last executing test programs:

26m57.248087973s ago: executing program 1 (id=170):
r0 = syz_open_dev$loop(&(0x7f0000000100), 0x80000006, 0x48002)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='hugetlb.1GB.rsvd.usage_in_bytes\x00', 0x275a, 0x0)
unshare(0xc000600)
ioctl$LOOP_CONFIGURE(r0, 0x4c0a, &(0x7f0000000400)={r1, 0x0, {0x2a00, 0x80010000, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x1c, "fee8a2ab78fc979fd1e00d96072000001ea89de2b7fb0000e60080b8785d96000100", "2809e8dbe108598948224ad54afac11d875397bdb22d0000b420a1a93c5240f45f819e01177d3d458dd4992861ac00", "90be8b1c551265406c7f306003d8a0f4bd00"}})

26m56.884093657s ago: executing program 1 (id=174):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbee2, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e21}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
setsockopt$packet_fanout(0xffffffffffffffff, 0x107, 0x12, 0x0, 0x0)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r4, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000001140)={&(0x7f0000000200)=ANY=[@ANYBLOB="58000000020601080000000000000000000000400500010006000000050005000200000005000400000000000900020073797a31000000000c000780080006400000000011000300686173683a6970"], 0x58}}, 0x0)
sendmsg$NFT_BATCH(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000500)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a18010000060a0b0400000000000000000200000034000480300001800a0001006d617463680000002000028008000240000000030b000100736f636b6574000005000300d60000000900010073797a30000000000900020073797a3200000000b70007"], 0x140}, 0x1, 0x0, 0x0, 0x40480e0}, 0x4008014)

26m54.789763078s ago: executing program 1 (id=180):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000440)=@raw={'raw\x00', 0x3c1, 0x3, 0x3a8, 0x0, 0x111, 0x4b4, 0x0, 0x700, 0x2d8, 0x278, 0x278, 0x2d8, 0x278, 0x3, 0x0, {[{{@ipv6={@mcast2, @empty, [], [], 'vlan0\x00', 'team_slave_0\x00', {}, {}, 0x88}, 0x0, 0x128, 0x190, 0x0, {}, [@common=@inet=@multiport={{0x50}}, @common=@unspec=@connmark={{0x30}}]}, @unspec=@CT2={0x68, 'CT\x00', 0x2, {0x0, 0x0, 0x0, 0x0, 'netbios-ns\x00', 'syz0\x00'}}}, {{@ipv6={@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', @private1, [], [], 'geneve1\x00', 'erspan0\x00'}, 0x0, 0xe0, 0x148, 0x0, {}, [@common=@unspec=@statistic={{0x38}}]}, @unspec=@CT1={0x68, 'CT\x00', 0x1, {0x0, 0x0, 0x0, 0x0, 'syz0\x00', 'syz0\x00'}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x408)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0xc011, 0xffffffffffffffff, 0x0)
syz_emit_ethernet(0x66, 0x0, 0x0)
syz_emit_ethernet(0x2416, &(0x7f0000000580)=ANY=[@ANYBLOB="e727dc07001f391e7dd7a2d786dd609907a623e02c03cb697a653e336f000000500000000000ff0200000000000000000000000000013200001200"], 0x0)
syz_emit_ethernet(0x66, &(0x7f0000000080)=ANY=[@ANYBLOB="69e1629b6174391e7dd7a2d786dd60b6000000302c03cb697a653e336f000000500000000000ff0200"/51], 0x0)

26m54.159907808s ago: executing program 1 (id=182):
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000280)=0x8)
r0 = socket$nl_route(0x10, 0x3, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000200)={0x8, 0x8a}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x3)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
r1 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$SNDCTL_SEQ_OUTOFBAND(r1, 0x40085112, &(0x7f0000000100)=@l={0x92, 0x6, 0xc0, 0x15, 0x4, 0x3, 0x8})
madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xe)
r2 = syz_open_procfs(0x0, 0x0)
writev(r2, &(0x7f0000000100)=[{&(0x7f0000000000)='4', 0x1}], 0x1)
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x6)
sendmsg$ETHTOOL_MSG_EEE_GET(0xffffffffffffffff, 0x0, 0x4)
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x141)
mount$tmpfs(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f00000000c0), 0x0, 0x0)
mount$bind(&(0x7f0000000040)='.\x00', &(0x7f0000000080)='./file0\x00', 0x0, 0x2a05004, 0x0)
r3 = socket$kcm(0x10, 0x2, 0x0)
ioctl$sock_SIOCGIFVLAN_ADD_VLAN_CMD(r3, 0x8982, 0x0)
ioctl$SIOCAX25GETINFOOLD(0xffffffffffffffff, 0x89e3, &(0x7f0000000180))
r4 = socket$nl_route(0x10, 0x3, 0x0)
r5 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r5, 0x8933, &(0x7f0000000040)={'batadv0\x00', <r6=>0x0})
sendmsg$nl_route(r4, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000080)=@setlink={0x3c, 0x13, 0x1, 0x0, 0x0, {}, [@IFLA_MASTER={0x8, 0xa, r6}, @IFLA_ALT_IFNAME={0x14, 0x35, 'dummy0\x00'}]}, 0x3c}}, 0x0)
r7 = socket$pppl2tp(0x18, 0x1, 0x1)
ioctl$SIOCSIFMTU(r7, 0x8922, &(0x7f0000000080)={'dummy0\x00'})
umount2(&(0x7f00000001c0)='./file0\x00', 0x4)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000001c0)={'sit0\x00', <r8=>0x0})
sendmsg$nl_route_sched(r0, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x0, 0x25dfdbfb, {0x0, 0x0, 0x0, r8, {0x0, 0x6}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_fq={{0x7}, {0x4}}, @TCA_RATE={0x6}]}, 0x38}, 0x1, 0x0, 0x0, 0xe130597015ec7cbe}, 0x0)

26m53.728698111s ago: executing program 1 (id=184):
r0 = openat$vimc1(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
ioctl$VIDIOC_SUBDEV_G_SELECTION(r0, 0xc040563d, &(0x7f0000000080)={0x1, 0x0, 0x101, 0x5, {0x3, 0x7, 0xee, 0x9}})
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000500)={0x11, 0x5, &(0x7f0000000440)=ANY=[@ANYBLOB="18050000000000000000000000000000183400000200000000000000000500009500000000000000"], &(0x7f0000000000)='GPL\x00', 0x2, 0x0, 0x0, 0x40f00, 0x62}, 0x94)
r1 = syz_open_dev$vbi(&(0x7f0000000000), 0x0, 0x2)
ioctl$VIDIOC_SUBDEV_G_DV_TIMINGS(r1, 0xc0845658, &(0x7f00000005c0)={0x0, @bt={0x2, 0x10001, 0x0, 0x2, 0x1ff8000000000000, 0x4, 0x3, 0x4, 0x7, 0x4, 0x67d461aa, 0x400, 0x5, 0xca9, 0x2, 0x11, {0x107, 0x5}, 0x10, 0x8}})

26m53.09247181s ago: executing program 1 (id=189):
r0 = socket$inet_udp(0x2, 0x2, 0x0)
r1 = socket$inet6(0xa, 0x2, 0x0)
r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r2}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x102}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r3 = getpid()
sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
connect$unix(r4, &(0x7f000057eff8)=@abs={0x0, 0x0, 0xfffffffe}, 0x6e)
sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
process_madvise(0xffffffffffffffff, 0x0, 0x0, 0x8, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
move_mount(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x262)
r6 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xa, &(0x7f00000000c0)={0x0, &(0x7f0000000080)})
fanotify_mark(0xffffffffffffffff, 0x80, 0x40000012, r6, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeea, 0x40010, 0xffffffffffffffff, 0x0)
bind$inet6(r1, &(0x7f0000f5dfe4)={0xa, 0x4e20, 0x0, @empty}, 0x1c)
setsockopt$inet6_IPV6_DSTOPTS(r1, 0x29, 0x3b, &(0x7f0000000080)=ANY=[], 0x8)
setsockopt$inet6_int(0xffffffffffffffff, 0x29, 0x3a, &(0x7f0000000340)=0xffffffff, 0x4)
r7 = socket$inet_sctp(0x2, 0x1, 0x84)
getsockopt$inet_sctp_SCTP_NODELAY(r7, 0x84, 0x3, &(0x7f0000000180), &(0x7f00000001c0)=0x4)
getsockopt$inet_sctp6_SCTP_RECONFIG_SUPPORTED(0xffffffffffffffff, 0x84, 0x75, &(0x7f0000000080)={<r8=>0x0, 0x100}, &(0x7f00000000c0)=0x8)
getsockopt$inet_sctp_SCTP_STREAM_SCHEDULER_VALUE(r7, 0x84, 0x7c, &(0x7f0000000100)={r8, 0x1096, 0x40}, &(0x7f0000000140)=0x8)
ioctl$sock_ipv4_tunnel_SIOCADDTUNNEL(r0, 0x89f1, &(0x7f0000000040)={'gre0\x00', &(0x7f00000002c0)={'syztnl2\x00', 0x0, 0x8, 0x10, 0x0, 0x0, {{0x5, 0x4, 0x0, 0x0, 0x14, 0x1, 0x0, 0xfc, 0x2f, 0x0, @empty, @empty}}}})
r9 = socket$inet6(0xa, 0x80002, 0x0)
setsockopt$inet6_int(r9, 0x29, 0x50, &(0x7f0000000300)=0x641e, 0x4)
sendto$inet6(r9, 0x0, 0x0, 0x200c8084, &(0x7f0000000080)={0xa, 0x4e20, 0x0, @empty}, 0x1c)

26m50.923385535s ago: executing program 32 (id=189):
r0 = socket$inet_udp(0x2, 0x2, 0x0)
r1 = socket$inet6(0xa, 0x2, 0x0)
r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r2}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x102}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r3 = getpid()
sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
connect$unix(r4, &(0x7f000057eff8)=@abs={0x0, 0x0, 0xfffffffe}, 0x6e)
sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
process_madvise(0xffffffffffffffff, 0x0, 0x0, 0x8, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
move_mount(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x262)
r6 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xa, &(0x7f00000000c0)={0x0, &(0x7f0000000080)})
fanotify_mark(0xffffffffffffffff, 0x80, 0x40000012, r6, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeea, 0x40010, 0xffffffffffffffff, 0x0)
bind$inet6(r1, &(0x7f0000f5dfe4)={0xa, 0x4e20, 0x0, @empty}, 0x1c)
setsockopt$inet6_IPV6_DSTOPTS(r1, 0x29, 0x3b, &(0x7f0000000080)=ANY=[], 0x8)
setsockopt$inet6_int(0xffffffffffffffff, 0x29, 0x3a, &(0x7f0000000340)=0xffffffff, 0x4)
r7 = socket$inet_sctp(0x2, 0x1, 0x84)
getsockopt$inet_sctp_SCTP_NODELAY(r7, 0x84, 0x3, &(0x7f0000000180), &(0x7f00000001c0)=0x4)
getsockopt$inet_sctp6_SCTP_RECONFIG_SUPPORTED(0xffffffffffffffff, 0x84, 0x75, &(0x7f0000000080)={<r8=>0x0, 0x100}, &(0x7f00000000c0)=0x8)
getsockopt$inet_sctp_SCTP_STREAM_SCHEDULER_VALUE(r7, 0x84, 0x7c, &(0x7f0000000100)={r8, 0x1096, 0x40}, &(0x7f0000000140)=0x8)
ioctl$sock_ipv4_tunnel_SIOCADDTUNNEL(r0, 0x89f1, &(0x7f0000000040)={'gre0\x00', &(0x7f00000002c0)={'syztnl2\x00', 0x0, 0x8, 0x10, 0x0, 0x0, {{0x5, 0x4, 0x0, 0x0, 0x14, 0x1, 0x0, 0xfc, 0x2f, 0x0, @empty, @empty}}}})
r9 = socket$inet6(0xa, 0x80002, 0x0)
setsockopt$inet6_int(r9, 0x29, 0x50, &(0x7f0000000300)=0x641e, 0x4)
sendto$inet6(r9, 0x0, 0x0, 0x200c8084, &(0x7f0000000080)={0xa, 0x4e20, 0x0, @empty}, 0x1c)

17.780567418s ago: executing program 3 (id=4546):
setsockopt(0xffffffffffffffff, 0x84, 0x81, &(0x7f00000002c0)="1a000000", 0x4)
prlimit64(0x0, 0xe, &(0x7f00000007c0)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
mkdir(&(0x7f0000000000)='./file0\x00', 0x0)
openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='.\x00', 0x0, 0x0)
syz_open_dev$sndmidi(&(0x7f0000000240), 0x2, 0x20800)
r1 = socket$vsock_stream(0x28, 0x1, 0x0)
bind$vsock_stream(r1, &(0x7f0000000040)={0x28, 0x0, 0x2710}, 0x10)
listen(r1, 0x0)
r2 = socket$vsock_stream(0x28, 0x1, 0x0)
connect$vsock_stream(r2, &(0x7f0000000640)={0x28, 0x0, 0x2710}, 0x10)
pselect6(0x40, &(0x7f00000000c0)={0x0, 0xffffffffffffffff, 0x0, 0x8, 0x0, 0x0, 0x2}, 0x0, &(0x7f0000000140)={0x1ff, 0x0, 0x0, 0xfffffffffffffffa, 0x0, 0x80, 0x0, 0xffffffffffffffff}, 0x0, 0x0)
shutdown(r2, 0x0)

16.518303707s ago: executing program 3 (id=4550):
r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000100)='blkio.bfq.io_queued\x00', 0x0, 0x0)
sendmsg$MPTCP_PM_CMD_SET_LIMITS(r0, 0x0, 0x80)
bind$alg(0xffffffffffffffff, &(0x7f0000000180)={0x26, 'hash\x00', 0x0, 0x0, 'hmac(md5)\x00'}, 0x58)
add_key$user(0x0, &(0x7f0000000300)={'syz', 0x0}, &(0x7f0000000280)="d25a", 0x2, 0xfffffffffffffffe)
add_key$user(&(0x7f00000003c0), 0x0, 0x0, 0x0, 0xfffffffffffffffd)
r1 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000001340), 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
read$msr(0xffffffffffffffff, &(0x7f0000002000)=""/102400, 0x19000)
sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000001c0)=ANY=[@ANYBLOB="400000003c0007010000000000400000017c00000400fc800c00018006000600800a000008000280040072801400070000"], 0x40}, 0x1, 0x0, 0x0, 0xc000}, 0xc010)
sendmmsg$unix(0xffffffffffffffff, 0x0, 0x0, 0x0)
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0xb47, 0x9, 0x8, 0x80000001, 0x3}, 0x0)
r2 = gettid()
timer_create(0xb, &(0x7f00000000c0)={0x0, 0x21, 0x800000000004, @tid=r2}, &(0x7f0000bbdffc))
timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
r3 = syz_open_dev$cec(&(0x7f0000000240), 0x0, 0x2182)
ioctl$CEC_RECEIVE(r3, 0xc0386106, &(0x7f0000000000)={0x0, 0x7, 0x1, 0x0, 0x0, 0x9, '&\x00', 0x0, 0x0, 0x4a, 0x0, 0x0, 0x0, 0xe})
sendto$inet6(0xffffffffffffffff, &(0x7f0000000000)="59dbe828e5379d2f1107463145aa8a33a999ff865d", 0x15, 0x80, 0x0, 0x0)
close(0xffffffffffffffff)
write$RDMA_USER_CM_CMD_CREATE_ID(r1, &(0x7f00000014c0)={0x0, 0x18, 0xfa00, {0x0, 0x0, 0x2, 0x3}}, 0x20)
write$RDMA_USER_CM_CMD_DISCONNECT(r1, 0x0, 0x0)

14.594483712s ago: executing program 3 (id=4554):
r0 = syz_open_dev$usbfs(&(0x7f0000000100), 0x76, 0x101b01)
ioctl$USBDEVFS_SETINTERFACE(r0, 0x80045510, &(0x7f0000000000)={0x5})
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
r1 = socket(0x11, 0x3, 0x4)
ioctl$sock_rose_SIOCDELRT(r1, 0x8917, &(0x7f0000000340)={@remote={0xcc, 0xcc, 0xcc, 0xcc, 0x2}, 0x7, @default, @rose={'rose', 0x0}, 0x2, [@bcast, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @bcast, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @bcast, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}]})
mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file0\x00', 0x108)
openat$vicodec0(0xffffffffffffff9c, 0x0, 0x2, 0x0)
sendmsg$nl_xfrm(0xffffffffffffffff, 0x0, 0x0)
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000300)=@bpf_lsm={0xd, 0x5, &(0x7f00000003c0)=ANY=[@ANYBLOB="d60a0000000000006111a0000054aa25477351604ebd9bf58ac479000000180000000000000000000000000000009500000000000000"], &(0x7f0000000000)='GPL\x00'}, 0x80)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x1)
ioctl$KVM_SET_CPUID2(r4, 0x4008ae90, &(0x7f0000000240)=ANY=[@ANYBLOB="01000000000000000d0000000000000001000000fbfffffffdffffb819c7161d9d3a5adc71a500000000000000000000f0d87701ca79570a668beecfb5fa0242f3859e8addfc8524a5c3ac6cc95a208fedc9c4ed2d073481343f07cce13d0a669f0d378eff14ab05da3e90feb4eb7cda7a4f274cba88aac7e7ffa69b5c655b9a6053fd3141f87525100e2ce5900e"])
ioctl$BTRFS_IOC_SNAP_DESTROY_V2(0xffffffffffffffff, 0x5000943f, 0x0)
r5 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
writev(r5, &(0x7f0000000300)=[{&(0x7f0000000380)="a728020000007560", 0x8}, {&(0x7f0000000100)="49040b00", 0x4}], 0x2)
syz_usb_control_io$hid(0xffffffffffffffff, 0x0, 0x0)
syz_usb_control_io(0xffffffffffffffff, &(0x7f0000000b00)={0x2c, &(0x7f0000000040)=ANY=[@ANYBLOB="00000f00000009003d140f3c369197d09647190890"], 0x0, 0x0, 0x0, 0x0}, 0x0)
r6 = syz_open_dev$hiddev(&(0x7f0000000080), 0x0, 0x0)
ioctl$HIDIOCGUSAGE(r6, 0xc018480b, &(0x7f0000000140)={0x1, 0x1, 0x6, 0x1000, 0xffff, 0x735})
ioctl$HIDIOCGUSAGE(r6, 0xd01c4813, &(0x7f0000000000)={0xfffffffe, 0x2, 0x3, 0x8, 0x9, 0x6})

13.873180724s ago: executing program 5 (id=4557):
clock_getres(0xa, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0xc090}, 0x0)
r0 = openat$nvme_fabrics(0xffffffffffffff9c, &(0x7f0000000140), 0xa0000, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e20}, 0x6e)
ioctl$sock_ipv6_tunnel_SIOCGETTUNNEL(r0, 0x89f0, &(0x7f00000002c0)={'syztnl1\x00', &(0x7f0000000240)={'ip6tnl0\x00', <r4=>0x0, 0x29, 0x0, 0xc, 0xffff8000, 0x4, @loopback, @private2, 0x10, 0x7, 0x7, 0xd92}})
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000440)=@bpf_ext={0x1c, 0xe, &(0x7f0000000180)=@framed={{0x18, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x3}, [@map_idx_val={0x18, 0x7, 0x6, 0x0, 0xc, 0x0, 0x0, 0x0, 0xc}, @tail_call={{0x18, 0x2, 0x1, 0x0, 0x1}}, @kfunc={0x85, 0x0, 0x2, 0x0, 0x5}, @initr0={0x18, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x1}, @func={0x85, 0x0, 0x1, 0x0, 0xfffffffffffffffa}]}, &(0x7f0000000000)='syzkaller\x00', 0xb67a, 0x1000, &(0x7f0000001400)=""/4096, 0x41100, 0x1, '\x00', r4, 0x0, r0, 0x8, &(0x7f0000000300)={0x4, 0x3}, 0x8, 0x10, &(0x7f0000000340)={0x5, 0x3, 0x1db2}, 0x10, 0xee91, r0, 0x3, 0x0, &(0x7f0000000380)=[{0x3, 0x1, 0xf, 0x1}, {0x3, 0x2, 0x4, 0x7}, {0x3, 0x5, 0xa, 0x8}], 0x10, 0x100}, 0x94)
sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={0xffffffffffffffff, 0x1f4, 0x0, 0x0, 0x0, 0x0, 0x6, 0x300, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffff80fe}, 0x50)
stat(&(0x7f0000000400)='./file0\x00', 0x0)
sendmmsg$unix(r3, 0x0, 0x0, 0x2000c010)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x1f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x14, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r5 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt$inet_sctp6_SCTP_ENABLE_STREAM_RESET(r5, 0x84, 0x76, &(0x7f0000000200)={0x0, 0x7}, 0x8)
setsockopt$inet_sctp6_SCTP_RECONFIG_SUPPORTED(r5, 0x84, 0x75, 0x0, 0x0)
setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r5, 0x84, 0x64, 0x0, 0x0)
r6 = add_key(&(0x7f00000013c0)='big_key\x00', &(0x7f0000000040)={'syz', 0x0}, &(0x7f0000000100)='[', 0xfe95, 0xffffffffffffffff)
keyctl$revoke(0x3, r6)
bpf$MAP_CREATE(0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="050000007f000000f00e00008001000000000000", @ANYRES32=0x1, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="000000000200"/17], 0x50)

12.328702718s ago: executing program 5 (id=4559):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbee2, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e21}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
setsockopt$packet_fanout(0xffffffffffffffff, 0x107, 0x12, 0x0, 0x0)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r4, &(0x7f0000000040)={0x0, 0x0, 0x0}, 0x0)
sendmsg$NFT_BATCH(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000240)=ANY=[@ANYRESHEX=0x0, @ANYRESHEX=r1], 0x140}, 0x1, 0x0, 0x0, 0x40480e0}, 0x4008014)

11.156676348s ago: executing program 5 (id=4562):
write$UHID_INPUT(0xffffffffffffffff, &(0x7f00000001c0)={0xd, {"08c39ee52f329f1698b1c4865f8b0a0a5eee9f496a0809c3d21c25867b6edda88489ab4c09fe0a7f1e8640aa8e344f412df0d69475a5d6570e21f31fac7dfb4aa7ade0e851582d5c1abdd809580cb34c9e48576b1c73ed76013256fca058ada3db47d86cc75b33cf762b67fe61f152618c49a40858f68794a4fc484ab73ccd254ba3d147f5feddaf91dacc238c0a8096f79597ca1e6da781fcf37a0141a335c6a7577d2d53c6e552a7be208381bb31d1d3e0e92ea651655217535734b286d3f19780a4c720075a36a734151f8c00e651cb3a6bbe30e3f6aee48750436da6471e965e81f38134674fcb697108fb7345010bb8fa15fba9b33355d7858327171ab9c68f6c21b2ffbff4eb061dab80bc77a4a7769e7ff73bcd98790e09415bfc5978cf5af45c3ec9ef9c1a39f766c59d59590281038dbcb765580ba2b3f141d5bbfc40910a0894cd1f22d2a8b6d4e4778debef99438b54d44b4b7568de2777431a5b2f3e8d1a45a60a468f5e33e8ef534f803dfb6798c270f52edf031ecd996bb78c4e92961c63c079676d77412ebc6074e5f235417785e7a14b14ce7626b015071c154cc2bf8f4499b93293e9997c23df4c7a1498cf12414fb31eb873728e4f613b540d22e7ca718f18da5b82ed24995e4309c3af4a2e1097465bf09728082d09e71ea365522035eb9772b8e072f8454777ee304dacd59d3eb9f933f151fa14f8c38eadbeba04810a2dea7a66824f09235c13a45f07870210d0d310ce3ae6284577bd4e65f32700f6723727926cb52e4f27776a1dab0f6668327ab5cf1893879a635261f2e0d9923ccecbf5b80f10a8275c1515f47930d614e787f14c105d3a4f8faf8e7f738cf4eae4fc39ef3db3cb87794ace87f7239b69dc4ab4e5ae57cdfbd309e847d99600ef14b51faead01e8ade57d24270bc13a1787896096eeacb8ab1c93d31d93cfb244bb09ecfecf336362a5656db7df327cbb9aeb898f8af229c7bb9452805f2b4510c5df86b6d564e01f000000167ade5205331523a6392af2bea9e6db0ba5480cbf1b202714233289c4017cb66e83c0c8b6e88bedb922162d0ceecf6c5da173bbefe6781ab7720d2be6cca378db650c69d4228141ae190922fbbaddb86c7f0fe138b704e8305b3bcc7910b2280d96d71dafdbfa876b0013fc4de586f85d9ee077b6349becbdca8bd989a51c4c76ed8a8cc691a65078e0272a62edec8236a779f0cbffeda49dcdccd4def7064e0d77ae5a8c64f3057b4a3a0d4457d33f2bc6c112378315411baa4bb126fe540d750491fc58fbb66911ef82bce5ed76872dbcd8e05dea2f3f347a653aa39ab5d75e71671bfeb924e71476134dbf91e3f287fd853cc34bf81e717edd41aa04b6fbeb43cf2074f0c8fe5350401b6cff801c147a3b58b972aa5652629a9fd8b1df2852708ce958d4e9974ec4383aa5da4e3f75fdc85981e97b75863546f67a8703673b6fe2c26f0e9eeb8c45c26f673adac55fa5d69b82ae7d032fd3b26866047e8c029b90a62794a89c11398944b398b4177b2dcc5a743c16d4a5333b1e30af678d3db8df849c1753db067a6f94bab00c0dd3c7e94a8675924c89bda98ac09e10bcdf83f5114b9b466c413477a5cdc48c857230798934bcc1f0eb3a2d2944b139e459af32e515785f46ed4e97cdcb23c7e4dc7c4f91b5b5ca5228344aeb6652fffaf31325c7429bc70a5f6beaaa98ef190dffdeccc94bd814b3edfdd48243bf34291076ab5438ee00e924a827d5b453df42d24144fe1a45bb6c84fcbb2143d0a561c1e867c1279bdf0a47061ea77a84f36c720aff785f0db10eda84c767b5f3874f9455c0f026735ded32f0403ef7dbcf97d2233d59c670114ddf89314ba74fc248bcbdbf43c24e46304e229b3cf583aa410f4dfd119152495da8737518ee2a05a8ca1f004be3c551408f2e4013e444b63bf2bb26ddeae505642dffcc989ee241c48741181b506e22fdc4530319522780c74bf786852dc66ebbb51f8ecbb1e35de09ef7afe589bb8a31c5d63477db5d5e7174694ea04cfa98057d39127a4e5eedb4897a491c6693acd0a036abf846f3b6f3006e5e5fd586f29a4a8a31abbccf732e4f1b88187a72d669c16302657e9cbbeb9322662e111edc7771526400b6123d0f8207bcaa38bee07043e36e223d418ac948d65e7acfe72cc3fdcf03a3e43ecfec8ae489ddba09126709c5c7968829e3504de8a5010c9372de09476a7b96b04d7aed2486d8f89f21f075321abe350024abe00a81f87df3dc372fc3206496776c26b6958243070bda4cace3e358da5d39a3945765c2ba4b002b06efd416af66f3343f218ed84550ea83f02f9a5c3fc677ea60987aa25f0406d6154081cfdc074814a2465accdfa102858f5a52c9eae293c56ddcaf8f6926d3dd0ccb51a30c960d6b7e473038ebd3702b5106f6bc040efdfd7169fd3f2dc42ff23de26a239e13b74278729fd7e843b38a35c55fd50181ac13a9cbbbfd8feb36afaeb1993349c0ac5a0c44ffd92919dfe272b0f8ed7df7198cd299715f021109a58dced4753d3c7ddd6e9ea01596f18b2fe7000000004ccfca57aed5b5cebdff65de480a56bd53f4c7f83ddef00d7c9686311d1fce76f320bb3222a11db30ba6ed31535d8fda61e694478ca9935d72719b8d6b9be88ae3df30b60ee251b919b4d1734b994c62accdf855488b351738331b462eccf27efdc5577d7a5548579dc90d227a42ac010f33a720dc3cf0a63454f8b07c775287495761a058ec1e28e6aaf8057241f4ef8b5de56e279355bb66630c4ddf35e7c2cfff26a4241b1df0379d2a1e9f959e46d3843f89844ead50aff44640fcbc4a1edb033afff7cc9e57c4f8d31900764233e11fa4c28e547788c1b00de4268df692ba3415a9ad90fa712f9618f5ecff57da32809380eeff040cd3b23f508614c72b303cec3bcd732708303b166193366a062b9cea536f28478c387e626744c6a611a8e7162d274efccc84eee8eb31d3310c86752777dd5b5ffe234e895c54909f19a4aabcf3c15b90c02170409e314fd90e766ec4ba93c8ec6321237a980ad3c32fb2fab69e57541ea7f5427a85c2c57d40f9ebe9de5572f46a4713fb28e0af42d0adef3e29195aa41a3ba318181512eebfadffede4e35ff7f975928edc5d4d9f2d931fb44b30e1df55e66c52e1648e9cdaf71221b57c6a6b087428ccc57ade5b1531341cba2be452b426c434c70fd8c493337d4995cbd76ea1dd545226e3eb59d5f94ffb5352f87a4a66cd7c5e88322404fd397c46e198646a9c819d0eb1f10e54d8a3ea912f1cb134ff1095aa7325287f6ea9af8c13b67d6abcbb70dbc06838ecb33e45b60f6cb832c3e72d1401770f66bd02f35a2d007815ab676099e31f5102000000c0e83d5e7107c8dc5830c9cddb9781185b94d7f2814c5058ba3ac54c268741c5728f4997a9628602c2a36090162379f3f37c47619b3e7c7397a5913b7060b51e0c7f7226ff1135444f866f89a4b74136cbd3acb7178bd63183b3fd9cd19fdeb6fcc6341910ad4605da76a9af4bfb8b75fcd666f8188902b380ae560d9aa04f8f9b0ac5c109d1824a470726e06a49d955f8f71c8a86081e75b13f62600deb941da181eaff544cd559c467d8dae432debd22e7a7b3e1ad731a5b9470f5f60423dda061ff899c07c79f3da34f38e1d8182d6ee0c36c602945509167be440382a8a8a759b20e41638fd57152029b190b5701d30a86f579e2d0cc53a2f809ca9bd3aba1eb2772a7acc35c4d983afa83a9baea35c0ed4931234719636cf8f5fe1884bde6cebbdf23bd62b1ebf0a5cb78c27295349bd7d5cf28c4ee4689497238fd3aa71a417914e6892667a56bd69dc2e5882cfb67df71494e9a9199e025892e4e7435f727636cd988cc7563d28db5133f649849c5b3973a3428de10ad39d96146b22acc50f50eee5a038876452b960686892de40efe30081ccdaa2bf64af78d5988026e529b36c62a21378ac42d220d0dd878010178e374e6dbb2b61206066d04e729ed03c6fd9a4e00547fe9304aec0925d85a0acd07fdc5d48c1a1cff656916f5d25952327792255e0d606a32517781cc3d737ec753eb95b5b5b95dabd8946907ab54cc85d05b475e2e5486c6fc070417198d3a50910e2949d20d3fa68fd327934cff5171224942b8f18d88947763a7c710d09c4b269bdf2d3e715329917fb70728a4a0530999b755ba8fc04deabf4bc4bcffc4d62d491538c65078122bf2c263ae0020af67cfc9cf19e5b929e086af281fb43d5504d728935c5cfac136eb81703d50fddb39a5a713b2914c6acd9b2d07819cf7bba495ac5734fe423e611d309b80eeafcf9053d51b0ab3c29d5ca5eb8861ffc1ebc4d53f361b8991baecb52860c15202f979e34054fcde869d018103ccd6d914a70f1840fc6aaf426beec975ddb980b19b0f4cc2ca393c0b9e6ebe5e7d1c9fc1ef7a1c91378f0b73262993fb80667ecf62bac3c47cbd002ae1b87b8dc3ec99d5c987765d778868eb55022cc3bed14b8f934a584bcc98fa0b4f6e6982ab8d8a2bb49f9074ef429dd7b8db332a96ccec6983a97be7c8634c02e7937ffc8d613b83aa375886bf40a87ec062090382f874bf2c8e5fbb58ac18a46c4d9e85af3ca21bdacb7755f49776b0eb3972ff682c84beb07d74cbe2764e378253e72128991b73d2730704a5448280e8a0fd8cc87d4cddcffbfe5525ae3d2304877a3988e33c8e12bf77793e753f25840e9af2ce56bdb999fc62623a2298b4244534f662eb398a2577c72f6cfd5174697dcee151d4f3a7293b11de3889c43744da4165aca4e4a1e926d37ae4d7471584a06f3641f2037a74a58c2397a594f29d142d59f91bb57e24e1a3f30f68c626033cc34895c1b16d62e3a375c3e09f5dbd9338cd3a500643143cd404b57019c648c3ec31d696233fe16efc3c4c84aca0830ca8b9fbf1144b98d82f41e4cf67631c74cdcf8d9c8b8556b876ff1592683ccac0b47a26cb3a2cb1b917f433bb54e0b53deae9ac4b1cd0594c1fa0e6744e7ed88fdac60901e3da989f3b0d7c12b140cc576fa1b0e8e705321d37c303691aafc9fed9c3dc419078d0925ead56455ea5f3cd57941e410c1c14c2e8972d7cca44fcaca1f64fc817f4a41b6d9fb237fed159cb09e788ae560726537f49cb64b9f60915d402e0931355c55ad792cde758548b1af54b196e414046d4af3579a6c30ceac3d68bbfd2adef309c064e759a9f0dd69d682a3880b8ff27b69abffaa45ee7e65d8f1f6e40c188f6249fdf72220b4c87243217ba0292b9e9b67ebeda4fb83406216a4d765812bafeff34cc57f7d2cd1608282079c076055b9cabffe5fa491b970291bc2672540ccc15ed877d7dbe3ef683724c715ace770905e48c2dc6a44e1fc095773676d070eac00ee3834b07590cba7093f56b678313870471c81599d34c53fc03ec6c913d8ba3f604ace8da12d2025cbb5000bc062f4db65a6feacaf3915206d1c15ce7e78c17dc2ea32cb57d6fab0a22d487c77118e75016006f812541ec8180a321287a2d57248d4ee4a19706a19d802c70e250c3b0fc400a0b5cdc06537d2f55fd5300be4eeeaab8cc481a84b6a5e17d8c47ec92fe40710d4ec3530a94ca16710ade2ec7562398106e0ddbb6c8af6412166afd99d45d29a3a967e58decd0d6fc5bebb98d639b5606efd358a43d635d50f0ccb8472197da604994e7fb700243d5f7e45700", 0x1000}}, 0xffffff5c)
r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000700)=ANY=[@ANYBLOB="12010000000000408c0d220000000000000109022400010000000009040000010300000009210000000122050009058103"], 0x0)
syz_usb_control_io$hid(r0, 0x0, 0x0)
syz_usb_control_io(r0, &(0x7f0000000740)={0x2c, &(0x7f0000000980)=ANY=[@ANYBLOB="00000001000000090090"], 0x0, 0x0, 0x0, 0x0}, 0x0)
r1 = socket$inet6_sctp(0xa, 0x5, 0x84)
sendto$inet6(r1, &(0x7f0000847fff)='X', 0x34000, 0x600, &(0x7f000005ffe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r1, 0x84, 0x82, 0x0, 0x0)

10.588908396s ago: executing program 3 (id=4563):
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000000)={'bond0\x00'})
prlimit64(0x0, 0xe, &(0x7f00000007c0)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f00000003c0)={0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, <r2=>0x0}, 0x30)
bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000400)={r2}, 0x4)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
r3 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r3, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
syz_open_dev$dri(0x0, 0xd21, 0x0)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_MSG_GETOBJ(r4, &(0x7f0000000340)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x10}, 0xc, &(0x7f00000001c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="20000400130a010200000000000000000300000a0900020073797a3100000500"], 0x20}, 0x1, 0x0, 0x0, 0x4000000}, 0x20040000)
r5 = socket$kcm(0x2, 0x5, 0x84)
setsockopt$sock_attach_bpf(r5, 0x84, 0x7b, &(0x7f0000000000), 0x8)
r6 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000002c80)={0x6, 0xc, &(0x7f0000000580)=ANY=[@ANYBLOB="18020000000000000000000000000000850000000e000000180100002020692500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b701000000000000850000007b00000095"], &(0x7f0000000180)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x23, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0xfe66}, 0x94)
r7 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r7, &(0x7f0000000080)={0x26, 'hash\x00', 0x0, 0x0, 'xxhash64-generic\x00'}, 0x58)
r8 = accept4(r7, 0x0, 0x0, 0x0)
sendmmsg$inet6(r8, &(0x7f0000007bc0)=[{{0x0, 0x0, &(0x7f00000004c0)=[{0x0}], 0x1}}], 0x1, 0x0)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000002c0)={r6, 0x0, 0xe, 0xffffffffffffffac, &(0x7f0000000100)="0000000000000000000051229dc9", 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x50)
sendmsg$NFT_BATCH(r4, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000200)=ANY=[@ANYBLOB="140000001000010007000000000000000000000a20000000000a03000000000000000000010000000900010073797a300000000048000000090a010400000000000000000100000008000a40000000000900020073797a32000000000900010073797a3000000000080005400000001f0c00098008000140000100075c0000000e0a01020000000000000000010000000900020073797a32000000000900010073797a30"], 0xec}, 0x1, 0x0, 0x0, 0x44080}, 0x0)
mlock(&(0x7f00007d8000/0x800000)=nil, 0x800000)
mlock(&(0x7f00007d8000/0x800000)=nil, 0x800000)
syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
r9 = socket$kcm(0x10, 0x3, 0x10)
sendmsg$kcm(r9, &(0x7f0000000000)={0x0, 0xffffff2d, &(0x7f0000000080)=[{&(0x7f0000000040)="c00e020022003505d25a806f8c6394f90224fc60041411000a7403004714000037153e370248018000f01700d1bd", 0x33fe0}], 0x1}, 0x0)
mkdir(&(0x7f0000000040)='.\x00', 0x9a)
sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000440)=ANY=[], 0x4c}, 0x1, 0x0, 0x0, 0x40000}, 0x440c1)

8.458881589s ago: executing program 2 (id=4567):
socket$kcm(0x2b, 0x1, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
keyctl$revoke(0x3, 0x0)
r1 = syz_open_dev$sg(0x0, 0x0, 0x9840)
ioctl$SG_IO(r1, 0x2285, 0x0)
bpf$BPF_BTF_LOAD(0x12, 0x0, 0x0)
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000980)=ANY=[@ANYBLOB, @ANYRES32, @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/20], 0x50)
bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0x8, &(0x7f0000000740)=ANY=[@ANYBLOB, @ANYRES32=r2, @ANYBLOB="0000000000000000b70300004f0000008500"], 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
socket$netlink(0x10, 0x3, 0x8000000004)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x5, &(0x7f0000000040)=ANY=[@ANYBLOB="1800000000000000000000000080000085000000d0000000a50000009700000095"], &(0x7f00000000c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
r4 = dup2(r3, r3)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sys_enter\x00', r4}, 0x10)
getegid()

8.359868794s ago: executing program 3 (id=4569):
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f00000035c0)={0x0, 0x0, &(0x7f0000003580)={&(0x7f0000000280)=@newsa={0x180, 0x10, 0x1, 0x0, 0x0, {{@in=@empty, @in6=@remote, 0x0, 0xf00, 0x0, 0x1, 0xa, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff}, {@in=@rand_addr=0x64010102, 0x0, 0x6c}, @in=@remote, {0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x4}, {}, {}, 0x0, 0x0, 0xa, 0x0, 0x1, 0x20}, [@algo_comp={0x48, 0x3, {{'deflate\x00'}}}, @algo_auth={0x48, 0x1, {{'tgr128\x00'}}}]}, 0x180}}, 0x4810)

8.236338404s ago: executing program 0 (id=4570):
socket$nl_netfilter(0x10, 0x3, 0xc)
socket$nl_route(0x10, 0x3, 0x0)
openat(0xffffffffffffffff, 0x0, 0xe00c2, 0x48)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
getsockopt$packet_int(0xffffffffffffffff, 0x107, 0x9, 0x0, &(0x7f0000007d40))
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_IPV6_FLOWLABEL_MGR(r1, 0x29, 0x1b, &(0x7f0000000000)={@private2={0xfc, 0x2, '\x00', 0x1}, 0xfffffff, 0x2, 0x0, 0xa, 0x0, 0x4}, 0x20)
sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, 0x0}, 0x0)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
sched_setscheduler(r0, 0x2, &(0x7f0000000040)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000500)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x22, '\x00', 0x0, @fallback=0x3, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94)
socket$nl_audit(0x10, 0x3, 0x9)
r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000300)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b70300000000000085000000"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000240)={&(0x7f0000000200)='sched_switch\x00', r4}, 0x18)
r5 = bpf$MAP_CREATE(0x0, &(0x7f00000003c0)=ANY=[@ANYBLOB="0200000004000000040000000800000000000000", @ANYRES32=0x1, @ANYBLOB="00000000000000000000000000000000b200000056e5f6b63e22507fe8a6ba9178803f43a7ebcd8faafd9a7ac3142e2473210e9695941caee5b2d2e11e7be1138b8d05", @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x48)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)={<r6=>0xffffffffffffffff})
socket$kcm(0x2, 0xa, 0x2)
r7 = socket$unix(0x1, 0x1, 0x0)
syz_usb_connect$uac1(0x5, 0xdc, &(0x7f0000000280)=ANY=[@ANYBLOB="12010000000000106b1d01014000010203010902ca0003010070000904000000010100000a24010800000201020d24060000030800000000000000240803960c03112d9cd2ce0c240208000103000000ff000924060506020100000924030003030005490c240206", @ANYRES8=r7, @ANYRES64=r6], 0x0)
r8 = bpf$MAP_CREATE(0x0, &(0x7f0000000800)=ANY=[@ANYBLOB="0d00000023000000040000000200000040000000", @ANYRES32=r5], 0x48)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000a00)={{r8}, &(0x7f0000000980), &(0x7f00000009c0)=r5}, 0x20)

8.235632393s ago: executing program 2 (id=4571):
r0 = socket$kcm(0x10, 0x2, 0x4)
close(r0)
socket$kcm(0x10, 0x2, 0x0)
sendmsg$inet(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f0000000140)="5c00000011006bcc9e3be35c6e17aa31076b876c1d0000007ea60864160af36514001ac00800020004000200060000000364bc24eab556a705251e618294ff0051f60a84c9f4d4938037e786a6d0001000000e4509c5bbcd72c6c953", 0x5c}], 0x1, 0x0, 0x0, 0x1f00c00e}, 0x0)
connect$llc(0xffffffffffffffff, &(0x7f0000000340)={0x1a, 0x0, 0xfe, 0x3, 0x6, 0x9d, @random="00d8d37d95c5"}, 0x10)
syz_usb_connect(0x3, 0x3d, &(0x7f00000001c0)=ANY=[@ANYBLOB="12010002a91d21402577a8b046070102030109022b00010000000009045f00020103df00090505c70996bf00e5090501020800010000072501", @ANYBLOB=')'], 0x0)
syz_usb_connect$cdc_ecm(0x3, 0xbe, &(0x7f0000000480)={{0x12, 0x1, 0x110, 0x2, 0x0, 0x0, 0x10, 0x525, 0xa4a1, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0xac, 0x1, 0x1, 0x3, 0x80, 0x3, [{{0x9, 0x4, 0x0, 0x2, 0x3, 0x2, 0x6, 0x0, 0x2, {{0x6, 0x24, 0x6, 0x0, 0x0, "8a"}, {0x5, 0x24, 0x0, 0x1}, {0xd, 0x24, 0xf, 0x1, 0x400, 0x2, 0x7, 0xe}, [@ncm={0x6, 0x24, 0x1a, 0x4, 0x1}, @mdlm_detail={0x3a, 0x24, 0x13, 0x4, "66333b8d1330bc7c27c686e937ec56ae674451e29ccebd0b0b55850630224b79afa6dfe4daaabce66802c16d569efe48baad6b074028"}, @mdlm={0x15, 0x24, 0x12, 0x2}, @dmm={0x7, 0x24, 0x14, 0x6, 0x3}, @dmm={0x7, 0x24, 0x14, 0xfffe, 0x8427}, @acm={0x4}]}, {[{{0x9, 0x5, 0x81, 0x3, 0x200, 0x8, 0x93, 0x1}}], {{0x9, 0x5, 0x82, 0x2, 0x200, 0x7f, 0x3, 0x1}}, {{0x9, 0x5, 0x3, 0x2, 0x40, 0x1, 0x1, 0x5}}}}}]}}]}}, &(0x7f0000000180)={0xa, &(0x7f00000000c0)={0xa, 0x6, 0x310, 0x3, 0x8, 0x97, 0x40, 0x2e}, 0x21, &(0x7f0000000100)={0x5, 0xf, 0x21, 0x4, [@wireless={0xb, 0x10, 0x1, 0xc, 0x10, 0xdb, 0x6, 0x5, 0x7}, @ext_cap={0x7, 0x10, 0x2, 0xc, 0x9, 0x7, 0x6}, @ptm_cap={0x3}, @ext_cap={0x7, 0x10, 0x2, 0x6, 0x6, 0x8, 0x6}]}, 0x2, [{0x4, &(0x7f0000000140)=@lang_id={0x4, 0x3, 0x41e}}, {0x67, &(0x7f0000000200)=@string={0x67, 0x3, "bcd99b852638bc85ad1327091c9ace13e0859f6950c153450a76cc3c4f58adb6d5e9f6a85d129a1d9f833dca81d71dcb3a9120ac3a150abd1a68dd8037bbc8c0ff77f96bda383c12f72c70f5450266ecbcbbbfa4443ffc199d95363dc4f791b2b6b33ff3c3"}}]})
pipe2$watch_queue(&(0x7f0000000280)={0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x80)
ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_CLIENT(r1, 0x404c534a, &(0x7f00000002c0)={0xf, 0x7fff, 0x800})
ioctl$AUTOFS_DEV_IOCTL_PROTOSUBVER(r1, 0xc0189373, &(0x7f0000000380)={{0x1, 0x1, 0x18, <r2=>r1, {0x283}}, './file0\x00'})
ioctl$UFFDIO_REGISTER(r2, 0xc020aa00, &(0x7f00000003c0)={{&(0x7f0000ffd000/0x1000)=nil, 0x1000}, 0x6})
getsockname$packet(r1, &(0x7f0000000400)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @multicast}, &(0x7f0000000440)=0x14)

8.207521633s ago: executing program 4 (id=4572):
r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)={0x2, 0x4, 0x8, 0x1, 0x80, 0x1, 0x0, '\x00', 0x0, 0x0}, 0x48)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="1b00000000e00000000000000080000000000000", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000640)={0x1f, 0x19, &(0x7f0000000900)=ANY=[@ANYBLOB="180000001f000000000000007e00000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000010100007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000010000008500000082000000b7080000000000007baaf8ff00000000b5080000000000007b8af0ff7ce5f2f39e0a00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70500000800000085000000b30000009500000000000000"], &(0x7f00000000c0)='GPL\x00', 0x3, 0x0, 0x0, 0x41000, 0x18, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xebfb}, 0x94)
pipe(&(0x7f0000000040))
r3 = syz_open_dev$sndpcmc(&(0x7f0000000180), 0x0, 0x0)
ioctl$SNDRV_PCM_IOCTL_HW_REFINE(r3, 0xc2604110, &(0x7f0000000680)={0x4, [[0x80000000, 0x0, 0x9, 0x1, 0x3, 0x0, 0xf, 0x1], [0x4, 0x100000, 0x0, 0x2, 0x10, 0x0, 0x2], [0x100091, 0x0, 0x2, 0x4, 0x7, 0x0, 0x6f8, 0x7fffffff]], '\x00', [{0x0, 0x7}, {}, {0x4}, {}, {}, {0x8}, {0xe}, {}, {}, {0xc}, {0x2, 0xf7bc}, {0x0, 0x3}], '\x00', 0x310})
r4 = socket$nl_route(0x10, 0x3, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xe, 0xebb6}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x6)
r5 = getpid()
sched_setscheduler(r5, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f00006b7000/0x3000)=nil, 0x3000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000240)={<r6=>0xffffffffffffffff, <r7=>0xffffffffffffffff})
sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2)
connect$unix(r6, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r7, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r6, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setaffinity(0x0, 0xfffffffffffffc33, &(0x7f0000000280)=0x2)
r8 = syz_open_dev$I2C(&(0x7f0000003000), 0x0, 0x0)
ioctl$I2C_SMBUS(r8, 0x720, &(0x7f0000003080)={0x1, 0x0, 0x6, &(0x7f0000003040)={0x0, "f4e1a230be8f46463fb1a5f1b44f44eaa65e485b747aa95df8c005af07677d18bc"}})
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xc, &(0x7f0000000400)={0x1, &(0x7f0000000380)=[{0x7, 0x0, 0x0, 0x7fdfffff}]})
r9 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
write$uinput_user_dev(r9, 0x0, 0x0)
ioctl$UI_SET_SWBIT(r9, 0x4004556d, 0x0)
ioctl$BINDER_WRITE_READ(r8, 0xc0306201, 0x0)
sched_getattr(r5, &(0x7f0000000080)={0x38}, 0x38, 0x0)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x89a0, 0x0)
sendmsg$nl_route(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000001080)={&(0x7f0000000440)=ANY=[@ANYBLOB="4800000010000305000000000000000000cf0000", @ANYBLOB="08fd547e19623dd1963d70e4988845fc96f40af0b02c2913a110d63494dc799c540a7ff9c25d862e7d3c4976ea872cfe430bf9e3e688919a4b1e37d3eaf20aac58f9d838a359213b58303e970ab3eb79fb8706982a14a3c8d0bcb4a4e18bea798f86e78847915a974b3a5cef2d6549c26cf650a671e99eaa78642091cd037bd7a43a36f78077339fc30cf285886b768690df322760d8880a1c36ad9402a192ee2d517dfc2083157ee75ae1eb1be8ea44d3eda1c32a7e0afb08ccb86c17b8ff659fd573fe92ae70", @ANYBLOB="03000000000000c64686bd575e5400200012800800010067726500140002800800", @ANYRES32], 0x48}, 0x1, 0x0, 0x0, 0x24040000}, 0x2000800)
bpf$PROG_BIND_MAP(0xa, &(0x7f0000000000)={r2}, 0xc)

8.189242868s ago: executing program 3 (id=4573):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x11, &(0x7f0000000180)=0x1400200bce)
r0 = syz_open_dev$MSR(&(0x7f0000000200), 0x0, 0x0)
read$msr(r0, &(0x7f000001b700)=""/102384, 0x18ff0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
fsopen(&(0x7f0000000000)='cifs\x00', 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x0)
mount$fuse(0x0, 0x0, 0x0, 0x2b38094, &(0x7f0000000400)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=0x0])
mount(0x0, &(0x7f0000000380)='./file1\x00', &(0x7f0000000040)='autofs\x00', 0x0, &(0x7f0000000400))
chdir(&(0x7f0000000080)='./file1\x00')
mkdir(&(0x7f0000000300)='./bus\x00', 0x0)
chdir(&(0x7f0000000140)='./bus\x00')
mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0)
mkdir(&(0x7f0000000040)='./file1\x00', 0x0)
mkdir(&(0x7f0000000000)='./bus\x00', 0x0)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x80, &(0x7f0000000380)={[{@upperdir={'upperdir', 0x3d, './file1'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@workdir={'workdir', 0x3d, './bus'}}]})
openat$cachefiles(0xffffffffffffff9c, &(0x7f0000000080), 0x201, 0x0)

6.872604969s ago: executing program 4 (id=4574):
bpf$MAP_CREATE(0x0, &(0x7f0000000dc0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000740)={0x3, 0x4, &(0x7f0000000000)=@framed={{0x18, 0x2, 0x0, 0x0, 0xfffffffe, 0x0, 0x0, 0x0, 0xfffffff1}, [@call={0x85, 0x0, 0x0, 0x18}]}, &(0x7f00000006c0)='GPL\x00', 0x3, 0x0, 0x0, 0x41100}, 0x94)
syz_open_dev$media(0x0, 0x3, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8a}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000240)=0x1)
socket$nl_route(0x10, 0x3, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000680)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
unshare(0x18060180)
setsockopt$ALG_SET_KEY(0xffffffffffffffff, 0x117, 0x1, &(0x7f0000000700)="b7f2288a911993f08d3aaea2bc0000de", 0x10)
sendmmsg$alg(0xffffffffffffffff, 0x0, 0x0, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
listen(0xffffffffffffffff, 0xfffffffd)
openat$vcs(0xffffffffffffff9c, 0x0, 0x6c8180, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000140)={0x18, 0x3, &(0x7f00000022c0)=ANY=[], &(0x7f0000000040)='syzkaller\x00', 0x3}, 0x94)
socket$netlink(0x10, 0x3, 0x0)
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f00000001c0)={0xffffffffffffffff, 0x0, 0x24, 0x7, @void}, 0x10)
syz_clone3(0x0, 0x0)
r2 = socket(0x840000000002, 0x3, 0x100)
connect$inet(r2, 0x0, 0x0)
ioctl$AUTOFS_DEV_IOCTL_PROTOSUBVER(0xffffffffffffffff, 0xc0189373, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0x11, 0x16, 0x0, &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x63917fb493517fda, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000040)=ANY=[@ANYBLOB="18000000000000060000000000000000850000000f000000c5000000a000020095"], &(0x7f0000000280)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f0000000200)='i2c_write\x00', r3}, 0x10)
r4 = syz_open_dev$I2C(&(0x7f0000000800), 0x0, 0x0)
ioctl$I2C_SMBUS(r4, 0x720, &(0x7f00000000c0)={0x1, 0x0, 0x5, &(0x7f0000000080)={0x6, "96ab3f272339cf3935a8824943478cb18a5722d2da3a03f39b5eaee25558f362e7"}})
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000002c0)={r0, 0x0, 0xe, 0x44, &(0x7f0000000100)="0000000000000000000051229dc9", 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)

6.2593683s ago: executing program 2 (id=4575):
openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder1\x00', 0x1002, 0x0)
openat(0xffffffffffffff9c, &(0x7f000000c380)='./file0\x00', 0x40, 0x1)
epoll_create(0x10000)
socket$rds(0x15, 0x5, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
socket$nl_netfilter(0x10, 0x3, 0xc)
socket$nl_netfilter(0x10, 0x3, 0xc)
socket$inet_mptcp(0x2, 0x1, 0x106)
socket$kcm(0x10, 0x3, 0x10)
socket$xdp(0x2c, 0x3, 0x0)
pipe2(&(0x7f0000000080), 0x0)
socket$rds(0x15, 0x5, 0x0)
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000140)=ANY=[@ANYBLOB="9000000010000305000000000400000000000700", @ANYRES32=0x0, @ANYBLOB="996e06004d4c0700540012800800010068737200480002800500030008000000050003000500000005000300fd00000008000200", @ANYRES32=r0, @ANYBLOB="08000100", @ANYRES32=r1], 0x90}}, 0x0)

6.258528325s ago: executing program 4 (id=4576):
mknod$loop(&(0x7f0000000180)='./file0\x00', 0x6000, 0x0)
r0 = creat(&(0x7f00000000c0)='./file0\x00', 0x0)
r1 = dup2(r0, r0)
ioctl$BLKTRACESETUP(r1, 0xc0481273, 0x0)

6.249187789s ago: executing program 5 (id=4577):
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="020000000400000008000000010000008000", @ANYRES32=0x1, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB='\x00'/25], 0x48)
r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
ioctl$F2FS_IOC_GET_COMPRESS_BLOCKS(r0, 0x8008f511, &(0x7f0000000240))
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000300)=ANY=[@ANYBLOB="18010000120000000000000000000000850000006d000000180100002020642500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffff}, 0x94)
ioctl$SNDRV_TIMER_IOCTL_NEXT_DEVICE(0xffffffffffffffff, 0xc0145401, &(0x7f0000000240)={0x7, 0x3, 0x0, 0x2, 0x8})
socket$inet_icmp_raw(0x2, 0x3, 0x1)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f00000000c0)={'wlan0\x00'})
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={<r2=>0xffffffffffffffff})
r3 = socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000f80), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000300)={'wlan0\x00', <r5=>0x0})
sendmsg$NL80211_CMD_NEW_STATION(r3, &(0x7f0000001080)={0x0, 0x0, &(0x7f0000001040)={&(0x7f0000000380)={0x40, r4, 0xb97534d5fe9704cf, 0x0, 0x0, {{}, {@val={0x8, 0x3, r5}, @void}}, [@NL80211_ATTR_STA_SUPPORTED_RATES={0x6, 0x13, [{0x4, 0x1}, {0x60, 0x1}]}, @NL80211_ATTR_MAC={0xa, 0x6, @device_b}, @NL80211_ATTR_STA_AID={0x6, 0x10, 0x580}, @NL80211_ATTR_STA_LISTEN_INTERVAL={0x6, 0x12, 0x1}]}, 0x40}, 0x1, 0x0, 0x0, 0x80c1}, 0x0)

6.1046102s ago: executing program 4 (id=4578):
r0 = socket$inet6_sctp(0xa, 0x5, 0x84)
bind$inet6(r0, 0x0, 0x0)
listen(r0, 0x4)
setsockopt$inet_sctp6_SCTP_RECONFIG_SUPPORTED(r0, 0x84, 0x75, &(0x7f0000000000)={0x0, 0x4}, 0x8)
setsockopt$inet_sctp6_SCTP_ENABLE_STREAM_RESET(0xffffffffffffffff, 0x84, 0x76, &(0x7f0000444ff8)={0x0, 0x7}, 0x8)
prlimit64(0x0, 0xe, &(0x7f00000007c0)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
ioctl$USBDEVFS_CONTROL(0xffffffffffffffff, 0xc0105500, &(0x7f0000000000)={0x80, 0x6, 0x301, 0x0, 0x2, 0x0, 0x0})
mq_open(0x0, 0x840, 0x0, 0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(0x0, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(0x0, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000000850000002d00000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
r2 = socket$tipc(0x1e, 0x5, 0x0)
bind$tipc(r2, &(0x7f0000000000)=@nameseq={0x1e, 0x1, 0x0, {0x41}}, 0x10)
listen(r2, 0x0)
r3 = socket$tipc(0x1e, 0x5, 0x0)
sendmsg$tipc(r3, &(0x7f0000000240)={&(0x7f0000000080)=@name={0x1e, 0x2, 0x0, {{0x41}}}, 0x10, &(0x7f0000000340)=[{&(0x7f00000002c0)='/', 0x1}], 0x1, 0x0, 0x0, 0x40}, 0x0)
accept4(r2, 0x0, 0x0, 0x0)
r4 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0x0, 0x7fffffff}]})
close_range(r4, 0xffffffffffffffff, 0x0)
io_uring_enter(0xffffffffffffffff, 0x847ba, 0x0, 0xe, 0x0, 0x0)
syz_clone3(&(0x7f0000000540)={0x102840000, &(0x7f00000003c0), &(0x7f0000000500), &(0x7f0000000100), {0x25}, &(0x7f0000000480)=""/21, 0x15, 0x0, &(0x7f00000001c0)=[0x0, 0x0, 0x0], 0x3}, 0x58)
r5 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000dfff75390000000000000000850000007d00"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000380)={0x0, r5}, 0x18)

6.06810322s ago: executing program 5 (id=4579):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000240)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
prlimit64(0x0, 0xe, 0x0, 0x0)
mount$cgroup2(0x0, &(0x7f00000004c0)='.\x00', &(0x7f0000000480), 0x48, &(0x7f0000000800)=ANY=[@ANYBLOB])
r3 = syz_open_procfs(r0, 0x0)
r4 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$IPT_SO_SET_REPLACE(r4, 0x0, 0x40, &(0x7f0000000380)=@raw={'raw\x00', 0x64, 0x3, 0x300, 0x6e, 0xffffffad, 0x190, 0x190, 0x190, 0x268, 0x268, 0x268, 0x268, 0x268, 0x3, 0x0, {[{{@ip={@remote, @local={0xac, 0x14, 0xd}, 0x0, 0x0, 'caif0\x00', 'ip6tnl0\x00'}, 0x0, 0x70, 0x190, 0xffffffc5, {}, [@common=@unspec=@string={{0xc0}, {0x0, 0x0, 'bm\x00', "bdc74c01369df17d17ac76fa5f9b3bfa0c34430d864040bc25b2b73a59aa6ecab6b1d2cc05e3182f64694d7d05fb8b8c8f56627a54f905d564eeeb8334f650ca0f3c44f7fda4d20a55050342ea85ecc8838e7088de33582f36a0a375bb7008adc297a5ece1bb2df53d17bef26bb6f800", 0x7f, 0x2}}]}, @common=@SET={0x60}}, {{@ip={@initdev={0xac, 0x1e, 0x0, 0x0}, @multicast1, 0x0, 0x0, 'team0\x00', 'team0\x00'}, 0x0, 0x98, 0xd8, 0x0, {}, [@common=@inet=@set1={{0x28}}]}, @common=@unspec=@RATEEST={0x40, 'RATEEST\x00', 0x0, {'syz0\x00'}}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28, '\x00', 0x4}}}}, 0x360)
creat(&(0x7f0000000100)='./file0\x00', 0x40)
ioctl$sock_ipv4_tunnel_SIOCADDTUNNEL(r3, 0x89f1, &(0x7f00000000c0)={'gretap0\x00', &(0x7f0000000040)={'sit0\x00', <r5=>0x0, 0x20, 0x80, 0xffff, 0x2, {{0xb, 0x4, 0x3, 0x0, 0x2c, 0x66, 0x0, 0x3, 0xc21e7b23d62c6de8, 0x0, @multicast2, @broadcast, {[@noop, @timestamp_prespec={0x44, 0x14, 0x17, 0x3, 0x4, [{@remote, 0xe0}, {@loopback, 0x7}]}]}}}}})
newfstatat(0xffffffffffffff9c, &(0x7f0000000400)='./file0\x00', &(0x7f0000000440)={0x0, 0x0, 0x0, 0x0, <r6=>0x0}, 0x4000)
chown(&(0x7f00000003c0)='./file0\x00', r6, 0xee01)
setsockopt$inet6_IPV6_XFRM_POLICY(r3, 0x29, 0x23, &(0x7f0000000280)={{{@in=@loopback, @in6=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, 0x4e24, 0x2, 0x4e24, 0x9, 0x2, 0x80, 0xc0, 0x3b, r5, r6}, {0x7, 0x8, 0x1ff, 0x8, 0x9, 0xfff, 0x920, 0x9e8}, {0x0, 0x8000, 0xfffffffffffffffc, 0x9}, 0x5, 0x6e6bbf, 0x1, 0x0, 0x1}, {{@in=@multicast2, 0x4d3, 0x3c}, 0xa, @in=@dev={0xac, 0x14, 0x14, 0x13}, 0x3505, 0x1, 0x0, 0xf9, 0xfffffff0, 0x2, 0x8}}, 0xe8)
r7 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[], 0x50)
r8 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$inet(r8, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f0000000140)="5c00000013006bcc9e3be35c6e17aa31076b876c1d0000007ea60864160af36514001ac004000202080002000300010004000300eab556a705251e618294ff0051f60a84c9f4d4938037e786a6d0001000000e4509c5bbcd72c6c953", 0x5c}], 0x1, 0x0, 0x0, 0x1f00c00e}, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000580)={0x11, 0x14, &(0x7f0000000280)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020646c2100000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb7020000080000", @ANYRES32=r7, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)

4.90050805s ago: executing program 0 (id=4580):
openat$yama_ptrace_scope(0xffffffffffffff9c, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r3 = fsopen(&(0x7f00000000c0)='cgroup2\x00', 0x0)
unshare(0x6c040400)
r4 = syz_init_net_socket$netrom(0x6, 0x5, 0x0)
getsockopt$inet_sctp6_SCTP_ASSOCINFO(r4, 0x84, 0x1, 0x0, 0x0)
r5 = open$dir(0x0, 0x0, 0x8)
mmap$xdp(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x0, 0x12, r5, 0x0)
write$binfmt_format(0xffffffffffffffff, &(0x7f0000000100)='0\x00', 0x2)
r6 = bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x2, 0x4, &(0x7f0000000200)=ANY=[@ANYBLOB="180000000300000000000000fe020010850000000700000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x100, 0x70, '\x00', 0x0, @fallback=0xb, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
write$qrtrtun(0xffffffffffffffff, &(0x7f0000000300)="ca0e", 0x2)
write$char_usb(0xffffffffffffffff, &(0x7f0000002600)="b56511e72c6cba780ce701ed0b2db27a336692892a6491e2488652ff00c468d353d809d5b20d8ee0f9fefa6cd7bd1036ed25f0e37053d291887c707a892884c2b4aa2ebac156ef8288264449eea05c4f51c3bb4355eb108744fe34e5d0e851d51a855854135f04dd5d854459226f090b6f0d6135e8f2824eed7469236cad2251116a381d8cd30bae59c1fe71e028a667cb910d523aa5d7208286755075ee8be937304cca20e234303df72ad4e2bdc71219456229460a7c6a2df61e8b21b4a4941dcba5c257b90bbf0a976a73973319258ad7f738c04dfbdee4ea0e1b77a909a154fd934f791ebea03db6f06c8f14bc40924e46cbb9b343f25d63f332f9b3f176601f842a4e40401cbc62ee7803c3a2d71f3878f61d8fb8cb5ee90a696b22fb97bbdfd36af05c2e34dfb3d380ae7bc701053b9009d654d84f04c851b311341efcec16ef3d5c8a7e8af494068dbad55bfa7b7bf4475ceb03a6f4ef11ce14652dc36f279671b7184586c7aab57d50ca23deaeeeaebc2ed024d91f399c84834e7802ad28b6ffec7ed089e8af35d15f2713e70ce55b3f60b9c002496e110c3a68e4c01faf901df4e39d007bf99f3a2d2e33c58b92b961937060a92ab6347995c09eb6a363092e3a45b68bd5e734d43b0bc98070d66c8d03490897a7d05e894da6d92c46cb1d961d11a7d1cd9d3c437c07e9f090690d2b344a93fdc5d7276b74231f1ad050024359e7a73ee913e9a7eba72f23482de94c572d07491328ca363762c44ddcdb1623ec6d639b368d407ffafbb265de19bd5e52ec86c12167dfe2a3de629af1d66612c3f313e07a301d8378fc6eb551196b51680d1194d682ff6cdbb0f811608d6321b41664108ef6dd1dfcc7df602901b0c0d549fb8d0c1aa9b542b99d76b6b8c360c9bcb01ed819a57441948465279d0b2652be1058065929bffae3e9c8923ba01c954f3c49298db8ffad96b73684daf2e608046be2ffb0de70237e044d4be3e6ccc1984ebd2f6e0f57e99fcb0ec30598f121bd93a4003e0ba0815e5ddbeba9f3f8600ef86258a5423fb1f30da5be531e573bf5322a5842eeb23107f02021dc332e0e687bd1f4f0ac09293c3638603279484dd552d534089e0b5b903c4ceeedef410662ec12e17e9b616950874e24d313d770e84b488544a8b829039d06637269367c108dc37712d46ef6601ef4e937a120c607e570446d6216366a72ced5d543ba92a929cef7c4fb03307e88174ad88381b16de1c3f9985f483ff75e9b40fc6ba11d037dda41df9a583009baa3b246c19ab5a20cb4e62accb7a86090717c17db68b0d14905ed0ce6e49555de65448782fc0899f631393b5ccd65da59265d1b4ba9ff4d8a328cb42d2e3a465db23cfa9f159ce5716df7ccf393a561a1783679048570f2467c5336106bc8954569c047e854b2211141d169b27ca796b42c544f70123bd9f6ae23f87d1be164cd7bb2da3dc79e6f12a687296942c9c8f2d99b6961b48e046028bd69dcda162510ad235b7bf28a0ff994e23f08e807437dcd1a426a31e818b918e5c28725bf12f42d6f719d9d81100e529b9f7e4891167aef44ec7afa086e46cf832d144ebe668dbafcbf229be799f33df6c1fb3365f4cb64f360fb70ee140818503a185a44f15d3db5fd5abe8ea3c59f4120c23d3792a4ac791959858dc88286e403ad45b31716e28be7684375c2651f88ed78c2948d673ef2a8a937136ca9842717585894453a83280edc21f3fadb974c36696fe7d8bd136a005a69d14d034a869c4035282ac7c91642a05743814b4cd57df50a4eb15dd7a561637ea4ef6b3bcf89695f125fcd390746357917a6bcf55e0268a09ae5b1195f99a7fe5fec2d4115978052e195d7b5df345b827121a86166c9095e387301fc561654db0183715239247eb9dc15e83c20389aa6271b42125bd475b82db032150aa39fab06fde1034347a8a884c74edb21be34c8cf5b437ad7223970defbb27ca8eb0029fdd4acd4bc92236584ed42f03706376c583a5c8e5cf9f2415ee1f8c1b01f34d7cf1b673db2158eb99d55878ee41b391f8d7339c6f3471ae4af25e5ecb8cea2fbed9f915ce483f1a9411ca5b21776295aa4f52fa31d875f9850f3e07b8093b0f92570d41d77e68e9a79a27b6f5a2c9a100cde02ea745353e996b99b43e0f1aa51288d863859bc618a602c17a15e285e6c189a21a4762b57ce396c852a5453f035c7a2d849a98c30a2e7f797ed13ffae44e4d15a240d092a25b4820e0d2fe3b9cb74b89efc977634d1f37eddc1433f6b06fd13c543bceca1254f91413d8b914bd67f1dca660ad8ef561dfb2ce5f0486b3e1a19a3682dad8a727177a1ea448273c3cd308300e3b4fc4f96efa8d6d723de8b38f7688e13c47b2aa801ba5c33a138208412524250e41eb253520f68324dbdb5e7de6e02dc315e20cf1844cc7a5f15428dd342bcf40895d94b3de0e1acdb698a94e0dd881edfb7569d0c81981213e7186eac0d80dd35e1a48aad319678db523e9cea10163e3924c52d1d4ff589b3b228d98e64e6ee22990600ac9b272b483520148dac0e26d27ef618c86b0a49075f71d8c21e49bbcf83eb1374f0ad393074e32fa33a257f13fb187ba40b02ee6e688092e81ce0c04e3e53507b4b244fcf3afd4dbf05747a8c81828351558223a7bd0ff6684e94cd264bb3841cca4983c10b627c3c13286872798a3bce148b7f9847cb2b485bb900ad006b08482c801e9f05e5e57591e9c9ed1235c397ebffec2bffdf0eaa4aa2b3927e583f913edb95ce47603bc725ad16c59c4b638668190bd1f9c4b2c9e1b14a85d9e3e81ef3668baf27e59dd14d1ade2d7873d4feb989cdac04675f40b59a1a41453b44e0fdb89f4a7f3f52cb3a6a79d0763f85826fe1b5acb3215a0328c32ccdf2c21bb4ab3310c2d33f9b1255582e0807492ce59953f6cd4422bfa5ea9192177bbf13bd7a83807362036708653bd01b67d3def4ef7041ea29995404c0b10b0eae74bbf614652f887f755e94d390341437d50cecbf2c16fa21638ad3f85f30db17e1af9bf2b4aa8113d6a9170dc4c024f484200a471e9c73f6d2055585bdb499156081d3bc288a2ddd2b9d856c69c22ad3b4ee16555c64d86b7a9d83722860fdbf06b3a1592f3e5832fdf2d3ee078e54b7cee981cec96de0a4c77e052d2f86061cba468f6c5861771014dd56320f5fd4f84b5a890838e9fe72f41620d131cfdb7d0e627dd490acab383d5fc8cfc95e966ced3dfe3d315ad76a0452a50e8b4e9882ca9294eaa12f73629affc90505f48aedc1da6081259226056012decf4a60c3e252860cc7452e6058d8029d2d0971496e19cc94558c96678bd1b074894271b2bff2810f8a684c9329c584641bfeeb2fd4db920aec9d18e1b05803c37bc1b3cd1b3782a713ea754b1a35f137e21e31afd230aa1ba53cbc0af2ec98c860c993441007f910b8814e115725753f7a05d0b0b290048dd6aa97f3ae6f14b9652db8017e23303a3aa52c9fd5b83aa3f8ecb5e280425709237cd6fc6728664168bb2dda083ceab3ca528a78432104912e96a2ff9057885b1aebf1a8423b5c390f32bc5f3f0093870a27d8eee3576aa70a9b1ee21041a64e7dc0bbac8b46e7aa6a825bddeeab7f7bdad2ffa238a6cc77532551ebe4e650faadf67328371563e17b508ace6ed5dfcec60cd4b90ca23260f8ae78d937b7503f9595f233c7b719b837484bb684b2f9ca4df4d716a7de9ceadf0212e7f24574f1f14015ffb583c9ad2747cbddf2f0903d3dfc60eb204c6b581ba9caba16471d1bfb09b8b96ddadadcc97435ad6fe5ed249e25b01e0d5af5fe0430e4fb18eefce981fa6c78abab2a35f186137f256d8719f2053316680c03e7499941efd68a0ff066519f4d02608c320228c8cdc42fde4abecefde9d2113f730529e0215f284732d267c6804a49778a4ee32fb860122b4584a519ced4dfc0c8a3d25d90142d16e9e36eff436881dbddd06b99dee8c4e2ff7dbc19edaa7e1ad5b1f9d713abd72d4e4547b3a46ab6acfaa7d92b6da52b75bd530f6d833d156b95f1da248219c85fe807af0a47ae22c20392c889f5e89a3524cf42412a70277fe98196deb7a4c2b136fba8cc411afa84ab762d9b95b284d95f9220b3789ab54dcfb21cd2b99fcd501263cf23654c332a3aa37c6dac0c9c54e5602a691192707708e53abea4c63b7943b1348d3cf0bdce7e4076e3a4ed9afe8651cd8e953e30104534dcb6e85ab77773b60be7e46f6cd07ea8fc675d27593223dadb9cba83f3976e5133d79afd6e4a83877bd8f0d56bd99f3d996df0295838ffb421781da6c088f18f1f94e149659f02f01b99c73de89826f65bd3dbb44468518e0f0dd5fca324d3c9864d192040cd067b54b8801610bf8391ded4df50968bf7a0d0c0f7c56f47da904ad9bcc52e8690a844b7b0be9a4e7bc8ae396382ad4f6910df9eee9f19cacd9fb0aa9a378ee8b2e58befcd7158d1ea6cdc73cc63233d8c09fb4a04e7e672d7d0c7187f7b027e87560649eb8dfe97c81f3dea408f7f9c171e38892f077e9423e91b55a4635ddbea7b535d31c8ab28ae5030f04356bf05c737884a351a8da8ae81535ed5e9628befc767cd431907dd388c00b9a8d8ebf5b57017f70830dac5eb2872b77da544742d2c93940a945ed060e387e14680ea92e9a93799e64aca69ded0219486df2541b9fa209923c8d0f57978a39eba4fd17e9108243101d441cfe2c0374aaa65c434cea22e5d103588d526fc92531249ff8b8cd4783d8b915584c5ac71ff330797c85d5f66510a403cf996bec00239cef1730a35c1138b8f7f63f14e253e4d91999632d80f23076f7af79a38388e935e198d666efe799a4b8c2d82e443f01ea4907183d3bc9fb5bb94e119b1fb34beaaf1c0d296c4898600f99488a243c00309ee68a3c7297f3851ca8226eb72103d3e9981ab2dbc7dce584795aa452ee7950508f6016f04c965309f381edb1ce91059c3c21e0f7adf67f966d690545fb9597529fd5885937c433c5a156867951fc419f92ad55795a4267b0c66b59ba22ba782f92d431e37748aa41949a954b3c68120ddac938788b6d753d9152a562f8bf972c744359def08a16da4c077df2795710397e70faa3fe8e004ccf7275ad42d518094821207ad6813f66bf5c15e1a61298b3f977d7fd783f7cac82e88b652a14b9f6df36425cf89507428a6594d2200f392faea2542e6e51faa934ec1218652afd32c1f09ba277f8faa0b0fbf60b82340b42f88115394b36524026e71638bb7faec318168164e7448214f755c36dba743b15858788365171e521b9722d7950d48cb274b67361c89ef262a320186b8fb4ab84394fffdba09b14ca27608e6f49b6513d84a182459666d66902ef5cd3fa048d811401b910fc284c2d07dfe83bd398321f5e4a528b5c76dd2a4bbb7e68ce5826788c065cc686c8e174cc7cafdb289b0e4accd73fb54cccfdf3111a22a0fd764e5677cb54c94f7387b3290e8ea96a43ab678c514a33f497c3ed42ddaae3b1bad3c137d2b4aa193b2de5f4ac6e3f2a1404fcdf9919e18fb4cc8c042a72b550cf01d1dfffb8857d05d92430a669197cd66b7c7c88c539ff61aa880b94b5375989bae5fb8f381f8b211e52fd1bc3060eb2ad77d8de778a49ef3a21d992d3166c586eb5f3bb72a29da04c88441c381752939dc478b3088a66c869949b6d05a66286c61598dba66afb6d57b53ad164476d69fdb2ac668bb9c6fc4452dbb28041bb24556d3aae1dcaee06666fa18d0398e42a93741b5", 0xffd)
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f00000005c0)={r6, 0x0, 0x30, 0x0, @val=@uprobe_multi={&(0x7f0000000140)='./file0\x00', &(0x7f0000000180)=[0xfff], 0x0, 0x0, 0x1}}, 0x40)
fsconfig$FSCONFIG_SET_BINARY(r3, 0x6, 0x0, 0x0, 0x0)
fsmount(r3, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(0xffffffffffffffff, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(0xffffffffffffffff, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(0xffffffffffffffff, 0x0, &(0x7f00000007c0)={0x44, 0x0, 0x0, 0x0, &(0x7f0000000300)={0x20, 0x80, 0x1c, {0x0, 0x0, 0xb, 0x0, 0x1, 0x4, 0x7, 0x40, 0x6, 0xe, 0x0, 0x1000}}, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$cdc_ncm(0xffffffffffffffff, 0x0, 0x0)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)

4.242098017s ago: executing program 4 (id=4581):
socket$kcm(0x2b, 0x1, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
keyctl$revoke(0x3, 0x0)
r1 = syz_open_dev$sg(0x0, 0x0, 0x9840)
ioctl$SG_IO(r1, 0x2285, 0x0)
bpf$BPF_BTF_LOAD(0x12, 0x0, 0x0)
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000980)=ANY=[@ANYBLOB, @ANYRES32, @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/20], 0x50)
bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0x8, &(0x7f0000000740)=ANY=[@ANYBLOB, @ANYRES32=r2, @ANYBLOB="0000000000000000b70300004f0000008500"], 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
socket$netlink(0x10, 0x3, 0x8000000004)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x5, &(0x7f0000000040)=ANY=[@ANYBLOB="1800000000000000000000000080000085000000d0000000a50000009700000095"], &(0x7f00000000c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
r4 = dup2(r3, r3)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sys_enter\x00', r4}, 0x10)
getegid()

3.400070318s ago: executing program 5 (id=4582):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
r1 = socket$inet6_mptcp(0xa, 0x1, 0x106)
bind$inet6(r0, &(0x7f0000000040)={0xa, 0x4e22, 0x0, @empty, 0x1}, 0x1c)
listen(r1, 0x0)
r2 = socket$inet_mptcp(0x2, 0x1, 0x106)
connect$inet(r2, &(0x7f0000000000)={0x2, 0x4e22, @empty}, 0x10)
r3 = fsopen(&(0x7f0000000280)='ceph\x00', 0x0)
socket$nl_route(0x10, 0x3, 0x0)
fsconfig$FSCONFIG_SET_STRING(r3, 0x1, &(0x7f0000000000)='source', &(0x7f0000000040)='c:::\x00', 0x0)
r4 = gettid()
fsconfig$FSCONFIG_CMD_CREATE(r3, 0x6, 0x0, 0x0, 0xff97)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x1)
sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce)
r5 = syz_open_dev$MSR(&(0x7f0000000340), 0x0, 0x0)
read$msr(r5, &(0x7f0000019680)=""/102392, 0x18ff8)
syz_memcpy_off$KVM_EXIT_HYPERCALL(0x0, 0x20, 0x0, 0x0, 0x0)
timerfd_create(0x9, 0x0)
r6 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r6, 0x0, 0x10)
syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='fdinfo/3\x00')
tkill(r4, 0xb)
r7 = accept(r0, 0x0, 0x0)
sendmsg$TEAM_CMD_OPTIONS_SET(r7, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000100)=ANY=[], 0xfffffdef}}, 0x1)
recvfrom(r2, &(0x7f0000000180)=""/60, 0xfffffffffffffecb, 0x4100, 0x0, 0x0)
syz_usb_connect(0x0, 0x24, &(0x7f0000000200)=ANY=[@ANYBLOB="12010000d8ca8d40d10521200031010203010902120001000000000904"], 0x0)

2.648493969s ago: executing program 0 (id=4583):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x1f)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0)
r1 = openat$autofs(0xffffffffffffff9c, &(0x7f00000000c0), 0x20002, 0x0)
ioctl$AUTOFS_DEV_IOCTL_OPENMOUNT(r1, 0xc0189374, &(0x7f0000000180)={{0x1, 0x1, 0x1018, <r2=>0xffffffffffffffff, {0xff}}, './file0\x00'})
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r3 = getpid()
sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
connect$unix(r4, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r6 = socket(0x10, 0x803, 0x0)
r7 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r7, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000a40)=ANY=[@ANYBLOB="34000000360001032cbd70000c00000000000000"], 0x14}, 0x1, 0x0, 0x0, 0x8004000}, 0x0)
r8 = bpf$BPF_BTF_LOAD(0x12, &(0x7f00000001c0)={&(0x7f00000007c0)=ANY=[@ANYRES8], 0x0, 0x4e, 0x0, 0x0, 0x7ffd}, 0x28)
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000140)=ANY=[@ANYBLOB="1b00000000000000000000000010000000000000", @ANYRES32=0x1, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32=r8, @ANYBLOB="01000000010000000000000000000000000000000000000000040000"], 0x48)
bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000380)={0xffffffffffffffff, 0xfffffdda, &(0x7f0000000400)}, 0x10)
ioctl$sock_SIOCETHTOOL(r6, 0x8946, &(0x7f0000000140)={'veth0_to_team\x00', &(0x7f0000000280)=@ethtool_channels={0x3d, 0x100, 0x0, 0x0, 0x4, 0x2, 0x1}})
ioctl$sock_SIOCETHTOOL(r6, 0x8946, &(0x7f00000002c0)={'veth0_to_team\x00', &(0x7f0000000000)=@ethtool_cmd={0x2c, 0x4, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff}})
r9 = creat(&(0x7f0000000040)='./file0\x00', 0x4b)
close(r9)
r10 = syz_open_dev$dri(&(0x7f0000000000), 0x1, 0x0)
ioctl$DRM_IOCTL_MODE_GETRESOURCES(r2, 0xc04064a0, &(0x7f00000004c0)={&(0x7f00000003c0), &(0x7f0000000400)=[0x0, 0x0, 0x0], &(0x7f0000000440)=[0x0, 0x0, 0x0], &(0x7f0000000480)=[0x0, 0x0, 0x0, 0x0], 0x0, 0x3, 0x3, 0x4})
ioctl$DRM_IOCTL_MODE_GETRESOURCES(r10, 0xc04064a0, &(0x7f0000000680)={&(0x7f0000000500)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0], 0x0, &(0x7f0000000580)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0], &(0x7f00000005c0)=[0x0, 0x0, 0x0], 0x6, 0x0, 0x6, 0x3})
ioctl$DRM_IOCTL_MODE_GETCRTC(r10, 0xc06864a1, &(0x7f0000000300)={0x0, 0x0, 0x0, <r11=>0x0})
ioctl$DRM_IOCTL_MODE_GETFB2(r9, 0xc06864ce, &(0x7f0000000600)={r11, 0x0, 0x0, 0x0, 0x3, [], [0x800000], [0x0, 0x1001000], [0x0, 0x0, 0xe8a6]})

2.648013862s ago: executing program 2 (id=4584):
r0 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000240)={0x2, 0xd, 0x0, 0x0, 0x18, 0x0, 0x0, 0x0, [@sadb_address={0x5, 0x6, 0x0, 0x0, 0x0, @in6={0xa, 0x0, 0x0, @private1}}, @sadb_address={0x5, 0x5, 0x0, 0x0, 0xf00, @in6={0xa, 0x0, 0x0, @empty}}, @sadb_x_policy={0x2, 0x12, 0x2, 0x2, 0x0, 0x0, 0x0, {0x6, 0x32, 0x0, 0x0, 0x0, 0x0, 0x0, @in6=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @in6=@private1}}, @sadb_lifetime={0x4, 0x4}]}, 0xc0}}, 0x0)

2.647614388s ago: executing program 4 (id=4585):
futex(&(0x7f0000004000), 0x4, 0x2, 0x0, 0x0, 0x2)
syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x3deff000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = bpf$MAP_CREATE(0x100000000000000, &(0x7f0000000140)=@base={0xa, 0x16, 0xb3, 0x7f}, 0x48)
r4 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x11, 0x13, &(0x7f0000000080)=ANY=[@ANYBLOB="18080000000000000001010000000080851000000600000018100000", @ANYRES32=r3, @ANYBLOB="00000000000000006600000000000000180000000000000000000000000000009500000000000000360a000000000000180100002020782500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b50a000000000000850000000600000095000000000000"], &(0x7f0000000000)='GPL\x00', 0x2}, 0x94)
bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000300)={r4, 0x0, 0x0}, 0x10)

1.19454973s ago: executing program 2 (id=4586):
r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000100)=ANY=[@ANYBLOB="1201000000000010961b080000000000000109022400010000000109040000010300000009210000000122070009058103"], 0x0)
syz_usb_control_io(r0, &(0x7f00000002c0)={0x2c, &(0x7f0000000000)={0x20, 0x22, 0x3c, {0x3c, 0x2, "493c465e7a0c76ebd6d0bc1d55aed49f28ea352d526f8ebea80a178ffda59a47c87893a2a7455c846f4ee35fa4d95c0a8b442775123be4bb3009"}}, &(0x7f0000000840)=ANY=[@ANYBLOB="0c42fdb14bb105dc105ca73df0c137f1dedb5a3ad0ef6022c3af55328026b4c2ca5c406d5effab6a3f9fad3248e1f0ea21a4b686f920f28846e8bc541b20a54af88baf92da1a9a867eae8778d77f898b2d9d"], &(0x7f0000000140)={0x0, 0xf, 0xd5, {0x5, 0xf, 0xd5, 0x3, [@generic={0xc3, 0x10, 0x4, "40123e98c2d61fb3524f966836197ca0951878c62f766ee0af8ec5b2a1003c597742d9558912ea8f2c790a543e814b19f4d83db5195c2ec1f62ff9a0763f85ab0430fe31d33b077120dae339880ae83042dac6a9ce04ab9df4c951c7e1938a65a49b6a747c2af1c93363c5a84ac54d579ef70b07343f0eba9178c89bd535687ce59e67fa79939ebd8df9d831988c642ae11f1f3cb4e1d6c52b097822e78334042384389b8bf1c577db22e7f63ccb2d7fe429a2e34d4ffc65244b78c5c0ee8aa8"}, @ptm_cap={0x3}, @ss_cap={0xa, 0x10, 0x3, 0x42005599a1d55d5b, 0x2, 0xff, 0x9, 0x1a4}]}}, &(0x7f0000000240)={0x20, 0x29, 0xf, {0xf, 0x29, 0x8b, 0x1, 0x2, 0x3, "6ac9ff84", "01c55c20"}}, &(0x7f0000000280)={0x20, 0x2a, 0xc, {0xc, 0x2a, 0x40, 0x8, 0x4, 0x2, 0x9, 0xf8, 0x7f}}}, &(0x7f0000000780)={0x84, &(0x7f0000000300)={0x20, 0x13, 0x2a, "43cfc2c54242471c17e5e4e2497bfd2eeba86aa228d64b2ae575296c45249351f88efe4d1ef7b3d7a363"}, &(0x7f0000000340)={0x0, 0xa, 0x1, 0xfc}, &(0x7f0000000380)={0x0, 0x8, 0x1, 0xff}, &(0x7f00000003c0)={0x20, 0x0, 0x4, {0x0, 0x1}}, &(0x7f0000000400)={0x20, 0x0, 0x4, {0x10, 0x80}}, &(0x7f0000000440)={0x40, 0x7, 0x2, 0x4}, &(0x7f0000000480)={0x40, 0x9, 0x1, 0x6}, &(0x7f00000004c0)={0x40, 0xb, 0x2, "400e"}, &(0x7f0000000500)={0x40, 0xf, 0x2, 0xfffd}, &(0x7f0000000540)={0x40, 0x13, 0x6, @random="f187e84a7262"}, &(0x7f0000000580)={0x40, 0x17, 0x6, @remote}, &(0x7f00000005c0)={0x40, 0x19, 0x2, "76da"}, &(0x7f0000000600)={0x40, 0x1a, 0x2, 0x6}, &(0x7f0000000640)={0x40, 0x1c, 0x1, 0x2}, &(0x7f0000000680)={0x40, 0x1e, 0x1}, &(0x7f00000006c0)={0x40, 0x21, 0x1, 0x40}})
syz_usb_control_io$hid(r0, 0x0, 0x0)

1.009799953s ago: executing program 0 (id=4587):
bpf$MAP_CREATE(0x0, &(0x7f0000000dc0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000740)={0x3, 0x4, &(0x7f0000000000)=@framed={{0x18, 0x2, 0x0, 0x0, 0xfffffffe, 0x0, 0x0, 0x0, 0xfffffff1}, [@call={0x85, 0x0, 0x0, 0x18}]}, &(0x7f00000006c0)='GPL\x00', 0x3, 0x0, 0x0, 0x41100}, 0x94)
syz_open_dev$media(0x0, 0x3, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8a}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000240)=0x1)
socket$nl_route(0x10, 0x3, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000680)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
unshare(0x18060180)
setsockopt$ALG_SET_KEY(0xffffffffffffffff, 0x117, 0x1, &(0x7f0000000700)="b7f2288a911993f08d3aaea2bc0000de", 0x10)
sendmmsg$alg(0xffffffffffffffff, 0x0, 0x0, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
listen(0xffffffffffffffff, 0xfffffffd)
openat$vcs(0xffffffffffffff9c, 0x0, 0x6c8180, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000140)={0x18, 0x3, &(0x7f00000022c0)=ANY=[], &(0x7f0000000040)='syzkaller\x00', 0x3}, 0x94)
socket$netlink(0x10, 0x3, 0x0)
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f00000001c0)={0xffffffffffffffff, 0x0, 0x24, 0x7, @void}, 0x10)
syz_clone3(0x0, 0x0)
r2 = socket(0x840000000002, 0x3, 0x100)
connect$inet(r2, 0x0, 0x0)
ioctl$AUTOFS_DEV_IOCTL_PROTOSUBVER(0xffffffffffffffff, 0xc0189373, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0x11, 0x16, 0x0, &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x63917fb493517fda, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000040)=ANY=[@ANYBLOB="18000000000000060000000000000000850000000f000000c5000000a000020095"], &(0x7f0000000280)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f0000000200)='i2c_write\x00', r3}, 0x10)
r4 = syz_open_dev$I2C(&(0x7f0000000800), 0x0, 0x0)
ioctl$I2C_SMBUS(r4, 0x720, &(0x7f00000000c0)={0x1, 0x0, 0x5, &(0x7f0000000080)={0x6, "96ab3f272339cf3935a8824943478cb18a5722d2da3a03f39b5eaee25558f362e7"}})
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000002c0)={r0, 0x0, 0xe, 0x44, &(0x7f0000000100)="0000000000000000000051229dc9", 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)

292.701538ms ago: executing program 0 (id=4588):
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000001240)=@mangle={'mangle\x00', 0x64, 0x6, 0x4e0, 0x390, 0x460, 0x1f0, 0x2c0, 0x1f0, 0x530, 0x530, 0x1f0, 0x530, 0x530, 0x6, 0x0, {[{{@ipv6={@mcast1, @private1, [], [], 'veth1\x00', 'veth1_vlan\x00'}, 0x0, 0xa8, 0xd0, 0x0, {0x0, 0x3a010000}}, @HL={0x28}}, {{@uncond, 0x0, 0xa8, 0xd0}, @common=@unspec=@STANDARD={0x28, '\x00', 0x0, 0xfffffffd}}, {{@ipv6={@empty, @mcast1, [0xff000000, 0xff000000, 0xff, 0xffffff00], [0xffffff00, 0xff000000, 0xffffff00, 0xffffffff], 'bond_slave_0\x00', 'wg1\x00', {}, {}, 0x87, 0x6, 0x0, 0x10}, 0x0, 0xa8, 0xd0}, @unspec=@CHECKSUM={0x28}}, {{@ipv6={@loopback, @mcast2, [0xffffffff, 0xff000000, 0xff000000, 0xff0000ff], [0xff, 0xff000000, 0xffffff00, 0xffffff00], 'lo\x00', 'veth0_vlan\x00', {0xff}, {0xff}, 0x16, 0x9f, 0x1, 0x51}, 0x0, 0xa8, 0xd0}, @common=@inet=@SYNPROXY={0x28}}, {{@ipv6={@loopback, @private2, [], [], 'batadv0\x00', 'veth0_to_batadv\x00'}, 0x0, 0xa8, 0xd0}, @inet=@DSCP={0x28}}], {{'\x00', 0x0, 0xa8, 0xd0, 0x0, {0x8000000}}, {0x28}}}}, 0x540)

487.027µs ago: executing program 0 (id=4589):
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="020000000400000008000000010000008000", @ANYRES32=0x1, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB='\x00'/25], 0x48)
r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
ioctl$F2FS_IOC_GET_COMPRESS_BLOCKS(r0, 0x8008f511, &(0x7f0000000240))
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000300)=ANY=[@ANYBLOB="18010000120000000000000000000000850000006d000000180100002020642500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffff}, 0x94)
ioctl$SNDRV_TIMER_IOCTL_NEXT_DEVICE(0xffffffffffffffff, 0xc0145401, &(0x7f0000000240)={0x7, 0x3, 0x0, 0x2, 0x8})
socket$inet_icmp_raw(0x2, 0x3, 0x1)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f00000000c0)={'wlan0\x00'})
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={<r2=>0xffffffffffffffff})
r3 = socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000f80), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000300)={'wlan0\x00', <r5=>0x0})
sendmsg$NL80211_CMD_NEW_STATION(r3, &(0x7f0000001080)={0x0, 0x0, &(0x7f0000001040)={&(0x7f0000000380)={0x40, r4, 0xb97534d5fe9704cf, 0x0, 0x0, {{}, {@val={0x8, 0x3, r5}, @void}}, [@NL80211_ATTR_STA_SUPPORTED_RATES={0x6, 0x13, [{0x4, 0x1}, {0x60, 0x1}]}, @NL80211_ATTR_MAC={0xa, 0x6, @device_b}, @NL80211_ATTR_STA_AID={0x6, 0x10, 0x580}, @NL80211_ATTR_STA_LISTEN_INTERVAL={0x6, 0x12, 0x1}]}, 0x40}, 0x1, 0x0, 0x0, 0x80c1}, 0x0)

0s ago: executing program 2 (id=4590):
r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)=ANY=[@ANYRES32=0x1, @ANYBLOB='\x00\x00 \x00'/20, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB='\x00'/28], 0x48)
socket$inet_icmp_raw(0x2, 0x3, 0x1)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000300)=ANY=[@ANYBLOB="18010000120000000000000000000000850000006d000000180100002020642500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffff}, 0x94)
ioctl$SNDRV_TIMER_IOCTL_NEXT_DEVICE(0xffffffffffffffff, 0xc0145401, &(0x7f0000000240)={0x7, 0x3, 0x0, 0x2, 0x8})
writev(r0, &(0x7f0000000200)=[{&(0x7f0000000040)="9362dc27a2cdba", 0x7}, {&(0x7f0000000080)="626d70da31ebfc9e97f13355d210d9da0e27ae6f", 0x14}, {&(0x7f0000000140)="88a1829437b480e79185e33ec3c73b36663f2aaef2625beab0b58dc4f502f16eea1cbe8ed2d37109c9887310a71697c50a4678ca08afb7b5d6a2643e6b141371a5b13194b457059a620a3943a37d1a4afa47b0e85bec09f4e466", 0x5a}, {&(0x7f00000001c0)="65b8", 0x2}], 0x4)
socket$inet_icmp_raw(0x2, 0x3, 0x1)
ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f00000000c0)={'wlan0\x00', <r1=>0x0})
sendmsg$NL80211_CMD_START_AP(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)={0x5c, 0x0, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r1}, @void}}, [@beacon=[@NL80211_ATTR_BEACON_HEAD={0x28, 0xe, {{{}, {}, @broadcast, @device_a, @from_mac}, 0x0, @default, 0x1, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void}}], @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}], @NL80211_ATTR_BEACON_INTERVAL={0x8}, @NL80211_ATTR_DTIM_PERIOD={0x8}]}, 0x5c}}, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={<r2=>0xffffffffffffffff})
r3 = socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000f80), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000300)={'wlan0\x00', <r5=>0x0})
sendmsg$NL80211_CMD_NEW_STATION(r3, &(0x7f0000001080)={0x0, 0x0, &(0x7f0000001040)={&(0x7f0000000380)={0x40, r4, 0xb97534d5fe9704cf, 0x0, 0x0, {{}, {@val={0x8, 0x3, r5}, @void}}, [@NL80211_ATTR_STA_SUPPORTED_RATES={0x6, 0x13, [{0x4, 0x1}, {0x60, 0x1}]}, @NL80211_ATTR_MAC={0xa, 0x6, @device_b}, @NL80211_ATTR_STA_AID={0x6, 0x10, 0x580}, @NL80211_ATTR_STA_LISTEN_INTERVAL={0x6, 0x12, 0x1}]}, 0x40}, 0x1, 0x0, 0x0, 0x80c1}, 0x0)

kernel console output (not intermixed with test programs):

] netlink: 8 bytes leftover after parsing attributes in process `syz.5.3597'.
[ 1417.669447][T19365] Cannot find add_set index 0 as target
[ 1418.372280][T19364] input: syz0 as /devices/virtual/input/input71
[ 1419.432961][T19372] netlink: 72 bytes leftover after parsing attributes in process `syz.3.3601'.
[ 1419.446499][T19373] netlink: 72 bytes leftover after parsing attributes in process `syz.3.3601'.
[ 1420.163868][T19381] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3603'.
[ 1420.212565][T19381] netdevsim netdevsim2 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0
[ 1420.223075][T19381] netdevsim netdevsim2 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0
[ 1420.233776][T19381] netdevsim netdevsim2 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0
[ 1420.243298][T19381] netdevsim netdevsim2 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0
[ 1420.273876][T19381] netdevsim netdevsim2 netdevsim0: unset [0, 0] type 1 family 0 port 8472 - 0
[ 1420.283683][T19381] netdevsim netdevsim2 netdevsim1: unset [0, 0] type 1 family 0 port 8472 - 0
[ 1420.293433][T19381] netdevsim netdevsim2 netdevsim2: unset [0, 0] type 1 family 0 port 8472 - 0
[ 1420.303604][T19381] netdevsim netdevsim2 netdevsim3: unset [0, 0] type 1 family 0 port 8472 - 0
[ 1420.493528][T19387] netlink: 'syz.0.3607': attribute type 7 has an invalid length.
[ 1422.864078][T19407] netlink: 12 bytes leftover after parsing attributes in process `syz.3.3612'.
[ 1422.873563][T19407] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3612'.
[ 1423.028104][T19412] netlink: 'syz.0.3613': attribute type 11 has an invalid length.
[ 1424.007750][ T1301] ieee802154 phy0 wpan0: encryption failed: -22
[ 1424.057632][   T24] usb 5-1: new high-speed USB device number 56 using dummy_hcd
[ 1424.337667][   T24] usb 5-1: Using ep0 maxpacket: 8
[ 1424.574297][   T24] usb 5-1: config 0 has an invalid interface number: 56 but max is 0
[ 1424.671015][   T24] usb 5-1: config 0 has no interface number 0
[ 1424.771559][   T24] usb 5-1: New USB device found, idVendor=0c72, idProduct=0014, bcdDevice=c7.76
[ 1424.873439][   T24] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1424.962891][   T24] usb 5-1: Product: syz
[ 1425.013416][   T24] usb 5-1: Manufacturer: syz
[ 1425.066154][   T24] usb 5-1: SerialNumber: syz
[ 1425.201310][   T24] usb 5-1: config 0 descriptor??
[ 1425.215706][T19433] FAULT_INJECTION: forcing a failure.
[ 1425.215706][T19433] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1425.237643][T19433] CPU: 0 UID: 0 PID: 19433 Comm: syz.0.3622 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) 
[ 1425.237675][T19433] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[ 1425.237687][T19433] Call Trace:
[ 1425.237697][T19433]  <TASK>
[ 1425.237707][T19433]  dump_stack_lvl+0x189/0x250
[ 1425.237737][T19433]  ? __pfx____ratelimit+0x10/0x10
[ 1425.237760][T19433]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1425.237784][T19433]  ? __pfx__printk+0x10/0x10
[ 1425.237826][T19433]  should_fail_ex+0x414/0x560
[ 1425.237855][T19433]  _copy_to_user+0x31/0xb0
[ 1425.237884][T19433]  simple_read_from_buffer+0xe1/0x170
[ 1425.237914][T19433]  proc_fail_nth_read+0x1df/0x250
[ 1425.237944][T19433]  ? __pfx_proc_fail_nth_read+0x10/0x10
[ 1425.237975][T19433]  ? rw_verify_area+0x258/0x650
[ 1425.238005][T19433]  ? __pfx_proc_fail_nth_read+0x10/0x10
[ 1425.238033][T19433]  vfs_read+0x200/0x980
[ 1425.238068][T19433]  ? __pfx___mutex_lock+0x10/0x10
[ 1425.238092][T19433]  ? __pfx_vfs_read+0x10/0x10
[ 1425.238135][T19433]  ? __fget_files+0x2a/0x420
[ 1425.238165][T19433]  ? __fget_files+0x3a0/0x420
[ 1425.238187][T19433]  ? __fget_files+0x2a/0x420
[ 1425.238221][T19433]  ksys_read+0x145/0x250
[ 1425.238244][T19433]  ? __pfx_ksys_read+0x10/0x10
[ 1425.238271][T19433]  ? do_syscall_64+0xbe/0x3b0
[ 1425.238300][T19433]  do_syscall_64+0xfa/0x3b0
[ 1425.238321][T19433]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1425.238342][T19433]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1425.238362][T19433]  ? clear_bhb_loop+0x60/0xb0
[ 1425.238389][T19433]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1425.238409][T19433] RIP: 0033:0x7fa20518d57c
[ 1425.238429][T19433] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[ 1425.238446][T19433] RSP: 002b:00007fa205fb1030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[ 1425.238469][T19433] RAX: ffffffffffffffda RBX: 00007fa2053b5fa0 RCX: 00007fa20518d57c
[ 1425.238485][T19433] RDX: 000000000000000f RSI: 00007fa205fb10a0 RDI: 0000000000000003
[ 1425.238499][T19433] RBP: 00007fa205fb1090 R08: 0000000000000000 R09: 0000000000000000
[ 1425.238513][T19433] R10: 000000000000002a R11: 0000000000000246 R12: 0000000000000001
[ 1425.238525][T19433] R13: 0000000000000001 R14: 00007fa2053b5fa0 R15: 00007fffb00ced68
[ 1425.238560][T19433]  </TASK>
[ 1426.109359][T19436] netlink: 'syz.3.3621': attribute type 7 has an invalid length.
[ 1426.132656][   T44] usb 6-1: new high-speed USB device number 57 using dummy_hcd
[ 1426.175744][   T24] peak_usb 5-1:0.56 can0: unable to request usb[type=0 value=1] err=-71
[ 1426.185190][   T24] peak_usb 5-1:0.56: unable to read PCAN-USB X6 firmware info (err -71)
[ 1426.265714][T19436] : entered promiscuous mode
[ 1426.307957][   T44] usb 6-1: Using ep0 maxpacket: 16
[ 1426.395680][   T44] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0xD has an invalid bInterval 0, changing to 7
[ 1426.453726][   T44] usb 6-1: New USB device found, idVendor=4752, idProduct=0011, bcdDevice=32.4f
[ 1426.463690][   T44] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1426.473181][   T44] usb 6-1: Product: syz
[ 1426.479361][   T44] usb 6-1: Manufacturer: syz
[ 1426.484091][   T44] usb 6-1: SerialNumber: syz
[ 1426.514518][   T44] usb 6-1: config 0 descriptor??
[ 1426.520724][   T24] peak_usb 5-1:0.56: probe with driver peak_usb failed with error -71
[ 1426.545071][   T24] usb 5-1: USB disconnect, device number 56
[ 1426.561351][   T44] hub 6-1:0.0: bad descriptor, ignoring hub
[ 1426.593181][   T44] hub 6-1:0.0: probe with driver hub failed with error -5
[ 1426.653249][   T44] usb 6-1: Quirk or no altset; falling back to MIDI 1.0
[ 1426.835625][   T30] audit: type=1326 audit(1754168868.335:385): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=19426 comm="syz.5.3619" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fa7ead8eb69 code=0x0
[ 1427.285891][T19457] netlink: 12 bytes leftover after parsing attributes in process `syz.3.3628'.
[ 1427.331503][T19457] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3628'.
[ 1428.418181][T19468] FAULT_INJECTION: forcing a failure.
[ 1428.418181][T19468] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1428.433015][T19468] CPU: 0 UID: 0 PID: 19468 Comm: syz.0.3631 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) 
[ 1428.433044][T19468] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[ 1428.433056][T19468] Call Trace:
[ 1428.433065][T19468]  <TASK>
[ 1428.433074][T19468]  dump_stack_lvl+0x189/0x250
[ 1428.433102][T19468]  ? __pfx____ratelimit+0x10/0x10
[ 1428.433126][T19468]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1428.433149][T19468]  ? __pfx__printk+0x10/0x10
[ 1428.433181][T19468]  ? __might_fault+0xb0/0x130
[ 1428.433201][T19468]  should_fail_ex+0x414/0x560
[ 1428.433218][T19468]  _copy_from_user+0x2d/0xb0
[ 1428.433238][T19468]  ucma_query+0xe0/0x1280
[ 1428.433280][T19468]  ? __lock_acquire+0xab9/0xd20
[ 1428.433300][T19468]  ? __pfx_ucma_query+0x10/0x10
[ 1428.433349][T19468]  ? is_bpf_text_address+0x26/0x2b0
[ 1428.433382][T19468]  ? __lock_acquire+0xab9/0xd20
[ 1428.433406][T19468]  ? __lock_acquire+0xab9/0xd20
[ 1428.433424][T19468]  ? __might_fault+0xb0/0x130
[ 1428.433451][T19468]  ucma_write+0x249/0x2e0
[ 1428.433469][T19468]  ? __pfx_ucma_write+0x10/0x10
[ 1428.433490][T19468]  ? security_file_permission+0x75/0x290
[ 1428.433505][T19468]  ? rw_verify_area+0x258/0x650
[ 1428.433523][T19468]  ? __pfx_ucma_write+0x10/0x10
[ 1428.433540][T19468]  vfs_write+0x27e/0xa90
[ 1428.433558][T19468]  ? __pfx_vfs_write+0x10/0x10
[ 1428.433571][T19468]  ? __fget_files+0x2a/0x420
[ 1428.433586][T19468]  ? __fget_files+0x2a/0x420
[ 1428.433599][T19468]  ? __fget_files+0x3a0/0x420
[ 1428.433612][T19468]  ? __fget_files+0x2a/0x420
[ 1428.433631][T19468]  ksys_write+0x145/0x250
[ 1428.433644][T19468]  ? __pfx_ksys_write+0x10/0x10
[ 1428.433656][T19468]  ? rcu_is_watching+0x15/0xb0
[ 1428.433670][T19468]  ? trace_sys_enter+0x25/0x120
[ 1428.433685][T19468]  do_syscall_64+0xfa/0x3b0
[ 1428.433698][T19468]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1428.433711][T19468]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1428.433723][T19468]  ? clear_bhb_loop+0x60/0xb0
[ 1428.433738][T19468]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1428.433750][T19468] RIP: 0033:0x7fa20518eb69
[ 1428.433763][T19468] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1428.433774][T19468] RSP: 002b:00007fa205fb1038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[ 1428.433788][T19468] RAX: ffffffffffffffda RBX: 00007fa2053b5fa0 RCX: 00007fa20518eb69
[ 1428.433798][T19468] RDX: 0000000000000018 RSI: 0000200000001d00 RDI: 0000000000000003
[ 1428.433806][T19468] RBP: 00007fa205fb1090 R08: 0000000000000000 R09: 0000000000000000
[ 1428.433814][T19468] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1428.433822][T19468] R13: 0000000000000000 R14: 00007fa2053b5fa0 R15: 00007fffb00ced68
[ 1428.433841][T19468]  </TASK>
[ 1428.493603][T19475] netlink: 76 bytes leftover after parsing attributes in process `syz.2.3632'.
[ 1428.894332][T19480] overlayfs: missing 'workdir'
[ 1429.226075][T19487] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3636'.
[ 1430.016766][T16829] usb 6-1: USB disconnect, device number 57
[ 1430.246847][T19499] netlink: 12 bytes leftover after parsing attributes in process `syz.2.3640'.
[ 1430.275316][T19499] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3640'.
[ 1431.585754][T19516] netlink: 60 bytes leftover after parsing attributes in process `syz.4.3645'.
[ 1431.619289][T19519] overlayfs: missing 'workdir'
[ 1434.087263][   T24] usb 5-1: new high-speed USB device number 57 using dummy_hcd
[ 1434.099886][T19537] xt_SECMARK: invalid mode: 2
[ 1434.125992][T19540] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3652'.
[ 1434.259505][   T24] usb 5-1: Using ep0 maxpacket: 32
[ 1434.280242][   T24] usb 5-1: config 0 has no interfaces?
[ 1434.305463][   T24] usb 5-1: New USB device found, idVendor=05ef, idProduct=020a, bcdDevice=91.36
[ 1434.349302][   T24] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1434.384902][   T24] usb 5-1: Product: syz
[ 1434.400011][   T24] usb 5-1: Manufacturer: syz
[ 1434.420975][   T24] usb 5-1: SerialNumber: syz
[ 1434.452238][   T24] usb 5-1: config 0 descriptor??
[ 1434.459031][T19542] netlink: 12 bytes leftover after parsing attributes in process `syz.2.3653'.
[ 1434.509985][T19542] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3653'.
[ 1436.237254][ T5853] Bluetooth: hci4: command 0x0406 tx timeout
[ 1436.924114][   T10] usb 6-1: new high-speed USB device number 58 using dummy_hcd
[ 1437.331647][T19560] overlayfs: missing 'workdir'
[ 1437.345175][   T24] usb 5-1: USB disconnect, device number 57
[ 1437.467635][   T10] usb 6-1: device descriptor read/64, error -71
[ 1438.187917][   T10] usb 6-1: new high-speed USB device number 59 using dummy_hcd
[ 1438.592908][T19566] overlayfs: upper fs does not support tmpfile.
[ 1438.987284][   T10] usb 6-1: device descriptor read/64, error -71
[ 1439.361107][T19579] usb usb1: usbfs: process 19579 (syz.2.3661) did not claim interface 0 before use
[ 1439.821381][   T10] usb usb6-port1: attempt power cycle
[ 1440.031197][T19583] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1440.430828][T19584] C: renamed from team_slave_0 (while UP)
[ 1440.445554][T19582] NILFS (nbd2): device size too small
[ 1440.453977][T19584] FAULT_INJECTION: forcing a failure.
[ 1440.453977][T19584] name failslab, interval 1, probability 0, space 0, times 0
[ 1440.475161][T19584] CPU: 1 UID: 0 PID: 19584 Comm: syz.0.3663 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) 
[ 1440.475192][T19584] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[ 1440.475205][T19584] Call Trace:
[ 1440.475214][T19584]  <TASK>
[ 1440.475224][T19584]  dump_stack_lvl+0x189/0x250
[ 1440.475253][T19584]  ? __pfx____ratelimit+0x10/0x10
[ 1440.475277][T19584]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1440.475301][T19584]  ? __pfx__printk+0x10/0x10
[ 1440.475334][T19584]  ? __pfx___might_resched+0x10/0x10
[ 1440.475363][T19584]  should_fail_ex+0x414/0x560
[ 1440.475391][T19584]  should_failslab+0xa8/0x100
[ 1440.475417][T19584]  __kmalloc_node_track_caller_noprof+0xcc/0x4e0
[ 1440.475439][T19584]  ? kernfs_rename_ns+0x3ea/0x7a0
[ 1440.475463][T19584]  ? kernfs_name_compare+0x6f/0x1c0
[ 1440.475499][T19584]  kstrdup+0x42/0x100
[ 1440.475529][T19584]  kernfs_rename_ns+0x3ea/0x7a0
[ 1440.475570][T19584]  sysfs_rename_dir_ns+0x6d/0x90
[ 1440.475598][T19584]  kobject_rename+0x326/0x420
[ 1440.475632][T19584]  ? __pfx_kobject_rename+0x10/0x10
[ 1440.475678][T19584]  ? sysfs_rename_link_ns+0x178/0x1b0
[ 1440.475710][T19584]  device_rename+0x15d/0x1f0
[ 1440.475735][T19584]  netif_change_name+0x28c/0x960
[ 1440.475770][T19584]  ? do_setlink+0x9f6/0x41c0
[ 1440.475808][T19584]  ? __pfx_netif_change_name+0x10/0x10
[ 1440.475844][T19584]  ? nla_strscpy+0x10f/0x170
[ 1440.475872][T19584]  do_setlink+0x9f6/0x41c0
[ 1440.475905][T19584]  ? __kernel_text_address+0xd/0x40
[ 1440.475935][T19584]  ? arch_stack_walk+0xfc/0x150
[ 1440.475965][T19584]  ? __pfx_do_setlink+0x10/0x10
[ 1440.476016][T19584]  ? __lock_acquire+0xab9/0xd20
[ 1440.476048][T19584]  ? __mutex_trylock_common+0x153/0x260
[ 1440.476075][T19584]  ? __pfx___mutex_trylock_common+0x10/0x10
[ 1440.476104][T19584]  ? rcu_is_watching+0x15/0xb0
[ 1440.476127][T19584]  ? trace_contention_end+0x39/0x120
[ 1440.476151][T19584]  ? __mutex_lock+0x330/0xe80
[ 1440.476186][T19584]  ? rtnl_newlink+0x8db/0x1c70
[ 1440.476211][T19584]  ? rcu_is_watching+0x15/0xb0
[ 1440.476236][T19584]  ? __pfx___mutex_lock+0x10/0x10
[ 1440.476273][T19584]  ? ns_capable+0x8a/0xf0
[ 1440.476297][T19584]  ? rtnl_link_get_net_capable+0x16a/0x350
[ 1440.476348][T19584]  rtnl_newlink+0x160b/0x1c70
[ 1440.476373][T19584]  ? netlink_sendmsg+0x805/0xb30
[ 1440.476414][T19584]  ? __pfx_rtnl_newlink+0x10/0x10
[ 1440.476468][T19584]  ? kasan_quarantine_put+0xdd/0x220
[ 1440.476498][T19584]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1440.476526][T19584]  ? nlmon_xmit+0xb0/0x100
[ 1440.476549][T19584]  ? kmem_cache_free+0x18f/0x400
[ 1440.476581][T19584]  ? __local_bh_enable_ip+0x12d/0x1c0
[ 1440.476603][T19584]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1440.476627][T19584]  ? __local_bh_enable_ip+0x12d/0x1c0
[ 1440.476658][T19584]  ? __pfx___local_bh_enable_ip+0x10/0x10
[ 1440.476686][T19584]  ? __dev_queue_xmit+0x27e/0x3a70
[ 1440.476707][T19584]  ? __dev_queue_xmit+0x27e/0x3a70
[ 1440.476726][T19584]  ? __dev_queue_xmit+0x27e/0x3a70
[ 1440.476749][T19584]  ? __dev_queue_xmit+0x1cd7/0x3a70
[ 1440.476778][T19584]  ? __lock_acquire+0xab9/0xd20
[ 1440.476831][T19584]  ? __pfx_rtnl_newlink+0x10/0x10
[ 1440.476858][T19584]  rtnetlink_rcv_msg+0x7cc/0xb70
[ 1440.476890][T19584]  ? rtnetlink_rcv_msg+0x1ab/0xb70
[ 1440.476913][T19584]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[ 1440.476932][T19584]  ? ref_tracker_free+0x63a/0x7d0
[ 1440.476951][T19584]  ? __copy_skb_header+0xa7/0x550
[ 1440.476973][T19584]  ? __pfx_ref_tracker_free+0x10/0x10
[ 1440.476993][T19584]  ? __skb_clone+0x63/0x7a0
[ 1440.477022][T19584]  netlink_rcv_skb+0x205/0x470
[ 1440.477051][T19584]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[ 1440.477079][T19584]  ? __pfx_netlink_rcv_skb+0x10/0x10
[ 1440.477128][T19584]  ? netlink_deliver_tap+0x2e/0x1b0
[ 1440.477154][T19584]  ? netlink_deliver_tap+0x2e/0x1b0
[ 1440.477188][T19584]  netlink_unicast+0x75c/0x8e0
[ 1440.477227][T19584]  netlink_sendmsg+0x805/0xb30
[ 1440.477268][T19584]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 1440.477297][T19584]  ? __lock_acquire+0xab9/0xd20
[ 1440.477321][T19584]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[ 1440.477342][T19584]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 1440.477371][T19584]  __sock_sendmsg+0x21c/0x270
[ 1440.477400][T19584]  sock_write_iter+0x258/0x330
[ 1440.477428][T19584]  ? __pfx_sock_write_iter+0x10/0x10
[ 1440.477463][T19584]  ? bpf_lsm_file_permission+0x9/0x20
[ 1440.477486][T19584]  ? security_file_permission+0x75/0x290
[ 1440.477522][T19584]  vfs_write+0x54b/0xa90
[ 1440.477548][T19584]  ? __pfx_sock_write_iter+0x10/0x10
[ 1440.477572][T19584]  ? __pfx_vfs_write+0x10/0x10
[ 1440.477603][T19584]  ? __fget_files+0x2a/0x420
[ 1440.477637][T19584]  ksys_write+0x145/0x250
[ 1440.477669][T19584]  ? __pfx_ksys_write+0x10/0x10
[ 1440.477685][T19584]  ? rcu_is_watching+0x15/0xb0
[ 1440.477715][T19584]  ? do_syscall_64+0xbe/0x3b0
[ 1440.477744][T19584]  do_syscall_64+0xfa/0x3b0
[ 1440.477765][T19584]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1440.477786][T19584]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1440.477807][T19584]  ? clear_bhb_loop+0x60/0xb0
[ 1440.477834][T19584]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1440.477854][T19584] RIP: 0033:0x7fa20518eb69
[ 1440.477875][T19584] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1440.477893][T19584] RSP: 002b:00007fa205fb1038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[ 1440.477916][T19584] RAX: ffffffffffffffda RBX: 00007fa2053b5fa0 RCX: 00007fa20518eb69
[ 1440.477932][T19584] RDX: 000000000000fe33 RSI: 0000200000000000 RDI: 0000000000000003
[ 1440.477945][T19584] RBP: 00007fa205fb1090 R08: 0000000000000000 R09: 0000000000000000
[ 1440.477959][T19584] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 1440.477971][T19584] R13: 0000000000000000 R14: 00007fa2053b5fa0 R15: 00007fffb00ced68
[ 1440.478007][T19584]  </TASK>
[ 1441.251776][T19590] netlink: 12 bytes leftover after parsing attributes in process `syz.4.3666'.
[ 1441.338721][T19590] netlink: 8 bytes leftover after parsing attributes in process `syz.4.3666'.
[ 1441.711787][T19607] netlink: 'syz.3.3669': attribute type 1 has an invalid length.
[ 1441.721823][T19593] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[ 1441.737688][T19593] Bluetooth: hci2: Opcode 0x0406 failed: -4
[ 1441.754840][T19593] Bluetooth: hci5: Opcode 0x0c1a failed: -4
[ 1441.763476][T19593] Bluetooth: hci5: Opcode 0x0406 failed: -4
[ 1441.775543][T19593] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[ 1441.786377][T19593] Bluetooth: hci4: Opcode 0x0406 failed: -4
[ 1441.805834][T19593] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[ 1441.822976][T19593] Bluetooth: hci1: Opcode 0x0406 failed: -4
[ 1441.833223][T19593] Bluetooth: hci1: Opcode 0x0406 failed: -4
[ 1442.119964][T16829] usb 4-1: new high-speed USB device number 43 using dummy_hcd
[ 1442.138598][ T9714] usb 6-1: new high-speed USB device number 61 using dummy_hcd
[ 1442.280199][T19613] overlayfs: upper fs does not support tmpfile.
[ 1442.419254][ T9714] usb 6-1: Using ep0 maxpacket: 32
[ 1442.600722][ T9714] usb 6-1: config 0 has no interfaces?
[ 1442.618932][ T9714] usb 6-1: New USB device found, idVendor=05ef, idProduct=020a, bcdDevice=91.36
[ 1442.637185][ T9714] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1442.652133][ T9714] usb 6-1: Product: syz
[ 1442.682234][ T9714] usb 6-1: Manufacturer: syz
[ 1442.685143][T16829] usb 4-1: New USB device found, idVendor=046d, idProduct=0870, bcdDevice=61.47
[ 1442.686884][ T9714] usb 6-1: SerialNumber: syz
[ 1442.713129][T16829] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1442.748341][T16829] usb 4-1: config 0 descriptor??
[ 1442.763044][ T9714] usb 6-1: config 0 descriptor??
[ 1442.791005][T16829] gspca_main: STV06xx-2.14.0 probing 046d:0870
[ 1443.617476][T19215] Bluetooth: hci2: command 0x0406 tx timeout
[ 1443.778598][ T5853] Bluetooth: hci5: command 0x0406 tx timeout
[ 1443.785244][T19215] Bluetooth: hci4: command 0x0406 tx timeout
[ 1443.858822][T19215] Bluetooth: hci1: command 0x0c1a tx timeout
[ 1444.621821][T19638] netlink: 12 bytes leftover after parsing attributes in process `syz.0.3681'.
[ 1444.668057][T19638] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3681'.
[ 1445.354357][   T10] usb 6-1: USB disconnect, device number 61
[ 1445.757444][T19215] Bluetooth: hci2: command 0x0406 tx timeout
[ 1445.854801][T16829] gspca_stv06xx: I2C: Read error writing address: -71
[ 1445.862494][T19215] Bluetooth: hci4: command 0x0406 tx timeout
[ 1445.862571][T19215] Bluetooth: hci5: command 0x0406 tx timeout
[ 1445.914758][T16829] usb 4-1: USB disconnect, device number 43
[ 1445.941280][ T5853] Bluetooth: hci1: command 0x0c1a tx timeout
[ 1446.744609][T19666] FAULT_INJECTION: forcing a failure.
[ 1446.744609][T19666] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1446.774722][T19666] CPU: 1 UID: 0 PID: 19666 Comm: syz.0.3692 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) 
[ 1446.774755][T19666] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[ 1446.774767][T19666] Call Trace:
[ 1446.774775][T19666]  <TASK>
[ 1446.774785][T19666]  dump_stack_lvl+0x189/0x250
[ 1446.774814][T19666]  ? __pfx____ratelimit+0x10/0x10
[ 1446.774837][T19666]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1446.774870][T19666]  ? __pfx__printk+0x10/0x10
[ 1446.774913][T19666]  should_fail_ex+0x414/0x560
[ 1446.774942][T19666]  _copy_to_user+0x31/0xb0
[ 1446.774972][T19666]  simple_read_from_buffer+0xe1/0x170
[ 1446.775002][T19666]  proc_fail_nth_read+0x1df/0x250
[ 1446.775033][T19666]  ? __pfx_proc_fail_nth_read+0x10/0x10
[ 1446.775062][T19666]  ? rw_verify_area+0x258/0x650
[ 1446.775092][T19666]  ? __pfx_proc_fail_nth_read+0x10/0x10
[ 1446.775119][T19666]  vfs_read+0x200/0x980
[ 1446.775157][T19666]  ? __pfx___mutex_lock+0x10/0x10
[ 1446.775182][T19666]  ? __pfx_vfs_read+0x10/0x10
[ 1446.775215][T19666]  ? __fget_files+0x2a/0x420
[ 1446.775244][T19666]  ? __fget_files+0x3a0/0x420
[ 1446.775264][T19666]  ? __fget_files+0x2a/0x420
[ 1446.775298][T19666]  ksys_read+0x145/0x250
[ 1446.775321][T19666]  ? __pfx_ksys_read+0x10/0x10
[ 1446.775336][T19666]  ? rcu_is_watching+0x15/0xb0
[ 1446.775363][T19666]  ? do_syscall_64+0xbe/0x3b0
[ 1446.775389][T19666]  do_syscall_64+0xfa/0x3b0
[ 1446.775409][T19666]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1446.775431][T19666]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1446.775450][T19666]  ? clear_bhb_loop+0x60/0xb0
[ 1446.775474][T19666]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1446.775493][T19666] RIP: 0033:0x7fa20518d57c
[ 1446.775513][T19666] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[ 1446.775530][T19666] RSP: 002b:00007fa205fb1030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[ 1446.775552][T19666] RAX: ffffffffffffffda RBX: 00007fa2053b5fa0 RCX: 00007fa20518d57c
[ 1446.775568][T19666] RDX: 000000000000000f RSI: 00007fa205fb10a0 RDI: 0000000000000004
[ 1446.775579][T19666] RBP: 00007fa205fb1090 R08: 0000000000000000 R09: 0000000000000000
[ 1446.775591][T19666] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1446.775602][T19666] R13: 0000000000000000 R14: 00007fa2053b5fa0 R15: 00007fffb00ced68
[ 1446.775637][T19666]  </TASK>
[ 1447.197343][T16829] usb 4-1: new high-speed USB device number 44 using dummy_hcd
[ 1447.329616][T19676] netlink: 'syz.2.3688': attribute type 1 has an invalid length.
[ 1447.390820][T16829] usb 4-1: config 1 has an invalid descriptor of length 12, skipping remainder of the config
[ 1447.403748][T16829] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 3
[ 1447.418981][T16829] usb 4-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00
[ 1447.429699][T16829] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3
[ 1447.444359][T16829] usb 4-1: SerialNumber: syz
[ 1447.672157][T16829] usb 4-1: 0:2 : does not exist
[ 1447.685321][T16829] usb 4-1: unit 5 not found!
[ 1447.746182][T16829] usb 4-1: USB disconnect, device number 44
[ 1448.043031][ T5853] Bluetooth: hci1: command 0x0c1a tx timeout
[ 1449.415037][T19703] netlink: 12 bytes leftover after parsing attributes in process `syz.3.3695'.
[ 1449.428864][T19703] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3695'.
[ 1449.779973][T19716] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3699'.
[ 1449.907359][T19716] netlink: 660 bytes leftover after parsing attributes in process `syz.0.3699'.
[ 1453.175361][T19729] FAULT_INJECTION: forcing a failure.
[ 1453.175361][T19729] name failslab, interval 1, probability 0, space 0, times 0
[ 1453.285458][T19729] CPU: 0 UID: 0 PID: 19729 Comm: syz.0.3704 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) 
[ 1453.285491][T19729] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[ 1453.285526][T19729] Call Trace:
[ 1453.285535][T19729]  <TASK>
[ 1453.285546][T19729]  dump_stack_lvl+0x189/0x250
[ 1453.285576][T19729]  ? __pfx____ratelimit+0x10/0x10
[ 1453.285600][T19729]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1453.285624][T19729]  ? __pfx__printk+0x10/0x10
[ 1453.285658][T19729]  ? __pfx___might_resched+0x10/0x10
[ 1453.285679][T19729]  ? fs_reclaim_acquire+0x7d/0x100
[ 1453.285711][T19729]  should_fail_ex+0x414/0x560
[ 1453.285750][T19729]  should_failslab+0xa8/0x100
[ 1453.285775][T19729]  kmem_cache_alloc_noprof+0x73/0x3c0
[ 1453.285793][T19729]  ? alloc_empty_file+0x55/0x1d0
[ 1453.285824][T19729]  alloc_empty_file+0x55/0x1d0
[ 1453.285850][T19729]  path_openat+0x107/0x3830
[ 1453.285876][T19729]  ? arch_stack_walk+0xfc/0x150
[ 1453.285944][T19729]  ? kasan_save_track+0x4f/0x80
[ 1453.285974][T19729]  ? kasan_save_track+0x3e/0x80
[ 1453.285997][T19729]  ? __kasan_slab_alloc+0x6c/0x80
[ 1453.286014][T19729]  ? getname_flags+0xb8/0x540
[ 1453.286037][T19729]  ? __pfx_path_openat+0x10/0x10
[ 1453.286062][T19729]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1453.286117][T19729]  do_filp_open+0x1fa/0x410
[ 1453.286143][T19729]  ? __lock_acquire+0xab9/0xd20
[ 1453.286167][T19729]  ? __pfx_do_filp_open+0x10/0x10
[ 1453.286220][T19729]  ? _raw_spin_unlock+0x28/0x50
[ 1453.286249][T19729]  ? alloc_fd+0x64c/0x6c0
[ 1453.286285][T19729]  do_sys_openat2+0x121/0x1c0
[ 1453.286316][T19729]  ? __pfx_do_sys_openat2+0x10/0x10
[ 1453.286344][T19729]  ? ksys_write+0x22a/0x250
[ 1453.286367][T19729]  ? __pfx_ksys_write+0x10/0x10
[ 1453.286385][T19729]  ? rcu_is_watching+0x15/0xb0
[ 1453.286413][T19729]  __x64_sys_openat+0x138/0x170
[ 1453.286447][T19729]  do_syscall_64+0xfa/0x3b0
[ 1453.286476][T19729]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1453.286498][T19729]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1453.286743][T19729]  ? clear_bhb_loop+0x60/0xb0
[ 1453.286812][T19729]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1453.286834][T19729] RIP: 0033:0x7fa20518d4d0
[ 1453.286855][T19729] Code: 48 89 44 24 20 75 93 44 89 54 24 0c e8 49 94 02 00 44 8b 54 24 0c 89 da 48 89 ee 41 89 c0 bf 9c ff ff ff b8 01 01 00 00 0f 05 <48> 3d 00 f0 ff ff 77 38 44 89 c7 89 44 24 0c e8 9c 94 02 00 8b 44
[ 1453.286873][T19729] RSP: 002b:00007fa205fb0f10 EFLAGS: 00000293 ORIG_RAX: 0000000000000101
[ 1453.286897][T19729] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007fa20518d4d0
[ 1453.286913][T19729] RDX: 0000000000000002 RSI: 00007fa205fb0fa0 RDI: 00000000ffffff9c
[ 1453.286926][T19729] RBP: 00007fa205fb0fa0 R08: 0000000000000000 R09: 00007fa205fb0cd5
[ 1453.286940][T19729] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000001
[ 1453.286954][T19729] R13: 0000000000000000 R14: 00007fa2053b5fa0 R15: 00007fffb00ced68
[ 1453.286988][T19729]  </TASK>
[ 1453.609136][T19743] netlink: 12 bytes leftover after parsing attributes in process `syz.3.3708'.
[ 1453.650016][T19743] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3708'.
[ 1454.006423][T19756] 9pnet_fd: Insufficient options for proto=fd
[ 1454.783588][T19757] netlink: 'syz.4.3711': attribute type 5 has an invalid length.
[ 1454.983773][T19757] netlink: 24 bytes leftover after parsing attributes in process `syz.4.3711'.
[ 1456.727407][   T10] usb 6-1: new high-speed USB device number 62 using dummy_hcd
[ 1456.921434][   T10] usb 6-1: unable to get BOS descriptor or descriptor too short
[ 1456.947654][   T10] usb 6-1: config 1 interface 1 has no altsetting 0
[ 1456.969217][   T10] usb 6-1: string descriptor 0 read error: -22
[ 1456.991569][   T10] usb 6-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[ 1457.012572][   T10] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1457.051336][   T10] usb 6-1: 2:1: invalid format type 0x1001 is detected, processed as PCM
[ 1457.110465][   T10] usb 6-1: 2:1 : invalid UAC_FORMAT_TYPE desc
[ 1457.296862][T19798] netlink: 12 bytes leftover after parsing attributes in process `syz.0.3722'.
[ 1457.327039][T19798] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3722'.
[ 1457.492780][   T10] usb 6-1: USB disconnect, device number 62
[ 1458.069398][T16829] usb 4-1: new high-speed USB device number 45 using dummy_hcd
[ 1458.613168][T16829] usb 4-1: Using ep0 maxpacket: 8
[ 1458.623509][T16829] usb 4-1: config 1 interface 0 altsetting 4 bulk endpoint 0x82 has invalid maxpacket 64
[ 1458.646115][T16829] usb 4-1: config 1 interface 0 altsetting 4 bulk endpoint 0x3 has invalid maxpacket 64
[ 1458.656629][T16829] usb 4-1: config 1 interface 0 altsetting 4 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[ 1459.357020][T16829] usb 4-1: config 1 interface 0 has no altsetting 0
[ 1459.400243][T16829] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[ 1459.436965][T16829] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1459.445819][T16829] usb 4-1: Product: 嗨蠓὾실ࠍ皕䛘眺蹻텊ꋺ醻旱貳ꎈ़䨊铸ᖆ謵ڽꉝ猝滶꩛悜拈⽃﷙͒螶멆ᓩﶚ냸벎둔Ⳉ螢ຏⶏнꪆ猼ီ鿟厪ꠕ憱῔鄖ꈬ赲꘳캆ⱖ攁㌅嗝㳸蔫⯖蚞꺝ᴰ㨌
[ 1459.490996][T16829] usb 4-1: Manufacturer: Ⱌ艻糵傠륂㬂ꉡϛ頜縟⡌≊鷗몕␑ᕗ蝚徵ퟰ꓏ᴲ駒澱쿋镌쌇䱽카汢左쎆뛋쉀鼰皼쟓恩蒇ﻄ่ꇍ沼鲂◺묜뚳챢㑟轄鳊烳횕禫쭼૗㧓崳垲㌕喆评㬅㫢ᱻ嚣굜ꔆ㙪쎼湀ퟩ
[ 1459.722842][T16829] usb 4-1: SerialNumber: ⫨者퍻鷑ถ傣轝䮜ಥ켆뢢ﳀ❽闕檞戓⭗噚䵰ۓ痫蹯睍㐀ɐ圚Ἔ㝤䥚星彸鬸⺊ヶ廾ᕉᝎႭꈖ琼Ḭ诈굝鹖ᘕ䕮쨽梣혢Ⓑ퉅諽큶傾㡵༠䪾沯缤듘ﳵ䳩츀᰷搶ꥼ쮠ꌢ把敶焫䒰⫷⮥巾㬚䟆혻㝪Դ酣⡞玁使栛ᓿ
[ 1460.202230][T19807] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22
[ 1460.210590][T19807] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22
[ 1460.420997][T19807] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1460.483906][T19807] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1461.225085][T16829] cdc_ether 4-1:1.0: probe with driver cdc_ether failed with error -71
[ 1461.264716][T16829] usb 4-1: USB disconnect, device number 45
[ 1461.441944][T19839] netlink: 12 bytes leftover after parsing attributes in process `syz.2.3735'.
[ 1461.622458][T19839] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3735'.
[ 1463.139662][T19858] netlink: 'syz.3.3739': attribute type 7 has an invalid length.
[ 1464.134999][T19869] xt_CT: You must specify a L4 protocol and not use inversions on it
[ 1464.289531][T19869] FAULT_INJECTION: forcing a failure.
[ 1464.289531][T19869] name failslab, interval 1, probability 0, space 0, times 0
[ 1464.397793][T19869] CPU: 1 UID: 0 PID: 19869 Comm: syz.2.3742 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) 
[ 1464.397824][T19869] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[ 1464.397836][T19869] Call Trace:
[ 1464.397845][T19869]  <TASK>
[ 1464.397854][T19869]  dump_stack_lvl+0x189/0x250
[ 1464.397875][T19869]  ? __pfx____ratelimit+0x10/0x10
[ 1464.397889][T19869]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1464.397903][T19869]  ? __pfx__printk+0x10/0x10
[ 1464.397923][T19869]  ? __pfx___might_resched+0x10/0x10
[ 1464.397936][T19869]  ? fs_reclaim_acquire+0x7d/0x100
[ 1464.397954][T19869]  should_fail_ex+0x414/0x560
[ 1464.397971][T19869]  ? __nf_hook_entries_try_shrink+0x316/0x6e0
[ 1464.397987][T19869]  should_failslab+0xa8/0x100
[ 1464.398002][T19869]  __kvmalloc_node_noprof+0x161/0x5f0
[ 1464.398016][T19869]  ? __nf_hook_entries_try_shrink+0x316/0x6e0
[ 1464.398036][T19869]  __nf_hook_entries_try_shrink+0x316/0x6e0
[ 1464.398062][T19869]  __nf_unregister_net_hook+0x4f6/0x700
[ 1464.398084][T19869]  nf_unregister_net_hooks+0xcb/0x140
[ 1464.398103][T19869]  nf_ct_netns_put+0x3b9/0x520
[ 1464.398123][T19869]  xt_ct_tg_check+0x787/0xa90
[ 1464.398145][T19869]  ? __pfx_xt_ct_tg_check+0x10/0x10
[ 1464.398165][T19869]  ? xt_ct_tg_check_v0+0x162/0x290
[ 1464.398186][T19869]  xt_ct_tg_check_v0+0x16f/0x290
[ 1464.398205][T19869]  ? __pfx_xt_ct_tg_check_v0+0x10/0x10
[ 1464.398221][T19869]  ? rcu_is_watching+0x15/0xb0
[ 1464.398241][T19869]  ? xt_find_target+0x1f3/0x240
[ 1464.398266][T19869]  xt_check_target+0x3c3/0xa90
[ 1464.398288][T19869]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[ 1464.398313][T19869]  ? __pfx_xt_check_target+0x10/0x10
[ 1464.398337][T19869]  ? pcpu_alloc_noprof+0xfdd/0x16b0
[ 1464.398371][T19869]  ? xt_find_target+0x1f3/0x240
[ 1464.398399][T19869]  translate_table+0x1811/0x2000
[ 1464.398431][T19869]  ? __pfx_translate_table+0x10/0x10
[ 1464.398449][T19869]  ? __might_fault+0xb0/0x130
[ 1464.398475][T19869]  ? _copy_from_user+0x94/0xb0
[ 1464.398495][T19869]  do_ipt_set_ctl+0x967/0xcd0
[ 1464.398517][T19869]  ? rcu_is_watching+0x15/0xb0
[ 1464.398529][T19869]  ? __pfx_do_ipt_set_ctl+0x10/0x10
[ 1464.398566][T19869]  ? __pfx___mutex_lock+0x10/0x10
[ 1464.398580][T19869]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[ 1464.398606][T19869]  nf_setsockopt+0x26c/0x290
[ 1464.398626][T19869]  ? __pfx_sock_common_setsockopt+0x10/0x10
[ 1464.398644][T19869]  do_sock_setsockopt+0x179/0x1b0
[ 1464.398666][T19869]  __x64_sys_setsockopt+0x13f/0x1b0
[ 1464.398688][T19869]  do_syscall_64+0xfa/0x3b0
[ 1464.398701][T19869]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1464.398714][T19869]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1464.398726][T19869]  ? clear_bhb_loop+0x60/0xb0
[ 1464.398741][T19869]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1464.398754][T19869] RIP: 0033:0x7f89e098eb69
[ 1464.398766][T19869] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1464.398777][T19869] RSP: 002b:00007f89e17ac038 EFLAGS: 00000246 ORIG_RAX: 0000000000000036
[ 1464.398792][T19869] RAX: ffffffffffffffda RBX: 00007f89e0bb5fa0 RCX: 00007f89e098eb69
[ 1464.398801][T19869] RDX: 0000000000000040 RSI: 0004000000000000 RDI: 0000000000000003
[ 1464.398810][T19869] RBP: 00007f89e17ac090 R08: 0000000000000278 R09: 0000000000000000
[ 1464.398818][T19869] R10: 0000200000000c00 R11: 0000000000000246 R12: 0000000000000002
[ 1464.398826][T19869] R13: 0000000000000000 R14: 00007f89e0bb5fa0 R15: 00007ffe679fe308
[ 1464.398846][T19869]  </TASK>
[ 1465.101852][   T30] audit: type=1326 audit(1754168906.595:386): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=19870 comm="syz.2.3744" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f89e098eb69 code=0x7ffc0000
[ 1465.234408][   T30] audit: type=1326 audit(1754168906.675:387): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=19870 comm="syz.2.3744" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f89e092ad69 code=0x7ffc0000
[ 1465.342953][   T30] audit: type=1326 audit(1754168906.675:388): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=19870 comm="syz.2.3744" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f89e092ad69 code=0x7ffc0000
[ 1465.374564][   T30] audit: type=1326 audit(1754168906.675:389): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=19870 comm="syz.2.3744" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f89e092ad69 code=0x7ffc0000
[ 1465.403274][   T30] audit: type=1326 audit(1754168906.675:390): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=19870 comm="syz.2.3744" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f89e092ad69 code=0x7ffc0000
[ 1465.458342][   T30] audit: type=1326 audit(1754168906.675:391): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=19870 comm="syz.2.3744" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f89e092ad69 code=0x7ffc0000
[ 1465.557197][ T9714] usb 6-1: new high-speed USB device number 63 using dummy_hcd
[ 1465.563574][   T30] audit: type=1326 audit(1754168906.685:392): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=19870 comm="syz.2.3744" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f89e092ad69 code=0x7ffc0000
[ 1465.599535][T19873] netlink: 'syz.2.3744': attribute type 10 has an invalid length.
[ 1465.628478][T19873] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1465.636441][T19873] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1465.658241][   T30] audit: type=1326 audit(1754168906.685:393): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=19870 comm="syz.2.3744" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f89e092ad69 code=0x7ffc0000
[ 1465.695697][T19880] loop8: detected capacity change from 0 to 8
[ 1465.709863][T19880] Dev loop8: unable to read RDB block 8
[ 1465.715505][T19880]  loop8: unable to read partition table
[ 1465.721261][   T24] usb 3-1: new high-speed USB device number 55 using dummy_hcd
[ 1465.729796][T19880] loop8: partition table beyond EOD, truncated
[ 1465.735988][T19880] loop_reread_partitions: partition scan of loop8 (�被x�^>�� �) failed (rc=-5)
[ 1465.774970][ T9714] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1465.786416][ T9714] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1465.834339][ T9714] usb 6-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[ 1465.850155][T19873] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1465.857774][T19873] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1465.865658][T19873] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1465.873398][T19873] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1465.877243][   T30] audit: type=1326 audit(1754168906.685:394): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=19870 comm="syz.2.3744" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f89e092ad69 code=0x7ffc0000
[ 1465.920436][ T9714] usb 6-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[ 1465.942812][ T9714] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1465.981429][   T30] audit: type=1326 audit(1754168906.685:395): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=19870 comm="syz.2.3744" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f89e092ad69 code=0x7ffc0000
[ 1466.017162][ T9714] usb 6-1: config 0 descriptor??
[ 1466.058117][T19873] bond0: (slave bridge0): Enslaving as an active interface with an up link
[ 1467.170923][ T9714] usbhid 6-1:0.0: can't add hid device: -71
[ 1467.177155][ T9714] usbhid 6-1:0.0: probe with driver usbhid failed with error -71
[ 1467.216849][ T9714] usb 6-1: USB disconnect, device number 63
[ 1468.735293][T19911] netlink: 48 bytes leftover after parsing attributes in process `syz.0.3753'.
[ 1469.371579][T19913] netlink: 129704 bytes leftover after parsing attributes in process `syz.0.3753'.
[ 1470.011947][T19906] overlayfs: upper fs does not support tmpfile.
[ 1472.267476][ T9714] usb 6-1: new high-speed USB device number 64 using dummy_hcd
[ 1472.430128][ T9714] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1472.457545][ T9714] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1472.480161][ T9714] usb 6-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[ 1472.534800][ T9714] usb 6-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[ 1472.607290][ T9714] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1473.059182][ T9714] usb 6-1: config 0 descriptor??
[ 1473.989056][ T9714] usbhid 6-1:0.0: can't add hid device: -71
[ 1474.063389][ T9714] usbhid 6-1:0.0: probe with driver usbhid failed with error -71
[ 1474.472603][ T9714] usb 6-1: USB disconnect, device number 64
[ 1474.578903][   T44] usb 3-1: new high-speed USB device number 56 using dummy_hcd
[ 1474.746441][   T44] usb 3-1: config 0 has no interfaces?
[ 1474.760097][   T44] usb 3-1: New USB device found, idVendor=10fd, idProduct=1513, bcdDevice=7e.ce
[ 1474.780001][   T44] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1474.794625][   T44] usb 3-1: Product: syz
[ 1474.801546][   T44] usb 3-1: Manufacturer: syz
[ 1474.811561][   T44] usb 3-1: SerialNumber: syz
[ 1474.901761][T19971] netlink: 48 bytes leftover after parsing attributes in process `syz.3.3772'.
[ 1475.041616][   T44] usb 3-1: config 0 descriptor??
[ 1475.805532][T19957] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1475.856578][T19957] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1475.962741][T19957] netlink: 12 bytes leftover after parsing attributes in process `syz.2.3768'.
[ 1476.349909][T19971] netlink: 129704 bytes leftover after parsing attributes in process `syz.3.3772'.
[ 1477.471511][   T44] usb 3-1: USB disconnect, device number 56
[ 1478.096067][T19995] Device name cannot be null; rc = [-22]
[ 1479.215356][T20001] netlink: 'syz.4.3779': attribute type 10 has an invalid length.
[ 1479.263505][T20001] team0: Device ipvlan1 failed to register rx_handler
[ 1479.957628][   T30] kauditd_printk_skb: 98 callbacks suppressed
[ 1479.957648][   T30] audit: type=1800 audit(1754168921.455:494): pid=20005 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz.5.3781" name="bus" dev="overlay" ino=593 res=0 errno=0
[ 1482.020553][T20023] netlink: 32 bytes leftover after parsing attributes in process `syz.4.3787'.
[ 1482.454164][T20029] netlink: 88 bytes leftover after parsing attributes in process `syz.5.3788'.
[ 1482.778874][T20036] binder: 20028:20036 ioctl c0306201 2000000001c0 returned -22
[ 1483.817593][ T9714] usb 6-1: new high-speed USB device number 65 using dummy_hcd
[ 1484.007496][ T9714] usb 6-1: Using ep0 maxpacket: 16
[ 1484.077496][ T9714] usb 6-1: New USB device found, idVendor=0d49, idProduct=7010, bcdDevice= c.90
[ 1484.093224][ T9714] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1484.105417][ T9714] usb 6-1: Product: syz
[ 1484.121222][ T9714] usb 6-1: Manufacturer: syz
[ 1484.130987][ T9714] usb 6-1: SerialNumber: syz
[ 1484.168509][ T9714] usb 6-1: config 0 descriptor??
[ 1484.183712][ T9714] ums-onetouch 6-1:0.0: USB Mass Storage device detected
[ 1485.062504][ T1301] ieee802154 phy0 wpan0: encryption failed: -22
[ 1487.369512][ T9714] usb 6-1: USB disconnect, device number 65
[ 1489.949110][T17086] usb 5-1: new high-speed USB device number 58 using dummy_hcd
[ 1490.207246][   T24] usb 4-1: new high-speed USB device number 46 using dummy_hcd
[ 1490.227448][T17086] usb 5-1: Using ep0 maxpacket: 32
[ 1490.276369][T17086] usb 5-1: New USB device found, idVendor=0545, idProduct=8080, bcdDevice= 3.01
[ 1490.356638][T17086] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1490.578597][T17086] usb 5-1: config 0 descriptor??
[ 1490.941828][T17086] gspca_main: xirlink-cit-2.14.0 probing 0545:8080
[ 1491.051899][T20079] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1491.153328][T17086] input: xirlink-cit as /devices/platform/dummy_hcd.4/usb5/5-1/input/input72
[ 1491.180463][T20079] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1492.200619][ T2985] af_packet: tpacket_rcv: packet too big, clamped from 66 to 4294967286. macoff=82
[ 1492.232197][T17086] usb 5-1: USB disconnect, device number 58
[ 1492.273234][   T24] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1492.315019][   T24] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1492.331839][   T24] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[ 1492.355897][   T24] usb 4-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[ 1492.365481][   T24] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1492.399802][   T24] usb 4-1: config 0 descriptor??
[ 1492.944867][   T24] plantronics 0003:047F:FFFF.0016: unknown main item tag 0x0
[ 1492.983412][   T24] plantronics 0003:047F:FFFF.0016: unknown main item tag 0x0
[ 1493.019551][   T24] plantronics 0003:047F:FFFF.0016: unknown main item tag 0x0
[ 1493.086177][   T24] plantronics 0003:047F:FFFF.0016: unknown main item tag 0x0
[ 1493.170793][   T24] plantronics 0003:047F:FFFF.0016: unknown main item tag 0x0
[ 1493.229113][   T24] plantronics 0003:047F:FFFF.0016: unknown main item tag 0x0
[ 1493.291670][   T24] plantronics 0003:047F:FFFF.0016: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.3-1/input0
[ 1493.817855][   T24] usb 4-1: USB disconnect, device number 46
[ 1494.718443][T20110] overlayfs: failed to resolve './file1': -2
[ 1495.205958][T20116] netlink: 12 bytes leftover after parsing attributes in process `syz.2.3815'.
[ 1495.205983][T20116] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3815'.
[ 1496.867294][   T44] usb 3-1: new high-speed USB device number 57 using dummy_hcd
[ 1497.125166][   T44] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1497.221062][   T44] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1497.275403][   T44] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[ 1497.331243][   T44] usb 3-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[ 1497.341627][   T44] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1497.603220][T20158] Device name cannot be null; rc = [-22]
[ 1498.560286][   T44] usb 3-1: config 0 descriptor??
[ 1498.566340][T20152] overlayfs: failed to resolve './file1': -2
[ 1498.698938][T20164] netlink: 12 bytes leftover after parsing attributes in process `syz.0.3827'.
[ 1498.730689][T20164] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3827'.
[ 1498.763510][T20168] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1498.790373][T20168] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1498.818573][T20168] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1498.838698][T20168] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1499.014301][   T44] plantronics 0003:047F:FFFF.0017: unknown main item tag 0x0
[ 1499.057414][   T44] plantronics 0003:047F:FFFF.0017: unknown main item tag 0x0
[ 1499.095055][   T44] plantronics 0003:047F:FFFF.0017: unknown main item tag 0x0
[ 1499.107639][T17086] usb 6-1: new high-speed USB device number 66 using dummy_hcd
[ 1499.124433][   T44] plantronics 0003:047F:FFFF.0017: unknown main item tag 0x0
[ 1499.142887][   T44] plantronics 0003:047F:FFFF.0017: unknown main item tag 0x0
[ 1499.187671][   T44] plantronics 0003:047F:FFFF.0017: unknown main item tag 0x0
[ 1499.342440][T20180] devpts: Bad value for 'gid'
[ 1499.351120][   T44] plantronics 0003:047F:FFFF.0017: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.2-1/input0
[ 1499.377222][T20180] devpts: Bad value for 'gid'
[ 1499.409564][   T44] usb 3-1: USB disconnect, device number 57
[ 1501.247423][T17086] usb 6-1: Using ep0 maxpacket: 32
[ 1501.260615][T17086] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1501.282941][T17086] usb 6-1: config 0 has no interfaces?
[ 1501.296691][T17086] usb 6-1: New USB device found, idVendor=05ef, idProduct=020a, bcdDevice=91.36
[ 1501.332308][T17086] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1501.349696][T17086] usb 6-1: Product: syz
[ 1501.353956][T17086] usb 6-1: Manufacturer: syz
[ 1501.369658][T17086] usb 6-1: SerialNumber: syz
[ 1501.431353][T17086] usb 6-1: config 0 descriptor??
[ 1504.265292][T20201] netdevsim netdevsim2: loading /lib/firmware/. failed with error -22
[ 1504.277189][T20201] netdevsim netdevsim2: Direct firmware load for . failed with error -22
[ 1504.285899][T20201] netdevsim netdevsim2: Falling back to sysfs fallback for: .
[ 1505.291317][T16829] usb 6-1: USB disconnect, device number 66
[ 1505.696458][T20208] overlayfs: failed to resolve './file1': -2
[ 1505.878812][ T9714] usb 3-1: new high-speed USB device number 58 using dummy_hcd
[ 1506.258517][T20211] netlink: 12 bytes leftover after parsing attributes in process `syz.4.3841'.
[ 1506.277329][ T9714] usb 3-1: Using ep0 maxpacket: 8
[ 1506.287306][T20211] netlink: 8 bytes leftover after parsing attributes in process `syz.4.3841'.
[ 1506.305001][T20213] netlink: 16 bytes leftover after parsing attributes in process `syz.0.3843'.
[ 1506.320391][ T9714] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x8D has an invalid bInterval 42, changing to 9
[ 1506.342326][ T9714] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[ 1506.373073][ T9714] usb 3-1: config 0 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[ 1506.407182][ T9714] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x8B has invalid wMaxPacketSize 0
[ 1506.433411][ T9714] usb 3-1: config 0 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 0
[ 1506.677555][ T9714] usb 3-1: New USB device found, idVendor=05ac, idProduct=8215, bcdDevice=8f.58
[ 1506.696460][ T9714] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1506.710703][ T9714] usb 3-1: config 0 descriptor??
[ 1506.753271][T20223] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1506.773441][ T5853] Bluetooth: hci3: urb ffff888077f8ed00 submission failed (90)
[ 1507.001060][T20206] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1507.010147][T20206] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1508.469688][ T9714] usb 3-1: USB disconnect, device number 58
[ 1508.677215][  T981] usb 4-1: new high-speed USB device number 48 using dummy_hcd
[ 1508.868376][  T981] usb 4-1: Using ep0 maxpacket: 32
[ 1508.887601][  T981] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1508.899559][  T981] usb 4-1: config 0 has no interfaces?
[ 1508.912473][  T981] usb 4-1: New USB device found, idVendor=05ef, idProduct=020a, bcdDevice=91.36
[ 1508.939720][  T981] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1508.967336][  T981] usb 4-1: Product: syz
[ 1508.973521][  T981] usb 4-1: Manufacturer: syz
[ 1508.980580][  T981] usb 4-1: SerialNumber: syz
[ 1509.027673][  T981] usb 4-1: config 0 descriptor??
[ 1511.290608][T20261] netlink: 12 bytes leftover after parsing attributes in process `syz.0.3855'.
[ 1511.315820][T20261] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3855'.
[ 1511.409698][ T9714] usb 4-1: USB disconnect, device number 48
[ 1512.460867][T20277] tipc: Started in network mode
[ 1512.466137][T20277] tipc: Node identity 4, cluster identity 4711
[ 1512.472953][T20277] tipc: Node number set to 4
[ 1514.676914][  T981] usb 5-1: new high-speed USB device number 59 using dummy_hcd
[ 1514.947153][  T981] usb 5-1: Using ep0 maxpacket: 32
[ 1514.959380][  T981] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1515.020956][  T981] usb 5-1: config 0 has no interfaces?
[ 1515.062665][T20300] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[ 1515.064107][  T981] usb 5-1: New USB device found, idVendor=05ef, idProduct=020a, bcdDevice=91.36
[ 1515.302811][  T981] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1515.311778][  T981] usb 5-1: Product: syz
[ 1515.316029][  T981] usb 5-1: Manufacturer: syz
[ 1515.322683][  T981] usb 5-1: SerialNumber: syz
[ 1515.332047][  T981] usb 5-1: config 0 descriptor??
[ 1515.433673][T20306] Device name cannot be null; rc = [-22]
[ 1516.507772][T20317] overlayfs: failed to resolve './file0': -2
[ 1518.562866][ T9714] usb 5-1: USB disconnect, device number 59
[ 1518.783446][T20335] can0: slcan on ttyS3.
[ 1519.629868][T16829] usb 4-1: new high-speed USB device number 49 using dummy_hcd
[ 1519.729689][T20335] can0 (unregistered): slcan off ttyS3.
[ 1520.041313][T16829] usb 4-1: Using ep0 maxpacket: 32
[ 1520.406524][T16829] usb 4-1: config 0 has an invalid interface number: 239 but max is 0
[ 1520.441903][T16829] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1520.499946][T16829] usb 4-1: config 0 has no interface number 0
[ 1520.521607][T20344] vlan2: entered allmulticast mode
[ 1520.537159][T16829] usb 4-1: config 0 interface 239 altsetting 4 bulk endpoint 0x2 has invalid maxpacket 8
[ 1520.541833][T20344] macvtap0: entered allmulticast mode
[ 1520.573584][T20344] veth0_macvtap: entered allmulticast mode
[ 1520.591982][T16829] usb 4-1: config 0 interface 239 altsetting 4 endpoint 0x8 has invalid maxpacket 1023, setting to 64
[ 1520.626076][T16829] usb 4-1: config 0 interface 239 altsetting 4 has an endpoint descriptor with address 0xA9, changing to 0x89
[ 1520.638476][T16829] usb 4-1: config 0 interface 239 altsetting 4 endpoint 0x89 has invalid maxpacket 28648, setting to 1024
[ 1520.676725][T16829] usb 4-1: config 0 interface 239 altsetting 4 bulk endpoint 0x89 has invalid maxpacket 1024
[ 1520.714389][T16829] usb 4-1: config 0 interface 239 altsetting 4 has an endpoint descriptor with address 0xD5, changing to 0x85
[ 1520.758673][T16829] usb 4-1: config 0 interface 239 altsetting 4 endpoint 0x85 has an invalid bInterval 0, changing to 7
[ 1520.990028][T16829] usb 4-1: config 0 interface 239 altsetting 4 endpoint 0x85 has invalid wMaxPacketSize 0
[ 1521.001257][T16829] usb 4-1: config 0 interface 239 has no altsetting 0
[ 1521.024344][T16829] usb 4-1: New USB device found, idVendor=105b, idProduct=1799, bcdDevice=36.e9
[ 1521.033984][T16829] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1521.057145][T16829] usb 4-1: Product: syz
[ 1521.061379][T16829] usb 4-1: Manufacturer: syz
[ 1521.314849][T16829] usb 4-1: SerialNumber: syz
[ 1521.334444][T16829] usb 4-1: config 0 descriptor??
[ 1521.425268][T16829] usb 4-1: can't set config #0, error -71
[ 1521.448855][T16829] usb 4-1: USB disconnect, device number 49
[ 1522.386338][T20359] libceph: resolve '.
[ 1522.386338][T20359] #)|.��f��ǝ�a���2s�o�w���?�'�%ЏKAq�f��C���z�e�Sb3L)Hy�o����������Ǥ�Y�M�����h�E$
[ 1522.386338][T20359] ' (ret=-3): failed
[ 1523.113502][T20373] netlink: 'syz.5.3893': attribute type 10 has an invalid length.
[ 1523.230301][T20373] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1523.238549][T20373] FAULT_INJECTION: forcing a failure.
[ 1523.238549][T20373] name failslab, interval 1, probability 0, space 0, times 0
[ 1523.252829][T20373] CPU: 0 UID: 0 PID: 20373 Comm: syz.5.3893 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) 
[ 1523.252857][T20373] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[ 1523.252869][T20373] Call Trace:
[ 1523.252879][T20373]  <TASK>
[ 1523.252888][T20373]  dump_stack_lvl+0x189/0x250
[ 1523.252920][T20373]  ? __pfx____ratelimit+0x10/0x10
[ 1523.252945][T20373]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1523.252966][T20373]  ? __pfx__printk+0x10/0x10
[ 1523.253006][T20373]  should_fail_ex+0x414/0x560
[ 1523.253034][T20373]  should_failslab+0xa8/0x100
[ 1523.253050][T20373]  __kmalloc_noprof+0xcb/0x4f0
[ 1523.253062][T20373]  ? br_switchdev_mdb_populate+0x18c/0x3e0
[ 1523.253080][T20373]  ? switchdev_deferred_enqueue+0x2d/0x240
[ 1523.253098][T20373]  ? __pfx_switchdev_port_obj_del_deferred+0x10/0x10
[ 1523.253111][T20373]  switchdev_deferred_enqueue+0x2d/0x240
[ 1523.253128][T20373]  br_switchdev_mdb_notify+0x182/0x410
[ 1523.253145][T20373]  ? br_stp_disable_bridge+0x81/0x150
[ 1523.253164][T20373]  ? __pfx_br_switchdev_mdb_notify+0x10/0x10
[ 1523.253184][T20373]  ? rhashtable_lookup+0x6cf/0x800
[ 1523.253200][T20373]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1523.253220][T20373]  ? __pfx_rhashtable_lookup+0x10/0x10
[ 1523.253241][T20373]  __br_mdb_notify+0x73/0x970
[ 1523.253264][T20373]  br_multicast_del_pg+0x47b/0xc20
[ 1523.253285][T20373]  ? br_multicast_find_del_pg+0x11e/0x150
[ 1523.253300][T20373]  __br_multicast_disable_port_ctx+0x22c/0x680
[ 1523.253319][T20373]  ? __pfx___br_multicast_disable_port_ctx+0x10/0x10
[ 1523.253332][T20373]  ? do_raw_spin_lock+0x121/0x290
[ 1523.253347][T20373]  ? br_multicast_toggle_port+0xce/0x6b0
[ 1523.253361][T20373]  ? __pfx_do_raw_spin_lock+0x10/0x10
[ 1523.253376][T20373]  ? __local_bh_enable_ip+0x12d/0x1c0
[ 1523.253389][T20373]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1523.253404][T20373]  ? br_multicast_toggle_port+0xce/0x6b0
[ 1523.253418][T20373]  br_multicast_toggle_port+0x222/0x6b0
[ 1523.253434][T20373]  br_stp_disable_port+0x12a/0x1d0
[ 1523.253455][T20373]  br_stp_disable_bridge+0x81/0x150
[ 1523.253488][T20373]  br_dev_stop+0x2d/0x180
[ 1523.253503][T20373]  ? __pfx_br_dev_stop+0x10/0x10
[ 1523.253521][T20373]  __dev_close_many+0x364/0x6f0
[ 1523.253541][T20373]  ? __pfx___dev_close_many+0x10/0x10
[ 1523.253563][T20373]  __dev_change_flags+0x2c7/0x6d0
[ 1523.253584][T20373]  ? finish_task_switch+0x266/0x950
[ 1523.253602][T20373]  ? __pfx___dev_change_flags+0x10/0x10
[ 1523.253622][T20373]  ? rcu_is_watching+0x15/0xb0
[ 1523.253639][T20373]  netif_change_flags+0x88/0x1a0
[ 1523.253661][T20373]  do_setlink+0xc55/0x41c0
[ 1523.253697][T20373]  ? preempt_schedule_common+0x83/0xd0
[ 1523.253725][T20373]  ? __pfx_do_setlink+0x10/0x10
[ 1523.253744][T20373]  ? bpf_trace_run2+0x322/0x4b0
[ 1523.253770][T20373]  ? __bpf_trace_contention_begin+0xcd/0x130
[ 1523.253785][T20373]  ? preempt_schedule+0xae/0xc0
[ 1523.253799][T20373]  ? preempt_schedule_common+0x83/0xd0
[ 1523.253811][T20373]  ? preempt_schedule+0xae/0xc0
[ 1523.253822][T20373]  ? __pfx_preempt_schedule+0x10/0x10
[ 1523.253833][T20373]  ? __mutex_trylock_common+0x153/0x260
[ 1523.253850][T20373]  ? __pfx___mutex_trylock_common+0x10/0x10
[ 1523.253866][T20373]  ? preempt_schedule_thunk+0x16/0x30
[ 1523.253887][T20373]  ? __mutex_lock+0x344/0xe80
[ 1523.253907][T20373]  ? rtnl_newlink+0x8db/0x1c70
[ 1523.253922][T20373]  ? rcu_is_watching+0x15/0xb0
[ 1523.253935][T20373]  ? __pfx___mutex_lock+0x10/0x10
[ 1523.253955][T20373]  ? ns_capable+0x8a/0xf0
[ 1523.253969][T20373]  ? rtnl_link_get_net_capable+0x16a/0x350
[ 1523.253989][T20373]  rtnl_newlink+0x160b/0x1c70
[ 1523.254013][T20373]  ? __pfx_rtnl_newlink+0x10/0x10
[ 1523.254028][T20373]  ? __pfx___schedule+0x10/0x10
[ 1523.254051][T20373]  ? preempt_schedule+0xae/0xc0
[ 1523.254061][T20373]  ? __dev_queue_xmit+0x27e/0x3a70
[ 1523.254074][T20373]  ? preempt_schedule_common+0x83/0xd0
[ 1523.254087][T20373]  ? preempt_schedule+0xae/0xc0
[ 1523.254099][T20373]  ? __pfx_preempt_schedule+0x10/0x10
[ 1523.254112][T20373]  ? preempt_schedule_notrace_thunk+0x16/0x30
[ 1523.254132][T20373]  ? preempt_schedule_thunk+0x16/0x30
[ 1523.254153][T20373]  ? __local_bh_enable_ip+0x13e/0x1c0
[ 1523.254166][T20373]  ? __pfx___local_bh_enable_ip+0x10/0x10
[ 1523.254181][T20373]  ? __dev_queue_xmit+0x27e/0x3a70
[ 1523.254194][T20373]  ? __dev_queue_xmit+0x27e/0x3a70
[ 1523.254205][T20373]  ? __dev_queue_xmit+0x27e/0x3a70
[ 1523.254218][T20373]  ? __dev_queue_xmit+0x1cd7/0x3a70
[ 1523.254234][T20373]  ? __lock_acquire+0xab9/0xd20
[ 1523.254260][T20373]  ? __pfx_rtnl_newlink+0x10/0x10
[ 1523.254275][T20373]  rtnetlink_rcv_msg+0x7cc/0xb70
[ 1523.254290][T20373]  ? irqentry_exit+0x74/0x90
[ 1523.254304][T20373]  ? rtnetlink_rcv_msg+0x1ab/0xb70
[ 1523.254319][T20373]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[ 1523.254339][T20373]  ? __pfx_rcu_preempt_deferred_qs_irqrestore+0x10/0x10
[ 1523.254362][T20373]  netlink_rcv_skb+0x205/0x470
[ 1523.254379][T20373]  ? rcu_is_watching+0x15/0xb0
[ 1523.254392][T20373]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[ 1523.254408][T20373]  ? __pfx_netlink_rcv_skb+0x10/0x10
[ 1523.254433][T20373]  ? netlink_deliver_tap+0x2e/0x1b0
[ 1523.254454][T20373]  netlink_unicast+0x75c/0x8e0
[ 1523.254485][T20373]  netlink_sendmsg+0x805/0xb30
[ 1523.254507][T20373]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 1523.254529][T20373]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[ 1523.254542][T20373]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 1523.254559][T20373]  __sock_sendmsg+0x21c/0x270
[ 1523.254577][T20373]  ____sys_sendmsg+0x505/0x830
[ 1523.254599][T20373]  ? __pfx_____sys_sendmsg+0x10/0x10
[ 1523.254623][T20373]  ? import_iovec+0x74/0xa0
[ 1523.254642][T20373]  ___sys_sendmsg+0x21f/0x2a0
[ 1523.254665][T20373]  ? __pfx____sys_sendmsg+0x10/0x10
[ 1523.254730][T20373]  ? __fget_files+0x2a/0x420
[ 1523.254745][T20373]  ? __fget_files+0x3a0/0x420
[ 1523.254765][T20373]  __x64_sys_sendmsg+0x19b/0x260
[ 1523.254782][T20373]  ? schedule+0x165/0x360
[ 1523.254794][T20373]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[ 1523.254819][T20373]  ? rcu_is_watching+0x15/0xb0
[ 1523.254835][T20373]  ? do_syscall_64+0xbe/0x3b0
[ 1523.254851][T20373]  do_syscall_64+0xfa/0x3b0
[ 1523.254866][T20373]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1523.254877][T20373]  ? asm_sysvec_reschedule_ipi+0x1a/0x20
[ 1523.254889][T20373]  ? clear_bhb_loop+0x60/0xb0
[ 1523.254904][T20373]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1523.254916][T20373] RIP: 0033:0x7fa7ead8eb69
[ 1523.254930][T20373] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1523.254941][T20373] RSP: 002b:00007fa7ebcb7038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 1523.254956][T20373] RAX: ffffffffffffffda RBX: 00007fa7eafb5fa0 RCX: 00007fa7ead8eb69
[ 1523.254965][T20373] RDX: 0000000000000000 RSI: 0000200000000040 RDI: 0000000000000003
[ 1523.254974][T20373] RBP: 00007fa7ebcb7090 R08: 0000000000000000 R09: 0000000000000000
[ 1523.254981][T20373] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 1523.254989][T20373] R13: 0000000000000000 R14: 00007fa7eafb5fa0 R15: 00007ffd06eff398
[ 1523.255008][T20373]  </TASK>
[ 1523.255257][T20373] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1523.975429][T20373] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1523.983341][T20373] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1523.991279][T20373] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1523.998623][T20373] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1524.087455][T20373] bond0: (slave bridge0): Enslaving as an active interface with an up link
[ 1524.197188][T17086] usb 5-1: new high-speed USB device number 60 using dummy_hcd
[ 1524.278361][T20368] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3892'.
[ 1524.293423][   T30] audit: type=1326 audit(1754168965.795:495): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=20377 comm="syz.2.3896" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f89e098eb69 code=0x0
[ 1524.370141][T17086] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1524.383327][T17086] usb 5-1: New USB device found, idVendor=05ac, idProduct=0241, bcdDevice= 0.00
[ 1524.400147][T17086] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1524.416662][T17086] usb 5-1: config 0 descriptor??
[ 1524.641973][T20374] netlink: 8 bytes leftover after parsing attributes in process `syz.4.3894'.
[ 1524.672237][T20374] netlink: 20 bytes leftover after parsing attributes in process `syz.4.3894'.
[ 1524.912487][T17086] apple 0003:05AC:0241.0018: reserved main item tag 0xe
[ 1525.868079][T17086] apple 0003:05AC:0241.0018: hidraw0: USB HID v0.00 Device [HID 05ac:0241] on usb-dummy_hcd.4-1/input0
[ 1525.915133][T20393] netlink: 'syz.0.3898': attribute type 1 has an invalid length.
[ 1525.927312][T17086] usb 5-1: USB disconnect, device number 60
[ 1526.057777][T20393] netlink: 224 bytes leftover after parsing attributes in process `syz.0.3898'.
[ 1529.313498][T20423] netlink: 88 bytes leftover after parsing attributes in process `syz.5.3908'.
[ 1529.333796][T20424] netlink: 36 bytes leftover after parsing attributes in process `syz.5.3908'.
[ 1529.509873][T20428] libceph: resolve '.
[ 1529.509873][T20428] #)|.��f��ǝ�a���2s�o�w���?�'�%ЏKAq�f��C���z�e�Sb3L)Hy�o����������Ǥ�Y�M�����h�E$
[ 1529.509873][T20428] ' (ret=-3): failed
[ 1530.289543][   T10] usb 5-1: new high-speed USB device number 61 using dummy_hcd
[ 1530.487304][   T10] usb 5-1: Using ep0 maxpacket: 16
[ 1530.808166][ T9714] usb 4-1: new low-speed USB device number 50 using dummy_hcd
[ 1530.819910][T20439] netdevsim netdevsim5: loading /lib/firmware/. failed with error -22
[ 1530.829689][T20439] netdevsim netdevsim5: Direct firmware load for . failed with error -22
[ 1530.842805][T20439] netdevsim netdevsim5: Falling back to sysfs fallback for: .
[ 1531.008996][ T9714] usb 4-1: Invalid ep0 maxpacket: 16
[ 1531.319556][ T9714] usb 4-1: new low-speed USB device number 51 using dummy_hcd
[ 1531.987376][ T9714] usb 4-1: Invalid ep0 maxpacket: 16
[ 1532.001038][ T9714] usb usb4-port1: attempt power cycle
[ 1532.130384][   T10] usb 5-1: unable to get BOS descriptor or descriptor too short
[ 1532.145941][   T10] usb 5-1: unable to read config index 0 descriptor/start: -71
[ 1532.155733][   T10] usb 5-1: can't read configurations, error -71
[ 1532.357259][ T9714] usb 4-1: new low-speed USB device number 52 using dummy_hcd
[ 1532.531014][T20457] netlink: 48 bytes leftover after parsing attributes in process `syz.2.3916'.
[ 1533.016934][T20458] netlink: 129704 bytes leftover after parsing attributes in process `syz.2.3916'.
[ 1533.363116][ T9714] usb 4-1: device not accepting address 52, error -71
[ 1534.634422][   T10] usb 3-1: new full-speed USB device number 59 using dummy_hcd
[ 1535.011209][   T10] usb 3-1: config 252 has an invalid interface number: 191 but max is 0
[ 1535.020505][   T10] usb 3-1: config 252 has no interface number 0
[ 1535.030741][   T10] usb 3-1: New USB device found, idVendor=054c, idProduct=0069, bcdDevice=6d.6f
[ 1535.054789][ T5953] usb 5-1: new high-speed USB device number 63 using dummy_hcd
[ 1535.067330][   T10] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1535.113975][T20478] netdevsim netdevsim5: loading /lib/firmware/. failed with error -22
[ 1535.123350][T20478] netdevsim netdevsim5: Direct firmware load for . failed with error -22
[ 1535.132559][T20478] netdevsim netdevsim5: Falling back to sysfs fallback for: .
[ 1535.935651][   T10] usb 3-1: Product: syz
[ 1535.940429][   T10] usb 3-1: Manufacturer: syz
[ 1535.945138][   T10] usb 3-1: SerialNumber: syz
[ 1535.963520][   T10] usb-storage 3-1:252.191: USB Mass Storage device detected
[ 1535.976542][   T10] usb-storage 3-1:252.191: Quirks match for vid 054c pid 0069: 1
[ 1536.009343][ T5953] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1536.024353][ T5953] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1536.059161][ T5953] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[ 1536.103946][ T5953] usb 5-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[ 1536.124059][ T5953] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1536.142849][ T5953] usb 5-1: config 0 descriptor??
[ 1536.229653][T20471] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1536.266907][T20471] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1536.291484][T20498] IPVS: sync thread started: state = MASTER, mcast_ifn = hsr0, syncid = 4, id = 0
[ 1536.305128][T20497] 9pnet_fd: Insufficient options for proto=fd
[ 1536.315126][   T10] usb 3-1: USB disconnect, device number 59
[ 1536.689666][ T5953] plantronics 0003:047F:FFFF.0019: reserved main item tag 0xd
[ 1536.714265][ T5953] plantronics 0003:047F:FFFF.0019: unknown main item tag 0x0
[ 1536.725051][ T5953] plantronics 0003:047F:FFFF.0019: unknown main item tag 0x0
[ 1537.537624][ T9714] usb 6-1: new low-speed USB device number 67 using dummy_hcd
[ 1537.558895][ T5953] plantronics 0003:047F:FFFF.0019: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.4-1/input0
[ 1537.595152][ T5953] usb 5-1: USB disconnect, device number 63
[ 1537.709734][ T9714] usb 6-1: config 32 has 1 interface, different from the descriptor's value: 2
[ 1537.725391][ T9714] usb 6-1: config 32 interface 0 altsetting 0 endpoint 0x85 has an invalid bInterval 0, changing to 10
[ 1537.757369][ T9714] usb 6-1: config 32 interface 0 altsetting 0 endpoint 0x85 has invalid wMaxPacketSize 0
[ 1537.770690][T20523] netlink: 304 bytes leftover after parsing attributes in process `syz.3.3935'.
[ 1538.895295][ T9714] usb 6-1: New USB device found, idVendor=19b5, idProduct=0021, bcdDevice=98.c7
[ 1539.509621][ T9714] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1539.691200][T20540] overlay: filesystem on ./file1 not supported
[ 1540.289613][T20542] netdevsim netdevsim4: loading /lib/firmware/. failed with error -22
[ 1540.298590][T20542] netdevsim netdevsim4: Direct firmware load for . failed with error -22
[ 1540.310588][T20542] netdevsim netdevsim4: Falling back to sysfs fallback for: .
[ 1540.937908][ T9714] usb 6-1: string descriptor 0 read error: -71
[ 1541.193316][T20548] overlay: filesystem on ./file1 not supported
[ 1541.344682][ T9714] usb 6-1: USB disconnect, device number 67
[ 1542.807258][T16829] usb 3-1: new high-speed USB device number 60 using dummy_hcd
[ 1542.884208][T20568] tipc: Enabled bearer <eth:team0>, priority 10
[ 1543.153928][T16829] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1543.167352][T16829] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1543.201829][T16829] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[ 1543.235260][T16829] usb 3-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[ 1543.407293][T16829] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1544.140301][T16829] usb 3-1: config 0 descriptor??
[ 1544.710310][T16829] plantronics 0003:047F:FFFF.001A: reserved main item tag 0xd
[ 1544.718085][T16829] plantronics 0003:047F:FFFF.001A: unknown main item tag 0x0
[ 1544.725628][T16829] plantronics 0003:047F:FFFF.001A: unknown main item tag 0x0
[ 1544.744403][T16829] plantronics 0003:047F:FFFF.001A: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.2-1/input0
[ 1544.921657][T20581] netlink: 8 bytes leftover after parsing attributes in process `syz.5.3949'.
[ 1544.931563][T20581] netlink: 4 bytes leftover after parsing attributes in process `syz.5.3949'.
[ 1545.378820][T16829] usb 3-1: USB disconnect, device number 60
[ 1545.590046][T20585] netdevsim netdevsim0: loading /lib/firmware/. failed with error -22
[ 1545.600024][T20585] netdevsim netdevsim0: Direct firmware load for . failed with error -22
[ 1545.609057][T20585] netdevsim netdevsim0: Falling back to sysfs fallback for: .
[ 1546.172885][ T5953] IPVS: starting estimator thread 0...
[ 1546.267066][ T1301] ieee802154 phy0 wpan0: encryption failed: -22
[ 1546.347761][T20597] IPVS: using max 25 ests per chain, 60000 per kthread
[ 1546.759100][T20610] netlink: 24 bytes leftover after parsing attributes in process `syz.2.3957'.
[ 1547.050735][T20590] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[ 1550.254523][T20641] netdevsim netdevsim4: loading /lib/firmware/. failed with error -22
[ 1550.264528][T20641] netdevsim netdevsim4: Direct firmware load for . failed with error -22
[ 1550.273683][T20641] netdevsim netdevsim4: Falling back to sysfs fallback for: .
[ 1551.025196][T20661] lo speed is unknown, defaulting to 1000
[ 1551.032064][T20661] lo speed is unknown, defaulting to 1000
[ 1551.043835][T20661] lo speed is unknown, defaulting to 1000
[ 1551.144375][T20661] infiniband syz0: RDMA CMA: cma_listen_on_dev, error -98
[ 1551.312504][ T9714] usb 6-1: new high-speed USB device number 68 using dummy_hcd
[ 1551.378411][T20661] lo speed is unknown, defaulting to 1000
[ 1551.398627][T20661] lo speed is unknown, defaulting to 1000
[ 1551.419610][T20661] lo speed is unknown, defaulting to 1000
[ 1551.441103][T20661] lo speed is unknown, defaulting to 1000
[ 1551.460057][T20661] lo speed is unknown, defaulting to 1000
[ 1551.481573][T20661] lo speed is unknown, defaulting to 1000
[ 1551.789748][ T9714] usb 6-1: config 1 interface 0 altsetting 3 endpoint 0x81 has an invalid bInterval 255, changing to 11
[ 1551.904481][ T9714] usb 6-1: config 1 interface 0 has no altsetting 0
[ 1551.995756][ T9714] usb 6-1: New USB device found, idVendor=0dfc, idProduct=0102, bcdDevice= 0.40
[ 1552.107611][ T9714] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1552.134114][ T9714] usb 6-1: Product: syz
[ 1552.158233][ T9714] usb 6-1: Manufacturer: 𢡄ꎱ珁ꐊ淓섖閳ժ鸃苫뉢矎ꖨベ쟪澂噲䰉犯⡁㔖錵谛꣼綉찟⟄弌肃埋䟋䟃㺴﷯茵隭藄竑趁䒛쐮闝ι⭧ꔕ䅑䜹ﺘঋ涱胺ࡊ樥욤㮁鹣䒡凥䏈ﹿ䗎梁鿼♙㾫㟇ﲱྷ萤澩㒉蟈Ἑ뮩츈졘誹轂Ⳮ맘猢ㅒ巤峌免抲蟯⋯厏쒰眪䠱쒘愲ꙭ
[ 1552.250667][T20665] overlay: filesystem on ./file1 not supported
[ 1552.454526][ T9714] usb 6-1: SerialNumber: syz
[ 1553.412355][T20672] Bluetooth: hci0: invalid length 0, exp 2 for type 10
[ 1553.555616][T20677] 9pnet_fd: Insufficient options for proto=fd
[ 1553.664213][ T9714] usbhid 6-1:1.0: can't add hid device: -71
[ 1553.670751][ T9714] usbhid 6-1:1.0: probe with driver usbhid failed with error -71
[ 1553.683666][ T9714] usb 6-1: USB disconnect, device number 68
[ 1560.466579][T20698] netdevsim netdevsim0: loading /lib/firmware/. failed with error -22
[ 1560.489209][T20698] netdevsim netdevsim0: Direct firmware load for . failed with error -22
[ 1560.534195][T20698] netdevsim netdevsim0: Falling back to sysfs fallback for: .
[ 1561.007505][ T9714] usb 4-1: new high-speed USB device number 54 using dummy_hcd
[ 1561.303162][ T9714] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1561.314568][ T9714] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1561.326261][ T9714] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[ 1561.340630][ T9714] usb 4-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[ 1561.351327][ T9714] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1561.696417][ T9714] usb 4-1: config 0 descriptor??
[ 1562.185569][ T9714] plantronics 0003:047F:FFFF.001B: reserved main item tag 0xd
[ 1562.917115][ T9714] plantronics 0003:047F:FFFF.001B: unknown main item tag 0x0
[ 1562.936771][ T9714] plantronics 0003:047F:FFFF.001B: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.3-1/input0
[ 1562.954140][ T9714] usb 4-1: USB disconnect, device number 54
[ 1563.037564][T20724] netlink: 28 bytes leftover after parsing attributes in process `syz.0.3993'.
[ 1563.047260][T20724] netlink: 28 bytes leftover after parsing attributes in process `syz.0.3993'.
[ 1563.105847][T20727] nfs: Deprecated parameter 'nointr'
[ 1563.164533][T20731] sch_tbf: burst 0 is lower than device veth1_to_bridge mtu (1514) !
[ 1563.318405][ T5953] usb 6-1: new high-speed USB device number 69 using dummy_hcd
[ 1563.949621][ T5953] usb 6-1: New USB device found, idVendor=1645, idProduct=0008, bcdDevice=cf.36
[ 1563.960253][ T5953] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1564.012057][ T5953] usb 6-1: config 0 descriptor??
[ 1564.386283][T20744] netdevsim netdevsim2: loading /lib/firmware/. failed with error -22
[ 1564.395732][T20744] netdevsim netdevsim2: Direct firmware load for . failed with error -22
[ 1564.404539][T20744] netdevsim netdevsim2: Falling back to sysfs fallback for: .
[ 1564.478847][ T5953] kaweth 6-1:0.0: Firmware present in device.
[ 1565.024021][ T5953] kaweth 6-1:0.0: Error reading configuration (-71), no net device created
[ 1565.080211][ T5953] kaweth 6-1:0.0: probe with driver kaweth failed with error -5
[ 1565.126765][ T5953] usb 6-1: USB disconnect, device number 69
[ 1565.355004][T20758] ubi: mtd0 is already attached to ubi31
[ 1565.551844][T20762] netlink: 8 bytes leftover after parsing attributes in process `syz.5.4003'.
[ 1565.561326][T20762] netlink: 660 bytes leftover after parsing attributes in process `syz.5.4003'.
[ 1566.724526][T20771] misc userio: Invalid payload size
[ 1566.731587][T20771] misc userio: Invalid payload size
[ 1566.749012][T20771] misc userio: The device must be registered before sending interrupts
[ 1567.577393][T20775] nfs: Deprecated parameter 'nointr'
[ 1567.619220][   T30] audit: type=1326 audit(1754169009.125:496): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=20772 comm="syz.5.4006" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fa7ead8eb69 code=0x0
[ 1568.510059][   T44] usb 3-1: new high-speed USB device number 61 using dummy_hcd
[ 1568.754786][   T44] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1568.849232][T20802] Bluetooth: hci0: invalid length 0, exp 2 for type 10
[ 1568.867076][   T44] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1568.908984][   T44] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[ 1569.107090][   T44] usb 3-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[ 1569.149798][T20803] netdevsim netdevsim5: loading /lib/firmware/. failed with error -22
[ 1569.158468][T20803] netdevsim netdevsim5: Direct firmware load for . failed with error -22
[ 1569.168371][T20803] netdevsim netdevsim5: Falling back to sysfs fallback for: .
[ 1569.333230][   T44] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1569.524764][   T44] usb 3-1: config 0 descriptor??
[ 1569.957182][   T44] plantronics 0003:047F:FFFF.001C: reserved main item tag 0xd
[ 1569.973781][   T44] plantronics 0003:047F:FFFF.001C: unknown main item tag 0x0
[ 1570.093649][   T44] plantronics 0003:047F:FFFF.001C: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.2-1/input0
[ 1570.213789][   T44] usb 3-1: USB disconnect, device number 61
[ 1571.137451][T16829] usb 6-1: new high-speed USB device number 70 using dummy_hcd
[ 1571.297370][T16829] usb 6-1: Using ep0 maxpacket: 16
[ 1571.547707][T20836] nfs: Deprecated parameter 'nointr'
[ 1571.746331][T20840] Bluetooth: hci0: invalid length 0, exp 2 for type 10
[ 1573.277714][T20861] netdevsim netdevsim4: loading /lib/firmware/. failed with error -22
[ 1573.286371][T20861] netdevsim netdevsim4: Direct firmware load for . failed with error -22
[ 1573.295679][T20861] netdevsim netdevsim4: Falling back to sysfs fallback for: .
[ 1575.667566][T16829] usb 6-1: unable to get BOS descriptor or descriptor too short
[ 1575.707414][T16829] usb 6-1: unable to read config index 0 descriptor/start: -71
[ 1575.715071][T16829] usb 6-1: can't read configurations, error -71
[ 1575.937346][  T981] usb 5-1: new high-speed USB device number 65 using dummy_hcd
[ 1576.559880][  T981] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1576.667132][  T981] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1576.724709][  T981] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[ 1576.763316][  T981] usb 5-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[ 1576.917233][T20884] netlink: 16 bytes leftover after parsing attributes in process `syz.2.4037'.
[ 1578.084344][  T981] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1578.100512][  T981] usb 5-1: config 0 descriptor??
[ 1578.134887][  T981] usb 5-1: can't set config #0, error -71
[ 1578.160847][  T981] usb 5-1: USB disconnect, device number 65
[ 1579.121916][   T36] bridge_slave_1: left allmulticast mode
[ 1579.160590][   T36] bridge_slave_1: left promiscuous mode
[ 1579.205874][   T36] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1579.327296][   T36] bridge_slave_0: left allmulticast mode
[ 1579.356215][   T36] bridge_slave_0: left promiscuous mode
[ 1579.388433][   T36] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1581.654525][   T36] tipc: Resetting bearer <eth:gre0>
[ 1582.396626][   T36] tipc: Disabling bearer <eth:gre0>
[ 1582.828034][   T36] bond0 (unregistering): (slave bridge0): Releasing backup interface
[ 1582.841659][   T36] bridge0 (unregistering): left promiscuous mode
[ 1584.009832][T20936] netlink: 16 bytes leftover after parsing attributes in process `syz.2.4049'.
[ 1584.033015][T16829] usb 6-1: new high-speed USB device number 72 using dummy_hcd
[ 1584.244798][T16829] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1584.275874][T16829] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1584.291434][   T36] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 1584.327219][   T36] bond_slave_0: left promiscuous mode
[ 1584.339955][T16829] usb 6-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[ 1584.416111][   T36] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 1584.433056][T16829] usb 6-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[ 1584.471516][   T36] bond_slave_1: left promiscuous mode
[ 1584.489924][T16829] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1584.528531][   T36] bond0 (unregistering): Released all slaves
[ 1584.666571][T16829] usb 6-1: config 0 descriptor??
[ 1585.306192][T20904] netdevsim netdevsim4: loading /lib/firmware/. failed with error -22
[ 1585.327408][T20904] netdevsim netdevsim4: Direct firmware load for . failed with error -22
[ 1585.336017][T20904] netdevsim netdevsim4: Falling back to sysfs fallback for: .
[ 1585.353378][T16829] plantronics 0003:047F:FFFF.001D: reserved main item tag 0xd
[ 1585.422156][T16829] plantronics 0003:047F:FFFF.001D: unknown main item tag 0x0
[ 1585.604397][   T36] : left promiscuous mode
[ 1585.607760][T16829] plantronics 0003:047F:FFFF.001D: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.5-1/input0
[ 1586.331432][T16829] usb 6-1: USB disconnect, device number 72
[ 1586.536615][   T36] tipc: Disabling bearer <eth:team0>
[ 1586.851175][   T36] tipc: Disabling bearer <eth:vlan0>
[ 1586.968374][T20959] nfs: Deprecated parameter 'nointr'
[ 1587.215265][   T36] tipc: Left network mode
[ 1589.307112][   T36] dummy0: left promiscuous mode
[ 1589.347323][   T36] team0: left promiscuous mode
[ 1589.356326][   T36] team_slave_0: left promiscuous mode
[ 1589.410591][   T36] team_slave_1: left promiscuous mode
[ 1589.435821][T20988] hugetlbfs: syz.0.4060 (20988): Using mlock ulimits for SHM_HUGETLB is obsolete
[ 1590.112987][   T36] hsr_slave_0: left promiscuous mode
[ 1590.119429][   T36] hsr_slave_1: left promiscuous mode
[ 1590.129048][   T36] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[ 1590.136764][   T36] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 1590.145432][   T36] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[ 1590.153481][   T36] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 1590.423778][   T36] veth1_macvtap: left promiscuous mode
[ 1590.445885][   T36] veth0_macvtap: left promiscuous mode
[ 1590.485489][   T36] veth1_vlan: left promiscuous mode
[ 1590.517399][   T36] veth0_vlan: left promiscuous mode
[ 1590.851340][T20993] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1593.390822][T21009] netlink: 16 bytes leftover after parsing attributes in process `syz.4.4064'.
[ 1595.073794][   T10] usb 4-1: new high-speed USB device number 55 using dummy_hcd
[ 1595.385674][   T36] team0 (unregistering): Port device team_slave_1 removed
[ 1595.393593][   T10] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1595.465460][   T10] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1595.544474][   T36] team0 (unregistering): Port device team_slave_0 removed
[ 1595.666851][   T10] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[ 1595.703137][   T10] usb 4-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[ 1595.715242][   T10] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1595.752724][   T10] usb 4-1: config 0 descriptor??
[ 1595.854154][T21017] nfs: Deprecated parameter 'nointr'
[ 1596.170896][   T10] plantronics 0003:047F:FFFF.001E: reserved main item tag 0xd
[ 1596.181082][   T10] plantronics 0003:047F:FFFF.001E: unknown main item tag 0x0
[ 1596.499502][   T10] plantronics 0003:047F:FFFF.001E: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.3-1/input0
[ 1596.647720][   T10] usb 4-1: USB disconnect, device number 55
[ 1597.360024][T20998] netdevsim netdevsim5: loading /lib/firmware/. failed with error -22
[ 1597.377772][T21026] netlink: 'syz.3.4070': attribute type 7 has an invalid length.
[ 1597.430093][T20998] netdevsim netdevsim5: Direct firmware load for . failed with error -22
[ 1597.446593][T20998] netdevsim netdevsim5: Falling back to sysfs fallback for: .
[ 1600.161486][T21049] No control pipe specified
[ 1600.774447][   T36] IPVS: stop unused estimator thread 0...
[ 1600.856143][T21054] No control pipe specified
[ 1601.465864][T21057] libceph: resolve '.
[ 1601.465864][T21057] #)|.��f��ǝ�a���2s�o�w���?�'�%ЏKAq�f��C���z�e�Sb3L)Hy�o����������Ǥ�Y�M�����h�E$
[ 1601.465864][T21057] ' (ret=-3): failed
[ 1601.758726][T21063] sctp: [Deprecated]: syz.5.4081 (pid 21063) Use of int in max_burst socket option deprecated.
[ 1601.758726][T21063] Use struct sctp_assoc_value instead
[ 1601.850896][T21063] tipc: Enabling of bearer <udp:syz0> rejected, failed to enable media
[ 1601.933500][T16829] usb 4-1: new high-speed USB device number 56 using dummy_hcd
[ 1602.511884][T21072] netdevsim netdevsim4: loading /lib/firmware/. failed with error -22
[ 1602.520784][T21072] netdevsim netdevsim4: Direct firmware load for . failed with error -22
[ 1602.529863][T21072] netdevsim netdevsim4: Falling back to sysfs fallback for: .
[ 1602.765429][T16829] usb 4-1: Using ep0 maxpacket: 16
[ 1602.936872][T16829] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1602.986280][T16829] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1603.004204][T16829] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9
[ 1603.186515][T21078] netlink: 8 bytes leftover after parsing attributes in process `syz.5.4084'.
[ 1603.234394][T16829] usb 4-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00
[ 1603.901413][T16829] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1603.959802][T16829] usb 4-1: config 0 descriptor??
[ 1605.134685][T16829] usbhid 4-1:0.0: can't add hid device: -71
[ 1605.142874][T16829] usbhid 4-1:0.0: probe with driver usbhid failed with error -71
[ 1605.171555][T16829] usb 4-1: USB disconnect, device number 56
[ 1607.704020][ T1301] ieee802154 phy0 wpan0: encryption failed: -22
[ 1607.967417][T21113] netdevsim netdevsim5: loading /lib/firmware/. failed with error -22
[ 1607.976617][T21113] netdevsim netdevsim5: Direct firmware load for . failed with error -22
[ 1607.985763][T21113] netdevsim netdevsim5: Falling back to sysfs fallback for: .
[ 1608.002805][T21102] binder: 21101:21102 ioctl c0306201 200000000000 returned -14
[ 1610.495242][T21134] usb usb1: usbfs: process 21134 (syz.3.4098) did not claim interface 0 before use
[ 1611.163222][T21135] netlink: 8 bytes leftover after parsing attributes in process `syz.5.4100'.
[ 1614.800099][T21166] (unnamed net_device) (uninitialized): option arp_validate: invalid value (18446744073709551614)
[ 1614.857265][ T9714] usb 3-1: new high-speed USB device number 62 using dummy_hcd
[ 1614.873457][T21163] fuse: root generation should be zero
[ 1615.031583][ T9714] usb 3-1: config 0 has no interfaces?
[ 1615.113196][ T9714] usb 3-1: New USB device found, idVendor=10fd, idProduct=1513, bcdDevice=7e.ce
[ 1615.128742][   T44] usb 6-1: new high-speed USB device number 73 using dummy_hcd
[ 1615.174279][ T9714] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1615.189860][ T9714] usb 3-1: Product: syz
[ 1615.194165][ T9714] usb 3-1: Manufacturer: syz
[ 1615.198927][ T9714] usb 3-1: SerialNumber: syz
[ 1615.297443][   T44] usb 6-1: Using ep0 maxpacket: 8
[ 1615.305116][   T44] usb 6-1: New USB device found, idVendor=0403, idProduct=f0c8, bcdDevice= 2.56
[ 1615.324436][ T9714] usb 3-1: config 0 descriptor??
[ 1615.434208][   T44] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1615.546894][   T44] usb 6-1: config 0 descriptor??
[ 1615.574569][   T44] ftdi_sio 6-1:0.0: FTDI USB Serial Device converter detected
[ 1615.616618][T21160] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1615.626663][   T44] ftdi_sio ttyUSB0: unknown device type: 0x256
[ 1615.646169][T21160] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1615.700055][T21160] netlink: 12 bytes leftover after parsing attributes in process `syz.2.4108'.
[ 1615.720066][T21160] vlan3: entered promiscuous mode
[ 1615.798796][ T9714] usb 3-1: USB disconnect, device number 62
[ 1616.137339][T21152] netlink: 12 bytes leftover after parsing attributes in process `syz.4.4106'.
[ 1617.493810][T21199] nfs: Deprecated parameter 'nointr'
[ 1617.850871][T16830] usb 6-1: USB disconnect, device number 73
[ 1617.940886][T16830] ftdi_sio 6-1:0.0: device disconnected
[ 1618.001825][T21208] gtp0: entered promiscuous mode
[ 1618.009470][T21208] gtp0: entered allmulticast mode
[ 1619.309605][T21231] loop5: detected capacity change from 0 to 703
[ 1619.449358][ T9714] usb 5-1: new high-speed USB device number 66 using dummy_hcd
[ 1619.617220][ T9714] usb 5-1: Using ep0 maxpacket: 8
[ 1619.721950][ T9714] usb 5-1: unable to get BOS descriptor or descriptor too short
[ 1619.972467][ T9714] usb 5-1: too many endpoints for config 4 interface 0 altsetting 102: 65, using maximum allowed: 30
[ 1619.973876][T21231] loop5: detected capacity change from 703 to 2759
[ 1620.264024][ T9714] usb 5-1: config 4 interface 0 altsetting 102 has 0 endpoint descriptors, different from the interface descriptor's value: 65
[ 1620.615450][ T9714] usb 5-1: config 4 interface 0 has no altsetting 0
[ 1620.846322][   T30] audit: type=1800 audit(1754169062.215:497): pid=21242 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz.2.4132" name="bus" dev="overlay" ino=1129 res=0 errno=0
[ 1620.983015][ T9714] usb 5-1: string descriptor 0 read error: -22
[ 1621.007906][ T9714] usb 5-1: New USB device found, idVendor=058f, idProduct=6610, bcdDevice=48.05
[ 1621.061029][ T9714] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1621.370584][ T9714] usb 5-1: dvb_usb_v2: found a 'Sigmatek DVB-110' in warm state
[ 1621.381703][ T9714] usb 5-1: dvb_usb_v2: will pass the complete MPEG2 transport stream to the software demuxer
[ 1621.398096][ T9714] dvbdev: DVB: registering new adapter (Sigmatek DVB-110)
[ 1621.436569][ T9714] usb 5-1: media controller created
[ 1621.545395][ T9714] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[ 1621.615456][ T9714] zl10353_read_register: readreg error (reg=127, ret==0)
[ 1622.050830][ T9714] usb 5-1: USB disconnect, device number 66
[ 1628.293432][T21278] libceph: resolve '.
[ 1628.293432][T21278] #)|.��f��ǝ�a���2s�o�w���?�'�%ЏKAq�f��C���z�e�Sb3L)Hy�o����������Ǥ�Y�M�����h�E$
[ 1628.293432][T21278] ' (ret=-3): failed
[ 1630.767433][   T30] audit: type=1326 audit(1754169072.195:498): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=21294 comm="syz.2.4149" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f89e098eb69 code=0x0
[ 1630.986449][   T10] IPVS: starting estimator thread 0...
[ 1631.177087][T21303] IPVS: using max 26 ests per chain, 62400 per kthread
[ 1631.188431][T21296] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[ 1632.013152][T21319] netlink: 20 bytes leftover after parsing attributes in process `syz.4.4154'.
[ 1633.132075][T21334] netlink: 'syz.3.4157': attribute type 10 has an invalid length.
[ 1633.898314][T21334] team0: Device ipvlan1 failed to register rx_handler
[ 1634.987307][T21346] (unnamed net_device) (uninitialized): Unable to set peer notification delay as MII monitoring is disabled
[ 1635.001125][T21346] netlink: 209852 bytes leftover after parsing attributes in process `syz.0.4161'.
[ 1635.010665][T21346] openvswitch: netlink: ufid size 3068 bytes exceeds the range (1, 16)
[ 1635.019048][T21346] openvswitch: netlink: Flow get message rejected, Key attribute missing.
[ 1636.384881][T21358] netlink: 8 bytes leftover after parsing attributes in process `syz.3.4164'.
[ 1636.513051][T21358] openvswitch: netlink: nsh attribute has 65520 unknown bytes.
[ 1636.584639][T21358] openvswitch: netlink: Actions may not be safe on all matching packets
[ 1636.754514][T21369] netlink: 48 bytes leftover after parsing attributes in process `syz.2.4167'.
[ 1637.818895][T21369] netlink: 129704 bytes leftover after parsing attributes in process `syz.2.4167'.
[ 1638.222425][T21382] overlayfs: upper fs does not support tmpfile.
[ 1639.997166][    T9] usb 3-1: new high-speed USB device number 63 using dummy_hcd
[ 1640.627100][    T9] usb 3-1: Using ep0 maxpacket: 32
[ 1640.650410][    T9] usb 3-1: config 0 has 1 interface, different from the descriptor's value: 2
[ 1640.681105][    T9] usb 3-1: too many endpoints for config 0 interface 0 altsetting 5: 69, using maximum allowed: 30
[ 1640.707891][    T9] usb 3-1: config 0 interface 0 altsetting 5 has 0 endpoint descriptors, different from the interface descriptor's value: 69
[ 1640.760814][    T9] usb 3-1: config 0 interface 0 has no altsetting 1
[ 1640.783427][    T9] usb 3-1: New USB device found, idVendor=152d, idProduct=0539, bcdDevice= 0.00
[ 1640.937726][    T9] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3
[ 1640.945807][    T9] usb 3-1: SerialNumber: syz
[ 1641.402903][    T9] usb 3-1: config 0 descriptor??
[ 1641.544732][    T9] usb-storage 3-1:0.0: USB Mass Storage device detected
[ 1641.614255][    T9] usb-storage 3-1:0.0: Quirks match for vid 152d pid 0539: 4000000
[ 1641.885693][T21422] libceph: resolve '.
[ 1641.885693][T21422] #)|.��f��ǝ�a���2s�o�w���?�'�%ЏKAq�f��C���z�e�Sb3L)Hy�o����������Ǥ�Y�M�����h�E$
[ 1641.885693][T21422] ' (ret=-3): failed
[ 1642.963520][    T9] usb 3-1: USB disconnect, device number 63
[ 1643.550141][T21437] netlink: 12 bytes leftover after parsing attributes in process `syz.3.4188'.
[ 1644.838202][T21449] overlayfs: upper fs does not support tmpfile.
[ 1645.233521][T15603] usb 3-1: new high-speed USB device number 64 using dummy_hcd
[ 1645.577110][T15603] usb 3-1: Using ep0 maxpacket: 8
[ 1645.974541][T15603] usb 3-1: New USB device found, idVendor=10c4, idProduct=8244, bcdDevice=dc.00
[ 1646.008025][T15603] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1646.028285][T15603] usb 3-1: Product: syz
[ 1646.032559][T15603] usb 3-1: Manufacturer: syz
[ 1646.059170][T15603] usb 3-1: SerialNumber: syz
[ 1646.080588][T15603] usb 3-1: config 0 descriptor??
[ 1646.139741][T21479] netlink: 48 bytes leftover after parsing attributes in process `syz.3.4199'.
[ 1646.462188][T15603] radio-usb-si4713 3-1:0.0: Si4713 development board discovered: (10C4:8244)
[ 1646.875001][T21481] pty pty25: ldisc open failed (-12), clearing slot 25
[ 1647.150832][T21479] netlink: 129704 bytes leftover after parsing attributes in process `syz.3.4199'.
[ 1647.195250][T21484] libceph: resolve '.
[ 1647.195250][T21484] #)|.��f��ǝ�a���2s�o�w���?�'�%ЏKAq�f��C���z�e�Sb3L)Hy�o����������Ǥ�Y�M�����h�E$
[ 1647.195250][T21484] ' (ret=-3): failed
[ 1647.462673][T15603] radio-usb-si4713 3-1:0.0: probe with driver radio-usb-si4713 failed with error -71
[ 1647.490149][T15603] usbhid 3-1:0.0: couldn't find an input interrupt endpoint
[ 1647.536122][T15603] usb 3-1: USB disconnect, device number 64
[ 1647.661580][T21490] netlink: 48 bytes leftover after parsing attributes in process `syz.0.4201'.
[ 1649.365320][T21490] netlink: 129704 bytes leftover after parsing attributes in process `syz.0.4201'.
[ 1650.024442][T21509] sctp: [Deprecated]: syz.4.4206 (pid 21509) Use of int in maxseg socket option.
[ 1650.024442][T21509] Use struct sctp_assoc_value instead
[ 1650.905195][T21527] nfs: Deprecated parameter 'nointr'
[ 1654.067537][T21574] libceph: resolve '.
[ 1654.067537][T21574] #)|.��f��ǝ�a���2s�o�w���?�'�%ЏKAq�f��C���z�e�Sb3L)Hy�o����������Ǥ�Y�M�����h�E$
[ 1654.067537][T21574] ' (ret=-3): failed
[ 1655.223927][T21571] overlayfs: upper fs does not support tmpfile.
[ 1656.267369][    T9] usb 3-1: new high-speed USB device number 65 using dummy_hcd
[ 1656.427339][    T9] usb 3-1: Using ep0 maxpacket: 16
[ 1656.443718][    T9] usb 3-1: New USB device found, idVendor=054c, idProduct=002e, bcdDevice= 5.00
[ 1656.463775][    T9] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1656.486991][    T9] usb 3-1: Product: syz
[ 1656.491225][    T9] usb 3-1: Manufacturer: syz
[ 1656.520424][    T9] usb 3-1: SerialNumber: syz
[ 1656.537464][T21602] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[ 1656.556425][    T9] usb 3-1: config 0 descriptor??
[ 1656.604587][    T9] usb-storage 3-1:0.0: USB Mass Storage device detected
[ 1656.651772][    T9] usb-storage 3-1:0.0: Quirks match for vid 054c pid 002e: 1
[ 1656.660607][    T9] usb-storage 3-1:0.0: This device (054c,002e,0500 S 04 P 00) has an unneeded SubClass entry in unusual_devs.h (kernel 6.16.0-syzkaller)
[ 1656.660607][    T9]    Please send a copy of this message to <linux-usb@vger.kernel.org> and <usb-storage@lists.one-eyed-alien.net>
[ 1658.672788][T21621] Can't find a SQUASHFS superblock on nullb0
[ 1659.201439][T21623] (unnamed net_device) (uninitialized): (slave wg2): Device is not bonding slave
[ 1659.225360][T21623] (unnamed net_device) (uninitialized): option active_slave: invalid value (wg2)
[ 1659.441627][T21627] tipc: Bearer <udp:syz1>: already 2 bearers with priority 10
[ 1659.482785][T21627] tipc: Bearer <udp:syz1>: trying with adjusted priority
[ 1659.507423][T21627] tipc: Enabling of bearer <udp:syz1> rejected, failed to enable media
[ 1659.749379][T21635] netlink: 48 bytes leftover after parsing attributes in process `syz.3.4250'.
[ 1659.927070][T16830] usb 5-1: new full-speed USB device number 67 using dummy_hcd
[ 1660.271939][T21635] netlink: 129704 bytes leftover after parsing attributes in process `syz.3.4250'.
[ 1660.533581][   T10] usb 6-1: new high-speed USB device number 74 using dummy_hcd
[ 1660.648541][T15603] usb 3-1: USB disconnect, device number 65
[ 1660.709029][T16830] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 13
[ 1660.747269][   T10] usb 6-1: device descriptor read/64, error -71
[ 1660.783985][T21639] netlink: 48 bytes leftover after parsing attributes in process `syz.0.4251'.
[ 1661.637133][T21639] netlink: 129704 bytes leftover after parsing attributes in process `syz.0.4251'.
[ 1661.914253][   T10] usb 6-1: new high-speed USB device number 75 using dummy_hcd
[ 1662.162539][T16830] usb 5-1: New USB device found, idVendor=046d, idProduct=08ae, bcdDevice=11.58
[ 1662.178095][T16830] usb 5-1: New USB device strings: Mfr=241, Product=1, SerialNumber=3
[ 1662.201338][T16830] usb 5-1: Product: syz
[ 1662.205947][T16830] usb 5-1: Manufacturer: syz
[ 1662.230681][T16830] usb 5-1: SerialNumber: syz
[ 1662.264411][   T10] usb 6-1: device descriptor read/64, error -71
[ 1662.285093][T16830] usb 5-1: config 0 descriptor??
[ 1662.316528][T16830] gspca_main: gspca_zc3xx-2.14.0 probing 046d:08ae
[ 1662.429616][   T10] usb usb6-port1: attempt power cycle
[ 1662.545332][T16830] gspca_zc3xx: reg_w_i err -71
[ 1663.197046][T16830] gspca_zc3xx: Unknown sensor - set to TAS5130C
[ 1663.358645][T16830] gspca_zc3xx 5-1:0.0: probe with driver gspca_zc3xx failed with error -71
[ 1663.670864][T16830] usb 5-1: USB disconnect, device number 67
[ 1663.997096][T21679] netlink: 48 bytes leftover after parsing attributes in process `syz.0.4263'.
[ 1664.543142][T21679] netlink: 129704 bytes leftover after parsing attributes in process `syz.0.4263'.
[ 1667.973885][T21704] program syz.5.4268 is using a deprecated SCSI ioctl, please convert it to SG_IO
[ 1669.142920][ T1301] ieee802154 phy0 wpan0: encryption failed: -22
[ 1670.332467][ T9714] usb 6-1: new high-speed USB device number 77 using dummy_hcd
[ 1670.514621][ T9714] usb 6-1: config 0 has no interfaces?
[ 1670.516204][T21862] overlayfs: upper fs does not support tmpfile.
[ 1670.564619][ T9714] usb 6-1: New USB device found, idVendor=10fd, idProduct=1513, bcdDevice=7e.ce
[ 1670.686984][ T9714] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1670.744808][ T9714] usb 6-1: Product: syz
[ 1670.817476][ T9714] usb 6-1: Manufacturer: syz
[ 1671.007487][ T9714] usb 6-1: SerialNumber: syz
[ 1671.116368][ T9714] usb 6-1: config 0 descriptor??
[ 1671.641219][T21724] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1671.697861][T21724] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1671.756583][T21724] netlink: 12 bytes leftover after parsing attributes in process `syz.5.4275'.
[ 1671.794806][ T5952] usb 6-1: USB disconnect, device number 77
[ 1672.058182][T21913] gtp0: entered promiscuous mode
[ 1672.063218][T21913] gtp0: entered allmulticast mode
[ 1673.168866][T21922] tipc: Can't bind to reserved service type 1
[ 1673.739133][T21929] netlink: 240 bytes leftover after parsing attributes in process `syz.0.4284'.
[ 1674.881028][T21940] netdevsim netdevsim2: loading /lib/firmware/. failed with error -22
[ 1674.891274][T21940] netdevsim netdevsim2: Direct firmware load for . failed with error -22
[ 1674.899936][T21940] netdevsim netdevsim2: Falling back to sysfs fallback for: .
[ 1675.160196][T21953] FAULT_INJECTION: forcing a failure.
[ 1675.160196][T21953] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1675.176893][T21953] CPU: 0 UID: 0 PID: 21953 Comm: syz.3.4291 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) 
[ 1675.176930][T21953] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[ 1675.176943][T21953] Call Trace:
[ 1675.176952][T21953]  <TASK>
[ 1675.176962][T21953]  dump_stack_lvl+0x189/0x250
[ 1675.176988][T21953]  ? __pfx____ratelimit+0x10/0x10
[ 1675.177004][T21953]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1675.177017][T21953]  ? __pfx__printk+0x10/0x10
[ 1675.177033][T21953]  ? __might_fault+0xb0/0x130
[ 1675.177054][T21953]  should_fail_ex+0x414/0x560
[ 1675.177071][T21953]  _copy_from_user+0x2d/0xb0
[ 1675.177089][T21953]  memdup_user+0x5e/0xd0
[ 1675.177105][T21953]  autofs_dev_ioctl+0x1c9/0xb30
[ 1675.177118][T21953]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1675.177136][T21953]  ? __pfx_autofs_dev_ioctl+0x10/0x10
[ 1675.177153][T21953]  ? __sanitizer_cov_trace_pc+0x8/0x70
[ 1675.177172][T21953]  ? __pfx_autofs_dev_ioctl+0x10/0x10
[ 1675.177192][T21953]  __se_sys_ioctl+0xfc/0x170
[ 1675.177212][T21953]  do_syscall_64+0xfa/0x3b0
[ 1675.177226][T21953]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1675.177238][T21953]  ? asm_sysvec_call_function_single+0x1a/0x20
[ 1675.177250][T21953]  ? clear_bhb_loop+0x60/0xb0
[ 1675.177265][T21953]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1675.177277][T21953] RIP: 0033:0x7f236bf8eb69
[ 1675.177290][T21953] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1675.177301][T21953] RSP: 002b:00007f236ce8b038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1675.177316][T21953] RAX: ffffffffffffffda RBX: 00007f236c1b6080 RCX: 00007f236bf8eb69
[ 1675.177325][T21953] RDX: 0000200000001040 RSI: 00000000c018937e RDI: 0000000000000003
[ 1675.177334][T21953] RBP: 00007f236ce8b090 R08: 0000000000000000 R09: 0000000000000000
[ 1675.177341][T21953] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1675.177349][T21953] R13: 0000000000000000 R14: 00007f236c1b6080 R15: 00007ffc1f8331a8
[ 1675.177368][T21953]  </TASK>
[ 1676.302633][T22086] SET target dimension over the limit!
[ 1676.319352][T22086] exFAT-fs (nullb0): invalid boot record signature
[ 1676.327006][T22086] exFAT-fs (nullb0): failed to read boot sector
[ 1676.333992][T22086] exFAT-fs (nullb0): failed to recognize exfat type
[ 1676.991623][T22103] xt_socket: unknown flags 0xd0
[ 1677.426462][T22097] overlayfs: failed to resolve './file1': -2
[ 1679.849318][   T30] audit: type=1800 audit(1754169120.805:499): pid=22123 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz.5.4305" name="bus" dev="overlay" ino=1167 res=0 errno=0
[ 1680.626035][T22128] netdevsim netdevsim0: loading /lib/firmware/. failed with error -22
[ 1680.646355][T22128] netdevsim netdevsim0: Direct firmware load for . failed with error -22
[ 1680.656976][T22128] netdevsim netdevsim0: Falling back to sysfs fallback for: .
[ 1681.742098][T22144] overlayfs: upper fs does not support tmpfile.
[ 1682.405100][T22141] bond1: (slave bridge2): Enslaving as an active interface with an up link
[ 1682.520086][   T30] audit: type=1326 audit(1754169124.025:500): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=22148 comm="syz.4.4308" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1d1c78eb69 code=0x7ffc0000
[ 1682.609574][   T30] audit: type=1326 audit(1754169124.065:501): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=22148 comm="syz.4.4308" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1d1c78eb69 code=0x7ffc0000
[ 1682.883951][   T30] audit: type=1326 audit(1754169124.065:502): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=22148 comm="syz.4.4308" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f1d1c72ad69 code=0x7ffc0000
[ 1683.188033][   T30] audit: type=1326 audit(1754169124.065:503): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=22148 comm="syz.4.4308" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f1d1c72ad69 code=0x7ffc0000
[ 1683.292152][   T30] audit: type=1326 audit(1754169124.065:504): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=22148 comm="syz.4.4308" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1d1c78eb69 code=0x7ffc0000
[ 1683.442231][   T30] audit: type=1326 audit(1754169124.135:505): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=22148 comm="syz.4.4308" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f1d1c72ad69 code=0x7ffc0000
[ 1683.468685][   T30] audit: type=1326 audit(1754169124.135:506): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=22148 comm="syz.4.4308" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1d1c78eb69 code=0x7ffc0000
[ 1683.668207][T22170] siw: device registration error -23
[ 1684.254933][   T30] audit: type=1326 audit(1754169124.145:507): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=22148 comm="syz.4.4308" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f1d1c72ad69 code=0x7ffc0000
[ 1684.284537][   T30] audit: type=1326 audit(1754169124.145:508): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=22148 comm="syz.4.4308" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1d1c78eb69 code=0x7ffc0000
[ 1684.333822][T22169] tipc: Started in network mode
[ 1684.339229][T22169] tipc: Node identity aaaaaaaaaa32, cluster identity 4711
[ 1684.352296][T22169] tipc: Enabled bearer <eth:vlan0>, priority 10
[ 1684.522557][T22162] overlayfs: upper fs does not support tmpfile.
[ 1685.334293][T22177] netlink: 8 bytes leftover after parsing attributes in process `syz.2.4317'.
[ 1685.383847][  T982] tipc: Node number set to 10005162
[ 1687.142438][T22197] overlayfs: upper fs does not support tmpfile.
[ 1689.518504][T22227] netlink: 8 bytes leftover after parsing attributes in process `syz.5.4331'.
[ 1694.358278][T22269] overlayfs: upper fs does not support tmpfile.
[ 1694.734337][T22271] netlink: 'syz.3.4344': attribute type 7 has an invalid length.
[ 1697.007994][T22293] pimreg: entered allmulticast mode
[ 1697.015641][T22293] pimreg: left allmulticast mode
[ 1697.153808][T22298] netlink: 'syz.2.4351': attribute type 3 has an invalid length.
[ 1697.226129][T22298] netlink: 12 bytes leftover after parsing attributes in process `syz.2.4351'.
[ 1697.406214][T22301] lo speed is unknown, defaulting to 1000
[ 1699.593265][T22329] libceph: resolve '.
[ 1699.593265][T22329] #)|.��f��ǝ�a���2s�o�w���?�'�%ЏKAq�f��C���z�e�Sb3L)Hy�o����������Ǥ�Y�M�����h�E$
[ 1699.593265][T22329] ' (ret=-3): failed
[ 1699.764220][T22334] loop7: detected capacity change from 0 to 16384
[ 1700.470282][T22342] libceph: resolve '.
[ 1700.470282][T22342] #)|.��f��ǝ�a���2s�o�w���?�'�%ЏKAq�f��C���z�e�Sb3L)Hy�o����������Ǥ�Y�M�����h�E$
[ 1700.470282][T22342] ' (ret=-3): failed
[ 1701.299643][T22339] loop7: detected capacity change from 16384 to 0
[ 1701.299914][    C0] I/O error, dev loop7, sector 1536 op 0x0:(READ) flags 0x80700 phys_seg 8 prio class 0
[ 1704.088439][T22374] netlink: 12 bytes leftover after parsing attributes in process `syz.2.4373'.
[ 1705.804981][T22387] xt_l2tp: v2 sid > 0xffff: 262144
[ 1707.408802][T22401] netlink: 28 bytes leftover after parsing attributes in process `syz.2.4383'.
[ 1707.437955][T22401] netlink: 28 bytes leftover after parsing attributes in process `syz.2.4383'.
[ 1707.463882][T22405] ubi: mtd0 is already attached to ubi31
[ 1707.471675][T22401] team0: entered promiscuous mode
[ 1707.480428][T22401] team_slave_0: entered promiscuous mode
[ 1707.509280][T22401] team_slave_1: entered promiscuous mode
[ 1707.528223][T22401] bond0: entered promiscuous mode
[ 1707.550761][T22401] bond_slave_0: entered promiscuous mode
[ 1707.558904][T22401] bond_slave_1: entered promiscuous mode
[ 1707.565181][T22401] bridge0: entered promiscuous mode
[ 1707.589019][T22401] 8021q: adding VLAN 0 to HW filter on device hsr1
[ 1709.742685][T22424] 9pnet_fd: Insufficient options for proto=fd
[ 1710.062793][T22424] ceph: No mds server is up or the cluster is laggy
[ 1710.070847][  T981] libceph: connect (1)[c::]:6789 error -101
[ 1710.078150][  T981] libceph: mon0 (1)[c::]:6789 connect error
[ 1711.039298][  T981] libceph: connect (1)[c::]:6789 error -101
[ 1711.045363][  T981] libceph: mon0 (1)[c::]:6789 connect error
[ 1711.268239][T22429] overlayfs: upper fs does not support tmpfile.
[ 1711.604413][T22443] netlink: 8 bytes leftover after parsing attributes in process `syz.0.4397'.
[ 1712.881820][T22458] netlink: 48 bytes leftover after parsing attributes in process `syz.0.4401'.
[ 1713.469481][T22458] netlink: 129704 bytes leftover after parsing attributes in process `syz.0.4401'.
[ 1713.957909][T22467] netlink: 8 bytes leftover after parsing attributes in process `syz.2.4405'.
[ 1714.050751][T22467] netlink: 4 bytes leftover after parsing attributes in process `syz.2.4405'.
[ 1715.257373][T22479] FAULT_INJECTION: forcing a failure.
[ 1715.257373][T22479] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1715.271362][T22479] CPU: 1 UID: 0 PID: 22479 Comm: syz.3.4409 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) 
[ 1715.271391][T22479] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[ 1715.271404][T22479] Call Trace:
[ 1715.271414][T22479]  <TASK>
[ 1715.271424][T22479]  dump_stack_lvl+0x189/0x250
[ 1715.271455][T22479]  ? __pfx____ratelimit+0x10/0x10
[ 1715.271478][T22479]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1715.271503][T22479]  ? __pfx__printk+0x10/0x10
[ 1715.271546][T22479]  should_fail_ex+0x414/0x560
[ 1715.271575][T22479]  strncpy_from_user+0x36/0x290
[ 1715.271624][T22479]  getname_flags+0xf3/0x540
[ 1715.271655][T22479]  user_path_at+0x24/0x60
[ 1715.271685][T22479]  __se_sys_mount+0x2d3/0x410
[ 1715.271717][T22479]  ? __pfx___se_sys_mount+0x10/0x10
[ 1715.271749][T22479]  ? do_syscall_64+0xbe/0x3b0
[ 1715.271771][T22479]  ? __x64_sys_mount+0x20/0xc0
[ 1715.271798][T22479]  do_syscall_64+0xfa/0x3b0
[ 1715.271820][T22479]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1715.271842][T22479]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1715.271862][T22479]  ? clear_bhb_loop+0x60/0xb0
[ 1715.271889][T22479]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1715.271909][T22479] RIP: 0033:0x7f236bf8eb69
[ 1715.271929][T22479] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1715.271948][T22479] RSP: 002b:00007f236ceac038 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[ 1715.271971][T22479] RAX: ffffffffffffffda RBX: 00007f236c1b5fa0 RCX: 00007f236bf8eb69
[ 1715.271987][T22479] RDX: 0000200000000080 RSI: 00002000000000c0 RDI: 0000000000000000
[ 1715.272092][T22479] RBP: 00007f236ceac090 R08: 0000200000000a00 R09: 0000000000000000
[ 1715.272107][T22479] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1715.272129][T22479] R13: 0000000000000000 R14: 00007f236c1b5fa0 R15: 00007ffc1f8331a8
[ 1715.272168][T22479]  </TASK>
[ 1715.519990][T22475] overlayfs: failed to clone upperpath
[ 1715.762337][  T981] hid (null): global environment stack underflow
[ 1715.775821][  T981] hid (null): unknown global tag 0xe
[ 1715.786464][  T981] hid (null): unknown global tag 0xc
[ 1715.799077][  T981] hid-generic FFFB:0003:0007.001F: unexpected long global item
[ 1715.820389][  T981] hid-generic FFFB:0003:0007.001F: probe with driver hid-generic failed with error -22
[ 1716.957618][T22508] netlink: 48 bytes leftover after parsing attributes in process `syz.4.4418'.
[ 1717.428531][T22508] netlink: 129704 bytes leftover after parsing attributes in process `syz.4.4418'.
[ 1718.197594][T22516] syz_tun: entered allmulticast mode
[ 1718.217649][ T5952] usb 4-1: new high-speed USB device number 57 using dummy_hcd
[ 1718.935142][T22517] syz_tun: left allmulticast mode
[ 1719.087011][ T5952] usb 4-1: Using ep0 maxpacket: 16
[ 1721.524757][ T5952] usb 4-1: unable to get BOS descriptor or descriptor too short
[ 1721.584760][ T5952] usb 4-1: unable to read config index 0 descriptor/start: -71
[ 1721.634056][ T5952] usb 4-1: can't read configurations, error -71
[ 1722.620318][ T5952] usb 4-1: new high-speed USB device number 58 using dummy_hcd
[ 1722.837621][ T5952] usb 4-1: Using ep0 maxpacket: 32
[ 1722.867496][ T5952] usb 4-1: config 2 has an invalid interface number: 157 but max is 0
[ 1722.876015][ T5952] usb 4-1: config 2 has no interface number 0
[ 1722.891323][ T5952] usb 4-1: New USB device found, idVendor=15c2, idProduct=ffdc, bcdDevice=a4.1b
[ 1722.920670][ T5952] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1722.946191][ T5952] usb 4-1: Product: syz
[ 1722.956989][ T5952] usb 4-1: Manufacturer: syz
[ 1722.966601][ T5952] usb 4-1: SerialNumber: syz
[ 1722.993667][ T5952] imon 4-1:2.157: unable to register, err -19
[ 1723.196495][T22549] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1723.230361][T22549] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1723.741681][ T5953] usb 4-1: USB disconnect, device number 58
[ 1724.311395][T22572] fuse: Unknown parameter 'O�H�
[ 1724.311395][T22572] D'
[ 1724.487044][  T981] usb 5-1: new high-speed USB device number 68 using dummy_hcd
[ 1724.557712][   T30] kauditd_printk_skb: 8 callbacks suppressed
[ 1724.557733][   T30] audit: type=1326 audit(1754169166.065:517): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=22570 comm="syz.0.4436" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7fa20518eb69 code=0x0
[ 1724.776018][  T981] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1725.370697][  T981] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1725.382386][  T981] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[ 1725.397361][  T981] usb 5-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[ 1725.406649][  T981] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1725.419231][  T981] usb 5-1: config 0 descriptor??
[ 1725.937396][  T981] plantronics 0003:047F:FFFF.0020: reserved main item tag 0xd
[ 1725.955696][  T981] plantronics 0003:047F:FFFF.0020: unknown main item tag 0x0
[ 1726.005965][  T981] plantronics 0003:047F:FFFF.0020: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.4-1/input0
[ 1726.236410][  T981] usb 5-1: USB disconnect, device number 68
[ 1726.243838][T22607] netlink: 'syz.0.4444': attribute type 7 has an invalid length.
[ 1726.885858][T22616] overlayfs: option "workdir=./file1" is useless in a non-upper mount, ignore
[ 1726.895376][T22616] overlayfs: NFS export requires "redirect_dir=nofollow" on non-upper mount, falling back to nfs_export=off.
[ 1726.907240][T22616] overlayfs: missing 'lowerdir'
[ 1727.820459][T22625] netlink: 'syz.4.4452': attribute type 5 has an invalid length.
[ 1728.987240][T16830] usb 5-1: new high-speed USB device number 69 using dummy_hcd
[ 1729.433838][T16830] usb 5-1: device descriptor read/64, error -71
[ 1729.697189][T16830] usb 5-1: new high-speed USB device number 70 using dummy_hcd
[ 1730.025741][T16830] usb 5-1: device descriptor read/64, error -71
[ 1730.774393][ T1301] ieee802154 phy0 wpan0: encryption failed: -22
[ 1730.787312][T16830] usb usb5-port1: attempt power cycle
[ 1731.793229][   T10] IPVS: starting estimator thread 0...
[ 1731.977066][T22666] IPVS: using max 23 ests per chain, 55200 per kthread
[ 1732.377305][ T9384] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1732.385677][ T9384] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1732.396655][T22663] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[ 1734.487452][T22693] overlayfs: upper fs does not support tmpfile.
[ 1735.052439][T22705] xt_socket: unknown flags 0xd0
[ 1739.067983][T22741] netlink: del zone limit has 4 unknown bytes
[ 1739.176202][T22745] netlink: 24 bytes leftover after parsing attributes in process `syz.3.4485'.
[ 1739.196218][T22745] siw: device registration error -23
[ 1740.119493][T22751] netlink: 'syz.4.4487': attribute type 7 has an invalid length.
[ 1749.837314][T22831] netlink: 24 bytes leftover after parsing attributes in process `syz.5.4512'.
[ 1750.232876][T22833] netlink: 8 bytes leftover after parsing attributes in process `syz.5.4513'.
[ 1750.264468][T22833] netlink: 277 bytes leftover after parsing attributes in process `syz.5.4513'.
[ 1750.890599][  T982] usb 5-1: new high-speed USB device number 72 using dummy_hcd
[ 1752.278861][  T982] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[ 1752.305120][  T982] usb 5-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 18
[ 1752.335616][  T982] usb 5-1: config 1 interface 0 has no altsetting 1
[ 1752.354718][  T982] usb 5-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[ 1752.388856][T22848] netlink: 'syz.2.4518': attribute type 7 has an invalid length.
[ 1752.425068][  T982] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1
[ 1752.468474][  T982] usb 5-1: SerialNumber: syz
[ 1752.481826][T22848] : entered promiscuous mode
[ 1752.534143][  T982] cdc_ether 5-1:1.0: probe with driver cdc_ether failed with error -22
[ 1753.189553][T22859] hfsplus: Unknown parameter '$*:{!/''
[ 1753.301797][T22861] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1753.574261][T22867] autofs: Unknown parameter '0x0000000000000000'
[ 1753.876591][ T5953] usb 5-1: USB disconnect, device number 72
[ 1756.132030][T22893] FAULT_INJECTION: forcing a failure.
[ 1756.132030][T22893] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1756.159811][T22893] CPU: 1 UID: 0 PID: 22893 Comm: syz.4.4533 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) 
[ 1756.159843][T22893] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[ 1756.159855][T22893] Call Trace:
[ 1756.159864][T22893]  <TASK>
[ 1756.159874][T22893]  dump_stack_lvl+0x189/0x250
[ 1756.159898][T22893]  ? __pfx____ratelimit+0x10/0x10
[ 1756.159913][T22893]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1756.159927][T22893]  ? __pfx__printk+0x10/0x10
[ 1756.159942][T22893]  ? __might_fault+0xb0/0x130
[ 1756.159962][T22893]  should_fail_ex+0x414/0x560
[ 1756.159979][T22893]  _copy_from_user+0x2d/0xb0
[ 1756.159998][T22893]  ___sys_sendmsg+0x158/0x2a0
[ 1756.160021][T22893]  ? __pfx____sys_sendmsg+0x10/0x10
[ 1756.160063][T22893]  ? __fget_files+0x2a/0x420
[ 1756.160076][T22893]  ? __fget_files+0x3a0/0x420
[ 1756.160097][T22893]  __x64_sys_sendmsg+0x19b/0x260
[ 1756.160116][T22893]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[ 1756.160141][T22893]  ? __pfx_ksys_write+0x10/0x10
[ 1756.160152][T22893]  ? rcu_is_watching+0x15/0xb0
[ 1756.160169][T22893]  ? do_syscall_64+0xbe/0x3b0
[ 1756.160185][T22893]  do_syscall_64+0xfa/0x3b0
[ 1756.160197][T22893]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1756.160211][T22893]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1756.160223][T22893]  ? clear_bhb_loop+0x60/0xb0
[ 1756.160238][T22893]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1756.160258][T22893] RIP: 0033:0x7f1d1c78eb69
[ 1756.160270][T22893] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1756.160281][T22893] RSP: 002b:00007f1d1d5fa038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 1756.160296][T22893] RAX: ffffffffffffffda RBX: 00007f1d1c9b5fa0 RCX: 00007f1d1c78eb69
[ 1756.160306][T22893] RDX: 0000000000000000 RSI: 0000200000000040 RDI: 0000000000000003
[ 1756.160314][T22893] RBP: 00007f1d1d5fa090 R08: 0000000000000000 R09: 0000000000000000
[ 1756.160322][T22893] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1756.160330][T22893] R13: 0000000000000000 R14: 00007f1d1c9b5fa0 R15: 00007ffcbb5aaba8
[ 1756.160350][T22893]  </TASK>
[ 1756.409308][T22897] netlink: 28 bytes leftover after parsing attributes in process `syz.3.4536'.
[ 1756.878300][T22913] netlink: 'syz.0.4540': attribute type 1 has an invalid length.
[ 1757.101254][T22913] 8021q: adding VLAN 0 to HW filter on device bond2
[ 1757.202857][T22914] vlan2: entered allmulticast mode
[ 1757.222764][T22914] bond2: entered allmulticast mode
[ 1757.322603][T22913] bond0: entered promiscuous mode
[ 1757.334453][T22913] 
: entered promiscuous mode
[ 1757.352976][T22913] bond_slave_1: entered promiscuous mode
[ 1757.383445][T22913] bond0: entered allmulticast mode
[ 1757.447120][T22913] 
: entered allmulticast mode
[ 1757.461296][T22913] bond_slave_1: entered allmulticast mode
[ 1759.215499][ T2985] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1759.255613][ T2985] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1759.619449][T22943] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[ 1760.487295][   T30] audit: type=1800 audit(1754169201.265:518): pid=22955 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed comm="syz.5.4552" name="SYSV798dd828" dev="tmpfs" ino=0 res=0 errno=0
[ 1762.933946][T22980] xt_CT: You must specify a L4 protocol and not use inversions on it
[ 1764.836284][T22996] netlink: 9 bytes leftover after parsing attributes in process `syz.0.4564'.
[ 1764.857277][ T9714] usb 6-1: new high-speed USB device number 78 using dummy_hcd
[ 1764.857603][T22996] 0�: renamed from hsr0 (while UP)
[ 1764.939461][T22997] netlink: 9 bytes leftover after parsing attributes in process `syz.0.4564'.
[ 1764.978431][T22998] netlink: 48 bytes leftover after parsing attributes in process `syz.3.4563'.
[ 1765.622846][T22996] 0�: entered allmulticast mode
[ 1765.660713][T22996] hsr_slave_0: entered allmulticast mode
[ 1765.692638][T22996] hsr_slave_1: entered allmulticast mode
[ 1765.847372][T22996] A link change request failed with some changes committed already. Interface 
70� may have been left with an inconsistent configuration, please check.
[ 1765.887286][ T9714] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 226, changing to 11
[ 1765.920719][T22997] 1�: renamed from 
70� (while UP)
[ 1766.335807][T22998] netlink: 129704 bytes leftover after parsing attributes in process `syz.3.4563'.
[ 1766.666976][ T9714] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 34456, setting to 1024
[ 1766.679295][ T9714] usb 6-1: New USB device found, idVendor=0d8c, idProduct=0022, bcdDevice= 0.00
[ 1766.740760][ T9714] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1766.788567][ T9714] usb 6-1: config 0 descriptor??
[ 1766.805736][T22990] raw-gadget.0 gadget.5: fail, usb_ep_enable returned -22
[ 1766.813962][T23011] netlink: 8 bytes leftover after parsing attributes in process `syz.4.4568'.
[ 1766.831409][T22997] A link change request failed with some changes committed already. Interface 
71� may have been left with an inconsistent configuration, please check.
[ 1767.258519][ T9714] cm6533_jd 0003:0D8C:0022.0021: unknown main item tag 0x0
[ 1767.266631][ T9714] cm6533_jd 0003:0D8C:0022.0021: item fetching failed at offset 4/5
[ 1767.275971][ T9714] cm6533_jd 0003:0D8C:0022.0021: parse failed
[ 1767.282775][ T9714] cm6533_jd 0003:0D8C:0022.0021: probe with driver cm6533_jd failed with error -22
[ 1768.126001][ T5952] usb 6-1: USB disconnect, device number 78
[ 1768.172889][T23032] netlink: 40 bytes leftover after parsing attributes in process `syz.4.4572'.
[ 1768.191117][T23031] overlayfs: upper fs does not support tmpfile.
[ 1769.133244][T23038] netlink: 28 bytes leftover after parsing attributes in process `syz.2.4575'.
[ 1769.148906][T23038] netlink: 28 bytes leftover after parsing attributes in process `syz.2.4575'.
[ 1771.428079][T23058] lo speed is unknown, defaulting to 1000
[ 1774.041437][   T10] usb 6-1: new high-speed USB device number 79 using dummy_hcd
[ 1774.267873][   T10] usb 6-1: New USB device found, idVendor=05d1, idProduct=2021, bcdDevice=31.00
[ 1774.301320][   T10] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1774.317141][   T10] usb 6-1: Product: syz
[ 1774.327462][   T10] usb 6-1: Manufacturer: syz
[ 1774.332224][   T10] usb 6-1: SerialNumber: syz
[ 1774.854811][   T10] usb 6-1: config 0 descriptor??
[ 1774.862061][   T10] ftdi_sio 6-1:0.0: FTDI USB Serial Device converter detected
[ 1774.877693][   T10] usb 6-1: Detected FT4232HP
[ 1775.126630][   T10] ftdi_sio ttyUSB0: Unable to read latency timer: -71
[ 1775.144240][   T10] ftdi_sio ttyUSB0: Unable to write latency timer: -71
[ 1775.168331][   T10] usb 6-1: FTDI USB Serial Device converter now attached to ttyUSB0
[ 1775.203587][   T10] usb 6-1: USB disconnect, device number 79
[ 1775.433506][   T10] ftdi_sio ttyUSB0: FTDI USB Serial Device converter now disconnected from ttyUSB0
[ 1775.443756][   T10] ftdi_sio 6-1:0.0: device disconnected
[ 1775.496591][T23085] ------------[ cut here ]------------
[ 1775.502734][T23085] intf 08:02:11:00:00:00 [link=0]: bad STA 08:02:11:00:00:01 bandwidth 20 MHz (0) > channel config 5 MHz (6)
[ 1775.545884][T23085] WARNING: CPU: 0 PID: 23085 at drivers/net/wireless/virtual/mac80211_hwsim.c:2653 mac80211_hwsim_sta_rc_update+0x6f5/0x860
[ 1775.558976][T23085] Modules linked in:
[ 1775.563290][T23085] CPU: 0 UID: 0 PID: 23085 Comm: syz.2.4590 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) 
[ 1775.573484][T23085] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[ 1775.583695][T23085] RIP: 0010:mac80211_hwsim_sta_rc_update+0x6f5/0x860
[ 1775.590575][T23085] Code: 71 17 00 00 48 c7 c7 20 dc 2c 8c 48 8b 74 24 28 89 ea 48 8b 4c 24 10 41 89 d8 45 89 f9 41 56 50 e8 c0 7b 98 fa 48 83 c4 10 90 <0f> 0b 90 90 e9 0c ff ff ff e8 0d 8c d4 fa 90 0f 0b 90 e9 fe fe ff
[ 1775.611169][T23085] RSP: 0018:ffffc9000f986fd0 EFLAGS: 00010282
[ 1775.617764][T23085] RAX: d71358472903d400 RBX: 0000000000000014 RCX: 0000000000080000
[ 1775.630349][T23085] RDX: ffffc90015b62000 RSI: 0000000000005087 RDI: 0000000000005088
[ 1775.638521][T23085] RBP: 0000000000000000 R08: 0000000000000003 R09: 0000000000000004
[ 1775.646796][T23085] R10: dffffc0000000000 R11: fffffbfff1bfaa6c R12: 0000000000000000
[ 1775.655468][T23085] R13: dffffc0000000000 R14: 0000000000000006 R15: 0000000000000000
[ 1775.663625][T23085] FS:  00007f89e17ac6c0(0000) GS:ffff888125c57000(0000) knlGS:0000000000000000
[ 1775.673052][T23085] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 1775.679965][T23085] CR2: 000000110c2efe7a CR3: 000000004c72c000 CR4: 00000000003526f0
[ 1775.688245][T23085] Call Trace:
[ 1775.691661][T23085]  <TASK>
[ 1775.694906][T23085]  ? mac80211_hwsim_sta_rc_update+0x73/0x860
[ 1775.701285][T23085]  mac80211_hwsim_sta_add+0xa3/0x310
[ 1775.706964][T23085]  drv_sta_state+0x8c1/0x1840
[ 1775.711917][T23085]  sta_info_insert_rcu+0xd32/0x1940
[ 1775.717354][T23085]  ? sta_info_insert_rcu+0x2ce/0x1940
[ 1775.724556][T23085]  sta_info_insert+0x16/0xc0
[ 1775.730543][T23085]  rdev_add_station+0x108/0x290
[ 1775.735536][T23085]  nl80211_new_station+0x1723/0x1b40
[ 1775.741061][T23085]  ? __pfx_nl80211_new_station+0x10/0x10
[ 1775.746786][T23085]  ? netdev_run_todo+0xe1d/0xea0
[ 1775.751844][T23085]  ? nl80211_pre_doit+0x4f1/0x930
[ 1775.757125][T23085]  genl_family_rcv_msg_doit+0x215/0x300
[ 1775.762821][T23085]  ? __pfx_genl_family_rcv_msg_doit+0x10/0x10
[ 1775.769085][T23085]  ? bpf_lsm_capable+0x9/0x20
[ 1775.773852][T23085]  ? security_capable+0x7e/0x2e0
[ 1775.779157][T23085]  genl_rcv_msg+0x60e/0x790
[ 1775.783787][T23085]  ? __pfx_genl_rcv_msg+0x10/0x10
[ 1775.789317][T23085]  ? ref_tracker_free+0x63a/0x7d0
[ 1775.794669][T23085]  ? __pfx_nl80211_pre_doit+0x10/0x10
[ 1775.800539][T23085]  ? __pfx_nl80211_new_station+0x10/0x10
[ 1775.806463][T23085]  ? __pfx_nl80211_post_doit+0x10/0x10
[ 1775.812198][T23085]  ? __pfx_ref_tracker_free+0x10/0x10
[ 1775.817796][T23085]  netlink_rcv_skb+0x205/0x470
[ 1775.822591][T23085]  ? __pfx_genl_rcv_msg+0x10/0x10
[ 1775.828662][T23085]  ? __pfx_netlink_rcv_skb+0x10/0x10
[ 1775.835349][T23085]  ? down_read+0x1ad/0x2e0
[ 1775.839910][T23085]  genl_rcv+0x28/0x40
[ 1775.844318][T23085]  netlink_unicast+0x75c/0x8e0
[ 1775.849407][T23085]  netlink_sendmsg+0x805/0xb30
[ 1775.854233][T23085]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 1775.859827][T23085]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[ 1775.865229][T23085]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 1775.870696][T23085]  __sock_sendmsg+0x21c/0x270
[ 1775.875548][T23085]  ____sys_sendmsg+0x505/0x830
[ 1775.880674][T23085]  ? __pfx_____sys_sendmsg+0x10/0x10
[ 1775.886207][T23085]  ? import_iovec+0x74/0xa0
[ 1775.890894][T23085]  ___sys_sendmsg+0x21f/0x2a0
[ 1775.895843][T23085]  ? __pfx____sys_sendmsg+0x10/0x10
[ 1775.901441][T23085]  ? __fget_files+0x2a/0x420
[ 1775.906223][T23085]  ? __fget_files+0x3a0/0x420
[ 1775.911095][T23085]  __x64_sys_sendmsg+0x19b/0x260
[ 1775.916058][T23085]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[ 1775.921658][T23085]  ? rcu_is_watching+0x15/0xb0
[ 1775.927611][T23085]  ? do_syscall_64+0xbe/0x3b0
[ 1775.932428][T23085]  do_syscall_64+0xfa/0x3b0
[ 1775.937930][T23085]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1775.943262][T23085]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1775.949468][T23085]  ? clear_bhb_loop+0x60/0xb0
[ 1775.954160][T23085]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1775.960312][T23085] RIP: 0033:0x7f89e098eb69
[ 1775.964826][T23085] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1775.984902][T23085] RSP: 002b:00007f89e17ac038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 1775.993426][T23085] RAX: ffffffffffffffda RBX: 00007f89e0bb5fa0 RCX: 00007f89e098eb69
[ 1776.001599][T23085] RDX: 0000000000000000 RSI: 0000200000001080 RDI: 0000000000000008
[ 1776.009631][T23085] RBP: 00007f89e0a11df1 R08: 0000000000000000 R09: 0000000000000000
[ 1776.017871][T23085] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 1776.026146][T23085] R13: 0000000000000000 R14: 00007f89e0bb5fa0 R15: 00007ffe679fe308
[ 1776.035027][T23085]  </TASK>
[ 1776.038885][T23085] Kernel panic - not syncing: kernel: panic_on_warn set ...
[ 1776.046385][T23085] CPU: 0 UID: 0 PID: 23085 Comm: syz.2.4590 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) 
[ 1776.056569][T23085] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[ 1776.067244][T23085] Call Trace:
[ 1776.070895][T23085]  <TASK>
[ 1776.073835][T23085]  dump_stack_lvl+0x99/0x250
[ 1776.078433][T23085]  ? __asan_memcpy+0x40/0x70
[ 1776.083333][T23085]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1776.088666][T23085]  ? __pfx__printk+0x10/0x10
[ 1776.093569][T23085]  panic+0x2db/0x790
[ 1776.097674][T23085]  ? __pfx_panic+0x10/0x10
[ 1776.102257][T23085]  __warn+0x31b/0x4b0
[ 1776.106767][T23085]  ? mac80211_hwsim_sta_rc_update+0x6f5/0x860
[ 1776.112963][T23085]  ? mac80211_hwsim_sta_rc_update+0x6f5/0x860
[ 1776.119177][T23085]  report_bug+0x2be/0x4f0
[ 1776.123558][T23085]  ? mac80211_hwsim_sta_rc_update+0x6f5/0x860
[ 1776.129643][T23085]  ? mac80211_hwsim_sta_rc_update+0x6f5/0x860
[ 1776.135776][T23085]  ? mac80211_hwsim_sta_rc_update+0x6f7/0x860
[ 1776.142109][T23085]  handle_bug+0x84/0x160
[ 1776.146539][T23085]  exc_invalid_op+0x1a/0x50
[ 1776.151052][T23085]  asm_exc_invalid_op+0x1a/0x20
[ 1776.155945][T23085] RIP: 0010:mac80211_hwsim_sta_rc_update+0x6f5/0x860
[ 1776.162642][T23085] Code: 71 17 00 00 48 c7 c7 20 dc 2c 8c 48 8b 74 24 28 89 ea 48 8b 4c 24 10 41 89 d8 45 89 f9 41 56 50 e8 c0 7b 98 fa 48 83 c4 10 90 <0f> 0b 90 90 e9 0c ff ff ff e8 0d 8c d4 fa 90 0f 0b 90 e9 fe fe ff
[ 1776.183265][T23085] RSP: 0018:ffffc9000f986fd0 EFLAGS: 00010282
[ 1776.189791][T23085] RAX: d71358472903d400 RBX: 0000000000000014 RCX: 0000000000080000
[ 1776.198227][T23085] RDX: ffffc90015b62000 RSI: 0000000000005087 RDI: 0000000000005088
[ 1776.206295][T23085] RBP: 0000000000000000 R08: 0000000000000003 R09: 0000000000000004
[ 1776.214342][T23085] R10: dffffc0000000000 R11: fffffbfff1bfaa6c R12: 0000000000000000
[ 1776.222497][T23085] R13: dffffc0000000000 R14: 0000000000000006 R15: 0000000000000000
[ 1776.230779][T23085]  ? mac80211_hwsim_sta_rc_update+0x73/0x860
[ 1776.236910][T23085]  mac80211_hwsim_sta_add+0xa3/0x310
[ 1776.242414][T23085]  drv_sta_state+0x8c1/0x1840
[ 1776.247299][T23085]  sta_info_insert_rcu+0xd32/0x1940
[ 1776.252846][T23085]  ? sta_info_insert_rcu+0x2ce/0x1940
[ 1776.260181][T23085]  sta_info_insert+0x16/0xc0
[ 1776.264792][T23085]  rdev_add_station+0x108/0x290
[ 1776.269694][T23085]  nl80211_new_station+0x1723/0x1b40
[ 1776.275143][T23085]  ? __pfx_nl80211_new_station+0x10/0x10
[ 1776.280833][T23085]  ? netdev_run_todo+0xe1d/0xea0
[ 1776.286098][T23085]  ? nl80211_pre_doit+0x4f1/0x930
[ 1776.291163][T23085]  genl_family_rcv_msg_doit+0x215/0x300
[ 1776.296745][T23085]  ? __pfx_genl_family_rcv_msg_doit+0x10/0x10
[ 1776.302950][T23085]  ? bpf_lsm_capable+0x9/0x20
[ 1776.307847][T23085]  ? security_capable+0x7e/0x2e0
[ 1776.313108][T23085]  genl_rcv_msg+0x60e/0x790
[ 1776.317806][T23085]  ? __pfx_genl_rcv_msg+0x10/0x10
[ 1776.322857][T23085]  ? ref_tracker_free+0x63a/0x7d0
[ 1776.328091][T23085]  ? __pfx_nl80211_pre_doit+0x10/0x10
[ 1776.333689][T23085]  ? __pfx_nl80211_new_station+0x10/0x10
[ 1776.339431][T23085]  ? __pfx_nl80211_post_doit+0x10/0x10
[ 1776.344986][T23085]  ? __pfx_ref_tracker_free+0x10/0x10
[ 1776.350380][T23085]  netlink_rcv_skb+0x205/0x470
[ 1776.355292][T23085]  ? __pfx_genl_rcv_msg+0x10/0x10
[ 1776.360391][T23085]  ? __pfx_netlink_rcv_skb+0x10/0x10
[ 1776.365798][T23085]  ? down_read+0x1ad/0x2e0
[ 1776.370397][T23085]  genl_rcv+0x28/0x40
[ 1776.374491][T23085]  netlink_unicast+0x75c/0x8e0
[ 1776.379269][T23085]  netlink_sendmsg+0x805/0xb30
[ 1776.384046][T23085]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 1776.389440][T23085]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[ 1776.394744][T23085]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 1776.400155][T23085]  __sock_sendmsg+0x21c/0x270
[ 1776.404852][T23085]  ____sys_sendmsg+0x505/0x830
[ 1776.409677][T23085]  ? __pfx_____sys_sendmsg+0x10/0x10
[ 1776.415093][T23085]  ? import_iovec+0x74/0xa0
[ 1776.419639][T23085]  ___sys_sendmsg+0x21f/0x2a0
[ 1776.424513][T23085]  ? __pfx____sys_sendmsg+0x10/0x10
[ 1776.429934][T23085]  ? __fget_files+0x2a/0x420
[ 1776.435067][T23085]  ? __fget_files+0x3a0/0x420
[ 1776.440021][T23085]  __x64_sys_sendmsg+0x19b/0x260
[ 1776.445238][T23085]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[ 1776.450761][T23085]  ? rcu_is_watching+0x15/0xb0
[ 1776.455556][T23085]  ? do_syscall_64+0xbe/0x3b0
[ 1776.460266][T23085]  do_syscall_64+0xfa/0x3b0
[ 1776.464881][T23085]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1776.470186][T23085]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1776.476277][T23085]  ? clear_bhb_loop+0x60/0xb0
[ 1776.481075][T23085]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1776.486991][T23085] RIP: 0033:0x7f89e098eb69
[ 1776.491515][T23085] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1776.511580][T23085] RSP: 002b:00007f89e17ac038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 1776.520031][T23085] RAX: ffffffffffffffda RBX: 00007f89e0bb5fa0 RCX: 00007f89e098eb69
[ 1776.528138][T23085] RDX: 0000000000000000 RSI: 0000200000001080 RDI: 0000000000000008
[ 1776.536285][T23085] RBP: 00007f89e0a11df1 R08: 0000000000000000 R09: 0000000000000000
[ 1776.544464][T23085] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 1776.552641][T23085] R13: 0000000000000000 R14: 00007f89e0bb5fa0 R15: 00007ffe679fe308
[ 1776.560951][T23085]  </TASK>
[ 1776.564609][T23085] Kernel Offset: disabled
[ 1776.568983][T23085] Rebooting in 86400 seconds..