last executing test programs:

4m25.111307139s ago: executing program 3 (id=1010):
r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000000)=ANY=[@ANYBLOB="12010000000000207d1eed2c00000000000109022400000401220500090581030000000000"], 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io$hid(r0, &(0x7f0000000200)={0x24, 0x0, 0x0, &(0x7f0000000040)={0x0, 0x22, 0x5, {[@local=@item_4={0x3, 0x2, 0x1, "1552c10d"}]}}, 0x0}, 0x0)

4m23.390423575s ago: executing program 3 (id=1017):
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f0000000300)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(camellia)\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000280)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18)
r1 = accept4(r0, 0x0, 0x0, 0x800)
sendmmsg$alg(r1, &(0x7f0000000040)=[{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48000}], 0x1, 0x24044088)
r2 = socket$alg(0x26, 0x5, 0x0)
r3 = socket$inet6_sctp(0xa, 0x5, 0x84)
setsockopt$inet_sctp6_SCTP_PR_SUPPORTED(r3, 0x84, 0x71, 0x0, 0x0)
r4 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r4, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000004c0)=ANY=[@ANYBLOB="6c0000001000ffff28bd7000f8dbdf2500000000", @ANYRES32=0x0, @ANYBLOB="0000000000030000440012800b000100697036746e6c000034000280140002002001000000000000000000000000000014000300ff0200000000000000000000000000010500090029000000080004"], 0x6c}, 0x1, 0x0, 0x0, 0x20004845}, 0x90)
r5 = socket$inet6_sctp(0xa, 0x801, 0x84)
r6 = memfd_create(&(0x7f0000000040)='\x02A\xbb\xcc\x96\x0e\x00\x00\x00\x00\x00\x00', 0x6)
mmap(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x3, 0x11, r6, 0x0)
ftruncate(r3, 0x0)
r7 = syz_open_dev$sg(&(0x7f0000000200), 0x1, 0x400040)
ioctl$SG_IO(r7, 0x2285, &(0x7f0000000e40)={0x53, 0xfffffffffffffffd, 0x6, 0x6, @scatter={0x0, 0x0, 0x0}, &(0x7f0000000b40)="1e859a05e132", 0x0, 0x2c92, 0x10, 0x0, 0x0})
sendmmsg$inet6(r5, &(0x7f0000000580)=[{{&(0x7f0000000140)={0xa, 0x4e20, 0x9, @dev={0xfe, 0x80, '\x00', 0xe}, 0x5}, 0x1c, &(0x7f0000000b40)=[{&(0x7f0000000340)="f2", 0x1}], 0x1}}, {{&(0x7f0000000180)={0xa, 0x4e24, 0xff, @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, 0x1}, 0x1c, &(0x7f0000000400)=[{&(0x7f00000001c0)="17", 0x1}], 0x1}}], 0x2, 0x0)
shutdown(r5, 0x1)
setsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(r5, 0x84, 0x22, &(0x7f0000000040)={0x9, 0x2, 0x200, 0x7}, 0x10)
ioctl$BTRFS_IOC_QGROUP_LIMIT(r6, 0x8030942b, &(0x7f0000000180)={0x48f3, {0x0, 0x8, 0x2, 0x19, 0x6}})
bind$alg(r2, &(0x7f0000000640)={0x26, 'skcipher\x00', 0x0, 0x0, 'xts(aes)\x00'}, 0x58)
syz_open_dev$media(&(0x7f0000000140), 0x40, 0xc8102)
syz_emit_ethernet(0x46, &(0x7f0000000880)=ANY=[@ANYBLOB="bbbbbbbbbbbbaaaaaaaaaaaa86dd0000000000000000ff020000000000000073748ce50000013c907c0000000000000000000000000000000000000000000000000000000000405748594c1e97f63e21348910e0572e5a9e8ce161f90912d2fd715fc71516dd9b8edb33ef218d57000fa2c114e0477437ab94cccaab52a2224df52349b8aaec01706947cdf85c3eb4702df002341fd4b60ccfe18db5c363f56b99c0c9922b4f5a69b3a005291a7f7ec01c0ec471c01708ae4a33d241b437af486b31736be0388afdee9738c09dbd42da4d98a8faf1c87f6f9a4ad754ff760fd313e278079cf3e5fdea55b2b14784cc459970560b80f8853178581f3f2a436ae7d8b5f8f6d24af0d0f77ee185a3c9ca6519afbb06e40d07e6e3"], 0x0)
socket$kcm(0x10, 0x2, 0x10)
r8 = dup(r2)
sendmsg$nl_route_sched(r8, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)=@newtaction={0x18, 0x30, 0x63b, 0x0, 0x0, {0x9}, [{0x4}]}, 0x18}}, 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r8, 0x6, 0x0, 0x0, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000480)={&(0x7f0000000380)=ANY=[@ANYBLOB="3800000054000100010000000000000007000000", @ANYRES32=0x0, @ANYBLOB="20000100ad36e6d3451d233be6cb9363e349baf05acc835e10c15d8dd3d43dc4260fe0b2f3", @ANYRES32=0x0, @ANYBLOB="01000300ac1e000100000000000000000000000086dd0000"], 0x38}, 0x1, 0x0, 0x0, 0x4}, 0x24000050)
rt_sigaction(0x8, &(0x7f0000000180)={&(0x7f00000002c0)="243747360ff6a6000000002ba2f99c9022000000c4a2f100274638e741c44240f29a3b470000d385260a4a000000c4027d36b0b00536fe0d094e486ff5b1bba69a42fa212175b6d5378bcc2d3a000000", 0x4, 0x0, {[0x1be63bf3]}}, 0x0, 0x8, &(0x7f0000000100))
syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='status\x00')

4m22.997890063s ago: executing program 3 (id=1020):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000000), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000540)={'wlan1\x00', <r3=>0x0})
sendmsg$NL80211_CMD_JOIN_IBSS(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000340)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="010100000000000000001d7e000008000300", @ANYRES32=r3], 0x28}, 0x1, 0xf00, 0x0, 0x4010}, 0x8800)

4m22.756847222s ago: executing program 3 (id=1022):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
r1 = openat$autofs(0xffffffffffffff9c, &(0x7f00000000c0), 0x40100, 0x0)
move_pages(0x0, 0x1efe, &(0x7f0000000080), 0x0, &(0x7f0000000040), 0x0)
r2 = openat$fuse(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0)
syz_mount_image$fuse(&(0x7f0000000040), &(0x7f0000000000)='./file0\x00', 0x0, &(0x7f0000002200)={{'fd', 0x3d, r2}, 0x2c, {'rootmode', 0x3d, 0x4000}}, 0x0, 0x0, 0x0)
r3 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901)
move_mount(r3, 0x0, 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x226)
ioctl$AUTOFS_DEV_IOCTL_CATATONIC(r1, 0xc018937e, &(0x7f0000000200)={{0x1, 0x1, 0x29}, './file0\x00'})
r4 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000400)=ANY=[@ANYBLOB="1201000000000040c41090ea00000000000109022400010000002009040000010300000009210000000122070009058103"], 0x0)
syz_usb_control_io$hid(r4, 0x0, 0x0)
syz_usb_control_io(r4, &(0x7f00000000c0)={0x2c, &(0x7f0000000100)=ANY=[@ANYBLOB='\x00\x00\b'], 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_usb_control_io$hid(r4, 0x0, &(0x7f0000000500)={0x2c, 0x0, 0x0, 0x0, &(0x7f00000003c0)=ANY=[@ANYBLOB="2001d4"], 0x0})
syz_usb_control_io$hid(r4, 0x0, &(0x7f0000000540)={0x2c, 0x0, 0x0, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="20010e"], 0x0})
syz_usb_control_io(r4, 0x0, 0x0)
r5 = syz_open_dev$I2C(&(0x7f0000000000), 0x1, 0x402)
ioctl$I2C_SMBUS(r5, 0x720, &(0x7f0000000180)={0x0, 0x18, 0x3, &(0x7f0000000240)={0x91, "a52422ffd60775c221c4031d467d6648a97569b7d49cc4492d050600000000ff00"}})
bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e22, 0x9, @ipv4={'\x00', '\xff\xff', @loopback}, 0x100}, 0x1c)
syz_usb_connect(0x5, 0x24, &(0x7f0000000040)={{0x12, 0x1, 0x0, 0x74, 0xad, 0x60, 0x10, 0x10c4, 0xeac1, 0xff7e, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x1, 0x2, 0x0, 0x30, 0xc8, 0x1e}}]}}]}}, 0x0)
setsockopt$sock_linger(r0, 0x1, 0xd, &(0x7f0000000140)={0x1, 0x7}, 0x8)
connect$inet6(r0, &(0x7f0000000080)={0xa, 0x4e22, 0x7, @ipv4={'\x00', '\xff\xff', @empty}, 0x106}, 0x1c)
r6 = fcntl$dupfd(r0, 0x406, r0)
socket$can_raw(0x1d, 0x3, 0x1)
syz_genetlink_get_family_id$tipc(&(0x7f0000000100), r6)

4m19.414522597s ago: executing program 3 (id=1037):
r0 = open(&(0x7f0000000180)='.\x00', 0x0, 0x0)
flock(r0, 0x2)
r1 = open(&(0x7f0000000180)='.\x00', 0x0, 0x0)
flock(r1, 0x2)
r2 = open(&(0x7f0000000180)='.\x00', 0x10000, 0x0)
flock(r2, 0x1)
flock(r2, 0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
timer_create(0x0, &(0x7f0000000680)={0x0, 0x21, 0x0, @tid=0xffffffffffffffff}, &(0x7f0000000100))
timer_settime(0x0, 0x0, &(0x7f0000000500)={{0x0, 0x8}, {0x0, 0x9}}, 0x0)
r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0x1, 0x1, 0x4, 0x8}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1, 0xd, &(0x7f0000000300)=ANY=[@ANYBLOB="18000000000000000000000000000000850000007a00000018110000", @ANYRES32=r3, @ANYRESDEC=r3], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)

4m19.250901224s ago: executing program 3 (id=1039):
socket$packet(0x11, 0x3, 0x300)
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201})
r1 = socket$kcm(0x2, 0x3, 0x2)
ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000000040)={'syzkaller1\x00', @broadcast})
write$tun(r0, &(0x7f00000003c0)={@val={0x8, 0x800}, @val={0x0, 0x4, 0x4, 0x8, 0x8000}, @ipv4=@udp={{0x5, 0x4, 0x3, 0x1e, 0x63, 0x66, 0x0, 0x40, 0x11, 0x0, @private=0xa010101, @dev={0xac, 0x14, 0x14, 0x22}}, {0x4b20, 0x4e22, 0x4f, 0x0, @opaque="b8cb719902cd926b688607b23f25ec4c068513f2d7a84fa86fd2a75d642404642ab4cfcf5dddfc2b1800f57a2b23860022752960bdbe39446d2d5c0c059c8ade31217faed2d300"}}}, 0x71)

4m18.546959367s ago: executing program 32 (id=1039):
socket$packet(0x11, 0x3, 0x300)
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201})
r1 = socket$kcm(0x2, 0x3, 0x2)
ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000000040)={'syzkaller1\x00', @broadcast})
write$tun(r0, &(0x7f00000003c0)={@val={0x8, 0x800}, @val={0x0, 0x4, 0x4, 0x8, 0x8000}, @ipv4=@udp={{0x5, 0x4, 0x3, 0x1e, 0x63, 0x66, 0x0, 0x40, 0x11, 0x0, @private=0xa010101, @dev={0xac, 0x14, 0x14, 0x22}}, {0x4b20, 0x4e22, 0x4f, 0x0, @opaque="b8cb719902cd926b688607b23f25ec4c068513f2d7a84fa86fd2a75d642404642ab4cfcf5dddfc2b1800f57a2b23860022752960bdbe39446d2d5c0c059c8ade31217faed2d300"}}}, 0x71)

11.332528951s ago: executing program 5 (id=1971):
sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)=ANY=[@ANYBLOB="48000000120001002cbd700000000000ff010000000000000000000000000001000000000000000014000d00fe8000000000000000000000000000bb0c0015"], 0x48}, 0x1, 0x0, 0x0, 0x40085}, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000380)={0x18, 0x4, 0x0, &(0x7f0000000140)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x20, '\x00', 0x0, 0x2}, 0x94)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x7)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x800000, 0x0)
r0 = add_key$user(&(0x7f00000002c0), &(0x7f0000000300)={'syz', 0x0}, &(0x7f0000000280)="d25a9850a9d77f10", 0x8, 0xfffffffffffffffe)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000018c0)={&(0x7f00000001c0)=ANY=[], 0x48}, 0x1, 0x0, 0x0, 0x4000011}, 0x0)
r1 = add_key$user(&(0x7f00000003c0), &(0x7f0000000440), &(0x7f00000000c0), 0xc9, 0xfffffffffffffffd)
keyctl$dh_compute(0x17, &(0x7f0000000140)={r0, r1, r0}, &(0x7f00000000c0)=""/83, 0xfffffffffffffe4f, 0x0)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x20042, 0x0)
add_key$user(&(0x7f0000000080), 0x0, 0x0, 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
r4 = dup(r3)
ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000000840)={0x1fe, 0x2, 0x2000, 0x1000, &(0x7f0000003000/0x1000)=nil})
r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x2)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000040)=[@text64={0x40, 0x0}], 0x1, 0x11, 0x0, 0x0)
syz_kvm_setup_cpu$x86(r3, r5, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000200)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_RUN(r5, 0xae80, 0x0)

10.230130891s ago: executing program 5 (id=1974):
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket(0x10, 0x803, 0x0)
write(0xffffffffffffffff, &(0x7f0000000080), 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sendmsg(r3, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0xb4b, 0x9, 0x8, 0x0, 0x400003}, 0x0)
r4 = socket$inet6_udplite(0xa, 0x2, 0x88)
setsockopt$IP6T_SO_SET_REPLACE(r4, 0x29, 0x40, 0x0, 0x0)
r5 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1f, 0x0, 0x0, 0x1000, 0x0, 0xffffffffffffffff, 0x4000000}, 0x50)
mmap(&(0x7f00005e8000/0x1000)=nil, 0x1000, 0x2000003, 0x28011, r5, 0xffff8021)
sendto$inet6(0xffffffffffffffff, &(0x7f0000000040), 0x0, 0x8910, 0x0, 0x0)
r6 = syz_open_dev$vbi(&(0x7f0000000000), 0x0, 0x2)
socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
r7 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route(r7, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000001140)={&(0x7f0000000600)=ANY=[], 0x4c}}, 0x0)
ioctl$VIDIOC_S_INPUT(r6, 0xc0045627, 0x0)
r8 = landlock_create_ruleset(&(0x7f0000000300)={0x2050, 0x0, 0x1}, 0x18, 0x0)
landlock_add_rule$LANDLOCK_RULE_PATH_BENEATH(r8, 0x1, &(0x7f0000000340)={0x2000}, 0x0)
socket$alg(0x26, 0x5, 0x0)
syz_open_dev$radio(&(0x7f0000000040), 0x1, 0x2)
rt_sigaction(0x40, &(0x7f0000000140)={&(0x7f0000000000)="24339e9e0f1c2bdfd5c4a2f10027c6c43b640febce41d3ca6566f00fc02c101c65d2150e000000dbf5", 0x0, 0x0}, 0x0, 0x8, &(0x7f0000000380))
syz_open_procfs(0x0, &(0x7f00000004c0)='stat\x00')
sendto(r1, &(0x7f0000000740)="120000001200e7ef007b00000000000000a1", 0x12, 0x0, 0x0, 0x0)
recvmmsg(r1, &(0x7f00000037c0)=[{{&(0x7f00000004c0)=@ethernet={0x0, @random}, 0x80, &(0x7f0000000380)=[{&(0x7f0000000140)=""/100, 0x64}, {0x0}, {&(0x7f0000000fc0)=""/4096, 0x1000}, {&(0x7f0000000400)=""/106, 0x6a}, {&(0x7f0000000980)=""/73, 0x49}, {&(0x7f0000000200)=""/77, 0x4d}, {&(0x7f00000001c0)=""/17, 0x11}], 0x7, &(0x7f0000000600)=""/191, 0xbf, 0x34000}}], 0x1, 0x2040000, &(0x7f0000003700)={0x77359400})
getsockopt$netlink(r0, 0x10e, 0x5, &(0x7f0000000080)=""/163, &(0x7f0000000140)=0xa3)

9.942831635s ago: executing program 1 (id=1976):
r0 = socket$netlink(0x10, 0x3, 0x0)
r1 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
socket$inet6(0xa, 0x3, 0x5)
syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0)
io_setup(0x2, &(0x7f0000000000)=<r2=>0x0)
r3 = eventfd(0x0)
io_submit(r2, 0x2, &(0x7f00000003c0)=[&(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x8, r3, &(0x7f0000000040)="e159edcca1b8af69", 0x8, 0x3, 0x0, 0x0, r3}, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x2, 0x1, r3, 0x0, 0x0, 0x6}])
syz_clone3(&(0x7f0000001e80)={0x166002400, 0x0, 0x0, 0x0, {0xa}, 0x0, 0x0, 0x0, 0x0}, 0x58)
munmap(&(0x7f0000800000/0x800000)=nil, 0x800000)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x8031, 0xffffffffffffffff, 0x0)
ioctl$UFFDIO_API(0xffffffffffffffff, 0xc018aa3f, &(0x7f0000000040)={0xaa, 0x139})
ioctl$UFFDIO_MOVE(0xffffffffffffffff, 0xc028aa05, &(0x7f0000000000)={&(0x7f0000724000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, 0x2000, 0x3})
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000000)={'bridge0\x00'})
sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000480)=ANY=[@ANYRESHEX=r0, @ANYRES8=r0, @ANYBLOB="0524060000000001300012800b0001006272696467650000200002800c002e00fffff6ffffffffff050007001f"], 0x6c}}, 0x0)

7.870966977s ago: executing program 5 (id=1986):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000300)=ANY=[@ANYBLOB="140000001000010000000000090000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x10)
sendmsg$NFT_BATCH(r0, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000000300)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a44000000090a010400000000000000000a0000040900010073797a310000000008000540000000020900020073797a310000000008000a40000000010800034000000014480000000c0a010100000000000000000a0000060900020073797a31000000000900010073797a31000000001c0003801800008008000340000000020c0004260000000000000c7f14000000110001"], 0xb4}, 0x1, 0x0, 0x0, 0x4000850}, 0x40)
sendmsg$NFT_BATCH(r0, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a44000000090a010400000001000000000a0000040900010073797a310000000008000540000000020900020073797a310000000008000a40000000010800034000000004480000000c0a010100000000000000000a0000060900020073797a31000000000900010073797a31000000001c000380180000800800034000000002"], 0xb4}, 0x1, 0x0, 0x0, 0x4000850}, 0x40)

6.875381969s ago: executing program 5 (id=1990):
r0 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$SNDRV_TIMER_IOCTL_CREATE(0xffffffffffffffff, 0xc02054a5, &(0x7f00000000c0)={0x6, <r1=>r0, 'id0\x00'}) (async, rerun: 64)
write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x18, 0xfa00, {0x1, &(0x7f00000001c0)={<r2=>0xffffffffffffffff}, 0x13f, 0x5}}, 0x20) (rerun: 64)
write$RDMA_USER_CM_CMD_DESTROY_ID(r1, &(0x7f0000000240)={0x1, 0x10, 0xfa00, {&(0x7f0000000140), r2}}, 0x18)
sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000040)=@newlink={0x44, 0x10, 0xffffffffffffffff, 0x70bd2b, 0x25dfdbfb, {0x0, 0x0, 0x0, 0x0, 0x35a71, 0x51a67}, [@IFLA_LINKINFO={0x24, 0x12, 0x0, 0x1, @bond={{0x9}, {0x14, 0x2, 0x0, 0x1, [@IFLA_BOND_ARP_INTERVAL={0x8, 0x7, 0x8523}, @IFLA_BOND_USE_CARRIER={0x5}]}}}]}, 0x44}, 0x1, 0x0, 0x0, 0x50}, 0x20008040)

6.148885986s ago: executing program 5 (id=1992):
ioctl$TCSBRKP(0xffffffffffffffff, 0x5425, 0x7ff)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
openat$vimc1(0xffffffffffffff9c, 0x0, 0x2, 0x0)
sendmsg(r1, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0xb49, 0x9, 0x8, 0x0, 0x3}, 0x0)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
shutdown(0xffffffffffffffff, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="0000000000000000000410000000000000000000", @ANYRES32=0x1, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYBLOB='\x00'/28], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000400)={0x1, 0x0, 0x0, &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2d, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffcc7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f0000000140)={0x1, 0xe, &(0x7f0000000900)=ANY=[@ANYBLOB="b7020000f7ffffffbfa70000000000002402000020fe29817a0af0fff8ffffff69a4f0ff00000000b70600000018d1fe2d6405000000000075040000000000400704000000000000b7040000100000206a0700fe000000008500000005000000b70000000a00000095000000000000000000c2c62f6004ad13aa957e2af5e49a53c2868f0399d909a63796c113a80c19aab9d607000000b6c9483be3f0d3253730e714c46cc4f79fd2b316da4f0de8163f6242fa7323f1740637c48468766af540439fce41f144631ac262dcae18c3d1a1fbe96dc86035b44174f7c0620254ab6d285e6b343185089a0f119e31975e551558050800000000000000125d67857f290870093f38153608561a2128a79cce912d1f05de330800a9f5422bee8ca49166f6a587f2f593775afcd071efc5a972f757521b7b38ec273c2ad3e406f8c124f7dc1c4553229a69df4b2780e6da4420d71489fe383e0b5ce08b750502f2b8add8d2dddde19ac050537e973782b4053150580035fb2c579e1b2100000033d1ee8cab6d236f05b1f7b9f78fd5abfe033eb79f7a0b498366f5edfe311258016fbf47d9c85bf5325bf61419372be377022433e20900a262b20bb8b36de7b0e6c5ebfc5baec1ebe58d4af587d33e2935ad68da6e0fea5c21301f5d002b51a5b60fc741cb2c5d4cd5e896774f9293a64355"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x34}, 0x94)
socket$kcm(0x11, 0x2, 0x300)
sendmsg$inet(0xffffffffffffffff, &(0x7f0000000380)={&(0x7f0000000080)={0x2, 0x4e1f, @remote}, 0x10, 0x0, 0x0, &(0x7f0000000000)=[@ip_pktinfo={{0x1c, 0x0, 0x8, {0x0, @multicast1, @loopback}}}], 0x20}, 0x0)
unshare(0x42000000)
r2 = gettid()
timer_create(0xb, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r2}, &(0x7f0000bbdffc))
ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x48000, 0x0)
ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
connect$inet(0xffffffffffffffff, 0x0, 0x0)
r4 = fsopen(&(0x7f00000001c0)='ramfs\x00', 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r4, 0x6, 0x0, 0x0, 0x0)
r5 = fsmount(r4, 0x0, 0x0)
migrate_pages(r2, 0x80, &(0x7f00000000c0)=0xe6, &(0x7f0000000240)=0x7)
fchdir(r5)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='cgroup.controllers\x00', 0x275a, 0x0)
syz_usb_connect(0x0, 0x3d, &(0x7f0000000000)=ANY=[], 0x0)

5.999022254s ago: executing program 2 (id=1994):
setsockopt$inet6_int(0xffffffffffffffff, 0x29, 0x38, 0x0, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f0000000300)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x0, 0x0})
mremap(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x2000, 0x7, &(0x7f0000fff000/0x1000)=nil)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = socket(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r2, &(0x7f0000000080)={&(0x7f0000000000), 0xc, &(0x7f0000000040)={&(0x7f0000001500)=@newtaction={0x14, 0x31, 0x829, 0x0, 0x0, {0x0, 0x0, 0x2}}, 0x14}, 0x1, 0x0, 0x0, 0x4010}, 0x0)
socket$netlink(0x10, 0x3, 0x0)
ioctl$TIOCSSOFTCAR(0xffffffffffffffff, 0x80047437, &(0x7f0000000140)=0xffff)
openat$audio(0xffffffffffffff9c, 0x0, 0x0, 0x0)
socket$inet6_mptcp(0xa, 0x1, 0x106)
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
mknod$loop(&(0x7f0000000140)='./file0\x00', 0x8fff, 0x0)
move_pages(0x0, 0x20a0, &(0x7f0000000040), &(0x7f0000001180), &(0x7f0000000000), 0x0)
futex(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
r3 = socket(0x1d, 0x2, 0x6)
setsockopt$ALG_SET_AEAD_AUTHSIZE(r3, 0x6a, 0x2, 0x20000000, 0x8)
r4 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
openat2$dir(0xffffffffffffff9c, &(0x7f00000001c0)='./file0\x00', &(0x7f0000000200)={0x321440, 0x2a, 0x31}, 0x18)
syz_mount_image$fuse(&(0x7f0000000280), &(0x7f00000002c0)='./file0\x00', 0x800400, 0x0, 0x1, 0x0, &(0x7f00000005c0)="b1c9ee0354b645d401b5281046ce4b7eefa1319b981deb4af56d6cdb0cd485cf0a8bddab6ba37ac5a6935dd0ffc5ccb45b9b9fe1bce8ce543a8ef9de57eebe77b97057f571be67f67d35b061b0bfbd085b72e77af1bdedccb98c108fb6016c")
ioctl$IOMMU_IOAS_ALLOC(r4, 0x3b81, &(0x7f0000000240)={0xc, 0x0, <r5=>0x0})
ioctl$IOMMU_TEST_OP_MOCK_DOMAIN(r4, 0x3ba0, &(0x7f0000000100)={0x48, 0x2, r5, 0x0, 0x0, 0x0, <r6=>0x0})
ioctl$IOMMU_GET_HW_INFO(r4, 0x3b8a, &(0x7f0000000380)={0x28, 0x0, r6, 0x7, &(0x7f0000019080)=""/33})
execve(&(0x7f0000000180)='./file0\x00', 0x0, &(0x7f0000000800)={[&(0x7f0000000940)='\x7f\xb7\xc3\x7f\xa5a\xd6A*c\x9b\xd8R\xf02b\xefA|uiWb\x8f\xee\x1c\xc5\xdb^\x11\x16h\x83\x94y<yN\xfbXh[\xe9\xa9\x1702\x7f\x9e\xf0\x99\xad\xdc;p\x98R\a\xb1\x9d^\x0f\x121\xb3\xab7P\xd6\xcb\x06\xfe2~W\xd9\xad\x80\xd9!\x89%\xb80\xa3l;\x1eK\x90\x15\xc6\x11A\xfc\x7f\xc6\xed\xe7\xa3\x9f\xb4\xce\"\xef\xa8\x86F\x15\xb9\rj\f\xafa\xb0}\xde\'E\x84\xb2bO\xd2\xd4\x85F\xde1e\xe0\xf2\xa0/\xd3<\xda\xfe\x04,\xfa\x97\xb6\xf4\xcf\x0el\xf2\xbd\x18\x88\xd7\x02\xce\x99\x1f\xadj\x89\xd9\xb7\xae9\xb0\xb0{n.\xd7\x87C\x0eh|KZG\x108l\n\xcd\xe9\x04\xafM\xbf\x83#>\x89\xf1Y{\x87\xd5\xf3\xccMr\xc5\xbdT\x9e\xc4\x84\x06\xcd\x8b\xcd\t\x01']})
truncate(&(0x7f00000000c0)='./file0\x00', 0x1)

5.998520681s ago: executing program 4 (id=1995):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
setitimer(0x2, &(0x7f0000000000)={{0x77359400}, {0x77359400}}, 0x0)
getitimer(0x2, &(0x7f0000000400))
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
mknodat$null(0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0, 0x103)
r4 = openat$fuse(0xffffffffffffff9c, &(0x7f00000001c0), 0x2, 0x0)
mount$fuse(0x0, &(0x7f0000000100)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000002380)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r4, @ANYBLOB=',rootmode=00000000000000000100000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0])
read$FUSE(r4, &(0x7f0000002400)={0x2020, 0x0, <r5=>0x0}, 0xfffffeef)
r6 = socket$packet(0x11, 0x2, 0x300)
mmap(&(0x7f0000003000/0x2000)=nil, 0x2000, 0x0, 0x2000011, r6, 0x0)
r7 = mq_open(&(0x7f0000000080)='eth0\x00#\x13\xaeu\xe0\xfbu0*\xf3\x11i\xdd\xd9\xc6\x87\xde\xbf_\xa0\xf6\xdfk\xbf.\"\xa6\xc0#p\xcd\x1c/\xa6\xf2\xbcyL\x85a\xb5\xbb~+>\xbc\x93\xf8\xab\x9a3\x85l\x1d\x15\x11\x1a{@!2\xb6!\xae\xf79k\x90\x88\v8I$\xfdQ\x1d\x90=r\xd8\xc0\xd8\t/\x8dv\xb8\x93\xc3C\xae\x9dc\xd1T\xdd\x14\xd3\xe1\xbe_$A=z\xee\xbd/X\xbemOX)s\x94\xde\xbe_\v\x01\xbe\xeb\xbb\x91\x11z\xc2|d\x1b\x04\xd2\xf9yx\xb2\x1b\bLTrw\x88\x9e0\t\xc6\xe2\x9c\xed\\\xd8[\xc8\x04 \xf3\xac]V\x1d:\xfc\xc3\x9e\x02\ax\xef\xfe\x1c.TT\xcf\xbf\xf5\x80a%\xdcQ\xb3CuT\xcc7\x8avs\xb2\a\xfe\xb3j*\xad\x18I\xcc\xe9\xaa{]\xef\xb7\xf2\xee*\xf95\bJt\xd0s\xc4\xaa\xc8\x13~\xb2\xf20\xbdf\xdb\xaeG\xe3\xfb\xef\x94\xef:Q\x1b\xe3\xa3\xa4}\xef`e\xcdL\xab\xdb\r\xf2y\x9fg1\xf4\t\x18i/!\x13\xf1,\x8cu\xaa\xbf~)\x94\x1b2\x93\x86\xe7\x9a\xf2j\xa8\x96\xa6\xa2\xfcN\x81\xafTh\xb3\x1bo:\xe8\vq7S\xe4H\xf3L\xa0\x9c\x97B\x12\x10\x9d\xaa\x7fq\x06\xb9(\xf6\x1c\x83\xb1J\xec\x926\xb5a0\xa0B\xae|', 0x42, 0x0, 0x0)
r8 = socket$nl_audit(0x10, 0x3, 0x9)
sendmmsg(r8, &(0x7f0000003f40)=[{{&(0x7f0000000480)=@nl=@kern={0x10, 0x0, 0x0, 0x2000}, 0x80, &(0x7f00000005c0)=[{&(0x7f0000000500)="fe", 0x1}], 0x1, &(0x7f0000000600)=[{0x10, 0x111, 0x3}], 0x10}}, {{0x0, 0x0, &(0x7f0000002900)=[{&(0x7f0000000840)="88", 0x1}], 0x1, &(0x7f0000002940)=[{0x10, 0x1, 0x1}], 0x10}}], 0x2, 0x40002)
sendfile(r1, r0, &(0x7f0000000300)=0x9, 0x8)
mq_timedsend(r7, &(0x7f0000000600)='m', 0x1, 0x6, 0x0)
mq_timedreceive(r7, &(0x7f0000004600)=""/102381, 0xfffffceb, 0x0, 0x0)
write$FUSE_INIT(r4, &(0x7f0000002300)={0x50, 0x0, r5, {0x7, 0x9, 0x0, 0x8695c3813a9bd78d}}, 0x50)
syz_fuse_handle_req(r4, &(0x7f000000b1c0)="02cbda572ec32cf73bdbc52bfa4e157261eb6cbd0d1d50c9d937a19739fcb9f8697bf69c0e2e526012185f1b86989056f9c2d38906e8a47b9b5fde55a777a6357ac40c211de6325f496fd86dac09bb38b62b37d715d06e3c61b172aa4a662cefc7810ba37161c637a9b56a7c7b022426826076f1d2bf3c3b6f92ab9c27d691385c3efc354f1423d01d6a49d534fca3f2bf518cd645cf18b4ac2d2ac4c5c29ba487c9d27bb488a73146d5b9e21427af37dee4a276646eb2519e4f6c76cce2f7bf7e708d5180959f71d3797220101849c5144ef8338a5a2079ecce466000cf290d4df42e82865512fb5fb01fb655613cf1c469682edd86a4bef86aa23240ca6a2ff38b59339f7530e8a8027aee0628e0f81b2f5c661b149d780f20ec54c8d3d42c0c49f83b1c0d4bec94bc9221e6fc7c75ebd3b68081df207721584055baeaf6429616d57cb35d2977d45971d209e4c45dfe3c5c105e0e2b49fc8685b4945f31c9468f3c950fcf70a8f45e5a3be62f73c228a6a34a99b6f584b42c50506a6c14187f44887270011cc98d7e5e258df533411c8d39bfa9e27014912ed9e9696fd4074fbefcd4817a344be5ea348f4a7a34733a5bc5674b1bcd39404d5a458d1e19b6d4bdb4e23403154249b5798dea7b60bbf0c09c25027a4efd49d36cbe65b7450c0bde580d356ad4e3cc7a9a57e6ac0b542592617869e57d9bed28f0590241bdeb51fa775aa8806a55df2c795a61146bdbe38eb7a716180bb9b728696bb0e78ff11f89b17c7e7fe9b14ea976ccd9991f01f5d0c4620053d0b5ce42af76591fd0706494b91a6dfc43560f9a9538ada19825ffe3a7cc7a56b755d46ae1189b1f1ac729d9938ad48a066624c1b28003a9d193b4b34c4ab2609949df96f693389f27dd3e1f42b178eb17079c1448d7e9fac30ddb53ce8e5a157db8296cd3069d332bad0528ae56a6db41ba84699b85f225a78a33879512a5f0b795fc58957ef6766afcf546fe36c8125276eeaac9d647b2459c164aae86a2703e85d4f552a0647cb4bdfaecf6ec3a264a6b6892a9a1ba08a9055e98b49edc4e1f8010f63f601a8251921df70e15011116c471a70a0580b1789bcff471dcc95ad209a44ca2453d58d3ea4c71e0383db68adf332a497a84faada33f18bd3cd79ff9d6809409769b02a66cf524534ab7134e3066eef904d8961195d9cdc396a012bb3bc1b1ccd60317d08cb059174642aa3f60584e58e7417c1736f6863fae9e7103158711167a53d7d5deddacee6958fd4c2e0672b8dd90b41512b1f59fc49099633860dd6902c1df3d5924b1cf81ec848d51129b3eddea619129e961390d65d2243d400a1e30e524eeee1a701da5e21598acf457947bad693892a2989097ecbe9607a33ffb33425ccac5e19ebd1f88bf3acc03331adf9697bed04b33ac9fceaa3bdc9a417b12108e10f9c45b6d36181099056a448689da4ef68beee35f5930ce4a5712cbed98239a674c5883d6a5e0df9c1cbe1eda8dc19d14c4abe896e3b28bb3d4b2a0e9ae31ca07b9819825f3a6ab82c5501becf023a656cbff569dbc3035ae3c585747fb459581629051286b170b679b683a0b2eea6ef3b41a68012e5f4d64f689c2b909cfd06d37c0a802be2d882351bffeddef1373d8cbafa10fefbc28b31a70b6e912fc61257aa76a0f0dc1d3ef72d2f61517a359053c3dcb7d49d8a4da61bcf3b3dafc0528bb037cec0d986b3949fff38a21dab6b8a3a167bacf067c5f7842ebebcc1bd54776b2e54a098303c6331beb16e42d0669a518af2d173405786439d739b813c145c4f9f98a537b1065bf4636c76e38b71943815a6d1227d0a6965dffc37c00444aebd2ec19286b83443902dba1354a69377e97070a79151e64711111bf3e0a755b0fb1a1d5d009fdf61b665b41a3b7dbd0655236360141c52b93bc907b0672743973c30d6c9ece47fa1fe3625cc8acbe305156012ef1c5ea140be70b804887be593f25faa13ee4ea2d9821d23c3e047d74ad4f7de4d95d275ea3e6c87479f1badfcef002ebc7020b581a096abac1a80ef6ff476a01b01f7c0fb1239fcc182f74e5b5965412c0f4170432af15daf457143b1f41422b8a7f9b81c15a156ddef9af95955090d013cd52aa66ebfbc87c8030e7f86b52aadaa2e63c261185eed7c46b5f8d56e8301a9cc1578aff77b42419a5eb2e263207ef259f4da6ca6466ac9326a633b39e005028c07c9aedf17a70e638d7ed84638406e6028be879fd0fe491152e181d5527933950eb67a52cf155d5c845a6425e41a47b44d9905de26e5132c8d594c1bf6d4f12dbcb96d7431a56546800275623679d6c189e0cebd1fb8063140b89d42da60ed06206d329c29841e69c820428bcde53c998bee0380a816d080b36f64574718b84e0ecafbfd2b9981f4886df258dbf1cfdb148b171516500572a7086516fd519bc861878ec2fceb6872229ff1e9782720e590d8ef4691fa9c4c54bfcc843015913a2ed40bf37048151d17b44365f7f8d3b816d1b1cd40dc5dda6ab8f637b5f6bae92580f1c269c9231c9a79d58d43208be7622147db352b1294260eeab12409f5b5ee94d99548640634bc9479a6e6e06cc8838bf85d9bd95452eaf8ad3cf6c070aac36a7d38fe23cebfaba46c74a6c5c98b1b5243edfe405161b8c3ea0cdb1bcb4e1041fc62451a6094b0c56ee2ed29520b87228959bc01a9a9f54d214704bd321b152a0e88d0646e99a92a390dfa6bc2c34d418e5e900a3b641ab34a5fd8de751bfb3253b7aae3948d871892d7b76b351b073a93f3ad82b0c59bc49ed922c8d63f8d12c14ce1912bf877bc7877f619b03d09200836c775675e0614efabfd5665c3bf12e6131a7232639729b79ac1c5e807246d30934b0f63b31a06c4722278299949c7785d796b6d3d4a5f2fa652b7fe8be447cafe93fcb07167f3ef16b94261fc3a9d22a57a7aac56562a231d79dbf3bdc1f436206337ff0f8e019d76b823c5976ee23ba4e553ec62d261bdc7da90fee46d3472cc267a7a74b88112ef765091df03bb59cf303feaa0149b371a7bdd75c0187ce842dd1e4cdaf7fc0f5ef7ffb559c535f19100ba653728cd936987731d5ac99cb9ef772975b17b2aff8b872df0d189c7944d63ed66cfce8ee92e7a1082c2a501007aacbe0011e6c32489bcb888e1c464bec59902d940d81136c543098a60104bcfd0f4e7c27cb114ff42e8d31fe09a4bcc21cae5ef2f8e4890bd8139fff1b1b2a39e29eaf2e5d2fb810ea37a13e6d2105a6c2ccd03fc110c6f9063e2433e1450dc8ebd8ede0445af662cf7ee705003630ab7d9fc6ed30169ed674dda2802d519e3b49016c6f11612ae53230b062281ddf7a678784516c3d177857f8bdbec7910af8c81333e471bd8a973ce858a14756ef6ec85498714fe8e1e6600023804004b968eea42c410bf0f5c5b2471835454f20230a6d342f96f71a2e64f54b838e5cd939d7a651d402fd60a8a2a081de0c536d5b81345d92165e79fa65140b91c23cdb5829db55f1f93b88bb43a355e9304a17355851d52c0d745b611a30eb400044dce6ac742bcce9df9583b827514af8a2ed4a04553817ba6ea22e9beaba65d32189a5c2bf65a09d2c8a8798c0645fb24157a4e71be7889fe65c34869d8852b21661407feed92afb0bfe582693a21c050e5adce1fe97755b0be276c36b81b89700b99d23d315a64f7e115eacdb3ade725cb3cfe36c27a5e2addad60290b022a9fc26132b5ec3b5f1d884399fd992525a3e17e18e7ee6078a64b7efc3bbd116e5c305d8ad935baff18ed94c7a8720e729132e110f986991a3ad21cc637282f55588b12756895e2d10afce85b1a04fc271b217278f156c7ffb1ed9dd52b18fc8b153802fc329dca81b278d715f6e31fbcc77d8ce5c2786573bacac30791aff5771fece44063d1e84abcd6a4ae016858893605eecf253c79e59c2152efbe9fdfee3c441e4bc9cb14fc96a675aa17bf7d2024d665fe3982b61888bbe7129a1ec8fafc3480170c71d05f5d22ef7ff0e2ca598fd02bbd0ad82e6ab0e775388bf3aa421c20b6a2a5e256386abff1103f46a8b5c54c2d54b81c50d8bd98aea724bda55f99d95956e939b85d59abdc50ea4cf1d44afa3e8dffc9d84c6b7d28b78c40d7498670602b97c5e2a6281c7876dabc1d14d156e827873818bc590644d2a1d084d39c84e78127b087bf2cd9353fd13d4ab12350318aedadaca6a2728267e6f5f16547caadf3ac2fade3c86b516c6ab53d61ea1c148835b9a2c91fd0ded7283ef720086dfc7728968924731715f78915045a69122d8b23a6db47cc6fccf402b9913e46c9a36924327ca9bba6bb8cf7cc80952501fc2181a2ec7ae4364cc6eac0cba0edda68f3b398a249d114702147f8b1cd9c7f8a15345f42a7a50334928eb4e2de974e4ae2ffb796bc640922f7ada0933460e0c0fc06276dfd228da9bfbbe5a3eade6f98594b0226339156022aad7aa8c9650417cb1551b3b6b31ce436396f68134a6ef23d6b926988fc410f81e1ae01282f244e70051f1b93644f78af3ef6359d106b291568e1ad00ad6ee102964fb7aaaec9732e43a21ea28cda496e4ae367ea738482e777290cca2ef61c8ff10c1b9546b5d395d21c98542f37578d297c13899247a6fdcdf0b8cba6b498875926a19852f97ef60dc1a0c4069fdd4d1fb87a6cd58b8786210687d644a4bad6f8fee0bc5fb94294cffc323e97597be6a5e457a5dd27fe2ebf5c34aef3bb5c43ba0a7d931e7ab02b7c290c5d04a41c01d14d6fc1ba80bfedf71caa0f7e59b135fad73e28d4861d601f79ad32edc6f8d1978d8ecf787f3c9ac71b2404939827b16f3915c8b1445dd1ec012aaeff88789c396665a50df52b244ce5b100d9a29ce52903b8f7f3662c0d0599fd1a7071798b759be02d58e5c6e4626b477653655fb7f5d7bc0ad94dbfe131c9ba5a994c1605c03b9f5173f8205c580bff685e693b23ab4cc7b2e4b21282b14f65684747ad98c0d855a205a6e17b5bb4c2b07097ae32393690e4e07a7f3e25d6bd01c1fb973a67edfa4e1d4a7a96b68570dd9d3bdfbe8a5a69adbd17167533ddbd2a58d70ca1ccea6428770dbcfeb47ddffa99e8b5e69bd34641c1f1a033e86215447fd2927482b12a85f11ae1d8b2054d7f642a9ba526e5a7d8e3d81bd394c264666f4b4dc3ff9c1584f277ff31a29c1358d9a953e0ae2822a3d174a0ce3da386083ae06f02723aea03931a38116a8e4afbc36fb9c094eb340214881a6f838f8d66141e451b9a1bd250363e591bc4ac566123a379272c08c0511e29e1dd1bc06869f3fd151bada9b28a6a71970ae3580d5bb0ab76b38068f504659bc335be1bb2a285329f749303600211d6ef7e151ad861b946d99f36d20074d65426f68a6758270ff946dd387ed3b150199fd81fd2e76a70a2fe2d7a2f8899079068ce48c5380db7e69a1a91f244ed32400e8d9e3097ec2065570dbde88faaee4a938f0b4cc20f31f175df62bf6cd88968ef7e24912dbbf91869eb9b34498d7f6000ef9a62c9441f4177ab5da1428d647b6e3cea1ca8a91b1a1246c2e048654e350cbf3dd4daaaa2558ff9c505ce0fcbcf93601a725289c38724290cffddf87e5345b43a66eb5f9fef718b0df4bcfe82c466017c3d8f0bbfd5544ff2d834a6e653ae789561df44281c8510b4bad838d04ab4a8e84fc4fc022bbe8454b36273cec843731c1df6fce42947a029f61e030990c0002b6f2c9c552227c8785c0b53683de3e518123548e332d25f2b270f595aad389951d1edbb9c6fb14cb4e479acff1ffac191da3d80a696b8be5919710c9137ecc0ca383d8666e30a356759a5299f44c2bfcd03a8df33de0e27d6038a9551cfc5ff43de0d42a6d033bf15f3a44d52f8a71554d1a2efb78042c1c9957256d7ea06b7751b40668feefff205c74f0f947ae0920aa746f17027bbef312708bf72fb23c12d0dcf6493584c1bdd0b5780017c038bc23fb6c25c560bb6da3775cf03502c07b987e64f8a2b84a870b5dd90c6aea7fad3d0a3ee46fda953dc085d272ee5855104b8bab8ed8bfd3338e75eb9ad8118f25c7e580fec613e30cf3eb7059e06d9be015709ba6c9de9dc9b6df8228b13f0439fa8d530aa9a4dc1d44abc3191c159a8816e7368fc5c6a0e57eb881d734c7a5459ba3be1b8a17b5ee6777ee42e962aee199f35ee2c2d4a39275e1dd6a8546daadc7ceab2c90667ad48c75bc7008ec2d7daa57562260d6d4509e67850e988b640569c050d3bedbd6c2de9b4f466e2d0c6f83c3c2392a5adcce1523e89f730a84f8cad28f84d1a0991f44aa4714f93088ec2a2836766d73569c7b0c1f70a067a3f0dff1d01661937aecb39e3d0f8e0ea282cffebbfdac63196eb13c4e53f144fc66a82cc0590f1d6d249c333420c24db92177c89cf0869346c34147dab6c3b94c325ef635d0e6d75c23906e71a7940e13364aef81b97108a4b209d372558d3bb0424ecb6a9a9ee28f7d1585c8af6f1256c812eb48515feda309a08f1a2954039ff0a60a2ab75717d2eb93024586837e552942eb63e0d6735d01258eb4dac6209370c109c1a1763dd742f3551276768648919f9093fd4e0cedff9442ac404e463eaea0ffe58a5085c987c093fd30e121218123457916ced3a7250a796a40451a4729125bce2ba5b6406e6626ecfb1d3f16287ba238feb575f60eba96443c60252d5927b81b73574ff1b7d424623b6cff5ce0d1b31b3d199c85da27f8736d990063f09dfef93402d880b2c5d7a9cdf45cbb4d1baf95be490f3dc9998c2c7ccfcc6e6395e7e09e6c44865834cd3e0968ffcc1d0f54406b55a8952cd8096e8968cdca3632b71546192c76472a66c4a8584eb748c1b3c30d52e8699adbef91329aefbf94d251d0b82bf42a648f73020881a914ea7c529802772b4b60617e9c1d9712a31d0ec3e92af4b97f50ec96e794486101a9e15daf8b7f13078d22767dc3b57bc0431ef39b3ca12b2932aa585bc856e8cf5496d78eaa50f06b483f416b31f78767bd25e260042e84c10e9cf9bb53a3f4fce11d703e90004949b55044907242f8eddef627cfc9642f4a828476074c298ea2d7b07ddb7b4a2b9f8f1e5a32fac7d105c5a12186da19ef5f6475763ee19aa670e7b45f37248fdfa796d6ae761dd77955851faa33675ee22e8174e0a126ac58b9998ccb5e4d12c3e00165533ddf710bf0ab0edf6ba1fecf9548ca1618fd980a4f9a35eeb5c1aa329a288378b9b5ed54b56075810cd22abf0c06ce0f1054805410375d6e41564b71b86cab6929c5c1cedb72e0b1237fdad44edbcfd326312caa49ed0c8f7c5a33986c89245fec75d0f9a34f744bf74d6e0f901c12ea25edd60c43d22f6644fa294534cac1c581b0cbf5d9765fc18fe6c223dcff4a85c7eeaf4cb1a9a889c236778b85e69d50d482743664bdeade11b4ced78c3d0b62ba07f98a898c6e89241ed6522fdfc430b75593673d43d695082b0114b25f231c8a141be953290b1a3855adc0146adee0b784fce2cf8243838bdcdbcf4e0dbcc2a9945deea1d02858a9e9dc54f0e818b81d024bd9b2e052a73fb59d037ab526c78faadfcdecc15f2a1d843e84aabc403e84b2fefbfbec982f22b89a2be560002d45ae12a8a2d00f0a3f55e26789a593fb8bdf20efb8a51e3d0dad9ad2caec39ea7392c58eebebc7201c78276f0127e43d5c8efef6e17ca522d69586a9e096efe80844c38841640238584936d8a96c0ba41dc0dc96a11623ff1e70ef54a9c43ec3cd0359dfdf55c8f8c306110d833d7de7a35f015369bf6d92b3b6f0f7dc717c84e51ce475df451b9a6a91c8d564aeb389267082b9cea77f09c6c6490084da3820f80d3e62bbd41a6540591c6c5cf2a18e4e829b82a6780b6b1f66d96fcfb1639a335a78f8c3ecf381148b2625859e514d35eb8c4acc98f7f8220e1827d7745f1f054691eeb1625e2d238ae03c93991058c1567be4938de2e60537749ee81f327f1f1e586ee3af4ccf53b29741c1bb0e774a1d27672ec27b43719d3710e9fd8634213738d98844717c8b1f707bd42f4077c9e59eb539f9cb32c11b47bcb7cb3efd3bf4994e90166a5ae380c821d2640fa99df59978e9b7e50f0b830943de787b1bf99e14edcdfe8565556ae2a8c0552d67898fd13551c007eb779edb60e85210a418cf0a4a41764fe9ece74f5d8000d168fab61588c5549113e8d8a059f17699d976fc7dc68cfd0ec404ef0c7eca459fbad1c40317d81b95a94b037cf96ba677697cfdce4c2c4e02cea296f25e556c02381ca891ddb6adcb0535e262b26290000c542e7616d63b211c16f86048079ca5167598aece3288f86658249e939cb6b59b6cdd3fce0e9ea81a3bb3f88908c600ea031b0028f12632d7ac2f81e54f7e7eb70ba70bc937571b242c4ef228f801b6a4376d11eabadaebb1322823eb30faf6cf21a8b38a769824e8b7009ff278f80ac2af39f0943a29458d127eabae81d2915557b09e3c49f8c22564edea93e8717306fb198dcc92eb3c9212f03dac94fa3fa1fa4e1dbd2119e024639f0ddc87cd906d3317c6ebc6e698257f73912ff46fe8d9adbd3f57ecc78cea5c1eb04ac5fd1bb79a53921fddaffd2d34f444b54208096cbd2aa3e26ca01359b05c10ff36e98e1ac97d51380c99e1b685928eced0d2f1e754001e7023d2473596feb7c7601619277dd7e844bd5544e7e360f8e4223fbd9e24b3fb69a34ced39bf7590fb853e44031d075fe647190ac7811522c73a6c6033457c14c415e4a84663d2540784a1cbb4a398f1d8612f4f3d334576c99d5721bbeac95cc34d18080e3b1365b6844152b8259c8d4618597f291f2b9e8812ab7729e108a8d44487f8993faabf6c6a8f49db727f17cdfec43b34c39cfdd3916fa6953e34f316100368c7b2836c11dcd4710986980356b7ec4ba23fab5cc5a8c6cacb61cc65570231407ca647946393031986cf4736280ed2d7976d66618fc240191455ae405f1d62145297179c040a707093fb8f60f5a3738b8bf78bbdf952478da7e9d3c892af5b83cd9dd4f00fcfa13beb9e6988e3c4b4e5300e3757a93efaef9023fb9d7442cb1a49d7efdec32ac1f98e6227cad38538f6383c3b6efca2fda7c101ec548c3549e7ac5e737478343ca47cdcd65acb71e0eade28c684b69785ae1fe31aaec713834b6635938d7d66426e965498978e4b467f6132daa6026c39dcbf95656b9be5c074badc18b5a74e12967b45e23099fa765ea5c8c18f0feae94755827e494f251ae96882b5c5f6d54713de02501faef1fcb59bf0d66f9d0cd3a493b139237aefdbd402a3df9dd5beb2887a055261a08047be52fa51f61636255870366e837f20d0f83b8557fa4a003647152ee27bd34b5af52743d4c431ff4a116ae1184c810e8397ef2a056845c6e3b5c0beafbf8f78488102412e04e47fb87be9a9ddc075ab519f424ebf821da659b18ae3b61a7b243ff94e3d1ba420cb342db7b8060937749892a7954d3ba5e63017703f5224602616ff6d3fec42444b2524f97dfa467d9db91681dce08de5ccb1ac2bf6cb5e6c1d586b2fc62e78b0bc23e1924a4f023adb39803fd6c3d52c40b13df9c6f54bb2b4ef88f5d0ffdfef13ae46dbf75aa6457da3bdc1781dc814b0b69debee7456aa7f75571caef87f624ef703fea75f136cc7f90af0ae558cf3de5e8cc92f3e803bd46e05f42e4167af8136db6982ad26a52778e1fefcbabe61a57f00cbf04e3c82445c04bbd8832b8bb9a7cb854a22f98cd7b422a7abafe6a00571539802e56f036d5a26d79a86cb100b90ae168d2406c2c0b9c5274ad69298e7983f4b30e006cf4882e90ca8af4e445dc06d0639231638dd39929065d920af913cc7284619fcacab0023893352468eec73d7014407e5d4bca9e49d412ffb12e68610c26206de0b3282e925b83389cbdfbc41cf279440a13838a1431ea4f1a371b6b143b914238773d171bc7b44c07729e8723fe51b8180fc9c9be6694477132cb82b22b2512518266781e687fcd460995ed581059d3c692ecbdc8daf3c76e5a5bc8e57973fed5fb3465a3dcb5557f92dba1e212f9bda66fc4829e10ce3e8b6c117b1214cb246211c861eaabf8ccaa94aedd58349399e619c2dc587719d7901d2cd85ced669d0ea898c4f127d1a4cf274aa0405d225605edf425dc9b7375c8ac2940bb369eec586097f0cc07940ecc8bd400976b9b36027a040be6e64a2fa4f7ba5d59ce9b4f76192d260d665290b20faa3a6a941939a0b3042ef4d8f9b980c71a13496b104965e1c3dab25cb46147bca6170baa0237c8a5cd1c437e43a50302490462585410f65e03186df5fc2c5bcd89f6d6a4ac34c971f0579070ab6e9a6a84159b2910a7ba797fb09dbd3ab88c23951b1a91df8cfc2d13de85dc715e2a111458acc4d640a59c199faa2bb28ec3309864fd8a6997ac89833853101a08198aa6ab3e5167b4e8e55843efae1ecd3fc6507f3a97bf2f8c4c4da4896c788a17a5fe8d8c3f79fe41dd7f4497380f1ffc8f8d6cc2c2dead697e4947cfe680a0e2b5100743444536134cde4378b0b1fe6ddc09dfe8d618f93edffeb7d097a37a19248be0bf9c4f536a484a5fc96f18f2eb4f6462b20bee241ce16b4790c854bca10914e3ba98eb0970765571a8ad45baba39d20b8c1bbb7c65717e265f5fc5edefb130aada09aa7f2c50c45de6de7327faef192977f499b7aed9e73c2ecb97f7256f89fc8b4834670f798438fac5a5045d61a7f429eba77de37517b984b0acfbd6f494a1414b0fc040244bb62a19150e0c15e5315b2618d05429263dd1847accc5de9baca08edc921ed9a0af00175c118ab801da9980098fc4a2bf16ba73e580000b49129a5fba00a1f2c45c0d0939be83ad93569dd61330913e8b381f9aff6d6a584862d636c1a4989dd3fd14853bf033be56f21a3cf1eb95d7df7c6436ff3d5a8f472bf4a3fa8b0b0741d953d9644e0ec801d4154336357d2d1492c6d336b9101827c1401898ecdca5a66c6f727d23d3ebb95530ecfee0f7649c221d2c131e56d37a8d422b0803ed0d623a2de36e9279c3c1c806654fbce9305cbb44210e282fa53c72f813440fd0cbfff492716c4a06cf99f4809481d51a03a88911f48f25db6784e16f3a251d5fb75fca164911e4a88d1b904b5372d8660d309f347dce2810552a4789af371f3e67418433cdb0d69a4fc562514cb396141f31312fab85f68c1ecd9d03ba37b40934535cc3e53c71a3a51663a479eca63dc5c15a387e5753cfa806402b6426b8dcaace2553d219b2ae02bd45fd4fde6e3e1bd6370d3e8d558aea69854381f1dad0fe2bbf1a73043f03aafe81c3a3d386c758abcb45cc537bf40d459e138f418802ec61abcad5e333389d74ea941eb5f26b25ed7642e0135fd8e3e2fc998613023dd5b804e2cf1a80ea60b353535b1446e3ebb542c1c15d87c6f5a4716455c8a9f52380161a5d23e9678417fe7ed64760e14c1390bcf73e1d531bb3548d7b9df25b6f85512667af396fad73110d1ab69a8ecdddaf29dc3701a5d927e599f5c2af293a6b276da7a5c917298ea24c2366d5e91593605fcbc4d6462", 0x2000, &(0x7f000000d8c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f000000d540)={0x78, 0x0, 0x0, {0x0, 0xfffffffc, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3fb, 0x0, 0x8000, 0xfff, 0x0, 0xee00}}}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
newfstatat(0xffffffffffffff9c, &(0x7f00000003c0)='./file0\x00', 0x0, 0x800)
creat(&(0x7f00000002c0)='./file0\x00', 0x80)
syz_open_dev$mouse(&(0x7f0000000180), 0x3, 0xc8940)
ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f00000001c0)={'wlan1\x00', <r9=>0x0})
sendmsg$NL80211_CMD_JOIN_MESH(r3, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000080)=ANY=[@ANYBLOB='L\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="010040000000000002034400000008000300", @ANYRES32=r9, @ANYBLOB="08002600851600000a00180000000000000000001c005a8018000180140002"], 0x4c}}, 0x0)
sendmsg$NL80211_CMD_REQ_SET_REG(r3, &(0x7f0000000200)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f0000000140)={&(0x7f0000000240)=ANY=[@ANYBLOB="d864d0b38c6d35d55b05a706ef1f03ed5dfa37b02573129fa443919333ba5dae39c3a1c911e34c82a335a607976439b63af05113fac6e63704fdda092861e3f99a50ac42e207e953dd181d0e56e90c6bc3f4ce48aef772b3e75c0c6f10a47b6d309a25", @ANYRES16=r2, @ANYBLOB="08002bbd7000ffdbdf251b000000050092005f000000"], 0x1c}, 0x1, 0x0, 0x0, 0x10}, 0x44004)

5.727450316s ago: executing program 4 (id=1996):
syz_open_dev$tty1(0xc, 0x4, 0x2)
socket$inet6(0xa, 0x1, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f0000000300)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r2 = fcntl$getown(r1, 0x9)
syz_emit_ethernet(0x3e, &(0x7f0000000300)={@link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x1}, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x2}, @void, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x2, 0x0, 0x30, 0x65, 0x0, 0x81, 0x1, 0x0, @private=0xa010101, @remote}, @source_quench={0x4, 0x0, 0x0, 0x0, {0x5, 0x4, 0x1, 0x0, 0x3, 0x65, 0x75, 0x11, 0x88, 0xe, @broadcast, @multicast1}}}}}}, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, r2, 0x2, 0x0)
sendmsg(r1, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0xb49, 0x9, 0x8, 0x0, 0x3}, 0x0)
chdir(&(0x7f0000000480)='./cgroup\x00')
r3 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r3, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000000)=ANY=[@ANYBLOB="b8000000190001030000000000000000fc0100000000000000000000000000043ed300000000000000000000000000000000000000000000020010"], 0xb8}}, 0x0)
sendmsg$nl_xfrm(r3, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000000)=ANY=[@ANYBLOB="8801000014"], 0x188}}, 0x0)
mkdir(&(0x7f0000000000)='./control\x00', 0x0)
open(&(0x7f0000022ff6)='./control\x00', 0x0, 0x0)
socketpair$tipc(0x1e, 0x1, 0x0, &(0x7f0000000000))
r4 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x1f, 0x1, 0x40, 0x40}, 0x50)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000080), &(0x7f0000000180), 0x1003, r4}, 0x38)

5.443459437s ago: executing program 1 (id=1997):
r0 = socket$nl_sock_diag(0x10, 0x3, 0x4)
sendmsg$DCCPDIAG_GETSOCK(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)={0x4c, 0x12, 0x101, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, {0x0, 0x0, [0x0, 0x0, 0x0, 0x2000084], [0x0, 0x0, 0x9], 0x0, [0x40000000]}, 0x400}}, 0x4c}}, 0x0)

4.958782116s ago: executing program 1 (id=1998):
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]})
socket$inet_mptcp(0x2, 0x1, 0x106)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(&(0x7f00000000c0), r0)
r1 = openat$audio(0xffffffffffffff9c, &(0x7f0000000180), 0x109842, 0x0)
r2 = epoll_create1(0x0)
ioctl$FS_IOC_SETFLAGS(r2, 0x40088a01, &(0x7f0000000040)=0x10000000)
epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, r1, &(0x7f0000000000)={0x10000000})
ioctl$SNDCTL_DSP_SETFMT(r1, 0xc0045005, &(0x7f0000000000)=0x400)

4.876380047s ago: executing program 1 (id=1999):
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000040), 0x84042, 0x0)
r1 = syz_open_dev$loop(&(0x7f0000000080), 0x47ffffa, 0x1a6c42)
ioctl$LOOP_CONFIGURE(r1, 0x4c0a, &(0x7f00000000c0)={r0, 0x2000, {0x0, 0x0, 0x0, 0x3, 0x140000, 0x0, 0x0, 0x1e, 0x1c, "339f020bbe82b39800000000000000000003000ec0c1b403b1c4369d0374024bceaac594b1b3d74138ef2a565ef1e83323691c58d66500", "a9103939c787a16c1ca43f80026d1a8554fe581b59ded130e04d528539f3d3289737f0374c72a964a02447a75df8a69ea917deb7ba193b3e7772fd29f35239d2", "24431a1e77a68e174f000000400000000010e200", [0x0, 0x400]}})
ioctl$LOOP_SET_CAPACITY(r1, 0x4c07)

4.322124755s ago: executing program 2 (id=2000):
r0 = socket$inet6_sctp(0xa, 0x801, 0x84)
sendmmsg$inet6(r0, &(0x7f0000000080)=[{{&(0x7f0000000140)={0xa, 0x4e20, 0x9, @dev={0xfe, 0x80, '\x00', 0xe}, 0x5}, 0x1c, &(0x7f0000000b40)=[{&(0x7f0000000340)="f2", 0x1}], 0x1}}, {{&(0x7f0000000180)={0xa, 0x4e24, 0xff, @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, 0x1}, 0x1c, &(0x7f0000000400)=[{&(0x7f00000001c0)="17", 0x1}], 0x1}}], 0x2, 0x0)
shutdown(r0, 0x1)
getsockopt$inet_sctp6_SCTP_PEER_AUTH_CHUNKS(r0, 0x84, 0x1a, &(0x7f00000009c0), &(0x7f00000002c0)=0x8)
r1 = syz_usb_connect$uac1(0x2, 0xb8, &(0x7f0000000100)=ANY=[@ANYBLOB="12010103000000106b1d01014000010203010902a600030156c0020904000000010100000a24010101bb02010211240601040507000a0008000300020005052405060f0f2406020504020002200a000a00040c24020203020250800009010d2406050203078887000a00000924030101010505"], &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x2000000000000046})
syz_usb_control_io$uac1(r1, 0x0, &(0x7f0000000180)={0x44, 0x0, 0x0, 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB="208101000000fff3507cd0c59162b84cedfa856d2ff139a9fff6d1e06f31ee8f9dec37e1963a1e194a1bda5d4cf40bc1784141922ec92fa8acc4a9546db196f2c940bcead3e2c12869d1b68137af80298517ac2fa90ee0"], 0x0, 0x0, 0x0, 0x0})
r2 = socket$kcm(0x10, 0x2, 0x0)
rt_sigaction(0x1, &(0x7f0000000040)={0x0, 0x0, 0x0}, 0x0, 0x8, &(0x7f00000002c0))
r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='cgroup.kill\x00', 0x275a, 0x0)
fcntl$lock(r3, 0x25, &(0x7f00000006c0)={0x0, 0x2, 0xc, 0x5})
sendmsg$kcm(r2, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000280)=[{&(0x7f0000000000)="d8000000100081044e81f782db44b904021d083910000000000000a1180015000600142603600e120900210000000401a80016000400144006000300036010fab94dcf5c0461c1d67f6f94007134cf6ee08000a0e408e8d8ef52a98516277ce06bbace8017cbec4c2ee5a7cef4090000001fb791643a5ee4ce1b14d6d930dfe1d9d322fe7c9f8775730d16a4683f5aeb4edbb57a5025ccca9e00360db70100000040fad95667e006dcdf63951f215ce3bb9ad809d5e1cace81ed0bffece0b42a9ecbee5de6ccd40dd6e4edef3d93452a92954b43370e9701", 0xd8}], 0x1}, 0x0)
r4 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000240)='/sys/kernel/tracing', 0x0, 0x0)
lseek(r4, 0x0, 0x0)
socket$inet_icmp_raw(0x2, 0x3, 0x1)
ioctl$IOCTL_GET_NCIDEV_IDX(r3, 0x0, &(0x7f0000000200))
syz_usb_control_io$uac1(r1, 0x0, &(0x7f0000000640)={0x44, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000540)={0x20, 0x83, 0x2, "39a2"}, 0x0, 0x0})

3.558679264s ago: executing program 4 (id=2001):
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket(0x10, 0x803, 0x0)
write(0xffffffffffffffff, &(0x7f0000000080), 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sendmsg(r3, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0xb4b, 0x9, 0x8, 0x0, 0x400003}, 0x0)
r4 = socket$inet6_udplite(0xa, 0x2, 0x88)
setsockopt$IP6T_SO_SET_REPLACE(r4, 0x29, 0x40, 0x0, 0x0)
r5 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1f, 0x0, 0x0, 0x1000, 0x0, 0xffffffffffffffff, 0x4000000}, 0x50)
mmap(&(0x7f00005e8000/0x1000)=nil, 0x1000, 0x2000003, 0x28011, r5, 0xffff8000)
sendto$inet6(0xffffffffffffffff, &(0x7f00000002c0)="906992d484cfaeb3f7afd47fc58a770000000000003a35fcd1220274339e32e28557f93b7e1441990e4f1e642818e37822542dc0445de75d89a586", 0x3b, 0x8910, 0x0, 0x0)
r6 = syz_open_dev$vbi(&(0x7f0000000000), 0x0, 0x2)
socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
r7 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route(r7, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000001140)={&(0x7f0000000600)=ANY=[], 0x4c}}, 0x0)
ioctl$VIDIOC_S_INPUT(r6, 0xc0045627, 0x0)
r8 = landlock_create_ruleset(&(0x7f0000000300)={0x2050, 0x0, 0x1}, 0x18, 0x0)
landlock_add_rule$LANDLOCK_RULE_PATH_BENEATH(r8, 0x1, &(0x7f0000000340)={0x2000}, 0x0)
socket$alg(0x26, 0x5, 0x0)
ioctl$TUNGETIFF(0xffffffffffffffff, 0x800454d2, &(0x7f0000000280)={'syzkaller1\x00'})
syz_open_dev$radio(&(0x7f0000000040), 0x1, 0x2)
rt_sigaction(0x40, &(0x7f0000000140)={&(0x7f0000000000)="24339e9e0f1c2bdfd5c4a2f10027c6c43b640febce41d3ca6566f00fc02c101c65d2150e000000dbf5", 0x0, 0x0}, 0x0, 0x8, &(0x7f0000000380))
syz_open_procfs(0x0, &(0x7f00000004c0)='stat\x00')
sendto(r1, &(0x7f0000000740)="120000001200e7ef007b00000000000000a1", 0x12, 0x0, 0x0, 0x0)
recvmmsg(r1, &(0x7f00000037c0)=[{{&(0x7f00000004c0)=@ethernet={0x0, @random}, 0x80, &(0x7f0000000380)=[{&(0x7f0000000140)=""/100, 0x64}, {0x0}, {&(0x7f0000000fc0)=""/4096, 0x1000}, {&(0x7f0000000400)=""/106, 0x6a}, {&(0x7f0000000980)=""/73, 0x49}, {&(0x7f0000000200)=""/77, 0x4d}, {&(0x7f00000001c0)=""/17, 0x11}], 0x7, &(0x7f0000000600)=""/191, 0xbf, 0x34000}}], 0x1, 0x2040000, &(0x7f0000003700)={0x77359400})
getsockopt$netlink(r0, 0x10e, 0x5, &(0x7f0000000080)=""/163, &(0x7f0000000140)=0xa3)

3.551244014s ago: executing program 1 (id=2002):
r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000040), 0x42002)
ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r0, 0xc08c5332, &(0x7f00000001c0)={0x0, 0x0, 0x0, 'queue1\x00'})
write$sndseq(r0, &(0x7f0000000000)=[{0x84, 0x77, 0x0, 0x0, @tick, {}, {}, @raw32}], 0xffc8)
ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r0, 0x4040534e, &(0x7f0000000180)={0x152, @time={0x95}})
r1 = syz_usb_connect(0x0, 0x2d, &(0x7f0000000d00)=ANY=[@ANYBLOB="120100021982302013042360e5ec0102030109021b0001000060020904840001ee48b100090582"], 0x0)
syz_usb_control_io(r1, 0x0, 0x0)
syz_usb_control_io$cdc_ecm(r1, 0x0, 0x0)
syz_usb_control_io$lan78xx(r1, &(0x7f00000000c0)={0x14, &(0x7f0000000000)={0x20, 0x1, 0x46, {0x46, 0x2, "f3f0ca4dbe2b3c86dbc634674b662dd5d12e8cd4202888e0cc28d33f92cf69b3990b4face616c80e6575752abb17e3874f8aa06baf16b64eda406388715a976d8659681e"}}, &(0x7f0000000080)={0x0, 0x3, 0x4, @lang_id={0x4, 0x3, 0x41b}}}, &(0x7f0000000300)={0x34, &(0x7f0000000100)={0x0, 0xf, 0xae, "78a0de88c887ab6178c0a9e56b5493f7e38fbe846918dad4aafa571c70df763152dd71c1bf3454fe52f86698dde399b16318557c7a826378dd23d0f1f98bbca07139e83cee531618c348ed6625d858ca7151f9dce87f6b926425ff5d82ff8fecaf486669002a5b71ac8b91a2450f65ac0e1b3b770af0124342124b67cf98be0e1a37c932dac9fea048f1ac4f7ec2069b37b76e4ad57bca94147e87c39e105c839de895b357fb2c160f7562f261b6"}, &(0x7f00000001c0)={0x0, 0xa, 0x1, 0x76}, &(0x7f0000000200)={0x0, 0x8, 0x1, 0xfa}, &(0x7f0000000240)={0xc0, 0xa1, 0x4, 0x81}, &(0x7f0000000280)={0x40, 0xa0, 0x4, 0x8}, &(0x7f00000002c0)={0xc0, 0xa2, 0x2f, "4ff82ab62c7ec88ffe83dc28b67b03a645b0209aea1b58ba57c706d7a595b9cd92434a2fe75b697c7b8aafc73a30d2"}})
syz_usb_control_io(r1, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r1, 0x0, 0x0)
syz_usb_control_io(r1, 0x0, &(0x7f00000009c0)={0x84, &(0x7f0000000640)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})

3.447437413s ago: executing program 0 (id=2003):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000300)=ANY=[@ANYBLOB="140000001000010000000000090000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x10)
sendmsg$NFT_BATCH(r0, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000000300)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a44000000090a010400000000000000000a0000040900010073797a310000000008000540000000020900020073797a310000000008000a40000000010800034000000014480000000c0a010100000000000000000a0000060900020073797a31000000000900010073797a31000000001c0003801800008008000340000000020c0004260000000000000c7f14000000110001"], 0xb4}, 0x1, 0x0, 0x0, 0x4000850}, 0x40)
sendmsg$NFT_BATCH(r0, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a44000000090a010400000002000000000a0000040900010073797a310000000008000540000000020900020073797a310000000008000a40000000010800034000000004480000000c0a010100000000000000000a0000060900020073797a31000000000900010073797a31000000001c000380180000800800034000000002"], 0xb4}, 0x1, 0x0, 0x0, 0x4000850}, 0x40)

3.218846797s ago: executing program 0 (id=2004):
socket$unix(0x1, 0x2, 0x0)
r0 = socket$can_bcm(0x1d, 0x2, 0x2)
ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, &(0x7f00000004c0)={'vcan0\x00', <r1=>0x0})
connect$can_bcm(r0, &(0x7f00000000c0)={0x1d, r1}, 0x10)
sendmsg$can_bcm(r0, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000380)={0x1, 0x840, 0x0, {}, {0x77359400}, {}, 0x1, @canfd={{}, 0x0, 0x0, 0x0, 0x0, "ef1d62ee7e923b0ad9cda5b28dd4753620a2f0271768a8284c18a4e2b5e44dc77098b18fd964df81213608ec503db52d42f1a78c97322f4ae4c8dc89cf2b1440"}}, 0x80}}, 0x0)
sendmsg$can_bcm(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000180)={0x1, 0x140, 0x4, {}, {0x77359400}, {0x3, 0x1, 0x1}, 0x1, @can={{0x4, 0x1}, 0x3, 0x0, 0x0, 0x0, "1fae97c41e81d2d3"}}, 0x48}, 0x1, 0x0, 0x0, 0x44000}, 0x800)
r2 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x7fff7ffc}]})
close_range(r2, 0xffffffffffffffff, 0x0)

3.082225217s ago: executing program 0 (id=2005):
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
ioctl$SOUND_MIXER_INFO(0xffffffffffffffff, 0x805c4d65, &(0x7f00000001c0))
symlinkat(&(0x7f0000002040)='./file0/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa/file0\x00', 0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00')
connect$unix(0xffffffffffffffff, 0x0, 0x0)
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x2, 0x0)
r2 = syz_io_uring_setup(0x10d, &(0x7f0000000340)={0x0, 0x80000002, 0x0, 0x2}, &(0x7f00000000c0)=<r3=>0x0, &(0x7f0000000280)=<r4=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$devlink(&(0x7f0000000040), 0xffffffffffffffff)
r5 = gettid()
r6 = openat$userio(0xffffffffffffff9c, &(0x7f00000003c0), 0x101001, 0x0)
write$USERIO_CMD_SEND_INTERRUPT(r6, &(0x7f0000000400)={0x2, 0x1}, 0x2)
sigaltstack(&(0x7f0000000480)={&(0x7f0000002340)=""/4126, 0x80000001, 0x101e}, 0x0)
rt_sigqueueinfo(r5, 0x21, &(0x7f0000000100)={0x1f})
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xc, &(0x7f0000000240)={0xa, &(0x7f0000000100)=[{0x7, 0x0, 0x5, 0x8}, {0x8, 0x7f, 0x1, 0x100}, {0x7f, 0x5, 0x9, 0xe}, {0x7, 0xf7, 0x81, 0x1}, {0x3, 0x1, 0xd, 0xffffffff}, {0x4257, 0x7, 0x40, 0xffffffff}, {0x3, 0xe8, 0xce, 0xfffffffe}, {0x0, 0x8, 0xb6, 0x4}, {0x2, 0x4, 0x7, 0x100}, {0x4, 0x6, 0x8, 0x7}]})
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xc, &(0x7f00000004c0)={0x1, &(0x7f0000000440)=[{0xe6, 0x3, 0x3, 0x8}]})
syz_open_procfs(0x0, &(0x7f0000000180)='net/mcfilter6\x00')
write$cgroup_int(0xffffffffffffffff, &(0x7f0000000040)=0x900, 0x12)
ioctl$SNDRV_TIMER_IOCTL_TREAD64(0xffffffffffffffff, 0x400454a4, &(0x7f0000000040)=0x1)
syz_io_uring_submit(r3, r4, &(0x7f0000000300)=@IORING_OP_OPENAT={0x12, 0x0, 0x0, 0xffffffffffffff9c, 0x0, &(0x7f0000000480)='./file0\x00', 0x0, 0x80, 0x23456})
io_uring_enter(r2, 0x3516, 0x0, 0x0, 0x0, 0xfffffdcf)

2.087863556s ago: executing program 0 (id=2006):
r0 = userfaultfd(0x80001)
ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000000140))
ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000000080)={{&(0x7f0000ffd000/0x2000)=nil, 0x2000}, 0x1}) (async)
madvise(&(0x7f0000000000/0x400000)=nil, 0x400000, 0x19) (async)
r1 = socket(0x10, 0x3, 0x0)
setsockopt$netlink_NETLINK_TX_RING(r1, 0x10e, 0xc, &(0x7f0000000040)={0x8604}, 0x10)
sendmsg$nl_route(r1, 0x0, 0x0) (async)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r3, &(0x7f0000000300)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0) (async)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) (async)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
pipe(&(0x7f00000045c0)={0xffffffffffffffff, <r4=>0xffffffffffffffff}) (async)
r5 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000180), 0x599c03, 0x0)
ioctl$IOMMU_IOAS_ALLOC(r5, 0x3b81, &(0x7f0000000000)={0xc, 0x0, <r6=>0x0})
ioctl$IOMMU_TEST_OP_MOCK_DOMAIN(r5, 0x3ba0, &(0x7f0000000100)={0x48, 0x2, r6, 0x0, <r7=>0x0})
ioctl$IOMMU_TEST_OP_MOCK_DOMAIN_REPLACE(r5, 0x3ba0, &(0x7f0000000280)={0x48, 0x15, r7, 0x0, r6})
vmsplice(r4, &(0x7f0000001440)=[{&(0x7f0000001a00)="ce", 0x1}], 0x1, 0x4) (async)
ioctl$UFFDIO_COPY(r0, 0xc028aa05, &(0x7f0000000040)={&(0x7f0000ffd000/0x3000)=nil, &(0x7f0000000000/0x3000)=nil, 0x3000})
socketpair(0x1, 0x1, 0x0, &(0x7f0000000000)) (async)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
prlimit64(0x0, 0x9, &(0x7f00000000c0)={0x8, 0x8b}, 0x0)
getpid() (async)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r8 = syz_clone(0x9cfdaa7c58b8bd70, &(0x7f0000000400)="1bcdffeda9e9c0e64ab53003301941bbeb88eb563314aafa43300466c4903a572cdc7339b50ff0960981448126008227f4da625c7bde48c2be65e090f4127c87a3284c7652e1af88ef78dac0d949668e09b31a5571c08f1d27b8b1b1eef3bd78485bdde818b5a764070f44ebbfa229db11871f45788aefef8c5b7ebdc8e6ebaeedf5d91f2c0aad7f3d396a4e238d", 0x8e, 0x0, 0x0, &(0x7f00000004c0)="9f99a1775f6c74226cc7a6463c75887260ba0c761c96f0746bc373fa14ea48b03769ba99d27a43cd794806b914f8eb9dd996e43c88024e5fb55ecf9d39f420cef43e591258266e6bc5f442389d0cd76ac9f980017ad20717f90615fd65bfb302ee4a34147881912fb823241012c4b6ebefa029ee54543d8e76a8482957424eb1cf8859ccb778ed4ea7fbd7694b5c6be16af9b285f1f20fec22b73d3414166e2221f6c8300cfff9bc4512518a161a14722393a261d8b5838fbff41fa1b4549b79f70548078999")
ptrace$peek(0x1, r8, &(0x7f00000005c0)) (async)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r9=>0xffffffffffffffff, <r10=>0xffffffffffffffff})
connect$unix(r9, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) (async)
sendmmsg$unix(r10, &(0x7f0000000000), 0x400000000000041, 0x0)

1.938955136s ago: executing program 2 (id=2007):
r0 = syz_open_dev$tty1(0xc, 0x4, 0x3)
r1 = dup(r0)
openat$udambuf(0xffffffffffffff9c, &(0x7f0000000040), 0x2)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0)
r4 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000001840), 0x2982, 0x0)
close(r4)
ioctl$DRM_IOCTL_MODE_PAGE_FLIP(0xffffffffffffffff, 0xc01864b0, 0x0)
ioctl$vim2m_VIDIOC_REQBUFS(0xffffffffffffffff, 0xc0145608, &(0x7f00000000c0)={0x6, 0x2, 0x2, 0x0, 0xc6})
write$P9_RSTATu(0xffffffffffffffff, 0x0, 0x2c2)
openat$nullb(0xffffffffffffff9c, &(0x7f0000000380), 0x4000000004882, 0x0)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, 0x0)
connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e22}, 0x6e)
r5 = socket$vsock_stream(0x28, 0x1, 0x0)
setsockopt$SO_VM_SOCKETS_CONNECT_TIMEOUT_OLD(r5, 0x28, 0x6, 0x0, 0x0)
sendmmsg$unix(0xffffffffffffffff, 0x0, 0x0, 0x0)
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x2, 0x0)
mknod(&(0x7f0000000040)='./file0\x00', 0x8001420, 0x0)
ioctl$AUTOFS_DEV_IOCTL_REQUESTER(r1, 0xc018937b, &(0x7f0000000000)={{0x1, 0x1, 0x18, r0, {0x0, <r6=>0xffffffffffffffff}}, './file0\x00'})
lstat(0x0, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x0, <r7=>0x0})
fstat(r4, &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x0, 0x0, <r8=>0x0})
lsetxattr$system_posix_acl(&(0x7f0000000180)='./file0\x00', &(0x7f0000003380)='system.posix_acl_access\x00', &(0x7f00000003c0)={{}, {0x1, 0x5}, [], {}, [{0x8, 0x0, r6}, {0x8, 0x6, r7}, {0x8, 0x3, r7}, {0x8, 0x3, r8}, {0x8, 0x1, r6}, {0x8, 0x4, r7}], {0x10, 0x5}}, 0x54, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1c0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0/file0\x00', 0x1c0)

1.934764241s ago: executing program 0 (id=2008):
socket$inet6_sctp(0xa, 0x5, 0x84)
r0 = socket$inet6(0xa, 0x3, 0x5)
setsockopt$inet6_IPV6_FLOWLABEL_MGR(r0, 0x29, 0x20, &(0x7f00000000c0)={@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02', 0x800, 0x0, 0x3, 0x9}, 0x20)
setsockopt$inet6_int(r0, 0x29, 0x1000000000021, &(0x7f0000000000)=0xffffffc3, 0x4)
sendmmsg(r0, &(0x7f0000001500)=[{{&(0x7f0000000180)=@l2tp6={0xa, 0x500, 0x80000, @remote, 0x0, 0x3}, 0x80, 0x0}, 0x5b4}, {{&(0x7f0000000040)=@l2tp6={0xa, 0x0, 0x7080000, @ipv4={'\x00', '\xff\xff', @loopback}, 0x7, 0x1}, 0x80, 0x0, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="080100000000000029000000", @ANYRES64=r0], 0x108}}], 0x2, 0xc040)

1.41303071s ago: executing program 0 (id=2009):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
r1 = socket(0x10, 0x3, 0x0)
setsockopt$netlink_NETLINK_TX_RING(r1, 0x10e, 0xc, &(0x7f0000000180)={0xffffff}, 0x10)
openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x1, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0xfffffffc}, 0x0)
socket(0x10, 0x800, 0x0)
write(r1, &(0x7f0000000000)="240000001a005f0214f9f407000904001f00000000000000000000000800040001000000", 0x24)
sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240"], 0x7c}}, 0x0)
syz_emit_ethernet(0x12, &(0x7f0000000000)=ANY=[@ANYBLOB="910418166421b54fa0aaaa050004424203"], 0x0)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x1, &(0x7f0000006680))
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$tipc(&(0x7f0000000200), r4)
sendmsg$TIPC_CMD_ENABLE_BEARER(r4, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000080)={0x34, r5, 0x1, 0x0, 0xfffffffc, {{}, {}, {0x18, 0x17, {0x21, 0x0, @l2={'eth', 0x3a, 'xfrm0\x00'}}}}}, 0x34}}, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x8031, 0xffffffffffffffff, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x9)
r6 = openat$vmci(0xffffffffffffff9c, &(0x7f0000000740), 0x2, 0x0)
ioctl$IOCTL_VMCI_VERSION2(r6, 0x7a7, &(0x7f0000000100)=0x80000)
ioctl$IOCTL_VMCI_INIT_CONTEXT(r6, 0x7a0, &(0x7f0000000140)={@my=0x1})
ioctl$IOCTL_VMCI_QUEUEPAIR_ALLOC(r6, 0x7a8, &(0x7f0000000000)={{@my=0x1, 0xffffffff}, @any, 0x0, 0x0, 0x8000000, 0x0, 0x6})
close(r6)
newfstatat(0xffffffffffffff9c, 0x0, &(0x7f00000000c0), 0x1000)
sendmsg$NFT_BATCH(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a58000000060a0b040000000000000000020000002c00048028000180080001006f7366001c0002800800034000e90001080001400000000305240200020000000900010073797a30000000000900020073797a32"], 0x80}, 0x1, 0x100000000000000}, 0x0)
syz_io_uring_setup(0x20239, &(0x7f0000000740)={0x0, 0x64c0, 0x10100, 0x0, 0x2}, &(0x7f0000000180), &(0x7f00000001c0))
open(&(0x7f0000002040)='./bus\x00', 0x143bc2, 0xd8)
socket$inet6(0xa, 0x2, 0x0)

1.350803646s ago: executing program 5 (id=2010):
r0 = syz_open_dev$tty1(0xc, 0x4, 0x3)
r1 = dup(r0)
openat$udambuf(0xffffffffffffff9c, &(0x7f0000000040), 0x2)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0)
r4 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000001840), 0x2982, 0x0)
close(r4)
ioctl$DRM_IOCTL_MODE_PAGE_FLIP(0xffffffffffffffff, 0xc01864b0, 0x0)
ioctl$vim2m_VIDIOC_REQBUFS(0xffffffffffffffff, 0xc0145608, &(0x7f00000000c0)={0x6, 0x2, 0x2, 0x0, 0xc6})
write$P9_RSTATu(0xffffffffffffffff, 0x0, 0x2c2)
mlock(&(0x7f0000000000/0x800000)=nil, 0x800000)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, 0x0)
connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e22}, 0x6e)
r5 = socket$vsock_stream(0x28, 0x1, 0x0)
setsockopt$SO_VM_SOCKETS_CONNECT_TIMEOUT_OLD(r5, 0x28, 0x6, 0x0, 0x0)
sendmmsg$unix(0xffffffffffffffff, 0x0, 0x0, 0x0)
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x2, 0x0)
mknod(&(0x7f0000000040)='./file0\x00', 0x8001420, 0x0)
ioctl$AUTOFS_DEV_IOCTL_REQUESTER(r1, 0xc018937b, &(0x7f0000000000)={{0x1, 0x1, 0x18, r0, {0x0, <r6=>0xffffffffffffffff}}, './file0\x00'})
lstat(0x0, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x0, <r7=>0x0})
fstat(r4, &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x0, 0x0, <r8=>0x0})
lsetxattr$system_posix_acl(&(0x7f0000000180)='./file0\x00', &(0x7f0000003380)='system.posix_acl_access\x00', &(0x7f00000003c0)={{}, {0x1, 0x5}, [], {}, [{0x8, 0x0, r6}, {0x8, 0x6, r7}, {0x8, 0x3, r7}, {0x8, 0x3, r8}, {0x8, 0x1, r6}, {0x8, 0x4, r7}], {0x10, 0x5}}, 0x54, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1c0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0/file0\x00', 0x1c0)

1.334725707s ago: executing program 4 (id=2011):
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x2, 0x0)
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r1 = socket(0x400000000010, 0x3, 0x0)
r2 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r3=>0x0})
sendmsg$nl_route_sched(r1, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2d, 0xffffffff, {0x0, 0x0, 0x0, r3, {0x0, 0xfff1}, {0xffff, 0xffff}, {0x1, 0xf}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8, 0x2, {0x28}}}]}, 0x38}}, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000ac0)=@newtfilter={0x478, 0x2c, 0xd27, 0x70bd25, 0x8000, {0x0, 0x0, 0x0, r3, {0x0, 0x7}, {}, {0xffff, 0x8}}, [@filter_kind_options=@f_basic={{0xa}, {0x448, 0x2, [@TCA_BASIC_POLICE={0x444, 0x4, [@TCA_POLICE_TBF={0x3c, 0x1, {0x3, 0x8, 0x9, 0x8, 0x0, {0x9, 0x2, 0x2, 0x7, 0x8000, 0x2}, {0x8, 0x2, 0x7, 0xf0, 0x1}, 0x0, 0x3, 0xfffffff9}}, @TCA_POLICE_RATE={0x404, 0x2, [0x4, 0x8, 0x3, 0x9, 0x4, 0x4, 0x4, 0x2, 0x0, 0x7, 0x16a, 0x6, 0x4, 0x5, 0x7fffffff, 0x6, 0x7b1, 0xb5, 0x3, 0x5, 0x0, 0x1, 0x7, 0x3, 0xe, 0xfff, 0x19, 0x3, 0xf8a3, 0xff, 0x3, 0x8, 0x2c1, 0x9, 0x6, 0xb, 0x8125, 0x7, 0x3ff, 0x200, 0x8, 0xe, 0x3, 0xd65, 0x4, 0x2c, 0xb, 0xc10, 0xfb, 0x2, 0xc, 0xff, 0xffff, 0x4, 0x7ff, 0x3, 0x1, 0x8, 0x2, 0xc, 0x3ff, 0xfff, 0xef, 0x662, 0x401, 0x0, 0x8, 0x1, 0x7ff, 0x77, 0xd0dd, 0x1, 0x10, 0x3, 0x7, 0x2, 0x5, 0x80000000, 0x0, 0xfffffffb, 0x80000000, 0x57d, 0x5, 0x8, 0x1, 0x8, 0x4, 0x6, 0x1, 0x6, 0x3, 0x0, 0xae, 0x7, 0x8001, 0xe, 0xfffffffe, 0x7, 0x3, 0x8, 0x1, 0x8, 0x7fffffff, 0x6, 0x10001, 0x3, 0x10000, 0x0, 0x8, 0x846, 0x1ff, 0x9, 0x3ff, 0xfffffffa, 0x5, 0x400, 0xaa9, 0x81, 0x8001, 0x3, 0x2c18, 0x8, 0x9, 0x5, 0x0, 0x600, 0x4, 0x80000001, 0x800, 0x7, 0x7, 0x2, 0x32, 0x6, 0x7, 0x2, 0x7, 0x8, 0x4, 0x2, 0x40000000, 0x7f, 0x7, 0x4, 0x7, 0x2, 0xe, 0x5d41, 0x1, 0x2a940, 0x0, 0xb, 0x8, 0x200, 0x10001, 0x9, 0x401, 0x6, 0x1, 0x3, 0x8, 0xc, 0x8, 0x9, 0x7000000, 0x9, 0x4, 0xc, 0x800, 0xfff, 0x8, 0x32e, 0x5, 0x5, 0x2, 0x40, 0x52, 0xfff, 0x6, 0x2, 0x0, 0x7, 0x9, 0x2, 0x1, 0x9, 0x0, 0x80000001, 0x8, 0x0, 0x1, 0x9, 0x1, 0x1576, 0x8001, 0x7, 0x5, 0x1, 0xcdd6, 0x0, 0x74, 0x8000, 0x80000001, 0x6, 0x5b, 0x7, 0x5, 0xccb9, 0x9b, 0xffff8bf5, 0x7, 0x0, 0x8001, 0x9, 0x5, 0x0, 0x4, 0x8, 0x29, 0x665, 0x8, 0x9, 0x7, 0x6, 0x5c, 0x0, 0xffffffff, 0x4, 0xa000, 0x3, 0x7e8, 0x86f070e5, 0x401, 0x6, 0x4, 0x10, 0x2, 0x3, 0x6, 0x5, 0x5, 0x5, 0x1000, 0xd0, 0x5, 0x10, 0x1e70, 0x40000004, 0xdbc, 0x1, 0x80000000, 0xd, 0xff, 0x4, 0xcca, 0x827]}]}]}}]}, 0x478}, 0x1, 0x0, 0x0, 0x1}, 0x800)

785.798632ms ago: executing program 4 (id=2012):
r0 = socket$nl_sock_diag(0x10, 0x3, 0x4)
sendmsg$DCCPDIAG_GETSOCK(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)={0x4c, 0x12, 0x101, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, {0x0, 0x0, [0x0, 0x0, 0x0, 0x20000ef], [0x0, 0x0, 0x9], 0x0, [0x40000000]}, 0x400}}, 0x4c}}, 0x0)

679.12112ms ago: executing program 4 (id=2013):
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$ETHTOOL_MSG_PRIVFLAGS_SET(r2, &(0x7f0000000640)={0x0, 0x0, &(0x7f0000000600)={&(0x7f0000000500)={0x18, r3, 0x1, 0x1, 0x25dfdbfd, {}, [@ETHTOOL_A_PRIVFLAGS_HEADER={0x4}]}, 0x18}}, 0x8000)
r4 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
ioctl$DRM_IOCTL_SET_CLIENT_CAP(r4, 0x4010640d, &(0x7f0000000000)={0x3, 0x2})
ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(r4, 0xc01064b5, &(0x7f0000000140)={&(0x7f0000000100)})
ioctl$DRM_IOCTL_MODE_GETPLANE(r4, 0xc02064b6, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
ioctl$DRM_IOCTL_MODE_OBJ_GETPROPERTIES(r4, 0xc02064b9, 0x0)
ioctl$FS_IOC_FSGETXATTR(r1, 0x801c581f, &(0x7f0000000980)={0x8001, 0x3, 0x9, 0x7, 0x6e64})
r5 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0xa0000, 0x0)
r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0)
r7 = ioctl$KVM_CREATE_VCPU(r6, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r7, &(0x7f0000fe8000/0x18000)=nil, &(0x7f000001fc40)=[@text16={0x10, 0x0}], 0x1, 0x1, 0x0, 0x0)
sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000340)=ANY=[@ANYBLOB="1c0000001500010000000000000000000500000008000100", @ANYRES16], 0x1c}}, 0x0)
mprotect(&(0x7f0000000000/0x2000)=nil, 0x2000, 0xc)
r8 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$DEVLINK_CMD_RATE_GET(r8, &(0x7f0000000000)={0x0, 0x0, 0x0}, 0x0)
syz_usb_connect(0x0, 0x286, &(0x7f0000000440)=ANY=[@ANYBLOB="12010000a1f169405909d02b9848000000010902740201000000000904a80010ff8a3700090505104000057f03090507010002080b0409050303"], 0x0)

652.765733ms ago: executing program 2 (id=2014):
r0 = syz_create_resource$binfmt(&(0x7f0000000040)='./file1\x00')
execveat$binfmt(0xffffffffffffff9c, r0, &(0x7f0000000080), &(0x7f00000000c0), 0x0)
r1 = openat$binfmt(0xffffffffffffff9c, r0, 0x42, 0x1ff)
close(r1)
execveat$binfmt(0xffffffffffffff9c, r0, &(0x7f0000000100), &(0x7f0000000140), 0x0)
r2 = openat$binfmt(0xffffffffffffff9c, r0, 0x2, 0x0)
write(r2, &(0x7f0000000180)="01010101", 0x4)
close(r2)
execveat$binfmt(0xffffffffffffff9c, r0, &(0x7f00000001c0), &(0x7f0000000200), 0x0)
r3 = openat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x42, 0x0)
close(r3)
execveat$binfmt(0xffffffffffffff9c, r0, &(0x7f0000000280), &(0x7f00000002c0), 0x1f00)
fchmodat(0xffffffffffffff9c, &(0x7f0000000300)='./file0\x00', 0x1ff)
execveat$binfmt(0xffffffffffffff9c, r0, &(0x7f0000000340), &(0x7f0000000380), 0x0)

350.802976ms ago: executing program 2 (id=2015):
socket$unix(0x1, 0x2, 0x0)
r0 = socket$can_bcm(0x1d, 0x2, 0x2)
ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, &(0x7f00000004c0)={'vcan0\x00', <r1=>0x0})
connect$can_bcm(r0, &(0x7f00000000c0)={0x1d, r1}, 0x10)
sendmsg$can_bcm(r0, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000380)={0x1, 0x840, 0x0, {}, {0x77359400}, {}, 0x1, @canfd={{}, 0x0, 0x0, 0x0, 0x0, "ef1d62ee7e923b0ad9cda5b28dd4753620a2f0271768a8284c18a4e2b5e44dc77098b18fd964df81213608ec503db52d42f1a78c97322f4ae4c8dc89cf2b1440"}}, 0x80}}, 0x0)
sendmsg$can_bcm(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000180)={0x1, 0x140, 0x4, {}, {0x77359400}, {0x3, 0x1, 0x1}, 0x1, @can={{0x4, 0x1}, 0x3, 0x0, 0x0, 0x0, "1fae97c41e81d2d3"}}, 0x48}, 0x1, 0x0, 0x0, 0x44000}, 0x800)
r2 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x7fff7ffc}]})
close_range(r2, 0xffffffffffffffff, 0x0)

126.183014ms ago: executing program 1 (id=2016):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000001d40)=ANY=[@ANYBLOB="101300002d00090036bd70000100000004000000cb011180c708605d8a0c9549f671af21be3edd7313f3b3cefa172a8aae2f295cc72b60b26946113d"], 0x1310}, 0x1, 0xe4ffffffffffffff, 0x0, 0x20000004}, 0x84)

0s ago: executing program 2 (id=2017):
symlink(&(0x7f0000000000)='.\x00', &(0x7f0000000040)='./file0\x00')
r0 = openat$fuse(0xffffffffffffff9c, &(0x7f000001f480), 0x2, 0x0)
syz_mount_image$fuse(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0x0, &(0x7f00000021c0)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r0, @ANYBLOB=',rootmode=00000000000000000040000,user_i', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0], 0x0, 0x0, 0x0)
r1 = openat$fuse(0xffffffffffffff9c, &(0x7f00000001c0), 0x42, 0x0)
mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x80, &(0x7f0000002140)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r1, @ANYBLOB=',rootmode=000000000100000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0])

kernel console output (not intermixed with test programs):

er 55 using dummy_hcd
[  719.173880][T11663] `: Port device team_slave_0 removed
[  719.188617][T11663] team_slave_1: left promiscuous mode
[  719.214583][T11663] `: Port device team_slave_1 removed
[  719.221120][T11663] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  719.232625][T11663] batman_adv: batadv0: Removing interface: batadv_slave_0
[  719.286032][   T43] usb 5-1: Using ep0 maxpacket: 16
[  719.302170][T11663] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  719.310532][T11663] batman_adv: batadv0: Removing interface: batadv_slave_1
[  719.335720][   T43] usb 5-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xF3, changing to 0x83
[  719.351973][   T43] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7
[  719.443482][   T43] usb 5-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1
[  719.462920][T11663] bond0: (slave wlan1): Releasing backup interface
[  719.470697][   T43] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  719.490535][   T43] usb 5-1: Product: syz
[  719.500005][   T43] usb 5-1: Manufacturer: syz
[  719.504643][   T43] usb 5-1: SerialNumber: syz
[  719.562026][   T43] usb 5-1: config 0 descriptor??
[  719.590296][T11680] netlink: 56 bytes leftover after parsing attributes in process `syz.5.1544'.
[  719.625356][   T43] em28xx 5-1:0.0: New device syz syz @ 480 Mbps (2040:0264, interface 0, class 0)
[  719.668360][   T43] em28xx 5-1:0.0: Audio interface 0 found (Vendor Class)
[  720.366752][   T43] em28xx 5-1:0.0: unknown em28xx chip ID (0)
[  720.382285][   T43] em28xx 5-1:0.0: Config register raw data: 0xfffffffb
[  720.450390][   T43] em28xx 5-1:0.0: AC97 chip type couldn't be determined
[  720.776825][   T43] em28xx 5-1:0.0: No AC97 audio processor
[  720.855196][ T5975] usb 5-1: USB disconnect, device number 55
[  720.868244][ T5975] em28xx 5-1:0.0: Disconnecting em28xx
[  720.909513][ T5975] em28xx 5-1:0.0: Freeing device
[  721.219127][T11705] netlink: 4400 bytes leftover after parsing attributes in process `syz.4.1549'.
[  721.346751][T11705] debugfs: '�`]��I�q�!�>�s���*��!)\�+`�iF=' already exists in 'ieee80211'
[  723.384671][T11754] bridge6: the hash_elasticity option has been deprecated and is always 16
[  723.643313][T11758] netlink: 36 bytes leftover after parsing attributes in process `syz.0.1555'.
[  723.739763][T11761] netlink: 56 bytes leftover after parsing attributes in process `syz.5.1557'.
[  724.113786][T11773] block nbd0: Attempted send on invalid socket
[  724.120170][T11773] I/O error, dev nbd0, sector 0 op 0x0:(READ) flags 0x800 phys_seg 1 prio class 2
[  724.516162][ T5982] usb 3-1: new high-speed USB device number 60 using dummy_hcd
[  724.948298][ T5982] usb 3-1: config 1 has an invalid interface number: 7 but max is 0
[  724.956494][ T5982] usb 3-1: config 1 has no interface number 0
[  724.976104][ T5982] usb 3-1: config 1 interface 7 altsetting 0 has an endpoint descriptor with address 0xDB, changing to 0x8B
[  725.026031][ T5982] usb 3-1: config 1 interface 7 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 64
[  725.055417][ T5982] usb 3-1: config 1 interface 7 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  725.128869][ T5982] usb 3-1: New USB device found, idVendor=1199, idProduct=68a3, bcdDevice= 0.00
[  725.140517][ T5982] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  725.167166][ T5982] usb 3-1: Product: syz
[  725.174360][ T5982] usb 3-1: Manufacturer: syz
[  725.194558][ T5982] usb 3-1: SerialNumber: syz
[  725.215684][T11778] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22
[  725.435535][T11778] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22
[  725.926377][ T5982] usb 3-1: Incompatible driver and firmware versions
[  726.035829][ T5982] usb 3-1: USB disconnect, device number 60
[  726.242379][T11799] bond1 (unregistering): Released all slaves
[  727.870916][T11816] FAULT_INJECTION: forcing a failure.
[  727.870916][T11816] name failslab, interval 1, probability 0, space 0, times 0
[  727.884335][T11816] CPU: 0 UID: 0 PID: 11816 Comm: syz.2.1573 Not tainted syzkaller #0 PREEMPT(full) 
[  727.884371][T11816] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  727.884382][T11816] Call Trace:
[  727.884390][T11816]  <TASK>
[  727.884397][T11816]  dump_stack_lvl+0x189/0x250
[  727.884422][T11816]  ? __pfx____ratelimit+0x10/0x10
[  727.884441][T11816]  ? __pfx_dump_stack_lvl+0x10/0x10
[  727.884460][T11816]  ? __pfx__printk+0x10/0x10
[  727.884484][T11816]  ? __pfx___might_resched+0x10/0x10
[  727.884501][T11816]  ? fs_reclaim_acquire+0x7d/0x100
[  727.884522][T11816]  should_fail_ex+0x414/0x560
[  727.884551][T11816]  should_failslab+0xa8/0x100
[  727.884575][T11816]  __kmalloc_noprof+0xcb/0x4f0
[  727.884595][T11816]  ? tomoyo_encode+0x28b/0x550
[  727.884618][T11816]  tomoyo_encode+0x28b/0x550
[  727.884642][T11816]  tomoyo_realpath_from_path+0x58d/0x5d0
[  727.884671][T11816]  ? tomoyo_path_number_perm+0x1bc/0x5a0
[  727.884695][T11816]  tomoyo_path_number_perm+0x1e8/0x5a0
[  727.884720][T11816]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  727.884759][T11816]  ? __lock_acquire+0xab9/0xd20
[  727.884802][T11816]  ? __fget_files+0x2a/0x420
[  727.884820][T11816]  ? __fget_files+0x2a/0x420
[  727.884832][T11816]  ? __fget_files+0x3a0/0x420
[  727.884845][T11816]  ? __fget_files+0x2a/0x420
[  727.884865][T11816]  security_file_ioctl+0xcb/0x2d0
[  727.884888][T11816]  __se_sys_ioctl+0x47/0x170
[  727.884911][T11816]  do_syscall_64+0xfa/0x3b0
[  727.884928][T11816]  ? lockdep_hardirqs_on+0x9c/0x150
[  727.884945][T11816]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  727.884962][T11816]  ? clear_bhb_loop+0x60/0xb0
[  727.884983][T11816]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  727.885000][T11816] RIP: 0033:0x7faaa438ec29
[  727.885015][T11816] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  727.885029][T11816] RSP: 002b:00007faaa5260038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  727.885047][T11816] RAX: ffffffffffffffda RBX: 00007faaa45d5fa0 RCX: 00007faaa438ec29
[  727.885060][T11816] RDX: 0000200000000180 RSI: 0000000080045503 RDI: 0000000000000003
[  727.885072][T11816] RBP: 00007faaa5260090 R08: 0000000000000000 R09: 0000000000000000
[  727.885082][T11816] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  727.885093][T11816] R13: 00007faaa45d6038 R14: 00007faaa45d5fa0 R15: 00007faaa46ffa28
[  727.885122][T11816]  </TASK>
[  727.885143][T11816] ERROR: Out of memory at tomoyo_realpath_from_path.
[  728.146090][T11816] usb usb8: usbfs: process 11816 (syz.2.1573) did not claim interface 0 before use
[  728.382457][T11822] netlink: 'syz.1.1576': attribute type 10 has an invalid length.
[  728.402457][T11822] `: Device veth1_macvtap failed to register rx_handler
[  728.556355][T11827] fuse: Unknown parameter 'f�J�'
[  728.843859][T11833] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  729.206044][ T5975] usb 1-1: new low-speed USB device number 76 using dummy_hcd
[  729.306819][ T5996] usb 2-1: new high-speed USB device number 45 using dummy_hcd
[  729.578360][ T5975] usb 1-1: config 0 has an invalid interface number: 1 but max is 0
[  729.586823][ T5975] usb 1-1: config 0 has no interface number 0
[  729.592959][ T5975] usb 1-1: config 0 interface 1 altsetting 0 endpoint 0x82 has invalid maxpacket 15263, setting to 8
[  729.603982][ T5975] usb 1-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.2a
[  729.613107][ T5975] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  729.645529][ T5975] usb 1-1: config 0 descriptor??
[  729.980377][T11836] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22
[  729.988135][ T5996] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  730.256504][ T5975] iowarrior 1-1:0.1: IOWarrior product=0x1512, serial= interface=1 now attached to iowarrior0
[  730.274091][ T5996] usb 2-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  730.288070][ T5996] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1
[  730.314987][ T5996] usb 2-1: SerialNumber: syz
[  730.362688][ T5996] usb 2-1: bad CDC descriptors
[  730.643912][ T5967] usb 2-1: USB disconnect, device number 45
[  730.749835][T11854] misc userio: The device must be registered before sending interrupts
[  731.015641][T11859] misc userio: The device must be registered before sending interrupts
[  732.053183][ T5997] usb 1-1: USB disconnect, device number 76
[  732.184778][T11867] netlink: 209852 bytes leftover after parsing attributes in process `syz.0.1587'.
[  732.195878][T11867] openvswitch: netlink: ufid size 3068 bytes exceeds the range (1, 16)
[  732.216093][   T43] usb 3-1: new high-speed USB device number 61 using dummy_hcd
[  732.357089][   T43] usb 3-1: device descriptor read/64, error -71
[  732.453100][T11869] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[  732.596272][   T43] usb 3-1: new high-speed USB device number 62 using dummy_hcd
[  732.684055][T11872] FAULT_INJECTION: forcing a failure.
[  732.684055][T11872] name failslab, interval 1, probability 0, space 0, times 0
[  732.711530][T11872] CPU: 1 UID: 0 PID: 11872 Comm: syz.5.1589 Not tainted syzkaller #0 PREEMPT(full) 
[  732.711552][T11872] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  732.711559][T11872] Call Trace:
[  732.711563][T11872]  <TASK>
[  732.711568][T11872]  dump_stack_lvl+0x189/0x250
[  732.711586][T11872]  ? __pfx____ratelimit+0x10/0x10
[  732.711597][T11872]  ? __pfx_dump_stack_lvl+0x10/0x10
[  732.711609][T11872]  ? __pfx__printk+0x10/0x10
[  732.711667][T11872]  ? __pfx___might_resched+0x10/0x10
[  732.711677][T11872]  ? fs_reclaim_acquire+0x7d/0x100
[  732.711689][T11872]  should_fail_ex+0x414/0x560
[  732.711707][T11872]  should_failslab+0xa8/0x100
[  732.711723][T11872]  kmem_cache_alloc_node_noprof+0x76/0x3c0
[  732.711737][T11872]  ? __alloc_skb+0x112/0x2d0
[  732.711750][T11872]  __alloc_skb+0x112/0x2d0
[  732.711763][T11872]  netlink_ack+0x146/0xa50
[  732.711772][T11872]  ? __pfx_genl_rcv_msg+0x10/0x10
[  732.711785][T11872]  ? __pfx_nl80211_pre_doit+0x10/0x10
[  732.711797][T11872]  ? __pfx_nl80211_post_doit+0x10/0x10
[  732.711811][T11872]  ? __asan_memcpy+0x40/0x70
[  732.711821][T11872]  ? __pfx_ref_tracker_free+0x10/0x10
[  732.711835][T11872]  netlink_rcv_skb+0x28c/0x470
[  732.711844][T11872]  ? __lock_acquire+0xab9/0xd20
[  732.711858][T11872]  ? __pfx_genl_rcv_msg+0x10/0x10
[  732.711872][T11872]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  732.711892][T11872]  ? down_read+0x1ad/0x2e0
[  732.711905][T11872]  genl_rcv+0x28/0x40
[  732.711917][T11872]  netlink_unicast+0x82c/0x9e0
[  732.711937][T11872]  ? __pfx_netlink_unicast+0x10/0x10
[  732.711953][T11872]  ? netlink_sendmsg+0x642/0xb30
[  732.711962][T11872]  ? skb_put+0x11b/0x210
[  732.711975][T11872]  netlink_sendmsg+0x805/0xb30
[  732.711990][T11872]  ? __pfx_netlink_sendmsg+0x10/0x10
[  732.712003][T11872]  ? aa_sock_msg_perm+0xf1/0x1d0
[  732.712014][T11872]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  732.712025][T11872]  ? __pfx_netlink_sendmsg+0x10/0x10
[  732.712036][T11872]  __sock_sendmsg+0x21c/0x270
[  732.712053][T11872]  ____sys_sendmsg+0x505/0x830
[  732.712068][T11872]  ? __pfx_____sys_sendmsg+0x10/0x10
[  732.712085][T11872]  ? import_iovec+0x74/0xa0
[  732.712100][T11872]  ___sys_sendmsg+0x21f/0x2a0
[  732.712114][T11872]  ? __pfx____sys_sendmsg+0x10/0x10
[  732.712145][T11872]  ? __fget_files+0x2a/0x420
[  732.712153][T11872]  ? __fget_files+0x3a0/0x420
[  732.712167][T11872]  __x64_sys_sendmsg+0x19b/0x260
[  732.712181][T11872]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  732.712198][T11872]  ? __pfx_ksys_write+0x10/0x10
[  732.712210][T11872]  ? rcu_is_watching+0x15/0xb0
[  732.712223][T11872]  ? do_syscall_64+0xbe/0x3b0
[  732.712237][T11872]  do_syscall_64+0xfa/0x3b0
[  732.712246][T11872]  ? lockdep_hardirqs_on+0x9c/0x150
[  732.712256][T11872]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  732.712265][T11872]  ? clear_bhb_loop+0x60/0xb0
[  732.712277][T11872]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  732.712286][T11872] RIP: 0033:0x7f678e78ec29
[  732.712296][T11872] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  732.712304][T11872] RSP: 002b:00007f678f537038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  732.712315][T11872] RAX: ffffffffffffffda RBX: 00007f678e9d5fa0 RCX: 00007f678e78ec29
[  732.712323][T11872] RDX: 0000000020040000 RSI: 00002000000006c0 RDI: 0000000000000003
[  732.712329][T11872] RBP: 00007f678f537090 R08: 0000000000000000 R09: 0000000000000000
[  732.712335][T11872] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  732.712340][T11872] R13: 00007f678e9d6038 R14: 00007f678e9d5fa0 R15: 00007f678eaffa28
[  732.712356][T11872]  </TASK>
[  733.062718][    C1] vkms_vblank_simulate: vblank timer overrun
[  733.070597][   T43] usb 3-1: device descriptor read/64, error -71
[  733.186411][   T43] usb usb3-port1: attempt power cycle
[  733.566073][   T43] usb 3-1: new high-speed USB device number 63 using dummy_hcd
[  733.596670][   T43] usb 3-1: device descriptor read/8, error -71
[  733.846064][   T43] usb 3-1: new high-speed USB device number 64 using dummy_hcd
[  733.886906][T11894] netlink: 209852 bytes leftover after parsing attributes in process `syz.5.1598'.
[  733.907494][T11894] openvswitch: netlink: ufid size 3068 bytes exceeds the range (1, 16)
[  733.919676][   T43] usb 3-1: device descriptor read/8, error -71
[  734.046357][   T43] usb usb3-port1: unable to enumerate USB device
[  734.161411][   T36] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  734.301009][   T36] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  734.435701][   T36] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  734.436139][ T5997] usb 6-1: new high-speed USB device number 20 using dummy_hcd
[  734.543772][   T36] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  734.872318][ T5975] IPVS: starting estimator thread 0...
[  734.953225][T11911] misc userio: The device must be registered before sending interrupts
[  735.138115][T11914] IPVS: using max 50 ests per chain, 120000 per kthread
[  735.298672][   T36] bridge_slave_1: left allmulticast mode
[  735.314326][   T36] bridge_slave_1: left promiscuous mode
[  735.330186][   T36] bridge0: port 2(bridge_slave_1) entered disabled state
[  735.397538][   T36] bridge_slave_0: left allmulticast mode
[  735.412242][   T36] bridge_slave_0: left promiscuous mode
[  735.559149][   T36] bridge0: port 1(bridge_slave_0) entered disabled state
[  735.698489][   T36] tipc: Resetting bearer <eth:xfrm0>
[  736.301559][ T5918] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[  736.337385][ T5918] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[  736.345801][ T5918] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[  736.368525][ T5918] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[  736.386627][ T5918] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[  736.829865][   T36] tipc: Disabling bearer <eth:xfrm0>
[  737.348172][T11953] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1608'.
[  737.357324][T11953] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1608'.
[  737.504098][T11958] netlink: 209852 bytes leftover after parsing attributes in process `syz.0.1610'.
[  737.556074][T11958] openvswitch: netlink: ufid size 3068 bytes exceeds the range (1, 16)
[  737.736543][   T36] bond0 (unregistering): (slave bridge0): Releasing backup interface
[  737.979178][T11967] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  738.508726][ T5911] Bluetooth: hci4: command tx timeout
[  738.802459][   T36] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  738.860558][   T36] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  738.931052][   T36] bond0 (unregistering): Released all slaves
[  738.980771][T11940] tipc: Enabling of bearer <eth:xfrm0> rejected, already enabled
[  739.026136][ T5997] usb 3-1: new high-speed USB device number 65 using dummy_hcd
[  739.208147][ T5997] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  739.228185][ T5997] usb 3-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  739.278723][ T5997] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1
[  739.303880][   T36] tipc: Left network mode
[  739.310495][ T5997] usb 3-1: SerialNumber: syz
[  739.336206][ T5997] usb 3-1: bad CDC descriptors
[  739.641968][ T5975] usb 3-1: USB disconnect, device number 65
[  739.716033][ T5997] usb 6-1: new high-speed USB device number 21 using dummy_hcd
[  739.949793][ T5997] usb 6-1: device descriptor read/64, error -71
[  740.236202][ T5997] usb 6-1: new high-speed USB device number 22 using dummy_hcd
[  740.446925][ T5997] usb 6-1: device descriptor read/64, error -71
[  740.557816][ T5997] usb usb6-port1: attempt power cycle
[  740.567802][T11944] chnl_net:caif_netlink_parms(): no params data found
[  740.581256][ T5911] Bluetooth: hci4: command tx timeout
[  740.621105][T12001] fuse: Bad value for 'group_id'
[  740.746207][T12001] fuse: Bad value for 'group_id'
[  740.916875][ T5997] usb 6-1: new high-speed USB device number 23 using dummy_hcd
[  740.953380][ T5997] usb 6-1: device descriptor read/8, error -71
[  741.418049][   T36] hsr_slave_0: left promiscuous mode
[  741.443807][   T36] hsr_slave_1: left promiscuous mode
[  741.456106][ T5997] usb 6-1: new high-speed USB device number 24 using dummy_hcd
[  741.474625][   T36] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  741.502931][   T36] batman_adv: batadv0: Removing interface: batadv_slave_0
[  741.548927][   T36] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  741.570379][ T5997] usb 6-1: device descriptor read/8, error -71
[  741.686389][ T5997] usb usb6-port1: unable to enumerate USB device
[  741.725735][   T36] batman_adv: batadv0: Removing interface: batadv_slave_1
[  741.933400][   T36] veth0_macvtap: left promiscuous mode
[  741.956232][   T36] veth1_vlan: left promiscuous mode
[  741.971961][   T36] veth0_vlan: left promiscuous mode
[  742.350201][ T5967] usb 1-1: new high-speed USB device number 77 using dummy_hcd
[  742.496113][ T5967] usb 1-1: device descriptor read/64, error -71
[  742.575867][T12027] FAULT_INJECTION: forcing a failure.
[  742.575867][T12027] name failslab, interval 1, probability 0, space 0, times 0
[  742.591557][T12027] CPU: 1 UID: 0 PID: 12027 Comm: syz.5.1624 Not tainted syzkaller #0 PREEMPT(full) 
[  742.591582][T12027] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  742.591593][T12027] Call Trace:
[  742.591600][T12027]  <TASK>
[  742.591607][T12027]  dump_stack_lvl+0x189/0x250
[  742.591631][T12027]  ? __pfx____ratelimit+0x10/0x10
[  742.591647][T12027]  ? __pfx_dump_stack_lvl+0x10/0x10
[  742.591663][T12027]  ? __pfx__printk+0x10/0x10
[  742.591687][T12027]  ? __pfx___might_resched+0x10/0x10
[  742.591701][T12027]  ? fs_reclaim_acquire+0x7d/0x100
[  742.591730][T12027]  should_fail_ex+0x414/0x560
[  742.591758][T12027]  should_failslab+0xa8/0x100
[  742.591783][T12027]  kmem_cache_alloc_noprof+0x73/0x3c0
[  742.591803][T12027]  ? __se_sys_mbind+0x4db/0xc30
[  742.591827][T12027]  __se_sys_mbind+0x4db/0xc30
[  742.591846][T12027]  ? __pfx_vfs_write+0x10/0x10
[  742.591871][T12027]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[  742.591891][T12027]  ? __pfx___se_sys_mbind+0x10/0x10
[  742.591930][T12027]  ? rcu_is_watching+0x15/0xb0
[  742.591953][T12027]  ? __x64_sys_mbind+0x21/0xf0
[  742.591975][T12027]  do_syscall_64+0xfa/0x3b0
[  742.591992][T12027]  ? lockdep_hardirqs_on+0x9c/0x150
[  742.592009][T12027]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  742.592026][T12027]  ? clear_bhb_loop+0x60/0xb0
[  742.592046][T12027]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  742.592063][T12027] RIP: 0033:0x7f678e78ec29
[  742.592079][T12027] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  742.592093][T12027] RSP: 002b:00007f678f537038 EFLAGS: 00000246 ORIG_RAX: 00000000000000ed
[  742.592112][T12027] RAX: ffffffffffffffda RBX: 00007f678e9d5fa0 RCX: 00007f678e78ec29
[  742.592125][T12027] RDX: 0000000000000004 RSI: 0000000000800000 RDI: 0000200000001000
[  742.592137][T12027] RBP: 00007f678f537090 R08: 0000000000000000 R09: 0000000000000002
[  742.592148][T12027] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  742.592157][T12027] R13: 00007f678e9d6038 R14: 00007f678e9d5fa0 R15: 00007f678eaffa28
[  742.592181][T12027]  </TASK>
[  742.811858][    C1] vkms_vblank_simulate: vblank timer overrun
[  742.821256][T12029] netlink: 209852 bytes leftover after parsing attributes in process `syz.4.1623'.
[  742.830954][ T5911] Bluetooth: hci4: command tx timeout
[  742.836957][T12029] openvswitch: netlink: ufid size 3068 bytes exceeds the range (1, 16)
[  742.968574][ T5967] usb 1-1: new high-speed USB device number 78 using dummy_hcd
[  743.111548][ T5967] usb 1-1: device descriptor read/64, error -71
[  743.211871][   T36] ` (unregistering): Port device team_slave_1 removed
[  743.230820][ T5967] usb usb1-port1: attempt power cycle
[  743.266218][   T36] ` (unregistering): Port device team_slave_0 removed
[  743.576060][ T5967] usb 1-1: new high-speed USB device number 79 using dummy_hcd
[  743.599992][ T5967] usb 1-1: device descriptor read/8, error -71
[  743.846184][ T5967] usb 1-1: new high-speed USB device number 80 using dummy_hcd
[  743.866748][ T5967] usb 1-1: device descriptor read/8, error -71
[  743.959842][T11944] bridge0: port 1(bridge_slave_0) entered blocking state
[  743.978527][ T5967] usb usb1-port1: unable to enumerate USB device
[  743.991644][T11944] bridge0: port 1(bridge_slave_0) entered disabled state
[  743.999795][T11944] bridge_slave_0: entered allmulticast mode
[  744.033358][T11944] bridge_slave_0: entered promiscuous mode
[  744.052583][T11944] bridge0: port 2(bridge_slave_1) entered blocking state
[  744.059936][T11944] bridge0: port 2(bridge_slave_1) entered disabled state
[  744.072779][T11944] bridge_slave_1: entered allmulticast mode
[  744.085103][T11944] bridge_slave_1: entered promiscuous mode
[  744.236448][ T5997] usb 5-1: new high-speed USB device number 56 using dummy_hcd
[  744.264176][T11944] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  744.304050][T11944] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  744.386106][ T5997] usb 5-1: device descriptor read/64, error -71
[  744.428362][T11944] team0: Port device team_slave_0 added
[  744.481670][T11944] team0: Port device team_slave_1 added
[  744.766044][ T5997] usb 5-1: new high-speed USB device number 57 using dummy_hcd
[  744.783446][T11944] batman_adv: batadv0: Adding interface: batadv_slave_0
[  744.857303][T11944] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  744.909041][ T5911] Bluetooth: hci4: command tx timeout
[  744.966041][ T5997] usb 5-1: device descriptor read/64, error -71
[  744.972439][T11944] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  744.993977][T11944] batman_adv: batadv0: Adding interface: batadv_slave_1
[  745.001495][T11944] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  745.066464][T11944] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  745.077415][ T5997] usb usb5-port1: attempt power cycle
[  745.496158][ T5997] usb 5-1: new high-speed USB device number 58 using dummy_hcd
[  745.508559][T12068] vlan2: entered promiscuous mode
[  745.547748][ T5997] usb 5-1: device descriptor read/8, error -71
[  745.621139][T11944] hsr_slave_0: entered promiscuous mode
[  745.665116][T11944] hsr_slave_1: entered promiscuous mode
[  745.698563][T11944] debugfs: 'hsr0' already exists in 'hsr'
[  745.731105][T11944] Cannot create hsr debugfs directory
[  745.786075][ T5997] usb 5-1: new high-speed USB device number 59 using dummy_hcd
[  745.816939][ T5997] usb 5-1: device descriptor read/8, error -71
[  745.835736][T12073] netlink: 4 bytes leftover after parsing attributes in process `syz.5.1635'.
[  745.976937][T12076] netlink: 209852 bytes leftover after parsing attributes in process `syz.0.1636'.
[  745.993036][ T5997] usb usb5-port1: unable to enumerate USB device
[  746.032017][T12076] openvswitch: netlink: ufid size 3068 bytes exceeds the range (1, 16)
[  746.061363][T12080] loop6: detected capacity change from 0 to 2560
[  746.078304][T12080] buffer_io_error: 16 callbacks suppressed
[  746.079930][T12080] Buffer I/O error on dev loop6, logical block 0, async page read
[  746.110013][T12080] Buffer I/O error on dev loop6, logical block 0, async page read
[  746.130353][T12080] Buffer I/O error on dev loop6, logical block 0, async page read
[  746.149808][T12080] Buffer I/O error on dev loop6, logical block 0, async page read
[  746.173920][T12080] Buffer I/O error on dev loop6, logical block 0, async page read
[  746.195231][T12080] Buffer I/O error on dev loop6, logical block 0, async page read
[  746.256663][T12080] Buffer I/O error on dev loop6, logical block 0, async page read
[  746.274515][T12080] Buffer I/O error on dev loop6, logical block 0, async page read
[  746.291248][T12080] ldm_validate_partition_table(): Disk read failed.
[  746.298898][T12080] Buffer I/O error on dev loop6, logical block 0, async page read
[  746.312920][T12080] Buffer I/O error on dev loop6, logical block 0, async page read
[  746.328219][T12080] Dev loop6: unable to read RDB block 0
[  746.362447][T12080]  loop6: unable to read partition table
[  746.374005][T12080] loop_reread_partitions: partition scan of loop6 (3�����) failed (rc=-5)
[  746.717936][T12098] pci 0000:00:05.0: vgaarb: VGA decodes changed: olddecodes=io+mem,decodes=none:owns=io+mem
[  746.750305][T12098] netlink: 4 bytes leftover after parsing attributes in process `syz.5.1642'.
[  747.231313][ T1304] ieee802154 phy0 wpan0: encryption failed: -22
[  747.237750][ T1304] ieee802154 phy1 wpan1: encryption failed: -22
[  747.428020][   T43] usb 5-1: new high-speed USB device number 60 using dummy_hcd
[  747.666146][   T43] usb 5-1: Using ep0 maxpacket: 8
[  747.674048][   T43] usb 5-1: config 5 has an invalid interface number: 206 but max is 1
[  747.684996][   T43] usb 5-1: config 5 has an invalid interface number: 157 but max is 1
[  747.693727][   T43] usb 5-1: config 5 has no interface number 0
[  747.700120][   T43] usb 5-1: config 5 has no interface number 1
[  747.706462][   T43] usb 5-1: config 5 interface 206 has no altsetting 0
[  747.716248][   T43] usb 5-1: config 5 interface 157 has no altsetting 0
[  747.727797][   T43] usb 5-1: New USB device found, idVendor=046d, idProduct=08ad, bcdDevice=66.9d
[  747.737167][   T43] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  747.745173][   T43] usb 5-1: Product: syz
[  747.749476][   T43] usb 5-1: Manufacturer: syz
[  747.756238][   T43] usb 5-1: SerialNumber: syz
[  748.420420][T12130] netlink: 209852 bytes leftover after parsing attributes in process `syz.5.1648'.
[  748.443846][T12130] openvswitch: netlink: ufid size 3068 bytes exceeds the range (1, 16)
[  748.509072][   T43] usb 5-1: USB disconnect, device number 60
[  748.682426][T11944] netdevsim netdevsim1 netdevsim0: renamed from eth0
[  748.946846][T11944] netdevsim netdevsim1 netdevsim1: renamed from eth1
[  749.286568][T11944] netdevsim netdevsim1 netdevsim2: renamed from eth2
[  749.364789][T11944] netdevsim netdevsim1 netdevsim3: renamed from eth3
[  749.978972][T12152] hub 9-0:1.0: USB hub found
[  750.032659][T11944] 8021q: adding VLAN 0 to HW filter on device bond0
[  750.094273][T12152] hub 9-0:1.0: 1 port detected
[  750.189045][T11944] 8021q: adding VLAN 0 to HW filter on device team0
[  750.234852][T11749] bridge0: port 1(bridge_slave_0) entered blocking state
[  750.242005][T11749] bridge0: port 1(bridge_slave_0) entered forwarding state
[  750.333031][T11749] bridge0: port 2(bridge_slave_1) entered blocking state
[  750.340239][T11749] bridge0: port 2(bridge_slave_1) entered forwarding state
[  750.753510][T11944] 8021q: adding VLAN 0 to HW filter on device batadv0
[  751.050876][T11944] veth0_vlan: entered promiscuous mode
[  751.126200][T11944] veth1_vlan: entered promiscuous mode
[  751.246748][ T5997] usb 3-1: new high-speed USB device number 66 using dummy_hcd
[  751.268910][T11944] veth0_macvtap: entered promiscuous mode
[  751.283024][T11944] veth1_macvtap: entered promiscuous mode
[  751.358080][T11944] batman_adv: batadv0: Interface activated: batadv_slave_0
[  751.393170][T11944] batman_adv: batadv0: Interface activated: batadv_slave_1
[  751.438350][ T5997] usb 3-1: config 1 has too many interfaces: 66, using maximum allowed: 32
[  751.459146][T12184] netlink: 209852 bytes leftover after parsing attributes in process `syz.5.1659'.
[  751.475711][ T5997] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  751.498377][T11749] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  751.508487][T12184] openvswitch: netlink: ufid size 3068 bytes exceeds the range (1, 16)
[  751.517123][ T5997] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 66
[  751.529220][ T5997] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  751.544582][T11749] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  751.583016][T11749] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  751.590867][ T5997] usb 3-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[  751.603111][ T5997] usb 3-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[  751.617476][ T5997] usb 3-1: Product: syz
[  751.621801][ T5997] usb 3-1: Manufacturer: syz
[  751.634236][ T5997] cdc_wdm 3-1:1.0: skipping garbage
[  751.659461][ T5997] cdc_wdm 3-1:1.0: skipping garbage
[  751.665106][ T5997] cdc_wdm 3-1:1.0: probe with driver cdc_wdm failed with error -22
[  751.770825][   T49] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  751.845076][ T5997] usb 3-1: USB disconnect, device number 66
[  752.237047][   T49] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  752.331272][   T49] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  752.702258][ T5999] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  752.786185][ T5999] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  752.994915][T12206] loop6: detected capacity change from 0 to 7
[  753.046365][T12206] Dev loop6: unable to read RDB block 7
[  753.051988][T12206]  loop6: unable to read partition table
[  753.094347][T12206] loop6: partition table beyond EOD, truncated
[  753.113773][T12206] loop_reread_partitions: partition scan of loop6 (�被x������ ) failed (rc=-5)
[  753.627381][ T5982] usb 2-1: new high-speed USB device number 46 using dummy_hcd
[  753.756125][ T5967] usb 3-1: new high-speed USB device number 67 using dummy_hcd
[  753.806215][ T5982] usb 2-1: Using ep0 maxpacket: 32
[  753.821006][ T5982] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  753.896148][ T5967] usb 3-1: device descriptor read/64, error -71
[  753.946107][ T5996] usb 6-1: new high-speed USB device number 25 using dummy_hcd
[  753.958136][   T43] usb 5-1: new high-speed USB device number 61 using dummy_hcd
[  753.967066][ T5982] usb 2-1: config 0 has 0 interfaces, different from the descriptor's value: 1
[  754.094267][ T5982] usb 2-1: New USB device found, idVendor=05ac, idProduct=0219, bcdDevice=f0.72
[  754.106183][ T5996] usb 6-1: Using ep0 maxpacket: 16
[  754.184425][ T5982] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  754.201840][   T43] usb 5-1: config 220 has an invalid interface number: 76 but max is 2
[  754.211959][   T43] usb 5-1: config 220 contains an unexpected descriptor of type 0x2, skipping
[  754.223422][ T5982] usb 2-1: Product: syz
[  754.230832][ T5982] usb 2-1: Manufacturer: syz
[  754.235633][ T5982] usb 2-1: SerialNumber: syz
[  754.240695][ T5967] usb 3-1: new high-speed USB device number 68 using dummy_hcd
[  754.252851][   T43] usb 5-1: config 220 has an invalid descriptor of length 0, skipping remainder of the config
[  754.307359][ T5982] usb 2-1: config 0 descriptor??
[  754.313338][   T43] usb 5-1: config 220 has no interface number 2
[  754.327903][   T43] usb 5-1: config 220 interface 1 altsetting 5 has 0 endpoint descriptors, different from the interface descriptor's value: 12
[  754.350149][   T43] usb 5-1: config 220 interface 0 has no altsetting 0
[  754.360876][   T43] usb 5-1: config 220 interface 76 has no altsetting 0
[  754.368050][   T43] usb 5-1: config 220 interface 1 has no altsetting 0
[  754.409346][ T5967] usb 3-1: device descriptor read/64, error -71
[  754.435490][   T43] usb 5-1: New USB device found, idVendor=8086, idProduct=0b07, bcdDevice=6c.b9
[  754.461824][   T43] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  754.493901][   T43] usb 5-1: Product: syz
[  754.513319][   T43] usb 5-1: Manufacturer: syz
[  754.536543][ T5967] usb usb3-port1: attempt power cycle
[  754.547896][   T43] usb 5-1: SerialNumber: syz
[  754.686153][ T5982] usb 1-1: new high-speed USB device number 81 using dummy_hcd
[  754.923122][ T5967] usb 3-1: new high-speed USB device number 69 using dummy_hcd
[  754.964487][T12224] netlink: 'syz.4.1668': attribute type 1 has an invalid length.
[  754.972853][T12224] netlink: 168864 bytes leftover after parsing attributes in process `syz.4.1668'.
[  754.983869][ T5967] usb 3-1: device descriptor read/8, error -71
[  755.144144][ T5982] usb 1-1: Using ep0 maxpacket: 32
[  755.958337][ T5982] usb 1-1: unable to get BOS descriptor or descriptor too short
[  755.983826][ T5982] usb 1-1: config 8 has an invalid interface number: 220 but max is 0
[  756.017903][   T43] usb 5-1: selecting invalid altsetting 0
[  756.025780][ T5982] usb 1-1: config 8 has an invalid descriptor of length 44, skipping remainder of the config
[  756.068073][   T43] usb 5-1: Found UVC 7.01 device syz (8086:0b07)
[  756.085836][ T5982] usb 1-1: config 8 has no interface number 0
[  756.092171][   T43] usb 5-1: No valid video chain found.
[  756.098957][ T5982] usb 1-1: config 8 interface 220 altsetting 135 has 0 endpoint descriptors, different from the interface descriptor's value: 3
[  756.128660][ T5982] usb 1-1: config 8 interface 220 has no altsetting 0
[  756.137611][   T43] usb 5-1: selecting invalid altsetting 0
[  756.146133][ T5967] usb 3-1: new high-speed USB device number 70 using dummy_hcd
[  756.157075][   T43] usbtest 5-1:220.1: probe with driver usbtest failed with error -22
[  756.185733][   T43] usb 5-1: USB disconnect, device number 61
[  756.193223][ T5967] usb 3-1: device descriptor read/8, error -71
[  756.202477][ T5982] usb 1-1: New USB device found, idVendor=11ca, idProduct=0201, bcdDevice=36.82
[  756.211812][ T5982] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  756.237612][ T5982] usb 1-1: Product: syz
[  756.250750][ T5982] usb 1-1: Manufacturer: syz
[  756.263820][ T5982] usb 1-1: SerialNumber: syz
[  756.316437][ T5967] usb usb3-port1: unable to enumerate USB device
[  756.515527][ T5982] cdc_acm 1-1:8.220: invalid descriptor buffer length
[  756.603223][ T5982] usb 1-1: USB disconnect, device number 81
[  756.826986][T12256] netlink: 209852 bytes leftover after parsing attributes in process `syz.2.1671'.
[  756.850208][T12256] openvswitch: netlink: ufid size 3068 bytes exceeds the range (1, 16)
[  756.926015][   T43] usb 5-1: new high-speed USB device number 62 using dummy_hcd
[  757.089269][   T43] usb 5-1: config 1 has an invalid interface number: 7 but max is 0
[  757.119481][   T43] usb 5-1: config 1 has no interface number 0
[  757.141865][   T43] usb 5-1: config 1 interface 7 altsetting 0 has an endpoint descriptor with address 0xDB, changing to 0x8B
[  757.185211][   T43] usb 5-1: config 1 interface 7 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 64
[  757.212503][   T43] usb 5-1: config 1 interface 7 altsetting 0 endpoint 0x81 has an invalid bInterval 252, changing to 11
[  757.238235][   T43] usb 5-1: New USB device found, idVendor=1199, idProduct=68a3, bcdDevice= 0.00
[  757.250728][   T43] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  757.272974][   T43] usb 5-1: Product: syz
[  757.299732][   T43] usb 5-1: Manufacturer: syz
[  757.321198][   T43] usb 5-1: SerialNumber: syz
[  757.358475][T12253] raw-gadget.3 gadget.4: fail, usb_ep_enable returned -22
[  757.410887][ T5996] usb 6-1: unable to get BOS descriptor or descriptor too short
[  757.456743][ T5996] usb 6-1: unable to read config index 0 descriptor/start: -71
[  757.481642][ T5996] usb 6-1: can't read configurations, error -71
[  757.640833][T12253] raw-gadget.3 gadget.4: fail, usb_ep_enable returned -22
[  757.698315][ T5982] usb 2-1: USB disconnect, device number 46
[  758.225066][T12278] netlink: 'syz.1.1675': attribute type 1 has an invalid length.
[  758.289553][T12285] netlink: 'syz.1.1675': attribute type 6 has an invalid length.
[  758.321610][   T43] usb 5-1: Incompatible driver and firmware versions
[  758.441666][   T43] usb 5-1: USB disconnect, device number 62
[  759.284676][T12264] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1672'.
[  759.892719][T12319] netlink: 209852 bytes leftover after parsing attributes in process `syz.0.1682'.
[  759.953537][T12319] openvswitch: netlink: ufid size 3068 bytes exceeds the range (1, 16)
[  760.146429][ T5996] usb 3-1: new high-speed USB device number 71 using dummy_hcd
[  760.171993][ T5997] usb 5-1: new full-speed USB device number 63 using dummy_hcd
[  760.252937][T12327] fuse: Unknown parameter 'f�J�'
[  760.266502][T12327] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  760.389527][ T5996] usb 3-1: config 0 has an invalid interface number: 117 but max is 0
[  760.400567][ T5997] usb 5-1: unable to get BOS descriptor or descriptor too short
[  760.440162][ T5996] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  760.494729][ T5997] usb 5-1: not running at top speed; connect to a high speed hub
[  760.547054][ T5997] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  760.557395][ T5996] usb 3-1: config 0 has no interface number 0
[  760.566897][ T5996] usb 3-1: config 0 interface 117 altsetting 0 endpoint 0x88 has invalid wMaxPacketSize 0
[  760.580426][ T5997] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 3
[  760.631416][ T5996] usb 3-1: config 0 interface 117 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  760.744837][ T5996] usb 3-1: New USB device found, idVendor=0afa, idProduct=03e8, bcdDevice=99.d0
[  760.755315][ T5997] usb 5-1: string descriptor 0 read error: -22
[  760.796668][ T5996] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  760.846124][ T5997] usb 5-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  760.870432][ T5996] usb 3-1: Product: syz
[  760.880136][ T5997] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  760.916023][ T5996] usb 3-1: Manufacturer: syz
[  760.935224][ T5996] usb 3-1: SerialNumber: syz
[  760.981740][ T5997] usb 5-1: 0:2 : does not exist
[  760.997642][ T5996] usb 3-1: config 0 descriptor??
[  761.495720][T12314] netlink: 'syz.4.1679': attribute type 33 has an invalid length.
[  761.566992][T12314] netlink: 152 bytes leftover after parsing attributes in process `syz.4.1679'.
[  761.636052][T12314] `: renamed from team0 (while UP)
[  761.672795][ T5997] usb 5-1: 5:0: cannot get min/max values for control 2 (id 5)
[  761.726975][ T5997] usb 5-1: 5:0: cannot get min/max values for control 3 (id 5)
[  761.781228][ T5997] usb 5-1: 5:0: failed to get current value for ch 1 (-22)
[  761.815617][T12345] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  761.845299][T12344] xt_l2tp: missing protocol rule (udp|l2tpip)
[  761.859092][T12345] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  761.900784][ T5997] usb 5-1: 5:0: cannot get min/max values for control 3 (id 5)
[  761.950290][T12345] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  761.974199][ T5997] usb 5-1: 5:0: cannot get min/max values for control 2 (id 5)
[  761.994405][T12345] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  762.020122][ T5997] usb 5-1: USB disconnect, device number 63
[  762.167229][T12354] loop6: detected capacity change from 0 to 2560
[  762.175642][ T9173] buffer_io_error: 11 callbacks suppressed
[  762.175658][ T9173] Buffer I/O error on dev loop6, logical block 0, async page read
[  762.190586][ T9173] Buffer I/O error on dev loop6, logical block 0, async page read
[  762.566674][ T9173] Buffer I/O error on dev loop6, logical block 0, async page read
[  762.648171][ T9173] Buffer I/O error on dev loop6, logical block 0, async page read
[  762.680335][ T9173] Buffer I/O error on dev loop6, logical block 0, async page read
[  762.731015][ T9173] Buffer I/O error on dev loop6, logical block 0, async page read
[  762.760790][ T9173] Buffer I/O error on dev loop6, logical block 0, async page read
[  762.785201][ T9173] Buffer I/O error on dev loop6, logical block 0, async page read
[  762.811757][ T9173] ldm_validate_partition_table(): Disk read failed.
[  762.835233][ T9173] Buffer I/O error on dev loop6, logical block 0, async page read
[  762.860358][ T9173] Buffer I/O error on dev loop6, logical block 0, async page read
[  762.890495][ T9173] Dev loop6: unable to read RDB block 0
[  762.912193][ T9173]  loop6: unable to read partition table
[  763.175562][ T5997] usb 3-1: USB disconnect, device number 71
[  763.244632][T12369] netlink: 'syz.1.1692': attribute type 1 has an invalid length.
[  763.476884][T12374] netlink: 209852 bytes leftover after parsing attributes in process `syz.5.1695'.
[  763.538851][T12374] openvswitch: netlink: ufid size 3068 bytes exceeds the range (1, 16)
[  764.516059][ T5975] usb 5-1: new high-speed USB device number 64 using dummy_hcd
[  765.071979][ T5975] usb 5-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[  765.162742][ T5975] usb 5-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47
[  765.295700][ T5975] usb 5-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[  765.337151][ T5975] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  765.486369][T12388] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22
[  765.506564][ T1212] usb 2-1: new high-speed USB device number 47 using dummy_hcd
[  765.599713][ T5975] usb 5-1: Quirk or no altset; falling back to MIDI 1.0
[  765.656071][ T1212] usb 2-1: device descriptor read/64, error -71
[  765.916215][ T1212] usb 2-1: new high-speed USB device number 48 using dummy_hcd
[  766.056368][ T1212] usb 2-1: device descriptor read/64, error -71
[  766.175079][ T1212] usb usb2-port1: attempt power cycle
[  766.422281][T12409] netlink: 28 bytes leftover after parsing attributes in process `syz.5.1704'.
[  766.466346][ T5982] usb 1-1: new high-speed USB device number 82 using dummy_hcd
[  766.546668][T12388] fuse: Unknown parameter 'rootmod'
[  766.586033][ T1212] usb 2-1: new high-speed USB device number 49 using dummy_hcd
[  766.659793][ T5982] usb 1-1: config 0 interface 0 altsetting 9 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  766.673133][ T1212] usb 2-1: device descriptor read/8, error -71
[  766.695989][ T5982] usb 1-1: config 0 interface 0 altsetting 9 endpoint 0x81 has invalid wMaxPacketSize 0
[  766.738819][ T5982] usb 1-1: config 0 interface 0 has no altsetting 0
[  766.751865][T12412] loop8: detected capacity change from 0 to 8
[  766.776250][ T5982] usb 1-1: New USB device found, idVendor=046d, idProduct=c24f, bcdDevice= 0.00
[  766.799007][T12412] Dev loop8: unable to read RDB block 8
[  766.809042][ T5982] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  766.809092][T12412]  loop8: unable to read partition table
[  766.849820][ T5982] usb 1-1: config 0 descriptor??
[  766.886304][T12412] loop8: partition table beyond EOD, truncated
[  766.904901][T12412] loop_reread_partitions: partition scan of loop8 (�被x�^>�� �) failed (rc=-5)
[  767.024809][ T1212] usb 2-1: new high-speed USB device number 50 using dummy_hcd
[  767.081061][ T1212] usb 2-1: device descriptor read/8, error -71
[  767.201235][ T1212] usb usb2-port1: unable to enumerate USB device
[  767.288982][ T5982] logitech 0003:046D:C24F.0007: unknown main item tag 0x0
[  767.344115][ T5982] logitech 0003:046D:C24F.0007: unknown main item tag 0x0
[  767.344344][T12414] fuse: Unknown parameter 'f��0x0000000000000006'
[  767.415233][ T5982] logitech 0003:046D:C24F.0007: unknown main item tag 0x0
[  767.502375][T12416] netlink: 209852 bytes leftover after parsing attributes in process `syz.2.1707'.
[  767.515303][T12416] openvswitch: netlink: ufid size 3068 bytes exceeds the range (1, 16)
[  767.532862][ T5982] logitech 0003:046D:C24F.0007: unknown main item tag 0x0
[  767.568655][ T5982] logitech 0003:046D:C24F.0007: hidraw0: USB HID v0.05 Device [HID 046d:c24f] on usb-dummy_hcd.0-1/input0
[  767.695463][ T5982] logitech 0003:046D:C24F.0007: no inputs found
[  767.820115][ T5982] usb 1-1: USB disconnect, device number 82
[  768.070244][T12417] fido_id[12417]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.0/usb1/report_descriptor': No such file or directory
[  768.595776][T12431] loop6: detected capacity change from 0 to 7
[  768.612516][T12431] Dev loop6: unable to read RDB block 7
[  768.640395][T12431]  loop6: unable to read partition table
[  768.659028][T12431] loop6: partition table beyond EOD, truncated
[  768.696212][T12431] loop_reread_partitions: partition scan of loop6 (�被x������ ) failed (rc=-5)
[  768.832687][   T43] usb 5-1: USB disconnect, device number 64
[  769.016251][ T5996] usb 6-1: new high-speed USB device number 27 using dummy_hcd
[  769.634421][ T5996] usb 6-1: config 8 has an invalid interface number: 53 but max is 1
[  769.752012][ T5996] usb 6-1: config 8 has an invalid interface number: 158 but max is 1
[  769.811179][ T5996] usb 6-1: config 8 has no interface number 0
[  769.848032][ T5996] usb 6-1: config 8 has no interface number 1
[  769.874377][ T5996] usb 6-1: config 8 interface 53 altsetting 5 endpoint 0xD has an invalid bInterval 129, changing to 7
[  769.938443][ T5996] usb 6-1: config 8 interface 53 altsetting 5 has 2 endpoint descriptors, different from the interface descriptor's value: 1
[  769.992507][ T5996] usb 6-1: config 8 interface 158 altsetting 7 endpoint 0x4 has invalid maxpacket 1552, setting to 64
[  770.033043][ T5996] usb 6-1: config 8 interface 53 has no altsetting 0
[  770.070462][ T5996] usb 6-1: config 8 interface 158 has no altsetting 0
[  770.110504][ T5996] usb 6-1: New USB device found, idVendor=19d2, idProduct=ff4b, bcdDevice=df.95
[  770.119777][ T5996] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  770.128081][ T5996] usb 6-1: Product: syz
[  770.132395][ T5996] usb 6-1: Manufacturer: ᪰⿇鄓舀뎥蹂ëＢ덞頉艫嫂ɞ쾀१䄆똗嘻
[  770.145978][ T5996] usb 6-1: SerialNumber: syz
[  770.386099][ T5982] usb 1-1: new high-speed USB device number 83 using dummy_hcd
[  770.704915][T12457] netlink: 209852 bytes leftover after parsing attributes in process `syz.4.1718'.
[  770.721113][ T5982] usb 1-1: Using ep0 maxpacket: 8
[  770.735433][ T5982] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  770.759602][ T5982] usb 1-1: config 0 has 0 interfaces, different from the descriptor's value: 1
[  770.779134][T12457] openvswitch: netlink: ufid size 3068 bytes exceeds the range (1, 16)
[  770.801681][ T5982] usb 1-1: New USB device found, idVendor=187f, idProduct=0200, bcdDevice=6b.ad
[  770.814397][ T5982] usb 1-1: New USB device strings: Mfr=55, Product=237, SerialNumber=3
[  770.855838][ T5982] usb 1-1: Product: syz
[  770.874791][ T5982] usb 1-1: Manufacturer: syz
[  770.887455][ T5982] usb 1-1: SerialNumber: syz
[  770.944821][ T5982] usb 1-1: config 0 descriptor??
[  771.559684][T12465] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1716'.
[  771.568952][T12465] openvswitch: netlink: nsh attribute has 65532 unknown bytes.
[  771.576642][T12465] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  772.666060][ T5982] usb 3-1: new high-speed USB device number 72 using dummy_hcd
[  772.966206][ T5982] usb 3-1: device descriptor read/64, error -71
[  773.039519][ T5996] option 6-1:8.53: GSM modem (1-port) converter detected
[  773.130642][T12481] netlink: zone id is out of range
[  773.136980][T12481] netlink: zone id is out of range
[  773.142358][T12481] netlink: zone id is out of range
[  773.147766][T12481] netlink: zone id is out of range
[  773.153501][T12481] netlink: zone id is out of range
[  773.158836][T12481] netlink: zone id is out of range
[  773.164617][T12481] netlink: zone id is out of range
[  773.306434][ T5982] usb 3-1: new high-speed USB device number 73 using dummy_hcd
[  773.396887][ T5996] usb 6-1: USB disconnect, device number 27
[  773.427827][ T5996] option 6-1:8.53: device disconnected
[  773.446062][ T5982] usb 3-1: device descriptor read/64, error -71
[  773.566361][ T5982] usb usb3-port1: attempt power cycle
[  773.882775][ T5975] usb 1-1: USB disconnect, device number 83
[  773.973758][T12490] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1726'.
[  773.993737][T12490] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1726'.
[  774.006058][ T5982] usb 3-1: new high-speed USB device number 74 using dummy_hcd
[  774.029443][ T5982] usb 3-1: device descriptor read/8, error -71
[  774.166887][T12494] netlink: 209852 bytes leftover after parsing attributes in process `syz.4.1729'.
[  774.366668][ T5982] usb 3-1: new high-speed USB device number 75 using dummy_hcd
[  774.398604][ T5982] usb 3-1: device descriptor read/8, error -71
[  774.532371][ T5982] usb usb3-port1: unable to enumerate USB device
[  774.838343][ T5975] usb 6-1: new high-speed USB device number 28 using dummy_hcd
[  775.038438][ T5975] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  775.050834][ T5975] usb 6-1: New USB device found, idVendor=258a, idProduct=6a88, bcdDevice= 0.00
[  775.096051][ T5975] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  775.218054][ T5975] usb 6-1: config 0 descriptor??
[  775.378514][T12509] fuse: Bad value for 'group_id'
[  775.408067][T12509] fuse: Bad value for 'group_id'
[  775.579558][T12514] misc userio: The device must be registered before sending interrupts
[  776.053738][ T5975] usbhid 6-1:0.0: can't add hid device: -71
[  776.082619][ T5975] usbhid 6-1:0.0: probe with driver usbhid failed with error -71
[  776.127496][ T5975] usb 6-1: USB disconnect, device number 28
[  776.718034][T12531] netlink: 209852 bytes leftover after parsing attributes in process `syz.0.1740'.
[  776.743517][T12531] net_ratelimit: 9 callbacks suppressed
[  776.743530][T12531] openvswitch: netlink: ufid size 3068 bytes exceeds the range (1, 16)
[  776.763888][ T5999] netdevsim netdevsim2 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0
[  776.798392][ T5999] netdevsim netdevsim2 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0
[  776.809631][ T5999] netdevsim netdevsim2 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0
[  776.843071][ T5999] netdevsim netdevsim2 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0
[  777.467696][T12542] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  777.480418][T12542] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1742'.
[  777.627193][T12544] loop8: detected capacity change from 0 to 8
[  777.634986][ T9173] Dev loop8: unable to read RDB block 8
[  777.643429][ T9173]  loop8: unable to read partition table
[  777.650628][ T9173] loop8: partition table beyond EOD, truncated
[  777.661456][T12544] Dev loop8: unable to read RDB block 8
[  777.669102][T12544]  loop8: unable to read partition table
[  777.699891][T12544] loop8: partition table beyond EOD, truncated
[  777.708771][T12544] loop_reread_partitions: partition scan of loop8 (�被x�^>�� �) failed (rc=-5)
[  777.811121][   T30] audit: type=1326 audit(1758502681.025:86): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12545 comm="syz.5.1743" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f678e78ec29 code=0x7ffc0000
[  777.928923][   T30] audit: type=1326 audit(1758502681.025:87): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12545 comm="syz.5.1743" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f678e78ec29 code=0x7ffc0000
[  777.969537][   T30] audit: type=1326 audit(1758502681.065:88): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12545 comm="syz.5.1743" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f678e78ec29 code=0x7ffc0000
[  778.281053][   T30] audit: type=1326 audit(1758502681.065:89): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12545 comm="syz.5.1743" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f678e78ec29 code=0x7ffc0000
[  778.569447][   T30] audit: type=1326 audit(1758502681.065:90): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12545 comm="syz.5.1743" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f678e78ec29 code=0x7ffc0000
[  779.437284][   T30] audit: type=1326 audit(1758502681.065:91): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12545 comm="syz.5.1743" exe="/root/syz-executor" sig=0 arch=c000003e syscall=54 compat=0 ip=0x7f678e78ec29 code=0x7ffc0000
[  779.536144][   T30] audit: type=1326 audit(1758502681.065:92): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12545 comm="syz.5.1743" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f678e78ec29 code=0x7ffc0000
[  779.663270][   T30] audit: type=1326 audit(1758502681.065:93): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12545 comm="syz.5.1743" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f678e78ec29 code=0x7ffc0000
[  779.792958][   T30] audit: type=1326 audit(1758502681.065:94): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12545 comm="syz.5.1743" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f678e78ec29 code=0x7ffc0000
[  779.846037][   T43] usb 1-1: new high-speed USB device number 84 using dummy_hcd
[  779.863956][   T30] audit: type=1326 audit(1758502681.065:95): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12545 comm="syz.5.1743" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f678e78ec29 code=0x7ffc0000
[  780.024300][   T43] usb 1-1: New USB device found, idVendor=0813, idProduct=0001, bcdDevice=3a.08
[  780.034427][   T43] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  780.152639][   T43] usb 1-1: config 0 descriptor??
[  780.170040][   T43] gspca_main: cpia1-2.14.0 probing 0813:0001
[  780.343932][T12571] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1751'.
[  780.394070][T12574] netlink: 209852 bytes leftover after parsing attributes in process `syz.5.1752'.
[  780.405725][T12574] openvswitch: netlink: ufid size 3068 bytes exceeds the range (1, 16)
[  780.571973][   T43] cpia1 1-1:0.0: unexpected state after lo power cmd: 00
[  780.634837][T12578] fuse: Unknown parameter 'group_i00000000000000000000'
[  780.803676][T12584] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1757'.
[  781.022943][   T43] cpia1 1-1:0.0: only firmware version 1 is supported (got: 32)
[  781.209705][ T5975] usb 1-1: USB disconnect, device number 84
[  781.523176][T12597] netdevsim netdevsim2 netdevsim0: entered promiscuous mode
[  782.367355][T12605] xt_l2tp: missing protocol rule (udp|l2tpip)
[  782.444749][T12607] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1763'.
[  782.731721][T12609] netlink: 209852 bytes leftover after parsing attributes in process `syz.1.1764'.
[  782.772808][T12609] openvswitch: netlink: ufid size 3068 bytes exceeds the range (1, 16)
[  782.812315][T12609] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1764'.
[  783.122192][T12618] misc userio: The device must be registered before sending interrupts
[  783.166165][   T43] usb 3-1: new high-speed USB device number 76 using dummy_hcd
[  783.386696][   T43] usb 3-1: config 1 has an invalid interface number: 7 but max is 0
[  783.399734][   T43] usb 3-1: config 1 has no interface number 0
[  783.449543][   T43] usb 3-1: config 1 interface 7 altsetting 0 has an endpoint descriptor with address 0xDB, changing to 0x8B
[  783.489708][   T43] usb 3-1: config 1 interface 7 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 64
[  783.521869][   T43] usb 3-1: config 1 interface 7 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  783.573551][   T43] usb 3-1: New USB device found, idVendor=1199, idProduct=68a3, bcdDevice= 0.00
[  783.591763][   T43] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  783.611461][   T43] usb 3-1: Product: syz
[  783.622420][   T43] usb 3-1: Manufacturer: syz
[  783.637008][   T43] usb 3-1: SerialNumber: syz
[  783.665123][T12614] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22
[  783.969889][T12614] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22
[  784.009285][T12629] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  784.018542][T12629] syzkaller0: entered promiscuous mode
[  784.024166][T12629] syzkaller0: entered allmulticast mode
[  784.192362][   T43] usb 3-1: Incompatible driver and firmware versions
[  784.234170][   T43] usb 3-1: USB disconnect, device number 76
[  784.406096][ T5975] usb 6-1: new high-speed USB device number 29 using dummy_hcd
[  784.560041][T12624] tipc: Resetting bearer <eth:syzkaller0>
[  784.567904][ T5975] usb 6-1: config 1 has an invalid interface number: 7 but max is 0
[  784.605336][ T5975] usb 6-1: config 1 has no interface number 0
[  784.642475][ T5975] usb 6-1: config 1 interface 7 altsetting 0 has an endpoint descriptor with address 0xDB, changing to 0x8B
[  784.654451][ T5975] usb 6-1: config 1 interface 7 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 64
[  784.664565][ T5975] usb 6-1: config 1 interface 7 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  784.669040][T12624] tipc: Disabling bearer <eth:syzkaller0>
[  784.678064][ T5975] usb 6-1: New USB device found, idVendor=1199, idProduct=68a3, bcdDevice= 0.00
[  784.693911][ T5975] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  784.712376][ T5975] usb 6-1: Product: syz
[  784.722514][ T5975] usb 6-1: Manufacturer: syz
[  784.732647][ T5975] usb 6-1: SerialNumber: syz
[  784.784818][T12631] raw-gadget.1 gadget.5: fail, usb_ep_enable returned -22
[  784.880727][T12646] netlink: 209852 bytes leftover after parsing attributes in process `syz.2.1777'.
[  784.890859][T12646] openvswitch: netlink: ufid size 3068 bytes exceeds the range (1, 16)
[  784.937147][T12646] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1777'.
[  785.048142][T12631] raw-gadget.1 gadget.5: fail, usb_ep_enable returned -22
[  785.553759][T12659] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  785.573038][T12659] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  785.580951][ T5996] usb 3-1: new full-speed USB device number 77 using dummy_hcd
[  786.396486][T12658] netlink: 12 bytes leftover after parsing attributes in process `syz.5.1772'.
[  786.455195][T12665] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1783'.
[  786.507121][T12665] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1783'.
[  786.694910][ T5996] usb 3-1: New USB device found, idVendor=17e9, idProduct=8b4e, bcdDevice=9c.08
[  786.709508][ T5996] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  786.842182][ T5996] usb 3-1: config 0 descriptor??
[  787.006101][T11187] usb 5-1: new high-speed USB device number 65 using dummy_hcd
[  787.100475][ T5996] udl 3-1:0.0: [drm] Unrecognized vendor firmware descriptor
[  787.160003][ T5996] [drm:udl_init] *ERROR* Selecting channel failed
[  787.271275][ T5996] [drm] Initialized udl 0.0.1 for 3-1:0.0 on minor 2
[  787.325397][T11187] usb 5-1: config 0 has no interfaces?
[  787.365343][ T5996] [drm] Initialized udl on minor 2
[  787.399943][T11187] usb 5-1: New USB device found, idVendor=091e, idProduct=0003, bcdDevice=d7.3b
[  787.422301][ T5996] udl 3-1:0.0: [drm] *ERROR* Read EDID byte 0 failed err ffffffb9
[  787.472610][T11187] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  787.482532][ T5996] udl 3-1:0.0: [drm] Cannot find any crtc or sizes
[  787.491943][T12192] udl 3-1:0.0: [drm] *ERROR* Read EDID byte 0 failed err ffffffb9
[  787.510376][T11187] usb 5-1: Product: syz
[  787.534190][T12192] udl 3-1:0.0: [drm] *ERROR* Read EDID byte 0 failed err ffffffb9
[  787.546632][T11187] usb 5-1: Manufacturer: syz
[  787.552520][ T5996] usb 3-1: USB disconnect, device number 77
[  787.558657][T11187] usb 5-1: SerialNumber: syz
[  787.563510][T12192] udl 3-1:0.0: [drm] Cannot find any crtc or sizes
[  787.630375][T11187] usb 5-1: config 0 descriptor??
[  787.912323][   T43] usb 2-1: new high-speed USB device number 51 using dummy_hcd
[  787.950824][T12668] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  787.964216][T12668] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  788.248300][ T5975] usb 6-1: Incompatible driver and firmware versions
[  788.276234][   T43] usb 2-1: Using ep0 maxpacket: 8
[  788.345453][T12678] tipc: Enabling of bearer <eth:xfrm0> rejected, already enabled
[  788.378436][   T43] usb 2-1: config 0 has an invalid interface number: 186 but max is 0
[  788.381006][ T5975] usb 6-1: USB disconnect, device number 29
[  788.404321][   T43] usb 2-1: config 0 has no interface number 0
[  788.574471][   T43] usb 2-1: config 0 interface 186 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[  788.588636][   T43] usb 2-1: config 0 interface 186 altsetting 0 has an endpoint descriptor with address 0x9A, changing to 0x8A
[  788.603422][   T43] usb 2-1: config 0 interface 186 altsetting 0 endpoint 0x8A has an invalid bInterval 0, changing to 7
[  788.627412][   T43] usb 2-1: config 0 interface 186 altsetting 0 endpoint 0x8A has invalid wMaxPacketSize 0
[  788.894869][   T43] usb 2-1: config 0 interface 186 altsetting 0 has 4 endpoint descriptors, different from the interface descriptor's value: 3
[  788.953065][   T43] usb 2-1: New USB device found, idVendor=07c0, idProduct=1505, bcdDevice=b8.c5
[  788.973815][   T43] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  789.142215][   T43] usb 2-1: Product: syz
[  789.149295][   T43] usb 2-1: Manufacturer: syz
[  789.183160][   T43] usb 2-1: SerialNumber: syz
[  789.298458][   T43] usb 2-1: config 0 descriptor??
[  789.310407][T12678] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1786'.
[  789.556163][ T5975] usb 6-1: new high-speed USB device number 30 using dummy_hcd
[  789.656368][   T43] iowarrior 2-1:0.186: IOWarrior product=0x1505, serial= interface=186 now attached to iowarrior0
[  789.708938][T11187] usb 5-1: USB disconnect, device number 65
[  789.746155][ T5975] usb 6-1: Using ep0 maxpacket: 32
[  789.753380][ T5975] usb 6-1: config 0 interface 0 altsetting 16 endpoint 0x81 has invalid wMaxPacketSize 0
[  789.785293][ T5975] usb 6-1: config 0 interface 0 altsetting 16 has 1 endpoint descriptor, different from the interface descriptor's value: 5
[  789.786041][   T43] usb 2-1: USB disconnect, device number 51
[  789.851576][ T5975] usb 6-1: config 0 interface 0 has no altsetting 0
[  789.876897][ T5975] usb 6-1: New USB device found, idVendor=1b1c, idProduct=0c10, bcdDevice= 0.00
[  789.898869][ T5975] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  789.927929][T12690] netlink: 209852 bytes leftover after parsing attributes in process `syz.4.1790'.
[  789.944409][ T5975] usb 6-1: config 0 descriptor??
[  789.994328][T12690] openvswitch: netlink: ufid size 3068 bytes exceeds the range (1, 16)
[  790.061344][T12691] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1790'.
[  790.398850][T12705] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  790.415508][T12705] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  790.420724][ T5975] corsair-cpro 0003:1B1C:0C10.0008: item fetching failed at offset 2/5
[  790.528473][ T5975] corsair-cpro 0003:1B1C:0C10.0008: probe with driver corsair-cpro failed with error -22
[  791.946686][T12717] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  791.965878][T12717] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  792.230828][T12727] vlan3: entered promiscuous mode
[  792.775530][T12737] FAULT_INJECTION: forcing a failure.
[  792.775530][T12737] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  792.794109][T12737] CPU: 1 UID: 0 PID: 12737 Comm: syz.2.1801 Not tainted syzkaller #0 PREEMPT(full) 
[  792.794127][T12737] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  792.794134][T12737] Call Trace:
[  792.794140][T12737]  <TASK>
[  792.794146][T12737]  dump_stack_lvl+0x189/0x250
[  792.794171][T12737]  ? __pfx____ratelimit+0x10/0x10
[  792.794190][T12737]  ? __pfx_dump_stack_lvl+0x10/0x10
[  792.794207][T12737]  ? __pfx__printk+0x10/0x10
[  792.794227][T12737]  ? __might_fault+0xb0/0x130
[  792.794259][T12737]  should_fail_ex+0x414/0x560
[  792.794278][T12737]  copy_fpstate_to_sigframe+0xa8d/0xce0
[  792.794295][T12737]  ? copy_fpstate_to_sigframe+0x181/0xce0
[  792.794313][T12737]  ? __pfx_copy_fpstate_to_sigframe+0x10/0x10
[  792.794326][T12737]  ? seqcount_lockdep_reader_access+0x15f/0x1c0
[  792.794352][T12737]  ? __lock_acquire+0xab9/0xd20
[  792.794369][T12737]  ? fpu__alloc_mathframe+0xad/0x130
[  792.794385][T12737]  get_sigframe+0x58d/0x7d0
[  792.794403][T12737]  ? __pfx_get_sigframe+0x10/0x10
[  792.794418][T12737]  ? irqentry_exit+0x74/0x90
[  792.794433][T12737]  x64_setup_rt_frame+0x15b/0xd40
[  792.794451][T12737]  ? _raw_spin_unlock_irq+0x29/0x50
[  792.794466][T12737]  ? _raw_spin_unlock_irq+0x2e/0x50
[  792.794480][T12737]  ? get_signal+0x1151/0x1340
[  792.794493][T12737]  ? __pfx_x64_setup_rt_frame+0x10/0x10
[  792.794513][T12737]  arch_do_signal_or_restart+0x3d7/0x750
[  792.794528][T12737]  ? __fget_files+0x3a0/0x420
[  792.794539][T12737]  ? __pfx_arch_do_signal_or_restart+0x10/0x10
[  792.794561][T12737]  ? exit_to_user_mode_loop+0x40/0x110
[  792.794577][T12737]  exit_to_user_mode_loop+0x75/0x110
[  792.794591][T12737]  do_syscall_64+0x2bd/0x3b0
[  792.794608][T12737]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  792.794623][T12737]  ? asm_sysvec_apic_timer_interrupt+0x1a/0x20
[  792.794639][T12737]  ? clear_bhb_loop+0x60/0xb0
[  792.794659][T12737]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  792.794675][T12737] RIP: 0033:0x7faaa438d6df
[  792.794686][T12737] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48
[  792.794695][T12737] RSP: 002b:00007faaa5260030 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[  792.794706][T12737] RAX: 0000000000000001 RBX: 0000000000000005 RCX: 00007faaa438d6df
[  792.794712][T12737] RDX: 0000000000000001 RSI: 00007faaa5260090 RDI: 0000000000000005
[  792.794718][T12737] RBP: 00007faaa5260090 R08: 0000000000000000 R09: 00007faaa525fdf7
[  792.794725][T12737] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000001
[  792.794730][T12737] R13: 00007faaa45d6038 R14: 00007faaa45d5fa0 R15: 00007faaa46ffa28
[  792.794745][T12737]  </TASK>
[  793.103663][T12739] netlink: 209852 bytes leftover after parsing attributes in process `syz.1.1802'.
[  793.125051][T12739] openvswitch: netlink: ufid size 3068 bytes exceeds the range (1, 16)
[  793.367198][T12739] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1802'.
[  793.444330][T12715] fanotify: failed to encode fid (type=0, len=0, err=-2)
[  793.474135][T11187] usb 6-1: USB disconnect, device number 30
[  793.686283][ T5982] usb 3-1: new high-speed USB device number 78 using dummy_hcd
[  793.810279][T12751] bridge0: entered promiscuous mode
[  793.824216][T12751] macsec0: entered promiscuous mode
[  793.835283][T12751] netlink: 12 bytes leftover after parsing attributes in process `syz.5.1807'.
[  793.841949][ T5982] usb 3-1: Using ep0 maxpacket: 16
[  793.859766][ T5982] usb 3-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xF3, changing to 0x83
[  793.876273][ T5982] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7
[  793.894810][T12755] loop6: detected capacity change from 0 to 7
[  793.904443][ T5982] usb 3-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1
[  793.914110][ T5982] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  793.926284][T12755] Dev loop6: unable to read RDB block 7
[  793.931903][T12755]  loop6: unable to read partition table
[  793.947400][ T5982] usb 3-1: Product: syz
[  793.951761][T12755] loop6: partition table beyond EOD, truncated
[  793.951784][ T5982] usb 3-1: Manufacturer: syz
[  793.963018][ T5982] usb 3-1: SerialNumber: syz
[  793.966669][T11187] usb 2-1: new high-speed USB device number 52 using dummy_hcd
[  793.989417][T12755] loop_reread_partitions: partition scan of loop6 (�被x������ ) failed (rc=-5)
[  793.998871][ T5982] usb 3-1: config 0 descriptor??
[  794.027955][T12758] netlink: 48 bytes leftover after parsing attributes in process `syz.4.1810'.
[  794.048628][ T5982] em28xx 3-1:0.0: New device syz syz @ 480 Mbps (2040:0264, interface 0, class 0)
[  794.062400][ T5982] em28xx 3-1:0.0: Audio interface 0 found (Vendor Class)
[  794.156176][T11187] usb 2-1: Using ep0 maxpacket: 8
[  794.169523][T11187] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  794.191190][T11187] usb 2-1: New USB device found, idVendor=046d, idProduct=0892, bcdDevice=6d.2a
[  794.200531][T11187] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  794.227280][T11187] usb 2-1: config 0 descriptor??
[  794.238930][T11187] gspca_main: vc032x-2.14.0 probing 046d:0892
[  794.351549][T12773] netlink: 209852 bytes leftover after parsing attributes in process `syz.0.1815'.
[  794.361649][T12773] openvswitch: netlink: ufid size 3068 bytes exceeds the range (1, 16)
[  794.388333][T12773] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1815'.
[  794.659858][T12786] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1818'.
[  794.671172][T12786] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1818'.
[  794.731752][ T5982] em28xx 3-1:0.0: unknown em28xx chip ID (0)
[  794.749175][ T5982] em28xx 3-1:0.0: Config register raw data: 0xfffffffb
[  794.769343][ T5982] em28xx 3-1:0.0: AC97 chip type couldn't be determined
[  794.791818][ T5982] em28xx 3-1:0.0: No AC97 audio processor
[  794.873543][T12785] bond1 (unregistering): Released all slaves
[  795.049392][ T5975] usb 1-1: new high-speed USB device number 85 using dummy_hcd
[  795.057190][T12192] usb 6-1: new high-speed USB device number 31 using dummy_hcd
[  795.246094][T12192] usb 6-1: Using ep0 maxpacket: 16
[  795.262952][T12192] usb 6-1: config 0 has an invalid interface number: 39 but max is 0
[  795.271571][T12192] usb 6-1: config 0 has no interface number 0
[  795.278243][T12192] usb 6-1: config 0 interface 39 altsetting 0 endpoint 0x82 has invalid maxpacket 1104, setting to 1024
[  795.339522][T12192] usb 6-1: config 0 interface 39 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 1024
[  795.360986][T12192] usb 6-1: New USB device found, idVendor=0c52, idProduct=2212, bcdDevice= 1.ca
[  795.370367][T12192] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  795.378891][T12192] usb 6-1: Product: syz
[  795.393854][T12192] usb 6-1: Manufacturer: syz
[  795.401892][T12192] usb 6-1: SerialNumber: syz
[  795.443027][T12192] usb 6-1: config 0 descriptor??
[  795.453968][T12789] raw-gadget.3 gadget.5: fail, usb_ep_enable returned -22
[  795.465500][T12192] ftdi_sio 6-1:0.39: FTDI USB Serial Device converter detected
[  795.521469][T11187] gspca_vc032x: reg_w err -71
[  795.526371][T11187] vc032x 2-1:0.0: probe with driver vc032x failed with error -71
[  795.548060][T11187] usb 2-1: USB disconnect, device number 52
[  795.584624][T12192] usb 6-1: Detected SIO
[  795.617411][T12192] usb 6-1: FTDI USB Serial Device converter now attached to ttyUSB0
[  795.735129][T12192] usb 6-1: USB disconnect, device number 31
[  795.805447][T12192] ftdi_sio ttyUSB0: FTDI USB Serial Device converter now disconnected from ttyUSB0
[  795.893534][T12192] ftdi_sio 6-1:0.39: device disconnected
[  796.501030][   T43] usb 3-1: USB disconnect, device number 78
[  796.828679][   T43] em28xx 3-1:0.0: Disconnecting em28xx
[  796.907913][   T43] em28xx 3-1:0.0: Freeing device
[  796.954364][T12815] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1826'.
[  797.047714][T12813] team_slave_0: entered promiscuous mode
[  797.053612][T12813] team_slave_1: entered promiscuous mode
[  797.063051][T12813] vlan2: entered promiscuous mode
[  797.069132][T12813] team0: entered promiscuous mode
[  797.805857][T12822] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1833'.
[  797.896112][ T5996] usb 2-1: new full-speed USB device number 53 using dummy_hcd
[  798.079717][ T5996] usb 2-1: config 0 has an invalid interface number: 207 but max is 0
[  798.088032][ T5996] usb 2-1: config 0 has no interface number 0
[  798.154764][ T5996] usb 2-1: New USB device found, idVendor=12d1, idProduct=ed56, bcdDevice=46.dd
[  798.177240][ T5996] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  798.193587][T11187] usb 3-1: new high-speed USB device number 79 using dummy_hcd
[  798.207761][ T5996] usb 2-1: Product: syz
[  798.214854][ T5996] usb 2-1: Manufacturer: syz
[  798.253047][ T5975] usb 1-1: unable to get BOS descriptor or descriptor too short
[  798.266306][ T5996] usb 2-1: SerialNumber: syz
[  798.271309][ T5975] usb 1-1: unable to read config index 0 descriptor/start: -71
[  798.282261][ T5975] usb 1-1: can't read configurations, error -71
[  798.290910][ T5996] usb 2-1: config 0 descriptor??
[  798.304469][ T5996] qmi_wwan 2-1:0.207: bogus CDC Union: master=0, slave=1
[  798.336611][T11187] usb 3-1: device descriptor read/64, error -71
[  798.534949][ T5996] qmi_wwan 2-1:0.207: probe with driver qmi_wwan failed with error -22
[  798.576262][T11187] usb 3-1: new high-speed USB device number 80 using dummy_hcd
[  798.716203][T11187] usb 3-1: device descriptor read/64, error -71
[  798.751374][ T5967] usb 6-1: new high-speed USB device number 32 using dummy_hcd
[  799.066686][T11187] usb usb3-port1: attempt power cycle
[  799.099175][ T5967] usb 6-1: config 1 has an invalid interface number: 7 but max is 0
[  799.112647][ T5967] usb 6-1: config 1 has no interface number 0
[  799.126053][ T5967] usb 6-1: config 1 interface 7 altsetting 0 has an endpoint descriptor with address 0xDB, changing to 0x8B
[  799.195706][ T5967] usb 6-1: config 1 interface 7 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 64
[  799.217385][ T5967] usb 6-1: config 1 interface 7 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  799.266552][ T5967] usb 6-1: New USB device found, idVendor=1199, idProduct=68a3, bcdDevice= 0.00
[  799.275862][ T5967] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  799.288730][ T5967] usb 6-1: Product: syz
[  799.313916][ T5967] usb 6-1: Manufacturer: syz
[  799.334327][ T5967] usb 6-1: SerialNumber: syz
[  799.483768][T12840] raw-gadget.2 gadget.5: fail, usb_ep_enable returned -22
[  799.546245][T11187] usb 3-1: new high-speed USB device number 81 using dummy_hcd
[  799.579163][T11187] usb 3-1: device descriptor read/8, error -71
[  799.702039][T12840] raw-gadget.2 gadget.5: fail, usb_ep_enable returned -22
[  799.864027][T11187] usb 3-1: new high-speed USB device number 82 using dummy_hcd
[  799.889425][T11187] usb 3-1: device descriptor read/8, error -71
[  799.913602][T12840] netlink: 8 bytes leftover after parsing attributes in process `syz.5.1835'.
[  799.930228][ T5967] usb 6-1: Incompatible driver and firmware versions
[  799.949035][ T5967] usb 6-1: USB disconnect, device number 32
[  800.009232][T11187] usb usb3-port1: unable to enumerate USB device
[  800.556306][T12852] netlink: 4400 bytes leftover after parsing attributes in process `syz.5.1838'.
[  800.773453][T12854] loop6: detected capacity change from 0 to 2560
[  800.803413][T12854] buffer_io_error: 11 callbacks suppressed
[  800.803430][T12854] Buffer I/O error on dev loop6, logical block 0, async page read
[  800.888317][T12854] Buffer I/O error on dev loop6, logical block 0, async page read
[  800.898152][T12854] Buffer I/O error on dev loop6, logical block 0, async page read
[  800.908216][T12854] Buffer I/O error on dev loop6, logical block 0, async page read
[  800.921793][   T43] usb 2-1: USB disconnect, device number 53
[  800.954023][T12854] Buffer I/O error on dev loop6, logical block 0, async page read
[  800.993593][T12854] Buffer I/O error on dev loop6, logical block 0, async page read
[  801.015095][T12854] Buffer I/O error on dev loop6, logical block 0, async page read
[  801.066428][T12854] Buffer I/O error on dev loop6, logical block 0, async page read
[  801.080802][T12854] ldm_validate_partition_table(): Disk read failed.
[  801.107185][T12864] input: syz0 as /devices/virtual/input/input33
[  801.134535][T12854] Buffer I/O error on dev loop6, logical block 0, async page read
[  801.174482][T12854] Buffer I/O error on dev loop6, logical block 0, async page read
[  801.221103][T12854] Dev loop6: unable to read RDB block 0
[  801.255582][T12854]  loop6: unable to read partition table
[  801.277652][T12854] loop_reread_partitions: partition scan of loop6 (3�����) failed (rc=-5)
[  801.457127][T12874] misc userio: The device must be registered before sending interrupts
[  802.926105][   T43] usb 3-1: new high-speed USB device number 83 using dummy_hcd
[  803.033420][ T5967] usb 2-1: new high-speed USB device number 54 using dummy_hcd
[  803.176382][   T43] usb 3-1: Using ep0 maxpacket: 16
[  803.228036][   T43] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  803.238527][ T5967] usb 2-1: device descriptor read/64, error -71
[  803.358198][   T43] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 3
[  803.393576][   T43] usb 3-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  803.403136][   T43] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  803.413248][   T43] usb 3-1: Product: syz
[  803.418429][   T43] usb 3-1: Manufacturer: syz
[  803.423370][   T43] usb 3-1: SerialNumber: syz
[  803.476275][ T5967] usb 2-1: new high-speed USB device number 55 using dummy_hcd
[  803.608670][ T5967] usb 2-1: device descriptor read/64, error -71
[  803.728016][ T5967] usb usb2-port1: attempt power cycle
[  803.891769][T12916] xt_l2tp: missing protocol rule (udp|l2tpip)
[  803.976290][ T6041] usb 1-1: new high-speed USB device number 87 using dummy_hcd
[  804.066415][ T5967] usb 2-1: new high-speed USB device number 56 using dummy_hcd
[  804.126637][ T5967] usb 2-1: device descriptor read/8, error -71
[  804.188495][ T6041] usb 1-1: config 0 has an invalid interface number: 175 but max is 0
[  804.270774][ T6041] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  804.327365][T12920] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  804.355451][ T6041] usb 1-1: config 0 has no interface number 0
[  804.386672][ T6041] usb 1-1: config 0 interface 175 altsetting 0 has an endpoint descriptor with address 0xBC, changing to 0x8C
[  804.418051][ T5967] usb 2-1: new high-speed USB device number 57 using dummy_hcd
[  804.448247][ T5967] usb 2-1: device descriptor read/8, error -71
[  804.495006][ T6041] usb 1-1: config 0 interface 175 altsetting 0 endpoint 0x8C has an invalid bInterval 0, changing to 7
[  804.521892][ T6041] usb 1-1: config 0 interface 175 altsetting 0 endpoint 0x8C has invalid wMaxPacketSize 0
[  804.553065][ T6041] usb 1-1: config 0 interface 175 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 16
[  804.582684][ T6041] usb 1-1: New USB device found, idVendor=05e0, idProduct=0600, bcdDevice=f9.9b
[  804.594566][ T6041] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  804.603182][ T5967] usb usb2-port1: unable to enumerate USB device
[  804.621652][ T6041] usb 1-1: Product: syz
[  804.630925][ T6041] usb 1-1: Manufacturer: syz
[  804.636438][ T6041] usb 1-1: SerialNumber: syz
[  804.699105][ T6041] usb 1-1: config 0 descriptor??
[  804.732952][ T6041] symbolserial 1-1:0.175: symbol converter detected
[  804.759478][ T6041] usb 1-1: symbol converter now attached to ttyUSB0
[  804.930507][T12909] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  804.941415][T12909] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  805.175652][T12929] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  805.266226][T11187] usb 1-1: USB disconnect, device number 87
[  805.297956][T11187] symbol ttyUSB0: symbol converter now disconnected from ttyUSB0
[  805.322107][T11187] symbolserial 1-1:0.175: device disconnected
[  805.736140][T12192] usb 5-1: new high-speed USB device number 66 using dummy_hcd
[  805.874376][   T43] usb 3-1: 0:192 : does not exist
[  805.904363][T12192] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  805.961659][   T43] usb 3-1: USB disconnect, device number 83
[  805.975623][ T9173] udevd[9173]: error opening ATTR{/sys/devices/platform/dummy_hcd.2/usb3/3-1/3-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  806.046244][ T6041] usb 2-1: new high-speed USB device number 58 using dummy_hcd
[  806.102186][T12192] usb 5-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  806.136225][T12192] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1
[  806.166770][T12192] usb 5-1: SerialNumber: syz
[  806.197782][ T6041] usb 2-1: config 1 has an invalid interface number: 7 but max is 0
[  806.206197][ T6041] usb 2-1: config 1 has no interface number 0
[  806.213705][ T6041] usb 2-1: config 1 interface 7 altsetting 0 has an endpoint descriptor with address 0xDB, changing to 0x8B
[  806.306031][T12940] vti0: entered promiscuous mode
[  806.311043][T12940] vti0: entered allmulticast mode
[  806.354746][ T6041] usb 2-1: config 1 interface 7 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 64
[  806.355410][T12192] usb 5-1: bad CDC descriptors
[  806.370261][ T6041] usb 2-1: config 1 interface 7 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  806.393371][ T6041] usb 2-1: New USB device found, idVendor=1199, idProduct=68a3, bcdDevice= 0.00
[  806.403181][ T6041] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  806.411602][ T6041] usb 2-1: Product: syz
[  806.416176][ T6041] usb 2-1: Manufacturer: syz
[  806.420781][ T6041] usb 2-1: SerialNumber: syz
[  806.428533][T12932] raw-gadget.1 gadget.1: fail, usb_ep_enable returned -22
[  806.491080][T12192] usb 5-1: USB disconnect, device number 66
[  806.586605][ T5996] usb 3-1: new high-speed USB device number 84 using dummy_hcd
[  806.666421][T12932] raw-gadget.1 gadget.1: fail, usb_ep_enable returned -22
[  806.756568][ T5996] usb 3-1: Using ep0 maxpacket: 32
[  806.827591][ T5996] usb 3-1: config 1 has an invalid interface descriptor of length 4, skipping
[  806.841311][ T5996] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  806.854595][ T5996] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 3
[  806.911510][ T5996] usb 3-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  806.922362][ T5996] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  806.949593][T12945] bond1 (unregistering): Released all slaves
[  806.980436][ T5996] usb 3-1: Product: syz
[  806.989589][ T6041] usb 2-1: Incompatible driver and firmware versions
[  807.035207][ T6041] usb 2-1: USB disconnect, device number 58
[  807.041517][ T5996] usb 3-1: Manufacturer: syz
[  807.062705][ T5996] usb 3-1: SerialNumber: syz
[  807.138728][T12951] loop6: detected capacity change from 0 to 7
[  807.157968][T12951] Dev loop6: unable to read RDB block 7
[  807.166043][T12951]  loop6: AHDI p2 p3
[  807.173321][T12951] loop6: partition table partially beyond EOD, truncated
[  807.195294][T12951] loop6: p2 size 46 extends beyond EOD, truncated
[  807.326163][ T5975] usb 6-1: new low-speed USB device number 33 using dummy_hcd
[  807.355175][ T9173] udevd[9173]: inotify_add_watch(7, /dev/loop6p2, 10) failed: No such file or directory
[  807.498659][ T5975] usb 6-1: config 0 has an invalid interface number: 1 but max is 0
[  807.507175][ T5975] usb 6-1: config 0 has no interface number 0
[  807.513527][ T5975] usb 6-1: config 0 interface 1 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 10
[  807.541414][ T5975] usb 6-1: config 0 interface 1 altsetting 0 endpoint 0x82 has invalid maxpacket 159, setting to 8
[  807.563168][ T5975] usb 6-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22
[  807.594455][ T5975] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  807.752521][ T5975] usb 6-1: config 0 descriptor??
[  807.810475][T12958] tipc: Started in network mode
[  807.815728][T12958] tipc: Node identity 963bc2b75ef2, cluster identity 4711
[  807.823824][T12958] tipc: Enabled bearer <eth:xfrm0>, priority 10
[  807.972236][T12949] raw-gadget.1 gadget.5: fail, usb_ep_enable returned -22
[  808.206332][ T5975] iowarrior 6-1:0.1: IOWarrior product=0x1512, serial= interface=1 now attached to iowarrior0
[  808.406153][ T5975] usb 6-1: USB disconnect, device number 33
[  808.716901][ T1304] ieee802154 phy0 wpan0: encryption failed: -22
[  808.723368][ T1304] ieee802154 phy1 wpan1: encryption failed: -22
[  808.936052][ T6041] tipc: Node number set to 3368665783
[  809.037542][ T5975] usb 6-1: new high-speed USB device number 34 using dummy_hcd
[  809.346934][ T5975] usb 6-1: Using ep0 maxpacket: 8
[  809.361039][ T5975] usb 6-1: config 0 has an invalid interface number: 1 but max is 0
[  809.370640][ T5975] usb 6-1: config 0 has no interface number 0
[  809.378000][T12966] loop8: detected capacity change from 0 to 8
[  809.405161][ T5975] usb 6-1: config 0 interface 1 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  809.426187][ T5975] usb 6-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22
[  809.436125][T12966] Dev loop8: unable to read RDB block 8
[  809.463258][T12966]  loop8: unable to read partition table
[  809.685527][T12966] loop8: partition table beyond EOD, truncated
[  809.709555][ T5975] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  809.726145][T12966] loop_reread_partitions: partition scan of loop8 (�被x�^>�� �) failed (rc=-5)
[  809.738402][ T6041] usb 2-1: new high-speed USB device number 59 using dummy_hcd
[  809.857109][ T5975] usb 6-1: config 0 descriptor??
[  809.906173][ T6041] usb 2-1: device descriptor read/64, error -71
[  810.036457][ T5975] iowarrior 6-1:0.1: IOWarrior product=0x1512, serial= interface=1 now attached to iowarrior0
[  810.040566][T12968] xt_l2tp: missing protocol rule (udp|l2tpip)
[  810.156130][ T6041] usb 2-1: new high-speed USB device number 60 using dummy_hcd
[  810.171035][ T5975] usb 6-1: USB disconnect, device number 34
[  810.327273][ T6041] usb 2-1: device descriptor read/64, error -71
[  810.387673][ T5996] usb 3-1: 0:2 : does not exist
[  810.526481][ T6041] usb usb2-port1: attempt power cycle
[  810.548790][ T5996] usb 3-1: USB disconnect, device number 84
[  810.836301][   T43] usb 5-1: new high-speed USB device number 67 using dummy_hcd
[  810.996246][ T6041] usb 2-1: new high-speed USB device number 61 using dummy_hcd
[  811.006055][   T43] usb 5-1: Using ep0 maxpacket: 8
[  811.018736][   T43] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  811.031841][ T6041] usb 2-1: device descriptor read/8, error -71
[  811.040738][T12984] netlink: 20 bytes leftover after parsing attributes in process `syz.0.1879'.
[  811.071679][   T43] usb 5-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22
[  811.121112][   T43] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  811.183852][ T9173] udevd[9173]: error opening ATTR{/sys/devices/platform/dummy_hcd.2/usb3/3-1/3-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  811.296083][ T6041] usb 2-1: new high-speed USB device number 62 using dummy_hcd
[  811.315522][   T43] usb 5-1: config 0 descriptor??
[  811.368442][ T6041] usb 2-1: device descriptor read/8, error -71
[  811.510051][ T6041] usb usb2-port1: unable to enumerate USB device
[  811.533049][   T43] iowarrior 5-1:0.0: IOWarrior product=0x1512, serial= interface=0 now attached to iowarrior0
[  811.996866][ T6041] usb 5-1: USB disconnect, device number 67
[  812.002844][    C1] iowarrior 5-1:0.0: iowarrior_callback - usb_submit_urb failed with result -19
[  812.735436][T13010] tipc: Resetting bearer <eth:xfrm0>
[  812.994674][T13010] tipc: Disabling bearer <eth:xfrm0>
[  813.056309][ T5967] usb 6-1: new high-speed USB device number 35 using dummy_hcd
[  813.236117][ T6041] usb 2-1: new high-speed USB device number 63 using dummy_hcd
[  813.371368][ T5967] usb 6-1: config 1 has an invalid interface number: 7 but max is 0
[  813.379608][ T5967] usb 6-1: config 1 has no interface number 0
[  813.398693][ T5967] usb 6-1: config 1 interface 7 altsetting 0 has an endpoint descriptor with address 0xDB, changing to 0x8B
[  813.437298][ T5967] usb 6-1: config 1 interface 7 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 64
[  813.449091][ T5967] usb 6-1: config 1 interface 7 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[  813.513668][ T5967] usb 6-1: New USB device found, idVendor=1199, idProduct=68a3, bcdDevice= 0.00
[  813.531634][ T6041] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x2 has invalid wMaxPacketSize 0
[  813.566034][ T6041] usb 2-1: config 0 interface 0 altsetting 0 bulk endpoint 0x2 has invalid maxpacket 0
[  813.586099][ T5967] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  813.598943][ T5967] usb 6-1: Product: syz
[  813.614519][ T5967] usb 6-1: Manufacturer: syz
[  813.619369][ T6041] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x8B has invalid wMaxPacketSize 0
[  813.632461][ T5967] usb 6-1: SerialNumber: syz
[  813.659566][ T6041] usb 2-1: config 0 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 0
[  813.676530][T13013] raw-gadget.0 gadget.5: fail, usb_ep_enable returned -22
[  813.704778][ T5967] usb 6-1: Expected 3 endpoints, found: 2
[  813.712489][ T6041] usb 2-1: New USB device found, idVendor=0bfd, idProduct=010c, bcdDevice=2d.16
[  813.723988][ T6041] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  813.782380][ T6041] usb 2-1: Product: syz
[  813.790340][ T6041] usb 2-1: Manufacturer: syz
[  813.794974][ T6041] usb 2-1: SerialNumber: syz
[  813.821791][ T6041] usb 2-1: config 0 descriptor??
[  813.832611][ T6041] kvaser_usb 2-1:0.0: error -ENODEV: Cannot get usb endpoint(s)
[  813.996147][ T5967] usb 3-1: new high-speed USB device number 85 using dummy_hcd
[  814.172217][ T5982] usb 2-1: USB disconnect, device number 63
[  814.191038][ T5967] usb 3-1: Using ep0 maxpacket: 32
[  814.255465][ T5967] usb 3-1: config 1 has an invalid interface descriptor of length 4, skipping
[  814.285046][ T5967] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  814.493003][ T5967] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 3
[  814.631066][ T5967] usb 3-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  814.654611][ T5967] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  814.673015][ T5967] usb 3-1: Product: syz
[  814.724220][ T5967] usb 3-1: Manufacturer: syz
[  814.745311][ T5967] usb 3-1: SerialNumber: syz
[  815.180431][T13044] loop6: detected capacity change from 0 to 7
[  815.192879][ T6033] Dev loop6: unable to read RDB block 7
[  815.200354][ T6033]  loop6: unable to read partition table
[  815.207323][ T6033] loop6: partition table beyond EOD, truncated
[  815.215062][T13044] Dev loop6: unable to read RDB block 7
[  815.225164][T13044]  loop6: unable to read partition table
[  815.234197][T13044] loop6: partition table beyond EOD, truncated
[  815.267339][T13044] loop_reread_partitions: partition scan of loop6 (�被x������ ) failed (rc=-5)
[  815.347737][T12192] usb 5-1: new high-speed USB device number 68 using dummy_hcd
[  815.496294][T12192] usb 5-1: device descriptor read/64, error -71
[  815.757629][T12192] usb 5-1: new high-speed USB device number 69 using dummy_hcd
[  815.986166][T12192] usb 5-1: device descriptor read/64, error -71
[  816.166432][T12192] usb usb5-port1: attempt power cycle
[  816.179726][T13051] xt_l2tp: missing protocol rule (udp|l2tpip)
[  816.331382][ T5975] usb 6-1: USB disconnect, device number 35
[  816.626171][T12192] usb 5-1: new high-speed USB device number 70 using dummy_hcd
[  817.038819][T12192] usb 5-1: device descriptor read/8, error -71
[  817.205811][T13061] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  817.243622][T13061] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1895'.
[  817.366216][T12192] usb 5-1: new high-speed USB device number 71 using dummy_hcd
[  817.565851][ T5967] usb 3-1: 0:2 : does not exist
[  817.587826][ T5967] usb 3-1: USB disconnect, device number 85
[  817.616999][T12192] usb 5-1: device descriptor read/8, error -71
[  817.682905][ T9173] udevd[9173]: error opening ATTR{/sys/devices/platform/dummy_hcd.2/usb3/3-1/3-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  817.747205][T12192] usb usb5-port1: unable to enumerate USB device
[  818.846285][T11187] usb 2-1: new high-speed USB device number 64 using dummy_hcd
[  819.065486][T11187] usb 2-1: New USB device found, idVendor=0424, idProduct=7850, bcdDevice= 0.00
[  819.075457][T11187] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  819.139366][T11187] usb 2-1: Product: syz
[  819.143563][T11187] usb 2-1: Manufacturer: syz
[  819.188044][T11187] usb 2-1: SerialNumber: syz
[  819.274312][T13090] fuse: Bad value for 'fd'
[  819.808272][T13104] netlink: 4 bytes leftover after parsing attributes in process `syz.5.1904'.
[  819.819718][T13104] netlink: 12 bytes leftover after parsing attributes in process `syz.5.1904'.
[  819.952062][T13110] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1905'.
[  820.176176][ T5975] usb 6-1: new high-speed USB device number 36 using dummy_hcd
[  820.273179][T11187] lan78xx 2-1:1.0 (unnamed net_device) (uninitialized): Failed to read register index 0x00000010. ret = -EPIPE
[  820.277049][T13114] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  820.297352][T12192] usb 1-1: new high-speed USB device number 88 using dummy_hcd
[  820.367182][T13114] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  820.530139][T11187] lan78xx 2-1:1.0 (unnamed net_device) (uninitialized): Failed to read register index 0x00001000. ret = -EPIPE
[  820.648137][T12192] usb 1-1: Using ep0 maxpacket: 32
[  820.699380][T11187] lan78xx 2-1:1.0 (unnamed net_device) (uninitialized): Failed to write register index 0x0000011c. ret = -EPROTO
[  820.716642][T11187] lan78xx 2-1:1.0 (unnamed net_device) (uninitialized): Registers INIT FAILED....
[  820.735386][T12192] usb 1-1: config 1 has an invalid interface descriptor of length 4, skipping
[  820.772382][T11187] lan78xx 2-1:1.0 (unnamed net_device) (uninitialized): Bind routine FAILED
[  820.797093][T12192] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  820.854594][T11187] lan78xx 2-1:1.0: probe with driver lan78xx failed with error -71
[  820.870977][T12192] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 3
[  820.980324][T13128] netlink: 36 bytes leftover after parsing attributes in process `syz.1.1909'.
[  821.025595][T12192] usb 1-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  821.260730][T11187] usb 2-1: USB disconnect, device number 64
[  821.269189][T12192] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  821.323208][T12192] usb 1-1: Product: syz
[  821.348390][T12192] usb 1-1: Manufacturer: syz
[  821.364138][T12192] usb 1-1: SerialNumber: syz
[  821.475810][T13133] netlink: 36 bytes leftover after parsing attributes in process `syz.2.1910'.
[  822.843675][ T5975] usb 6-1: unable to get BOS descriptor or descriptor too short
[  822.967034][ T5975] usb 6-1: unable to read config index 0 descriptor/start: -71
[  822.974710][ T5975] usb 6-1: can't read configurations, error -71
[  823.182583][T13144] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  824.723467][T12192] usb 1-1: 0:2 : does not exist
[  824.813774][T12192] usb 1-1: USB disconnect, device number 88
[  824.969100][ T9173] udevd[9173]: error opening ATTR{/sys/devices/platform/dummy_hcd.0/usb1/1-1/1-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  825.306379][ T5967] usb 3-1: new full-speed USB device number 86 using dummy_hcd
[  825.783698][T13174] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  825.806688][ T5967] usb 3-1: unable to get BOS descriptor or descriptor too short
[  825.830560][ T5967] usb 3-1: not running at top speed; connect to a high speed hub
[  825.839867][ T5967] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  825.850544][ T5967] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 3
[  825.863301][ T5967] usb 3-1: string descriptor 0 read error: -22
[  825.927582][T13178] netlink: 'syz.1.1922': attribute type 1 has an invalid length.
[  826.211988][ T5967] usb 3-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  826.298369][ T5967] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  826.418401][ T5967] usb 3-1: 0:2 : does not exist
[  826.536241][ T5982] usb 5-1: new high-speed USB device number 72 using dummy_hcd
[  826.603974][T13160] netlink: 'syz.2.1917': attribute type 33 has an invalid length.
[  826.612325][T13160] netlink: 152 bytes leftover after parsing attributes in process `syz.2.1917'.
[  826.680029][ T5967] usb 3-1: 5:0: failed to get current value for ch 0 (-22)
[  826.698864][ T5967] usb 3-1: 5:0: cannot get min/max values for control 2 (id 5)
[  826.707375][ T5982] usb 5-1: Using ep0 maxpacket: 8
[  826.738149][ T5982] usb 5-1: config 179 has an invalid interface number: 65 but max is 0
[  826.756937][ T5982] usb 5-1: config 179 has no interface number 0
[  826.763675][ T5967] usb 3-1: 5:0: cannot get min/max values for control 3 (id 5)
[  826.781677][ T5982] usb 5-1: config 179 interface 65 altsetting 0 endpoint 0xF has an invalid bInterval 0, changing to 7
[  826.808211][ T5967] usb 3-1: 5:0: failed to get current value for ch 1 (-22)
[  826.828677][ T5982] usb 5-1: config 179 interface 65 altsetting 0 endpoint 0xF has invalid maxpacket 1025, setting to 1024
[  826.890295][ T5967] usb 3-1: 5:0: cannot get min/max values for control 3 (id 5)
[  826.909006][ T5982] usb 5-1: config 179 interface 65 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7
[  826.944370][ T5967] usb 3-1: 5:0: cannot get min/max values for control 2 (id 5)
[  826.962285][ T5982] usb 5-1: config 179 interface 65 altsetting 0 endpoint 0x83 has invalid maxpacket 41728, setting to 1024
[  826.982018][ T5967] usb 3-1: USB disconnect, device number 86
[  827.049152][ T5982] usb 5-1: config 179 interface 65 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 23
[  827.105057][ T5982] usb 5-1: New USB device found, idVendor=12ab, idProduct=90a3, bcdDevice=1e.eb
[  827.114608][ T5982] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  827.155519][T13182] raw-gadget.1 gadget.4: fail, usb_ep_enable returned -22
[  827.413937][   T30] kauditd_printk_skb: 21 callbacks suppressed
[  827.413955][   T30] audit: type=1326 audit(1758502730.625:117): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13196 comm="syz.5.1927" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f678e78ec29 code=0x7ffc0000
[  827.488816][   T30] audit: type=1326 audit(1758502730.625:118): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13196 comm="syz.5.1927" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f678e78ec29 code=0x7ffc0000
[  827.515131][   T30] audit: type=1326 audit(1758502730.665:119): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13196 comm="syz.5.1927" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f678e78ec29 code=0x7ffc0000
[  827.574700][ T5982] input: Generic X-Box pad as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:179.65/input/input35
[  827.612581][   T30] audit: type=1326 audit(1758502730.665:120): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13196 comm="syz.5.1927" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f678e78ec29 code=0x7ffc0000
[  827.647002][T11187] usb 3-1: new high-speed USB device number 87 using dummy_hcd
[  827.694044][T13199] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  827.763343][   T30] audit: type=1326 audit(1758502730.665:121): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13196 comm="syz.5.1927" exe="/root/syz-executor" sig=0 arch=c000003e syscall=54 compat=0 ip=0x7f678e78ec29 code=0x7ffc0000
[  827.982251][T11187] usb 3-1: New USB device found, idVendor=055f, idProduct=c230, bcdDevice=b6.ac
[  828.016092][   T30] audit: type=1326 audit(1758502730.665:122): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13196 comm="syz.5.1927" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f678e78ec29 code=0x7ffc0000
[  828.073715][T11187] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  828.096437][T12192] usb 6-1: new high-speed USB device number 38 using dummy_hcd
[  828.115830][T13182] input: syz0 as /devices/virtual/input/input36
[  828.151906][   T30] audit: type=1326 audit(1758502730.665:123): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13196 comm="syz.5.1927" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f678e78ec29 code=0x7ffc0000
[  828.181406][T11187] usb 3-1: Product: syz
[  828.222120][T11187] usb 3-1: Manufacturer: syz
[  828.254838][T11187] usb 3-1: SerialNumber: syz
[  828.281879][T11187] usb 3-1: config 0 descriptor??
[  828.311606][T11187] gspca_main: sunplus-2.14.0 probing 055f:c230
[  828.346064][T12192] usb 6-1: device descriptor read/64, error -71
[  828.406142][   T30] audit: type=1326 audit(1758502730.665:124): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13196 comm="syz.5.1927" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f678e78ec29 code=0x7ffc0000
[  828.596098][T12192] usb 6-1: new high-speed USB device number 39 using dummy_hcd
[  828.620226][ T1544] usb 2-1: new high-speed USB device number 65 using dummy_hcd
[  828.635623][   T30] audit: type=1326 audit(1758502730.665:125): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13196 comm="syz.5.1927" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f678e78ec29 code=0x7ffc0000
[  828.724029][   T30] audit: type=1326 audit(1758502730.665:126): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13196 comm="syz.5.1927" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f678e78ec29 code=0x7ffc0000
[  828.756176][T12192] usb 6-1: device descriptor read/64, error -71
[  828.876448][T12192] usb usb6-port1: attempt power cycle
[  828.882268][ T1544] usb 2-1: Using ep0 maxpacket: 16
[  828.914581][ T1544] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  828.935332][ T1544] usb 2-1: config 0 interface 0 altsetting 1 has an invalid descriptor for endpoint zero, skipping
[  828.965321][ T1544] usb 2-1: config 0 interface 0 altsetting 1 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  829.044815][ T1544] usb 2-1: config 0 interface 0 has no altsetting 0
[  829.059811][ T1544] usb 2-1: New USB device found, idVendor=06cb, idProduct=0006, bcdDevice=9a.eb
[  829.105228][ T1544] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  829.153116][ T1544] usb 2-1: Product: syz
[  829.165865][ T1544] usb 2-1: Manufacturer: syz
[  829.184000][ T1544] usb 2-1: SerialNumber: syz
[  829.243208][ T1544] usb 2-1: config 0 descriptor??
[  829.276135][T12192] usb 6-1: new high-speed USB device number 40 using dummy_hcd
[  829.303464][ T5967] usb 5-1: USB disconnect, device number 72
[  829.309556][    C1] xpad 5-1:179.65: xpad_irq_in - usb_submit_urb failed with result -19
[  829.309604][    C1] xpad 5-1:179.65: xpad_irq_out - usb_submit_urb failed with result -19
[  829.470692][T12192] usb 6-1: device descriptor read/8, error -71
[  829.683092][T13205] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  829.693450][T13205] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  829.756645][ T5967] usb 3-1: USB disconnect, device number 87
[  829.827003][T12192] usb 6-1: new high-speed USB device number 41 using dummy_hcd
[  829.861431][T12192] usb 6-1: device descriptor read/8, error -71
[  829.876239][ T5982] usb 1-1: new high-speed USB device number 89 using dummy_hcd
[  829.977384][T12192] usb usb6-port1: unable to enumerate USB device
[  830.026170][ T5982] usb 1-1: device descriptor read/64, error -71
[  830.222628][ T1544] usb 2-1: USB disconnect, device number 65
[  830.266115][ T5982] usb 1-1: new high-speed USB device number 90 using dummy_hcd
[  830.387386][T13222] netdevsim netdevsim2: Direct firmware load for ./file0/file1 failed with error -2
[  830.407105][ T5982] usb 1-1: device descriptor read/64, error -71
[  830.443789][T13222] netdevsim netdevsim2: Falling back to sysfs fallback for: ./file0/file1
[  830.541251][ T5982] usb usb1-port1: attempt power cycle
[  830.785757][T13233] netlink: 4 bytes leftover after parsing attributes in process `syz.5.1936'.
[  830.904555][ T5982] usb 1-1: new high-speed USB device number 91 using dummy_hcd
[  830.966960][ T5982] usb 1-1: device descriptor read/8, error -71
[  831.226061][ T1544] usb 2-1: new high-speed USB device number 66 using dummy_hcd
[  831.296144][ T5982] usb 1-1: new high-speed USB device number 92 using dummy_hcd
[  831.358589][ T5982] usb 1-1: device descriptor read/8, error -71
[  831.396038][ T1544] usb 2-1: device descriptor read/64, error -71
[  831.468387][ T5982] usb usb1-port1: unable to enumerate USB device
[  831.717431][ T1544] usb 2-1: new high-speed USB device number 67 using dummy_hcd
[  831.896326][ T1544] usb 2-1: device descriptor read/64, error -71
[  832.006452][ T1544] usb usb2-port1: attempt power cycle
[  832.261837][T13249] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1941'.
[  832.320676][T13249] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  832.334115][T13252] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1942'.
[  832.365752][T13249] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1941'.
[  832.421854][T13254] FAULT_INJECTION: forcing a failure.
[  832.421854][T13254] name failslab, interval 1, probability 0, space 0, times 0
[  832.451728][T13254] CPU: 1 UID: 0 PID: 13254 Comm: syz.2.1943 Not tainted syzkaller #0 PREEMPT(full) 
[  832.451754][T13254] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  832.451765][T13254] Call Trace:
[  832.451773][T13254]  <TASK>
[  832.451781][T13254]  dump_stack_lvl+0x189/0x250
[  832.451807][T13254]  ? __pfx____ratelimit+0x10/0x10
[  832.451829][T13254]  ? __pfx_dump_stack_lvl+0x10/0x10
[  832.451850][T13254]  ? __pfx__printk+0x10/0x10
[  832.451876][T13254]  ? __pfx___might_resched+0x10/0x10
[  832.451893][T13254]  ? fs_reclaim_acquire+0x7d/0x100
[  832.451916][T13254]  should_fail_ex+0x414/0x560
[  832.451945][T13254]  should_failslab+0xa8/0x100
[  832.451970][T13254]  __kmalloc_noprof+0xcb/0x4f0
[  832.451991][T13254]  ? genl_family_rcv_msg_attrs_parse+0xa3/0x2a0
[  832.452021][T13254]  genl_family_rcv_msg_attrs_parse+0xa3/0x2a0
[  832.452052][T13254]  genl_family_rcv_msg_doit+0xb8/0x300
[  832.452082][T13254]  ? __pfx_genl_family_rcv_msg_doit+0x10/0x10
[  832.452113][T13254]  ? apparmor_capable+0x137/0x1b0
[  832.452135][T13254]  ? bpf_lsm_capable+0x9/0x20
[  832.452155][T13254]  ? security_capable+0x7e/0x2e0
[  832.452186][T13254]  genl_rcv_msg+0x60e/0x790
[  832.452215][T13254]  ? __pfx_genl_rcv_msg+0x10/0x10
[  832.452235][T13254]  ? __pfx_nl80211_pre_doit+0x10/0x10
[  832.452254][T13254]  ? __pfx_nl80211_join_mesh+0x10/0x10
[  832.452268][T13254]  ? __pfx_nl80211_post_doit+0x10/0x10
[  832.452287][T13254]  ? __asan_memcpy+0x40/0x70
[  832.452303][T13254]  ? __pfx_ref_tracker_free+0x10/0x10
[  832.452326][T13254]  netlink_rcv_skb+0x208/0x470
[  832.452347][T13254]  ? __lock_acquire+0xab9/0xd20
[  832.452376][T13254]  ? __pfx_genl_rcv_msg+0x10/0x10
[  832.452399][T13254]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  832.452427][T13254]  ? down_read+0x1ad/0x2e0
[  832.452441][T13254]  genl_rcv+0x28/0x40
[  832.452453][T13254]  netlink_unicast+0x82c/0x9e0
[  832.452474][T13254]  ? __pfx_netlink_unicast+0x10/0x10
[  832.452490][T13254]  ? netlink_sendmsg+0x642/0xb30
[  832.452499][T13254]  ? skb_put+0x11b/0x210
[  832.452513][T13254]  netlink_sendmsg+0x805/0xb30
[  832.452529][T13254]  ? __pfx_netlink_sendmsg+0x10/0x10
[  832.452541][T13254]  ? aa_sock_msg_perm+0xf1/0x1d0
[  832.452552][T13254]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  832.452563][T13254]  ? __pfx_netlink_sendmsg+0x10/0x10
[  832.452574][T13254]  __sock_sendmsg+0x21c/0x270
[  832.452592][T13254]  ____sys_sendmsg+0x505/0x830
[  832.452607][T13254]  ? __pfx_____sys_sendmsg+0x10/0x10
[  832.452627][T13254]  ? import_iovec+0x74/0xa0
[  832.452643][T13254]  ___sys_sendmsg+0x21f/0x2a0
[  832.452657][T13254]  ? __pfx____sys_sendmsg+0x10/0x10
[  832.452689][T13254]  ? __fget_files+0x2a/0x420
[  832.452698][T13254]  ? __fget_files+0x3a0/0x420
[  832.452713][T13254]  __x64_sys_sendmsg+0x19b/0x260
[  832.452727][T13254]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  832.452745][T13254]  ? rcu_is_watching+0x15/0xb0
[  832.452759][T13254]  ? do_syscall_64+0xbe/0x3b0
[  832.452773][T13254]  do_syscall_64+0xfa/0x3b0
[  832.452783][T13254]  ? lockdep_hardirqs_on+0x9c/0x150
[  832.452794][T13254]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  832.452804][T13254]  ? clear_bhb_loop+0x60/0xb0
[  832.452816][T13254]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  832.452826][T13254] RIP: 0033:0x7faaa438ec29
[  832.452837][T13254] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  832.452846][T13254] RSP: 002b:00007faaa5260038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  832.452858][T13254] RAX: ffffffffffffffda RBX: 00007faaa45d5fa0 RCX: 00007faaa438ec29
[  832.452866][T13254] RDX: 0000000000000000 RSI: 0000200000000400 RDI: 0000000000000005
[  832.452873][T13254] RBP: 00007faaa5260090 R08: 0000000000000000 R09: 0000000000000000
[  832.452879][T13254] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  832.452884][T13254] R13: 00007faaa45d6038 R14: 00007faaa45d5fa0 R15: 00007faaa46ffa28
[  832.452900][T13254]  </TASK>
[  832.900802][ T1544] usb 2-1: new high-speed USB device number 68 using dummy_hcd
[  832.927713][ T1544] usb 2-1: device descriptor read/8, error -71
[  833.169455][ T1544] usb 2-1: new high-speed USB device number 69 using dummy_hcd
[  833.188447][T13260] bond1 (unregistering): Released all slaves
[  833.208881][ T1544] usb 2-1: device descriptor read/8, error -71
[  833.316936][ T1544] usb usb2-port1: unable to enumerate USB device
[  833.405184][T13267] program syz.2.1947 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  833.680826][   T30] kauditd_printk_skb: 28 callbacks suppressed
[  833.680845][   T30] audit: type=1326 audit(1758502736.885:155): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13270 comm="syz.0.1949" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4a9eb8ec29 code=0x7ffc0000
[  833.709332][    C0] vkms_vblank_simulate: vblank timer overrun
[  833.857226][   T30] audit: type=1326 audit(1758502736.885:156): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13270 comm="syz.0.1949" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4a9eb8ec29 code=0x7ffc0000
[  833.883135][   T30] audit: type=1326 audit(1758502736.885:157): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13270 comm="syz.0.1949" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f4a9eb8ec29 code=0x7ffc0000
[  833.905425][    C0] vkms_vblank_simulate: vblank timer overrun
[  833.978921][   T30] audit: type=1326 audit(1758502736.885:158): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13270 comm="syz.0.1949" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4a9eb8ec29 code=0x7ffc0000
[  834.284563][   T30] audit: type=1326 audit(1758502736.885:159): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13270 comm="syz.0.1949" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4a9eb8ec29 code=0x7ffc0000
[  834.340186][T13282] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  834.644750][   T30] audit: type=1326 audit(1758502736.885:160): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13270 comm="syz.0.1949" exe="/root/syz-executor" sig=0 arch=c000003e syscall=54 compat=0 ip=0x7f4a9eb8ec29 code=0x7ffc0000
[  834.731268][   T30] audit: type=1326 audit(1758502736.885:161): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13270 comm="syz.0.1949" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4a9eb8ec29 code=0x7ffc0000
[  834.992718][   T30] audit: type=1326 audit(1758502736.885:162): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13270 comm="syz.0.1949" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4a9eb8ec29 code=0x7ffc0000
[  835.166132][   T30] audit: type=1326 audit(1758502736.895:163): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13270 comm="syz.0.1949" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f4a9eb8ec29 code=0x7ffc0000
[  835.188455][    C0] vkms_vblank_simulate: vblank timer overrun
[  835.196716][T13287] netlink: 32 bytes leftover after parsing attributes in process `syz.1.1952'.
[  835.328048][   T30] audit: type=1326 audit(1758502736.895:164): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13270 comm="syz.0.1949" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4a9eb8ec29 code=0x7ffc0000
[  836.058806][ T5982] usb 3-1: new high-speed USB device number 88 using dummy_hcd
[  836.180185][T13314] =======================================================
[  836.180185][T13314] WARNING: The mand mount option has been deprecated and
[  836.180185][T13314]          and is ignored by this kernel. Remove the mand
[  836.180185][T13314]          option from the mount to silence this warning.
[  836.180185][T13314] =======================================================
[  836.230190][T13312] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1961'.
[  836.248107][ T5982] usb 3-1: device descriptor read/64, error -71
[  836.516112][ T5982] usb 3-1: new high-speed USB device number 89 using dummy_hcd
[  836.656265][ T5982] usb 3-1: device descriptor read/64, error -71
[  836.670171][ T5967] IPVS: starting estimator thread 0...
[  836.766475][ T5982] usb usb3-port1: attempt power cycle
[  836.772097][T13320] IPVS: using max 50 ests per chain, 120000 per kthread
[  837.055472][T13328] fuse: Bad value for 'rootmode'
[  837.146093][ T5982] usb 3-1: new high-speed USB device number 90 using dummy_hcd
[  837.168124][ T5982] usb 3-1: device descriptor read/8, error -71
[  837.406199][ T5982] usb 3-1: new high-speed USB device number 91 using dummy_hcd
[  837.518856][ T5982] usb 3-1: device descriptor read/8, error -71
[  837.635203][ T5982] usb usb3-port1: unable to enumerate USB device
[  837.683907][T13343] netlink: 312 bytes leftover after parsing attributes in process `syz.4.1970'.
[  837.981840][T13347] pim6reg: entered allmulticast mode
[  838.871761][T13358] misc userio: The device must be registered before sending interrupts
[  839.635805][T13374] bond3 (unregistering): Released all slaves
[  839.765227][T13377] loop8: detected capacity change from 0 to 8
[  839.773443][T13377] Dev loop8: unable to read RDB block 8
[  839.780124][T13377]  loop8: unable to read partition table
[  839.786506][T13377] loop8: partition table beyond EOD, truncated
[  839.792771][T13377] loop_reread_partitions: partition scan of loop8 (�被x�^>�� �) failed (rc=-5)
[  840.102199][T13385] fuse: Unknown parameter 'use00000000000000000000'
[  841.019558][T13398] netlink: 36 bytes leftover after parsing attributes in process `syz.2.1984'.
[  841.980612][T13406] netlink: 12 bytes leftover after parsing attributes in process `syz.5.1986'.
[  842.020647][T13406] netlink: 12 bytes leftover after parsing attributes in process `syz.5.1986'.
[  842.129591][T13410] misc userio: The device must be registered before sending interrupts
[  842.634191][T13416] bond1: entered allmulticast mode
[  842.698761][T13416] 8021q: adding VLAN 0 to HW filter on device bond1
[  843.046273][   T43] usb 1-1: new high-speed USB device number 93 using dummy_hcd
[  843.198909][   T43] usb 1-1: device descriptor read/64, error -71
[  843.271280][T13433] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  843.436245][   T43] usb 1-1: new high-speed USB device number 94 using dummy_hcd
[  843.586189][   T43] usb 1-1: device descriptor read/64, error -71
[  843.791904][   T43] usb usb1-port1: attempt power cycle
[  844.066035][T11187] usb 6-1: new high-speed USB device number 42 using dummy_hcd
[  844.106539][T13445] netlink: 312 bytes leftover after parsing attributes in process `syz.4.1996'.
[  844.142080][   T30] kauditd_printk_skb: 38 callbacks suppressed
[  844.142099][   T30] audit: type=1326 audit(1758502747.355:203): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13446 comm="syz.1.1998" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5c6bf8ec29 code=0x7ffc0000
[  844.176050][   T43] usb 1-1: new high-speed USB device number 95 using dummy_hcd
[  844.224240][   T43] usb 1-1: device descriptor read/8, error -71
[  844.324091][T13449] loop6: detected capacity change from 0 to 2560
[  844.351309][ T9173] buffer_io_error: 11 callbacks suppressed
[  844.351321][ T9173] Buffer I/O error on dev loop6, logical block 0, async page read
[  844.376057][T11187] usb 6-1: device descriptor read/64, error -71
[  844.416196][   T30] audit: type=1326 audit(1758502747.355:204): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13446 comm="syz.1.1998" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f5c6bf8ec29 code=0x7ffc0000
[  844.506120][   T30] audit: type=1326 audit(1758502747.355:205): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13446 comm="syz.1.1998" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5c6bf8ec29 code=0x7ffc0000
[  844.506187][   T43] usb 1-1: new high-speed USB device number 96 using dummy_hcd
[  844.538896][ T9173] Buffer I/O error on dev loop6, logical block 0, async page read
[  844.582275][ T9173] Buffer I/O error on dev loop6, logical block 0, async page read
[  844.614868][   T30] audit: type=1326 audit(1758502747.355:206): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13446 comm="syz.1.1998" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5c6bf8ec29 code=0x7ffc0000
[  844.614885][ T9173] Buffer I/O error on dev loop6, logical block 0, async page read
[  844.614983][ T9173] Buffer I/O error on dev loop6, logical block 0, async page read
[  844.637814][T11187] usb 6-1: new high-speed USB device number 43 using dummy_hcd
[  844.719975][   T30] audit: type=1326 audit(1758502747.355:207): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13446 comm="syz.1.1998" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f5c6bf8ec29 code=0x7ffc0000
[  844.836126][T11187] usb 6-1: device descriptor read/64, error -71
[  844.842971][   T43] usb 1-1: device descriptor read/8, error -71
[  844.857750][   T30] audit: type=1326 audit(1758502747.355:208): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13446 comm="syz.1.1998" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5c6bf8ec29 code=0x7ffc0000
[  844.920982][   T30] audit: type=1326 audit(1758502747.355:209): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13446 comm="syz.1.1998" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5c6bf8ec29 code=0x7ffc0000
[  844.947076][T11187] usb usb6-port1: attempt power cycle
[  844.967617][   T43] usb usb1-port1: unable to enumerate USB device
[  845.001376][   T30] audit: type=1326 audit(1758502747.355:210): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13446 comm="syz.1.1998" exe="/root/syz-executor" sig=0 arch=c000003e syscall=44 compat=0 ip=0x7f5c6bf90abc code=0x7ffc0000
[  845.029165][ T9173] Buffer I/O error on dev loop6, logical block 0, async page read
[  845.073492][ T9173] Buffer I/O error on dev loop6, logical block 0, async page read
[  845.090893][   T30] audit: type=1326 audit(1758502747.355:211): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13446 comm="syz.1.1998" exe="/root/syz-executor" sig=0 arch=c000003e syscall=45 compat=0 ip=0x7f5c6bf909f4 code=0x7ffc0000
[  845.114006][ T9173] Buffer I/O error on dev loop6, logical block 0, async page read
[  845.149520][ T9173] ldm_validate_partition_table(): Disk read failed.
[  845.156027][   T30] audit: type=1326 audit(1758502747.355:212): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13446 comm="syz.1.1998" exe="/root/syz-executor" sig=0 arch=c000003e syscall=45 compat=0 ip=0x7f5c6bf909f4 code=0x7ffc0000
[  845.180447][ T9173] Buffer I/O error on dev loop6, logical block 0, async page read
[  845.338112][T12192] usb 3-1: new full-speed USB device number 92 using dummy_hcd
[  845.349586][ T9173] Buffer I/O error on dev loop6, logical block 0, async page read
[  845.357900][ T9173] Dev loop6: unable to read RDB block 0
[  845.366666][ T9173]  loop6: unable to read partition table
[  845.386068][T11187] usb 6-1: new high-speed USB device number 44 using dummy_hcd
[  845.406960][T11187] usb 6-1: device descriptor read/8, error -71
[  845.509329][T12192] usb 3-1: unable to get BOS descriptor or descriptor too short
[  845.522811][T12192] usb 3-1: not running at top speed; connect to a high speed hub
[  845.534512][T12192] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  845.544755][T12192] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 3
[  845.574062][T12192] usb 3-1: string descriptor 0 read error: -22
[  845.581840][T12192] usb 3-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  845.591550][T12192] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  845.617937][T12192] usb 3-1: 0:2 : does not exist
[  845.646122][T11187] usb 6-1: new high-speed USB device number 45 using dummy_hcd
[  845.678449][T11187] usb 6-1: device descriptor read/8, error -71
[  845.735640][T13461] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2003'.
[  845.746037][T13461] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2003'.
[  845.799882][T11187] usb usb6-port1: unable to enumerate USB device
[  845.886167][ T5975] usb 2-1: new high-speed USB device number 70 using dummy_hcd
[  846.014161][T13452] netlink: 'syz.2.2000': attribute type 33 has an invalid length.
[  846.022348][T13452] netlink: 152 bytes leftover after parsing attributes in process `syz.2.2000'.
[  846.046131][ T5975] usb 2-1: Using ep0 maxpacket: 32
[  846.055074][ T5975] usb 2-1: config 0 has an invalid interface number: 132 but max is 0
[  846.068596][ T5975] usb 2-1: config 0 has no interface number 0
[  846.088135][ T5975] usb 2-1: config 0 interface 132 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0
[  846.109365][T13469] misc userio: The device must be registered before sending interrupts
[  846.193901][ T5975] usb 2-1: New USB device found, idVendor=0413, idProduct=6023, bcdDevice=ec.e5
[  846.451721][ T5975] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  846.531729][ T5975] usb 2-1: Product: syz
[  846.542942][T12192] usb 3-1: 5:0: cannot get min/max values for control 2 (id 5)
[  846.564675][ T5975] usb 2-1: Manufacturer: syz
[  846.618067][ T5975] usb 2-1: SerialNumber: syz
[  846.648257][T12192] usb 3-1: 5:0: cannot get min/max values for control 3 (id 5)
[  846.668963][ T5975] usb 2-1: config 0 descriptor??
[  846.770743][T12192] usb 3-1: 5:0: failed to get current value for ch 1 (-22)
[  846.786224][ T5975] em28xx 2-1:0.132: New device syz syz @ 480 Mbps (0413:6023, interface 132, class 132)
[  846.852393][ T5975] em28xx 2-1:0.132: Video interface 132 found:
[  846.876823][T12192] usb 3-1: 5:0: cannot get min/max values for control 3 (id 5)
[  846.986334][T12192] usb 3-1: USB disconnect, device number 92
[  847.171557][ T5975] em28xx 2-1:0.132: unknown em28xx chip ID (0)
[  847.826329][ T5975] em28xx 2-1:0.132: failed to get i2c transfer status from bridge register (error=-5)
[  847.836602][ T5975] em28xx 2-1:0.132: board has no eeprom
[  847.916058][ T5975] em28xx 2-1:0.132: Identified as Leadtek Winfast USB II (card=7)
[  847.924484][ T5975] em28xx 2-1:0.132: analog set to bulk mode.
[  847.930737][T12192] em28xx 2-1:0.132: Registering V4L2 extension
[  847.963897][T13492] tipc: Enabling of bearer <eth:xfrm0> rejected, already enabled
[  848.261451][T12192] em28xx 2-1:0.132: failed to trigger read from i2c address 0x4a (error=-5)
[  848.271579][ T1544] usb 2-1: USB disconnect, device number 70
[  848.297163][ T1544] em28xx 2-1:0.132: Disconnecting em28xx
[  848.465702][T12192] em28xx 2-1:0.132: Config register raw data: 0xffffffed
[  848.529340][T12192] em28xx 2-1:0.132: AC97 chip type couldn't be determined
[  848.537239][T12192] em28xx 2-1:0.132: No AC97 audio processor
[  848.624262][T12192] usb 2-1: Decoder not found
[  848.846075][T12192] em28xx 2-1:0.132: failed to create media graph
[  848.951578][T13508] netlink: 4400 bytes leftover after parsing attributes in process `syz.1.2016'.
[  848.964275][T12192] em28xx 2-1:0.132: V4L2 device video103 deregistered
[  848.993174][T13508] debugfs: '�`]��I�q�!�>�s���*��!)\�+`�iF=' already exists in 'ieee80211'
[  849.061207][T12192] em28xx 2-1:0.132: Remote control support is not available for this card.
[  849.062378][T13503] ==================================================================
[  849.077887][T13503] BUG: KASAN: slab-use-after-free in v4l2_fh_open+0xc7/0x430
[  849.085244][T13503] Read of size 8 at addr ffff888079f3c740 by task v4l_id/13503
[  849.092765][T13503] 
[  849.095072][T13503] CPU: 1 UID: 0 PID: 13503 Comm: v4l_id Not tainted syzkaller #0 PREEMPT(full) 
[  849.095084][T13503] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  849.095091][T13503] Call Trace:
[  849.095096][T13503]  <TASK>
[  849.095102][T13503]  dump_stack_lvl+0x189/0x250
[  849.095120][T13503]  ? rcu_is_watching+0x15/0xb0
[  849.095130][T13503]  ? __kasan_check_byte+0x12/0x40
[  849.095145][T13503]  ? __pfx_dump_stack_lvl+0x10/0x10
[  849.095156][T13503]  ? rcu_is_watching+0x15/0xb0
[  849.095165][T13503]  ? lock_release+0x4b/0x3e0
[  849.095180][T13503]  ? __virt_addr_valid+0x1c8/0x5c0
[  849.095193][T13503]  ? __virt_addr_valid+0x4a5/0x5c0
[  849.095205][T13503]  print_report+0xca/0x240
[  849.095215][T13503]  ? v4l2_fh_open+0xc7/0x430
[  849.095224][T13503]  kasan_report+0x118/0x150
[  849.095238][T13503]  ? v4l2_fh_open+0xc7/0x430
[  849.095249][T13503]  v4l2_fh_open+0xc7/0x430
[  849.095260][T13503]  em28xx_v4l2_open+0x157/0x9a0
[  849.095277][T13503]  v4l2_open+0x20f/0x360
[  849.095289][T13503]  chrdev_open+0x4c9/0x5e0
[  849.095298][T13503]  ? __pfx_chrdev_open+0x10/0x10
[  849.095307][T13503]  ? fsnotify_open_perm_and_set_mode+0x113/0x610
[  849.095323][T13503]  ? __pfx_chrdev_open+0x10/0x10
[  849.095331][T13503]  do_dentry_open+0x950/0x13f0
[  849.095344][T13503]  vfs_open+0x3b/0x340
[  849.095353][T13503]  ? path_openat+0x2ecd/0x3830
[  849.095366][T13503]  path_openat+0x2ee5/0x3830
[  849.095377][T13503]  ? arch_stack_walk+0xfc/0x150
[  849.095393][T13503]  ? stack_depot_save_flags+0x40/0x860
[  849.095411][T13503]  ? __pfx_path_openat+0x10/0x10
[  849.095421][T13503]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  849.095435][T13503]  do_filp_open+0x1fa/0x410
[  849.095446][T13503]  ? __lock_acquire+0xab9/0xd20
[  849.095460][T13503]  ? __pfx_do_filp_open+0x10/0x10
[  849.095475][T13503]  ? _raw_spin_unlock+0x28/0x50
[  849.095490][T13503]  ? alloc_fd+0x64c/0x6c0
[  849.095506][T13503]  do_sys_openat2+0x121/0x1c0
[  849.095517][T13503]  ? __pfx_do_sys_openat2+0x10/0x10
[  849.095527][T13503]  ? exc_page_fault+0x76/0xf0
[  849.095537][T13503]  ? do_user_addr_fault+0xc8a/0x1390
[  849.095553][T13503]  __x64_sys_openat+0x138/0x170
[  849.095564][T13503]  do_syscall_64+0xfa/0x3b0
[  849.095575][T13503]  ? lockdep_hardirqs_on+0x9c/0x150
[  849.095584][T13503]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  849.095593][T13503]  ? clear_bhb_loop+0x60/0xb0
[  849.095604][T13503]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  849.095614][T13503] RIP: 0033:0x7fce890a7407
[  849.095624][T13503] Code: 48 89 fa 4c 89 df e8 38 aa 00 00 8b 93 08 03 00 00 59 5e 48 83 f8 fc 74 1a 5b c3 0f 1f 84 00 00 00 00 00 48 8b 44 24 10 0f 05 <5b> c3 0f 1f 80 00 00 00 00 83 e2 39 83 fa 08 75 de e8 23 ff ff ff
[  849.095633][T13503] RSP: 002b:00007ffcf771d7e0 EFLAGS: 00000202 ORIG_RAX: 0000000000000101
[  849.095645][T13503] RAX: ffffffffffffffda RBX: 00007fce89784880 RCX: 00007fce890a7407
[  849.095653][T13503] RDX: 0000000000000000 RSI: 00007ffcf771ef1b RDI: ffffffffffffff9c
[  849.095660][T13503] RBP: 0000000000000002 R08: 0000000000000000 R09: 0000000000000000
[  849.095666][T13503] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000000000000
[  849.095672][T13503] R13: 00007ffcf771da30 R14: 00007fce89889000 R15: 000055b3b16ca4d8
[  849.095682][T13503]  </TASK>
[  849.095686][T13503] 
[  849.402680][T13503] Allocated by task 12192:
[  849.407067][T13503]  kasan_save_track+0x3e/0x80
[  849.411729][T13503]  __kasan_kmalloc+0x93/0xb0
[  849.416311][T13503]  __kmalloc_cache_noprof+0x230/0x3d0
[  849.421663][T13503]  em28xx_v4l2_init+0x10b/0x2e70
[  849.426578][T13503]  em28xx_init_extension+0x120/0x1c0
[  849.431846][T13503]  process_scheduled_works+0xae1/0x17b0
[  849.437374][T13503]  worker_thread+0x8a0/0xda0
[  849.441941][T13503]  kthread+0x70e/0x8a0
[  849.445987][T13503]  ret_from_fork+0x439/0x7d0
[  849.450561][T13503]  ret_from_fork_asm+0x1a/0x30
[  849.455300][T13503] 
[  849.457600][T13503] Freed by task 12192:
[  849.461639][T13503]  kasan_save_track+0x3e/0x80
[  849.466296][T13503]  kasan_save_free_info+0x46/0x50
[  849.471299][T13503]  __kasan_slab_free+0x5b/0x80
[  849.476041][T13503]  kfree+0x18e/0x440
[  849.479933][T13503]  em28xx_v4l2_init+0x1683/0x2e70
[  849.484945][T13503]  em28xx_init_extension+0x120/0x1c0
[  849.490293][T13503]  process_scheduled_works+0xae1/0x17b0
[  849.495819][T13503]  worker_thread+0x8a0/0xda0
[  849.500384][T13503]  kthread+0x70e/0x8a0
[  849.504429][T13503]  ret_from_fork+0x439/0x7d0
[  849.508997][T13503]  ret_from_fork_asm+0x1a/0x30
[  849.513739][T13503] 
[  849.516041][T13503] The buggy address belongs to the object at ffff888079f3c000
[  849.516041][T13503]  which belongs to the cache kmalloc-8k of size 8192
[  849.530088][T13503] The buggy address is located 1856 bytes inside of
[  849.530088][T13503]  freed 8192-byte region [ffff888079f3c000, ffff888079f3e000)
[  849.544040][T13503] 
[  849.546353][T13503] The buggy address belongs to the physical page:
[  849.552835][T13503] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x79f38
[  849.561681][T13503] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[  849.570167][T13503] anon flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff)
[  849.578145][T13503] page_type: f5(slab)
[  849.582114][T13503] raw: 00fff00000000040 ffff88801a442280 ffffea0000a33800 0000000000000005
[  849.590698][T13503] raw: 0000000000000000 0000000080020002 00000000f5000000 0000000000000000
[  849.599273][T13503] head: 00fff00000000040 ffff88801a442280 ffffea0000a33800 0000000000000005
[  849.607941][T13503] head: 0000000000000000 0000000080020002 00000000f5000000 0000000000000000
[  849.616599][T13503] head: 00fff00000000003 ffffea0001e7ce01 00000000ffffffff 00000000ffffffff
[  849.625277][T13503] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000008
[  849.633927][T13503] page dumped because: kasan: bad access detected
[  849.640323][T13503] page_owner tracks the page as allocated
[  849.646019][T13503] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 13240, tgid 13239 (syz.5.1938), ts 831656402154, free_ts 820296195523
[  849.667530][T13503]  post_alloc_hook+0x240/0x2a0
[  849.672282][T13503]  get_page_from_freelist+0x21e4/0x22c0
[  849.677826][T13503]  __alloc_frozen_pages_noprof+0x181/0x370
[  849.683611][T13503]  alloc_pages_mpol+0x232/0x4a0
[  849.688442][T13503]  allocate_slab+0x8a/0x370
[  849.692920][T13503]  ___slab_alloc+0xbeb/0x1420
[  849.697572][T13503]  __kmalloc_cache_noprof+0x296/0x3d0
[  849.702922][T13503]  audit_log_d_path+0xb5/0x190
[  849.707660][T13503]  audit_log_d_path_exe+0x42/0x70
[  849.712751][T13503]  audit_log_task+0x2b3/0x3c0
[  849.717404][T13503]  audit_seccomp+0x86/0x190
[  849.721890][T13503]  __seccomp_filter+0x9aa/0x1a40
[  849.726801][T13503]  syscall_trace_enter+0xaa/0x160
[  849.731811][T13503]  do_syscall_64+0xd3/0x3b0
[  849.736289][T13503]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  849.742158][T13503] page last free pid 9170 tgid 9170 stack trace:
[  849.748459][T13503]  __free_frozen_pages+0xbc4/0xd30
[  849.753549][T13503]  __slab_free+0x303/0x3c0
[  849.757940][T13503]  qlist_free_all+0x97/0x140
[  849.762505][T13503]  kasan_quarantine_reduce+0x148/0x160
[  849.767936][T13503]  __kasan_slab_alloc+0x22/0x80
[  849.772769][T13503]  kmem_cache_alloc_noprof+0x1c1/0x3c0
[  849.778202][T13503]  getname_flags+0xb8/0x540
[  849.782681][T13503]  do_sys_openat2+0xbc/0x1c0
[  849.787249][T13503]  __x64_sys_openat+0x138/0x170
[  849.792075][T13503]  do_syscall_64+0xfa/0x3b0
[  849.796554][T13503]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  849.802517][T13503] 
[  849.804823][T13503] Memory state around the buggy address:
[  849.810451][T13503]  ffff888079f3c600: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  849.818487][T13503]  ffff888079f3c680: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  849.826522][T13503] >ffff888079f3c700: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  849.834578][T13503]                                            ^
[  849.840713][T13503]  ffff888079f3c780: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  849.848752][T13503]  ffff888079f3c800: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  849.856792][T13503] ==================================================================
[  849.865001][    C1] vkms_vblank_simulate: vblank timer overrun
[  849.888518][ T1544] em28xx 2-1:0.132: Closing input extension
[  849.934472][   T43] usb 5-1: new high-speed USB device number 73 using dummy_hcd
[  849.974926][T13503] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[  849.982157][T13503] CPU: 0 UID: 0 PID: 13503 Comm: v4l_id Not tainted syzkaller #0 PREEMPT(full) 
[  849.991193][T13503] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  850.001250][T13503] Call Trace:
[  850.004518][T13503]  <TASK>
[  850.007450][T13503]  dump_stack_lvl+0x99/0x250
[  850.012032][T13503]  ? __asan_memcpy+0x40/0x70
[  850.016606][T13503]  ? __pfx_dump_stack_lvl+0x10/0x10
[  850.021877][T13503]  ? __pfx__printk+0x10/0x10
[  850.026470][T13503]  vpanic+0x281/0x750
[  850.030472][T13503]  ? preempt_schedule+0xae/0xc0
[  850.035338][T13503]  ? __pfx_vpanic+0x10/0x10
[  850.039854][T13503]  ? preempt_schedule_common+0x83/0xd0
[  850.045319][T13503]  ? preempt_schedule+0xae/0xc0
[  850.050168][T13503]  ? __pfx_preempt_schedule+0x10/0x10
[  850.055556][T13503]  panic+0xb9/0xc0
[  850.059294][T13503]  ? __pfx_panic+0x10/0x10
[  850.063705][T13503]  ? _raw_spin_unlock_irqrestore+0xfd/0x110
[  850.069600][T13503]  ? v4l2_fh_open+0xc7/0x430
[  850.074198][T13503]  check_panic_on_warn+0x89/0xb0
[  850.079149][T13503]  ? v4l2_fh_open+0xc7/0x430
[  850.083746][T13503]  end_report+0x78/0x160
[  850.087989][T13503]  kasan_report+0x129/0x150
[  850.092487][T13503]  ? v4l2_fh_open+0xc7/0x430
[  850.097062][T13503]  v4l2_fh_open+0xc7/0x430
[  850.101466][T13503]  em28xx_v4l2_open+0x157/0x9a0
[  850.106312][T13503]  v4l2_open+0x20f/0x360
[  850.110545][T13503]  chrdev_open+0x4c9/0x5e0
[  850.114956][T13503]  ? __pfx_chrdev_open+0x10/0x10
[  850.119883][T13503]  ? fsnotify_open_perm_and_set_mode+0x113/0x610
[  850.126293][T13503]  ? __pfx_chrdev_open+0x10/0x10
[  850.131232][T13503]  do_dentry_open+0x950/0x13f0
[  850.135991][T13503]  vfs_open+0x3b/0x340
[  850.140069][T13503]  ? path_openat+0x2ecd/0x3830
[  850.144819][T13503]  path_openat+0x2ee5/0x3830
[  850.149394][T13503]  ? arch_stack_walk+0xfc/0x150
[  850.154234][T13503]  ? stack_depot_save_flags+0x40/0x860
[  850.159730][T13503]  ? __pfx_path_openat+0x10/0x10
[  850.164668][T13503]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  850.170779][T13503]  do_filp_open+0x1fa/0x410
[  850.175275][T13503]  ? __lock_acquire+0xab9/0xd20
[  850.180122][T13503]  ? __pfx_do_filp_open+0x10/0x10
[  850.185229][T13503]  ? _raw_spin_unlock+0x28/0x50
[  850.190077][T13503]  ? alloc_fd+0x64c/0x6c0
[  850.194423][T13503]  do_sys_openat2+0x121/0x1c0
[  850.199107][T13503]  ? __pfx_do_sys_openat2+0x10/0x10
[  850.204292][T13503]  ? exc_page_fault+0x76/0xf0
[  850.208956][T13503]  ? do_user_addr_fault+0xc8a/0x1390
[  850.214235][T13503]  __x64_sys_openat+0x138/0x170
[  850.219072][T13503]  do_syscall_64+0xfa/0x3b0
[  850.223561][T13503]  ? lockdep_hardirqs_on+0x9c/0x150
[  850.228755][T13503]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  850.234818][T13503]  ? clear_bhb_loop+0x60/0xb0
[  850.239501][T13503]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  850.245388][T13503] RIP: 0033:0x7fce890a7407
[  850.249792][T13503] Code: 48 89 fa 4c 89 df e8 38 aa 00 00 8b 93 08 03 00 00 59 5e 48 83 f8 fc 74 1a 5b c3 0f 1f 84 00 00 00 00 00 48 8b 44 24 10 0f 05 <5b> c3 0f 1f 80 00 00 00 00 83 e2 39 83 fa 08 75 de e8 23 ff ff ff
[  850.269385][T13503] RSP: 002b:00007ffcf771d7e0 EFLAGS: 00000202 ORIG_RAX: 0000000000000101
[  850.277792][T13503] RAX: ffffffffffffffda RBX: 00007fce89784880 RCX: 00007fce890a7407
[  850.285757][T13503] RDX: 0000000000000000 RSI: 00007ffcf771ef1b RDI: ffffffffffffff9c
[  850.293715][T13503] RBP: 0000000000000002 R08: 0000000000000000 R09: 0000000000000000
[  850.301693][T13503] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000000000000
[  850.309654][T13503] R13: 00007ffcf771da30 R14: 00007fce89889000 R15: 000055b3b16ca4d8
[  850.317619][T13503]  </TASK>
[  850.320915][T13503] Kernel Offset: disabled
[  850.325268][T13503] Rebooting in 86400 seconds..