last executing test programs:

14.430792061s ago: executing program 1 (id=3698):
symlink(&(0x7f0000000080)='./file0/../file0/file0\x00', 0x0)
socketpair$unix(0x1, 0x3, 0x0, 0x0)
connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(0xffffffffffffffff, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = socket(0x2b, 0x1, 0x0)
r1 = syz_io_uring_setup(0x110, &(0x7f0000001280)={0x0, 0xfad6, 0x400}, &(0x7f0000000240)=<r2=>0x0, &(0x7f0000000280)=<r3=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
setsockopt$IP6T_SO_SET_REPLACE(0xffffffffffffffff, 0x29, 0x40, &(0x7f0000000f40)=@raw={'raw\x00', 0x3c1, 0x3, 0x388, 0x0, 0x0, 0xffffff6a, 0x180, 0x0, 0x340, 0x258, 0x258, 0x340, 0x258, 0x3, 0x0, {[{{@ipv6={@rand_addr=' \x01\x00', @local, [], [], 'wg2\x00', 'macvlan1\x00', {}, {}, 0x11, 0x0, 0x0, 0x46}, 0x0, 0xd8, 0x140, 0x0, {}, [@common=@inet=@l2tp={{0x30}, {0x0, 0x0, 0x0, 0x0, 0x9}}]}, @unspec=@CT2={0x68, 'CT\x00', 0x2, {0x0, 0x0, 0x0, 0x0, 'snmp_trap\x00', 'syz1\x00'}}}, {{@uncond, 0x0, 0x138, 0x178, 0x0, {}, [@common=@srh1={{0x90}, {0x0, 0x0, 0x0, 0x0, 0x0, @mcast2, @empty, @private2, [], [0xff000000]}}]}, @common=@inet=@TCPOPTSTRIP={0x40}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x3e8)
setsockopt$sock_int(r5, 0x1, 0x10, &(0x7f0000000100)=0xffff, 0x4)
writev(r4, &(0x7f0000000cc0)=[{&(0x7f0000000780)="1e", 0x1}], 0x1)
recvmmsg(r5, &(0x7f0000000480)=[{{0x0, 0x0, 0x0}, 0x3}, {{0x0, 0xffffffffffffff21, 0x0, 0x0, &(0x7f00000005c0)=""/108, 0x6c}, 0x7fff}], 0x3fffffffffffcbe, 0x0, 0x0)
syz_io_uring_submit(r2, r3, &(0x7f00000002c0)=@IORING_OP_POLL_ADD={0x6, 0x0, 0x0, @fd=r0})
io_uring_enter(r1, 0xdb4, 0x0, 0x0, 0x0, 0x0)
io_uring_register$IORING_REGISTER_SYNC_CANCEL(r1, 0x18, &(0x7f0000000000)={0xfeffffff, r0, 0x23, {0x3b4, 0x6d3}, 0x6}, 0x1)
setxattr$incfs_size(&(0x7f0000000040)='./file0\x00', &(0x7f0000000000), 0x0, 0x0, 0x0)

14.408974487s ago: executing program 1 (id=3699):
r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000280), 0xffffffffffffffff)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
socket$packet(0x11, 0x3, 0x300)
ioctl$BTRFS_IOC_SYNC(0xffffffffffffffff, 0x9408, 0x0)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201})
socket$packet(0x11, 0x2, 0x300)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
syz_genetlink_get_family_id$ethtool(0x0, 0xffffffffffffffff)
madvise(&(0x7f0000a93000/0x4000)=nil, 0x4000, 0x80000000e)
pipe(&(0x7f0000000380)={0xffffffffffffffff, <r5=>0xffffffffffffffff})
r6 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r6, 0x6, 0x10000000013, &(0x7f0000000180)=0x1, 0x4)
setsockopt$inet_tcp_int(r6, 0x6, 0x14, &(0x7f00000000c0)=0x100000001, 0x4)
connect$inet(r6, &(0x7f0000000300)={0x2, 0x0, @remote}, 0x10)
sendmmsg$inet6(0xffffffffffffffff, &(0x7f0000000e40)=[{{&(0x7f0000000000)={0xa, 0x0, 0x0, @private1}, 0x1c, &(0x7f0000000580)=[{&(0x7f0000000040)="8f", 0x1}], 0x1}}, {{&(0x7f0000000480)={0xa, 0x4e24, 0x2, @rand_addr=' \x01\x00', 0x6}, 0x1c, &(0x7f0000000700)}}], 0x2, 0x0)
getsockopt$inet_sctp6_SCTP_LOCAL_AUTH_CHUNKS(0xffffffffffffffff, 0x84, 0x1b, &(0x7f00000000c0), 0x0)
sendto$inet(r6, &(0x7f0000000200)="e1", 0xfea8, 0x0, 0x0, 0x0)
splice(r6, 0x0, r5, 0x0, 0xfea8, 0xa)
ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000400)={'wlan0\x00', <r7=>0x0})
sendmsg$NL80211_CMD_TRIGGER_SCAN(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000e40)={&(0x7f0000000040)={0x1c, r2, 0x1, 0x70bd2a, 0x25dfdbfd, {{}, {@val={0x8, 0x3, r7}, @void}}}, 0x1c}}, 0x40084)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000240)={'wlan1\x00', <r8=>0x0})
r9 = syz_genetlink_get_family_id$nl80211(&(0x7f00000002c0), 0xffffffffffffffff)
r10 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$NL80211_CMD_FRAME(r10, &(0x7f0000001280)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000040)=ANY=[@ANYBLOB="48040000", @ANYRES16=r9, @ANYBLOB="01e5c300000000fb04003b1c210008000300", @ANYRES32=r8, @ANYBLOB="2c0433005000de295b3acba52ee4080211000001"], 0x448}, 0x1, 0x0, 0x0, 0x480d5}, 0x0)

12.443813922s ago: executing program 1 (id=3708):
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r1 = dup(r0)
write$6lowpan_enable(r1, &(0x7f0000000000)='0', 0xfffffd2c)
r2 = syz_io_uring_setup(0x239, &(0x7f0000000740)={0x0, 0x1c2a, 0x10100, 0x0, 0x0, 0x0, r1}, &(0x7f0000000180)=<r3=>0x0, &(0x7f00000001c0)=<r4=>0x0)
syz_io_uring_submit(r3, r4, &(0x7f0000000040)=@IORING_OP_POLL_ADD={0x6, 0x2, 0x0, @fd=r0, 0x0, 0x0, 0x0, {}, 0x1})
io_uring_enter(r2, 0x2ded, 0x4000, 0x0, 0x0, 0x0)
r5 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000080), 0x1eb601, 0x0)
write$sequencer(r5, &(0x7f0000000240)=ANY=[@ANYBLOB="0293"], 0x9)
ioctl$SNDCTL_SEQ_SYNC(r5, 0x5101)

11.166772143s ago: executing program 1 (id=3712):
setxattr$incfs_metadata(&(0x7f0000000800)='./cgroup\x00', &(0x7f0000000840), 0x0, 0xffffffffffffff3c, 0x1) (async, rerun: 64)
r0 = socket$netlink(0x10, 0x3, 0x0) (rerun: 64)
sendmsg$netlink(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000005c0)=[{&(0x7f0000000100)=ANY=[@ANYBLOB="18000000780001062abd700e00000000070024000000000021b213c8432d193a2f29868292fcd425ee7e"], 0x18}], 0x1, 0x0, 0x0, 0x2000}, 0x4000880)
r1 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r1, &(0x7f0000000000)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-camellia-aesni\x00'}, 0x58) (async)
setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, &(0x7f0000000140)="2c385aa3d49100dc6626c892b6bc436a", 0x10) (async)
accept4(r1, 0x0, 0x0, 0x80000)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x80000000000, &(0x7f0000006680)) (async)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0) (async)
mkdir(&(0x7f00000001c0)='./file0\x00', 0x0)
r2 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901)
move_mount(r2, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0)
r3 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901)
move_mount(r3, 0x0, 0xffffffffffffff9c, &(0x7f0000000300)='./file0\x00', 0x205) (async)
move_mount(r3, 0x0, r2, 0x0, 0x46)
syz_io_uring_setup(0x23b, &(0x7f0000000380)={0x0, 0x2cb2, 0x10100, 0x7, 0x370}, &(0x7f00000000c0), 0x0) (async)
rt_tgsigqueueinfo(0x0, 0x0, 0xb, &(0x7f0000000080)={0x13a, 0x0, 0x20000003})
r4 = syz_open_procfs(0x0, &(0x7f0000000400)='ns\x00')
inotify_add_watch(r4, 0x0, 0x80000802) (async, rerun: 64)
r5 = socket$nl_xfrm(0x10, 0x3, 0x6) (rerun: 64)
setsockopt$netlink_NETLINK_ADD_MEMBERSHIP(r5, 0x10e, 0x1, &(0x7f0000000400)=0x1, 0x4)
r6 = socket$inet6(0xa, 0x2, 0x3)
setsockopt$inet6_IPV6_XFRM_POLICY(r6, 0x29, 0x23, &(0x7f0000000c00)={{{@in=@local, @in=@remote, 0x4e22, 0x0, 0x1, 0x0, 0x2}, {0x0, 0x200000002, 0x40000000007, 0x20000a0de, 0x40000000000004, 0x2, 0x200000003, 0x400}, {0x40000000000005, 0x0, 0x0, 0x6}, 0x4, 0x0, 0x1}, {{@in6=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, 0x0, 0x6c}, 0x2, @in6=@private2, 0x3500, 0x1, 0x8, 0x0, 0x9075, 0x0, 0x53f}}, 0xe8) (async)
connect$inet6(r6, &(0x7f0000000000)={0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @dev={0xac, 0x14, 0x14, 0x4}}}, 0x1c)
syz_emit_ethernet(0x82, &(0x7f0000000200)=ANY=[@ANYBLOB="93fc85ff30d2000000001755a3e1b9f035d4489f78bd000008004f00000000000000060290787f000001ffffffff0713bb0a0101007f000001ac1414aaac0f14aa441426a1ff0012ff000000080c0000010000000801360490780a010100bbf34075f9e1335ceb33bd70f792a9a02edf3e90a2a839be35f350e6801131dd51c1b9f4"], 0x0)
openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000105002, 0x0)
fadvise64(r2, 0x18, 0xf, 0x3)
prctl$PR_SET_IO_FLUSHER(0x39, 0x1) (async)
r7 = socket$inet_tcp(0x2, 0x1, 0x0)
getsockopt$inet_tcp_buf(r7, 0x6, 0x23, &(0x7f0000000040)=""/32, &(0x7f0000000000)=0x20)

10.786983093s ago: executing program 1 (id=3715):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x1, 0x10, &(0x7f0000000000)=ANY=[@ANYBLOB="1800000001000000000000000300370018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b702000014000001b7030000000000008500000083000000bf090000000000005509010000000000950000000000000085000000a0000000bf91000000000000b7020000020000008500000084000000b70000000000000095"], &(0x7f0000000180)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x8, '\x00', 0x0, @fallback=0x20, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000240)={r1, 0x0, 0xe, 0x0, &(0x7f0000000a00)="00000000076f00001abd8cf0eedf", 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)

10.732229078s ago: executing program 1 (id=3716):
r0 = socket(0x80000000000000a, 0x2, 0x0)
r1 = socket$inet6(0xa, 0x1, 0x8010000000000084)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r4 = socket$inet6_sctp(0xa, 0x5, 0x84)
getsockopt$inet_sctp6_SCTP_PRIMARY_ADDR(r4, 0x84, 0x6, 0x0, &(0x7f00000000c0))
ioctl$FBIOGET_FSCREENINFO(0xffffffffffffffff, 0x4602, &(0x7f0000000100))
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
syz_emit_ethernet(0x52, &(0x7f0000000300)=ANY=[@ANYBLOB="aabaaaaaaaaa0180c2000000082045000044000000000021907800000000ffffffff0500700567e801024a0000000000000000ac1e0001ac141401071300e000000200000000ffffffffac14140c00"], 0x0)
r5 = openat$adsp1(0xffffffffffffff9c, &(0x7f00000000c0), 0xa0201, 0x0)
ioctl$SNDCTL_DSP_SETFMT(r5, 0xc0045005, 0x0)
r6 = fcntl$dupfd(0xffffffffffffffff, 0x406, 0xffffffffffffffff)
connect$inet6(r1, &(0x7f0000000000)={0xa, 0x4e21, 0x0, @ipv4={'\x00', '\xff\xff', @dev={0xac, 0x14, 0x14, 0x37}}}, 0x1c)
setsockopt$inet6_group_source_req(r0, 0x29, 0x2e, &(0x7f0000000200)={0x0, {{0xa, 0x0, 0x0, @mcast1={0xff, 0x7}, 0x20000}}, {{0xa, 0x0, 0x40000, @dev={0xfe, 0x80, '\x00', 0x26}}}}, 0x108)
setsockopt$inet6_group_source_req(r0, 0x29, 0x2e, 0x0, 0x0)
socket$netlink(0x10, 0x3, 0x0)
sendmsg$netlink(r6, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040), 0x0, 0x0, 0xfffffdd7, 0x884}, 0x8000)
r7 = socket$inet6_sctp(0xa, 0x1, 0x84)
sendto$inet6(r7, &(0x7f0000000000)="d1", 0x1, 0x24004000, &(0x7f0000000100)={0xa, 0x4e24, 0x7b, @remote, 0x7}, 0x1c)
shutdown(r7, 0x1)
setsockopt$inet_sctp6_SCTP_ADD_STREAMS(r7, 0x84, 0x82, &(0x7f0000000200), 0x8)
r8 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r8, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000001c0)=@newqdisc={0x40, 0x10, 0x1, 0x0, 0x10000000, {0x0, 0x0, 0x0, 0x0, {0x1}, {}, {0xe}}, [@TCA_INGRESS_BLOCK={0x8}, @qdisc_kind_options=@q_multiq={{0xb}, {0x8, 0x2, {0x3, 0x9}}}]}, 0x40}, 0x1, 0x0, 0x0, 0x800}, 0x0)
openat$ppp(0xffffffffffffff9c, &(0x7f0000000000), 0x8000, 0x0)
socket$inet6(0x2d, 0x2, 0x0)
syz_io_uring_setup(0x495, &(0x7f00000000c0)={0x0, 0x7079, 0x400, 0x3, 0x288}, &(0x7f0000000340)=<r9=>0x0, &(0x7f00000001c0)=<r10=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r9, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r9, r10, &(0x7f00000002c0)=@IORING_OP_WRITEV={0x2, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0})

10.292728107s ago: executing program 32 (id=3716):
r0 = socket(0x80000000000000a, 0x2, 0x0)
r1 = socket$inet6(0xa, 0x1, 0x8010000000000084)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r4 = socket$inet6_sctp(0xa, 0x5, 0x84)
getsockopt$inet_sctp6_SCTP_PRIMARY_ADDR(r4, 0x84, 0x6, 0x0, &(0x7f00000000c0))
ioctl$FBIOGET_FSCREENINFO(0xffffffffffffffff, 0x4602, &(0x7f0000000100))
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
syz_emit_ethernet(0x52, &(0x7f0000000300)=ANY=[@ANYBLOB="aabaaaaaaaaa0180c2000000082045000044000000000021907800000000ffffffff0500700567e801024a0000000000000000ac1e0001ac141401071300e000000200000000ffffffffac14140c00"], 0x0)
r5 = openat$adsp1(0xffffffffffffff9c, &(0x7f00000000c0), 0xa0201, 0x0)
ioctl$SNDCTL_DSP_SETFMT(r5, 0xc0045005, 0x0)
r6 = fcntl$dupfd(0xffffffffffffffff, 0x406, 0xffffffffffffffff)
connect$inet6(r1, &(0x7f0000000000)={0xa, 0x4e21, 0x0, @ipv4={'\x00', '\xff\xff', @dev={0xac, 0x14, 0x14, 0x37}}}, 0x1c)
setsockopt$inet6_group_source_req(r0, 0x29, 0x2e, &(0x7f0000000200)={0x0, {{0xa, 0x0, 0x0, @mcast1={0xff, 0x7}, 0x20000}}, {{0xa, 0x0, 0x40000, @dev={0xfe, 0x80, '\x00', 0x26}}}}, 0x108)
setsockopt$inet6_group_source_req(r0, 0x29, 0x2e, 0x0, 0x0)
socket$netlink(0x10, 0x3, 0x0)
sendmsg$netlink(r6, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040), 0x0, 0x0, 0xfffffdd7, 0x884}, 0x8000)
r7 = socket$inet6_sctp(0xa, 0x1, 0x84)
sendto$inet6(r7, &(0x7f0000000000)="d1", 0x1, 0x24004000, &(0x7f0000000100)={0xa, 0x4e24, 0x7b, @remote, 0x7}, 0x1c)
shutdown(r7, 0x1)
setsockopt$inet_sctp6_SCTP_ADD_STREAMS(r7, 0x84, 0x82, &(0x7f0000000200), 0x8)
r8 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r8, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000001c0)=@newqdisc={0x40, 0x10, 0x1, 0x0, 0x10000000, {0x0, 0x0, 0x0, 0x0, {0x1}, {}, {0xe}}, [@TCA_INGRESS_BLOCK={0x8}, @qdisc_kind_options=@q_multiq={{0xb}, {0x8, 0x2, {0x3, 0x9}}}]}, 0x40}, 0x1, 0x0, 0x0, 0x800}, 0x0)
openat$ppp(0xffffffffffffff9c, &(0x7f0000000000), 0x8000, 0x0)
socket$inet6(0x2d, 0x2, 0x0)
syz_io_uring_setup(0x495, &(0x7f00000000c0)={0x0, 0x7079, 0x400, 0x3, 0x288}, &(0x7f0000000340)=<r9=>0x0, &(0x7f00000001c0)=<r10=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r9, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r9, r10, &(0x7f00000002c0)=@IORING_OP_WRITEV={0x2, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0})

5.768535546s ago: executing program 3 (id=3732):
syz_io_uring_setup(0x2f77, &(0x7f0000000780)={0x0, 0x196d, 0x800, 0x1, 0x11f}, &(0x7f0000000800)=<r0=>0x0, &(0x7f0000000840))
r1 = mmap$IORING_OFF_SQES(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x2000009, 0x10010, 0xffffffffffffffff, 0x10000000)
r2 = socket$inet_sctp(0x2, 0x1, 0x84)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000002c0)={0xffffffffffffffff, <r3=>0xffffffffffffffff})
syz_io_uring_setup(0x1237, &(0x7f0000000380)={0x0, 0x685f, 0x80, 0x3, 0x2b9}, &(0x7f0000000040)=<r4=>0x0, &(0x7f0000000200)=<r5=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r4, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4)
r6 = syz_io_uring_setup(0x497, &(0x7f00000000c0)={0x0, 0x7079, 0x400, 0x3, 0x288}, &(0x7f0000000340), &(0x7f0000000280))
r7 = socket$inet6_mptcp(0xa, 0x1, 0x106)
connect$inet6(r7, &(0x7f0000000040)={0xa, 0x4e24, 0x0, @loopback}, 0x1c)
connect$inet6(r7, &(0x7f0000000100)={0xa, 0x4e24, 0x7fff, @empty, 0x7}, 0x1c)
r8 = io_uring_register$IORING_REGISTER_PERSONALITY(r6, 0x9, 0x0, 0x0)
syz_io_uring_submit(r4, r5, &(0x7f00000001c0)=@IORING_OP_WRITE={0x17, 0x40, 0x4000, @fd=r3, 0x7, 0x0, 0x0, 0x11, 0x0, {0x0, r8}})
r9 = socket(0x10, 0x3, 0x0)
setsockopt$netlink_NETLINK_TX_RING(r9, 0x10e, 0xc, &(0x7f0000000000)={0xfffffffb}, 0x10)
sendmsg$nl_route(r9, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000140)=ANY=[], 0x28}, 0x1, 0x0, 0x0, 0x40010}, 0x0)
syz_io_uring_submit(r0, r1, &(0x7f0000002a00)=@IORING_OP_RECVMSG={0xa, 0x20, 0x2, r2, 0x0, &(0x7f00000029c0)={0x0, 0x0, &(0x7f0000001980)=[{&(0x7f0000000900)=""/70, 0x46}, {&(0x7f0000000980)=""/4096, 0x1000}], 0x2, &(0x7f00000019c0)=""/4096, 0x1000}, 0x0, 0x2, 0x1, {0x0, r8}})
r10 = openat$vimc0(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
ioctl$VIDIOC_PREPARE_BUF(r10, 0xc058565d, &(0x7f0000000200)=@fd={0x4, 0xb, 0x4, 0x20, 0x4, {}, {0x3, 0x0, 0x10, 0x4, 0x0, 0x6, "799e9e2b"}, 0x6, 0x4, {}, 0x9})
syz_usb_connect$hid(0x4, 0x3f, &(0x7f0000000000)={{0x12, 0x1, 0x110, 0x0, 0x0, 0x0, 0xff, 0x1e7d, 0x2ced, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x2d, 0x1, 0x1, 0xb2, 0xc0, 0x1, [{{0x9, 0x4, 0x0, 0x1, 0x1, 0x3, 0x1, 0x2, 0x9, {0x9, 0x21, 0x6, 0x3, 0x1, {0x22, 0xe80}}, {{{0x9, 0x5, 0x81, 0x3, 0x10, 0x7, 0xe, 0x8}}, [{{0x9, 0x5, 0x2, 0x3, 0x40, 0x5, 0xf, 0x2}}]}}}]}}]}}, &(0x7f00000003c0)={0xa, &(0x7f0000000080)={0xa, 0x6, 0x250, 0x9, 0x4, 0x4, 0x20, 0x5}, 0x0, 0x0, 0x4, [{0x4, &(0x7f0000000100)=@lang_id={0x4, 0x3, 0x486b}}, {0x80, &(0x7f0000000140)=@string={0x80, 0x3, "4390cf2ea3e3d8beaf2a88a8155fed3e30d2e92fcc6aabd2c1fb7f0d85bb9472db6bdb382f69614ee2355c997bfcfb55ff2acb60d0640c08feed50b6e00f081bd33b665230cda793892e1a5bf551f326e365774bd2cd1b63770387945578eff47f42da3cd838f729d1cf00ca53acdd8429b1f0d1c78ec3d9d992c39e8e3f"}}, {0x75, &(0x7f0000000280)=@string={0x75, 0x3, "dd0f345953ec7000abaa69312db2a66510bc433939144bc181c7da76e51797936df3c04cd2113c597a42d471277410b67fe18043fa05b492a38620c363b9832b3ae6dfe02bde519500a92f0742a3ced04efcd6c3236e3a5d84091e9c188509f0711ece896591f7534824902e83739f32563935"}}, {0x2, &(0x7f0000000340)=@string={0x2}}]})

4.370005603s ago: executing program 4 (id=3734):
r0 = socket(0x40000000015, 0x5, 0x0)
connect$inet(r0, &(0x7f0000000040)={0x2, 0x4e20, @loopback}, 0x10)
bind$inet(r0, &(0x7f0000000340)={0x2, 0x4e20, @loopback}, 0x57)
setsockopt$RDS_CONG_MONITOR(r0, 0x114, 0x1d, &(0x7f0000000680)=0x1, 0x4)
sendmsg$NL80211_CMD_JOIN_MESH(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000240)=ANY=[], 0x30}, 0x1, 0x0, 0x1a000}, 0x40)

4.19607994s ago: executing program 4 (id=3735):
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000380)={0x0, 0xffffffffffffffff, 0x0, 0x1c, &(0x7f0000000000)='/proc/1/\x00\x82q\xee\xe5\xa0\xbd\xc2\x98#YP\xee\x9c2G\xf0\x81x\x97'}, 0x30)
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000100))
r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000180)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=[@increfs], 0x0, 0x0, 0x0})
arch_prctl$ARCH_REQ_XCOMP_GUEST_PERM(0x1025, 0x5)
r2 = dup3(r1, r0, 0x0)
fcntl$F_SET_RW_HINT(r2, 0x40c, &(0x7f0000000340)=0x3)
r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs/binder0\x00', 0x0, 0x0)
mmap$binder(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1, 0x11, r3, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r3, 0x4018620d, &(0x7f00000002c0)={0x73622a85, 0x10a})
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f00000003c0)={0xfffffff3, 0x0, &(0x7f00000005c0), 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x4, 0x0, &(0x7f0000000440)="42f7a85b"})
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f00000001c0)={0x4c, 0x0, &(0x7f0000000540)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48, 0x18, &(0x7f00000004c0)={@fd={0x66642a85, 0x0, r0}, @fd={0x66642a85, 0x0, r3}, @fd={0x66642a85, 0x0, r0}}, &(0x7f0000000200)={0x0, 0x18, 0x30}}}], 0x0, 0x0, 0x0})
ioctl$BINDER_THREAD_EXIT(r3, 0x40046208, 0x0)
ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000000300)={0x24, 0x0, &(0x7f0000000140)=[@clear_death, @request_death={0x400c630e, 0x1}, @exit_looper], 0x9, 0x0, &(0x7f0000000240)="781e8201d43d7d6db9"})
bpf$OBJ_GET_MAP(0x7, &(0x7f0000000080), 0x10)

3.941133629s ago: executing program 2 (id=3737):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000340), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f0000000180)={0x3000, 0x0, 0x1}) (async)
ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f0000000180)={0x3000, 0x0, 0x1})
ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f0000000380)={0x2, 0x34000, 0x1})
r2 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff0006}]})
close_range(r2, 0xffffffffffffffff, 0x0) (async)
close_range(r2, 0xffffffffffffffff, 0x0)
syz_open_dev$radio(&(0x7f0000000040), 0x0, 0x2) (async)
r3 = syz_open_dev$radio(&(0x7f0000000040), 0x0, 0x2)
ioctl$VIDIOC_S_EXT_CTRLS(r3, 0xc0205648, &(0x7f0000000000)={0xa00000, 0x8, 0xfffffffc, 0xffffffffffffffff, 0x0, &(0x7f00000000c0)={0x98f90d, 0x2000, '\x00', @value=0xfffffff6}})
syz_usb_connect(0x0, 0x36, &(0x7f0000000180)={{0x12, 0x1, 0x0, 0xc8, 0x54, 0x9b, 0x40, 0x2c7c, 0x30e, 0x8128, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x2, 0xff, 0x18, 0xd4, 0x0, [], [{{0x9, 0x5, 0x6, 0x2, 0x3ff}}, {{0x9, 0x5, 0x82, 0x2, 0x8}}]}}]}}]}}, 0x0)

3.939811135s ago: executing program 4 (id=3738):
mremap(&(0x7f0000006000/0x2000)=nil, 0x2000, 0x400000, 0x3, &(0x7f0000c00000/0x400000)=nil)
r0 = socket$inet_udp(0x2, 0x2, 0x0)
bind$inet(r0, &(0x7f0000000040)={0x2, 0x4e20, @empty}, 0x10)
syz_emit_ethernet(0xc6b, &(0x7f0000001c00)={@local, @multicast, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0xc5d, 0x2, 0x0, 0x0, 0x11, 0x0, @empty, @empty}, {0x0, 0x4e20, 0xc49, 0x0, @wg=@data={0x4, 0x2007407, 0xfffffffffffffffd, "9c67524ed6ed152d4f775bbc411126513b67ab2818e6f3aeb55bee6ae1049f195705bc8bd9b1085cd41af77353267df8a1d4cecdb01908186ea04e641c89a2ee0432e9c0894a8d7aff0c865e96548d507f048f907320b0f8b1e83b5f1425b63ad9c6adfd09578bbda92c9bd8f57d6efd752a6f20487ebea241d612212e3ccb077a5150c08f56aed6ee45acd4439043886b78cc5562b00bc57cf509d90b02a7bc86919f1b882f556e6aac5e9b93ee545b2b68bd014e2a49c332432ef4adeb61ac418aa4e20ee299f1a8b7a72e985223996b11a8913f3b1c23b10f88c3de28660457a37126fd3b6394536da0cd962f532ff22c496e1df4ffe049b193514c02571399d3618383a287068f4f15d51d1781cc0bc2af66ddc68135bfd33634e1a75be80630ce76ef79c86c9abb2fdc6d84367ea10fd8a6ee3c99eaec83c66bf5ffce6eb5ccc2546b6df905ff1aea223029ba2f7eb2469c5b8637b79347361f8cf0fa9d58a039e7811f343961b22c23d68b2c04eb8b5aeee7c6f71ce95cab886bf2694e0643d18761043e2d1dcb8ce0bdd15817a75f591b05146424797f729689e2a7bd53cb6c02fd15c339057c714794b407b342d12e69ec383b6ea6c99f845d04fd5128203c78a388fb0a1caf1f725f7636eb41e415951f8284a9c475760eb9312f7d6307037d472fbda509d56a0cf8e36d44f3f0b67fabdd2842ab4241cbfc7d309188d3a634129a13bfcac3b39b75d46bed585550ff7b41746dfd7e0f0c8a25e9f39deb7e2a4f0e068b86c6593b3b37838d2809eef3eb2f3120fde2fe3e9fef4e4bea1ddf3d17c40f753b37baaa110a8b4ad805d500e0235e9371b828993da25c5697d1001c8971b3862eef047730b242350403c851cd74cdea94501c0e2875a5830aa71733a0f022cb37e1cfffaee8eb0a23d51181a0691dadcd6b30a86a5fbf5c499120e265938f6430ffde09eb173327c2e25bdf22ae0d742141db856c4beee07af0ce37c078f6e59b41a29502cc01737c984185f6622a3ce02ed04daf2a7eb03c92a5a5ecce5973ef704aba9efcb99bf52f5c662d52f4399a13af760f9f9ff3d5930c3fae014b92ee0aded4ba51d95cf946d5f55f5b5d4603f8b76087d681ad77fc385fe114331c24a4ada85eaebf5405467dbe656b31b79a0f893864a13bda309a2fec2f4fc4858d9daf946df31f4077338bfc3116a45827ce8907ad691d241d3a8859a3672aeee3878e45b0be6f68194638dee30ba6735a6424e51f8b9a4965d37ab7ca96e167a5c32c8a935ff34693e24d067039db0f4ffe4dc5fe7c56a0d6e52a7cef9a6f1cc8b88d61d2258e3e0e8f2d7b699d4a22ab661f6afae5b48cc8fbc9ddfe57e76f274e65b210994fd96cd4deb6fdb795df4147ca0d876b1b08b64d20a28a358f48086c0f8d1f0741260f95adabba51f2d3f36107d49d46ba0c666232597bf08bfab60b5a432a1652e2c503fcf977ea6ff15c8e8f3bd9b7a3017c36be787d5a6579f5236b17d7bdc2c3918d9257e266bdf7929bb366d98d2b225c08c3c5ed22113b8c051c811bd1e52ecbe619dbc9579270c7cf69ac129e84a7141e689d9745d56e1cda6affdc1856757a6e39039b17d5286cf393186b99b20c54987087ece9972c39b4a05f1ca218c35254c666e7fcb7df4aa401cc79e1aade63732064ca80af164709a85fcf8ac72fa5ace60aa04d2ee0d5f051cb032f7c25100facb7ec1c247812b0de4f1c3c1ab98f904d9752cc427bc0445d8e27b51d5a8084087ea61f82ccc1114679f673753eddc7cfc00ba7e25db3391579ecdf638ab73078133e49b522d3d16bf2ebd06e7cefc24154088965ad3c9291c68f19f7cdd2943abc716ecf0b33fe249108da2b1f9abdbcb4dba89746a8c5711a41556efe5537327e253bd9ac68dc56516392292152b86ef118e25cac4e3c7c2b20bbc5bbc2d825c8dc14e9807aa6a423fdebfa7deee913c8f9f58bd967d43af1d65dc5ce72b2cd1a17ce34facd199bf2c62beeb752d156d6f31ea0323bc3ec0500587c485d8141f5b5ac81457df9396fbf98222212ef70527b6ed8d6e4d11156c8ecaee4692e068a72cb3b12686436028a7297956c48ee8fc393907edd3695fddbb786808c0a48182e3334e73fedcef0ee1bfbb13dce8a79b8822fd1ca0ed645f64d134c240844be5a7ac3aa15419ae79e7b1d721ae5abe1b0896c6189f23b65d79f5c3677b89f40aceff98dfca244a160dff264a2b14a3774064e1152fe0cabfc23e3e16dba5f46ea6af09fb3b8529022837c7e9303e3ecd0170fcc0e6fb0f3981d9f8f838412eae1a3dd13b7a980a642739e8abebed29db34c06460f09e27ddba1ed76b4ac6290235f6f81fcd3eb12af9821575b050aaf80d5c6c695807f7480f24e4bc0159744f9045a2d37574508d7e687482f775d0a4c471c4914e6a64b0d444037407b8d079751ddf4b14ed0ee6f1e622952a331a1a147f3a805fb7ca29c3c7feb2dddd0db795ac0ca327d95b19ff37bd8d553703014e5137f8c41b947d199f95f245d3354f9679876db736da5cfbd7cb9f80a12e50c895b999b670c9e161aa12e82c79d98fed5017e11674158a2f258ecc7c550f10dee6bb9d159316c567e3973e8aa30f157f6d30f239877021e7161c0a93c7b6bedccc7a3d8c9313f6f860d33ae0c162236853ae29d7a619bc306998e51c5d91a73475119a648700fbf3a41701ef87b440b83573a44339aea5806c0883470613e38baa518466dee2c671d96768f8d842feb5a812ea3ecd1e307a913a1032f06af2656b0a969b38366c39ca149205540391f36c897efb80aa43707c12e21544386fc232a45c9eb40a64c35edd4db20bd4970d642c0c2a0ee43ce8bf4d1bd84b3c3fa198cfc8d1f83960a1c3cd85a164926dc962a9078c5b079e0f4bb0b4e94b0aec3d13e7c47edc936927da2e6e7fe9485b0489bc4fdd1699611aeb00d767057602b8e53dfb4a6651c0f2873e5f60fdd7e2542d6aba79f491f87522f77427323e87386c89e1df9dd6e4f32be85c9eefbd6e6b177dde573b0d0bb8df828185aedc7aba2e6c3d4d9df393b203c1147f005860a6dd44dbcebead0eeb29fe3216930ef4a5994a93851df960d3be82d4294b64ba8295a59d099fd10afe39c2a79727a5447fa27909d53df6a00a63897261619e853036a6852e95ac6da62276007f2f3f386267cd8a0d136e645247e76db84e466e56ba42618b4fdef3e6d8c48dae5d03e1e369cd74042146e361cd6b4e654c8adc75446c454d3275a7d91646c4fb721966df9df3f761f10bebd212bfc87db9c48ffa0c6efcb17db3955f4a6f58919a036cda4f0a0c07a7306d2909adeeb474bd0bbec58865c4a5804108a014838673ff26438c162ec61e71bb880b154d475c71d500bfda3128b9fac2bccecb790dbd3075f424b1244f111c7eb5cbb7af0b6f3ec9cac20f82b1631822b940c03d697e213747627a5a7ed57414f2826888e515b88e61e69b742b053fe086ffc916abe00a41870cd332201d96c96bd174b369094b0da81ddc50affefa3709a358a5c00308d30a41d10b1c3f91a011bd246588336ff76dd60c10c3bbc8eec06adb3e73cc21d218b83eb9306e0650dd4e41bd65e15bb99a0653fc312251c174abed9e3ed04ef0378feaf78d839ebf61fda85c290f140cd3690cff881c348c57f504c50ca61986b29e58fdb0cbe276e42c982154762110c0f65b240aebe4291c66157629f0a45ea48e8e6a5dfe062214d635c5f828d1c888ec83a279ddac80f748c00e984248bef8e884590dcc1322aceb2d3b525618450fa0649e4ae8722769c6a32eb47161f7bf08bd59f903240ab9f790313b41607554b21ce45f10cde937f9f68fbb23ace0eaebd86b1201ea230c7f4c57f6594e655904db2a6d3d294f98fe630a524573f52c145b19eea382bc3adac7c7b62863bfa04f2d9fb9b93e7cda0fff4af897281580b879912ebd2c9c9d433ef479e886a477ce4538590179049aaff5e8e51b25db6c0300393a37c25c350e1e4effdd657f26de15199d39e134d1e7fe278b68377674a0e31a12e67096d44f62bd0353147041050fe44d9fbfc95fa8aa368e5868148a9e7a6f5551cf55f677b48ac2b4cd29a300d3cb9cd3a5ef486b9b3138018fb1568ce3f59385b98e93b7113dc85cd242bb57e545d6c151727d1c33ced565b2e29419bc6c458b45ab2107a55793618d20bd476e81ff79543cbace7b26a53a67a3f17ad0e2f2c0cc55f45d374ddc3cf8ada0c52cf1251cc4a6e1c7e84a1536cf328a0a392a3b79bbef1b40ad6e69811f3ec73b971c7cf6d64bfd0b183135d76fbb121aa99c753dce310f3288d460a1158a0c1c2ca4a66eadb38c6669dae4742a1da14b007555ffdae4e60f535ee23018dde93863b028346edc0f8da3ee5"}}}}}}, 0x0)
readv(r0, &(0x7f0000000700)=[{&(0x7f00000053c0)=""/4096, 0x1000}, {0x0}], 0x2)
mkdir(&(0x7f0000000000)='./cgroup/../file0\x00', 0x0)
r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
r2 = openat$cgroup_int(r1, &(0x7f0000000380)='cgroup.max.depth\x00', 0x2, 0x0)
write$cgroup_subtree(r2, &(0x7f0000000040)=ANY=[@ANYBLOB='-', @ANYRESOCT], 0x27)
r3 = socket(0x6, 0x3, 0x100)
r4 = bpf$ITER_CREATE(0x21, &(0x7f0000000100), 0x8)
move_mount(r4, &(0x7f0000000140)='./cgroup/../file0\x00', 0xffffffffffffff9c, &(0x7f0000000180)='./cgroup/../file0\x00', 0x0)
connect$inet(r3, &(0x7f0000000000)={0x2, 0x4622, @empty}, 0x10)
sendmmsg$inet(r3, &(0x7f0000005240), 0x4000095, 0x0)
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000500)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a05000000000000000000010000000900010073797a300000000048000000030a05020000000000000000010000000900030073797a320000000014000480080002400000000008000140000000000900010073797a3000000000080007006e6174003c000000060a01040000000000000000010000001400048010000180090001006d6173710000000008000b40000000000900010073797a3000"], 0xcc}, 0x1, 0x0, 0x0, 0x880}, 0x0)
syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000080)=ANY=[@ANYBLOB="12010000000000202eac013202400001020301090224000111000000090400000003010200092100fbff85f7b950002200000905c403", @ANYRES8=r1], 0x0)

3.780255583s ago: executing program 0 (id=3739):
mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x1, 0x5d031, 0xffffffffffffffff, 0x0)
shmget$private(0x0, 0x2000, 0x100, &(0x7f0000f51000/0x2000)=nil) (async)
r0 = shmget$private(0x0, 0x2000, 0x100, &(0x7f0000f51000/0x2000)=nil)
shmat(r0, &(0x7f0000b2f000/0x3000)=nil, 0xffffffffffffcfff)

3.628961176s ago: executing program 0 (id=3740):
r0 = socket(0x40000000015, 0x5, 0x0)
connect$inet(r0, &(0x7f0000000140)={0x2, 0x4e23, @private=0xa010100}, 0x10)
setsockopt$SO_RDS_TRANSPORT(r0, 0x114, 0x8, &(0x7f00000008c0)=0x2, 0x4)
bind$inet(r0, &(0x7f0000000340)={0x2, 0x4e20, @loopback}, 0x57)
sendmsg$NL80211_CMD_JOIN_MESH(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000240)=ANY=[], 0x30}, 0x1, 0xa0010000000000}, 0x40)

3.534847104s ago: executing program 0 (id=3741):
symlink(&(0x7f0000000080)='./file0/../file0/file0\x00', 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, 0x0, 0x0)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = socket(0x2b, 0x1, 0x0)
r3 = syz_io_uring_setup(0x110, &(0x7f0000001280)={0x0, 0xfad6, 0x400}, &(0x7f0000000240)=<r4=>0x0, &(0x7f0000000280)=<r5=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r4, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={<r6=>0xffffffffffffffff, <r7=>0xffffffffffffffff})
setsockopt$IP6T_SO_SET_REPLACE(0xffffffffffffffff, 0x29, 0x40, &(0x7f0000000f40)=@raw={'raw\x00', 0x3c1, 0x3, 0x388, 0x0, 0x0, 0xffffff6a, 0x180, 0x0, 0x340, 0x258, 0x258, 0x340, 0x258, 0x3, 0x0, {[{{@ipv6={@rand_addr=' \x01\x00', @local, [], [], 'wg2\x00', 'macvlan1\x00', {}, {}, 0x11, 0x0, 0x0, 0x46}, 0x0, 0xd8, 0x140, 0x0, {}, [@common=@inet=@l2tp={{0x30}, {0x0, 0x0, 0x0, 0x0, 0x9}}]}, @unspec=@CT2={0x68, 'CT\x00', 0x2, {0x0, 0x0, 0x0, 0x0, 'snmp_trap\x00', 'syz1\x00'}}}, {{@uncond, 0x0, 0x138, 0x178, 0x0, {}, [@common=@srh1={{0x90}, {0x0, 0x0, 0x0, 0x0, 0x0, @mcast2, @empty, @private2, [], [0xff000000]}}]}, @common=@inet=@TCPOPTSTRIP={0x40}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x3e8)
setsockopt$sock_int(r7, 0x1, 0x10, &(0x7f0000000100)=0xffff, 0x4)
writev(r6, &(0x7f0000000cc0)=[{&(0x7f0000000780)="1e", 0x1}], 0x1)
recvmmsg(r7, &(0x7f0000000480)=[{{0x0, 0x0, 0x0}, 0x3}, {{0x0, 0xffffffffffffff21, 0x0, 0x0, &(0x7f00000005c0)=""/108, 0x6c}, 0x7fff}], 0x3fffffffffffcbe, 0x0, 0x0)
syz_io_uring_submit(r4, r5, &(0x7f00000002c0)=@IORING_OP_POLL_ADD={0x6, 0x0, 0x0, @fd=r2})
io_uring_enter(r3, 0xdb4, 0x0, 0x0, 0x0, 0x0)
io_uring_register$IORING_REGISTER_SYNC_CANCEL(r3, 0x18, &(0x7f0000000000)={0xfeffffff, r2, 0x23, {0x3b4, 0x6d3}, 0x6}, 0x1)
setxattr$incfs_size(&(0x7f0000000040)='./file0\x00', &(0x7f0000000000), 0x0, 0x0, 0x0)

2.599785716s ago: executing program 3 (id=3742):
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f0000000000)={0x26, 'hash\x00', 0x0, 0x0, 'ghash-generic\x00'}, 0x58)
r1 = accept4(r0, 0x0, 0x0, 0x0)
socket$netlink(0x10, 0x3, 0x10)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
r4 = socket$nl_rdma(0x10, 0x3, 0x14)
sendmsg$RDMA_NLDEV_CMD_PORT_GET(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000580)={0x10, 0x1417, 0x1, 0x70bd2d}, 0x10}, 0x1, 0x0, 0x0, 0x4080}, 0x0)
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x4000840)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sendmsg(r3, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0xb49, 0x9, 0x8, 0x0, 0x3}, 0x0)
openat$uinput(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
ioctl$SW_SYNC_IOC_CREATE_FENCE(0xffffffffffffffff, 0xc0285700, &(0x7f0000000080)={0x0, "4fcb819bbe7bfabee2b094a3de6dbfd30a74457bcd1cfd5feffe5c019f45d57f"})
r5 = syz_open_dev$dri(&(0x7f00000000c0), 0x1ff, 0x0)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
ioctl$DRM_IOCTL_MODE_GETRESOURCES(r5, 0xc04064a0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000340)=[<r6=>0x0], 0x0, 0x0, 0x0, 0x1})
pselect6(0x40, &(0x7f00000001c0)={0x1ff, 0x9, 0x27, 0xaf0, 0x71, 0x1, 0x100000001, 0xffffffffffffff42}, &(0x7f0000000240)={0x9, 0x7f, 0x2, 0x2, 0xffff, 0x1, 0x7, 0x2}, &(0x7f0000000280)={0x2, 0x6e18, 0x1, 0x8, 0x400, 0x9, 0x1, 0x9}, &(0x7f00000002c0)={0x77359400}, &(0x7f0000000380)={0x0})
ioctl$DRM_IOCTL_MODE_GETCONNECTOR(r5, 0xc05064a7, &(0x7f0000000500)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, <r7=>0x0, r6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000000})
ioctl$DRM_IOCTL_MODE_GETENCODER(0xffffffffffffffff, 0xc01464a6, &(0x7f0000000180)={r7})
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000200)="ad56b6cc0400aeb995298992ea5400c2", 0x10)
sendmsg$TCPDIAG_GETSOCK(r1, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x80}, 0x48084)
sendmmsg$unix(r1, &(0x7f0000000680), 0x4924924924925c6, 0x0)
r8 = socket$inet_sctp(0x2, 0x1, 0x84)
connect$inet(r8, 0x0, 0x0)
sendto$inet(r8, &(0x7f0000000100)="ab", 0x1, 0x40048c4, 0x0, 0x0)
r9 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r9, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x10)

2.39000102s ago: executing program 0 (id=3743):
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='blkio.bfq.time_recursive\x00', 0x275a, 0x0)
madvise(&(0x7f0000a93000/0x4000)=nil, 0x4000, 0xe)
mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil)
mlock(&(0x7f0000000000/0x800000)=nil, 0x800000)
bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x11, 0x8, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x48, '\x00', 0x0, @fallback=0x14}, 0x94)
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000008000)={0x1, 0x3, &(0x7f0000000680)=ANY=[@ANYBLOB="b70000000000000007000000000000009500000000000000a9171809f8dcf159569d5475991f7de1a0d0c119cfcf6b98741c23fb7f8d3002ec85db75af955427e91496087a51a0a78f269a9e216a0d0177c4fe3552396a180330807a5b6e8c79aa92038c78d1f16c1323f0e0c8d45c641a21757847cb22230e4321cc3581e40c62c4defee8cffe359cfeef7f58fffdb48647d28ae810f6d22d20271e9e88e94aa6982bf48356652b08e2fbd404e41e0058aae0478fbe542b648421d1b4486a542a7d478fbe6b5e000000293853f9c68e235184b7ad5b6c4fe70ec8320500db0db7fda3da6171a05509ffecef2cb9802d4f36c9a1ce46d3b355fec188ccfc2f0fc89e164561fb06ee9a0153981a47b5de9edd3536d5534f9a699f73b2c9341d2d05043748ce1f4577ed76cdf5b3c697089daa4abda69a8c0c992404610a6be9e103c972459065dec0488e85a6a0418fc87dd8019ef7bb4ef4fa6ee08d81797570578f2e8198e687012f25a69a90e7515e35f8abbddfa96c3f0485f01f0e9e144a2bd31c1b594c50de7c9efd826f1e19b7bd89ca4052b1985287bd13957a48467e0eeddf564d175bf4340885b63976df609806c3b2a3667539dfd66a7400000000003be6026e60205f761ce85cdf75cdb95ca5d32b5bf87eed4184d49f8f48181ef2419efe82ebb18ee55772d562b3b49551714e805a5211a3f4e8e703c03e23b2074bc573dbb66d59e269b722637c4a2efb5241cae2f14774609ad91d66724c438455dc4fcf0b4c8fc235f6c190b4c82bb2556d1fbcd4468369e98e900c743162ce2c7e60610acf0c8e4ba94a7e7127c7de0e6c35acecee1b8434fdca4579f9ebc6a515f7d910b466eb583fb0a7e65fbecb2b8ee0e9da33afb88aa5da8da3a5e0e58fcb48de6f165826b046a8951a47e040bd419d0efa0f54e8e3694085a7bde6f6494968d8200000000000"], &(0x7f0000003ff6)='syzkaller\x00', 0x1, 0xc3, &(0x7f00000002c0)=""/195, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0xffffffffffffff37}, 0x48)
r1 = socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$sock_int(r1, 0x1, 0x1000000000000f, &(0x7f0000000080)=0x7fffffff, 0x4)
setsockopt$sock_attach_bpf(r1, 0x1, 0x34, &(0x7f0000000040)=r0, 0x4)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000008000)={0x1, 0x3, &(0x7f0000000140)=ANY=[@ANYBLOB], &(0x7f0000003ff6)='syzkaller\x00', 0x1, 0xc3, &(0x7f00000002c0)=""/195, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8}, 0x94)
r3 = dup2(r2, r0)
setsockopt$sock_attach_bpf(r1, 0x1, 0x34, &(0x7f00000000c0)=r3, 0x4)

2.319174811s ago: executing program 2 (id=3744):
r0 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000140)={0x0, 0x1000}, 0x4)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000005e00)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$F2FS_IOC_MOVE_RANGE(r1, 0x541b, &(0x7f0000000000)={<r2=>0xffffffffffffffff})
close_range(r2, 0xffffffffffffffff, 0x1000000000000)

1.835954662s ago: executing program 2 (id=3745):
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e22}, 0x6e)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='memory.events\x00', 0x275a, 0x0)
write$UHID_INPUT(r2, &(0x7f0000000940)={0x8, {"85f080a4933d55266e07e799aa0cc421388242df2a3c6b631b65b1c061edd2aa108c3528fe9b0bb3a53ab1200f5d01a68a4acdec8fee09648222f908c1fedc3000342e6139de28366c13509306d00ebcc67497181ac916db98af9d366b76e427d9ab5bb68095f0fb246df32b8af0783653136f8a04c03690312125c7ded6a24fda8685340c575ead69519e3583f89d467ec232d6a1ffd0463ba4ea3cbae5dae6654b5547b5458f02ac307729e57b09e134f68be44f88d72517b230b066f6315b5fb80206397bbff8cbc2a36e01c2e7b3aadb32bd3dd5288a69a991d9c674717e3abba7167280b2db3b1b8502afa4f3f296c532510c9d2dd79bb5eeb25adb5edddbdd069c09d14d15c2e7e1e2bd6c108fab3591bb22e97d6992236d2273c8bb95536f7118d007965008b125c7daac2814e6bbe1adbfa3572ad0b7ad5c26c8014118d8374ca9f285779dfee7715a403908146a74de61b3853914c89f444c12e7a38bdd46c4ed36eb806ea598f44d1dec9eff9e2476f43802211f0762b66673b45d236b2391ce322e30fb9c69fe0d514dc1f8b6e3979c1205fd5224b07d18a44fec4f6f1a6f65158bb6adcc295bf2dd7dea107f59d7e03c61fe5822292e45968956b931bdc4d6445ff1631e0b98e4b4448774dd4b9cd53a45896fdb3f03702778741ae2b45a25bf9a23fc02fb97a630f132bf9def6c6d4a7baeb62972f1a814f6f2377bcfc78e2e86368c138510a04cedf7175af8c2034fae7413e3ace8c71ab9a0af1ca7042011a6ed028e205648535dabf3b2f85196ae18d36b839e3cd54ae4933ad529888fdac7bb8a70c72bc0fc81ba06506f2d5bc7686e219bbe5283959cbef9950e071cb6d9f341fc624a5110341f26cebd7100599a06e61f66fae120c7fc2b34c6221200eba75bd1277114671a3fa8f058b27fd897b052f4a52afcea814df526181c75c4497210a2b8b74e26601561e78735387cf123654b0295d1d60556956b36d96dd038866c4b4db31ebdcddd6929bbc2850cd4901389e6ea6e86041e0efa1158f334e7afda0e11c2fb0e6df6364cb95659f506d5c7e63fb67c8116577d15e4a4b1fc4c27de2e52586cb1f52be9c3601f5066549de8bdc3ec07d1a84caf1961323ec2487a37b751aeabafcd647ce2dae5d9499c0f969467e6cabad198669ac96bd1488954eff0854ee0c83d7b596d273625bdb16270782321071fda5d980ded78ffa9dc2b56037d7cbf942547f48a5131f1991f6c17ae1ed5120ca6878f98e68e7997a9a2b70be640a70a34adb80de286c6692abb5f092e4e3a15a83217e03d02a4054f34af3a65ff6b36f395b76a0579cffafd5d3bb0e704c935caecf3a7ab756c23fd60c9fe3f4fb2be7504f5bae22b116ff1588dcf02b327d31bf0488dba8af5b33ccf2d7d87f43bbc48fcd4f191ad6af9313ad38b8b29674bfabd6651bc1f6ce5abb4a2f1413194f96b26d7d6edc4e013fba549075c97eef508af5ca7873664b058b7bcf455a8a04b591d29fab6366c844bb75576bac2d52323e747303d00a5736c9812922b0e17bcec9135550736b54cf6407d61e22e62d7bb75f62935b665acf33e75f688c36ef416f1b890d0f0c8ad1df00e02ec45967834d5649c8e7143978622fa3704672970b7993a87e97d3d926a14265647bc8b8c9e6f83e29572608d24b42c2635ef4abbd0af83860e99c90d7471cf6e8ce99507f5ec2bc572212fa9ee3f5a9dfa3815fe55f0bbb119acce062ae37f2ff921707abba139bcddf42bfd174d29b540161b4113c4e1a13f3a628c638ec4d3a884dfbc093e23ec0d0671b46b41dc8b42d950c8615ba5ee87f49b5d0910ffa4871207995001920db05a95199967f097ba7b55bbd271d818690c4238406b40a3dfc42fa56a67173b53a96b543326c56738b6d043195934018696f5ab49347e5148a78f2d1369a71afab8330273d46ecfba4ee05802a5385649851db949dbfb39e290941641c50b1ac20fb3102754a760b097f464ddb0b83f8168badfa71db6621dcf22fb081e3403f3bac5c7e65905aca52885c807f8ddab18bb2f12ef952c50483c0e251968bc70ff0d42a638ca744dea4c7ebb4fea777cf663bb4f1505ed79730c45bc86e488a13f924377a8e2ee6670a02ca52874ae1c42a35d55b9765757047b2cc3742aa51fa3e43fb2c113c92ad213bad252c1a82966dd016f12a7f1c3900c0f1ab455035163f31899bdd30f3ff43ad17d9e45bb7438c1c986712736f24be14f71ab1bfe92a25ec07f086ee8c7971b8077a13e58a8e8bea39c8e06b251909f02cb0080abf020f27ca160eb26c082dda1fa54ea4094dfdbcb2fa7bddccb67a844e8075f4cc08dad35757006d051e183dced336bc0c2502f93ffc87dca622286ba174c24e1f53f27dc2777baafe170348b0e8d3e743b3aa906bc0764bbe7da08ff403efe2212627d672250658bb513b7312517d1f88c61c7ba5f9647cd619281c5b390b48606ee39fb4171103df2e09d7cfd56c06c721f7c24ad8cce383623fc2dcb15ac56438ea331820ae59c8c474e36fc73f7b1b3b86df1b42490815513681aafbf7e871b4b9686efae6c45ecfca60a640a6f071dfd31f9437c3d03086164b48c1ed802986864bfe0d49bdd7709662262368dbc3ecc05eb240ecc41904c76d78ab5c52b66af5a720fdd6a92f52be0676427a56e32e5bc5085b25f90add28a76f2fce6f8f0ef74f4659698549646bd63175adf77b5cdcfe676e1b1a9af15102946554ba6136cbc83c6268ee40318f3c9d4718025688b35d2265bf60bf889ff629f7834586ef46eab7a9176337536bb6001e676546b987f36b1fe4b9f6e46a8ce73eb22ebbb9c14d8e2b43ea77ef887e5a26448f4086fa819a25e27725ac10298851c8bc45f2ce4430b07917ade5ea8c434c3f2576effbeb521173736e5c9557450643068b0c0fb132a7e99de6ca292246a9937fa7d7e06e59cf59ce5b9f842629049931146af40a8a1256ba373a88d09dc00cdf4453cc6ba78572bf3e1f2352a978cdbad60220cb8ac37d7f614a306492a4b5eee9244b0ca84b6cf2e23013bfb1cb92bf6d126fe550e58c19f84e7a4081437b75b31b2b9fb658dcd8ba077962e0f3359721a148d4fefe5c97941ca9688cb85adf38fd10f5811cdd8e074a21bbfc9541c71465b08d7321281b68ed52bfab789b9c83849c09d52376d419b1e7ba367603236e119cdf4a7b7cf9d81f2229601deace53cea2f14a05f7fa0ca04b39e31c6453e332f4bd0915c0e09e28f4d1125c390c6ff0833a04b6fc37855e65de90333e505b9eb66e00686a3ed499cfb7b8b215dbdc9787b5baa724cfa71ee6745b41e203de8b7794757ac328ec5567540b951b50530c3d4ee34705ea1c66fd6591e88561083e86d48c45ef3b83a3029319d8f3d8e65ce14c1dc3cb92d0a7dbeb609a8d2793928caa079f0fbbb2bc90b9f058cc048f4032041d14c5bca00e99b3027ec3a50c4957199cf016a4594069af8659df0973f20ffb15dbc265ac5b8a2203e90b114a3e9441e357c60ce0b550a7fe66fc34f5702ac8e8992a22e89194c1df69e81a9b7ad3d2634ea8c0388588192fd47d8e803b10044d558617fb2921b69eb4d85c051f86ef63a2f4382b9becd870fb2ecadca6902712b88680792e2f2ec89591cfebb6db3ad31c2a339af10465fcf7988519d382218df52261234f26a6f66ad0d1859de505d0fe819caf2f8d30aa9fd1228ac91d11ca67f1f8d50c8eefa5c441514321507dff6c6ea3cff6f340a1c11e0c40f419e8e60fc94d8828fa47a96cdf7ee4f61e23f40751b25cf9ca1295041a350f83f0e679515d6b4b46e2c9ce8999e07f835abc1663cefcf728df37831f4e17f8c8a4feaf1fbf44c38c9313284404a50ba4cd8abe835b33bfecb02cd6c9d7f435853b4c8d505ab83cf46512739116694765658bae64b3127152d216055aef9b25c70a8a3b302752d7b1e8791c657b9f3fc9001ef299fd1a349491ae6ee9940149160507fc4130fb825d47d97dc2c243209d2403583ac3ef6ddbedcaa76432255487c0a06e59e043e572ab3aec002af6a6b6a2dc9cfaeefa70557886c4d12924a0388f2f1bc8e89e4cfa69705d1ef3c4658f8616278b588011d9dd914beec0b151d65b6524fba3e3f235d58373e021699b07622a51504eade747e0b2f9cf38bc167cabc8cb18c708d1337e25648707e8c0872876514c7a49c0b2aaee5ed9e9ecfcbcc23e032c4deb63e48e7120188056468fad31448e4b42e7d62fbcfc1c2cfb01fcf0db5e8a162bdb9bd820c763f17b96c23f32db9d1c1d74ddbe657b4f9595a9796982a0742153111b15e484d8ffebe47ce0a78a41e470a341616ec2eb6eef813fb415fab50fa965bec6a5977a0ade4fed67f86fc24e11b0e2f5364079f7c7c35b560cac726dbc80f29dbd248f7ecda0286a23ef172a28c96d9bdb1f598eab31c6baf0321312da23920c074b9d2d2e442717f2c21001142a39c2da6b8bd9d06b05a6a8deae1bd1be4108a636ddbebc682d113e715f2f3ee506abc28b1c654b3d2d28e02f73b171ed0deed71dda90ce4a0b728cc75cb576385e7418b545b992b1dd98e2ee53355f464f9250a2a03b3d1e4d2ac1aa71d01de2573530324e14d15a507883411ddbd37be21dc929db9b11f11010e4d2a04c7325a5ae6d24d19900ff97a8a89438f8676457a78cff05201528f4358fe67f61288bf042a8f3c2e0f8b4997b8fb74996b80d465489b2d7807a945eba72a945e8cf8625dbad6f6f6e30537b29e558ca8a8b0625f578c766d34f2d28d704715f94df1f6318a308042aa494baa295640679f1eab1e6a8308af8ce6441d5ad8a2f3d477eb5307af0dfae6644493f1434030b8361621340ad3dcefa6d8f090ed3929d89ad9c0ba01a6903033428dd8f98619304b1803187d2a6130bf1e009b5eb0e7e21c75594b3b8470f3106c92a9e55bfeb026091ced127a90a1f1247f3c07e36d3572923e0de3f73518d0369a25fcd4e65d243b7eab91063a7bfd8bc8ac9e39fbbb32b5c9517886287a18eacd8dbfda9b91db693cb12e42cba5988280e09e51e72b91a0f360656d8f21cc1eb3248ac345ad51d1a6172b18419277851dab01e028c7e8e2cf34095efd28267852a08fccf61c45b5e46930160daf50282be058274e7ff58c48b60b86d0c8cc886ab8778a2a2b5fa2557ad7bf7f01f2175523ce758871d334c20a9839f7a89fe2867c06289c8a2f6456ac7e4fbadee53ac41aee68214bc76669853baa4f58255b39ba581414f2e8c4b49303f8936a33bae5cbc96b29a5c724d5b50e1614144c2acd03bd90de891c3d36ce040d57543682ecbfcae66c4153c337c3a5d01896524c8e0c27e9a08919821ca27bbfe3fc9ba24a823aeec8d4ad8ef8a65c585bee4dcf1acaa3da501a8c11a23b2e22920c1ad0129a038b31fe16c2abc80589dbf7c37211afc5d1a6db908bc5fe8a692060069fcbcdcba7c523d3c424aa3b0c6556387e0e51bcde9e5f850abf62d2c2101c3a2786a0cb94932877a09cb6b64aa61da8cab3b423e7adc4c4700418a65e87225710e1691f6d9cb2eb63cce5b605ce0a4a89cf519767e00845397c5e381141a0ed8a89b01064b495ec8d1e2da37433bf1597d919a69610d2ad26bdf6fca8de422bb2cb80d0516206e8194ee51445a3dcb5dee33c0c310b4751e68e58bebda2fb586985a5a5b06456756f44e6dbfef4bb99ca732f00fb9ea35775f7419681bfbe6f43dc7c4650c13b63d93c1d490bf0173f287a4309531f13ecb1a775d0bd881a", 0x1000}}, 0x1006)
mmap(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1, 0x10012, r2, 0x0)
r3 = socket$inet_sctp(0x2, 0x5, 0x84)
setsockopt$inet_sctp_SCTP_PR_SUPPORTED(r3, 0x84, 0x82, &(0x7f0000000740), 0x8)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sendmsg(r1, 0x0, 0x0)
r4 = socket$l2tp6(0xa, 0x2, 0x73)
sendmmsg$inet6(r4, &(0x7f0000002c00)=[{{&(0x7f0000000080)={0xa, 0x4e21, 0x8, @dev={0xfe, 0x80, '\x00', 0x17}, 0xc}, 0x1c, 0x0, 0x0, &(0x7f0000001680)=[@rthdrdstopts={{0x14, 0x29, 0x37, {0xc}}}, @flowinfo={{0x10, 0x29, 0xb, 0x5}}], 0x24}}], 0x1, 0x40010)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0xb49, 0x9, 0x8, 0x0, 0x3}, 0x0)
r5 = openat$adsp1(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0)
connect$unix(r0, &(0x7f0000000200)=@file={0x0, './file0\x00'}, 0x6e)
ioctl$SNDCTL_DSP_SETFRAGMENT(r5, 0xc004500a, &(0x7f0000000000))
r6 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_IPV6_HOPOPTS(r6, 0x29, 0x48, &(0x7f0000000300)=ANY=[@ANYBLOB='n'], 0x8)
setsockopt$MRT_INIT(r5, 0x0, 0xc8, &(0x7f00000000c0), 0x4)
connect$inet6(r6, &(0x7f0000000000)={0xa, 0x4e21, 0x6, @local, 0x3ff}, 0x1c)
ioctl$SNDCTL_DSP_SPEED(r5, 0xc0045002, &(0x7f00000001c0))
ioctl$SNDCTL_DSP_CHANNELS(r5, 0xc0045006, &(0x7f0000000040)=0xc)
r7 = openat$audio1(0xffffffffffffff9c, &(0x7f0000000140), 0x120000, 0x0)
ioctl$SNDCTL_DSP_POST(r7, 0x5008, 0x0)
ioctl$SNDCTL_DSP_SETFMT(r5, 0xc0045005, &(0x7f0000000640)=0x56)
close(r5)

1.37715041s ago: executing program 0 (id=3746):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x2})
openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
openat$tun(0xffffffffffffff9c, 0x0, 0x100, 0x0)
r1 = socket$unix(0x1, 0x1, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r3=>0x0})
sendmsg$nl_route_sched(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000740)=@newqdisc={0x68, 0x24, 0x4ee4e6a52ff56541, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {0x0, 0xb}, {0xffff, 0xffff}, {0x0, 0xfff1}}, [@qdisc_kind_options=@q_tbf={{0x8}, {0x3c, 0x2, [@TCA_TBF_PBURST={0x8, 0x7, 0xb86}, @TCA_TBF_PARMS={0x28, 0x1, {{0xa, 0x2, 0xffff, 0x7, 0xcc, 0x3}, {0x0, 0x1, 0x7, 0x8, 0x7f, 0x9}, 0xa6, 0x7, 0x1bb6}}, @TCA_TBF_BURST={0x8, 0x6, 0x7f}]}}]}, 0x68}, 0x1, 0x0, 0x0, 0x20000001}, 0x0)
sendmsg$nl_route_sched(r2, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000840)=@newqdisc={0x64, 0x24, 0x4ee4e6a52ff56541, 0x70b923, 0x80000, {0x0, 0x0, 0x0, r3, {}, {0x2, 0xb}, {0xd, 0xfff3}}, [@qdisc_kind_options=@q_tbf={{0x8}, {0x38, 0x2, [@TCA_TBF_PARMS={0x28, 0x1, {{0x1d, 0x0, 0x0, 0x4, 0x0, 0x1}, {0xd, 0x2, 0x6, 0xff, 0x5, 0x801}, 0x2, 0xfffffffd, 0x1756}}, @TCA_TBF_PRATE64={0xc, 0x5, 0xfb757fd6f69f56d1}]}}]}, 0x64}}, 0x4080)

954.756931ms ago: executing program 0 (id=3747):
socket$inet_tcp(0x2, 0x1, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100001f00702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000001000000b703000000000000850000002d00000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x1, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f0000000400)=@abs={0x0, 0x0, 0x404e24}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000ac0)=ANY=[@ANYBLOB="1800000000000000000000000000000018010000786c6c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000fdffffff850000002d00000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0xa, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r3}, 0x10)
inotify_add_watch(0xffffffffffffffff, 0x0, 0x42000773)
r4 = syz_open_dev$tty1(0xc, 0x4, 0x4)
r5 = dup(r4)
write$UHID_INPUT(r5, &(0x7f0000001040)={0xf, {"a2e3ad21ed0d09f91b5b090987f70906d038e7ff7fc6e5539b0d3d0e8b089b32356d63060890e0878f0e1ac6e7049b334a959b669a240d5b67f3988f7ef319520100ffe8d17c708c523c921b1b5b31070b07580936cd3b78130daa61d8e8040000005802b77f07227227b7ba67e0e78657a6f5c2a874e62a9ccdc0d31a0c9f318c0da1993bd160e233df4a62179c6f30e065cd5b91cd0ae193973735b36d5b1b63dd1c00305d3f46635eb016d5b1dda98e2d749be7bd1df1fb3b231fdcdb5075a9aaa1b469c3090000000000000075271b286329d169934288fd789aa37d6e98b224fd44b65b31334ffc55cc82cd3ac32ecdb08cdc339081b4dd0d8b38f3cd4498bee800490841bdb114f6b76383701d8f5c55432a909fda039aec54a1236e80f6a8abadea7662496bddbb42be6bfb2f17959d1f416e56c71b1931870262f5e801119242ca026bfc821e7e7daf2451138e645bb80c617669314e2fbe70de98ec76a9e40dad47f36fd9f7d0d42a4b5f1185ccdcf16ff46295d8a0fa17713c5802630933a9a34af674f3f39fe23491237c08822dec110911e893d0a8c4f677747abc360934b82910ff85bfd995083bba2987a67399eac427d145d546a40b9d6ff14ac488ec130fb3850a27af9544ae15a7e454dea05918b41243513f000000000000000a3621c56cea8d20fa911a0c41db6ebe8cac64f17679141d54b34bbc9963ac4f4bb3309603f1d4ab966203861b5b15a841f2b575a8bd0d78248ebe4d9a80002695104f674c2431dca141fae269cab70e9a66f3c3a9a63e9639e1f59c0ede26c6b5d74b078a5e15771aaa18119a867e1088334975e9f73483b6a62fa678ca14ffd9f9db2a7869d85864056526f889af43a6056080572286522449df466c632b3570243f989cce7cd9f465e41e610c20d80421d653a5520000008213b704c7fb082ff27590678ef9f190bae97909507041d860420c5664b27921b14dc1db8892fd32d0ad7bad8deff4b05f60cea0da7710ac0000bea37ce0d0d4aa202f928f28381aab144a5d429a04a6a2b83c7068ae949ed06e288e810bac9c76600025e19c907f74a2e2010000008271a1f5f8528f227e79c1389dbdfffe492f21579d2c15b8c70cdb1c332d86d87341432750861ec2bcff00000000000000fec4603d276bbaa1dfa6d4fb8a48a76eafc9a9a0270e4c10d64cd5a62427264f2377fe763c43470833ac96c45f357cbbaba8f1b1fdcc7cbb61a7cdb9744ed7f9129aede2be21ccfdc4e9134f8684b3a4f354da9a795e96334e207dff70f1988037b2ed3aaf575c0b88d8f146684078416d59fdee5325928974d12dad99dac44c3f0008047096a44002bebc2420ae305fa9b6578b4779415d4ac01b75d5495c118045651cf41c2fc48b778efa5ea5677747430af4162b987b80c3e001cd34e5c92f76cc4c24eeb8bc4e9ac2aed9e53803ed0ca4ae3a9737d214060005ea6f1783e287b3bee96e3a726eafe2fdfaa78d1f48c13b64df07847754b8400daaa69bf5c8f4350aeae9ca1207e78283cd0b20ceb360c7e658828163e2d25c4aa348561f927e88f63aa70e73a5e69b3df3495903f06572e1e007fa55a2999f596d067312f5779e8dbfdcf3427138f3d444d2639a10477f9bec4b0bbb6e3c04be68981f392203dd0ee3ef478e16dacfc5e3e03cf7ab8e3902f1b0ff034ef655b253ca509383815b1b6fc6522d4e4fdc11a48cf42f48604675fde2b94cf00500a2690891abf8ab9c015073014d9e08d4338b8780bdecd436cf0541359bafffa45237f104b96210403b2de9efed496f42355bc7872c827467cfa5c4e72730d56bd068ed211cf847535edecb7b373f78b095b68441a34cb51682a8ae4d24ad0465f3927f889b813076038e79a7962fb385a882e8020f06c4c2ba1dd5cac7c18876da865d258734dd73583df292892448039ef799cf0630becdcce04579b5561dc825ab829827945e020c1f67ee615feb6243378e0610060f02cca4e91b2f001edb3d78fb4b55668dda93aec92a5de203717aa49c2d284acfabe262fccfcbb2b75a2183c46eb65ca8104e1b4da7fbb77ab2fc043aead87c32ab875ee7c2e7b7019c982cd3b43eaeb1a5fb135c0c7dcee8fe6516a328032f88c042891824659e9e94265c803b35ee5f83a2b210520106b8a358b50ab7a1fa89af9c251fe5294b3d1802d5676d95f160ec97b1ad94872cb2044642c37b4a6cc6c04effc1672db7e4b6080000007a508ae54b3cd7369dde50e8c77d95a3d361c040babb171607caac2a3559ad4f75465f49c0d0ae3716db6e00cb11db4a5fadf9ffffff238e204a67737c3b42aae501b20f7694a00f16e2d0174035a2c22656dc29880acebdbe8ddbd75c2f998d8ac2dfad2ba3a504767b6b45a45957f24d758ed024b3b99caf6b00d84a604047497022d9c30e23ef4df5c89644f48bb536f7946b59d7bcddff754413d135273ea8e75f22f216c6b9990ae71806f2c00b4025c48b75c0f73cdb9a7b8fa367b50028067e7f16f4dd569d462f4f19eacdb3ed70eeebb4483f8fd777d443e8b40427db6fe29068c0ca3d2414442e8f3a154704b0e51bc664a137b26be719f4f7c9a5678a674dfc95df80b9ce375dd649c8c704e509bd88c8e63d8c7dd67071115c8982ba46af4d6adcc9f68a75b9397b035153faf46366e7205dd8d6f37525c1a0e94610dd94323f6c15d085197149bfd6020048cfd9c52c9711937f79abb1a124f1210465483cd3b2d78378cfb85ed82e7da0f6eb6d279f2ae455925d0f6f1ba571eba281f2a654fb39ddff3b484439ff158e7c5419e037f3e3ad038f2211f1033195563c7f93cd54b9094f226e783271e1e5a2a2c10712eab625d64931cd4ffee738d97b9b5ef828ee9fb06ffc01af0e79c1e14b1d25988c69a399567c1d93768f7971d31488b8658a20878b7c1dd7ba02fc42939dde3d4a3339a65d507dc59c51097b40517705da56e9ebf0afa53282bf86dbb58c548069ff6eb95aade7cc66d7bbef724779ca1f731b3346ff177050373d79ff7b3e7f9bc0c1b4b266a8878b90baaa039d3e3b63979ac3df6e6f4859afd50238c7547a39b60810938044ae185d2ba3e00a4e73676864ae090d81eaee5ee6cf1d0ab378dd4dd891e937c2ea5410e0513005000000000000003911fab964c271550027697b52160687461602f88df165d884b36ec2b6c65a2f33c715687e9d4afb96d6861aca47da73d6f3144345f48843dd014e5c5ad8fe995754bd9cf32fce1e31919c4b2082fb0a30b9deae84bed4b28045634073c9c58c89d9e99c81769177c6d594f88a4facfd4c735a20307c737afa2d60399473296b831dbd933d93994ba3064279b10ea0c5833f41f157ea2302993dbe433b1aa3a3766d5439020484f4113c4c3329c8a6b415c3432f81db8719539d5bf372aaaea1cc43a6c5cbe59758bfee2916580dac4b008e595f437491d87abed02cefcd9db53d94d02daee67918e5d6787463183b4b87c1050000002f7809959bc048850613d17ca51055f2f416a44fe180d2d50c312cca7cb14a2bdc331f57a9817139a206fc76957227ffff2d06376f799eba367e21f94ca598705f5dcb767d6f0900d6b0f6095e53c4c4234d0c1fbe434f6ab8f43c0013ee93b83946ee7759e89d7bdd1a32d7b311711b757fe43c06d21a35810d8fe98b27faea8aa12bc8716eefc5c97c45ac33eeec964c5214bc3a9359bdea1cccab94f15e36319cb34ebcacedb82c2ed3de5a8a8f0011e8f74e82d7f96093530e76692839d7961939adfdeeeaff19d11efcafb6d546fef271e89d6cc2389e81ff58cefcce3fbf4625a7e7de40e42e07b34449e15e065cc7340002000000000000f288a4510de03dab19d2a89156d50dd385a60333ba5bbf5d77cd7007ad1519ad5470de3dd6d6080cafccf8a97406bb6b68a1f0c4549820a73c880f475f732ae00398e8bd1f4108b7807fb33b72685ec37a2d3f766413a60459516246e5a1d998a2017aef0948a68cf255315ab80dd349e891aef595dc4d470e8ac32a308e15fc37d009000000c0523f483e1ff7408c6087f1ab652f2ef91d4f2b01987b0f46da034e5c3f745a7ee8101a3934c54e24b48ec0275e2d0687dc746b0827cbf652f406c6b95f2722e58c05f752ce2126596e1cd7655b904801784c416b22f73d324678e2724f43f1fe687c7e8a60c28b82b6528341b648cdd56fed7cdcbb15da202d5ecd36dea3bca0b7427d8392c6289455e8f8d2ab2242729251ae033a9e02210e62df0546a74b333a1c48f95fd54acb5741259e8c5488efeee327415cc19451432c6f14c27693102a3cd84857cd6586fc5ca9a93eb0145fac0662ff86107f998a8ef7df8aa14046c55b03d3d47f88a8d60f7774a2ee08758897fb411a94b3c2fc5d5f0db42c0456ec015f08e5247d33ae2d35603ff8454c16f8342856935125102bb7847c7148b6ce431bb90e29389f22fc5b59a70efaea2bd40195af4486220d70bfc43c10ec23ea6283994a7dde4dcb61fea6b651fb1d62458d0741a12830052fcc460db043afe525629b40d7cee458e4cb5e930ed624806c43a006e39336d07c2b8081c128ad2706f48261f7897484c297a1a6613bc18f5a38d442768af38041efe03d152ef95ff569e76db2391f4509d7f339d92fdb4a89364949da398000000000000000d80a4fe654578376e599aff3565b1d531f30912b9945030b81ea9935fd46edb44a78f615255490a4b621501f2a9e4d24622a4dac9274118c67584f5d374755534d7f68f679c4ff516a9c861a0e7e65868fcb2bf1cb9aea4e05df72279fdb0d2b9e935c5af3cf474bed79dfc248c1f5aea4b8b32c5d295e57079d0fe662a46b7f71cd47744d9b6c50b704c971d90295c7b2c7439a2d78ccfa79b5fc2bff6bbf840262bf89394b3e0691953264d2700c838fa2c7b3425260f59554e502dcea39cb313b0000000000004ca7c12f45858d6284ca6270d6b2f0e58fded8a7b4a302a97bc641df07720ba2b26bbfcc807ca0abb1b44322269c21c5ec68cb068ea88067d905ea917bb03eefdaebdeabf2d0dce80997c915c8949de99258842cb5fe36d7d3e5db21b094b8b77940b5f07722e47a08d367e5f84c96ec664b72934b9906009af65d77e86abd6859cddf4bbae1f0930462df15fddbc48562ea3511a8065ef028cf12f14dcf6ebecd8d884836174faf1aa609e5f1ee1162dfa13bdc1fa7cfaadba85c72e9758f03a755d0be53f8d2a1dfb1c68cc164b0a0780d971a96ea2c4d4ca0398c2235980a9307b3d5bd3b01faffd0a5dbed2881a9700af561ac8c6b00000000000000f96f06817fb903729a7db6ff957697c9ede7885d94ffb0969be0daf60af93109eb1dee72e4363f51af62af6fb2a6df3bec89822a7a0b678058fa3fef86faec216eb6992162f8dcbf719c148cd2f9c55f4901203a9a8a2c3e90f3943dbc10360a1a49700d1dfbf66d69f6fbaf506c8bcce8bb0d872a02238926407a4eddd5d0fc5a752f9000", 0x1000}}, 0x1006)

905.000742ms ago: executing program 3 (id=3748):
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
sendmmsg$inet(r0, &(0x7f0000002f80)=[{{&(0x7f0000000080)={0x2, 0x4e23, @remote}, 0x10, 0x0}}, {{&(0x7f0000000380)={0x2, 0x4e23, @remote}, 0x10, 0x0, 0x0, &(0x7f0000010140)=ANY=[], 0x58}}], 0x2, 0x20000000)

864.040833ms ago: executing program 2 (id=3749):
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000004c0)=ANY=[@ANYBLOB="280000001200010000bd70000710000000000000", @ANYRES32=0x0, @ANYBLOB="0000000005020200080029"], 0x28}}, 0x8c4)

662.825265ms ago: executing program 2 (id=3750):
mkdir(&(0x7f0000000180)='./file0\x00', 0xe0)
r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0)
mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000000800), 0x0, &(0x7f00000003c0)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r0, @ANYBLOB=',rootmode=00000000000000000040000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0])
io_setup(0x8, &(0x7f0000004200)=<r1=>0x0)
r2 = syz_open_procfs(0x0, &(0x7f0000000080)='mounts\x00')
io_submit(r1, 0x1, &(0x7f0000004540)=[&(0x7f0000004280)={0x0, 0x0, 0x0, 0x5, 0x0, r2, 0x0}])
umount2(&(0x7f0000000100)='./file0\x00', 0x3)

662.51663ms ago: executing program 4 (id=3751):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000600), 0x280, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = dup(r1)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000840)={0x101ff, 0x2, 0x2000, 0x1000, &(0x7f0000003000/0x1000)=nil})
ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r2, r0, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000100)=[@textreal={0x8, 0x0}], 0x1, 0x42, 0x0, 0x0)

660.466453ms ago: executing program 3 (id=3752):
r0 = openat2(0xffffffffffffff9c, &(0x7f0000000300)='./file1\x00', 0x0, 0x0)
sendmsg$IPCTNL_MSG_EXP_GET_STATS_CPU(r0, &(0x7f0000000700)={&(0x7f00000003c0)={0x10, 0x0, 0x0, 0x10080030}, 0xc, &(0x7f00000006c0)={&(0x7f0000000680)={0x14, 0x3, 0x2, 0x101, 0x0, 0x0, {0x7, 0x0, 0x3}, ["", "", "", "", "", ""]}, 0x14}, 0x1, 0x0, 0x0, 0x20040044}, 0x810)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xaece, 0x0)
preadv(r3, &(0x7f00000002c0)=[{&(0x7f00000004c0)=""/145, 0x91}], 0x1, 0x5, 0x400040)

341.343695ms ago: executing program 2 (id=3753):
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000840)=@base={0xa, 0x5, 0x2, 0x4}, 0x48)
close(r0)
bpf$MAP_CREATE(0x0, &(0x7f0000000280)=@base={0x5, 0x4, 0x4, 0xa, 0x40}, 0x50)
socket$inet6(0xa, 0x1, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040))
getsockopt(0xffffffffffffffff, 0x28, 0x80000008, 0x0, &(0x7f0000000100))
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
r1 = getpid()
sched_setscheduler(r1, 0x2, 0x0)
connect$unix(0xffffffffffffffff, 0x0, 0x0)
sendmmsg$unix(0xffffffffffffffff, 0x0, 0x0, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
r2 = gettid()
r3 = openat$sndseq(0xffffffffffffff9c, &(0x7f00000006c0), 0x2000)
read(r3, &(0x7f0000000200)=""/209, 0x128)
ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r3, 0x4040534e, &(0x7f0000000080)={0x2bd, @tick=0x5})
ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r3, 0xc08c5332, &(0x7f0000000740)={0xfffffffb, 0x2, 0x1, 'queue0\x00'})
ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_CLIENT(r3, 0x404c534a, &(0x7f0000000400)={0x0, 0x1f000000})
tkill(r2, 0x7)

255.70147ms ago: executing program 3 (id=3754):
r0 = socket$inet6(0xa, 0x3, 0x5)
setsockopt$inet6_IPV6_FLOWLABEL_MGR(r0, 0x29, 0x20, &(0x7f00000000c0)={@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02', 0x800, 0x0, 0x3, 0x9}, 0x20)
setsockopt$inet6_int(r0, 0x29, 0x1000000000021, &(0x7f0000000000)=0xffffffc3, 0x4)
sendmmsg(r0, &(0x7f0000001500)=[{{&(0x7f0000000040)=@l2tp6={0xa, 0x0, 0x7080000, @ipv4={'\x00', '\xff\xff', @loopback}, 0x4, 0x1}, 0x80, 0x0, 0x0, &(0x7f0000004a80)=ANY=[@ANYBLOB="6800000000000000290000003600000068bf"], 0x68}}], 0x1, 0x4000000)

198.990704ms ago: executing program 4 (id=3755):
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000100)=[{0x6, 0x3, 0x0, 0x7fffffff}]})
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
munmap(&(0x7f0000001000/0x4000)=nil, 0x4000)
bpf$MAP_CREATE(0x0, 0x0, 0x48)
r0 = syz_open_procfs(0x0, &(0x7f0000000000)='map_files\x00')
getdents(r0, &(0x7f0000000dc0)=""/4106, 0x100a)

54.125905ms ago: executing program 4 (id=3756):
add_key(0x0, 0x0, 0x0, 0x0, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB], 0x50)
bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x0, 0xc, &(0x7f0000000440)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000004c0)={<r0=>0xffffffffffffffff})
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='memory.swap.events\x00', 0x275a, 0x0)
setsockopt$sock_attach_bpf(r0, 0x1, 0x2a, 0x0, 0x0)
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x3000003, 0x4031, 0xffffffffffffffff, 0x0)
madvise(&(0x7f00000ec000/0x800000)=nil, 0x800000, 0x17)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000140)={0x18, 0xb, &(0x7f0000000380)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020000000000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, 0x2}, 0x94)
socket(0x0, 0x5, 0x8001)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x4080)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={0x0}, 0x18)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000000)='mmap_lock_acquire_returned\x00', r1}, 0x18)
munlock(&(0x7f0000c27000/0x4000)=nil, 0x4000)

0s ago: executing program 3 (id=3757):
r0 = syz_open_dev$loop(&(0x7f0000000240), 0x7, 0x142ba3)
r1 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000000)='/sys/power/pm_freeze_timeout', 0x82803, 0xf)
ioctl$LOOP_CONFIGURE(r0, 0x4c0a, &(0x7f0000000080)={r1, 0x0, {0x0, 0x0, 0x0, 0x6, 0x4000000000000ffd, 0x0, 0x0, 0x1e, 0xc, "faf98317e5a1149989fc8dbe43ea6acc96e3a2503dc3bd3fe37d58128bbad0099cebdc25f5ab60c9e6d680f985881a7beda9d69098c8b534464c516bdd8a0f35", "32d8cc26f7061a74df2cfc06c89f3d9e234b30c50997d3bef409ff2176ff7bfe55cd4a5d83cd4a524bd3ffe70c7f3f800b2f7b6aa54cc50a1fcaed1e831fa79a", "67523760fd40f78d2cfc03d81a8ca55ba139c01802c4dae4162e43ac61b7ad33", [0x5, 0x7]}})
ioctl$LOOP_CHANGE_FD(r0, 0x4c06, r1)

kernel console output (not intermixed with test programs):

using maximum allowed: 8
[  693.346131][T16154] bridge_slave_0: entered allmulticast mode
[  693.362320][ T5950] usb 3-1: unable to read config index 0 descriptor/start: -61
[  693.371695][ T5950] usb 3-1: can't read configurations, error -61
[  693.376213][T16154] bridge_slave_0: entered promiscuous mode
[  693.390923][ T5950] usb usb3-port1: unable to enumerate USB device
[  693.402758][   T12] tipc: Disabling bearer <udp:s>
[  693.411771][   T12] tipc: Left network mode
[  693.423709][T16154] bridge0: port 2(bridge_slave_1) entered blocking state
[  693.433130][T16154] bridge0: port 2(bridge_slave_1) entered disabled state
[  693.448287][T16154] bridge_slave_1: entered allmulticast mode
[  693.456485][T16154] bridge_slave_1: entered promiscuous mode
[  693.501658][T16154] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  693.512686][T12666] usb 5-1: USB disconnect, device number 101
[  693.548299][T16154] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  693.599782][T16154] team0: Port device team_slave_0 added
[  693.609593][T16154] team0: Port device team_slave_1 added
[  693.652354][T16154] batman_adv: batadv0: Adding interface: batadv_slave_0
[  693.666849][T16154] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  693.695486][T16154] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  693.709767][T16154] batman_adv: batadv0: Adding interface: batadv_slave_1
[  693.716808][T16154] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  693.742840][T16154] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  693.840391][   T12] batadv_slave_1: left promiscuous mode
[  693.872857][   T12] hsr_slave_0: left promiscuous mode
[  693.882869][   T12] hsr_slave_1: left promiscuous mode
[  693.953983][   T12] veth1_vlan: left promiscuous mode
[  693.976117][   T12] veth0_vlan: left promiscuous mode
[  693.995562][T16209] netlink: 'syz.3.3183': attribute type 10 has an invalid length.
[  694.124488][T16215] netlink: 'syz.4.3184': attribute type 21 has an invalid length.
[  694.643987][ T5863] Bluetooth: hci0: command tx timeout
[  694.959075][T16232] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3186'.
[  694.976828][T16232] netlink: 312 bytes leftover after parsing attributes in process `syz.2.3186'.
[  694.995472][T16232] netlink: 'syz.2.3186': attribute type 1 has an invalid length.
[  695.154283][T16154] hsr_slave_0: entered promiscuous mode
[  695.182492][T16154] hsr_slave_1: entered promiscuous mode
[  695.196227][T16209] hsr_slave_0: left promiscuous mode
[  695.206280][T16209] hsr_slave_1: left promiscuous mode
[  695.250557][T16235] netlink: 212376 bytes leftover after parsing attributes in process `syz.0.3187'.
[  695.251480][T16215] netlink: 4 bytes leftover after parsing attributes in process `syz.4.3184'.
[  695.422232][T16237] macsec1: entered promiscuous mode
[  695.427698][T16237] dummy0: entered promiscuous mode
[  695.433077][T16237] macsec1: entered allmulticast mode
[  695.439631][T16237] dummy0: entered allmulticast mode
[  695.453369][T16237] dummy0: left allmulticast mode
[  695.460281][T16237] dummy0: left promiscuous mode
[  695.561037][T16243] netlink: 8 bytes leftover after parsing attributes in process `syz.4.3190'.
[  695.873297][   T12] IPVS: stop unused estimator thread 0...
[  696.053841][  T983] usb 5-1: new full-speed USB device number 102 using dummy_hcd
[  696.234013][ T5950] usb 3-1: new low-speed USB device number 97 using dummy_hcd
[  696.249159][  T983] usb 5-1: config 0 has an invalid interface number: 107 but max is 0
[  696.268320][  T983] usb 5-1: config 0 has no interface number 0
[  696.305695][  T983] usb 5-1: New USB device found, idVendor=0582, idProduct=0023, bcdDevice=c7.92
[  696.325081][  T983] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  696.350743][  T983] usb 5-1: Product: syz
[  696.361397][  T983] usb 5-1: Manufacturer: syz
[  696.381097][  T983] usb 5-1: SerialNumber: syz
[  696.414652][  T983] usb 5-1: config 0 descriptor??
[  696.451874][ T5950] usb 3-1: config 0 has an invalid interface number: 55 but max is 0
[  696.460219][ T5950] usb 3-1: config 0 has no interface number 0
[  696.482308][ T5950] usb 3-1: config 0 interface 55 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[  696.526074][ T5950] usb 3-1: config 0 interface 55 altsetting 0 endpoint 0xE has invalid maxpacket 32, setting to 8
[  696.583816][ T5950] usb 3-1: config 0 interface 55 altsetting 0 has an endpoint descriptor with address 0xAB, changing to 0x8B
[  696.613803][ T5950] usb 3-1: config 0 interface 55 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 10
[  696.633985][T16249] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  696.647264][T16249] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  696.676041][ T5950] usb 3-1: config 0 interface 55 altsetting 0 endpoint 0x8B has invalid maxpacket 120, setting to 8
[  696.723909][ T5863] Bluetooth: hci0: command tx timeout
[  696.738451][ T5950] usb 3-1: config 0 interface 55 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 2
[  696.751137][T16249] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  696.804225][ T5950] usb 3-1: New USB device found, idVendor=0f11, idProduct=1080, bcdDevice=fc.6a
[  696.806381][T16249] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  696.831736][ T5950] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  696.881374][ T5950] usb 3-1: config 0 descriptor??
[  696.922331][T16252] raw-gadget.2 gadget.2: fail, usb_ep_enable returned -22
[  696.934732][T16252] raw-gadget.2 gadget.2: fail, usb_ep_enable returned -22
[  696.981062][ T5950] ldusb 3-1:0.55: LD USB Device #0 now attached to major 180 minor 0
[  697.196076][T16252] ldusb 3-1:0.55: Write buffer overflow, 1 bytes dropped
[  697.205631][T16252] netlink: 24 bytes leftover after parsing attributes in process `syz.2.3193'.
[  697.330808][T16154] netdevsim netdevsim1 netdevsim0: renamed from eth0
[  697.368528][T16154] netdevsim netdevsim1 netdevsim1: renamed from eth1
[  697.418009][  T983] usb 5-1: USB disconnect, device number 102
[  697.475261][T16154] netdevsim netdevsim1 netdevsim2: renamed from eth2
[  697.592212][T16154] netdevsim netdevsim1 netdevsim3: renamed from eth3
[  697.633271][T16274] netlink: 104 bytes leftover after parsing attributes in process `syz.4.3196'.
[  697.759764][T14720] usb 3-1: USB disconnect, device number 97
[  697.794922][T14720] ldusb 3-1:0.55: LD USB Device #0 now disconnected
[  697.972476][T16154] 8021q: adding VLAN 0 to HW filter on device bond0
[  698.063114][T16154] 8021q: adding VLAN 0 to HW filter on device team0
[  698.175755][   T61] bridge0: port 1(bridge_slave_0) entered blocking state
[  698.182918][   T61] bridge0: port 1(bridge_slave_0) entered forwarding state
[  698.193577][T12666] usb 4-1: new high-speed USB device number 87 using dummy_hcd
[  698.225297][   T61] bridge0: port 2(bridge_slave_1) entered blocking state
[  698.232409][   T61] bridge0: port 2(bridge_slave_1) entered forwarding state
[  698.376543][T12666] usb 4-1: Using ep0 maxpacket: 8
[  698.427110][T12666] usb 4-1: config 2 has an invalid interface number: 31 but max is 0
[  698.468890][T12666] usb 4-1: config 2 has no interface number 0
[  698.489145][T12666] usb 4-1: config 2 interface 31 has no altsetting 0
[  698.516130][T16154] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  698.560461][T12666] usb 4-1: New USB device found, idVendor=1a86, idProduct=e092, bcdDevice=53.3f
[  698.623915][T12666] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  698.652346][T12666] usb 4-1: Product: syz
[  698.661868][T12666] usb 4-1: Manufacturer: syz
[  698.698419][T12666] usb 4-1: SerialNumber: syz
[  698.760277][T12666] ch9200 4-1:2.31: probe with driver ch9200 failed with error -22
[  698.807104][ T5863] Bluetooth: hci0: command tx timeout
[  698.945035][T16154] 8021q: adding VLAN 0 to HW filter on device batadv0
[  698.972329][T16312] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3202'.
[  698.991764][T16312] netlink: 312 bytes leftover after parsing attributes in process `syz.0.3202'.
[  699.022769][T16312] netlink: 'syz.0.3202': attribute type 1 has an invalid length.
[  699.217248][T16154] veth0_vlan: entered promiscuous mode
[  699.227122][T16154] veth1_vlan: entered promiscuous mode
[  699.262186][T16154] veth0_macvtap: entered promiscuous mode
[  699.311372][T16154] veth1_macvtap: entered promiscuous mode
[  699.384261][  T983] usb 3-1: new high-speed USB device number 98 using dummy_hcd
[  699.397061][T16154] batman_adv: batadv0: Interface activated: batadv_slave_0
[  699.426239][T16154] batman_adv: batadv0: Interface activated: batadv_slave_1
[  699.456926][ T7966] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  699.478007][ T7966] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  699.506893][ T7966] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  699.532329][ T7966] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  699.546593][  T983] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  699.570912][  T983] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  699.615672][  T983] usb 3-1: New USB device found, idVendor=044f, idProduct=b65d, bcdDevice= 0.00
[  699.640386][  T983] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  699.672776][ T7966] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  699.699089][ T7966] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  699.714187][  T983] usb 3-1: config 0 descriptor??
[  699.794709][   T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  699.815644][   T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  699.948021][  T983] usbhid 3-1:0.0: can't add hid device: -71
[  699.979003][  T983] usbhid 3-1:0.0: probe with driver usbhid failed with error -71
[  700.004420][  T983] usb 3-1: USB disconnect, device number 98
[  700.300509][T16345] FAULT_INJECTION: forcing a failure.
[  700.300509][T16345] name failslab, interval 1, probability 0, space 0, times 0
[  700.317710][T16345] CPU: 0 UID: 0 PID: 16345 Comm: syz.0.3209 Not tainted syzkaller #0 PREEMPT(full) 
[  700.317738][T16345] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  700.317751][T16345] Call Trace:
[  700.317759][T16345]  <TASK>
[  700.317768][T16345]  dump_stack_lvl+0x189/0x250
[  700.317796][T16345]  ? __pfx____ratelimit+0x10/0x10
[  700.317825][T16345]  ? __pfx_dump_stack_lvl+0x10/0x10
[  700.317848][T16345]  ? __pfx__printk+0x10/0x10
[  700.317881][T16345]  ? __pfx___might_resched+0x10/0x10
[  700.317899][T16345]  ? fs_reclaim_acquire+0x7d/0x100
[  700.317934][T16345]  should_fail_ex+0x414/0x560
[  700.317966][T16345]  should_failslab+0xa8/0x100
[  700.317997][T16345]  kmem_cache_alloc_noprof+0x73/0x3c0
[  700.318022][T16345]  ? getname_flags+0xb8/0x540
[  700.318052][T16345]  getname_flags+0xb8/0x540
[  700.318075][T16345]  do_sys_openat2+0xbc/0x1c0
[  700.318100][T16345]  ? __pfx_do_sys_openat2+0x10/0x10
[  700.318123][T16345]  ? ksys_write+0x22a/0x250
[  700.318151][T16345]  ? __pfx_ksys_write+0x10/0x10
[  700.318181][T16345]  __x64_sys_openat+0x138/0x170
[  700.318207][T16345]  do_syscall_64+0xfa/0x3b0
[  700.318235][T16345]  ? lockdep_hardirqs_on+0x9c/0x150
[  700.318262][T16345]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  700.318282][T16345]  ? clear_bhb_loop+0x60/0xb0
[  700.318306][T16345]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  700.318326][T16345] RIP: 0033:0x7f50a0f8ebe9
[  700.318344][T16345] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  700.318361][T16345] RSP: 002b:00007f50a1e53038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[  700.318382][T16345] RAX: ffffffffffffffda RBX: 00007f50a11b5fa0 RCX: 00007f50a0f8ebe9
[  700.318397][T16345] RDX: 00000000000c0202 RSI: 0000200000000000 RDI: ffffffffffffff9c
[  700.318412][T16345] RBP: 00007f50a1e53090 R08: 0000000000000000 R09: 0000000000000000
[  700.318425][T16345] R10: 00000000000001c0 R11: 0000000000000246 R12: 0000000000000001
[  700.318436][T16345] R13: 00007f50a11b6038 R14: 00007f50a11b5fa0 R15: 00007f50a12dfa28
[  700.318466][T16345]  </TASK>
[  700.635110][T16337] netlink: 132 bytes leftover after parsing attributes in process `syz.4.3204'.
[  700.713883][T14716] usb 2-1: new high-speed USB device number 101 using dummy_hcd
[  700.922013][T14716] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  700.934728][T14716] usb 2-1: New USB device found, idVendor=0471, idProduct=0304, bcdDevice=e4.df
[  700.950669][T14716] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  701.001045][   T24] usb 4-1: USB disconnect, device number 87
[  701.051117][T14716] usb 2-1: config 0 descriptor??
[  701.095859][T16351] lo: entered allmulticast mode
[  701.178377][T14716] pwc: Askey VC010 type 2 USB webcam detected.
[  701.196954][ T5868] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[  701.209528][ T5868] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[  701.239521][ T5868] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[  701.242022][T16351] dvmrp1: entered allmulticast mode
[  701.274097][ T5868] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[  701.288217][ T5868] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[  701.345519][T16351] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3211'.
[  701.405933][T16350] lo: left allmulticast mode
[  701.589358][T14716] pwc: recv_control_msg error -32 req 02 val 2b00
[  701.607899][T14716] pwc: recv_control_msg error -32 req 02 val 2700
[  701.634487][T14716] pwc: recv_control_msg error -32 req 02 val 2c00
[  701.691858][T14716] pwc: recv_control_msg error -32 req 04 val 1000
[  701.743204][T14716] pwc: recv_control_msg error -32 req 04 val 1300
[  701.824408][T14716] pwc: recv_control_msg error -32 req 04 val 1400
[  701.884840][T16368] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3214'.
[  701.899696][T14716] pwc: recv_control_msg error -32 req 02 val 2000
[  701.929986][T16368] netlink: 312 bytes leftover after parsing attributes in process `syz.3.3214'.
[  701.953605][T14716] pwc: recv_control_msg error -32 req 02 val 2100
[  701.981755][T14716] pwc: recv_control_msg error -32 req 04 val 1500
[  702.000273][T14716] pwc: recv_control_msg error -32 req 02 val 2500
[  702.009247][T16368] netlink: 'syz.3.3214': attribute type 1 has an invalid length.
[  702.280773][T14716] pwc: recv_control_msg error -71 req 02 val 2600
[  702.327821][T14716] pwc: recv_control_msg error -71 req 02 val 2900
[  702.340363][T14716] pwc: recv_control_msg error -71 req 02 val 2800
[  702.403981][T14716] pwc: recv_control_msg error -71 req 04 val 1100
[  702.434085][T14716] pwc: recv_control_msg error -71 req 04 val 1200
[  702.466504][T14716] pwc: Registered as video103.
[  702.511673][T14716] input: PWC snapshot button as /devices/platform/dummy_hcd.1/usb2/2-1/input/input33
[  702.611939][T16357] chnl_net:caif_netlink_parms(): no params data found
[  702.624189][T14716] usb 2-1: USB disconnect, device number 101
[  703.204131][ T5863] Bluetooth: hci1: command 0x0406 tx timeout
[  703.228870][T16400] binder: BINDER_SET_CONTEXT_MGR already set
[  703.235069][T16400] binder: 16391:16400 ioctl 4018620d 200000000040 returned -16
[  703.363914][ T5871] Bluetooth: hci4: command tx timeout
[  703.681865][T16357] bridge0: port 1(bridge_slave_0) entered blocking state
[  703.699130][T16357] bridge0: port 1(bridge_slave_0) entered disabled state
[  703.797772][T16357] bridge_slave_0: entered allmulticast mode
[  703.844489][T16357] bridge_slave_0: entered promiscuous mode
[  703.981221][T16357] bridge0: port 2(bridge_slave_1) entered blocking state
[  703.999698][T16357] bridge0: port 2(bridge_slave_1) entered disabled state
[  704.012207][T16357] bridge_slave_1: entered allmulticast mode
[  704.022126][T16357] bridge_slave_1: entered promiscuous mode
[  704.228885][T16357] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  704.315410][T16357] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  704.995288][T16357] team0: Port device team_slave_0 added
[  705.133155][T16357] team0: Port device team_slave_1 added
[  705.449233][ T5871] Bluetooth: hci4: command tx timeout
[  705.493827][T14716] usb 4-1: new high-speed USB device number 88 using dummy_hcd
[  705.538548][T16357] batman_adv: batadv0: Adding interface: batadv_slave_0
[  705.541965][T16451] netlink: 28 bytes leftover after parsing attributes in process `syz.1.3225'.
[  705.553774][T16357] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  705.592893][T16451] netlink: 28 bytes leftover after parsing attributes in process `syz.1.3225'.
[  705.633929][T14716] usb 4-1: device descriptor read/64, error -71
[  705.666432][T16357] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  705.722890][T16451] gretap0: entered promiscuous mode
[  705.732157][T16451] batadv_slave_1: entered promiscuous mode
[  705.760318][T16357] batman_adv: batadv0: Adding interface: batadv_slave_1
[  705.779297][T16357] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  705.933817][T14716] usb 4-1: new high-speed USB device number 89 using dummy_hcd
[  706.023795][T16357] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  706.063844][T14716] usb 4-1: device descriptor read/64, error -71
[  706.211528][T14716] usb usb4-port1: attempt power cycle
[  706.235436][T16357] hsr_slave_0: entered promiscuous mode
[  706.248411][T16357] hsr_slave_1: entered promiscuous mode
[  706.254956][T16357] debugfs: 'hsr0' already exists in 'hsr'
[  706.260787][T16357] Cannot create hsr debugfs directory
[  706.382545][T16470] FAULT_INJECTION: forcing a failure.
[  706.382545][T16470] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  706.396414][T16470] CPU: 1 UID: 0 PID: 16470 Comm: syz.2.3229 Not tainted syzkaller #0 PREEMPT(full) 
[  706.396442][T16470] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  706.396454][T16470] Call Trace:
[  706.396462][T16470]  <TASK>
[  706.396472][T16470]  dump_stack_lvl+0x189/0x250
[  706.396501][T16470]  ? __pfx____ratelimit+0x10/0x10
[  706.396529][T16470]  ? __pfx_dump_stack_lvl+0x10/0x10
[  706.396553][T16470]  ? __pfx__printk+0x10/0x10
[  706.396593][T16470]  should_fail_ex+0x414/0x560
[  706.396625][T16470]  _copy_to_user+0x31/0xb0
[  706.396651][T16470]  simple_read_from_buffer+0xe1/0x170
[  706.396684][T16470]  proc_fail_nth_read+0x1b3/0x220
[  706.396710][T16470]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  706.396735][T16470]  ? rw_verify_area+0x2a6/0x4d0
[  706.396759][T16470]  ? __lock_acquire+0xab9/0xd20
[  706.396786][T16470]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  706.396810][T16470]  vfs_read+0x200/0xa30
[  706.396835][T16470]  ? fdget_pos+0x247/0x320
[  706.396856][T16470]  ? __pfx___mutex_lock+0x10/0x10
[  706.396886][T16470]  ? __pfx_vfs_read+0x10/0x10
[  706.396913][T16470]  ? __fget_files+0x2a/0x420
[  706.396947][T16470]  ? __fget_files+0x3a0/0x420
[  706.396974][T16470]  ? __fget_files+0x2a/0x420
[  706.397012][T16470]  ksys_read+0x145/0x250
[  706.397040][T16470]  ? __pfx_ksys_read+0x10/0x10
[  706.397063][T16470]  ? rcu_is_watching+0x15/0xb0
[  706.397089][T16470]  ? do_syscall_64+0xbe/0x3b0
[  706.397122][T16470]  do_syscall_64+0xfa/0x3b0
[  706.397149][T16470]  ? lockdep_hardirqs_on+0x9c/0x150
[  706.397177][T16470]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  706.397202][T16470]  ? clear_bhb_loop+0x60/0xb0
[  706.397227][T16470]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  706.397247][T16470] RIP: 0033:0x7f8f47d8d5fc
[  706.397266][T16470] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[  706.397284][T16470] RSP: 002b:00007f8f48bf0030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  706.397305][T16470] RAX: ffffffffffffffda RBX: 00007f8f47fb6090 RCX: 00007f8f47d8d5fc
[  706.397321][T16470] RDX: 000000000000000f RSI: 00007f8f48bf00a0 RDI: 0000000000000004
[  706.397333][T16470] RBP: 00007f8f48bf0090 R08: 0000000000000000 R09: 0000000000000000
[  706.397346][T16470] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  706.397358][T16470] R13: 00007f8f47fb6128 R14: 00007f8f47fb6090 R15: 00007f8f480dfa28
[  706.397390][T16470]  </TASK>
[  706.714010][T14716] usb 4-1: new high-speed USB device number 90 using dummy_hcd
[  706.746295][T14716] usb 4-1: device descriptor read/8, error -71
[  706.793965][T14723] usb 5-1: new high-speed USB device number 103 using dummy_hcd
[  706.873295][T16482] tipc: Started in network mode
[  706.878928][T16482] tipc: Node identity 764f00a3357, cluster identity 4711
[  706.888745][T16482] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  706.911524][T16482] tipc: Disabling bearer <eth:syzkaller0>
[  706.953931][T14723] usb 5-1: Using ep0 maxpacket: 8
[  706.960600][T14723] usb 5-1: config index 0 descriptor too short (expected 30, got 18)
[  706.980616][T14723] usb 5-1: New USB device found, idVendor=1660, idProduct=0932, bcdDevice=80.ea
[  706.991237][T14723] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  707.003082][T14723] usb 5-1: Product: syz
[  707.017122][T14723] usb 5-1: Manufacturer: syz
[  707.021756][T14723] usb 5-1: SerialNumber: syz
[  707.033930][T14716] usb 4-1: new high-speed USB device number 91 using dummy_hcd
[  707.042593][T14723] usb 5-1: config 0 descriptor??
[  707.061951][T14723] dvb-usb: found a 'Medion MD95700 (MDUSBTV-HYBRID)' in warm state.
[  707.070159][T14723] usb 5-1: setting power ON
[  707.075689][T14716] usb 4-1: device descriptor read/8, error -71
[  707.082543][T14723] dvb-usb: bulk message failed: -22 (2/0)
[  707.093574][T14723] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer.
[  707.107538][T14723] dvbdev: DVB: registering new adapter (Medion MD95700 (MDUSBTV-HYBRID))
[  707.119894][T14723] usb 5-1: media controller created
[  707.187335][T14723] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  707.198874][T14716] usb usb4-port1: unable to enumerate USB device
[  707.258485][T14723] usb 5-1: selecting invalid altsetting 6
[  707.270716][T14723] usb 5-1: digital interface selection failed (-22)
[  707.277789][T16467] dvb-usb: bulk message failed: -22 (3/0)
[  707.283535][T16467] cxusb: i2c wr: len=80 is too big!
[  707.283535][T16467] 
[  707.291172][T14723] dvb-usb: no frontend was attached by 'Medion MD95700 (MDUSBTV-HYBRID)'
[  707.326449][T14723] usb 5-1: setting power OFF
[  707.331098][T14723] dvb-usb: bulk message failed: -22 (2/0)
[  707.338555][T14723] dvb-usb: Medion MD95700 (MDUSBTV-HYBRID) successfully initialized and connected.
[  707.353618][T14723] (NULL device *): no alternate interface
[  707.408684][T16357] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  707.427084][T14723] dvb-usb: Medion MD95700 (MDUSBTV-HYBRID) successfully deinitialized and disconnected.
[  707.483359][T16357] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  707.483410][T14723] usb 5-1: USB disconnect, device number 103
[  707.523927][ T5871] Bluetooth: hci4: command tx timeout
[  707.536294][T16357] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  707.552996][T16357] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  707.758153][T16357] 8021q: adding VLAN 0 to HW filter on device bond0
[  708.292736][T16501] netlink: 'syz.3.3237': attribute type 10 has an invalid length.
[  708.312148][T16357] 8021q: adding VLAN 0 to HW filter on device team0
[  708.338566][   T61] bridge0: port 1(bridge_slave_0) entered blocking state
[  708.345771][   T61] bridge0: port 1(bridge_slave_0) entered forwarding state
[  708.346071][T16504] netlink: 'syz.3.3237': attribute type 10 has an invalid length.
[  708.385091][T16505] ksmbd: Daemon and kernel module version mismatch. ksmbd: 124, kernel module: 1. User-space ksmbd should terminate.
[  708.423382][   T61] bridge0: port 2(bridge_slave_1) entered blocking state
[  708.430613][   T61] bridge0: port 2(bridge_slave_1) entered forwarding state
[  708.451059][T16501] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  708.772136][T16510] tipc: Enabling of bearer <udp:syz2> rejected, failed to enable media
[  708.815654][T16357] 8021q: adding VLAN 0 to HW filter on device batadv0
[  708.966188][T16515] dummy0: entered promiscuous mode
[  708.974437][T16515] macsec1: entered promiscuous mode
[  708.986488][T16515] macsec1: entered allmulticast mode
[  708.996822][T16515] dummy0: entered allmulticast mode
[  709.013325][T16515] dummy0: left allmulticast mode
[  709.028417][T16515] dummy0: left promiscuous mode
[  709.136324][T14723] usb 3-1: new high-speed USB device number 99 using dummy_hcd
[  709.155267][T16357] veth0_vlan: entered promiscuous mode
[  709.211562][T16357] veth1_vlan: entered promiscuous mode
[  709.303917][T14723] usb 3-1: Using ep0 maxpacket: 16
[  709.320687][T14723] usb 3-1: New USB device found, idVendor=06be, idProduct=a232, bcdDevice=33.f3
[  709.330245][T14723] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  709.339879][T14723] usb 3-1: Product: syz
[  709.348030][T14723] usb 3-1: Manufacturer: syz
[  709.374298][T14723] usb 3-1: SerialNumber: syz
[  709.378886][T16357] veth0_macvtap: entered promiscuous mode
[  709.393541][T16357] veth1_macvtap: entered promiscuous mode
[  709.410519][T14723] usb 3-1: config 0 descriptor??
[  709.506489][T16357] batman_adv: batadv0: Interface activated: batadv_slave_0
[  709.552670][T16357] batman_adv: batadv0: Interface activated: batadv_slave_1
[  709.604010][ T5871] Bluetooth: hci4: command tx timeout
[  709.613494][   T12] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  709.637585][   T12] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  709.739844][   T12] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  709.816387][   T12] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  709.831607][T14723] dvb-usb: found a 'AME DTV-5100 USB2.0 DVB-T' in warm state.
[  709.843491][T14723] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer.
[  709.861993][T14723] dvbdev: DVB: registering new adapter (AME DTV-5100 USB2.0 DVB-T)
[  709.871949][T14723] usb 3-1: media controller created
[  709.930496][T14723] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  710.011675][   T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  710.032825][T14723] dvb-usb: no frontend was attached by 'AME DTV-5100 USB2.0 DVB-T'
[  710.043496][   T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  710.076782][T14723] dvb-usb: AME DTV-5100 USB2.0 DVB-T successfully initialized and connected.
[  710.508779][ T7965] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  710.547618][ T7965] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  711.400243][T16535] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3246'.
[  711.538680][T14547] usb 3-1: USB disconnect, device number 99
[  711.651451][T14547] dvb-usb: AME DTV-5100 USB2.0 DVB-T successfully deinitialized and disconnected.
[  711.702169][T16541] FAULT_INJECTION: forcing a failure.
[  711.702169][T16541] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  711.755341][T16541] CPU: 0 UID: 0 PID: 16541 Comm: syz.3.3248 Not tainted syzkaller #0 PREEMPT(full) 
[  711.755389][T16541] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  711.755412][T16541] Call Trace:
[  711.755428][T16541]  <TASK>
[  711.755442][T16541]  dump_stack_lvl+0x189/0x250
[  711.755492][T16541]  ? __pfx____ratelimit+0x10/0x10
[  711.755544][T16541]  ? __pfx_dump_stack_lvl+0x10/0x10
[  711.755592][T16541]  ? __pfx__printk+0x10/0x10
[  711.755645][T16541]  ? __might_fault+0xb0/0x130
[  711.755721][T16541]  should_fail_ex+0x414/0x560
[  711.755754][T16541]  _copy_from_user+0x2d/0xb0
[  711.755777][T16541]  ___sys_sendmsg+0x158/0x2a0
[  711.755802][T16541]  ? __pfx____sys_sendmsg+0x10/0x10
[  711.755859][T16541]  ? __fget_files+0x2a/0x420
[  711.755887][T16541]  ? __fget_files+0x3a0/0x420
[  711.755925][T16541]  __x64_sys_sendmsg+0x19b/0x260
[  711.755949][T16541]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  711.755987][T16541]  ? rcu_is_watching+0x15/0xb0
[  711.756013][T16541]  ? do_syscall_64+0xbe/0x3b0
[  711.756045][T16541]  do_syscall_64+0xfa/0x3b0
[  711.756072][T16541]  ? lockdep_hardirqs_on+0x9c/0x150
[  711.756099][T16541]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  711.756118][T16541]  ? clear_bhb_loop+0x60/0xb0
[  711.756142][T16541]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  711.756162][T16541] RIP: 0033:0x7f3de8f8ebe9
[  711.756179][T16541] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  711.756197][T16541] RSP: 002b:00007f3de9d39038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  711.756218][T16541] RAX: ffffffffffffffda RBX: 00007f3de91b5fa0 RCX: 00007f3de8f8ebe9
[  711.756233][T16541] RDX: 0000000000000004 RSI: 0000200000000240 RDI: 0000000000000006
[  711.756246][T16541] RBP: 00007f3de9d39090 R08: 0000000000000000 R09: 0000000000000000
[  711.756260][T16541] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  711.756272][T16541] R13: 00007f3de91b6038 R14: 00007f3de91b5fa0 R15: 00007f3de92dfa28
[  711.756304][T16541]  </TASK>
[  712.029464][T16537] netlink: 'syz.4.3247': attribute type 10 has an invalid length.
[  712.172402][T16537] netlink: 156 bytes leftover after parsing attributes in process `syz.4.3247'.
[  712.293949][ T5950] usb 3-1: new high-speed USB device number 100 using dummy_hcd
[  712.504079][ T5950] usb 3-1: Using ep0 maxpacket: 8
[  712.662381][ T5950] usb 3-1: config 0 has an invalid interface number: 55 but max is 0
[  712.670663][ T5950] usb 3-1: config 0 has no interface number 0
[  712.679729][ T5950] usb 3-1: config 0 interface 55 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[  712.691139][ T5950] usb 3-1: config 0 interface 55 altsetting 0 has an endpoint descriptor with address 0xAB, changing to 0x8B
[  712.715909][ T5950] usb 3-1: config 0 interface 55 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[  712.741383][ T5950] usb 3-1: config 0 interface 55 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 2
[  713.033535][ T5950] usb 3-1: New USB device found, idVendor=0f11, idProduct=1080, bcdDevice=fc.6a
[  713.316931][ T5950] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  713.409688][ T5950] usb 3-1: config 0 descriptor??
[  713.428700][ T5950] ldusb 3-1:0.55: LD USB Device #0 now attached to major 180 minor 0
[  713.545990][    C0] vcan0: j1939_tp_rxtimer: 0xffff8880541b6800: rx timeout, send abort
[  713.804745][T16562] Failed to get privilege flags for destination (handle=0x2:0x0)
[  714.055994][    C0] vcan0: j1939_tp_rxtimer: 0xffff8880541b6800: abort rx timeout. Force session deactivation
[  714.275270][T16569] netlink: 'syz.0.3256': attribute type 10 has an invalid length.
[  714.289389][T16569] team0: Port device dummy0 added
[  714.301221][T16569] netlink: 'syz.0.3256': attribute type 10 has an invalid length.
[  714.422687][T16572] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  714.641213][T12666] hid-generic 0000:0000:0000.001C: unknown main item tag 0x0
[  714.763659][T12666] hid-generic 0000:0000:0000.001C: hidraw0: <UNKNOWN> HID v0.00 Device [syz1] on syz0
[  715.140132][T16569] team0 (unregistering): Port device team_slave_0 removed
[  715.170909][T16569] team0 (unregistering): Port device team_slave_1 removed
[  715.198787][T16569] team0 (unregistering): Port device dummy0 removed
[  715.355199][T12666] usb 5-1: new high-speed USB device number 104 using dummy_hcd
[  715.517362][T12666] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  715.530174][T12666] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  715.542795][T12666] usb 5-1: New USB device found, idVendor=044f, idProduct=b65d, bcdDevice= 0.00
[  715.618607][T12666] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  715.690875][  T983] usb 3-1: USB disconnect, device number 100
[  715.727139][T12666] usb 5-1: config 0 descriptor??
[  715.752124][  T983] ldusb 3-1:0.55: LD USB Device #0 now disconnected
[  715.759711][T16587] batadv0: entered promiscuous mode
[  715.782729][T16587] 8021q: adding VLAN 0 to HW filter on device macvlan2
[  715.798676][T16587] batadv0: left promiscuous mode
[  715.946077][T12666] usbhid 5-1:0.0: can't add hid device: -71
[  715.957401][T12666] usbhid 5-1:0.0: probe with driver usbhid failed with error -71
[  716.226213][T12666] usb 5-1: USB disconnect, device number 104
[  716.332861][T16595] FAULT_INJECTION: forcing a failure.
[  716.332861][T16595] name failslab, interval 1, probability 0, space 0, times 0
[  716.358975][T16595] CPU: 1 UID: 0 PID: 16595 Comm: syz.1.3264 Not tainted syzkaller #0 PREEMPT(full) 
[  716.358999][T16595] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  716.359010][T16595] Call Trace:
[  716.359018][T16595]  <TASK>
[  716.359027][T16595]  dump_stack_lvl+0x189/0x250
[  716.359060][T16595]  ? __pfx____ratelimit+0x10/0x10
[  716.359087][T16595]  ? __pfx_dump_stack_lvl+0x10/0x10
[  716.359108][T16595]  ? __pfx__printk+0x10/0x10
[  716.359138][T16595]  ? __pfx___might_resched+0x10/0x10
[  716.359158][T16595]  should_fail_ex+0x414/0x560
[  716.359188][T16595]  should_failslab+0xa8/0x100
[  716.359219][T16595]  kmem_cache_alloc_node_noprof+0x76/0x3c0
[  716.359243][T16595]  ? __alloc_skb+0x112/0x2d0
[  716.359266][T16595]  __alloc_skb+0x112/0x2d0
[  716.359288][T16595]  netlink_sendmsg+0x5c6/0xb30
[  716.359326][T16595]  ? __pfx_netlink_sendmsg+0x10/0x10
[  716.359356][T16595]  ? aa_sock_msg_perm+0xf1/0x1d0
[  716.359376][T16595]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  716.359397][T16595]  ? __pfx_netlink_sendmsg+0x10/0x10
[  716.359428][T16595]  __sock_sendmsg+0x21c/0x270
[  716.359452][T16595]  ____sys_sendmsg+0x505/0x830
[  716.359467][T16595]  ? __pfx_____sys_sendmsg+0x10/0x10
[  716.359483][T16595]  ? import_iovec+0x74/0xa0
[  716.359497][T16595]  ___sys_sendmsg+0x21f/0x2a0
[  716.359510][T16595]  ? __pfx____sys_sendmsg+0x10/0x10
[  716.359539][T16595]  ? __fget_files+0x2a/0x420
[  716.359560][T16595]  ? __fget_files+0x3a0/0x420
[  716.359581][T16595]  __x64_sys_sendmsg+0x19b/0x260
[  716.359593][T16595]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  716.359609][T16595]  ? __pfx_ksys_write+0x10/0x10
[  716.359622][T16595]  ? rcu_is_watching+0x15/0xb0
[  716.359636][T16595]  ? do_syscall_64+0xbe/0x3b0
[  716.359653][T16595]  do_syscall_64+0xfa/0x3b0
[  716.359669][T16595]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  716.359678][T16595]  ? asm_sysvec_apic_timer_interrupt+0x1a/0x20
[  716.359689][T16595]  ? clear_bhb_loop+0x60/0xb0
[  716.359701][T16595]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  716.359711][T16595] RIP: 0033:0x7fb21f98ebe9
[  716.359722][T16595] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  716.359731][T16595] RSP: 002b:00007fb22085a038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  716.359744][T16595] RAX: ffffffffffffffda RBX: 00007fb21fbb5fa0 RCX: 00007fb21f98ebe9
[  716.359751][T16595] RDX: 0000000000000000 RSI: 00002000000000c0 RDI: 000000000000000d
[  716.359758][T16595] RBP: 00007fb22085a090 R08: 0000000000000000 R09: 0000000000000000
[  716.359765][T16595] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  716.359771][T16595] R13: 00007fb21fbb6038 R14: 00007fb21fbb5fa0 R15: 00007fb21fcdfa28
[  716.359787][T16595]  </TASK>
[  717.101056][T16606] binder: BINDER_SET_CONTEXT_MGR already set
[  717.107494][T16606] binder: 16598:16606 ioctl 4018620d 200000000040 returned -16
[  718.182262][T16626] netlink: 4 bytes leftover after parsing attributes in process `syz.4.3274'.
[  718.647288][ T5863] Bluetooth: hci5: command 0x0406 tx timeout
[  718.938525][T16636] IPVS: sync thread started: state = BACKUP, mcast_ifn = batadv0, syncid = 4, id = 0
[  718.967553][T16637] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  719.224304][T14716] usb 4-1: new high-speed USB device number 92 using dummy_hcd
[  719.376033][T14716] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0
[  719.386329][T14716] usb 4-1: config 1 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0
[  719.418244][T14716] usb 4-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  719.450282][T14716] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40
[  719.467741][T14716] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  719.502450][T14716] usb 4-1: Product: syz
[  719.503068][T16642] netlink: 'syz.4.3277': attribute type 10 has an invalid length.
[  719.531446][T14716] usb 4-1: Manufacturer: syz
[  719.544249][T14716] usb 4-1: SerialNumber: syz
[  719.544250][T16642] team0: Device netdevsim0 is up. Set it down before adding it as a team port
[  719.615230][T14716] hub 4-1:1.0: bad descriptor, ignoring hub
[  719.622675][T14716] hub 4-1:1.0: probe with driver hub failed with error -5
[  719.829729][T14716] usblp 4-1:1.0: usblp0: USB Unidirectional printer dev 92 if 0 alt 0 proto 1 vid 0x0525 pid 0xA4A8
[  720.022626][T16649] sctp: [Deprecated]: syz.4.3278 (pid 16649) Use of int in maxseg socket option.
[  720.022626][T16649] Use struct sctp_assoc_value instead
[  720.863967][T14718] usb 3-1: new high-speed USB device number 101 using dummy_hcd
[  721.034322][T14718] usb 3-1: Using ep0 maxpacket: 8
[  721.044318][T14718] usb 3-1: config 0 interface 0 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[  721.056810][T14718] usb 3-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0x9A, changing to 0x8A
[  721.073143][T14718] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x8A has an invalid bInterval 0, changing to 7
[  721.092707][T16672] netlink: 'syz.4.3285': attribute type 4 has an invalid length.
[  721.103953][T16672] netlink: 'syz.4.3285': attribute type 4 has an invalid length.
[  721.119404][T16672] netlink: 'syz.4.3285': attribute type 2 has an invalid length.
[  721.131747][T14718] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x8A has invalid wMaxPacketSize 0
[  721.146761][T16672] netlink: 'syz.4.3285': attribute type 2 has an invalid length.
[  721.156518][T16672] netlink: 8 bytes leftover after parsing attributes in process `syz.4.3285'.
[  721.158730][T14718] usb 3-1: config 0 interface 0 altsetting 0 has 4 endpoint descriptors, different from the interface descriptor's value: 3
[  721.230551][T14718] usb 3-1: New USB device found, idVendor=07c0, idProduct=1505, bcdDevice=b8.c5
[  721.241598][T14718] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  721.251286][T14718] usb 3-1: Product: syz
[  721.257458][T14718] usb 3-1: Manufacturer: syz
[  721.262057][T14718] usb 3-1: SerialNumber: syz
[  721.283478][T14718] usb 3-1: config 0 descriptor??
[  721.494181][T14716] usb 4-1: USB disconnect, device number 92
[  721.502047][T14716] usblp0: removed
[  722.549971][T16701] bond_slave_0: entered promiscuous mode
[  722.556307][T16701] bond_slave_1: entered promiscuous mode
[  722.591125][T16701] vlan2: entered promiscuous mode
[  722.611058][T16701] bond0: entered promiscuous mode
[  723.124925][T14718] iowarrior 3-1:0.0: IOWarrior product=0x1505, serial= interface=0 now attached to iowarrior0
[  723.205525][T16710] netem: incorrect gi model size
[  723.232632][T14718] usb 3-1: USB disconnect, device number 101
[  723.276034][T16710] netem: change failed
[  723.372853][T16691] netlink: 'syz.1.3293': attribute type 10 has an invalid length.
[  723.488472][T16691] netlink: 156 bytes leftover after parsing attributes in process `syz.1.3293'.
[  723.831968][T16722] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  724.277290][T16743] netlink: 84 bytes leftover after parsing attributes in process `syz.4.3306'.
[  724.743971][  T983] usb 3-1: new high-speed USB device number 102 using dummy_hcd
[  725.036247][T16753] netlink: 20 bytes leftover after parsing attributes in process `syz.1.3308'.
[  725.832422][T16763] fuse: Unknown parameter 'user_e)�_3H.uid'
[  726.233839][  T983] usb 3-1: device descriptor read/64, error -71
[  726.286552][   T30] audit: type=1326 audit(1755992252.635:325): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16777 comm="syz.1.3317" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb21f98ebe9 code=0x7ffc0000
[  726.316923][   T30] audit: type=1326 audit(1755992252.645:326): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16777 comm="syz.1.3317" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb21f98ebe9 code=0x7ffc0000
[  726.341649][   T30] audit: type=1326 audit(1755992252.645:327): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16777 comm="syz.1.3317" exe="/root/syz-executor" sig=0 arch=c000003e syscall=31 compat=0 ip=0x7fb21f98ebe9 code=0x7ffc0000
[  726.366758][   T30] audit: type=1326 audit(1755992252.645:328): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16777 comm="syz.1.3317" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb21f98ebe9 code=0x7ffc0000
[  726.389524][   T30] audit: type=1326 audit(1755992252.645:329): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16777 comm="syz.1.3317" exe="/root/syz-executor" sig=0 arch=c000003e syscall=272 compat=0 ip=0x7fb21f98ebe9 code=0x7ffc0000
[  726.412547][   T30] audit: type=1326 audit(1755992252.645:330): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16777 comm="syz.1.3317" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb21f98ebe9 code=0x7ffc0000
[  726.437439][   T30] audit: type=1326 audit(1755992252.645:331): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16777 comm="syz.1.3317" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb21f98ebe9 code=0x7ffc0000
[  726.461237][   T30] audit: type=1326 audit(1755992252.645:332): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16777 comm="syz.1.3317" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7fb21f98ebe9 code=0x7ffc0000
[  726.484171][   T30] audit: type=1326 audit(1755992252.645:333): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16777 comm="syz.1.3317" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb21f98ebe9 code=0x7ffc0000
[  726.506826][  T983] usb 3-1: new high-speed USB device number 103 using dummy_hcd
[  726.515974][   T30] audit: type=1326 audit(1755992252.645:334): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16777 comm="syz.1.3317" exe="/root/syz-executor" sig=0 arch=c000003e syscall=49 compat=0 ip=0x7fb21f98ebe9 code=0x7ffc0000
[  726.594115][T14547] usb 5-1: new high-speed USB device number 105 using dummy_hcd
[  726.665834][T16783] program syz.1.3318 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  726.716455][  T983] usb 3-1: Using ep0 maxpacket: 16
[  726.761593][  T983] usb 3-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0x92, changing to 0x82
[  726.774740][T14547] usb 5-1: Using ep0 maxpacket: 8
[  726.815427][T14547] usb 5-1: New USB device found, idVendor=0c45, idProduct=613a, bcdDevice=c4.6d
[  726.828435][  T983] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0
[  726.841380][T14547] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  726.851457][T14547] usb 5-1: Product: syz
[  726.860625][  T983] usb 3-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1
[  726.871009][  T983] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  726.879181][T14547] usb 5-1: Manufacturer: syz
[  726.884267][  T983] usb 3-1: Product: syz
[  726.888848][T14547] usb 5-1: SerialNumber: syz
[  726.895975][  T983] usb 3-1: Manufacturer: syz
[  726.902268][  T983] usb 3-1: SerialNumber: syz
[  726.909017][T14547] usb 5-1: config 0 descriptor??
[  726.918316][T14547] gspca_main: sonixj-2.14.0 probing 0c45:613a
[  726.932523][  T983] usb 3-1: config 0 descriptor??
[  726.940553][  T983] em28xx 3-1:0.0: New device syz syz @ 480 Mbps (2040:0264, interface 0, class 0)
[  726.951170][  T983] em28xx 3-1:0.0: Video interface 0 found:
[  727.434285][T14547] gspca_sonixj: reg_w1 err -110
[  727.480204][T14547] sonixj 5-1:0.0: probe with driver sonixj failed with error -110
[  727.679513][T14716] usb 5-1: USB disconnect, device number 105
[  727.943698][  T983] em28xx 3-1:0.0: unknown em28xx chip ID (0)
[  728.086835][  T983] em28xx 3-1:0.0: reading from i2c device at 0xa0 failed (error=-5)
[  728.111680][T16797] netlink: 12 bytes leftover after parsing attributes in process `syz.2.3323'.
[  728.131461][  T983] em28xx 3-1:0.0: board has no eeprom
[  728.143871][T14547] usb 2-1: new full-speed USB device number 102 using dummy_hcd
[  728.260406][  T983] em28xx 3-1:0.0: Identified as PCTV tripleStick (292e) (card=94)
[  728.278080][  T983] em28xx 3-1:0.0: Currently, V4L2 is not supported on this model
[  728.309531][T16799] loop4: detected capacity change from 0 to 7
[  728.330231][T14547] usb 2-1: config 0 has an invalid interface number: 20 but max is 0
[  728.337390][T16799] Dev loop4: unable to read RDB block 7
[  728.347542][T14547] usb 2-1: config 0 has no interface number 0
[  728.354727][T16799]  loop4: unable to read partition table
[  728.388598][T14547] usb 2-1: config 0 interface 20 altsetting 0 endpoint 0x6 has invalid maxpacket 1023, setting to 64
[  728.392660][T16799] loop4: partition table beyond EOD, 
[  728.400996][ T5950] em28xx 3-1:0.0: Binding DVB extension
[  728.420982][  T983] usb 3-1: USB disconnect, device number 103
[  728.428085][T16799] truncated
[  728.437549][ T5950] em28xx 3-1:0.0: no endpoint for DVB mode and transfer type 0
[  728.445561][T16799] loop_reread_partitions: partition scan of loop4 (�被x������ ) failed (rc=-5)
[  728.450635][  T983] em28xx 3-1:0.0: Disconnecting em28xx
[  728.481925][ T5950] em28xx 3-1:0.0: failed to pre-allocate USB transfer buffers for DVB.
[  728.497616][T14547] usb 2-1: New USB device found, idVendor=04e6, idProduct=0005, bcdDevice= 1.00
[  728.513822][ T5950] em28xx 3-1:0.0: Registering input extension
[  728.521249][T14547] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  728.533634][  T983] em28xx 3-1:0.0: Closing input extension
[  728.550067][T14547] usb 2-1: Product: syz
[  728.563304][T14547] usb 2-1: Manufacturer: syz
[  728.579603][T14547] usb 2-1: SerialNumber: syz
[  728.680725][T14547] usb 2-1: config 0 descriptor??
[  728.686925][  T983] em28xx 3-1:0.0: Freeing device
[  728.699337][T16795] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22
[  728.708381][T14547] ums-sddr09 2-1:0.20: USB Mass Storage device detected
[  728.810829][T14547] ums-sddr09 2-1:0.20: probe with driver ums-sddr09 failed with error -22
[  728.955666][T16795] RDS: rds_bind could not find a transport for ::ffff:172.30.0.2, load rds_tcp or rds_rdma?
[  728.990501][  T983] usb 2-1: USB disconnect, device number 102
[  729.583787][T14716] usb 3-1: new full-speed USB device number 104 using dummy_hcd
[  729.743813][T14716] usb 3-1: device descriptor read/64, error -71
[  730.024033][T14716] usb 3-1: new full-speed USB device number 105 using dummy_hcd
[  730.193857][T14716] usb 3-1: device descriptor read/64, error -71
[  730.324738][T14716] usb usb3-port1: attempt power cycle
[  730.683857][T14716] usb 3-1: new full-speed USB device number 106 using dummy_hcd
[  730.701822][T16828] netlink: 'syz.4.3333': attribute type 10 has an invalid length.
[  730.710988][T16828] netlink: 156 bytes leftover after parsing attributes in process `syz.4.3333'.
[  730.724988][T14716] usb 3-1: device descriptor read/8, error -71
[  730.994730][T14716] usb 3-1: new full-speed USB device number 107 using dummy_hcd
[  731.264561][T14716] usb 3-1: device descriptor read/8, error -71
[  731.374361][T14716] usb usb3-port1: unable to enumerate USB device
[  732.159700][T16842] input: syz0 as /devices/virtual/input/input35
[  732.844795][T14716] usb 3-1: new high-speed USB device number 108 using dummy_hcd
[  733.041025][T14716] usb 3-1: Using ep0 maxpacket: 8
[  733.062761][T14716] usb 3-1: config 0 has an invalid interface number: 143 but max is 0
[  733.075677][T14716] usb 3-1: config 0 has no interface number 0
[  733.081811][T14716] usb 3-1: New USB device found, idVendor=2058, idProduct=1005, bcdDevice=c1.9b
[  733.162170][T14716] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  733.192407][T14716] usb 3-1: config 0 descriptor??
[  733.216438][T14547] usb 5-1: new high-speed USB device number 106 using dummy_hcd
[  733.354924][T14716] viperboard 3-1:0.143: version 0.00 found at bus 003 address 108
[  733.421703][T14547] usb 5-1: New USB device found, idVendor=0f11, idProduct=1000, bcdDevice= 0.02
[  733.433452][T14716] viperboard-i2c viperboard-i2c.2.auto: error -EIO: failure setting i2c_bus_freq to 100
[  733.456075][T14716] viperboard-i2c viperboard-i2c.2.auto: probe with driver viperboard-i2c failed with error -5
[  733.523759][T14547] usb 5-1: New USB device strings: Mfr=0, Product=232, SerialNumber=255
[  733.539072][T14716] usb 3-1: USB disconnect, device number 108
[  733.607472][T16851] syz.1.3341 (16851): drop_caches: 2
[  733.616289][T14547] usb 5-1: Product: syz
[  733.625949][T14547] usb 5-1: SerialNumber: syz
[  733.640525][T14547] usb 5-1: config 0 descriptor??
[  733.861028][T14547] ldusb 5-1:0.0: Interrupt in endpoint not found
[  733.880426][T14547] usb 5-1: USB disconnect, device number 106
[  734.309379][T16882] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3348'.
[  734.343892][T16882] netlink: 312 bytes leftover after parsing attributes in process `syz.1.3348'.
[  734.355578][T16882] netlink: 'syz.1.3348': attribute type 1 has an invalid length.
[  734.375987][T16881] vti0: entered promiscuous mode
[  734.381977][T16881] vti0: entered allmulticast mode
[  735.644468][T16898] netlink: 104 bytes leftover after parsing attributes in process `syz.3.3353'.
[  735.788025][T16903] netlink: 'syz.2.3354': attribute type 4 has an invalid length.
[  735.914613][T16903] netlink: 40 bytes leftover after parsing attributes in process `syz.2.3354'.
[  735.940793][T16903] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3354'.
[  737.458821][T16926] netlink: 12 bytes leftover after parsing attributes in process `syz.2.3359'.
[  737.629674][T16918] netlink: 132 bytes leftover after parsing attributes in process `syz.1.3356'.
[  737.973921][T16939] PKCS7: Unknown OID: [5] (bad)
[  737.979407][T16939] PKCS7: Only support pkcs7_signedData type
[  740.710020][T16970] netem: incorrect gi model size
[  740.723925][T16970] netem: change failed
[  741.224361][T16975] loop2: detected capacity change from 0 to 7
[  741.241633][T16975] Dev loop2: unable to read RDB block 7
[  741.263175][T16975]  loop2: unable to read partition table
[  741.297178][T16975] loop2: partition table beyond EOD, truncated
[  741.355064][T16975] loop_reread_partitions: partition scan of loop2 (�被x������ ) failed (rc=-5)
[  741.853882][T14716] usb 3-1: new full-speed USB device number 109 using dummy_hcd
[  741.983952][T14716] usb 3-1: device descriptor read/64, error -71
[  742.246964][T14716] usb 3-1: new full-speed USB device number 110 using dummy_hcd
[  742.283811][T17014] binder: 17013:17014 ioctl aea2 46f returned -22
[  742.330397][T17021] netlink: 'syz.0.3388': attribute type 10 has an invalid length.
[  742.365582][T17021] netlink: 'syz.0.3388': attribute type 10 has an invalid length.
[  742.413898][T14716] usb 3-1: device descriptor read/64, error -71
[  742.457685][T17008] netlink: 'syz.3.3385': attribute type 10 has an invalid length.
[  742.469962][T17008] netlink: 156 bytes leftover after parsing attributes in process `syz.3.3385'.
[  742.523881][T14718] usb 2-1: new high-speed USB device number 103 using dummy_hcd
[  742.552747][T14716] usb usb3-port1: attempt power cycle
[  742.693931][T14718] usb 2-1: device descriptor read/64, error -71
[  742.893878][T14716] usb 3-1: new full-speed USB device number 111 using dummy_hcd
[  742.924525][T14716] usb 3-1: device descriptor read/8, error -71
[  742.944093][T14718] usb 2-1: new high-speed USB device number 104 using dummy_hcd
[  742.963786][T14723] usb 5-1: new full-speed USB device number 107 using dummy_hcd
[  743.093845][T14718] usb 2-1: device descriptor read/64, error -71
[  743.164987][T14716] usb 3-1: new full-speed USB device number 112 using dummy_hcd
[  743.173635][T14723] usb 5-1: unable to get BOS descriptor or descriptor too short
[  743.183161][T14723] usb 5-1: not running at top speed; connect to a high speed hub
[  743.196836][T14723] usb 5-1: config 253 has an invalid descriptor of length 0, skipping remainder of the config
[  743.208145][T14718] usb usb2-port1: attempt power cycle
[  743.214208][T14716] usb 3-1: device descriptor read/8, error -71
[  743.220717][T14723] usb 5-1: config 253 interface 0 altsetting 57 has 0 endpoint descriptors, different from the interface descriptor's value: 2
[  743.234961][T14723] usb 5-1: config 253 interface 0 has no altsetting 0
[  743.244131][T14723] usb 5-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  743.253901][T14723] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  743.263799][T14723] usb 5-1: Product: syz
[  743.268121][T14723] usb 5-1: Manufacturer: syz
[  743.272753][T14723] usb 5-1: SerialNumber: syz
[  743.344140][T14716] usb usb3-port1: unable to enumerate USB device
[  743.516137][T17027] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  743.527843][T17027] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  743.573800][T14718] usb 2-1: new high-speed USB device number 105 using dummy_hcd
[  743.587630][T14723] cdc_ether 5-1:253.0: skipping garbage
[  743.597147][T14723] usb 5-1: bad CDC descriptors
[  743.611462][T14723] usb 5-1: USB disconnect, device number 107
[  743.621966][T14718] usb 2-1: device descriptor read/8, error -71
[  743.873791][T14718] usb 2-1: new high-speed USB device number 106 using dummy_hcd
[  743.904604][T14718] usb 2-1: device descriptor read/8, error -71
[  744.014131][T14718] usb usb2-port1: unable to enumerate USB device
[  744.156069][T14723] hid-generic 0000:0000:0000.001D: unknown main item tag 0x0
[  744.180464][T14723] hid-generic 0000:0000:0000.001D: hidraw0: <UNKNOWN> HID v0.00 Device [syz1] on syz0
[  744.803266][T17042] netlink: 28 bytes leftover after parsing attributes in process `syz.2.3396'.
[  744.824006][T17042] netlink: 28 bytes leftover after parsing attributes in process `syz.2.3396'.
[  745.903837][T14547] usb 5-1: new high-speed USB device number 108 using dummy_hcd
[  746.053868][T14547] usb 5-1: Using ep0 maxpacket: 8
[  746.068008][T14547] usb 5-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xEE, changing to 0x8E
[  746.079909][T14547] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x8E has invalid wMaxPacketSize 0
[  746.089739][T14547] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x2 has invalid wMaxPacketSize 0
[  746.101757][T14547] usb 5-1: New USB device found, idVendor=187f, idProduct=0200, bcdDevice=6b.ad
[  746.110975][T14547] usb 5-1: New USB device strings: Mfr=55, Product=237, SerialNumber=3
[  746.119354][T14547] usb 5-1: Product: syz
[  746.123540][T14547] usb 5-1: Manufacturer: syz
[  746.128208][T14547] usb 5-1: SerialNumber: syz
[  746.137908][T14547] usb 5-1: config 0 descriptor??
[  746.148108][T14547] smsusb:smsusb_probe: board id=2, interface number 0
[  746.155613][T14547] smsusb:smsusb_probe: Device initialized with return code -19
[  746.332629][T14718] hid-generic 0000:0000:0000.001E: unknown main item tag 0x0
[  746.342268][T14718] hid-generic 0000:0000:0000.001E: hidraw0: <UNKNOWN> HID v0.00 Device [syz1] on syz0
[  746.559755][T14718] usb 5-1: USB disconnect, device number 108
[  747.196340][T17089] netlink: 'syz.4.3411': attribute type 10 has an invalid length.
[  747.209294][ T1303] ieee802154 phy0 wpan0: encryption failed: -22
[  747.215731][ T1303] ieee802154 phy1 wpan1: encryption failed: -22
[  747.327249][T17089] team0: Port device dummy0 added
[  747.357596][T17089] netlink: 'syz.4.3411': attribute type 10 has an invalid length.
[  747.374249][T14547] usb 3-1: new high-speed USB device number 113 using dummy_hcd
[  747.412684][T17089] team0 (unregistering): Port device team_slave_0 removed
[  747.450443][T17089] team0 (unregistering): Port device team_slave_1 removed
[  747.485388][T17089] team0 (unregistering): Port device dummy0 removed
[  747.563342][T14547] usb 3-1: config index 0 descriptor too short (expected 7679, got 36)
[  747.601422][T14547] usb 3-1: config 102 has an invalid descriptor of length 102, skipping remainder of the config
[  747.639845][T14547] usb 3-1: config 102 has 0 interfaces, different from the descriptor's value: 13
[  747.680720][T14547] usb 3-1: New USB device found, idVendor=0fc5, idProduct=b080, bcdDevice= 0.00
[  747.709373][T14547] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  748.301241][ T5950] IPVS: starting estimator thread 0...
[  748.393912][T17105] IPVS: using max 25 ests per chain, 60000 per kthread
[  748.554236][T17107] bridge1: trying to set multicast startup query interval above maximum, setting to 8640000 (86400000ms)
[  749.082053][T17117] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  749.114098][ T5950] usb 2-1: new high-speed USB device number 107 using dummy_hcd
[  749.266520][ T5950] usb 2-1: config 6 has an invalid interface number: 57 but max is 0
[  749.284561][ T5950] usb 2-1: config 6 has no interface number 0
[  749.292208][   T30] kauditd_printk_skb: 14 callbacks suppressed
[  749.292225][   T30] audit: type=1326 audit(1755992275.635:349): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17120 comm="syz.3.3419" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3de8f8ebe9 code=0x7ffc0000
[  749.321836][ T5950] usb 2-1: config 6 interface 57 has no altsetting 0
[  749.356930][   T30] audit: type=1326 audit(1755992275.635:350): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17120 comm="syz.3.3419" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3de8f8ebe9 code=0x7ffc0000
[  749.382769][ T5950] usb 2-1: New USB device found, idVendor=07b4, idProduct=010a, bcdDevice= 0.00
[  749.392063][ T5950] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  749.400926][   T30] audit: type=1326 audit(1755992275.675:351): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17120 comm="syz.3.3419" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3de8f8ebe9 code=0x7ffc0000
[  749.426256][ T5950] usb 2-1: Product: syz
[  749.433122][ T5950] usb 2-1: Manufacturer: syz
[  749.439571][ T5950] usb 2-1: SerialNumber: syz
[  749.461153][   T30] audit: type=1326 audit(1755992275.675:352): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17120 comm="syz.3.3419" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3de8f8ebe9 code=0x7ffc0000
[  749.489360][   T30] audit: type=1326 audit(1755992275.675:353): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17120 comm="syz.3.3419" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f3de8f8ebe9 code=0x7ffc0000
[  749.513840][   T30] audit: type=1326 audit(1755992275.675:354): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17120 comm="syz.3.3419" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3de8f8ebe9 code=0x7ffc0000
[  749.536913][   T30] audit: type=1326 audit(1755992275.675:355): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17120 comm="syz.3.3419" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f3de8f8ebe9 code=0x7ffc0000
[  749.560082][   T30] audit: type=1326 audit(1755992275.675:356): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17120 comm="syz.3.3419" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3de8f8ebe9 code=0x7ffc0000
[  749.587229][   T30] audit: type=1326 audit(1755992275.675:357): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17120 comm="syz.3.3419" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3de8f8ebe9 code=0x7ffc0000
[  749.613978][   T30] audit: type=1326 audit(1755992275.675:358): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17120 comm="syz.3.3419" exe="/root/syz-executor" sig=0 arch=c000003e syscall=54 compat=0 ip=0x7f3de8f8ebe9 code=0x7ffc0000
[  749.828331][T14547] usb 3-1: string descriptor 0 read error: -71
[  749.842397][T14547] usb 3-1: USB disconnect, device number 113
[  750.124031][T17127] FAULT_INJECTION: forcing a failure.
[  750.124031][T17127] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  750.137408][T17127] CPU: 0 UID: 0 PID: 17127 Comm: syz.3.3421 Not tainted syzkaller #0 PREEMPT(full) 
[  750.137432][T17127] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  750.137444][T17127] Call Trace:
[  750.137453][T17127]  <TASK>
[  750.137461][T17127]  dump_stack_lvl+0x189/0x250
[  750.137488][T17127]  ? __pfx____ratelimit+0x10/0x10
[  750.137515][T17127]  ? __pfx_dump_stack_lvl+0x10/0x10
[  750.137537][T17127]  ? __pfx__printk+0x10/0x10
[  750.137562][T17127]  ? __might_fault+0xb0/0x130
[  750.137597][T17127]  should_fail_ex+0x414/0x560
[  750.137629][T17127]  _copy_from_user+0x2d/0xb0
[  750.137652][T17127]  ___sys_sendmsg+0x158/0x2a0
[  750.137676][T17127]  ? __pfx____sys_sendmsg+0x10/0x10
[  750.137731][T17127]  ? __fget_files+0x2a/0x420
[  750.137754][T17127]  ? __fget_files+0x3a0/0x420
[  750.137774][T17127]  __x64_sys_sendmsg+0x19b/0x260
[  750.137787][T17127]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  750.137822][T17127]  ? do_syscall_64+0xbe/0x3b0
[  750.137855][T17127]  do_syscall_64+0xfa/0x3b0
[  750.137885][T17127]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  750.137898][T17127]  ? asm_sysvec_apic_timer_interrupt+0x1a/0x20
[  750.137909][T17127]  ? clear_bhb_loop+0x60/0xb0
[  750.137922][T17127]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  750.137932][T17127] RIP: 0033:0x7f3de8f8ebe9
[  750.137942][T17127] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  750.137955][T17127] RSP: 002b:00007f3de9d39038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  750.137977][T17127] RAX: ffffffffffffffda RBX: 00007f3de91b5fa0 RCX: 00007f3de8f8ebe9
[  750.137992][T17127] RDX: 0000000000000004 RSI: 0000200000000240 RDI: 0000000000000006
[  750.138015][T17127] RBP: 00007f3de9d39090 R08: 0000000000000000 R09: 0000000000000000
[  750.138028][T17127] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  750.138040][T17127] R13: 00007f3de91b6038 R14: 00007f3de91b5fa0 R15: 00007f3de92dfa28
[  750.138058][T17127]  </TASK>
[  750.339125][    C0] vkms_vblank_simulate: vblank timer overrun
[  750.414499][  T983] hid-generic 0000:0000:0000.001F: unknown main item tag 0x0
[  750.462886][  T983] hid-generic 0000:0000:0000.001F: hidraw0: <UNKNOWN> HID v0.00 Device [syz1] on syz0
[  750.579425][T17134] netlink: 76 bytes leftover after parsing attributes in process `syz.3.3423'.
[  751.103997][  T983] usb 3-1: new high-speed USB device number 114 using dummy_hcd
[  751.283915][  T983] usb 3-1: Using ep0 maxpacket: 32
[  751.291695][  T983] usb 3-1: config 0 has an invalid interface number: 85 but max is 0
[  751.299958][  T983] usb 3-1: config 0 has no interface number 0
[  751.306183][  T983] usb 3-1: config 0 interface 85 altsetting 7 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  751.317214][  T983] usb 3-1: config 0 interface 85 has no altsetting 0
[  751.326685][  T983] usb 3-1: New USB device found, idVendor=05ac, idProduct=0219, bcdDevice=f0.72
[  751.335849][  T983] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  751.344006][  T983] usb 3-1: Product: syz
[  751.348188][  T983] usb 3-1: Manufacturer: syz
[  751.352778][  T983] usb 3-1: SerialNumber: syz
[  751.359971][  T983] usb 3-1: config 0 descriptor??
[  751.519655][T17145] netlink: 'syz.4.3427': attribute type 10 has an invalid length.
[  751.778892][T17139] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  751.857077][T17139] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  751.895683][ T5950] usb-storage 2-1:6.57: USB Mass Storage device detected
[  752.003913][ T5950] usb 2-1: USB disconnect, device number 107
[  752.111355][  T983] appletouch 3-1:0.85: Geyser mode initialized.
[  752.132224][  T983] input: appletouch as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.85/input/input37
[  752.334377][ T5950] usb 3-1: USB disconnect, device number 114
[  752.406728][ T5950] appletouch 3-1:0.85: input: appletouch disconnected
[  752.703905][  T983] usb 4-1: new high-speed USB device number 93 using dummy_hcd
[  752.881144][  T983] usb 4-1: device descriptor read/64, error -71
[  752.914076][T14723] usb 5-1: new high-speed USB device number 109 using dummy_hcd
[  753.028329][T17189] FAULT_INJECTION: forcing a failure.
[  753.028329][T17189] name failslab, interval 1, probability 0, space 0, times 0
[  753.067842][T17189] CPU: 1 UID: 0 PID: 17189 Comm: syz.2.3446 Not tainted syzkaller #0 PREEMPT(full) 
[  753.067869][T17189] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  753.067882][T17189] Call Trace:
[  753.067890][T17189]  <TASK>
[  753.067899][T17189]  dump_stack_lvl+0x189/0x250
[  753.067937][T17189]  ? __pfx____ratelimit+0x10/0x10
[  753.067965][T17189]  ? __pfx_dump_stack_lvl+0x10/0x10
[  753.067989][T17189]  ? __pfx__printk+0x10/0x10
[  753.068023][T17189]  ? __pfx___might_resched+0x10/0x10
[  753.068042][T17189]  ? fs_reclaim_acquire+0x7d/0x100
[  753.068078][T17189]  should_fail_ex+0x414/0x560
[  753.068110][T17189]  should_failslab+0xa8/0x100
[  753.068140][T17189]  __kmalloc_noprof+0xcb/0x4f0
[  753.068165][T17189]  ? kfree+0x4d/0x440
[  753.068186][T17189]  ? tomoyo_realpath_from_path+0xe3/0x5d0
[  753.068212][T17189]  tomoyo_realpath_from_path+0xe3/0x5d0
[  753.068235][T17189]  ? tomoyo_domain+0xd9/0x130
[  753.068261][T17189]  ? tomoyo_path_number_perm+0x1bc/0x5a0
[  753.068288][T17189]  tomoyo_path_number_perm+0x1e8/0x5a0
[  753.068319][T17189]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  753.068364][T17189]  ? __lock_acquire+0xab9/0xd20
[  753.068413][T17189]  ? __fget_files+0x2a/0x420
[  753.068445][T17189]  ? __fget_files+0x2a/0x420
[  753.068473][T17189]  ? __fget_files+0x3a0/0x420
[  753.068500][T17189]  ? __fget_files+0x2a/0x420
[  753.068533][T17189]  security_file_ioctl+0xcb/0x2d0
[  753.068561][T17189]  __se_sys_ioctl+0x47/0x170
[  753.068588][T17189]  do_syscall_64+0xfa/0x3b0
[  753.068616][T17189]  ? lockdep_hardirqs_on+0x9c/0x150
[  753.068643][T17189]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  753.068664][T17189]  ? clear_bhb_loop+0x60/0xb0
[  753.068687][T17189]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  753.068705][T17189] RIP: 0033:0x7f8f47d8ebe9
[  753.068723][T17189] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  753.068742][T17189] RSP: 002b:00007f8f48c11038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  753.068764][T17189] RAX: ffffffffffffffda RBX: 00007f8f47fb5fa0 RCX: 00007f8f47d8ebe9
[  753.068779][T17189] RDX: 0000200000000100 RSI: 0000000000004601 RDI: 0000000000000003
[  753.068793][T17189] RBP: 00007f8f48c11090 R08: 0000000000000000 R09: 0000000000000000
[  753.068806][T17189] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  753.068818][T17189] R13: 00007f8f47fb6038 R14: 00007f8f47fb5fa0 R15: 00007f8f480dfa28
[  753.068850][T17189]  </TASK>
[  753.068859][T17189] ERROR: Out of memory at tomoyo_realpath_from_path.
[  753.106340][T14723] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  753.134156][  T983] usb 4-1: new high-speed USB device number 94 using dummy_hcd
[  753.180102][T14723] usb 5-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 1
[  753.396767][  T983] usb 4-1: device descriptor read/64, error -71
[  753.524505][  T983] usb usb4-port1: attempt power cycle
[  753.561151][T14723] usb 5-1: New USB device found, idVendor=227d, idProduct=0709, bcdDevice= 0.00
[  753.572814][T14723] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  753.592483][T14723] usb 5-1: config 0 descriptor??
[  753.894017][  T983] usb 4-1: new high-speed USB device number 95 using dummy_hcd
[  753.930729][  T983] usb 4-1: device descriptor read/8, error -71
[  754.262444][  T983] usb 4-1: new high-speed USB device number 96 using dummy_hcd
[  754.298822][  T983] usb 4-1: device descriptor read/8, error -71
[  754.437192][  T983] usb usb4-port1: unable to enumerate USB device
[  754.526040][T17214] netlink: 48 bytes leftover after parsing attributes in process `syz.4.3444'.
[  755.053795][  T983] usb 2-1: new high-speed USB device number 108 using dummy_hcd
[  755.213942][  T983] usb 2-1: Using ep0 maxpacket: 8
[  755.245187][  T983] usb 2-1: New USB device found, idVendor=0763, idProduct=2080, bcdDevice=d0.ab
[  755.254507][  T983] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  755.267528][  T983] usb 2-1: Product: syz
[  755.272543][  T983] usb 2-1: Manufacturer: syz
[  755.278531][  T983] usb 2-1: SerialNumber: syz
[  755.319265][  T983] usb 2-1: config 0 descriptor??
[  755.413548][T17225] random: crng reseeded on system resumption
[  755.791551][T17217] netlink: 'syz.1.3454': attribute type 10 has an invalid length.
[  756.011709][T17217] veth0_vlan: left promiscuous mode
[  756.060650][T17217] veth0_vlan: entered promiscuous mode
[  756.161878][T17217] team0: Device veth0_vlan failed to register rx_handler
[  757.896236][T14723] usb 5-1: string descriptor 0 read error: -71
[  757.963648][T14723] usbhid 5-1:0.0: can't add hid device: -22
[  758.047643][T14723] usbhid 5-1:0.0: probe with driver usbhid failed with error -22
[  758.118557][T14723] usb 5-1: USB disconnect, device number 109
[  758.489622][  T983] usb 2-1: USB disconnect, device number 108
[  758.585649][ T5914] udevd[5914]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  758.884323][T14718] usb 5-1: new high-speed USB device number 110 using dummy_hcd
[  759.066932][T14718] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  759.106404][T14718] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  759.136721][T14718] usb 5-1: New USB device found, idVendor=0fc5, idProduct=b080, bcdDevice= 0.00
[  759.169826][T17259] loop2: detected capacity change from 0 to 7
[  759.176899][T17259] Dev loop2: unable to read RDB block 7
[  759.182969][T17259]  loop2: unable to read partition table
[  759.195649][T14718] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  759.215856][T17259] loop2: partition table beyond EOD, truncated
[  759.238128][T17259] loop_reread_partitions: partition scan of loop2 (�被x������ ) failed (rc=-5)
[  759.263935][T14718] usb 5-1: config 0 descriptor??
[  759.302013][T17265] fuse: Bad value for 'fd'
[  759.703665][T17273] binder: transaction release 177 bad handle 1, ret = -22
[  760.313029][T17247] sctp: [Deprecated]: syz.4.3460 (pid 17247) Use of struct sctp_assoc_value in delayed_ack socket option.
[  760.313029][T17247] Use struct sctp_sack_info instead
[  760.432254][T17277] bridge0: port 2(bridge_slave_1) entered disabled state
[  760.723940][T14718] usb 4-1: new high-speed USB device number 97 using dummy_hcd
[  760.894814][T14718] usb 4-1: Using ep0 maxpacket: 16
[  760.903033][T14718] usb 4-1: too many configurations: 101, using maximum allowed: 8
[  760.913822][T14718] usb 4-1: unable to read config index 0 descriptor/start: -61
[  760.921935][T14718] usb 4-1: can't read configurations, error -61
[  761.063851][T14718] usb 4-1: new high-speed USB device number 98 using dummy_hcd
[  761.197424][T17290] md: async del_gendisk mode will be removed in future, please upgrade to mdadm-4.5+
[  761.234261][T14718] usb 4-1: Using ep0 maxpacket: 16
[  761.254603][T14718] usb 4-1: too many configurations: 101, using maximum allowed: 8
[  761.295457][T14718] usb 4-1: unable to read config index 0 descriptor/start: -61
[  761.332897][T14718] usb 4-1: can't read configurations, error -61
[  761.357127][T14718] usb usb4-port1: attempt power cycle
[  761.502982][  T983] usb 5-1: USB disconnect, device number 110
[  761.743802][T14718] usb 4-1: new high-speed USB device number 99 using dummy_hcd
[  761.774236][T14718] usb 4-1: Using ep0 maxpacket: 16
[  761.779987][T14718] usb 4-1: too many configurations: 101, using maximum allowed: 8
[  761.811733][T14718] usb 4-1: unable to read config index 0 descriptor/start: -61
[  761.883102][T14718] usb 4-1: can't read configurations, error -61
[  762.033969][T14718] usb 4-1: new high-speed USB device number 100 using dummy_hcd
[  762.074972][T14718] usb 4-1: Using ep0 maxpacket: 16
[  762.088432][T14718] usb 4-1: too many configurations: 101, using maximum allowed: 8
[  762.134103][T14718] usb 4-1: unable to read config index 0 descriptor/start: -61
[  762.163862][T14718] usb 4-1: can't read configurations, error -61
[  762.191247][T14718] usb usb4-port1: unable to enumerate USB device
[  762.369959][T17310] ptrace attach of "./syz-executor exec"[16357] was attempted by "./syz-executor exec"[17310]
[  762.550047][T17313] netlink: 312 bytes leftover after parsing attributes in process `syz.2.3482'.
[  762.636975][T17313] netlink: 36 bytes leftover after parsing attributes in process `syz.2.3482'.
[  762.770313][T17318] netlink: 'syz.2.3484': attribute type 15 has an invalid length.
[  762.895736][T14716] usb 2-1: new high-speed USB device number 109 using dummy_hcd
[  763.033961][T14716] usb 2-1: device descriptor read/64, error -71
[  763.294090][T14716] usb 2-1: new high-speed USB device number 110 using dummy_hcd
[  763.423889][T14716] usb 2-1: device descriptor read/64, error -71
[  763.536668][T14716] usb usb2-port1: attempt power cycle
[  763.559252][T17322] netlink: 'syz.3.3485': attribute type 10 has an invalid length.
[  763.575024][T17322] netlink: 'syz.3.3485': attribute type 10 has an invalid length.
[  763.875329][T14716] usb 2-1: new high-speed USB device number 111 using dummy_hcd
[  763.904725][T14716] usb 2-1: device descriptor read/8, error -71
[  764.163837][T14716] usb 2-1: new high-speed USB device number 112 using dummy_hcd
[  764.185506][T14716] usb 2-1: device descriptor read/8, error -71
[  764.295837][T14716] usb usb2-port1: unable to enumerate USB device
[  764.684558][T17336] FAULT_INJECTION: forcing a failure.
[  764.684558][T17336] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  764.698010][T17336] CPU: 0 UID: 0 PID: 17336 Comm: syz.4.3490 Not tainted syzkaller #0 PREEMPT(full) 
[  764.698038][T17336] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  764.698051][T17336] Call Trace:
[  764.698059][T17336]  <TASK>
[  764.698068][T17336]  dump_stack_lvl+0x189/0x250
[  764.698087][T17336]  ? __pfx____ratelimit+0x10/0x10
[  764.698103][T17336]  ? __pfx_dump_stack_lvl+0x10/0x10
[  764.698115][T17336]  ? __pfx__printk+0x10/0x10
[  764.698129][T17336]  ? __might_fault+0xb0/0x130
[  764.698149][T17336]  should_fail_ex+0x414/0x560
[  764.698166][T17336]  _copy_from_user+0x2d/0xb0
[  764.698179][T17336]  ___sys_sendmsg+0x158/0x2a0
[  764.698193][T17336]  ? __pfx____sys_sendmsg+0x10/0x10
[  764.698222][T17336]  ? __fget_files+0x2a/0x420
[  764.698237][T17336]  ? __fget_files+0x3a0/0x420
[  764.698257][T17336]  __x64_sys_sendmsg+0x19b/0x260
[  764.698270][T17336]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  764.698286][T17336]  ? rcu_is_watching+0x15/0xb0
[  764.698300][T17336]  ? do_syscall_64+0xbe/0x3b0
[  764.698317][T17336]  do_syscall_64+0xfa/0x3b0
[  764.698331][T17336]  ? lockdep_hardirqs_on+0x9c/0x150
[  764.698345][T17336]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  764.698355][T17336]  ? clear_bhb_loop+0x60/0xb0
[  764.698368][T17336]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  764.698378][T17336] RIP: 0033:0x7fe60e18ebe9
[  764.698388][T17336] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  764.698398][T17336] RSP: 002b:00007fe60ef68038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  764.698410][T17336] RAX: ffffffffffffffda RBX: 00007fe60e3b5fa0 RCX: 00007fe60e18ebe9
[  764.698418][T17336] RDX: 0000000000000004 RSI: 0000200000000240 RDI: 0000000000000006
[  764.698425][T17336] RBP: 00007fe60ef68090 R08: 0000000000000000 R09: 0000000000000000
[  764.698432][T17336] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  764.698438][T17336] R13: 00007fe60e3b6038 R14: 00007fe60e3b5fa0 R15: 00007fe60e4dfa28
[  764.698454][T17336]  </TASK>
[  764.902619][    C0] vkms_vblank_simulate: vblank timer overrun
[  765.240128][T17349] netlink: 'syz.4.3494': attribute type 10 has an invalid length.
[  765.248400][T17349] netlink: 156 bytes leftover after parsing attributes in process `syz.4.3494'.
[  765.322747][T17352] netlink: 28 bytes leftover after parsing attributes in process `syz.0.3495'.
[  765.338899][T17352] netlink: 28 bytes leftover after parsing attributes in process `syz.0.3495'.
[  765.438996][T17352] gretap0: entered promiscuous mode
[  765.451925][T17352] batadv_slave_1: entered promiscuous mode
[  765.472498][T17352] debugfs: 'hsr1' already exists in 'hsr'
[  765.489107][T17352] Cannot create hsr debugfs directory
[  765.643093][T17355] FAULT_INJECTION: forcing a failure.
[  765.643093][T17355] name failslab, interval 1, probability 0, space 0, times 0
[  765.663413][T17355] CPU: 1 UID: 0 PID: 17355 Comm: syz.1.3496 Not tainted syzkaller #0 PREEMPT(full) 
[  765.663441][T17355] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  765.663454][T17355] Call Trace:
[  765.663463][T17355]  <TASK>
[  765.663472][T17355]  dump_stack_lvl+0x189/0x250
[  765.663502][T17355]  ? __pfx____ratelimit+0x10/0x10
[  765.663530][T17355]  ? __pfx_dump_stack_lvl+0x10/0x10
[  765.663554][T17355]  ? __pfx__printk+0x10/0x10
[  765.663588][T17355]  ? __pfx___might_resched+0x10/0x10
[  765.663612][T17355]  should_fail_ex+0x414/0x560
[  765.663643][T17355]  should_failslab+0xa8/0x100
[  765.663673][T17355]  kmem_cache_alloc_node_noprof+0x76/0x3c0
[  765.663705][T17355]  ? __alloc_skb+0x112/0x2d0
[  765.663726][T17355]  __alloc_skb+0x112/0x2d0
[  765.663751][T17355]  netlink_sendmsg+0x5c6/0xb30
[  765.663788][T17355]  ? __pfx_netlink_sendmsg+0x10/0x10
[  765.663820][T17355]  ? aa_sock_msg_perm+0xf1/0x1d0
[  765.663841][T17355]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  765.663863][T17355]  ? __pfx_netlink_sendmsg+0x10/0x10
[  765.663893][T17355]  __sock_sendmsg+0x21c/0x270
[  765.663923][T17355]  ____sys_sendmsg+0x505/0x830
[  765.663949][T17355]  ? __pfx_____sys_sendmsg+0x10/0x10
[  765.663980][T17355]  ? import_iovec+0x74/0xa0
[  765.664006][T17355]  ___sys_sendmsg+0x21f/0x2a0
[  765.664030][T17355]  ? __pfx____sys_sendmsg+0x10/0x10
[  765.664087][T17355]  ? __fget_files+0x2a/0x420
[  765.664116][T17355]  ? __fget_files+0x3a0/0x420
[  765.664155][T17355]  __x64_sys_sendmsg+0x19b/0x260
[  765.664180][T17355]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  765.664211][T17355]  ? __pfx_ksys_write+0x10/0x10
[  765.664235][T17355]  ? rcu_is_watching+0x15/0xb0
[  765.664261][T17355]  ? do_syscall_64+0xbe/0x3b0
[  765.664293][T17355]  do_syscall_64+0xfa/0x3b0
[  765.664321][T17355]  ? lockdep_hardirqs_on+0x9c/0x150
[  765.664348][T17355]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  765.664368][T17355]  ? clear_bhb_loop+0x60/0xb0
[  765.664392][T17355]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  765.664411][T17355] RIP: 0033:0x7fb21f98ebe9
[  765.664430][T17355] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  765.664448][T17355] RSP: 002b:00007fb22085a038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  765.664469][T17355] RAX: ffffffffffffffda RBX: 00007fb21fbb5fa0 RCX: 00007fb21f98ebe9
[  765.664484][T17355] RDX: 0000000000000000 RSI: 0000200000000140 RDI: 0000000000000003
[  765.664497][T17355] RBP: 00007fb22085a090 R08: 0000000000000000 R09: 0000000000000000
[  765.664506][T17355] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  765.664515][T17355] R13: 00007fb21fbb6038 R14: 00007fb21fbb5fa0 R15: 00007fb21fcdfa28
[  765.664545][T17355]  </TASK>
[  766.283810][T14723] usb 2-1: new high-speed USB device number 113 using dummy_hcd
[  766.516024][T14723] usb 2-1: config 6 has an invalid interface number: 57 but max is 0
[  766.524291][T14723] usb 2-1: config 6 has no interface number 0
[  766.530414][T14723] usb 2-1: config 6 interface 57 has no altsetting 0
[  766.541790][T14723] usb 2-1: New USB device found, idVendor=07b4, idProduct=010a, bcdDevice= 0.00
[  766.551272][T14723] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  766.571116][T14723] usb 2-1: Product: syz
[  766.577836][T14723] usb 2-1: Manufacturer: syz
[  766.582417][T14723] usb 2-1: SerialNumber: syz
[  768.714130][ T5950] usb 5-1: new full-speed USB device number 111 using dummy_hcd
[  768.767801][T17395] netlink: 'syz.0.3510': attribute type 21 has an invalid length.
[  768.778498][T17395] netlink: 'syz.0.3510': attribute type 1 has an invalid length.
[  768.788415][T17395] netlink: 16098 bytes leftover after parsing attributes in process `syz.0.3510'.
[  769.085007][T17415] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  769.183928][T14723] usb-storage 2-1:6.57: USB Mass Storage device detected
[  769.261504][T14723] usb 2-1: USB disconnect, device number 113
[  769.286682][T17422] openvswitch: netlink: IP tunnel attribute has 12 unknown bytes.
[  770.676677][T17429] loop7: detected capacity change from 0 to 7
[  770.695385][ T5950] usb 3-1: new high-speed USB device number 115 using dummy_hcd
[  770.853816][ T5950] usb 3-1: Using ep0 maxpacket: 16
[  770.861121][ T5950] usb 3-1: config 0 has an invalid interface number: 2 but max is 0
[  770.869594][ T5950] usb 3-1: config 0 has no interface number 0
[  770.876146][ T5950] usb 3-1: config 0 interface 2 altsetting 0 bulk endpoint 0x8 has invalid maxpacket 1023
[  770.887580][ T5950] usb 3-1: config 0 interface 2 altsetting 0 bulk endpoint 0x7 has invalid maxpacket 1023
[  770.921213][ T5950] usb 3-1: New USB device found, idVendor=09fb, idProduct=6026, bcdDevice=fe.8a
[  770.931132][ T5950] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  770.940303][ T5950] usb 3-1: Product: syz
[  770.945032][ T5950] usb 3-1: Manufacturer: syz
[  770.949833][ T5950] usb 3-1: SerialNumber: syz
[  771.037668][ T5950] usb 3-1: config 0 descriptor??
[  771.062606][T17439] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22
[  771.076260][T17439] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22
[  771.098759][ T5950] ftdi_sio 3-1:0.2: FTDI USB Serial Device converter detected
[  771.122696][ T5950] ftdi_sio ttyUSB0: unknown device type: 0xfe8a
[  771.217376][ T5914] Dev loop7: unable to read RDB block 7
[  771.223419][ T5914]  loop7: unable to read partition table
[  771.240809][ T5914] loop7: partition table beyond EOD, truncated
[  771.301387][ T5950] usb 3-1: USB disconnect, device number 115
[  771.313943][ T5950] ftdi_sio 3-1:0.2: device disconnected
[  771.436490][T17448] netem: incorrect gi model size
[  771.441569][T17448] netem: change failed
[  771.673897][ T5233] Dev loop7: unable to read RDB block 7
[  771.680947][ T5233]  loop7: unable to read partition table
[  771.688061][ T5233] loop7: partition table beyond EOD, truncated
[  771.983824][T14723] usb 4-1: new high-speed USB device number 101 using dummy_hcd
[  772.146414][T14723] usb 4-1: config 6 has an invalid interface number: 57 but max is 0
[  772.168471][T14723] usb 4-1: config 6 has no interface number 0
[  772.178829][T14723] usb 4-1: config 6 interface 57 has no altsetting 0
[  772.196381][T14723] usb 4-1: New USB device found, idVendor=07b4, idProduct=010a, bcdDevice= 0.00
[  772.208612][T14723] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  772.227231][T14723] usb 4-1: Product: syz
[  772.239526][T14723] usb 4-1: Manufacturer: syz
[  772.253917][T14723] usb 4-1: SerialNumber: syz
[  772.402672][T17464] netlink: 8 bytes leftover after parsing attributes in process `syz.4.3529'.
[  772.744049][T17462] netlink: 132 bytes leftover after parsing attributes in process `syz.2.3528'.
[  772.862445][T17471] syz_tun: entered allmulticast mode
[  772.943832][T17471] dvmrp8: entered allmulticast mode
[  773.037971][T17470] syz_tun: left allmulticast mode
[  773.043946][T17470] dvmrp8: left allmulticast mode
[  773.444371][T14716] usb 2-1: new high-speed USB device number 114 using dummy_hcd
[  773.614030][T14716] usb 2-1: Using ep0 maxpacket: 16
[  773.621185][T14716] usb 2-1: config 0 has an invalid interface number: 8 but max is 0
[  773.629659][T14716] usb 2-1: config 0 contains an unexpected descriptor of type 0x2, skipping
[  773.638477][T14716] usb 2-1: config 0 has no interface number 0
[  773.644716][T14716] usb 2-1: config 0 interface 8 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[  773.659699][T14716] usb 2-1: New USB device found, idVendor=0d8c, idProduct=000e, bcdDevice=8e.8f
[  773.663810][ T5943] usb 3-1: new high-speed USB device number 116 using dummy_hcd
[  773.668908][T14716] usb 2-1: New USB device strings: Mfr=0, Product=24, SerialNumber=3
[  773.685239][T14716] usb 2-1: Product: syz
[  773.689438][T14716] usb 2-1: SerialNumber: syz
[  773.698903][T14716] usb 2-1: config 0 descriptor??
[  773.718094][T14716] usbhid 2-1:0.8: couldn't find an input interrupt endpoint
[  773.833520][T17485] netlink: 'syz.4.3539': attribute type 1 has an invalid length.
[  773.855283][ T5943] usb 3-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 2
[  773.868509][ T5943] usb 3-1: Duplicate descriptor for config 0 interface 0 altsetting 0, skipping
[  773.880601][ T5943] usb 3-1: New USB device found, idVendor=1781, idProduct=0938, bcdDevice=9b.49
[  773.896383][T17485] 8021q: adding VLAN 0 to HW filter on device bond1
[  773.896529][ T5943] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  773.911329][ T5943] usb 3-1: Product: syz
[  773.915752][ T5943] usb 3-1: Manufacturer: syz
[  773.916582][T17487] bond1: (slave dummy0): making interface the new active one
[  773.920355][ T5943] usb 3-1: SerialNumber: syz
[  773.923219][ T5943] usb 3-1: config 0 descriptor??
[  773.946315][T17487] bond1: (slave dummy0): Enslaving as an active interface with an up link
[  773.959226][T14716] usb 2-1: USB disconnect, device number 114
[  774.182538][ T5943] usb 3-1: USB disconnect, device number 116
[  774.715275][   T30] kauditd_printk_skb: 41 callbacks suppressed
[  774.715497][   T30] audit: type=1400 audit(1755992301.055:400): apparmor="DENIED" operation="change_profile" class="file" info="label not found" error=-22 profile="unconfined" name="&" pid=17497 comm="syz.0.3543"
[  774.806633][T14723] usb-storage 4-1:6.57: USB Mass Storage device detected
[  774.906443][T14723] usb 4-1: USB disconnect, device number 101
[  775.009917][T17506] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3545'.
[  776.090200][T17539] netlink: 'syz.4.3557': attribute type 30 has an invalid length.
[  776.099852][T17539] (unnamed net_device) (uninitialized): option arp_missed_max: invalid value (0)
[  776.109427][T17539] (unnamed net_device) (uninitialized): option arp_missed_max: allowed values 1 - 255
[  776.163796][T14547] usb 3-1: new high-speed USB device number 117 using dummy_hcd
[  776.294187][T14547] usb 3-1: device descriptor read/64, error -71
[  776.564367][T14547] usb 3-1: new high-speed USB device number 118 using dummy_hcd
[  776.683858][T14720] usb 2-1: new high-speed USB device number 115 using dummy_hcd
[  776.724046][T14547] usb 3-1: device descriptor read/64, error -71
[  776.844381][T14720] usb 2-1: Using ep0 maxpacket: 8
[  776.894503][T14547] usb usb3-port1: attempt power cycle
[  776.901408][T14720] usb 2-1: config 2 has an invalid interface number: 31 but max is 0
[  776.954623][T14720] usb 2-1: config 2 has no interface number 0
[  776.969216][T14720] usb 2-1: config 2 interface 31 has no altsetting 0
[  777.000051][T14720] usb 2-1: New USB device found, idVendor=1a86, idProduct=e092, bcdDevice=53.3f
[  777.023787][T14720] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  777.047540][T14720] usb 2-1: Product: syz
[  777.059633][T14720] usb 2-1: Manufacturer: syz
[  777.070321][T14720] usb 2-1: SerialNumber: syz
[  777.102391][T14720] ch9200 2-1:2.31: probe with driver ch9200 failed with error -22
[  777.253999][T14547] usb 3-1: new high-speed USB device number 119 using dummy_hcd
[  777.274651][T14547] usb 3-1: device descriptor read/8, error -71
[  777.513886][T14547] usb 3-1: new high-speed USB device number 120 using dummy_hcd
[  777.535763][T14547] usb 3-1: device descriptor read/8, error -71
[  777.644344][T14547] usb usb3-port1: unable to enumerate USB device
[  778.303833][ T5950] usb 5-1: new full-speed USB device number 112 using dummy_hcd
[  778.466378][ T5950] usb 5-1: not running at top speed; connect to a high speed hub
[  778.483591][ T5950] usb 5-1: config 7 has an invalid interface number: 128 but max is 2
[  778.500443][ T5950] usb 5-1: config 7 has an invalid descriptor of length 146, skipping remainder of the config
[  778.516937][ T5950] usb 5-1: config 7 has 1 interface, different from the descriptor's value: 3
[  778.526440][ T5950] usb 5-1: config 7 has no interface number 0
[  778.533552][ T5950] usb 5-1: config 7 interface 128 altsetting 202 has 0 endpoint descriptors, different from the interface descriptor's value: 10
[  778.553799][ T5950] usb 5-1: config 7 interface 128 has no altsetting 0
[  778.574751][ T5950] usb 5-1: New USB device found, idVendor=0a4e, idProduct=2040, bcdDevice=63.e3
[  778.593472][ T5950] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  778.601902][ T5950] usb 5-1: Product: syz
[  778.606499][ T5950] usb 5-1: Manufacturer: Х
[  778.613148][ T5950] usb 5-1: SerialNumber: syz
[  778.845671][T17556] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  778.857520][T17556] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  778.901954][ T5950] usb 5-1: USB disconnect, device number 112
[  778.946844][ T5914] udevd[5914]: error opening ATTR{/sys/devices/platform/dummy_hcd.4/usb5/5-1/5-1:7.128/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  779.528898][T14723] usb 2-1: USB disconnect, device number 115
[  779.728561][T17595] netlink: 'syz.0.3574': attribute type 5 has an invalid length.
[  779.763866][T14720] usb 3-1: new high-speed USB device number 121 using dummy_hcd
[  779.803943][T14718] usb 5-1: new high-speed USB device number 113 using dummy_hcd
[  779.913804][T14723] usb 2-1: new high-speed USB device number 116 using dummy_hcd
[  779.924754][T14720] usb 3-1: config index 0 descriptor too short (expected 57810, got 77)
[  779.933194][T14720] usb 3-1: config 128 has an invalid descriptor of length 98, skipping remainder of the config
[  779.947471][T14720] usb 3-1: config 128 has 0 interfaces, different from the descriptor's value: 3
[  779.958824][T14720] usb 3-1: New USB device found, idVendor=091e, idProduct=0003, bcdDevice=d7.3b
[  779.968051][T14720] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  779.976121][T14718] usb 5-1: Using ep0 maxpacket: 32
[  779.981322][T14720] usb 3-1: Product: syz
[  779.986344][T14718] usb 5-1: too many configurations: 179, using maximum allowed: 8
[  779.994235][T14720] usb 3-1: Manufacturer: syz
[  779.998842][T14720] usb 3-1: SerialNumber: syz
[  780.008708][T14718] usb 5-1: unable to read config index 0 descriptor/start: -61
[  780.017092][T14718] usb 5-1: can't read configurations, error -61
[  780.064042][T14723] usb 2-1: Using ep0 maxpacket: 32
[  780.072581][T14723] usb 2-1: New USB device found, idVendor=0c72, idProduct=000d, bcdDevice=27.9b
[  780.081731][T14723] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  780.089830][T14723] usb 2-1: Product: syz
[  780.094862][T14723] usb 2-1: Manufacturer: syz
[  780.099495][T14723] usb 2-1: SerialNumber: syz
[  780.107790][T14723] usb 2-1: config 0 descriptor??
[  780.153990][T14718] usb 5-1: new high-speed USB device number 114 using dummy_hcd
[  780.303823][T14718] usb 5-1: Using ep0 maxpacket: 32
[  780.309785][T14718] usb 5-1: too many configurations: 179, using maximum allowed: 8
[  780.319575][T14718] usb 5-1: unable to read config index 0 descriptor/start: -61
[  780.327279][T14718] usb 5-1: can't read configurations, error -61
[  780.334233][T14718] usb usb5-port1: attempt power cycle
[  780.510764][T17601] binder: transaction release 193 bad handle 1, ret = -22
[  780.622088][T14723] peak_usb 2-1:0.0 can0: unable to request usb[type=2 value=5] err=-71
[  780.674004][T14718] usb 5-1: new high-speed USB device number 115 using dummy_hcd
[  780.705885][T14723] peak_usb 2-1:0.0: probe with driver peak_usb failed with error -71
[  780.720460][T14718] usb 5-1: Using ep0 maxpacket: 32
[  780.729801][T14718] usb 5-1: too many configurations: 179, using maximum allowed: 8
[  780.745806][T14723] usb 2-1: USB disconnect, device number 116
[  780.754411][T14718] usb 5-1: unable to read config index 0 descriptor/start: -61
[  780.776467][T14718] usb 5-1: can't read configurations, error -61
[  780.923789][T14718] usb 5-1: new high-speed USB device number 116 using dummy_hcd
[  780.965350][T14718] usb 5-1: Using ep0 maxpacket: 32
[  780.971305][T14718] usb 5-1: too many configurations: 179, using maximum allowed: 8
[  780.983916][T14718] usb 5-1: unable to read config index 0 descriptor/start: -61
[  780.998707][T14718] usb 5-1: can't read configurations, error -61
[  781.006989][T14718] usb usb5-port1: unable to enumerate USB device
[  781.928107][T17619] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3580'.
[  781.942159][   T30] audit: type=1326 audit(1755992308.145:401): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17616 comm="syz.1.3580" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb21f98ebe9 code=0x7ffc0000
[  781.977188][   T30] audit: type=1326 audit(1755992308.145:402): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17616 comm="syz.1.3580" exe="/root/syz-executor" sig=0 arch=c000003e syscall=135 compat=0 ip=0x7fb21f98ebe9 code=0x7ffc0000
[  782.018229][   T30] audit: type=1326 audit(1755992308.145:403): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17616 comm="syz.1.3580" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb21f98ebe9 code=0x7ffc0000
[  782.106822][   T30] audit: type=1326 audit(1755992308.145:404): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17616 comm="syz.1.3580" exe="/root/syz-executor" sig=0 arch=c000003e syscall=314 compat=0 ip=0x7fb21f98ebe9 code=0x7ffc0000
[  782.169981][   T30] audit: type=1326 audit(1755992308.145:405): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17616 comm="syz.1.3580" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb21f98ebe9 code=0x7ffc0000
[  782.208643][   T30] audit: type=1326 audit(1755992308.145:406): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17616 comm="syz.1.3580" exe="/root/syz-executor" sig=0 arch=c000003e syscall=1 compat=0 ip=0x7fb21f98ebe9 code=0x7ffc0000
[  782.245850][   T30] audit: type=1326 audit(1755992308.145:407): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17616 comm="syz.1.3580" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb21f98ebe9 code=0x7ffc0000
[  782.268984][   T30] audit: type=1326 audit(1755992308.145:408): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17616 comm="syz.1.3580" exe="/root/syz-executor" sig=0 arch=c000003e syscall=190 compat=0 ip=0x7fb21f98ebe9 code=0x7ffc0000
[  782.292214][   T30] audit: type=1326 audit(1755992308.145:409): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17616 comm="syz.1.3580" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb21f98ebe9 code=0x7ffc0000
[  782.322144][   T30] audit: type=1326 audit(1755992308.145:410): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17616 comm="syz.1.3580" exe="/root/syz-executor" sig=0 arch=c000003e syscall=25 compat=0 ip=0x7fb21f98ebe9 code=0x7ffc0000
[  782.496606][T14720] usb 3-1: USB disconnect, device number 121
[  782.767685][T17624] loop2: detected capacity change from 0 to 7
[  782.820201][T17624] Dev loop2: unable to read RDB block 7
[  782.841824][T17624]  loop2: unable to read partition table
[  782.856369][T17624] loop2: partition table beyond EOD, truncated
[  782.872015][T17624] loop_reread_partitions: partition scan of loop2 (�被x������ ) failed (rc=-5)
[  783.944633][T14720] usb 3-1: new high-speed USB device number 122 using dummy_hcd
[  784.195119][T14720] usb 3-1: Using ep0 maxpacket: 8
[  784.217053][T14720] usb 3-1: config 0 has an invalid interface number: 143 but max is 0
[  784.244036][T14720] usb 3-1: config 0 has no interface number 0
[  784.264153][T14720] usb 3-1: New USB device found, idVendor=2058, idProduct=1005, bcdDevice=c1.9b
[  784.289210][T14720] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  784.409577][T17656] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  784.642382][T14720] usb 3-1: config 0 descriptor??
[  784.759841][T14720] viperboard 3-1:0.143: version 0.00 found at bus 003 address 122
[  784.820588][T14720] viperboard-i2c viperboard-i2c.2.auto: error -EIO: failure setting i2c_bus_freq to 100
[  784.846893][T14720] viperboard-i2c viperboard-i2c.2.auto: probe with driver viperboard-i2c failed with error -5
[  785.010869][T14718] usb 4-1: new high-speed USB device number 102 using dummy_hcd
[  785.207785][T14718] usb 4-1: Using ep0 maxpacket: 16
[  785.217721][T14720] usb 3-1: USB disconnect, device number 122
[  785.226908][T14718] usb 4-1: config 0 has an invalid interface number: 1 but max is 0
[  785.245405][T14718] usb 4-1: config 0 has no interface number 0
[  785.392603][T14718] usb 4-1: New USB device found, idVendor=04fc, idProduct=1528, bcdDevice=6d.5d
[  785.432439][T14718] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  785.450988][T14718] usb 4-1: Product: syz
[  785.462958][T14718] usb 4-1: Manufacturer: syz
[  785.476644][T14718] usb 4-1: SerialNumber: syz
[  785.493576][T14718] usb 4-1: config 0 descriptor??
[  785.526482][T14718] gspca_main: spca1528-2.14.0 probing 04fc:1528
[  786.613931][T14720] usb 5-1: new high-speed USB device number 117 using dummy_hcd
[  786.806770][ T5943] usb 3-1: new high-speed USB device number 123 using dummy_hcd
[  786.868294][T14720] usb 5-1: config 6 has an invalid interface number: 57 but max is 0
[  786.876501][T14720] usb 5-1: config 6 has no interface number 0
[  786.884370][T14720] usb 5-1: config 6 interface 57 has no altsetting 0
[  786.938112][T14720] usb 5-1: New USB device found, idVendor=07b4, idProduct=010a, bcdDevice= 0.00
[  786.964022][T14720] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  786.982229][T14720] usb 5-1: Product: syz
[  786.988899][T14720] usb 5-1: Manufacturer: syz
[  786.998217][T14720] usb 5-1: SerialNumber: syz
[  787.114646][ T5943] usb 3-1: Using ep0 maxpacket: 8
[  787.204778][ T5943] usb 3-1: config 0 has an invalid interface number: 55 but max is 0
[  787.242072][ T5943] usb 3-1: config 0 has no interface number 0
[  787.317086][T14718] gspca_spca1528: reg_w err -110
[  787.322176][ T5943] usb 3-1: config 0 interface 55 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[  787.350533][T14718] spca1528 4-1:0.1: probe with driver spca1528 failed with error -110
[  787.377178][ T5943] usb 3-1: config 0 interface 55 altsetting 0 has an endpoint descriptor with address 0xAB, changing to 0x8B
[  787.573990][ T5943] usb 3-1: config 0 interface 55 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[  787.613313][ T5943] usb 3-1: config 0 interface 55 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 2
[  787.872374][ T5943] usb 3-1: New USB device found, idVendor=0f11, idProduct=1080, bcdDevice=fc.6a
[  787.969345][ T5943] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  788.066133][T14547] usb 4-1: USB disconnect, device number 102
[  788.118410][ T5943] usb 3-1: config 0 descriptor??
[  788.165426][ T5943] ldusb 3-1:0.55: LD USB Device #0 now attached to major 180 minor 0
[  788.881545][T14720] usb-storage 5-1:6.57: USB Mass Storage device detected
[  788.991910][T14720] usb 5-1: USB disconnect, device number 117
[  789.027437][T17707] fuse: Bad value for 'group_id'
[  789.032950][T17707] fuse: Bad value for 'group_id'
[  789.054253][T14716] usb 2-1: new high-speed USB device number 117 using dummy_hcd
[  789.152563][   T30] kauditd_printk_skb: 16 callbacks suppressed
[  789.152581][   T30] audit: type=1800 audit(1755992315.495:427): pid=17710 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.3606" name="file0" dev="fuse" ino=2 res=0 errno=0
[  789.210528][T14716] usb 2-1: Using ep0 maxpacket: 16
[  789.220178][T14716] usb 2-1: New USB device found, idVendor=05d1, idProduct=2001, bcdDevice= 2.00
[  789.233278][T14716] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  789.251153][T14716] usb 2-1: config 0 descriptor??
[  789.262882][T14716] ftdi_sio 2-1:0.0: FTDI USB Serial Device converter detected
[  789.343816][T14720] usb 5-1: new full-speed USB device number 118 using dummy_hcd
[  789.463920][T14716] usb 2-1: Detected FT232B
[  789.517883][T14720] usb 5-1: unable to get BOS descriptor or descriptor too short
[  789.531365][T14720] usb 5-1: unable to read config index 0 descriptor/start: -71
[  789.539162][T14720] usb 5-1: can't read configurations, error -71
[  789.707357][ T5943] usb 3-1: USB disconnect, device number 123
[  789.754631][ T5943] ldusb 3-1:0.55: LD USB Device #0 now disconnected
[  789.873510][T17716] loop2: detected capacity change from 0 to 231
[  789.888099][T17716]  loop2:
[  790.088714][T17720] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  790.363990][T14716] ftdi_sio ttyUSB0: Unable to read latency timer: -32
[  790.543987][T17734] netlink: 20 bytes leftover after parsing attributes in process `syz.2.3611'.
[  790.663483][T14716] usb 2-1: FTDI USB Serial Device converter now attached to ttyUSB0
[  792.113327][T17744] netlink: 20 bytes leftover after parsing attributes in process `syz.3.3616'.
[  792.189683][T14716] usb 2-1: USB disconnect, device number 117
[  792.216053][T14716] ftdi_sio ttyUSB0: FTDI USB Serial Device converter now disconnected from ttyUSB0
[  792.274030][T14720] usb 5-1: new high-speed USB device number 120 using dummy_hcd
[  792.302503][T14716] ftdi_sio 2-1:0.0: device disconnected
[  792.425752][T14720] usb 5-1: config 6 has an invalid interface number: 57 but max is 0
[  792.468928][T14720] usb 5-1: config 6 has no interface number 0
[  792.493889][T14720] usb 5-1: config 6 interface 57 has no altsetting 0
[  792.535798][T14720] usb 5-1: New USB device found, idVendor=07b4, idProduct=010a, bcdDevice= 0.00
[  792.548011][T14720] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  792.572230][T14720] usb 5-1: Product: syz
[  792.579133][T14720] usb 5-1: Manufacturer: syz
[  792.593609][T14720] usb 5-1: SerialNumber: syz
[  792.715192][T14718] usb 3-1: new low-speed USB device number 124 using dummy_hcd
[  793.144620][T14718] usb 3-1: unable to get BOS descriptor or descriptor too short
[  793.167631][T14718] usb 3-1: config 1 has 2 interfaces, different from the descriptor's value: 3
[  793.183726][T14718] usb 3-1: config 1 has no interface number 1
[  793.194667][T14718] usb 3-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 0
[  793.304163][T14718] usb 3-1: config 1 interface 2 altsetting 1 endpoint 0x82 has invalid maxpacket 1023, setting to 0
[  793.328693][T14718] usb 3-1: string descriptor 0 read error: -22
[  793.335115][T14718] usb 3-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  793.345308][T14718] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  793.378203][T14718] usb 3-1: low speed audio streaming not supported
[  793.572336][T17747] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  793.595445][T17747] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  793.827750][ T5943] usb 3-1: USB disconnect, device number 124
[  793.945126][T17757] netlink: 'syz.0.3621': attribute type 1 has an invalid length.
[  794.019284][T17757] 8021q: adding VLAN 0 to HW filter on device bond1
[  794.381481][T17775] fuse: Bad value for 'fd'
[  794.441344][T17777] tipc: Started in network mode
[  794.446697][T17777] tipc: Node identity 368cbbfe8616, cluster identity 4711
[  794.454953][T17777] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  794.462595][T17777] syzkaller0: entered promiscuous mode
[  794.468732][T17777] syzkaller0: entered allmulticast mode
[  794.504358][T17779] tipc: Resetting bearer <eth:syzkaller0>
[  794.517341][T17776] tipc: Resetting bearer <eth:syzkaller0>
[  794.578956][T17776] tipc: Disabling bearer <eth:syzkaller0>
[  794.696330][T17784] netlink: 68 bytes leftover after parsing attributes in process `syz.0.3629'.
[  794.705660][T17784] netlink: 12 bytes leftover after parsing attributes in process `syz.0.3629'.
[  794.726047][T17784] netlink: 20 bytes leftover after parsing attributes in process `syz.0.3629'.
[  795.194914][T14720] usb-storage 5-1:6.57: USB Mass Storage device detected
[  795.199722][T14547] hid-generic 0000:0000:0000.0021: unknown main item tag 0x0
[  795.256747][T14547] hid-generic 0000:0000:0000.0021: hidraw0: <UNKNOWN> HID v0.00 Device [syz1] on syz0
[  795.272013][ T5863] Bluetooth: hci4: unexpected event 0x2f length: 509 > 260
[  795.347369][T14720] usb 5-1: USB disconnect, device number 120
[  795.363831][ T5863] Bluetooth: hci3: command 0x0406 tx timeout
[  796.184242][T14720] usb 3-1: new full-speed USB device number 125 using dummy_hcd
[  796.343955][T14720] usb 3-1: device descriptor read/64, error -71
[  796.593985][T14720] usb 3-1: new full-speed USB device number 126 using dummy_hcd
[  796.823929][T14720] usb 3-1: device descriptor read/64, error -71
[  796.896670][T17823] dummy0: entered promiscuous mode
[  796.902144][T17823] macsec1: entered promiscuous mode
[  796.909564][T17823] macsec1: entered allmulticast mode
[  796.919023][T17823] dummy0: entered allmulticast mode
[  796.932083][T17823] dummy0: left allmulticast mode
[  796.937848][T14720] usb usb3-port1: attempt power cycle
[  796.945483][T17823] dummy0: left promiscuous mode
[  797.334254][T14720] usb 3-1: new full-speed USB device number 127 using dummy_hcd
[  797.359225][T14720] usb 3-1: device descriptor read/8, error -71
[  797.431240][T17832] netlink: 4400 bytes leftover after parsing attributes in process `syz.3.3641'.
[  797.608857][T14720] usb 3-1: new full-speed USB device number 2 using dummy_hcd
[  797.641686][T14720] usb 3-1: device descriptor read/8, error -71
[  797.784092][T14720] usb usb3-port1: unable to enumerate USB device
[  798.526516][ T5943] usb 4-1: new high-speed USB device number 103 using dummy_hcd
[  798.695420][ T5943] usb 4-1: config 6 has an invalid interface number: 57 but max is 0
[  798.704110][ T5943] usb 4-1: config 6 has no interface number 0
[  798.715341][ T5943] usb 4-1: config 6 interface 57 has no altsetting 0
[  798.745091][ T5943] usb 4-1: New USB device found, idVendor=07b4, idProduct=010a, bcdDevice= 0.00
[  798.770098][ T5943] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  798.778300][ T5943] usb 4-1: Product: syz
[  798.783506][ T5943] usb 4-1: Manufacturer: syz
[  798.791465][ T5943] usb 4-1: SerialNumber: syz
[  799.836744][T17863] bridge0: port 2(bridge_slave_1) entered disabled state
[  800.281285][T17873] netlink: 76 bytes leftover after parsing attributes in process `syz.2.3653'.
[  800.483122][T17877] loop4: detected capacity change from 0 to 7
[  800.490577][T17877] buffer_io_error: 14 callbacks suppressed
[  800.490588][T17877] Buffer I/O error on dev loop4, logical block 0, async page read
[  800.509356][T17877] Buffer I/O error on dev loop4, logical block 0, async page read
[  800.519468][T17877] Buffer I/O error on dev loop4, logical block 0, async page read
[  800.528329][T17877] Buffer I/O error on dev loop4, logical block 0, async page read
[  800.536365][T17877] Buffer I/O error on dev loop4, logical block 0, async page read
[  800.545392][T17877] Buffer I/O error on dev loop4, logical block 0, async page read
[  800.553374][T17877] Buffer I/O error on dev loop4, logical block 0, async page read
[  800.561492][T17877] ldm_validate_partition_table(): Disk read failed.
[  800.568867][T17877] Buffer I/O error on dev loop4, logical block 0, async page read
[  800.578404][T17877] Buffer I/O error on dev loop4, logical block 0, async page read
[  800.586919][T17877] Buffer I/O error on dev loop4, logical block 0, async page read
[  800.595377][T17877] Dev loop4: unable to read RDB block 0
[  800.601312][T17877]  loop4: unable to read partition table
[  800.608698][T17877] loop4: partition table beyond EOD, truncated
[  800.630725][T17877] loop_reread_partitions: partition scan of loop4 (�被x������ ) failed (rc=-5)
[  801.282958][T17894] vlan2: entered promiscuous mode
[  801.347683][ T5943] usb-storage 4-1:6.57: USB Mass Storage device detected
[  801.685600][T17911] netlink: 'syz.1.3665': attribute type 6 has an invalid length.
[  801.703004][ T5943] usb 4-1: USB disconnect, device number 103
[  803.480601][T17938] bridge0: received packet on syz_tun with own address as source address (addr:aa:aa:aa:aa:aa:aa, vlan:0)
[  803.577354][T17941] fuse: Unknown parameter '00000000000000000007�-S���ë�3 �~H�>�7�������C�#�50�Uo\"�LV|i�H�SKR�r���i�E6�6�'
[  804.153900][T14720] usb 5-1: new high-speed USB device number 121 using dummy_hcd
[  804.325967][T14720] usb 5-1: config 6 has an invalid interface number: 57 but max is 0
[  804.334337][T14720] usb 5-1: config 6 has no interface number 0
[  804.340403][T14720] usb 5-1: config 6 interface 57 has no altsetting 0
[  804.432528][T14720] usb 5-1: New USB device found, idVendor=07b4, idProduct=010a, bcdDevice= 0.00
[  804.464129][T17954] netlink: 'syz.2.3677': attribute type 11 has an invalid length.
[  804.484627][T14720] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  804.533015][T14720] usb 5-1: Product: syz
[  804.553062][T14720] usb 5-1: Manufacturer: syz
[  804.560198][T14720] usb 5-1: SerialNumber: syz
[  805.629365][T17959] IPVS: set_ctl: invalid protocol: 29 0.0.0.0:20002
[  805.637420][T17961] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  805.811046][T17961] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  805.863837][T14718] usb 3-1: new low-speed USB device number 4 using dummy_hcd
[  805.982162][T17970] binder: BINDER_SET_CONTEXT_MGR already set
[  805.989387][T17970] binder: 17965:17970 ioctl 4018620d 200000000040 returned -16
[  806.024646][T14718] usb 3-1: Invalid ep0 maxpacket: 16
[  806.163857][T14718] usb 3-1: new low-speed USB device number 5 using dummy_hcd
[  806.324240][T14718] usb 3-1: Invalid ep0 maxpacket: 16
[  806.333438][T14718] usb usb3-port1: attempt power cycle
[  806.609873][T17981] netlink: 'syz.0.3687': attribute type 10 has an invalid length.
[  806.618300][T17981] netlink: 156 bytes leftover after parsing attributes in process `syz.0.3687'.
[  806.694364][T14718] usb 3-1: new low-speed USB device number 6 using dummy_hcd
[  806.714528][T14718] usb 3-1: Invalid ep0 maxpacket: 16
[  806.843938][T14718] usb 3-1: new low-speed USB device number 7 using dummy_hcd
[  806.864630][T14718] usb 3-1: Invalid ep0 maxpacket: 16
[  806.870437][T14718] usb usb3-port1: unable to enumerate USB device
[  806.920436][T14720] usb-storage 5-1:6.57: USB Mass Storage device detected
[  807.026595][T14720] usb 5-1: USB disconnect, device number 121
[  807.066782][T17990] vcan0: tx drop: invalid da for name 0x0000000000000002
[  808.193873][T14547] usb 5-1: new high-speed USB device number 122 using dummy_hcd
[  808.324028][T14547] usb 5-1: device descriptor read/64, error -71
[  808.563806][T14547] usb 5-1: new high-speed USB device number 123 using dummy_hcd
[  808.609835][T17997] netlink: 'syz.2.3691': attribute type 10 has an invalid length.
[  808.619995][T17997] bond0: (slave dummy0): Releasing backup interface
[  808.647808][ T1303] ieee802154 phy0 wpan0: encryption failed: -22
[  808.654558][ T1303] ieee802154 phy1 wpan1: encryption failed: -22
[  808.693781][T14547] usb 5-1: device descriptor read/64, error -71
[  808.704844][T17998] netlink: 'syz.2.3691': attribute type 10 has an invalid length.
[  808.729752][T17997] team0: Port device dummy0 added
[  808.815642][T14547] usb usb5-port1: attempt power cycle
[  808.900945][T18003] snd_aloop snd_aloop.0: control 2:1883:2954:syz1:64272 is already present
[  808.949625][T17998] team0 (unregistering): Port device team_slave_0 removed
[  808.983127][T17998] team0 (unregistering): Port device team_slave_1 removed
[  809.072762][T17998] team0 (unregistering): Port device dummy0 removed
[  809.128339][T18001] bond0: (slave lo): enslaved VLAN challenged slave. Adding VLANs will be blocked as long as it is part of bond.
[  809.142349][T18001] bond0: (slave lo): Error: Device can not be enslaved while up
[  809.163940][T14547] usb 5-1: new high-speed USB device number 124 using dummy_hcd
[  809.186547][T14547] usb 5-1: device descriptor read/8, error -71
[  809.423910][T14547] usb 5-1: new high-speed USB device number 125 using dummy_hcd
[  809.455431][T14547] usb 5-1: device descriptor read/8, error -71
[  809.567104][T14547] usb usb5-port1: unable to enumerate USB device
[  809.867060][T18034] netlink: 'syz.3.3702': attribute type 10 has an invalid length.
[  809.904026][T18034] netlink: 156 bytes leftover after parsing attributes in process `syz.3.3702'.
[  810.525927][T18046] netlink: 8 bytes leftover after parsing attributes in process `syz.4.3705'.
[  810.535022][T18046] netlink: 324 bytes leftover after parsing attributes in process `syz.4.3705'.
[  813.080497][T18081] loop2: detected capacity change from 0 to 7
[  813.160707][T18081] Dev loop2: unable to read RDB block 7
[  813.198492][T18081]  loop2: unable to read partition table
[  813.211075][T18081] loop2: partition table beyond EOD, truncated
[  813.218449][T18081] loop_reread_partitions: partition scan of loop2 (�被x������ ) failed (rc=-5)
[  813.261756][ T7966] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  813.450759][ T7966] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  813.636818][ T7966] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  813.717678][ T7966] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  813.869461][T18088] netlink: 76 bytes leftover after parsing attributes in process `syz.3.3718'.
[  814.231315][ T7966] bridge_slave_1: left allmulticast mode
[  814.239436][ T7966] bridge_slave_1: left promiscuous mode
[  814.248895][ T7966] bridge0: port 2(bridge_slave_1) entered disabled state
[  814.263468][ T7966] bridge_slave_0: left allmulticast mode
[  814.272034][ T7966] bridge_slave_0: left promiscuous mode
[  814.281645][ T7966] bridge0: port 1(bridge_slave_0) entered disabled state
[  814.350203][ T5863] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  814.363196][ T5863] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  814.374067][ T5863] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  814.389193][ T5863] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  814.398657][ T5863] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  814.830865][ T7966] gretap0 (unregistering): left promiscuous mode
[  815.384147][ T7966] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  815.401619][ T7966] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  815.441816][ T7966] bond0 (unregistering): Released all slaves
[  815.477890][T18097] batadv0: entered promiscuous mode
[  815.522812][T18097] 8021q: adding VLAN 0 to HW filter on device macvlan2
[  815.560303][T18097] batadv0: left promiscuous mode
[  815.685920][ T7966] tipc: Left network mode
[  815.723357][ T7966] IPVS: stopping backup sync thread 16636 ...
[  815.957002][T18114] fuse: Unknown parameter 'hash'
[  816.486803][ T5871] Bluetooth: hci0: command tx timeout
[  816.744615][T18130] tipc: Started in network mode
[  816.789068][T18130] tipc: Node identity 462d0f62aeee, cluster identity 4711
[  816.803955][T18130] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  816.817542][T18127] syzkaller0: entered promiscuous mode
[  816.853874][T18127] syzkaller0: entered allmulticast mode
[  817.139422][ T7966] batadv_slave_1: left promiscuous mode
[  817.160871][ T7966] hsr_slave_0: left promiscuous mode
[  817.195015][ T7966] hsr_slave_1: left promiscuous mode
[  817.200866][ T7966] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  817.293794][ T7966] batman_adv: batadv0: Removing interface: batadv_slave_0
[  817.364783][ T7966] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  817.540015][ T7966] batman_adv: batadv0: Removing interface: batadv_slave_1
[  817.589133][ T7966] veth1_macvtap: left promiscuous mode
[  817.621578][ T7966] veth0_macvtap: left promiscuous mode
[  817.694847][ T7966] veth1_vlan: left promiscuous mode
[  817.924260][T14720] tipc: Node number set to 3905097570
[  818.109862][T18146] netlink: 28 bytes leftover after parsing attributes in process `syz.2.3731'.
[  818.138154][T18146] netlink: 28 bytes leftover after parsing attributes in process `syz.2.3731'.
[  818.551350][ T7966] team0 (unregistering): Port device team_slave_1 removed
[  818.570225][ T5871] Bluetooth: hci0: command tx timeout
[  818.603603][ T7966] team0 (unregistering): Port device team_slave_0 removed
[  819.152392][T18146] bond0: entered promiscuous mode
[  819.173336][T18146] bond_slave_0: entered promiscuous mode
[  819.194511][T18146] bond_slave_1: entered promiscuous mode
[  819.206142][T18146] bridge0: entered promiscuous mode
[  819.307923][T18153] dummy0: entered promiscuous mode
[  819.317464][T18153] vlan2: entered promiscuous mode
[  819.589780][T18095] chnl_net:caif_netlink_parms(): no params data found
[  819.616321][T18130] tipc: Resetting bearer <eth:syzkaller0>
[  819.690196][T18130] tipc: Disabling bearer <eth:syzkaller0>
[  819.719547][T18166] binder: 18164:18166 unknown command 0
[  819.752560][T18166] binder: 18164:18166 ioctl c0306201 2000000003c0 returned -22
[  820.086699][T18095] bridge0: port 1(bridge_slave_0) entered blocking state
[  820.113983][T18095] bridge0: port 1(bridge_slave_0) entered disabled state
[  820.139083][T18095] bridge_slave_0: entered allmulticast mode
[  820.140174][   T30] audit: type=1800 audit(1755992346.485:428): pid=18185 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.0.3739" name="SYSV00000000" dev="tmpfs" ino=1 res=0 errno=0
[  820.148645][T18095] bridge_slave_0: entered promiscuous mode
[  820.200262][T18095] bridge0: port 2(bridge_slave_1) entered blocking state
[  820.218269][T18095] bridge0: port 2(bridge_slave_1) entered disabled state
[  820.245557][T18095] bridge_slave_1: entered allmulticast mode
[  820.268557][T18095] bridge_slave_1: entered promiscuous mode
[  820.313840][T14723] usb 3-1: new high-speed USB device number 8 using dummy_hcd
[  820.342153][T18095] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  820.354012][ T5943] usb 5-1: new high-speed USB device number 126 using dummy_hcd
[  820.359950][T18095] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  820.423578][T18095] team0: Port device team_slave_0 added
[  820.440429][T18095] team0: Port device team_slave_1 added
[  820.467196][T14723] usb 3-1: config 0 interface 0 altsetting 0 bulk endpoint 0x6 has invalid maxpacket 1023
[  820.491575][T14723] usb 3-1: config 0 interface 0 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 8
[  820.515766][T14723] usb 3-1: New USB device found, idVendor=2c7c, idProduct=030e, bcdDevice=81.28
[  820.523748][ T5943] usb 5-1: Using ep0 maxpacket: 32
[  820.527821][T14723] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  820.549221][T14723] usb 3-1: Product: syz
[  820.557999][T14723] usb 3-1: Manufacturer: syz
[  820.572331][T14723] usb 3-1: SerialNumber: syz
[  820.577026][ T5943] usb 5-1: unable to read config index 0 descriptor/start: -61
[  820.591714][T14723] usb 3-1: config 0 descriptor??
[  820.598970][ T5943] usb 5-1: can't read configurations, error -61
[  820.611801][T18179] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22
[  820.623002][T18179] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22
[  820.638813][T14723] option 3-1:0.0: GSM modem (1-port) converter detected
[  820.648682][ T5871] Bluetooth: hci0: command tx timeout
[  820.659991][T18095] batman_adv: batadv0: Adding interface: batadv_slave_0
[  820.682052][T18095] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  820.694853][T14723] usb 3-1: GSM modem (1-port) converter now attached to ttyUSB0
[  820.736765][T18095] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  820.758607][T18095] batman_adv: batadv0: Adding interface: batadv_slave_1
[  820.770889][T18095] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  820.799856][ T5943] usb 5-1: new high-speed USB device number 127 using dummy_hcd
[  820.819336][T18095] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  820.961486][T18095] hsr_slave_0: entered promiscuous mode
[  820.963798][ T5943] usb 5-1: Using ep0 maxpacket: 32
[  820.968892][T18095] hsr_slave_1: entered promiscuous mode
[  820.986703][ T5943] usb 5-1: unable to read config index 0 descriptor/start: -61
[  821.027528][ T5943] usb 5-1: can't read configurations, error -61
[  821.075068][ T5943] usb usb5-port1: attempt power cycle
[  821.435551][T14720] usb 3-1: USB disconnect, device number 8
[  821.443909][ T5943] usb 5-1: new high-speed USB device number 2 using dummy_hcd
[  821.472098][ T5943] usb 5-1: Using ep0 maxpacket: 32
[  821.481045][T14720] option1 ttyUSB0: GSM modem (1-port) converter now disconnected from ttyUSB0
[  821.482366][ T5943] usb 5-1: unable to read config index 0 descriptor/start: -61
[  821.650832][ T5943] usb 5-1: can't read configurations, error -61
[  821.659196][T14720] option 3-1:0.0: device disconnected
[  822.007068][ T5943] usb 5-1: new high-speed USB device number 3 using dummy_hcd
[  822.055747][ T5943] usb 5-1: Using ep0 maxpacket: 32
[  822.084765][ T5943] usb 5-1: unable to read config index 0 descriptor/start: -61
[  822.113038][ T5943] usb 5-1: can't read configurations, error -61
[  822.126776][ T5943] usb usb5-port1: unable to enumerate USB device
[  822.409094][T18095] netdevsim netdevsim5 netdevsim0: renamed from eth0
[  822.427605][T18095] netdevsim netdevsim5 netdevsim1: renamed from eth1
[  822.467238][T18095] netdevsim netdevsim5 netdevsim2: renamed from eth2
[  822.529198][T18095] netdevsim netdevsim5 netdevsim3: renamed from eth3
[  822.569758][T18222] sch_tbf: burst 127 is lower than device syzkaller0 mtu (1514) !
[  822.613114][T18227] sch_tbf: burst 4 is lower than device syzkaller0 mtu (1514) !
[  822.734442][ T5871] Bluetooth: hci0: command tx timeout
[  822.879944][T18095] 8021q: adding VLAN 0 to HW filter on device bond0
[  822.994652][T18095] 8021q: adding VLAN 0 to HW filter on device team0
[  823.037387][ T7965] bridge0: port 1(bridge_slave_0) entered blocking state
[  823.044608][ T7965] bridge0: port 1(bridge_slave_0) entered forwarding state
[  823.086193][ T7965] bridge0: port 2(bridge_slave_1) entered blocking state
[  823.093358][ T7965] bridge0: port 2(bridge_slave_1) entered forwarding state
[  823.370344][T18095] 8021q: adding VLAN 0 to HW filter on device batadv0
[  823.496759][T18095] veth0_vlan: entered promiscuous mode
[  823.536076][T18095] veth1_vlan: entered promiscuous mode
[  823.698738][T18095] veth0_macvtap: entered promiscuous mode
[  823.736672][T18095] veth1_macvtap: entered promiscuous mode
[  823.814075][T18095] batman_adv: batadv0: Interface activated: batadv_slave_0
[  823.887569][T18095] batman_adv: batadv0: Interface activated: batadv_slave_1
[  823.949383][T18266] loop7: detected capacity change from 0 to 7
[  823.958216][    C1] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  823.967463][    C1] buffer_io_error: 14 callbacks suppressed
[  823.967480][    C1] Buffer I/O error on dev loop7, logical block 0, async page read
[  823.985667][ T7963] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  823.993906][    C1] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  824.003531][    C1] Buffer I/O error on dev loop7, logical block 0, async page read
[  824.011877][    C0] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  824.021074][    C0] Buffer I/O error on dev loop7, logical block 0, async page read
[  824.030776][    C1] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  824.039992][    C1] Buffer I/O error on dev loop7, logical block 0, async page read
[  824.074987][    C1] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  824.084269][    C1] Buffer I/O error on dev loop7, logical block 0, async page read
[  824.094215][   T61] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  824.105886][T18269] 
[  824.108229][T18269] ======================================================
[  824.115246][T18269] WARNING: possible circular locking dependency detected
[  824.122261][T18269] syzkaller #0 Not tainted
[  824.126657][T18269] ------------------------------------------------------
[  824.133656][T18269] syz.3.3757/18269 is trying to acquire lock:
[  824.139701][T18269] ffff88801b2ffa20 (&root->kernfs_iattr_rwsem){++++}-{4:4}, at: kernfs_iop_getattr+0x9e/0x450
[  824.149965][T18269] 
[  824.149965][T18269] but task is already holding lock:
[  824.157323][T18269] ffff888024a69e18 (&q->q_usage_counter(io)#24){++++}-{0:0}, at: lo_ioctl+0x1610/0x1b30
[  824.167069][T18269] 
[  824.167069][T18269] which lock already depends on the new lock.
[  824.167069][T18269] 
[  824.177454][T18269] 
[  824.177454][T18269] the existing dependency chain (in reverse order) is:
[  824.186452][T18269] 
[  824.186452][T18269] -> #2 (&q->q_usage_counter(io)#24){++++}-{0:0}:
[  824.195050][T18269]        lock_acquire+0x120/0x360
[  824.200075][T18269]        blk_alloc_queue+0x538/0x620
[  824.205348][T18269]        __blk_mq_alloc_disk+0x15c/0x340
[  824.210974][T18269]        loop_add+0x411/0xad0
[  824.215640][T18269]        loop_init+0xd9/0x170
[  824.220303][T18269]        do_one_initcall+0x233/0x820
[  824.225576][T18269]        do_initcall_level+0x104/0x190
[  824.231022][T18269]        do_initcalls+0x59/0xa0
[  824.235861][T18269]        kernel_init_freeable+0x334/0x4b0
[  824.241566][T18269]        kernel_init+0x1d/0x1d0
[  824.246400][T18269]        ret_from_fork+0x3f9/0x770
[  824.251493][T18269]        ret_from_fork_asm+0x1a/0x30
[  824.256770][T18269] 
[  824.256770][T18269] -> #1 (fs_reclaim){+.+.}-{0:0}:
[  824.263978][T18269]        lock_acquire+0x120/0x360
[  824.268997][T18269]        fs_reclaim_acquire+0x72/0x100
[  824.274450][T18269]        kmem_cache_alloc_noprof+0x44/0x3c0
[  824.280333][T18269]        __kernfs_iattrs+0xd9/0x320
[  824.285517][T18269]        kernfs_iop_setattr+0xea/0x3f0
[  824.290958][T18269]        notify_change+0xb33/0xe40
[  824.296062][T18269]        do_truncate+0x1a4/0x220
[  824.300994][T18269]        path_openat+0x306c/0x3830
[  824.306094][T18269]        do_filp_open+0x1fa/0x410
[  824.311105][T18269]        do_sys_openat2+0x121/0x1c0
[  824.316288][T18269]        __x64_sys_openat+0x138/0x170
[  824.321645][T18269]        do_syscall_64+0xfa/0x3b0
[  824.327008][T18269]        entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  824.333407][T18269] 
[  824.333407][T18269] -> #0 (&root->kernfs_iattr_rwsem){++++}-{4:4}:
[  824.341908][T18269]        validate_chain+0xb9b/0x2140
[  824.347180][T18269]        __lock_acquire+0xab9/0xd20
[  824.352368][T18269]        lock_acquire+0x120/0x360
[  824.357382][T18269]        down_read+0x46/0x2e0
[  824.362040][T18269]        kernfs_iop_getattr+0x9e/0x450
[  824.367482][T18269]        vfs_getattr_nosec+0x2e1/0x430
[  824.372931][T18269]        loop_assign_backing_file+0x222/0x400
[  824.378989][T18269]        lo_ioctl+0x167c/0x1b30
[  824.383831][T18269]        blkdev_ioctl+0x5a5/0x6d0
[  824.388849][T18269]        __se_sys_ioctl+0xfc/0x170
[  824.393946][T18269]        do_syscall_64+0xfa/0x3b0
[  824.398965][T18269]        entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  824.405360][T18269] 
[  824.405360][T18269] other info that might help us debug this:
[  824.405360][T18269] 
[  824.415570][T18269] Chain exists of:
[  824.415570][T18269]   &root->kernfs_iattr_rwsem --> fs_reclaim --> &q->q_usage_counter(io)#24
[  824.415570][T18269] 
[  824.429997][T18269]  Possible unsafe locking scenario:
[  824.429997][T18269] 
[  824.437433][T18269]        CPU0                    CPU1
[  824.442781][T18269]        ----                    ----
[  824.448124][T18269]   lock(&q->q_usage_counter(io)#24);
[  824.453511][T18269]                                lock(fs_reclaim);
[  824.460002][T18269]                                lock(&q->q_usage_counter(io)#24);
[  824.467891][T18269]   rlock(&root->kernfs_iattr_rwsem);
[  824.473255][T18269] 
[  824.473255][T18269]  *** DEADLOCK ***
[  824.473255][T18269] 
[  824.481375][T18269] 3 locks held by syz.3.3757/18269:
[  824.486553][T18269]  #0: ffff888024b07400 (&lo->lo_mutex){+.+.}-{4:4}, at: lo_ioctl+0x10ef/0x1b30
[  824.495600][T18269]  #1: ffff888024a69e18 (&q->q_usage_counter(io)#24){++++}-{0:0}, at: lo_ioctl+0x1610/0x1b30
[  824.505783][T18269]  #2: ffff888024a69e50 (&q->q_usage_counter(queue)#8){+.+.}-{0:0}, at: lo_ioctl+0x1610/0x1b30
[  824.516131][T18269] 
[  824.516131][T18269] stack backtrace:
[  824.522006][T18269] CPU: 1 UID: 0 PID: 18269 Comm: syz.3.3757 Not tainted syzkaller #0 PREEMPT(full) 
[  824.522026][T18269] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  824.522037][T18269] Call Trace:
[  824.522045][T18269]  <TASK>
[  824.522053][T18269]  dump_stack_lvl+0x189/0x250
[  824.522076][T18269]  ? __pfx_dump_stack_lvl+0x10/0x10
[  824.522095][T18269]  ? __pfx__printk+0x10/0x10
[  824.522121][T18269]  print_circular_bug+0x2ee/0x310
[  824.522141][T18269]  check_noncircular+0x134/0x160
[  824.522160][T18269]  validate_chain+0xb9b/0x2140
[  824.522178][T18269]  ? tomoyo_path_perm+0x1e3/0x4b0
[  824.522206][T18269]  __lock_acquire+0xab9/0xd20
[  824.522231][T18269]  ? kernfs_iop_getattr+0x9e/0x450
[  824.522247][T18269]  lock_acquire+0x120/0x360
[  824.522270][T18269]  ? kernfs_iop_getattr+0x9e/0x450
[  824.522291][T18269]  down_read+0x46/0x2e0
[  824.522306][T18269]  ? kernfs_iop_getattr+0x9e/0x450
[  824.522324][T18269]  kernfs_iop_getattr+0x9e/0x450
[  824.522342][T18269]  vfs_getattr_nosec+0x2e1/0x430
[  824.522360][T18269]  loop_assign_backing_file+0x222/0x400
[  824.522383][T18269]  ? __pfx_loop_assign_backing_file+0x10/0x10
[  824.522404][T18269]  ? schedule+0x91/0x360
[  824.522429][T18269]  ? percpu_ref_kill_and_confirm+0xa3/0x130
[  824.522459][T18269]  lo_ioctl+0x167c/0x1b30
[  824.522481][T18269]  ? __pfx_lo_ioctl+0x10/0x10
[  824.522499][T18269]  ? is_bpf_text_address+0x26/0x2b0
[  824.522524][T18269]  ? kernel_text_address+0xa5/0xe0
[  824.522547][T18269]  ? __kernel_text_address+0xd/0x40
[  824.522569][T18269]  ? unwind_get_return_address+0x4d/0x90
[  824.522587][T18269]  ? __pfx_stack_trace_consume_entry+0x10/0x10
[  824.522607][T18269]  ? arch_stack_walk+0xfc/0x150
[  824.522631][T18269]  ? __lock_acquire+0xab9/0xd20
[  824.522655][T18269]  ? __lock_acquire+0xab9/0xd20
[  824.522680][T18269]  ? __lock_acquire+0xab9/0xd20
[  824.522706][T18269]  ? __lock_acquire+0xab9/0xd20
[  824.522733][T18269]  ? __lock_acquire+0xab9/0xd20
[  824.522769][T18269]  ? is_bpf_text_address+0x26/0x2b0
[  824.522794][T18269]  ? is_bpf_text_address+0x292/0x2b0
[  824.522817][T18269]  ? is_bpf_text_address+0x26/0x2b0
SYZFAIL: failed to recv rpc
fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor)
[  824.522840][T18269]  ? kernel_text_address+0xa5/0xe0
[  824.522863][T18269]  ? __kernel_text_address+0xd/0x40
[  824.522885][T18269]  ? unwind_get_return_address+0x4d/0x90
[  824.522903][T18269]  ? __pfx_stack_trace_consume_entry+0x10/0x10
[  824.522922][T18269]  ? arch_stack_walk+0xfc/0x150
[  824.522945][T18269]  ? stack_trace_save+0x9c/0xe0
[  824.522963][T18269]  ? __pfx_stack_trace_save+0x10/0x10
[  824.522983][T18269]  ? stack_depot_save_flags+0x40/0x860
[  824.523006][T18269]  ? kasan_save_track+0x4f/0x80
[  824.523026][T18269]  ? kasan_save_track+0x3e/0x80
[  824.523045][T18269]  ? kasan_save_free_info+0x46/0x50
[  824.523060][T18269]  ? __kasan_slab_free+0x5b/0x80
[  824.523080][T18269]  ? kfree+0x18e/0x440
[  824.523098][T18269]  ? tomoyo_path_number_perm+0x47a/0x5a0
[  824.523120][T18269]  ? security_file_ioctl+0xcb/0x2d0
[  824.523139][T18269]  ? __se_sys_ioctl+0x47/0x170
[  824.523157][T18269]  ? do_syscall_64+0xfa/0x3b0
[  824.523180][T18269]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  824.523205][T18269]  ? __asan_memset+0x22/0x50
[  824.523221][T18269]  ? blk_get_meta_cap+0x140/0x710
[  824.523246][T18269]  ? __pfx_blk_get_meta_cap+0x10/0x10
[  824.523268][T18269]  ? kasan_quarantine_put+0xdd/0x220
[  824.523290][T18269]  ? blkdev_common_ioctl+0xff7/0x2550
[  824.523315][T18269]  ? tomoyo_path_number_perm+0x1bc/0x5a0
[  824.523338][T18269]  ? __pfx_blkdev_common_ioctl+0x10/0x10
[  824.523363][T18269]  ? do_vfs_ioctl+0xbe8/0x1430
[  824.523383][T18269]  ? __pfx_do_vfs_ioctl+0x10/0x10
[  824.523403][T18269]  ? __pfx_css_rstat_updated+0x10/0x10
[  824.523421][T18269]  ? __lock_acquire+0xab9/0xd20
[  824.523449][T18269]  ? __pfx_lo_ioctl+0x10/0x10
[  824.523469][T18269]  blkdev_ioctl+0x5a5/0x6d0
[  824.523493][T18269]  ? __pfx_blkdev_ioctl+0x10/0x10
[  824.523515][T18269]  ? __fget_files+0x2a/0x420
[  824.523540][T18269]  ? bpf_lsm_file_ioctl+0x9/0x20
[  824.523560][T18269]  ? __pfx_blkdev_ioctl+0x10/0x10
[  824.523584][T18269]  __se_sys_ioctl+0xfc/0x170
[  824.523603][T18269]  do_syscall_64+0xfa/0x3b0
[  824.523627][T18269]  ? lockdep_hardirqs_on+0x9c/0x150
[  824.523648][T18269]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  824.523664][T18269]  ? clear_bhb_loop+0x60/0xb0
[  824.523684][T18269]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  824.523701][T18269] RIP: 0033:0x7f3de8f8ebe9
[  824.523716][T18269] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  824.523732][T18269] RSP: 002b:00007f3de9d18038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  824.523749][T18269] RAX: ffffffffffffffda RBX: 00007f3de91b6090 RCX: 00007f3de8f8ebe9
[  824.523768][T18269] RDX: 0000000000000004 RSI: 0000000000004c06 RDI: 0000000000000003
[  824.523779][T18269] RBP: 00007f3de9011e19 R08: 0000000000000000 R09: 0000000000000000
[  824.523789][T18269] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  824.523800][T18269] R13: 00007f3de91b6128 R14: 00007f3de91b6090 R15: 00007f3de92dfa28
[  824.523817][T18269]  </TASK>
[  824.523840][    C1] vkms_vblank_simulate: vblank timer overrun
[  824.536057][   T61] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  824.740097][    C1] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  824.938049][   T61] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  824.939771][    C1] Buffer I/O error on dev loop7, logical block 0, async page read
[  825.087622][    C1] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  825.087660][    C1] Buffer I/O error on dev loop7, logical block 0, async page read
[  825.097013][ T5914] ldm_validate_partition_table(): Disk read failed.
[  825.097169][    C0] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  825.097197][    C0] Buffer I/O error on dev loop7, logical block 0, async page read
[  825.118379][    C0] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  825.118412][    C0] Buffer I/O error on dev loop7, logical block 0, async page read
[  825.175210][    C0] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  825.175244][    C0] Buffer I/O error on dev loop7, logical block 0, async page read
[  825.191113][ T5914] Dev loop7: unable to read RDB block 0
[  825.253740][ T5914]  loop7: unable to read partition table
[  825.253884][ T5914] loop7: partition table beyond EOD, truncated
[  825.702659][T18273] tty tty4: ldisc open failed (-12), clearing slot 3
[  825.759473][T14645] bridge0: port 3(syz_tun) entered disabled state
[  825.777479][T14645] syz_tun (unregistering): left allmulticast mode
[  825.793877][T14645] syz_tun (unregistering): left promiscuous mode
[  825.800358][T14645] bridge0: port 3(syz_tun) entered disabled state
[  825.859399][   T61] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  825.959900][   T61] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  825.997747][   T61] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  826.077349][   T61] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  826.087709][ T5863] Bluetooth: hci4: command 0x0406 tx timeout
[  826.178737][   T61] bridge_slave_1: left allmulticast mode
[  826.184533][   T61] bridge_slave_1: left promiscuous mode
[  826.190177][   T61] bridge0: port 2(bridge_slave_1) entered disabled state
[  826.198696][   T61] bridge_slave_0: left allmulticast mode
[  826.204865][   T61] bridge_slave_0: left promiscuous mode
[  826.210543][   T61] bridge0: port 1(bridge_slave_0) entered disabled state
[  826.398227][   T61] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  826.409070][   T61] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  826.418394][   T61] bond0 (unregistering): Released all slaves
[  826.430553][   T61] bond1 (unregistering): (slave dummy0): Releasing active interface
[  826.439556][   T61] bond1 (unregistering): Released all slaves
[  826.678257][   T61] hsr_slave_0: left promiscuous mode
[  826.684634][   T61] hsr_slave_1: left promiscuous mode
[  826.690357][   T61] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  826.700573][   T61] batman_adv: batadv0: Removing interface: batadv_slave_0
[  826.708958][   T61] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  826.716969][   T61] batman_adv: batadv0: Removing interface: batadv_slave_1
[  826.729023][   T61] veth1_macvtap: left promiscuous mode
[  826.734885][   T61] veth0_macvtap: left promiscuous mode
[  826.740456][   T61] veth1_vlan: left promiscuous mode
[  826.750181][   T61] veth0_vlan: left promiscuous mode
[  827.303903][ T7967] netdevsim netdevsim5 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  827.361894][ T7967] netdevsim netdevsim5 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  827.436347][ T7967] netdevsim netdevsim5 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  827.479061][ T7967] netdevsim netdevsim5 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  827.573176][ T7967] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  827.646738][ T7967] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  827.712199][ T7967] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  827.792622][ T7967] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  827.896790][ T7967] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  827.952689][ T7967] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  828.012242][ T7967] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  828.061732][ T7967] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  828.183040][ T7967] bridge_slave_1: left allmulticast mode
[  828.190556][ T7967] bridge_slave_1: left promiscuous mode
[  828.198167][ T7967] bridge0: port 2(bridge_slave_1) entered disabled state
[  828.207431][ T7967] bridge_slave_0: left allmulticast mode
[  828.213088][ T7967] bridge_slave_0: left promiscuous mode
[  828.219974][ T7967] bridge0: port 1(bridge_slave_0) entered disabled state
[  828.230025][ T7967] bridge_slave_1: left allmulticast mode
[  828.235858][ T7967] bridge_slave_1: left promiscuous mode
[  828.241532][ T7967] bridge0: port 2(bridge_slave_1) entered disabled state
[  828.250332][ T7967] bridge_slave_0: left allmulticast mode
[  828.256175][ T7967] bridge_slave_0: left promiscuous mode
[  828.261856][ T7967] bridge0: port 1(bridge_slave_0) entered disabled state
[  828.272876][ T7967] bridge_slave_1: left allmulticast mode
[  828.279872][ T7967] bridge_slave_1: left promiscuous mode
[  828.289141][ T7967] bridge0: port 2(bridge_slave_1) entered disabled state
[  828.299898][ T7967] bridge_slave_0: left allmulticast mode
[  828.305810][ T7967] bridge_slave_0: left promiscuous mode
[  828.311502][ T7967] bridge0: port 1(bridge_slave_0) entered disabled state
[  828.479750][ T7967] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  828.489719][ T7967] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  828.499932][ T7967] bond0 (unregistering): Released all slaves
[  828.521186][ T7967] gretap0 (unregistering): left promiscuous mode
[  828.639839][ T7967] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  828.648784][ T7967] bond_slave_0: left promiscuous mode
[  828.655663][ T7967] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  828.664520][ T7967] bond_slave_1: left promiscuous mode
[  828.670394][ T7967] bond0 (unregistering): Released all slaves
[  828.769169][ T7967] bond1 (unregistering): Released all slaves
[  828.803406][ T7967] dvmrp1 (unregistering): left allmulticast mode
[  828.848738][ T7967] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  828.858946][ T7967] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  828.868325][ T7967] bond0 (unregistering): Released all slaves
[  828.986560][ T7967] tipc: Left network mode
[  828.991408][ T7967] tipc: Left network mode
[  829.360321][ T7967] hsr_slave_0: left promiscuous mode
[  829.367859][ T7967] hsr_slave_1: left promiscuous mode
[  829.375240][ T7967] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  829.382626][ T7967] batman_adv: batadv0: Removing interface: batadv_slave_0
[  829.392058][ T7967] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  829.401536][ T7967] batman_adv: batadv0: Removing interface: batadv_slave_1
[  829.409451][ T7967] batadv_slave_1: left promiscuous mode
[  829.421094][ T7967] hsr_slave_0: left promiscuous mode
[  829.427093][ T7967] hsr_slave_1: left promiscuous mode
[  829.432881][ T7967] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  829.442062][ T7967] batman_adv: batadv0: Removing interface: batadv_slave_0
[  829.450742][ T7967] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  829.460204][ T7967] batman_adv: batadv0: Removing interface: batadv_slave_1
[  829.471462][ T7967] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  829.480433][ T7967] batman_adv: batadv0: Removing interface: batadv_slave_0
[  829.488390][ T7967] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  829.496561][ T7967] batman_adv: batadv0: Removing interface: batadv_slave_1
[  829.511497][ T7967] veth1_macvtap: left promiscuous mode
[  829.517205][ T7967] veth0_macvtap: left promiscuous mode
[  829.522721][ T7967] veth1_vlan: left promiscuous mode
[  829.528450][ T7967] veth0_vlan: left promiscuous mode
[  829.534274][ T7967] veth1_macvtap: left promiscuous mode
[  829.539764][ T7967] veth0_macvtap: left promiscuous mode
[  829.545393][ T7967] veth1_vlan: left promiscuous mode
[  829.550628][ T7967] veth0_vlan: left promiscuous mode
[  829.556881][ T7967] veth1_macvtap: left promiscuous mode
[  829.562365][ T7967] veth0_macvtap: left promiscuous mode
[  829.567971][ T7967] veth1_vlan: left promiscuous mode
[  829.573207][ T7967] veth0_vlan: left promiscuous mode
[  829.763569][ T7967] team0 (unregistering): Port device team_slave_1 removed
[  829.788925][ T7967] team0 (unregistering): Port device team_slave_0 removed
[  830.868998][ T7967] IPVS: stop unused estimator thread 0...