last executing test programs:

3m26.809819064s ago: executing program 4 (id=629):
ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={0x0, r0}, 0x18)
prlimit64(0x0, 0xe, &(0x7f0000000180)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000480)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f0000000400)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(0xffffffffffffffff, 0x8933, &(0x7f0000000140))
r4 = openat$vimc1(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
ioctl$VIDIOC_DECODER_CMD(r4, 0xc0485660, &(0x7f00000004c0)={0x1, 0x1, @stop_pts=0x9})
openat$ttyS3(0xffffffffffffff9c, 0x0, 0x2040, 0x0)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000040)={0xffffffffffffffff, 0x0, 0xd, 0x0, &(0x7f0000000240)="e30080670000ec67838717bd86", 0x0, 0x406, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe}, 0x50)
r5 = syz_open_dev$sg(&(0x7f0000000140), 0x6f5e, 0x0)
ioctl$FIBMAP(r5, 0x1, &(0x7f0000000040)=0x85)
sendmsg$IPSET_CMD_CREATE(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000280)=ANY=[@ANYBLOB], 0x50}}, 0x0)
ioctl$sock_ifreq(0xffffffffffffffff, 0x8971, 0x0)
openat$rtc(0xffffffffffffff9c, &(0x7f00000001c0), 0x103a02, 0x0)
chown(0x0, 0x0, 0x0)
socket$inet6(0xa, 0x2, 0x0)

3m23.938134188s ago: executing program 4 (id=631):
r0 = socket$inet_sctp(0x2, 0x1, 0x84)
setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r0, 0x84, 0x64, &(0x7f0000000580)=[@in={0x2, 0x4e21, @local}], 0x10)
r1 = fsopen(&(0x7f0000000180)='hugetlbfs\x00', 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r1, 0x6, 0x0, 0x0, 0x0)
setsockopt$inet_IP_XFRM_POLICY(r0, 0x0, 0x11, &(0x7f00000005c0)={{{@in6=@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', @in=@dev={0xac, 0x14, 0x14, 0x39}, 0x4e24, 0x406, 0x4e22, 0x1, 0xa, 0x20, 0x40, 0x33}, {0x6, 0x5, 0x0, 0x72d, 0x80000001, 0x0, 0x5, 0x3}, {0xcd4f, 0x8, 0x7, 0x9}, 0xffff0001, 0x6e6bb8, 0x0, 0xef5c07ee930972ae, 0x1}, {{@in=@dev={0xac, 0x14, 0x14, 0x2e}, 0x4d5, 0x33}, 0x7b806124cfac1cef, @in6=@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', 0x3505, 0x1, 0x3, 0x1, 0x2, 0x7, 0xf}}, 0xe8)

3m23.643482006s ago: executing program 4 (id=634):
mkdir(&(0x7f0000000000)='./cgroup/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0xffeb)
r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000040)='mountinfo\x00')
lseek(r0, 0xfffd, 0x0)
syz_fuse_handle_req(r0, &(0x7f0000005080)="0d5fa7329a25ac5e5adb7da748269c1a8f94096cc367aced62c2204b19e63a40f2e25749ee82ee2d02b0a519879eea8250d0bd39e897a9f3baaddcbcbda7707e866816078569d58b4458e3eae1686a3222406038777c30657016d4b0324b7acd1ce29d2d6d1def672aecce23b7e5540b2ec556fd8d1f8c9e0b9f96b27755e3bbcf0245ca5eeca1d800ff7586ddc6b05901d6328f7ac24648e607f8147848351652cbffd273818e8e9ef9f4869c21e83c229ecee26b76f7fcab6cd30cd9ab5d610bf9aaa9dc50fc0bfaf520e3238517430c85da5c0b3aee29752499ca7baf9467080b10722fc5fdbb65a27fbe728e3ed2ee73372d6a225e875350eaa87f017bb1d27d31318fbd7d3b2abef943fbdfee61cdc6d3a96a4ecbb4386ca4ea1f734a4a44792a4de442e9a4cdbcda30c63c70cec1dc0a16f63cbe883fdc5c5923979a43996e12e7b559e5b8f4821af4ba3e61a2966c1ad7e1a51b2c229c498543fb8daaa21f936dcbf0c6612f2eb791dbef9fb6d92aa0b196f8d79d2fdad43fe52e575ec81ee289a10ec7440e287d691fe7e44550fd1f39f2444e748b48485e2352e271940bf36ff97347a662a48d155836e109689409a0d0b48d698ab429ca6c119410ab04c42e28a927bf56b7f3e75344bea93b3380dc15c125c838da5a40daf6a75aa5cf17c8c22b262c409f8b32f75714c95e424417f322a7abca6b42cf7a28c27718e3296efd76bb24964266c806924fb49abbd61e55f5a7b4fb95c65ab081abc72edabfe871eda86ea32392e17747657f94146e4c97b427bdfce4d0ab8cc4864d292787f5e94e09ba00fd7e2acee12e645cbb516d20ac9d450233149ac9e9e16f013e9fb4fd8e037607a04491ace0161d3fac8c57d478de28234f7ad1771630919930738e338425d94dd4f35bdecfb1a72e8657cb204a0281f2ebe43b118f656aad6705a5a3c7cf93cc6e3329c68e8505b2f4436bec29d9b7bd3755bf60d303feeb05c276bdbf1cb75658d7e1b0c11cc2d50201524db548325eec696b3d36ff8eac81fedfc8b79a26c7ae6038078a50a931d85e928a09740c3438b4047a2c6d66945d14b79981b146a5bef1dff06364e415e6c594e4f5736690694f3f7463f35aad4564b36f5101a2aa1b78eadfc7c4b74d0937cb225f161e923dee0d900cae6d8aa4879e1195708d5f7ca34339ca9774c06054f11847d55d0aeaa5fd2b499301e28eece12b9ee8c804fb770f79b84aaf35d5e70903c8433ce2ac8b6405f62a5a9669f97199be1dabe5fe80400de7e4f16da3476acaf20d65b5aa2d17f378134a15416d0d250603f7040cdf9f797332fcd7c73ee74abef3f22f15f477245439272545610f5cb28a08e674c830afff8adc288bb6586e945d4b922a98bc0f071fe5e0b88ba26114f9565adc568852217c508bccbaf024172b266e0f0c838aeafce4b425475806d2afd7b0c24e0d3a5c35d5fb9dfee56c27eb3bface895df0847310e8da15ee3d0cb4c91d8451a284330d2e8e2e217a74951a397c055c52e187226a8664d2faf6488c57bd1d6fe565a4d50cb0cfbc7ac0b9403af8a24b1d6bfb42af57e9ce5268d36c6ca071b3ac907afd2dbcb8ac42d6d253e35dcb5627912580798af5bd58f6ab36e660758d03ab6a76bf6f05b69125c17b1a90b5a90d0593350d19f59831b9d4ac0e6233d4fbf922dd700567ae8db9c34c062b18a6a9885ae2333a767c3c754e34fb9373a6a0573a7179d4b29c36883bdbae5760454046df90230d9c19eadd946eaa1f8686768cc0af4e6b3884abed6496ec413f176718b78c2ab890715db7f3aaf794a238d2120fefafd8f8903481df8a6c0e0582aee03d5a21dbbe14bba488df4194d2af391e0d474812ea2c62a3863f13b587ef8ed884c1baaf8c0ee9320fbbe1e7dc3d63dd31305342e5f75d036a55c0907221ea11d20b696ac58656fc71ffe5f9ea813c80d0df57951d7eb347db39fcd6efb1271083d5aa73216c1c93d774fdffd6b535ef55dccd82c1c0e0b80dc9c9244e821e0f59d80063f6a4c726954fdb9634f8e2d79c08f66d6ee6b1798f32b7f80831ff448c23bffef248da2ba18b5002a2282061d309180921807f05b88a17a81ed7ac97819508e3ce2336f5a5e6c0acd8a153272bd1fec65507e4dcebfa24554d9d7aef9f0bc490d845a9b2f05b9af821df90da4bb463f1f778bb1cabe6d90d89195d264c3715f43a07ede60ce770e0d73631ad6b1a83ad9217835001d4716c2c8fbf413ef227009d8c8e779ddc9aef0b1041b055d54d866a7d32015e352af0f460c84dd916e4798a3dfd2fb2410583de7f5c4747a8070768aaf37de7adfab4834871c0f3e0c832aa0bbcbffca457812892355a1eb263d9949be1b1ae11f0035b2997bc11c0633254bbb628456487e69434e7c3e46688cf2070648167d0477de25263de194b5fe03cc04f84e5fbd228acb5c17a42badf78ab341fac7e85e91b58c9b945e24c930dc67a772a3b9fea8c362182160d41050e995f49f871bf777556e5a6e75d38eaf45f87c1b989f95c582948979ccd0f102c3f65ff6dfef787b39fca67ebbd7feeda6e33ed0951a7794db429719898c50cc891718f28c2bb3fd125177c113e8e281fc77cf417bfacf3f8f3a31b80f08d5d6085497af20d891dda077329f93c7f8ddef7c83426ab56cacc29c672d83d89efdc0abebfdcb91f500b058c609aa16984c51b244f7b5d2941cc64bc667e073cf3b25f0dae42ff0f5ade70b66bb91cd861f0e77ecef06d8ff9cd41be06c9ed65034829b2be217d06f5f9087f46bace4ed14e56766cd6804cc932ff1ed334bd71e17c5eef072abee2d1c2d9d4c64550ed2d00e5c7c8f7217c84c0d18eb90f22afcf55cea63384f404c4390e5430dcee0da4fcb26186de474c56ac6d38bd43ef53a659db100050ec40f1658a298d24bf8c0e03741991a0f84ef929dbbf2c3af5d688105aee38a6946850982560c0f32ea1a8daebc866350f82681773783fa8e33d547d27ab59df11e30240966d93bb8bb51d35a52efb6a4ea7823eb9984e74ada0718456b2e4e00c856353e686edbe0f537d29e4f7a5ccc42aff2741373acbb4241616dc9e745150cf956e5b23fea5712f3d903fed844c1e99ff66eeb267c08f695ecc6d197f2c259780ed2d090ce0dfd1de8d8626e171638389d37965c68d63d6553af849f454847a004c7a70dec61486a38b871aaf03cf1563f9540f2fe4f7b3c6c29cc6797608127fdfe9684bcbd085e1241184cf78e97ceb586df617154377ddc56c17e2edaf8fca38fed117d78f4e33e3192a95e64bbf689e1b4ba4cfdf9e05b93793c51026e26952f395050e8789e44f8bd11974467ef586b9a776ce3434af413934c0d7f587f8befd1a5f9ce1cd31b405e865e2d86e3b2b892d0960cb9ce15c9ba49bf962d55a210921830cf39c7adfb844bc368886d2177c571f86831b1b0f9b7420678703fb253fbe487859dd44dd93d1b633fe43c7881277a4ef32ce90c2dab9e092d53c7307d917aca43f1c475694a23f2b82ef64a9b49fe14969ceaee94c46039a90b38e8e60daff67f7e79b705e48c5517dc6476409e0efe60307380299365cae132af3d3b0bfc84bbd59a4ad406bb7e70502dfc09ef0313830d3ce0bd6d0a64d7ede75f4d7b3b1e66314c5333cd9ee623a78c1c956d105d44870ca91d3215553c81d814272e190f4bc0d9fea81ff8ae78caaa23be0aca427be56deb2f6be560d790ab804daea8465dbd93061a2c01307244b3366f7ba5d4eef88270cc505395122cad4c5551651c8edd99f56752d4594485bff36e1365b78e27bacd5cdf0ea509ed81ef7773d4a4d272cf607d701a92fe9ef1b6f9e7e662bb6ae5b6c89ecb0c81700845df6a53230a44f0435f1d6242e3a577b2d9f288b5a44b0a09d0979834cb0e5434b30a25ef19de7f893e0f112c7c590dbcfc59aa5b38b0dfe780fd39915211334a38808866016419878ef1e827b481390e286187f58b41c2511c7c097dd7e86f00ccaabd1110a0f615432b84109d007b2ef599d4114bcb84ebe7c302e72dd3bc53b3a35981a5becfc52ab822524682b17d551a1c687a883cf3cb1fa7693f90c8a8ca32b7774ac9f7bef37c5373f89656325faf200c7dcb89e9c7885aec296ee8432370e91ec9d226b40375aec85108b68ef11f9e53167f292d7ea3b3d6b77b1adf2cbe645e301c7cb38a7e66531cf945ed89fee0b7e81d66e303b97d99fb7e2ae1889fd1a47f9e7636055eece8937522c0e8bff05fdcc86ac9fda8ccf86049579844e22347ff6be8f58e1c5af0bd283fdbfa24f29e20db8f7930800599acbc1b51a8d0e13ff90d0eb914ac5079859e89c461a2cf7b82fa6037331cfb057b8bc1a6af932bcbe74fc73bab406eb1acde32fa5acabf53adfb8f8ad9a3552d2bd5f9612c9580538fc5829ad064282ac38259fcf1c291b9b2294ee95880831394e5cffc7951aec84e14c3010a768e17c96d9cc297cd563a8487bab52bfdd13b61dff5a3ad9abd863dca2ecda7666e7e83b57b8da033de2da5d68b33f628cadb4a292cedbd1a2eea23e07dd13d77522ca1619ed8e9e700e033ae079c1f7fdf4de3c879839c32454e757b23811f04f9ffdebea48a5d3e64c0acf20f428658e40f1540b188224ddc7f2d66cdc21cd202118e203cc5abbaa9b17fba3945d49cc164ee3f17b74fded9d500f03bfce95b230438ae6305399f43ac9aeeb3c747dfa8d1e99de4692eb4c5c9c0833dcf44955feebaf33e9b992858c006e159a7c3437529b00102e60470b9d9222d84cd99fadfd1862982e5cad6f0c9146fad13980a057a3c06dc828d7a28a32ddba0cdeb30b847a4cdf3f86e01472a1a0065ef8d03f45600286e697d44de66db7a9cfdd0a01e6e4becfeeb3d81ac0951c2b61680aa5d9c5230092f2109b573ec659ba5fc288b116e0b9681f7c972a96250e448e0e4d081cd6a0a691b916e5bba3b5cfb0872e3c7d449fad932bc3ec31a0f64eb1969e1235ec6f1c7fb365d3ea2c3b612b825213517cbdfb2a7c0a0e2fe46944c65d0a8c98c990f59741008e9ddec6db3b44aefee5e242ca1a63096c1f277d33fb666e51e72538feb951b43b33b1114c91634c84c471c5ecd192f0492922b4d3b78119db028029b838dcc70483bffe6e7c41e442251ffdd0d1af70eeab4a196c54daf947c8d917b3bc6ac06e9d61318b1bfe8839b18c5cb3e254ce5bb9d9e02e3dae64633c36674938b99cd3e79d13c112febc591244322b9343c988c626b0576a135dd3a44355e2b80cdd53bcee46d867ab8d5111eac3d0ae1c2c3779d2b5ee4368f3c10073e081fd3a691b0be3561eebf6f0ca9ff5a3c922661dbe2d364e088f8e9ae55a7d9eda863f0427c8d38cd0c5187e874d8da44a20bd963f3052e07ac4b83006b6e34b98cccc6aad4c36c27c1b3c7fd4a2b2b71e94084f03c87d5788d238388d3a6c7b7c8d3fb7f0c4d15f8f244b056c3cd26dddd2a09ebe0b54a639b21fa33dd8d08a4810ae5ae32096ffd6a0d7a231be064c8473e377deff26535cb749573326179a72cdbe4dc1fdae0ae801060b3cd1ae096b4db0a48a1d899da509168ca6d28fd3ef9f2eb16b63edb5d57792ad4f12702020dcbe459c42fc3890f54951575a227292739ee05cab9f738af6171075363c72b18f27196f99b6bf7f59080231117eb2eba751a65e1434de93a24eed6e0edfb2666212ad0abc12414fef2b3c50cc25dc3a9e704d8b76d6062c1291757fa4296c52b3a1ff9a44f434f5db6bf143aa4e20975abc14d4068a0d403c4c6946e7704c6b1464f701d25a7a508b69459caa435848d7aaed0ba77e4d080f0175b6d2da1a0ea7512be890ba201025c35d3b58abefed90377488ea47b6d2bc0433f5ba96cbb4c41bbc89c889dac633aa643bfb4efce4c5737115bdc6028ea066473d1569e1b5d5d62b6de87ae2054e7057f2610aadc3bc01ecd83c2ed52f08559a5117987ba4819078db8e18c06c57906eafcf3c2859fda3c3c95c416bb4d1da8c777757f24341e48c8ba7c40bc764ef5fd94e4df02f1b5096b6d0ca42db7ee141b4be6e32954076ac6037f5621b4206b12aa47529eb1ffee694a8d0d3534dab854e94fe516f7d67f914b1272d703f6f6419c2f90b245e91f4bb888acd9ca068bc032e6d1fceb386f48ea6bb7850a8300e6abac7f249a57d8002e4297966477b34e4924d0c7baef5681b41f586dc96aae7cf3370b5a04dac78f4bc1d8ae629a34aabc8fcf50faa2777a4dbcac17a8aec0ae9d9052e98812ec809c08a06f602b27f06edb26c90ec15773992144ed5c7d8f482aa90e56ef48dc7ef3e480a065154dc94c5cee77f645abff82de268874fac937321a1e08c53db7398718dee6144f9c12cb61cc09c3c7582c3efaf9d22fd290db38e11c9c0028fa68a3ab1ad0dce702c318858b93ddfc0dab3406e704bf10b881443915dd1c3f1e1104eedcadaaeef55c49ac59605aa659b2991e061c99d9f03df710790c40e5ec4a4b325b1248850e49b5635aa9b4b78008e72480a26a5a29acd81e159c6205ae408c3844f1b9f969e1d496c2e545c53883d142578689283cc00096e88aaecfc80dff14721986d0c298bf99fc369414c47bde8f11266511ae7f4fae8944fcbbffb7d2ee80afec7f433f259257043fc782f9b643bda9160474f294946fa443bda211eb8df1d5ed73c8ec75dc49f8dc01f7658a95f592fcaae903540b4bc78b7d8e3a93fe3b4248b82a24e0aed56a4a710653b214c54210ca834bd7ab200860fad8a3f89f23e3d894467221d6fc69f972efc8e051db7fb7d26628d3b351c763ecc9916e1159e79a18c5c9facbf35df613ccc6f280f59216a1c9f2500c21e94a96d2ef76afc9432a32a167a37634bd2a99be96b69beed1614e72933e94764c5ebe12fd059b4238908e756583cb476993cccbb1cfe26a0912151c0439373584e5242e8300ee879c61417d261ff5add0512e51031061fb86008d225ec8405c321fa3608cf48b58db2cf0d1d166219b747d6c04da238a739b32fd65eedb94b6f16c07d7a14c4dea1220d952be17756c1a939a3f562143ebcb408be0bc2381264ec3a39143276344582d3145a593236c4669f2e7cbe74015e3e11966c7b533886d7d36f1a25c5274356d48baf226fe742ed9b87e71c54d8c705157ec711b302deba2d5f1d3ad70f2408505aba285c23b580d0fec4c6f94a9ded2635007e418c4b89bbd4d43efd17709e1b2c495541c05e5b092b301ea6071f925cb0dea48b01244e614f25241c16cbbb864019b18ca2844486c5946f3fca00149490fb9aea99853a8b1edd0909c9004e8077155a082a7802b3ed6b79116fb1166617f64369901feb63d689c357b74440b1ec6d7c222ea00f9afac47b1853dc335569db9ff7bbe0d8a1bac8112687c3d949cdf4a85ae8a0cb6a49ba8f393d4733a5d995354fff01ada6b983e7aa35d72ac032490462fb7ba63981f6fc23889a969dbb085542c68590259bababa77fff26334488c5a1c47b824f030a7e60a0b9a49e23b5f9686a2b7ec8bca69ffc71369e42a44624d553909edaa3b7c79a313eeeb7e08ffbdc189c6c58b4a803aaad6e296fc8830a6b9731f3992010f68a51387c4650e9c40742466e08946bba10e545a9d6c3d3fb1452a0bb7c5ede2a41d41149e2e9ce54e7a818c3101fdc7685dd43a2a0f030a7592079e776588e061963eb6a6b1f9c161d27be226fe2e5d676a6a255417c922da7b463c8864d42f28244ce5828da2056c386f48bf1c9cb1e2f3bdce51aacc217536e551ca45dd6c737c718e42a0911871bb236f20e5279c878b2045b4b773b95902d051492b6eb89076296dffce61fce09261d76dd42513eb2b13a69a4bad16b6ef90d5b50733de453e0332ffd9132421110db3c00ca17cf5c02c2c639ca052c4f2a136422be1fbaddb8263f5c4d667e373a3fcad7efd52dfcdfb312021139c231a07f3c9ad5721c0408ec7fbfdc43d742f16f0562b346d51ecea80d07f67359ab4a30e2f6efb1bf93d7ea5b289ed587fef20dce1a9a99b53965dc62a39d112b789c29e9c1d4e5d6c022ca69d7a16e7234a5a934bc4b968b1d89010797b574ded67b82c84ea0018bde9638fe051f211e2ecb02c517ac725e084dff5499418cacf948cb7a5185380be8305070761546acb1d9a8e03b8266e0903716995b3f6419b194b5eae07acc8b372ac96a7342bba426af1968ea1c7a42404ba348cc6a6241fcaa35b770a1bd69918ee490d3805ac8264ed1af161984646b16b97cfcf1398c2bb2db4585ba5a510da336679fcfff552c51d7b91ea5a6c9f0b5e2e672a652c879b3e1794bceebf9b6967650cd0b677b88b731a4d746811a9c042f1fc448a1e59bbe74bf096d32a775d7724631bdefdcc3d7c8f99f9c8fad31c9762c006ec2abda8e90e871d26133e6785494433398ee441509819d69d88f832f4b3a325aabda0a66984255cc4121dd5606475781797c201dea8b5cb95b1170233f0fc2d91b3570cf877f23f5d6b3321a97e13e67967355110bdb9a2efcbde82bd2f161a7bda0cc2bc01f38c9887f437ca281b8f755814170b624cdc5504231da7f0be7057062598977a0b62d0efc860fa4cc22ecc125c8f13526803cc0eda56e74fe3c9598ad367c6b760cede0bb2b84fbe3860d78543f61a5ea97ff83d20311ff82dfdb648f8231656a70092eae2c8794dfcd92745cee9629bebb9c0d9eaaf0001b0b9e76d57596138118152ad4facf332cb1f68bb3f577fa7489203d8eaa389dab1136e93f06d73beab7be566c665709d37a66ecf9e61a5868d747005d129a8a56a67df5c98fc351a3571086dd9870af0b167631edcc796bfbf69ca25fef85630e3ecbda25c75100e07a0d78eee95b7f68ad986019287d9ea119bcab10190f7d3b7f50930f107efacdb07f04bde0b395a992cf19f24575607c6acf55a509448339372dd62cfdc33804c5ce512ed869d9852a08239f2d5b4e8f4c288b174986633d0eae99ba6d936c87acb947a81df5deea1483424987df5ca6f973cd71f3421d5723ea272ae9f54c8564638abbfccd7c72c49a7f8a3e9c995087ea4b6ffad0cf614a2fd37107244d996078069e2d8e81d39b65679d244745299a9c7a95ebb44c301eea83b666d1bc802fe4714a32e0a03d7a108b1590de915a8f5e884622483e7b79cd2f65acc793a436c340b6f489eb58610df87e80c06829e9d82a22e1c8907354b85bcdac413874692843183661cc94cb2da79efc904a9f7c0abaaab760887fd670433ba7b86610747bf092886da3c06e173ed72419009836880f88ec2ceec7033daa2358deb8b549acf033fb0f8cdbbbb0aaf64ae74e95be20e0c25218789c5e453e946eb4db728523dcbe32e068a2a5a422efcc796f06b5a8762fd4efe73f91d2230e7547ff957081f311ed95c3d54f796c699aa01a194bb4a6bb957cd8637834fdd814b63c507d96e6d27e9e9cf14d0c559c633c4aced52065ab0da18dbd6933139e1990be51177b58a51ae798d33e963fc3180bbb547fb2b7755c31637f18dfa00e46f5490163be0cb5ceb7280b0eee2a1efcd6864e414361eba7f5a4f6f6d7e36e149442803e13ad25f215f4416adf6c5044a6b6c295a6b7ed50d40dddcab56cad75387a025ed3772101c13302e6c26a295500213d5774d9022c13c4493d64e0cd9b75bd57a9bd65a8f89b37043d352b779cc3daaf51eb0ce0b85f1ecaa696d671484ac8c9a2370eca1dd1802634bf5e66120d56f42f3033f5ceaf1ce7f239b3326ec7461f85b96557e36a99790fabc46984d5c46964c627fc5571cffa0325a5692cd3a5dfe79de27e256e01036b9cd32b346346897809ad3058e2dcaaa0e7c6c330cfc4f7871dc982a1eb8ca240ab7d9a7d7637b7c5e5ed4be8373ebbbe66c128b864901fb80a6db443d9a4271a9869dfaae045d0ebaf2d06869d18733be1603143496fe6c647e28e7928c93f5c5e7507b659bedd1db8a999da3f46122ced96d2210127e5a607f1eacef01287ee56cafc8c06920a60e71a9969403dadd0162817f1e9a45701982acd8c176b255636e2618e039fa730d4e04770890f8cbd9802d7b9d43743d89503424285f3e9f84e34d20192e944d35de1c62aa650569678fb061e781dca701fc3bb63726f8afe3011d74c6e5f7da895415283d1319db7bace1c473d8a0e1655f9220ce24c8aabad1bf0507b6863ffc85f34979d0a6049a93042e010d5cbac54c7df11c084824fc2d7933c9fd5799ffe4c9e72882b1e7464baf2e27d0ba839b8f6dae1ab0d8d352acf5cc9d27ddcd45ec603301b3c1c5b18717e96e631c266d281aba4228f667f917ec36e8e1845072cf2ef3007e6337370fc8e9875abd558765ec380721385a96bb1aedddd56a6985d7c4e1b31702a668e6411f2d508f6c86c9de850924c4b9bfa3524ed7737e69b6383d2c3300e62fd3aa5f7f6d084ddbbddf9d35d65ca796b2ae9467e6f97ccea8f8254174f63be9e64fbaa0b7c9548184a7ee3875da9371900a2500640b6743f4921efcf27bbacefdffeac4d09c6093a0e3e3aeebbd66fd2e3316bdf22ecdcfa2235b2812aacf320811e643a19450b9a0e927d0617c33f1fa80f434f360504fcdf4a968e2da776bb03f5455a83bf5b3305552f080c023ac938cd3fc7a7e6706e60b44c4cb0a610b2db93fc2f6eb16579b7ddeb71311fa8b82f43a6e1dc70a9cb1302d98d81cd2f4d4654ae9232859f62d1ae93dbbca926dff10b7a04cf2d71ba45c146fbbe2ed1ec6b9469126efc0eb10611c027c0598ac3d06e0ef237a5f4a5f67323866806872dfc2c786e5c5efe2d7ef2fdfb8c706bc072425b51b4ada1966476d312a478f66701fd0a48a5553dd3dc79514429d75114696187b19e87f53032e4e823c50a794d42179339ab98b80d6a17ad073a4d12e3d2418dafecb0f6dd1b56aec3fd479308d4bbea401765c471fd6578377514a541555420f7245d19687cd4bc23566e5ab71aae2ebb6c017523bf9bae08feb8a6a7ccdb41b4b90067f07558d9003aa9baf49855157d52b5fdc56783c12e983b52bdcecbe47898d1b12ed9ec75897c916851e87123b6b6a81cfe93f3149a11031df225d9914d67ac259daf6f211c06da1d8a99e3edf710776629b120a2f2084b63fcbcc75d3c904bd16d770942db63dcb5a2344e04f523fa0bc626a1184615ce8519abbf9b0686a2652a206d2204e1bfe4dbbd01dad0fd890617f528f746252a226218b0dbe79e4cee9b502a9582b4543de0787b535db9945062cd1b347b7010a6748267040b7191331b903cdade169d4a4c88c9375d34ca6cd3d7eeb4148e77b3bef11b3a5ad7e44f54f4527cc79b33b3093cff5f9d8c6c7664e65f5c1acc8d885a596bb56f72e140be45af6ad5c4aba785a679284a7ac33b752eaf4695d7a97b9d26033437692eaf1ffb1905ecdb8b5cd4dc3205fdbea36cc0c056f28c4dbbb110612cc159bbbaa4fc482982414288bf20e76a33140cc2df2af3df772d1e41a45658d9ab95de80e6c7defd6c539918fe3f90b8f7cbeef6c5884b627b73fb0c94e4e5db30e165cdc61fc9002f9914451c", 0x2000, &(0x7f000000ca00)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000001c00)={0x90, 0x0, 0x1, {0x1, 0x2, 0x3, 0x8, 0x9, 0xddea, {0x5, 0x2, 0xaa, 0x4, 0x800, 0xfffffffffffff801, 0x6f, 0x2, 0x80000000, 0x8000, 0x5bc1, 0x0, 0x0, 0x2, 0x8000}}}, 0x0, 0x0, 0x0, 0x0, 0x0})
pivot_root(&(0x7f0000001cc0)='./cgroup/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', &(0x7f0000007080)='./cgroup/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00')

3m23.138502041s ago: executing program 4 (id=635):
r0 = io_uring_setup(0x654e, &(0x7f0000000200)={0x0, 0xca4a, 0x40, 0x3, 0x6})
io_uring_register$IORING_REGISTER_RESTRICTIONS(r0, 0xb, &(0x7f0000001000)=[@ioring_restriction_sqe_op={0x1, 0x3218dddb870e99c8}], 0x1)
r1 = syz_open_dev$vcsa(&(0x7f0000000080), 0x800, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
setsockopt$netlink_NETLINK_NO_ENOBUFS(r2, 0x10e, 0xc, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000480)={0x1, 0x4, &(0x7f0000000400)=ANY=[@ANYBLOB="1800000001800000000000000000000060f33c6bb7f3ef46964c"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x40e00, 0x20, '\x00', 0x0, @fallback=0x1b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f00000000c0)={0xaa, 0x2})
syz_emit_ethernet(0x42, &(0x7f0000000000)=ANY=[@ANYBLOB="bbbbbbbbbbbb00000000000008004503003400000000002f9078000000007f0000010000883e002090784207000000000000d45e8030eb7f5d1ca0c2530100290000"], 0x0)
getsockopt$inet6_mreq(r1, 0x29, 0x1c, &(0x7f0000000100)={@mcast1, <r3=>0x0}, &(0x7f0000000140)=0x14)
r4 = bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000180), 0x4)
bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000280)={0x3, 0x4, 0x4, 0xa, 0x0, r1, 0x1000, '\x00', r3, r4, 0x5, 0x1, 0x3}, 0x50)

3m22.908126858s ago: executing program 4 (id=637):
r0 = getpgrp(0x0)
sched_setaffinity(r0, 0x8, &(0x7f0000000040)=0x5)
prlimit64(0x0, 0xe, &(0x7f0000000100)={0x8, 0x80000100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000000)=0x3)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
r2 = syz_clone(0x8000, 0x0, 0xfffffffffffffe7e, 0x0, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, r2, 0x1, 0x0)
r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
mmap(&(0x7f0000001000/0xc00000)=nil, 0xc00000, 0x0, 0x3032, 0xffffffffffffffff, 0x0)
sched_rr_get_interval(r1, &(0x7f0000000240))
r4 = syz_open_dev$mouse(&(0x7f00000000c0), 0x0, 0x2042)
bpf$ENABLE_STATS(0x20, 0x0, 0x0)
r5 = bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=ANY=[@ANYBLOB="1e000000000000000500000006"], 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0x2000007d, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r5, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0xf}, 0x94)
r6 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000002c0)={&(0x7f0000000700)='signal_generate\x00', r6}, 0x10)
syz_open_procfs$namespace(0x0, 0xfffffffffffffffe)
r7 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901)
mount_setattr(r7, &(0x7f0000000200)='.\x00', 0x8000, &(0x7f0000001dc0)={0x81, 0x0, 0x80000}, 0x20)
writev(r4, &(0x7f0000000000)=[{&(0x7f0000000640)="f3", 0xf000}], 0x1)
read$msr(r3, &(0x7f0000002000)=""/102400, 0x19000)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f0000000180)={0x1, &(0x7f0000000140)=[{0x8, 0xc, 0x1, 0xf}]})
r8 = add_key$user(&(0x7f0000000100), &(0x7f0000000580)={'syz', 0x3}, &(0x7f0000000400)="f4", 0x1, 0xfffffffffffffffe)
r9 = add_key$user(&(0x7f00000003c0), &(0x7f0000000440), &(0x7f00000000c0), 0xc9, 0xfffffffffffffffd)
keyctl$dh_compute(0x17, &(0x7f0000000040)={r8, r9, r9}, 0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000080)={'rmd160-generic\x00'}})

3m21.549840334s ago: executing program 4 (id=642):
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x8)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80202, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
pipe2$9p(&(0x7f0000000140)={0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x80)
write$9p(r1, &(0x7f0000000540)="33577a960f7a5f8c28bf71ea4e57a0546abfb02881a398ee318849a7e7fa7a5b5d59e74db381ee55752d10ca62df6f81d0c570d8097dbc9470577c23ece1b52f412765459503bc614c71a5125d342314cedc22bfbcacefc6ce951b1838d2728f20da33b6e5eaa1d858cdd4a7c1d0c53cec6778089a6855fca31eb6ac2d240749df47", 0x82)
r2 = openat$btrfs_control(0xffffffffffffff9c, &(0x7f00000001c0), 0x8a00, 0x0)
r3 = syz_io_uring_setup(0x49a, &(0x7f0000000400)={0x0, 0x91db, 0x0, 0x3, 0x400264, 0x0, r2}, &(0x7f0000000340)=<r4=>0x0, &(0x7f00000006c0)=<r5=>0x0)
r6 = socket(0x10, 0x2, 0x0)
r7 = socket$inet6_tcp(0xa, 0x1, 0x0)
r8 = openat$rfkill(0xffffffffffffff9c, &(0x7f0000000040), 0x20801, 0x0)
write$rfkill(r8, &(0x7f0000000080)={0x0, 0x1, 0x3, 0x1}, 0x8)
setsockopt$inet6_tcp_int(r7, 0x6, 0x13, &(0x7f0000000000)=0x100000001, 0x4)
connect$inet6(r7, &(0x7f0000000340)={0xa, 0x5, 0x0, @ipv4={'\x00', '\xff\xff', @remote}, 0xfffffdfe}, 0x1c)
setsockopt$inet6_tcp_TCP_ULP(r7, 0x6, 0x1f, &(0x7f00000000c0), 0x4)
setsockopt$inet6_tcp_TLS_TX(r7, 0x11a, 0x1, &(0x7f0000000480)=@gcm_256={{0x303}, "000200", "e123c5876ff425b1ebe250a8486be34705f4f827ae60ecb65e528248d5552bff", "7e25837b", "15d0db2c77179e1a"}, 0x38)
write$binfmt_script(r7, &(0x7f0000000500)={'#! ', './file0'}, 0xb)
getsockopt$inet6_tcp_TCP_ZEROCOPY_RECEIVE(r7, 0x6, 0x23, &(0x7f0000000280)={&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffd87}, &(0x7f0000000240)=0x40)
writev(r7, &(0x7f0000000100)=[{&(0x7f0000000a40)="fb", 0x1}], 0x1)
setsockopt$inet6_tcp_TCP_REPAIR_QUEUE(r7, 0x6, 0x14, &(0x7f0000000040)=0x1, 0x4)
close_range(r6, r7, 0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r4, 0x4, &(0x7f0000000000)=0xffb, 0x0, 0x4)
syz_io_uring_submit(r4, r5, &(0x7f00000002c0)=@IORING_OP_MSG_RING={0x28, 0x0, 0x0, r3, 0x1, 0x0, 0x0, 0x2})
r9 = socket$inet_udp(0x2, 0x2, 0x0)
listen(r9, 0x7)
io_uring_enter(r3, 0x4c6e, 0xc67a, 0xc, 0x0, 0x0)

3m6.164102851s ago: executing program 32 (id=642):
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x8)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80202, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
pipe2$9p(&(0x7f0000000140)={0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x80)
write$9p(r1, &(0x7f0000000540)="33577a960f7a5f8c28bf71ea4e57a0546abfb02881a398ee318849a7e7fa7a5b5d59e74db381ee55752d10ca62df6f81d0c570d8097dbc9470577c23ece1b52f412765459503bc614c71a5125d342314cedc22bfbcacefc6ce951b1838d2728f20da33b6e5eaa1d858cdd4a7c1d0c53cec6778089a6855fca31eb6ac2d240749df47", 0x82)
r2 = openat$btrfs_control(0xffffffffffffff9c, &(0x7f00000001c0), 0x8a00, 0x0)
r3 = syz_io_uring_setup(0x49a, &(0x7f0000000400)={0x0, 0x91db, 0x0, 0x3, 0x400264, 0x0, r2}, &(0x7f0000000340)=<r4=>0x0, &(0x7f00000006c0)=<r5=>0x0)
r6 = socket(0x10, 0x2, 0x0)
r7 = socket$inet6_tcp(0xa, 0x1, 0x0)
r8 = openat$rfkill(0xffffffffffffff9c, &(0x7f0000000040), 0x20801, 0x0)
write$rfkill(r8, &(0x7f0000000080)={0x0, 0x1, 0x3, 0x1}, 0x8)
setsockopt$inet6_tcp_int(r7, 0x6, 0x13, &(0x7f0000000000)=0x100000001, 0x4)
connect$inet6(r7, &(0x7f0000000340)={0xa, 0x5, 0x0, @ipv4={'\x00', '\xff\xff', @remote}, 0xfffffdfe}, 0x1c)
setsockopt$inet6_tcp_TCP_ULP(r7, 0x6, 0x1f, &(0x7f00000000c0), 0x4)
setsockopt$inet6_tcp_TLS_TX(r7, 0x11a, 0x1, &(0x7f0000000480)=@gcm_256={{0x303}, "000200", "e123c5876ff425b1ebe250a8486be34705f4f827ae60ecb65e528248d5552bff", "7e25837b", "15d0db2c77179e1a"}, 0x38)
write$binfmt_script(r7, &(0x7f0000000500)={'#! ', './file0'}, 0xb)
getsockopt$inet6_tcp_TCP_ZEROCOPY_RECEIVE(r7, 0x6, 0x23, &(0x7f0000000280)={&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffd87}, &(0x7f0000000240)=0x40)
writev(r7, &(0x7f0000000100)=[{&(0x7f0000000a40)="fb", 0x1}], 0x1)
setsockopt$inet6_tcp_TCP_REPAIR_QUEUE(r7, 0x6, 0x14, &(0x7f0000000040)=0x1, 0x4)
close_range(r6, r7, 0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r4, 0x4, &(0x7f0000000000)=0xffb, 0x0, 0x4)
syz_io_uring_submit(r4, r5, &(0x7f00000002c0)=@IORING_OP_MSG_RING={0x28, 0x0, 0x0, r3, 0x1, 0x0, 0x0, 0x2})
r9 = socket$inet_udp(0x2, 0x2, 0x0)
listen(r9, 0x7)
io_uring_enter(r3, 0x4c6e, 0xc67a, 0xc, 0x0, 0x0)

2m47.598655228s ago: executing program 3 (id=707):
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000380)=ANY=[@ANYBLOB="b80000001300e9990000000000000000fc000000000000000100000000000000ac1e000100000000000000000000000000000000000000000a0060", @ANYRESOCT], 0xb8}}, 0x20040014)
sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=@updpolicy={0xb8, 0x13, 0x2, 0x0, 0x25dfdbfe, {{@in6=@private0, @in=@remote, 0x0, 0x4, 0x0, 0x0, 0xa, 0x60, 0x80, 0x3b, 0x0, 0xee01}, {0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd}, {0xfffffffffffffffe}, 0x9, 0x0, 0x0, 0x0, 0x2}}, 0xb8}, 0x1, 0x0, 0x0, 0x80}, 0x50)
sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=ANY=[@ANYBLOB="b80000001300e9990000000000000000fc000000000000000100000000000000ac1e0001"], 0xb8}}, 0x0)
r1 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r1, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=ANY=[@ANYBLOB="b80000001300e9990000000000000000fc0000000000000000"], 0xb8}, 0x1, 0x0, 0x0, 0x80}, 0x0)
sendmsg$nl_xfrm(r1, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=@updpolicy={0xb8, 0x13, 0xcb23c9c9931e99e9, 0x0, 0x0, {{@in6=@private0, @in=@initdev={0xac, 0x1e, 0x0, 0x0}, 0x0, 0x0, 0x0, 0x0, 0xa, 0x40, 0x0, 0x0, 0x0, 0xee01}, {0x0, 0x0, 0xaa3, 0xfffffffffffffff8, 0x4}, {0x0, 0x8}}}, 0xb8}}, 0x0) (fail_nth: 11)

2m46.946878069s ago: executing program 3 (id=711):
setresgid(0xee00, 0xee01, 0x0)
r0 = syz_clone(0x80100000, 0x0, 0x0, 0x0, 0x0, 0x0)
r1 = syz_open_procfs(0x0, &(0x7f00000000c0)='task\x00')
fchdir(r1)
keyctl$set_reqkey_keyring(0xe, 0x0)
mount(0x0, &(0x7f0000000040)='.\x00', &(0x7f0000000000)='proc\x00', 0x10084, 0x0)
r2 = syz_open_procfs(r0, &(0x7f0000000080)='personality\x00')
pread64(r2, &(0x7f0000000400)=""/15, 0xf, 0x2)

2m46.707091934s ago: executing program 3 (id=714):
openat$udambuf(0xffffffffffffff9c, &(0x7f0000000040), 0x2)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) (async)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) (async)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) (async)
syz_genetlink_get_family_id$ethtool(0x0, 0xffffffffffffffff)
sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0)
r2 = syz_open_procfs$pagemap(0x0, &(0x7f0000000180))
ioctl$PAGEMAP_SCAN(r2, 0xc0606610, 0x0) (async)
syz_open_dev$video4linux(0x0, 0x0, 0x0) (async)
r3 = syz_open_dev$dri(&(0x7f0000000040), 0x1, 0x0)
openat$ttyS3(0xffffffffffffff9c, &(0x7f0000001840), 0x2982, 0x0) (async)
r4 = socket$pppoe(0x18, 0x1, 0x0) (async)
bind(r0, &(0x7f00000003c0)=@in6={0xa, 0x4e24, 0xcd0, @local, 0x7}, 0x80)
ioctl$DRM_IOCTL_MODE_GET_LEASE(r3, 0xc01064c8, 0x0) (async)
bpf$MAP_CREATE_RINGBUF(0x0, 0x0, 0x50) (async)
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r5, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000004c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000"], 0x7c}, 0x1, 0x0, 0x0, 0x80}, 0x0) (async)
pread64(r4, &(0x7f0000000440)=""/98, 0x62, 0xfb4) (async)
sendmsg$NFT_BATCH(r5, 0x0, 0x0)
sendmsg$NFT_MSG_GETOBJ(r5, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000080)=ANY=[@ANYBLOB="2c000000150a0102"], 0x2c}, 0x1, 0x0, 0x0, 0x800}, 0x0) (async)
socket$nl_netfilter(0x10, 0x3, 0xc) (async)
recvmmsg(r5, &(0x7f0000004f40)=[{{0x0, 0x0, 0x0}, 0xff}], 0x1, 0x40000102, 0x0) (async)
ioctl$DRM_IOCTL_MODE_PAGE_FLIP(r3, 0xc01864b0, 0x0) (async)
r6 = getpid()
process_vm_readv(r6, &(0x7f0000008400)=[{&(0x7f0000000300)=""/54, 0x7ffff000}, {&(0x7f0000006180)=""/152, 0x98}], 0x2, &(0x7f0000008640)=[{&(0x7f0000008480)=""/95, 0x7ffff000}], 0x286, 0x0)
r7 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r7, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000340)=ANY=[@ANYBLOB="5c00000002060500000000000000000007000000050001000700000009000200737957300000000014000780080006000000000008001340000000010500050002000000050004000000000010000300686173683a69702c6d616300"], 0x5c}}, 0x0) (async)
mmap(&(0x7f0000000000/0x95c000)=nil, 0x95c000, 0x2000012, 0x8c4b815a5465c2b1, 0xffffffffffffffff, 0x0)

2m42.776471952s ago: executing program 3 (id=722):
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0)
bind$bt_l2cap(r0, &(0x7f00000002c0)={0x1f, 0x0, @any, 0xfffa}, 0xe)
connect$bt_l2cap(r0, &(0x7f0000000080)={0x1f, 0x0, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}, 0x7ff}, 0xe)
writev(r0, &(0x7f0000000100)=[{&(0x7f0000000140)="1e", 0x1}], 0x1)
r1 = openat$comedi(0xffffffffffffff9c, &(0x7f0000000080)='/dev/comedi3\x00', 0x400, 0x0)
ioctl$COMEDI_DEVCONFIG(r1, 0x40946400, 0x0)
ioctl$COMEDI_DEVCONFIG(r1, 0x40946400, &(0x7f00000000c0)={'das16m1\x00', [0x4f27, 0x3, 0x10200, 0x4, 0x2, 0xcc7, 0x8, 0x7, 0x4000000b, 0x6, 0xffffffff, 0x8c, 0x1, 0x7, 0x5, 0x102, 0x2, 0x1a449, 0x3, 0x40000003, 0x89, 0xcaa7, 0x0, 0x20001e59, 0xb, 0xe69, 0x3c, 0x8, 0x2, 0x7, 0xfffffff8]})
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r2 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
recvmmsg(0xffffffffffffffff, &(0x7f0000003180)=[{{&(0x7f0000001600)=@in, 0x80, 0x0}, 0xb00}, {{&(0x7f0000001740)=@nl=@proc, 0x80, 0x0}, 0x1}], 0x2, 0x20, 0x0)
r3 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r3, &(0x7f0000000100)={0x26, 'hash\x00', 0x0, 0x0, 'streebog512\x00'}, 0x58)
r4 = accept4(r3, 0x0, 0x0, 0x0)
sendmmsg$alg(r4, &(0x7f0000000880), 0x4924924924927bd, 0x40084)
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff})
connect$unix(r5, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r6, &(0x7f0000000000), 0x400000000000041, 0x0)
recvmmsg(r5, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
socket$inet6(0xa, 0x800000000000002, 0x0)
mknodat$loop(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x20, 0x1)
mount$bind(&(0x7f0000000380)='./file0\x00', &(0x7f0000000200)='./file0\x00', 0x0, 0x2125099, 0x0)
open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901)
umount2(&(0x7f00000001c0)='./file0\x00', 0x0)
unlink(&(0x7f0000000100)='./file0\x00')

2m41.051899032s ago: executing program 3 (id=723):
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0)
bind$bt_l2cap(r0, &(0x7f00000002c0)={0x1f, 0x0, @any, 0xfffa}, 0xe)
connect$bt_l2cap(r0, &(0x7f0000000080)={0x1f, 0x0, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}, 0x7ff}, 0xe)
writev(r0, &(0x7f0000000100)=[{&(0x7f0000000140)="1e", 0x1}], 0x1)
r1 = openat$comedi(0xffffffffffffff9c, &(0x7f0000000080)='/dev/comedi3\x00', 0x400, 0x0)
ioctl$COMEDI_DEVCONFIG(r1, 0x40946400, 0x0)
ioctl$COMEDI_DEVCONFIG(r1, 0x40946400, &(0x7f00000000c0)={'das16m1\x00', [0x4f27, 0x3, 0x10200, 0x4, 0x2, 0xcc7, 0x8, 0x7, 0x4000000b, 0x6, 0xffffffff, 0x8c, 0x1, 0x7, 0x5, 0x102, 0x2, 0x1a449, 0x3, 0x40000003, 0x89, 0xcaa7, 0x0, 0x20001e59, 0xb, 0xe69, 0x3c, 0x8, 0x2, 0x7, 0xfffffff8]})
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r2 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
recvmmsg(0xffffffffffffffff, &(0x7f0000003180)=[{{&(0x7f0000001600)=@in, 0x80, 0x0}, 0xb00}, {{&(0x7f0000001740)=@nl=@proc, 0x80, 0x0}, 0x1}], 0x2, 0x20, 0x0)
r3 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r3, &(0x7f0000000100)={0x26, 'hash\x00', 0x0, 0x0, 'streebog512\x00'}, 0x58)
r4 = accept4(r3, 0x0, 0x0, 0x0)
sendmmsg$alg(r4, &(0x7f0000000880), 0x4924924924927bd, 0x40084)
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff})
connect$unix(r5, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r6, &(0x7f0000000000), 0x400000000000041, 0x0)
recvmmsg(r5, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
mknodat$loop(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x20, 0x1)
mount$bind(&(0x7f0000000380)='./file0\x00', &(0x7f0000000200)='./file0\x00', 0x0, 0x2125099, 0x0)
open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901)
umount2(&(0x7f00000001c0)='./file0\x00', 0x0)
unlink(&(0x7f0000000100)='./file0\x00')

2m38.846123408s ago: executing program 3 (id=725):
ioctl$DRM_IOCTL_PRIME_HANDLE_TO_FD(0xffffffffffffffff, 0xc00c642d, &(0x7f0000000080)={0x0, 0x0, <r0=>0xffffffffffffffff})
syz_usb_connect(0x0, 0x24, &(0x7f0000000000)={{0x12, 0x1, 0x0, 0x8e, 0x88, 0x5, 0x20, 0x8086, 0x9500, 0xb6d8, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x1, 0x0, 0x0, 0x15, 0xcc, 0x1c}}]}}]}}, 0x0)
r1 = socket$packet(0x11, 0x2, 0x300)
setsockopt$packet_int(r1, 0x107, 0x13, 0x0, 0x0)
r2 = syz_open_dev$I2C(&(0x7f0000000000), 0x1, 0x402)
ioctl$I2C_RDWR(r2, 0x707, &(0x7f0000000380)={&(0x7f0000000100)=[{0x1e, 0x10, 0x0, 0x0}], 0x1})
r3 = syz_open_dev$video(&(0x7f00000001c0), 0xa7, 0x0)
ioctl$VIDIOC_S_FMT(r3, 0xc0d05605, &(0x7f0000000080)={0x1, @pix_mp={0x8000, 0x1, 0x50424752, 0x3, 0x9, [{0x7ca9, 0x10001}, {0x54, 0x5}, {0x5, 0x7}, {0x2, 0x6}, {0x4, 0x5}, {0x2, 0x80000000}, {0x5, 0x400}, {0xc}], 0xd, 0x3, 0x3, 0x1, 0x7}})
r4 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bind$bt_hci(r4, &(0x7f0000000380)={0x1f, 0x0, 0x4}, 0x6)
ioctl$DRM_IOCTL_MODE_GETENCODER(0xffffffffffffffff, 0xc01464a6, &(0x7f0000000140)={0x0, 0x0, <r5=>0x0})
ioctl$DRM_IOCTL_MODE_GETCRTC(r0, 0xc06864a1, &(0x7f0000000280)={&(0x7f0000000100)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], 0xa, r5})
r6 = syz_open_dev$usbfs(&(0x7f00000000c0), 0x800000001fa, 0x1411c2)
r7 = socket$nl_generic(0x10, 0x3, 0x10)
r8 = syz_genetlink_get_family_id$mptcp(&(0x7f00000002c0), 0xffffffffffffffff)
sendmsg$MPTCP_PM_CMD_ADD_ADDR(r7, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000980)={&(0x7f0000000300)={0x20, r8, 0x9, 0x0, 0x0, {0x7}, [@MPTCP_PM_ATTR_ADDR={0xc, 0x1, 0x0, 0x1, [@MPTCP_PM_ADDR_ATTR_IF_IDX={0x8}]}]}, 0x20}, 0x1, 0x0, 0x0, 0x20048814}, 0x0)
r9 = dup(r6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r9, 0x0)
ioctl$EXT4_IOC_MIGRATE(r9, 0x6609)
r10 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="0200000004000000080000000100000080000000", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="000000000000000000000000b3463dc885b14d0a0000000000000000"], 0x31)
r11 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x1f, 0x18, &(0x7f00000001c0)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000000000018230000", @ANYRES32=r10, @ANYBLOB="0000000000000000b7050000080000a8c5000000a50000001801000020206405000000000004000f7b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70400000000000085000000a700000095"], &(0x7f0000000600)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x18, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000640)={r11, 0x0, 0x0, 0xfffffffffffffdf3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)

2m23.187611623s ago: executing program 33 (id=725):
ioctl$DRM_IOCTL_PRIME_HANDLE_TO_FD(0xffffffffffffffff, 0xc00c642d, &(0x7f0000000080)={0x0, 0x0, <r0=>0xffffffffffffffff})
syz_usb_connect(0x0, 0x24, &(0x7f0000000000)={{0x12, 0x1, 0x0, 0x8e, 0x88, 0x5, 0x20, 0x8086, 0x9500, 0xb6d8, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x1, 0x0, 0x0, 0x15, 0xcc, 0x1c}}]}}]}}, 0x0)
r1 = socket$packet(0x11, 0x2, 0x300)
setsockopt$packet_int(r1, 0x107, 0x13, 0x0, 0x0)
r2 = syz_open_dev$I2C(&(0x7f0000000000), 0x1, 0x402)
ioctl$I2C_RDWR(r2, 0x707, &(0x7f0000000380)={&(0x7f0000000100)=[{0x1e, 0x10, 0x0, 0x0}], 0x1})
r3 = syz_open_dev$video(&(0x7f00000001c0), 0xa7, 0x0)
ioctl$VIDIOC_S_FMT(r3, 0xc0d05605, &(0x7f0000000080)={0x1, @pix_mp={0x8000, 0x1, 0x50424752, 0x3, 0x9, [{0x7ca9, 0x10001}, {0x54, 0x5}, {0x5, 0x7}, {0x2, 0x6}, {0x4, 0x5}, {0x2, 0x80000000}, {0x5, 0x400}, {0xc}], 0xd, 0x3, 0x3, 0x1, 0x7}})
r4 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bind$bt_hci(r4, &(0x7f0000000380)={0x1f, 0x0, 0x4}, 0x6)
ioctl$DRM_IOCTL_MODE_GETENCODER(0xffffffffffffffff, 0xc01464a6, &(0x7f0000000140)={0x0, 0x0, <r5=>0x0})
ioctl$DRM_IOCTL_MODE_GETCRTC(r0, 0xc06864a1, &(0x7f0000000280)={&(0x7f0000000100)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], 0xa, r5})
r6 = syz_open_dev$usbfs(&(0x7f00000000c0), 0x800000001fa, 0x1411c2)
r7 = socket$nl_generic(0x10, 0x3, 0x10)
r8 = syz_genetlink_get_family_id$mptcp(&(0x7f00000002c0), 0xffffffffffffffff)
sendmsg$MPTCP_PM_CMD_ADD_ADDR(r7, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000980)={&(0x7f0000000300)={0x20, r8, 0x9, 0x0, 0x0, {0x7}, [@MPTCP_PM_ATTR_ADDR={0xc, 0x1, 0x0, 0x1, [@MPTCP_PM_ADDR_ATTR_IF_IDX={0x8}]}]}, 0x20}, 0x1, 0x0, 0x0, 0x20048814}, 0x0)
r9 = dup(r6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r9, 0x0)
ioctl$EXT4_IOC_MIGRATE(r9, 0x6609)
r10 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="0200000004000000080000000100000080000000", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="000000000000000000000000b3463dc885b14d0a0000000000000000"], 0x31)
r11 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x1f, 0x18, &(0x7f00000001c0)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000000000018230000", @ANYRES32=r10, @ANYBLOB="0000000000000000b7050000080000a8c5000000a50000001801000020206405000000000004000f7b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70400000000000085000000a700000095"], &(0x7f0000000600)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x18, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000640)={r11, 0x0, 0x0, 0xfffffffffffffdf3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)

1m12.636410592s ago: executing program 2 (id=879):
open(&(0x7f0000000140)='./file0\x00', 0x149442, 0x0)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000600)={0xe, 0x4, &(0x7f0000000000)=@framed={{0x18, 0x2}, [@call={0x85, 0x0, 0x0, 0x63}]}, &(0x7f0000000300)='GPL\x00', 0x5, 0x0, 0x0, 0x41100}, 0x94)
r0 = syz_open_dev$vim2m(&(0x7f0000000000), 0x0, 0x2)
ioctl$vim2m_VIDIOC_ENUM_FMT(r0, 0xc0405602, 0x0)
openat$sndtimer(0xffffffffffffff9c, 0x0, 0x0)
r1 = getpgrp(0x0)
sched_setaffinity(r1, 0x8, &(0x7f0000000040)=0x5)
prlimit64(r1, 0xe, &(0x7f00000000c0)={0x8, 0xa}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000000)=0x3)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x99a26000)
r3 = syz_clone(0x8000, 0x0, 0xfffffffffffffe7e, 0x0, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, r3, 0x1, 0x0)
r4 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r4, &(0x7f0000019680)=""/102392, 0x18ff8)
r5 = open_tree(0xffffffffffffff9c, &(0x7f0000000380)='\x00', 0x89901)
fchdir(r5)
mount_setattr(0xffffffffffffff9c, &(0x7f0000000240)='.\x00', 0x1900, &(0x7f0000001600)={0x5, 0x8, 0x20000, {r5}}, 0x20)

1m8.455852401s ago: executing program 2 (id=882):
r0 = timerfd_create(0x8, 0x0)
timerfd_settime(r0, 0x3, &(0x7f0000000140), 0x0)
r1 = epoll_create1(0x80000)
r2 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0)
r3 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000002540), 0x2, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r3, &(0x7f0000000100)={0x0, 0x18, 0xfa00, {0x1, &(0x7f0000000040)={<r4=>0xffffffffffffffff}, 0x13f, 0x4}}, 0x20)
write$RDMA_USER_CM_CMD_ACCEPT(r2, &(0x7f00000002c0)={0x8, 0x120, 0xfa00, {0x3, {0xfffffffd, 0x8, "1b4723b6be1b17e501e5b3f6802ac69eb8f21dffccbea297888469df17564edf9da96a008c43b0c1fb99aafa2db7cdbade6f6fdbf115a4f760636b4d4a521db988fc94b273d8d9a7f200fd09e8e7cb87ac6735e035e9f28f161083dfc710c235b6b65580cf6535cad1dceca37bff6f7d0eb39d5c9cf43a8255ee82b5233ad06eba4616432e00e3ac7f8404ef96388637102606a429c2d529e16a49309f4f5d96e3792137cc8d7ec38ab152fe718edab8c8d42cd556ad9606fcd027763cec719a6b3d5661d1d87ef7b6b2fdb23857cfb78d36669435d84c6558ed4cbb0ccfb54ec3fd6fd0ea80643b87937dfb5d3c3d1d333d729cb73739a90a02120dcd08645e", 0x2, 0x5, 0x5, 0x65, 0x8, 0xff, 0x1}, r4}}, 0x128)
epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, &(0x7f0000000100)={0x90000004})
mmap(&(0x7f0000ff9000/0x4000)=nil, 0x4000, 0x6, 0x810, r3, 0x5b166000)
write$RDMA_USER_CM_CMD_QUERY(r3, &(0x7f0000000600)={0x13, 0x10, 0xfa00, {&(0x7f0000000400), r4, 0x1}}, 0x18)
r5 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000180), 0x400)
ioctl$SNDRV_TIMER_IOCTL_GINFO(r5, 0xc0f85403, &(0x7f00000001c0)={{0x3, 0x3, 0x2, 0x3, 0xff}, 0x6, 0x6, 'id0\x00', 'timer0\x00', 0x0, 0x38, 0x4, 0xb, 0x80000000})
clock_adjtime(0x0, &(0x7f0000000000)={0xffff, 0x0, 0x200000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3b9ac9ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x10000000000100})

1m7.535229689s ago: executing program 2 (id=888):
r0 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, 0x0)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$NL80211_CMD_NEW_KEY(r2, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000680)={&(0x7f0000000140)={0x44, r0, 0x801, 0x70bd26, 0x3, {{}, {@val={0x8}, @void}}, [@NL80211_ATTR_KEY={0x28, 0x50, 0x0, 0x1, [@NL80211_KEY_IDX={0x5, 0x2, 0x2}, @NL80211_KEY_CIPHER={0x8, 0x3, 0xfac01}, @NL80211_KEY_DATA_WEP40={0x9, 0x1, "0fd693f959"}, @NL80211_KEY_IDX={0x5, 0x2, 0x5}]}]}, 0x44}}, 0x20000000)

1m6.347528972s ago: executing program 2 (id=891):
r0 = socket$netlink(0x10, 0x3, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x15, 0x6, &(0x7f0000000600)=ANY=[@ANYBLOB="050000000000000069111e00000000008510000002000000850000001a00000095000000000000009500a50500000000d4eae52caeb6a03d89fd2bdb77851eb7eef85cf3a8b5bd8aa7c9142c6c74e3081c7e7060a352df6e7dcf7a2b970b88a01a9a2f9cd55d54c9405efe4cfe5a8d474486c09bbe2353a80c3d71112e64177ecebd36e854504a48563f252f4f312e161b1a0cfa"], &(0x7f0000000080)='GPL\x00', 0x5, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sk_reuseport=0x27, 0xffffffffffffffff, 0x6}, 0x33)
sendmsg$nl_route_sched(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000340)=@newtaction={0x6c, 0x30, 0x1af, 0x1000, 0x0, {}, [{0x58, 0x1, [@m_nat={0x54, 0x19, 0x0, 0x0, {{0x8}, {0x2c, 0x2, 0x0, 0x1, [@TCA_NAT_PARMS={0x28, 0x1, {{0x9, 0xfc000000, 0x20000000, 0x4, 0xfffffffd}, @remote, @initdev={0xac, 0x1e, 0x3, 0x0}, 0xffffffff}}]}, {0x4}, {0xc}, {0xc, 0x8, {0x0, 0x3}}}}]}]}, 0x6c}, 0x1, 0x0, 0x0, 0x48885}, 0x84)
socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_open_procfs(0x0, &(0x7f0000000280)='ns\x00')
sendmsg$nl_generic(0xffffffffffffffff, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r2 = getpid()
sched_setaffinity(r2, 0x0, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0x0)
mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000080)='sysfs\x00', 0x1214040, 0x0)
mount$overlay(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000180), 0xc044c, &(0x7f00000006c0)={[], [], 0x2f})
syz_open_procfs(0x0, &(0x7f00000003c0)='net/netfilter\x00')
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0)
mount$tmpfs(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f00000001c0), 0x0, 0x0)
mount$bind(&(0x7f0000000040)='.\x00', &(0x7f0000000080)='./file0\x00', 0x0, 0x2a05004, 0x0)
mount$fuseblk(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x24000, 0x0)
open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901)
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000380)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x400000000000041, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r5 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000040), 0x42002)
ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r5, 0xc08c5332, &(0x7f0000000540)={0x3, 0x0, 0x0, 'queue1\x00'})
write$sndseq(r5, &(0x7f0000000000)=[{0x84, 0x77, 0x0, 0x0, @tick, {}, {}, @raw32}], 0xffc8)
ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r5, 0x4040534e, &(0x7f0000000140)={0x14f, @tick=0x7, 0x0, {}, 0xff, 0x0, 0x40})
openat2(r1, &(0x7f0000000040)='./cgroup/file0\x00', &(0x7f0000000000)={0x4400, 0x0, 0x13}, 0x18)

1m1.355821012s ago: executing program 2 (id=894):
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="180100"/15], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={0x0, r1}, 0x18)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000300)=0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000002c0)=@allocspi={0xf8, 0x16, 0x1, 0x0, 0x0, {{{@in6=@loopback, @in=@broadcast}, {@in=@dev, 0x0, 0x6c}, @in6=@mcast2}, 0x0, 0x7fff}}, 0xf8}}, 0x0)
r5 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={0x0}}, 0x4040000)
prctl$PR_SET_PTRACER(0x59616d61, 0x0)
sendmsg$key(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000004c0)=ANY=[@ANYBLOB="020a040007000000b6f1ffff0000854105001a"], 0x38}}, 0x0)
sendmsg$key(0xffffffffffffffff, &(0x7f00000001c0)={0x40000000, 0x0, &(0x7f0000000040)={&(0x7f0000000280)=ANY=[@ANYBLOB="020100090e"], 0x70}}, 0x0)
sendmmsg(r5, &(0x7f0000000180), 0x3ef, 0x0)

1m0.593695686s ago: executing program 2 (id=895):
ioctl$UI_DEV_SETUP(0xffffffffffffffff, 0x405c5503, 0x0)
syz_open_dev$tty1(0xc, 0x4, 0x1)
r0 = socket(0x10, 0x80002, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f0000000140)=ANY=[@ANYBLOB="7000000014007b0000"], 0x70}, 0x1, 0x0, 0x0, 0x20044041}, 0x0)
sendmmsg$alg(r0, &(0x7f00000000c0), 0x492492492492627, 0x0)

1m0.382009819s ago: executing program 34 (id=895):
ioctl$UI_DEV_SETUP(0xffffffffffffffff, 0x405c5503, 0x0)
syz_open_dev$tty1(0xc, 0x4, 0x1)
r0 = socket(0x10, 0x80002, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f0000000140)=ANY=[@ANYBLOB="7000000014007b0000"], 0x70}, 0x1, 0x0, 0x0, 0x20044041}, 0x0)
sendmmsg$alg(r0, &(0x7f00000000c0), 0x492492492492627, 0x0)

13.309713342s ago: executing program 0 (id=990):
pipe(&(0x7f0000000100)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
listen(r2, 0x239b3)
ioctl$int_in(r2, 0x5452, &(0x7f0000000040)=0xffffffffffff2834)
r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="12000000040000000400000012"], 0x48)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f00000048c0)={r3, &(0x7f00000047c0), &(0x7f0000004880)=@udp=r2}, 0x20)
recvmmsg(r2, &(0x7f00000030c0)=[{{0x0, 0x0, 0x0}, 0x2}, {{0x0, 0x0, &(0x7f0000000800)=[{&(0x7f0000002e40)=""/70, 0x46}], 0x1}, 0x66e}], 0x2, 0x21, 0x0)
setsockopt$inet6_tcp_int(r2, 0x6, 0x19, &(0x7f0000000740)=0x17, 0x4)
r4 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080), 0x129c81, 0x0)
ppoll(&(0x7f0000000280)=[{r4, 0x6200}], 0x1, 0x0, 0x0, 0x0)
write$binfmt_aout(r4, &(0x7f0000000040)=ANY=[], 0xff2e)
dup2(r2, r2)
bind$alg(r0, &(0x7f0000000140)={0x26, 'aead\x00', 0x0, 0x0, 'ccm_base(ecb(cipher_null),cbcmac-aes-ce)\x00'}, 0x58)
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4004044}, 0x0)
sendmsg$NFT_BATCH(r5, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f00000002c0)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a5c000000090a010400000000000000000a0000040900010073797a310000000008000540000000020900020073797a320000000008000a40fffffffc200011800e000100636f6e6e6c696d69740000000c00028008000140fffff27414000000110001"], 0x84}, 0x1, 0x0, 0x0, 0x4000850}, 0x40)
getsockopt$inet_tcp_int(r1, 0x6, 0x1b, &(0x7f00000001c0), &(0x7f0000000340)=0x4)
syz_emit_ethernet(0xfef3, &(0x7f0000000200)=ANY=[@ANYBLOB="aaaaaaaaaaaaaaaaaaaaaaaa86dd6001010005641100fe8000000000000000000000000000bbfe8000000000000000000000000000aa4e200e22006490"], 0x0)
ioctl$TCSETS(r4, 0x40045431, &(0x7f00000000c0)={0x0, 0x0, 0x7f, 0x6, 0x1, "42341f9b1000007e4f00"})
bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x1, 0x4, &(0x7f0000000400)=ANY=[@ANYBLOB="b400000000000000691085000000000004000000000000009500000000000000"], &(0x7f0000000080)='GPL\x00', 0x2, 0x3f7, &(0x7f000000cf3d)=""/195}, 0x48)
r6 = syz_open_pts(r4, 0x40000)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0xa, 0xc, &(0x7f0000000500)=ANY=[], 0x0, 0x1, 0x0, 0x0, 0x0, 0x9, '\x00', 0x0, @fallback=0x8, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8d}, 0x94)
r7 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000240)={&(0x7f0000000380)='neigh_update\x00', r7}, 0x10)
r8 = socket$inet6(0x10, 0x3, 0x0)
sendto$inet6(r8, &(0x7f00000000c0)="900000001c001f4d154a817393278bff0a80a578020000000104740014000100ac1414bb0542d6401051a2d708f37ac8da1a297e0099c5ac0000c5b068d0bf46d323456536016466fcb78dcaaf6c3efed495a46215be0000760700c0c80cefd28581d158ba86c9d2896c6d3bca2d0000000b0015009e49a6560641263da4de1df32c1739d7fbee9aa241731ae9e0b390", 0x90, 0x0, 0x0, 0x0)
dup3(r6, r4, 0x0)
splice(r4, 0x0, r1, 0x0, 0x7ffff000, 0x0)
openat$binder_debug(0xffffffffffffff9c, &(0x7f0000004340)='/sys/kernel/debug/binder/transactions\x00', 0x0, 0x0)

6.007210421s ago: executing program 1 (id=998):
r0 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000540)={'wlan0\x00', <r2=>0x0})
r3 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$NL80211_CMD_NEW_KEY(r3, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000680)={&(0x7f0000000140)={0x20, r0, 0x801, 0x70bd26, 0x3, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_KEY={0x4}]}, 0x20}}, 0x20000000)

4.050042193s ago: executing program 1 (id=999):
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x3, 0xc, &(0x7f00000003c0)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000610000001801000020646c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000001700000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000680)={r0, 0x18000000000002a0, 0xe, 0x0, &(0x7f0000000300)="b9fe130768045c8c989a14ee88a8", 0x0, 0xf5d, 0x60000000, 0x0, 0x0, 0x0, 0x0}, 0x50)
r1 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0)
connect$bt_l2cap(r1, &(0x7f0000000040)={0x1f, 0x0, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}, 0xb}, 0xe)
r2 = openat$rfkill(0xffffffffffffff9c, &(0x7f00000001c0), 0x8000, 0x0)
ioctl$RFKILL_IOCTL_NOINPUT(r2, 0x5201)
ioctl$RFKILL_IOCTL_NOINPUT(r2, 0x5201)
sendmmsg$sock(r1, &(0x7f0000008340)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000001180)=[@timestamping={{0x14, 0x1, 0x25, 0x3}}], 0x18}}], 0x4000000000002a0, 0x40004000)

4.022395622s ago: executing program 0 (id=1000):
r0 = syz_usb_connect(0x2, 0x24, &(0x7f00000007c0)=ANY=[@ANYBLOB="12010000ed3ec908cd0cb300ea2d010203010902120001000000000904"], 0x0)
syz_usb_control_io$hid(r0, 0x0, 0x0)
syz_usb_control_io$lan78xx(r0, 0x0, 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
ioctl$SIOCSIFHWADDR(0xffffffffffffffff, 0x8914, 0x0)
syz_usb_control_io$cdc_ecm(r0, 0x0, &(0x7f0000000000)={0x1c, &(0x7f0000000080)=ANY=[], 0x0, 0x0})
setitimer(0x0, &(0x7f0000000580)={{0x0, 0xea60}, {0x0, 0x2710}}, 0x0)
syz_usb_control_io$cdc_ecm(r0, 0x0, 0x0)

3.154402329s ago: executing program 1 (id=1001):
ioctl$sock_ipv6_tunnel_SIOCGETTUNNEL(0xffffffffffffffff, 0x89f0, 0x0)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYRES32=0x0], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
r1 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, r1, 0xf8a29000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r5 = openat$tcp_mem(0xffffffffffffff9c, 0x0, 0x1, 0x0)
sendfile(r5, 0xffffffffffffffff, 0x0, 0x3a)
r6 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r6, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0)
socket$qrtr(0x2a, 0x2, 0x0)
r7 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r7, 0x8933, &(0x7f0000001880)={'bond_slave_0\x00', <r8=>0x0})
sendmsg$nl_route_sched(r7, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000740)=@newqdisc={0x54, 0x24, 0x4ee4e6a52ff56541, 0x70bd2d, 0x25dfdbff, {0x0, 0x0, 0x0, r8, {0x0, 0xffff}, {0xffff, 0xffff}, {0xc, 0x2}}, [@qdisc_kind_options=@q_pie={{0x8}, {0x4}}, @TCA_STAB={0x24, 0x8, 0x0, 0x1, [{{0x1c, 0x1, {0x6, 0x9, 0x7, 0xa9, 0x1, 0x1}}, {0x4}}]}]}, 0x54}, 0x1, 0x0, 0x0, 0x4c840}, 0x800)

2.099007435s ago: executing program 1 (id=1002):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$mptcp(&(0x7f0000000000), 0xffffffffffffffff)
sendmsg$MPTCP_PM_CMD_ADD_ADDR(r0, 0x0, 0x8)

2.01527718s ago: executing program 0 (id=1003):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x8, '\x00', 0x0, 0x2}, 0x94)
r1 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, r1, 0x0)
connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
mkdir(&(0x7f0000000100)='./file0\x00', 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
socket(0x1, 0x803, 0x0)
syz_open_procfs$pagemap(0xffffffffffffffff, &(0x7f0000000080))
close(0x3)
r3 = openat$comedi(0xffffffffffffff9c, &(0x7f0000000080)='/dev/comedi3\x00', 0x400, 0x0)
ioctl$COMEDI_DEVCONFIG(r3, 0x40946400, 0x0)

2.014419185s ago: executing program 1 (id=1004):
r0 = socket$xdp(0x2c, 0x3, 0x0)
r1 = socket$inet(0x2, 0x4000000000000001, 0x0)
setsockopt$inet_int(r1, 0x0, 0x33, &(0x7f0000000080)=0x8000, 0x4)
r2 = getpgrp(0x0)
sched_setaffinity(r2, 0x8, &(0x7f0000000040)=0x5)
prlimit64(0x0, 0xe, &(0x7f0000000100)={0x8, 0x80000100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r3 = getpid()
sched_setscheduler(r3, 0x2, &(0x7f0000000000)=0x3)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
syz_clone(0x8000, 0x0, 0xfffffffffffffe7e, 0x0, 0x0, 0x0)
r4 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r4, &(0x7f0000019680)=""/102392, 0x18ff8)
sendto$inet(r1, 0x0, 0x0, 0x200007fd, &(0x7f0000000040)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x3}}, 0x10)
getsockopt$XDP_STATISTICS(r0, 0x11b, 0x8, &(0x7f0000003140), &(0x7f0000000040)=0x30)

1.671488409s ago: executing program 0 (id=1005):
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='blkio.bfq.io_wait_time_recursive\x00', 0x275a, 0x0)
socket(0x28, 0x5, 0x0)
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='cgroup.stat\x00', 0x275a, 0x0)
write$UHID_CREATE2(r0, 0x0, 0x118)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1000001, 0x12, r0, 0x0)
r1 = syz_open_dev$tty1(0xc, 0x4, 0x1)
ioctl$TIOCL_GETKMSGREDIRECT(r1, 0x541c, &(0x7f0000000000))

1.551870265s ago: executing program 0 (id=1006):
r0 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000540)={'wlan0\x00', <r2=>0x0})
r3 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$NL80211_CMD_NEW_KEY(r3, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000680)={&(0x7f0000000140)={0x20, r0, 0x801, 0x70bd26, 0x3, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_KEY={0x4}]}, 0x20}}, 0x20000000)

90.766376ms ago: executing program 1 (id=1007):
r0 = syz_usb_connect$hid(0x2, 0x36, &(0x7f0000000040)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x8, 0x28bd, 0x94, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x50, 0xb, [{{0x9, 0x4, 0x0, 0x9, 0x2, 0x3, 0x0, 0x0, 0x0, {0x9, 0x21, 0x9, 0x71, 0x1, {0x22, 0x5}}, {{{0x9, 0x5, 0x81, 0x3, 0x400, 0xff, 0x1}}}}}]}}]}}, 0x0)
syz_usb_connect(0x5, 0x6ef, &(0x7f0000000200)={{0x12, 0x1, 0x300, 0xdb, 0x80, 0x6, 0x8, 0xc52, 0x2863, 0x5dd1, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x6dd, 0x4, 0x35, 0xf7, 0x60, 0x2, [{{0x9, 0x4, 0xb1, 0x9, 0x8, 0xac, 0xab, 0xfd, 0x4, [@cdc_ncm={{0x7, 0x24, 0x6, 0x0, 0x1, "cf4e"}, {0x5, 0x24, 0x0, 0x1}, {0xd, 0x24, 0xf, 0x1, 0x0, 0x3, 0x58, 0x8}, {0x6, 0x24, 0x1a, 0xfff8, 0x48}, [@obex={0x5, 0x24, 0x15, 0xc}]}, @uac_control={{0xa, 0x24, 0x1, 0x0, 0x5}, [@processing_unit={0xd, 0x24, 0x7, 0x2, 0x5, 0x40, "a219b836a853"}, @selector_unit={0x7, 0x24, 0x5, 0x5, 0x2, "8393"}]}], [{{0x9, 0x5, 0x80, 0x3, 0x20, 0x1, 0x5, 0x9, [@generic={0x73, 0x8, "62d8eb0f016245db440ac392b75424a5e4c299a19de1bec82e0d10924ab5cec96da62786758f83dff86b6b91ac022d7967178a9e9e5512a50740015b9bc203e73264dc5724e803bd54b8dd8102d27267701dbfa4a8a453e2b4dd79b50edfed7573ba94b997881b91192295232a7877f043"}]}}, {{0x9, 0x5, 0xe, 0x0, 0x10, 0x4, 0x2, 0x9}}, {{0x9, 0x5, 0x1, 0x0, 0x8, 0x6, 0x6, 0x8, [@generic={0x71, 0x3, "78b3522998e5d00b21ae1977de4f173c438f2d2fabc22384d88d88000cee776823d6ecf86d5f23c66cd8fcbe66d29fad630943e3cf27670332821efd3564d41433a8adc2c732650195df7ec5de8b343ae03af81b36bbf3617121e1464f6b7885dbccd10bb3c64536bc6bf4164e2a17"}]}}, {{0x9, 0x5, 0x9, 0x12, 0x3ff, 0x6, 0xf}}, {{0x9, 0x5, 0x7, 0x2, 0x8, 0x2, 0x4, 0x1}}, {{0x9, 0x5, 0x0, 0x2, 0x10, 0xe4, 0x6, 0xfb}}, {{0x9, 0x5, 0xf, 0x10, 0x440, 0x6, 0x7, 0x6}}, {{0x9, 0x5, 0xb, 0x0, 0x200, 0x16, 0xf, 0x45}}]}}, {{0x9, 0x4, 0xad, 0xc6, 0x9, 0xff, 0x1, 0xec, 0xaf, [@cdc_ecm={{0x8, 0x24, 0x6, 0x0, 0x0, "14f289"}, {0x5, 0x24, 0x0, 0x8}, {0xd, 0x24, 0xf, 0x1, 0xc, 0x81, 0xd, 0xfe}, [@obex={0x5, 0x24, 0x15, 0x2}, @mdlm={0x15, 0x24, 0x12, 0x1ff}, @mdlm={0x15, 0x24, 0x12, 0x1}, @acm={0x4, 0x24, 0x2, 0x9}, @mbim_extended={0x8, 0x24, 0x1c, 0x7, 0x9a, 0xfff7}]}], [{{0x9, 0x5, 0x7, 0x10, 0x10, 0x2, 0x8, 0x78}}, {{0x9, 0x5, 0xc, 0x10, 0x400, 0xa2, 0x3, 0x3}}, {{0x9, 0x5, 0xb, 0x0, 0x440, 0x9, 0x6, 0x7, [@generic={0x52, 0x1, "da991b97df114222a7eaa1ce4f87496d658a83f0c2c0f4bf98bb11d0e6f7833223c794047a542290d4bcf0a73f328baf915093d109c8a1f184a80b13ab5440b6249e30e586a1cf1c48353cb5ada2cc45"}, @uac_iso={0x7, 0x25, 0x1, 0x80, 0xa, 0x7ff}]}}, {{0x9, 0x5, 0xb, 0x0, 0x3ff, 0x8, 0x6e, 0x8}}, {{0x9, 0x5, 0x4, 0x0, 0x40, 0x2d, 0x5, 0xfc, [@uac_iso={0x7, 0x25, 0x1, 0x81, 0x3, 0xf57e}, @uac_iso={0x7, 0x25, 0x1, 0x2, 0xf, 0xfffc}]}}, {{0x9, 0x5, 0xe, 0xc, 0x400, 0x5, 0x10, 0x0, [@generic={0x15, 0x5, "f8da20502008612ae938f27bf2f373c6412e04"}, @generic={0x33, 0x0, "02c490151a431bf0fe5f72e223c10db9ab69345242a0e47dc9a7c3e8aa0951f3db35ea670e51583cecac0597e86d38fb96"}]}}, {{0x9, 0x5, 0x7, 0x0, 0x20, 0x6, 0x0, 0x3, [@uac_iso={0x7, 0x25, 0x1, 0xfc0cffb5794488f9, 0x8, 0x6}]}}, {{0x9, 0x5, 0x0, 0x1, 0x10, 0x3, 0x6, 0x1, [@uac_iso={0x7, 0x25, 0x1, 0x0, 0x9, 0xfff8}, @uac_iso={0x7, 0x25, 0x1, 0x0, 0x7, 0x2}]}}, {{0x9, 0x5, 0x0, 0x3, 0x420, 0x9, 0x8f, 0x9, [@uac_iso={0x7, 0x25, 0x1, 0x2, 0x0, 0x2000}, @uac_iso={0x7, 0x25, 0x1, 0x4, 0x2, 0x4}]}}]}}, {{0x9, 0x4, 0xe3, 0x3, 0x8, 0x21, 0x31, 0xb5, 0x6, [], [{{0x9, 0x5, 0x6, 0x0, 0x8, 0xb4, 0xb0, 0x40}}, {{0x9, 0x5, 0x5, 0x4, 0x400, 0x9, 0x8, 0x5, [@uac_iso={0x7, 0x25, 0x1, 0x82, 0x67, 0x3ff}]}}, {{0x9, 0x5, 0x6, 0x0, 0x20, 0xf8, 0x1f, 0x44, [@generic={0xa4, 0x23, "6a2682403488f751c9e140ec81a28bf1421fe6b0b34128e6e4ca682687acfa97b6f34c8be9bdac65488d570d7c5ce2b33e23b09c6775f852672dbf7d6c47d9620db2295197669d57d3259175310a85f22880f433b9279b2131812c6441efcd6e02997e1f1ba66c61aa0ac146be630b2d206359d7a29d97bae8983c22b77e2960f9aff635b045a0de1c3b52363669879ba4bb825fb65809ba0106ccbeb83b45e01a39"}, @generic={0x91, 0x0, "05b0b64155e0a03e9f897b95a8312094eb0a9d901819a473cbb1f72b7f9b6cdcfecac61b536b3f5fd99d5b5ac1794755cd111a535de99e4e85401fa101a76d502f8b31f89f6c5cabf111b3e47e69576ea3dd1a2448c306c59525faf454c221deacb0e00b4709cdafa5de58f4c64d66f3911f18223522f86b0d9be60b529ecede722543dbd3c50949ba08679787f045"}]}}, {{0x9, 0x5, 0x7, 0xc, 0x20, 0x47, 0x0, 0x2, [@generic={0x4e, 0x31, "eacce697f7360cee20b3c4dfbd3af222b83c164f63013fed2274b6a9ccd435991be55d497ab13b3b496efb26a16c37cdaff623bdd94901faeed6f55fda62cd517e4a341e311f117de462c0bb"}, @generic={0x88, 0x31, "99a32551a7c978b9353fd0ef8dc30cee07db1a328978b2d80d1ac8705cf69410c6b32d82195b63f4205a92eaff5872455a58d5f6c0f1c67625bc9a06ddec89a9ba3a098a6fe0a52bde9f786bb05aebbc8ffc96984c5f42296e8dce7fb500f71e8cc4e7844640285fc0bb8f11d058b370a4c9d19a1441e582ddcfe3b871ac69641d9ab03e1b95"}]}}, {{0x9, 0x5, 0x1, 0x10, 0x608, 0x5, 0xd1}}, {{0x9, 0x5, 0x8d, 0x0, 0x1e7, 0x5, 0xc, 0x8}}, {{0x9, 0x5, 0x80, 0x10, 0x20, 0xbd, 0x3, 0x3, [@uac_iso={0x7, 0x25, 0x1, 0x1, 0x4, 0x3}, @generic={0x3f, 0x22, "6dc0a557ea27db20f50975a963325efb42115cadc82068df0dea16da34ad18fa81782b8859be193269c3f482e3c2da38c7308e56bac190fa2a5c19782c"}]}}, {{0x9, 0x5, 0xb, 0x0, 0x8, 0x0, 0x12, 0x4, [@uac_iso={0x7, 0x25, 0x1, 0x1, 0x1b, 0x4}, @uac_iso={0x7, 0x25, 0x1, 0x85, 0x3, 0x3}]}}]}}, {{0x9, 0x4, 0x94, 0x3, 0x3, 0x41, 0xca, 0xcb, 0x5, [], [{{0x9, 0x5, 0xe, 0x0, 0x3ff, 0x3, 0xba, 0x3, [@uac_iso={0x7, 0x25, 0x1, 0x1, 0x7f, 0x6}, @uac_iso={0x7, 0x25, 0x1, 0x82, 0x6, 0x8}]}}, {{0x9, 0x5, 0x3, 0x8, 0x8, 0xea, 0x7, 0x8, [@generic={0xf4, 0x24, "4db2daf87206e14b98fa3e0b70973928bed5a5dead2c135486102cfc94bf976dd46dc978fb02985c28cb0ce9452aac3b936e07017ee37dce7f0105764b01a5f4558df2dce988552cde6a1e18c0d56d68d6cd60f0758102d682f36b2038e51c2204aef7ebf4c7239f0405f2f3e82932e5ede16eb5413813e7a5d1e49ee17e199fa0cc47fc2e50c78b8e534790f960c6811114d38b576ad975d6c8400e82e947fa3559647fec65057d93a35e96b318bd8d4d7a11de4547632986a4003eedcaeb9c52f5fb1776db0e08f849472ae6be3d520570f4c2a8f74c494d9ea2282622149f54b3487b01976b6742f9dd790f4295d5a6b0"}]}}, {{0x9, 0x5, 0x7, 0x3, 0x400, 0xf8, 0x1}}]}}]}}]}}, &(0x7f0000000a00)={0xa, &(0x7f0000000180)={0xa, 0x6, 0x110, 0x12, 0xc2, 0x9, 0x10, 0xd}, 0x73, &(0x7f0000000900)={0x5, 0xf, 0x73, 0x5, [@generic={0x5a, 0x10, 0x2, "abe8290db996e9e2e46c094554e5fe17a47dda8044b3e05509c8f974d6aa036bac1e70c46f03c90d1101ea5cca22fc9a77b445725bc71e6cf6799003a2fd4273876f9f5536bca77289200a653ade77d03585474eb603c0"}, @ptm_cap={0x3}, @ext_cap={0x7, 0x10, 0x2, 0x2, 0x5, 0x2, 0x2}, @ptm_cap={0x3}, @ext_cap={0x7, 0x10, 0x2, 0x10, 0x6, 0x3, 0x9f6e}]}, 0x2, [{0x4, &(0x7f0000000980)=@lang_id={0x4, 0x3, 0x3c01}}, {0x4, &(0x7f00000009c0)=@lang_id={0x4, 0x3, 0x41b}}]})
syz_usb_control_io$hid(r0, 0x0, 0x0)
syz_usb_control_io(r0, &(0x7f0000000000)={0x2c, &(0x7f0000000140)={0x20, 0x22, 0x5, {0x5, 0x7, "a18265"}}, 0x0, 0x0, 0x0, 0x0}, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x22, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r1 = socket$can_raw(0x1d, 0x3, 0x1)
setsockopt(r1, 0x65, 0x1, &(0x7f0000000080), 0x1d0)
bind$can_raw(r1, &(0x7f0000000000), 0x10)
r2 = socket$can_raw(0x1d, 0x3, 0x1)
setsockopt(r2, 0x65, 0x1, &(0x7f0000000080), 0x1d0)
bind$can_raw(r2, &(0x7f00000001c0), 0x10)
r3 = syz_open_dev$ndb(&(0x7f0000000080), 0x0, 0x2044c1)
ioctl$BLKROSET(r3, 0x125d, &(0x7f00000000c0)=0x200)

0s ago: executing program 0 (id=1008):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x0, 0x0)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e20}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000400)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="180000000000faff0000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000083850000007100000095"], &(0x7f0000000300)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x23, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r3, 0x0, 0x5}, 0x18)
syz_emit_ethernet(0x56, &(0x7f0000000000)=ANY=[@ANYBLOB], 0x0)
r4 = syz_io_uring_setup(0x3a65, &(0x7f0000000700)={0x0, 0xa011, 0x10100, 0x0, 0xffffffff}, &(0x7f0000000100), &(0x7f0000000140))
io_uring_enter(r4, 0x5d66, 0x8000000, 0x0, 0x0, 0x0)
r5 = syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00')
bpf$BPF_LINK_CREATE(0x1c, &(0x7f0000000500)={r5, r3, 0x2, 0x0, @void}, 0x10)
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
close(0xffffffffffffffff)
ioctl$sock_SIOCSIFVLAN_ADD_VLAN_CMD(r1, 0x8983, 0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(0x0, 0x4, &(0x7f0000000080)=0xfffffff8, 0x0, 0x4)

kernel console output (not intermixed with test programs):

ing ep0 maxpacket: 32
[  298.695861][   T49] usb 1-1: too many endpoints for config 0 interface 0 altsetting 0: 175, using maximum allowed: 30
[  298.695889][   T49] usb 1-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 175
[  298.695910][   T49] usb 1-1: New USB device found, idVendor=0fd9, idProduct=0025, bcdDevice=29.40
[  298.695922][   T49] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  298.784711][   T49] usb 1-1: config 0 descriptor??
[  299.104319][   T49] dvb-usb: found a 'Elgato EyeTV Sat' in warm state.
[  299.800788][   T37] audit: type=1804 audit(1766601298.959:36): pid=7841 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz.1.573" name="/newroot/110/file0" dev="tmpfs" ino=610 res=1 errno=0
[  299.812445][   T49] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer.
[  299.837489][   T49] dvbdev: DVB: registering new adapter (Elgato EyeTV Sat)
[  299.837548][   T49] usb 1-1: media controller created
[  300.121170][   T49] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  300.374161][   T10] usb 2-1: new full-speed USB device number 11 using dummy_hcd
[  300.504278][   T10] usb 2-1: device descriptor read/64, error -71
[  300.584246][   T31] usb 4-1: new full-speed USB device number 14 using dummy_hcd
[  300.744227][   T10] usb 2-1: new full-speed USB device number 12 using dummy_hcd
[  300.747615][   T31] usb 4-1: unable to get BOS descriptor or descriptor too short
[  300.748243][   T31] usb 4-1: not running at top speed; connect to a high speed hub
[  300.749483][   T31] usb 4-1: config 1 has an invalid interface number: 138 but max is 0
[  300.749506][   T31] usb 4-1: config 1 has no interface number 0
[  300.749552][   T31] usb 4-1: config 1 interface 138 has no altsetting 0
[  300.800306][   T31] usb 4-1: string descriptor 0 read error: -22
[  300.800629][   T31] usb 4-1: New USB device found, idVendor=0cb8, idProduct=c90b, bcdDevice= d.ae
[  300.800643][   T31] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  300.857104][   T31] usb 4-1: Quirk or no altset; falling back to MIDI 1.0
[  300.874303][   T10] usb 2-1: device descriptor read/64, error -71
[  300.994866][   T10] usb usb2-port1: attempt power cycle
[  301.334226][   T10] usb 2-1: new full-speed USB device number 13 using dummy_hcd
[  301.354950][   T10] usb 2-1: device descriptor read/8, error -71
[  301.471308][ T6172] usb 4-1: USB disconnect, device number 14
[  301.493078][   T49] az6027: usb out operation failed. (-71)
[  301.498147][   T49] az6027: usb out operation failed. (-71)
[  301.498163][   T49] stb0899_attach: Driver disabled by Kconfig
[  301.498172][   T49] az6027: no front-end attached
[  301.498172][   T49] 
[  301.498657][   T49] az6027: usb out operation failed. (-71)
[  301.498670][   T49] dvb-usb: no frontend was attached by 'Elgato EyeTV Sat'
[  301.711310][   T49] input: IR-receiver inside an USB DVB receiver as /devices/platform/dummy_hcd.0/usb1/1-1/input/input13
[  301.719422][   T10] usb 2-1: new full-speed USB device number 14 using dummy_hcd
[  301.734905][   T10] usb 2-1: device descriptor read/8, error -71
[  301.760046][   T49] dvb-usb: schedule remote query interval to 400 msecs.
[  301.760068][   T49] dvb-usb: Elgato EyeTV Sat successfully initialized and connected.
[  301.783651][   T49] usb 1-1: USB disconnect, device number 21
[  301.818029][ T7856] netlink: 43 bytes leftover after parsing attributes in process `syz.2.577'.
[  301.846040][   T10] usb usb2-port1: unable to enumerate USB device
[  301.948055][   T49] dvb-usb: Elgato EyeTV Sat successfully deinitialized and disconnected.
[  302.318420][ T7864] pimreg: entered allmulticast mode
[  302.357953][ T7862] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[  302.359261][ T7862] netlink: 12 bytes leftover after parsing attributes in process `syz.3.579'.
[  302.411663][ T7865] netlink: 24 bytes leftover after parsing attributes in process `syz.3.579'.
[  302.693305][ T7878] tmpfs: Unknown parameter ''
[  302.754221][ T6172] usb 3-1: new high-speed USB device number 23 using dummy_hcd
[  302.884467][ T6172] usb 3-1: device descriptor read/64, error -71
[  303.124163][ T6172] usb 3-1: new high-speed USB device number 24 using dummy_hcd
[  303.144197][ T5983] usb 4-1: new full-speed USB device number 15 using dummy_hcd
[  303.163131][ T7880] mmap: syz.0.585 (7880): VmData 25841664 exceed data ulimit 0. Update limits or use boot option ignore_rlimit_data.
[  303.254330][ T6172] usb 3-1: device descriptor read/64, error -71
[  303.296832][ T5983] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  303.296858][ T5983] usb 4-1: config 1 has 0 interfaces, different from the descriptor's value: 1
[  303.299419][ T5983] usb 4-1: New USB device found, idVendor=1b40, idProduct=1c1f, bcdDevice= 0.40
[  303.299445][ T5983] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  303.299464][ T5983] usb 4-1: Product: syz
[  303.299479][ T5983] usb 4-1: Manufacturer: syz
[  303.299492][ T5983] usb 4-1: SerialNumber: syz
[  303.366572][ T6172] usb usb3-port1: attempt power cycle
[  303.619747][ T5983] usb 4-1: USB disconnect, device number 15
[  303.654279][ T7745] usb 1-1: new high-speed USB device number 22 using dummy_hcd
[  303.704841][ T6172] usb 3-1: new high-speed USB device number 25 using dummy_hcd
[  303.725908][ T6172] usb 3-1: device descriptor read/8, error -71
[  303.814519][ T7745] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  303.814553][ T7745] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  303.814594][ T7745] usb 1-1: New USB device found, idVendor=18d1, idProduct=9400, bcdDevice= 0.00
[  303.814617][ T7745] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  303.819244][ T7745] usb 1-1: config 0 descriptor??
[  303.945909][   T49] usb 2-1: new full-speed USB device number 15 using dummy_hcd
[  304.091740][ T6172] usb 3-1: new high-speed USB device number 26 using dummy_hcd
[  304.524341][ T6172] usb 3-1: device descriptor read/8, error -71
[  304.634603][ T6172] usb usb3-port1: unable to enumerate USB device
[  304.649184][    C0] [drm:vkms_crtc_handle_vblank_timeout] *ERROR* vkms failure on handling vblank
[  304.746688][   T49] usb 2-1: unable to get BOS descriptor or descriptor too short
[  304.793329][   T49] usb 2-1: not running at top speed; connect to a high speed hub
[  304.840698][   T49] usb 2-1: config 1 has an invalid interface number: 138 but max is 0
[  304.840727][   T49] usb 2-1: config 1 has no interface number 0
[  304.840863][   T49] usb 2-1: config 1 interface 138 has no altsetting 0
[  304.873223][   T49] usb 2-1: string descriptor 0 read error: -22
[  304.873588][   T49] usb 2-1: New USB device found, idVendor=0cb8, idProduct=c90b, bcdDevice= d.ae
[  304.873623][   T49] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  304.958149][ T7895] 8021q: adding VLAN 0 to HW filter on device bond0
[  304.958379][ T7895] bond0: (slave ip6tnl0): The slave device specified does not support setting the MAC address
[  304.958845][ T7895] bond0: (slave ip6tnl0): Error -95 calling set_mac_address
[  305.599504][   T49] usb 2-1: Quirk or no altset; falling back to MIDI 1.0
[  306.833158][ T7909] pimreg: entered allmulticast mode
[  306.915788][ T7745] usbhid 1-1:0.0: can't add hid device: -71
[  306.915894][ T7745] usbhid 1-1:0.0: probe with driver usbhid failed with error -71
[  306.925960][ T7745] usb 1-1: USB disconnect, device number 22
[  307.082504][ T5983] usb 2-1: USB disconnect, device number 15
[  308.693550][ T7924] netlink: 'syz.4.598': attribute type 1 has an invalid length.
[  308.749172][ T7929] binder: BINDER_SET_CONTEXT_MGR already set
[  308.749183][ T7929] binder: 7928:7929 ioctl 4018620d 200000000040 returned -16
[  308.949654][ T5920] usb 5-1: new high-speed USB device number 26 using dummy_hcd
[  309.010738][ T7938] netlink: 'syz.1.601': attribute type 1 has an invalid length.
[  309.106578][ T5920] usb 5-1: device descriptor read/64, error -71
[  309.178414][ T7938] 8021q: adding VLAN 0 to HW filter on device bond2
[  309.317670][ T5979] usb 4-1: new high-speed USB device number 16 using dummy_hcd
[  309.344228][ T5920] usb 5-1: new high-speed USB device number 27 using dummy_hcd
[  309.474205][ T5920] usb 5-1: device descriptor read/64, error -71
[  309.499855][ T7945] bond2: (slave veth3): Enslaving as an active interface with a down link
[  309.639293][ T5920] usb usb5-port1: attempt power cycle
[  309.667909][ T5979] usb 4-1: config 0 has an invalid interface number: 99 but max is 0
[  309.667938][ T5979] usb 4-1: config 0 has no interface number 0
[  309.667985][ T5979] usb 4-1: config 0 interface 99 altsetting 254 has an endpoint descriptor with address 0x99, changing to 0x89
[  309.668011][ T5979] usb 4-1: config 0 interface 99 has no altsetting 0
[  309.668043][ T5979] usb 4-1: New USB device found, idVendor=10f0, idProduct=2002, bcdDevice=f4.ce
[  309.668065][ T5979] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  309.927939][ T5979] usb 4-1: config 0 descriptor??
[  309.994315][ T5920] usb 5-1: new high-speed USB device number 28 using dummy_hcd
[  310.015227][ T5920] usb 5-1: device descriptor read/8, error -71
[  310.354188][ T5920] usb 5-1: new high-speed USB device number 29 using dummy_hcd
[  310.413875][ T7943] binder: BINDER_SET_CONTEXT_MGR already set
[  310.413890][ T7943] binder: 7942:7943 ioctl 4018620d 2000000002c0 returned -16
[  310.564207][ T5920] usb 5-1: device not accepting address 29, error -71
[  310.564691][ T5920] usb usb5-port1: unable to enumerate USB device
[  311.004803][ T5920] usb 5-1: new high-speed USB device number 30 using dummy_hcd
[  311.164147][ T5920] usb 5-1: Using ep0 maxpacket: 16
[  311.166090][ T5920] usb 5-1: config 0 has an invalid interface number: 35 but max is 0
[  311.166115][ T5920] usb 5-1: config 0 has no interface number 0
[  311.166210][ T5920] usb 5-1: config 0 interface 35 altsetting 0 has an endpoint descriptor with address 0x7A, changing to 0xA
[  311.166235][ T5920] usb 5-1: config 0 interface 35 altsetting 0 endpoint 0xA has an invalid bInterval 70, changing to 10
[  311.166259][ T5920] usb 5-1: config 0 interface 35 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  311.166282][ T5920] usb 5-1: config 0 interface 35 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7
[  311.166306][ T5920] usb 5-1: config 0 interface 35 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024
[  311.171681][ T5920] usb 5-1: New USB device found, idVendor=06cd, idProduct=0202, bcdDevice=3e.04
[  311.171762][ T5920] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  311.171783][ T5920] usb 5-1: Product: syz
[  311.171797][ T5920] usb 5-1: Manufacturer: syz
[  311.171810][ T5920] usb 5-1: SerialNumber: syz
[  311.175393][ T7979] FAULT_INJECTION: forcing a failure.
[  311.175393][ T7979] name failslab, interval 1, probability 0, space 0, times 0
[  311.175422][ T7979] CPU: 1 UID: 0 PID: 7979 Comm: syz.1.607 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[  311.175444][ T7979] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  311.175455][ T7979] Call Trace:
[  311.175462][ T7979]  <TASK>
[  311.175470][ T7979]  dump_stack_lvl+0xe8/0x150
[  311.175499][ T7979]  should_fail_ex+0x46c/0x600
[  311.175529][ T7979]  should_failslab+0xa8/0x100
[  311.175548][ T7979]  __kmalloc_cache_noprof+0x84/0x6d0
[  311.175576][ T7979]  ? binder_get_thread+0x1c8/0x6d0
[  311.175601][ T7979]  binder_get_thread+0x1c8/0x6d0
[  311.175619][ T7979]  ? tipc_sk_filtering+0x13c/0x510
[  311.175646][ T7979]  binder_poll+0x49/0x390
[  311.175665][ T7979]  ? do_select+0xf96/0x1570
[  311.175691][ T7979]  ? __pfx_binder_poll+0x10/0x10
[  311.175713][ T7979]  do_select+0xfaa/0x1570
[  311.175767][ T7979]  ? __pfx_do_select+0x10/0x10
[  311.175799][ T7979]  ? __pfx___pollwait+0x10/0x10
[  311.175829][ T7979]  ? __pfx_pollwake+0x10/0x10
[  311.175849][ T7979]  ? __pfx_pollwake+0x10/0x10
[  311.175868][ T7979]  ? __pfx_pollwake+0x10/0x10
[  311.175889][ T7979]  ? __pfx_pollwake+0x10/0x10
[  311.175952][ T7979]  core_sys_select+0x6e4/0xa20
[  311.175990][ T7979]  ? __pfx_core_sys_select+0x10/0x10
[  311.176037][ T7979]  ? __pfx_set_user_sigmask+0x10/0x10
[  311.176068][ T7979]  __se_sys_pselect6+0x27a/0x300
[  311.176102][ T7979]  ? __pfx___se_sys_pselect6+0x10/0x10
[  311.176130][ T7979]  ? __pfx_ksys_write+0x10/0x10
[  311.176158][ T7979]  ? __x64_sys_pselect6+0x21/0xf0
[  311.176189][ T7979]  do_syscall_64+0xec/0xf80
[  311.176208][ T7979]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  311.176225][ T7979]  ? trace_irq_disable+0x37/0x100
[  311.176264][ T7979]  ? clear_bhb_loop+0x60/0xb0
[  311.176286][ T7979]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  311.176304][ T7979] RIP: 0033:0x7fd791f6f749
[  311.176321][ T7979] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  311.176338][ T7979] RSP: 002b:00007fd7901ce038 EFLAGS: 00000246 ORIG_RAX: 000000000000010e
[  311.176357][ T7979] RAX: ffffffffffffffda RBX: 00007fd7921c5fa0 RCX: 00007fd791f6f749
[  311.176371][ T7979] RDX: 0000000000000000 RSI: 0000200000000100 RDI: 0000000000000040
[  311.176383][ T7979] RBP: 00007fd7901ce090 R08: 0000200000000280 R09: 0000000000000000
[  311.176396][ T7979] R10: 0000200000000240 R11: 0000000000000246 R12: 0000000000000001
[  311.176408][ T7979] R13: 00007fd7921c6038 R14: 00007fd7921c5fa0 R15: 00007ffd67b4a768
[  311.176437][ T7979]  </TASK>
[  311.555558][ T5920] usb 5-1: config 0 descriptor??
[  311.564910][ T7963] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22
[  311.911094][ T7990] FAULT_INJECTION: forcing a failure.
[  311.911094][ T7990] name failslab, interval 1, probability 0, space 0, times 0
[  311.911154][ T7990] CPU: 1 UID: 0 PID: 7990 Comm: syz.1.611 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[  311.911177][ T7990] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  311.911189][ T7990] Call Trace:
[  311.911197][ T7990]  <TASK>
[  311.911212][ T7990]  dump_stack_lvl+0xe8/0x150
[  311.911242][ T7990]  should_fail_ex+0x46c/0x600
[  311.911273][ T7990]  should_failslab+0xa8/0x100
[  311.911293][ T7990]  __kmalloc_node_track_caller_noprof+0xe2/0x810
[  311.911322][ T7990]  ? kmemdup_noprof+0x17/0x70
[  311.911342][ T7990]  ? ovs_nla_get_match+0x3b5/0x18c0
[  311.911360][ T7990]  ? ovs_nla_get_match+0x3b5/0x18c0
[  311.911383][ T7990]  kmemdup_noprof+0x2b/0x70
[  311.911407][ T7990]  ovs_nla_get_match+0x3b5/0x18c0
[  311.911426][ T7990]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  311.911456][ T7990]  ? __pfx_ovs_nla_get_match+0x10/0x10
[  311.911516][ T7990]  ovs_flow_cmd_new+0x324/0xd80
[  311.911541][ T7990]  ? rcu_is_watching+0x15/0xb0
[  311.911568][ T7990]  ? __pfx_ovs_flow_cmd_new+0x10/0x10
[  311.911655][ T7990]  ? genl_family_rcv_msg_doit+0x184/0x300
[  311.911677][ T7990]  ? __asan_memset+0x26/0x50
[  311.911704][ T7990]  genl_family_rcv_msg_doit+0x215/0x300
[  311.911730][ T7990]  ? __pfx_genl_family_rcv_msg_doit+0x10/0x10
[  311.911748][ T7990]  ? rcu_is_watching+0x15/0xb0
[  311.911777][ T7990]  ? bpf_lsm_capable+0x9/0x20
[  311.911795][ T7990]  ? security_capable+0x7e/0x2e0
[  311.911819][ T7990]  genl_rcv_msg+0x60e/0x790
[  311.911845][ T7990]  ? __pfx_genl_rcv_msg+0x10/0x10
[  311.911862][ T7990]  ? __pfx_ovs_flow_cmd_new+0x10/0x10
[  311.911891][ T7990]  ? kasan_check_range+0x9f/0x2c0
[  311.911919][ T7990]  netlink_rcv_skb+0x208/0x470
[  311.911944][ T7990]  ? __pfx_genl_rcv_msg+0x10/0x10
[  311.911964][ T7990]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  311.912012][ T7990]  genl_rcv+0x28/0x40
[  311.912028][ T7990]  netlink_unicast+0x846/0xa10
[  311.912059][ T7990]  ? __pfx_netlink_unicast+0x10/0x10
[  311.912078][ T7990]  ? netlink_sendmsg+0x6c0/0xb30
[  311.912105][ T7990]  ? __pfx___sanitizer_cov_trace_pc+0x10/0x10
[  311.912131][ T7990]  netlink_sendmsg+0x805/0xb30
[  311.912155][ T7990]  ? irqentry_exit+0x5dd/0x660
[  311.912172][ T7990]  ? rcu_is_watching+0x15/0xb0
[  311.912196][ T7990]  ? __pfx_netlink_sendmsg+0x10/0x10
[  311.912234][ T7990]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  311.912257][ T7990]  ? __pfx_netlink_sendmsg+0x10/0x10
[  311.912283][ T7990]  __sock_sendmsg+0x21c/0x270
[  311.912314][ T7990]  ____sys_sendmsg+0x508/0x810
[  311.912343][ T7990]  ? __pfx_____sys_sendmsg+0x10/0x10
[  311.912376][ T7990]  ? import_iovec+0x74/0xa0
[  311.912397][ T7990]  ___sys_sendmsg+0x21f/0x2a0
[  311.912423][ T7990]  ? __pfx____sys_sendmsg+0x10/0x10
[  311.912450][ T7990]  ? __schedule+0x1475/0x5070
[  311.912505][ T7990]  ? __fget_files+0x2a/0x420
[  311.912524][ T7990]  ? __fget_files+0x3a6/0x420
[  311.912554][ T7990]  __x64_sys_sendmsg+0x1a1/0x260
[  311.912577][ T7990]  ? irqentry_exit+0x5dd/0x660
[  311.912596][ T7990]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  311.912618][ T7990]  ? irqentry_exit+0x5dd/0x660
[  311.912659][ T7990]  do_syscall_64+0xec/0xf80
[  311.912676][ T7990]  ? rcu_is_watching+0x15/0xb0
[  311.912693][ T7990]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  311.912711][ T7990]  ? clear_bhb_loop+0x60/0xb0
[  311.912734][ T7990]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  311.912752][ T7990] RIP: 0033:0x7fd791f6f749
[  311.912769][ T7990] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  311.912786][ T7990] RSP: 002b:00007fd79018c038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  311.912806][ T7990] RAX: ffffffffffffffda RBX: 00007fd7921c6180 RCX: 00007fd791f6f749
[  311.912820][ T7990] RDX: 000000000000c000 RSI: 0000200000000000 RDI: 0000000000000006
[  311.912833][ T7990] RBP: 00007fd79018c090 R08: 0000000000000000 R09: 0000000000000000
[  311.912846][ T7990] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  311.912857][ T7990] R13: 00007fd7921c6218 R14: 00007fd7921c6180 R15: 00007ffd67b4a768
[  311.912888][ T7990]  </TASK>
[  313.874597][ T6167] IPVS: starting estimator thread 0...
[  313.965034][ T7997] IPVS: using max 16 ests per chain, 38400 per kthread
[  314.130922][ T7999] netlink: 'syz.1.614': attribute type 1 has an invalid length.
[  314.536898][ T8014] input: syz0 as /devices/virtual/input/input15
[  314.600564][ T7999] 8021q: adding VLAN 0 to HW filter on device bond3
[  314.995561][ T5979] usb 4-1: string descriptor 0 read error: -32
[  315.010634][ T5920] usb 5-1: USB disconnect, device number 30
[  315.565055][ T8001] bond3: (slave veth5): Enslaving as an active interface with a down link
[  315.697769][ T8033] overlayfs: failed to resolve './bus': -2
[  316.324984][ T8043] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  316.325374][ T8043] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  317.213343][ T1320] ieee802154 phy0 wpan0: encryption failed: -22
[  317.213384][ T1320] ieee802154 phy1 wpan1: encryption failed: -22
[  318.575336][ T8068] netlink: 'syz.2.630': attribute type 1 has an invalid length.
[  319.075198][ T8075] program syz.4.629 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  320.672650][ T8068] 8021q: adding VLAN 0 to HW filter on device bond1
[  321.020081][ T8076] bond1: (slave veth3): Enslaving as an active interface with a down link
[  322.834256][ T5983] usb 1-1: new high-speed USB device number 23 using dummy_hcd
[  322.994197][ T5983] usb 1-1: Using ep0 maxpacket: 32
[  323.005882][ T5983] usb 1-1: config 0 has an invalid interface number: 132 but max is 0
[  323.005909][ T5983] usb 1-1: config 0 has no interface number 0
[  323.005954][ T5983] usb 1-1: config 0 interface 132 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  323.008652][ T5983] usb 1-1: New USB device found, idVendor=0413, idProduct=6023, bcdDevice=ec.e5
[  323.008684][ T5983] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  323.008702][ T5983] usb 1-1: Product: syz
[  323.008715][ T5983] usb 1-1: Manufacturer: syz
[  323.008728][ T5983] usb 1-1: SerialNumber: syz
[  323.020093][ T5983] usb 1-1: config 0 descriptor??
[  323.048442][ T5983] em28xx 1-1:0.132: New device syz syz @ 480 Mbps (0413:6023, interface 132, class 132)
[  323.048478][ T5983] em28xx 1-1:0.132: Video interface 132 found: isoc
[  323.203951][ T8111] FAULT_INJECTION: forcing a failure.
[  323.203951][ T8111] name failslab, interval 1, probability 0, space 0, times 0
[  323.203972][ T8111] CPU: 1 UID: 0 PID: 8111 Comm: syz.2.643 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[  323.203984][ T8111] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  323.203991][ T8111] Call Trace:
[  323.203995][ T8111]  <TASK>
[  323.204000][ T8111]  dump_stack_lvl+0xe8/0x150
[  323.204021][ T8111]  should_fail_ex+0x46c/0x600
[  323.204038][ T8111]  should_failslab+0xa8/0x100
[  323.204055][ T8111]  __kvmalloc_node_noprof+0x181/0x940
[  323.204082][ T8111]  ? bpf_test_run_xdp_live+0x18e/0x1b20
[  323.204112][ T8111]  bpf_test_run_xdp_live+0x18e/0x1b20
[  323.204140][ T8111]  ? stack_trace_save+0x9c/0xe0
[  323.204162][ T8111]  ? __pfx_stack_trace_save+0x10/0x10
[  323.204196][ T8111]  ? __pfx_bpf_test_run_xdp_live+0x10/0x10
[  323.204219][ T8111]  ? __kasan_kmalloc+0x93/0xb0
[  323.204243][ T8111]  ? __kmalloc_noprof+0x23e/0x7e0
[  323.204267][ T8111]  ? bpf_test_init+0x9f/0x150
[  323.204288][ T8111]  ? bpf_prog_test_run_xdp+0x503/0x10e0
[  323.204311][ T8111]  ? bpf_prog_test_run+0x2cd/0x340
[  323.204364][ T8111]  ? __might_fault+0xb0/0x130
[  323.204393][ T8111]  ? __might_fault+0xb0/0x130
[  323.204425][ T8111]  ? __pfx_xdp_test_run_init_page+0x10/0x10
[  323.204460][ T8111]  ? _copy_from_user+0x94/0xb0
[  323.204478][ T8111]  ? bpf_test_init+0x113/0x150
[  323.204499][ T8111]  ? xdp_convert_md_to_buff+0x5b/0x330
[  323.204526][ T8111]  bpf_prog_test_run_xdp+0x7c0/0x10e0
[  323.204565][ T8111]  ? __pfx_bpf_prog_test_run_xdp+0x10/0x10
[  323.204594][ T8111]  ? __fget_files+0x2a/0x420
[  323.204619][ T8111]  ? __pfx_bpf_prog_test_run_xdp+0x10/0x10
[  323.204644][ T8111]  bpf_prog_test_run+0x2cd/0x340
[  323.204677][ T8111]  __sys_bpf+0x562/0x860
[  323.204700][ T8111]  ? __pfx___sys_bpf+0x10/0x10
[  323.204718][ T8111]  ? rt_mutex_slowunlock+0x1be/0x2e0
[  323.204759][ T8111]  ? ksys_write+0x230/0x260
[  323.204787][ T8111]  ? __pfx_ksys_write+0x10/0x10
[  323.204819][ T8111]  __x64_sys_bpf+0x7c/0x90
[  323.204839][ T8111]  do_syscall_64+0xec/0xf80
[  323.204858][ T8111]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  323.204875][ T8111]  ? trace_irq_disable+0x37/0x100
[  323.204895][ T8111]  ? clear_bhb_loop+0x60/0xb0
[  323.204917][ T8111]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  323.204935][ T8111] RIP: 0033:0x7fc9c0faf749
[  323.204953][ T8111] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  323.204970][ T8111] RSP: 002b:00007fc9bf216038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[  323.204990][ T8111] RAX: ffffffffffffffda RBX: 00007fc9c1205fa0 RCX: 00007fc9c0faf749
[  323.205004][ T8111] RDX: 0000000000000050 RSI: 0000200000000600 RDI: 000000000000000a
[  323.205016][ T8111] RBP: 00007fc9bf216090 R08: 0000000000000000 R09: 0000000000000000
[  323.205028][ T8111] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  323.205040][ T8111] R13: 00007fc9c1206038 R14: 00007fc9c1205fa0 R15: 00007fff19595728
[  323.205070][ T8111]  </TASK>
[  324.036244][ T5983] em28xx 1-1:0.132: unknown em28xx chip ID (0)
[  324.155376][ T5983] em28xx 1-1:0.132: failed to trigger read from i2c address 0xa0 (error=-5)
[  324.155407][ T5983] em28xx 1-1:0.132: board has no eeprom
[  324.215112][ T5983] em28xx 1-1:0.132: Identified as Leadtek Winfast USB II (card=7)
[  324.215136][ T5983] em28xx 1-1:0.132: analog set to isoc mode.
[  324.216187][ T6167] em28xx 1-1:0.132: Registering V4L2 extension
[  324.250629][ T5983] usb 1-1: USB disconnect, device number 23
[  324.251921][ T5983] em28xx 1-1:0.132: Disconnecting em28xx
[  325.445220][ T6167] em28xx 1-1:0.132: Config register raw data: 0xffffffed
[  325.445245][ T6167] em28xx 1-1:0.132: AC97 chip type couldn't be determined
[  325.445258][ T6167] em28xx 1-1:0.132: No AC97 audio processor
[  325.487951][ T6167] usb 1-1: Decoder not found
[  325.487965][ T6167] em28xx 1-1:0.132: failed to create media graph
[  325.488003][ T6167] em28xx 1-1:0.132: V4L2 device video103 deregistered
[  325.557002][ T6167] em28xx 1-1:0.132: Remote control support is not available for this card.
[  325.564263][ T5983] em28xx 1-1:0.132: Closing input extension
[  325.691152][ T5983] em28xx 1-1:0.132: Freeing device
[  326.821301][ T8145] FAULT_INJECTION: forcing a failure.
[  326.821301][ T8145] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  326.821357][ T8145] CPU: 1 UID: 0 PID: 8145 Comm: syz.2.651 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[  326.821386][ T8145] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  326.821399][ T8145] Call Trace:
[  326.821407][ T8145]  <TASK>
[  326.821415][ T8145]  dump_stack_lvl+0xe8/0x150
[  326.821445][ T8145]  should_fail_ex+0x46c/0x600
[  326.821476][ T8145]  strncpy_from_user+0x36/0x2c0
[  326.821503][ T8145]  getname_flags+0xf3/0x540
[  326.821527][ T8145]  __x64_sys_renameat2+0xad/0xe0
[  326.821549][ T8145]  do_syscall_64+0xec/0xf80
[  326.821567][ T8145]  ? rcu_is_watching+0x15/0xb0
[  326.821583][ T8145]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  326.821603][ T8145]  ? clear_bhb_loop+0x60/0xb0
[  326.821626][ T8145]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  326.821645][ T8145] RIP: 0033:0x7fc9c0faf749
[  326.821662][ T8145] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  326.821679][ T8145] RSP: 002b:00007fc9bf1d4038 EFLAGS: 00000246 ORIG_RAX: 000000000000013c
[  326.821700][ T8145] RAX: ffffffffffffffda RBX: 00007fc9c1206180 RCX: 00007fc9c0faf749
[  326.821714][ T8145] RDX: 0000000000000007 RSI: 00002000000001c0 RDI: 0000000000000007
[  326.821727][ T8145] RBP: 00007fc9bf1d4090 R08: 0000000000000000 R09: 0000000000000000
[  326.821740][ T8145] R10: 0000200000000200 R11: 0000000000000246 R12: 0000000000000001
[  326.821752][ T8145] R13: 00007fc9c1206218 R14: 00007fc9c1206180 R15: 00007fff19595728
[  326.821783][ T8145]  </TASK>
[  329.077725][ T5983] usb 4-1: USB disconnect, device number 16
[  329.368514][ T8158] netlink: 'syz.1.652': attribute type 1 has an invalid length.
[  329.368559][ T8158] netlink: 8 bytes leftover after parsing attributes in process `syz.1.652'.
[  333.861881][ T8200] FAT-fs (loop5): unable to read boot sector
[  339.600517][ T8258] FAULT_INJECTION: forcing a failure.
[  339.600517][ T8258] name failslab, interval 1, probability 0, space 0, times 0
[  339.600544][ T8258] CPU: 1 UID: 0 PID: 8258 Comm: syz.2.667 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[  339.600557][ T8258] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  339.600564][ T8258] Call Trace:
[  339.600568][ T8258]  <TASK>
[  339.600573][ T8258]  dump_stack_lvl+0xe8/0x150
[  339.600592][ T8258]  should_fail_ex+0x46c/0x600
[  339.600609][ T8258]  ? __alloc_skb+0x1dc/0x3a0
[  339.600620][ T8258]  should_failslab+0xa8/0x100
[  339.600631][ T8258]  ? __alloc_skb+0x1dc/0x3a0
[  339.600640][ T8258]  kmem_cache_alloc_node_noprof+0x8b/0x6f0
[  339.600655][ T8258]  ? lockdep_hardirqs_on+0x7b/0x110
[  339.600667][ T8258]  ? __alloc_skb+0x198/0x3a0
[  339.600678][ T8258]  __alloc_skb+0x1dc/0x3a0
[  339.600691][ T8258]  netlink_ack+0x146/0xa50
[  339.600703][ T8258]  ? __pfx_genl_rcv_msg+0x10/0x10
[  339.600713][ T8258]  ? __pfx_nl80211_pre_doit+0x10/0x10
[  339.600723][ T8258]  ? __pfx_nl80211_post_doit+0x10/0x10
[  339.600733][ T8258]  ? __lock_acquire+0x6b6/0x2cf0
[  339.600753][ T8258]  netlink_rcv_skb+0x28c/0x470
[  339.600766][ T8258]  ? __pfx_genl_rcv_msg+0x10/0x10
[  339.600776][ T8258]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  339.600797][ T8258]  ? netlink_deliver_tap+0x2e/0x1b0
[  339.600809][ T8258]  ? netlink_deliver_tap+0x2e/0x1b0
[  339.600824][ T8258]  genl_rcv+0x28/0x40
[  339.600832][ T8258]  netlink_unicast+0x846/0xa10
[  339.600848][ T8258]  ? __pfx_netlink_unicast+0x10/0x10
[  339.600859][ T8258]  ? __alloc_skb+0x198/0x3a0
[  339.600870][ T8258]  ? netlink_sendmsg+0x642/0xb30
[  339.600882][ T8258]  ? skb_put+0x11b/0x210
[  339.600895][ T8258]  netlink_sendmsg+0x805/0xb30
[  339.600913][ T8258]  ? __pfx_netlink_sendmsg+0x10/0x10
[  339.600930][ T8258]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  339.600944][ T8258]  ? __pfx_netlink_sendmsg+0x10/0x10
[  339.600957][ T8258]  __sock_sendmsg+0x21c/0x270
[  339.600975][ T8258]  ____sys_sendmsg+0x508/0x810
[  339.600990][ T8258]  ? __pfx_____sys_sendmsg+0x10/0x10
[  339.601007][ T8258]  ? import_iovec+0x74/0xa0
[  339.601019][ T8258]  ___sys_sendmsg+0x21f/0x2a0
[  339.601032][ T8258]  ? __pfx____sys_sendmsg+0x10/0x10
[  339.601063][ T8258]  ? __fget_files+0x2a/0x420
[  339.601073][ T8258]  ? __fget_files+0x3a6/0x420
[  339.601088][ T8258]  __x64_sys_sendmsg+0x1a1/0x260
[  339.601102][ T8258]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  339.601120][ T8258]  ? __pfx_ksys_write+0x10/0x10
[  339.601139][ T8258]  do_syscall_64+0xec/0xf80
[  339.601152][ T8258]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  339.601162][ T8258]  ? trace_irq_disable+0x37/0x100
[  339.601174][ T8258]  ? clear_bhb_loop+0x60/0xb0
[  339.601186][ T8258]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  339.601196][ T8258] RIP: 0033:0x7fc9c0faf749
[  339.601206][ T8258] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  339.601215][ T8258] RSP: 002b:00007fc9bf216038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  339.601227][ T8258] RAX: ffffffffffffffda RBX: 00007fc9c1205fa0 RCX: 00007fc9c0faf749
[  339.601234][ T8258] RDX: 22ebf5fc018f6bde RSI: 0000200000000180 RDI: 0000000000000003
[  339.601241][ T8258] RBP: 00007fc9bf216090 R08: 0000000000000000 R09: 0000000000000000
[  339.601248][ T8258] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  339.601255][ T8258] R13: 00007fc9c1206038 R14: 00007fc9c1205fa0 R15: 00007fff19595728
[  339.601272][ T8258]  </TASK>
[  340.666125][ T8272] FAULT_INJECTION: forcing a failure.
[  340.666125][ T8272] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  340.666157][ T8272] CPU: 0 UID: 0 PID: 8272 Comm: syz.1.674 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[  340.666188][ T8272] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  340.666200][ T8272] Call Trace:
[  340.666208][ T8272]  <TASK>
[  340.666216][ T8272]  dump_stack_lvl+0xe8/0x150
[  340.666247][ T8272]  should_fail_ex+0x46c/0x600
[  340.666276][ T8272]  _copy_to_user+0x31/0xb0
[  340.666298][ T8272]  simple_read_from_buffer+0xe1/0x170
[  340.666322][ T8272]  proc_fail_nth_read+0x1b6/0x220
[  340.666352][ T8272]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  340.666382][ T8272]  ? rw_verify_area+0x2ac/0x4e0
[  340.666407][ T8272]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  340.666435][ T8272]  vfs_read+0x206/0xa30
[  340.666467][ T8272]  ? __pfx_vfs_read+0x10/0x10
[  340.666495][ T8272]  ? _raw_spin_unlock_irqrestore+0x30/0x80
[  340.666515][ T8272]  ? lockdep_hardirqs_on+0x7b/0x110
[  340.666533][ T8272]  ? _raw_spin_unlock_irqrestore+0x4c/0x80
[  340.666553][ T8272]  ? mutex_lock_nested+0x154/0x1d0
[  340.666575][ T8272]  ? fdget_pos+0x253/0x320
[  340.666601][ T8272]  ksys_read+0x14b/0x260
[  340.666623][ T8272]  ? __fget_files+0x3a6/0x420
[  340.666643][ T8272]  ? __pfx_ksys_read+0x10/0x10
[  340.666666][ T8272]  ? __pfx_binder_ioctl+0x10/0x10
[  340.666695][ T8272]  do_syscall_64+0xec/0xf80
[  340.666714][ T8272]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  340.666732][ T8272]  ? trace_irq_disable+0x37/0x100
[  340.666752][ T8272]  ? clear_bhb_loop+0x60/0xb0
[  340.666774][ T8272]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  340.666793][ T8272] RIP: 0033:0x7fd791f6e15c
[  340.666809][ T8272] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[  340.666826][ T8272] RSP: 002b:00007fd7901ce030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  340.666846][ T8272] RAX: ffffffffffffffda RBX: 00007fd7921c5fa0 RCX: 00007fd791f6e15c
[  340.666861][ T8272] RDX: 000000000000000f RSI: 00007fd7901ce0a0 RDI: 0000000000000006
[  340.666874][ T8272] RBP: 00007fd7901ce090 R08: 0000000000000000 R09: 0000000000000000
[  340.666885][ T8272] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  340.666897][ T8272] R13: 00007fd7921c6038 R14: 00007fd7921c5fa0 R15: 00007ffd67b4a768
[  340.666928][ T8272]  </TASK>
[  342.678261][ T8277] bridge_slave_0: default FDB implementation only supports local addresses
[  343.353276][   T37] audit: type=1804 audit(1766601343.099:37): pid=8294 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz.3.680" name="/newroot/143/file0" dev="tmpfs" ino=776 res=1 errno=0
[  345.526548][ T8314] MTD: Couldn't look up './file0': -15
[  345.535782][ T5805] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1
[  345.563274][ T5805] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9
[  345.581917][ T5805] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9
[  345.585727][ T5805] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4
[  345.586601][ T5805] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2
[  345.663683][ T8300] Failed to get privilege flags for destination (handle=0x2:0x25)
[  346.477467][ T8325] hub 6-0:1.0: USB hub found
[  346.478715][ T8325] hub 6-0:1.0: 1 port detected
[  347.684682][ T5817] Bluetooth: hci5: command tx timeout
[  347.717924][ T8332] faux_driver vgem: [drm] Unknown color mode 181; guessing buffer size.
[  349.426966][ T8334] netlink: 184 bytes leftover after parsing attributes in process `syz.0.687'.
[  349.765744][ T5817] Bluetooth: hci5: command tx timeout
[  350.139346][ T8347] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  350.480727][ T8358] input: syz0 as /devices/virtual/input/input18
[  350.574957][ T6048] usb 3-1: new high-speed USB device number 27 using dummy_hcd
[  350.699001][ T8364] netlink: 28 bytes leftover after parsing attributes in process `syz.1.688'.
[  350.734181][ T6048] usb 3-1: Using ep0 maxpacket: 32
[  350.737542][ T6048] usb 3-1: config 0 has no interfaces?
[  350.742464][ T6048] usb 3-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  350.742489][ T6048] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  350.742508][ T6048] usb 3-1: Product: syz
[  350.742520][ T6048] usb 3-1: Manufacturer: syz
[  350.742533][ T6048] usb 3-1: SerialNumber: syz
[  350.786958][ T6048] usb 3-1: config 0 descriptor??
[  350.789568][ T6174] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  351.005351][ T5983] usb 3-1: USB disconnect, device number 27
[  351.237532][ T6174] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  351.589866][ T6174] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  351.752710][ T8256] chnl_net:caif_netlink_parms(): no params data found
[  351.774380][ T5983] usb 1-1: new high-speed USB device number 24 using dummy_hcd
[  351.906419][ T5817] Bluetooth: hci5: command tx timeout
[  352.514260][ T5983] usb 1-1: Using ep0 maxpacket: 32
[  352.517395][ T5983] usb 1-1: unable to get BOS descriptor or descriptor too short
[  352.519152][ T5983] usb 1-1: config 241 has an invalid interface number: 213 but max is 0
[  352.519177][ T5983] usb 1-1: config 241 has no interface number 0
[  352.519223][ T5983] usb 1-1: config 241 interface 213 has no altsetting 0
[  352.522519][ T5983] usb 1-1: New USB device found, idVendor=0408, idProduct=3090, bcdDevice=15.61
[  352.522545][ T5983] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  352.522564][ T5983] usb 1-1: Product: syz
[  352.522577][ T5983] usb 1-1: Manufacturer: syz
[  352.522590][ T5983] usb 1-1: SerialNumber: syz
[  353.314126][ T8400] FAULT_INJECTION: forcing a failure.
[  353.314126][ T8400] name failslab, interval 1, probability 0, space 0, times 0
[  353.314152][ T8400] CPU: 0 UID: 0 PID: 8400 Comm: syz.1.698 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[  353.314164][ T8400] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  353.314171][ T8400] Call Trace:
[  353.314176][ T8400]  <TASK>
[  353.314181][ T8400]  dump_stack_lvl+0xe8/0x150
[  353.314200][ T8400]  should_fail_ex+0x46c/0x600
[  353.314217][ T8400]  should_failslab+0xa8/0x100
[  353.314229][ T8400]  __kmalloc_node_track_caller_noprof+0xe2/0x810
[  353.314245][ T8400]  ? dh_data_from_key+0x1aa/0x280
[  353.314260][ T8400]  kmemdup_noprof+0x2b/0x70
[  353.314273][ T8400]  dh_data_from_key+0x1aa/0x280
[  353.314285][ T8400]  __keyctl_dh_compute+0x2f0/0xca0
[  353.314297][ T8400]  ? __pfx___schedule+0x10/0x10
[  353.314319][ T8400]  ? __pfx___keyctl_dh_compute+0x10/0x10
[  353.314334][ T8400]  ? lockdep_hardirqs_on+0x7b/0x110
[  353.314344][ T8400]  ? irqentry_exit+0x5dd/0x660
[  353.314363][ T8400]  ? rep_movs_alternative+0x33/0x90
[  353.314378][ T8400]  keyctl_dh_compute+0x109/0x160
[  353.314392][ T8400]  ? __pfx_keyctl_dh_compute+0x10/0x10
[  353.314411][ T8400]  __se_sys_keyctl+0x423/0x910
[  353.314427][ T8400]  ? __pfx___se_sys_keyctl+0x10/0x10
[  353.314448][ T8400]  ? irqentry_exit+0x5dd/0x660
[  353.314458][ T8400]  ? lockdep_hardirqs_on+0x7b/0x110
[  353.314467][ T8400]  ? irqentry_exit+0x5dd/0x660
[  353.314485][ T8400]  ? __x64_sys_keyctl+0x20/0xc0
[  353.314500][ T8400]  do_syscall_64+0xec/0xf80
[  353.314510][ T8400]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  353.314520][ T8400]  ? clear_bhb_loop+0x60/0xb0
[  353.314532][ T8400]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  353.314542][ T8400] RIP: 0033:0x7fd791f6f749
[  353.314552][ T8400] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  353.314566][ T8400] RSP: 002b:00007fd7901ad038 EFLAGS: 00000246 ORIG_RAX: 00000000000000fa
[  353.314578][ T8400] RAX: ffffffffffffffda RBX: 00007fd7921c6090 RCX: 00007fd791f6f749
[  353.314585][ T8400] RDX: 0000200000000480 RSI: 0000200000000040 RDI: 0000000000000017
[  353.314592][ T8400] RBP: 00007fd7901ad090 R08: 00002000000001c0 R09: 0000000000000000
[  353.314599][ T8400] R10: 00000000000000fa R11: 0000000000000246 R12: 0000000000000001
[  353.314605][ T8400] R13: 00007fd7921c6128 R14: 00007fd7921c6090 R15: 00007ffd67b4a768
[  353.314621][ T8400]  </TASK>
[  353.912978][ T8405] netlink: 28 bytes leftover after parsing attributes in process `syz.2.702'.
[  354.005185][ T5817] Bluetooth: hci5: command tx timeout
[  354.105725][ T5983] uvcvideo 1-1:241.213: Found UVC 0.00 device syz (0408:3090)
[  354.105766][ T5983] uvcvideo 1-1:241.213: No valid video chain found.
[  354.111099][ T5983] usb 1-1: USB disconnect, device number 24
[  354.156836][ T6174] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  354.454759][ T8414] netlink: 'syz.3.704': attribute type 1 has an invalid length.
[  356.965365][ T8256] bridge0: port 1(bridge_slave_0) entered blocking state
[  356.965635][ T8256] bridge0: port 1(bridge_slave_0) entered disabled state
[  356.965834][ T8256] bridge_slave_0: entered allmulticast mode
[  356.968297][ T8256] bridge_slave_0: entered promiscuous mode
[  357.043408][ T8256] bridge0: port 2(bridge_slave_1) entered blocking state
[  357.043630][ T8256] bridge0: port 2(bridge_slave_1) entered disabled state
[  357.043844][ T8256] bridge_slave_1: entered allmulticast mode
[  357.049276][ T8256] bridge_slave_1: entered promiscuous mode
[  357.105621][ T8429] FAULT_INJECTION: forcing a failure.
[  357.105621][ T8429] name failslab, interval 1, probability 0, space 0, times 0
[  357.105654][ T8429] CPU: 0 UID: 0 PID: 8429 Comm: syz.3.707 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[  357.105676][ T8429] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  357.105688][ T8429] Call Trace:
[  357.105696][ T8429]  <TASK>
[  357.105704][ T8429]  dump_stack_lvl+0xe8/0x150
[  357.105736][ T8429]  should_fail_ex+0x46c/0x600
[  357.105765][ T8429]  ? __alloc_skb+0x1dc/0x3a0
[  357.105787][ T8429]  should_failslab+0xa8/0x100
[  357.105807][ T8429]  ? __alloc_skb+0x1dc/0x3a0
[  357.105825][ T8429]  kmem_cache_alloc_node_noprof+0x8b/0x6f0
[  357.105853][ T8429]  ? lockdep_hardirqs_on+0x7b/0x110
[  357.105874][ T8429]  ? __alloc_skb+0x198/0x3a0
[  357.105895][ T8429]  __alloc_skb+0x1dc/0x3a0
[  357.105920][ T8429]  pfkey_send_policy_notify+0x145/0x990
[  357.105945][ T8429]  ? __pfx_pfkey_send_policy_notify+0x10/0x10
[  357.105967][ T8429]  km_policy_notify+0x121/0x200
[  357.105987][ T8429]  ? km_policy_notify+0x28/0x200
[  357.106011][ T8429]  xfrm_add_policy+0x4c7/0x800
[  357.106039][ T8429]  ? __pfx_xfrm_add_policy+0x10/0x10
[  357.106068][ T8429]  ? __nla_parse+0x40/0x60
[  357.106099][ T8429]  xfrm_user_rcv_msg+0x7a3/0xab0
[  357.106128][ T8429]  ? __pfx_xfrm_user_rcv_msg+0x10/0x10
[  357.106185][ T8429]  ? __lock_acquire+0x6b6/0x2cf0
[  357.106216][ T8429]  ? ref_tracker_free+0x61e/0x7c0
[  357.106241][ T8429]  ? __asan_memcpy+0x40/0x70
[  357.106264][ T8429]  ? __pfx_ref_tracker_free+0x10/0x10
[  357.106293][ T8429]  ? __skb_clone+0x63/0x7a0
[  357.106323][ T8429]  netlink_rcv_skb+0x208/0x470
[  357.106349][ T8429]  ? __pfx_xfrm_user_rcv_msg+0x10/0x10
[  357.106373][ T8429]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  357.106410][ T8429]  ? _raw_spin_unlock_irqrestore+0x4c/0x80
[  357.106430][ T8429]  ? mutex_lock_nested+0x154/0x1d0
[  357.106453][ T8429]  ? xfrm_netlink_rcv+0x6a/0x90
[  357.106478][ T8429]  xfrm_netlink_rcv+0x79/0x90
[  357.106500][ T8429]  netlink_unicast+0x846/0xa10
[  357.106531][ T8429]  ? __pfx_netlink_unicast+0x10/0x10
[  357.106552][ T8429]  ? __alloc_skb+0x198/0x3a0
[  357.106573][ T8429]  ? netlink_sendmsg+0x642/0xb30
[  357.106596][ T8429]  ? skb_put+0x11b/0x210
[  357.106621][ T8429]  netlink_sendmsg+0x805/0xb30
[  357.106656][ T8429]  ? __pfx_netlink_sendmsg+0x10/0x10
[  357.106689][ T8429]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  357.106714][ T8429]  ? __pfx_netlink_sendmsg+0x10/0x10
[  357.106741][ T8429]  __sock_sendmsg+0x21c/0x270
[  357.106773][ T8429]  ____sys_sendmsg+0x508/0x810
[  357.106802][ T8429]  ? __pfx_____sys_sendmsg+0x10/0x10
[  357.106835][ T8429]  ? import_iovec+0x74/0xa0
[  357.106857][ T8429]  ___sys_sendmsg+0x21f/0x2a0
[  357.106883][ T8429]  ? __pfx____sys_sendmsg+0x10/0x10
[  357.106943][ T8429]  ? __fget_files+0x2a/0x420
[  357.106963][ T8429]  ? __fget_files+0x3a6/0x420
[  357.106993][ T8429]  __x64_sys_sendmsg+0x1a1/0x260
[  357.107020][ T8429]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  357.107059][ T8429]  ? __pfx_ksys_write+0x10/0x10
[  357.107097][ T8429]  do_syscall_64+0xec/0xf80
[  357.107116][ T8429]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  357.107134][ T8429]  ? trace_irq_disable+0x37/0x100
[  357.107155][ T8429]  ? clear_bhb_loop+0x60/0xb0
[  357.107178][ T8429]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  357.107197][ T8429] RIP: 0033:0x7f23f9d2f749
[  357.107213][ T8429] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  357.107230][ T8429] RSP: 002b:00007f23f7f96038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  357.107251][ T8429] RAX: ffffffffffffffda RBX: 00007f23f9f85fa0 RCX: 00007f23f9d2f749
[  357.107265][ T8429] RDX: 0000000000000000 RSI: 0000200000000580 RDI: 0000000000000004
[  357.107283][ T8429] RBP: 00007f23f7f96090 R08: 0000000000000000 R09: 0000000000000000
[  357.107295][ T8429] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  357.107306][ T8429] R13: 00007f23f9f86038 R14: 00007f23f9f85fa0 R15: 00007ffca4154b08
[  357.107339][ T8429]  </TASK>
[  357.184562][ T8433] netlink: 24 bytes leftover after parsing attributes in process `syz.0.710'.
[  357.619224][ T8438] netlink: 28 bytes leftover after parsing attributes in process `syz.2.712'.
[  357.793356][ T8256] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  357.831489][ T8256] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  357.865719][ T8449] netlink: 8 bytes leftover after parsing attributes in process `syz.1.706'.
[  357.919482][ T8454] netlink: 8 bytes leftover after parsing attributes in process `syz.1.706'.
[  358.287741][ T6174] bridge_slave_1: left allmulticast mode
[  358.287863][ T6174] bridge_slave_1: left promiscuous mode
[  358.296607][ T6174] bridge0: port 2(bridge_slave_1) entered disabled state
[  358.388267][ T6174] bridge_slave_0: left allmulticast mode
[  358.388288][ T6174] bridge_slave_0: left promiscuous mode
[  358.388437][ T6174] bridge0: port 1(bridge_slave_0) entered disabled state
[  358.890481][   T37] audit: type=1804 audit(1766601358.639:38): pid=8466 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz.2.718" name="/newroot/151/file0" dev="tmpfs" ino=827 res=1 errno=0
[  365.167294][ T8493] netlink: 28 bytes leftover after parsing attributes in process `syz.2.724'.
[  365.745053][ T6174] geneve0 (unregistering): left promiscuous mode
[  365.769284][ T6174] team0: Port device geneve0 removed
[  365.915032][ T7745] usb 4-1: new high-speed USB device number 17 using dummy_hcd
[  366.084241][ T7745] usb 4-1: Using ep0 maxpacket: 32
[  366.086368][ T7745] usb 4-1: config 0 has an invalid interface number: 1 but max is 0
[  366.086392][ T7745] usb 4-1: config 0 has no interface number 0
[  366.088565][ T7745] usb 4-1: New USB device found, idVendor=8086, idProduct=9500, bcdDevice=b6.d8
[  366.088590][ T7745] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  366.088608][ T7745] usb 4-1: Product: syz
[  366.088616][ T7745] usb 4-1: Manufacturer: syz
[  366.088623][ T7745] usb 4-1: SerialNumber: syz
[  366.091405][ T7745] usb 4-1: config 0 descriptor??
[  366.095350][ T7745] usb 4-1: dvb_usb_v2: found a 'Intel CE9500 reference design' in warm state
[  366.095383][ T7745] usb 4-1: selecting invalid altsetting 1
[  366.095398][ T7745] usb 4-1: dvb_usb_ce6230: usb_set_interface() failed=-22
[  366.101095][ T7745] usb 4-1: dvb_usb_v2: will pass the complete MPEG2 transport stream to the software demuxer
[  366.101804][ T7745] dvbdev: DVB: registering new adapter (Intel CE9500 reference design)
[  366.101857][ T7745] usb 4-1: media controller created
[  366.140023][ T7745] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  366.774965][ T6174] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  366.835047][ T6174] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  366.877413][ T6174] bond0 (unregistering): Released all slaves
[  367.287881][ T7745] usb 4-1: dvb_usb_ce6230: usb_control_msg() failed=-110
[  367.287936][ T7745] zl10353_read_register: readreg error (reg=127, ret==-110)
[  367.727029][ T6174] bond1 (unregistering): (slave dummy0): Releasing active interface
[  367.773512][ T6174] bond1 (unregistering): Released all slaves
[  367.858547][ T8454] syz_tun: refused to change device tx_queue_len
[  368.050789][ T8256] team0: Port device team_slave_0 added
[  368.054282][ T8256] team0: Port device team_slave_1 added
[  368.509299][ T8516] sctp: [Deprecated]: syz.0.732 (pid 8516) Use of struct sctp_assoc_value in delayed_ack socket option.
[  368.509299][ T8516] Use struct sctp_sack_info instead
[  368.534416][ T8256] batman_adv: batadv0: Adding interface: batadv_slave_0
[  368.534432][ T8256] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  368.534456][ T8256] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  369.252053][   T37] audit: type=1804 audit(1766601369.009:39): pid=8517 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz.1.728" name="/newroot/147/file0" dev="tmpfs" ino=822 res=1 errno=0
[  369.459253][ T5979] usb 1-1: new high-speed USB device number 25 using dummy_hcd
[  369.494576][ T8256] batman_adv: batadv0: Adding interface: batadv_slave_1
[  369.494589][ T8256] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  369.494604][ T8256] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  369.638968][ T5979] usb 1-1: device descriptor read/64, error -71
[  369.925238][ T5979] usb 1-1: new high-speed USB device number 26 using dummy_hcd
[  370.637848][ T8256] hsr_slave_0: entered promiscuous mode
[  370.640239][ T8256] hsr_slave_1: entered promiscuous mode
[  370.641239][ T8256] debugfs: 'hsr0' already exists in 'hsr'
[  370.641264][ T8256] Cannot create hsr debugfs directory
[  370.744222][ T5979] usb 1-1: device descriptor read/64, error -71
[  370.854537][ T5979] usb usb1-port1: attempt power cycle
[  371.223573][ T5979] usb 1-1: new high-speed USB device number 27 using dummy_hcd
[  371.239776][ T5979] usb 1-1: device descriptor read/8, error -71
[  371.441208][ T8534] netlink: 24 bytes leftover after parsing attributes in process `syz.2.737'.
[  371.474171][ T5979] usb 1-1: new high-speed USB device number 28 using dummy_hcd
[  371.477355][ T8534] IPVS: Error connecting to the multicast addr
[  371.495731][ T5979] usb 1-1: device descriptor read/8, error -71
[  371.604549][ T5979] usb usb1-port1: unable to enumerate USB device
[  371.904439][ T8539] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  372.034251][ T8544] netlink: 28 bytes leftover after parsing attributes in process `syz.2.739'.
[  374.042316][ T5807] usb 2-1: new full-speed USB device number 16 using dummy_hcd
[  374.256846][ T5807] usb 2-1: New USB device found, idVendor=1d50, idProduct=60a1, bcdDevice=a1.4f
[  374.256884][ T5807] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  374.256901][ T5807] usb 2-1: Product: syz
[  374.256914][ T5807] usb 2-1: Manufacturer: syz
[  374.256927][ T5807] usb 2-1: SerialNumber: syz
[  374.260452][ T8256] netdevsim netdevsim5 netdevsim0: renamed from eth0
[  374.294888][ T5807] usb 2-1: config 0 descriptor??
[  374.422543][ T8256] netdevsim netdevsim5 netdevsim1: renamed from eth1
[  374.694464][ T6174] hsr_slave_0: left promiscuous mode
[  374.719415][   T37] audit: type=1804 audit(1766601374.479:40): pid=8564 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz.2.744" name="/newroot/163/file0" dev="tmpfs" ino=889 res=1 errno=0
[  374.722928][ T8555] netlink: 'syz.1.742': attribute type 6 has an invalid length.
[  374.755736][ T6174] hsr_slave_1: left promiscuous mode
[  374.763361][ T6174] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  374.763497][ T6174] batman_adv: batadv0: Removing interface: batadv_slave_0
[  374.990891][ T6174] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  374.990920][ T6174] batman_adv: batadv0: Removing interface: batadv_slave_1
[  375.202177][ T5817] Bluetooth: hci2: unexpected event for opcode 0x2060
[  375.309039][ T6174] veth1_macvtap: left promiscuous mode
[  375.313633][ T6174] veth0_macvtap: left promiscuous mode
[  375.325168][ T6174] veth1_vlan: left promiscuous mode
[  375.336303][ T6174] veth0_vlan: left promiscuous mode
[  375.526253][ T5807] airspy 2-1:0.0: usb_control_msg() failed -110 request 0a
[  375.526282][ T5807] airspy 2-1:0.0: Could not detect board
[  375.526387][ T5807] airspy 2-1:0.0: probe with driver airspy failed with error -110
[  375.914681][ T6174] pimreg (unregistering): left allmulticast mode
[  376.028376][ T5921] usb 2-1: USB disconnect, device number 16
[  376.292952][ T8582] netlink: 28 bytes leftover after parsing attributes in process `syz.0.752'.
[  378.649745][ T1320] ieee802154 phy0 wpan0: encryption failed: -22
[  378.649814][ T1320] ieee802154 phy1 wpan1: encryption failed: -22
[  378.712552][ T5921] usb 3-1: new low-speed USB device number 28 using dummy_hcd
[  378.865830][ T5921] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  378.865884][ T5921] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x8D has invalid maxpacket 200, setting to 8
[  378.865900][ T5921] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  378.865911][ T5921] usb 3-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  378.865933][ T5921] usb 3-1: New USB device found, idVendor=05ac, idProduct=8215, bcdDevice=8f.58
[  378.865945][ T5921] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  378.868515][ T5921] usb 3-1: config 0 descriptor??
[  378.869194][ T8592] raw-gadget.1 gadget.2: fail, usb_ep_enable returned -22
[  379.092744][   T31] usb 3-1: USB disconnect, device number 28
[  379.795809][ T6174] team_slave_1 (unregistering): left promiscuous mode
[  379.836852][ T6174] team0 (unregistering): Port device team_slave_1 removed
[  379.994837][ T6174] team_slave_0 (unregistering): left promiscuous mode
[  380.014714][ T6174] team0 (unregistering): Port device team_slave_0 removed
[  381.509834][ T5805] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[  381.513300][ T5805] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[  381.544936][ T5805] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[  381.558604][ T5805] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[  381.559375][ T5805] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[  382.074693][ T8595] netlink: 'syz.2.755': attribute type 13 has an invalid length.
[  382.086136][ T8256] netdevsim netdevsim5 netdevsim2: renamed from eth2
[  382.125245][ T8577] netlink: 65051 bytes leftover after parsing attributes in process `syz.1.749'.
[  382.140487][ T8256] netdevsim netdevsim5 netdevsim3: renamed from eth3
[  382.450303][ T8614] Invalid source name
[  382.474358][ T8618] netlink: 4 bytes leftover after parsing attributes in process `syz.1.759'.
[  382.560847][ T8620] netlink: 12 bytes leftover after parsing attributes in process `syz.1.759'.
[  383.434576][ T8626] netlink: 4 bytes leftover after parsing attributes in process `syz.0.761'.
[  383.439353][ T8626] netlink: 12 bytes leftover after parsing attributes in process `syz.0.761'.
[  383.614557][ T5805] Bluetooth: hci3: command tx timeout
[  383.695036][ T8632] FAULT_INJECTION: forcing a failure.
[  383.695036][ T8632] name failslab, interval 1, probability 0, space 0, times 0
[  383.695086][ T8632] CPU: 1 UID: 0 PID: 8632 Comm: syz.0.761 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[  383.695108][ T8632] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  383.695123][ T8632] Call Trace:
[  383.695133][ T8632]  <TASK>
[  383.695141][ T8632]  dump_stack_lvl+0xe8/0x150
[  383.695166][ T8632]  should_fail_ex+0x46c/0x600
[  383.695188][ T8632]  ? __alloc_skb+0x1dc/0x3a0
[  383.695214][ T8632]  should_failslab+0xa8/0x100
[  383.695232][ T8632]  ? __alloc_skb+0x1dc/0x3a0
[  383.695248][ T8632]  kmem_cache_alloc_node_noprof+0x8b/0x6f0
[  383.695273][ T8632]  ? lockdep_hardirqs_on+0x7b/0x110
[  383.695294][ T8632]  ? __alloc_skb+0x198/0x3a0
[  383.695313][ T8632]  __alloc_skb+0x1dc/0x3a0
[  383.695336][ T8632]  netlink_sendmsg+0x5c6/0xb30
[  383.695368][ T8632]  ? __pfx_netlink_sendmsg+0x10/0x10
[  383.695399][ T8632]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  383.695423][ T8632]  ? __pfx_netlink_sendmsg+0x10/0x10
[  383.695447][ T8632]  __sock_sendmsg+0x21c/0x270
[  383.695476][ T8632]  ____sys_sendmsg+0x508/0x810
[  383.695505][ T8632]  ? __pfx_____sys_sendmsg+0x10/0x10
[  383.695537][ T8632]  ? import_iovec+0x74/0xa0
[  383.695557][ T8632]  ___sys_sendmsg+0x21f/0x2a0
[  383.695581][ T8632]  ? __pfx____sys_sendmsg+0x10/0x10
[  383.695629][ T8632]  ? __fget_files+0x2a/0x420
[  383.695645][ T8632]  ? __fget_files+0x3a6/0x420
[  383.695661][ T8632]  __x64_sys_sendmsg+0x1a1/0x260
[  383.695675][ T8632]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  383.695692][ T8632]  ? __pfx_ksys_write+0x10/0x10
[  383.695711][ T8632]  do_syscall_64+0xec/0xf80
[  383.695721][ T8632]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  383.695731][ T8632]  ? trace_irq_disable+0x37/0x100
[  383.695743][ T8632]  ? clear_bhb_loop+0x60/0xb0
[  383.695755][ T8632]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  383.695765][ T8632] RIP: 0033:0x7feda000f749
[  383.695775][ T8632] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  383.695784][ T8632] RSP: 002b:00007fed9e22c038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  383.695796][ T8632] RAX: ffffffffffffffda RBX: 00007feda0266180 RCX: 00007feda000f749
[  383.695804][ T8632] RDX: 0000000000000000 RSI: 0000200000000140 RDI: 0000000000000003
[  383.695810][ T8632] RBP: 00007fed9e22c090 R08: 0000000000000000 R09: 0000000000000000
[  383.695817][ T8632] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  383.695823][ T8632] R13: 00007feda0266218 R14: 00007feda0266180 R15: 00007fff855a9998
[  383.695839][ T8632]  </TASK>
[  383.709717][ T8256] 8021q: adding VLAN 0 to HW filter on device bond0
[  384.400130][ T8256] 8021q: adding VLAN 0 to HW filter on device team0
[  384.456921][ T1809] bridge0: port 1(bridge_slave_0) entered blocking state
[  384.467353][ T1809] bridge0: port 1(bridge_slave_0) entered forwarding state
[  384.510049][ T1809] bridge0: port 2(bridge_slave_1) entered blocking state
[  384.510236][ T1809] bridge0: port 2(bridge_slave_1) entered forwarding state
[  384.714209][ T5979] usb 3-1: new high-speed USB device number 29 using dummy_hcd
[  385.654131][ T5979] usb 3-1: Using ep0 maxpacket: 8
[  385.656213][ T5979] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  385.656263][ T5979] usb 3-1: New USB device found, idVendor=2801, idProduct=0201, bcdDevice=2a.d5
[  385.656286][ T5979] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  385.661075][ T5979] usb 3-1: config 0 descriptor??
[  385.694622][ T5805] Bluetooth: hci3: command tx timeout
[  385.722465][ T5979] uvcvideo 3-1:0.0: probe with driver uvcvideo failed with error -22
[  385.903858][ T5979] usb 3-1: USB disconnect, device number 29
[  387.524219][ T5985] usb 2-1: new high-speed USB device number 17 using dummy_hcd
[  387.737127][ T8657] nbd: must specify at least one socket
[  387.764176][ T5805] Bluetooth: hci3: command tx timeout
[  388.609519][ T6174] IPVS: stop unused estimator thread 0...
[  390.480269][ T5805] Bluetooth: hci3: command tx timeout
[  392.029509][ T8678] netlink: 'syz.1.774': attribute type 1 has an invalid length.
[  392.029531][ T8678] netlink: 'syz.1.774': attribute type 3 has an invalid length.
[  392.029544][ T8678] netlink: 224 bytes leftover after parsing attributes in process `syz.1.774'.
[  392.031517][ T5805] Bluetooth: unknown link type 108
[  392.031592][ T5805] Bluetooth: hci0: connection err: -111
[  392.179028][ T8256] 8021q: adding VLAN 0 to HW filter on device batadv0
[  392.193276][ T8603] chnl_net:caif_netlink_parms(): no params data found
[  392.944206][ T5985] usb 2-1: device descriptor read/64, error -71
[  393.052952][ T5920] IPVS: starting estimator thread 0...
[  393.134222][ T8686] IPVS: using max 9 ests per chain, 21600 per kthread
[  393.141969][ T8692] ip6_tunnel: non-ECT from fc02:0000:0000:0000:0000:0000:0000:0000 with DS=0x1
[  393.214754][ T5985] usb 2-1: new high-speed USB device number 18 using dummy_hcd
[  393.291944][ T8699] netlink: 12 bytes leftover after parsing attributes in process `syz.0.777'.
[  393.366295][ T5985] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  393.366328][ T5985] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  393.366363][ T5985] usb 2-1: New USB device found, idVendor=1d34, idProduct=000a, bcdDevice= 0.00
[  393.366385][ T5985] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  393.371116][ T5985] usb 2-1: config 0 descriptor??
[  393.431768][ T8699] bond1: entered promiscuous mode
[  393.432325][ T8699] 8021q: adding VLAN 0 to HW filter on device bond1
[  393.667250][ T8703] 8021q: adding VLAN 0 to HW filter on device bond1
[  393.667681][ T8703] bond1: (slave vti0): The slave device specified does not support setting the MAC address
[  393.668826][ T8703] bond1: (slave vti0): Error -95 calling set_mac_address
[  393.754803][ T8603] bridge0: port 1(bridge_slave_0) entered blocking state
[  393.755391][ T8603] bridge0: port 1(bridge_slave_0) entered disabled state
[  393.756048][ T8603] bridge_slave_0: entered allmulticast mode
[  393.760733][ T8603] bridge_slave_0: entered promiscuous mode
[  393.840070][ T8603] bridge0: port 2(bridge_slave_1) entered blocking state
[  393.840270][ T8603] bridge0: port 2(bridge_slave_1) entered disabled state
[  393.840500][ T8603] bridge_slave_1: entered allmulticast mode
[  393.842735][ T8603] bridge_slave_1: entered promiscuous mode
[  393.995000][ T5985] hid-led 0003:1D34:000A.0011: hidraw0: USB HID v0.00 Device [HID 1d34:000a] on usb-dummy_hcd.1-1/input0
[  394.045111][ T5985] hid-led 0003:1D34:000A.0011: Dream Cheeky Webmail Notifier initialized
[  394.149442][ T8603] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  394.180323][ T8603] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  394.372792][ T8603] team0: Port device team_slave_0 added
[  394.382973][ T8603] team0: Port device team_slave_1 added
[  394.694345][ T5985] usb 3-1: new high-speed USB device number 30 using dummy_hcd
[  394.905057][ T8603] batman_adv: batadv0: Adding interface: batadv_slave_0
[  394.905075][ T8603] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  394.905101][ T8603] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  394.914171][ T5985] usb 3-1: Using ep0 maxpacket: 16
[  394.936241][ T5985] usb 3-1: config 0 has 1 interface, different from the descriptor's value: 2
[  394.936288][ T5985] usb 3-1: too many endpoints for config 0 interface 0 altsetting 231: 229, using maximum allowed: 30
[  394.936325][ T5985] usb 3-1: config 0 interface 0 altsetting 231 has 0 endpoint descriptors, different from the interface descriptor's value: 229
[  394.936351][ T5985] usb 3-1: config 0 interface 0 has no altsetting 1
[  394.938958][ T5985] usb 3-1: New USB device found, idVendor=046d, idProduct=08f0, bcdDevice=97.0d
[  394.938984][ T5985] usb 3-1: New USB device strings: Mfr=99, Product=242, SerialNumber=132
[  394.939003][ T5985] usb 3-1: Product: syz
[  394.939015][ T5985] usb 3-1: Manufacturer: syz
[  394.939029][ T5985] usb 3-1: SerialNumber: syz
[  394.944601][ T5985] usb 3-1: config 0 descriptor??
[  394.949673][ T5985] usb-storage 3-1:0.0: USB Mass Storage device detected
[  395.084188][ T5985] gspca_main: STV06xx-2.14.0 probing 046d:08f0
[  395.084334][ T5985] gspca_stv06xx: st6422 sensor detected
[  395.136874][ T8603] batman_adv: batadv0: Adding interface: batadv_slave_1
[  395.136892][ T8603] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  395.136919][ T8603] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  395.155003][ T8710] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  395.156585][ T8710] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  395.174355][ T8256] veth0_vlan: entered promiscuous mode
[  395.345114][ T6172] usb 2-1: USB disconnect, device number 18
[  395.360472][ T5985] STV06xx 3-1:0.0: probe with driver STV06xx failed with error -71
[  395.384629][ T5985] usb 3-1: USB disconnect, device number 30
[  395.423923][ T8720] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration
[  395.781597][ T8603] hsr_slave_0: entered promiscuous mode
[  395.783227][ T8603] hsr_slave_1: entered promiscuous mode
[  395.795648][ T8603] debugfs: 'hsr0' already exists in 'hsr'
[  395.795675][ T8603] Cannot create hsr debugfs directory
[  395.801519][ T8256] veth1_vlan: entered promiscuous mode
[  396.797858][    C1] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration
[  397.261238][ T8733] FAULT_INJECTION: forcing a failure.
[  397.261238][ T8733] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  397.261271][ T8733] CPU: 0 UID: 0 PID: 8733 Comm: syz.2.787 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[  397.261292][ T8733] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  397.261304][ T8733] Call Trace:
[  397.261311][ T8733]  <TASK>
[  397.261319][ T8733]  dump_stack_lvl+0xe8/0x150
[  397.261349][ T8733]  should_fail_ex+0x46c/0x600
[  397.261380][ T8733]  strncpy_from_user+0x36/0x2c0
[  397.261407][ T8733]  path_removexattrat+0xe0/0x690
[  397.261432][ T8733]  ? bpf_trace_run2+0x186/0x4c0
[  397.261454][ T8733]  ? __pfx_path_removexattrat+0x10/0x10
[  397.261509][ T8733]  ? __might_fault+0xb0/0x130
[  397.261544][ T8733]  ? rcu_is_watching+0x15/0xb0
[  397.261563][ T8733]  ? trace_sys_enter+0x25/0xf0
[  397.261593][ T8733]  __x64_sys_lremovexattr+0x65/0x80
[  397.261618][ T8733]  do_syscall_64+0xec/0xf80
[  397.261637][ T8733]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  397.261657][ T8733]  ? trace_irq_disable+0x37/0x100
[  397.261676][ T8733]  ? clear_bhb_loop+0x60/0xb0
[  397.261699][ T8733]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  397.261718][ T8733] RIP: 0033:0x7fc9c0faf749
[  397.261734][ T8733] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  397.261751][ T8733] RSP: 002b:00007fc9bf216038 EFLAGS: 00000246 ORIG_RAX: 00000000000000c6
[  397.261773][ T8733] RAX: ffffffffffffffda RBX: 00007fc9c1205fa0 RCX: 00007fc9c0faf749
[  397.261788][ T8733] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  397.261800][ T8733] RBP: 00007fc9bf216090 R08: 0000000000000000 R09: 0000000000000000
[  397.261812][ T8733] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  397.261824][ T8733] R13: 00007fc9c1206038 R14: 00007fc9c1205fa0 R15: 00007fff19595728
[  397.261856][ T8733]  </TASK>
[  397.584177][ T5985] usb 1-1: new high-speed USB device number 29 using dummy_hcd
[  398.203548][ T8744] netlink: 'syz.1.789': attribute type 1 has an invalid length.
[  398.264267][ T5985] usb 1-1: New USB device found, idVendor=0813, idProduct=0001, bcdDevice=3a.08
[  398.264296][ T5985] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  398.269327][ T5985] usb 1-1: config 0 descriptor??
[  398.272194][ T5985] gspca_main: cpia1-2.14.0 probing 0813:0001
[  398.413140][ T8256] veth0_macvtap: entered promiscuous mode
[  398.698014][ T5985] cpia1 1-1:0.0: unexpected state after lo power cmd: 00
[  398.746164][ T5817] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1
[  398.767739][ T5817] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9
[  398.769275][ T5817] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9
[  398.770813][ T5817] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4
[  398.771840][ T5817] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2
[  399.098059][ T6172] usb 3-1: new full-speed USB device number 31 using dummy_hcd
[  399.116080][ T5985] cpia1 1-1:0.0: only firmware version 1 is supported (got: 0)
[  399.802164][ T8737] Invalid option length (5862) for dns_resolver key
[  399.858607][ T8737] netlink: 28 bytes leftover after parsing attributes in process `syz.0.785'.
[  399.858635][ T8737] netlink: 28 bytes leftover after parsing attributes in process `syz.0.785'.
[  399.890757][ T5983] usb 1-1: USB disconnect, device number 29
[  400.080687][ T6172] usb 3-1: unable to get BOS descriptor or descriptor too short
[  400.082444][ T6172] usb 3-1: not running at top speed; connect to a high speed hub
[  400.083882][ T6172] usb 3-1: config 1 has an invalid interface number: 138 but max is 0
[  400.083905][ T6172] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  400.083923][ T6172] usb 3-1: config 1 has no interface number 0
[  400.083965][ T6172] usb 3-1: config 1 interface 138 altsetting 252 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[  400.083992][ T6172] usb 3-1: config 1 interface 138 has no altsetting 0
[  400.089847][ T6172] usb 3-1: New USB device found, idVendor=0cb8, idProduct=c90b, bcdDevice= d.ae
[  400.089874][ T6172] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  400.089892][ T6172] usb 3-1: Product: syz
[  400.089905][ T6172] usb 3-1: Manufacturer: syz
[  400.089918][ T6172] usb 3-1: SerialNumber: syz
[  400.397590][ T6172] usb 3-1: Quirk or no altset; falling back to MIDI 1.0
[  400.479180][ T6172] usb 3-1: USB disconnect, device number 31
[  400.888104][ T5817] Bluetooth: hci6: command tx timeout
[  402.278780][ T8781] netlink: 'syz.2.798': attribute type 1 has an invalid length.
[  403.609625][ T5817] Bluetooth: hci6: command tx timeout
[  403.835734][ T5985] usb 3-1: new high-speed USB device number 32 using dummy_hcd
[  405.452244][ T8603] netdevsim netdevsim6 netdevsim0: renamed from eth0
[  405.684500][ T5817] Bluetooth: hci6: command tx timeout
[  406.191766][ T8603] netdevsim netdevsim6 netdevsim1: renamed from eth1
[  406.765410][   T37] audit: type=1326 audit(1766601406.519:41): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8801 comm="syz.2.804" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc9c0faf749 code=0x7ffc0000
[  406.767057][   T37] audit: type=1326 audit(1766601406.529:42): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8801 comm="syz.2.804" exe="/root/syz-executor" sig=0 arch=c000003e syscall=222 compat=0 ip=0x7fc9c0faf749 code=0x7ffc0000
[  406.767645][   T37] audit: type=1326 audit(1766601406.529:43): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8801 comm="syz.2.804" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc9c0faf749 code=0x7ffc0000
[  406.768969][   T37] audit: type=1326 audit(1766601406.529:44): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8801 comm="syz.2.804" exe="/root/syz-executor" sig=0 arch=c000003e syscall=225 compat=0 ip=0x7fc9c0faf749 code=0x7ffc0000
[  406.769223][   T37] audit: type=1326 audit(1766601406.529:45): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8801 comm="syz.2.804" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc9c0faf749 code=0x7ffc0000
[  406.769736][   T37] audit: type=1326 audit(1766601406.529:46): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8801 comm="syz.2.804" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7fc9c0fadf90 code=0x7ffc0000
[  406.771117][   T37] audit: type=1326 audit(1766601406.529:47): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8801 comm="syz.2.804" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7fc9c0faf34b code=0x7ffc0000
[  406.772285][   T37] audit: type=1326 audit(1766601406.529:48): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8801 comm="syz.2.804" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7fc9c0faf34b code=0x7ffc0000
[  406.854788][   T37] audit: type=1326 audit(1766601406.619:49): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8801 comm="syz.2.804" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7fc9c0faf34b code=0x7ffc0000
[  406.855149][   T37] audit: type=1326 audit(1766601406.619:50): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8801 comm="syz.2.804" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7fc9c0faf34b code=0x7ffc0000
[  406.964273][ T5985] usb 3-1: device not accepting address 32, error -71
[  407.304361][ T8808] FAULT_INJECTION: forcing a failure.
[  407.304361][ T8808] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  407.304421][ T8808] CPU: 0 UID: 0 PID: 8808 Comm: syz.1.805 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[  407.304444][ T8808] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  407.304457][ T8808] Call Trace:
[  407.304466][ T8808]  <TASK>
[  407.304475][ T8808]  dump_stack_lvl+0xe8/0x150
[  407.304507][ T8808]  should_fail_ex+0x46c/0x600
[  407.304546][ T8808]  _copy_from_user+0x2d/0xb0
[  407.304566][ T8808]  input_event_from_user+0xb2/0x280
[  407.304591][ T8808]  ? __pfx_input_event_from_user+0x10/0x10
[  407.304621][ T8808]  ? rt_spin_unlock+0x161/0x200
[  407.304649][ T8808]  evdev_write+0x2a9/0x480
[  407.304677][ T8808]  ? __pfx_evdev_write+0x10/0x10
[  407.304696][ T8808]  ? __sanitizer_cov_trace_pc+0x8/0x80
[  407.304723][ T8808]  ? rw_verify_area+0x25b/0x4e0
[  407.304749][ T8808]  ? __pfx_evdev_write+0x10/0x10
[  407.304772][ T8808]  vfs_write+0x287/0xb40
[  407.304805][ T8808]  ? __pfx_vfs_write+0x10/0x10
[  407.304833][ T8808]  ? __fget_files+0x2a/0x420
[  407.304856][ T8808]  ? __fget_files+0x2a/0x420
[  407.304874][ T8808]  ? __fget_files+0x3a6/0x420
[  407.304893][ T8808]  ? __fget_files+0x2a/0x420
[  407.304921][ T8808]  ksys_write+0x14b/0x260
[  407.304950][ T8808]  ? __pfx_ksys_write+0x10/0x10
[  407.304987][ T8808]  do_syscall_64+0xec/0xf80
[  407.305005][ T8808]  ? rcu_is_watching+0x15/0xb0
[  407.305022][ T8808]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  407.305042][ T8808]  ? clear_bhb_loop+0x60/0xb0
[  407.305064][ T8808]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  407.305083][ T8808] RIP: 0033:0x7fd791f6f749
[  407.305102][ T8808] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  407.305119][ T8808] RSP: 002b:00007fd79018c038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  407.305140][ T8808] RAX: ffffffffffffffda RBX: 00007fd7921c6180 RCX: 00007fd791f6f749
[  407.305155][ T8808] RDX: 000000000000ff0f RSI: 0000200000000040 RDI: 0000000000000006
[  407.305167][ T8808] RBP: 00007fd79018c090 R08: 0000000000000000 R09: 0000000000000000
[  407.305180][ T8808] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  407.305191][ T8808] R13: 00007fd7921c6218 R14: 00007fd7921c6180 R15: 00007ffd67b4a768
[  407.305223][ T8808]  </TASK>
[  407.765049][ T5817] Bluetooth: hci6: command tx timeout
[  407.800019][ T5985] usb 3-1: new high-speed USB device number 33 using dummy_hcd
[  407.815172][    T9] usb 1-1: new high-speed USB device number 30 using dummy_hcd
[  407.988989][ T8603] netdevsim netdevsim6 netdevsim2: renamed from eth2
[  408.109812][ T8603] netdevsim netdevsim6 netdevsim3: renamed from eth3
[  408.126024][ T8811] FAULT_INJECTION: forcing a failure.
[  408.126024][ T8811] name failslab, interval 1, probability 0, space 0, times 0
[  408.126053][ T8811] CPU: 1 UID: 0 PID: 8811 Comm: syz.1.807 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[  408.126070][ T8811] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  408.126079][ T8811] Call Trace:
[  408.126085][ T8811]  <TASK>
[  408.126091][ T8811]  dump_stack_lvl+0xe8/0x150
[  408.126115][ T8811]  should_fail_ex+0x46c/0x600
[  408.126138][ T8811]  should_failslab+0xa8/0x100
[  408.126154][ T8811]  __kmalloc_noprof+0xe0/0x7e0
[  408.126173][ T8811]  ? __kasan_kmalloc+0x93/0xb0
[  408.126193][ T8811]  ? ovs_nla_copy_actions+0x68/0x3d0
[  408.126214][ T8811]  ovs_nla_copy_actions+0x68/0x3d0
[  408.126228][ T8811]  ? __asan_memcpy+0x40/0x70
[  408.126248][ T8811]  ovs_flow_cmd_new+0x528/0xd80
[  408.126268][ T8811]  ? stack_depot_save_flags+0x33/0x810
[  408.126293][ T8811]  ? __pfx_ovs_flow_cmd_new+0x10/0x10
[  408.126349][ T8811]  ? rcu_is_watching+0x15/0xb0
[  408.126367][ T8811]  ? __nla_parse+0x40/0x60
[  408.126389][ T8811]  ? genl_family_rcv_msg_attrs_parse+0x1c9/0x2a0
[  408.126411][ T8811]  genl_family_rcv_msg_doit+0x215/0x300
[  408.126431][ T8811]  ? __pfx_genl_family_rcv_msg_doit+0x10/0x10
[  408.126445][ T8811]  ? rcu_is_watching+0x15/0xb0
[  408.126478][ T8811]  ? bpf_lsm_capable+0x9/0x20
[  408.126492][ T8811]  ? security_capable+0x7e/0x2e0
[  408.126510][ T8811]  genl_rcv_msg+0x60e/0x790
[  408.126527][ T8811]  ? __pfx_genl_rcv_msg+0x10/0x10
[  408.126540][ T8811]  ? __pfx_ovs_flow_cmd_new+0x10/0x10
[  408.126560][ T8811]  ? __asan_memcpy+0x40/0x70
[  408.126576][ T8811]  ? __pfx_ref_tracker_free+0x10/0x10
[  408.126592][ T8811]  ? __skb_clone+0x63/0x7a0
[  408.126613][ T8811]  netlink_rcv_skb+0x208/0x470
[  408.126632][ T8811]  ? __pfx_genl_rcv_msg+0x10/0x10
[  408.126646][ T8811]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  408.126672][ T8811]  ? netlink_deliver_tap+0x2e/0x1b0
[  408.126689][ T8811]  ? netlink_deliver_tap+0x2e/0x1b0
[  408.126710][ T8811]  genl_rcv+0x28/0x40
[  408.126721][ T8811]  netlink_unicast+0x846/0xa10
[  408.126743][ T8811]  ? __pfx_netlink_unicast+0x10/0x10
[  408.126757][ T8811]  ? __alloc_skb+0x198/0x3a0
[  408.126772][ T8811]  ? netlink_sendmsg+0x642/0xb30
[  408.126788][ T8811]  ? skb_put+0x11b/0x210
[  408.126805][ T8811]  netlink_sendmsg+0x805/0xb30
[  408.126829][ T8811]  ? __pfx_netlink_sendmsg+0x10/0x10
[  408.126852][ T8811]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  408.126871][ T8811]  ? __pfx_netlink_sendmsg+0x10/0x10
[  408.126889][ T8811]  __sock_sendmsg+0x21c/0x270
[  408.126914][ T8811]  ____sys_sendmsg+0x508/0x810
[  408.126938][ T8811]  ? __pfx_____sys_sendmsg+0x10/0x10
[  408.126961][ T8811]  ? import_iovec+0x74/0xa0
[  408.126979][ T8811]  ___sys_sendmsg+0x21f/0x2a0
[  408.127000][ T8811]  ? __pfx____sys_sendmsg+0x10/0x10
[  408.127049][ T8811]  ? __fget_files+0x2a/0x420
[  408.127063][ T8811]  ? __fget_files+0x3a6/0x420
[  408.127085][ T8811]  __x64_sys_sendmsg+0x1a1/0x260
[  408.127104][ T8811]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  408.127128][ T8811]  ? __pfx_ksys_write+0x10/0x10
[  408.127155][ T8811]  do_syscall_64+0xec/0xf80
[  408.127169][ T8811]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  408.127182][ T8811]  ? trace_irq_disable+0x37/0x100
[  408.127197][ T8811]  ? clear_bhb_loop+0x60/0xb0
[  408.127214][ T8811]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  408.127227][ T8811] RIP: 0033:0x7fd791f6f749
[  408.127241][ T8811] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  408.127254][ T8811] RSP: 002b:00007fd7901ce038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  408.127270][ T8811] RAX: ffffffffffffffda RBX: 00007fd7921c5fa0 RCX: 00007fd791f6f749
[  408.127281][ T8811] RDX: 000000000000c000 RSI: 0000200000000000 RDI: 0000000000000003
[  408.127291][ T8811] RBP: 00007fd7901ce090 R08: 0000000000000000 R09: 0000000000000000
[  408.127300][ T8811] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  408.127308][ T8811] R13: 00007fd7921c6038 R14: 00007fd7921c5fa0 R15: 00007ffd67b4a768
[  408.127333][ T8811]  </TASK>
[  408.127342][ T8811] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  408.131310][ T5985] usb 3-1: device descriptor read/64, error -71
[  408.184311][    T9] usb 1-1: Using ep0 maxpacket: 32
[  408.244672][    T9] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  408.244739][    T9] usb 1-1: New USB device found, idVendor=9022, idProduct=d662, bcdDevice=b3.0e
[  408.244762][    T9] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  408.299083][ T8817] netlink: 'syz.1.810': attribute type 1 has an invalid length.
[  408.324198][ T5985] usb usb3-port1: attempt power cycle
[  408.475684][    T9] usb 1-1: config 0 descriptor??
[  408.701053][    T9] dvb-usb: found a 'TeVii S662' in warm state.
[  408.701100][    T9] dw2102: su3000_power_ctrl: 1, initialized 0
[  408.731197][    T9] dvb-usb: bulk message failed: -22 (2/0)
[  408.740585][    T9] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer.
[  408.741493][    T9] dvbdev: DVB: registering new adapter (TeVii S662)
[  408.741543][    T9] usb 1-1: media controller created
[  408.741988][    T9] dvb-usb: bulk message failed: -22 (6/0)
[  408.742002][    T9] dw2102: i2c transfer failed.
[  408.742024][    T9] dvb-usb: bulk message failed: -22 (6/0)
[  408.742036][    T9] dw2102: i2c transfer failed.
[  408.742052][    T9] dvb-usb: bulk message failed: -22 (6/0)
[  408.742064][    T9] dw2102: i2c transfer failed.
[  408.742078][    T9] dvb-usb: bulk message failed: -22 (6/0)
[  408.742091][    T9] dw2102: i2c transfer failed.
[  408.742105][    T9] dvb-usb: bulk message failed: -22 (6/0)
[  408.742117][    T9] dw2102: i2c transfer failed.
[  408.742132][    T9] dvb-usb: bulk message failed: -22 (6/0)
[  408.742143][    T9] dw2102: i2c transfer failed.
[  408.742152][    T9] dvb-usb: MAC address: 02:02:02:02:02:02
[  408.757514][    T9] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  409.586025][    T9] dvb-usb: bulk message failed: -22 (3/0)
[  409.586047][    T9] dw2102: command 0x0e transfer failed.
[  409.586057][    T9] dvb-usb: bulk message failed: -22 (3/0)
[  409.586070][    T9] dw2102: command 0x0e transfer failed.
[  409.674987][ T5985] usb 3-1: new high-speed USB device number 34 using dummy_hcd
[  409.713967][ T5985] usb 3-1: device descriptor read/8, error -71
[  409.894803][    T9] dvb-usb: bulk message failed: -22 (3/0)
[  409.894826][    T9] dw2102: command 0x0e transfer failed.
[  409.894835][    T9] dvb-usb: bulk message failed: -22 (3/0)
[  409.894848][    T9] dw2102: command 0x0e transfer failed.
[  409.894857][    T9] dvb-usb: bulk message failed: -22 (1/0)
[  409.894870][    T9] dw2102: command 0x51 transfer failed.
[  409.894878][    T9] dvb-usb: bulk message failed: -22 (5/0)
[  409.894890][    T9] dw2102: i2c probe for address 0x68 failed.
[  409.894901][    T9] dvb-usb: bulk message failed: -22 (5/0)
[  409.894912][    T9] dw2102: i2c probe for address 0x69 failed.
[  409.894923][    T9] dvb-usb: bulk message failed: -22 (5/0)
[  409.894935][    T9] dw2102: i2c probe for address 0x6a failed.
[  409.894945][    T9] dw2102: probing for demodulator failed. Is the external power switched on?
[  409.894955][    T9] dvb-usb: no frontend was attached by 'TeVii S662'
[  410.744318][ T5985] usb 3-1: new high-speed USB device number 35 using dummy_hcd
[  410.874257][    T9] rc_core: IR keymap rc-tt-1500 not found
[  410.874278][    T9] Registered IR keymap rc-empty
[  410.875162][    T9] rc rc0: TeVii S662 as /devices/platform/dummy_hcd.0/usb1/1-1/rc/rc0
[  410.880967][    T9] input: TeVii S662 as /devices/platform/dummy_hcd.0/usb1/1-1/rc/rc0/input19
[  410.948647][    T9] dvb-usb: schedule remote query interval to 250 msecs.
[  410.948668][    T9] dw2102: su3000_power_ctrl: 0, initialized 1
[  410.948680][    T9] dvb-usb: TeVii S662 successfully initialized and connected.
[  410.955953][ T5985] usb 3-1: device not accepting address 35, error -71
[  410.964734][ T5985] usb usb3-port1: unable to enumerate USB device
[  412.397802][    T9] dvb-usb: bulk message failed: -22 (1/0)
[  412.397841][    T9] dw2102: i2c transfer failed.
[  412.579644][ T8752] chnl_net:caif_netlink_parms(): no params data found
[  412.634268][ T5985] usb 3-1: new high-speed USB device number 36 using dummy_hcd
[  412.675556][    T9] dvb-usb: bulk message failed: -22 (1/0)
[  412.675579][    T9] dw2102: i2c transfer failed.
[  412.800790][ T5985] usb 3-1: New USB device found, idVendor=04b4, idProduct=0001, bcdDevice= 0.00
[  412.800819][ T5985] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  412.836770][ T5985] usb 3-1: config 0 descriptor??
[  412.938016][ T6048] dvb-usb: bulk message failed: -22 (1/0)
[  412.938037][ T6048] dw2102: i2c transfer failed.
[  413.138954][ T1215] bridge_slave_1: left allmulticast mode
[  413.138983][ T1215] bridge_slave_1: left promiscuous mode
[  413.139633][ T1215] bridge0: port 2(bridge_slave_1) entered disabled state
[  413.194174][ T6048] dvb-usb: bulk message failed: -22 (1/0)
[  413.194196][ T6048] dw2102: i2c transfer failed.
[  413.275823][ T5985] cypress 0003:04B4:0001.0012: hidraw0: USB HID v0.06 Device [HID 04b4:0001] on usb-dummy_hcd.2-1/input0
[  413.345801][ T1215] bridge_slave_0: left allmulticast mode
[  413.345830][ T1215] bridge_slave_0: left promiscuous mode
[  413.346059][ T1215] bridge0: port 1(bridge_slave_0) entered disabled state
[  413.387512][   T49] usb 1-1: USB disconnect, device number 30
[  413.454621][   T31] usb 3-1: USB disconnect, device number 36
[  413.536670][   T49] dvb-usb: TeVii S662 successfully deinitialized and disconnected.
[  414.598906][ T8862] netlink: 'syz.0.819': attribute type 1 has an invalid length.
[  415.681064][ T8871] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration
[  416.079337][   T37] kauditd_printk_skb: 19 callbacks suppressed
[  416.079378][   T37] audit: type=1804 audit(1766601415.829:70): pid=8879 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz.1.822" name="/newroot/179/file0" dev="tmpfs" ino=1010 res=1 errno=0
[  420.645209][   T37] audit: type=1326 audit(1766601420.409:71): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8898 comm="syz.2.825" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fc9c0faf749 code=0x0
[  420.675621][ T8900] input: syz0 as /devices/virtual/input/input20
[  420.885285][ T1215] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  420.945030][ T1215] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  420.991142][ T1215] bond0 (unregistering): Released all slaves
[  421.446211][ T8752] bridge0: port 1(bridge_slave_0) entered blocking state
[  421.446298][ T8752] bridge0: port 1(bridge_slave_0) entered disabled state
[  421.446501][ T8752] bridge_slave_0: entered allmulticast mode
[  421.447990][ T8752] bridge_slave_0: entered promiscuous mode
[  421.491504][ T8752] bridge0: port 2(bridge_slave_1) entered blocking state
[  421.491640][ T8752] bridge0: port 2(bridge_slave_1) entered disabled state
[  421.491875][ T8752] bridge_slave_1: entered allmulticast mode
[  421.556097][ T8752] bridge_slave_1: entered promiscuous mode
[  423.840596][   T37] audit: type=1804 audit(1766601422.989:72): pid=8916 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz.2.832" name="/newroot/187/file0" dev="tmpfs" ino=1023 res=1 errno=0
[  424.100734][ T8752] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  424.134252][ T5807] usb 2-1: new high-speed USB device number 19 using dummy_hcd
[  424.196076][ T1215] hsr_slave_0: left promiscuous mode
[  424.234231][ T1215] hsr_slave_1: left promiscuous mode
[  424.234868][ T1215] batman_adv: batadv0: Removing interface: batadv_slave_0
[  424.276889][ T1215] batman_adv: batadv0: Removing interface: batadv_slave_1
[  424.295673][ T5807] usb 2-1: Using ep0 maxpacket: 16
[  424.297554][ T5807] usb 2-1: config 0 has an invalid interface number: 155 but max is 0
[  424.297578][ T5807] usb 2-1: config 0 has an invalid descriptor of length 25, skipping remainder of the config
[  424.297597][ T5807] usb 2-1: config 0 has no interface number 0
[  424.297626][ T5807] usb 2-1: too many endpoints for config 0 interface 155 altsetting 253: 139, using maximum allowed: 30
[  424.297664][ T5807] usb 2-1: config 0 interface 155 altsetting 253 has 0 endpoint descriptors, different from the interface descriptor's value: 139
[  424.297690][ T5807] usb 2-1: config 0 interface 155 has no altsetting 0
[  424.298898][ T5807] usb 2-1: New USB device found, idVendor=05ac, idProduct=0219, bcdDevice=37.c4
[  424.298922][ T5807] usb 2-1: New USB device strings: Mfr=14, Product=0, SerialNumber=0
[  424.298941][ T5807] usb 2-1: Manufacturer: syz
[  424.303837][ T5807] usb 2-1: config 0 descriptor??
[  424.340890][ T8923] UDF-fs: error (device nbd2): udf_read_tagged: read failed, block=256, location=256
[  424.345274][ T8923] UDF-fs: error (device nbd2): udf_read_tagged: read failed, block=512, location=512
[  424.345299][ T8923] UDF-fs: warning (device nbd2): udf_load_vrs: No anchor found
[  424.345312][ T8923] UDF-fs: Scanning with blocksize 512 failed
[  424.351248][ T8923] UDF-fs: error (device nbd2): udf_read_tagged: read failed, block=256, location=256
[  424.351418][ T8923] UDF-fs: error (device nbd2): udf_read_tagged: read failed, block=512, location=512
[  424.351436][ T8923] UDF-fs: warning (device nbd2): udf_load_vrs: No anchor found
[  424.351448][ T8923] UDF-fs: Scanning with blocksize 1024 failed
[  424.352193][ T8923] UDF-fs: error (device nbd2): udf_read_tagged: read failed, block=256, location=256
[  424.352317][ T8923] UDF-fs: error (device nbd2): udf_read_tagged: read failed, block=512, location=512
[  424.352333][ T8923] UDF-fs: warning (device nbd2): udf_load_vrs: No anchor found
[  424.352344][ T8923] UDF-fs: Scanning with blocksize 2048 failed
[  424.352955][ T8923] UDF-fs: error (device nbd2): udf_read_tagged: read failed, block=256, location=256
[  424.353126][ T8923] UDF-fs: error (device nbd2): udf_read_tagged: read failed, block=512, location=512
[  424.353142][ T8923] UDF-fs: warning (device nbd2): udf_load_vrs: No anchor found
[  424.353153][ T8923] UDF-fs: Scanning with blocksize 4096 failed
[  424.353161][ T8923] UDF-fs: warning (device nbd2): udf_fill_super: No partition found (1)
[  424.394783][ T8925] UDF-fs: error (device nbd2): udf_read_tagged: read failed, block=256, location=256
[  424.395063][ T8925] UDF-fs: error (device nbd2): udf_read_tagged: read failed, block=512, location=512
[  424.395080][ T8925] UDF-fs: warning (device nbd2): udf_load_vrs: No anchor found
[  424.395092][ T8925] UDF-fs: Scanning with blocksize 512 failed
[  424.398364][ T8925] UDF-fs: error (device nbd2): udf_read_tagged: read failed, block=256, location=256
[  424.398526][ T8925] UDF-fs: error (device nbd2): udf_read_tagged: read failed, block=512, location=512
[  424.398549][ T8925] UDF-fs: warning (device nbd2): udf_load_vrs: No anchor found
[  424.398561][ T8925] UDF-fs: Scanning with blocksize 1024 failed
[  424.400615][ T8925] UDF-fs: error (device nbd2): udf_read_tagged: read failed, block=256, location=256
[  424.400742][ T8925] UDF-fs: error (device nbd2): udf_read_tagged: read failed, block=512, location=512
[  424.400759][ T8925] UDF-fs: warning (device nbd2): udf_load_vrs: No anchor found
[  424.400770][ T8925] UDF-fs: Scanning with blocksize 2048 failed
[  424.401651][ T8925] UDF-fs: error (device nbd2): udf_read_tagged: read failed, block=256, location=256
[  424.401761][ T8925] UDF-fs: error (device nbd2): udf_read_tagged: read failed, block=512, location=512
[  424.401778][ T8925] UDF-fs: warning (device nbd2): udf_load_vrs: No anchor found
[  424.401790][ T8925] UDF-fs: Scanning with blocksize 4096 failed
[  424.401799][ T8925] UDF-fs: warning (device nbd2): udf_fill_super: No partition found (1)
[  424.484523][ T5985] usb 1-1: new full-speed USB device number 31 using dummy_hcd
[  424.643263][ T5807] usb 2-1: USB disconnect, device number 19
[  424.713707][ T5985] usb 1-1: unable to get BOS descriptor or descriptor too short
[  424.723254][ T5985] usb 1-1: unable to read config index 0 descriptor/start: -71
[  424.723286][ T5985] usb 1-1: can't read configurations, error -71
[  424.733210][ T1215] veth0_macvtap: left promiscuous mode
[  424.733454][ T1215] veth1_vlan: left promiscuous mode
[  424.733620][ T1215] veth0_vlan: left promiscuous mode
[  427.066031][ T5807] usb 3-1: new high-speed USB device number 37 using dummy_hcd
[  427.440324][ T8941] netlink: 16 bytes leftover after parsing attributes in process `syz.1.841'.
[  428.956777][ T5807] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  428.956810][ T5807] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  428.956846][ T5807] usb 3-1: New USB device found, idVendor=10c4, idProduct=ea90, bcdDevice= 0.00
[  428.956868][ T5807] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  429.490426][ T8948] FAULT_INJECTION: forcing a failure.
[  429.490426][ T8948] name failslab, interval 1, probability 0, space 0, times 0
[  429.490481][ T8948] CPU: 0 UID: 0 PID: 8948 Comm: syz.0.843 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[  429.490505][ T8948] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  429.490518][ T8948] Call Trace:
[  429.490525][ T8948]  <TASK>
[  429.490531][ T8948]  dump_stack_lvl+0xe8/0x150
[  429.490552][ T8948]  should_fail_ex+0x46c/0x600
[  429.490569][ T8948]  should_failslab+0xa8/0x100
[  429.490580][ T8948]  __kmalloc_noprof+0xe0/0x7e0
[  429.490595][ T8948]  ? tomoyo_encode+0x28b/0x550
[  429.490608][ T8948]  tomoyo_encode+0x28b/0x550
[  429.490620][ T8948]  tomoyo_mount_permission+0x44d/0x970
[  429.490638][ T8948]  ? tomoyo_mount_permission+0x27a/0x970
[  429.490653][ T8948]  ? __pfx_tomoyo_mount_permission+0x10/0x10
[  429.490696][ T8948]  security_sb_mount+0xec/0x350
[  429.490709][ T8948]  path_mount+0xbc/0xff0
[  429.490719][ T8948]  ? user_path_at+0x44/0x60
[  429.490736][ T8948]  __se_sys_mount+0x313/0x410
[  429.490749][ T8948]  ? __pfx___se_sys_mount+0x10/0x10
[  429.490763][ T8948]  ? __x64_sys_mount+0x20/0xc0
[  429.490775][ T8948]  do_syscall_64+0xec/0xf80
[  429.490785][ T8948]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  429.490795][ T8948]  ? clear_bhb_loop+0x60/0xb0
[  429.490807][ T8948]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  429.490816][ T8948] RIP: 0033:0x7feda000f749
[  429.490827][ T8948] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  429.490836][ T8948] RSP: 002b:00007fed9e24d038 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[  429.490848][ T8948] RAX: ffffffffffffffda RBX: 00007feda0266090 RCX: 00007feda000f749
[  429.490855][ T8948] RDX: 0000200000000280 RSI: 0000200000000100 RDI: 0000000000000000
[  429.490862][ T8948] RBP: 00007fed9e24d090 R08: 00002000000002c0 R09: 0000000000000000
[  429.490868][ T8948] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  429.490874][ T8948] R13: 00007feda0266128 R14: 00007feda0266090 R15: 00007fff855a9998
[  429.490891][ T8948]  </TASK>
[  430.290261][ T5807] usb 3-1: config 0 descriptor??
[  430.496990][ T5807] usb 3-1: can't set config #0, error -71
[  430.502998][ T5807] usb 3-1: USB disconnect, device number 37
[  432.937915][ T8962] netlink: 'syz.2.848': attribute type 1 has an invalid length.
[  438.697604][ T8988] netlink: 64 bytes leftover after parsing attributes in process `syz.1.855'.
[  438.698160][ T8988] block nbd0: not configured, cannot reconfigure
[  438.699884][ T8988] tls_set_device_offload: netdev not found
[  438.803472][ T8992] netlink: 'syz.0.857': attribute type 1 has an invalid length.
[  440.089707][ T1320] ieee802154 phy0 wpan0: encryption failed: -22
[  440.091893][ T1320] ieee802154 phy1 wpan1: encryption failed: -22
[  441.229617][ T1215] team0 (unregistering): Port device team_slave_1 removed
[  441.465360][ T1215] team0 (unregistering): Port device team_slave_0 removed
[  441.548613][ T5805] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1
[  441.580986][ T5805] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9
[  441.585985][ T5805] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9
[  441.599020][ T5805] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4
[  441.623147][ T5805] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2
[  441.634237][ T6172] usb 2-1: new high-speed USB device number 20 using dummy_hcd
[  441.812627][ T6172] usb 2-1: Using ep0 maxpacket: 32
[  441.814512][ T6172] usb 2-1: config 2 has an invalid interface number: 230 but max is 0
[  441.814535][ T6172] usb 2-1: config 2 has an invalid descriptor of length 130, skipping remainder of the config
[  441.814551][ T6172] usb 2-1: config 2 has no interface number 0
[  441.814594][ T6172] usb 2-1: config 2 interface 230 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[  441.814631][ T6172] usb 2-1: New USB device found, idVendor=6737, idProduct=0001, bcdDevice=a4.72
[  441.814651][ T6172] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  442.548373][ T6172] usb 2-1: string descriptor 0 read error: -71
[  442.549731][ T6172] cypress_m8 2-1:2.230: HID->COM RS232 Adapter converter detected
[  442.550738][ T6172] cyphidcom ttyUSB0: required endpoint is missing
[  442.552417][ T6172] usb 2-1: USB disconnect, device number 20
[  442.553542][ T6172] cypress_m8 2-1:2.230: device disconnected
[  443.688326][ T5817] Bluetooth: hci5: command tx timeout
[  444.557379][ T6172] usb 2-1: new high-speed USB device number 21 using dummy_hcd
[  444.688435][ T8752] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  444.692250][ T8603] 8021q: adding VLAN 0 to HW filter on device bond0
[  444.755729][ T6172] usb 2-1: Using ep0 maxpacket: 8
[  444.810668][ T6172] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x8D has an invalid bInterval 42, changing to 9
[  444.810690][ T6172] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  444.810701][ T6172] usb 2-1: config 0 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  444.810712][ T6172] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x8B has invalid maxpacket 12592, setting to 1024
[  444.810725][ T6172] usb 2-1: config 0 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 1024
[  444.810746][ T6172] usb 2-1: New USB device found, idVendor=05ac, idProduct=8215, bcdDevice=8f.58
[  444.810758][ T6172] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  444.845830][ T6172] usb 2-1: config 0 descriptor??
[  444.885974][ T9020] raw-gadget.1 gadget.1: fail, usb_ep_enable returned -22
[  445.269607][ T8752] team0: Port device team_slave_0 added
[  445.273242][ T8752] team0: Port device team_slave_1 added
[  446.852837][ T5120] Bluetooth: hci5: command tx timeout
[  448.323929][ T5817] Bluetooth: hci7: Opcode 0x0c03 failed: -110
[  448.758622][ T8752] batman_adv: batadv0: Adding interface: batadv_slave_0
[  448.758635][ T8752] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  448.758650][ T8752] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  448.765051][ T8752] batman_adv: batadv0: Adding interface: batadv_slave_1
[  448.765065][ T8752] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  448.765091][ T8752] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  448.884127][ T5817] Bluetooth: hci5: command tx timeout
[  449.674855][ T5979] usb 2-1: USB disconnect, device number 21
[  449.825958][ T8752] hsr_slave_0: entered promiscuous mode
[  449.828004][ T8752] hsr_slave_1: entered promiscuous mode
[  449.829057][ T8752] debugfs: 'hsr0' already exists in 'hsr'
[  449.829080][ T8752] Cannot create hsr debugfs directory
[  451.224137][ T5817] Bluetooth: hci5: command tx timeout
[  451.502575][ T8212] netdevsim netdevsim0 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0
[  451.802323][ T9064] netlink: 'syz.2.878': attribute type 1 has an invalid length.
[  461.455759][ T5120] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[  461.468645][ T5120] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[  461.470150][ T5120] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[  462.469425][ T5120] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[  462.470766][ T5120] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[  462.725908][ T9010] chnl_net:caif_netlink_parms(): no params data found
[  463.686561][ T5799] syz_tun (unregistering): left allmulticast mode
[  463.686587][ T5799] syz_tun (unregistering): left promiscuous mode
[  463.686651][ T5799] bridge0: port 4(syz_tun) entered disabled state
[  463.717951][ T9128] fuse: Unknown parameter '
[  463.717951][ T9128] d'
[  463.863665][ T9127] pimreg: tun_chr_ioctl cmd 1074025677
[  463.883200][ T9127] pimreg: linktype set to 785
[  464.287149][ T5120] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[  464.303215][ T5120] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[  464.306766][ T5120] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[  464.320208][ T5120] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[  464.335617][ T5120] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[  464.452852][ T9010] bridge0: port 1(bridge_slave_0) entered blocking state
[  464.453713][ T9010] bridge0: port 1(bridge_slave_0) entered disabled state
[  464.453958][ T9010] bridge_slave_0: entered allmulticast mode
[  464.498560][ T9010] bridge_slave_0: entered promiscuous mode
[  464.542920][ T9010] bridge0: port 2(bridge_slave_1) entered blocking state
[  464.543063][ T9010] bridge0: port 2(bridge_slave_1) entered disabled state
[  464.543237][ T9010] bridge_slave_1: entered allmulticast mode
[  464.564419][ T5817] Bluetooth: hci3: command tx timeout
[  464.579486][ T9010] bridge_slave_1: entered promiscuous mode
[  464.879071][ T9010] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  464.893492][ T9010] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  464.904257][ T6173] usb 2-1: new full-speed USB device number 22 using dummy_hcd
[  465.075778][ T6173] usb 2-1: unable to get BOS descriptor or descriptor too short
[  465.077646][ T6173] usb 2-1: unable to read config index 0 descriptor/start: -71
[  465.077680][ T6173] usb 2-1: can't read configurations, error -71
[  465.174752][ T1215] bridge_slave_1: left allmulticast mode
[  465.174780][ T1215] bridge_slave_1: left promiscuous mode
[  465.175044][ T1215] bridge0: port 2(bridge_slave_1) entered disabled state
[  465.238583][ T1215] bridge_slave_0: left allmulticast mode
[  465.238612][ T1215] bridge_slave_0: left promiscuous mode
[  465.238867][ T1215] bridge0: port 1(bridge_slave_0) entered disabled state
[  467.174219][ T5817] Bluetooth: hci3: command tx timeout
[  467.174237][ T5120] Bluetooth: hci1: command tx timeout
[  467.964259][ T5979] usb 1-1: new full-speed USB device number 33 using dummy_hcd
[  468.130999][ T5979] usb 1-1: unable to get BOS descriptor or descriptor too short
[  468.132416][ T5979] usb 1-1: unable to read config index 0 descriptor/start: -71
[  468.132437][ T5979] usb 1-1: can't read configurations, error -71
[  468.504802][ T1215] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  468.604878][ T1215] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  468.666168][ T1215] bond0 (unregistering): Released all slaves
[  468.706902][ T9010] team0: Port device team_slave_0 added
[  468.805122][ T9010] team0: Port device team_slave_1 added
[  469.204274][ T5120] Bluetooth: hci1: command tx timeout
[  469.214293][ T5120] Bluetooth: hci3: command tx timeout
[  469.552604][ T9010] batman_adv: batadv0: Adding interface: batadv_slave_0
[  469.552616][ T9010] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  469.552631][ T9010] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  469.573216][ T9010] batman_adv: batadv0: Adding interface: batadv_slave_1
[  469.573233][ T9010] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  469.573259][ T9010] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  469.745990][ T9188] netlink: 36 bytes leftover after parsing attributes in process `syz.0.914'.
[  469.865334][ T1215] hsr_slave_0: left promiscuous mode
[  469.932274][ T1215] hsr_slave_1: left promiscuous mode
[  469.932967][ T1215] batman_adv: batadv0: Removing interface: batadv_slave_0
[  469.984175][ T1215] batman_adv: batadv0: Removing interface: batadv_slave_1
[  469.984200][ T5979] usb 1-1: new high-speed USB device number 35 using dummy_hcd
[  470.136076][ T5979] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  470.136145][ T5979] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x9 has invalid wMaxPacketSize 0
[  470.136157][ T5979] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x85 has invalid wMaxPacketSize 0
[  470.136167][ T5979] usb 1-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  470.136190][ T5979] usb 1-1: New USB device found, idVendor=2040, idProduct=1605, bcdDevice= a.94
[  470.136201][ T5979] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  470.139827][ T5979] usb 1-1: config 0 descriptor??
[  471.542114][ T5120] Bluetooth: hci3: command tx timeout
[  471.542151][ T5817] Bluetooth: hci1: command tx timeout
[  472.085521][ T1215] team0 (unregistering): Port device team_slave_1 removed
[  472.305535][ T1215] team0 (unregistering): Port device team_slave_0 removed
[  472.884225][ T5979] usb 2-1: new full-speed USB device number 24 using dummy_hcd
[  473.031590][ T5892] usb 1-1: USB disconnect, device number 35
[  473.047891][ T5979] usb 2-1: unable to get BOS descriptor or descriptor too short
[  473.048541][ T5979] usb 2-1: not running at top speed; connect to a high speed hub
[  473.053315][ T5979] usb 2-1: config 1 has an invalid interface number: 138 but max is 0
[  473.053338][ T5979] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  473.053356][ T5979] usb 2-1: config 1 has no interface number 0
[  473.053425][ T5979] usb 2-1: config 1 interface 138 has no altsetting 0
[  473.064449][ T5979] usb 2-1: New USB device found, idVendor=0cb8, idProduct=c90b, bcdDevice= d.ae
[  473.064475][ T5979] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  473.064494][ T5979] usb 2-1: Product: syz
[  473.064507][ T5979] usb 2-1: Manufacturer: syz
[  473.064521][ T5979] usb 2-1: SerialNumber: syz
[  474.424953][ T5817] Bluetooth: hci1: command tx timeout
[  474.479526][ T5979] usb 2-1: Quirk or no altset; falling back to MIDI 1.0
[  474.524854][ T5979] usb 2-1: USB disconnect, device number 24
[  474.809957][ T9112] chnl_net:caif_netlink_parms(): no params data found
[  475.287570][ T9010] hsr_slave_0: entered promiscuous mode
[  475.288939][ T9010] hsr_slave_1: entered promiscuous mode
[  475.389131][   T37] audit: type=1804 audit(1766601476.118:73): pid=9220 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz.0.920" name="/newroot/201/file0" dev="tmpfs" ino=1110 res=1 errno=0
[  475.432423][ T9010] debugfs: 'hsr0' already exists in 'hsr'
[  475.433805][ T9010] Cannot create hsr debugfs directory
[  476.548818][ T9227] input: syz0 as /devices/virtual/input/input21
[  478.580643][   T31] usb 2-1: new full-speed USB device number 25 using dummy_hcd
[  478.734630][ T9112] bridge0: port 1(bridge_slave_0) entered blocking state
[  478.736571][ T9112] bridge0: port 1(bridge_slave_0) entered disabled state
[  478.736735][ T9112] bridge_slave_0: entered allmulticast mode
[  478.743857][ T9112] bridge_slave_0: entered promiscuous mode
[  478.778882][   T31] usb 2-1: config 255 has too many interfaces: 244, using maximum allowed: 32
[  478.778909][   T31] usb 2-1: config 255 has an invalid descriptor of length 0, skipping remainder of the config
[  478.778926][   T31] usb 2-1: config 255 has 1 interface, different from the descriptor's value: 244
[  478.778942][   T31] usb 2-1: config 255 has no interface number 0
[  478.778971][   T31] usb 2-1: config 255 interface 196 altsetting 1 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  478.778986][   T31] usb 2-1: config 255 interface 196 has no altsetting 0
[  479.984099][   T31] usb 2-1: New USB device found, idVendor=05ac, idProduct=77c2, bcdDevice=eb.3a
[  479.984128][   T31] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  479.984147][   T31] usb 2-1: Product: syz
[  479.984159][   T31] usb 2-1: Manufacturer: syz
[  479.984166][   T31] usb 2-1: SerialNumber: syz
[  480.148604][ T9112] bridge0: port 2(bridge_slave_1) entered blocking state
[  480.148840][ T9112] bridge0: port 2(bridge_slave_1) entered disabled state
[  480.149139][ T9112] bridge_slave_1: entered allmulticast mode
[  480.177375][ T9112] bridge_slave_1: entered promiscuous mode
[  480.330969][   T31] ipheth 2-1:255.196: Unable to find endpoints
[  480.341006][   T31] usb 2-1: USB disconnect, device number 25
[  480.570862][ T9112] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  480.678555][ T9112] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  480.723019][ T9136] chnl_net:caif_netlink_parms(): no params data found
[  481.231329][   T37] audit: type=1804 audit(1766601481.978:74): pid=9257 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz.0.929" name="/newroot/206/file0" dev="tmpfs" ino=1137 res=1 errno=0
[  482.157623][ T9112] team0: Port device team_slave_0 added
[  482.360609][ T9266] input: syz0 as /devices/virtual/input/input23
[  483.235226][ T9112] team0: Port device team_slave_1 added
[  484.639447][ T9112] batman_adv: batadv0: Adding interface: batadv_slave_0
[  484.639463][ T9112] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  484.639485][ T9112] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  484.641569][ T9112] batman_adv: batadv0: Adding interface: batadv_slave_1
[  484.641582][ T9112] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  484.641606][ T9112] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  484.737810][ T9283] netlink: 4 bytes leftover after parsing attributes in process `syz.1.938'.
[  485.014235][   T31] usb 1-1: new full-speed USB device number 36 using dummy_hcd
[  485.027939][ T9283] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  485.236375][   T31] usb 1-1: unable to get BOS descriptor or descriptor too short
[  485.236902][   T31] usb 1-1: not running at top speed; connect to a high speed hub
[  485.238011][   T31] usb 1-1: config 1 has an invalid interface number: 138 but max is 0
[  485.238035][   T31] usb 1-1: config 1 has no interface number 0
[  485.238094][   T31] usb 1-1: config 1 interface 138 has no altsetting 0
[  485.249656][   T31] usb 1-1: string descriptor 0 read error: -22
[  485.249789][   T31] usb 1-1: New USB device found, idVendor=0cb8, idProduct=c90b, bcdDevice= d.ae
[  485.249811][   T31] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  485.262502][   T31] usb 1-1: Quirk or no altset; falling back to MIDI 1.0
[  485.604952][ T9283] batman_adv: batadv0: Removing interface: batadv_slave_0
[  485.724555][ T5983] usb 1-1: USB disconnect, device number 36
[  486.404690][ T9290] netlink: 16 bytes leftover after parsing attributes in process `syz.1.940'.
[  486.405129][ T9136] bridge0: port 1(bridge_slave_0) entered blocking state
[  486.407923][ T9136] bridge0: port 1(bridge_slave_0) entered disabled state
[  486.408172][ T9136] bridge_slave_0: entered allmulticast mode
[  486.411703][ T9136] bridge_slave_0: entered promiscuous mode
[  486.416534][ T9136] bridge0: port 2(bridge_slave_1) entered blocking state
[  486.416727][ T9136] bridge0: port 2(bridge_slave_1) entered disabled state
[  486.416893][ T9136] bridge_slave_1: entered allmulticast mode
[  486.419258][ T9136] bridge_slave_1: entered promiscuous mode
[  487.714179][ T5983] usb 1-1: new full-speed USB device number 37 using dummy_hcd
[  487.875695][ T5983] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  487.875723][ T5983] usb 1-1: New USB device found, idVendor=056a, idProduct=00c6, bcdDevice= 0.00
[  487.875734][ T5983] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  487.878269][ T5983] usb 1-1: config 0 descriptor??
[  488.339858][ T9296] comedi comedi3: dt2815: I/O port conflict (0xc,2)
[  488.401081][ T9112] hsr_slave_0: entered promiscuous mode
[  488.408250][ T9112] hsr_slave_1: entered promiscuous mode
[  488.409639][ T9112] debugfs: 'hsr0' already exists in 'hsr'
[  488.409661][ T9112] Cannot create hsr debugfs directory
[  488.448754][ T9136] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  488.469202][ T9136] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  488.563070][ T5983] wacom 0003:056A:00C6.0013: unknown main item tag 0x0
[  488.563094][ T5983] wacom 0003:056A:00C6.0013: unknown main item tag 0x0
[  488.563110][ T5983] wacom 0003:056A:00C6.0013: unknown main item tag 0x0
[  488.563126][ T5983] wacom 0003:056A:00C6.0013: unknown main item tag 0x0
[  488.563141][ T5983] wacom 0003:056A:00C6.0013: unknown main item tag 0x0
[  488.563156][ T5983] wacom 0003:056A:00C6.0013: unknown main item tag 0x0
[  488.563171][ T5983] wacom 0003:056A:00C6.0013: unknown main item tag 0x0
[  488.871897][   T49] usb 1-1: USB disconnect, device number 37
[  489.037228][ T9136] team0: Port device team_slave_0 added
[  489.175639][ T9136] team0: Port device team_slave_1 added
[  489.398842][ T9296] syz.0.942 (9296) used greatest stack depth: 18440 bytes left
[  489.434352][ T9310] netlink: 9 bytes leftover after parsing attributes in process `syz.1.946'.
[  489.487954][ T9311] netlink: 5 bytes leftover after parsing attributes in process `syz.1.946'.
[  489.815134][ T9310] gretap0: entered promiscuous mode
[  489.832053][ T9311] 0ªî{X¹¦: renamed from gretap0
[  489.884229][  T824] usb 2-1: new high-speed USB device number 26 using dummy_hcd
[  489.896607][ T9311] 0ªî{X¹¦: left promiscuous mode
[  489.896632][ T9311] 0ªî{X¹¦: entered allmulticast mode
[  489.899151][ T9311] A link change request failed with some changes committed already. Interface 
30ªî{X¹¦ may have been left with an inconsistent configuration, please check.
[  489.926047][ T9136] batman_adv: batadv0: Adding interface: batadv_slave_0
[  489.926065][ T9136] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  489.926103][ T9136] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  493.264094][  T824] usb 2-1: Using ep0 maxpacket: 16
[  493.265129][  T824] usb 2-1: device descriptor read/all, error -71
[  493.341893][ T9136] batman_adv: batadv0: Adding interface: batadv_slave_1
[  493.341911][ T9136] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  493.341937][ T9136] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  493.894838][ T1215] bond0: left allmulticast mode
[  493.894862][ T1215] bond_slave_0: left allmulticast mode
[  493.894880][ T1215] bond_slave_1: left allmulticast mode
[  493.894902][ T1215] bond0: left promiscuous mode
[  493.894913][ T1215] bond_slave_0: left promiscuous mode
[  493.895124][ T1215] bond_slave_1: left promiscuous mode
[  493.895553][ T1215] bridge0: port 3(bond0) entered disabled state
[  494.073856][ T1215] bridge_slave_1: left allmulticast mode
[  494.073884][ T1215] bridge_slave_1: left promiscuous mode
[  494.085666][ T1215] bridge0: port 2(bridge_slave_1) entered disabled state
[  494.225983][ T1215] bridge_slave_0: left allmulticast mode
[  494.226003][ T1215] bridge_slave_0: left promiscuous mode
[  494.226155][ T1215] bridge0: port 1(bridge_slave_0) entered disabled state
[  494.308727][ T1215] bridge_slave_1: left allmulticast mode
[  494.308748][ T1215] bridge_slave_1: left promiscuous mode
[  494.308898][ T1215] bridge0: port 2(bridge_slave_1) entered disabled state
[  494.443524][ T1215] bridge_slave_0: left allmulticast mode
[  494.443545][ T1215] bridge_slave_0: left promiscuous mode
[  494.443697][ T1215] bridge0: port 1(bridge_slave_0) entered disabled state
[  496.376464][ T9341] Bluetooth: MGMT ver 1.23
[  496.376501][ T9341] Bluetooth: hci0: invalid length 0, exp 2 for type 22
[  497.344302][ T5920] usb 2-1: new high-speed USB device number 28 using dummy_hcd
[  497.532931][ T5920] usb 2-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[  497.532965][ T5920] usb 2-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47
[  497.533061][ T5920] usb 2-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[  497.533083][ T5920] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  497.587073][ T9355] raw-gadget.1 gadget.1: fail, usb_ep_enable returned -22
[  497.590111][ T5920] usb 2-1: Quirk or no altset; falling back to MIDI 1.0
[  498.212986][ T5920] usb 2-1: USB disconnect, device number 28
[  499.504721][ T1215] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  499.567991][ T1215] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  499.585053][ T1215] bond0 (unregistering): Released all slaves
[  500.679945][ T9368] overlayfs: missing 'lowerdir'
[  501.363278][ T9370] FAULT_INJECTION: forcing a failure.
[  501.363278][ T9370] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  501.363300][ T9370] CPU: 1 UID: 0 PID: 9370 Comm: syz.1.966 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[  501.363312][ T9370] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  501.363319][ T9370] Call Trace:
[  501.363324][ T9370]  <TASK>
[  501.363328][ T9370]  dump_stack_lvl+0xe8/0x150
[  501.363346][ T9370]  should_fail_ex+0x46c/0x600
[  501.363363][ T9370]  _copy_from_user+0x2d/0xb0
[  501.363375][ T9370]  ___sys_sendmsg+0x158/0x2a0
[  501.363389][ T9370]  ? __pfx____sys_sendmsg+0x10/0x10
[  501.363401][ T9370]  ? __lock_acquire+0x6b6/0x2cf0
[  501.363417][ T9370]  ? kstrtouint+0x6e/0xe0
[  501.363449][ T9370]  __sys_sendmmsg+0x22d/0x430
[  501.363464][ T9370]  ? __pfx___sys_sendmmsg+0x10/0x10
[  501.363481][ T9370]  ? __pfx_rt_mutex_slowunlock+0x10/0x10
[  501.363502][ T9370]  ? ksys_write+0x230/0x260
[  501.363517][ T9370]  ? __pfx_ksys_write+0x10/0x10
[  501.363534][ T9370]  __x64_sys_sendmmsg+0xa0/0xc0
[  501.363548][ T9370]  do_syscall_64+0xec/0xf80
[  501.363557][ T9370]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  501.363567][ T9370]  ? trace_irq_disable+0x37/0x100
[  501.363578][ T9370]  ? clear_bhb_loop+0x60/0xb0
[  501.363590][ T9370]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  501.363599][ T9370] RIP: 0033:0x7fd791f6f749
[  501.363609][ T9370] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  501.363618][ T9370] RSP: 002b:00007fd7901ce038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[  501.363629][ T9370] RAX: ffffffffffffffda RBX: 00007fd7921c5fa0 RCX: 00007fd791f6f749
[  501.363637][ T9370] RDX: 0000000000000020 RSI: 000020000000bf00 RDI: 0000000000000005
[  501.363643][ T9370] RBP: 00007fd7901ce090 R08: 0000000000000000 R09: 0000000000000000
[  501.363649][ T9370] R10: 0000000000010081 R11: 0000000000000246 R12: 0000000000000002
[  501.363655][ T9370] R13: 00007fd7921c6038 R14: 00007fd7921c5fa0 R15: 00007ffd67b4a768
[  501.363671][ T9370]  </TASK>
[  501.532608][ T1320] ieee802154 phy0 wpan0: encryption failed: -22
[  501.532703][ T1320] ieee802154 phy1 wpan1: encryption failed: -22
[  501.570831][ T9374] Bluetooth: hci0: invalid length 0, exp 2 for type 22
[  501.597791][ T1215] bond1 (unregistering): (slave veth3): Releasing active interface
[  501.648357][ T5120] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1
[  501.671745][ T5120] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9
[  501.683368][ T5120] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9
[  501.688353][ T1215] bond1 (unregistering): Released all slaves
[  501.704187][ T5120] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4
[  501.708249][ T5120] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2
[  502.852535][ T1215] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  502.965104][ T1215] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  503.049395][ T1215] bond0 (unregistering): Released all slaves
[  504.497779][ T5120] Bluetooth: hci6: command tx timeout
[  504.545866][ T9010] netdevsim netdevsim6 netdevsim0: renamed from eth0
[  504.667849][ T9136] hsr_slave_0: entered promiscuous mode
[  504.669131][ T9136] hsr_slave_1: entered promiscuous mode
[  504.670034][ T9136] debugfs: 'hsr0' already exists in 'hsr'
[  504.670058][ T9136] Cannot create hsr debugfs directory
[  506.194136][ T6172] usb 1-1: new low-speed USB device number 38 using dummy_hcd
[  506.377296][ T6172] usb 1-1: unable to get BOS descriptor or descriptor too short
[  506.380132][ T6172] usb 1-1: config 0 has an invalid interface number: 236 but max is 0
[  506.380159][ T6172] usb 1-1: config 0 has no interface number 0
[  506.380189][ T6172] usb 1-1: config 0 interface 236 has no altsetting 0
[  506.396092][ T6172] usb 1-1: string descriptor 0 read error: -22
[  506.396232][ T6172] usb 1-1: New USB device found, idVendor=07d1, idProduct=3a10, bcdDevice=52.31
[  506.396305][ T6172] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  506.401598][ T6172] usb 1-1: config 0 descriptor??
[  506.405369][ T6172] usb 1-1: ath9k_htc: Device endpoint numbers are not the expected ones
[  506.564349][ T5817] Bluetooth: hci6: command tx timeout
[  507.517087][   T31] usb 1-1: USB disconnect, device number 38
[  508.321871][ T9421] ubi31: attaching mtd0
[  508.323545][ T9421] ubi31: scanning is finished
[  508.323555][ T9421] ubi31: empty MTD device detected
[  508.323584][ T9421] ubi31 error: ubi_read_volume_table: LEB size too small for a volume record
[  508.464302][ T9421] ubi31 error: ubi_attach_mtd_dev: failed to attach mtd0, error -22
[  508.644444][ T5817] Bluetooth: hci6: command tx timeout
[  510.729204][ T5817] Bluetooth: hci6: command tx timeout
[  511.145769][ T1215] hsr_slave_0: left promiscuous mode
[  511.189149][ T1215] hsr_slave_1: left promiscuous mode
[  511.190329][ T1215] batman_adv: batadv0: Removing interface: batadv_slave_0
[  511.214902][ T1215] batman_adv: batadv0: Removing interface: batadv_slave_1
[  511.250160][ T9448] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off.
[  511.273384][ T9448] overlay: filesystem on ./bus not supported as upperdir
[  511.384254][ T1215] hsr_slave_0: left promiscuous mode
[  511.404321][ T1215] hsr_slave_1: left promiscuous mode
[  511.405235][ T1215] batman_adv: batadv0: Removing interface: batadv_slave_0
[  511.436312][ T1215] batman_adv: batadv0: Removing interface: batadv_slave_1
[  511.704521][ T1215] pimreg (unregistering): left allmulticast mode
[  513.784795][ T1215] team0 (unregistering): Port device team_slave_1 removed
[  514.015650][ T1215] team0 (unregistering): Port device team_slave_0 removed
[  519.704686][ T1215] team0 (unregistering): Port device team_slave_1 removed
[  519.814798][ T1215] team0 (unregistering): Port device team_slave_0 removed
[  520.353014][ T9452] netlink: 96 bytes leftover after parsing attributes in process `syz.0.990'.
[  520.441786][ T9112] netdevsim netdevsim5 netdevsim0: renamed from eth0
[  520.500698][ T9112] netdevsim netdevsim5 netdevsim1: renamed from eth1
[  520.595468][ T9112] netdevsim netdevsim5 netdevsim2: renamed from eth2
[  520.686846][ T9112] netdevsim netdevsim5 netdevsim3: renamed from eth3
[  520.724117][ T7206] usb 1-1: new full-speed USB device number 39 using dummy_hcd
[  520.829846][ T9375] chnl_net:caif_netlink_parms(): no params data found
[  520.869219][ T9136] netdevsim netdevsim7 netdevsim0: renamed from eth0
[  520.889538][ T7206] usb 1-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2d.ea
[  520.889562][ T7206] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  520.889572][ T7206] usb 1-1: Product: syz
[  520.889581][ T7206] usb 1-1: Manufacturer: syz
[  520.889591][ T7206] usb 1-1: SerialNumber: syz
[  520.892552][ T7206] usb 1-1: config 0 descriptor??
[  521.035232][ T9136] netdevsim netdevsim7 netdevsim1: renamed from eth1
[  521.122916][ T9136] netdevsim netdevsim7 netdevsim2: renamed from eth2
[  521.139199][ T7206] usb 1-1: dvb_usb_v2: found a 'TerraTec NOXON DAB Stick' in warm state
[  521.170460][ T9136] netdevsim netdevsim7 netdevsim3: renamed from eth3
[  521.699793][ T9375] bridge0: port 1(bridge_slave_0) entered blocking state
[  521.700077][ T9375] bridge0: port 1(bridge_slave_0) entered disabled state
[  521.700532][ T9375] bridge_slave_0: entered allmulticast mode
[  521.733891][ T9375] bridge_slave_0: entered promiscuous mode
[  521.782830][ T5120] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1
[  521.797464][ T5120] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9
[  521.800141][ T5120] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9
[  521.823033][ T5120] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4
[  521.847517][ T7206] dvb_usb_rtl28xxu 1-1:0.0: probe with driver dvb_usb_rtl28xxu failed with error -32
[  521.850126][ T7206] usb 1-1: USB disconnect, device number 39
[  521.852695][ T5120] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2
[  521.872658][ T9375] bridge0: port 2(bridge_slave_1) entered blocking state
[  521.872860][ T9375] bridge0: port 2(bridge_slave_1) entered disabled state
[  521.873069][ T9375] bridge_slave_1: entered allmulticast mode
[  521.882288][ T9375] bridge_slave_1: entered promiscuous mode
[  522.101609][ T9375] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  522.146728][ T9375] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  523.117550][ T9375] team0: Port device team_slave_0 added
[  524.310219][ T5817] Bluetooth: hci5: command tx timeout
[  524.490303][ T9375] team0: Port device team_slave_1 added
[  524.789457][ T5120] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[  525.211648][   T38] INFO: task kworker/0:13:7745 blocked for more than 143 seconds.
[  525.211721][   T38]       Not tainted syzkaller #0
[  525.211755][   T38] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[  525.211788][   T38] task:kworker/0:13    state:D stack:22168 pid:7745  tgid:7745  ppid:2      task_flags:0x4208060 flags:0x00080000
[  525.212055][   T38] Workqueue: usb_hub_wq hub_event
[  525.212131][   T38] Call Trace:
[  525.212162][   T38]  <TASK>
[  525.212267][   T38]  __schedule+0x145f/0x5070
[  525.212634][   T38]  ? driver_probe_device+0x4f/0x240
[  525.212773][   T38]  ? __pfx___schedule+0x10/0x10
[  525.212979][   T38]  ? schedule+0x91/0x360
[  525.213062][   T38]  schedule+0x165/0x360
[  525.213150][   T38]  schedule_timeout+0x9a/0x270
[  525.213203][   T38]  ? __pfx_schedule_timeout+0x10/0x10
[  525.213257][   T38]  ? do_raw_spin_lock+0x121/0x290
[  525.213383][   T38]  ? _raw_spin_unlock_irq+0x23/0x50
[  525.213426][   T38]  ? wait_for_completion+0x267/0x5d0
[  525.213500][   T38]  wait_for_completion+0x2bf/0x5d0
[  525.213654][   T38]  ? __pfx_wait_for_completion+0x10/0x10
[  525.213780][   T38]  i2c_del_adapter+0x591/0x760
[  525.213850][   T38]  ? lockdep_hardirqs_on+0x7b/0x110
[  525.213923][   T38]  ? kfree+0x1bd/0x900
[  525.214331][   T38]  ? __pfx_i2c_del_adapter+0x10/0x10
[  525.214405][   T38]  ? dvb_usbv2_exit+0x949/0xb90
[  525.214483][   T38]  dvb_usbv2_probe+0x497/0x3c30
[  525.214889][   T38]  ? __pfx_dvb_usbv2_probe+0x10/0x10
[  525.214940][   T38]  ? __pm_runtime_set_status+0x743/0xa20
[  525.215040][   T38]  usb_probe_interface+0x668/0xc90
[  525.215172][   T38]  ? __pfx_usb_probe_interface+0x10/0x10
[  525.215221][   T38]  really_probe+0x26d/0xad0
[  525.215301][   T38]  __driver_probe_device+0x18c/0x320
[  525.215375][   T38]  driver_probe_device+0x4f/0x240
[  525.215449][   T38]  __device_attach_driver+0x279/0x430
[  525.215530][   T38]  bus_for_each_drv+0x254/0x2e0
[  525.215607][   T38]  ? __pfx___device_attach_driver+0x10/0x10
[  525.215656][   T38]  ? __pfx_bus_for_each_drv+0x10/0x10
[  525.215717][   T38]  ? rt_spin_unlock+0x161/0x200
[  525.215820][   T38]  __device_attach+0x2bb/0x430
[  525.215901][   T38]  ? __pfx___device_attach+0x10/0x10
[  525.215972][   T38]  ? rt_spin_unlock+0x161/0x200
[  525.216075][   T38]  device_initial_probe+0xa1/0xd0
[  525.216148][   T38]  bus_probe_device+0x12d/0x220
[  525.216197][   T38]  ? device_add+0x726/0xb80
[  525.216268][   T38]  device_add+0x7b6/0xb80
[  525.216362][   T38]  usb_set_configuration+0x1a87/0x2110
[  525.216607][   T38]  usb_generic_driver_probe+0x8d/0x150
[  525.216682][   T38]  usb_probe_device+0x1c4/0x3c0
[  525.216760][   T38]  ? __pfx_usb_probe_device+0x10/0x10
[  525.216808][   T38]  really_probe+0x26d/0xad0
[  525.216907][   T38]  __driver_probe_device+0x18c/0x320
[  525.216982][   T38]  driver_probe_device+0x4f/0x240
[  525.217056][   T38]  __device_attach_driver+0x279/0x430
[  525.217130][   T38]  bus_for_each_drv+0x254/0x2e0
[  525.217184][   T38]  ? __pfx___device_attach_driver+0x10/0x10
[  525.217231][   T38]  ? __pfx_bus_for_each_drv+0x10/0x10
[  525.217283][   T38]  ? rt_spin_unlock+0x161/0x200
[  525.217386][   T38]  __device_attach+0x2bb/0x430
[  525.217457][   T38]  ? __pfx___device_attach+0x10/0x10
[  525.217517][   T38]  ? rt_spin_unlock+0x161/0x200
[  525.217620][   T38]  device_initial_probe+0xa1/0xd0
[  525.217701][   T38]  bus_probe_device+0x12d/0x220
[  525.217751][   T38]  ? device_add+0x726/0xb80
[  525.217819][   T38]  device_add+0x7b6/0xb80
[  525.217892][   T38]  usb_new_device+0xa29/0x1710
[  525.218043][   T38]  ? __pfx_usb_new_device+0x10/0x10
[  525.218196][   T38]  hub_event+0x29de/0x4f30
[  525.218614][   T38]  ? __pfx_hub_event+0x10/0x10
[  525.218663][   T38]  ? process_scheduled_works+0x9ef/0x1770
[  525.218764][   T38]  ? process_scheduled_works+0x9ef/0x1770
[  525.218809][   T38]  ? process_scheduled_works+0x9ef/0x1770
[  525.218882][   T38]  process_scheduled_works+0xad1/0x1770
[  525.219127][   T38]  ? __pfx_process_scheduled_works+0x10/0x10
[  525.219171][   T38]  ? do_raw_spin_lock+0x121/0x290
[  525.219304][   T38]  worker_thread+0x8a0/0xda0
[  525.219457][   T38]  ? __kthread_parkme+0x7b/0x200
[  525.219590][   T38]  kthread+0x711/0x8a0
[  525.219668][   T38]  ? __pfx_worker_thread+0x10/0x10
[  525.219715][   T38]  ? __pfx_kthread+0x10/0x10
[  525.219762][   T38]  ? rt_spin_unlock+0x150/0x200
[  525.219839][   T38]  ? rt_spin_unlock+0x161/0x200
[  525.219886][   T38]  ? __pfx_kthread+0x10/0x10
[  525.219961][   T38]  ret_from_fork+0x510/0xa50
[  525.220032][   T38]  ? __pfx_ret_from_fork+0x10/0x10
[  525.220076][   T38]  ? __switch_to+0xc9e/0x1480
[  525.220156][   T38]  ? __pfx_kthread+0x10/0x10
[  525.220208][   T38]  ret_from_fork_asm+0x1a/0x30
[  525.220347][   T38]  </TASK>
[  525.220406][   T38] INFO: task syz.3.725:8496 blocked for more than 143 seconds.
[  525.220444][   T38]       Not tainted syzkaller #0
[  525.220478][   T38] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[  525.220516][   T38] task:syz.3.725       state:D stack:27224 pid:8496  tgid:8494  ppid:5803   task_flags:0x400140 flags:0x00080002
[  525.220757][   T38] Call Trace:
[  525.220789][   T38]  <TASK>
[  525.220857][   T38]  __schedule+0x145f/0x5070
[  525.221131][   T38]  ? __pfx___schedule+0x10/0x10
[  525.221294][   T38]  rt_mutex_schedule+0x77/0xf0
[  525.221348][   T38]  rt_mutex_slowlock_block+0x5ba/0x6d0
[  525.221480][   T38]  ? rt_mutex_slowlock_block+0x351/0x6d0
[  525.221562][   T38]  rt_mutex_slowlock+0x2a8/0x6b0
[  525.221636][   T38]  ? rt_mutex_slowlock+0x1c9/0x6b0
[  525.221710][   T38]  ? __pfx_rt_mutex_slowlock+0x10/0x10
[  525.221840][   T38]  ? usbdev_open+0x16e/0x790
[  525.221921][   T38]  ? usbdev_open+0x16e/0x790
[  525.222026][   T38]  ? usbdev_open+0x16e/0x790
[  525.222076][   T38]  mutex_lock_nested+0x16a/0x1d0
[  525.222124][   T38]  ? usbdev_open+0xa7/0x790
[  525.222203][   T38]  usbdev_open+0x16e/0x790
[  525.222288][   T38]  ? __pfx_rt_mutex_slowunlock+0x10/0x10
[  525.222340][   T38]  ? __pfx_usbdev_open+0x10/0x10
[  525.222391][   T38]  ? rt_spin_unlock+0x150/0x200
[  525.222468][   T38]  ? rt_spin_unlock+0x161/0x200
[  525.222551][   T38]  chrdev_open+0x4cf/0x5e0
[  525.222621][   T38]  ? __pfx_chrdev_open+0x10/0x10
[  525.222689][   T38]  ? fsnotify_open_perm_and_set_mode+0x116/0x620
[  525.222766][   T38]  ? __pfx_chrdev_open+0x10/0x10
[  525.222808][   T38]  do_dentry_open+0x7d0/0x1270
[  525.222935][   T38]  vfs_open+0x3b/0x350
[  525.222977][   T38]  ? path_openat+0x340f/0x3df0
[  525.223054][   T38]  path_openat+0x342a/0x3df0
[  525.223346][   T38]  ? __pfx_path_openat+0x10/0x10
[  525.223396][   T38]  ? kasan_save_track+0x4f/0x80
[  525.223455][   T38]  ? kasan_save_track+0x3e/0x80
[  525.223504][   T38]  ? __kasan_slab_alloc+0x6c/0x80
[  525.223559][   T38]  ? kmem_cache_alloc_noprof+0x18d/0x6c0
[  525.223609][   T38]  ? getname_flags+0xb8/0x540
[  525.223651][   T38]  ? do_sys_openat2+0xbc/0x200
[  525.223762][   T38]  ? do_raw_spin_lock+0x121/0x290
[  525.223914][   T38]  do_filp_open+0x1fa/0x410
[  525.224363][   T38]  ? __pfx_do_filp_open+0x10/0x10
[  525.224412][   T38]  ? rt_mutex_slowunlock+0x493/0x8a0
[  525.224639][   T38]  ? alloc_fd+0x64f/0x6c0
[  525.224763][   T38]  do_sys_openat2+0x121/0x200
[  525.224810][   T38]  ? __se_sys_futex+0x36f/0x400
[  525.224864][   T38]  ? __pfx_do_sys_openat2+0x10/0x10
[  525.224934][   T38]  ? __fget_files+0x2a/0x420
[  525.224979][   T38]  ? __pfx___se_sys_futex+0x10/0x10
[  525.225039][   T38]  ? __fget_files+0x2a/0x420
[  525.225136][   T38]  __x64_sys_openat+0x138/0x170
[  525.225235][   T38]  do_syscall_64+0xec/0xf80
[  525.225278][   T38]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  525.225322][   T38]  ? trace_irq_disable+0x37/0x100
[  525.225376][   T38]  ? clear_bhb_loop+0x60/0xb0
[  525.225447][   T38]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  525.225491][   T38] RIP: 0033:0x7f23f9d2df90
[  525.225539][   T38] RSP: 002b:00007f23f7f74b70 EFLAGS: 00000293 ORIG_RAX: 0000000000000101
[  525.225608][   T38] RAX: ffffffffffffffda RBX: 0000000000141182 RCX: 00007f23f9d2df90
[  525.225647][   T38] RDX: 0000000000141182 RSI: 00007f23f7f74c10 RDI: 00000000ffffff9c
[  525.225694][   T38] RBP: 00007f23f7f74c10 R08: 0000000000000000 R09: 0000000000000000
[  525.225731][   T38] R10: 0000000000000000 R11: 0000000000000293 R12: cccccccccccccccd
[  525.225768][   T38] R13: 00007f23f9f86128 R14: 00007f23f9f86090 R15: 00007ffca4154b08
[  525.225916][   T38]  </TASK>
[  525.226166][   T38] 
[  525.226166][   T38] Showing all locks held in the system:
[  525.226225][   T38] 1 lock held by khungtaskd/38:
[  525.226260][   T38]  #0: ffffffff8d5ae940 (rcu_read_lock){....}-{1:3}, at: debug_show_all_locks+0x2e/0x180
[  525.226500][   T38] 3 locks held by kworker/u8:5/78:
[  525.226541][   T38]  #0: ffff88814d676138 ((wq_completion)ipv6_addrconf){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x1770
[  525.226717][   T38]  #1: ffffc9000155fbc0 ((work_completion)(&(&ifa->dad_work)->work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x1770
[  525.226884][   T38]  #2: ffffffff8e8a58b8 (rtnl_mutex){+.+.}-{4:4}, at: addrconf_dad_work+0x119/0x15a0
[  525.227116][   T38] 4 locks held by kworker/u8:8/1215:
[  525.227151][   T38]  #0: ffff888019ad4938 ((wq_completion)netns){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x1770
[  525.227340][   T38]  #1: ffffc90005467bc0 (net_cleanup_work){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x1770
[  525.227507][   T38]  #2: ffffffff8e898780 (pernet_ops_rwsem){++++}-{4:4}, at: cleanup_net+0xf7/0x7b0
[  525.227706][   T38]  #3: ffffffff8e8a58b8 (rtnl_mutex){+.+.}-{4:4}, at: cangw_pernet_exit_batch+0x20/0x90
[  525.227995][   T38] 8 locks held by kworker/u8:15/3444:
[  525.228041][   T38] 2 locks held by getty/5561:
[  525.228075][   T38]  #0: ffff888030d770a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x25/0x70
[  525.228258][   T38]  #1: ffffc90003e7e2e0 (&ldata->atomic_read_lock){+.+.}-{4:4}, at: n_tty_read+0x44f/0x1460
[  525.228455][   T38] 1 lock held by syz-executor/5798:
[  525.228490][   T38] 3 locks held by kworker/u9:6/5817:
[  525.228560][   T38] 2 locks held by kworker/0:12/7206:
[  525.228605][   T38]  #0: ffff88813ff55138 ((wq_completion)events){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x1770
[  525.228771][   T38]  #1: ffffc90010b6fbc0 (free_ipc_work){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x1770
[  525.228959][   T38] 5 locks held by kworker/0:13/7745:
[  525.228994][   T38]  #0: ffff888019eec538 ((wq_completion)usb_hub_wq){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x1770
[  525.229182][   T38]  #1: ffffc9001e0e7bc0 ((work_completion)(&hub->events)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x1770
[  525.229347][   T38]  #2: ffff888027d03188 (&dev->mutex){....}-{4:4}, at: hub_event+0x184/0x4f30
[  525.229537][   T38]  #3: ffff88802949c188 (&dev->mutex){....}-{4:4}, at: __device_attach+0x88/0x430
[  525.229721][   T38]  #4: ffff888029499150 (&dev->mutex){....}-{4:4}, at: __device_attach+0x88/0x430
[  525.229904][   T38] 1 lock held by syz.3.725/8496:
[  525.229938][   T38]  #0: ffff888027d03188 (&dev->mutex){....}-{4:4}, at: usbdev_open+0x16e/0x790
[  525.230129][   T38] 2 locks held by syz-executor/9375:
[  525.230164][   T38]  #0: ffffffff8e021d08 (&ops->srcu#2){.+.+}-{0:0}, at: rtnl_link_ops_get+0x23/0x250
[  525.230345][   T38]  #1: ffffffff8e8a58b8 (rtnl_mutex){+.+.}-{4:4}, at: rtnl_newlink+0x8ec/0x1c90
[  525.230541][   T38] 2 locks held by syz-executor/9501:
[  525.230576][   T38]  #0: ffffffff8e898780 (pernet_ops_rwsem){++++}-{4:4}, at: copy_net_ns+0x3cc/0x570
[  525.230745][   T38]  #1: ffffffff8e8a58b8 (rtnl_mutex){+.+.}-{4:4}, at: ip_tunnel_init_net+0x2ab/0x800
[  525.230938][   T38] 5 locks held by syz.0.1008/9520:
[  525.230975][   T38] 
[  525.231004][   T38] =============================================
[  525.231004][   T38] 
[  525.231068][   T38] NMI backtrace for cpu 0
[  525.231082][   T38] CPU: 0 UID: 0 PID: 38 Comm: khungtaskd Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[  525.231103][   T38] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  525.231115][   T38] Call Trace:
[  525.231123][   T38]  <TASK>
[  525.231130][   T38]  dump_stack_lvl+0xe8/0x150
[  525.231158][   T38]  nmi_cpu_backtrace+0x274/0x2d0
[  525.231183][   T38]  ? __pfx_nmi_raise_cpu_backtrace+0x10/0x10
[  525.231206][   T38]  nmi_trigger_cpumask_backtrace+0x17a/0x300
[  525.231234][   T38]  sys_info+0x135/0x170
[  525.231254][   T38]  watchdog+0xf95/0xfe0
[  525.231280][   T38]  ? watchdog+0x20a/0xfe0
[  525.231308][   T38]  kthread+0x711/0x8a0
[  525.231336][   T38]  ? __pfx_watchdog+0x10/0x10
[  525.231357][   T38]  ? __pfx_kthread+0x10/0x10
[  525.231379][   T38]  ? rt_spin_unlock+0x150/0x200
[  525.231409][   T38]  ? rt_spin_unlock+0x161/0x200
[  525.231431][   T38]  ? __pfx_kthread+0x10/0x10
[  525.231457][   T38]  ret_from_fork+0x510/0xa50
[  525.231480][   T38]  ? __pfx_ret_from_fork+0x10/0x10
[  525.231499][   T38]  ? __switch_to+0xc9e/0x1480
[  525.231537][   T38]  ? __pfx_kthread+0x10/0x10
[  525.231570][   T38]  ret_from_fork_asm+0x1a/0x30
[  525.231612][   T38]  </TASK>
[  525.231621][   T38] Sending NMI from CPU 0 to CPUs 1:
[  525.231651][    C1] NMI backtrace for cpu 1
[  525.231666][    C1] CPU: 1 UID: 0 PID: 9520 Comm: syz.0.1008 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[  525.231686][    C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  525.231697][    C1] RIP: 0010:__lock_acquire+0xa55/0x2cf0
[  525.231723][    C1] Code: c7 c6 ac 31 ee 8c 67 48 0f b9 3a 90 31 c0 48 83 78 40 00 0f 84 5f 1d 00 00 41 8b 45 20 25 ff 1f 00 00 48 0f a3 05 6b 28 1e 11 <73> 10 48 69 c0 c8 00 00 00 48 8d 80 90 b3 5b 92 eb 32 83 3d 72 b8
[  525.231738][    C1] RSP: 0018:ffffc90004267800 EFLAGS: 00000007
[  525.231754][    C1] RAX: 00000000000002cf RBX: 0000000093b5d0de RCX: 00000000089e23fd
[  525.231767][    C1] RDX: 000000004e4871c0 RSI: 000000000cab02d6 RDI: ffff888065210000
[  525.231780][    C1] RBP: a674c9b800000000 R08: ffffffff820a76c0 R09: ffff888026ed9d30
[  525.231794][    C1] R10: ffffc90004267aa0 R11: fffff5200084cf5b R12: ffff888065210b90
[  525.231808][    C1] R13: ffff888065210b90 R14: ffff888065210000 R15: 0000000000000000
[  525.231821][    C1] FS:  00007fed9e24d6c0(0000) GS:ffff888126def000(0000) knlGS:0000000000000000
[  525.231838][    C1] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  525.231851][    C1] CR2: 0000000000000004 CR3: 0000000033308000 CR4: 00000000003526f0
[  525.231866][    C1] Call Trace:
[  525.231873][    C1]  <TASK>
[  525.231882][    C1]  ? unix_dgram_recvmsg+0xb1/0xd0
[  525.231906][    C1]  ? __pfx_unix_dgram_recvmsg+0x10/0x10
[  525.231929][    C1]  ? sock_recvmsg_nosec+0xa1/0x1c0
[  525.231956][    C1]  ? ____sys_recvmsg+0x33a/0x470
[  525.231980][    C1]  ? __might_fault+0xb0/0x130
[  525.232004][    C1]  lock_acquire+0x107/0x340
[  525.232026][    C1]  ? __might_fault+0xb0/0x130
[  525.232055][    C1]  ? __might_fault+0xb0/0x130
[  525.232079][    C1]  __might_fault+0xcc/0x130
[  525.232103][    C1]  ? __might_fault+0xb0/0x130
[  525.232129][    C1]  _copy_from_user+0x28/0xb0
[  525.232146][    C1]  ___sys_recvmsg+0x12e/0x510
[  525.232171][    C1]  ? __pfx____sys_recvmsg+0x10/0x10
[  525.232209][    C1]  do_recvmmsg+0x30d/0x770
[  525.232253][    C1]  ? __pfx_do_recvmmsg+0x10/0x10
[  525.232285][    C1]  ? __pfx_do_futex+0x10/0x10
[  525.232307][    C1]  ? sched_setaffinity+0x353/0x400
[  525.232336][    C1]  __x64_sys_recvmmsg+0x190/0x240
[  525.232359][    C1]  ? __pfx___x64_sys_recvmmsg+0x10/0x10
[  525.232387][    C1]  do_syscall_64+0xec/0xf80
[  525.232404][    C1]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  525.232421][    C1]  ? trace_irq_disable+0x37/0x100
[  525.232440][    C1]  ? clear_bhb_loop+0x60/0xb0
[  525.232459][    C1]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  525.232476][    C1] RIP: 0033:0x7feda000f749
[  525.232491][    C1] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  525.232507][    C1] RSP: 002b:00007fed9e24d038 EFLAGS: 00000246 ORIG_RAX: 000000000000012b
[  525.232525][    C1] RAX: ffffffffffffffda RBX: 00007feda0266090 RCX: 00007feda000f749
[  525.232538][    C1] RDX: 0000000000010106 RSI: 00002000000000c0 RDI: 0000000000000003
[  525.232550][    C1] RBP: 00007feda0093f91 R08: 0000000000000000 R09: 0000000000000000
[  525.232561][    C1] R10: 0000000000000002 R11: 0000000000000246 R12: 0000000000000000
[  525.232572][    C1] R13: 00007feda0266128 R14: 00007feda0266090 R15: 00007fff855a9998
[  525.232593][    C1]  </TASK>
[  525.232709][   T38] Kernel panic - not syncing: hung_task: blocked tasks
[  525.232728][   T38] CPU: 0 UID: 0 PID: 38 Comm: khungtaskd Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[  525.232749][   T38] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  525.232760][   T38] Call Trace:
[  525.232768][   T38]  <TASK>
[  525.232775][   T38]  vpanic+0x1e0/0x670
[  525.232805][   T38]  panic+0xb9/0xc0
[  525.232830][   T38]  ? __pfx_panic+0x10/0x10
[  525.232857][   T38]  ? preempt_schedule_thunk+0x16/0x30
[  525.232884][   T38]  ? nmi_trigger_cpumask_backtrace+0x2bb/0x300
[  525.232913][   T38]  watchdog+0xfdf/0xfe0
[  525.232939][   T38]  ? watchdog+0x20a/0xfe0
[  525.232967][   T38]  kthread+0x711/0x8a0
[  525.232996][   T38]  ? __pfx_watchdog+0x10/0x10
[  525.233016][   T38]  ? __pfx_kthread+0x10/0x10
[  525.233039][   T38]  ? rt_spin_unlock+0x150/0x200
[  525.233068][   T38]  ? rt_spin_unlock+0x161/0x200
[  525.233090][   T38]  ? __pfx_kthread+0x10/0x10
[  525.233117][   T38]  ret_from_fork+0x510/0xa50
[  525.233140][   T38]  ? __pfx_ret_from_fork+0x10/0x10
[  525.233159][   T38]  ? __switch_to+0xc9e/0x1480
[  525.233190][   T38]  ? __pfx_kthread+0x10/0x10
[  525.233218][   T38]  ret_from_fork_asm+0x1a/0x30
[  525.233260][   T38]  </TASK>
[  525.233680][   T38] Kernel Offset: disabled