last executing test programs:

2m42.787745206s ago: executing program 2 (id=274):
sendto$packet(0xffffffffffffffff, &(0x7f0000000180)="0203", 0x2, 0x0, 0x0, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0)
mount$overlay(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000040), 0x0, &(0x7f0000000380)={[{@lowerdir, 0x3a}], [], 0x2f})
unshare(0x2c020400)
r0 = msgget$private(0x0, 0x0)
msgsnd(0x0, &(0x7f0000000180)=ANY=[], 0x2000, 0x0)
r1 = openat$kvm(0x0, &(0x7f00000002c0), 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
ioctl$KVM_CAP_SPLIT_IRQCHIP(r2, 0x4068aea3, &(0x7f00000000c0)={0x79, 0x0, 0x1})
ioctl$KVM_SET_GSI_ROUTING(r2, 0x4008ae6a, &(0x7f0000000040)={0x1, 0x0, [{0x4, 0x2, 0x0, 0x0, @irqchip={0x2, 0x66}}]})
ioctl$KVM_CAP_X2APIC_API(r2, 0x4068aea3, &(0x7f00000001c0)={0x81, 0x0, 0x3})
r3 = eventfd2(0x8, 0x1)
ioctl$KVM_IRQFD(r2, 0x4020ae76, &(0x7f0000000080)={r3, 0x4})
write$eventfd(r3, &(0x7f0000000080)=0x430f, 0x8)
munmap(&(0x7f0000002000/0x1000)=nil, 0x1000)
r4 = socket$inet6(0xa, 0x2, 0x0)
ioctl$XFS_IOC_FD_TO_HANDLE(r4, 0xc038586a, &(0x7f00000003c0)={<r5=>r4, &(0x7f0000000000)='/dev/kvm\x00', 0x133702, &(0x7f0000000240)={@align=0x7, {0x8, 0x6a, 0x8001, 0xf1}}, 0x1, &(0x7f0000000300)={@_ha_fsid}, &(0x7f0000000340)=0x9})
r6 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000440), 0xffffffffffffffff)
sendmsg$TIPC_NL_NODE_GET(r5, &(0x7f0000000500)={&(0x7f0000000400)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f00000004c0)={&(0x7f0000000480)={0x14, r6, 0x2, 0x70bd28, 0x25dfdbff}, 0x14}, 0x1, 0x0, 0x0, 0x20000000}, 0xc001)
setsockopt$inet6_IPV6_FLOWLABEL_MGR(r4, 0x29, 0x20, &(0x7f0000000280)={@private0, 0x800, 0x0, 0x103, 0xc}, 0x20)
msgrcv(r0, &(0x7f0000001080)={0x0, ""/1}, 0x2000, 0x2, 0x3000)

2m39.295825395s ago: executing program 2 (id=284):
r0 = memfd_create(&(0x7f0000000000)='\x01\xfd\xae.+\xa6\x8c\xb6?2\x199\x94S,|x?Ue[\xbd\xe1!\x033\xbc\'#\xff\x17\x9b%\xf3[d  \x97\xf5G\x97A\xc2\xd8\xf0Uq\xe6+\xa5l\x94\v\xb6\a\x17\\\xfb\x04!\xe4\xc4\xb1\xa2\x1c\xffC;\x94Q\r\xb6}\x9c\xecC\v\xcf\xeb\xe4\x9aR\xe5,\x82\x03\x00\x19\x8d\xe8\xc6\xb9\xe4\xb4\x99\x8a\x19P\xb8\x8cx\b\x99\x04R\x05\xaf\xa2\xea5\f\xcc\x1a\x9b\x00Uf\xa5\xf7\x80Tgiz\nX\b\x91\xfd0\x8e\xb6\xa3\v#\xa1\xdf\xb4\xc0\xe6\xb4\xef\xa8i\xd8\xa2\xd2(\x98\x9bA\x8f\x13\xeb\xf4b/\xef!\x8f\xf6]-\xe9k\xb62\x89gEv\x13\xf4\xc7\xb2\xf5\\\x17\x90\xb5\xa6\xa8\xb8o\x0f\xe2 \xe7\x9c$\xd7\xf2@\xf7cdv[\t\x00\x8d\xf3\xcc1\r$\x1e\xff\xf0P\xb2\x97\xb8\xbc\xeb\x91\x87\x8bu\xbf\xd4\'\xff\x1f\f\x016\x9dQ\xeeT\xe8\bY\x00\xb2\x06\xa6\xbel\x9b.o\xbe\x80\x9dx\xd5O\xd6h\\I\xc9\x8d\a\x1d\xc9\x0f\x82\xdbs\xc7\x83L\x9e\xa2\xd1\xb3\xac\x8d\xd8\xb4\xb4\xea\x90Q\xd8\xc7\xeb%\x8bOp\x1ab\x96\xcf\xbb\x15\xcf\xfcN\xed\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00s\xaf\xa2\x14]p+\x96\x1ei|n\xda\xee\\\xae\x96*\x82*\xb8j\xda\xaa\x14\x1f\x1d\xf8\xf8\xae\xfcH\xc4\xb3j\xe8\xcfO\xef\x0e\xafe\xb5*\x89\x18\xb2w\x96\b\x1by\xeaT\xdd\xb3g6\xbc\x85\xb2Y\xccv\x06\x00\x00\x00\xc5e\x90\xc51\x9f\v_# \b\xa5\xbcP,|\xe9\xd6s\x1f\x1f\xbe\xd3\x80\xb1\xa8 \xce|df\x903\v\x02\xea.\x03X\xb5\xe4,8\xb7\xadEI\xdcA\xa7\xcc\xd7\xf9n\x1b\x95\xf8\x11Z\xe6:\x03\xce\xfe\x02\x8ctdy~_oC\x9e\xef\xf0\xa2K\xe9;\x8e:\x01\x03C\x92\xeb\x16\x1c\xbf\xbe\xef\xccUxhg\xffY\xe6\x83\xa6z\xff\x01\x9d o_{!O\xaajU\x84 \xe9\xb59r\x9cw\x18Z\xd3\xcd\x0e\xba\\\xdb\xf0\xe1\x86\t\xaf\vi\xdc\xbf?\xf5\n\xbd^\x05\xc0\xceuC}\xa8\xc7\xad\x86\xd7\x15&\xb9]1\x05J\x96\xf0\x84\xc1\f\xa6p\x96\xb8\x02\x13pA\x19\tf\x12\x88\xc8\x9c\xc9Cn\xd4\xa47V\'+\xcc\xbf\r\xa9\x10\x1d\xcf\xebKlb\xe5:\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00G\xdf\xbb\xc0_\x99F\xf4n]\x14\xbc\xcd\xd3\x9f\x9fe\xc5\xe6\xe8Mb\xc6\x82\x82\xcc\xcaXe\xe1\xa2\xaa\x02\x86\x18\xc5C\xeb\xa9\x17&\x01&\'w\xa1t0\x80\xf0\x93\x80\x9f\x9b\xe0\x9f\xea\xb9\x9eD]#V\xda\x92\xca\xc6\xfa.\xd6\xe31\xfe\xe8\x02\xebX\xbd\nz\x01O\xd3r\xa2\xa9u\x93\x12\xc2\xfb\xfc!;\xf4\xab\xb0\x88\xc0\xe3;\x1d\xd2\xda\xaa\x82\x94\xa5\xe5\xfd3\'v\xf6h)6~K\x1cA\xcb \xe1\xfa\x8c\xc7\xfc(\xbb7p\x93\xd1\xd1\x1a\xd3\xa5\xe5U\xf0+vM\x9eB\x16\x9cA\tD<hLu\xce \x12x\xfd\x11\x1c\xa7\xd6R\xa3\xd0\xba\xcd\xce\xe4\xaf\xa1\xceb\xf9\xb9\xb6\xd8\xd5\xa9\x01R\xbb\xe8\r\xf8d\xbd\xd0\x8b\'.\xd6\x19`\x9dx\xd15\x13\xe8\xc6\xbf\x90T\xcfR23E\x13\a\xf3\x15V\xb1e\x16|\xbf', 0x6) (async)
r1 = openat$vim2m(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0)
ioctl$vim2m_VIDIOC_ENUM_FRAMESIZES(r1, 0xc02c564a, &(0x7f00000003c0)={0x0, 0x2600a1b, 0x3, @discrete={0x8, 0x7}}) (async)
bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f0000000b80)=ANY=[], 0x0}, 0x94)
r2 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000040), 0x2c240, 0x0) (async)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e) (async)
sendmmsg$unix(r4, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) (async)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r5 = openat$zero(0xffffffffffffff9c, &(0x7f0000000000), 0x2002, 0x0)
sendfile(r5, r5, 0x0, 0x40000f63c)
r6 = syz_open_dev$loop(&(0x7f0000000080), 0x8000000000000001, 0x1c1280)
ioctl$LOOP_CONFIGURE(r6, 0x4c0a, &(0x7f0000000440)={r2, 0x0, {0x0, 0x0, 0x0, 0xe08, 0xfff, 0x0, 0x0, 0x0, 0x1c, "339f020bbe78b39843d601010000000000080d0ec0c1b4e9b1c4369d03740250ceaac594b1b3d741dd17c18e8438ef2a565ef1e83323695c58d66500", "a1163939c787a16c1ca43f8539f3d3289737f0374c72a964a0193b3e8772fd29f35239d200", "24431a1e77a68e174f000000000000000010e200000000000000000000000200"}}) (async)
r7 = openat$tcp_congestion(0xffffffffffffff9c, &(0x7f00000000c0), 0x1, 0x0)
write$tcp_congestion(r7, &(0x7f0000000100)='reno\x00', 0x5) (async, rerun: 64)
r8 = bpf$PROG_LOAD(0x5, &(0x7f0000000140)={0x17, 0x3, &(0x7f0000000200)=@framed, &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_sysctl=0x12, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0xa0) (rerun: 64)
r9 = openat(0xffffffffffffff9c, &(0x7f0000000280)='./cgroup\x00', 0x0, 0x0)
bpf$BPF_PROG_ATTACH(0x8, &(0x7f00000002c0)={@cgroup=r9, r8, 0x5, 0x0, 0x0, @void, @value=0x0}, 0x20)
write$tcp_congestion(r7, &(0x7f0000000300)='reno\x00', 0x5) (async, rerun: 64)
bpf$BPF_PROG_DETACH(0x9, &(0x7f0000000340)={@cgroup=r9, r8, 0x12, 0x0, 0x0, @void, @value=0x0}, 0x20) (async, rerun: 64)
write$tcp_congestion(r7, &(0x7f0000000380)='reno\x00', 0x5) (async, rerun: 64)
ioctl$LOOP_CHANGE_FD(r6, 0x4c06, r2) (rerun: 64)
r10 = bpf$MAP_CREATE(0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="22000000040000001000"], 0x48)
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f00000000c0)={r10, <r11=>0xffffffffffffffff}, 0x4)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000580)={0x11, 0x10, &(0x7f0000000100)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000000000007b8af8ff00000000b7080000643200007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007041af64090aac40d6600000800000018230000", @ANYRES32=r11, @ANYBLOB="0000000000000000b70500000800000085000000a500000095"], &(0x7f0000000080)='GPL\x00', 0x5, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xfffffffe}, 0x94)
fallocate(r0, 0x0, 0x0, 0x400)
read(r0, &(0x7f0000000d40)=""/4096, 0x1000)

2m38.351549057s ago: executing program 2 (id=288):
r0 = getpgrp(0x0)
sched_setaffinity(r0, 0x8, &(0x7f0000000040)=0x5)
prlimit64(0x0, 0xe, &(0x7f0000000100)={0x8, 0x80000100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setscheduler(r0, 0x2, &(0x7f0000000000)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
r1 = syz_clone(0x8000, 0x0, 0xfffffffffffffe7e, 0x0, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, r1, 0x1, 0x0)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8)
r3 = socket$inet6(0xa, 0x1, 0x0)
bind$inet6(r3, &(0x7f0000000000)={0xa, 0x4e20, 0x5a8, @ipv4={'\x00', '\xff\xff', @empty}, 0x8}, 0x1c)
setsockopt$inet6_int(r3, 0x29, 0x21, 0x0, 0x0)
sendto$inet6(r3, 0x0, 0x0, 0xfffffefffbfbbfbe, 0x0, 0x0)
io_uring_setup(0x669, 0x0)
listen(0xffffffffffffffff, 0x1ff)
capset(&(0x7f0000000000)={0x20080522}, 0x0)
socketpair$unix(0x1, 0x1, 0x0, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0)
mount(0x0, &(0x7f0000000240)='./file1\x00', &(0x7f0000000000)='tmpfs\x00', 0x2, &(0x7f0000000300)='usrquota')
r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='net_prio.prioidx\x00', 0x275a, 0x0)
quotactl_fd$Q_SETQUOTA(r4, 0xffffffff80000800, 0x0, &(0x7f00000000c0)={0x4, 0x2, 0x6, 0x7, 0x2, 0x7e71, 0x1, 0x6, 0x93})

2m36.249651989s ago: executing program 2 (id=290):
mknod$loop(&(0x7f0000000140)='./file0\x00', 0xfff, 0x1)
r0 = openat$fuse(0xffffffffffffff9c, &(0x7f00000001c0), 0x42, 0x0)
mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x80, &(0x7f0000002140)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r0, @ANYBLOB=',rootmode=000000000100000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0])
read$FUSE(r0, &(0x7f00000083c0)={0x2020, 0x0, <r1=>0x0, <r2=>0x0, <r3=>0x0}, 0x2020)
write$FUSE_INIT(r0, &(0x7f0000000040)={0x50, 0x0, r1, {0x7, 0x1f, 0x0, 0x34014c40, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10}}, 0x50)
syz_fuse_handle_req(r0, &(0x7f00000021c0)="0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000e00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000800000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000060000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000dc4e00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ba045abcd5dfc67d00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000081000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000230000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000050000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000090000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000dc000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000008000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000209bfd66eea210560000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000020000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000003dc150f400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000040000000000000000001d000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000030000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f50000000000000000000000000000000000000000000000000000000000000000000000000000000000c6d90000000000001354c4b6000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f8000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001a00", 0x2000, &(0x7f00000062c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000300)={0x20, 0x0, 0x0, {0x0, 0x1a}}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
bpf$PROG_LOAD(0x5, &(0x7f0000000600)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000002000085000000080000001801000020646c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000007000000850000000e00000095"], 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x34, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r4 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="0b00000007000000010001000900000001"], 0x48)
write$cgroup_type(0xffffffffffffffff, &(0x7f0000000080), 0x11ffffce1)
bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f0000000080)={r4, &(0x7f0000000080), &(0x7f0000000200)=""/166}, 0x20)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b70800000d0000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000001"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x6, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000180)={r5, 0x2000000, 0xe, 0x0, &(0x7f0000000200)="63eced8e46dc3f0adf33c9f7b986", 0x0, 0x3800, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)
syz_fuse_handle_req(r0, &(0x7f0000004200)="a28096c80abf3543ecde7564abff5085d2227ebcb0f164ae92706ad0b083a3f469a3efd15b4921e9c3063b98b3082068e7c31950dde842eac55df0f991453cad62a6956b0b6f7b8cf49b506a3060fe1127eca99663ade8efa89ee189acb5f3b92f6bc4c46621c803eed0d0bb5f32384870ed08f89d4f74445762fb99715e083c4c92a8878be19ffacc30d0f2da64f971cd40563163adc15670ecf25cd3ad96138967c4b53ad9d04b5193ab5fb674aa0030a9d703d1baf810ce897f969121f142161919e583c275671b999e7f363891dfdfdf3556d01b86ee29eca8fccbfeaf1771395148706cc6e6be7ce29fc9ffef061b5420950c1a525bf75ad06edec51538d1c5bbc77da72dc90fd9998936fffdda2427e5a68966c7e2208f76304680182ec73007e482f034195712af922db2726195d997708734db9e7825a864be00b2a4f800881fc0363f5e618398454f35b148b4ccb88d418269fac868a8ba4a2d5b4f06a1ac01b5ad158b842e05adca22c7372585bf4ce95560b6c1e021a3ed2ff7bd3b6b3c7734c3b66d7e4c460096312082f89b16baa6e73814aa60925780cd92cd65087e260ec046fc363264366a9df2c849c0644911303946adad544521ceb469a3e193ecc9a7876403fac461a4a70d6193b2451189a5c5120b3535e9edf619108af7f517b58abd3fa7fb1ab832213430d2e6901076fba9c9e1acc6c6f48ff0e419bbc45589745a176f52a7407ad5e3dd49acb31b47862806f47077dda04905e45a80a12cbcd4d2dd9fe66c2d1f99394fed8ec60961cd2dc7115a96ece432fac86d51bebb08b95f447a83792fe80291fca7b298c9043ef2c26f0f7e42798d3f54c84b94c24c76c555d83ecc53b99bb22d71845e5cf21a5ba7fbeffeb6306e1730db14561b950a3f24bcfd78d4ab0d97de8054bb1a6077ae7cca6e45d846d3df82298d07212922742cb0facac3b77edfbab90e9ee2d4f7b0ee9b17bb11ec5e5721340d84cb6bd93428167e69b47759172557acda313c3decdfc6fe9336bfade459f43b39d0f2289f9142db280f4ee668e650e12858c577e12e2b9a57ee66c834be97979bcbe94747fa5d8d0b7d3a9f8f218df1bf960f828429a1efe838616b18faf6629236ddbded43a093efae163228e5c38fd7714743c2fcca47e3382bcfb1ab893fd7377527b4ec43f3fa60ebd338161d8de7cad65b15579e4af258f5fe3a63c2637a15703207029b0899b5427767647baef11e291358e6e54f6f13d3d2ca7a5e7969e04d2733b3b9ab822c69a3cfac097384de5071a9b74a656136d55eb1000008747b509fd610ff62b4950ef71c934fe21a48a4931d3d9458b415f112cee65c660f5490e982341da1c58634b3967ca6f3596d20cc90f508382156e36f16539093240ef5f2aa6a2c0dff2a67df30dcf50bf6e0b82a3d49f2d532a8dde1b3ceefcf0837190b74186090d1c18b59917d7efce1adfb238ef4a7b1d22c4cef09320221de883e97e6882466508de06fcdabad3b741bdca2cff879d57ddda52f42b3dcb8a78cfc05826af7e4ff155960ff8491194f4d321ef195990abaeeefdcb852d1e1e3703f317385a9458b6c2dd9db830f757ec29c9939fc7313e639fe485bc1e41ddaaef3fbf1f7cc527c8fad0d21b8082482caad7bee440e5097665f636c3dfec82f8c98afb6243bc3944939675a594277d278ba4361461f7da52e224e4ce5dee4a467bf6ae9f67b61ac6eb0a440406abac2016eec907e241c57f5f44be47290fd0fef785ff04df3810ccd637b4d97a84bae8486a36f75d872e645fe46625969fc2d1f032c56ed44bd98ea27bd9b6ddc8eb2dc2ec9f90f2f1ca1bd20e37ac58b03c84c872f4ba47310654986641460dfdd531ac62a76ad87b89c103ac5c9c2e7e70c66447b3412d4a1e5cbc30e16939505116c04de33ae054ed366de8d1f971c2de439957a194e22a488f58d7efd46439177f3f3c45a1475927eecd846d3d2e6a2ab5c7f8addd99062c2fc6b272d1f51bb8f22f1b6f8bb3faf8aa85e5eb9abf7df5cf8f26267323808b0833a987989cbe59205e7ad06556e2d1b8a4873ca1cbcbc8d43abc145fd4eb832e7a58ab2c793d003ce7b1850ce45eb7480417a1e9eb9d39a1028a2a04a2aa649c098c4f8eee514db5f6021173bb254b8e22b150b2ca01dc7ff235db46ed78d07f43d1adab13b8445d1b32069eb45f9d389fcf5a3f7d3ebe243c5b1fe17b1f5a3d571b65f21b9e471e818172554dc956749b99cb7a5f303ec480d7194a2ba86e204f06aa1becdddc8c49082c527e7064ac2ad77dc05639d3d2a7778f6943ed6105ebf6f0b9e94fddbe05c236ec000f4d1d4e496b10068211ab68ada4c7f7ac61f5f5ba5f1810d5bbe87ff4f8356af0d3f682baedb0ad8f8488b277421f0a03fc5e3095ee34bc4472d8f17e3f7013cf2f79f5ff3ea4b6bae56d1365a33b09bfa9a496323f7da923b7e29dce4beb80035f13130004c96e56d7ef6ca6c101d20c27a218e623227c33c9e488b17e7ae9ac20da8240501f7b614a1730f164553fe479ef149866e4ea47296814284a3d3eb7cbb294289ffb996e0eb053b9c16e54cf267832e3d360eb196ed51305630223309ea97215628f01ec9d3ea48096418d5e962cac5063460f0a18772ec7ce66d14a1cce14b52c40bbbfafccbf1e76f09e57ff0718048e5b993157a6cf4718826b1e09430413a3596a15c4a620fa8c8e1d1663e5739f9f790ddbb3be0e00187d43717d659242467d8681ac10303346157f894d9037641417010e9654c6a5b22383e73a5a37128f50078a980c30930321aa5c5e7851d5d392ddce3a14a96916fa8421ae6728f37f5de7c3e98feb4babd4e1bd2315d595e209d52748f70adc2284fcdaa6ad880470d2a071f3490aaf3491fb64b4547419e8eccdc491a8921156cb4811ad1e66514a32b0b31b641438881f28c1e6461b4f451938999af671e8c6a5cd0c072a9fe4cdbefe24ca616f3d0a15ac97cca835b1a440e04fa28340c6044176c8ecc8ee0d033d47db8a0aacfa0eabdfa1c9509fc2604008f01cbafeb5bd2b503b809ed672340b9a576593f1ef388391b54b605e7a15bef7b1345627a34fca57738b0f8f4f19eea93c903495274a4425a1a1cc6c4c6e335b631df5185c95b485a4257867b5347a40e4e14dcc560f061fd4fd265137dc68afd548adde778f1330f769acb1ccf5da14ff6992c24e210ea6e6179421881b803393bc6974e37106c5b5b3b5d0b3469f8969bffb7e4ceb2c98e928e74366492d27235ae4c74a2f48511aeeaa53a2beafa7a331b50e454c507af1b63350a5cef35668a5b9325014192277e509561008b3601088f79d42eaa8b1e4ae2000b31749e2b8094312ddb7f3c1cd625ef885c11fa22a66e374b52b3425e0b8016154e1fd8471339e32e7373d63ab646d893fbe09ae07b06074c01401ea76b3c382a9d32f24f93c789964e16bc4206ecd75c10917ab84ffd8d6cdf4cd28fd90375ff28518f8c1a3befc538e1b9e427fb671988d29f2fb2fcd039f4d341c84eb4d7cf600ddaba88bb094e4d87a1419180149f491368e648b69985b05ac39a4ecdd3c5135f3a5c8ad7792dacb6470144bb9e67805a211efb3ec9ccaf8e0901345fb19e4da579e1fbe86a1207f4f13c3436009c2c640b7cf3f8b77ca7bd994bf93308027359c6dd1b7db1e153fc0821968ef36c003b6c73fe890f4de24f5c6458dbaaf3819edeaa91783c3cfc7e773689236248195c7bbd60113f2476fa3687621d668d1728ee433d2f8f4db707345d30f1e52ab87a2a0afd547c6bb06500f59f17facde48f693490e22494b75d11df1a143b85068d143ef6a9bb5937a9df380c8948f1a01e9675e18409edb0f6b9605b68e34632fcce472dc50b90b0f6dcd57931f78e1e8861a0fb62e72b0baad6f9d23c1cfb0f19b25013c8d9fcd786a2f6f79768b5fb398f7b2baa31ce8156d1fc4a46c1c463fdf30360d42aeed2ef11611d0b7f654bb51052fd4dc39328f8ec4c58bbda05e6f1b3c8f6d8adca0268f2410e9a4a7d63b6616006d0e02f6edacc10e5c54fd85f15a8bd7648a293f23d6a699bd9a675250475a73a96d7475e4fabb89fb5e7de5d7a3479aa485c0befc60d0ac4fd5ac6dbecceb06cad86e219fc0ce4720758917811a3215f8d13e413bfb64fc065fc421aede0b56691797dac428c7e463479fa591b9072c309b7533e427c5cc11a1f6cf9a5b995d328d796d874c5b55dfc12a5039b413ce319cf5ba1f355c4e0717d32650b43e18010f37f048731931c52c4f36eb969dda702afe96c2a5241350a67ba2d026946189c5e281293c9a8e2cff3784776f1de78b917101b54e5ab00c045ea15f28a0e3f509962cf8bd3385d85250737eae5c34ece86b86669c13b00308a3b13c0ac3c83ff26fb52a4aa83c1233a9490cb9ca917a056908931751bddb88a62379a713395f0764e4a393faf253a4026d0472270e6036287d56850df1751543484d65b3062155b6300e0024241c59a862ae769c1a9232a2d9fb24705177a09cceb3eefbf9f106f67e01be14cdeb4d2fc7d8661df3e75de5ccd09a7e559f028fb9837c621ea0045b4d1b679067f246339c974631aa7134d4e910efb28d3c48929cef1df7e6c73668762d55086b6c59c36ac90154135fd7ca4e4047dd0aa161fa982d8edf9c0cb9666477e096c55718f6e4742415fefd4f696d1f1ccd6322bc19496ddebd36282a7c707d5b44113e30678e6e33ab7d34be04a59ac614d6a54134490998be02636fa91633d6294781c2b9a54c611c0045cfcfe81f49aa21b29d835cd2047c854486fd8e65a2ebf629f7ced602b9dd107bfde483e5c9b5cbba4a08cdce09920bda9978b7fc2b4a89bf1573a26389e52090fdf5dccf22111dc8c42fd3c8c477092895398086cc22cca665269e193fc650742a361a44b857d258429f701f22e9b7615bc3dab78c1479a41cf8575cdb17169470b347adfc03e03daea3e269725cfc72df5664b9df36d2f2b55013b71133e0b80577a47182511ebb308b6248d457bd2af7b28e77182c305241178c4124ab102771fd5a8c3dacb8775de881301d71587c76bcf0a97a72ad244d0c42fd71aceec32dd48bb5c9a95b391166c832ac5bac8c7cae4d18b3f7d9f2e4782fdf97732e3d51f67bbb57f989ee0d7589dbd0c2a5c63840e914b9d7d720fa120acbffebf816b588b2ccc052e7fa78992e0ea39dd21a122add41195f8e2e1acd777c1a4e8ef4362fef441feb4d9252c6bfbd2742152300a32027776e3341620d3c8d9365e10e81adcca7d87a0e555c98a0353c692557d90ee9be3fbaab766abf93e2462149fd99c92a5fc58d899ee75535cd1fe1386c5ab0b157c2102039d6015258f59cef3f15b951893a30ae839f740402a30b34e7be73796286403c5beb0853d856d83f1b00b48328f56dcb32e1faab08a3435b1482bf18b21c95aefeaafa7fd761c7f28d416fcde06bf7aee5c6e9eb50e55874253ba3f1d0ce2505b4fc7c3fc996bfbb8446bafe84f5bea94bfd7ca5aeaf237fe793b66e5c521d4092e4e1f9bde1dfcfe53fa55005d21cfa833a338fd9792614129336060e10d1911862070761aa20c2902eb7c5a355eff4cf6253d7102a2ca1fead4c53b57d576d104c081310d92797e4e2e8c269d19910d0d4cedf30fa28ba680c00137f83de940624229b6a125ce5233c6cf4a3640b74f58f288dad8451fbe37641c5559a5f3caf1299c8bfb230723652278fe378efd8e459b9da26cffeb58468a6301dbc06d713ba2d8d43d9038f5f2dc8b831ba58a88eeb5b1786b21e398aeeeb7c1f3d6f01d82b3947862fb9e7cbd7da5d04c5fcd34da28d53e2246e3ac1e3a619ad174efa6435eaa0fc94d610799ce0158421dce046306eb5042143daa336d52206b12610ea6389cdda49bf5af1d4ee42ac090a94ae7b7612073f3a5c36a2245eda887f41478f7d20f18667f941f71eebcfa76c1ab28f2a49a3bd56bd3f4e6bd079ab3fe2d94782236e83585a03e52907abaef7456a95d5d3f3d37efdc035dbfd7c41b8ba0af2df8adf1cf24f7ff0beccd3d26bc91caf42314ef7e466f74e19ae0df2e2298fc2f694a7ec134632035585d530e7e19f65c256f001d75382d9825ef741bc213af186377d9ca10d3722354e1897ca5c23ac6a52c9ad0e6b686e1776f7ec65df033e8f4d5db80c1bc354093b319cb70df93d610667675816328c99322f14e636b95f04e6497f139d508b453f53ddb5c289d849fd5407c9bdcefd1642abd46e28cb4e94371bdc606eeb67c9fe17747c68f2d50e82711da4d3edb0eda06f41b7f93fa8fb4d83cf21c79da67000bac2275508217ade1659fa8d24e5f8efb9f4bd21073ebef3d06368eb03fa3cf0d638448bd055ed20d292033ffdba538559c8ff9a2a5c8f83b5c393643d6585d1df994c3be43e72b8f3f53114d2a5f6bcedb573842b23b6a3eb7fca8495bf03bd03fde7b19bd39a16cec49e01f38e671af33cae082d9788e3202799bc466babec2080528d0609c0b731964719093735b4c1e73bd0705637c47516922197c552baeaf3516b5e3bbc2cd1afa3ef8215196ed580d9561092f620b897e98e786a0c7cbb0eedda8063292ba6482497f5f6bb62fb5ab4c97cb7658dc6579718eb97b547fcf47ced1426561af93a15fb4dc6d3d93b868644943c2c94b23b0570bbb81df2666c24f5abccfcdd71e209f3bb43c01d17f9bc8b9af2c26762fc6a741a150b7d1186e4f35175f3c315243e1c11e92c43a1fc492eef5a13c77a81fcf514ebfd0f8e645dae15a07e86b2f01fda065db4505a5eea83cb616f744f6bee731be191c65449c02603556d5a51422cf9c2f19f8d6843e0c1091e0708aa271e91f71c8602b9fa72189e036b7cb6af1569f21269283de94a6d7fe5849fd433d5b719c80419873db0587fc29786cc598d896fb16360bddd2ce12e54d05418f4f5e5f2d7aafe9fcd6268cbe2e9e6329ffb6c67fab8f3ce673028cc06aaa6b857556bba3b44d3fab5b6e875e70a2f3ad4b2ff76f31ead3462d3801ba373b3c2f545e94f57021575e2947f81f53283fc0a5137fd44fa3d074c92de54a0a3465c858f5a7ef08313faddbc3663e4e0167f3cba39612057a7518fbfb031f5ad0f9f75831973ebd733b82e554bf3fdec84e51f65dab6028c6c51366d9d4700fdf255e4c7bd70766e7f2281b3f2a5363f85ce49f9135904d14bcb117ad754c2594dcdca2d30e40ff265b5accfb116f64ed99aad570c4c5a91efdbb984ac651d8721405a0342cf77f448c17a152eabf29e88950558a86d0074e1cefab1eb7c366682f686ee1338737e675ea58eb8b4c86b9f28a6f6e96459f29e3b4dc59ff044c61a0dcc5c31d803e6e98420e446229ccdec3d0f705e92ffe016bb3696373eadab7f35ccf65ab4d9be09a085ce21bbd7c0555376e4d7fe68b5e7a64f48b5127825fb2be598d991f9c1a54bf52713417dcc599e812d85513a537e6eafa738edc972b67e065595d11678449bce6cd3d69800a649b560d0e057c502ca3e72e97820829ecfea801192c3f4e2c8763c095a43ee6fe45fe8730130937668df1d4ee577ada28238be03286481f2d2a004cc4d48856e71fbd64f1a0043a4520ecbbf1b3abdc96b87a27be8495a20542967aa4cd3a44a11502419a083d84e97abfde0901b66dde48388649a0ed6d93b9f20c530e990c7c52370a114d800d6ab3f6687d6bbc105b63738fe05fa6cac98ad6663936bb18cb923264e4c921012b68a26a70977446b8f15f9d62467d8b356560c183a6bd6cd76ec868c3bd94a595cd7bf996755a508a814980c5e588b275200c45afd900c8c2de329ec2484b0e3ecd7b0960e5e3425881d1ff7f8bd8b20f5cc98ffc3acb77f5e88775a4bd3ab9f9eb027e27d3af55ebdf4eebab48ea911128d668d00fc3f5b5480aa0d9a4af563ba577384448e5425157133d59e1cef3c722f33700bd372825046b1fa5824e405154a3af1440bc2b75acfbd07cf92e8c162587e74b5ab66b1c6aeab3ad5fa3ee91da4900ef30ad04baea326df912517dd96e1696b4a91faa66675978a375e81f25464a1073dc6737af08d7e25956bb31d438548a7da38662d49db812a8cf1d6cc65f5c63879fd9ee7fd2a66ca3fc1a768cb239aab88c87206470b4c60592afeb6d69ed97a8f990155862ba4e22b64804142c131a23792937aa8a8696e165c24d7692a04bb4471b0f0d2507fe7c8618421428fc7a0acc984ca5cc6bacb772e8a717bbaa646f9643275910a6037afaf5a80678d18edda138a4e13d06d04a5d06431eab48738225cf1567e960e765728dc12e91b91c6f2b33dfb6e033aa68c1c2334d24335abc4a7a1df5636dec29091da54d5f5a1fff41e4a35a0c2f04f968f7d78e2f51c73577e2192bb20f289aaba5a175c2ed533855bd9ed9a842ad482136dd5e0cf45eb5e2d31ff62a3be1cf8a94a58316e74f4ab9fc54f3a0bb83beef0f355993bdea2c83e61cdc796bf2564ae51fae616799e8711998cd88d35cd9824452fdd65226174b46792cb87f4dd282e4e6f67eb66da413ad877ed6ce775f7e19bc93f48bb9e5ec04009de3c042aeacf7f4b25ad6b30e017303f64fe07ac79e8744aab6926d117f13513d0469cef335fe1d0d787c2d0b2c031a9521786ac10e9f8b768271680337f2c3262abdccb5d3107c632bf1f74c83ee91f49988222fb080cc8faa9b1a02526d8b6087e0b2354173d29016b3309587c16f057dd812aa63c3169150de81f3af97d082a8f8da4ce4f909ff649821d7f96d97613552e8cc4902e046ecfa329b1d980ff5ece69b8f1615fdff5244f41cec0af924624ae1641ecae5fa26c5fb9006e57100ee71377ced7c255ae17a0845e2ee0287c62c1852f93877f9f86157ca9675d383fff5cd6f2b001ec0136c07cf37f5ace1853122c2baa1092d418e2a490c4a5c8f56b828ce1bafeef4e77f095d6b4ed99d56f66812cb19be540ebe5d52e7eff2d69cbb8477e11514f7e3604bf9999f78c2f1ca6f60a2216b87fa0f25269c425b7d50709b200912b3b7899c95e12d6e9c4dacc19e327721860e0477a53e6793fbb7fb9704a848f395f48c24a6e79b9e1358cc3497251de88b8d3a7b22c6d8af1a7fab81530d9f0cc98f62debb222b54780d89794238532717b447d71b46a60ed481c21db85b590b31720009695ecffd4ef029964e5d5149622233ac013e960a005c924f73ea82c318455546c53d74aa3f7e2ff26aa074c40a55aba8b08027fc19b596eec6c4f89bae39e74b9aad88344f7cc5ad3eefa5095f2ab47222e9a357ecd71c6700ac576025201490d9e446603dfd4bda7617dd500981b2d2ab8c43882a5208494cb3f8ebc720bca8a7cf6c80bd7aaaf89507bb3412ea490a78973f12cc30413e9df1458917ea3d68b438d424c1314bc8d01939c5a5a842438281e62d0c800dee704b2a6cd3e1e4b885a6b26b894a98765fa3308c9e4b87f93625faecdb17c29a27cd243bf6030a67874ec9f2443cf8154261ac2a834c01cbe1f314ee7aa3ca552e1648cf8b42a63f249e3538026e09e44d69dc259adb0d1a0cbccb5a5dd5d0dccc90d023da79d5634188ff060f7e35a5f9d7ad99546824d63975d4452de876093f4e997dc46eedcd80a9eebf5e4f077fbb10c7d9e19a3419e7b845972a3b62613c5404a209b16fa88e0ff49d7b4f21fecc1f773c5b4be61021e0cab8602c6e8257649303aaeafcbb178e7a460ff07f219c46eb6fe5bf8113723e454003bd707767c107daf4255751daaf8decf35262640058924eb6587868b2c08230b317e97396ebc928ba8d274ca0eed0bfcb637676003c64e8c1e1a0420b6c96a44226061ced41b8448382abd2f3d0c472afcde231fbc9ee90c2f1132f8e2391246f95ad93354c7460e20de996ad0f61b13b27646887a637cede90b94b7d8c3130f0fe060e8d955c711a2700b302a75bdeb32a0a6802ea795cb114f5f82a1a381a86bbff88b299e47728b746dff964c94c52b661b9429376b1320b46081426b7c340206dc0da151bf84be2a49e78b6b5938753d2b1be8d9e67c43c5d70e72519f5f90d0500e84ee38f82b191ac4d968b0a37901fd923cb289d585693ac3c3f8a94fca6df45e694e199a9cd0b1bc1fa7394bcc96aae670dca6605a998793b7e067ac410ba631057b8b76fcbe9524df820c02efef1608b743cd2aa6d60d3d8e476fa12d3acc329f8272b087d89471177ed531fec1f9c24a975ca2fcd8c246a33e291a3f00b7f234052067a0059c86762475256bb5e7dac6f121a0925506b18933c6e314915d4b3b2130aafc2483ef22ff8bb7b887565b1bd22fabca22037d8fc9437f675c5313526266f60bb7c7c47f30c7d567ed142ea5ec367c4298328d20e5344f01c0c90cf8a6302f4d84b6ba7495fba314a05ba29b63bb6d458fdb05a4411136958309f418fb178e19aa09ff9e62b29732fb2986c96e738f7a688cb2122dbb8f2ad9a5f28bc49ec0c462413552afee8e403259b55ad6dc334dde7f2d306929dd01f2aa6036cafd41874522689301b81c9e50e86828894140356db0a3317b081ed9d8148c41e77e6bda6287762532b86eb91f5480915680deb8a91fb8652b7f0109064865d2b846af0861f67d3f720d6e306540cd7b68f095ef3690b88ea93fb6a402ff5697597cda83171f159e85307d1a8c01611189bd4eb4f0453ab88d43ae181a562a76902a67c687514079d6f4304d9a7c0fa24b6e86074ea0a9fd8187c120312078f5ebfa674adc0303734bf8f6b5585943706594192ad64c9f7d9794fb83758924f862855ddd50bff58b522c43d73c03289baec628cd693cab93101b1e473b76532510e10f03e86812fea6f2d6f5467dcf29e6d7cf8524f383a0ded3f0951c3ffb171a6b8a6d97b5fa8899a19f1a3d0e934a1d4741076e4394ba225158f697bf7d5651717c6950229a0be22e8120d76a414edbcd03d505264b7ede8272ccbd6dbdcebaf11daf6a652f6f9eb74ba7a3ecc942892891388005ae5d971e4e79d696564906dffd44845b704a9abc2fa5ba1bb69a548423a08044ad6d0e365db7e6bea0f3844a452759716cb98dcf326001ec90c1c343174098cdf47ea2e13341058ca014d2a30e9ba3c526de72a6e387181bf76a278c9cbc518d8c374a3f1d9802a39464a100903dbec16f8f095f5d82d9d09507281e4f7fe0ce4fbeced193902a5f658af2a4c1d0952dabdc6ae5830b6b5a2c3f5b8d33a73665990822e5f4a7ce5366755a1615543bdf78299c71e890e0bedb6ec277b10a389d6a3ba9c037221421279e51ab50fb115de2076cc99444202e88ebd9d0fbe4e60234b7b761495ac6c9e615ddac8176164a88fb6d6cc2b52672c8949afe3efc1e87a598896bc93e421423844fcaafe65af898a015b3bcaf623ebeef9a57155af5278ceb52b995f7ca466d9e18b05e86380679e0257cff6d0c6750078462f2ee4701d6d8289ed848b877cf5918625b7937060d667c11119881c30809056892352c6c53c01e395af6866ea350e6f21fa3db772c1177c759999973b51e11ffc590800", 0x2000, &(0x7f0000000c80)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000580)={0x78, 0x0, 0x6, {0x8, 0xfffffffe, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x3966, 0x1, 0x8000, 0xfffffffc, r2, r3, 0x1, 0x4}}}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
r6 = openat(0xffffffffffffff9c, &(0x7f0000000280)='./file0\x00', 0x80101, 0x101)
write$tcp_congestion(r6, &(0x7f00000000c0)='lp\x00', 0xfffffdef)
dup2(r6, r0)
close(r6)
r7 = syz_clone(0x8000, 0x0, 0xfffffffffffffe7e, 0x0, 0x0, 0x0)
setpgid(r7, 0x0)
setpgid(r7, r7)
process_vm_readv(r7, &(0x7f0000000140)=[{&(0x7f0000000000)=""/53, 0x35}, {&(0x7f0000000040)=""/127, 0x7f}, {&(0x7f00000000c0)=""/115, 0x73}], 0x3, &(0x7f0000001680)=[{&(0x7f0000000180)=""/31, 0x1f}, {&(0x7f00000001c0)=""/72, 0x48}, {&(0x7f0000000240)=""/4096, 0x1000}, {&(0x7f0000001240)=""/122, 0x7a}, {&(0x7f00000012c0)=""/190, 0xbe}, {&(0x7f0000001380)=""/226, 0xe2}, {&(0x7f0000001480)=""/160, 0xa0}, {&(0x7f0000001540)=""/236, 0xec}, {&(0x7f0000001640)=""/9, 0x9}], 0x9, 0x0)

2m25.671422385s ago: executing program 2 (id=310):
r0 = socket$inet6(0xa, 0x2, 0x0)
setsockopt$sock_int(r0, 0x1, 0xf, &(0x7f0000000240)=0x9, 0x4)
bind$inet6(r0, &(0x7f0000000380)={0xa, 0x4e24, 0x9, @dev={0xfe, 0x80, '\x00', 0x23}, 0x9}, 0x1c)
bind$inet6(r0, &(0x7f0000000040)={0xa, 0xe22}, 0x1c)
r1 = socket$netlink(0x10, 0x3, 0x8000000004)
writev(r1, &(0x7f0000000180)=[{&(0x7f00000001c0)="580000001500add427323b472545b45602117fffffff81000e22d991000000000000a80013007b0009008000", 0x2c}], 0x1)
sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000000)=ANY=[@ANYRESDEC, @ANYBLOB="756d76ea6dd0aa673266", @ANYRES8, @ANYRES16], 0x14}, 0x1, 0x0, 0x0, 0x4001}, 0x8805)

2m21.486483589s ago: executing program 2 (id=319):
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080), 0x60081, 0x0)
ioctl$TIOCSETD(r0, 0x5423, 0x0)
ioctl$TCSETS(r0, 0x404c4701, &(0x7f0000000040)={0x1, 0x0, 0x4, 0x400000, 0xf, "0000130000000000264f0512d30f505700"})

2m21.083685954s ago: executing program 32 (id=319):
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080), 0x60081, 0x0)
ioctl$TIOCSETD(r0, 0x5423, 0x0)
ioctl$TCSETS(r0, 0x404c4701, &(0x7f0000000040)={0x1, 0x0, 0x4, 0x400000, 0xf, "0000130000000000264f0512d30f505700"})

39.063236803s ago: executing program 0 (id=513):
r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xc, &(0x7f00000000c0)={0x1, &(0x7f00000005c0)=[{0x6}]})
bpf$OBJ_PIN_MAP(0x6, 0x0, 0x0)
r1 = syz_open_dev$sg(&(0x7f00000001c0), 0xad52, 0x0)
ioctl$SG_GET_REQUEST_TABLE(r1, 0x2286, &(0x7f0000000340))
ioctl$SECCOMP_IOCTL_NOTIF_SEND(r0, 0xc0502103, &(0x7f0000000080)={0x0, 0x1, 0x100fe})

37.675751582s ago: executing program 0 (id=515):
ioctl$SNDCTL_DSP_SETFMT(0xffffffffffffffff, 0xc0045005, &(0x7f0000000000)=0x4)
socket$inet6_udp(0xa, 0x2, 0x0)
userfaultfd(0x80001)
socket$nl_netfilter(0x10, 0x3, 0xc)
io_uring_setup(0x3458, &(0x7f0000000080)={0x0, 0x93d5, 0x80, 0x2, 0x1})
r0 = socket$packet(0x11, 0x3, 0x300)
close(0xffffffffffffffff)
sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
mmap(&(0x7f0000000000/0x400000)=nil, 0x400000, 0x7, 0xca352c92cb699c71, 0xffffffffffffffff, 0xd0a55000)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000100)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = syz_open_dev$MSR(&(0x7f00000007c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102384, 0x18ff0)
r2 = bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000280)={r2, 0x27, 0x19, 0x0, &(0x7f00000001c0)="0300f90ffac42324e8797dadd1ebe74f66e6447cd2487e0521", 0x0, 0x0, 0xf2ffffff, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x50)
r3 = syz_open_procfs$namespace(0x0, &(0x7f0000001380)='ns/user\x00')
open_by_handle_at(r3, &(0x7f0000000040)=ANY=[@ANYBLOB="20000000f1000100", @ANYRES64=r0], 0x0)
mount$overlay(0x0, 0x0, 0x0, 0x2000008, 0x0)
ioctl$SNDCTL_DSP_RESET(0xffffffffffffffff, 0x5000, 0x0)

36.763558037s ago: executing program 0 (id=518):
r0 = getpgrp(0x0)
sched_setaffinity(r0, 0x8, &(0x7f0000000040)=0x5)
prlimit64(0x0, 0xe, &(0x7f0000000100)={0x8, 0x80000100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setscheduler(r0, 0x2, &(0x7f0000000000)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
r1 = syz_clone(0x8000, 0x0, 0xfffffffffffffe7e, 0x0, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, r1, 0x1, 0x0)
read$msr(0xffffffffffffffff, &(0x7f0000019680)=""/102392, 0x18ff8)
mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0)
mount(0x0, &(0x7f0000000240)='./file1\x00', &(0x7f0000000000)='tmpfs\x00', 0x2, &(0x7f0000000300)='usrquota')
chdir(&(0x7f0000000180)='./file1\x00')
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='net_prio.prioidx\x00', 0x275a, 0x0)
quotactl_fd$Q_SETQUOTA(r2, 0xffffffff80000800, 0x0, &(0x7f00000000c0)={0x4, 0x2, 0x6, 0x7, 0x2, 0x7e71, 0x1, 0x6, 0x93})

35.715441181s ago: executing program 0 (id=519):
mkdir(&(0x7f0000000080)='./file0\x00', 0x18b)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff)
r0 = openat$drirender128(0xffffffffffffff9c, &(0x7f00000000c0), 0x20000, 0x0)
r1 = openat$panthor(0xffffffffffffff9c, &(0x7f0000000100), 0x2, 0x0)
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r0, 0xc00c642e, &(0x7f0000000140)={0x0, 0x0, r1})
mount$bpf(0x200000000000, &(0x7f0000000440)='./file0/../file0\x00', 0x0, 0x989046, 0x0)
r2 = socket$inet(0x2, 0x3, 0x9)
r3 = memfd_create(&(0x7f0000000440)='+\x8b\x8a\xa9\x16\x11\x91J\xbc+  \x18\x17\xc2:}\xa3\x9bO\xdd\xdf\xdf\x92\xd5\xed\xb4\x17\xe5\xd6\x9a\xb2\xd8\x9ba\xde\xb2.F\xc0\x99}|\xaf\xd3\x1d\x84[*_\x9f\x9d\xb0rYP\x1b\x9f \xe0\x9cgq\x103\x89\x11\x87Rv\x169\xdf\xe3>B\x04\x00\x00\x00W\xd3\xec\xfb\xdf?\xa2\x90+\xa4!\xb2\xf2\xff\x90\a\xc3\x12\xc4;\xffh\xf1x=\xb9c\xce\x03h\xdap\x88U\x1788\x82\xd7\xfd\x83\x00Sx\x91%\x99_\xfe\xd4c\x83\x86\x0f\xa4a-\xaf\x9e\xd9\xef\xe0)]\x00F\xfa\x03\xbc4\xc4\x9a\v\x03\x8b\xa4\xf3\x8f\xf4\"\'\xd3\a9\x14H}j&~\xe9\x16\x83o\xbd\xab\xcd[\xbd\xcb\x04\xfc\xe7\xe3\x9e?\x12\xf0\xf4\x83M3\xd88\x92?@\v\xe6\xd1\xd2\xe4\xde\xdaUeJ\x9fR\xd1`\xfa\xc8\v\xed\xfd\x0e\xc8\x89W\x847\x88\x82\x94\x14\xe33\xb7H\xc8b\xd6@3F#\xb7\x04C\x8dm\t\x16a\x0fI\xf4\xfe\xf8\x06j\x19Pz\x03\x00\x0f\x98`W\xdb\xc6\"81A\xa4\x8bT\xf1\xcb\xab\xa3\t\xef\xdf&\x0e\xad\x03\x123.\xc2V\xaa\xd5\xf8\xde\x8aV\xa4p{\xcez\xa2\x92 \x00*wLO\f\x97X\x05\x9a\xc2\xe8\x85\x9d\xcb\xc8\xf0\xc4\x01\x03\xe3?\x9f1\xf4\xfb\xa5y`KB\xdf\xae#\x94C\a\x04\xea\xccG\xf2\b\x8f\xf7\xb1\xe96\x90\xf5P\xa4\'\f\xc9\xc5H\x0f;\xd3\xe2\at\x9bJ\xe6\xce\xe3\xa24\x196\xc5Q\xa1K\x95\xd6\xfal\xe9\xd1\\\r&\xb2c\xb3\x8d\xa7\xb7\xa8\x03S\xbd\xdd\b{\xae\f\x10\xc2\xbb\xd0\xdd*\xa3\xb4\fJ\x00X\xab`N; LF\xa5D\xee\xdf\x7f\x80p\xf6o\x1c\xbdXR\xf2\xa0\x81a\xa1\xe1B\x93Xn\xaf\xfc\x05?\xab\xac\x91x\xa8#\xe1\xbeQ\xd1^\x9b\xb9)\xd3\n\xf7(3!\x18\b\xc0\xaampRl\xfdQ\x03\x8c\xd5\xe4\\\xed\x9a\xd1?\xd21\xc8\x90\x1dl|\xd1\x14\xbc3\xe0\x1e\x0e\xe6\x88Y\x99K\x93\x1c@_P\x8c\xc7\x9eZ\xb74KT:\x8a\xdbJ#w\x18\x14\x00\x93\x86\xa5wo\xf6M\xe7D\xf4*\xe3X\x1d\x19\x83\xa7w\xc7+7\x89s\xed\x8a\xd7O\xdd\rhh`\xc0\xa8$\x06pu\xa0\xd0L\x0ez@I\xb8\x83\xb2f\x93j\a0I\xc8l\xe5\x9b\x06\xb5\xac`d\xa3\xcf/\x14\x10\xab\xab\t\xec\xc1c\fA\xee\xdc\xef\xbap@*7\x86\xdf\',\x03Y\xb1$\xf0\xb5}\xf0\x82%)\xdeA\x1ed\x85m\x80\xd2\xcf@\x06}\xea\xe7w`\xa5\x11\x9f\x9b\x9e\x8f\xb7cb\x1a\xe1\xcf\x87\x1c\\\xf5\xc21\xf7\x82C*\xd5;\x00\x00\x00\x00\x03\xba\xe3\xdc\x92\'\x8e\xd5\x7fG\xfd.\x91\x89T\x99t\xd4d,\xd5\x92O\xf1\xafT!Y\x8e\\\xac\xf7\x11R\x05p\x1a\"\r\xe9\xe5\x8b&\x0f\x8c\xfb\xef\xf8\xd5\x18\xde\xeb\xe5\x19\xdd\xebQ8\xc5iS+\x06D\x16\xfe\xf5.\xe5\v\x89\xb0\"\xa3M\xe9\x81\x11P\xdb\xc4\xc2y\x14\x04\x06\xf6\f\xb0\xecz\x8d`\xb5\x9b\xb43\xcc1\xa7\x9e\xa8\xb5\'\xc6MAe\x0f\xd1\xfcG\xc2/\xe8\xe9t\xcaQ\xf1\fI\x1chM\xc1\x92\xe3\xc3\x01M\xc8/\xefJ\xcb\xd0]\f\xff\xf5\x92\xce\x97Z\xea\xe8\x99\xfa\x96\xce\xa7\x02\xad\xa2\xce\x955\xeaNg\x02\xcd\xfd\x1a}.\xd3\"x\x89/8H\xc2\x93B\na)\x86\xa9U\xa0\xb7\x18\xfb\xe9\xd1\x97\xf6\xb8\xebN\xe2\x18\x04[\xabW}\xb1\xffo\xae~=\x9dd\x9f\x92\xd2[\xb8\xb6\x1a\x02c\xa1\xd1H\xb7@\x06\x96s\xef\xee\x92\xfaC\x15+\x84%h1O\xe2\xb8\xd3\x19R\x00\f\n\x1cpEn\xad\xa7IRf\xc65\x15<}\xb8\x05\xe4\xb7\x9e\xf3\xda\xdavzB\xf8qj\x9e\xe4\xbd\x05\xcfx\xb5\x12\t\xe0\xf2\'f\xf4+\xb3\xdeA6\x10O\xdd\x9c\xf7B', 0x7)
ioctl$FS_IOC_RESVSP(r3, 0x40305829, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
sendmmsg$inet6(0xffffffffffffffff, 0x0, 0x0, 0xc8000)
ioctl$vim2m_VIDIOC_S_FMT(0xffffffffffffffff, 0xc0d05605, &(0x7f0000000140)={0x3, @raw_data="dea233684c996156af0d4bd8e3300217e750b8c97b7123d48003e7e1d3be5f710c41a1db6719881876e9bcc6e2f73c67cc6b675eb43188b5b7f9f898868de9a9c5d536d418ba283121a73a5aba55a87d2a2525295f4492bbde02ad8bc8e88779f2de06f38e99172df4d45b6f13c813dee4230c204a93172922b778fef7a1f89ce876bb89d44cd705bbb28db4869dfac20d928950507acd92c02d17f51b0a627539f6e0a0bdb92004bc6252cd35e8cd100962db9a83ad63a4e7e1ca17c1b6aac63fefa9bebe429d00"})
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$team(&(0x7f00000044c0), 0xffffffffffffffff)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r4 = syz_open_dev$MSR(&(0x7f0000000240), 0x0, 0x0)
read$msr(r4, &(0x7f0000019680)=""/102392, 0x18ff8)
shutdown(r2, 0x0)
recvmmsg(r2, &(0x7f00000066c0), 0xa0d, 0x0, 0x0)
syz_usb_connect(0x0, 0xf5, &(0x7f0000000080)=ANY=[@ANYBLOB="12010000772aed408680070bb96c010203010902e30003dc2000000904003f000e01000505240600587cd81711c9f8010524007f000d240f0104"], 0x0)
r5 = fanotify_init(0x200, 0x0)
r6 = memfd_create(&(0x7f00000007c0)='-B\xd5NI\xc5j\x9app\x8a\xf0\b\x84\xa2m\x00\v\x18\x004\xa6Ey\xdb\xd1\xa7\xb1S\xf1:)\x00\xca\xd7U\x99\x00\xbc\xfa2\xb3\xbb\x8d\xac\xac\xbe\xe1}knh#\xcf)\x0f\xc8\xc0\"\x9cc\x10\xc5\x8d\xbeQ\x06\x97k\xde\xc5\xe96\xddU)\xc98M\xcd\xfb\xcc\x82n=\x7f=\xcdJx\xaa\xcf~\xb90a\xa9\xb2\x04\x1d\xa1\xce\x8b\x19\xea\xef\xe3\x00\x00\x00\x00\x00\x00\x00\x00\xff8\r\x0e\xc9\xc0\x03k|~\x82\xbf\x91\xa3\xa8\xe2a\x86\xcf\xcb\xfchw\x89\xe0\x11\xd1!\xfd\x1efb\x1ew\xc0\x1d\xcef\xd0\x89M\xea9\x11\xb69\nO\xd3\xd9\x88\xa9]\x8f\xf1F\xdb\x83\x00\x00\x00\x00jke\xf3G\x00&\xedbe\xf4zaR\xb5\xd2\xb3Z\xb9\xb1\x89\xa1\xd5\xd34\xf9\xeb}\x87\xd2\xaba\t\xc3H\xe7#~\xb9\xa3\xfe\xd7\xbd.\xacpr\x9f\x9c\x03\v\x8a\xfc\xa9\x16\xad(V4\xb5\x986\xca+\x12\x95\xd6\xbbZ\xa9P\xd8\x17\f\x02\x84K\xffy\a\xcd\x99\x10A\x9b\x8f\\\x8d;\x18f<22\\u\xce\xaa\x8c\xca\xffX\xcc\x9a.\x18\x14x\x92\xdd\xed\xb1\xd6\x9e|\x90Q9\xa4\x0faw\xb0\xee\x80P\xf9?\xe2\x89\xb7W\xac\fYr\xeaxh\v\xd3\x10\x97B\x80\xec){\xb3=\xcer3K\xa6/\xe6\x00\x00\x00\x00\x00\x00\x00\x00\xa5\xc0\xf1k\x1d\xc7\xac\x83\f\xa6\x92v*!m\xe3\x82\xef\xb1\xd9oW\xff\xa6*\n\x88\x11\xb3\xed\xfa\"\xe0\"\xcb\xe0>U\xafDY\x03\xee\x04q\xc2\xa3g\xbc\x9e\x87p6\x8bH\x8e\x03\xd3\xa7:\x82\\\xf4\xe9\xd6\fh\x928\xb7Q/\xf3\xa44\xf2\xc1\x06\xcapQa\xd7(\xbc0a\xd4\x81\x99%\x82\xed-\x06\xd4\x9f\xf3\"\xed\xd9z\xd0\xf8\x1a$\xfe\vAC\x95\x96\xc4.z\xb9VR\x06\x02\xde[\re_=~J\xc0\xf3~\x81\xc093g\xf9\'\xec\xda\x90\xa8q\x7fS\xad\xe3\x11S\x18\x80\x11\x1b\xf7:\ag\x15\xa42S\xc7\xa1\x00\xea\x9b\xe0a\x02\x00\x00\x00\xe8n\x10\x9b>p\xe6\\d \x8a\x90F=lep\x0e=\x0f?#\xf7=[\x84S\xd6\x16\xb0\x9a\xf7\xf6F\xe6\x01\x1f_(Y\x1e\xa3\x85\xff\xf0\xf3X\x03\x04\xf0\"\nX#!\xac\xd0\x92$\xe7o\xff\xa4\xdc\x15\x84\xa2\xb5D\xca\x01KK\xc3\xdb\xb0\xb8N\xa1Y\x18\t\xb2\xf8\xf5\x11\x01Q\xd9\xd9qN$\x8c\xa4m\xff\xcf\xd0\x8b\x1d\f\x1e\xc7\xa3\x90d\xbc<\xe9\xaa\x85>\xe8\xe7\xdc\x9a\x7f\xd7\t\xbe\xa8\xe5U\xd3f\x01\x00\x00\x00\x00\x00\x00\x00\xff\xf2\x1a\xb5\xb0\xe0!z\xa4\vj7\x90\xcc\xa2\xe5\xa9\v\xcd^(*\xab\x06\x9a>\xd7r\xf9\xc4x\xb5\xf7\xf9e\xa6\xc92K\'\x88RR|\xd4\xf5\x80\x8a\x1e\x91\x17\x96\xf4\x8e\x11V\xff\x04\xe6\x93-\xbd~\xcd\xb5\xb1\xabcZ\x1b\xa0w\x92w<\x1b\x95L\b\xe9\x9c\xaa\xaawe\xcb\xb9\xf1\xfce)\xfd\xe7\xa2x,\"x3\x03\x9d\x1a\xe2\x7f\xaf\xd6\xd3\x1dO\"<\xff\xff4\x1f\xf5\x1c\xc8\xbaIi\xb2\x0ep\xa6gWd#Y\xcb\x8aHE6R\xeb\x1eh\x8f\xe3#-\xe12\xd2\xbd\xe8\x03\x12\x10\xc1\x10\xd7\xd9\xfa\aY\x1c\x8a=\x1c\x9fS\xbb\xa5\xbb\"{\x8a1yG\xfc\x928p\v/\xbf\xc5\xea\x82\xf7\xb2\x8c&\xf1]3k\xef\x9c1\x02\x05\xec\x1e\xfd\x99\x00\xc6W\x11\xa9^\xc5\xe4H<\xda\xb8\xb6\x8d\xaa\xac\x1b\x84|z<\x10|\xe4\xbf\x85\x11\xef\xfd\xa3;\xf0W\rD\x16\ajYRQ\xeaQ&#\xdbIT\xb6I&P\xff\xc9!7\x83\x9a \xc1\x850A\x05*\xfa\xd5\x8e\xbd\xb7i\xa5\xaf\xf5\r|\xf7\xf50h\x10\x15\xba\x81\xc0mS]\x16\xef\xa7#\xfa[\x80\xef\xf9\x14;v\xc1q\xb1\x98<w4H\x85\xea\xadI\x8c\xb89\x87\xf8\xf4~\x1a\xa7\xb0-FL\x98+\\\x9f\x88\x00t\\l\xa6\xff\xaa9R0\xdc\x16\xbf\xf4\x18\f\xd9,\xac\xd6\x95i\x98\xf6K\x00\xa3\x15 j\xd8\x9d\x95\x8c\x94\x91\xf9.\x9c\xd7\xb7', 0x6)
r7 = dup(r6)
fanotify_mark(r5, 0x401, 0x1000, r7, 0x0)
mount$bpf(0x200000000000, &(0x7f0000000040)='./file0\x00', 0x0, 0xbc0023, 0x0)
ioctl$VFAT_IOCTL_READDIR_BOTH(r1, 0x82307201, &(0x7f0000000bc0)=[{0x0, 0x0, 0x100}, {0x0, 0x0, 0x100}])

23.979135547s ago: executing program 0 (id=537):
r0 = socket$tipc(0x1e, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000040)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbee2, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f0000000480)=@abs={0x0, 0x0, 0x4e20}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r4 = open(&(0x7f0000000280)='.\x00', 0x0, 0x0)
r5 = open(&(0x7f0000000000)='.\x00', 0x0, 0x4)
fcntl$notify(r5, 0x402, 0x8000003d)
close_range(r4, r5, 0x0)
bind$tipc(r0, &(0x7f0000000000)=@nameseq={0x1e, 0x1, 0x0, {0x42, 0x0, 0x2}}, 0x10)
r6 = socket$tipc(0x1e, 0x5, 0x0)
bind$tipc(r6, &(0x7f00000000c0)=@name={0x1e, 0x2, 0x0, {{0x42, 0x3}, 0x1}}, 0x10)
r7 = syz_open_dev$video4linux(&(0x7f0000000080), 0x0, 0x0)
ioctl$VIDIOC_S_EXT_CTRLS(r7, 0xc0205648, &(0x7f0000000100)={0x0, 0x9, 0x9, 0xffffffffffffffff, 0x0, &(0x7f00000000c0)={0x990968, 0x5, '\x00', @string=0x0}})
r8 = socket$tipc(0x1e, 0x2, 0x0)
bind$tipc(r8, &(0x7f0000000200)=@nameseq={0x1e, 0x1, 0x0, {0x42, 0x0, 0xfffffffd}}, 0x10)
bind$tipc(r6, &(0x7f0000000440)=@nameseq={0x1e, 0x1, 0x0, {0x42, 0x2, 0x20000003}}, 0x10)
bind$tipc(r0, 0x0, 0x0)
r9 = socket$nl_netfilter(0x10, 0x3, 0xc)
syz_emit_ethernet(0x7a, &(0x7f00000002c0)=ANY=[@ANYBLOB="ffffffffffffbbbbbbbbbbbb8100000086dd6708100000403aff00000000000000000000ffff0a010102ff020000000000000000000000000001040290780000ffff6500003cc8c3108cd812fff5f38c04008801fe8000000000000000000000000000aa20010000000000000000000001000100000000e231b22a75b5622a4fcd2b3fc187436e31e5246d8e6e63c691e5be571ee51fd90fda9be361243c5e715434c00928d52e45673a742ac69d7c06ebd75ab82d6697d6bbe137c3c9de20b50ff13d7e1ddd914135b76b7b94c4997f2dc45c4d25e56b0eb09ea8c44209747cabb8dd897ea277e99f8dbaffb799a70d7c7ed6c0517f9a302fa41e23fe4aed0191229ef19ca430f7a148e19a7ec3c0e2696d7757490835ccde8f17d602b3c016e7000000"], 0x0)
r10 = syz_open_dev$evdev(&(0x7f0000000240), 0x1fffd, 0x2000)
ioctl$EVIOCRMFF(r10, 0x40044581, 0x0)
sendmsg$NFT_BATCH(r9, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000001c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a01030000000000000000010000000900010073797a310000000054000000030a01020000000000000000010000000900030073797a310000000028000480080002400000000008000140000000051400030076657468315f6d6163767461700000000900010073797a310000000058000000050a01020000000000000000010020000c00024000000000000000010900010073797a31000000002000048014000300"], 0xf4}}, 0x10)

21.688815162s ago: executing program 0 (id=540):
prlimit64(0x0, 0xe, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000000300)=""/102392, 0x18ff8)
ioctl$TIOCL_SETSEL(0xffffffffffffffff, 0x541c, &(0x7f0000000040)={0x2, {0x2, 0x5, 0x8, 0xb, 0x3, 0x2}})
mount(&(0x7f0000000040)=@filename='\x00', &(0x7f00000000c0)='.\x00', &(0x7f0000000040)='ubifs\x00', 0x0, 0x0)
r1 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000000), 0x200000, 0x0)
ioctl$AUTOFS_DEV_IOCTL_ASKUMOUNT(r1, 0xc018937d, &(0x7f0000000100)={{0x1, 0x1, 0x18, r1, {0x8}}, './file0\x00'})
ioctl$TCSETS2(r1, 0x402c542b, &(0x7f0000000080)={0x7, 0x2, 0x101, 0x0, 0x3, "893ab35dfe8a8ab05777791e21cf62006bfdd0", 0x1, 0x9})
setsockopt$inet6_opts(0xffffffffffffffff, 0x29, 0x36, 0x0, 0x0)
openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000040), 0xcc182, 0x0)
setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x6, 0x0, 0x0)
connect$inet(0xffffffffffffffff, 0x0, 0x0)

18.2594496s ago: executing program 1 (id=547):
r0 = socket$kcm(0x2, 0x3, 0x106)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000540)={{0x14}, [@NFT_MSG_NEWRULE={0x14, 0x6, 0xa, 0x160b, 0x0, 0x0, {0x2, 0x0, 0x8}}], {0x14}}, 0x3c}, 0x1, 0x0, 0x0, 0x850}, 0x4040080)
sendmsg$inet(r0, &(0x7f0000000300)={&(0x7f0000000380)={0x2, 0x4e9f, @remote}, 0x10, &(0x7f0000000000)=[{&(0x7f0000000080)="b9ed02d814a1fbf4e8f747cc8c30bd0840608b59", 0x14}], 0x1, 0x0, 0x0, 0x3000000}, 0x0)

17.327923708s ago: executing program 1 (id=550):
r0 = syz_init_net_socket$bt_rfcomm(0x1f, 0x1, 0x3)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x102}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000240)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs={0x0, 0x0, 0xfffffffe}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r4 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r4, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r5 = socket(0x2, 0x8000c, 0xfffffffd)
r6 = socket$netlink(0x10, 0x3, 0x0)
r7 = socket$nl_route(0x10, 0x3, 0x0)
r8 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r8, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r9=>0x0})
sendmsg$nl_route_sched(r7, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000280)=@newqdisc={0x2c, 0x24, 0x4ee4e6a52ff56541, 0x70bd26, 0xffffffff, {0x0, 0x0, 0x0, r9, {0x0, 0x6}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_qfg={0x8}]}, 0x2c}}, 0x24040084)
sendmsg$nl_route_sched(r6, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000000400)=@newqdisc={0x34, 0x28, 0x4ee4e6a52ff56541, 0x4001, 0xfffffdfc, {0x0, 0x0, 0x0, r9, {0xfff2}, {0xffff, 0xffff}, {0x2, 0xa}}, [@qdisc_kind_options=@q_taprio={{0xb}, {0x4}}]}, 0x34}, 0x1, 0x0, 0x0, 0x2004805d}, 0x0)
r10 = socket$unix(0x1, 0x5, 0x0)
ioctl$sock_SIOCGIFINDEX(r10, 0x8933, &(0x7f0000000800)={'syzkaller0\x00', <r11=>0x0})
sendmsg$nl_route_sched(r5, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000440)=@newtfilter={0x4c, 0x2c, 0xd27, 0x70bd24, 0x25dfdbff, {0x0, 0x0, 0x0, r11, {0x4, 0xa}, {}, {0xffe0, 0x2}}, [@filter_kind_options=@f_bpf={{0x8}, {0x20, 0x2, [@TCA_BPF_OPS={{0x6, 0x4, 0x1}, {0xc, 0x5, [{0x6, 0xd, 0x5, 0x8}]}}, @TCA_BPF_CLASSID={0x8, 0x3, {0xfff2, 0x6}}]}}]}, 0x4c}, 0x1, 0x0, 0x0, 0x8848}, 0x20004804)
r12 = socket(0x400000000010, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r12, 0x8933, &(0x7f0000000380)={'syzkaller0\x00', <r13=>0x0})
sendmsg$nl_route_sched(r12, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r13, {0x0, 0xfff1}, {0xffff, 0xffff}, {0xd, 0x10}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8}}]}, 0x38}}, 0x0)
setsockopt$bt_BT_RCVMTU(r0, 0x112, 0xd, &(0x7f0000000040)=0x1, 0x2)

13.783767959s ago: executing program 1 (id=557):
r0 = getpgrp(0x0)
sched_setaffinity(r0, 0x8, &(0x7f0000000040)=0x5)
prlimit64(0x0, 0xe, &(0x7f0000000100)={0x8, 0x80000100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setscheduler(r0, 0x2, &(0x7f0000000000)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
r1 = syz_clone(0x8000, 0x0, 0xfffffffffffffe7e, 0x0, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, r1, 0x1, 0x0)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8)
r3 = socket$inet6(0xa, 0x1, 0x0)
bind$inet6(r3, &(0x7f0000000000)={0xa, 0x4e20, 0x5a8, @ipv4={'\x00', '\xff\xff', @empty}, 0x8}, 0x1c)
setsockopt$inet6_int(r3, 0x29, 0x21, 0x0, 0x0)
sendto$inet6(r3, 0x0, 0x0, 0xfffffefffbfbbfbe, 0x0, 0x0)
io_uring_setup(0x669, 0x0)
capset(&(0x7f0000000000)={0x20080522}, 0x0)
socketpair$unix(0x1, 0x1, 0x0, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0)
mount(0x0, &(0x7f0000000240)='./file1\x00', &(0x7f0000000000)='tmpfs\x00', 0x2, &(0x7f0000000300)='usrquota')
chdir(&(0x7f0000000180)='./file1\x00')
r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='net_prio.prioidx\x00', 0x275a, 0x0)
quotactl_fd$Q_SETQUOTA(r4, 0xffffffff80000800, 0x0, &(0x7f00000000c0)={0x4, 0x2, 0x6, 0x7, 0x2, 0x7e71, 0x1, 0x6, 0x93})

11.292455529s ago: executing program 1 (id=562):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8e}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
prctl$PR_SET_SECUREBITS(0x1c, 0x15)
setuid(0xee00)
fchmodat(0xffffffffffffff9c, &(0x7f0000000080)='.\x00', 0xfffffe43)
mknodat$null(0xffffffffffffff9c, 0x0, 0xb0a54e68b1cd2fdb, 0x103)
openat(0xffffffffffffff9c, 0x0, 0x4a040, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0/file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = bpf$MAP_CREATE(0x0, 0x0, 0x0)
r4 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
sendmsg$netlink(r4, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000480)={0x118, 0x29, 0x1, 0x0, 0x25dfdbfc, "", [@nested={0x107, 0xf2, 0x0, 0x1, [@nested={0x10, 0xe1, 0x0, 0x1, [@nested={0xc, 0x13e, 0x0, 0x1, [@typed={0x8, 0xe, 0x0, 0x0, @fd=r4}]}]}, @typed={0x14, 0x1, 0x0, 0x0, @ipv6=@dev={0xfe, 0x80, '\x00', 0x36}}, @generic="50bb2d6f67d29d6fabadb107d0def49c88ea04abde1d5e8d3fb22a1b5046778bdafefc46b0449ade68bf84b36ec72dd71265fc2e882348c26c2126237dd5b37f5ae655b1086cda40e00aec58754734be31d750351dc076eb43d9621dc08c029d1608a46cf26fbe816b89f7cb81bff81a8b9482565856555ee923c65973deb0a99b962bc0fe94a3fcae3697bd7b85b3a682167c43dbf137115a40ebddcad74875ec58e9a3ddb9ad02a078cf0d972df9e99f079767734f69ce475f00ac64337803f5eb4e5842f4d98fe3fa370d47eb640dc5061dc35817c8", @typed={0x8, 0x145, 0x0, 0x0, @ipv4=@remote}]}]}, 0x118}], 0x1, 0x0, 0x0, 0x1}, 0x4)
r5 = socket$inet6_tcp(0xa, 0x1, 0x0)
listen(r5, 0x0)
syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0)
r6 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r6, 0x0, 0x0)
setsockopt$ALG_SET_KEY(r6, 0x117, 0x1, &(0x7f0000000000)="adcd1a9a3fc36e961ed00fe41b0cd6", 0xf)
r7 = accept4$alg(r6, 0x0, 0x0, 0x0)
sendmmsg$alg(r7, &(0x7f00000021c0)=[{0x0, 0x0, &(0x7f0000001000)=[{&(0x7f0000000100)="a92e81d0991808e33c23", 0xa}], 0x1, &(0x7f0000001040)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18, 0x880}], 0x1, 0x80001)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000140)={r3, &(0x7f0000000280), &(0x7f0000000100)=@tcp6=r5, 0x2}, 0x20)

10.014159221s ago: executing program 1 (id=565):
r0 = getpgrp(0x0)
sched_setaffinity(r0, 0x8, &(0x7f0000000040)=0x5)
prlimit64(0x0, 0xe, &(0x7f0000000100)={0x8, 0x80000100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setscheduler(r0, 0x2, &(0x7f0000000000)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
r1 = syz_clone(0x8000, 0x0, 0xfffffffffffffe7e, 0x0, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, r1, 0x1, 0x0)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8)
r3 = socket$inet6(0xa, 0x1, 0x0)
bind$inet6(r3, &(0x7f0000000000)={0xa, 0x4e20, 0x5a8, @ipv4={'\x00', '\xff\xff', @empty}, 0x8}, 0x1c)
setsockopt$inet6_int(r3, 0x29, 0x21, 0x0, 0x0)
sendto$inet6(r3, 0x0, 0x0, 0xfffffefffbfbbfbe, 0x0, 0x0)
io_uring_setup(0x669, 0x0)
capset(&(0x7f0000000000)={0x20080522}, 0x0)
socketpair$unix(0x1, 0x1, 0x0, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0)
mount(0x0, &(0x7f0000000240)='./file1\x00', &(0x7f0000000000)='tmpfs\x00', 0x2, &(0x7f0000000300)='usrquota')
chdir(&(0x7f0000000180)='./file1\x00')
r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='net_prio.prioidx\x00', 0x275a, 0x0)
quotactl_fd$Q_SETQUOTA(r4, 0xffffffff80000800, 0x0, &(0x7f00000000c0)={0x4, 0x2, 0x6, 0x7, 0x2, 0x7e71, 0x1, 0x6, 0x93})

9.720947111s ago: executing program 4 (id=567):
r0 = eventfd(0x3)
ioctl$FS_IOC_FSSETXATTR(r0, 0x401c5820, &(0x7f0000000000)={0x1, 0x1ff, 0x14e, 0x10000, 0x3})

8.152106394s ago: executing program 1 (id=568):
r0 = socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$inet_MCAST_JOIN_GROUP(r0, 0x0, 0x2a, &(0x7f0000000000)={0x2, {{0x2, 0x0, @multicast2}}}, 0x88)
setsockopt$inet_MCAST_MSFILTER(r0, 0x0, 0x30, &(0x7f0000000600)=ANY=[@ANYBLOB="020000000000000002000000e0120002000000000000000000000000000000000000000000000000000000000000000800000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000004000000000000000000000000000000000000000000000000000000000100000002"], 0x110)
r1 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r1, &(0x7f0000000240)={0x26, 'hash\x00', 0x0, 0x0, 'sm3\x00'}, 0x58)
r2 = socket$nl_route(0x10, 0x3, 0x0)
setsockopt$SO_ATTACH_FILTER(0xffffffffffffffff, 0x1, 0x1a, &(0x7f0000000040)={0x3d, &(0x7f0000000080)=[{0x25, 0x2, 0x2, 0xffffffff}, {0x6, 0x2, 0x9, 0xfffffff7}, {0x4, 0x9, 0xff, 0x3}, {0x6, 0x1, 0x4, 0x4}]}, 0x10)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xa, &(0x7f0000000200)={0x2000000000000014})
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x61, 0x8e}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r3 = getpid()
sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000240)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
connect$unix(r4, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e21}, 0x6e)
sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r6 = socket$inet_udp(0x2, 0x2, 0x0)
recvmmsg(r6, &(0x7f0000001980), 0x0, 0x2, 0x0)
sendmsg$inet(0xffffffffffffffff, 0x0, 0x40)
syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
sendmsg$nl_route(r2, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000700)={&(0x7f0000000500)=@can_delroute={0x34, 0x19, 0x1, 0xfffffffe, 0x80000, {0x1d, 0x1, 0x7}, [@CGW_MOD_XOR={0x15, 0x3, {{{0x2, 0x0, 0x1}, 0x0, 0x2, 0x0, 0x0, "49fd003900"}, 0x4}}, @CGW_CS_XOR={0x8, 0x5, {0xfffffffffffffff7, 0x4, 0x2, 0xcc}}]}, 0x34}, 0x1, 0x0, 0x0, 0x10}, 0x0)
r7 = accept4(r1, 0x0, 0x0, 0x80000)
sendmsg$kcm(r7, &(0x7f0000001880)={0x0, 0xf5, &(0x7f0000001600)=[{&(0x7f0000001a00)="e8a472", 0x3}, {&(0x7f00000000c0)="bcc9b1557de1fad1f955144629ed4dcf3c33679ea22502e3cff8923bf5d43921bc111a262f295a8eb540", 0x7fffeffd}, {&(0x7f0000001680)="094fb143daa9baa36aaa2cca06886c533118e056", 0x14}], 0x3}, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
mount$cgroup(0x0, &(0x7f0000002800)='./file0\x00', &(0x7f0000002840), 0x2000080, &(0x7f00000001c0)={[{@nofavordynmods}, {@subsystem='io'}]})
r8 = syz_open_dev$dvb_frontend(&(0x7f0000000000), 0x0, 0x40002)
ioctl$FE_SET_FRONTEND_TUNE_MODE(r8, 0x6f51, 0x0)
setsockopt$inet_group_source_req(r7, 0x0, 0x2f, &(0x7f00000004c0)={0x480, {{0x2, 0x0, @multicast2}}, {{0x2, 0x0, @empty}}}, 0x108)

7.84125204s ago: executing program 3 (id=569):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7)
sendmsg$MPTCP_PM_CMD_SUBFLOW_DESTROY(0xffffffffffffffff, &(0x7f0000000600)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x20000}, 0xc, &(0x7f0000000500)={&(0x7f00000004c0)={0x30, 0x0, 0x800, 0x70bd29, 0x25dfdbfc, {}, [@MPTCP_PM_ATTR_RCV_ADD_ADDRS={0x8, 0x2, 0x1}, @MPTCP_PM_ATTR_LOC_ID={0x5, 0x5, 0xab}, @MPTCP_PM_ATTR_ADDR={0xc, 0x1, 0x0, 0x1, [@MPTCP_PM_ADDR_ATTR_ADDR4={0x8, 0x3, @loopback}]}]}, 0x30}, 0x1, 0x0, 0x0, 0x20000000}, 0x4040)
syz_clone3(&(0x7f00000003c0)={0x20280000, &(0x7f0000000280), &(0x7f0000000340)=<r0=>0x0, &(0x7f0000000380), {0x201c}, &(0x7f0000000540)=""/160, 0xa0, &(0x7f0000000740)=""/242, &(0x7f0000000480)=[0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0x0], 0x5}, 0x58)
ioctl$sock_SIOCSPGRP(0xffffffffffffffff, 0x8902, &(0x7f0000000840)=r0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x3)
r1 = syz_clone(0x1c0000, 0x0, 0x0, 0x0, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, r1, 0x1, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400000bce)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8)
socket$nl_generic(0x10, 0x3, 0x10)
fsopen(&(0x7f0000000280)='ceph\x00', 0x0)
r3 = fsopen(&(0x7f0000000080)='tracefs\x00', 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r3, 0x6, 0x0, 0x0, 0x0)
quotactl_fd$Q_SETINFO(0xffffffffffffffff, 0xffffffff80000601, 0x0, &(0x7f0000000300)={0x5, 0x2, 0x1, 0x1})
ioctl$VHOST_GET_FEATURES(0xffffffffffffffff, 0x4008af25, 0x0)
r4 = fsopen(&(0x7f0000000280)='rpc_pipefs\x00', 0x1)
fsconfig$FSCONFIG_SET_BINARY(r4, 0x6, 0x0, 0x0, 0x0)

7.79025111s ago: executing program 4 (id=570):
userfaultfd(0x80801)
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x6a83c0, 0x0)
unshare(0x2a020480)
prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000080)={&(0x7f0000ff0000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ff7000/0x2000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ff8000/0x4000)=nil, &(0x7f0000ff8000/0x3000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000ffa000/0x1000)=nil, &(0x7f0000ffa000/0x2000)=nil, 0x0}, 0x68)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x0)
r1 = io_uring_setup(0x7, &(0x7f0000000040)={0x0, 0xa3b2, 0x2, 0x8, 0xc1})
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="02080000040000000100000009000100000000", @ANYRES32, @ANYBLOB='\x00\x00'], 0x48)
io_uring_enter(r1, 0x2219, 0x7721, 0x16, 0x0, 0x0)
ioctl$TIOCGICOUNT(r0, 0x545d, 0x0)
r2 = open_tree(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x89901)
move_mount(r2, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0)
close(r2)
openat$cgroup_ro(r2, &(0x7f0000000100)='memory.current\x00', 0x0, 0x0)

6.395786788s ago: executing program 33 (id=540):
prlimit64(0x0, 0xe, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000000300)=""/102392, 0x18ff8)
ioctl$TIOCL_SETSEL(0xffffffffffffffff, 0x541c, &(0x7f0000000040)={0x2, {0x2, 0x5, 0x8, 0xb, 0x3, 0x2}})
mount(&(0x7f0000000040)=@filename='\x00', &(0x7f00000000c0)='.\x00', &(0x7f0000000040)='ubifs\x00', 0x0, 0x0)
r1 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000000), 0x200000, 0x0)
ioctl$AUTOFS_DEV_IOCTL_ASKUMOUNT(r1, 0xc018937d, &(0x7f0000000100)={{0x1, 0x1, 0x18, r1, {0x8}}, './file0\x00'})
ioctl$TCSETS2(r1, 0x402c542b, &(0x7f0000000080)={0x7, 0x2, 0x101, 0x0, 0x3, "893ab35dfe8a8ab05777791e21cf62006bfdd0", 0x1, 0x9})
setsockopt$inet6_opts(0xffffffffffffffff, 0x29, 0x36, 0x0, 0x0)
openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000040), 0xcc182, 0x0)
setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x6, 0x0, 0x0)
connect$inet(0xffffffffffffffff, 0x0, 0x0)

6.294307112s ago: executing program 4 (id=573):
openat(0xffffffffffffff9c, &(0x7f0000004400)='./bus\x00', 0x1c1002, 0x12)
r0 = userfaultfd(0x80000)
ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000000040)={0xaa, 0x45})
ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000000000)={{&(0x7f0000c00000/0x400000)=nil, 0x400000}, 0x3})
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r3 = socket$can_bcm(0x1d, 0x2, 0x2)
ioctl$ifreq_SIOCGIFINDEX_vcan(r3, 0x8933, &(0x7f0000000100)={'vxcan0\x00', <r4=>0x0})
connect$can_bcm(r3, &(0x7f00000000c0)={0x1d, r4}, 0x10)
sendmsg$can_bcm(r3, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)={0x1, 0x53, 0xffffffff, {}, {}, {}, 0x1, @can={{0x2, 0x0, 0x1}, 0x5, 0x2, 0x0, 0x0, "001bd300058edb7c"}}, 0x48}, 0x1, 0x0, 0x0, 0x881}, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60)
r5 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
r6 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000007c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x50)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0xf, &(0x7f00000002c0)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x408f, 0x0, 0x0, 0x0, 0x6}, {{0x18, 0x1, 0x1, 0x0, r6}, {}, {0x7, 0x0, 0xb, 0x3, 0x0, 0x0, 0x1000000}, {0x85, 0x0, 0x0, 0x86}}, {}, [], {{}, {}, {0x85, 0x0, 0x0, 0x84}, {0x7, 0x0, 0xb, 0x0, 0x0, 0x0, 0x7000000}}}, &(0x7f0000000680)='syzkaller\x00', 0x6, 0x0, 0x0, 0x41000, 0x28, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffff16, 0x0, 0x0, 0x10, 0x40}, 0x94)
ioctl$KVM_RUN(r5, 0xae80, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000440)=[@text64={0x40, &(0x7f0000000180)="66baa000ecc744240011000000c7442402b16e0000ff2c2443f466baf80cb8f2c96789ef66bafc0c66ed0f072e0f01c248b820450000000000000f23d00f21f835000000010f23f8c46289900cabb9f9080000b8c93c0000ba000000000f30c4816857a601000000", 0x68}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_SET_IRQCHIP(r2, 0x8208ae63, &(0x7f0000000880)={0x1, 0x0, @pic={0x8, 0x7, 0x8, 0x14, 0x2, 0x1, 0xc5, 0x9, 0x28, 0x2, 0x1, 0x95, 0xb, 0x8, 0x8e, 0x7}})
ioctl$KVM_RUN(r5, 0xae80, 0x0)

6.29341037s ago: executing program 3 (id=574):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_int(r0, 0x29, 0xb, &(0x7f0000000000)=0xdcd5, 0x4)
setsockopt$inet6_int(r0, 0x29, 0x8, &(0x7f0000000080)=0xf2b, 0x4)
getsockopt$inet6_buf(r0, 0x29, 0x0, 0x0, &(0x7f0000000040))
openat2$dir(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000100)={0x4200, 0x0, 0x11}, 0x18)
fanotify_mark(0xffffffffffffffff, 0x0, 0x8000010, 0xffffffffffffff9c, 0x0)

5.45786912s ago: executing program 4 (id=575):
r0 = socket$pppl2tp(0x18, 0x1, 0x1)
r1 = socket$inet6_udp(0xa, 0x2, 0x0)
socket$netlink(0x10, 0x3, 0x6)
accept4$inet(0xffffffffffffffff, &(0x7f0000000000)={0x2, 0x0, @private}, 0x0, 0x80800)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5)
openat$sequencer(0xffffffffffffff9c, &(0x7f00000001c0), 0xc0a40, 0x0)
r2 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r2, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
connect$inet6(0xffffffffffffffff, &(0x7f0000000000)={0xa, 0x4e27, 0xffffffff, @mcast2, 0x5}, 0x1c)
sendmmsg$inet6(0xffffffffffffffff, &(0x7f0000003cc0)=[{{0x0, 0x0, &(0x7f0000003980), 0x171}}], 0x400000000000172, 0x4001c00)
connect$pppl2tp(r0, &(0x7f0000000740)=@pppol2tpv3={0x18, 0x1, {0x3, r1, {0x2, 0x4e23, @broadcast}, 0x2, 0x0, 0x4}}, 0x2e)
r3 = syz_genetlink_get_family_id$l2tp(&(0x7f00000005c0), 0xffffffffffffffff)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$L2TP_CMD_SESSION_DELETE(r4, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000002c0)=ANY=[@ANYBLOB='@\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="11000cbd70100400000005000000080009000200000008000c00a80a000008000b000000000006000100070000000c0010000000000000edff"], 0x40}, 0x1, 0x0, 0x0, 0x40811}, 0x20)

4.355957592s ago: executing program 4 (id=576):
r0 = syz_open_dev$tty1(0xc, 0x4, 0x1)
r1 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000080), 0x103, 0x0)
ioctl$IOMMU_IOAS_ALLOC(r1, 0x3b81, &(0x7f0000000100)={0xc, 0x0, <r2=>0x0})
ioctl$IOMMU_VFIO_IOAS$SET(r1, 0x3b88, &(0x7f0000000000)={0xc, r2})
ioctl$IOMMU_VFIO_SET_IOMMU(r1, 0x3b66, 0x1)
ioctl$IOMMU_VFIO_IOMMU_UNMAP_DMA(r1, 0x3b72, &(0x7f0000000140)={0x18, 0x0, 0x1, 0x7})
socket$inet_sctp(0x2, 0x5, 0x84)
r3 = socket$inet6_tcp(0xa, 0x1, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x800001000088}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7)
r4 = getpgrp(0x0)
sched_setaffinity(r4, 0x8, &(0x7f0000000040)=0x5)
prctl$PR_SCHED_CORE(0x3e, 0x1, r4, 0x2, 0x0)
r5 = getpid()
sched_setscheduler(r5, 0x2, &(0x7f0000000000)=0x3)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
r6 = syz_clone(0x80000, 0x0, 0x0, 0x0, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, r6, 0x1, 0x0)
r7 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r7, &(0x7f0000019680)=""/102392, 0x18ff8)
setsockopt$inet6_tcp_int(r3, 0x6, 0x1e, &(0x7f0000000180)=0x400000001, 0xc2)
connect$inet6(r3, &(0x7f0000000200)={0xa, 0xfffc, 0x0, @ipv4={'\x00', '\xff\xff', @loopback}}, 0x1c)
ioctl$TCFLSH(r0, 0x4b63, 0x3)
futex(0x0, 0x80, 0x0, 0x0, 0x0, 0x0)
syz_emit_ethernet(0xf4, &(0x7f0000000100)={@link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x2}, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x10}, @val={@void, {0x8100, 0x0, 0x0, 0x1}}, {@mpls_mc={0x8848, {[{0xff0e7, 0x0, 0x1}, {0xffff}, {0x2}, {0x8}], @ipv4=@icmp={{0x2c, 0x4, 0x1, 0x2, 0xd2, 0x68, 0x0, 0x81, 0x1, 0x0, @loopback, @remote, {[@end, @lsrr={0x83, 0xf, 0x96, [@empty, @initdev={0xac, 0x1e, 0x0, 0x0}, @empty]}, @timestamp_addr={0x44, 0x34, 0xec, 0x1, 0xe, [{@broadcast, 0x1}, {@dev={0xac, 0x14, 0x14, 0x14}, 0x2}, {@broadcast, 0x10001}, {@loopback, 0x3}, {@local, 0x2}, {@loopback, 0xd9}]}, @cipso={0x86, 0x55, 0x2, [{0x1, 0x4, "7c04"}, {0x2, 0xc, "8cc0ae33597c88443e25"}, {0x6, 0x12, "73f52885be331965710c7e2766314b19"}, {0x5, 0x9, "208250e9725717"}, {0x6, 0x3, "03"}, {0x7, 0x4, "61c4"}, {0x1, 0xc, "c359eb690b83fc4073e9"}, {0x7, 0x11, "0d3eb9dfe6c7e1e0c4d41d00940dee"}]}]}}, @parameter_prob={0xc, 0x0, 0x0, 0x6, 0x6, 0x0, {0x6, 0x4, 0x3, 0x8, 0x6, 0x66, 0x39, 0x1, 0x4, 0x3, @multicast1, @multicast2, {[@end]}}, "89a7"}}}}}}, 0x0)

4.269123374s ago: executing program 5 (id=577):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0)
sendmsg$NFT_BATCH(r0, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000440)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x5}}, [@NFT_MSG_NEWSET={0x50, 0x9, 0xa, 0x401, 0x0, 0x0, {0xa, 0x0, 0x4}, [@NFTA_SET_TABLE={0x9, 0x1, 'syz1\x00'}, @NFTA_SET_KEY_LEN={0x8, 0x5, 0x1, 0x0, 0x2}, @NFTA_SET_NAME={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_ID={0x8, 0xa, 0x1, 0x0, 0xfffffffc}, @NFTA_SET_DESC={0xc, 0x9, 0x0, 0x1, [@NFTA_SET_DESC_SIZE={0x8, 0x1, 0x1, 0x0, 0x5}]}, @NFTA_SET_POLICY={0x8, 0x8, 0x1, 0x0, 0x1}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x1}}}, 0x78}, 0x1, 0x0, 0x0, 0x4000850}, 0x40)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_MSG_GETSETELEM(r1, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000400)=ANY=[@ANYBLOB="40000000210a018800000000000000000a0000010900020073797a31000000000900010073797a310000000014000380100000800c000180060001"], 0x40}, 0x1, 0x0, 0x0, 0x4000805}, 0x8000)

2.804101023s ago: executing program 4 (id=578):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000002540), 0x2, 0x0)
socket$inet_tcp(0x2, 0x1, 0x0)
openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000040)='/sys/kernel/debug/binder/state\x00', 0x0, 0x0)
r1 = openat$fuse(0xffffffffffffff9c, &(0x7f00000009c0), 0x42, 0x0)
r2 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000100)=[{0x6, 0xf2, 0x0, 0x7fff0000}]})
close_range(r2, 0xffffffffffffffff, 0x0)
fsopen(&(0x7f0000000180)='nfs\x00', 0x0)
socket(0x10, 0x3, 0x0)
r3 = socket$inet_udp(0x2, 0x2, 0x0)
syz_usb_connect$uac1(0x3, 0xdc, &(0x7f00000001c0)=ANY=[@ANYBLOB="12010000000000106b1d01014000010203010902ca0003010070000904000000010100000a24010800000201020d24060000030800000000000000240803960c03112d9cd2ce0c240208000103000000ff000924060506020100000924030003030005490c", @ANYRES8=r3, @ANYRES16=r1], 0x0)
sendmsg$SEG6_CMD_SETHMAC(r0, &(0x7f0000004440)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000000)={0x1c, 0x0, 0x20d, 0x70bd2b, 0x25dfdbfe, {}, [@SEG6_ATTR_HMACKEYID={0x8, 0x3, 0x6}]}, 0x1c}, 0x1, 0x0, 0x0, 0xc051}, 0x4000)

2.803743766s ago: executing program 3 (id=579):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x8, 0xf, &(0x7f0000000200)=ANY=[@ANYBLOB="1800008080b63428e900"/20, @ANYRES32, @ANYBLOB="0000000000000000b702000014000000b7020000000000008500000051000000bf0900000000000055"], 0x0, 0x47, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x5}, 0x94)
sendmmsg$inet6(0xffffffffffffffff, &(0x7f0000007880)=[{{0x0, 0x0, &(0x7f0000000740)=[{&(0x7f0000000140)="af0ac9f5906c700da84d46477156ba471843754ccfa3f2bb26fb29c077664d05bb2fb0e155297b40a2bd46e8eb5442dbcb0e43998a6fac73323d208c1cd6ebab15f434aad07822", 0x47}], 0x1}}], 0x1, 0x4048090)
r0 = syz_open_dev$loop(&(0x7f0000000100), 0x2, 0x2001)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000200)='blkio.bfq.io_service_bytes_recursive\x00', 0x275a, 0x0)
syz_emit_ethernet(0x3b6, &(0x7f00000003c0)={@multicast, @remote, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "122d92", 0x380, 0x3a, 0xff, @remote, @mcast2, {[], @ndisc_ra={0x86, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, [{0x0, 0xa, "a78ce54006598080a8030037004023493b87aafaffffffffffffff23732472eefa45ad96579269748e254c1e4a8a8b3f0ab0c430d3be27df3e34066d42ca0a5c15b37adac15084dbaf736b41e5af1802"}, {0x0, 0x1, "000000050000000026000400"}, {0x18, 0x18, "fe906d26efe39393fe08f73eabc5977b1190a3a6ad8338f1511cdd10c35d8f6de79fc7fd175f75649fa368a32c829af02d7f44d92324a7051e460a13ddde25a5b85b9d930914625d8a049b4cf0d129806a610ad8477a2499a9a0527f75b655a6653d0363a979acf93f88eea07d68423e90280409de1657275f716a2bf2915d1783e8eb477b0d1170f0ecbdef4c23e1b76e9ab3d2fbe4b34438d2a77577edd0ebed9682b851b380ae0cab282af9d7ebe668177704c5fd4698c934de4731f3f61effc978"}, {0x0, 0x1d, "06aa85616177c41bc943afcb84619755403946b0730a18d5c38cf7dcad830f2dc8674b87ba8b58f81ece27975cc39e595e9af90b4fe92a38d25551c2d9ebfc5dfc5a2a501b7e483de3f808895c5f4a1a2367bc591dd8b094822ff0dea07c9a1f643c822a18b79f7c5eba31fb68b2d734a6671e27182aee96f24a4a5cf390dab23b500b0c0272479611e4f7f4299ec4d926d443367b105185e6ecd9602ba95392343e9bbd047ef6bc1ba42399907ccd0a562db212baa39eb8164e240069f656d3a05fecf894222a141123f5ac010000000000000090aa235a670670ffc5dc49dfb58d00000000000000"}, {0x18, 0xb, "17dcea46805d4809c20547406b18901b0aeff04c0300f3c75dc2d227a83b89483b1084743475671545e65eb2e9ac946a3f0e2bc4619f91394c02bcfbbb7d71138537d68e2d2c6393a9f3becd1a9f51a948b5b303f4f003"}, {0x21, 0x7, "f5000000000000000000000200fe8000000000000000000000008879e66485201a0015ca837400"/55}, {0x0, 0x14, "5e14f0e7e72d42cfb3f27fafb60845f90b6dfc2e37bc87c6905bbc94d33e1ea71a28105f543e868a8a53b360a9d33e2b1e26eb1d18065daa7628cf9ef083611c9f6ae2e1eb3d8bf9c6ab2642c4808288e62afbf03269f1f98aea6ab3beb5fdc5fdaabc2c676d8800871a6aa54155dea2d995cb22c9924e0ad38c6967052cc7786d779b8353aac33a57d79b05613a12328f61129017fa632dbf04542188b196e213408c"}, {0x3, 0x5, "d5170000dce9674a36da018dff16e70b8b14c4b7a94fe18e88605aa6be1a02a326a6bce65f81ed"}]}}}}}}, 0x0)
write$binfmt_misc(r1, &(0x7f0000000040), 0xe09)
r2 = openat$zero(0xffffffffffffff9c, &(0x7f0000000400), 0x2, 0x0)
read$FUSE(r2, &(0x7f0000000880)={0x2020}, 0x2020)
ioctl$LOOP_CONFIGURE(r0, 0x4c0a, &(0x7f00000002c0)={r1, 0x0, {0x2a00, 0x80010000, 0x0, 0x2, 0x0, 0x0, 0x0, 0x14, 0x1c, "fee8a2ab78fc979fd1e00d96072000001ea89de2b7fb0000e600a1b8785d9600", "2809e8dbe108598948224ad54afac11d875397bdb22d0000b420a1a93c527d3d458dd4992861ac00", "f4bd000000801900", [0x8, 0xffffffff9673e35d]}})
epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r1, &(0x7f0000000080)={0xc000000c})
r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
ioctl$TUNSETIFF(r3, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x2})
r4 = gettid()
process_vm_readv(r4, &(0x7f0000001140)=[{&(0x7f0000000000)=""/87, 0x62}, {&(0x7f0000001200)=""/4096, 0x100a}], 0x2, &(0x7f00000011c0)=[{0xffffffffffffffff, 0x19000}], 0x1, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r1, &(0x7f00000001c0)={0x0, 0x18, 0xfa00, {0x3, &(0x7f00000000c0), 0x2, 0x5}}, 0x20)
openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r5 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r6=>0x0})
sendmsg$nl_route_sched(r5, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000600)=@newqdisc={0x4c, 0x24, 0x4ee4e6a52ff56541, 0x1, 0x25dfdbfd, {0x0, 0x0, 0x0, r6, {0x0, 0xb}, {0xffff, 0xffff}, {0xfff2}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x1c, 0x2, {{0x3, 0x3, 0x6361, 0x5, 0xffffffff, 0x7}}}}]}, 0x4c}, 0x1, 0x0, 0x0, 0x40088c1}, 0x0)
sendmsg$nl_route_sched(r5, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f00000006c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70b926, 0x25dfdc01, {0x0, 0x0, 0x0, r6, {0x0, 0xd}, {0xffff, 0xb}, {0xffff, 0xffe0}}, [@qdisc_kind_options=@q_fq_codel={{0xd}, {0x4}}]}, 0x38}, 0x1, 0x0, 0x0, 0x240040e0}, 0x4890)

2.762948916s ago: executing program 5 (id=580):
r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="0200000004000000080000000100000080"], 0x48)
bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f0000000240)={{r0, <r1=>0xffffffffffffffff}, &(0x7f0000000280), &(0x7f0000000200)='%ps    \x00'}, 0x20)
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000040)={r1}, 0x4) (async)
r2 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r2}, &(0x7f0000bbdffc))
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x275a, 0x0)
write$cgroup_subtree(r3, &(0x7f0000000080)=ANY=[], 0x10448) (async)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x2000001, 0x12, r3, 0x0)
ioctl$MEDIA_IOC_REQUEST_ALLOC(0xffffffffffffffff, 0x80047c05, &(0x7f00000000c0)=<r4=>0xffffffffffffffff)
ioctl$VIDIOC_G_EXT_CTRLS(r3, 0xc0205647, &(0x7f0000000180)={0xa20000, 0xf4d, 0x8, r4, 0x0, &(0x7f0000000140)={0x990901, 0x4, '\x00', @p_u8=&(0x7f0000000100)=0x8}}) (async)
sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7)
r5 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x143102)
writev(r5, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) (async)
r6 = socket$inet_smc(0x2b, 0x1, 0x0) (async)
r7 = syz_io_uring_setup(0x10d, &(0x7f0000000540)={0x0, 0xd4bb, 0x0, 0xfffffffd}, &(0x7f0000000380)=<r8=>0x0, &(0x7f0000000280)=<r9=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r8, 0x4, &(0x7f0000000080)=0x10000, 0x0, 0x4) (async)
setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x6, 0xd, 0x0, 0x0) (async)
sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, 0x0}, 0x20000000) (async)
syz_io_uring_submit(r8, r9, &(0x7f00000002c0)=@IORING_OP_ACCEPT={0xd, 0x0, 0x2, r6, 0x0, 0x0, 0x0, 0x80800}) (async)
listen(r6, 0x5)
io_uring_enter(r7, 0x3517, 0xc2de, 0x9, 0x0, 0x0)

2.467338421s ago: executing program 5 (id=581):
r0 = socket$inet_mptcp(0x2, 0x1, 0x106) (async)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) (async)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) (async)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) (async)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000280)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) (async)
r4 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r4, &(0x7f0000000200)={0x26, 'rng\x00', 0x0, 0x0, 'jitterentropy_rng\x00'}, 0x58) (async)
r5 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r5, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000ac0)={&(0x7f0000000180)=ANY=[@ANYBLOB="5c000000140001000000000000000000fe8000000000000000000000000000aaff0200000000000000000000000000010003000000000000000000", @ANYRESHEX], 0x5c}, 0x1, 0x0, 0x0, 0x20040050}, 0x0) (async)
r6 = syz_open_dev$loop(&(0x7f0000000200), 0x4, 0x40100)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000400)='cpuset.effective_cpus\x00', 0x275a, 0x0) (async, rerun: 32)
r7 = syz_open_dev$loop(&(0x7f0000000300), 0x8f, 0x64242) (rerun: 32)
ioctl$LOOP_CONFIGURE(r7, 0x4c0a, &(0x7f0000001280)={0xffffffffffffffff, 0x0, {0x2a12, 0x80010000, 0x0, 0x1401, 0x8, 0x0, 0x0, 0x1, 0x14, "fee8a2ab78fc179fd1f809000000aca7ca64c6a4b4e00d9683dda1af01000000deff1200100000000000000000000000000800", "2809e8dbe1b22d0000b420a1a93c7540f476779e0117613dd4070000ebff08000000000020000000020000000800000000fafffffffeffffffffffffff00", "e74600001020000000007f440000002000000000000000000000008bd02800", [0xe4, 0x1]}}) (async)
ioctl$LOOP_CHANGE_FD(r7, 0x4c06, r6) (async, rerun: 32)
r8 = accept4(r4, 0x0, 0x0, 0x0) (rerun: 32)
recvmmsg(r8, &(0x7f00000048c0)=[{{0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000001d00)=""/1, 0x1}], 0x1}, 0xc}], 0x1, 0x10002, 0x0) (async)
ioctl$DRM_IOCTL_GET_CLIENT(0xffffffffffffffff, 0xc0286405, &(0x7f0000000100)={0x800, 0x58, {r1}, {<r9=>0xffffffffffffffff}, 0x7, 0x3dd})
ioctl$SIOCAX25ADDUID(r8, 0x89e1, &(0x7f00000001c0)={0x3, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, r9}) (async, rerun: 32)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) (async, rerun: 32)
bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x15, 0x4, &(0x7f0000000580)=ANY=[], &(0x7f0000003ff6)='GPL\x00', 0x5, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x4, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f00000000c0), 0x8, 0x10, &(0x7f0000000000), 0x10}, 0x94) (async, rerun: 32)
socket$nl_generic(0x10, 0x3, 0x10) (async, rerun: 32)
r10 = syz_open_dev$video(&(0x7f0000000180), 0x101, 0xab02)
ioctl$VIDIOC_S_CROP(r10, 0x4014563c, &(0x7f0000000240)={0x9, {0x400, 0xa2b, 0x5, 0x100}}) (async)
bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e24, @multicast2}, 0x10) (async, rerun: 64)
connect$inet(r0, &(0x7f00000009c0)={0x2, 0x4e24, @dev={0xac, 0x14, 0x14, 0x21}}, 0x10) (async, rerun: 64)
writev(r0, &(0x7f0000000200)=[{&(0x7f00000000c0)='X', 0x8030000}], 0x1)

2.154217876s ago: executing program 5 (id=582):
r0 = socket$inet_sctp(0x2, 0x5, 0x84)
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
r2 = socket$inet6_mptcp(0xa, 0x1, 0x106)
bind$inet6(r2, &(0x7f00000002c0)={0xa, 0x4e22, 0x0, @local, 0xb}, 0x1c)
setsockopt$inet6_int(r1, 0x29, 0x4b, &(0x7f0000000100)=0x405, 0x4)
r3 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
ioctl$TCSBRKP(r3, 0x5425, 0x0)
r4 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$TCSETSW2(r4, 0x5408, &(0x7f0000000040)={0x2, 0x0, 0x0, 0x2, 0x0, "23f555d9adb42d4408020e90d1beaa82dc1ecf"})
ioctl$TIOCGPGRP(r3, 0x5437, 0x0)
bind$inet6(r1, &(0x7f0000000140)={0xa, 0x4e22, 0x3, @local, 0x6}, 0x1c)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000140)={0xffffffffffffffff, <r5=>0xffffffffffffffff})
r6 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r6, &(0x7f0000000000)={0x2, 0x4e21, @broadcast}, 0x10)
setsockopt$inet_tcp_TCP_CONGESTION(r6, 0x6, 0xd, &(0x7f00000000c0)='cdg', 0x3)
r7 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_DESTROY(r7, &(0x7f0000000280)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f0000000240)={&(0x7f0000000200)={0x24, 0x3, 0x6, 0x3, 0x0, 0x0, {0x5, 0x0, 0x4}, [@IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_PROTOCOL={0x5}]}, 0x24}, 0x1, 0x0, 0x0, 0x810}, 0x0)
setsockopt$inet_tcp_int(r6, 0x6, 0x2, &(0x7f00000001c0)=0xa3, 0x4)
connect$inet(r6, &(0x7f0000000180)={0x2, 0x4e21, @dev={0xac, 0x14, 0x14, 0x1b}}, 0x10)
sendto$inet(r6, &(0x7f00000000c0), 0xffffffffffffffef, 0x20c49b, 0x0, 0x0)
pipe2(&(0x7f0000000000)={<r8=>0xffffffffffffffff, <r9=>0xffffffffffffffff}, 0x80000)
splice(r5, 0x0, r9, 0x0, 0x6, 0x0)
fcntl$setpipe(r8, 0x407, 0xfffffffffffffbff)
close_range(r0, 0xffffffffffffffff, 0x0)

1.554684225s ago: executing program 3 (id=583):
timer_create(0x0, &(0x7f0000000080)={0x0, 0x21, 0x0, @tid=0xffffffffffffffff}, &(0x7f0000000300))
fcntl$lock(0xffffffffffffffff, 0x6, &(0x7f0000000040)={0x0, 0x0, 0x60d3, 0x5})
mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1)
timer_settime(0x0, 0x1, &(0x7f0000000040)={{}, {0x0, 0x989680}}, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000040)={0x0}}, 0x80000)
r0 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$netlink(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000001f00)=ANY=[@ANYBLOB="200000005e00250e00000000000000000c000080eec47c8e670527ab040001"], 0x20}], 0x1}, 0xc0)
sendmmsg(r0, &(0x7f00000002c0), 0x40000000000009f, 0x0)
r1 = io_uring_setup(0xcd2, &(0x7f00000000c0)={0x0, 0x9fd2, 0x100, 0x2, 0x97})
mmap(&(0x7f0000000000/0x200000)=nil, 0x200000, 0x9, 0x10, r1, 0x1bf61000)
r2 = syz_open_dev$usbfs(&(0x7f0000000340), 0x206, 0x8401)
ioctl$USBDEVFS_ALLOW_SUSPEND(r2, 0x5522)
ioctl$USBDEVFS_BULK(r2, 0x5523, 0x0)

1.247417903s ago: executing program 3 (id=584):
r0 = socket$igmp(0x2, 0x3, 0x2)
setsockopt$MRT_INIT(r0, 0x0, 0xc8, &(0x7f0000003d40), 0x4)
setsockopt$MRT_ADD_VIF(r0, 0x0, 0xca, 0x0, 0x0)
r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
accept$inet(r1, &(0x7f0000000040)={0x2, 0x0, @loopback}, &(0x7f0000000080)=0x10)
setsockopt$inet_mreq(r1, 0x0, 0x23, &(0x7f0000000000)={@multicast1=0xe0000300, @local}, 0x8)
write$tun(0xffffffffffffffff, 0x0, 0x42)
syz_emit_ethernet(0x3e, &(0x7f00000002c0)={@local, @remote, @void, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x0, 0x0, 0x30, 0x0, 0x20, 0xfc, 0x2, 0x0, @rand_addr=0x1c, @multicast1=0xe0000300}, @dest_unreach={0x3, 0x6, 0x0, 0x0, 0xfa, 0x9, {0x5, 0x4, 0x0, 0x1c, 0xfff6, 0x65, 0x5, 0x1, 0x4, 0x3, @private=0xa010102, @local}}}}}}, 0x0)

1.186084562s ago: executing program 5 (id=585):
r0 = socket$pppl2tp(0x18, 0x1, 0x1)
r1 = socket$inet6_udp(0xa, 0x2, 0x0)
socket$netlink(0x10, 0x3, 0x6)
accept4$inet(0xffffffffffffffff, &(0x7f0000000000)={0x2, 0x0, @private}, 0x0, 0x80800)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5)
openat$sequencer(0xffffffffffffff9c, &(0x7f00000001c0), 0xc0a40, 0x0)
r2 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r2, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
connect$inet6(0xffffffffffffffff, &(0x7f0000000000)={0xa, 0x4e27, 0xffffffff, @mcast2, 0x5}, 0x1c)
sendmmsg$inet6(0xffffffffffffffff, &(0x7f0000003cc0)=[{{0x0, 0x0, &(0x7f0000003980), 0x171}}], 0x400000000000172, 0x4001c00)
connect$pppl2tp(r0, &(0x7f0000000740)=@pppol2tpv3={0x18, 0x1, {0x3, r1, {0x2, 0x4e23, @broadcast}, 0x2, 0x0, 0x4}}, 0x2e)
r3 = syz_genetlink_get_family_id$l2tp(&(0x7f00000005c0), 0xffffffffffffffff)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$L2TP_CMD_SESSION_DELETE(r4, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000002c0)=ANY=[@ANYBLOB='@\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="11000cbd70100400000005000000080009000200000008000c00a80a000008000b000000000006000100070000000c0010000000000000edff"], 0x40}, 0x1, 0x0, 0x0, 0x40811}, 0x20)

121.838614ms ago: executing program 5 (id=586):
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket(0x10, 0x803, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
r3 = socket$phonet(0x23, 0x2, 0x1)
sendmmsg(r3, &(0x7f0000000dc0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4014)
sendmsg$nl_route_sched(r1, &(0x7f0000000140)={0x0, 0xffffffffffffff34, &(0x7f0000000080)={0x0, 0xb8}}, 0x0)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0)
r4 = socket$kcm(0x10, 0x2, 0x10)
sendmsg$kcm(r4, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000480)=[{&(0x7f0000000000)="1400000010003507d25a806f8c6394f90324fc60", 0x14}], 0x1}, 0x200a4800)
recvmsg$kcm(r4, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000280)=[{&(0x7f0000000a80)=""/4135, 0x1027}, {&(0x7f0000005b00)=""/4112, 0x1010}, {&(0x7f0000002ac0)=""/4096, 0x1000}], 0x3}, 0x40)
getsockname$packet(r1, &(0x7f0000000340)={0x11, 0x0, <r5=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000000)=0x14)
sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000240)=ANY=[@ANYBLOB="34000000100081eee80000040000000010000000", @ANYRES32=r5, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0)
sendmsg$nl_route(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000140)=@ipv4_newaddr={0x20, 0x14, 0x1, 0x0, 0x0, {0x2, 0x0, 0x0, 0xff, r5}, [@IFA_LOCAL={0x8, 0x2, @local}]}, 0x20}}, 0x0)
syz_usb_connect(0x0, 0x24, &(0x7f0000000000)=ANY=[@ANYBLOB="12011003075f374071040a0695a4010a0301090212000142d8000a0904001000323ab408"], &(0x7f0000000840)={0x0, 0x0, 0x0, 0x0})
syz_usb_connect$uac1(0x6, 0x0, 0x0, &(0x7f0000000340)={0x0, 0x0, 0x0, 0x0, 0x3, [{0x0, 0x0}, {0xeb, &(0x7f00000004c0)=ANY=[@ANYBLOB="eb032096c29d006420ee6e89c8bebd1d24b68f43b4da8e56d81f0096fae15901cecef82b154e8b9bf23ba61f52d8ac676168c95a5353e77750b44cbdaa828611072ccfb2921f21afc8b44133d6d9206e4681b04bfb51a43f58fa358319e820b439e6cd59d58c8b34d92cade3784778a3715f3d22b279ce70ebdb9e68ea11350646ee28e6b7420b044fe8e4f92e4fe8db462a1b2b9d7d95115196eba2611f06dda4ebae414b7c63bd53ed14ed9dd0a42c42bc03177b904c1a6dd883844563e73a29265fc8b76d0f89ef3453c71a2f9281d53013dddbda4074ce62b2ee3f17dff40dcf62428ae94816623faf"]}, {0x61, &(0x7f00000002c0)=@string={0x61, 0x3, "e557d9b3e0ea100709ffd99a1099c2e6e030799e6c4d4e4971fe444a43b9885ff4bbf28b5ecc9e117186e6a5968535db1f4fc0660db719e8eb001ac21851958f091905e52bb9a774a5e3122eefa0eb753b78e591e2b06f119a9e32ecb03abf"}}]})
r6 = socket$inet(0x2, 0x2, 0x1)
setsockopt$sock_int(r6, 0x1, 0x5, &(0x7f0000000340)=0x6, 0x4)
sendmsg$inet(r6, &(0x7f0000001040)={&(0x7f0000000040)={0x2, 0xffff, @broadcast}, 0x10, &(0x7f00000000c0)=[{&(0x7f0000000400)='\b\x00', 0x2}, {&(0x7f0000000180)="2d0000008058", 0x6}], 0x2, &(0x7f0000000100)=ANY=[@ANYBLOB="1c000000000000000000000007000000940b040a0101027f00000100000000001c000000000000000000000008"], 0x40}, 0x20008024)
r7 = socket$inet(0x2, 0x3, 0x2)
setsockopt$inet_mreqsrc(r7, 0x0, 0x27, &(0x7f0000000040)={@multicast2, @local}, 0xc)
setsockopt$inet_mreq(0xffffffffffffffff, 0x0, 0x23, 0x0, 0x0)
getsockname$packet(r1, &(0x7f0000000380)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)=0x14)
fsopen(&(0x7f0000000100)='cifs\x00', 0x0)

0s ago: executing program 3 (id=587):
r0 = getpgrp(0xffffffffffffffff)
prlimit64(r0, 0xe, &(0x7f0000000140)={0x7, 0x2}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x0)
madvise(&(0x7f0000000000/0x3000)=nil, 0x7fffffffffffffff, 0x15)

kernel console output (not intermixed with test programs):


[   86.236432][ T1009] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   86.236451][ T1009] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   86.307360][ T5929] Dev loop5: unable to read RDB block 7
[   86.307409][ T5929]  loop5: unable to read partition table
[   86.307595][ T5929] loop5: partition table beyond EOD, truncated
[   86.307629][ T5929] loop_reread_partitions: partition scan of loop5 (úùƒWå¡™‰ü�¾Ã½¸*‹ºÐ	œëÜ%õ«µ4FLQkÝŠ5) failed (rc=-5)
[   86.308044][ T5860] usb 2-1: Using ep0 maxpacket: 16
[   86.311045][ T5860] usb 2-1: unable to get BOS descriptor or descriptor too short
[   86.320773][ T5860] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[   86.320825][ T5860] usb 2-1: config 1 interface 0 altsetting 1 has 0 endpoint descriptors, different from the interface descriptor's value: 2
[   86.320851][ T5860] usb 2-1: config 1 interface 0 has no altsetting 0
[   86.324978][ T5860] usb 2-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[   86.325004][ T5860] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   86.325023][ T5860] usb 2-1: Product: syz
[   86.325036][ T5860] usb 2-1: Manufacturer: syz
[   86.325049][ T5860] usb 2-1: SerialNumber: syz
[   86.535545][ T3369] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   86.535564][ T3369] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   86.677067][ T5938] =======================================================
[   86.677067][ T5938] WARNING: The mand mount option has been deprecated and
[   86.677067][ T5938]          and is ignored by this kernel. Remove the mand
[   86.677067][ T5938]          option from the mount to silence this warning.
[   86.677067][ T5938] =======================================================
[   86.728638][ T5938] netlink: 8 bytes leftover after parsing attributes in process `syz.2.9'.
[   86.859120][ T1470] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   86.859139][ T1470] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   87.108681][ T5945] 9p: Bad value for 'rfdno'
[   87.256397][ T5947] netlink: 20 bytes leftover after parsing attributes in process `syz.3.4'.
[   87.258017][ T5947] netlink: 20 bytes leftover after parsing attributes in process `syz.3.4'.
[   87.414389][ T5860] cdc_ether 2-1:1.0: skipping garbage
[   87.414882][ T5860] cdc_ether 2-1:1.0: probe with driver cdc_ether failed with error -22
[   87.495639][ T5860] usb 2-1: USB disconnect, device number 2
[   87.797413][ T5962] kvm_intel: L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details.
[   89.565091][ T5973] mmap: syz.1.13 (5973) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst.
[   90.979008][ T5858] usb 3-1: new high-speed USB device number 2 using dummy_hcd
[   91.190144][ T5858] usb 3-1: too many endpoints for config 0 interface 0 altsetting 48: 48, using maximum allowed: 30
[   91.190190][ T5858] usb 3-1: config 0 interface 0 altsetting 48 has 0 endpoint descriptors, different from the interface descriptor's value: 48
[   91.190217][ T5858] usb 3-1: config 0 interface 0 has no altsetting 0
[   91.302191][ T5858] usb 3-1: New USB device found, idVendor=13d8, idProduct=0010, bcdDevice=8f.72
[   91.302219][ T5858] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   91.302239][ T5858] usb 3-1: Product: syz
[   91.302252][ T5858] usb 3-1: Manufacturer: syz
[   91.302265][ T5858] usb 3-1: SerialNumber: syz
[   91.307964][ T5858] usb 3-1: config 0 descriptor??
[   91.415197][ T5981] warning: `syz.3.15' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211
[   91.627066][ T5858] usb 3-1: selecting invalid altsetting 1
[   91.627098][ T5858] comedi comedi5: could not switch to alternate setting 1
[   91.627113][ T5858] usbduxfast 3-1:0.0: driver 'usbduxfast' failed to auto-configure device.
[   91.691177][ T5858] usb 3-1: USB disconnect, device number 2
[   92.452860][ T5988] cgroup: Unknown subsys name 'io'
[   92.828841][    T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!!
[   92.837645][    T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!!
[   92.838822][    T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!!
[   92.848828][    T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!!
[   92.858833][    T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!!
[   92.868822][    T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!!
[   92.877100][    T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!!
[   93.345079][    T0] NOHZ tick-stop error: local softirq work is pending, handler #c0!!!
[   93.348080][    T0] NOHZ tick-stop error: local softirq work is pending, handler #c0!!!
[   93.351064][    T0] NOHZ tick-stop error: local softirq work is pending, handler #c0!!!
[   93.612556][ T5986] Invalid source name
[   93.612567][ T5986] UBIFS error (pid: 5986): cannot open "ubifs", error -22
[   95.540274][ T6004] genirq: Flags mismatch irq 4. 00202000 (aio_iiro_16) vs. 00202080 (ttyS0)
[   96.297353][ T6012] Invalid source name
[   96.297464][ T6012] UBIFS error (pid: 6012): cannot open "ubifs", error -22
[   96.917689][ T6030] netlink: 236 bytes leftover after parsing attributes in process `syz.1.16'.
[   96.917723][ T6030] netlink: 236 bytes leftover after parsing attributes in process `syz.1.16'.
[   96.918199][ T6029] netlink: 236 bytes leftover after parsing attributes in process `syz.1.16'.
[   96.918217][ T6029] netlink: 236 bytes leftover after parsing attributes in process `syz.1.16'.
[   97.054721][ T5876] kernel write not supported for file bpf-prog (pid: 5876 comm: kworker/0:5)
[   98.108909][ T5876] usb 1-1: new high-speed USB device number 2 using dummy_hcd
[   98.144083][   T31] usb 2-1: new high-speed USB device number 3 using dummy_hcd
[   98.698778][   T31] usb 2-1: config 220 has an invalid interface number: 76 but max is 2
[   98.698840][   T31] usb 2-1: config 220 has an invalid descriptor of length 0, skipping remainder of the config
[   98.698861][   T31] usb 2-1: config 220 has no interface number 2
[   98.698930][   T31] usb 2-1: config 220 interface 1 altsetting 5 has 0 endpoint descriptors, different from the interface descriptor's value: 12
[   98.698957][   T31] usb 2-1: config 220 interface 0 has no altsetting 0
[   98.698975][   T31] usb 2-1: config 220 interface 76 has no altsetting 0
[   98.698992][   T31] usb 2-1: config 220 interface 1 has no altsetting 0
[   98.702980][   T31] usb 2-1: New USB device found, idVendor=8086, idProduct=0b07, bcdDevice=6c.b9
[   98.703008][   T31] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   98.703028][   T31] usb 2-1: Product: syz
[   98.703042][   T31] usb 2-1: Manufacturer: syz
[   98.703056][   T31] usb 2-1: SerialNumber: syz
[   98.802754][ T6049] netlink: 8 bytes leftover after parsing attributes in process `syz.3.36'.
[   98.802776][ T6049] netlink: 12 bytes leftover after parsing attributes in process `syz.3.36'.
[   98.804147][ T6049] netlink: 8 bytes leftover after parsing attributes in process `syz.3.36'.
[   98.804165][ T6049] netlink: 12 bytes leftover after parsing attributes in process `syz.3.36'.
[   98.804785][ T6049] Zero length message leads to an empty skb
[   98.888940][ T5876] usb 1-1: device descriptor read/64, error -71
[   99.139319][ T5876] usb 1-1: new high-speed USB device number 3 using dummy_hcd
[  100.126122][ T5876] usb 1-1: device descriptor read/64, error -71
[  100.236563][ T5876] usb usb1-port1: attempt power cycle
[  100.710058][ T6065] netlink: 7 bytes leftover after parsing attributes in process `syz.0.42'.
[  101.781073][   T31] uvcvideo 2-1:220.0: Found UVC 7.01 device syz (8086:0b07)
[  101.781115][   T31] uvcvideo 2-1:220.0: No valid video chain found.
[  101.781261][   T31] usb 2-1: selecting invalid altsetting 0
[  101.840011][   T31] usb 2-1: selecting invalid altsetting 0
[  101.840050][   T31] usbtest 2-1:220.1: probe with driver usbtest failed with error -22
[  101.843878][   T31] usb 2-1: USB disconnect, device number 3
[  105.329559][ T5876] usb 1-1: new high-speed USB device number 5 using dummy_hcd
[  105.519263][ T5876] usb 1-1: Using ep0 maxpacket: 32
[  105.654308][ T5876] usb 1-1: config 0 interface 0 altsetting 0 bulk endpoint 0x85 has invalid maxpacket 1024
[  105.689638][ T5876] usb 1-1: New USB device found, idVendor=12d8, idProduct=0001, bcdDevice=de.79
[  105.689672][ T5876] usb 1-1: New USB device strings: Mfr=1, Product=236, SerialNumber=2
[  105.689738][ T5876] usb 1-1: Product: syz
[  105.689787][ T5876] usb 1-1: Manufacturer: syz
[  105.689835][ T5876] usb 1-1: SerialNumber: syz
[  105.943824][ T5876] usb 1-1: config 0 descriptor??
[  105.944921][ T6106] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22
[  105.976208][ T5876] hub 1-1:0.0: bad descriptor, ignoring hub
[  105.976230][ T5876] hub 1-1:0.0: probe with driver hub failed with error -5
[  107.473412][ T6106] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  107.473921][ T6106] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  107.682363][ T6128] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list
[  109.919528][ T5858] usb 1-1: USB disconnect, device number 5
[  109.961739][ T6142] syz.3.65 (6142) used greatest stack depth: 18016 bytes left
[  113.249600][ T6189] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list
[  113.318927][ T5979] usb 5-1: new high-speed USB device number 2 using dummy_hcd
[  113.470825][ T5979] usb 5-1: Using ep0 maxpacket: 32
[  113.473116][ T5979] usb 5-1: config 0 has an invalid interface number: 126 but max is 0
[  113.473153][ T5979] usb 5-1: config 0 has no interface number 0
[  113.473197][ T5979] usb 5-1: config 0 interface 126 altsetting 16 bulk endpoint 0x6 has invalid maxpacket 1023
[  113.473221][ T5979] usb 5-1: config 0 interface 126 altsetting 16 bulk endpoint 0x82 has invalid maxpacket 8
[  113.473246][ T5979] usb 5-1: config 0 interface 126 has no altsetting 0
[  113.475526][ T5979] usb 5-1: New USB device found, idVendor=09c4, idProduct=0011, bcdDevice=b0.1c
[  113.475550][ T5979] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  113.475568][ T5979] usb 5-1: Product: syz
[  113.475581][ T5979] usb 5-1: Manufacturer: syz
[  113.475594][ T5979] usb 5-1: SerialNumber: syz
[  113.571826][ T5979] usb 5-1: config 0 descriptor??
[  113.573468][ T6183] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22
[  113.573584][ T6183] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22
[  113.771792][ T6201] F2FS-fs (nbd1): Magic Mismatch, valid(0xf2f52010) - read(0x0)
[  113.771817][ T6201] F2FS-fs (nbd1): Can't find valid F2FS filesystem in 1th superblock
[  113.772371][ T6201] F2FS-fs (nbd1): Magic Mismatch, valid(0xf2f52010) - read(0x0)
[  113.772391][ T6201] F2FS-fs (nbd1): Can't find valid F2FS filesystem in 2th superblock
[  113.822666][ T5979] ir_usb 5-1:0.126: IR Dongle converter detected
[  113.823647][ T5979] usb 5-1: IRDA class descriptor not found, device not bound
[  113.880265][ T5979] usb 5-1: USB disconnect, device number 2
[  114.141131][ T5860] usb 2-1: new low-speed USB device number 4 using dummy_hcd
[  114.141258][ T5876] usb 4-1: new full-speed USB device number 2 using dummy_hcd
[  114.292423][ T5876] usb 4-1: config 0 has an invalid interface number: 27 but max is 0
[  114.292450][ T5876] usb 4-1: config 0 has no interface number 0
[  114.292690][ T5876] usb 4-1: config 0 interface 27 altsetting 51 endpoint 0x7 has invalid maxpacket 512, setting to 64
[  114.292719][ T5876] usb 4-1: config 0 interface 27 has no altsetting 0
[  114.293702][ T5860] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  114.293724][ T5860] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 2
[  114.293772][ T5860] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 25198, setting to 8
[  114.293858][ T5860] usb 2-1: New USB device found, idVendor=0225, idProduct=0000, bcdDevice= 0.00
[  114.293881][ T5860] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  114.300250][ T5876] usb 4-1: New USB device found, idVendor=2040, idProduct=4902, bcdDevice=d8.b2
[  114.300276][ T5876] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  114.300294][ T5876] usb 4-1: Product: syz
[  114.300308][ T5876] usb 4-1: Manufacturer: syz
[  114.300320][ T5876] usb 4-1: SerialNumber: syz
[  114.346902][ T6201] raw-gadget.2 gadget.1: fail, usb_ep_enable returned -22
[  114.354284][ T5876] usb 4-1: config 0 descriptor??
[  114.364659][ T6205] raw-gadget.1 gadget.3: fail, usb_ep_enable returned -22
[  114.447761][ T5860] hub 2-1:1.0: bad descriptor, ignoring hub
[  114.447798][ T5860] hub 2-1:1.0: probe with driver hub failed with error -5
[  114.463889][ T5860] cdc_wdm 2-1:1.0: skipping garbage
[  114.463900][ T5860] cdc_wdm 2-1:1.0: skipping garbage
[  114.521035][ T5860] cdc_wdm 2-1:1.0: cdc-wdm0: USB WDM device
[  114.521430][ T5860] cdc_wdm 2-1:1.0: Unknown control protocol
[  114.588997][    C0] cdc_wdm 2-1:1.0: nonzero urb status received: -71
[  114.589106][    C0] cdc_wdm 2-1:1.0: wdm_int_callback - 0 bytes
[  114.589335][    C0] cdc_wdm 2-1:1.0: nonzero urb status received: -71
[  114.589353][    C0] cdc_wdm 2-1:1.0: wdm_int_callback - 0 bytes
[  114.589572][    C0] cdc_wdm 2-1:1.0: nonzero urb status received: -71
[  114.589589][    C0] cdc_wdm 2-1:1.0: wdm_int_callback - 0 bytes
[  114.589815][    C0] cdc_wdm 2-1:1.0: nonzero urb status received: -71
[  114.589833][    C0] cdc_wdm 2-1:1.0: wdm_int_callback - 0 bytes
[  114.590056][    C0] cdc_wdm 2-1:1.0: nonzero urb status received: -71
[  114.590073][    C0] cdc_wdm 2-1:1.0: wdm_int_callback - 0 bytes
[  114.590297][    C0] cdc_wdm 2-1:1.0: nonzero urb status received: -71
[  114.590314][    C0] cdc_wdm 2-1:1.0: wdm_int_callback - 0 bytes
[  114.590530][    C0] cdc_wdm 2-1:1.0: nonzero urb status received: -71
[  114.590540][    C0] cdc_wdm 2-1:1.0: wdm_int_callback - 0 bytes
[  114.590733][    C0] cdc_wdm 2-1:1.0: nonzero urb status received: -71
[  114.590742][    C0] cdc_wdm 2-1:1.0: wdm_int_callback - 0 bytes
[  114.590952][    C0] cdc_wdm 2-1:1.0: nonzero urb status received: -71
[  114.590969][    C0] cdc_wdm 2-1:1.0: wdm_int_callback - 0 bytes
[  114.591164][    C0] cdc_wdm 2-1:1.0: nonzero urb status received: -71
[  114.591174][    C0] cdc_wdm 2-1:1.0: wdm_int_callback - 0 bytes
[  114.680170][ T5876] hdpvr 4-1:0.27: Could not find bulk-in endpoint
[  114.681580][ T5876] hdpvr 4-1:0.27: probe with driver hdpvr failed with error -12
[  114.804042][ T5860] usb 2-1: Failed to suspend device, error -71
[  114.809478][ T5860] usb 2-1: USB disconnect, device number 4
[  114.835486][ T5876] usb 4-1: USB disconnect, device number 2
[  117.478886][ T5876] usb 3-1: new high-speed USB device number 3 using dummy_hcd
[  117.618951][ T5876] usb 3-1: device descriptor read/64, error -71
[  117.868931][ T5876] usb 3-1: new high-speed USB device number 4 using dummy_hcd
[  118.888883][ T5876] usb 3-1: device descriptor read/64, error -71
[  119.000744][ T5876] usb usb3-port1: attempt power cycle
[  119.078962][ T5875] usb 4-1: new full-speed USB device number 3 using dummy_hcd
[  119.234000][ T5875] usb 4-1: config 0 interface 0 altsetting 6 endpoint 0x81 has an invalid bInterval 0, changing to 10
[  119.234035][ T5875] usb 4-1: config 0 interface 0 altsetting 6 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  119.234062][ T5875] usb 4-1: config 0 interface 0 has no altsetting 0
[  119.234093][ T5875] usb 4-1: New USB device found, idVendor=1e7d, idProduct=2c24, bcdDevice= 0.00
[  119.234116][ T5875] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  119.291336][ T5875] usb 4-1: config 0 descriptor??
[  121.837695][ T5875] pyra 0003:1E7D:2C24.0001: ignoring exceeding usage max
[  121.886961][ T5875] pyra 0003:1E7D:2C24.0001: hidraw0: USB HID v0.07 Device [HID 1e7d:2c24] on usb-dummy_hcd.3-1/input0
[  121.929327][ T5875] pyra 0003:1E7D:2C24.0001: couldn't init struct pyra_device
[  121.929380][ T5875] pyra 0003:1E7D:2C24.0001: couldn't install mouse
[  122.002085][ T5875] pyra 0003:1E7D:2C24.0001: probe with driver pyra failed with error -71
[  122.042362][ T6269] netlink: 8 bytes leftover after parsing attributes in process `syz.3.105'.
[  122.108925][ T5875] usb 4-1: USB disconnect, device number 3
[  122.318190][ T6267] fido_id[6267]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.3/usb4/report_descriptor': No such file or directory
[  122.861171][ T5860] usb 5-1: new high-speed USB device number 3 using dummy_hcd
[  123.289009][ T5858] usb 4-1: new high-speed USB device number 4 using dummy_hcd
[  123.381118][ T5860] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  123.381151][ T5860] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  123.381186][ T5860] usb 5-1: New USB device found, idVendor=0fc5, idProduct=b080, bcdDevice= 0.00
[  123.381209][ T5860] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  123.455929][ T5858] usb 4-1: too many endpoints for config 0 interface 0 altsetting 3: 63, using maximum allowed: 30
[  123.455976][ T5858] usb 4-1: config 0 interface 0 altsetting 3 has 1 endpoint descriptor, different from the interface descriptor's value: 63
[  123.456002][ T5858] usb 4-1: config 0 interface 0 has no altsetting 0
[  123.456034][ T5858] usb 4-1: New USB device found, idVendor=0e8f, idProduct=0012, bcdDevice= 0.00
[  123.456062][ T5858] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  123.511870][ T5860] usb 5-1: config 0 descriptor??
[  123.533787][ T5858] usb 4-1: config 0 descriptor??
[  123.837598][ T6284] mmap: syz.0.109 (6284): VmData 37650432 exceed data ulimit 8. Update limits or use boot option ignore_rlimit_data.
[  123.957711][ T5858] greenasia 0003:0E8F:0012.0002: item fetching failed at offset 0/4
[  123.958402][ T5858] greenasia 0003:0E8F:0012.0002: parse failed
[  123.958470][ T5858] greenasia 0003:0E8F:0012.0002: probe with driver greenasia failed with error -22
[  123.997266][ T5860] hid-led 0003:0FC5:B080.0003: unknown main item tag 0x0
[  124.154099][ T5858] usb 4-1: USB disconnect, device number 4
[  124.216591][ T5860] hid-led 0003:0FC5:B080.0003: probe with driver hid-led failed with error -71
[  124.259488][ T5860] usb 5-1: USB disconnect, device number 3
[  128.582118][ T6310] xt_l2tp: wrong L2TP version: 7
[  129.765046][ T6318] netlink: 5 bytes leftover after parsing attributes in process `syz.4.117'.
[  129.765264][ T6318] 0ªî{X¹¦: renamed from gretap0 (while UP)
[  129.974674][ T6318] 0ªî{X¹¦: entered allmulticast mode
[  129.975269][ T6318] A link change request failed with some changes committed already. Interface 
30ªî{X¹¦ may have been left with an inconsistent configuration, please check.
[  130.000977][ T6318] netlink: 5 bytes leftover after parsing attributes in process `syz.4.117'.
[  130.024623][ T6318] 1ªî{X¹¦: renamed from 
30ªî{X¹¦ (while UP)
[  130.071851][ T6318] A link change request failed with some changes committed already. Interface 
31ªî{X¹¦ may have been left with an inconsistent configuration, please check.
[  130.100694][ T6318] netlink: 5 bytes leftover after parsing attributes in process `syz.4.117'.
[  130.138104][ T6318] 0ªî{X¹¦: renamed from 
31ªî{X¹¦ (while UP)
[  130.224003][ T6318] A link change request failed with some changes committed already. Interface 
30ªî{X¹¦ may have been left with an inconsistent configuration, please check.
[  130.261328][ T6318] netlink: 5 bytes leftover after parsing attributes in process `syz.4.117'.
[  130.263158][ T6318] 1ªî{X¹¦: renamed from 
30ªî{X¹¦ (while UP)
[  130.302333][ T6318] A link change request failed with some changes committed already. Interface 
31ªî{X¹¦ may have been left with an inconsistent configuration, please check.
[  130.302578][ T6318] netlink: 5 bytes leftover after parsing attributes in process `syz.4.117'.
[  130.352291][ T6318] 0ªî{X¹¦: renamed from 
31ªî{X¹¦ (while UP)
[  130.381804][ T5936] usb 2-1: new high-speed USB device number 5 using dummy_hcd
[  130.402223][ T6318] A link change request failed with some changes committed already. Interface 
30ªî{X¹¦ may have been left with an inconsistent configuration, please check.
[  130.530753][ T5936] usb 2-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3
[  130.530783][ T5936] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  130.534163][ T5936] usb 2-1: config 0 descriptor??
[  130.551247][ T5936] cp210x 2-1:0.0: cp210x converter detected
[  131.243244][ T5858] hid-generic 0008:80000001:0000.0004: item fetching failed at offset 1/4
[  131.246945][ T5858] hid-generic 0008:80000001:0000.0004: probe with driver hid-generic failed with error -22
[  131.281886][ T5936] cp210x 2-1:0.0: failed to get vendor val 0x3711 size 2: -71
[  131.281910][ T5936] cp210x 2-1:0.0: GPIO initialisation failed: -71
[  131.327605][ T5936] usb 2-1: cp210x converter now attached to ttyUSB0
[  131.400475][ T5936] usb 2-1: USB disconnect, device number 5
[  131.434657][ T5936] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0
[  131.438070][ T5936] cp210x 2-1:0.0: device disconnected
[  133.130356][ T1319] ieee802154 phy0 wpan0: encryption failed: -22
[  133.130429][ T1319] ieee802154 phy1 wpan1: encryption failed: -22
[  134.236970][ T6358] 9pnet_virtio: no channels available for device syz
[  138.545230][ T6373] fuse: Bad value for 'fd'
[  138.730109][ T6379] ieee802154 phy0 wpan0: encryption failed: -22
[  139.589852][ T6390] Invalid source name
[  139.589864][ T6390] UBIFS error (pid: 6390): cannot open "ubifs", error -22
[  139.796632][   T37] audit: type=1326 audit(1771102999.424:2): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6395 comm="syz.1.145" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe5591bbf79 code=0x7ffc0000
[  139.796679][   T37] audit: type=1326 audit(1771102999.424:3): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6395 comm="syz.1.145" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe5591bbf79 code=0x7ffc0000
[  139.796715][   T37] audit: type=1326 audit(1771102999.424:4): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6395 comm="syz.1.145" exe="/root/syz-executor" sig=0 arch=c000003e syscall=197 compat=0 ip=0x7fe5591bbf79 code=0x7ffc0000
[  139.796751][   T37] audit: type=1326 audit(1771102999.424:5): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6395 comm="syz.1.145" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe5591bbf79 code=0x7ffc0000
[  139.800690][   T37] audit: type=1326 audit(1771102999.434:6): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6395 comm="syz.1.145" exe="/root/syz-executor" sig=0 arch=c000003e syscall=53 compat=0 ip=0x7fe5591bbf79 code=0x7ffc0000
[  139.800729][   T37] audit: type=1326 audit(1771102999.434:7): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6395 comm="syz.1.145" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe5591bbf79 code=0x7ffc0000
[  139.800763][   T37] audit: type=1326 audit(1771102999.434:8): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6395 comm="syz.1.145" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe5591bbf79 code=0x7ffc0000
[  139.803304][   T37] audit: type=1326 audit(1771102999.434:9): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6395 comm="syz.1.145" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7fe5591bbf79 code=0x7ffc0000
[  139.803346][   T37] audit: type=1326 audit(1771102999.434:10): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6395 comm="syz.1.145" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe5591bbf79 code=0x7ffc0000
[  139.803380][   T37] audit: type=1326 audit(1771102999.434:11): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6395 comm="syz.1.145" exe="/root/syz-executor" sig=0 arch=c000003e syscall=46 compat=0 ip=0x7fe5591bbf79 code=0x7ffc0000
[  141.471956][ T6407] loop8: detected capacity change from 0 to 7
[  141.484790][ T6407] Dev loop8: unable to read RDB block 7
[  141.484830][ T6407]  loop8: unable to read partition table
[  141.485005][ T6407] loop8: partition table beyond EOD, truncated
[  141.485029][ T6407] loop_reread_partitions: partition scan of loop8 (þ被xü^>Ñà– ) failed (rc=-5)
[  146.438929][  T932] usb 1-1: new high-speed USB device number 7 using dummy_hcd
[  146.588864][  T932] usb 1-1: Using ep0 maxpacket: 16
[  146.591014][  T932] usb 1-1: too many endpoints for config 1 interface 0 altsetting 0: 254, using maximum allowed: 30
[  146.591059][  T932] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 0, changing to 7
[  146.591084][  T932] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x3 has invalid wMaxPacketSize 0
[  146.591105][  T932] usb 1-1: config 1 interface 0 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 254
[  146.592563][  T932] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  146.592588][  T932] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1
[  146.592607][  T932] usb 1-1: SerialNumber: syz
[  146.896906][ T6439] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  146.898316][ T6439] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  146.927470][  T932] usb 1-1: USB disconnect, device number 7
[  147.082246][ T6449] ksmbd: Daemon and kernel module version mismatch. ksmbd: 124, kernel module: 1. User-space ksmbd should terminate.
[  147.211577][ T6451] netlink: 256 bytes leftover after parsing attributes in process `syz.3.160'.
[  147.327163][ T6453] binder: 6452:6453 ioctl c0306201 2000000003c0 returned -14
[  147.565448][ T6458] netlink: 24 bytes leftover after parsing attributes in process `syz.1.158'.
[  147.583228][ T6459] netlink: 36 bytes leftover after parsing attributes in process `syz.2.155'.
[  147.760360][ T6458] 9p: Bad value for 'rfdno'
[  150.760123][  T932] usb 2-1: new high-speed USB device number 6 using dummy_hcd
[  151.190694][ T6486] loop4: detected capacity change from 0 to 5
[  151.191764][ T6486] Buffer I/O error on dev loop4, logical block 0, async page read
[  151.191820][ T6486] Buffer I/O error on dev loop4, logical block 0, async page read
[  151.191890][ T6486] Buffer I/O error on dev loop4, logical block 0, async page read
[  151.191933][ T6486] Buffer I/O error on dev loop4, logical block 0, async page read
[  151.191963][ T6486] Buffer I/O error on dev loop4, logical block 0, async page read
[  151.191977][ T6486] ldm_validate_partition_table(): Disk read failed.
[  151.191998][ T6486] Buffer I/O error on dev loop4, logical block 0, async page read
[  151.192022][ T6486] Buffer I/O error on dev loop4, logical block 0, async page read
[  151.192045][ T6486] Buffer I/O error on dev loop4, logical block 0, async page read
[  151.192070][ T6486] Buffer I/O error on dev loop4, logical block 0, async page read
[  151.192083][ T6486] Dev loop4: unable to read RDB block 0
[  151.192104][ T6486] Buffer I/O error on dev loop4, logical block 0, async page read
[  151.192147][ T6486]  loop4: unable to read partition table
[  151.192295][ T6486] loop4: partition table beyond EOD, truncated
[  151.192314][ T6486] loop_reread_partitions: partition scan of loop4 (úùƒå¡™‰ü�¾SêjºÐ	œëÜ%õ«`ÉæÖ€ù…ˆŠ5) failed (rc=-5)
[  156.369002][  T932] usb 1-1: new high-speed USB device number 8 using dummy_hcd
[  156.518896][  T932] usb 1-1: Using ep0 maxpacket: 16
[  156.552684][  T932] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  156.552709][  T932] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 3
[  156.589243][  T932] usb 1-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  156.589271][  T932] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  156.589290][  T932] usb 1-1: Product: syz
[  156.589304][  T932] usb 1-1: Manufacturer: syz
[  156.589318][  T932] usb 1-1: SerialNumber: syz
[  158.151319][  T932] usb 1-1: 0:2 : does not exist
[  158.169795][  T932] usb 1-1: 5:0: failed to get current value for ch 0 (-22)
[  158.298577][  T932] usb 1-1: USB disconnect, device number 8
[  158.343603][ T5802] Bluetooth: hci0: SCO packet for unknown connection handle 1
[  158.442575][ T5939] udevd[5939]: error opening ATTR{/sys/devices/platform/dummy_hcd.0/usb1/1-1/1-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  160.708942][ T5875] usb 3-1: new high-speed USB device number 6 using dummy_hcd
[  160.861098][ T5875] usb 3-1: New USB device found, idVendor=0813, idProduct=0001, bcdDevice=3a.08
[  160.861129][ T5875] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  160.866270][ T5875] usb 3-1: config 0 descriptor??
[  160.887852][ T5875] gspca_main: cpia1-2.14.0 probing 0813:0001
[  160.971080][ T6549] ip6erspan0: entered allmulticast mode
[  160.987162][ T6553] netlink: 'syz.0.193': attribute type 3 has an invalid length.
[  160.995578][ T6552] Driver unsupported XDP return value 0 on prog  (id 16) dev N/A, expect packet loss!
[  161.273041][ T5875] cpia1 3-1:0.0: unexpected state after lo power cmd: 00
[  161.288580][ T6560] netlink: 16 bytes leftover after parsing attributes in process `syz.4.196'.
[  161.292159][ T6560] netlink: 56 bytes leftover after parsing attributes in process `syz.4.196'.
[  162.241265][ T6574] capability: warning: `syz.4.199' uses deprecated v2 capabilities in a way that may be insecure
[  162.339255][ T5875] gspca_cpia1: usb_control_msg 01, error -110
[  162.339275][ T5875] cpia1 3-1:0.0: only firmware version 1 is supported (got: 0)
[  162.717605][ T6583] capability: warning: `syz.1.203' uses 32-bit capabilities (legacy support in use)
[  162.854193][ T5936] usb 3-1: USB disconnect, device number 6
[  163.028930][ T5875] usb 1-1: new full-speed USB device number 9 using dummy_hcd
[  163.138945][ T5134] usb 4-1: new high-speed USB device number 5 using dummy_hcd
[  163.183121][ T5875] usb 1-1: New USB device found, idVendor=0458, idProduct=501b, bcdDevice= 0.00
[  163.183150][ T5875] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  163.220710][ T5875] usb 1-1: config 0 descriptor??
[  163.290477][ T5134] usb 4-1: config 1 has too many interfaces: 66, using maximum allowed: 32
[  163.290502][ T5134] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  163.290545][ T5134] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 66
[  163.290574][ T5134] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  163.291937][ T5134] usb 4-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[  163.291952][ T5134] usb 4-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[  163.291962][ T5134] usb 4-1: Product: syz
[  163.291969][ T5134] usb 4-1: Manufacturer: syz
[  163.393213][ T5134] cdc_wdm 4-1:1.0: skipping garbage
[  163.393230][ T5134] cdc_wdm 4-1:1.0: skipping garbage
[  163.507876][ T5134] cdc_wdm 4-1:1.0: cdc-wdm0: USB WDM device
[  163.507891][ T5134] cdc_wdm 4-1:1.0: Unknown control protocol
[  163.670273][ T5875] usbhid 1-1:0.0: can't add hid device: -71
[  163.670338][ T5875] usbhid 1-1:0.0: probe with driver usbhid failed with error -71
[  163.706234][ T5875] usb 1-1: USB disconnect, device number 9
[  163.778180][ T6589] netlink: 65039 bytes leftover after parsing attributes in process `syz.3.206'.
[  163.880364][ T6599] binder: 6580:6599 ioctl c0306201 200000000680 returned -14
[  164.125688][ T6601] netlink: 8 bytes leftover after parsing attributes in process `syz.3.206'.
[  164.450021][ T6603] overlay: Unknown parameter '/'
[  164.807318][  T932] usb 4-1: USB disconnect, device number 5
[  166.958901][ T5876] usb 5-1: new high-speed USB device number 4 using dummy_hcd
[  167.118917][ T5876] usb 5-1: Using ep0 maxpacket: 32
[  167.121514][ T5876] usb 5-1: unable to get BOS descriptor or descriptor too short
[  167.122768][ T5876] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  167.122789][ T5876] usb 5-1: config 1 has 2 interfaces, different from the descriptor's value: 3
[  167.122809][ T5876] usb 5-1: config 1 has no interface number 1
[  167.122850][ T5876] usb 5-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 0
[  167.189875][ T5876] usb 5-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  167.189910][ T5876] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  167.189928][ T5876] usb 5-1: Product: syz
[  167.189941][ T5876] usb 5-1: Manufacturer: syz
[  167.189954][ T5876] usb 5-1: SerialNumber: syz
[  167.463541][ T6620] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  167.464247][ T6620] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  167.553713][ T5876] usb 5-1: 0:9 : does not exist
[  167.619969][ T5876] usb 5-1: USB disconnect, device number 4
[  167.687012][ T5939] udevd[5939]: error opening ATTR{/sys/devices/platform/dummy_hcd.4/usb5/5-1/5-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  167.985968][ T6644] loop8: detected capacity change from 0 to 7
[  168.008423][ T6644] Dev loop8: unable to read RDB block 7
[  168.008466][ T6644]  loop8: unable to read partition table
[  168.008658][ T6644] loop8: partition table beyond EOD, truncated
[  168.008687][ T6644] loop_reread_partitions: partition scan of loop8 (þ被xü^>Ñà– ) failed (rc=-5)
[  168.295921][ T6654] sctp: [Deprecated]: syz.3.215 (pid 6654) Use of int in maxseg socket option.
[  168.295921][ T6654] Use struct sctp_assoc_value instead
[  168.304963][ T6654] netlink: 12 bytes leftover after parsing attributes in process `syz.3.215'.
[  168.677120][   T37] audit: type=1326 audit(1771103028.304:12): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6660 comm="syz.1.228" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe5591bbf79 code=0x7ffc0000
[  168.677164][   T37] audit: type=1326 audit(1771103028.304:13): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6660 comm="syz.1.228" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe5591bbf79 code=0x7ffc0000
[  168.677206][   T37] audit: type=1326 audit(1771103028.304:14): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6660 comm="syz.1.228" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe5591bbf79 code=0x7ffc0000
[  168.688466][   T37] audit: type=1326 audit(1771103028.314:15): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6660 comm="syz.1.228" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe5591bbf79 code=0x7ffc0000
[  168.688505][   T37] audit: type=1326 audit(1771103028.314:16): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6660 comm="syz.1.228" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe5591bbf79 code=0x7ffc0000
[  168.700131][   T37] audit: type=1326 audit(1771103028.324:17): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6660 comm="syz.1.228" exe="/root/syz-executor" sig=0 arch=c000003e syscall=25 compat=0 ip=0x7fe5591bbf79 code=0x7ffc0000
[  168.701955][   T37] audit: type=1326 audit(1771103028.334:18): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6660 comm="syz.1.228" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe5591bbf79 code=0x7ffc0000
[  168.701993][   T37] audit: type=1326 audit(1771103028.334:19): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6660 comm="syz.1.228" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe5591bbf79 code=0x7ffc0000
[  168.702027][   T37] audit: type=1326 audit(1771103028.334:20): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6660 comm="syz.1.228" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe5591bbf79 code=0x7ffc0000
[  168.702061][   T37] audit: type=1326 audit(1771103028.334:21): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6660 comm="syz.1.228" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7fe5591bbf79 code=0x7ffc0000
[  169.896940][ T6677] trusted_key: syz.3.237 sent an empty control message without MSG_MORE.
[  170.208951][ T5875] usb 2-1: new high-speed USB device number 7 using dummy_hcd
[  170.219831][ T5979] usb 3-1: new high-speed USB device number 7 using dummy_hcd
[  170.363401][ T5875] usb 2-1: Using ep0 maxpacket: 16
[  170.365164][ T5875] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  170.365187][ T5875] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 3
[  170.367777][ T5875] usb 2-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  170.367803][ T5875] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  170.367821][ T5875] usb 2-1: Product: syz
[  170.367835][ T5875] usb 2-1: Manufacturer: syz
[  170.367846][ T5875] usb 2-1: SerialNumber: syz
[  170.411255][ T5979] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  170.414669][ T5979] usb 3-1: New USB device found, idVendor=0a46, idProduct=9621, bcdDevice=4f.32
[  170.414694][ T5979] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  170.414744][ T5979] usb 3-1: Product: syz
[  170.414806][ T5979] usb 3-1: Manufacturer: syz
[  170.414820][ T5979] usb 3-1: SerialNumber: syz
[  170.445009][ T5979] usb 3-1: config 0 descriptor??
[  170.964353][ T6699] netlink: 60 bytes leftover after parsing attributes in process `syz.4.243'.
[  171.859098][ T5875] usb 2-1: 0:2 : does not exist
[  171.944482][ T5979] dm9601 3-1:0.0: probe with driver dm9601 failed with error -22
[  171.959095][ T5875] usb 2-1: 5:0: failed to get current value for ch 0 (-22)
[  172.330536][ T6706] netlink: 16 bytes leftover after parsing attributes in process `syz.4.245'.
[  172.380631][ T5875] usb 2-1: USB disconnect, device number 7
[  172.537594][ T5939] udevd[5939]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  172.564111][ T6712] FAULT_INJECTION: forcing a failure.
[  172.564111][ T6712] name failslab, interval 1, probability 0, space 0, times 1
[  172.564172][ T6712] CPU: 0 UID: 0 PID: 6712 Comm: syz.4.247 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[  172.564193][ T6712] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[  172.564208][ T6712] Call Trace:
[  172.564218][ T6712]  <TASK>
[  172.564225][ T6712]  dump_stack_lvl+0xe8/0x150
[  172.564252][ T6712]  should_fail_ex+0x46b/0x600
[  172.564268][ T6712]  should_failslab+0xa8/0x100
[  172.564281][ T6712]  kmem_cache_alloc_node_noprof+0x8f/0x6e0
[  172.564292][ T6712]  ? dup_task_struct+0x57/0x9a0
[  172.564304][ T6712]  ? __pfx_rt_mutex_slowunlock+0x10/0x10
[  172.564317][ T6712]  dup_task_struct+0x57/0x9a0
[  172.564331][ T6712]  ? rt_spin_unlock+0x160/0x200
[  172.564341][ T6712]  copy_process+0x508/0x3d00
[  172.564360][ T6712]  ? __might_fault+0xaf/0x130
[  172.564376][ T6712]  ? __pfx_copy_process+0x10/0x10
[  172.564390][ T6712]  ? _copy_from_user+0x94/0xb0
[  172.564408][ T6712]  kernel_clone+0x249/0x7f0
[  172.564422][ T6712]  ? __pfx_kernel_clone+0x10/0x10
[  172.564444][ T6712]  __se_sys_clone3+0x33c/0x360
[  172.564459][ T6712]  ? __pfx___se_sys_clone3+0x10/0x10
[  172.564487][ T6712]  ? __pfx_ksys_write+0x10/0x10
[  172.564504][ T6712]  do_syscall_64+0x14d/0xf80
[  172.564517][ T6712]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  172.564527][ T6712]  ? clear_bhb_loop+0x40/0x90
[  172.564539][ T6712]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  172.564548][ T6712] RIP: 0033:0x7f9e94c2bf79
[  172.564560][ T6712] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  172.564568][ T6712] RSP: 002b:00007f9e92e5cef8 EFLAGS: 00000246 ORIG_RAX: 00000000000001b3
[  172.564579][ T6712] RAX: ffffffffffffffda RBX: 0000000000000058 RCX: 00007f9e94c2bf79
[  172.564586][ T6712] RDX: 00007f9e92e5cf10 RSI: 0000000000000058 RDI: 00007f9e92e5cf10
[  172.564592][ T6712] RBP: 00007f9e92e5d090 R08: 0000000000000000 R09: 0000000000000058
[  172.564598][ T6712] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  172.564604][ T6712] R13: 00007f9e94ea6128 R14: 00007f9e94ea6090 R15: 00007ffcbdec1c28
[  172.564619][ T6712]  </TASK>
[  173.059862][   T31] usb 3-1: USB disconnect, device number 7
[  173.136949][ T6726] syz.0.252 (6726) used greatest stack depth: 17336 bytes left
[  173.748941][ T5876] usb 2-1: new high-speed USB device number 8 using dummy_hcd
[  173.908909][ T5876] usb 2-1: Using ep0 maxpacket: 16
[  173.911270][ T5876] usb 2-1: config 237 has an invalid interface number: 221 but max is 0
[  173.911285][ T5876] usb 2-1: config 237 has no interface number 0
[  173.911312][ T5876] usb 2-1: config 237 interface 221 has no altsetting 0
[  173.913255][ T5876] usb 2-1: New USB device found, idVendor=1b80, idProduct=d700, bcdDevice=d3.c3
[  173.913270][ T5876] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  173.913280][ T5876] usb 2-1: Product: syz
[  173.913287][ T5876] usb 2-1: Manufacturer: syz
[  173.913294][ T5876] usb 2-1: SerialNumber: syz
[  173.938021][ T6737] 9p: Bad value for 'rfdno'
[  174.038949][   T31] usb 4-1: new full-speed USB device number 6 using dummy_hcd
[  174.179013][   T31] usb 4-1: device descriptor read/64, error -71
[  174.428903][   T31] usb 4-1: new full-speed USB device number 7 using dummy_hcd
[  174.579882][   T31] usb 4-1: device descriptor read/64, error -71
[  174.689334][   T31] usb usb4-port1: attempt power cycle
[  174.855584][ T5876] radio-si470x 2-1:237.221: could not find interrupt in endpoint
[  174.855672][ T5876] radio-si470x 2-1:237.221: probe with driver radio-si470x failed with error -5
[  174.865799][ T5876] usbhid 2-1:237.221: couldn't find an input interrupt endpoint
[  174.890158][ T5876] usb 2-1: USB disconnect, device number 8
[  174.908889][ T5875] usb 1-1: new high-speed USB device number 10 using dummy_hcd
[  175.069630][ T5875] usb 1-1: Using ep0 maxpacket: 16
[  175.177989][ T6757] Invalid source name
[  175.178139][ T6757] UBIFS error (pid: 6757): cannot open "ubifs", error -22
[  175.486070][ T5875] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  175.486103][ T5875] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  175.486124][ T5875] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9
[  175.486163][ T5875] usb 1-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00
[  175.486183][ T5875] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  175.567695][ T5875] usb 1-1: config 0 descriptor??
[  175.578818][   T31] usb 4-1: new full-speed USB device number 8 using dummy_hcd
[  175.599515][   T31] usb 4-1: device descriptor read/8, error -71
[  175.800447][   T37] kauditd_printk_skb: 32 callbacks suppressed
[  175.800464][   T37] audit: type=1326 audit(1771103035.434:54): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6749 comm="syz.0.259" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f2fe222bf79 code=0x0
[  175.858873][   T31] usb 4-1: new full-speed USB device number 9 using dummy_hcd
[  177.211274][ T6734] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  177.212045][ T6734] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  177.245089][   T31] usb 4-1: device descriptor read/8, error -71
[  177.349870][   T31] usb usb4-port1: unable to enumerate USB device
[  177.555413][ T6765] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  177.577698][ T6765] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  177.803494][ T6777] ceph: Unknown parameter 'usrquota'
[  178.369450][ T6788] kernel profiling enabled (shift: 9)
[  178.375868][ T6788] netlink: 28 bytes leftover after parsing attributes in process `syz.3.272'.
[  178.575329][ T6791] loop8: detected capacity change from 0 to 7
[  178.589572][ T6791] Dev loop8: unable to read RDB block 7
[  178.589925][ T6791]  loop8: unable to read partition table
[  178.590064][ T6791] loop8: partition table beyond EOD, truncated
[  178.590086][ T6791] loop_reread_partitions: partition scan of loop8 (þ被xü^>Ñà– ) failed (rc=-5)
[  178.667338][ T6793] overlayfs: cannot append lower layer
[  178.805254][ T6798] Can not set IPV6_FL_F_REFLECT if flowlabel_consistency sysctl is enable
[  178.836036][ T5875] usbhid 1-1:0.0: can't add hid device: -71
[  178.836148][ T5875] usbhid 1-1:0.0: probe with driver usbhid failed with error -71
[  180.241864][ T6799] Can't find ip_set type bitmap:ip
[  180.288966][ T5875] usb 1-1: USB disconnect, device number 10
[  180.598189][ T6813] QAT: Device 9 not found
[  182.152765][ T6829] Invalid source name
[  182.152781][ T6829] UBIFS error (pid: 6829): cannot open "ubifs", error -22
[  182.562168][ T6831] loop9: detected capacity change from 0 to 7
[  182.566626][ T6831] Dev loop9: unable to read RDB block 7
[  182.566674][ T6831]  loop9: unable to read partition table
[  182.603122][ T6831] loop9: partition table beyond EOD, truncated
[  182.603145][ T6831] loop_reread_partitions: partition scan of loop9 (3Ÿ¾x³˜CÖ

) failed (rc=-5)
[  183.053833][ T6846] netlink: 12 bytes leftover after parsing attributes in process `syz.0.286'.
[  185.119081][ T6850] sch_tbf: peakrate 122 is lower than or equals to rate 122 !
[  185.463475][ T6866] loop8: detected capacity change from 0 to 7
[  185.468563][ T6866] Dev loop8: unable to read RDB block 7
[  185.468603][ T6866]  loop8: unable to read partition table
[  185.468793][ T6866] loop8: partition table beyond EOD, truncated
[  185.468810][ T6866] loop_reread_partitions: partition scan of loop8 (þ被xü^>Ñà– ) failed (rc=-5)
[  186.688164][   T31] usb 5-1: new high-speed USB device number 5 using dummy_hcd
[  187.973350][   T37] audit: type=1326 audit(1771103046.615:55): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6867 comm="syz.1.295" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fe5591bbf79 code=0x77ff0000
[  188.347833][   T31] usb 5-1: device descriptor read/all, error -71
[  189.921394][ T6887] team_slave_0: entered promiscuous mode
[  189.921474][ T6887] team_slave_1: entered promiscuous mode
[  189.924363][ T6887] 8021q: adding VLAN 0 to HW filter on device macvlan2
[  189.937550][ T6887] 8021q: adding VLAN 0 to HW filter on device macvlan3
[  189.965651][ T6887] overlay: ./file0 is not a directory
[  190.017680][ T6890] program syz.0.299 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  190.258543][ T5858] usb 1-1: new full-speed USB device number 11 using dummy_hcd
[  190.413931][ T5858] usb 1-1: not running at top speed; connect to a high speed hub
[  190.415238][ T5858] usb 1-1: config 1 has an invalid interface number: 78 but max is 0
[  190.415263][ T5858] usb 1-1: config 1 has no interface number 0
[  190.415308][ T5858] usb 1-1: config 1 interface 78 has no altsetting 0
[  190.453167][ T5858] usb 1-1: New USB device found, idVendor=11ba, idProduct=1001, bcdDevice=ec.57
[  190.453184][ T5858] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  190.453194][ T5858] usb 1-1: Product: syz
[  190.453202][ T5858] usb 1-1: Manufacturer: syz
[  190.453209][ T5858] usb 1-1: SerialNumber: syz
[  190.457998][   T31] usb 4-1: new high-speed USB device number 10 using dummy_hcd
[  190.607992][   T31] usb 4-1: device descriptor read/64, error -71
[  190.683982][ T6882] 9p: Bad value for 'rfdno'
[  190.721209][ T5858] pvrusb2: Hardware description: OnAir USB2 Hybrid USB tuner
[  190.721712][ T5858] usb 1-1: selecting invalid altsetting 0
[  190.727672][ T2365] pvrusb2: control-write URB failure, status=-71
[  190.727686][ T2365] pvrusb2: Device being rendered inoperable
[  190.756411][ T2365] pvrusb2: ***WARNING*** pvrusb2 device hardware appears to be jammed and I can't clear it.
[  190.756423][ T2365] pvrusb2: You might need to power cycle the pvrusb2 device in order to recover.
[  190.761315][ T5858] usb 1-1: USB disconnect, device number 11
[  190.857990][   T31] usb 4-1: new high-speed USB device number 11 using dummy_hcd
[  190.987952][   T31] usb 4-1: device descriptor read/64, error -71
[  192.482001][   T31] usb usb4-port1: attempt power cycle
[  192.600455][ T6903] ptrace attach of "./syz-executor exec"[6909] was attempted by "./syz-executor exec"[6903]
[  192.827929][   T31] usb 4-1: new high-speed USB device number 12 using dummy_hcd
[  192.854534][   T31] usb 4-1: device descriptor read/8, error -71
[  194.392574][ T1319] ieee802154 phy0 wpan0: encryption failed: -22
[  194.392641][ T1319] ieee802154 phy1 wpan1: encryption failed: -22
[  197.440412][ T5134] usb 4-1: new high-speed USB device number 14 using dummy_hcd
[  197.594430][   T31] usb 1-1: new full-speed USB device number 12 using dummy_hcd
[  197.603349][ T6946] Invalid source name
[  197.603363][ T6946] UBIFS error (pid: 6946): cannot open "ubifs", error -22
[  197.877297][ T5134] usb 4-1: Using ep0 maxpacket: 8
[  197.957941][ T5134] usb 4-1: New USB device found, idVendor=047d, idProduct=5003, bcdDevice=2f.8c
[  197.957970][ T5134] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  197.957997][ T5134] usb 4-1: Product: syz
[  197.958011][ T5134] usb 4-1: Manufacturer: syz
[  197.958025][ T5134] usb 4-1: SerialNumber: syz
[  198.016290][   T31] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  198.032800][   T31] usb 1-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b
[  198.032828][   T31] usb 1-1: New USB device strings: Mfr=1, Product=228, SerialNumber=2
[  198.032847][   T31] usb 1-1: Product: syz
[  198.032861][   T31] usb 1-1: Manufacturer: syz
[  198.032875][   T31] usb 1-1: SerialNumber: syz
[  198.084678][ T5134] usb 4-1: config 0 descriptor??
[  198.098966][   T31] usb 1-1: config 0 descriptor??
[  198.125632][ T5134] gspca_main: se401-2.14.0 probing 047d:5003
[  198.589356][   T31] snd-usb-audio 1-1:0.0: probe with driver snd-usb-audio failed with error -22
[  199.590501][ T5134] input: se401 as /devices/platform/dummy_hcd.3/usb4/4-1/input/input5
[  199.663284][ T5859] udevd[5859]: error opening ATTR{/sys/devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  199.705143][ T5134] usb 4-1: USB disconnect, device number 14
[  200.262952][ T6962] sg_read: process 193 (syz.1.321) changed security contexts after opening file descriptor, this is not allowed.
[  200.275959][ T3834] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  200.920859][ T5876] usb 1-1: USB disconnect, device number 12
[  203.440473][ T5120] Bluetooth: hci1: command 0x0406 tx timeout
[  203.440501][ T5805] Bluetooth: hci2: command 0x0406 tx timeout
[  203.440510][ T5120] Bluetooth: hci3: command 0x0406 tx timeout
[  203.440524][ T5805] Bluetooth: hci4: command 0x0406 tx timeout
[  203.715546][ T6984] FAULT_INJECTION: forcing a failure.
[  203.715546][ T6984] name fail_usercopy, interval 1, probability 0, space 0, times 1
[  203.715578][ T6984] CPU: 0 UID: 0 PID: 6984 Comm: syz.3.328 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[  203.715598][ T6984] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[  203.715609][ T6984] Call Trace:
[  203.715615][ T6984]  <TASK>
[  203.715624][ T6984]  dump_stack_lvl+0xe8/0x150
[  203.715653][ T6984]  should_fail_ex+0x46b/0x600
[  203.715679][ T6984]  _copy_from_user+0x2d/0xb0
[  203.715702][ T6984]  do_sock_getsockopt+0x165/0x3f0
[  203.715723][ T6984]  ? __pfx_do_sock_getsockopt+0x10/0x10
[  203.715742][ T6984]  ? __fget_files+0x3a6/0x420
[  203.715763][ T6984]  ? __fget_files+0x2a/0x420
[  203.715791][ T6984]  __x64_sys_getsockopt+0x1aa/0x250
[  203.715817][ T6984]  do_syscall_64+0x14d/0xf80
[  203.715838][ T6984]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  203.715854][ T6984]  ? trace_irq_disable+0x37/0x100
[  203.715870][ T6984]  ? clear_bhb_loop+0x40/0x90
[  203.715890][ T6984]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  203.715907][ T6984] RIP: 0033:0x7f44337ebf79
[  203.715923][ T6984] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  203.715938][ T6984] RSP: 002b:00007f4431a3e028 EFLAGS: 00000246 ORIG_RAX: 0000000000000037
[  203.715956][ T6984] RAX: ffffffffffffffda RBX: 00007f4433a65fa0 RCX: 00007f44337ebf79
[  203.715969][ T6984] RDX: 0000000000000003 RSI: 0000000000000012 RDI: 0000000000000004
[  203.715980][ T6984] RBP: 00007f4431a3e090 R08: 0000000000000000 R09: 0000000000000000
[  203.715991][ T6984] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  203.716002][ T6984] R13: 00007f4433a66038 R14: 00007f4433a65fa0 R15: 00007ffcc97d81f8
[  203.716031][ T6984]  </TASK>
[  203.840255][ T5807] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  203.848980][ T5807] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  203.850011][ T5807] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  203.850993][ T5807] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  203.852197][ T5807] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  203.979551][ T3834] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  204.217251][ T5875] usb 4-1: new high-speed USB device number 15 using dummy_hcd
[  204.357255][ T5875] usb 4-1: device descriptor read/64, error -71
[  204.637251][ T5875] usb 4-1: new high-speed USB device number 16 using dummy_hcd
[  204.640758][ T3834] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  204.767208][ T5875] usb 4-1: device descriptor read/64, error -71
[  204.880768][ T5875] usb usb4-port1: attempt power cycle
[  205.041927][ T6996] netlink: 'syz.1.330': attribute type 1 has an invalid length.
[  205.151316][ T3834] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  205.227175][ T5875] usb 4-1: new high-speed USB device number 17 using dummy_hcd
[  205.248095][ T5875] usb 4-1: device descriptor read/8, error -71
[  205.410271][ T7001] 9p: Bad value for 'wfdno'
[  205.472153][ T7003] 9p: Bad value for 'rfdno'
[  205.487232][ T5875] usb 4-1: new high-speed USB device number 18 using dummy_hcd
[  205.518231][ T5875] usb 4-1: device descriptor read/8, error -71
[  205.637610][ T5875] usb usb4-port1: unable to enumerate USB device
[  206.177154][ T5808] Bluetooth: hci0: command tx timeout
[  206.340682][ T6996] 8021q: adding VLAN 0 to HW filter on device bond1
[  206.385464][ T6999] bond1: (slave dummy0): making interface the new active one
[  206.394264][ T6999] bond1: (slave dummy0): Enslaving as an active interface with an up link
[  206.814214][ T6985] chnl_net:caif_netlink_parms(): no params data found
[  208.437096][ T5808] Bluetooth: hci0: command tx timeout
[  210.496989][ T5808] Bluetooth: hci0: command tx timeout
[  210.690581][ T7028] bond0: option miimon: invalid value (18446744072110987604)
[  210.690609][ T7028] bond0: option miimon: allowed values 0 - 2147483647
[  210.986961][ T5875] usb 1-1: new high-speed USB device number 13 using dummy_hcd
[  211.037130][ T6985] bridge0: port 1(bridge_slave_0) entered blocking state
[  211.045215][ T6985] bridge0: port 1(bridge_slave_0) entered disabled state
[  211.045391][ T6985] bridge_slave_0: entered allmulticast mode
[  211.063404][ T6985] bridge_slave_0: entered promiscuous mode
[  211.078557][ T3834] bridge_slave_1: left allmulticast mode
[  211.078671][ T3834] bridge_slave_1: left promiscuous mode
[  211.087324][ T3834] bridge0: port 2(bridge_slave_1) entered disabled state
[  211.126860][ T5979] usb 2-1: new high-speed USB device number 9 using dummy_hcd
[  211.155839][ T5875] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  211.155869][ T5875] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  211.155891][ T5875] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  211.155931][ T5875] usb 1-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  211.155953][ T5875] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  211.217978][ T5875] usb 1-1: config 0 descriptor??
[  211.286850][ T5979] usb 2-1: Using ep0 maxpacket: 16
[  211.288443][ T3834] bridge_slave_0: left allmulticast mode
[  211.288468][ T3834] bridge_slave_0: left promiscuous mode
[  211.288676][ T3834] bridge0: port 1(bridge_slave_0) entered disabled state
[  211.314608][ T5979] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  211.314630][ T5979] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 3
[  211.342484][ T5979] usb 2-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  211.342511][ T5979] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  211.342591][ T5979] usb 2-1: Product: syz
[  211.342605][ T5979] usb 2-1: Manufacturer: syz
[  211.342618][ T5979] usb 2-1: SerialNumber: syz
[  211.697101][ T5979] usb 2-1: 0:2 : does not exist
[  211.706375][ T5875] plantronics 0003:047F:FFFF.0005: unknown main item tag 0x0
[  211.706408][ T5875] plantronics 0003:047F:FFFF.0005: report_id 2249811455 is invalid
[  211.706425][ T5875] plantronics 0003:047F:FFFF.0005: item 0 4 1 8 parsing failed
[  211.736237][ T5875] plantronics 0003:047F:FFFF.0005: parse failed
[  211.736320][ T5875] plantronics 0003:047F:FFFF.0005: probe with driver plantronics failed with error -22
[  211.857125][ T7032] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  211.859379][ T7032] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  211.887486][ T5979] usb 2-1: USB disconnect, device number 9
[  211.993952][ T5939] udevd[5939]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  212.086797][ T5858] usb 5-1: new high-speed USB device number 7 using dummy_hcd
[  212.258253][ T5858] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  212.258284][ T5858] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  212.258318][ T5858] usb 5-1: New USB device found, idVendor=1b1c, idProduct=1d00, bcdDevice= 0.00
[  212.258338][ T5858] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  212.280817][ T5858] usb 5-1: config 0 descriptor??
[  213.686996][ T5808] Bluetooth: hci0: command tx timeout
[  213.946764][ T5858] corsair-cpro 0003:1B1C:1D00.0006: unknown main item tag 0x0
[  213.946800][ T5858] corsair-cpro 0003:1B1C:1D00.0006: unknown main item tag 0x0
[  213.946826][ T5858] corsair-cpro 0003:1B1C:1D00.0006: unknown main item tag 0x0
[  213.946853][ T5858] corsair-cpro 0003:1B1C:1D00.0006: unknown main item tag 0x0
[  213.946879][ T5858] corsair-cpro 0003:1B1C:1D00.0006: unknown main item tag 0x0
[  213.972234][ T5858] corsair-cpro 0003:1B1C:1D00.0006: hidraw0: USB HID v0.00 Device [HID 1b1c:1d00] on usb-dummy_hcd.4-1/input0
[  214.032366][ T5858] corsair-cpro 0003:1B1C:1D00.0006: probe with driver corsair-cpro failed with error -38
[  214.203528][ T5858] usb 5-1: USB disconnect, device number 7
[  214.557075][ T5979] usb 2-1: new high-speed USB device number 10 using dummy_hcd
[  214.707235][ T5979] usb 2-1: Using ep0 maxpacket: 32
[  214.709116][ T5979] usb 2-1: config 0 has an invalid interface number: 35 but max is 0
[  214.709139][ T5979] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  214.709157][ T5979] usb 2-1: config 0 has no interface number 0
[  214.709268][ T5979] usb 2-1: config 0 interface 35 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[  214.712792][ T5979] usb 2-1: New USB device found, idVendor=10c4, idProduct=818a, bcdDevice=7d.ad
[  214.712817][ T5979] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  214.712828][ T5979] usb 2-1: Product: syz
[  214.712835][ T5979] usb 2-1: Manufacturer: syz
[  214.712843][ T5979] usb 2-1: SerialNumber: syz
[  214.715950][ T5979] usb 2-1: config 0 descriptor??
[  214.773389][ T5979] radio-si470x 2-1:0.35: could not find interrupt in endpoint
[  214.773467][ T5979] radio-si470x 2-1:0.35: probe with driver radio-si470x failed with error -5
[  214.827365][ T3834] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  214.908459][ T3834] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  214.945015][ T3834] bond0 (unregistering): Released all slaves
[  214.990186][ T5979] radio-raremono 2-1:0.35: Thanko's Raremono connected: (10C4:818A)
[  215.007628][ T6985] bridge0: port 2(bridge_slave_1) entered blocking state
[  215.007743][ T6985] bridge0: port 2(bridge_slave_1) entered disabled state
[  215.007949][ T6985] bridge_slave_1: entered allmulticast mode
[  215.013569][ T6985] bridge_slave_1: entered promiscuous mode
[  215.077429][ T4050] bond0: (slave bond_slave_0): interface is now down
[  215.077455][ T4050] bond0: (slave bond_slave_1): interface is now down
[  215.207841][ T5979] radio-raremono 2-1:0.35: V4L2 device registered as radio48
[  215.227651][   T13] bond0: (slave bond_slave_0): interface is now down
[  215.227671][   T13] bond0: (slave bond_slave_1): interface is now down
[  215.314337][ T5979] usb 1-1: USB disconnect, device number 13
[  215.379303][   T13] bond0: (slave bond_slave_0): interface is now down
[  215.379324][   T13] bond0: (slave bond_slave_1): interface is now down
[  215.517945][   T13] bond0: (slave bond_slave_0): interface is now down
[  215.517968][   T13] bond0: (slave bond_slave_1): interface is now down
[  215.661910][ T3369] bond0: (slave bond_slave_0): interface is now down
[  215.661931][ T3369] bond0: (slave bond_slave_1): interface is now down
[  215.865641][ T1009] bond0: (slave bond_slave_0): interface is now down
[  215.865663][ T1009] bond0: (slave bond_slave_1): interface is now down
[  216.035870][ T3369] bond0: (slave bond_slave_0): interface is now down
[  216.035961][ T3369] bond0: (slave bond_slave_1): interface is now down
[  216.168111][ T4316] bond0: (slave bond_slave_0): interface is now down
[  216.168187][ T4316] bond0: (slave bond_slave_1): interface is now down
[  216.306921][ T1533] bond0: (slave bond_slave_0): interface is now down
[  216.306943][ T1533] bond0: (slave bond_slave_1): interface is now down
[  216.446575][   T12] bond0: (slave bond_slave_0): interface is now down
[  216.446597][   T12] bond0: (slave bond_slave_1): interface is now down
[  216.559632][ T6985] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  216.586545][ T4050] bond0: (slave bond_slave_0): interface is now down
[  216.586564][ T4050] bond0: (slave bond_slave_1): interface is now down
[  216.630781][ T6985] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  216.738761][ T4050] bond0: (slave bond_slave_0): interface is now down
[  216.738782][ T4050] bond0: (slave bond_slave_1): interface is now down
[  216.963760][ T4316] bond0: (slave bond_slave_0): interface is now down
[  216.963783][ T4316] bond0: (slave bond_slave_1): interface is now down
[  217.850207][ T7112] binder: 7111:7112 ioctl 40a0ae49 200000000400 returned -22
[  217.850531][ T7112] netlink: 16 bytes leftover after parsing attributes in process `syz.4.362'.
[  217.998525][ T1436] bond0: (slave bond_slave_0): interface is now down
[  217.998546][ T1436] bond0: (slave bond_slave_1): interface is now down
[  218.136829][   T68] bond0: (slave bond_slave_0): interface is now down
[  218.136850][   T68] bond0: (slave bond_slave_1): interface is now down
[  218.161181][ T7112] A link change request failed with some changes committed already. Interface netdevsim0 may have been left with an inconsistent configuration, please check.
[  218.163550][ T5858] usb 2-1: USB disconnect, device number 10
[  218.164706][ T5858] radio-raremono 2-1:0.35: Thanko's Raremono disconnected
[  218.400689][   T37] audit: type=1326 audit(1771103078.026:56): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7113 comm="syz.3.361" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f44337ebf79 code=0x0
[  219.072029][   T12] bond0: (slave bond_slave_0): interface is now down
[  219.072052][   T12] bond0: (slave bond_slave_1): interface is now down
[  219.221698][   T68] bond0: (slave bond_slave_0): interface is now down
[  219.221720][   T68] bond0: (slave bond_slave_1): interface is now down
[  221.084773][ T1470] bond0: (slave bond_slave_0): interface is now down
[  221.084794][ T1470] bond0: (slave bond_slave_1): interface is now down
[  221.252613][   T68] bond0: (slave bond_slave_0): interface is now down
[  221.252645][   T68] bond0: (slave bond_slave_1): interface is now down
[  221.396513][ T3369] bond0: (slave bond_slave_0): interface is now down
[  221.396536][ T3369] bond0: (slave bond_slave_1): interface is now down
[  221.547380][   T68] bond0: (slave bond_slave_0): interface is now down
[  221.547409][   T68] bond0: (slave bond_slave_1): interface is now down
[  221.686589][ T4316] bond0: (slave bond_slave_0): interface is now down
[  221.686619][ T4316] bond0: (slave bond_slave_1): interface is now down
[  221.828874][ T4050] bond0: (slave bond_slave_0): interface is now down
[  221.828897][ T4050] bond0: (slave bond_slave_1): interface is now down
[  221.976703][ T4316] bond0: (slave bond_slave_0): interface is now down
[  221.976773][ T4316] bond0: (slave bond_slave_1): interface is now down
[  222.131558][ T4316] bond0: (slave bond_slave_0): interface is now down
[  222.131591][ T4316] bond0: (slave bond_slave_1): interface is now down
[  222.266254][ T4050] bond0: (slave bond_slave_0): interface is now down
[  222.266275][ T4050] bond0: (slave bond_slave_1): interface is now down
[  222.288631][ T7142] FAULT_INJECTION: forcing a failure.
[  222.288631][ T7142] name failslab, interval 1, probability 0, space 0, times 0
[  222.288661][ T7142] CPU: 1 UID: 0 PID: 7142 Comm: syz.3.369 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[  222.288681][ T7142] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[  222.288691][ T7142] Call Trace:
[  222.288698][ T7142]  <TASK>
[  222.288705][ T7142]  dump_stack_lvl+0xe8/0x150
[  222.288733][ T7142]  should_fail_ex+0x46b/0x600
[  222.288759][ T7142]  should_failslab+0xa8/0x100
[  222.288780][ T7142]  kmem_cache_alloc_node_noprof+0x8f/0x6e0
[  222.288799][ T7142]  ? __alloc_skb+0x1d7/0x390
[  222.288820][ T7142]  ? lockdep_hardirqs_on+0x7a/0x110
[  222.288842][ T7142]  ? __alloc_skb+0x193/0x390
[  222.288864][ T7142]  __alloc_skb+0x1d7/0x390
[  222.288890][ T7142]  netlink_sendmsg+0x5d4/0xb40
[  222.288919][ T7142]  ? __pfx_netlink_sendmsg+0x10/0x10
[  222.288948][ T7142]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  222.288969][ T7142]  ____sys_sendmsg+0xa4e/0xac0
[  222.288986][ T7142]  ? __might_fault+0xaf/0x130
[  222.289009][ T7142]  ? __pfx_____sys_sendmsg+0x10/0x10
[  222.289033][ T7142]  ? import_iovec+0x73/0xa0
[  222.289058][ T7142]  ___sys_sendmsg+0x2a5/0x360
[  222.289074][ T7142]  ? __lock_acquire+0x6b5/0x2cf0
[  222.289099][ T7142]  ? __pfx____sys_sendmsg+0x10/0x10
[  222.289148][ T7142]  ? __fget_files+0x2a/0x420
[  222.289168][ T7142]  ? __fget_files+0x3a6/0x420
[  222.289198][ T7142]  __x64_sys_sendmsg+0x1c3/0x2a0
[  222.289223][ T7142]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  222.289249][ T7142]  ? __pfx_ksys_write+0x10/0x10
[  222.289276][ T7142]  do_syscall_64+0x14d/0xf80
[  222.289297][ T7142]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  222.289314][ T7142]  ? trace_irq_disable+0x37/0x100
[  222.289328][ T7142]  ? clear_bhb_loop+0x40/0x90
[  222.289349][ T7142]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  222.289364][ T7142] RIP: 0033:0x7f44337ebf79
[  222.289380][ T7142] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  222.289395][ T7142] RSP: 002b:00007f4431a3e028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  222.289419][ T7142] RAX: ffffffffffffffda RBX: 00007f4433a65fa0 RCX: 00007f44337ebf79
[  222.289432][ T7142] RDX: 0000000000000018 RSI: 0000200000000400 RDI: 0000000000000005
[  222.289443][ T7142] RBP: 00007f4431a3e090 R08: 0000000000000000 R09: 0000000000000000
[  222.289453][ T7142] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  222.289463][ T7142] R13: 00007f4433a66038 R14: 00007f4433a65fa0 R15: 00007ffcc97d81f8
[  222.289492][ T7142]  </TASK>
[  222.347507][ T6985] team0: Port device team_slave_0 added
[  222.407456][   T68] bond0: (slave bond_slave_0): interface is now down
[  222.407476][   T68] bond0: (slave bond_slave_1): interface is now down
[  222.549953][ T1533] bond0: (slave bond_slave_0): interface is now down
[  222.550020][ T1533] bond0: (slave bond_slave_1): interface is now down
[  222.763154][ T4248] bond0: (slave bond_slave_0): interface is now down
[  222.763225][ T4248] bond0: (slave bond_slave_1): interface is now down
[  222.896589][ T3369] bond0: (slave bond_slave_0): interface is now down
[  222.896612][ T3369] bond0: (slave bond_slave_1): interface is now down
[  223.036626][ T4050] bond0: (slave bond_slave_0): interface is now down
[  223.036694][ T4050] bond0: (slave bond_slave_1): interface is now down
[  223.176563][ T4050] bond0: (slave bond_slave_0): interface is now down
[  223.176609][ T4050] bond0: (slave bond_slave_1): interface is now down
[  223.346409][ T4316] bond0: (slave bond_slave_0): interface is now down
[  223.346433][ T4316] bond0: (slave bond_slave_1): interface is now down
[  223.486122][ T4050] bond0: (slave bond_slave_0): interface is now down
[  223.486143][ T4050] bond0: (slave bond_slave_1): interface is now down
[  225.176022][ T4248] bond0: (slave bond_slave_0): interface is now down
[  225.176045][ T4248] bond0: (slave bond_slave_1): interface is now down
[  225.293341][ T7157] syz.0.375 uses obsolete (PF_INET,SOCK_PACKET)
[  225.321851][ T4050] bond0: (slave bond_slave_0): interface is now down
[  225.321866][ T4050] bond0: (slave bond_slave_1): interface is now down
[  225.401674][ T6985] team0: Port device team_slave_1 added
[  225.454970][ T7161] FAULT_INJECTION: forcing a failure.
[  225.454970][ T7161] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  225.455006][ T7161] CPU: 1 UID: 0 PID: 7161 Comm: syz.3.377 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[  225.455049][ T7161] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[  225.455058][ T7161] Call Trace:
[  225.455065][ T7161]  <TASK>
[  225.455072][ T7161]  dump_stack_lvl+0xe8/0x150
[  225.455101][ T7161]  should_fail_ex+0x46b/0x600
[  225.455127][ T7161]  _copy_from_user+0x2d/0xb0
[  225.455150][ T7161]  sctp_getsockopt_default_send_param+0xd6/0x4f0
[  225.455175][ T7161]  ? __pfx_sctp_getsockopt_default_send_param+0x10/0x10
[  225.455198][ T7161]  ? __local_bh_enable_ip+0x1ae/0x2b0
[  225.455217][ T7161]  ? lockdep_hardirqs_on+0x7a/0x110
[  225.455243][ T7161]  sctp_getsockopt+0x50f/0xb90
[  225.455264][ T7161]  ? __pfx_sock_common_getsockopt+0x10/0x10
[  225.455288][ T7161]  do_sock_getsockopt+0x2d3/0x3f0
[  225.455312][ T7161]  ? __pfx_do_sock_getsockopt+0x10/0x10
[  225.455329][ T7161]  ? __fget_files+0x3a6/0x420
[  225.455350][ T7161]  ? __fget_files+0x2a/0x420
[  225.455378][ T7161]  __x64_sys_getsockopt+0x1aa/0x250
[  225.455403][ T7161]  do_syscall_64+0x14d/0xf80
[  225.455423][ T7161]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  225.455439][ T7161]  ? trace_irq_disable+0x37/0x100
[  225.455455][ T7161]  ? clear_bhb_loop+0x40/0x90
[  225.455475][ T7161]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  225.455491][ T7161] RIP: 0033:0x7f44337ebf79
[  225.455507][ T7161] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  225.455521][ T7161] RSP: 002b:00007f4431a3e028 EFLAGS: 00000246 ORIG_RAX: 0000000000000037
[  225.455540][ T7161] RAX: ffffffffffffffda RBX: 00007f4433a65fa0 RCX: 00007f44337ebf79
[  225.455552][ T7161] RDX: 000000000000000a RSI: 0000000000000084 RDI: 0000000000000003
[  225.455563][ T7161] RBP: 00007f4431a3e090 R08: 0000200000000500 R09: 0000000000000000
[  225.455575][ T7161] R10: 00002000000004c0 R11: 0000000000000246 R12: 0000000000000001
[  225.455586][ T7161] R13: 00007f4433a66038 R14: 00007f4433a65fa0 R15: 00007ffcc97d81f8
[  225.455616][ T7161]  </TASK>
[  225.456103][ T1436] bond0: (slave bond_slave_0): interface is now down
[  225.456120][ T1436] bond0: (slave bond_slave_1): interface is now down
[  225.596033][   T43] bond0: (slave bond_slave_0): interface is now down
[  225.596054][   T43] bond0: (slave bond_slave_1): interface is now down
[  225.643925][ T6985] batman_adv: batadv0: Adding interface: batadv_slave_0
[  225.643942][ T6985] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  225.643965][ T6985] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  225.650565][ T6985] batman_adv: batadv0: Adding interface: batadv_slave_1
[  225.650579][ T6985] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  225.650601][ T6985] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  225.740026][ T4316] bond0: (slave bond_slave_0): interface is now down
[  225.740047][ T4316] bond0: (slave bond_slave_1): interface is now down
[  225.792310][ T6985] hsr_slave_0: entered promiscuous mode
[  225.793499][ T6985] hsr_slave_1: entered promiscuous mode
[  225.796086][ T6985] debugfs: 'hsr0' already exists in 'hsr'
[  225.796187][ T6985] Cannot create hsr debugfs directory
[  227.172109][   T43] bond0: (slave bond_slave_0): interface is now down
[  227.172124][   T43] bond0: (slave bond_slave_1): interface is now down
[  228.213023][ T1436] bond0: (slave bond_slave_0): interface is now down
[  228.213045][ T1436] bond0: (slave bond_slave_1): interface is now down
[  228.345918][ T4316] bond0: (slave bond_slave_0): interface is now down
[  228.345989][ T4316] bond0: (slave bond_slave_1): interface is now down
[  228.486673][   T43] bond0: (slave bond_slave_0): interface is now down
[  228.486693][   T43] bond0: (slave bond_slave_1): interface is now down
[  228.570079][ T7170] Invalid source name
[  228.570091][ T7170] UBIFS error (pid: 7170): cannot open "ubifs", error -22
[  228.626288][   T43] bond0: (slave bond_slave_0): interface is now down
[  228.626310][   T43] bond0: (slave bond_slave_1): interface is now down
[  229.751137][ T4316] bond0: (slave bond_slave_0): interface is now down
[  229.751213][ T4316] bond0: (slave bond_slave_1): interface is now down
[  229.891174][ T3834] hsr_slave_0: left promiscuous mode
[  229.962624][ T4248] bond0: (slave bond_slave_0): interface is now down
[  229.962648][ T4248] bond0: (slave bond_slave_1): interface is now down
[  230.098981][ T4316] bond0: (slave bond_slave_0): interface is now down
[  230.099004][ T4316] bond0: (slave bond_slave_1): interface is now down
[  230.125739][ T3834] hsr_slave_1: left promiscuous mode
[  230.126798][ T3834] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  230.126866][ T3834] batman_adv: batadv0: Removing interface: batadv_slave_0
[  230.218087][ T3834] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  230.218112][ T3834] batman_adv: batadv0: Removing interface: batadv_slave_1
[  230.236449][ T4316] bond0: (slave bond_slave_0): interface is now down
[  230.236468][ T4316] bond0: (slave bond_slave_1): interface is now down
[  230.385793][ T4316] bond0: (slave bond_slave_0): interface is now down
[  230.385815][ T4316] bond0: (slave bond_slave_1): interface is now down
[  230.453729][ T3834] veth1_macvtap: left promiscuous mode
[  230.453866][ T3834] veth0_macvtap: left promiscuous mode
[  230.454018][ T3834] veth1_vlan: left promiscuous mode
[  230.454104][ T3834] veth0_vlan: left promiscuous mode
[  230.525951][ T3369] bond0: (slave bond_slave_0): interface is now down
[  230.525965][ T3369] bond0: (slave bond_slave_1): interface is now down
[  230.668704][ T4316] bond0: (slave bond_slave_0): interface is now down
[  230.668726][ T4316] bond0: (slave bond_slave_1): interface is now down
[  230.805799][ T1436] bond0: (slave bond_slave_0): interface is now down
[  230.805820][ T1436] bond0: (slave bond_slave_1): interface is now down
[  231.173181][ T4316] bond0: (slave bond_slave_0): interface is now down
[  231.173253][ T4316] bond0: (slave bond_slave_1): interface is now down
[  231.316140][   T43] bond0: (slave bond_slave_0): interface is now down
[  231.316211][   T43] bond0: (slave bond_slave_1): interface is now down
[  231.471290][ T4248] bond0: (slave bond_slave_0): interface is now down
[  231.471337][ T4248] bond0: (slave bond_slave_1): interface is now down
[  231.607653][ T1533] bond0: (slave bond_slave_0): interface is now down
[  231.607704][ T1533] bond0: (slave bond_slave_1): interface is now down
[  231.825489][ T4248] bond0: (slave bond_slave_0): interface is now down
[  231.825511][ T4248] bond0: (slave bond_slave_1): interface is now down
[  231.982876][ T4248] bond0: (slave bond_slave_0): interface is now down
[  231.982897][ T4248] bond0: (slave bond_slave_1): interface is now down
[  232.087708][ T7189] netlink: 60 bytes leftover after parsing attributes in process `syz.3.380'.
[  232.115733][ T1436] bond0: (slave bond_slave_0): interface is now down
[  232.115754][ T1436] bond0: (slave bond_slave_1): interface is now down
[  232.256555][ T1436] bond0: (slave bond_slave_0): interface is now down
[  232.256577][ T1436] bond0: (slave bond_slave_1): interface is now down
[  232.392913][ T7197] binder: 7196:7197 ioctl 40a0ae49 200000000400 returned -22
[  232.393209][ T7197] netlink: 16 bytes leftover after parsing attributes in process `syz.4.388'.
[  232.481987][   T43] bond0: (slave bond_slave_0): interface is now down
[  232.482009][   T43] bond0: (slave bond_slave_1): interface is now down
[  232.946298][ T1470] bond0: (slave bond_slave_0): interface is now down
[  232.946419][ T1470] bond0: (slave bond_slave_1): interface is now down
[  233.102297][ T4316] bond0: (slave bond_slave_0): interface is now down
[  233.102342][ T4316] bond0: (slave bond_slave_1): interface is now down
[  233.337912][ T1533] bond0: (slave bond_slave_0): interface is now down
[  233.337944][ T1533] bond0: (slave bond_slave_1): interface is now down
[  233.475584][ T1009] bond0: (slave bond_slave_0): interface is now down
[  233.475606][ T1009] bond0: (slave bond_slave_1): interface is now down
[  234.930180][ T3369] bond0: (slave bond_slave_0): interface is now down
[  234.930201][ T3369] bond0: (slave bond_slave_1): interface is now down
[  236.331648][   T43] bond0: (slave bond_slave_0): interface is now down
[  236.331672][   T43] bond0: (slave bond_slave_1): interface is now down
[  236.475442][ T4248] bond0: (slave bond_slave_0): interface is now down
[  236.475466][ T4248] bond0: (slave bond_slave_1): interface is now down
[  236.615437][ T4248] bond0: (slave bond_slave_0): interface is now down
[  236.615459][ T4248] bond0: (slave bond_slave_1): interface is now down
[  236.755455][ T1533] bond0: (slave bond_slave_0): interface is now down
[  236.755478][ T1533] bond0: (slave bond_slave_1): interface is now down
[  236.895802][ T3369] bond0: (slave bond_slave_0): interface is now down
[  236.895825][ T3369] bond0: (slave bond_slave_1): interface is now down
[  236.920560][ T5876] usb 1-1: new high-speed USB device number 14 using dummy_hcd
[  237.035493][ T1533] bond0: (slave bond_slave_0): interface is now down
[  237.035514][ T1533] bond0: (slave bond_slave_1): interface is now down
[  237.075388][ T5876] usb 1-1: Using ep0 maxpacket: 16
[  237.092472][ T5876] usb 1-1: New USB device found, idVendor=054c, idProduct=0038, bcdDevice=16.f5
[  237.092498][ T5876] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  237.092516][ T5876] usb 1-1: Product: syz
[  237.092529][ T5876] usb 1-1: Manufacturer: syz
[  237.092543][ T5876] usb 1-1: SerialNumber: syz
[  237.133272][ T5876] usb 1-1: config 0 descriptor??
[  237.148358][ T5876] visor 1-1:0.0: Sony Clie 3.5 converter detected
[  237.181127][ T4316] bond0: (slave bond_slave_0): interface is now down
[  237.181201][ T4316] bond0: (slave bond_slave_1): interface is now down
[  238.665319][ T4248] bond0: (slave bond_slave_0): interface is now down
[  238.665336][ T4248] bond0: (slave bond_slave_1): interface is now down
[  238.769433][ T7222] Invalid source name
[  238.769445][ T7222] UBIFS error (pid: 7222): cannot open "ubifs", error -22
[  238.783502][ T5876] usb 1-1: clie_3_5_startup: get interface number failed: -71
[  238.783660][ T5876] visor 1-1:0.0: probe with driver visor failed with error -71
[  238.824058][ T4316] bond0: (slave bond_slave_0): interface is now down
[  238.824077][ T4316] bond0: (slave bond_slave_1): interface is now down
[  238.846189][ T5876] usb 1-1: USB disconnect, device number 14
[  238.955313][ T1436] bond0: (slave bond_slave_0): interface is now down
[  238.955333][ T1436] bond0: (slave bond_slave_1): interface is now down
[  239.105282][ T4316] bond0: (slave bond_slave_0): interface is now down
[  239.105304][ T4316] bond0: (slave bond_slave_1): interface is now down
[  239.245374][ T1436] bond0: (slave bond_slave_0): interface is now down
[  239.245396][ T1436] bond0: (slave bond_slave_1): interface is now down
[  239.336537][ T5876] usb 1-1: new high-speed USB device number 15 using dummy_hcd
[  239.407342][ T4316] bond0: (slave bond_slave_0): interface is now down
[  239.407364][ T4316] bond0: (slave bond_slave_1): interface is now down
[  239.487166][ T5876] usb 1-1: New USB device found, idVendor=17e9, idProduct=8b4e, bcdDevice=9c.08
[  239.487197][ T5876] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  239.521396][ T5876] usb 1-1: config 0 descriptor??
[  239.546664][ T4316] bond0: (slave bond_slave_0): interface is now down
[  239.546685][ T4316] bond0: (slave bond_slave_1): interface is now down
[  239.685213][ T3369] bond0: (slave bond_slave_0): interface is now down
[  239.685237][ T3369] bond0: (slave bond_slave_1): interface is now down
[  239.726675][ T5876] udl 1-1:0.0: [drm] Unrecognized vendor firmware descriptor
[  239.832515][ T3369] bond0: (slave bond_slave_0): interface is now down
[  239.832530][ T3369] bond0: (slave bond_slave_1): interface is now down
[  239.927408][ T7224] netlink: 20 bytes leftover after parsing attributes in process `syz.0.395'.
[  239.929003][ T5876] [drm:udl_init] *ERROR* Selecting channel failed
[  239.981138][ T4316] bond0: (slave bond_slave_0): interface is now down
[  239.981158][ T4316] bond0: (slave bond_slave_1): interface is now down
[  239.983845][ T5876] [drm] Initialized udl 0.0.1 for 1-1:0.0 on minor 2
[  239.983886][ T5876] [drm] Initialized udl on minor 2
[  240.017515][ T5876] udl 1-1:0.0: [drm] *ERROR* Read EDID byte 0 failed err ffffffb9
[  240.018699][ T5876] udl 1-1:0.0: [drm] Cannot find any crtc or sizes
[  240.022700][ T5858] udl 1-1:0.0: [drm] *ERROR* Read EDID byte 0 failed err ffffffb9
[  240.035659][ T7240] program syz.3.394 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  240.078931][ T5858] udl 1-1:0.0: [drm] *ERROR* Read EDID byte 0 failed err ffffffb9
[  240.079698][ T5858] udl 1-1:0.0: [drm] Cannot find any crtc or sizes
[  240.080216][ T5876] usb 1-1: USB disconnect, device number 15
[  240.128727][ T1436] bond0: (slave bond_slave_0): interface is now down
[  240.128743][ T1436] bond0: (slave bond_slave_1): interface is now down
[  240.278722][ T3369] bond0: (slave bond_slave_0): interface is now down
[  240.278745][ T3369] bond0: (slave bond_slave_1): interface is now down
[  240.425219][ T4316] bond0: (slave bond_slave_0): interface is now down
[  240.425243][ T4316] bond0: (slave bond_slave_1): interface is now down
[  240.577234][ T4316] bond0: (slave bond_slave_0): interface is now down
[  240.577255][ T4316] bond0: (slave bond_slave_1): interface is now down
[  240.662631][ T7248] input: syz1 as /devices/virtual/input/input6
[  240.717313][ T1436] bond0: (slave bond_slave_0): interface is now down
[  240.717335][ T1436] bond0: (slave bond_slave_1): interface is now down
[  240.805776][ T3834] team0 (unregistering): Port device team_slave_1 removed
[  240.855516][ T4248] bond0: (slave bond_slave_0): interface is now down
[  240.855537][ T4248] bond0: (slave bond_slave_1): interface is now down
[  240.988316][ T3834] team0 (unregistering): Port device team_slave_0 removed
[  241.005104][ T1436] bond0: (slave bond_slave_0): interface is now down
[  241.005124][ T1436] bond0: (slave bond_slave_1): interface is now down
[  241.145743][ T1436] bond0: (slave bond_slave_0): interface is now down
[  241.145767][ T1436] bond0: (slave bond_slave_1): interface is now down
[  241.287319][ T3369] bond0: (slave bond_slave_0): interface is now down
[  241.287341][ T3369] bond0: (slave bond_slave_1): interface is now down
[  241.315299][ T5858] usb 2-1: new full-speed USB device number 11 using dummy_hcd
[  241.425167][ T4316] bond0: (slave bond_slave_0): interface is now down
[  241.425191][ T4316] bond0: (slave bond_slave_1): interface is now down
[  241.445160][ T5858] usb 2-1: device descriptor read/64, error -71
[  241.565503][ T1436] bond0: (slave bond_slave_0): interface is now down
[  241.565525][ T1436] bond0: (slave bond_slave_1): interface is now down
[  241.685249][ T5858] usb 2-1: new full-speed USB device number 12 using dummy_hcd
[  241.715151][ T4316] bond0: (slave bond_slave_0): interface is now down
[  241.715172][ T4316] bond0: (slave bond_slave_1): interface is now down
[  241.815308][ T5858] usb 2-1: device descriptor read/64, error -71
[  241.855338][ T4248] bond0: (slave bond_slave_0): interface is now down
[  241.855360][ T4248] bond0: (slave bond_slave_1): interface is now down
[  241.926253][ T5858] usb usb2-port1: attempt power cycle
[  241.996473][ T4316] bond0: (slave bond_slave_0): interface is now down
[  241.996494][ T4316] bond0: (slave bond_slave_1): interface is now down
[  242.135181][ T3369] bond0: (slave bond_slave_0): interface is now down
[  242.135205][ T3369] bond0: (slave bond_slave_1): interface is now down
[  242.265143][ T5858] usb 2-1: new full-speed USB device number 13 using dummy_hcd
[  242.275191][ T4248] bond0: (slave bond_slave_0): interface is now down
[  242.275214][ T4248] bond0: (slave bond_slave_1): interface is now down
[  242.309131][ T5858] usb 2-1: device descriptor read/8, error -71
[  242.417598][ T1436] bond0: (slave bond_slave_0): interface is now down
[  242.417622][ T1436] bond0: (slave bond_slave_1): interface is now down
[  242.545071][ T5858] usb 2-1: new full-speed USB device number 14 using dummy_hcd
[  242.562620][ T3369] bond0: (slave bond_slave_0): interface is now down
[  242.562633][ T3369] bond0: (slave bond_slave_1): interface is now down
[  242.579480][ T5858] usb 2-1: device descriptor read/8, error -71
[  242.685431][ T5858] usb usb2-port1: unable to enumerate USB device
[  242.695282][ T4248] bond0: (slave bond_slave_0): interface is now down
[  242.695300][ T4248] bond0: (slave bond_slave_1): interface is now down
[  242.835168][ T4316] bond0: (slave bond_slave_0): interface is now down
[  242.835185][ T4316] bond0: (slave bond_slave_1): interface is now down
[  242.975260][ T4316] bond0: (slave bond_slave_0): interface is now down
[  242.975282][ T4316] bond0: (slave bond_slave_1): interface is now down
[  243.285961][ T4050] bond0: (slave bond_slave_0): interface is now down
[  243.285983][ T4050] bond0: (slave bond_slave_1): interface is now down
[  244.371365][   T43] bond0: (slave bond_slave_0): interface is now down
[  244.371386][   T43] bond0: (slave bond_slave_1): interface is now down
[  244.396081][ T7266] Invalid source name
[  244.396097][ T7266] UBIFS error (pid: 7266): cannot open "ubifs", error -22
[  244.507071][ T1436] bond0: (slave bond_slave_0): interface is now down
[  244.507092][ T1436] bond0: (slave bond_slave_1): interface is now down
[  244.645300][ T4248] bond0: (slave bond_slave_0): interface is now down
[  244.645321][ T4248] bond0: (slave bond_slave_1): interface is now down
[  244.784944][ T4316] bond0: (slave bond_slave_0): interface is now down
[  244.784965][ T4316] bond0: (slave bond_slave_1): interface is now down
[  244.924970][ T3369] bond0: (slave bond_slave_0): interface is now down
[  244.924991][ T3369] bond0: (slave bond_slave_1): interface is now down
[  245.065685][ T4248] bond0: (slave bond_slave_0): interface is now down
[  245.065706][ T4248] bond0: (slave bond_slave_1): interface is now down
[  245.068753][ T4248] bond0: now running without any active interface!
[  245.217766][ T7297] binder: 7296:7297 ioctl 40a0ae49 200000000400 returned -22
[  245.217976][ T7297] netlink: 16 bytes leftover after parsing attributes in process `syz.4.412'.
[  245.505449][ T7300] bridge0: entered promiscuous mode
[  245.506273][ T7300] macvtap1: entered promiscuous mode
[  245.506460][ T7300] macvtap1: entered allmulticast mode
[  245.506473][ T7300] bridge0: entered allmulticast mode
[  245.705176][ T7309] Invalid source name
[  245.705188][ T7309] UBIFS error (pid: 7309): cannot open "ubifs", error -22
[  245.806476][ T6985] netdevsim netdevsim5 netdevsim0: renamed from eth0
[  245.935418][ T6985] netdevsim netdevsim5 netdevsim1: renamed from eth1
[  246.052946][ T6985] netdevsim netdevsim5 netdevsim2: renamed from eth2
[  246.268206][ T6985] netdevsim netdevsim5 netdevsim3: renamed from eth3
[  246.622356][ T7337] netlink: 12 bytes leftover after parsing attributes in process `syz.1.422'.
[  247.187411][   T37] audit: type=1326 audit(1771103106.728:57): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7333 comm="syz.4.424" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9e94c2bf79 code=0x7ffc0000
[  247.187629][   T37] audit: type=1326 audit(1771103106.728:58): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7333 comm="syz.4.424" exe="/root/syz-executor" sig=0 arch=c000003e syscall=435 compat=0 ip=0x7f9e94c2bf79 code=0x7ffc0000
[  247.187819][   T37] audit: type=1326 audit(1771103106.808:59): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7333 comm="syz.4.424" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9e94c2bf79 code=0x7ffc0000
[  247.187985][   T37] audit: type=1326 audit(1771103106.818:60): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7333 comm="syz.4.424" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9e94c2bf79 code=0x7ffc0000
[  247.188243][   T37] audit: type=1326 audit(1771103106.818:61): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7341 comm="syz.4.424" exe="/root/syz-executor" sig=0 arch=c000003e syscall=230 compat=0 ip=0x7f9e94bec84e code=0x7ffc0000
[  247.404884][ T5858] usb 1-1: new high-speed USB device number 16 using dummy_hcd
[  247.461251][   T37] audit: type=1326 audit(1771103106.968:62): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7341 comm="syz.4.424" exe="/root/syz-executor" sig=0 arch=c000003e syscall=60 compat=0 ip=0x7f9e94c2bf79 code=0x7ffc0000
[  247.665579][ T5858] usb 1-1: Using ep0 maxpacket: 16
[  247.669592][ T5858] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  247.669650][ T5858] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  247.669676][ T5858] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x2 has invalid wMaxPacketSize 0
[  247.669696][ T5858] usb 1-1: config 0 interface 0 altsetting 0 bulk endpoint 0x2 has invalid maxpacket 0
[  247.669719][ T5858] usb 1-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  247.671023][ T5858] usb 1-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42
[  247.671049][ T5858] usb 1-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0
[  247.671068][ T5858] usb 1-1: Manufacturer: syz
[  247.756569][ T5858] usb 1-1: config 0 descriptor??
[  248.005155][ T7331] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  248.049948][ T6985] 8021q: adding VLAN 0 to HW filter on device bond0
[  248.141968][ T7371] bridge: RTM_NEWNEIGH with unconfigured vlan 2 on bridge0
[  248.170189][ T6985] 8021q: adding VLAN 0 to HW filter on device team0
[  248.197067][   T68] bridge0: port 1(bridge_slave_0) entered blocking state
[  248.197209][   T68] bridge0: port 1(bridge_slave_0) entered forwarding state
[  248.220562][ T3834] bridge0: port 2(bridge_slave_1) entered blocking state
[  248.228185][ T3834] bridge0: port 2(bridge_slave_1) entered forwarding state
[  250.174892][ T7364] Bluetooth: hci1: Opcode 0x0c1a failed: -110
[  250.176251][ T5808] Bluetooth: hci1: command 0x0406 tx timeout
[  250.194815][ T7364] Bluetooth: hci1: Opcode 0x0406 failed: -110
[  250.878803][ T7353] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512
[  251.896214][ T7364] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[  251.896300][ T7364] Bluetooth: hci2: Opcode 0x0406 failed: -4
[  252.046344][ T7364] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[  252.046418][ T7364] Bluetooth: hci3: Opcode 0x0406 failed: -4
[  252.169355][ T7364] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[  252.169439][ T7364] Bluetooth: hci4: Opcode 0x0406 failed: -4
[  252.254710][ T5808] Bluetooth: hci1: command 0x0406 tx timeout
[  252.279039][ T7364] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[  252.279167][ T7364] Bluetooth: hci0: Opcode 0x0406 failed: -4
[  252.365443][ T7411] netlink: 8 bytes leftover after parsing attributes in process `syz.1.437'.
[  252.367841][ T7364] Bluetooth: hci0: Opcode 0x0406 failed: -4
[  252.505435][ T7415] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  252.508280][ T7415] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  252.514138][ T6985] 8021q: adding VLAN 0 to HW filter on device batadv0
[  253.388147][ T5979] usb 4-1: new high-speed USB device number 19 using dummy_hcd
[  253.545539][ T5979] usb 4-1: device descriptor read/64, error -71
[  254.964856][   T60] Bluetooth: hci3: command 0x0406 tx timeout
[  254.964868][ T5808] Bluetooth: hci2: command 0x0406 tx timeout
[  254.964986][   T60] Bluetooth: hci4: command 0x0406 tx timeout
[  254.965009][ T5808] Bluetooth: hci0: command 0x0c1a tx timeout
[  255.034662][ T7421] libceph: resolve '0' (ret=-3): failed
[  255.306914][ T7431] netlink: 8 bytes leftover after parsing attributes in process `syz.1.439'.
[  255.390218][ T7433] netlink: 8 bytes leftover after parsing attributes in process `syz.1.439'.
[  255.403485][ T5979] usb 4-1: new high-speed USB device number 20 using dummy_hcd
[  255.456118][ T7435] netlink: 36 bytes leftover after parsing attributes in process `syz.1.439'.
[  255.484509][ T5858] rc_core: IR keymap rc-hauppauge not found
[  255.484526][ T5858] Registered IR keymap rc-empty
[  255.485235][ T5858] mceusb 1-1:0.0: Error: mce write submit urb error = -90
[  255.522580][ T5858] mceusb 1-1:0.0: Error: mce write submit urb error = -90
[  255.534970][ T5979] usb 4-1: device descriptor read/64, error -71
[  255.596764][ T5858] rc rc0: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/rc/rc0
[  255.599088][ T5858] input: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/rc/rc0/input8
[  255.621863][ T1319] ieee802154 phy0 wpan0: encryption failed: -22
[  255.621925][ T1319] ieee802154 phy1 wpan1: encryption failed: -22
[  255.655655][ T5979] usb usb4-port1: attempt power cycle
[  255.692711][ T5858] mceusb 1-1:0.0: Error: mce write submit urb error = -90
[  255.701667][    C1] vcan0: j1939_tp_rxtimer: 0xffff888061a40800: rx timeout, send abort
[  255.707921][ T5858] mceusb 1-1:0.0: Error: mce write submit urb error = -90
[  255.731711][ T5858] mceusb 1-1:0.0: Error: mce write submit urb error = -90
[  255.746648][ T5858] mceusb 1-1:0.0: Error: mce write submit urb error = -90
[  255.764385][ T5858] mceusb 1-1:0.0: Error: mce write submit urb error = -90
[  255.784922][ T5858] mceusb 1-1:0.0: Error: mce write submit urb error = -90
[  255.811015][ T5858] mceusb 1-1:0.0: Error: mce write submit urb error = -90
[  255.824534][ T5858] mceusb 1-1:0.0: Error: mce write submit urb error = -90
[  255.844971][ T5858] mceusb 1-1:0.0: Error: mce write submit urb error = -90
[  255.864411][ T5858] mceusb 1-1:0.0: Error: mce write submit urb error = -90
[  255.886593][ T5858] mceusb 1-1:0.0: Registered  with mce emulator interface version 1
[  255.886613][ T5858] mceusb 1-1:0.0: 2 tx ports (0x0 cabled) and 2 rx sensors (0x0 active)
[  255.915933][ T5858] usb 1-1: USB disconnect, device number 16
[  256.164886][ T5979] usb usb4-port1: Cannot enable. Maybe the USB cable is bad?
[  256.304288][ T5979] usb 4-1: new high-speed USB device number 22 using dummy_hcd
[  256.341171][ T5979] usb 4-1: Using ep0 maxpacket: 16
[  256.344064][ T5979] usb 4-1: config 0 interface 0 altsetting 9 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  256.344095][ T5979] usb 4-1: config 0 interface 0 has no altsetting 0
[  256.344126][ T5979] usb 4-1: New USB device found, idVendor=1e71, idProduct=2009, bcdDevice= 0.00
[  256.344148][ T5979] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  256.391265][ T5979] usb 4-1: config 0 descriptor??
[  256.882452][ T6985] veth0_vlan: entered promiscuous mode
[  256.925905][ T6985] veth1_vlan: entered promiscuous mode
[  257.014118][   T60] Bluetooth: hci2: command 0x0406 tx timeout
[  257.014987][   T60] Bluetooth: hci0: command 0x0c1a tx timeout
[  257.015013][   T60] Bluetooth: hci4: command 0x0406 tx timeout
[  257.015034][   T60] Bluetooth: hci3: command 0x0406 tx timeout
[  257.774804][ T6985] veth0_macvtap: entered promiscuous mode
[  257.783912][ T5979] nzxt-smart2 0003:1E71:2009.0007: hidraw0: USB HID v0.05 Device [HID 1e71:2009] on usb-dummy_hcd.3-1/input0
[  257.854057][ T6985] veth1_macvtap: entered promiscuous mode
[  259.380081][ T5802] Bluetooth: hci0: command 0x0c1a tx timeout
[  259.569613][ T5860] usb 4-1: USB disconnect, device number 22
[  259.587685][ T6985] batman_adv: batadv0: Interface activated: batadv_slave_0
[  259.620676][ T6985] batman_adv: batadv0: Interface activated: batadv_slave_1
[  259.660342][ T4248] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  259.660533][ T4248] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  259.660705][ T4248] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  259.660738][ T4248] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  259.705702][ T7468] ªªªªªª: renamed from vlan0 (while UP)
[  259.712490][ T7464] fido_id[7464]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.3/usb4/4-1/report_descriptor': No such file or directory
[  259.807077][ T7472] netlink: 96 bytes leftover after parsing attributes in process `syz.3.448'.
[  261.494645][ T7479] netlink: 16 bytes leftover after parsing attributes in process `syz.0.449'.
[  263.067984][ T7487] libceph: resolve '0' (ret=-3): failed
[  263.163030][   T60] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1
[  263.184137][   T60] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9
[  263.188257][   T60] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9
[  263.189252][   T60] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4
[  263.190250][   T60] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2
[  264.054784][ T7501] FAULT_INJECTION: forcing a failure.
[  264.054784][ T7501] name failslab, interval 1, probability 0, space 0, times 0
[  264.054816][ T7501] CPU: 0 UID: 0 PID: 7501 Comm: syz.4.451 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[  264.054835][ T7501] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[  264.054853][ T7501] Call Trace:
[  264.054860][ T7501]  <TASK>
[  264.054868][ T7501]  dump_stack_lvl+0xe8/0x150
[  264.054894][ T7501]  should_fail_ex+0x46b/0x600
[  264.054917][ T7501]  should_failslab+0xa8/0x100
[  264.054936][ T7501]  __kmalloc_noprof+0xdf/0x7b0
[  264.054955][ T7501]  ? tomoyo_encode+0x28b/0x550
[  264.054978][ T7501]  tomoyo_encode+0x28b/0x550
[  264.055002][ T7501]  tomoyo_realpath_from_path+0x58d/0x5d0
[  264.055023][ T7501]  ? tomoyo_domain+0xd8/0x130
[  264.055047][ T7501]  ? tomoyo_path_number_perm+0x219/0x630
[  264.055070][ T7501]  tomoyo_path_number_perm+0x246/0x630
[  264.055095][ T7501]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  264.055118][ T7501]  ? __lock_acquire+0x6b5/0x2cf0
[  264.055142][ T7501]  ? do_raw_spin_lock+0x12b/0x2f0
[  264.055193][ T7501]  ? __fget_files+0x2a/0x420
[  264.055217][ T7501]  ? __fget_files+0x2a/0x420
[  264.055236][ T7501]  ? __fget_files+0x3a6/0x420
[  264.055255][ T7501]  ? __fget_files+0x2a/0x420
[  264.055280][ T7501]  security_file_ioctl+0xc3/0x2a0
[  264.055306][ T7501]  __se_sys_ioctl+0x47/0x170
[  264.055326][ T7501]  do_syscall_64+0x14d/0xf80
[  264.055347][ T7501]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  264.055363][ T7501]  ? trace_irq_disable+0x37/0x100
[  264.055378][ T7501]  ? clear_bhb_loop+0x40/0x90
[  264.055399][ T7501]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  264.055415][ T7501] RIP: 0033:0x7f9e94c2bf79
[  264.055431][ T7501] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  264.055445][ T7501] RSP: 002b:00007f9e92e7e028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  264.055477][ T7501] RAX: ffffffffffffffda RBX: 00007f9e94ea5fa0 RCX: 00007f9e94c2bf79
[  264.055490][ T7501] RDX: 0000200000000080 RSI: 000000004020aed2 RDI: 0000000000000004
[  264.055502][ T7501] RBP: 00007f9e92e7e090 R08: 0000000000000000 R09: 0000000000000000
[  264.055513][ T7501] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  264.055523][ T7501] R13: 00007f9e94ea6038 R14: 00007f9e94ea5fa0 R15: 00007ffcbdec1c28
[  264.055553][ T7501]  </TASK>
[  264.055569][ T7501] ERROR: Out of memory at tomoyo_realpath_from_path.
[  265.563610][ T7521] netlink: 24 bytes leftover after parsing attributes in process `syz.1.458'.
[  266.329845][ T5802] Bluetooth: hci5: command tx timeout
[  268.095657][ T7531] loop8: detected capacity change from 0 to 7
[  268.105419][ T7531] Dev loop8: unable to read RDB block 7
[  268.105460][ T7531]  loop8: unable to read partition table
[  268.105638][ T7531] loop8: partition table beyond EOD, truncated
[  268.105653][ T7531] loop_reread_partitions: partition scan of loop8 (þ被xü^>Ñà– ) failed (rc=-5)
[  268.334092][ T5802] Bluetooth: hci5: command tx timeout
[  269.836767][ T7492] chnl_net:caif_netlink_parms(): no params data found
[  269.913550][   T31] usb 5-1: new high-speed USB device number 8 using dummy_hcd
[  270.043552][   T31] usb 5-1: device descriptor read/64, error -71
[  270.111821][ T1533] netdevsim netdevsim5 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  270.293545][   T31] usb 5-1: new high-speed USB device number 9 using dummy_hcd
[  270.413892][ T5802] Bluetooth: hci5: command tx timeout
[  270.443541][   T31] usb 5-1: device descriptor read/64, error -71
[  270.553839][   T31] usb usb5-port1: attempt power cycle
[  270.614727][ T1533] netdevsim netdevsim5 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  270.645632][ T7558] netlink: 8 bytes leftover after parsing attributes in process `syz.1.459'.
[  270.913867][   T31] usb 5-1: new high-speed USB device number 10 using dummy_hcd
[  270.944052][   T31] usb 5-1: device descriptor read/8, error -71
[  271.041299][ T1533] netdevsim netdevsim5 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  271.836230][   T31] usb 5-1: new high-speed USB device number 11 using dummy_hcd
[  271.852695][ T7566] libceph: resolve '0' (ret=-3): failed
[  272.504166][   T31] usb 5-1: device not accepting address 11, error -71
[  272.504544][   T31] usb usb5-port1: unable to enumerate USB device
[  272.506893][ T5802] Bluetooth: hci5: command tx timeout
[  272.772134][ T1533] netdevsim netdevsim5 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  272.871778][ T7492] bridge0: port 1(bridge_slave_0) entered blocking state
[  272.873550][ T7492] bridge0: port 1(bridge_slave_0) entered disabled state
[  272.873718][ T7492] bridge_slave_0: entered allmulticast mode
[  272.904034][ T7492] bridge_slave_0: entered promiscuous mode
[  272.907249][ T7492] bridge0: port 2(bridge_slave_1) entered blocking state
[  272.907364][ T7492] bridge0: port 2(bridge_slave_1) entered disabled state
[  272.907538][ T7492] bridge_slave_1: entered allmulticast mode
[  272.909910][ T7492] bridge_slave_1: entered promiscuous mode
[  272.933413][   T31] usb 4-1: new high-speed USB device number 24 using dummy_hcd
[  273.042882][ T7492] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  273.084114][   T31] usb 4-1: Using ep0 maxpacket: 32
[  273.089734][   T31] usb 4-1: config 1 interface 0 altsetting 11 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  273.089766][   T31] usb 4-1: config 1 interface 0 has no altsetting 0
[  273.093080][   T31] usb 4-1: string descriptor 0 read error: -22
[  273.093203][   T31] usb 4-1: New USB device found, idVendor=046d, idProduct=c623, bcdDevice= 0.40
[  273.093226][   T31] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  273.105384][ T7492] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  273.852709][ T7492] team0: Port device team_slave_0 added
[  274.230692][ T7492] team0: Port device team_slave_1 added
[  274.965512][   T37] audit: type=1326 audit(1771103134.610:63): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7590 comm="syz.1.469" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe5591bbf79 code=0x7ffc0000
[  274.965559][   T37] audit: type=1326 audit(1771103134.610:64): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7590 comm="syz.1.469" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe5591bbf79 code=0x7ffc0000
[  274.965598][   T37] audit: type=1326 audit(1771103134.610:65): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7590 comm="syz.1.469" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe5591bbf79 code=0x7ffc0000
[  274.966013][   T37] audit: type=1326 audit(1771103134.610:66): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7590 comm="syz.1.469" exe="/root/syz-executor" sig=0 arch=c000003e syscall=460 compat=0 ip=0x7fe5591bbf79 code=0x7ffc0000
[  274.966060][   T37] audit: type=1326 audit(1771103134.610:67): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7590 comm="syz.1.469" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe5591bbf79 code=0x7ffc0000
[  274.966147][   T37] audit: type=1326 audit(1771103134.610:68): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7590 comm="syz.1.469" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe5591bbf79 code=0x7ffc0000
[  274.966186][   T37] audit: type=1326 audit(1771103134.610:69): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7590 comm="syz.1.469" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe5591bbf79 code=0x7ffc0000
[  274.966223][   T37] audit: type=1326 audit(1771103134.610:70): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7590 comm="syz.1.469" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7fe5591bbf79 code=0x7ffc0000
[  274.970594][   T37] audit: type=1326 audit(1771103134.610:71): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7590 comm="syz.1.469" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe5591bbf79 code=0x7ffc0000
[  274.970640][   T37] audit: type=1326 audit(1771103134.610:72): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7590 comm="syz.1.469" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe5591bbf79 code=0x7ffc0000
[  275.565928][ T7492] batman_adv: batadv0: Adding interface: batadv_slave_0
[  275.566503][ T7492] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  275.566532][ T7492] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  275.637871][ T7492] batman_adv: batadv0: Adding interface: batadv_slave_1
[  275.637887][ T7492] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  275.637912][ T7492] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  275.816877][   T31] usbhid 4-1:1.0: can't add hid device: -71
[  275.818106][   T31] usbhid 4-1:1.0: probe with driver usbhid failed with error -71
[  275.837334][   T31] usb 4-1: USB disconnect, device number 24
[  276.008791][ T1533] bridge_slave_1: left allmulticast mode
[  276.008817][ T1533] bridge_slave_1: left promiscuous mode
[  276.009042][ T1533] bridge0: port 2(bridge_slave_1) entered disabled state
[  276.101238][ T1533] bridge_slave_0: left allmulticast mode
[  276.101264][ T1533] bridge_slave_0: left promiscuous mode
[  276.101502][ T1533] bridge0: port 1(bridge_slave_0) entered disabled state
[  276.393203][ T5979] usb 1-1: new high-speed USB device number 17 using dummy_hcd
[  276.505099][ T7614] netlink: 12 bytes leftover after parsing attributes in process `syz.1.473'.
[  277.225742][ T5979] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 0, changing to 7
[  277.225775][ T5979] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x3 has invalid wMaxPacketSize 0
[  277.225799][ T5979] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x8A has invalid wMaxPacketSize 0
[  277.228883][ T5979] usb 1-1: New USB device found, idVendor=0a07, idProduct=00d0, bcdDevice=10.13
[  277.228911][ T5979] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  277.228931][ T5979] usb 1-1: Product: syz
[  277.228945][ T5979] usb 1-1: Manufacturer: syz
[  277.228959][ T5979] usb 1-1: SerialNumber: syz
[  277.296919][ T5979] usb 1-1: config 0 descriptor??
[  277.301290][ T5979] adutux 1-1:0.0: interrupt endpoints not found
[  278.193209][ T5858] usb 1-1: USB disconnect, device number 17
[  278.369080][ T7627] libceph: resolve '0' (ret=-3): failed
[  279.501350][ T7637] loop8: detected capacity change from 0 to 7
[  279.556422][ T7533] Dev loop8: unable to read RDB block 7
[  279.556456][ T7533]  loop8: unable to read partition table
[  279.556576][ T7533] loop8: partition table beyond EOD, truncated
[  279.581455][ T7637] Dev loop8: unable to read RDB block 7
[  279.581498][ T7637]  loop8: unable to read partition table
[  279.581752][ T7637] loop8: partition table beyond EOD, truncated
[  279.581778][ T7637] loop_reread_partitions: partition scan of loop8 (þ被xü^>Ñà– ) failed (rc=-5)
[  281.820698][ T7648] cgroup: Unknown subsys name 'io'
[  285.984255][ T1533] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  286.031850][ T1533] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  286.049784][ T1533] bond0 (unregistering): Released all slaves
[  288.211008][ T7492] hsr_slave_0: entered promiscuous mode
[  288.213223][ T7492] hsr_slave_1: entered promiscuous mode
[  291.183605][ T7702] libceph: resolve '0' (ret=-3): failed
[  293.082226][ T1533] hsr_slave_0: left promiscuous mode
[  293.142371][ T1533] hsr_slave_1: left promiscuous mode
[  293.143310][ T1533] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  293.143333][ T1533] batman_adv: batadv0: Removing interface: batadv_slave_0
[  293.233478][ T1533] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  293.233505][ T1533] batman_adv: batadv0: Removing interface: batadv_slave_1
[  293.366446][ T1533] veth1_macvtap: left promiscuous mode
[  293.366541][ T1533] veth0_macvtap: left promiscuous mode
[  293.366768][ T1533] veth1_vlan: left promiscuous mode
[  293.366928][ T1533] veth0_vlan: left promiscuous mode
[  294.170126][ T7721] cgroup: Unknown subsys name 'io'
[  294.534082][ T7721] i2c i2c-0: dvb_frontend_start: failed to start kthread (-4)
[  294.657867][ T7727] netlink: 8 bytes leftover after parsing attributes in process `syz.3.499'.
[  294.657890][ T7727] netlink: 4 bytes leftover after parsing attributes in process `syz.3.499'.
[  294.942169][ T5860] usb 4-1: new high-speed USB device number 25 using dummy_hcd
[  295.082143][ T5875] usb 5-1: new high-speed USB device number 12 using dummy_hcd
[  295.102183][ T5860] usb 4-1: Using ep0 maxpacket: 16
[  295.111050][ T5860] usb 4-1: config 0 has an invalid interface number: 105 but max is 0
[  295.111074][ T5860] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  295.111092][ T5860] usb 4-1: config 0 has no interface number 0
[  295.133196][ T5860] usb 4-1: New USB device found, idVendor=046c, idProduct=14e8, bcdDevice= b.28
[  295.133222][ T5860] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  295.133241][ T5860] usb 4-1: Product: syz
[  295.133254][ T5860] usb 4-1: Manufacturer: syz
[  295.133267][ T5860] usb 4-1: SerialNumber: syz
[  295.180199][ T5860] usb 4-1: config 0 descriptor??
[  295.262079][ T5875] usb 5-1: Using ep0 maxpacket: 16
[  295.264516][ T5875] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  295.264538][ T5875] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 3
[  295.266871][ T5875] usb 5-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  295.266896][ T5875] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  295.266916][ T5875] usb 5-1: Product: syz
[  295.266930][ T5875] usb 5-1: Manufacturer: syz
[  295.266944][ T5875] usb 5-1: SerialNumber: syz
[  295.543120][ T5875] usb 5-1: 0:2 : does not exist
[  295.640860][ T5875] usb 5-1: USB disconnect, device number 12
[  295.715283][ T7658] udevd[7658]: error opening ATTR{/sys/devices/platform/dummy_hcd.4/usb5/5-1/5-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  297.240840][ T7738] libceph: resolve '0' (ret=-3): failed
[  297.842633][ T1533] team0 (unregistering): Port device team_slave_1 removed
[  297.982553][ T1533] team0 (unregistering): Port device team_slave_0 removed
[  300.514491][ T5860] uvcvideo 4-1:0.105: Found UVC 0.00 device syz (046c:14e8)
[  300.514525][ T5860] uvcvideo 4-1:0.105: No valid video chain found.
[  301.171893][ T5874] usb 4-1: USB disconnect, device number 25
[  302.282501][   T31] usb 5-1: new high-speed USB device number 13 using dummy_hcd
[  302.315265][ T7788] libceph: resolve '0' (ret=-3): failed
[  302.437207][ T5874] usb 4-1: new high-speed USB device number 26 using dummy_hcd
[  302.674948][   T37] kauditd_printk_skb: 247 callbacks suppressed
[  302.674965][   T37] audit: type=1326 audit(1771103162.311:320): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7789 comm="syz.0.513" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f2fe222bf79 code=0x0
[  302.691899][   T31] usb 5-1: Using ep0 maxpacket: 16
[  302.694258][   T31] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  302.694423][ T5874] usb 4-1: config index 0 descriptor too short (expected 23569, got 27)
[  302.694464][ T5874] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  302.694544][   T31] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 3
[  302.696451][ T5874] usb 4-1: New USB device found, idVendor=03eb, idProduct=0002, bcdDevice=ba.c0
[  302.696476][ T5874] usb 4-1: New USB device strings: Mfr=5, Product=0, SerialNumber=0
[  302.696495][ T5874] usb 4-1: Manufacturer: syz
[  302.698705][   T31] usb 5-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  302.698730][   T31] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  302.698750][   T31] usb 5-1: Product: syz
[  302.698763][   T31] usb 5-1: Manufacturer: syz
[  302.698772][   T31] usb 5-1: SerialNumber: syz
[  302.822769][ T5874] usb 4-1: config 0 descriptor??
[  303.087945][ T5874] rc_core: IR keymap rc-hauppauge not found
[  303.087965][ T5874] Registered IR keymap rc-empty
[  303.103862][ T5874] rc rc0: IgorPlug-USB IR Receiver as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/rc/rc0
[  303.105007][   T31] usb 5-1: 0:2 : does not exist
[  303.134193][ T5874] input: IgorPlug-USB IR Receiver as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/rc/rc0/input9
[  303.297835][   T31] usb 5-1: USB disconnect, device number 13
[  303.396358][    C1] igorplugusb 4-1:0.0: receive overflow, at least 5 lost
[  303.519848][ T7658] udevd[7658]: error opening ATTR{/sys/devices/platform/dummy_hcd.4/usb5/5-1/5-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  303.645828][ T5874] usb 4-1: USB disconnect, device number 26
[  305.653018][   T37] audit: type=1326 audit(1771103165.301:321): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7815 comm="syz.3.517" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f44337ebf79 code=0x7ffc0000
[  305.653065][   T37] audit: type=1326 audit(1771103165.301:322): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7815 comm="syz.3.517" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f44337ebf79 code=0x7ffc0000
[  305.653103][   T37] audit: type=1326 audit(1771103165.301:323): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7815 comm="syz.3.517" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f44337ebf79 code=0x7ffc0000
[  305.665749][   T37] audit: type=1326 audit(1771103165.311:324): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7815 comm="syz.3.517" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f44337ebf79 code=0x7ffc0000
[  305.665793][   T37] audit: type=1326 audit(1771103165.311:325): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7815 comm="syz.3.517" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f44337ebf79 code=0x7ffc0000
[  305.665828][   T37] audit: type=1326 audit(1771103165.311:326): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7815 comm="syz.3.517" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f44337ebf79 code=0x7ffc0000
[  305.665863][   T37] audit: type=1326 audit(1771103165.311:327): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7815 comm="syz.3.517" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f44337ebf79 code=0x7ffc0000
[  305.665898][   T37] audit: type=1326 audit(1771103165.311:328): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7815 comm="syz.3.517" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f44337ebf79 code=0x7ffc0000
[  305.690845][   T37] audit: type=1326 audit(1771103165.331:329): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7815 comm="syz.3.517" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f44337ebf79 code=0x7ffc0000
[  306.285594][ T7834] cgroup: Unknown subsys name 'io'
[  308.358011][ T7846] netlink: 12 bytes leftover after parsing attributes in process `syz.3.522'.
[  308.470086][ T7852] Invalid source name
[  308.470118][ T7852] UBIFS error (pid: 7852): cannot open "ubifs", error -22
[  308.550697][ T7855] netlink: 'syz.3.526': attribute type 1 has an invalid length.
[  308.550719][ T7855] netlink: 'syz.3.526': attribute type 2 has an invalid length.
[  308.550913][ T7855] netlink: 4 bytes leftover after parsing attributes in process `syz.3.526'.
[  308.595681][ T7855] netlink: 'syz.3.526': attribute type 3 has an invalid length.
[  308.596510][ T7855] netlink: 'syz.3.526': attribute type 3 has an invalid length.
[  308.625078][ T7492] netdevsim netdevsim5 netdevsim0: renamed from eth0
[  308.694620][ T7492] netdevsim netdevsim5 netdevsim1: renamed from eth1
[  309.106729][ T7492] netdevsim netdevsim5 netdevsim2: renamed from eth2
[  309.165247][ T7492] netdevsim netdevsim5 netdevsim3: renamed from eth3
[  310.937033][ T7492] 8021q: adding VLAN 0 to HW filter on device bond0
[  311.093625][ T7492] 8021q: adding VLAN 0 to HW filter on device team0
[  311.122978][ T1470] bridge0: port 1(bridge_slave_0) entered blocking state
[  311.123091][ T1470] bridge0: port 1(bridge_slave_0) entered forwarding state
[  311.132558][ T1470] bridge0: port 2(bridge_slave_1) entered blocking state
[  311.153938][ T1470] bridge0: port 2(bridge_slave_1) entered forwarding state
[  311.711211][ T5890] usb 5-1: new high-speed USB device number 14 using dummy_hcd
[  311.861166][ T5890] usb 5-1: Using ep0 maxpacket: 16
[  311.870628][ T5890] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  311.870654][ T5890] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 3
[  311.897740][ T5890] usb 5-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  311.897769][ T5890] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  311.897788][ T5890] usb 5-1: Product: syz
[  311.897801][ T5890] usb 5-1: Manufacturer: syz
[  311.897815][ T5890] usb 5-1: SerialNumber: syz
[  312.167250][ T5890] usb 5-1: 0:2 : does not exist
[  312.188488][ T7492] 8021q: adding VLAN 0 to HW filter on device batadv0
[  312.277116][ T5890] usb 5-1: USB disconnect, device number 14
[  313.876559][ T7676] udevd[7676]: error opening ATTR{/sys/devices/platform/dummy_hcd.4/usb5/5-1/5-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  315.201602][ T7913] cgroup: Unknown subsys name 'io'
[  315.922117][ T7492] veth0_vlan: entered promiscuous mode
[  315.941189][ T7492] veth1_vlan: entered promiscuous mode
[  315.981596][ T7492] veth0_macvtap: entered promiscuous mode
[  315.987337][ T7492] veth1_macvtap: entered promiscuous mode
[  316.031630][ T7492] batman_adv: batadv0: Interface activated: batadv_slave_0
[  316.048885][ T7492] batman_adv: batadv0: Interface activated: batadv_slave_1
[  316.069631][ T1009] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  316.070435][ T1009] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  316.090043][ T1009] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  316.090289][ T1009] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  316.484255][   T37] kauditd_printk_skb: 4 callbacks suppressed
[  316.484271][   T37] audit: type=1326 audit(1771103176.132:334): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7917 comm="syz.4.534" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f9e94c2bf79 code=0x0
[  316.799177][ T4124] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  316.799198][ T4124] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  316.996586][ T3369] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  316.996606][ T3369] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  317.058362][ T1319] ieee802154 phy0 wpan0: encryption failed: -22
[  317.058426][ T1319] ieee802154 phy1 wpan1: encryption failed: -22
[  317.745669][ T7944] netlink: 224 bytes leftover after parsing attributes in process `syz.5.320'.
[  317.982521][ T7946] netlink: 12 bytes leftover after parsing attributes in process `syz.0.537'.
[  317.982547][ T7946] netlink: 8 bytes leftover after parsing attributes in process `syz.0.537'.
[  321.131830][ T7961] Invalid source name
[  321.131848][ T7961] UBIFS error (pid: 7961): cannot open "ubifs", error -22
[  321.390706][   T60] Bluetooth: hci0: command 0xfc11 tx timeout
[  321.391016][ T5802] Bluetooth: hci0: Entering manufacturer mode failed (-110)
[  321.682373][ T7968] cgroup: Unknown subsys name 'io'
[  325.377698][ T8000] netlink: 224 bytes leftover after parsing attributes in process `syz.4.548'.
[  326.326486][  T932] usb 4-1: new high-speed USB device number 27 using dummy_hcd
[  327.314630][ T8016] binder: 8011:8016 ioctl 4018620d 0 returned -22
[  327.610405][  T932] usb 4-1: Using ep0 maxpacket: 32
[  327.611919][  T932] usb 4-1: config 0 has an invalid interface number: 144 but max is 0
[  327.611935][  T932] usb 4-1: config 0 has no interface number 0
[  327.616708][  T932] usb 4-1: New USB device found, idVendor=0df6, idProduct=0024, bcdDevice=12.ca
[  327.616730][  T932] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  327.616742][  T932] usb 4-1: Product: syz
[  327.616749][  T932] usb 4-1: Manufacturer: syz
[  327.616756][  T932] usb 4-1: SerialNumber: syz
[  328.212569][ T8023] cgroup: Unknown subsys name 'io'
[  328.481524][ T8023] i2c i2c-0: dvb_frontend_start: failed to start kthread (-4)
[  328.607838][  T932] usb 4-1: config 0 descriptor??
[  329.761788][ T5874] usb 4-1: USB disconnect, device number 27
[  330.394719][ T8046] netlink: 224 bytes leftover after parsing attributes in process `syz.1.562'.
[  335.464995][ T5936] usb 6-1: new high-speed USB device number 2 using dummy_hcd
[  335.619879][ T5936] usb 6-1: Using ep0 maxpacket: 32
[  335.621909][ T5936] usb 6-1: config index 0 descriptor too short (expected 539, got 27)
[  335.621968][ T5936] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x85 has invalid wMaxPacketSize 0
[  335.624471][ T5936] usb 6-1: New USB device found, idVendor=14c8, idProduct=0003, bcdDevice= 5.6c
[  335.624498][ T5936] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  335.624517][ T5936] usb 6-1: Product: syz
[  335.624531][ T5936] usb 6-1: Manufacturer: syz
[  335.624545][ T5936] usb 6-1: SerialNumber: syz
[  335.710455][ T5936] usb 6-1: config 0 descriptor??
[  335.714830][ T5936] hub 6-1:0.0: bad descriptor, ignoring hub
[  335.714864][ T5936] hub 6-1:0.0: probe with driver hub failed with error -5
[  335.806254][ T5936] input: syz syz as /devices/platform/dummy_hcd.5/usb6/6-1/6-1:0.0/input/input10
[  335.828445][ T5936] usbtouchscreen 6-1:0.0: usbtouch_probe - usb_submit_urb failed with result: -8
[  335.941809][   T60] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  335.959596][   T60] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  335.971831][   T60] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  335.988132][   T60] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  336.001258][   T60] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  336.815873][ T5936] usbtouchscreen 6-1:0.0: probe with driver usbtouchscreen failed with error -8
[  336.860405][ T5936] usb 6-1: USB disconnect, device number 2
[  338.399681][ T5802] Bluetooth: hci0: command tx timeout
[  338.611939][ T8088] loop2: detected capacity change from 0 to 7
[  338.623417][ T8088] Dev loop2: unable to read RDB block 7
[  338.623459][ T8088]  loop2: unable to read partition table
[  338.623646][ T8088] loop2: partition table beyond EOD, truncated
[  338.623674][ T8088] loop_reread_partitions: partition scan of loop2 (þ被xü—ŸÑà– ) failed (rc=-5)
[  339.002463][ T8099] netlink: 12 bytes leftover after parsing attributes in process `syz.5.581'.
[  340.410575][ T5802] Bluetooth: hci0: command tx timeout
[  341.089144][ T4316] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  341.406505][ T8125] cgroup: Unknown subsys name 'io'
[  341.407740][ T8125] ==================================================================
[  341.407756][ T8125] BUG: KASAN: slab-use-after-free in dvb_device_open+0xc4/0x360
[  341.407788][ T8125] Read of size 8 at addr ffff88802b390018 by task syz.1.568/8125
[  341.407805][ T8125] 
[  341.407821][ T8125] CPU: 0 UID: 0 PID: 8125 Comm: syz.1.568 Tainted: G             L      syzkaller #0 PREEMPT_{RT,(full)} 
[  341.407848][ T8125] Tainted: [L]=SOFTLOCKUP
[  341.407856][ T8125] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[  341.407869][ T8125] Call Trace:
[  341.407877][ T8125]  <TASK>
[  341.407886][ T8125]  dump_stack_lvl+0xe8/0x150
[  341.407913][ T8125]  print_report+0xba/0x230
[  341.407937][ T8125]  ? dvb_device_open+0xc4/0x360
[  341.407960][ T8125]  kasan_report+0x117/0x150
[  341.407983][ T8125]  ? dvb_device_open+0xc4/0x360
[  341.408010][ T8125]  dvb_device_open+0xc4/0x360
[  341.408035][ T8125]  ? rt_spin_unlock+0x160/0x200
[  341.408057][ T8125]  chrdev_open+0x4d0/0x5f0
[  341.408084][ T8125]  ? __pfx_chrdev_open+0x10/0x10
[  341.408106][ T8125]  ? fsnotify_open_perm_and_set_mode+0x138/0x6e0
[  341.408137][ T8125]  ? __pfx_chrdev_open+0x10/0x10
[  341.408158][ T8125]  do_dentry_open+0x83d/0x13e0
[  341.408186][ T8125]  vfs_open+0x3b/0x350
[  341.408208][ T8125]  ? path_openat+0x2e25/0x38a0
[  341.408227][ T8125]  path_openat+0x2e3d/0x38a0
[  341.408261][ T8125]  ? __pfx_path_openat+0x10/0x10
[  341.408281][ T8125]  ? kasan_save_track+0x4f/0x80
[  341.408298][ T8125]  ? kasan_save_track+0x3e/0x80
[  341.408314][ T8125]  ? __kasan_slab_alloc+0x6c/0x80
[  341.408332][ T8125]  ? kmem_cache_alloc_noprof+0x33b/0x680
[  341.408356][ T8125]  ? do_raw_spin_lock+0x12b/0x2f0
[  341.408382][ T8125]  do_file_open+0x23e/0x4a0
[  341.408399][ T8125]  ? _raw_spin_unlock_irqrestore+0x30/0x80
[  341.408426][ T8125]  ? __pfx_do_file_open+0x10/0x10
[  341.408443][ T8125]  ? rt_mutex_slowunlock+0x4a7/0x8b0
[  341.408478][ T8125]  ? alloc_fd+0x64e/0x6c0
[  341.408506][ T8125]  do_sys_openat2+0x113/0x200
[  341.408532][ T8125]  ? __pfx_do_sys_openat2+0x10/0x10
[  341.408557][ T8125]  ? exc_page_fault+0x6a/0xc0
[  341.408582][ T8125]  ? do_user_addr_fault+0xc7c/0x1360
[  341.408607][ T8125]  __x64_sys_openat+0x138/0x170
[  341.408634][ T8125]  do_syscall_64+0x14d/0xf80
[  341.408657][ T8125]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  341.408677][ T8125]  ? trace_irq_disable+0x37/0x100
[  341.408693][ T8125]  ? clear_bhb_loop+0x40/0x90
[  341.408714][ T8125]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  341.408733][ T8125] RIP: 0033:0x7fe55917c84e
[  341.408750][ T8125] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 <c3> 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08
[  341.408769][ T8125] RSP: 002b:00007fe556fa8b28 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[  341.408790][ T8125] RAX: ffffffffffffffda RBX: 00007fe556fa96c0 RCX: 00007fe55917c84e
[  341.408807][ T8125] RDX: 0000000000040002 RSI: 00007fe556fa8c00 RDI: ffffffffffffff9c
[  341.408821][ T8125] RBP: 00007fe556fa8c00 R08: 0000000000000000 R09: 0000000000000000
[  341.408835][ T8125] R10: 0000000000000000 R11: 0000000000000246 R12: cccccccccccccccd
[  341.408849][ T8125] R13: 00007fe559436308 R14: 00007fe559436270 R15: 00007ffe0e7f01b8
[  341.408872][ T8125]  </TASK>
[  341.408880][ T8125] 
[  341.408885][ T8125] Allocated by task 1:
[  341.408894][ T8125]  kasan_save_track+0x3e/0x80
[  341.408910][ T8125]  __kasan_kmalloc+0x93/0xb0
[  341.408926][ T8125]  __kmalloc_cache_noprof+0x3a6/0x690
[  341.408945][ T8125]  dvb_register_device+0x2fd/0x2210
[  341.408967][ T8125]  dvb_register_frontend+0x665/0x970
[  341.408987][ T8125]  vidtv_bridge_probe+0x9aa/0xf80
[  341.409011][ T8125]  platform_probe+0xf9/0x190
[  341.409034][ T8125]  really_probe+0x267/0xaf0
[  341.409050][ T8125]  __driver_probe_device+0x18c/0x320
[  341.409067][ T8125]  driver_probe_device+0x4f/0x240
[  341.409084][ T8125]  __driver_attach+0x349/0x640
[  341.409099][ T8125]  bus_for_each_dev+0x23e/0x2c0
[  341.409120][ T8125]  bus_add_driver+0x348/0x670
[  341.409140][ T8125]  driver_register+0x23a/0x320
[  341.409158][ T8125]  vidtv_bridge_init+0x28/0x50
[  341.409183][ T8125]  do_one_initcall+0x250/0x840
[  341.409206][ T8125]  do_initcall_level+0x104/0x190
[  341.409223][ T8125]  do_initcalls+0x59/0xa0
[  341.409240][ T8125]  kernel_init_freeable+0x2a6/0x3d0
[  341.409258][ T8125]  kernel_init+0x1d/0x1d0
[  341.409273][ T8125]  ret_from_fork+0x51e/0xb90
[  341.409293][ T8125]  ret_from_fork_asm+0x1a/0x30
[  341.409318][ T8125] 
[  341.409322][ T8125] Freed by task 8023:
[  341.409331][ T8125]  kasan_save_track+0x3e/0x80
[  341.409346][ T8125]  kasan_save_free_info+0x46/0x50
[  341.409368][ T8125]  __kasan_slab_free+0x5c/0x80
[  341.409384][ T8125]  kfree+0x1c1/0x690
[  341.409398][ T8125]  dvb_device_open+0x2d6/0x360
[  341.409420][ T8125]  chrdev_open+0x4d0/0x5f0
[  341.409434][ T8125]  do_dentry_open+0x83d/0x13e0
[  341.409452][ T8125]  vfs_open+0x3b/0x350
[  341.409478][ T8125]  path_openat+0x2e3d/0x38a0
[  341.409495][ T8125]  do_file_open+0x23e/0x4a0
[  341.409510][ T8125]  do_sys_openat2+0x113/0x200
[  341.409530][ T8125]  __x64_sys_openat+0x138/0x170
[  341.409553][ T8125]  do_syscall_64+0x14d/0xf80
[  341.409574][ T8125]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  341.409592][ T8125] 
[  341.409597][ T8125] The buggy address belongs to the object at ffff88802b390000
[  341.409597][ T8125]  which belongs to the cache kmalloc-512 of size 512
[  341.409615][ T8125] The buggy address is located 24 bytes inside of
[  341.409615][ T8125]  freed 512-byte region [ffff88802b390000, ffff88802b390200)
[  341.409636][ T8125] 
[  341.409641][ T8125] The buggy address belongs to the physical page:
[  341.409657][ T8125] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x2b390
[  341.409679][ T8125] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[  341.409696][ T8125] flags: 0x80000000000040(head|node=0|zone=1)
[  341.409717][ T8125] page_type: f5(slab)
[  341.409735][ T8125] raw: 0080000000000040 ffff88813fe0dc80 dead000000000100 dead000000000122
[  341.409753][ T8125] raw: 0000000000000000 0000000000100010 00000000f5000000 0000000000000000
[  341.409771][ T8125] head: 0080000000000040 ffff88813fe0dc80 dead000000000100 dead000000000122
[  341.409788][ T8125] head: 0000000000000000 0000000000100010 00000000f5000000 0000000000000000
[  341.409807][ T8125] head: 0080000000000002 ffffea0000ace401 00000000ffffffff 00000000ffffffff
[  341.409823][ T8125] head: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000004
[  341.409833][ T8125] page dumped because: kasan: bad access detected
[  341.409847][ T8125] page_owner tracks the page as allocated
[  341.409855][ T8125] page last allocated via order 2, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 1, tgid 1 (swapper/0), ts 13978498824, free_ts 0
[  341.409889][ T8125]  post_alloc_hook+0x228/0x280
[  341.409907][ T8125]  get_page_from_freelist+0x28bb/0x2950
[  341.409929][ T8125]  __alloc_frozen_pages_noprof+0x18d/0x380
[  341.409950][ T8125]  allocate_slab+0x77/0x660
[  341.409972][ T8125]  refill_objects+0x334/0x3c0
[  341.409994][ T8125]  __pcs_replace_empty_main+0x328/0x5f0
[  341.410017][ T8125]  __kmalloc_cache_noprof+0x44e/0x690
[  341.410034][ T8125]  device_add+0xbe/0xb80
[  341.410057][ T8125]  i2c_new_client_device+0xa1f/0x1160
[  341.410082][ T8125]  dvb_module_probe+0x1c7/0x310
[  341.410103][ T8125]  vidtv_bridge_probe+0x93b/0xf80
[  341.410127][ T8125]  platform_probe+0xf9/0x190
[  341.410151][ T8125]  really_probe+0x267/0xaf0
[  341.410168][ T8125]  __driver_probe_device+0x18c/0x320
[  341.410184][ T8125]  driver_probe_device+0x4f/0x240
[  341.410201][ T8125]  __driver_attach+0x349/0x640
[  341.410216][ T8125] page_owner free stack trace missing
[  341.410222][ T8125] 
[  341.410228][ T8125] Memory state around the buggy address:
[  341.410238][ T8125]  ffff88802b38ff00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[  341.410251][ T8125]  ffff88802b38ff80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[  341.410264][ T8125] >ffff88802b390000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  341.410273][ T8125]                             ^
[  341.410284][ T8125]  ffff88802b390080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  341.410297][ T8125]  ffff88802b390100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  341.410308][ T8125] ==================================================================
[  341.410364][ T8125] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[  341.410386][ T8125] CPU: 0 UID: 0 PID: 8125 Comm: syz.1.568 Tainted: G             L      syzkaller #0 PREEMPT_{RT,(full)} 
[  341.410415][ T8125] Tainted: [L]=SOFTLOCKUP
[  341.410422][ T8125] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[  341.410434][ T8125] Call Trace:
[  341.410443][ T8125]  <TASK>
[  341.410450][ T8125]  vpanic+0x1e0/0x670
[  341.410486][ T8125]  panic+0xc5/0xd0
[  341.410511][ T8125]  ? __pfx_panic+0x10/0x10
[  341.410538][ T8125]  ? dvb_device_open+0xc4/0x360
[  341.410568][ T8125]  ? dvb_device_open+0xc4/0x360
[  341.410592][ T8125]  check_panic_on_warn+0x89/0xb0
[  341.410611][ T8125]  ? dvb_device_open+0xc4/0x360
[  341.410634][ T8125]  end_report+0x6f/0x140
[  341.410654][ T8125]  kasan_report+0x128/0x150
[  341.410675][ T8125]  ? dvb_device_open+0xc4/0x360
[  341.410703][ T8125]  dvb_device_open+0xc4/0x360
[  341.410727][ T8125]  ? rt_spin_unlock+0x160/0x200
[  341.410754][ T8125]  chrdev_open+0x4d0/0x5f0
[  341.410776][ T8125]  ? __pfx_chrdev_open+0x10/0x10
[  341.410798][ T8125]  ? fsnotify_open_perm_and_set_mode+0x138/0x6e0
[  341.410828][ T8125]  ? __pfx_chrdev_open+0x10/0x10
[  341.410849][ T8125]  do_dentry_open+0x83d/0x13e0
[  341.410877][ T8125]  vfs_open+0x3b/0x350
[  341.410898][ T8125]  ? path_openat+0x2e25/0x38a0
[  341.410917][ T8125]  path_openat+0x2e3d/0x38a0
[  341.410951][ T8125]  ? __pfx_path_openat+0x10/0x10
[  341.410971][ T8125]  ? kasan_save_track+0x4f/0x80
[  341.410987][ T8125]  ? kasan_save_track+0x3e/0x80
[  341.411003][ T8125]  ? __kasan_slab_alloc+0x6c/0x80
[  341.411020][ T8125]  ? kmem_cache_alloc_noprof+0x33b/0x680
[  341.411044][ T8125]  ? do_raw_spin_lock+0x12b/0x2f0
[  341.411071][ T8125]  do_file_open+0x23e/0x4a0
[  341.411090][ T8125]  ? _raw_spin_unlock_irqrestore+0x30/0x80
[  341.411116][ T8125]  ? __pfx_do_file_open+0x10/0x10
[  341.411133][ T8125]  ? rt_mutex_slowunlock+0x4a7/0x8b0
[  341.411163][ T8125]  ? alloc_fd+0x64e/0x6c0
[  341.411192][ T8125]  do_sys_openat2+0x113/0x200
[  341.411217][ T8125]  ? __pfx_do_sys_openat2+0x10/0x10
[  341.411241][ T8125]  ? exc_page_fault+0x6a/0xc0
[  341.411266][ T8125]  ? do_user_addr_fault+0xc7c/0x1360
[  341.411291][ T8125]  __x64_sys_openat+0x138/0x170
[  341.411318][ T8125]  do_syscall_64+0x14d/0xf80
[  341.411340][ T8125]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  341.411359][ T8125]  ? trace_irq_disable+0x37/0x100
[  341.411376][ T8125]  ? clear_bhb_loop+0x40/0x90
[  341.411397][ T8125]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  341.411416][ T8125] RIP: 0033:0x7fe55917c84e
[  341.411431][ T8125] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 <c3> 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08
[  341.411449][ T8125] RSP: 002b:00007fe556fa8b28 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[  341.411476][ T8125] RAX: ffffffffffffffda RBX: 00007fe556fa96c0 RCX: 00007fe55917c84e
[  341.411491][ T8125] RDX: 0000000000040002 RSI: 00007fe556fa8c00 RDI: ffffffffffffff9c
[  341.411505][ T8125] RBP: 00007fe556fa8c00 R08: 0000000000000000 R09: 0000000000000000
[  341.411518][ T8125] R10: 0000000000000000 R11: 0000000000000246 R12: cccccccccccccccd
[  341.411532][ T8125] R13: 00007fe559436308 R14: 00007fe559436270 R15: 00007ffe0e7f01b8
[  341.411555][ T8125]  </TASK>
[  341.411894][ T8125] Kernel Offset: disabled