci4: unexpected event for opcode 0x6572
[  391.845157][ T5892] usb 5-1: device descriptor read/64, error -71
[  392.063983][ T5892] usb usb5-port1: attempt power cycle
[  392.829467][ T5892] usb 5-1: new full-speed USB device number 25 using dummy_hcd
[  392.868911][ T5892] usb 5-1: device descriptor read/8, error -71
[  392.949165][ T9132] netlink: 4 bytes leftover after parsing attributes in process `syz.2.876'.
[  393.051174][ T5938] usb 2-1: new high-speed USB device number 20 using dummy_hcd
[  393.334020][ T5938] usb 2-1: config 2 has an invalid interface number: 233 but max is 0
[  393.519869][ T5938] usb 2-1: config 2 has no interface number 0
[  393.670908][ T5892] usb 5-1: new full-speed USB device number 26 using dummy_hcd
[  393.710733][ T5938] usb 2-1: config 2 interface 233 has no altsetting 0
[  393.725666][ T5938] usb 2-1: New USB device found, idVendor=1b3d, idProduct=0109, bcdDevice=33.00
[  393.741804][ T5938] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  393.750248][ T5938] usb 2-1: Product: syz
[  393.754545][ T5938] usb 2-1: Manufacturer: syz
[  393.759275][ T5938] usb 2-1: SerialNumber: syz
[  393.775296][ T5892] usb 5-1: device descriptor read/8, error -71
[  393.936732][ T5892] usb usb5-port1: unable to enumerate USB device
[  394.396578][ T5938] ftdi_sio 2-1:2.233: FTDI USB Serial Device converter detected
[  394.464130][ T5938] usb 2-1: Detected FT232HP
[  394.488952][ T5938] ftdi_sio ttyUSB0: Unable to read latency timer: -71
[  394.518511][ T5938] ftdi_sio ttyUSB0: Unable to write latency timer: -71
[  394.666943][ T5938] usb 2-1: FTDI USB Serial Device converter now attached to ttyUSB0
[  395.281061][ T5938] usb 2-1: USB disconnect, device number 20
[  395.318716][ T5938] ftdi_sio ttyUSB0: FTDI USB Serial Device converter now disconnected from ttyUSB0
[  395.450891][ T5938] ftdi_sio 2-1:2.233: device disconnected
[  395.529471][ T9167] x_tables: ip_tables: TCPOPTSTRIP target: only valid in mangle table, not raw
[  395.708932][ T9166] can: request_module (can-proto-0) failed.
[  396.037676][ T9188] netlink: 8 bytes leftover after parsing attributes in process `syz.4.888'.
[  396.047167][ T9188] netlink: 8 bytes leftover after parsing attributes in process `syz.4.888'.
[  396.745057][   T10] usb 5-1: new high-speed USB device number 27 using dummy_hcd
[  396.876923][ T9196] netlink: 'syz.3.891': attribute type 15 has an invalid length.
[  396.915204][   T10] usb 5-1: Using ep0 maxpacket: 16
[  396.937051][   T10] usb 5-1: config 0 interface 0 altsetting 2 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  396.950769][ T9194] syz.3.891: attempt to access beyond end of device
[  396.950769][ T9194] loop3: rw=0, sector=0, nr_sectors = 1 limit=0
[  396.979798][   T10] usb 5-1: config 0 interface 0 altsetting 2 endpoint 0x81 has invalid wMaxPacketSize 0
[  396.990582][   T10] usb 5-1: config 0 interface 0 has no altsetting 0
[  396.997736][   T10] usb 5-1: New USB device found, idVendor=056a, idProduct=0331, bcdDevice= 0.00
[  397.009563][   T10] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  397.051460][   T10] usb 5-1: config 0 descriptor??
[  398.476566][ T9186] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  398.485404][ T9186] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  398.832191][ T5938] usb 5-1: USB disconnect, device number 27
[  398.956250][ T9198] 9pnet_fd: Insufficient options for proto=fd
[  399.019618][   T30] audit: type=1326 audit(1751304430.157:49): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9213 comm="syz.2.896" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f3a3278e929 code=0x0
[  399.481745][ T9224] 9pnet_fd: Insufficient options for proto=fd
[  399.705449][   T10] usb 2-1: new full-speed USB device number 21 using dummy_hcd
[  400.145077][   T10] usb 2-1: device descriptor read/64, error -71
[  400.676111][ T5938] usb 5-1: new full-speed USB device number 28 using dummy_hcd
[  400.942974][ T5938] usb 5-1: config 0 has an invalid interface number: 212 but max is 0
[  400.964268][ T5938] usb 5-1: config 0 has no interface number 0
[  400.974735][ T5938] usb 5-1: config 0 interface 212 has no altsetting 0
[  400.985265][   T10] usb 2-1: new full-speed USB device number 22 using dummy_hcd
[  400.992974][ T5899] usb 1-1: new high-speed USB device number 19 using dummy_hcd
[  400.997961][ T5938] usb 5-1: New USB device found, idVendor=1ae7, idProduct=0525, bcdDevice=ca.e6
[  401.011141][ T5938] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  401.021589][ T5938] usb 5-1: Product: syz
[  401.111681][ T5938] usb 5-1: Manufacturer: syz
[  401.130662][ T5938] usb 5-1: SerialNumber: syz
[  401.148543][ T5938] usb 5-1: config 0 descriptor??
[  401.151796][   T10] usb 2-1: device descriptor read/64, error -71
[  401.160744][ T9241] netlink: 56 bytes leftover after parsing attributes in process `syz.3.904'.
[  401.169667][ T5938] HFC-S_USB 5-1:0.212: probe with driver HFC-S_USB failed with error -5
[  401.171648][ T5899] usb 1-1: Using ep0 maxpacket: 32
[  401.203692][ T5899] usb 1-1: config 2 has an invalid interface number: 190 but max is 0
[  401.219267][ T5899] usb 1-1: config 2 has no interface number 0
[  401.233083][ T5899] usb 1-1: config 2 interface 190 has no altsetting 0
[  401.247174][ T5899] usb 1-1: language id specifier not provided by device, defaulting to English
[  401.276039][ T5899] usb 1-1: New USB device found, idVendor=3275, idProduct=0085, bcdDevice=f7.69
[  401.293092][ T5899] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  401.317937][   T10] usb usb2-port1: attempt power cycle
[  401.352827][ T9248] xt_addrtype: input interface limitation not valid in POSTROUTING and OUTPUT
[  401.404450][ T9246] openvswitch: netlink: ct_state flags 7fffffff unsupported
[  401.468270][ T5892] usb 5-1: USB disconnect, device number 28
[  401.509440][ T5899] usb 1-1: Product: syz
[  401.572793][ T5899] usb 1-1: Manufacturer: 񷟗è
[  401.666037][ T5899] usb 1-1: SerialNumber: syz
[  401.795261][   T10] usb 2-1: new full-speed USB device number 23 using dummy_hcd
[  401.926690][   T10] usb 2-1: device descriptor read/8, error -71
[  402.245641][   T10] usb 2-1: new full-speed USB device number 24 using dummy_hcd
[  402.412893][   T10] usb 2-1: device descriptor read/8, error -71
[  402.555446][ T9257] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  402.919108][   T10] usb usb2-port1: unable to enumerate USB device
[  403.179423][ T5899] usb 1-1: USB disconnect, device number 19
[  403.578273][ T5899] usb 1-1: new high-speed USB device number 20 using dummy_hcd
[  403.750629][ T5899] usb 1-1: New USB device found, idVendor=13d8, idProduct=0011, bcdDevice=d0.62
[  403.767351][ T5899] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  403.793583][ T5899] usb 1-1: Product: syz
[  403.808135][ T5899] usb 1-1: Manufacturer: syz
[  403.812919][ T5899] usb 1-1: SerialNumber: syz
[  403.837935][ T5899] usb 1-1: config 0 descriptor??
[  403.889439][ T5899] usb 1-1: selecting invalid altsetting 1
[  403.898927][ T5899] comedi comedi0: could not switch to alternate setting 1
[  403.906224][ T5899] usbduxfast 1-1:0.0: driver 'usbduxfast' failed to auto-configure device.
[  404.193806][ T9266] overlayfs: overlapping lowerdir path
[  405.156082][ T9270] netlink: 8 bytes leftover after parsing attributes in process `syz.2.912'.
[  405.952358][ T9259] dummy0: entered promiscuous mode
[  405.962021][ T9259] macsec1: entered promiscuous mode
[  405.967745][ T9259] macsec1: entered allmulticast mode
[  405.973106][ T9259] dummy0: entered allmulticast mode
[  406.071751][ T9274] kvm: vcpu 2: requested lapic timer restore with starting count register 0x390=1642504120 (13140032960 ns) > initial count (744665392 ns). Using initial count to start timer.
[  406.097649][ T9274] kvm: vcpu 1: requested lapic timer restore with starting count register 0x390=1812281087 (231971979136 ns) > initial count (128 ns). Using initial count to start timer.
[  406.176597][ T5899] usb 1-1: USB disconnect, device number 20
[  407.296473][ T9290] fuse: Unknown parameter 'grou'
[  407.327664][   T30] audit: type=1326 audit(1751304438.447:50): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9277 comm="syz.3.916" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f024c78e929 code=0x0
[  407.329715][ T9290] new mount options do not match the existing superblock, will be ignored
[  407.557302][ T9290] netlink: 8 bytes leftover after parsing attributes in process `syz.0.918'.
[  407.579073][ T9290] netlink: 56 bytes leftover after parsing attributes in process `syz.0.918'.
[  407.695212][ T5899] usb 4-1: new high-speed USB device number 16 using dummy_hcd
[  408.265101][ T8183] usb 5-1: new high-speed USB device number 29 using dummy_hcd
[  408.410346][ T5899] usb 4-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xA4, changing to 0x84
[  408.450968][ T5899] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x84 has an invalid bInterval 0, changing to 7
[  408.499709][ T5899] usb 4-1: New USB device found, idVendor=0cf3, idProduct=9374, bcdDevice=bc.3b
[  408.505192][ T8183] usb 5-1: Using ep0 maxpacket: 32
[  408.518665][ T5899] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  408.526127][ T8183] usb 5-1: config 2 has an invalid interface number: 190 but max is 0
[  408.540923][ T8183] usb 5-1: config 2 has no interface number 0
[  408.542002][ T5899] usb 4-1: config 0 descriptor??
[  408.603949][ T8183] usb 5-1: config 2 interface 190 has no altsetting 0
[  408.629791][ T8183] usb 5-1: language id specifier not provided by device, defaulting to English
[  408.671101][ T8183] usb 5-1: New USB device found, idVendor=3275, idProduct=0085, bcdDevice=f7.69
[  408.694937][ T8183] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  408.727189][ T8183] usb 5-1: Product: syz
[  408.740718][ T8183] usb 5-1: Manufacturer: 񷟗è
[  408.780214][ T8183] usb 5-1: SerialNumber: syz
[  409.812661][ T5899] ath6kl: Failed to submit usb control message: -110
[  409.825055][ T5899] ath6kl: unable to send the bmi data to the device: -110
[  409.832227][ T5899] ath6kl: Unable to send get target info: -110
[  409.872290][ T5899] ath6kl: Failed to init ath6kl core: -110
[  410.065618][ T5899] ath6kl_usb 4-1:0.0: probe with driver ath6kl_usb failed with error -110
[  410.290195][ T5899] usb 4-1: USB disconnect, device number 16
[  410.435309][ T5938] usb 1-1: new high-speed USB device number 21 using dummy_hcd
[  410.615154][ T5938] usb 1-1: Using ep0 maxpacket: 16
[  410.652243][ T5938] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  410.713978][ T5938] usb 1-1: New USB device found, idVendor=05ac, idProduct=024b, bcdDevice= 0.00
[  410.754441][ T5938] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  410.896657][ T9333] netlink: 24 bytes leftover after parsing attributes in process `syz.3.927'.
[  411.012241][ T9333] vxcan3: entered promiscuous mode
[  411.307912][ T5938] usb 1-1: config 0 descriptor??
[  411.418316][ T8183] usb 5-1: USB disconnect, device number 29
[  411.924056][ T9345] syz.3.931: attempt to access beyond end of device
[  411.924056][ T9345] loop3: rw=2048, sector=2, nr_sectors = 1 limit=0
[  411.967003][ T9345] hfsplus: unable to find HFS+ superblock
[  413.031952][ T5938] apple 0003:05AC:024B.0007: unknown main item tag 0x0
[  413.045557][ T5938] apple 0003:05AC:024B.0007: unknown main item tag 0x6
[  413.052466][ T5938] apple 0003:05AC:024B.0007: collection stack underflow
[  413.059593][ T5938] apple 0003:05AC:024B.0007: item 0 0 0 12 parsing failed
[  413.074146][ T5938] apple 0003:05AC:024B.0007: parse failed
[  413.080065][ T5938] apple 0003:05AC:024B.0007: probe with driver apple failed with error -22
[  413.833542][ T9361] netlink: 'syz.4.934': attribute type 10 has an invalid length.
[  414.797700][   T10] usb 1-1: USB disconnect, device number 21
[  416.765057][ T5899] usb 2-1: new high-speed USB device number 25 using dummy_hcd
[  417.495431][ T9400] netlink: 4384 bytes leftover after parsing attributes in process `syz.0.947'.
[  417.507233][ T5899] usb 2-1: Using ep0 maxpacket: 32
[  417.531726][ T5899] usb 2-1: config 2 has an invalid interface number: 190 but max is 0
[  417.540770][ T5899] usb 2-1: config 2 has no interface number 0
[  417.547163][ T5899] usb 2-1: config 2 interface 190 has no altsetting 0
[  417.559757][ T5899] usb 2-1: language id specifier not provided by device, defaulting to English
[  417.578698][ T5899] usb 2-1: New USB device found, idVendor=3275, idProduct=0085, bcdDevice=f7.69
[  417.589803][ T5899] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  417.601860][ T5899] usb 2-1: Product: syz
[  417.607858][ T5899] usb 2-1: Manufacturer: 񷟗è
[  417.613188][ T5899] usb 2-1: SerialNumber: syz
[  417.719465][ T5899] usb 2-1: can't set config #2, error -71
[  417.746640][ T5899] usb 2-1: USB disconnect, device number 25
[  418.341745][ T9416] vimc link validate: Scaler:src:4096x16 (0x33424752, 3, 1, 1, 7) RGB/YUV Capture:snk:640x480 (0x33424752, 8, 0, 0, 0)
[  418.357446][ T9416] fuse: Unknown parameter ''
[  418.553780][ T9420] netlink: 8 bytes leftover after parsing attributes in process `syz.3.953'.
[  418.590055][ T9420] netlink: 16 bytes leftover after parsing attributes in process `syz.3.953'.
[  418.888038][ T9423] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  419.036754][ T9423] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  419.185216][ T9430] netlink: 12 bytes leftover after parsing attributes in process `syz.0.957'.
[  419.194181][ T9430] nbd: must specify a size in bytes for the device
[  419.486936][ T9423] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  419.617663][ T9433] xt_hashlimit: overflow, rate too high: 0
[  420.625036][   T10] usb 1-1: new high-speed USB device number 22 using dummy_hcd
[  420.795117][   T30] audit: type=1326 audit(1751304451.917:51): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9449 comm="syz.4.963" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f23b798e929 code=0x7ffc0000
[  420.858047][   T30] audit: type=1326 audit(1751304451.917:52): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9449 comm="syz.4.963" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f23b798e929 code=0x7ffc0000
[  420.879928][   T30] audit: type=1326 audit(1751304451.917:53): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9449 comm="syz.4.963" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f23b798e929 code=0x7ffc0000
[  421.446361][   T10] usb 1-1: Using ep0 maxpacket: 32
[  421.451671][   T30] audit: type=1326 audit(1751304451.917:54): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9449 comm="syz.4.963" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f23b798e929 code=0x7ffc0000
[  421.475130][   T30] audit: type=1326 audit(1751304451.927:55): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9449 comm="syz.4.963" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f23b798e929 code=0x7ffc0000
[  421.585419][   T10] usb 1-1: config 2 has an invalid interface number: 190 but max is 0
[  421.593651][   T10] usb 1-1: config 2 has no interface number 0
[  421.613105][   T30] audit: type=1326 audit(1751304451.927:56): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9449 comm="syz.4.963" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f23b798e929 code=0x7ffc0000
[  421.655080][   T10] usb 1-1: config 2 interface 190 has no altsetting 0
[  421.679286][   T30] audit: type=1326 audit(1751304451.927:57): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9449 comm="syz.4.963" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f23b798e929 code=0x7ffc0000
[  422.385934][   T30] audit: type=1326 audit(1751304451.927:58): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9449 comm="syz.4.963" exe="/root/syz-executor" sig=0 arch=c000003e syscall=74 compat=0 ip=0x7f23b798e929 code=0x7ffc0000
[  422.409761][   T30] audit: type=1326 audit(1751304451.927:59): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9449 comm="syz.4.963" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f23b798e929 code=0x7ffc0000
[  422.431630][   T30] audit: type=1326 audit(1751304451.927:60): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9449 comm="syz.4.963" exe="/root/syz-executor" sig=0 arch=c000003e syscall=126 compat=0 ip=0x7f23b798e929 code=0x7ffc0000
[  422.544864][   T10] usb 1-1: language id specifier not provided by device, defaulting to English
[  422.765347][   T10] usb 1-1: New USB device found, idVendor=3275, idProduct=0085, bcdDevice=f7.69
[  422.775593][   T10] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  422.785016][   T10] usb 1-1: Product: syz
[  422.789243][   T10] usb 1-1: Manufacturer: 񷟗è
[  422.796600][   T10] usb 1-1: SerialNumber: syz
[  423.074228][ T9469] netlink: 512 bytes leftover after parsing attributes in process `syz.4.968'.
[  423.124554][   T10] usb 1-1: USB disconnect, device number 22
[  423.332942][ T9473] netlink: 12 bytes leftover after parsing attributes in process `syz.0.969'.
[  423.342488][ T9473] nbd: must specify a size in bytes for the device
[  423.718479][ T9476] ------------[ cut here ]------------
[  423.724343][ T9476] WARNING: CPU: 0 PID: 9476 at ./include/linux/memcontrol.h:371 folio_memcg+0x1a8/0x310
[  423.734887][ T9476] Modules linked in:
[  423.739415][ T9476] CPU: 0 UID: 0 PID: 9476 Comm: syz.4.970 Not tainted 6.16.0-rc4-syzkaller #0 PREEMPT(full) 
[  423.750063][ T9476] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  423.760906][ T9476] RIP: 0010:folio_memcg+0x1a8/0x310
[  423.766625][ T9476] Code: 80 3c 28 00 74 08 4c 89 f7 e8 b4 cc 1b 00 4d 8b 36 4c 89 f0 5b 41 5c 41 5d 41 5e 41 5f 5d c3 cc cc cc cc cc e8 89 74 ba ff 90 <0f> 0b 90 eb c5 44 89 e1 80 e1 07 80 c1 03 38 c1 0f 8c fe fe ff ff
[  423.786365][ T9476] RSP: 0018:ffffc90002e77250 EFLAGS: 00010283
[  423.792547][ T9476] RAX: ffffffff8205d907 RBX: 0000000000000000 RCX: 0000000000080000
[  423.800623][ T9476] RDX: ffffc9000d5ba000 RSI: 0000000000000766 RDI: 0000000000000767
[  423.808700][ T9476] RBP: 0000000000000000 R08: ffffea0001d602c7 R09: 1ffffd40003ac058
[  423.817414][ T9476] R10: dffffc0000000000 R11: fffff940003ac059 R12: ffffea0001d602f0
[  423.825775][ T9476] R13: dffffc0000000000 R14: ffff88802fc6fb00 R15: 0000000000000002
[  423.833758][ T9476] FS:  00007f23b88d86c0(0000) GS:ffff888125c84000(0000) knlGS:0000000000000000
[  423.842730][ T9476] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  423.849331][ T9476] CR2: 0000000000000000 CR3: 000000003248e000 CR4: 00000000003526f0
[  423.857325][ T9476] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000004144
[  423.865331][ T9476] DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400
[  423.873324][ T9476] Call Trace:
[  423.876693][ T9476]  <TASK>
[  423.879627][ T9476]  workingset_activation+0x5f/0x4a0
[  423.884833][ T9476]  ? folio_mark_accessed+0x341/0x4a0
[  423.890138][ T9476]  folio_mark_accessed+0x3b5/0x4a0
[  423.895277][ T9476]  kvm_release_page_clean+0x9a/0xe0
[  423.900506][ T9476]  kvm_tdp_page_fault+0x2dd/0x370
[  423.905562][ T9476]  kvm_mmu_do_page_fault+0x2c5/0x640
[  423.910878][ T9476]  ? __pfx_kvm_mmu_do_page_fault+0x10/0x10
[  423.916741][ T9476]  ? vmx_handle_exit_irqoff+0x29e/0xad0
[  423.922631][ T9476]  ? __pfx_current_save_fsgs+0x10/0x10
[  423.928404][ T9476]  kvm_mmu_page_fault+0x22f/0xb70
[  423.933439][ T9476]  ? __pfx_handle_ept_violation+0x10/0x10
[  423.939196][ T9476]  vmx_handle_exit+0x1093/0x18a0
[  423.944148][ T9476]  ? vcpu_run+0x361c/0x6f70
[  423.948677][ T9476]  vcpu_run+0x432e/0x6f70
[  423.953018][ T9476]  ? vcpu_run+0x361c/0x6f70
[  423.957569][ T9476]  ? __pfx_vcpu_run+0x10/0x10
[  423.962250][ T9476]  ? kvm_arch_vcpu_ioctl_run+0x1f3/0x1940
[  423.968049][ T9476]  ? rcu_is_watching+0x15/0xb0
[  423.972826][ T9476]  kvm_arch_vcpu_ioctl_run+0xfc9/0x1940
[  423.978401][ T9476]  ? kvm_arch_vcpu_ioctl_run+0x1f3/0x1940
[  423.984120][ T9476]  ? __pfx_kvm_arch_vcpu_ioctl_run+0x10/0x10
[  423.990125][ T9476]  ? rcu_is_watching+0x15/0xb0
[  423.994892][ T9476]  ? trace_contention_end+0x39/0x120
[  424.000209][ T9476]  ? __mutex_lock+0x330/0xe80
[  424.004896][ T9476]  ? kasan_quarantine_put+0xdd/0x220
[  424.010344][ T9476]  ? kvm_vcpu_ioctl+0x22e/0xe90
[  424.015325][ T9476]  ? __pfx___mutex_lock+0x10/0x10
[  424.020411][ T9476]  ? tomoyo_path_number_perm+0x1bc/0x5a0
[  424.028592][ T9476]  ? tomoyo_path_number_perm+0x1bc/0x5a0
[  424.034294][ T9476]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  424.040409][ T9476]  ? kvm_vcpu_ioctl+0xb82/0xe90
[  424.045416][ T9476]  kvm_vcpu_ioctl+0x95c/0xe90
[  424.050156][ T9476]  ? __pfx_kvm_vcpu_ioctl+0x10/0x10
[  424.055545][ T9476]  ? __lock_acquire+0xab9/0xd20
[  424.060463][ T9476]  ? __asan_memset+0x22/0x50
[  424.065179][ T9476]  ? smack_file_ioctl+0x302/0x340
[  424.070260][ T9476]  ? __pfx_smack_file_ioctl+0x10/0x10
[  424.075824][ T9476]  ? __fget_files+0x2a/0x420
[  424.080487][ T9476]  ? __fget_files+0x3a0/0x420
[  424.085335][ T9476]  ? __fget_files+0x2a/0x420
[  424.089993][ T9476]  ? bpf_lsm_file_ioctl+0x9/0x20
[  424.095029][ T9476]  ? __pfx_kvm_vcpu_ioctl+0x10/0x10
[  424.100297][ T9476]  __se_sys_ioctl+0xfc/0x170
[  424.104976][ T9476]  do_syscall_64+0xfa/0x3b0
[  424.109541][ T9476]  ? lockdep_hardirqs_on+0x9c/0x150
[  424.114803][ T9476]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  424.121082][ T9476]  ? clear_bhb_loop+0x60/0xb0
[  424.128292][ T9476]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  424.134247][ T9476] RIP: 0033:0x7f23b798e929
[  424.138792][ T9476] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  424.158703][ T9476] RSP: 002b:00007f23b88d8038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  424.167283][ T9476] RAX: ffffffffffffffda RBX: 00007f23b7bb5fa0 RCX: 00007f23b798e929
[  424.175373][ T9476] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000005
[  424.183396][ T9476] RBP: 00007f23b7a10b39 R08: 0000000000000000 R09: 0000000000000000
[  424.191497][ T9476] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  424.199560][ T9476] R13: 0000000000000000 R14: 00007f23b7bb5fa0 R15: 00007ffd8a903bf8
[  424.207699][ T9476]  </TASK>
[  424.210782][ T9476] Kernel panic - not syncing: kernel: panic_on_warn set ...
[  424.218069][ T9476] CPU: 0 UID: 0 PID: 9476 Comm: syz.4.970 Not tainted 6.16.0-rc4-syzkaller #0 PREEMPT(full) 
[  424.228213][ T9476] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  424.238267][ T9476] Call Trace:
[  424.241546][ T9476]  <TASK>
[  424.244478][ T9476]  dump_stack_lvl+0x99/0x250
[  424.249079][ T9476]  ? __asan_memcpy+0x40/0x70
[  424.253674][ T9476]  ? __pfx_dump_stack_lvl+0x10/0x10
[  424.258876][ T9476]  ? __pfx__printk+0x10/0x10
[  424.263488][ T9476]  panic+0x2db/0x790
[  424.267393][ T9476]  ? __pfx_panic+0x10/0x10
[  424.271822][ T9476]  __warn+0x31b/0x4b0
[  424.275804][ T9476]  ? folio_memcg+0x1a8/0x310
[  424.280411][ T9476]  ? folio_memcg+0x1a8/0x310
[  424.285019][ T9476]  report_bug+0x2be/0x4f0
[  424.289351][ T9476]  ? folio_memcg+0x1a8/0x310
[  424.293944][ T9476]  ? folio_memcg+0x1a8/0x310
[  424.298536][ T9476]  ? folio_memcg+0x1aa/0x310
[  424.303127][ T9476]  handle_bug+0x84/0x160
[  424.307364][ T9476]  exc_invalid_op+0x1a/0x50
[  424.311862][ T9476]  asm_exc_invalid_op+0x1a/0x20
[  424.316706][ T9476] RIP: 0010:folio_memcg+0x1a8/0x310
[  424.321907][ T9476] Code: 80 3c 28 00 74 08 4c 89 f7 e8 b4 cc 1b 00 4d 8b 36 4c 89 f0 5b 41 5c 41 5d 41 5e 41 5f 5d c3 cc cc cc cc cc e8 89 74 ba ff 90 <0f> 0b 90 eb c5 44 89 e1 80 e1 07 80 c1 03 38 c1 0f 8c fe fe ff ff
[  424.341521][ T9476] RSP: 0018:ffffc90002e77250 EFLAGS: 00010283
[  424.347593][ T9476] RAX: ffffffff8205d907 RBX: 0000000000000000 RCX: 0000000000080000
[  424.355560][ T9476] RDX: ffffc9000d5ba000 RSI: 0000000000000766 RDI: 0000000000000767
[  424.363531][ T9476] RBP: 0000000000000000 R08: ffffea0001d602c7 R09: 1ffffd40003ac058
[  424.371514][ T9476] R10: dffffc0000000000 R11: fffff940003ac059 R12: ffffea0001d602f0
[  424.379483][ T9476] R13: dffffc0000000000 R14: ffff88802fc6fb00 R15: 0000000000000002
[  424.387460][ T9476]  ? folio_memcg+0x1a7/0x310
[  424.392064][ T9476]  workingset_activation+0x5f/0x4a0
[  424.397265][ T9476]  ? folio_mark_accessed+0x341/0x4a0
[  424.402550][ T9476]  folio_mark_accessed+0x3b5/0x4a0
[  424.407665][ T9476]  kvm_release_page_clean+0x9a/0xe0
[  424.412890][ T9476]  kvm_tdp_page_fault+0x2dd/0x370
[  424.417918][ T9476]  kvm_mmu_do_page_fault+0x2c5/0x640
[  424.423207][ T9476]  ? __pfx_kvm_mmu_do_page_fault+0x10/0x10
[  424.429028][ T9476]  ? vmx_handle_exit_irqoff+0x29e/0xad0
[  424.434589][ T9476]  ? __pfx_current_save_fsgs+0x10/0x10
[  424.440050][ T9476]  kvm_mmu_page_fault+0x22f/0xb70
[  424.445079][ T9476]  ? __pfx_handle_ept_violation+0x10/0x10
[  424.450792][ T9476]  vmx_handle_exit+0x1093/0x18a0
[  424.455735][ T9476]  ? vcpu_run+0x361c/0x6f70
[  424.460238][ T9476]  vcpu_run+0x432e/0x6f70
[  424.464577][ T9476]  ? vcpu_run+0x361c/0x6f70
[  424.469107][ T9476]  ? __pfx_vcpu_run+0x10/0x10
[  424.473785][ T9476]  ? kvm_arch_vcpu_ioctl_run+0x1f3/0x1940
[  424.479501][ T9476]  ? rcu_is_watching+0x15/0xb0
[  424.484276][ T9476]  kvm_arch_vcpu_ioctl_run+0xfc9/0x1940
[  424.489835][ T9476]  ? kvm_arch_vcpu_ioctl_run+0x1f3/0x1940
[  424.495565][ T9476]  ? __pfx_kvm_arch_vcpu_ioctl_run+0x10/0x10
[  424.501569][ T9476]  ? rcu_is_watching+0x15/0xb0
[  424.506351][ T9476]  ? trace_contention_end+0x39/0x120
[  424.511647][ T9476]  ? __mutex_lock+0x330/0xe80
[  424.516327][ T9476]  ? kasan_quarantine_put+0xdd/0x220
[  424.521612][ T9476]  ? kvm_vcpu_ioctl+0x22e/0xe90
[  424.526460][ T9476]  ? __pfx___mutex_lock+0x10/0x10
[  424.531518][ T9476]  ? tomoyo_path_number_perm+0x1bc/0x5a0
[  424.537194][ T9476]  ? tomoyo_path_number_perm+0x1bc/0x5a0
[  424.542832][ T9476]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  424.548809][ T9476]  ? kvm_vcpu_ioctl+0xb82/0xe90
[  424.553658][ T9476]  kvm_vcpu_ioctl+0x95c/0xe90
[  424.558335][ T9476]  ? __pfx_kvm_vcpu_ioctl+0x10/0x10
[  424.563544][ T9476]  ? __lock_acquire+0xab9/0xd20
[  424.568403][ T9476]  ? __asan_memset+0x22/0x50
[  424.573011][ T9476]  ? smack_file_ioctl+0x302/0x340
[  424.578033][ T9476]  ? __pfx_smack_file_ioctl+0x10/0x10
[  424.583408][ T9476]  ? __fget_files+0x2a/0x420
[  424.588001][ T9476]  ? __fget_files+0x3a0/0x420
[  424.592677][ T9476]  ? __fget_files+0x2a/0x420
[  424.597272][ T9476]  ? bpf_lsm_file_ioctl+0x9/0x20
[  424.602214][ T9476]  ? __pfx_kvm_vcpu_ioctl+0x10/0x10
[  424.607437][ T9476]  __se_sys_ioctl+0xfc/0x170
[  424.612039][ T9476]  do_syscall_64+0xfa/0x3b0
[  424.616572][ T9476]  ? lockdep_hardirqs_on+0x9c/0x150
[  424.621787][ T9476]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  424.627856][ T9476]  ? clear_bhb_loop+0x60/0xb0
[  424.632532][ T9476]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  424.638425][ T9476] RIP: 0033:0x7f23b798e929
[  424.642839][ T9476] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  424.662446][ T9476] RSP: 002b:00007f23b88d8038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  424.670865][ T9476] RAX: ffffffffffffffda RBX: 00007f23b7bb5fa0 RCX: 00007f23b798e929
[  424.678832][ T9476] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000005
[  424.686801][ T9476] RBP: 00007f23b7a10b39 R08: 0000000000000000 R09: 0000000000000000
[  424.694768][ T9476] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  424.702733][ T9476] R13: 0000000000000000 R14: 00007f23b7bb5fa0 R15: 00007ffd8a903bf8
[  424.710756][ T9476]  </TASK>
[  424.714121][ T9476] Kernel Offset: disabled
[  424.718453][ T9476] Rebooting in 86400 seconds..