last executing test programs:

6m51.859234867s ago: executing program 2 (id=867):
r0 = bpf$MAP_CREATE(0x0, 0x0, 0x48)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000004c0)={{r0}, 0x0, &(0x7f0000000480)}, 0x20)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x7)
r1 = getpid()
r2 = socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$IPT_SO_SET_REPLACE(r2, 0x0, 0x40, &(0x7f00000003c0)=@filter={'filter\x00', 0x42, 0x4, 0x2b0, 0xffffffff, 0x1a8, 0xb0, 0x1a8, 0xffffffff, 0xffffffff, 0x2a0, 0x2a0, 0x2a0, 0xffffffff, 0x5, 0x0, {[{{@ip={@rand_addr=0x64010102, @broadcast, 0x0, 0x0, 'wg1\x00', 'nr0\x00'}, 0x74, 0x70, 0xb0, 0x1ba, {0x46010000}}, @common=@inet=@LOG={0x40, 'LOG\x00', 0x0, {0x0, 0x0, "6bc128419cfb67daad5b4809088400ed0000000000000000000100040500"}}}, {{@uncond, 0x287, 0x70, 0x98}, @REJECT={0x28}}, {{@uncond, 0x0, 0x70, 0xd0}, @common=@SET={0x60}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x310)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbee2, 0x8031, 0xffffffffffffffff, 0x0)
epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e21}, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
open(&(0x7f0000000040)='./file1\x00', 0x1a1142, 0x0)
read$FUSE(0xffffffffffffffff, &(0x7f0000001ac0)={0x2020}, 0x2020)
r5 = socket$inet6_udp(0xa, 0x2, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
mount$afs(0x0, &(0x7f00000001c0)='./file0\x00', &(0x7f00000002c0), 0x0, &(0x7f0000000580)=ANY=[@ANYBLOB='dyn'])
chdir(&(0x7f00000000c0)='./file0\x00')
mount$nfs(&(0x7f0000000100)='...', &(0x7f0000000140)='./file0\x00', 0x0, 0x2000, 0x0)
setsockopt$IP6T_SO_SET_REPLACE(r5, 0x29, 0x40, &(0x7f0000000000)=@raw={'raw\x00', 0x3c1, 0x3, 0x458, 0x258, 0x4c, 0x232, 0x258, 0x2000, 0x388, 0x2e8, 0x2e8, 0x388, 0x2e8, 0x3, 0x0, {[{{@ipv6={@mcast2, @mcast2, [0x0, 0x0, 0x88030000], [], 'veth1_to_bond\x00', 'ip6gre0\x00', {}, {}, 0x6, 0x0, 0x3}, 0x0, 0x230, 0x258, 0x0, {}, [@common=@unspec=@cluster={{0x30}}, @common=@inet=@policy={{0x158}, {[{@ipv4=@dev, [], @ipv4=@initdev={0xac, 0x1e, 0x0, 0x0}}, {@ipv4, [], @ipv4=@broadcast}, {@ipv4=@multicast2, [], @ipv4=@dev}, {@ipv6=@loopback, [], @ipv6=@private2}], 0x1}}]}, @common=@inet=@SYNPROXY={0x28}}, {{@ipv6={@ipv4={'\x00', '\xff\xff', @remote}, @private1, [], [], 'team_slave_0\x00', 'xfrm0\x00'}, 0x0, 0xf8, 0x130, 0x0, {}, [@inet=@rpfilter={{0x28}}, @inet=@rpfilter={{0x28}}]}, @common=@inet=@SET3={0x38}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x4b8)

6m50.755223382s ago: executing program 2 (id=872):
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_TCP_REPAIR(r1, 0x6, 0x13, &(0x7f0000000180)=0x1, 0x4)
shutdown(r1, 0x1)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={0x0, 0xffffffffffffffff, 0x0, 0x8000000000}, 0x18)
keyctl$KEYCTL_CAPABILITIES(0x1f, &(0x7f0000000040)=""/136, 0xfffffffffffffe05)
connect$inet(r1, &(0x7f0000000040)={0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0x58}}, 0x10)
setsockopt$inet_tcp_TCP_REPAIR(r1, 0x6, 0x13, &(0x7f0000000100)=0xffffffffffffffff, 0x4)
sendto(r1, 0x0, 0x0, 0x40008c1, 0x0, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=ANY=[], 0xa0}, 0x1, 0x0, 0x0, 0x8810}, 0x0)
syz_open_dev$dri(&(0x7f00000002c0), 0x10002, 0x400)
quotactl_fd$Q_GETNEXTQUOTA(r0, 0xffffffff80000902, 0x0, &(0x7f0000000240))
getsockopt$IP_VS_SO_GET_SERVICE(r1, 0x0, 0x483, &(0x7f0000000080), &(0x7f0000000000)=0x68)

6m50.223530821s ago: executing program 2 (id=874):
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000000)={0x8, 0x100008b}, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x1400200bce)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000040)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f0000000300)=@abs, 0x6e)
openat$nullb(0xffffffffffffff9c, &(0x7f0000001000), 0x169802, 0x0)
r2 = syz_io_uring_setup(0x3aec, &(0x7f0000000240)={0x0, 0x0, 0x10100}, &(0x7f0000000000)=<r3=>0x0, &(0x7f0000000100)=<r4=>0x0)
syz_io_uring_submit(r3, r4, &(0x7f00000009c0)=@IORING_OP_WRITE={0x17, 0x0, 0x0, @fd_index=0x3, 0x0, 0x0, 0xffffff86})
io_uring_enter(r2, 0x7a98, 0x0, 0x0, 0x0, 0x0)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
io_setup(0x7fff, 0x0)
sendmmsg$unix(0xffffffffffffffff, 0x0, 0x0, 0x0)
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x2, 0x0)
munmap(&(0x7f0000001000/0x4000)=nil, 0x4000)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r5 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000004002, 0x0)
r6 = syz_io_uring_setup(0xcaf, &(0x7f0000000100)={0x0, 0xb601, 0x1, 0x5, 0x17a}, &(0x7f00000001c0)=<r7=>0x0, &(0x7f00000000c0)=<r8=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r7, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r7, r8, &(0x7f0000000200)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x0, @fd=r5, 0xc000000, &(0x7f0000000000)=[{&(0x7f0000001600)=""/4096, 0x1000}], 0x1, 0x1e})
kcmp$KCMP_EPOLL_TFD(0x0, 0x0, 0x7, 0xffffffffffffffff, 0x0)
io_uring_enter(r6, 0x847ba, 0x0, 0xe, 0x0, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000002200)=0x1)
r9 = syz_open_dev$MSR(&(0x7f0000000200), 0x0, 0x0)
read$msr(r9, &(0x7f0000002700)=""/102392, 0x18ff8)
r10 = socket$inet6_sctp(0xa, 0x801, 0x84)
connect$inet6(r10, &(0x7f0000000200)={0xa, 0x4e22, 0x209, @private0={0xfc, 0x0, '\x00', 0x1}, 0xffffff88}, 0x1c)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
sendmmsg$inet6(r10, &(0x7f0000000b40)=[{{&(0x7f00000000c0)={0xa, 0x20, 0x0, @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}}, 0x1c, &(0x7f0000000000)=[{0x0}], 0x1}}], 0x1, 0x0)

6m48.688590163s ago: executing program 2 (id=880):
r0 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
ioctl$IOMMU_IOAS_ALLOC(r0, 0x3b81, &(0x7f00000000c0)={0xc, 0x0, <r1=>0x0})
ioctl$IOMMU_IOAS_MAP(r0, 0x3b85, &(0x7f0000000240)={0x28, 0x5, r1, 0x0, &(0x7f00000002c0)="ee", 0x1, 0x20000800})
ioctl$IOMMU_IOAS_MAP$PAGES(r0, 0x3b85, &(0x7f00000007c0)={0x28, 0x7, r1, 0x0, &(0x7f0000ffc000/0x1000)=nil, 0x1000, 0xd0b})
ioctl$IOMMU_IOAS_MAP$PAGES(r0, 0x3b85, &(0x7f0000000300)={0x28, 0x2, r1, 0x0, &(0x7f000099f000/0x2000)=nil, 0x2000, 0x3})
syz_emit_ethernet(0x7e, &(0x7f00000002c0)={@broadcast, @random="17043a73dbde", @void, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x0, 0x0, 0x70, 0x64, 0x0, 0x0, 0x1, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @local}, @time_exceeded={0x5, 0x0, 0x0, 0xe0, 0x0, 0xe000, {0x15, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x11, 0x0, @empty=0xac1414aa, @rand_addr, {[@lsrr={0x83, 0x3, 0x7}, @timestamp_prespec={0x44, 0x3c, 0x3, 0x3, 0xe, [{@initdev={0xac, 0x1e, 0x9, 0x0}, 0x6}, {@dev={0xac, 0x14, 0x14, 0x2b}, 0x9}, {@rand_addr=0x64010100, 0x7f}, {@private=0xa010101, 0x3b3}, {@rand_addr=0x64010100, 0x4}, {@broadcast, 0x3f2}, {@multicast2, 0x5}]}]}}}}}}}, 0x0)
ioctl$IOMMU_IOAS_MAP(r0, 0x3b85, &(0x7f0000000140)={0x28, 0x2, r1, 0x0, &(0x7f00000001c0)='O', 0x1, 0x7ff})
r2 = openat$vicodec0(0xffffffffffffff9c, &(0x7f00000004c0), 0x2, 0x0)
ioctl$VIDIOC_REQBUFS(r2, 0xc0145608, &(0x7f0000000040)={0x201, 0xa, 0x1})
ioctl$VIDIOC_PREPARE_BUF(r2, 0xc058565d, &(0x7f0000000200)=@multiplanar_mmap={0x9, 0xa, 0x4, 0x2, 0xfc, {0x77359400}, {0x1, 0x8, 0x8, 0x6a, 0x2, 0x4, "3b7a1286"}, 0x8, 0x1, {&(0x7f00000000c0)=[{0x400, 0x6, {0x4}, 0x8}, {0xffffffff, 0x39, {0x4}, 0xfff}]}, 0x7})
ioctl$IOMMU_IOAS_MAP(r0, 0x3b85, &(0x7f0000000100)={0x28, 0x2, r1, 0x0, &(0x7f0000000580)="01", 0x1, 0x8})
ioctl$IOMMU_IOAS_UNMAP(r0, 0x3b86, &(0x7f0000000180)={0x18, r1, 0x1d4b, 0xffffffff})

6m47.080690005s ago: executing program 2 (id=884):
mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x0)
mount$fuse(0x0, 0x0, 0x0, 0xfc5cd7921c2c19c4, &(0x7f0000000400)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=0x0])
mount(0x0, &(0x7f0000000380)='./file1\x00', &(0x7f0000000040)='autofs\x00', 0x0, &(0x7f0000000400))
chdir(&(0x7f0000000080)='./file1\x00')
r0 = syz_clone(0x88200200, 0x0, 0x0, 0x0, 0x0, 0x0)
r1 = syz_io_uring_setup(0x371d, &(0x7f0000000440)={0x0, 0x0, 0x400, 0xa, 0xffffff}, &(0x7f0000000380), &(0x7f0000000400))
io_uring_register$IORING_REGISTER_PERSONALITY(r1, 0x9, 0x2000000, 0x0)
io_uring_register$IORING_REGISTER_IOWQ_MAX_WORKERS(r1, 0x13, &(0x7f00000000c0)=[0x7, 0xc06], 0x2)
mkdir(&(0x7f0000000040)='./file0\x00', 0x0)
setpgid(r0, 0x0)
setpgid(0x0, r0)
r2 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000040), 0x42, 0x0)
mount$fuse(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f0000002140)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r2, @ANYBLOB=',rootmode=0000000000000000040000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0])

6m45.993941892s ago: executing program 2 (id=889):
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, 0x0, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x8)
r0 = socket$inet6_sctp(0xa, 0x1, 0x84)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r0, 0x84, 0x6f, 0x0, 0x0)
getsockopt$inet_sctp6_SCTP_MAX_BURST(r0, 0x84, 0x83, &(0x7f0000000000)=@assoc_value, &(0x7f0000000300)=0x8)
getsockopt$inet_sctp6_SCTP_PR_SUPPORTED(0xffffffffffffffff, 0x84, 0x71, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000340), 0x0, 0x0)
r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
r2 = socket$xdp(0x2c, 0x3, 0x0)
r3 = socket$inet6(0xa, 0x80002, 0x0)
setsockopt$sock_linger(r3, 0x1, 0x3c, &(0x7f0000000100)={0x200000000000001}, 0x8)
connect$inet6(r3, &(0x7f0000000000)={0xa, 0x4e22, 0x0, @dev, 0x5}, 0x1c)
setsockopt$inet6_IPV6_HOPOPTS(r3, 0x29, 0x36, &(0x7f0000001440)=ANY=[], 0xc0)
sendmmsg$inet6(r3, &(0x7f0000003cc0)=[{{0x0, 0x0, &(0x7f0000003980), 0x171, 0x0, 0x179}}], 0x400000000000172, 0x4000000)
setsockopt$inet6_IPV6_RTHDR(r3, 0x29, 0x39, 0x0, 0x0)
setsockopt$XDP_UMEM_REG(r2, 0x11b, 0x4, 0x0, 0x0)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x161642, 0x0)
r4 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0)
ioctl$KVM_NMI(r4, 0xae9a)

6m29.13421869s ago: executing program 32 (id=889):
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, 0x0, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x8)
r0 = socket$inet6_sctp(0xa, 0x1, 0x84)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r0, 0x84, 0x6f, 0x0, 0x0)
getsockopt$inet_sctp6_SCTP_MAX_BURST(r0, 0x84, 0x83, &(0x7f0000000000)=@assoc_value, &(0x7f0000000300)=0x8)
getsockopt$inet_sctp6_SCTP_PR_SUPPORTED(0xffffffffffffffff, 0x84, 0x71, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000340), 0x0, 0x0)
r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
r2 = socket$xdp(0x2c, 0x3, 0x0)
r3 = socket$inet6(0xa, 0x80002, 0x0)
setsockopt$sock_linger(r3, 0x1, 0x3c, &(0x7f0000000100)={0x200000000000001}, 0x8)
connect$inet6(r3, &(0x7f0000000000)={0xa, 0x4e22, 0x0, @dev, 0x5}, 0x1c)
setsockopt$inet6_IPV6_HOPOPTS(r3, 0x29, 0x36, &(0x7f0000001440)=ANY=[], 0xc0)
sendmmsg$inet6(r3, &(0x7f0000003cc0)=[{{0x0, 0x0, &(0x7f0000003980), 0x171, 0x0, 0x179}}], 0x400000000000172, 0x4000000)
setsockopt$inet6_IPV6_RTHDR(r3, 0x29, 0x39, 0x0, 0x0)
setsockopt$XDP_UMEM_REG(r2, 0x11b, 0x4, 0x0, 0x0)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x161642, 0x0)
r4 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0)
ioctl$KVM_NMI(r4, 0xae9a)

3m7.29371575s ago: executing program 4 (id=1511):
getpid()
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x2})
r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0)
close(r2)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$TIPC_CMD_ENABLE_BEARER(r3, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000680)=ANY=[@ANYBLOB='8\x00\x00\x00', @ANYRES16, @ANYBLOB="010000000d0000000000010000000000000001410000001c001700000000000000006574683a73797a6b616c6c657230"], 0x38}}, 0x0)
ioctl$SIOCSIFHWADDR(r2, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast})
r4 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x100, 0x0)
close(r4)
r5 = socket$unix(0x1, 0x1, 0x0)
r6 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r7=>0x0})
sendmsg$nl_route_sched(r6, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000740)=@newqdisc={0x68, 0x24, 0x4ee4e6a52ff56541, 0x0, 0x0, {0x0, 0x0, 0x0, r7, {0x0, 0xb}, {0xffff, 0xffff}, {0x0, 0xfff1}}, [@qdisc_kind_options=@q_tbf={{0x8}, {0x3c, 0x2, [@TCA_TBF_PBURST={0x8, 0x7, 0xb86}, @TCA_TBF_PARMS={0x28, 0x1, {{0xa, 0x2, 0xffff, 0x7, 0xcc, 0x3}, {0x0, 0x1, 0x7, 0x8, 0x7f, 0x9}, 0xa6, 0x7, 0x1bb6}}, @TCA_TBF_BURST={0x8, 0x6, 0x7f}]}}]}, 0x68}, 0x1, 0x0, 0x0, 0x20000001}, 0x0)
sendmsg$nl_route_sched(r6, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000300)=@newqdisc={0x3c, 0x24, 0x4ee4e6a52ff56541, 0x470b923, 0x80000, {0x0, 0x0, 0x0, r7, {}, {0x2, 0xb}, {0xd, 0xfff3}}, [@qdisc_kind_options=@q_plug={{0x9}, {0xc, 0x2, {0x2, 0x81}}}]}, 0x3c}}, 0x4008000)
ioctl$SIOCSIFHWADDR(r4, 0x8922, &(0x7f0000002280)={'syzkaller0\x00', @random="2b0100004ec6"})
r8 = getpid()
r9 = syz_pidfd_open(r8, 0x0)
syz_init_net_socket$ax25(0x3, 0x2, 0xc3)
ioctl$INCFS_IOC_PERMIT_FILL(r9, 0xff03, 0x0)
r10 = syz_genetlink_get_family_id$devlink(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$DEVLINK_CMD_RELOAD(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000140)={0x38, r10, 0x1, 0x0, 0x0, {}, [{@pci={{0x8}, {0x11}}, @DEVLINK_ATTR_NETNS_FD={0x8, 0x8a, r1}}]}, 0x38}}, 0x0)

3m4.852465231s ago: executing program 4 (id=1518):
open$dir(0x0, 0x80000, 0x113)
bind$alg(0xffffffffffffffff, 0x0, 0x0)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x20a00, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x1, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000fd7000/0x18000)=nil, &(0x7f0000000040)=[@text32={0x20, 0x0}], 0x1, 0x48, 0x0, 0x0)
ioctl$KVM_SET_NESTED_STATE(r2, 0x4080aebf, &(0x7f0000003680)={{0x0, 0x0, 0xffffffffffffff24, {0xffff1000, 0x8000000, 0xf570e9c1946950d4}}, "cb31455c9ea4288a70a2a6bb8068fd95dd041cf5b177a3bffe992dfbbdf959487337b92336ce1de32e7695c411c0bf9f852d2d71192f33001fd51f5b396a55cb98699a09d21648c4cb30d9d7e3e397c7a3c041c76c72385a46c48c5302848c3696facce956952c2a85822ddf20434ccee5806294ed563ff3a972cddf6ef16ddace933d8a5adea40cd3ad40c9873c29368838e815ff59723519154856b2d5cd9cd79a97dc2fa08dada1175817886e5f9e7aa3dca783a44c667a4806826570ec6acb57d65efc313a384e11fb633dee17ee600145f2cb3103384606140021be766fcb7fa029f0513bbb466177ca1068192550bbf4e6f5694aec747a16e27688a988fa595bca1761b8e88a7dbcaeaf97a8b7b53058b1faf880dd6f1b6eb4c7beb0582b4007f1a67db1352407adbe1456bf762c94fd825b9419d74f63cdeb6c6976de1890d773f0c8088d2bd48a838cf5b87f5ddf926352960fb978874b0f175acfa55ddfe84de3fc9f75b58bf7a35f33d3c43ed5e3224e92751fa1b43f94f64b681163ef1360a3f3bb7403afc67a188b2104b45c5814aaa9e218552498bf85f4b221d9acc32a331f5f8c109cc9f335ff4e418ab30b54b99d5376cd92ac431fc8211fcbaf64716afdc4b6d0417e04d5723e4675d282b36bef3a3a19e855029ec7c33830a6df19332b63e9d8a0f22d96ac230c67657a4e7f7afab91dc0ce751b68980e5a4f6d9d6d9b98802ba9d8576640eea61b8c308a1745df61560e56108bececa3016d93246fdc8b768634e8319b1ffde103c07378f8f4927baba05e992a4b5af0958a7e495e7ce53f7917451d15a963ca14f5cdc4563775688b6533a4b97e0f84b0a33c30077b20805c1f42cc7815efada97ad59ac486bc9e0ee386b49cb97b47fbf8f919f06c75a49636795054b5ebee3e91602c90d7f4db49220affe56d56b96e4f662b2bf36dae482ffc7ba21cbc55e21b73309d6b7aa5509defcb77c236e43b579c61eae5c8d8f8fa71ad876b96069f2e4352c8aaf16e299d21edf5434c0cd9b25cdc9210fb0de759b1dd3f617dff21f7a5036448fba7fe41aaee0c289cd076d757e47b0713b236f6f141ba0112c9312b3ec853aabafdf1eb2cbb517d2d7352725f557214d27d9a340af0128fc960a4ea64c933b0d8dd226b6e024471aaac8a7074b2a8695ab990fae33b6235c5b4095437298858909bcbd40a8a281bedb06b7b3775bce0a5bca19b0a5c2fa8dbf87b55ae0a43c5086422e5bacb94047e150451f599b9c13aade536933e14d672c21a35cb68572c3de02f3147414eff4b8674b91f7aebf35f056a8d388f67f8ef7cfaf6b28fe745831ef41def1839791647016932c70685752851327f1837d2f1e9d8f93443eefed2317119c8152ca451a5d3aeb253fb484283f52e5db9f61f059ad3c217a860ee0571d254483501b00699208c7fa5571cf58b9715c954115bc2db0af28361938bb95ced7370c8cbb6141ef62fdbf369dfc4eccd98ab9886d79a52cbf91a27dd0f4b29940492e860fb94654dea54fad6290570760e3b59a0cf28053732472dc313b5fedfc583fc702a880971dc61286370aaf167810455cce7654dc4325a41d9d1944abcdc4d81378f1e96a8f94cd95b886a01f086e379601504219d57d531ba34e1ba0905785fb629c61f6b940a652cdee9dbef12b7fcde087b92816db3386a5769049ba00788e31de4ddbb8b56de1fbe3a5e671728effda7cfd0b650cf5df2faf22470812efbbb548e47cbf36c64e05a7877820f08948ceedb35e12a4a143ee0101a7bf0a00a4062b50c39020669700adf739a6f75352a45fd1373d3e85c3867170373f0c7a794d8590f4c22ae62d438ec365b0f6a15cb2ffe0fc6f57185e1760761bd4370027c01dfad0502f00b6898115df3c530d0b0b4a64e623fd580b528a733e4c881cf5843a975a97f92a7833527887c79fa8eec82b9526a15c6c5f2972083ce8aec735810580ffa4ea2cef4823aee044dd70927f7c07bba18b930006aa86ae7399ac6b4c24bc9d6a6ab0c5b428d7255d4d983eadf97e10c1b00867da29ac981acb453073a37236e7ae808e7759b2e0cffc3ec43afb1e95cd090a7d4b9225a0e3cbebfe49b93846ab603891e2da7d85a04bf42d12d16a97c965bc4911d3ba7a9ca505794d8744fef00a436089de67aa8b480070230dfb002eb91edaff428d4908a87afae418dff7ca59aefe1ad8f6935f309fe7985c2310881659c60a66a5e50242497ba1cd5d2bd79496ccd23f9fd901afc6622829cb3701caa50f96e09e3b23bfa3181b74ec7dae2e42c9caab43e49ae1d922a1a1eb3682de026323d9215fcec42c54401a1af81450830a4b784ed1c7922734bf3632409147680dd3fabcef296353705bb5c0e650e12905a05db1e7923923a96ddc783fc1ed46e2010416c37d9d149ad73e808bd6e4464f62893024a8501803b6c88fc55c8bbc1da7cbf580b5a81fb7c61455ae3a8aaec303fba12e0f2b51ed5e8bd31db40e8bdbd00e7b1ddd317069083a5632b5cfc88a27bf82bba60c62e5f0f6af6bda3390f8e72a2811baf3d6325e70d9a3b59cab1abe95290ecb87985567e1243504c038de9d4d100ea64eec45208cd8d2474e646f7d81eed6d59b8b0859552b6fc088d874cde3e75ee30243dc9d88ed5b577851a5bd9e2a453287025777fcac19ac33e1c94b4ad272f1055b16b842a6bd6168fb45f1f74ed2467020df5431068a5f2cbeaa6ac1841308c7c9f752aa06927f91fdf18ef9d9e942367e5ecac0abf4d3b8fc7b80238c0e7faf2ea7d3f5271028fc558a44799bde63168becc67c5531e843336fb16ab618d37f95a91937b824bf896b044146bc3a5e264a8f23ddd00729cd9aa56d9a9a24b7ab96ae021b193d8874d43ff4b723d86b7564e550378599c3e0c7a2b3d447ad76eb4cd699733d970a5ab218429a1af81df9c8013d6d16a6bcb019f6ace4461cdaa785d20ea027cfa53d521bb91ad2c04aaa6c0f268b14924803977633280c7b7beb14c88fae542b7a13e96253259e7296e37276da88891c14664340e84ae732edbd71e67047e476735b220ca231de31a380ece372db632ec3cb3ef5ac97ec41148febd2acb15cde1ee5e990ea0aaa95c2df39e2111dd1185d14a194e22d34fda8f54e99d3a73e5a231682c726d40816e048c1d059bf3bb9ee2b5f895365d95aa28f6adbf6e16469926b4d8ee7f04c7dbafaa444df5b88596c17874f0efe35e5ada1a69634f4b430f852d33b032f823c5deb54f47a7a4adb1adf56d5440b7a917580004c13e0b36c8e0a203a2be3f8fffd9efef3af19389a12c67859d4381ac0a02da18e25931b41216b731de25e1245482c84d45de1cddbce2109322a3428bff692012573fe9efd02109dbf35c5d3a287dec105cf3f1a2e5f0b1cc08c7b4759766d25d0f7b42c3ea8bf8101e61159a2ba7602e9c7947cf936ac39bf59b24084709fd61d704bbdba7d282aac778b7ec1dcaf984527c8112d56e75ab774d1598d9816abc77b0e693880beca5f330c626774ab5cb6967fb0ea8e14efce120947092c3b6f8a22f07cad22e971418092481fcad36ecf0cfd6bc3864115b8507c13554584f1f6fee5ee07eb6a091638d8e7781c1c006987f9f4de535e9f3df1db8c976059ab4edfe9eda7f16cc6b869229bafb179d194e20ccc6f9338183b673de8138ddab9a0907278f6eaacc55bf59a450ebc10e0b88c82d9f0deca86ff771f46509250fde94e0c94256b77616d099862ddc9b341838d634a9dc4b55a88fcc6248901135f6aa76365433e7e534e0e5ae8eec2a63df62c3e244a40481189f0d94aabf8c7e2da2c829b2eec9efc9894ee05be04ae6dd48406eaace17827e38bf38b414059aded0343e0711a8d864ff41a8d9ed40fb2aa1a3f4014f691cd0e8af62445a021820ff03afa8a192ee255862f306851df1de96ce36cafb6a60b7069db7aa96fd1ffb2fb01e6247f770304dffe4b1c8d0eeb336dd6806d6ab5d418953b1cae7cbbf53766b61e4aad5cfce8255b78af26f9bd11283a9c7d12cd63b82cd2b506fd4061d1e16fc7c713d80763c3b0aa0faadcd9b7d676101aad80e1ca00369297e1f714003ab8d0b545c335014a522a25a767950963ef821425b79b521076166d0df3ef358c7d60d99cc85463c186e8faf16af79785680382e4cc93f6594f8c4461e0988c08717640df24a5f357db22432fcae21702dc792d201212fb3791e0164bb3d433a8268ec96df73766fdba42965e00e619246cba5d96eb853a7c22c34d2fe5e5d3f3ccf9c627d069517b743cd07f6f7b444074bb9a50269f2e03309c58930e56a9583eb00c37fbcdd391972261f41756c10c8899fcd036e2017e088ef9e6ec31f795d55b3bba214c53c98fc9318e4ade0e7e6fd259aa277fed54c27e5210787a5f6937f56fdbe1da5113f059061ca590ddf536a55da91ac6ed41cb9c0418b115b29f5e823c1b0ee7c2b3982087763545b34e2c945d587ebce69bbe299a7f52b674f351977370fc700474bc15d7e6ef98c14258ecf401a4f3bba1a9aa76c5ab0b8819fe6efe3fba1899909e5e48554299150ee272451b56142d12ae2bb4942db430239701d494917f2c939a6fb9d98d4751a6f2c4537ec870342d223343a9bd7b8d8c99aff8cbfa298395551185f35dec120228073a1e496a58b59d9ac5986249a7c6db9398395cbf341c08ee910700e2daa042dba1846fef59c72ce872bba2046a14fcf9a6da5686d62bfba76309a9865c26e5fa41dd872fc749fdc57953105ace4978f9eb788c8d061c853ad0313e51e732c5d7bc05e752443c8e99b8e81c688befdb5b14c3cc2f96eb8ce8290303e483992fcbece1ff278d0dc036ad437b6cbc695c7741ba4556e242146d40843c73deaf8fceba40e4a4acd739b3031848b17a210a1ff0dc1908b77c4bb94543af52e1fe2a090c8f217428d02336303f7952c3ddefa7c81850676e7f4cc3d32c3937281fa5ab279c3fe39f92ba077dadb8c2c3df17cc511bd33c41cb161d24aea154f0f5902c94b56fe072d321a983668bd9f4838878e66ec44cb233d7d0ca908a794c844ff8b3ba4c57f6c5fc2f3a54db448b013f0c4998bbc6ed0409b3368391cb28c6df4a909fff90f308ff38c758ff7d8a2920bc221236d89b3b76de44e8ce649b32f5135a0217ba9036a8edddee97d7ba15f2c21fb7d3cae3eb6ef09dd03eed650489c83b5ba5dd9daf7a86cf0544fb8a58e46b860e3e42e10cd6f1c4f81179eb2c3ba611793a32abb4c0768db90e8bdd1694efaa9c2b45c89d203fdfb8b926b6a0d666d91b93065a83184fc2065961f2308056241b66f427c0f0aabc75852c90f0624cf036d537032ca8d73325d2ae2a79a7292c240c34584bb881fe5d468a051cbc0bde061f9eddfb758cd2dfba296eef549e5c4ede097111216a0ec60f90e8d6f5dd843c82e15f505f8c74e854ba9cd386249d552978eb8135a5f8c79c3ceb8dd5828b0218ffe40f375d6cf3ff2f47c276c8169ab98336582a852c1535018fb2306aca6b8c9f9e38d64c66a722762b76c69d4ca6c14bd6992549e4eec17287fce194467f972d9200c3d1ac4fd4a8f2620e2e4281d28c099946ed90789ba122705326390d3e058ceed24044e542efb36416272eadf6304f30efa0b7bc1ae5be92fe50e591ee6f725726e917ec113506920beb2aa53b39f1d76b31500", "cfb220c7d481332f3f1f8079dfe27e23185fd67a407358db7892789f96b7fa9b14daa48617a10d8a91b820ecbaa470ec0bb1f3cbce7f70ec70b19a4cad082229c2788f8611d7dc306d9a45761a97828c36ed87ebde5d4a3e1609c1422a8ae2f7cca428ebdb0dd38b90b9598a353b18a600bf35a369e6e3e5abb0a1c5c0c0e48e014e7ef1b7d768b3c5657f1adfbb7ff2985082b16c99eb83ec3660990dcf1106efa6b7f8a4798fec811c2c85faec0235c83b7093b3d02367421abc40a554e0b0d7fc1bcaece4222c594f8d20e368fe625ca433c75486fe5c94103cd17291349ee12b877602936688666f82ecd8f4f83d50bb1650e08b96cd25ad147c4c956c98649806a3736d072c8d97c6e3a46a7c18535df8d828b86662400d8e9cc861fa1dd5dc193892d3168396c499e07b279fb76c7e289f2fd955691363bc1de74536dc571817615c88b0d594a136966c129e424ccb7ef1c7c7461eac7ca5f03d72ea4c9c3d1156ee4cb1bb70e097357588b5c49f6716bbae1bd118104b42786f09a3b9f7cb80f383cadfd0c462096ff2bb637b7cf79764b6a4b7ffc5d87c1f063fb48e7f08ad5af534c70079f12f28e8921abbd4280801cdf6101ea494768b1274afd0eea5939843d56022a83590920fe446d52dfe699c33977d5592dbf7e0e236b8175d7faae06e0c50f7402174023ce4b996564e945c416fa823f2f9c3213ac50b20bd1fd55bb8d9fe70ee31ea2f404ae0fcbf857bebcc9196c8c622059fea2e248e4058905b69fb98be312d3193ea1d8ff653173e8c2371371b77a5bea45b3cd6fba19b6336f94ec04c8f86d24e9ca959874577d7ca0baf3c4ff30b554bc3ccc06df46d925373fbf7863e2cf684d3bc9603ab72b851ca4728294de87f2dec6f23ca9e43ed2e5cbba662d13137fc1ce0f6ae6aeb974f72f4b750825fafb67715e425f40c7da83b92d4249a0a4e96b789cceb7b07f38cb83f72dd093a345ab3cb8ae760fc14e40ea182a0d7fe1facc62a1ab0902349fd7e27bb0cd349fb5053f4734823abf020739b4b43bb11f5d69b61295068df31177959903c2ea1bb82d24eeaa93d0d4738d5d15b2a401e7ebe0d3cfbd45b2db2882cdb41408aaa718f8320fbb7f9da4f68d0eebeef175442e807e9908132731fe5e268582dcf6dffa4251ebb7121db8e412089fa9d8af9919799547a26b6b8eb44c28f1ce5f9a3021fe30841be204c1b4b3813dccae6baeef9b53fe413cbec46bb0cd95d3793cdc9bfe6cdd96ce0c4aa4a25e1cbbeeee6c9fa558b279048c7e31d07b125bac68d4e1f4253bd4dc7824cf3d722c94cf2b8f61bc8155731f072fd447082b181a13ffb8c08a1d568298c5de2d969fae2bea070a9e2688f294e76b8c200dfb993ec19778eb56ae3127c1116ccc85ef8806fdcb9ee0cb66ff03fbb0fa6c52b9b101b3830fc1650efa859163a264b4059092e5dc9a415ec09bfd1460f142fe5ef00beb6aa9032bd0de97aefc6f65e8cfeea761b3d8174caf528b6627682ff4d4450cb0f34251fc000ed01dd538ef13260984f44703b89dfb511bfb538d0b1c8aded964e1bcc5ca57437468b14a31ec0000a17e4d24369c40500449c37e7dccedba3eceb59d827dace246b5c48afb6a5988e64c560b3dc76c32d831f51cdbc5cfc4364ac8b25372b87c92bacfedc6bc8feb44098dbebc89cda03c59e4c58a31372bd574704b9e788834b9f83c6703f6709efad97c4ce499ea580dae1de282a019247cb3dce5c1906322e6d3ca5157ea6428bc42416936fac194efe136089c07faf7adf1e923003f1dc63fcbc634b389a4f351a6a4ee785e23c6bb04ca2f265be1e634362b87c6f9fd369bbe62a1db6b286c7ffde6370bb4d6e9e0cc3ec451e1a99d134726c9075e71319d3a6fffffffffffffe3be6d086481069cd32f4cde7816f8e3a0ac6428a7488f31f06ee0da10df3ed0c150d29085879d064f914407f60018bb588735663647bfeda930407d69abef3f72fd461c2b85b00988b412a180fd267fc646a86d297e7e40912607157b6fa873df6442579b1523d8117f0c06c87adf75843b8bff30a5bfb4fe1e9846b7fdd58774641baf9cc9c4e38e53ed24a9d9e9dbc7657aa9b220a8545852b0409f5c0812e953823e841967bf55059acc7a4600818134359e72cfae0d04a0738ac8acca133d6395a455b22cdd6f901d4cdea1cf17415f7d7895a4b65f80d2f7c5c60a0dc04b40c9ae5ffc922e074a82afd704673e1766d19db9f60eab0238fb4a3169a08aded607847e5d752d4e24c4914b95bac3892bcfc2076f16a7f07583f0d418b9dec03afdb2e93335a392e1b1ef2910eb2a4b6a63fe61641f3c02bef73cd7e4a77a6f30ae821598c3160511603541bea89022b54f321c2a55cdeeb19335d78a821ab6ca0f36588a9a79a41e2123905a491d658c2a1caeee998c995bb0f816c92c5dc2b862183f80b9f9786c9c5524723c944d11f6894c7f008ab8194f577e22c03631d2a33205f508ea49653e7600639242dbaba704f700ac227f32dc575c559a0a1f4fe0cf6c22fbf7e1ca2ab4b1e4724e8379021e3c9a7c1509c6a413bd7d9c98938ec40762eda2546d636597defa86c1ad31126a1182d365f858927d140fb0a97f80adcc5f4ed5efe11ac503453917a263f1d64692348d30f382e85e464ef7616067a42df5de1a1b622fabefe2ca4ceffa4801f7a02fdef40644cd1d079590d900727628d54b44db7ac700d8d664f7eea12837fcf347360d8e43a354fe51b4c49e8fcda3c322b738ed2b800b5cc06e22c72af2a67ee7bc8ae894e841f2cf2b0a7e381caf944bf4e91ded63b6f82f7474e4f81e986fff7e5339b8e9f60103a1af81833e120f0c88893ecabac044a4a2867cda4fdcb084459a00507aa9e5a8e761a72df3322a1ae8cd918b4994c23bdb1e459b4f21651bd7fa067a00e2a2877bf6b29f289ed8018e0a78f6fb4ded9749640e0e37f6381b320ab72da404f3d70d60152f6fa6738932387b83250cb3148141edb52f109bfd4bda8054959db01f4c550609a63c08cf01ecd110cfc6f0055638c0dde039d2ac2daafe59e561f9f08a8830c3f661e4325de63e98f4a4216ec3b83fd200201ed3f646ffc6c4a8aca64a6874743242d4feeaa9153de06e51c512d9cab7ae712c6424069f3e5db4ddebe9b48b5f6caa741162edf97674d2368e03a387f798151a4b9b9fa9e3a5838a343133158364a9fe3bb3f9a3c464c0c54a4c64ca774ad200925ac6bf59508c10a8574afde9b821741af43ec64cedc13aa220b39772195283506dfe899dd6a7b37eb21f154056a2df3564ef2bb918a928651de88c3613b84e7960bddd7b46b1304deb30f57b6fe5a3b4788629e91bcc2456a72fabb16b47da71624d2e9081de748b3387f52da4bb094782326dcfde0827e2d674e41bb375247d349cade9c704e5431785009b0e53f1b45c70b237c9432e07e4c7a8464ed11608a3d2184338dd9e6f6ef4b3d751e979667b6a3953c89aff4eead7a978071a912b3de21a85a5849c57933cf53cd74a610f3e60f699766fbc7e0bb8a891a429c77bb6f3b6f9f8eb0b1bd9588ef2ce98fdf0a0838e4b0bed807d8b673093c717feec8d697e32542274887d039db7a2daed5d52c8e9767443229f8003c5d67e907376ea2f393484fa70deee159cb56f8d097b8fe2736e95f540137e20725f0940a8d049068ead4c46bb3771a671bb00de88931e03445a55868de0c220db05cbda9f996d5fe7c1070efe5e718fed4d4cb4ecacad3d6b643bc0ffe9a71b720ba7b5adbbdefe29106ef6a6ffe4547f5d02bec312147df0abe80efb2d5e598fc7c8b268e58b59e0d75728e9a18126f013c963ddc92d251405f857fe3a5cbacf443be7772975b7bf4f6d7ed6f80dfcc47a88c6d19120942adb5385be6ef3c0d7e396bcac5affc8f9276d6cd1a0b069aed72a98cde8ea7aabe6cc091b19efcfaf9368dfeb3087a05a42e3b893dae5ffeb72e6ac06e995a2a75ea0b5f7876247bb4c38cf3f0153f1f7473b522f1c440b632270e2b1d654d3a5ae16cb788482760d34ca79c8951b29c628e21029715683a3e6f8f77c5d89ecdae37e0190f79c4c1dbc9d0160e359cd6c94d6662ed53bb01a83374ff593c823acc59241b11f020902069fc0054a9b26cb320bef4fb1f8cc5bd8ae76eb029afab731b9876bc4e8708a8315512823cff1f9375d284ce66e53d4efad6c76d17bb532fc938b8f80c13ce86b5ba3e540164bc5a5d47cd321c241d8740f453ef95bd3878d578561ad6ce20877ffbd44062dce8df1d048d8d5e4045be647886108cbb1f0b26a8b74b66858afedb830a161bb02bde4c46a688a0ea3a7018ce24666aab0f422ede2f78ea29f77e28d87c744cba0285ce33d0d9ac45774829699de6d725a9b6db6e7d03ad4ec9d075c386e68ca0bcd9e9911d741ed0168cbddb87a7918a964d206629da4e887277b0ef7d3f9c7082f3f15f29a0dfb39f3b0877a5ec3ac4343e0d808f5aee8f1869923aab6dfc3016821c013109f34aece6183994b853d0e9561375c02cdd26b1b55194757341929a8038864cedd6b5a3b8b51ade44637044c4ebddb190f173969a0ca4cf5d42153763a0b91da0110ae7a25204850927d81b00176d4568a3d444d8029bd010df784e3f673fe855601ec4f1b26b2df58841e6a65f0db66373f63cc14a8b07dfc52ac9957eb542d05ed687c79519609de96df18b63cb294b534ddf7d2e8f41bcc1e5a006191c4db057b6709f0a96f18e7e8f67b8be2a19c015b9c4b0b3f42e4de366b71f8da8888809473c3c7a02a1158e375f29997a43bc7118ca4d1abb8f8f21972fc589aaa3d73a4d40a1e1705e169ac6e56cff50d89fc45b6863c8fc67bb2b5939a7f33072539ba4c24077be5711ba368bf7efd4897931531d388eb5c2e56bef337777150dd59518652145c9594e110e41d2615196c6b197916c88cc2814e13a3a922b4ecb044bf31cc90e0bfe0ce07de29188bbcb0ec1a12b509f52582fbb948c3cbe0c6964f46991cec0704bfac08aec6ad8ddfc36dc68c7f547c5ee6af4a8d55c79e3dc1c49b045379811f81e9a185a92cd37ae4ee32c5d3c82d36d6202a6c84fd231fe467071d42072827fd77afa5d757e6f37247f783ef09bdfd7536b666e84bc4bb878005b7829293a04ba090272dec844f4ef0e934617c08518bdc6b915ac6f3f03e4a6ab88e21c3f21f93b31d95ea3b9228e0031cb69795de5abd19c4cb4a0cf2984e53ca391cc66e33ee0d510151670331fa264753704fea5e4b1760f74890c49a74a47e0da13155c5470013d53dea0f05b5e088f1511c209f5be940232318af2757951d399e32eb862d915784713baa8ba93645caf04ba78fa3cf600ff92b9c5be58ad87438a340bac00a5ea9fb17e39478ba61fe36335e48d8c5a0b25f024cbd2ec7f217d0f260951da396dc13a2a74cd90df4b52db686e3b34d27cfa4cebd7bf59cbcfaf4007dc943a1da6e0bd1799a21ab449d7bb42935e50c839c5b567c59742436af15bc8d46095520dcd9273ae2b6f3c1cc2b4311ac9e5d297f0940b1552c5955adb302022022bb7457978998b56328629b7725dfbe3dedb37f37af0697a4471d1d6ff6bec633a38540adeba903f3eaaec5785fbb3c6a598f49dbd9ff93c67dea1ef39a614331b119fa8efccc8bac01595fb95a2a57eec9fc6c6fe82782aa89ea971866fd9a3bca4010182099b964be9e3bb13bd6b77850e435f55a5d46e5bcb3330c7edefd31c33f61275e51600"})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000fe5000/0x18000)=nil, &(0x7f0000000080)=[@text16={0x10, &(0x7f0000000100)="6766c74424009c0000006766c7442402000000006766c744240600000000670f011c240f01c9f08170000000f20f78f3000f3e3e0fc7b8f07f660f01dfb8b1008ec00f90d80f23c80f21f866350c00b0000f23f8baf80c66b8471df48c66efbafc0cec660f3805475e", 0x69}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
prlimit64(0x0, 0xe, &(0x7f00000007c0)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
r3 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
sendmsg$netlink(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f00000001c0)={0x114, 0x2b, 0x1, 0x0, 0x0, "", [@nested={0x102, 0x0, 0x0, 0x1, [@typed={0xc, 0x11, 0x0, 0x0, @u64=0x20}, @typed={0x14, 0x2, 0x0, 0x0, @ipv6=@loopback}, @generic="50bb2d6f67d29d6fabadb107d0def49c88ea04abde1d5e8d3fb22a1b5046778bdafefc46b0449ade68bf84b36ec72dd71265fc2e882348c26c2126237dd5b37f5ae655b1086cda40e00aec58754734be31d750351dc076eb43d9621dc08c029d1608a487f26fbe816b89f7cb81bff81a8b9482565856555ee923c65973deb0a99b962bc0fe94a3fcae3697bd7b85b3a682167c43dbf137115a40ebddcad74875ec58e9a3ddb9ad02a078cf0d972df9e99f079767734f69ce475f55ac64337803f5eb4e5842f4d98fe3fa370d47eb640dc5061dc35817c8a66c29be82fd3f"]}]}, 0x114}], 0x1, 0x0, 0x0, 0x1}, 0x0)
write$cgroup_int(0xffffffffffffffff, 0x0, 0x0)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
r4 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
lsetxattr$security_capability(&(0x7f0000000180)='./file0\x00', &(0x7f0000000340), &(0x7f0000000540)=@v3={0x3000000, [{0x13c5, 0x6}, {0x81, 0x800}]}, 0x18, 0x1)
writev(r4, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000003c0)={0x18, 0xb, &(0x7f0000000640)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020000000000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f00000004c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
r5 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000040), 0x802, 0x0)
r6 = socket(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000240)={0xffffffffffffffff, <r7=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r7, 0x8933, &(0x7f0000000000)={'lo\x00', <r8=>0x0})
sendmsg$nl_route_sched(r6, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000080)=@newqdisc={0x60, 0x24, 0xd0f, 0x70bd2d, 0x0, {0x60, 0x0, 0x0, r8, {0x0, 0xa}, {0xffff, 0xffff}, {0x0, 0xffff}}, [@qdisc_kind_options=@q_tbf={{0x8}, {0x34, 0x2, [@TCA_TBF_PARMS={0x28, 0x1, {{0xea, 0x0, 0x0, 0x1, 0x9, 0x5}, {0x12, 0x2, 0x0, 0x401, 0x8001, 0x1400}, 0x0, 0x5, 0x10000000}}, @TCA_TBF_BURST={0x8, 0x6, 0x8057}]}}]}, 0x60}}, 0x44080)
write$uinput_user_dev(r5, &(0x7f00000005c0)={'syz1\x00', {0x0, 0x0, 0x0, 0x448}, 0x0, [0x4fc0, 0x0, 0x2000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x3930, 0x0, 0x0, 0x0, 0x7fff, 0x57b07c7d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd], [0x0, 0x0, 0x0, 0x0, 0x0, 0x2000000, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x10000], [0x0, 0x800, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0xffffffff, 0x0, 0x4, 0x0, 0x0, 0x0, 0xfff, 0x0, 0x5, 0x0, 0x10, 0xbaf4400, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x2, 0x0, 0xe04], [0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x758, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffc, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x7fffffff, 0x0, 0x0, 0x3, 0x0, 0x0, 0xfffffffc]}, 0x45c)
r9 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r9, &(0x7f0000000240)={0x26, 'hash\x00', 0x0, 0x0, 'michael_mic-generic\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r9, 0x117, 0x1, 0x0, 0x0)

3m3.153688737s ago: executing program 4 (id=1525):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
r1 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, r1, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e)
setsockopt$IP6T_SO_SET_REPLACE(0xffffffffffffffff, 0x29, 0x40, 0x0, 0x0)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r5 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000000), 0x42f82, 0x0)
sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[], 0x120}}, 0x0)
r6 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={0x0}}, 0x0)
sendmsg$key(r6, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000080)=ANY=[@ANYBLOB="020a040007000000b6f1ffff0000854105001a"], 0x38}}, 0x0)
sendmsg$key(0xffffffffffffffff, &(0x7f00000001c0)={0x40000000, 0x0, &(0x7f0000000040)={&(0x7f0000000380)=ANY=[@ANYRES16=r5], 0x70}}, 0x0)
sendmmsg(r6, &(0x7f0000000180), 0x3ef, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000240)={0x12, 0xc, &(0x7f0000000080)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000a0000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ff"], &(0x7f0000000140)='GPL\x00', 0x9, 0x0, 0x0, 0x41100, 0xe, '\x00', 0x0, @cgroup_sock_addr=0x35, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x94)
socket$kcm(0x11, 0x3, 0x0)
socket$inet6_sctp(0xa, 0x1, 0x84)
socket$netlink(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200))
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='net_prio.prioidx\x00', 0x275a, 0x0)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000140)={&(0x7f0000000640)=ANY=[@ANYBLOB="9feb010018000000000000000c0000000c00000006000000040000000000009301000000002e5f615f"], 0x0, 0x2a, 0x0, 0x1, 0x1}, 0x28)
socket$alg(0x26, 0x5, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
syz_io_uring_setup(0x3b56, &(0x7f0000000300)={0x0, 0x0, 0x4, 0x0, 0x3e3}, &(0x7f0000000240), &(0x7f00000002c0))

3m2.064119941s ago: executing program 4 (id=1526):
syz_io_uring_setup(0xd2, 0x0, &(0x7f0000000040), 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x0, 0x0)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x8000002000000, 0x0)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
r1 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r1, &(0x7f0000000300)={0x26, 'hash\x00', 0x0, 0x0, 'streebog256\x00'}, 0x58)
r2 = accept4(r1, 0x0, 0x0, 0x0)
recvmmsg$unix(r2, &(0x7f0000003700)=[{{0x0, 0x700, 0x0, 0x0, 0x0, 0x500}, 0xff8d}], 0x600, 0x0, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, 0x0)
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x2, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x0)

2m57.968357204s ago: executing program 4 (id=1532):
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000580)={0x11, 0x3, &(0x7f0000000280)=ANY=[@ANYBLOB="180000000000002000000000000000950000000000000000"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
getpgid(0xffffffffffffffff)
r1 = openat$vimc1(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
ioctl$VIDIOC_TRY_FMT(r1, 0xc0d05640, &(0x7f00000001c0)={0xa, @pix_mp={0x40, 0x8001, 0x6f01000d, 0x2, 0xb, [{0x9, 0x101}, {0x1, 0xe}, {0x9, 0x15dbe640}, {0x4}, {0x3, 0x2}, {0x6, 0x8}, {0x3, 0x427}, {0x40, 0x5}], 0xb, 0x1, 0x7, 0x1, 0x4}})
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r0}, 0x18)
r2 = openat$sysfs(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/power/freeze_filesystems', 0x80882, 0x0)
write$cgroup_int(r2, &(0x7f0000000040)=0x700, 0xfdef)
mknodat$loop(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x6004, 0x1)
mount(&(0x7f00000001c0)=@filename='./file0\x00', &(0x7f00000000c0)='./file0\x00', &(0x7f0000001200)='vfat\x00', 0x0, 0x0)

2m56.758240423s ago: executing program 4 (id=1536):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="640000000206030004000000000000000000000005000100070000000900020073797a30000000001400078005001500040000000800124000000000050005000a000000050004000000000015000300686173683a69702c706f72742c6e6574"], 0x64}}, 0x10000)
r1 = openat$ocfs2_control(0xffffffffffffff9c, &(0x7f0000000000), 0x22240, 0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000000040)={0xaa, 0x10})
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = openat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x40042, 0x1)
socket(0x26, 0x3, 0x0)
mount$9p_fd(0x0, &(0x7f0000000100)='./file0\x00', &(0x7f0000000140), 0x84, &(0x7f0000000840)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r3}})
r4 = syz_genetlink_get_family_id$devlink(&(0x7f00000016c0), 0xffffffffffffffff)
sendmsg$DEVLINK_CMD_RATE_GET(r2, &(0x7f0000001780)={0x0, 0x0, &(0x7f0000001740)={&(0x7f00000000c0)=ANY=[@ANYBLOB='4\x00\x00\x00', @ANYRES16=r4, @ANYBLOB="b54300000000fcdbdf254a0000000e0001000f0002006e657464657673696d304000"], 0x34}}, 0x0)

2m41.612922937s ago: executing program 33 (id=1536):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="640000000206030004000000000000000000000005000100070000000900020073797a30000000001400078005001500040000000800124000000000050005000a000000050004000000000015000300686173683a69702c706f72742c6e6574"], 0x64}}, 0x10000)
r1 = openat$ocfs2_control(0xffffffffffffff9c, &(0x7f0000000000), 0x22240, 0x0)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000000040)={0xaa, 0x10})
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = openat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x40042, 0x1)
socket(0x26, 0x3, 0x0)
mount$9p_fd(0x0, &(0x7f0000000100)='./file0\x00', &(0x7f0000000140), 0x84, &(0x7f0000000840)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r3}})
r4 = syz_genetlink_get_family_id$devlink(&(0x7f00000016c0), 0xffffffffffffffff)
sendmsg$DEVLINK_CMD_RATE_GET(r2, &(0x7f0000001780)={0x0, 0x0, &(0x7f0000001740)={&(0x7f00000000c0)=ANY=[@ANYBLOB='4\x00\x00\x00', @ANYRES16=r4, @ANYBLOB="b54300000000fcdbdf254a0000000e0001000f0002006e657464657673696d304000"], 0x34}}, 0x0)

7.996305874s ago: executing program 6 (id=1993):
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_usb_connect(0x0, 0x4a, &(0x7f0000000040)=ANY=[@ANYBLOB="120100005520f010402038b1420104000001090238000100000000090400000371055900090582eb1000000001020009050276"], 0x0)
syz_usb_control_io$hid(r1, &(0x7f0000001280)={0x24, 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="0003040000000403"], 0x0, 0x0}, 0x0)
syz_usb_ep_write$ath9k_ep1(r1, 0x82, 0xc38, &(0x7f0000000080)=ANY=[@ANYBLOB="545e9a", @ANYBLOB="4f0cff66dac50e65f4944faabbeb020c8e57572456bec593e0d2ecf32e6dddf38e8aff27f9a893cb516339027ad68134cc76951dd7b7ef951b95e92f41e5a68772e12edfe4c5eeb8cd72677beed3d4ff11"])
creat(&(0x7f0000000000)='./file0\x00', 0x10a)
syz_genetlink_get_family_id$nl802154(&(0x7f0000000040), 0xffffffffffffffff) (async)
ioctl$sock_SIOCGIFINDEX_802154(r0, 0x8933, &(0x7f0000000ac0)={'wpan0\x00', <r2=>0x0})
sendmsg$NL802154_CMD_DEL_SEC_KEY(r0, &(0x7f0000000c80)={0x0, 0x0, &(0x7f0000000c40)={&(0x7f0000000340)=ANY=[@ANYBLOB='0\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="01002dbd7000fcdbdf251800000008000300", @ANYRES32=r2, @ANYBLOB="14003080100003"], 0x30}}, 0x20000000)

5.788231533s ago: executing program 0 (id=2000):
r0 = syz_open_dev$swradio(&(0x7f0000000580), 0x1, 0x2)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFNL_MSG_ACCT_GET(r1, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={0x0}, 0x1, 0x0, 0x0, 0x4008801}, 0x20008004)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, 0x0)
r2 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r2}, &(0x7f0000bbdffc)=<r3=>0x0)
timer_settime(r3, 0x0, &(0x7f0000000340)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
pipe2(&(0x7f0000000000)={<r4=>0xffffffffffffffff}, 0x0)
pipe2(&(0x7f0000000240)={0xffffffffffffffff, <r5=>0xffffffffffffffff}, 0x0)
tee(r4, r5, 0xfffffffffffffc01, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x2)
r6 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r6, &(0x7f0000019680)=""/102392, 0x18ff8)
r7 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$ieee802154(&(0x7f0000000080), r7)
r8 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$NL802154_CMD_DEL_SEC_LEVEL(r7, &(0x7f0000000500)={&(0x7f00000003c0)={0x10, 0x0, 0x0, 0x2000}, 0xc, &(0x7f00000004c0)={&(0x7f0000000740)=ANY=[@ANYBLOB, @ANYRES16=r8, @ANYBLOB="040027bd7000ffdbdf252100000008000300", @ANYRES32=0x0, @ANYBLOB="82112d8088000300060000003cb17fea49dcdeb9b8441967dbd0d774acb83a842a6a8bdc0ff72df3be0d1a1d7090c8e315c345a69b8c53b52d97a348ce60e44fa92728cefcf8d4ba444f9da88a7a"], 0x28}, 0x1, 0x0, 0x0, 0x4000}, 0x20004000)
r9 = fsopen(&(0x7f0000000280)='ceph\x00', 0x0)
fsconfig$FSCONFIG_SET_STRING(r9, 0x1, &(0x7f0000000000)='source', &(0x7f0000000180)='400:\x00\x8e\xf7\xd4\t\xe1\xae\x19\xe5\xf7c\x84\x9c\x06\x00\x00\x00\x11\x01\xf2 \xec\xbe#\'S\xc4\xbd\xb5\x1e\x98MM\x06\x1a\x7f5U\x18\x90\x99\xb2\xfa\')Z\x9ew\xae\xe8\xdd\b\t\xf0\xc4\xbfj\xb6\x88/)~\x93E\x1d4\xa7\xcb\xeb\x0f\xd4(\xb6>\x87\xc3\t\xb0\x80\xf7\xe6\x8b?\xa4\xb3\b\x00\x81\xbe\xea\x1f\xfe\xed\x9d\x1a\x8aQ\xafQ\x06\x0fJ\xc0\xc0=}\x7f\xaeB\xb1\xed\xa4\xf3c#\xbe\b\x1f\xa4L[\xfa\x01Uu\xe0\x8b\x94E\xda\xd9j\x93\xc8~\xd9\x82\x8f\xcam\x17\xa2\xed\xf3\xc3_h\xfc6\t\x96@\xaf\xe6\xd0!)\xc3\xcfe\xe1g\xe7\xe5F\xbdC\xd9$\x9b@\xaf\xc2j1p\xa9\xb2d\x92\x8fo\xcbg\x9fZ\xd7\xef\xb2z\xf5\x0fq\x7f\b\xc2\xa7\x90\xc5\xf5Y\xbc\xf1s\x93X\xb6\xeb\x86&\xa7\x14%B', 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000340)=@newtaction={0x14, 0x30, 0xffff, 0x70bd27}, 0x14}}, 0x0)
syz_open_dev$cec(&(0x7f0000000540), 0x0, 0x1040)
r10 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r10, &(0x7f00000000c0)={0x0, 0x0, 0x0}, 0x20050800)
r11 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r11, &(0x7f0000000700)={0x0, 0x0, &(0x7f00000006c0)={&(0x7f0000000440)=@deltaction={0x18, 0x32, 0x101, 0x0, 0x0, {}, [@TCA_ACT_TAB={0x4}]}, 0x18}}, 0x0)
openat$fuse(0xffffffffffffff9c, &(0x7f00000000c0), 0x42, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
ioctl$VIDIOC_S_INPUT(r0, 0xc0045627, 0x0)

5.077189083s ago: executing program 3 (id=2002):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000240)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x0, 0x0, 0xa00}}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x201, 0x0, 0x0, {0x1}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWFLOWTABLE={0x40, 0x16, 0xa, 0x1, 0x0, 0x0, {0x1}, [@NFTA_FLOWTABLE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_FLOWTABLE_NAME={0x9, 0x2, 'syz0\x00'}, @NFTA_FLOWTABLE_HOOK={0x14, 0x3, 0x0, 0x1, [@NFTA_FLOWTABLE_HOOK_NUM={0x8}, @NFTA_FLOWTABLE_HOOK_PRIORITY={0x8}]}]}, @NFT_MSG_DELFLOWTABLE={0x38, 0x16, 0xa, 0x101, 0xb00, 0x0, {0x1}, [@NFTA_FLOWTABLE_NAME={0x9, 0x2, 'syz0\x00'}, @NFTA_FLOWTABLE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_FLOWTABLE_HOOK={0x4}, @NFTA_FLOWTABLE_FLAGS={0x8, 0x7, 0x1, 0x0, 0x4000000}]}], {0x14, 0x10}}, 0xc0}, 0x1, 0x0, 0x0, 0x20040841}, 0x0)

4.785349866s ago: executing program 0 (id=2004):
bpf$BPF_GET_BTF_INFO(0xf, &(0x7f00000001c0)={0xffffffffffffffff, 0x20, &(0x7f0000000180)={&(0x7f0000000080)=""/198, 0xc6, <r0=>0x0, &(0x7f0000000300)=""/225, 0xe1}}, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f0000000240)={0x3, 0xc, &(0x7f0000000000)=ANY=[@ANYBLOB="180000000000000000000000000000008500000062000000180100002020732500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000007000000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls=0x2e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)

4.78490413s ago: executing program 3 (id=2005):
prlimit64(0x0, 0xe, &(0x7f00000007c0)={0xb, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
r1 = bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
sendto$inet6(0xffffffffffffffff, 0x0, 0x0, 0x40, 0x0, 0x0)
mq_open(&(0x7f0000000180)=' \x01\x9c\x147\xb3\xcf\xfc\xc3\xa2W)\xebs\x93\xa7\xc7!Q\x8f\xf6\xec\xa5fs\xf5l{T\x87r\xd2)r\xa7\xd6\bO\x9a\x98\xf52:\"\xf4\x12\xc0T+\xcd\x9fv|\x8d\xd5\xb2Dvc\x8e\x93\xd8\xd6\xa0\xc56\xd2x\xe3c:\x00\x00\x00\x00\x00\x00\x00\x00\x97\x97\x9c \xdc\xaavt\x18\xcen\xe4\x03\x84;7\xfb\x84r\xf4\xe7\xc9\b\x987\xaa\x85\xfb\x05%\xa8\xe5b\x81\x8e}\xe1r\xf7s2\x82\xe57&b', 0x41, 0x80, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_FIOGETOWN(r2, 0x8903, &(0x7f0000000040)=<r3=>0x0)
sched_setscheduler(r3, 0x0, &(0x7f00000000c0)=0x5b)
ioctl$ifreq_SIOCGIFINDEX_team(r2, 0x8933, 0x0)
ioctl$USBDEVFS_RESET(0xffffffffffffffff, 0x5514)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x13, &(0x7f0000000400)=ANY=[@ANYBLOB="1803000000050000000000cf020000000000000011af00335ba9735cf1ff00002020207b1af8ff00000000bfa100080000000007010000f8ffffffb7230766993542add9c818ca4f49d07d02000008000000b7030000f0ff0083850000007000000018010000202075250000000080602cdb55eaf420207b1af8ff00000000bfa1000000000000070100dab32396ffb702000008000000b703000000000000850000000400"], &(0x7f0000000240)='GPL\x00', 0x400, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r1, 0x0, 0x0, 0x0, 0x0}, 0xfffffffffffffd30)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000500)={&(0x7f00000005c0)='sys_exit\x00', r4, 0x0, 0x8}, 0x18)
getxattr(0x0, 0x0, 0x0, 0x0)
r5 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='net/fib_triestat\x00')
bpf$MAP_CREATE(0x0, 0x0, 0x50)
preadv(r5, &(0x7f0000000140)=[{&(0x7f0000002380)=""/169, 0xa9}], 0x1, 0x8000000, 0x0)

4.720299378s ago: executing program 6 (id=2006):
r0 = syz_open_dev$vim2m(&(0x7f0000000040), 0x7fffffffffffffff, 0x2)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x8000, 0x0)
r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
r2 = socket$rxrpc(0x21, 0x2, 0xa)
syz_io_uring_setup(0x12ab, &(0x7f0000000140)={0x0, 0x7495, 0x0, 0x2, 0x1f7}, &(0x7f0000000040)=<r3=>0x0, &(0x7f0000000340)=<r4=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r3, r4, &(0x7f0000000240)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r2, 0x80, &(0x7f00000000c0)=@rxrpc=@in6={0x21, 0x3, 0x2, 0xfffffe0f, {0xa, 0x4e21, 0x2, @private0, 0x2}}, 0x0, 0x0, 0x1})
sendmsg$IPVS_CMD_NEW_DAEMON(0xffffffffffffffff, &(0x7f0000001ac0)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x20000000}, 0x0)
gettid()
timer_create(0x0, 0x0, &(0x7f0000bbdffc))
futex(0x0, 0x80000000000b, 0x4, 0x0, &(0x7f0000048000), 0x0)
r5 = syz_open_procfs(0x0, &(0x7f0000000040)='stat\x00')
pread64(r5, &(0x7f0000000140)=""/15, 0xf, 0x4)
creat(0x0, 0x0)
openat$fuse(0xffffffffffffff9c, 0x0, 0x42, 0x0)
gettid()
sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x4000000)
execve(0x0, 0x0, 0x0)
r6 = socket$netlink(0x10, 0x3, 0x8000000004)
writev(r6, &(0x7f0000000140)=[{&(0x7f0000000080)="580000001400192340834b80040d8c560a067f0200ff000000000000000058000b4824ca945f64009400ff0325010ebc000000000000008000f0fffeffe809005300fff5dd00000010000200040010000800014004000000", 0x58}], 0x1)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xf, 0x4008031, 0xffffffffffffffff, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x19)
remap_file_pages(&(0x7f00002ec000/0x200000)=nil, 0x200000, 0x0, 0x0, 0x0)
ioctl$vim2m_VIDIOC_ENUM_FRAMESIZES(r0, 0xc02c564a, &(0x7f0000000140)={0x0, 0x34324142, 0x2, @discrete={0x1, 0x401}})

4.600466613s ago: executing program 3 (id=2007):
r0 = openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
creat(&(0x7f00000000c0)='./file0\x00', 0x4c)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r2 = getpid()
sched_setscheduler(r2, 0x2, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
r6 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$ETHTOOL_MSG_LINKMODES_GET(r5, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000200)={0x14, r6, 0x301, 0x70bd29, 0x25dfdbfc, {0x24}}, 0x14}, 0x1, 0x0, 0x0, 0x4000}, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000280)={0x18, 0x5, &(0x7f0000000040)=ANY=[@ANYBLOB="180100002100000000000000000000008500000075000000a50000002300000095"], &(0x7f00000000c0)='GPL\x00'}, 0x94)
futex(&(0x7f0000004000), 0x5, 0x0, 0x0, 0x0, 0x92020007)
openat$vicodec0(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
ioctl$KVM_XEN_HVM_CONFIG(r1, 0x4038ae7a, &(0x7f0000000100)={0x2, 0x40000105, 0x0, 0x0})

4.408193255s ago: executing program 0 (id=2008):
openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
open(&(0x7f00009e1000)='./file0\x00', 0x60840, 0x0)
r0 = openat$fuse(0xffffffffffffff9c, &(0x7f00000001c0), 0x42, 0x0)
mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f0000002140)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r0, @ANYBLOB=',rootmode=000000000100000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0])
read$FUSE(r0, &(0x7f0000006300)={0x2020, 0x0, <r1=>0x0}, 0x2020)
socket$nl_generic(0x10, 0x3, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
r4 = socket(0x1e, 0x4, 0x0)
getsockopt$TIPC_NODE_RECVQ_DEPTH(r4, 0x10f, 0x83, &(0x7f0000000000), &(0x7f0000000040)=0x4)
r5 = socket$inet6_tcp(0xa, 0x1, 0x0)
r6 = dup(r5)
setsockopt$IPT_SO_SET_REPLACE(r6, 0x4000000000000, 0x4, 0x0, 0x28)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r7 = socket$kcm(0x21, 0x2, 0x2)
sendmsg$kcm(r7, &(0x7f0000000000)={&(0x7f0000000080)=@rxrpc=@in4={0x21, 0x0, 0x2, 0x10, {0x2, 0x4e22, @dev}}, 0x8c, &(0x7f0000000140)=[{&(0x7f0000000ac0)="ee", 0xfffffdef}], 0x1, &(0x7f0000001a00)=ANY=[@ANYBLOB="180000000001100010010000010000007d95df16a39b1a6c900000000000000001000000040500002b24ec10064b6f2f000000fb718aef932f3889d1fdda5b57000000860f5878c37ffe36e1165814d435be5b317c6c8189587d2f97879f07a515bb7c169f46933d9338f4ab04834e6f618988ab013f40afe403041323110f62055394412158e7a3adb148d641aa40d4ab077fe34232aa8b31851466d0998a61d7da0c86d70000001010"], 0x10b8}, 0xff4c)
write$FUSE_INIT(r0, &(0x7f0000000040)={0x50, 0x0, r1, {0x7, 0x1f, 0x0, 0x10408}}, 0x50)
syz_fuse_handle_req(r0, &(0x7f00000021c0)="0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000e00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000800000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000dc4e00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ba045abcd5dfc67d00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000081000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000230000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000050000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000090000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000dc000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000008000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000209bfd66eea210560000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000020000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000003dc150f4000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000030000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f50000000000000000000000000000000000000000000000000000000000000000000000000000000000c6d90000000000001354c4b6000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f8000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001a00", 0x2000, &(0x7f00000062c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000300)={0x20}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_fuse_handle_req(r0, &(0x7f0000004200)="a28096c80abf3543ecde7564abff5085d2227ebcb0f164ae92706ad0b083a3f469a3efd15b4921e9c3063b98b3082068e7c31950dde842eac55df0f991453cad62a6956b0b6f7b8cf49b506a3060fe1127eca99663ade8efa89ee189acb5f3b92f6bc4c46621c803eed0d0bb5f32384870ed08f89d4f74445762fb99715e083c4c92a8878be19ffacc30d0f2da64f971cd40563163adc15670ecf25cd3ad96138967c4b53ad9d04b5193ab5fb674aa0030a9d703d1baf810ce897f969121f142161919e583c275671b999e7f363891dfdfdf3556d01b86ee29eca8fccbfeaf1771395148706cc6e6be7ce29fc9ffef061b5420950c1a525bf75ad06edec51538d1c5bbc77da72dc90fd9998936fffdda2427e5a68966c7e2208f76304680182ec73007e482f034195712af922db2726195d997708734db9e7825a864be00b2a4f800881fc0363f5e618398454f35b148b4ccb88d418269fac868a8ba4a2d5b4f06a1ac01b5ad158b842e05adca22c7372585bf4ce95560b6c1e021a3ed2ff7bd3b6b3c7734c3b66d7e4c460096312082f89b16baa6e73814aa60925780cd92cd65087e260ec046fc363264366a9df2c849c0644911303946adad544521ceb469a3e193ecc9a7876403fac461a4a70d6193b2451189a5c5120b3535e9edf619108af7f517b58abd3fa7fb1ab832213430d2e6901076fba9c9e1acc6c6f48ff0e419bbc45589745a176f52a7407ad5e3dd49acb31b47862806f47077dda04905e45a80a12cbcd4d2dd9fe66c2d1f99394fed8ec60961cd2dc7115a96ece432fac86d51bebb08b95f447a83792fe80291fca7b298c9043ef2c26f0f7e42798d3f54c84b94c24c76c555d83ecc53b99bb22d71845e5cf21a5ba7fbeffeb6306e1730db14561b950a3f24bcfd78d4ab0d97de8054bb1a6077ae7cca6e45d846d3df82298d07212922742cb0facac3b77edfbab90e9ee2d4f7b0ee9b17bb11ec5e5721340d84cb6bd93428167e69b47759172557acda313c3decdfc6fe9336bfade459f43b39d0f2289f9142db280f4ee668e650e12858c577e12e2b9a57ee66c834be97979bcbe94747fa5d8d0b7d3a9f8f218df1bf960f828429a1efe838616b18faf6629236ddbded43a093efae163228e5c38fd7714743c2fcca47e3382bcfb1ab893fd7377527b4ec43f3fa60ebd338161d8de7cad65b15579e4af258f5fe3a63c2637a15703207029b0899b5427767647baef11e291358e6e54f6f13d3d2ca7a5e7969e04d2733b3b9ab822c69a3cfac097384de5071a9b74a656136d55eb1000008747b509fd610ff62b4950ef71c934fe21a48a4931d3d9458b415f112cee65c660f5490e982341da1c58634b3967ca6f3596d20cc90f508382156e36f16539093240ef5f2aa6a2c0dff2a67df30dcf50bf6e0b82a3d49f2d532a8dde1b3ceefcf0837190b74186090d1c18b59917d7efce1adfb238ef4a7b1d22c4cef09320221de883e97e6882466508de06fcdabad3b741bdca2cff879d57ddda52f42b3dcb8a78cfc05826af7e4ff155960ff8491194f4d321ef195990abaeeefdcb852d1e1e3703f317385a9458b6c2dd9db830f757ec29c9939fc7313e639fe485bc1e41ddaaef3fbf1f7cc527c8fad0d21b8082482caad7bee440e5097665f636c3dfec82f8c98afb6243bc3944939675a594277d278ba4361461f7da52e224e4ce5dee4a467bf6ae9f67b61ac6eb0a440406abac2016eec907e241c57f5f44be47290fd0fef785ff04df3810ccd637b4d97a84bae8486a36f75d872e645fe46625969fc2d1f032c56ed44bd98ea27bd9b6ddc8eb2dc2ec9f90f2f1ca1bd20e37ac58b03c84c872f4ba47310654986641460dfdd531ac62a76ad87b89c103ac5c9c2e7e70c66447b3412d4a1e5cbc30e16939505116c04de33ae054ed366de8d1f971c2de439957a194e22a488f58d7efd46439177f3f3c45a1475927eecd846d3d2e6a2ab5c7f8addd99062c2fc6b272d1f51bb8f22f1b6f8bb3faf8aa85e5eb9abf7df5cf8f26267323808b0833a987989cbe59205e7ad06556e2d1b8a4873ca1cbcbc8d43abc145fd4eb832e7a58ab2c793d003ce7b1850ce45eb7480417a1e9eb9d39a1028a2a04a2aa649c098c4f8eee514db5f6021173bb254b8e22b150b2ca01dc7ff235db46ed78d07f43d1adab13b8445d1b32069eb45f9d389fcf5a3f7d3ebe243c5b1fe17b1f5a3d571b65f21b9e471e818172554dc956749b99cb7a5f303ec480d7194a2ba86e204f06aa1becdddc8c49082c527e7064ac2ad77dc05639d3d2a7778f6943ed6105ebf6f0b9e94fddbe05c236ec000f4d1d4e496b10068211ab68ada4c7f7ac61f5f5ba5f1810d5bbe87ff4f8356af0d3f682baedb0ad8f8488b277421f0a03fc5e3095ee34bc4472d8f17e3f7013cf2f79f5ff3ea4b6bae56d1365a33b09bfa9a496323f7da923b7e29dce4beb80035f13130004c96e56d7ef6ca6c101d20c27a218e623227c33c9e488b17e7ae9ac20da8240501f7b614a1730f164553fe479ef149866e4ea47296814284a3d3eb7cbb294289ffb996e0eb053b9c16e54cf267832e3d360eb196ed51305630223309ea97215628f01ec9d3ea48096418d5e962cac5063460f0a18772ec7ce66d14a1cce14b52c40bbbfafccbf1e76f09e57ff0718048e5b993157a6cf4718826b1e09430413a3596a15c4a620fa8c8e1d1663e5739f9f790ddbb3be0e00187d43717d659242467d8681ac10303346157f894d9037641417010e9654c6a5b22383e73a5a37128f50078a980c30930321aa5c5e7851d5d392ddce3a14a96916fa8421ae6728f37f5de7c3e98feb4babd4e1bd2315d595e209d52748f70adc2284fcdaa6ad880470d2a071f3490aaf3491fb64b4547419e8eccdc491a8921156cb4811ad1e66514a32b0b31b641438881f28c1e6461b4f451938999af671e8c6a5cd0c072a9fe4cdbefe24ca616f3d0a15ac97cca835b1a440e04fa28340c6044176c8ecc8ee0d033d47db8a0aacfa0eabdfa1c9509fc2604008f01cbafeb5bd2b503b809ed672340b9a576593f1ef388391b54b605e7a15bef7b1345627a34fca57738b0f8f4f19eea93c903495274a4425a1a1cc6c4c6e335b631df5185c95b485a4257867b5347a40e4e14dcc560f061fd4fd265137dc68afd548adde778f1330f769acb1ccf5da14ff6992c24e210ea6e6179421881b803393bc6974e37106c5b5b3b5d0b3469f8969bffb7e4ceb2c98e928e74366492d27235ae4c74a2f48511aeeaa53a2beafa7a331b50e454c507af1b63350a5cef35668a5b9325014192277e509561008b3601088f79d42eaa8b1e4ae2000b31749e2b8094312ddb7f3c1cd625ef885c11fa22a66e374b52b3425e0b8016154e1fd8471339e32e7373d63ab646d893fbe09ae07b06074c01401ea76b3c382a9d32f24f93c789964e16bc4206ecd75c10917ab84ffd8d6cdf4cd28fd90375ff28518f8c1a3befc538e1b9e427fb671988d29f2fb2fcd039f4d341c84eb4d7cf600ddaba88bb094e4d87a1419180149f491368e648b69985b05ac39a4ecdd3c5135f3a5c8ad7792dacb6470144bb9e67805a211efb3ec9ccaf8e0901345fb19e4da579e1fbe86a1207f4f13c3436009c2c640b7cf3f8b77ca7bd994bf93308027359c6dd1b7db1e153fc0821968ef36c003b6c73fe890f4de24f5c6458dbaaf3819edeaa91783c3cfc7e773689236248195c7bbd60113f2476fa3687621d668d1728ee433d2f8f4db707345d30f1e52ab87a2a0afd547c6bb06500f59f17facde48f693490e22494b75d11df1a143b85068d143ef6a9bb5937a9df380c8948f1a01e9675e18409edb0f6b9605b68e34632fcce472dc50b90b0f6dcd57931f78e1e8861a0fb62e72b0baad6f9d23c1cfb0f19b25013c8d9fcd786a2f6f79768b5fb398f7b2baa31ce8156d1fc4a46c1c463fdf30360d42aeed2ef11611d0b7f654bb51052fd4dc39328f8ec4c58bbda05e6f1b3c8f6d8adca0268f2410e9a4a7d63b6616006d0e02f6edacc10e5c54fd85f15a8bd7648a293f23d6a699bd9a675250475a73a96d7475e4fabb89fb5e7de5d7a3479aa485c0befc60d0ac4fd5ac6dbecceb06cad86e219fc0ce4720758917811a3215f8d13e413bfb64fc065fc421aede0b56691797dac428c7e463479fa591b9072c309b7533e427c5cc11a1f6cf9a5b995d328d796d874c5b55dfc12a5039b413ce319cf5ba1f355c4e0717d32650b43e18010f37f048731931c52c4f36eb969dda702afe96c2a5241350a67ba2d026946189c5e281293c9a8e2cff3784776f1de78b917101b54e5ab00c045ea15f28a0e3f509962cf8bd3385d85250737eae5c34ece86b86669c13b00308a3b13c0ac3c83ff26fb52a4aa83c1233a9490cb9ca917a056908931751bddb88a62379a713395f0764e4a393faf253a4026d0472270e6036287d56850df1751543484d65b3062155b6300e0024241c59a862ae769c1a9232a2d9fb24705177a09cceb3eefbf9f106f67e01be14cdeb4d2fc7d8661df3e75de5ccd09a7e559f028fb9837c621ea0045b4d1b679067f246339c974631aa7134d4e910efb28d3c48929cef1df7e6c73668762d55086b6c59c36ac90154135fd7ca4e4047dd0aa161fa982d8edf9c0cb9666477e096c55718f6e4742415fefd4f696d1f1ccd6322bc19496ddebd36282a7c707d5b44113e30678e6e33ab7d34be04a59ac614d6a54134490998be02636fa91633d6294781c2b9a54c611c0045cfcfe81f49aa21b29d835cd2047c854486fd8e65a2ebf629f7ced602b9dd107bfde483e5c9b5cbba4a08cdce09920bda9978b7fc2b4a89bf1573a26389e52090fdf5dccf22111dc8c42fd3c8c477092895398086cc22cca665269e193fc650742a361a44b857d258429f701f22e9b7615bc3dab78c1479a41cf8575cdb17169470b347adfc03e03daea3e269725cfc72df5664b9df36d2f2b55013b71133e0b80577a47182511ebb308b6248d457bd2af7b28e77182c305241178c4124ab102771fd5a8c3dacb8775de881301d71587c76bcf0a97a72ad244d0c42fd71aceec32dd48bb5c9a95b391166c832ac5bac8c7cae4d18b3f7d9f2e4782fdf97732e3d51f67bbb57f989ee0d7589dbd0c2a5c63840e914b9d7d720fa120acbffebf816b588b2ccc052e7fa78992e0ea39dd21a122add41195f8e2e1acd777c1a4e8ef4362fef441feb4d9252c6bfbd2742152300a32027776e3341620d3c8d9365e10e81adcca7d87a0e555c98a0353c692557d90ee9be3fbaab766abf93e2462149fd99c92a5fc58d899ee75535cd1fe1386c5ab0b157c2102039d6015258f59cef3f15b951893a30ae839f740402a30b34e7be73796286403c5beb0853d856d83f1b00b48328f56dcb32e1faab08a3435b1482bf18b21c95aefeaafa7fd761c7f28d416fcde06bf7aee5c6e9eb50e55874253ba3f1d0ce2505b4fc7c3fc996bfbb8446bafe84f5bea94bfd7ca5aeaf237fe793b66e5c521d4092e4e1f9bde1dfcfe53fa55005d21cfa833a338fd9792614129336060e10d1911862070761aa20c2902eb7c5a355eff4cf6253d7102a2ca1fead4c53b57d576d104c081310d92797e4e2e8c269d19910d0d4cedf30fa28ba680c00137f83de940624229b6a125ce5233c6cf4a3640b74f58f288dad8451fbe37641c5559a5f3caf1299c8bfb230723652278fe378efd8e459b9da26cffeb58468a6301dbc06d713ba2d8d43d9038f5f2dc8b831ba58a88eeb5b1786b21e398aeeeb7c1f3d6f01d82b3947862fb9e7cbd7da5d04c5fcd34da28d53e2246e3ac1e3a619ad174efa6435eaa0fc94d610799ce0158421dce046306eb5042143daa336d52206b12610ea6389cdda49bf5af1d4ee42ac090a94ae7b7612073f3a5c36a2245eda887f41478f7d20f18667f941f71eebcfa76c1ab28f2a49a3bd56bd3f4e6bd079ab3fe2d94782236e83585a03e52907abaef7456a95d5d3f3d37efdc035dbfd7c41b8ba0af2df8adf1cf24f7ff0beccd3d26bc91caf42314ef7e466f74e19ae0df2e2298fc2f694a7ec134632035585d530e7e19f65c256f001d75382d9825ef741bc213af186377d9ca10d3722354e1897ca5c23ac6a52c9ad0e6b686e1776f7ec65df033e8f4d5db80c1bc354093b319cb70df93d610667675816328c99322f14e636b95f04e6497f139d508b453f53ddb5c289d849fd5407c9bdcefd1642abd46e28cb4e94371bdc606eeb67c9fe17747c68f2d50e82711da4d3edb0eda06f41b7f93fa8fb4d83cf21c79da67000bac2275508217ade1659fa8d24e5f8efb9f4bd21073ebef3d06368eb03fa3cf0d638448bd055ed20d292033ffdba538559c8ff9a2a5c8f83b5c393643d6585d1df994c3be43e72b8f3f53114d2a5f6bcedb573842b23b6a3eb7fca8495bf03bd03fde7b19bd39a16cec49e01f38e671af33cae082d9788e3202799bc466babec2080528d0609c0b731964719093735b4c1e73bd0705637c47516922197c552baeaf3516b5e3bbc2cd1afa3ef8215196ed580d9561092f620b897e98e786a0c7cbb0eedda8063292ba6482497f5f6bb62fb5ab4c97cb7658dc6579718eb97b547fcf47ced1426561af93a15fb4dc6d3d93b868644943c2c94b23b0570bbb81df2666c24f5abccfcdd71e209f3bb43c01d17f9bc8b9af2c26762fc6a741a150b7d1186e4f35175f3c315243e1c11e92c43a1fc492eef5a13c77a81fcf514ebfd0f8e645dae15a07e86b2f01fda065db4505a5eea83cb616f744f6bee731be191c65449c02603556d5a51422cf9c2f19f8d6843e0c1091e0708aa271e91f71c8602b9fa72189e036b7cb6af1569f21269283de94a6d7fe5849fd433d5b719c80419873db0587fc29786cc598d896fb16360bddd2ce12e54d05418f4f5e5f2d7aafe9fcd6268cbe2e9e6329ffb6c67fab8f3ce673028cc06aaa6b857556bba3b44d3fab5b6e875e70a2f3ad4b2ff76f31ead3462d3801ba373b3c2f545e94f57021575e2947f81f53283fc0a5137fd44fa3d074c92de54a0a3465c858f5a7ef08313faddbc3663e4e0167f3cba39612057a7518fbfb031f5ad0f9f75831973ebd733b82e554bf3fdec84e51f65dab6028c6c51366d9d4700fdf255e4c7bd70766e7f2281b3f2a5363f85ce49f9135904d14bcb117ad754c2594dcdca2d30e40ff265b5accfb116f64ed99aad570c4c5a91efdbb984ac651d8721405a0342cf77f448c17a152eabf29e88950558a86d0074e1cefab1eb7c366682f686ee1338737e675ea58eb8b4c86b9f28a6f6e96459f29e3b4dc59ff044c61a0dcc5c31d803e6e98420e446229ccdec3d0f705e92ffe016bb3696373eadab7f35ccf65ab4d9be09a085ce21bbd7c0555376e4d7fe68b5e7a64f48b5127825fb2be598d991f9c1a54bf52713417dcc599e812d85513a537e6eafa738edc972b67e065595d11678449bce6cd3d69800a649b560d0e057c502ca3e72e97820829ecfea801192c3f4e2c8763c095a43ee6fe45fe8730130937668df1d4ee577ada28238be03286481f2d2a004cc4d48856e71fbd64f1a0043a4520ecbbf1b3abdc96b87a27be8495a20542967aa4cd3a44a11502419a083d84e97abfde0901b66dde48388649a0ed6d93b9f20c530e990c7c52370a114d800d6ab3f6687d6bbc105b63738fe05fa6cac98ad6663936bb18cb923264e4c921012b68a26a70977446b8f15f9d62467d8b356560c183a6bd6cd76ec868c3bd94a595cd7bf996755a508a814980c5e588b275200c45afd900c8c2de329ec2484b0e3ecd7b0960e5e3425881d1ff7f8bd8b20f5cc98ffc3acb77f5e88775a4bd3ab9f9eb027e27d3af55ebdf4eebab48ea911128d668d00fc3f5b5480aa0d9a4af563ba577384448e5425157133d59e1cef3c722f33700bd372825046b1fa5824e405154a3af1440bc2b75acfbd07cf92e8c162587e74b5ab66b1c6aeab3ad5fa3ee91da4900ef30ad04baea326df912517dd96e1696b4a91faa66675978a375e81f25464a1073dc6737af08d7e25956bb31d438548a7da38662d49db812a8cf1d6cc65f5c63879fd9ee7fd2a66ca3fc1a768cb239aab88c87206470b4c60592afeb6d69ed97a8f990155862ba4e22b64804142c131a23792937aa8a8696e165c24d7692a04bb4471b0f0d2507fe7c8618421428fc7a0acc984ca5cc6bacb772e8a717bbaa646f9643275910a6037afaf5a80678d18edda138a4e13d06d04a5d06431eab48738225cf1567e960e765728dc12e91b91c6f2b33dfb6e033aa68c1c2334d24335abc4a7a1df5636dec29091da54d5f5a1fff41e4a35a0c2f04f968f7d78e2f51c73577e2192bb20f289aaba5a175c2ed533855bd9ed9a842ad482136dd5e0cf45eb5e2d31ff62a3be1cf8a94a58316e74f4ab9fc54f3a0bb83beef0f355993bdea2c83e61cdc796bf2564ae51fae616799e8711998cd88d35cd9824452fdd65226174b46792cb87f4dd282e4e6f67eb66da413ad877ed6ce775f7e19bc93f48bb9e5ec04009de3c042aeacf7f4b25ad6b30e017303f64fe07ac79e8744aab6926d117f13513d0469cef335fe1d0d787c2d0b2c031a9521786ac10e9f8b768271680337f2c3262abdccb5d3107c632bf1f74c83ee91f49988222fb080cc8faa9b1a02526d8b6087e0b2354173d29016b3309587c16f057dd812aa63c3169150de81f3af97d082a8f8da4ce4f909ff649821d7f96d97613552e8cc4902e046ecfa329b1d980ff5ece69b8f1615fdff5244f41cec0af924624ae1641ecae5fa26c5fb9006e57100ee71377ced7c255ae17a0845e2ee0287c62c1852f93877f9f86157ca9675d383fff5cd6f2b001ec0136c07cf37f5ace1853122c2baa1092d418e2a490c4a5c8f56b828ce1bafeef4e77f095d6b4ed99d56f66812cb19be540ebe5d52e7eff2d69cbb8477e11514f7e3604bf9999f78c2f1ca6f60a2216b87fa0f25269c425b7d50709b200912b3b7899c95e12d6e9c4dacc19e327721860e0477a53e6793fbb7fb9704a848f395f48c24a6e79b9e1358cc3497251de88b8d3a7b22c6d8af1a7fab81530d9f0cc98f62debb222b54780d89794238532717b447d71b46a60ed481c21db85b590b31720009695ecffd4ef029964e5d5149622233ac013e960a005c924f73ea82c318455546c53d74aa3f7e2ff26aa074c40a55aba8b08027fc19b596eec6c4f89bae39e74b9aad88344f7cc5ad3eefa5095f2ab47222e9a357ecd71c6700ac576025201490d9e446603dfd4bda7617dd500981b2d2ab8c43882a5208494cb3f8ebc720bca8a7cf6c80bd7aaaf89507bb3412ea490a78973f12cc30413e9df1458917ea3d68b438d424c1314bc8d01939c5a5a842438281e62d0c800dee704b2a6cd3e1e4b885a6b26b894a98765fa3308c9e4b87f93625faecdb17c29a27cd243bf6030a67874ec9f2443cf8154261ac2a834c01cbe1f314ee7aa3ca552e1648cf8b42a63f249e3538026e09e44d69dc259adb0d1a0cbccb5a5dd5d0dccc90d023da79d5634188ff060f7e35a5f9d7ad99546824d63975d4452de876093f4e997dc46eedcd80a9eebf5e4f077fbb10c7d9e19a3419e7b845972a3b62613c5404a209b16fa88e0ff49d7b4f21fecc1f773c5b4be61021e0cab8602c6e8257649303aaeafcbb178e7a460ff07f219c46eb6fe5bf8113723e454003bd707767c107daf4255751daaf8decf35262640058924eb6587868b2c08230b317e97396ebc928ba8d274ca0eed0bfcb637676003c64e8c1e1a0420b6c96a44226061ced41b8448382abd2f3d0c472afcde231fbc9ee90c2f1132f8e2391246f95ad93354c7460e20de996ad0f61b13b27646887a637cede90b94b7d8c3130f0fe060e8d955c711a2700b302a75bdeb32a0a6802ea795cb114f5f82a1a381a86bbff88b299e47728b746dff964c94c52b661b9429376b1320b46081426b7c340206dc0da151bf84be2a49e78b6b5938753d2b1be8d9e67c43c5d70e72519f5f90d0500e84ee38f82b191ac4d968b0a37901fd923cb289d585693ac3c3f8a94fca6df45e694e199a9cd0b1bc1fa7394bcc96aae670dca6605a998793b7e067ac410ba631057b8b76fcbe9524df820c02efef1608b743cd2aa6d60d3d8e476fa12d3acc329f8272b087d89471177ed531fec1f9c24a975ca2fcd8c246a33e291a3f00b7f234052067a0059c86762475256bb5e7dac6f121a0925506b18933c6e314915d4b3b2130aafc2483ef22ff8bb7b887565b1bd22fabca22037d8fc9437f675c5313526266f60bb7c7c47f30c7d567ed142ea5ec367c4298328d20e5344f01c0c90cf8a6302f4d84b6ba7495fba314a05ba29b63bb6d458fdb05a4411136958309f418fb178e19aa09ff9e62b29732fb2986c96e738f7a688cb2122dbb8f2ad9a5f28bc49ec0c462413552afee8e403259b55ad6dc334dde7f2d306929dd01f2aa6036cafd41874522689301b81c9e50e86828894140356db0a3317b081ed9d8148c41e77e6bda6287762532b86eb91f5480915680deb8a91fb8656b7f0109064865d2b846af0861f67d3f720d6e306540cd7b68f095ef3690b88ea93fb6a402ff5697597cda83171f159e85307d1a8c01611189bd4eb4f0453ab88d43ae181a562a76902a67c687514079d6f4304d9a7c0fa24b6e86074ea0a9fd8187c120312078f5ebfa674adc0303734bf8f6b5585943706594192ad64c9f7d9794fb83758924f862855ddd50bff58b522c43d73c03289baec628cd693cab93101b1e473b76532510e10f03e86812fea6f2d6f5467dcf29e6d7cf8524f383a0ded3f0951c3ffb171a6b8a6d97b5fa8899a19f1a3d0e934a1d4741076e4394ba225158f697bf7d5651717c6950229a0be22e8120d76a414edbcd03d505264b7ede8272ccbd6dbdcebaf11daf6a652f6f9eb74ba7a3ecc942892891388005ae5d971e4e79d696564906dffd44845b704a9abc2fa5ba1bb69a548423a08044ad6d0e365db7e6bea0f3844a452759716cb98dcf326001ec90c1c343174098cdf47ea2e13341058ca014d2a30e9ba3c526de72a6e387181bf76a278c9cbc518d8c374a3f1d9802a39464a100903dbec16f8f095f5d82d9d09507281e4f7fe0ce4fbeced193902a5f658af2a4c1d0952dabdc6ae5830b6b5a2c3f5b8d33a73665990822e5f4a7ce5366755a1615543bdf78299c71e890e0bedb6ec277b10a389d6a3ba9c037221421279e51ab50fb115de2076cc99444202e88ebd9d0fbe4e60234b7b761495ac6c9e615ddac8176164a88fb6d6cc2b52672c8949afe3efc1e87a598896bc93e421423844fcaafe65af898a015b3bcaf623ebeef9a57155af5278ceb52b995f7ca466d9e18b05e86380679e0257cff6d0c6750078462f2ee4701d6d8289ed848b877cf5918625b7937060d667c11119881c30809056892352c6c53c01e395af6866ea350e6f21fa3db772c1177c759999973b51e11ffc590800", 0x2000, &(0x7f0000000c80)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
openat(0xffffffffffffff9c, &(0x7f000000c380)='./file0\x00', 0x80101, 0x0)

1.48270283s ago: executing program 1 (id=2017):
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
mount(&(0x7f0000000740)=@nbd={'/dev/nbd', 0x0}, &(0x7f0000000280)='./file0\x00', &(0x7f0000000780)='cramfs\x00', 0x1000800, 0x0)

1.375684841s ago: executing program 5 (id=2018):
r0 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000200), 0x800, 0x0)
ioctl$FIGETBSZ(r0, 0x2, &(0x7f00000002c0))

1.096494864s ago: executing program 5 (id=2019):
r0 = syz_open_procfs(0x0, &(0x7f0000000000)='uid_map\x00')
pread64(r0, &(0x7f0000001240)=""/102400, 0x19000, 0x1000000300)

1.064667324s ago: executing program 1 (id=2020):
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1c0)
mkdirat(0xffffffffffffff9c, &(0x7f00000001c0)='./file0/file0\x00', 0x1c0)
mount$tmpfs(0x0, &(0x7f0000000200)='./file0/file0\x00', &(0x7f0000000240), 0x0, 0x0)
move_mount(0xffffffffffffff9c, &(0x7f00000003c0)='./file0/file0\x00', 0xffffffffffffff9c, &(0x7f0000000400)='./file0/file0\x00', 0x0)

1.004134825s ago: executing program 6 (id=2021):
r0 = socket$kcm(0x2, 0x1, 0x84)
sendmsg$inet(r0, &(0x7f0000000800)={&(0x7f0000000100)={0x2, 0x4e21, @loopback}, 0x10, &(0x7f0000000040)=[{&(0x7f0000000000)="b1", 0x34000}], 0x1}, 0xc8d4)
sendmsg$inet(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)=[{&(0x7f0000000080)="93dab702052d", 0x6}], 0x1}, 0x4)

880.749331ms ago: executing program 5 (id=2022):
bpf$ENABLE_STATS(0x20, 0x0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000023c0)={0x0, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB="18020000002000000000000800000000850000000f00000095"], 0x0}, 0x94)
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=@base={0xb, 0x8, 0xc, 0x7fffffff, 0x1}, 0x50)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x19, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000000c0), &(0x7f0000000140), 0x5, r0}, 0x38)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b7040000000000008500000003"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x79ac53b7bac5bad5, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000000)='percpu_alloc_percpu\x00', r1}, 0x10)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xa, 0x4, 0x4, 0xc}, 0x48)

752.414561ms ago: executing program 1 (id=2023):
r0 = socket$kcm(0xa, 0x1, 0x0)
sendmsg$kcm(r0, &(0x7f0000003900)={&(0x7f00000025c0)=@in6={0xa, 0x4e20, 0x7, @loopback}, 0x80, 0x0}, 0x20000850)

710.209439ms ago: executing program 6 (id=2024):
r0 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000240)={0x3, 0x4, 0x4, 0xa, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0x0}, 0x50)
bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x3, 0x10, &(0x7f0000000000)=@framed={{0x18, 0x6}, [@tail_call={{0x18, 0x2, 0x1, 0x0, r0}, {}, {}, {0x7, 0x0, 0xb, 0x7}}, @printk]}, &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x3, 0x8, &(0x7f0000000000)=@framed={{0x18, 0x6, 0x0, 0x300}, [@tail_call={{0x18, 0x2, 0x1, 0x0, r0}}]}, &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)

654.419016ms ago: executing program 5 (id=2025):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="05000000060000000600000005"], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, &(0x7f0000000d40)=ANY=[@ANYBLOB="180000000000e3ff000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000001000000850000000500000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000600)={&(0x7f00000005c0)='sys_enter\x00', r1}, 0x10)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000d00)={{r0}, &(0x7f0000000c80), &(0x7f0000000cc0)=r1}, 0x20)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x8, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000001d00)=ANY=[@ANYBLOB="0b00000005000000050000000900000001"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000800000000000000000000018110000", @ANYRES32=r2], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2c, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000002c0)={&(0x7f0000000700)='signal_generate\x00', r3}, 0x10)

644.098169ms ago: executing program 3 (id=2026):
openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x40040, 0x0)
r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="020000000400"], 0x48)
bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000100)=0xffffffffffffffff, 0x4)
bpf$MAP_LOOKUP_ELEM(0x5, &(0x7f00000000c0)={r0, &(0x7f0000000000), &(0x7f0000000040)=""/73}, 0x70)

488.441397ms ago: executing program 1 (id=2027):
r0 = socket$kcm(0x10, 0x2, 0x10)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020207025000000002dba513d7b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000008fd8850000000400000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000180)='kfree\x00', r1}, 0x10)
sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0xffffff2d, &(0x7f0000000080)=[{&(0x7f0000000040)="c00e02002200356bd25a806f8c6394f91124fc60040017010a7403004700000037153e370248018000f01700d1bd", 0x33fe0}], 0x1}, 0x0)

404.924134ms ago: executing program 3 (id=2028):
r0 = openat$smackfs_load(0xffffffffffffff9c, &(0x7f0000000080)='/sys/fs/smackfs/load-self2\x00', 0x2, 0x0)
write$smackfs_load(r0, &(0x7f00000000c0)=ANY=[@ANYBLOB='+: ($ x'], 0x9)
preadv(r0, &(0x7f0000000140)=[{&(0x7f0000000180)=""/14, 0xe}], 0x1, 0x0, 0xfffffffc)

403.084245ms ago: executing program 5 (id=2029):
r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x50)
bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x6, 0x18, &(0x7f0000000800)=ANY=[@ANYBLOB="180500000000000000000000fcffffffb7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70400000800000085000000950000001801000020696c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000002000000850000002300000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)

388.619384ms ago: executing program 0 (id=2030):
bpf$ENABLE_STATS(0x20, 0x0, 0x0)
r0 = bpf$MAP_CREATE(0x1900000000000000, &(0x7f0000000040)=@base={0x1b, 0x0, 0x0, 0x2000}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r0}}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000500)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$PROG_BIND_MAP(0xa, &(0x7f0000000580)={r1}, 0xc)

308.22906ms ago: executing program 6 (id=2031):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000340)=ANY=[], 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000180)='sys_enter\x00'}, 0x10)
openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000040)='sched_switch\x00'}, 0x10)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup/syz1\x00', 0x1ff)
r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000100)='./cgroup/syz1\x00', 0x200002, 0x0)
r2 = openat$cgroup_type(r1, &(0x7f0000000300), 0x2, 0x0)
write$cgroup_type(r2, &(0x7f0000000280), 0x9)
r3 = openat$cgroup_procs(r1, &(0x7f00000002c0)='cgroup.threads\x00', 0x2, 0x0)
write$cgroup_pid(r3, &(0x7f00000001c0), 0x12)
r4 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
r5 = openat$cgroup_ro(r4, &(0x7f0000000040)='cgroup.freeze\x00', 0x275a, 0x0)
r6 = bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x50)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x18, 0x7, &(0x7f0000000540)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r6, @ANYBLOB="0000000000000000b702000001000000850000008600000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={<r7=>0xffffffffffffffff})
sendmsg$inet(r7, &(0x7f0000001ac0)={0x0, 0x0, 0x0}, 0x0)
sendmsg$inet(r7, 0x0, 0x0)
close(r7)
write$cgroup_int(r5, &(0x7f0000000200)=0x1, 0x12)
write$cgroup_int(r5, &(0x7f00000000c0), 0x12)
r8 = openat$tun(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
ioctl$TUNATTACHFILTER(r8, 0x401054d5, &(0x7f0000000780)={0x1, &(0x7f00000001c0)=[{0x45, 0x0, 0x2, 0x8}]})

299.101277ms ago: executing program 1 (id=2032):
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="20000000ff000000ffcd0b004000000004000000", @ANYRES32, @ANYBLOB="0500"/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="2300000001"], 0x48)

268.513664ms ago: executing program 3 (id=2033):
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000070000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000000850000000400000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETQUEUE(r0, 0x400454d9, &(0x7f00000002c0)={'wlan0\x00'})
r1 = socket$kcm(0xa, 0x2, 0x88)
sendmsg$inet(r1, &(0x7f0000001600)={&(0x7f0000001340)={0x2, 0x2, @multicast2}, 0x10, 0x0, 0x0, &(0x7f0000001580)=[@ip_pktinfo={{0x1c, 0x0, 0x8, {0x0, @dev={0xac, 0x14, 0x14, 0x1b}, @multicast1}}}], 0x20}, 0x8000)
sendmsg$inet(0xffffffffffffffff, &(0x7f0000000d40)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000a40)=ANY=[@ANYBLOB="7c00000000000000000000000700000044140001ac1414aa00000000ac1414000000000000441c0003e0000001000000007f000001000000000000000000000000442c000000000000000000000000000000000000000000000000000000000000000000000000000000000000440c0001000000000000000000000000000000a400000000000000000000000700000044280000000000000000000000000000000000000000000000000000000000000000000000000000071700e0000002ac1414bb00000000e0000002ac1414bb018616000000000010c986d78e6c4b9394b247217b87cb00830b00000000007f000001861f0000000000020010421487f84baabcbcfb42a4d90bab000748c68c4c31001089ca45d9612e5b5c11f12bc78a41000000000000006c000000000000000000000007000000441c0003ffffffff000000000000000000000000e00000010000000044340001ac1414bb0000000000000000000000000000000000000000ac1414aa00000000ac1414aa00000000ac1e000100000000830b007f000001e000000200000000001c000000000000000000000008000000", @ANYRES32=0x0, @ANYBLOB="ac1414aa00000000000000001400000000000000000000000200000000000000000000001c000000000000000000000008000000", @ANYRES32=0x0, @ANYBLOB="7f0000017f000001000000001c000000000000000000000008000000", @ANYRES32=0x0, @ANYBLOB="7f000001ac141400000000001c00000000000000000000004700000044aa00210a2101"], 0x230}, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000980)={0xc, 0xe, &(0x7f0000001f80)=ANY=[@ANYBLOB="b702000026000000bfa300000000000007030000007effff7a0af0fff8ffffff79a4f0ff00000000b7060000ffffffff2d64"], 0x0}, 0x94)
r2 = socket$kcm(0x10, 0x3, 0x10)
sendmsg$kcm(r2, &(0x7f0000000000)={0x0, 0x92c0199, &(0x7f0000000080)=[{&(0x7f0000000040)="e03f03003e000b05d25a806c8c6f94f90224fc60100005000a000200053582c137153e37000c0980fc0b10000300", 0x33fe0}], 0x1}, 0x0)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000200)={&(0x7f0000000440)=ANY=[@ANYBLOB="0753010018000000000000000000000000160000020000000000ee51bc6393f4f33a2e5ea5e50648196085b7ccbe4cd49b620b8112368292cd3415ea9079e6e6d39a797c1456eceddcf983530fc368fd4e5dbeb1211b6de40ed2395fbf206f117e1b1741c884d5bb1b9a754211945ecab3a1b86de84819f5a6664d3b60b9c37755b38d3a550a4ea74e591cb54f904fa75949786dd1211674feb2eec85151d45a1f6de95533b4e552885b07b04d0edc98519afd48ae6f620ecbdb2f02b2656ee49ad6d4577f8e45bdb90329a963e9fa8d4b5e8ee3e495b08bd76d60029dc783e41583d747fc279db3cea7746a"], 0xffffffffffffffff, 0x1a, 0xff40, 0x2}, 0x20)
sendmsg$inet(r1, &(0x7f0000000880)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000001640)="657573a2aaa76a045d877c1f6455a4bb7edaedaf2406cf034c55272afe4a39f80fec79674992739b3f1d46ab6fc6b89bc95d81d84d8c293613c9f90375e9112c7b5f65f27e0e214389e9034316b5f9b75aaba5bc0d8f2290bd36c6624c127b3433e77de62a43eb8eeecd139da8a083185e6bef3c0866b648a4f6432a60e58c664a7a3dcb4a1776e6fdb08687841d75cdf12f0d7578930caa6a450381441bd9023d757be41434aaa87208e070bae470b8ebe5b100c3d6ed01dbff6a6e13320627043926cb30d2233291a5d9a15bfb760df9fabaa9f450747ff1cf93258dfbd2132d00516d8edfcb6b6352eb385866585cb371846f31532e653ccf7bc842c81206c8e80530a748501b2da5fedb1bcd0e53d09826aeb25c7ed8f3e1b219649baf3fc9ccb0da4aa1bdefca77ca97aa0c50d0485413936b83a20158cc3795456df09a917751c6e9555988b80b26f36bc8294fa37aca1b0c570e93588c9c25f4d72f01ba4bb874685628f0b64d71eaa9d17b489826ada40cede73bad175b9e956942b581fb7c52added185ce2f24422c0bf33ff32bb0e9e50b697f3257eb76134076bcf59767d12dc2cfa9c6e4544b55adc09a330a873c3a5ac8e28dda7fe398be13b3949ddaa7e25fc9652b783a95db047a3477a64dee6c4eadccbb48e9a525539c51603f8fdf1a8af0b9968ea399b7d787ead48a43bb8f83ced7de9dbe9d29a04438103179d2cc91cc15a5f3b5c589594d5232f8e956776547946bd38ea993b2cd1b1290ba255ef4a1a97055ad51cff35b804ef472a9f60bfedf3af92fc51e9b9e5580d4b12ac5fae4d8a4b9761b1c72a7282fe1cbc90767ec3266aef7ccf306ba8fc5161c74c3765b6b1ad5ab007b9892aedca8fadc7b37597546de787034e2c98a34118ef63680882759f4c3cb654e050b1303d3c9ded614e54fc833992b3d376e9f581d2ef7064ff268359a022b0df7d0679a54746150528ce08d47a05dd0e1f481b0f0b27f25e8b7b0a17827841cd7711e84dae20d98a76e5c6ea29b7a676bc4afb5729705e235ab7d41cf6dc39a208e806db5077326345bff9910e8b591d9c45f506f57f0392c41dfbe0e788299582f1dc2323da8ba93a7141061c8f78f81518c59c41a289b98d83a4575e9a509c0c615cd39ae76d2749378047a3b4ca1078880a0620088c17661322632882c77f751c60443e27df36020a72081b8e32f796f103412721158831ad7658a1299015a8a28ebc4cfd1414f4f4dcdef109c2bd75b7a8d83447e382724ec1076237c85b311df47a4fa7ad981e0f3918a093855e9968364c9bd1f385fccf076bc9e61558ddbe969742a860599a87e045b8fd95b0eb11b1f0fbdcb8a4008da5277f071d819791a2f54fc9f676196cf0b3f0e91c6d1586d9bd687c1df1e759e80b0cea66ea75eef5f9e57a36f61670268b8e2ad39561525e73fe2c942d0fb3f53e46695762c0dcee78ca9b2b81cba1c5fa2a736954dedcdf869149c7220be1f4ea53ccd72c3f8f7d9483068d668542023ea9a3d415a2006a5ac5439668c0a211c9d3212d38cdc13c35bf184579955fff0c35b2870af088340d60f744a0806135ce50a123182ab68fa8a89d858eceeed660f1ec5671d6d1be21022c372eabfa4fb1ebe03f7ab2650ec3679507d17611d1cd694be1adb33e591716af45eb1269969aca77be07d18784e2dd1240b6ac67be842afa51ce452f106de37a1e271b37e2904d6276c09eb5915fc8af524ff86e652c2acd33b634d8ba9268b7c278ebb8a92d7a45d97d2e45b4064b55ed5c56d3ed11adc0c", 0xfdef}], 0x1}, 0x48800)
r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
r4 = openat$cgroup_ro(r3, 0x0, 0x275a, 0x0)
write$cgroup_int(r4, &(0x7f0000000200)=0x1, 0x12)
r5 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$kcm(r5, &(0x7f0000000940)={0x0, 0xfffffffffffffeb8, &(0x7f0000000000)=[{&(0x7f0000000140)="d8000000200081044e81f782db44b904021d080207000000810000a1180002000000000000000e1208000f0100810401a8001600200001400300000803600cfab94dcf5c0461c1d67f6f94007134cf6ee08000a0e408e8d8ef075c11503c6bbace8017cb090000001fb791643a5ee4001b146218a07445d6d930dfe1d9d322fe7c9fd68775730d16a4683f5aeb4edbb57a5025ccca9e00360db70100000040fad95667e0060000000000000080bb9ad809d5e1cace81ed0bffece0b42a9ecbee5de6ccd40dd68adbef3d93452a00"/216, 0xd8}], 0x1, 0x0, 0x0, 0x7400}, 0x40000)
ioctl$sock_kcm_SIOCKCMCLONE(r4, 0x89e2, &(0x7f0000000000)={r5})
sendmsg$kcm(r1, &(0x7f0000002dc0)={0x0, 0x0, 0x0}, 0x20000054)

140.32341ms ago: executing program 1 (id=2034):
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
r0 = socket$kcm(0x10, 0x2, 0x0)
r1 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$kcm(r1, &(0x7f0000000600)={0x0, 0x0, &(0x7f00000005c0)=[{&(0x7f0000000380)="2e00000010008188e6b62aa73772cc9f1ba1f848110000005e140602000000000e000a001000000002900000121f", 0x2e}], 0x1}, 0x0)
sendmsg$kcm(r0, &(0x7f0000000600)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000040)="2e00000010008188040f80ec59acbc0413a1f848110000005e140602000000000e000a000f00000002800000121f", 0x2e}], 0x1}, 0x0)

140.040288ms ago: executing program 0 (id=2035):
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000240)='cgroup.controllers\x00', 0x26e1, 0x0)
r1 = socket$kcm(0x2, 0x1000000000000002, 0x0)
setsockopt$sock_attach_bpf(r1, 0x1, 0x3e, &(0x7f00000002c0)=r0, 0x161)
sendmsg$inet(r1, &(0x7f0000007940)={&(0x7f0000000100)={0x2, 0x4e24, @rand_addr=0x20}, 0x10, &(0x7f0000000140)=[{&(0x7f0000000380), 0xff7a}], 0x1, &(0x7f0000007880)=ANY=[@ANYBLOB="1100000000000000004003000100000000000000000000001c00000000000000000f00fd09000000", @ANYRES32=0x0, @ANYBLOB="ac1414bbe0000001000000001c0000000000000000078f0208000000", @ANYRES32=0x0, @ANYBLOB="a00500000000000000000000240000000000000000000000070000009404000044108800000000000000000000000000000000001100000000000000000000000100"/76], 0x98}, 0x810)

139.91481ms ago: executing program 5 (id=2036):
r0 = socket$kcm(0xa, 0x2, 0x88)
sendmsg$kcm(r0, &(0x7f0000000340)={&(0x7f00000002c0)=@in6={0xa, 0x4e23, 0x0, @loopback}, 0x80, 0x0}, 0x200ce0c0)
sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000dc0)=[{&(0x7f0000000040)='dy', 0x2}], 0x1, 0x0, 0x0, 0x4a0f0000}, 0x40801)

54.80162ms ago: executing program 6 (id=2037):
r0 = socket$kcm(0xa, 0x922000000003, 0x11)
setsockopt$sock_attach_bpf(r0, 0x29, 0x24, &(0x7f00000000c0), 0x4)
sendmsg$kcm(r0, &(0x7f0000000000)={&(0x7f00000002c0)=@l2tp6={0xa, 0x0, 0x0, @mcast1}, 0x80, &(0x7f0000000080)=[{&(0x7f0000000340)="f4001100032b2c25fe8007000000007a2c0800000009000000032b00"/40, 0x5dc}], 0x1}, 0x0)

0s ago: executing program 0 (id=2038):
socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000001c0)={<r0=>0xffffffffffffffff})
close(r0)

kernel console output (not intermixed with test programs):

Vendor=0525, idProduct=a4a8, bcdDevice= 0.40
[  388.233700][ T5954] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  388.265904][ T8792] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22
[  388.498578][ T5954] usblp 3-1:1.0: usblp0: USB Unidirectional printer dev 19 if 0 alt 5 proto 1 vid 0x0525 pid 0xA4A8
[  390.683791][ T5894] usb 3-1: USB disconnect, device number 19
[  390.717599][ T5894] usblp0: removed
[  393.977582][ T8860] evm: overlay not supported
[  396.447887][ T8893] netlink: 24 bytes leftover after parsing attributes in process `syz.0.751'.
[  396.505948][ T8891] fuse: Unknown parameter ''
[  396.563712][ T5954] usb 3-1: new high-speed USB device number 20 using dummy_hcd
[  396.736913][ T5954] usb 3-1: unable to get BOS descriptor or descriptor too short
[  396.756154][ T5954] usb 3-1: config 3 has an invalid descriptor of length 0, skipping remainder of the config
[  396.798787][ T5954] usb 3-1: New USB device found, idVendor=0cf3, idProduct=1010, bcdDevice=26.db
[  396.810902][ T5954] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  396.839061][ T5954] usb 3-1: Product: syz
[  396.863746][ T5954] usb 3-1: Manufacturer: syz
[  396.891052][ T5954] usb 3-1: SerialNumber: syz
[  397.746474][ T5954] usb 3-1: can't set config #3, error -71
[  397.775593][ T5954] usb 3-1: USB disconnect, device number 20
[  397.883947][ T5901] usb 2-1: new high-speed USB device number 23 using dummy_hcd
[  398.043853][ T5901] usb 2-1: Using ep0 maxpacket: 32
[  398.052015][ T5901] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  398.085524][ T5901] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  398.105881][ T5901] usb 2-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40
[  398.125479][ T5901] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  398.154596][ T5901] usb 2-1: config 0 descriptor??
[  398.175787][ T5901] hub 2-1:0.0: USB hub found
[  398.273531][ T8921] xt_hashlimit: max too large, truncated to 1048576
[  398.505223][ T5901] hub 2-1:0.0: 2 ports detected
[  400.251851][ T5901] hub 2-1:0.0: hub_hub_status failed (err = -71)
[  400.270148][ T5901] hub 2-1:0.0: config failed, can't get hub status (err -71)
[  400.376905][ T5901] usbhid 2-1:0.0: can't add hid device: -71
[  400.476792][ T5901] usbhid 2-1:0.0: probe with driver usbhid failed with error -71
[  400.556039][ T5901] usb 2-1: USB disconnect, device number 23
[  401.134033][ T8955] team_slave_0: entered promiscuous mode
[  401.139964][ T8955] team_slave_1: entered promiscuous mode
[  401.165780][ T8955] 8021q: adding VLAN 0 to HW filter on device macvtap1
[  401.194015][ T8955] team0: Device macvtap1 is already an upper device of the team interface
[  401.279751][ T8955] team_slave_0: left promiscuous mode
[  401.286810][ T8955] team_slave_1: left promiscuous mode
[  402.055368][ T8958] netlink: 60 bytes leftover after parsing attributes in process `syz.0.770'.
[  402.175985][ T8958] netlink: 36 bytes leftover after parsing attributes in process `syz.0.770'.
[  402.533518][ T8962] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  402.583232][ T8962] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  402.856185][    T9] usb 5-1: new high-speed USB device number 18 using dummy_hcd
[  403.512243][ T8973] netlink: 'syz.1.773': attribute type 10 has an invalid length.
[  403.531589][ T8973] team0: Device hsr_slave_0 failed to register rx_handler
[  404.277303][    T9] usb 5-1: device descriptor read/all, error -71
[  408.076396][ T9026] netlink: 32 bytes leftover after parsing attributes in process `syz.4.789'.
[  409.673035][ T9045] kvm: apic: phys broadcast and lowest prio
[  411.180448][   T30] audit: type=1800 audit(1755786890.708:4): pid=9055 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz.4.797" name="bus" dev="overlay" ino=852 res=0 errno=0
[  411.854681][ T9066] openvswitch: netlink: Message has 1 unknown bytes.
[  411.863223][ T9066] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  416.053262][ T9104] netlink: zone id is out of range
[  416.066179][ T9104] netlink: zone id is out of range
[  416.076247][ T9104] netlink: zone id is out of range
[  416.086964][ T9104] netlink: zone id is out of range
[  416.093245][ T9104] netlink: zone id is out of range
[  416.103272][ T9104] netlink: zone id is out of range
[  416.109725][ T9104] netlink: zone id is out of range
[  416.110358][ T9108] libceph: resolve '400' (ret=-3): failed
[  416.125783][ T9108] tc_dump_action: action bad kind
[  416.143808][ T9104] netlink: zone id is out of range
[  418.193670][ T5922] usb 3-1: new high-speed USB device number 21 using dummy_hcd
[  418.513765][ T5922] usb 3-1: Using ep0 maxpacket: 8
[  419.230565][ T5922] usb 3-1: config 0 has no interfaces?
[  419.254564][ T5922] usb 3-1: New USB device found, idVendor=058f, idProduct=3820, bcdDevice=e0.0e
[  419.273684][ T5922] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  419.281989][ T5922] usb 3-1: Product: syz
[  419.286290][ T5922] usb 3-1: Manufacturer: syz
[  419.290942][ T5922] usb 3-1: SerialNumber: syz
[  419.306813][ T5922] usb 3-1: config 0 descriptor??
[  419.426936][ T9138] netlink: 'syz.3.821': attribute type 1 has an invalid length.
[  419.557790][ T5901] usb 3-1: USB disconnect, device number 21
[  419.580291][   T30] audit: type=1326 audit(1755786899.108:5): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9139 comm="syz.3.822" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f5fbb98ebe9 code=0x0
[  419.972646][ T9146] syz.1.823: attempt to access beyond end of device
[  419.972646][ T9146] nbd1: rw=0, sector=64, nr_sectors = 8 limit=0
[  419.986953][ T9146] syz.1.823: attempt to access beyond end of device
[  419.986953][ T9146] nbd1: rw=0, sector=120, nr_sectors = 8 limit=0
[  420.000406][ T9146] Mount JFS Failure: -5
[  421.299472][ T9162] xt_SECMARK: only valid in 'mangle' or 'security' table, not 'filter'
[  421.945041][ T9164] kvm: apic: phys broadcast and lowest prio
[  423.708341][   T30] audit: type=1326 audit(1755786903.228:6): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9177 comm="syz.3.832" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f5fbb98ebe9 code=0x0
[  424.661088][ T9198] tipc: Enabling of bearer <udp:syz2> rejected, already enabled
[  424.678622][ T9198] netlink: 12 bytes leftover after parsing attributes in process `syz.3.837'.
[  424.843901][    T9] usb 3-1: new high-speed USB device number 22 using dummy_hcd
[  425.034114][    T9] usb 3-1: Using ep0 maxpacket: 32
[  425.045113][    T9] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  425.085286][    T9] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  425.128825][    T9] usb 3-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40
[  425.207721][ T9208] netlink: 'syz.1.835': attribute type 21 has an invalid length.
[  425.216798][ T9208] netlink: 128 bytes leftover after parsing attributes in process `syz.1.835'.
[  425.218015][    T9] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  425.260233][ T9208] netlink: 'syz.1.835': attribute type 5 has an invalid length.
[  425.522027][ T9208] netlink: 3 bytes leftover after parsing attributes in process `syz.1.835'.
[  425.847565][    T9] usb 3-1: config 0 descriptor??
[  425.863391][    T9] hub 3-1:0.0: USB hub found
[  426.199132][    T9] hub 3-1:0.0: 2 ports detected
[  426.673655][ T9215] netlink: 12 bytes leftover after parsing attributes in process `syz.0.841'.
[  427.745962][    T9] hub 3-1:0.0: hub_hub_status failed (err = -71)
[  427.753119][    T9] hub 3-1:0.0: config failed, can't get hub status (err -71)
[  427.782619][    T9] usbhid 3-1:0.0: can't add hid device: -71
[  427.797223][    T9] usbhid 3-1:0.0: probe with driver usbhid failed with error -71
[  427.866209][    T9] usb 3-1: USB disconnect, device number 22
[  428.398859][ T9231] kvm: apic: phys broadcast and lowest prio
[  430.536571][ T9263] netlink: 24 bytes leftover after parsing attributes in process `syz.3.847'.
[  431.572835][ T9270] tipc: Enabling of bearer <udp:syz2> rejected, already enabled
[  431.727062][ T9270] netlink: 12 bytes leftover after parsing attributes in process `syz.1.855'.
[  432.426151][ T9277] netlink: 'syz.2.854': attribute type 21 has an invalid length.
[  432.439208][ T9277] netlink: 128 bytes leftover after parsing attributes in process `syz.2.854'.
[  432.635801][ T9277] netlink: 'syz.2.854': attribute type 5 has an invalid length.
[  432.643725][ T9277] netlink: 3 bytes leftover after parsing attributes in process `syz.2.854'.
[  433.060043][ T9284] netlink: 12 bytes leftover after parsing attributes in process `syz.1.859'.
[  433.292772][ T9289] netlink: 'syz.3.861': attribute type 8 has an invalid length.
[  435.585457][ T9321] --map-set only usable from mangle table
[  435.731094][ T9320] netlink: 'syz.0.870': attribute type 10 has an invalid length.
[  436.075170][ T9320] 8021q: adding VLAN 0 to HW filter on device bond0
[  436.084261][ T9320] team0: Port device bond0 added
[  436.321952][ T9327] bond0: entered promiscuous mode
[  436.327614][ T9327] bond_slave_0: entered promiscuous mode
[  436.339143][ T9327] bond_slave_1: entered promiscuous mode
[  438.171242][ T9350] syz.4.878: attempt to access beyond end of device
[  438.171242][ T9350] nbd4: rw=6144, sector=128, nr_sectors = 8 limit=0
[  438.184768][ T9350] gfs2: error -5 reading superblock
[  438.444355][ T9355] overlayfs: conflicting options: nfs_export=on,index=off
[  438.511775][ T9352] kvm: pic: non byte write
[  438.833282][ T9355] serio: Serial port pty28
[  439.285736][ T9365] netlink: 'syz.1.877': attribute type 21 has an invalid length.
[  439.304270][ T9365] netlink: 128 bytes leftover after parsing attributes in process `syz.1.877'.
[  439.350277][ T9365] netlink: 'syz.1.877': attribute type 5 has an invalid length.
[  439.368908][ T9365] netlink: 3 bytes leftover after parsing attributes in process `syz.1.877'.
[  439.478047][ T9367] Cannot find del_set index 2 as target
[  440.728991][ T9376] netlink: 32 bytes leftover after parsing attributes in process `syz.0.885'.
[  440.855853][ T9382] netlink: 'syz.4.886': attribute type 10 has an invalid length.
[  440.887110][ T9382] netlink: 40 bytes leftover after parsing attributes in process `syz.4.886'.
[  440.911499][ T9382] team0: Device geneve0 is up. Set it down before adding it as a team port
[  440.926654][ T9382] net_ratelimit: 6 callbacks suppressed
[  440.926674][ T9382] A link change request failed with some changes committed already. Interface geneve0 may have been left with an inconsistent configuration, please check.
[  441.259993][ T9389] syzkaller1: tun_chr_ioctl cmd 1074812118
[  441.508433][ T9393] FAULT_INJECTION: forcing a failure.
[  441.508433][ T9393] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  441.550408][ T9393] CPU: 1 UID: 0 PID: 9393 Comm: syz.1.892 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) 
[  441.550441][ T9393] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  441.550456][ T9393] Call Trace:
[  441.550465][ T9393]  <TASK>
[  441.550475][ T9393]  dump_stack_lvl+0x189/0x250
[  441.550508][ T9393]  ? __pfx____ratelimit+0x10/0x10
[  441.550534][ T9393]  ? __pfx_dump_stack_lvl+0x10/0x10
[  441.550559][ T9393]  ? __pfx__printk+0x10/0x10
[  441.550601][ T9393]  should_fail_ex+0x414/0x560
[  441.550633][ T9393]  _copy_to_user+0x31/0xb0
[  441.550667][ T9393]  simple_read_from_buffer+0xe1/0x170
[  441.550697][ T9393]  proc_fail_nth_read+0x1df/0x250
[  441.550729][ T9393]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  441.550760][ T9393]  ? rw_verify_area+0x258/0x650
[  441.550794][ T9393]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  441.550824][ T9393]  vfs_read+0x200/0x980
[  441.550872][ T9393]  ? __pfx___mutex_lock+0x10/0x10
[  441.550899][ T9393]  ? __pfx_vfs_read+0x10/0x10
[  441.550935][ T9393]  ? __fget_files+0x2a/0x420
[  441.550966][ T9393]  ? __fget_files+0x3a0/0x420
[  441.550990][ T9393]  ? __fget_files+0x2a/0x420
[  441.551025][ T9393]  ksys_read+0x145/0x250
[  441.551049][ T9393]  ? __pfx_ksys_read+0x10/0x10
[  441.551067][ T9393]  ? rcu_is_watching+0x15/0xb0
[  441.551097][ T9393]  ? do_syscall_64+0xbe/0x3b0
[  441.551127][ T9393]  do_syscall_64+0xfa/0x3b0
[  441.551150][ T9393]  ? lockdep_hardirqs_on+0x9c/0x150
[  441.551172][ T9393]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  441.551194][ T9393]  ? clear_bhb_loop+0x60/0xb0
[  441.551221][ T9393]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  441.551242][ T9393] RIP: 0033:0x7fdc28d8d5fc
[  441.551262][ T9393] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[  441.551281][ T9393] RSP: 002b:00007fdc29c81030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  441.551304][ T9393] RAX: ffffffffffffffda RBX: 00007fdc28fb5fa0 RCX: 00007fdc28d8d5fc
[  441.551320][ T9393] RDX: 000000000000000f RSI: 00007fdc29c810a0 RDI: 000000000000000b
[  441.551334][ T9393] RBP: 00007fdc29c81090 R08: 0000000000000000 R09: 0000000000000000
[  441.551348][ T9393] R10: 0000000080000000 R11: 0000000000000246 R12: 0000000000000001
[  441.551362][ T9393] R13: 00007fdc28fb6038 R14: 00007fdc28fb5fa0 R15: 00007ffc14b81fc8
[  441.551398][ T9393]  </TASK>
[  444.911376][ T9415] netlink: 'syz.0.896': attribute type 10 has an invalid length.
[  444.923723][    T9] usb 5-1: new high-speed USB device number 20 using dummy_hcd
[  444.927347][ T9415] bond0: (slave wlan1): Opening slave failed
[  445.193024][ T5922] usb 2-1: new high-speed USB device number 24 using dummy_hcd
[  445.204342][    T9] usb 5-1: config 0 has an invalid interface number: 73 but max is 0
[  445.269792][    T9] usb 5-1: config 0 has no interface number 0
[  445.332539][    T9] usb 5-1: New USB device found, idVendor=06f8, idProduct=300c, bcdDevice=39.64
[  445.401928][    T9] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  445.434867][ T1299] ieee802154 phy0 wpan0: encryption failed: -22
[  445.441474][ T1299] ieee802154 phy1 wpan1: encryption failed: -22
[  445.459387][ T5922] usb 2-1: Using ep0 maxpacket: 8
[  445.485864][    T9] usb 5-1: Product: syz
[  445.518974][ T5922] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  445.531532][    T9] usb 5-1: Manufacturer: syz
[  445.566539][    T9] usb 5-1: SerialNumber: syz
[  445.606649][ T5922] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  445.652360][    T9] usb 5-1: config 0 descriptor??
[  445.659155][ T5922] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 5
[  445.679254][ T5922] usb 2-1: New USB device found, idVendor=046d, idProduct=c293, bcdDevice= 0.00
[  445.703092][ T5922] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  445.725764][ T5922] usb 2-1: config 0 descriptor??
[  445.877508][ T9401] delete_channel: no stack
[  445.883022][    T9] usb 5-1: USB disconnect, device number 20
[  446.156547][ T5922] logitech 0003:046D:C293.0003: nested delimiters
[  446.163734][ T5922] logitech 0003:046D:C293.0003: item 0 4 2 10 parsing failed
[  446.171809][ T5922] logitech 0003:046D:C293.0003: parse failed
[  446.178103][ T5922] logitech 0003:046D:C293.0003: probe with driver logitech failed with error -22
[  446.791064][ T9421] xt_hashlimit: max too large, truncated to 1048576
[  447.500960][ T5922] usb 2-1: USB disconnect, device number 24
[  448.249073][ T9436] netlink: 'syz.4.901': attribute type 21 has an invalid length.
[  448.257179][ T9436] netlink: 128 bytes leftover after parsing attributes in process `syz.4.901'.
[  448.266576][ T9436] netlink: 'syz.4.901': attribute type 5 has an invalid length.
[  448.274744][ T9436] netlink: 3 bytes leftover after parsing attributes in process `syz.4.901'.
[  449.283663][ T9440] netlink: 'syz.1.902': attribute type 7 has an invalid length.
[  449.537406][ T9440] : entered promiscuous mode
[  449.795544][ T9445] tipc: Enabling of bearer <udp:syz2> rejected, already enabled
[  449.805849][ T9445] netlink: 12 bytes leftover after parsing attributes in process `syz.0.906'.
[  449.877340][ T9432] netlink: 16 bytes leftover after parsing attributes in process `syz.1.902'.
[  449.914935][ T9449] tipc: Enabling of bearer <udp:syz2> rejected, already enabled
[  449.927997][ T9449] netlink: 12 bytes leftover after parsing attributes in process `syz.3.907'.
[  450.242577][ T9458] misc userio: No port type given on /dev/userio
[  452.165138][ T9481] netlink: 'syz.0.915': attribute type 21 has an invalid length.
[  452.173129][ T9481] netlink: 128 bytes leftover after parsing attributes in process `syz.0.915'.
[  452.182970][ T9481] netlink: 'syz.0.915': attribute type 5 has an invalid length.
[  452.190844][ T9481] netlink: 3 bytes leftover after parsing attributes in process `syz.0.915'.
[  452.719296][ T9484] kvm: apic: phys broadcast and lowest prio
[  459.398058][ T9536] libceph: resolve '400' (ret=-3): failed
[  459.414224][ T9536] tc_dump_action: action bad kind
[  459.793002][ T5847] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[  459.803302][ T5847] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[  459.813137][ T5847] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[  459.826329][ T5847] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[  459.836112][ T5847] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[  459.881852][ T5846] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[  459.890476][ T5846] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[  459.900219][ T5846] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[  459.909591][ T5846] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[  459.917745][ T5846] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[  460.360223][ T9547] chnl_net:caif_netlink_parms(): no params data found
[  460.533477][ T9547] bridge0: port 1(bridge_slave_0) entered blocking state
[  460.548833][ T9547] bridge0: port 1(bridge_slave_0) entered disabled state
[  460.558293][ T9547] bridge_slave_0: entered allmulticast mode
[  460.567407][ T9547] bridge_slave_0: entered promiscuous mode
[  460.588828][ T9547] bridge0: port 2(bridge_slave_1) entered blocking state
[  460.611438][ T9547] bridge0: port 2(bridge_slave_1) entered disabled state
[  460.621983][ T9547] bridge_slave_1: entered allmulticast mode
[  460.639963][ T9547] bridge_slave_1: entered promiscuous mode
[  460.702266][ T9547] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  461.004049][ T9547] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  461.491538][ T9578] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  461.974102][ T5846] Bluetooth: hci1: command tx timeout
[  462.007141][ T9547] team0: Port device team_slave_0 added
[  462.047257][ T9547] team0: Port device team_slave_1 added
[  462.876903][ T9547] batman_adv: batadv0: Adding interface: batadv_slave_0
[  462.919515][ T9547] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  463.033663][ T9547] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  463.049254][ T9596] libceph: resolve '400' (ret=-3): failed
[  463.084325][ T9596] tc_dump_action: action bad kind
[  463.098800][ T9547] batman_adv: batadv0: Adding interface: batadv_slave_1
[  463.110604][ T9547] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  463.136687][    C1] vkms_vblank_simulate: vblank timer overrun
[  463.203776][ T9547] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  463.580224][ T9547] hsr_slave_0: entered promiscuous mode
[  463.596726][ T9547] hsr_slave_1: entered promiscuous mode
[  463.619536][ T9547] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  463.643282][ T9547] Cannot create hsr debugfs directory
[  463.733800][ T5955] usb 5-1: new high-speed USB device number 21 using dummy_hcd
[  463.946441][ T5955] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  463.966730][ T5955] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 2
[  464.005306][ T5955] usb 5-1: config 1 has no interface number 0
[  464.011647][ T5955] usb 5-1: config 1 interface 1 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  464.043347][ T5955] usb 5-1: Duplicate descriptor for config 1 interface 1 altsetting 0, skipping
[  464.064158][ T5846] Bluetooth: hci1: command tx timeout
[  464.079757][ T5955] usb 5-1: config 1 interface 1 altsetting 1 has 0 endpoint descriptors, different from the interface descriptor's value: 2
[  464.351962][ T9610] 9pnet: Could not find request transport: fd0x00000000000000030x0000000000000005
[  464.404531][ T5955] usb 5-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  464.414038][ T5955] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  464.422485][ T5955] usb 5-1: Product: syz
[  464.443998][ T5955] usb 5-1: Manufacturer: syz
[  464.491279][ T5955] usb 5-1: SerialNumber: syz
[  464.617769][ T9547] netdevsim netdevsim5 netdevsim0: renamed from eth0
[  464.682586][ T9547] netdevsim netdevsim5 netdevsim1: renamed from eth1
[  464.738992][ T9547] netdevsim netdevsim5 netdevsim2: renamed from eth2
[  464.761153][ T9547] netdevsim netdevsim5 netdevsim3: renamed from eth3
[  464.798274][ T9601] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  464.836369][ T9601] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  465.043070][ T9547] 8021q: adding VLAN 0 to HW filter on device bond0
[  465.094648][ T9547] 8021q: adding VLAN 0 to HW filter on device team0
[  465.141105][ T6261] bridge0: port 1(bridge_slave_0) entered blocking state
[  465.148440][ T6261] bridge0: port 1(bridge_slave_0) entered forwarding state
[  465.231182][ T6261] bridge0: port 2(bridge_slave_1) entered blocking state
[  465.238644][ T6261] bridge0: port 2(bridge_slave_1) entered forwarding state
[  465.447723][ T9632] netlink: 'syz.0.957': attribute type 21 has an invalid length.
[  466.138535][ T5846] Bluetooth: hci1: command tx timeout
[  466.155332][ T5955] cdc_ncm 5-1:1.1: bind() failure
[  466.166682][ T9633] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  466.218638][ T9633] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  466.367058][ T5955] usb 5-1: USB disconnect, device number 21
[  467.907817][ T9547] 8021q: adding VLAN 0 to HW filter on device batadv0
[  467.927720][ T9655] 9pnet_fd: Insufficient options for proto=fd
[  468.214298][ T5846] Bluetooth: hci1: command tx timeout
[  469.107353][ T9547] veth0_vlan: entered promiscuous mode
[  469.138317][ T9547] veth1_vlan: entered promiscuous mode
[  469.227389][ T9547] veth0_macvtap: entered promiscuous mode
[  469.248552][ T9547] veth1_macvtap: entered promiscuous mode
[  469.271997][ T9678] netlink: 'syz.0.969': attribute type 3 has an invalid length.
[  469.759592][ T9547] batman_adv: batadv0: Interface activated: batadv_slave_0
[  469.848493][ T9547] batman_adv: batadv0: Interface activated: batadv_slave_1
[  469.899927][ T9547] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  469.922290][ T9547] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  469.933477][ T9547] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  469.948002][ T9547] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  470.151607][   T37] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  470.172482][   T37] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  470.229921][ T6261] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  470.240152][ T6261] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  470.353185][ T9700] netlink: 'syz.3.976': attribute type 1 has an invalid length.
[  470.684976][ T9700] 8021q: adding VLAN 0 to HW filter on device bond2
[  470.839933][ T9711] netlink: 'syz.5.927': attribute type 21 has an invalid length.
[  470.848007][ T9711] netlink: 128 bytes leftover after parsing attributes in process `syz.5.927'.
[  471.386273][ T9712] netlink: 28 bytes leftover after parsing attributes in process `syz.3.976'.
[  471.394837][ T9700] bond1: (slave bond2): making interface the new active one
[  471.419062][ T9700] bond1: (slave bond2): Enslaving as an active interface with an up link
[  471.474859][ T9705] bond1: (slave gretap1): Enslaving as a backup interface with an up link
[  471.483880][ T9711] netlink: 'syz.5.927': attribute type 5 has an invalid length.
[  471.491697][ T9711] netlink: 3 bytes leftover after parsing attributes in process `syz.5.927'.
[  471.648163][ T9712] 8021q: adding VLAN 0 to HW filter on device bond1
[  471.813324][ T9718] libceph: resolve '400' (ret=-3): failed
[  471.851490][ T9718] tc_dump_action: action bad kind
[  472.495080][ T5922] usb 5-1: new high-speed USB device number 22 using dummy_hcd
[  472.666264][ T5922] usb 5-1: Using ep0 maxpacket: 32
[  472.795070][ T5922] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  473.068312][ T5922] usb 5-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 2
[  473.163374][ T5922] usb 5-1: New USB device found, idVendor=06cd, idProduct=0112, bcdDevice=d2.a2
[  473.177564][ T5922] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  473.191921][ T9731] netlink: 168 bytes leftover after parsing attributes in process `syz.3.981'.
[  473.345709][ T5922] usb 5-1: Product: syz
[  473.350682][ T5922] usb 5-1: Manufacturer: syz
[  473.355416][ T5922] usb 5-1: SerialNumber: syz
[  473.374719][ T5922] usb 5-1: config 0 descriptor??
[  473.382677][ T5922] keyspan 5-1:0.0: Keyspan 1 port adapter converter detected
[  473.442413][ T5922] keyspan 5-1:0.0: found no endpoint descriptor for endpoint 87
[  473.481780][ T5922] keyspan 5-1:0.0: found no endpoint descriptor for endpoint 7
[  473.525217][ T5922] keyspan 5-1:0.0: found no endpoint descriptor for endpoint 81
[  473.533147][ T5922] keyspan 5-1:0.0: found no endpoint descriptor for endpoint 1
[  473.603711][ T5922] keyspan 5-1:0.0: found no endpoint descriptor for endpoint 2
[  473.611440][ T5922] keyspan 5-1:0.0: found no endpoint descriptor for endpoint 85
[  473.647885][ T9737] fuse: Bad value for 'fd'
[  473.657075][ T5922] keyspan 5-1:0.0: found no endpoint descriptor for endpoint 5
[  474.447007][ T9743] input: syz0 as /devices/virtual/input/input13
[  474.661082][ T9743] netlink: 24 bytes leftover after parsing attributes in process `syz.5.985'.
[  475.003745][ T5901] usb 6-1: new full-speed USB device number 2 using dummy_hcd
[  475.200026][ T5901] usb 6-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xA3, changing to 0x83
[  475.243676][ T5901] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 10
[  475.278611][ T5901] usb 6-1: New USB device found, idVendor=0cf3, idProduct=9374, bcdDevice=bc.3b
[  475.303931][ T5901] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  475.345365][ T5901] usb 6-1: config 0 descriptor??
[  475.422614][ T5922] usb 5-1: Keyspan 1 port adapter converter now attached to ttyUSB0
[  475.434187][ T5922] usb 5-1: USB disconnect, device number 22
[  475.446237][ T5922] keyspan_1 ttyUSB0: Keyspan 1 port adapter converter now disconnected from ttyUSB0
[  475.456524][ T5922] keyspan 5-1:0.0: device disconnected
[  475.588852][ T5901] ath6kl: Failed to submit usb control message: -71
[  475.645382][ T5901] ath6kl: unable to send the bmi data to the device: -71
[  475.694010][ T5901] ath6kl: Unable to send get target info: -71
[  475.769566][ T5901] ath6kl: Failed to init ath6kl core: -71
[  475.844687][ T5901] ath6kl_usb 6-1:0.0: probe with driver ath6kl_usb failed with error -71
[  475.927347][ T5901] usb 6-1: USB disconnect, device number 2
[  476.125960][ T9773] netlink: 16 bytes leftover after parsing attributes in process `syz.3.997'.
[  476.379001][ T9780] bond0: entered promiscuous mode
[  476.384914][ T9780] bond_slave_0: entered promiscuous mode
[  476.404761][ T9780] bond_slave_1: entered promiscuous mode
[  477.223771][ T5901] usb 2-1: new high-speed USB device number 25 using dummy_hcd
[  477.397172][ T5901] usb 2-1: config 0 has an invalid interface number: 173 but max is 0
[  477.405944][ T5901] usb 2-1: config 0 has no interface number 0
[  477.412803][ T5901] usb 2-1: New USB device found, idVendor=093b, idProduct=a102, bcdDevice= 0.01
[  477.423138][ T5901] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  477.438251][ T5901] usb 2-1: config 0 descriptor??
[  477.458473][ T5901] go7007 2-1:0.173: probe with driver go7007 failed with error -12
[  479.959550][ T9808] 9pnet_fd: Insufficient options for proto=fd
[  482.910293][ T5955] usb 2-1: USB disconnect, device number 25
[  483.711917][ T9841] netlink: 340 bytes leftover after parsing attributes in process `syz.0.1017'.
[  483.726970][ T9841] netlink: 48 bytes leftover after parsing attributes in process `syz.0.1017'.
[  483.729911][ T9840] vxcan1 speed is unknown, defaulting to 1000
[  483.752997][ T9840] vxcan1 speed is unknown, defaulting to 1000
[  483.753865][ T9842] netlink: 'syz.1.1016': attribute type 13 has an invalid length.
[  483.761182][ T9840] vxcan1 speed is unknown, defaulting to 1000
[  484.125402][   T55] usb 5-1: new high-speed USB device number 23 using dummy_hcd
[  484.231274][ T9850] Invalid source name
[  484.235460][ T9850] UBIFS error (pid: 9850): cannot open "./file0", error -22
[  484.257115][ T9850] binder: 9839:9850 ioctl 40046210 0 returned -14
[  484.363798][   T55] usb 5-1: Using ep0 maxpacket: 32
[  484.428399][   T55] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  484.803655][   T55] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  484.838999][   T55] usb 5-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40
[  484.863712][   T55] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  484.895159][   T55] usb 5-1: config 0 descriptor??
[  484.907321][   T55] hub 5-1:0.0: USB hub found
[  484.976675][ T9842] 8021q: adding VLAN 0 to HW filter on device bond0
[  485.007995][ T9842] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  485.184510][   T55] hub 5-1:0.0: 2 ports detected
[  485.541780][ T9840] infiniband syz2: set active
[  485.543895][ T5894] vxcan1 speed is unknown, defaulting to 1000
[  485.547427][ T9840] infiniband syz2: added vxcan1
[  485.561229][ T9840] syz2: rxe_create_cq: returned err = -12
[  485.567866][ T9840] infiniband syz2: Couldn't create ib_mad CQ
[  485.575934][ T9840] infiniband syz2: Couldn't open port 1
[  486.527942][   T55] hub 5-1:0.0: hub_hub_status failed (err = -32)
[  486.553834][   T55] hub 5-1:0.0: config failed, can't get hub status (err -32)
[  486.773800][ T9861] kvm: apic: phys broadcast and lowest prio
[  487.570261][ T9840] RDS/IB: syz2: added
[  487.588452][ T9840] smc: adding ib device syz2 with port count 1
[  487.625714][ T9840] smc:    ib device syz2 port 1 has pnetid 
[  487.662215][ T5894] vxcan1 speed is unknown, defaulting to 1000
[  487.696969][ T9840] vxcan1 speed is unknown, defaulting to 1000
[  487.721449][   T55] usbhid 5-1:0.0: can't add hid device: -71
[  487.721575][   T55] usbhid 5-1:0.0: probe with driver usbhid failed with error -71
[  487.755626][   T55] usb 5-1: USB disconnect, device number 23
[  488.402517][ T9840] vxcan1 speed is unknown, defaulting to 1000
[  490.429686][ T9895] vxcan1 speed is unknown, defaulting to 1000
[  490.463304][ T9898] netfs: Couldn't get user pages (rc=-14)
[  490.689089][ T9840] vxcan1 speed is unknown, defaulting to 1000
[  491.291782][ T9840] vxcan1 speed is unknown, defaulting to 1000
[  491.676921][ T9910] netlink: 56 bytes leftover after parsing attributes in process `syz.3.1037'.
[  491.677269][ T9910] ipvlan1: entered promiscuous mode
[  491.677295][ T9910] ipvlan1: entered allmulticast mode
[  491.677311][ T9910] veth0_vlan: entered allmulticast mode
[  491.703721][ T9840] vxcan1 speed is unknown, defaulting to 1000
[  493.632884][ T9931] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1042'.
[  493.645146][ T9923] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1040'.
[  493.789179][ T9840] vxcan1 speed is unknown, defaulting to 1000
[  493.827213][    T9] usb 2-1: new high-speed USB device number 26 using dummy_hcd
[  494.173677][    T9] usb 2-1: device descriptor read/64, error -71
[  494.355192][ T9941] netlink: 'syz.4.1043': attribute type 21 has an invalid length.
[  494.363318][ T9941] netlink: 128 bytes leftover after parsing attributes in process `syz.4.1043'.
[  494.372880][ T9941] netlink: 'syz.4.1043': attribute type 5 has an invalid length.
[  494.384501][ T9941] netlink: 3 bytes leftover after parsing attributes in process `syz.4.1043'.
[  495.153647][    T9] usb 2-1: new high-speed USB device number 27 using dummy_hcd
[  495.173492][ T9946] fuse: Bad value for 'fd'
[  495.303828][    T9] usb 2-1: device descriptor read/64, error -71
[  495.424354][    T9] usb usb2-port1: attempt power cycle
[  495.783818][    T9] usb 2-1: new high-speed USB device number 28 using dummy_hcd
[  495.854143][    T9] usb 2-1: device descriptor read/8, error -71
[  496.817352][ T9960] sctp: failed to load transform for md5: -2
[  496.873809][ T9962] sctp: failed to load transform for md5: -2
[  497.010080][ T9974] overlayfs: conflicting options: nfs_export=on,index=off
[  500.091962][ T9997] libceph: resolve '400' (ret=-3): failed
[  500.145961][ T9994] tc_dump_action: action bad kind
[  500.221366][T10003] overlayfs: failed to clone upperpath
[  502.283494][T10012] vxcan1 speed is unknown, defaulting to 1000
[  504.408838][    T9] usb 5-1: new high-speed USB device number 24 using dummy_hcd
[  504.587227][    T9] usb 5-1: Using ep0 maxpacket: 16
[  504.600679][    T9] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x83 has invalid wMaxPacketSize 0
[  504.629852][    T9] usb 5-1: New USB device found, idVendor=134c, idProduct=0002, bcdDevice=ec.7e
[  504.652586][    T9] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  504.685905][    T9] usb 5-1: Product: syz
[  504.700483][    T9] usb 5-1: Manufacturer: syz
[  504.720809][    T9] usb 5-1: SerialNumber: syz
[  504.755017][    T9] usb 5-1: config 0 descriptor??
[  504.777384][    T9] hub 5-1:0.0: bad descriptor, ignoring hub
[  504.792135][    T9] hub 5-1:0.0: probe with driver hub failed with error -5
[  504.822480][    T9] input: syz syz as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/input/input14
[  506.053298][T10076] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  506.235104][T10076] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  506.873202][ T1299] ieee802154 phy0 wpan0: encryption failed: -22
[  506.880727][ T1299] ieee802154 phy1 wpan1: encryption failed: -22
[  508.456236][   T24] usb 6-1: new high-speed USB device number 3 using dummy_hcd
[  508.628063][T10117] netlink: 24 bytes leftover after parsing attributes in process `syz.3.1087'.
[  508.724686][T10118] netlink: 'syz.0.1083': attribute type 21 has an invalid length.
[  508.801067][T10118] netlink: 128 bytes leftover after parsing attributes in process `syz.0.1083'.
[  508.843615][   T24] usb 6-1: Using ep0 maxpacket: 32
[  508.851288][   T24] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  508.863062][T10118] netlink: 'syz.0.1083': attribute type 5 has an invalid length.
[  508.863089][T10118] netlink: 3 bytes leftover after parsing attributes in process `syz.0.1083'.
[  509.470786][   T24] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  509.482431][   T24] usb 6-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40
[  509.491663][   T24] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  509.513797][   T24] usb 6-1: config 0 descriptor??
[  509.523676][   T24] hub 6-1:0.0: USB hub found
[  509.931677][   T24] hub 6-1:0.0: 2 ports detected
[  510.093009][ T5922] usb 2-1: new high-speed USB device number 30 using dummy_hcd
[  510.276038][ T5922] usb 2-1: config 1 has 0 interfaces, different from the descriptor's value: 1
[  510.300571][ T5922] usb 2-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08
[  510.323951][ T5922] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  510.332079][ T5922] usb 2-1: Product: syz
[  510.354070][ T5922] usb 2-1: Manufacturer: syz
[  510.360349][ T5922] usb 2-1: SerialNumber: syz
[  510.698184][T10143] 9pnet_fd: Insufficient options for proto=fd
[  510.966290][T10148] overlayfs: conflicting options: nfs_export=on,index=off
[  511.015762][   T24] hub 6-1:0.0: hub_hub_status failed (err = -32)
[  511.024134][   T24] hub 6-1:0.0: config failed, can't get hub status (err -32)
[  511.056159][   T24] usbhid 6-1:0.0: can't add hid device: -32
[  511.066801][   T24] usbhid 6-1:0.0: probe with driver usbhid failed with error -32
[  511.106300][   T24] usb 6-1: USB disconnect, device number 3
[  512.206219][ T5922] usb 2-1: USB disconnect, device number 30
[  512.546634][ T5954] usb 5-1: USB disconnect, device number 24
[  512.591505][T10166] fuse: Unknown parameter '<�a_„$íKqC'
[  514.812622][T10198] libceph: resolve '400' (ret=-3): failed
[  514.821117][T10198] tc_dump_action: action bad kind
[  514.971381][T10202] --map-set only usable from mangle table
[  515.827902][T10204] vxcan1 speed is unknown, defaulting to 1000
[  517.183768][ T5914] usb 5-1: new high-speed USB device number 25 using dummy_hcd
[  517.380407][ T5914] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  517.422282][ T5914] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  517.452576][ T5914] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  517.481876][ T5914] usb 5-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  517.512181][ T5914] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  517.563177][ T5914] usb 5-1: config 0 descriptor??
[  518.114140][T10228] tipc: Started in network mode
[  518.119273][T10228] tipc: Node identity ac14140f, cluster identity 4711
[  518.127679][T10228] tipc: New replicast peer: 255.255.255.255
[  518.134904][T10228] tipc: Enabled bearer <udp:syz2>, priority 10
[  518.284368][T10218] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  518.341256][T10218] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  519.266271][   T24] tipc: Node number set to 2886997007
[  520.086179][ T5914] usbhid 5-1:0.0: can't add hid device: -71
[  520.092376][ T5914] usbhid 5-1:0.0: probe with driver usbhid failed with error -71
[  520.173056][ T5914] usb 5-1: USB disconnect, device number 25
[  522.336542][T10273] tipc: Enabling of bearer <udp:syz2> rejected, already enabled
[  522.359356][T10273] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1139'.
[  523.736430][T10279] overlayfs: conflicting options: nfs_export=on,index=off
[  524.009988][T10297] input: syz1 as /devices/virtual/input/input16
[  524.833997][T10283] kvm: pic: non byte write
[  524.881955][T10299] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1145'.
[  525.025452][T10299] bridge_slave_1: left allmulticast mode
[  525.031558][T10299] bridge_slave_1: left promiscuous mode
[  525.037776][T10299] bridge0: port 2(bridge_slave_1) entered disabled state
[  525.099115][T10299] bridge_slave_0: left allmulticast mode
[  525.114841][T10299] bridge_slave_0: left promiscuous mode
[  525.124655][T10299] bridge0: port 1(bridge_slave_0) entered disabled state
[  526.616500][ T5914] IPVS: starting estimator thread 0...
[  526.641902][T10323] netlink: 'syz.0.1154': attribute type 1 has an invalid length.
[  526.728862][T10324] IPVS: using max 25 ests per chain, 60000 per kthread
[  526.765322][T10329] bond1: (slave vxcan3): The slave device specified does not support setting the MAC address
[  527.367094][T10329] bond1: (slave vxcan3): Error -95 calling set_mac_address
[  527.592023][T10323] gretap1: entered promiscuous mode
[  527.797887][T10323] bond1: (slave gretap1): making interface the new active one
[  527.836785][T10323] bond1: (slave gretap1): Enslaving as an active interface with an up link
[  527.916017][    T9] usb 5-1: new high-speed USB device number 26 using dummy_hcd
[  528.093972][    T9] usb 5-1: Using ep0 maxpacket: 16
[  528.106858][    T9] usb 5-1: New USB device found, idVendor=0471, idProduct=0327, bcdDevice=61.a4
[  528.118695][    T9] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  528.818651][    T9] usb 5-1: config 0 descriptor??
[  528.828678][    T9] gspca_main: sonixj-2.14.0 probing 0471:0327
[  529.231322][    T9] gspca_sonixj: reg_r err -32
[  529.999701][    T9] sonixj 5-1:0.0: probe with driver sonixj failed with error -32
[  530.613896][T10359] hub 8-0:1.0: USB hub found
[  530.651231][T10359] hub 8-0:1.0: 1 port detected
[  532.209549][T10383] new mount options do not match the existing superblock, will be ignored
[  532.558543][T10383] vxcan1 speed is unknown, defaulting to 1000
[  532.859078][ T5894] usb 5-1: USB disconnect, device number 26
[  533.284450][T10393] Cannot find add_set index 0 as target
[  536.748951][T10426] kvm: apic: phys broadcast and lowest prio
[  544.323982][T10512] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1189'.
[  547.753317][T10546] team_slave_0: entered promiscuous mode
[  547.759279][T10546] team_slave_1: entered promiscuous mode
[  548.055080][T10548] netlink: 'syz.5.1195': attribute type 10 has an invalid length.
[  548.231180][T10546] 8021q: adding VLAN 0 to HW filter on device macvtap1
[  548.242316][T10546] team0: Device macvtap1 is already an upper device of the team interface
[  548.260140][T10546] team_slave_0: left promiscuous mode
[  548.266285][T10546] team_slave_1: left promiscuous mode
[  548.327446][T10548] team0: Device ipvlan1 failed to register rx_handler
[  550.018026][T10573] netlink: 'syz.4.1206': attribute type 1 has an invalid length.
[  550.062637][T10573] netlink: 28 bytes leftover after parsing attributes in process `syz.4.1206'.
[  550.084622][T10573] nbd: illegal input index 65544
[  550.103089][T10573] geneve2: entered promiscuous mode
[  550.108862][T10573] geneve2: entered allmulticast mode
[  550.285086][T10584] binder: 10583:10584 ioctl c018937b 200000000300 returned -22
[  550.623021][T10584] binder: 10583:10584 ioctl c020662a 200000000440 returned -22
[  553.137526][T10600] tipc: Enabling of bearer <udp:syz2> rejected, already enabled
[  553.165746][T10600] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1215'.
[  553.889029][T10629] netlink: 12 bytes leftover after parsing attributes in process `syz.5.1212'.
[  556.234105][T10657] kvm: pic: non byte write
[  558.422849][T10675] netlink: 'syz.1.1231': attribute type 10 has an invalid length.
[  558.452713][T10675] netlink: 40 bytes leftover after parsing attributes in process `syz.1.1231'.
[  558.493786][T10675] team0: Device geneve0 is up. Set it down before adding it as a team port
[  558.546234][T10675] A link change request failed with some changes committed already. Interface geneve0 may have been left with an inconsistent configuration, please check.
[  559.636037][ T5901] usb 6-1: new high-speed USB device number 4 using dummy_hcd
[  559.833217][T10695] binfmt_misc: register: failed to install interpreter file ./file0
[  560.137161][T10701] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  560.678324][ T5901] usb 6-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08
[  560.687766][ T5901] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  560.696682][ T5901] usb 6-1: Product: syz
[  560.701071][ T5901] usb 6-1: Manufacturer: syz
[  560.706106][ T5901] usb 6-1: SerialNumber: syz
[  560.836373][ T5901] usb 6-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested
[  560.898640][T10708] overlayfs: conflicting options: nfs_export=on,index=off
[  560.965065][ T5955] usb 6-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008
[  561.578207][T10729] fuse: Bad value for 'fd'
[  561.693892][T10707] netlink: 144 bytes leftover after parsing attributes in process `syz.4.1243'.
[  561.778693][T10728] TCP: request_sock_TCPv6: Possible SYN flooding on port [::]:20002. Sending cookies.
[  561.805786][T10728] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  561.820551][T10728] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  562.054617][ T5955] ath9k_htc 6-1:1.0: ath9k_htc: Target is unresponsive
[  562.079081][ T5955] ath9k_htc: Failed to initialize the device
[  562.149443][ T5955] usb 6-1: ath9k_htc: USB layer deinitialized
[  562.280136][T10743] rdma_rxe: rxe_newlink: failed to add veth0_vlan
[  562.384692][ T5894] usb 6-1: USB disconnect, device number 4
[  563.286668][T10769] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1262'.
[  563.603799][ T5901] usb 2-1: new full-speed USB device number 31 using dummy_hcd
[  563.720860][T10786] IPVS: set_ctl: invalid protocol: 22 255.255.255.255:20001
[  564.287771][ T5901] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  566.004575][ T5901] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 3
[  567.478559][ T5901] usb 2-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  567.489508][ T5901] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  567.498136][ T5901] usb 2-1: Product: syz
[  567.502440][ T5901] usb 2-1: Manufacturer: syz
[  567.507760][ T5901] usb 2-1: SerialNumber: syz
[  567.922189][ T5901] usb 2-1: 0:2 : does not exist
[  567.940939][ T5901] usb 2-1: 5:0: failed to get current value for ch 0 (-22)
[  568.311055][ T1299] ieee802154 phy0 wpan0: encryption failed: -22
[  568.326269][ T1299] ieee802154 phy1 wpan1: encryption failed: -22
[  568.572480][ T5901] usb 2-1: 5:0: failed to get current value for ch 0 (-22)
[  568.620359][ T5901] usb 2-1: USB disconnect, device number 31
[  568.747149][T10603] udevd[10603]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  568.774347][T10807] 9pnet: p9_errstr2errno: server reported unknown error 1844674407370955
[  570.456879][T10835] netlink: 'syz.4.1284': attribute type 10 has an invalid length.
[  570.473948][T10835] netlink: 40 bytes leftover after parsing attributes in process `syz.4.1284'.
[  570.483008][T10835] : entered promiscuous mode
[  570.518278][T10835] bond_slave_0: entered promiscuous mode
[  570.523445][T10838] netlink: 168 bytes leftover after parsing attributes in process `syz.1.1285'.
[  570.535279][T10840] netlink: 'syz.4.1284': attribute type 11 has an invalid length.
[  570.536447][T10835] bond_slave_1: entered promiscuous mode
[  570.578721][T10835] : entered allmulticast mode
[  570.623884][T10835] bond_slave_0: entered allmulticast mode
[  570.629709][T10835] bond_slave_1: entered allmulticast mode
[  570.658706][T10835] bridge0: port 3() entered blocking state
[  570.665281][T10835] bridge0: port 3() entered disabled state
[  573.577124][T10861] program syz.5.1292 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  574.045772][   T30] audit: type=1326 audit(1755787054.565:7): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10876 comm="syz.3.1297" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f5fbb98ebe9 code=0x0
[  574.552370][T10904] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1302'.
[  575.096324][T10908] kvm: apic: phys broadcast and lowest prio
[  576.055009][T10917] team_slave_0: entered promiscuous mode
[  576.060785][T10917] team_slave_1: entered promiscuous mode
[  576.067458][T10917] macsec1: entered promiscuous mode
[  576.072833][T10917] team0: entered promiscuous mode
[  576.116242][T10917] macsec1: entered allmulticast mode
[  576.847648][T10917] team0: entered allmulticast mode
[  576.852883][T10917] team_slave_0: entered allmulticast mode
[  576.981088][T10917] team_slave_1: entered allmulticast mode
[  576.988956][T10917] team0: Device macsec1 is already an upper device of the team interface
[  577.034148][T10917] team0: left allmulticast mode
[  577.039097][T10917] team_slave_0: left allmulticast mode
[  577.045595][T10917] team_slave_1: left allmulticast mode
[  577.051148][T10917] team0: left promiscuous mode
[  577.057291][T10917] team_slave_0: left promiscuous mode
[  577.062786][T10917] team_slave_1: left promiscuous mode
[  577.816528][   T30] audit: type=1326 audit(1755787058.345:8): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10929 comm="syz.1.1310" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fdc28d8ebe9 code=0x0
[  578.088407][T10941] netlink: 'syz.3.1314': attribute type 6 has an invalid length.
[  580.546087][T10968] netlink: 'syz.5.1321': attribute type 21 has an invalid length.
[  580.554464][T10968] netlink: 128 bytes leftover after parsing attributes in process `syz.5.1321'.
[  580.563848][T10968] netlink: 'syz.5.1321': attribute type 5 has an invalid length.
[  580.571797][T10968] netlink: 3 bytes leftover after parsing attributes in process `syz.5.1321'.
[  580.804238][T10957] block nbd1: NBD_DISCONNECT
[  580.835977][T10957] netlink: 76 bytes leftover after parsing attributes in process `syz.1.1318'.
[  580.999052][   T30] audit: type=1326 audit(1755787061.515:9): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10970 comm="syz.5.1323" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbcc198ebe9 code=0x7ffc0000
[  581.205001][   T30] audit: type=1326 audit(1755787061.515:10): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10970 comm="syz.5.1323" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbcc198ebe9 code=0x7ffc0000
[  581.231382][   T30] audit: type=1326 audit(1755787061.515:11): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10970 comm="syz.5.1323" exe="/root/syz-executor" sig=0 arch=c000003e syscall=250 compat=0 ip=0x7fbcc198ebe9 code=0x7ffc0000
[  581.268612][   T30] audit: type=1326 audit(1755787061.515:12): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10970 comm="syz.5.1323" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbcc198ebe9 code=0x7ffc0000
[  581.294018][   T30] audit: type=1326 audit(1755787061.515:13): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10970 comm="syz.5.1323" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbcc198ebe9 code=0x7ffc0000
[  581.322380][   T30] audit: type=1326 audit(1755787061.515:14): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10970 comm="syz.5.1323" exe="/root/syz-executor" sig=0 arch=c000003e syscall=32 compat=0 ip=0x7fbcc198ebe9 code=0x7ffc0000
[  581.370820][   T30] audit: type=1326 audit(1755787061.515:15): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10970 comm="syz.5.1323" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbcc198ebe9 code=0x7ffc0000
[  581.417016][   T30] audit: type=1326 audit(1755787061.515:16): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10970 comm="syz.5.1323" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7fbcc198d550 code=0x7ffc0000
[  581.449222][   T30] audit: type=1326 audit(1755787061.515:17): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10970 comm="syz.5.1323" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbcc198ebe9 code=0x7ffc0000
[  581.486898][   T30] audit: type=1326 audit(1755787061.515:18): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10970 comm="syz.5.1323" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7fbcc198ebe9 code=0x7ffc0000
[  583.254975][T10996] macsec1: entered promiscuous mode
[  583.260266][T10996] macsec1: entered allmulticast mode
[  585.740759][ T5847] Bluetooth: hci1: command 0x0406 tx timeout
[  587.876665][   T55] usb 6-1: new high-speed USB device number 5 using dummy_hcd
[  588.114281][   T55] usb 6-1: Using ep0 maxpacket: 8
[  588.179537][   T55] usb 6-1: New USB device found, idVendor=0ccd, idProduct=0039, bcdDevice=90.7b
[  588.289217][   T55] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  588.353993][   T55] pvrusb2: Hardware description: Terratec Grabster AV400
[  588.383390][   T55] pvrusb2: **********
[  588.396023][   T55] pvrusb2: ***WARNING*** Support for this device (Terratec Grabster AV400) is experimental.
[  588.453824][   T55] pvrusb2: Important functionality might not be entirely working.
[  588.476094][   T55] pvrusb2: Please consider contacting the driver author to help with further stabilization of the driver.
[  588.505668][   T55] pvrusb2: **********
[  588.523831][T11046] netlink: 24 bytes leftover after parsing attributes in process `syz.0.1343'.
[  588.549794][ T2343] pvrusb2: Invalid write control endpoint
[  588.579311][T11048] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1342'.
[  588.766124][T11030] pvrusb2: Invalid write control endpoint
[  588.796428][T11052] netlink: 16 bytes leftover after parsing attributes in process `syz.0.1344'.
[  588.827933][T11052] netlink: 16 bytes leftover after parsing attributes in process `syz.0.1344'.
[  588.828346][ T2343] pvrusb2: Invalid write control endpoint
[  588.921285][ T2343] pvrusb2: ***WARNING*** Detected a wedged cx25840 chip; the device will not work.
[  588.956758][ T2343] pvrusb2: ***WARNING*** Try power cycling the pvrusb2 device.
[  588.980559][ T2343] pvrusb2: ***WARNING*** Disabling further access to the device to prevent other foul-ups.
[  589.019279][ T2343] pvrusb2: Device being rendered inoperable
[  589.038215][ T2343] cx25840 1-0044: Unable to detect h/w, assuming cx23887
[  589.061329][ T2343] cx25840 1-0044: cx23887 A/V decoder found @ 0x88 (pvrusb2_a)
[  589.103984][ T2343] pvrusb2: Attached sub-driver cx25840
[  589.121035][ T2343] pvrusb2: ***WARNING*** pvrusb2 device hardware appears to be jammed and I can't clear it.
[  589.156326][ T2343] pvrusb2: You might need to power cycle the pvrusb2 device in order to recover.
[  589.289224][ T5922] usb 6-1: USB disconnect, device number 5
[  593.005269][T11099] FAULT_INJECTION: forcing a failure.
[  593.005269][T11099] name failslab, interval 1, probability 0, space 0, times 0
[  593.018366][T11099] CPU: 0 UID: 0 PID: 11099 Comm: syz.4.1355 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) 
[  593.018395][T11099] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  593.018410][T11099] Call Trace:
[  593.018419][T11099]  <TASK>
[  593.018429][T11099]  dump_stack_lvl+0x189/0x250
[  593.018461][T11099]  ? __pfx____ratelimit+0x10/0x10
[  593.018486][T11099]  ? __pfx_dump_stack_lvl+0x10/0x10
[  593.018522][T11099]  ? __pfx__printk+0x10/0x10
[  593.018558][T11099]  ? __pfx___might_resched+0x10/0x10
[  593.018589][T11099]  should_fail_ex+0x414/0x560
[  593.018618][T11099]  should_failslab+0xa8/0x100
[  593.018644][T11099]  kmem_cache_alloc_node_noprof+0x76/0x3c0
[  593.018667][T11099]  ? __alloc_skb+0x112/0x2d0
[  593.018704][T11099]  __alloc_skb+0x112/0x2d0
[  593.018740][T11099]  netlink_sendmsg+0x5c6/0xb30
[  593.018784][T11099]  ? __pfx_netlink_sendmsg+0x10/0x10
[  593.018836][T11099]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  593.018857][T11099]  ? __pfx_netlink_sendmsg+0x10/0x10
[  593.018891][T11099]  __sock_sendmsg+0x21c/0x270
[  593.018921][T11099]  ____sys_sendmsg+0x505/0x830
[  593.018967][T11099]  ? __pfx_____sys_sendmsg+0x10/0x10
[  593.019019][T11099]  ? import_iovec+0x74/0xa0
[  593.019054][T11099]  ___sys_sendmsg+0x21f/0x2a0
[  593.019092][T11099]  ? __pfx____sys_sendmsg+0x10/0x10
[  593.019170][T11099]  ? __fget_files+0x2a/0x420
[  593.019193][T11099]  ? __fget_files+0x3a0/0x420
[  593.019231][T11099]  __x64_sys_sendmsg+0x19b/0x260
[  593.019269][T11099]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  593.019333][T11099]  do_syscall_64+0xfa/0x3b0
[  593.019360][T11099]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  593.019381][T11099]  ? asm_sysvec_reschedule_ipi+0x1a/0x20
[  593.019403][T11099]  ? clear_bhb_loop+0x60/0xb0
[  593.019430][T11099]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  593.019452][T11099] RIP: 0033:0x7f6df7f8ebe9
[  593.019472][T11099] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  593.019491][T11099] RSP: 002b:00007f6df8e90038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  593.019515][T11099] RAX: ffffffffffffffda RBX: 00007f6df81b6180 RCX: 00007f6df7f8ebe9
[  593.019532][T11099] RDX: 000000000000c000 RSI: 0000200000000080 RDI: 0000000000000003
[  593.019546][T11099] RBP: 00007f6df8e90090 R08: 0000000000000000 R09: 0000000000000000
[  593.019560][T11099] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  593.019573][T11099] R13: 00007f6df81b6218 R14: 00007f6df81b6180 R15: 00007ffdcf34d6e8
[  593.019609][T11099]  </TASK>
[  594.793614][   T55] usb 6-1: new high-speed USB device number 6 using dummy_hcd
[  595.763644][   T55] usb 6-1: Using ep0 maxpacket: 8
[  595.778400][   T55] usb 6-1: too many configurations: 208, using maximum allowed: 8
[  596.273192][   T55] usb 6-1: unable to read config index 0 descriptor/start: -61
[  596.291701][   T55] usb 6-1: can't read configurations, error -61
[  597.819326][T11133] 9pnet_fd: Insufficient options for proto=fd
[  597.915295][T11128] overlayfs: failed to clone upperpath
[  598.736949][T11145] overlayfs: conflicting options: nfs_export=on,index=off
[  600.127740][T11169] netlink: 32 bytes leftover after parsing attributes in process `syz.3.1376'.
[  601.529549][T11190] netlink: 'syz.4.1380': attribute type 21 has an invalid length.
[  601.538151][T11190] netlink: 128 bytes leftover after parsing attributes in process `syz.4.1380'.
[  601.547491][T11190] netlink: 'syz.4.1380': attribute type 5 has an invalid length.
[  601.555463][T11190] netlink: 3 bytes leftover after parsing attributes in process `syz.4.1380'.
[  601.970430][T11197] fuse: Bad value for 'user_id'
[  601.981293][T11197] fuse: Bad value for 'user_id'
[  603.345310][T11224] fuse: Bad value for 'fd'
[  604.121690][T11236] netlink: 'syz.4.1395': attribute type 21 has an invalid length.
[  604.130423][T11236] netlink: 128 bytes leftover after parsing attributes in process `syz.4.1395'.
[  604.144300][T11236] netlink: 'syz.4.1395': attribute type 5 has an invalid length.
[  604.152666][T11236] netlink: 3 bytes leftover after parsing attributes in process `syz.4.1395'.
[  604.588619][T11243] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  604.823116][T11243] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  605.181152][ T5914] usb 6-1: new high-speed USB device number 8 using dummy_hcd
[  605.903810][ T5914] usb 6-1: device descriptor read/64, error -71
[  606.114218][T11257] netlink: 'syz.1.1401': attribute type 27 has an invalid length.
[  606.131031][T11257] netlink: 'syz.1.1401': attribute type 3 has an invalid length.
[  606.151796][T11257] netlink: 132 bytes leftover after parsing attributes in process `syz.1.1401'.
[  606.187340][T11260] fanotify: failed to encode fid (type=0, len=0, err=-2)
[  606.320781][ T5914] usb 6-1: new high-speed USB device number 9 using dummy_hcd
[  607.302966][   T55] usb 2-1: new full-speed USB device number 32 using dummy_hcd
[  607.343823][ T5914] usb 6-1: device descriptor read/64, error -71
[  607.464636][ T5914] usb usb6-port1: attempt power cycle
[  607.930398][   T55] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10
[  607.948066][   T55] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  608.115904][   T55] usb 2-1: New USB device found, idVendor=046d, idProduct=c262, bcdDevice= 0.00
[  608.153640][   T55] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  608.169731][   T55] usb 2-1: config 0 descriptor??
[  608.279415][T11279] fuse: Bad value for 'fd'
[  609.753857][ T5894] usb 5-1: new high-speed USB device number 27 using dummy_hcd
[  609.777554][   T55] logitech-hidpp-device 0003:046D:C262.0004: item fetching failed at offset 0/3
[  609.793155][   T55] logitech-hidpp-device 0003:046D:C262.0004: hidpp_probe:parse failed
[  609.803135][   T55] logitech-hidpp-device 0003:046D:C262.0004: probe with driver logitech-hidpp-device failed with error -22
[  609.925858][ T5894] usb 5-1: Using ep0 maxpacket: 32
[  609.953652][ T5894] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  609.973761][ T5894] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  610.014297][ T5922] usb 2-1: USB disconnect, device number 32
[  610.040930][ T5894] usb 5-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40
[  610.086525][T11285] bond_slave_0: entered promiscuous mode
[  610.092772][T11285] bond_slave_1: entered promiscuous mode
[  610.101045][T11285] vlan2: entered promiscuous mode
[  610.109608][ T5894] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  610.123642][T11285] bond0: entered promiscuous mode
[  610.142824][ T5894] usb 5-1: config 0 descriptor??
[  610.213196][ T5894] hub 5-1:0.0: USB hub found
[  610.464359][ T5894] hub 5-1:0.0: 2 ports detected
[  610.591945][T11289] netlink: 'syz.3.1411': attribute type 2 has an invalid length.
[  611.791274][ T5894] hub 5-1:0.0: hub_hub_status failed (err = -32)
[  611.800287][ T5894] hub 5-1:0.0: config failed, can't get hub status (err -32)
[  612.067086][T11295] ubi31: attaching mtd0
[  612.158741][T11295] ubi31: scanning is finished
[  612.294395][ T5894] usbhid 5-1:0.0: can't add hid device: -71
[  612.300494][ T5894] usbhid 5-1:0.0: probe with driver usbhid failed with error -71
[  612.454573][ T5894] usb 5-1: USB disconnect, device number 27
[  613.777170][T11295] ubi31: attached mtd0 (name "mtdram test device", size 0 MiB)
[  613.934614][T11295] ubi31: PEB size: 4096 bytes (4 KiB), LEB size: 3968 bytes
[  613.964215][T11295] ubi31: min./max. I/O unit sizes: 1/64, sub-page size 1
[  614.018728][T11295] ubi31: VID header offset: 64 (aligned 64), data offset: 128
[  614.096250][T11295] ubi31: good PEBs: 32, bad PEBs: 0, corrupted PEBs: 0
[  614.108446][T11295] ubi31: user volume: 0, internal volumes: 1, max. volumes count: 23
[  614.439466][T11295] ubi31: max/mean erase counter: 1/1, WL threshold: 4096, image sequence number: 1297614393
[  614.527986][T11295] ubi31: available PEBs: 28, total reserved PEBs: 4, PEBs reserved for bad PEB handling: 0
[  614.558213][T11318] ubi31: background thread "ubi_bgt31d" started, PID 11318
[  614.914242][T11327] netlink: 'syz.3.1419': attribute type 21 has an invalid length.
[  614.922465][T11327] netlink: 128 bytes leftover after parsing attributes in process `syz.3.1419'.
[  614.932921][T11327] netlink: 'syz.3.1419': attribute type 5 has an invalid length.
[  614.944710][T11327] netlink: 3 bytes leftover after parsing attributes in process `syz.3.1419'.
[  616.146666][T11335] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1423'.
[  617.165419][T11353] netlink: 4268 bytes leftover after parsing attributes in process `syz.1.1426'.
[  617.183785][T11353] netlink: 4268 bytes leftover after parsing attributes in process `syz.1.1426'.
[  619.709865][T11365] /dev/nullb0: Can't open blockdev
[  620.475765][T11367] fuse: Bad value for 'fd'
[  622.201959][T11388] netlink: 'syz.1.1433': attribute type 21 has an invalid length.
[  622.210766][T11388] netlink: 128 bytes leftover after parsing attributes in process `syz.1.1433'.
[  622.223868][T11388] netlink: 'syz.1.1433': attribute type 5 has an invalid length.
[  622.231862][T11388] netlink: 3 bytes leftover after parsing attributes in process `syz.1.1433'.
[  625.755180][T11421] IPVS: sync thread started: state = MASTER, mcast_ifn = veth0_virt_wifi, syncid = 33554432, id = 0
[  625.953878][   T55] usb 2-1: new high-speed USB device number 33 using dummy_hcd
[  627.367534][ T5894] usb 6-1: new full-speed USB device number 11 using dummy_hcd
[  627.388289][T11425] bond1: entered promiscuous mode
[  627.408038][T11425] bond1: entered allmulticast mode
[  628.080986][T11425] 8021q: adding VLAN 0 to HW filter on device bond1
[  628.136671][ T5894] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10
[  628.263594][ T5894] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  628.323957][ T5894] usb 6-1: New USB device found, idVendor=046d, idProduct=c262, bcdDevice= 0.00
[  628.357666][ T5894] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  628.427953][ T5894] usb 6-1: config 0 descriptor??
[  629.764482][ T1299] ieee802154 phy0 wpan0: encryption failed: -22
[  629.771205][ T1299] ieee802154 phy1 wpan1: encryption failed: -22
[  630.005219][T11441] netlink: 'syz.0.1445': attribute type 21 has an invalid length.
[  630.013565][T11441] netlink: 128 bytes leftover after parsing attributes in process `syz.0.1445'.
[  630.022775][T11441] netlink: 'syz.0.1445': attribute type 5 has an invalid length.
[  630.030750][T11441] netlink: 3 bytes leftover after parsing attributes in process `syz.0.1445'.
[  630.706327][ T5894] usbhid 6-1:0.0: can't add hid device: -71
[  630.712557][ T5894] usbhid 6-1:0.0: probe with driver usbhid failed with error -71
[  630.833694][ T5894] usb 6-1: USB disconnect, device number 11
[  631.616093][T11454] kvm: apic: phys broadcast and lowest prio
[  631.988515][   T55] usb 2-1: device descriptor read/all, error -110
[  632.134354][   T55] usb 2-1: new high-speed USB device number 34 using dummy_hcd
[  632.333671][   T55] usb 2-1: device descriptor read/64, error -32
[  632.499542][   T55] usb usb2-port1: attempt power cycle
[  633.623629][   T55] usb 2-1: new high-speed USB device number 35 using dummy_hcd
[  634.457070][   T55] usb 2-1: device descriptor read/8, error -32
[  634.655795][   T55] raw-gadget.0 gadget.1: failed to queue resume event
[  634.736929][   T55] usb 2-1: new high-speed USB device number 36 using dummy_hcd
[  634.918211][T11470] syz_tun: entered allmulticast mode
[  635.529208][T11465] syz_tun: left allmulticast mode
[  635.624645][    C1] raw-gadget.0 gadget.1: ignoring, device is not running
[  635.728914][   T55] usb 2-1: device descriptor read/8, error -32
[  635.788187][ T5901] hid-generic 0000:0004:0034.0005: unknown main item tag 0x0
[  635.904957][ T5901] hid-generic 0000:0004:0034.0005: unknown main item tag 0x0
[  635.922137][T11398] syz.1.1435 (11398): drop_caches: 2
[  635.987517][ T5901] hid-generic 0000:0004:0034.0005: unknown main item tag 0x0
[  636.015051][   T55] raw-gadget.0 gadget.1: failed to queue suspend event
[  636.130057][   T55] usb usb2-port1: unable to enumerate USB device
[  636.663663][ T5901] hid-generic 0000:0004:0034.0005: hidraw0: <UNKNOWN> HID v0.0e Device [syz0] on syz1
[  636.945624][T11398] raw-gadget.0 gadget.1: failed to queue disconnect event
[  637.337751][T11472] fido_id[11472]: Failed to open report descriptor at '/sys/devices/virtual/misc/uhid/report_descriptor': No such file or directory
[  639.201332][T11485] libceph: resolve '400' (ret=-3): failed
[  639.244950][T11469] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  639.559058][T11484] tc_dump_action: action bad kind
[  640.264820][T11502] netlink: 'syz.3.1458': attribute type 21 has an invalid length.
[  640.272775][T11502] netlink: 128 bytes leftover after parsing attributes in process `syz.3.1458'.
[  640.282338][T11502] netlink: 'syz.3.1458': attribute type 5 has an invalid length.
[  640.290267][T11502] netlink: 3 bytes leftover after parsing attributes in process `syz.3.1458'.
[  641.141369][T11506] libceph: resolve '400' (ret=-3): failed
[  641.158151][T11506] tc_dump_action: action bad kind
[  641.811786][T11519] kvm: apic: phys broadcast and lowest prio
[  643.088713][T11533] netlink: 16 bytes leftover after parsing attributes in process `syz.5.1469'.
[  643.453623][ T5894] usb 5-1: new high-speed USB device number 28 using dummy_hcd
[  643.660168][T11546] netlink: 'syz.3.1471': attribute type 21 has an invalid length.
[  643.668312][T11546] netlink: 128 bytes leftover after parsing attributes in process `syz.3.1471'.
[  643.677812][T11546] netlink: 'syz.3.1471': attribute type 5 has an invalid length.
[  643.685753][T11546] netlink: 3 bytes leftover after parsing attributes in process `syz.3.1471'.
[  644.553583][ T5894] usb 5-1: Using ep0 maxpacket: 16
[  644.562626][ T5894] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 117, changing to 10
[  644.624039][ T5894] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  644.663586][ T5894] usb 5-1: New USB device found, idVendor=04b4, idProduct=0001, bcdDevice= 0.00
[  644.672717][ T5894] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  644.785121][ T5894] usb 5-1: config 0 descriptor??
[  645.943806][T11554] 9pnet_fd: Insufficient options for proto=fd
[  645.951647][T11552] CIFS: No dialect specified on mount. Default has changed to a more secure dialect, SMB2.1 or later (e.g. SMB3.1.1), from CIFS (SMB1). To use the less secure SMB1 dialect to access old servers which do not support SMB3.1.1 (or even SMB3 or SMB2.1) specify vers=1.0 on mount.
[  645.978145][    C1] vkms_vblank_simulate: vblank timer overrun
[  645.984981][T11552] CIFS mount error: No usable UNC path provided in device string!
[  645.984981][T11552] 
[  645.995436][T11552] CIFS: VFS: CIFS mount error: No usable UNC path provided in device string!
[  646.163225][T11561] libceph: resolve '400' (ret=-3): failed
[  646.180157][T11561] tc_dump_action: action bad kind
[  646.376206][ T5955] usb 6-1: new low-speed USB device number 12 using dummy_hcd
[  646.533656][ T5955] usb 6-1: Invalid ep0 maxpacket: 16
[  646.823781][ T5955] usb 6-1: new low-speed USB device number 13 using dummy_hcd
[  647.754674][ T5894] usb 5-1: string descriptor 0 read error: -71
[  647.775229][ T5894] usbhid 5-1:0.0: can't add hid device: -71
[  647.803646][ T5894] usbhid 5-1:0.0: probe with driver usbhid failed with error -71
[  647.817198][ T5894] usb 5-1: USB disconnect, device number 28
[  647.843970][ T5955] usb 6-1: Invalid ep0 maxpacket: 16
[  647.873336][ T5955] usb usb6-port1: attempt power cycle
[  649.663565][T11582] netlink: 'syz.1.1483': attribute type 21 has an invalid length.
[  649.665518][ T5955] usb 6-1: new low-speed USB device number 14 using dummy_hcd
[  649.671749][T11582] netlink: 128 bytes leftover after parsing attributes in process `syz.1.1483'.
[  649.688744][T11582] netlink: 'syz.1.1483': attribute type 5 has an invalid length.
[  649.696848][T11582] netlink: 3 bytes leftover after parsing attributes in process `syz.1.1483'.
[  649.765254][ T5955] usb 6-1: device descriptor read/8, error -71
[  653.538121][T11633] kvm: apic: phys broadcast and lowest prio
[  654.513668][T11635] libceph: resolve '400' (ret=-3): failed
[  654.550968][T11635] tc_dump_action: action bad kind
[  655.450989][T11652] netlink: 'syz.3.1496': attribute type 21 has an invalid length.
[  655.459320][T11652] netlink: 128 bytes leftover after parsing attributes in process `syz.3.1496'.
[  655.468992][T11652] netlink: 'syz.3.1496': attribute type 5 has an invalid length.
[  655.476888][T11652] netlink: 3 bytes leftover after parsing attributes in process `syz.3.1496'.
[  656.220214][T11654] xt_connbytes: Forcing CT accounting to be enabled
[  656.227503][T11654] set match dimension is over the limit!
[  656.537285][T10493] tipc: Subscription rejected, illegal request
[  656.769150][T11666] team_slave_0: entered promiscuous mode
[  656.774991][T11666] team_slave_1: entered promiscuous mode
[  656.892399][T11666] macsec1: entered promiscuous mode
[  656.923972][T11666] team0: entered promiscuous mode
[  656.936244][T11669] fuse: Bad value for 'fd'
[  656.978080][T11666] macsec1: entered allmulticast mode
[  657.047658][T11666] team0: entered allmulticast mode
[  657.054686][T11666] team_slave_0: entered allmulticast mode
[  657.132800][T11666] team_slave_1: entered allmulticast mode
[  657.259376][T11666] team0: Device macsec1 is already an upper device of the team interface
[  657.312522][T11666] team0: left allmulticast mode
[  657.324591][T11666] team_slave_0: left allmulticast mode
[  657.340079][T11666] team_slave_1: left allmulticast mode
[  657.354996][T11666] team0: left promiscuous mode
[  657.484096][T11666] team_slave_0: left promiscuous mode
[  657.489718][T11666] team_slave_1: left promiscuous mode
[  659.375675][T11683] libceph: resolve '400' (ret=-3): failed
[  659.415333][T11683] tc_dump_action: action bad kind
[  659.584565][ T5955] usb 2-1: new high-speed USB device number 37 using dummy_hcd
[  659.958548][T11696] syzkaller0: entered promiscuous mode
[  660.466419][T11701] netlink: 'syz.3.1510': attribute type 21 has an invalid length.
[  660.475034][T11701] netlink: 128 bytes leftover after parsing attributes in process `syz.3.1510'.
[  660.737355][T11696] syzkaller0: entered allmulticast mode
[  660.808661][T11701] netlink: 'syz.3.1510': attribute type 5 has an invalid length.
[  660.816536][T11701] netlink: 3 bytes leftover after parsing attributes in process `syz.3.1510'.
[  660.948427][ T5955] usb 2-1: Using ep0 maxpacket: 32
[  660.968047][T11696] sch_tbf: burst 127 is lower than device syzkaller0 mtu (1514) !
[  660.991426][T11703] kvm: apic: phys broadcast and lowest prio
[  661.662480][ T5955] usb 2-1: unable to read config index 0 descriptor/start: -71
[  661.694802][ T5955] usb 2-1: can't read configurations, error -71
[  662.229052][T11719] kvm: MWAIT instruction emulated as NOP!
[  662.277205][T11719] netlink: 224 bytes leftover after parsing attributes in process `syz.4.1518'.
[  662.371728][T11729] sch_tbf: burst 19872 is lower than device lo mtu (11337746) !
[  664.685686][T11740] libceph: resolve '400' (ret=-3): failed
[  664.693184][T11740] tc_dump_action: action bad kind
[  665.173986][T11746] netlink: 'syz.1.1523': attribute type 21 has an invalid length.
[  665.182143][T11746] netlink: 128 bytes leftover after parsing attributes in process `syz.1.1523'.
[  665.192130][T11746] netlink: 'syz.1.1523': attribute type 5 has an invalid length.
[  665.200049][T11746] netlink: 3 bytes leftover after parsing attributes in process `syz.1.1523'.
[  668.572138][T11769] kvm: apic: phys broadcast and lowest prio
[  670.007976][T11775] block device autoloading is deprecated and will be removed.
[  670.036561][T11775] syz.4.1532: attempt to access beyond end of device
[  670.036561][T11775] loop9: rw=0, sector=0, nr_sectors = 1 limit=0
[  670.069410][T11775] FAT-fs (loop9): unable to read boot sector
[  670.383637][T11788] netlink: 16 bytes leftover after parsing attributes in process `syz.4.1536'.
[  670.780588][T11793] netlink: 'syz.5.1537': attribute type 21 has an invalid length.
[  670.788833][T11793] netlink: 128 bytes leftover after parsing attributes in process `syz.5.1537'.
[  670.798919][T11793] netlink: 'syz.5.1537': attribute type 5 has an invalid length.
[  670.807358][T11793] netlink: 3 bytes leftover after parsing attributes in process `syz.5.1537'.
[  672.333724][   T55] usb 2-1: new high-speed USB device number 39 using dummy_hcd
[  672.496724][   T55] usb 2-1: New USB device found, idVendor=8086, idProduct=0110, bcdDevice=bf.ad
[  672.513867][    T9] usb 6-1: new high-speed USB device number 16 using dummy_hcd
[  672.525875][   T55] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  672.549502][   T55] usb 2-1: config 0 descriptor??
[  672.570763][   T55] gspca_main: spca508-2.14.0 probing 8086:0110
[  673.652846][   T55] gspca_spca508: reg_read err -110
[  673.677867][   T55] gspca_spca508: reg_read err -32
[  673.695573][T11818] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  673.783613][    T9] usb 6-1: Using ep0 maxpacket: 16
[  673.797375][    T9] usb 6-1: New USB device found, idVendor=17ef, idProduct=721e, bcdDevice=de.06
[  673.806920][    T9] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  673.815179][    T9] usb 6-1: Product: syz
[  673.819467][    T9] usb 6-1: Manufacturer: syz
[  674.079686][T11818] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  674.092427][    T9] usb 6-1: SerialNumber: syz
[  674.153503][    T9] r8152-cfgselector 6-1: Unknown version 0x0000
[  674.172483][    T9] r8152-cfgselector 6-1: config 0 descriptor??
[  674.659302][   T55] gspca_spca508: reg_read err -71
[  674.668690][   T55] gspca_spca508: reg_read err -71
[  674.683648][   T55] gspca_spca508: reg write: error -71
[  674.695960][   T55] spca508 2-1:0.0: probe with driver spca508 failed with error -71
[  674.773022][    T9] r8152-cfgselector 6-1: USB disconnect, device number 16
[  675.684299][   T55] usb 2-1: USB disconnect, device number 39
[  676.512650][T11855] bond_slave_0: entered promiscuous mode
[  676.518536][T11855] bond_slave_1: entered promiscuous mode
[  676.537060][T11855] vlan2: entered promiscuous mode
[  676.542196][T11855] bond0: entered promiscuous mode
[  679.483677][ T5894] usb 2-1: new high-speed USB device number 40 using dummy_hcd
[  679.653934][ T5894] usb 2-1: Using ep0 maxpacket: 16
[  679.665212][ T5894] usb 2-1: too many endpoints for config 0 interface 0 altsetting 229: 247, using maximum allowed: 30
[  679.677146][ T5894] usb 2-1: config 0 interface 0 altsetting 229 has 0 endpoint descriptors, different from the interface descriptor's value: 247
[  679.692069][ T5894] usb 2-1: config 0 interface 0 has no altsetting 0
[  679.740372][ T5894] usb 2-1: New USB device found, idVendor=05e1, idProduct=0408, bcdDevice=59.31
[  679.758091][ T5894] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  679.773068][ T5894] usb 2-1: Product: syz
[  679.783215][ T5894] usb 2-1: Manufacturer: syz
[  679.794783][ T5894] usb 2-1: SerialNumber: syz
[  680.095197][ T5894] usb 2-1: config 0 descriptor??
[  681.418452][T10486] Bluetooth: hci5: Frame reassembly failed (-84)
[  682.393354][T11924] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1578'.
[  683.025392][ T5955] usb 2-1: USB disconnect, device number 40
[  683.414343][ T5846] Bluetooth: hci5: Opcode 0x1003 failed: -110
[  683.533627][ T5955] usb 2-1: new high-speed USB device number 41 using dummy_hcd
[  684.223597][ T5955] usb 2-1: Using ep0 maxpacket: 8
[  684.236417][ T5955] usb 2-1: New USB device found, idVendor=0ccd, idProduct=0039, bcdDevice=90.7b
[  684.350940][T11946] fuse: Bad value for 'fd'
[  684.386459][ T5955] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  684.417562][ T5955] pvrusb2: Hardware description: Terratec Grabster AV400
[  684.432122][ T5955] pvrusb2: **********
[  684.442501][ T5955] pvrusb2: ***WARNING*** Support for this device (Terratec Grabster AV400) is experimental.
[  684.457450][ T5955] pvrusb2: Important functionality might not be entirely working.
[  684.466101][ T5955] pvrusb2: Please consider contacting the driver author to help with further stabilization of the driver.
[  684.487828][ T5955] pvrusb2: **********
[  684.617610][ T2343] pvrusb2: Invalid write control endpoint
[  684.808157][ T2343] pvrusb2: Invalid write control endpoint
[  684.840486][ T2343] pvrusb2: ***WARNING*** Detected a wedged cx25840 chip; the device will not work.
[  684.871094][ T2343] pvrusb2: ***WARNING*** Try power cycling the pvrusb2 device.
[  684.902225][ T2343] pvrusb2: ***WARNING*** Disabling further access to the device to prevent other foul-ups.
[  684.939874][ T2343] pvrusb2: Device being rendered inoperable
[  684.962410][T11928] pvrusb2: Attempted to execute control transfer when device not ok
[  685.004791][ T2343] cx25840 1-0044: Unable to detect h/w, assuming cx23887
[  685.012216][ T2343] cx25840 1-0044: cx23887 A/V decoder found @ 0x88 (pvrusb2_a)
[  685.066333][ T2343] pvrusb2: Attached sub-driver cx25840
[  685.082155][ T2343] pvrusb2: ***WARNING*** pvrusb2 device hardware appears to be jammed and I can't clear it.
[  685.102846][ T2343] pvrusb2: You might need to power cycle the pvrusb2 device in order to recover.
[  686.493442][ T5954] usb 2-1: USB disconnect, device number 41
[  686.648087][T10490] Bluetooth: hci5: Frame reassembly failed (-84)
[  686.688292][T11970] netlink: 8 bytes leftover after parsing attributes in process `syz.5.1591'.
[  688.696287][ T5847] Bluetooth: hci5: command 0xfc11 tx timeout
[  688.704345][ T5846] Bluetooth: hci5: Entering manufacturer mode failed (-110)
[  689.176709][ T5846] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1
[  689.187586][ T5846] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9
[  689.200551][ T5846] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9
[  689.210002][ T5846] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4
[  689.220902][ T5846] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2
[  689.382653][T11986] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1594'.
[  689.494753][T11998] netlink: 'syz.0.1596': attribute type 21 has an invalid length.
[  689.503181][T11998] netlink: 128 bytes leftover after parsing attributes in process `syz.0.1596'.
[  689.512749][T11998] netlink: 'syz.0.1596': attribute type 5 has an invalid length.
[  689.520804][T11998] netlink: 3 bytes leftover after parsing attributes in process `syz.0.1596'.
[  690.220573][T11991] vxcan1 speed is unknown, defaulting to 1000
[  690.528840][T12006] netlink: 12 bytes leftover after parsing attributes in process `syz.5.1600'.
[  690.539242][T12006] netlink: 16 bytes leftover after parsing attributes in process `syz.5.1600'.
[  691.259372][ T1299] ieee802154 phy0 wpan0: encryption failed: -22
[  691.268937][ T1299] ieee802154 phy1 wpan1: encryption failed: -22
[  691.416141][ T5846] Bluetooth: hci6: command tx timeout
[  692.234042][ T5955] usb 2-1: new full-speed USB device number 42 using dummy_hcd
[  692.416101][ T5955] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  692.447322][ T5955] usb 2-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xBE, changing to 0x8E
[  692.488744][ T5955] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x8E has an invalid bInterval 0, changing to 10
[  692.521567][ T5955] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x8E has invalid wMaxPacketSize 0
[  692.578274][ T5955] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 3
[  692.620525][ T5955] usb 2-1: New USB device found, idVendor=10c5, idProduct=819a, bcdDevice=e4.46
[  692.641582][T11991] chnl_net:caif_netlink_parms(): no params data found
[  692.648925][ T5955] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=35
[  692.681823][ T5955] usb 2-1: Product: syz
[  692.728572][ T5955] usb 2-1: Manufacturer: syz
[  692.768535][ T5955] usb 2-1: SerialNumber: syz
[  692.899206][T12036] overlayfs: failed to resolve './bus/file0': -2
[  692.994491][   T30] kauditd_printk_skb: 10 callbacks suppressed
[  692.994522][   T30] audit: type=1326 audit(1755787173.515:29): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12035 comm="syz.5.1611" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fbcc198ebe9 code=0x0
[  693.185162][ T5955] usb 2-1: config 0 descriptor??
[  693.422625][ T5955] radio-si470x 2-1:0.0: DeviceID=0x0000 ChipID=0x0000
[  693.440170][ T5955] radio-si470x 2-1:0.0: This driver is known to work with firmware version 12, but the device has firmware version 0.
[  693.493907][ T5846] Bluetooth: hci6: command tx timeout
[  693.623405][ T5955] radio-si470x 2-1:0.0: software version 0, hardware version 0
[  693.636973][ T5955] radio-si470x 2-1:0.0: This driver is known to work with hardware version 1, but the device has hardware version 0.
[  693.666215][ T5955] radio-si470x 2-1:0.0: If you have some trouble using this driver, please report to V4L ML at linux-media@vger.kernel.org
[  693.786529][T11991] bridge0: port 1(bridge_slave_0) entered blocking state
[  693.803682][T11991] bridge0: port 1(bridge_slave_0) entered disabled state
[  693.812101][T11991] bridge_slave_0: entered allmulticast mode
[  693.825808][T11991] bridge_slave_0: entered promiscuous mode
[  693.833947][ T5955] radio-si470x 2-1:0.0: submitting int urb failed (-90)
[  693.860812][T11991] bridge0: port 2(bridge_slave_1) entered blocking state
[  693.888443][T11991] bridge0: port 2(bridge_slave_1) entered disabled state
[  693.908885][T11991] bridge_slave_1: entered allmulticast mode
[  693.931164][T11991] bridge_slave_1: entered promiscuous mode
[  694.107120][T11991] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  694.300249][T11991] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  694.313217][T12050] xt_hashlimit: overflow, try lower: 18446744073709551615/7
[  694.344001][ T5955] radio-si470x 2-1:0.0: si470x_set_report: usb_control_msg returned -110
[  694.363109][ T5955] radio-si470x 2-1:0.0: probe with driver radio-si470x failed with error -22
[  694.461914][T11991] team0: Port device team_slave_0 added
[  694.492852][T11991] team0: Port device team_slave_1 added
[  694.588307][T11991] batman_adv: batadv0: Adding interface: batadv_slave_0
[  694.602656][T11991] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  694.640800][T11991] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  694.660447][T11991] batman_adv: batadv0: Adding interface: batadv_slave_1
[  694.667832][T11991] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  694.701583][T11991] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  694.797998][T11991] hsr_slave_0: entered promiscuous mode
[  694.916180][T11991] hsr_slave_1: entered promiscuous mode
[  694.922978][T11991] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  694.936173][T11991] Cannot create hsr debugfs directory
[  695.528684][ T5955] usb 2-1: USB disconnect, device number 42
[  695.643757][ T5846] Bluetooth: hci6: command tx timeout
[  696.586398][T11991] netdevsim netdevsim6 netdevsim0: renamed from eth0
[  696.600555][T11991] netdevsim netdevsim6 netdevsim1: renamed from eth1
[  697.362580][T12075] platform regulatory.0: loading /lib/firmware/regulatory.db failed with error -12
[  697.372212][T12075] platform regulatory.0: Direct firmware load for regulatory.db failed with error -12
[  697.381989][T12075] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db
[  697.483869][T11991] netdevsim netdevsim6 netdevsim2: renamed from eth2
[  697.509598][T11991] netdevsim netdevsim6 netdevsim3: renamed from eth3
[  697.753723][ T5847] Bluetooth: hci6: command tx timeout
[  699.413373][T11991] 8021q: adding VLAN 0 to HW filter on device bond0
[  699.461888][T11991] 8021q: adding VLAN 0 to HW filter on device team0
[  699.473792][ T5955] usb 6-1: new high-speed USB device number 17 using dummy_hcd
[  699.491984][ T6243] bridge0: port 1(bridge_slave_0) entered blocking state
[  699.499444][ T6243] bridge0: port 1(bridge_slave_0) entered forwarding state
[  699.543210][ T6243] bridge0: port 2(bridge_slave_1) entered blocking state
[  699.550521][ T6243] bridge0: port 2(bridge_slave_1) entered forwarding state
[  700.713655][ T5955] usb 6-1: device not accepting address 17, error -71
[  702.023834][T12125] netlink: 20 bytes leftover after parsing attributes in process `syz.3.1632'.
[  702.179826][T12131] sctp: [Deprecated]: syz.1.1634 (pid 12131) Use of struct sctp_assoc_value in delayed_ack socket option.
[  702.179826][T12131] Use struct sctp_sack_info instead
[  702.322511][T12131] vxcan1 speed is unknown, defaulting to 1000
[  702.392052][ T5955] usb 6-1: new high-speed USB device number 19 using dummy_hcd
[  702.469657][T11991] 8021q: adding VLAN 0 to HW filter on device batadv0
[  702.709456][   T30] audit: type=1804 audit(1755787183.235:30): pid=12139 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz.3.1636" name="file0" dev="tmpfs" ino=1966 res=1 errno=0
[  702.733804][ T5955] usb 6-1: Using ep0 maxpacket: 8
[  702.754223][ T5955] usb 6-1: New USB device found, idVendor=0ccd, idProduct=0039, bcdDevice=90.7b
[  702.764264][ T5955] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  702.806409][ T5955] pvrusb2: Hardware description: Terratec Grabster AV400
[  702.826530][ T5955] pvrusb2: **********
[  702.830717][ T5955] pvrusb2: ***WARNING*** Support for this device (Terratec Grabster AV400) is experimental.
[  702.851175][ T5955] pvrusb2: Important functionality might not be entirely working.
[  702.859506][ T5955] pvrusb2: Please consider contacting the driver author to help with further stabilization of the driver.
[  702.871177][ T5955] pvrusb2: **********
[  703.039407][ T2343] pvrusb2: Invalid write control endpoint
[  703.219943][T12128] pvrusb2: Invalid write control endpoint
[  703.985935][ T2343] pvrusb2: Invalid write control endpoint
[  703.991740][ T2343] pvrusb2: ***WARNING*** Detected a wedged cx25840 chip; the device will not work.
[  704.132075][ T2343] pvrusb2: ***WARNING*** Try power cycling the pvrusb2 device.
[  704.162204][ T2343] pvrusb2: ***WARNING*** Disabling further access to the device to prevent other foul-ups.
[  704.175824][ T2343] pvrusb2: Device being rendered inoperable
[  704.183146][ T2343] cx25840 1-0044: Unable to detect h/w, assuming cx23887
[  704.193289][ T2343] cx25840 1-0044: cx23887 A/V decoder found @ 0x88 (pvrusb2_a)
[  704.232190][ T2343] pvrusb2: Attached sub-driver cx25840
[  704.259070][ T2343] pvrusb2: ***WARNING*** pvrusb2 device hardware appears to be jammed and I can't clear it.
[  704.422964][ T2343] pvrusb2: You might need to power cycle the pvrusb2 device in order to recover.
[  705.088038][T12164] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1640'.
[  705.142758][ T5955] usb 6-1: USB disconnect, device number 19
[  705.572286][T11991] veth0_vlan: entered promiscuous mode
[  705.637141][T11991] veth1_vlan: entered promiscuous mode
[  705.726026][T11991] veth0_macvtap: entered promiscuous mode
[  705.746712][T11991] veth1_macvtap: entered promiscuous mode
[  705.803224][T11991] batman_adv: batadv0: Interface activated: batadv_slave_0
[  705.847894][T11991] batman_adv: batadv0: Interface activated: batadv_slave_1
[  705.887823][T11991] netdevsim netdevsim6 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  705.911665][T11991] netdevsim netdevsim6 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  705.926022][T11991] netdevsim netdevsim6 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  705.935205][T11991] netdevsim netdevsim6 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  706.132911][T10490] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  706.157169][T10490] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  706.534257][T12192] netlink: 'syz.1.1647': attribute type 21 has an invalid length.
[  706.542572][T12192] netlink: 128 bytes leftover after parsing attributes in process `syz.1.1647'.
[  706.554645][T12192] netlink: 'syz.1.1647': attribute type 5 has an invalid length.
[  706.563512][T12192] netlink: 3 bytes leftover after parsing attributes in process `syz.1.1647'.
[  707.766378][ T6245] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  707.810578][ T6245] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  710.176202][T12215] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1653'.
[  710.519156][T12227] netlink: 16 bytes leftover after parsing attributes in process `syz.6.1655'.
[  711.749540][T12249] netlink: 'syz.3.1660': attribute type 21 has an invalid length.
[  711.759135][T12249] netlink: 128 bytes leftover after parsing attributes in process `syz.3.1660'.
[  711.768470][T12249] netlink: 'syz.3.1660': attribute type 5 has an invalid length.
[  711.776393][T12249] netlink: 3 bytes leftover after parsing attributes in process `syz.3.1660'.
[  712.252886][T12251] BTRFS info: 'norecovery' is for compatibility only, recommended to use 'rescue=nologreplay'
[  714.062524][T12264] Cannot find add_set index 0 as target
[  714.906047][T12275] xt_CT: You must specify a L4 protocol and not use inversions on it
[  715.671727][T12277] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  716.071073][T12289] lo: entered promiscuous mode
[  716.089595][T12289] lo: entered allmulticast mode
[  716.120880][T12289] tunl0: entered promiscuous mode
[  716.144793][T12289] tunl0: entered allmulticast mode
[  716.169745][T12289] A link change request failed with some changes committed already. Interface tunl0 may have been left with an inconsistent configuration, please check.
[  716.655573][T12295] overlayfs: failed to resolve './file0': -2
[  716.752291][T12299] BTRFS info: 'norecovery' is for compatibility only, recommended to use 'rescue=nologreplay'
[  717.287030][T12296] netlink: 76 bytes leftover after parsing attributes in process `syz.0.1676'.
[  717.983962][ T5922] usb 2-1: new high-speed USB device number 43 using dummy_hcd
[  718.851926][T12315] fuse: Unknown parameter 'gq¹Äxr00000000000000000000ÿ'
[  718.963647][ T5955] usb 6-1: new high-speed USB device number 20 using dummy_hcd
[  719.040655][ T5922] usb 2-1: config index 0 descriptor too short (expected 1298, got 18)
[  719.182298][ T5955] usb 6-1: Using ep0 maxpacket: 8
[  719.270990][ T5955] usb 6-1: New USB device found, idVendor=0ccd, idProduct=0039, bcdDevice=90.7b
[  719.297614][ T5922] usb 2-1: New USB device found, idVendor=0c45, idProduct=60a8, bcdDevice=b5.55
[  719.358950][ T5955] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  719.395038][ T5922] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  719.420635][ T5922] usb 2-1: Product: syz
[  719.426081][ T5922] usb 2-1: Manufacturer: syz
[  719.430885][ T5922] usb 2-1: SerialNumber: syz
[  719.722836][ T5922] usb 2-1: config 0 descriptor??
[  719.785275][ T5955] pvrusb2: Hardware description: Terratec Grabster AV400
[  719.811233][ T5955] pvrusb2: **********
[  719.816405][ T5955] pvrusb2: ***WARNING*** Support for this device (Terratec Grabster AV400) is experimental.
[  719.842876][ T5922] gspca_main: sonixb-2.14.0 probing 0c45:60a8
[  719.880576][ T5955] pvrusb2: Important functionality might not be entirely working.
[  719.924804][ T5955] pvrusb2: Please consider contacting the driver author to help with further stabilization of the driver.
[  719.953962][ T5955] pvrusb2: **********
[  719.989955][ T2343] pvrusb2: Invalid write control endpoint
[  720.083814][ T5922] input: sonixb as /devices/platform/dummy_hcd.1/usb2/2-1/input/input18
[  720.125810][ T2343] pvrusb2: Invalid write control endpoint
[  720.131879][ T2343] pvrusb2: ***WARNING*** Detected a wedged cx25840 chip; the device will not work.
[  720.190705][ T2343] pvrusb2: ***WARNING*** Try power cycling the pvrusb2 device.
[  720.222431][ T2343] pvrusb2: ***WARNING*** Disabling further access to the device to prevent other foul-ups.
[  720.244917][T12337] 9pnet_fd: Insufficient options for proto=fd
[  720.385820][ T5922] usb 2-1: USB disconnect, device number 43
[  720.473985][ T2343] pvrusb2: Device being rendered inoperable
[  720.480811][T12311] pvrusb2: Attempted to execute control transfer when device not ok
[  720.489673][ T2343] cx25840 1-0044: Unable to detect h/w, assuming cx23887
[  720.493059][ T1208] usb 6-1: USB disconnect, device number 20
[  720.520400][ T2343] cx25840 1-0044: cx23887 A/V decoder found @ 0x88 (pvrusb2_a)
[  720.529101][ T2343] pvrusb2: Attached sub-driver cx25840
[  720.543703][ T2343] pvrusb2: ***WARNING*** pvrusb2 device hardware appears to be jammed and I can't clear it.
[  720.883585][ T2343] pvrusb2: You might need to power cycle the pvrusb2 device in order to recover.
[  721.163945][   T24] IPVS: starting estimator thread 0...
[  722.193580][T12349] IPVS: using max 24 ests per chain, 57600 per kthread
[  723.137816][T12360] BTRFS info: 'norecovery' is for compatibility only, recommended to use 'rescue=nologreplay'
[  723.417247][T12362] Cannot find add_set index 0 as target
[  724.218308][T12373] netlink: 'syz.5.1695': attribute type 10 has an invalid length.
[  724.349834][T12373] mac80211_hwsim hwsim15 wlan1: entered promiscuous mode
[  724.516082][T12373] bond0: (slave wlan1): Enslaving as an active interface with an up link
[  724.560362][T12372] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  724.956536][T12383] syz.0.1698 calls setitimer() with new_value NULL pointer. Misfeature support will be removed
[  725.466666][T12382] block device autoloading is deprecated and will be removed.
[  725.563607][   T24] usb 7-1: new high-speed USB device number 2 using dummy_hcd
[  725.713592][   T24] usb 7-1: Using ep0 maxpacket: 8
[  725.720951][   T24] usb 7-1: New USB device found, idVendor=0ccd, idProduct=0039, bcdDevice=90.7b
[  725.730594][   T24] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  725.918610][   T24] pvrusb2: Hardware description: Terratec Grabster AV400
[  725.951910][   T24] pvrusb2: **********
[  725.994108][   T24] pvrusb2: ***WARNING*** Support for this device (Terratec Grabster AV400) is experimental.
[  726.062620][   T24] pvrusb2: Important functionality might not be entirely working.
[  726.123416][   T24] pvrusb2: Please consider contacting the driver author to help with further stabilization of the driver.
[  726.267852][   T24] pvrusb2: **********
[  726.328753][ T2343] pvrusb2: Invalid write control endpoint
[  726.536215][ T5922] usb 7-1: USB disconnect, device number 2
[  726.564830][T12389] overlayfs: option "index=on" is useless in a non-upper mount, ignore
[  726.573325][T12389] overlayfs: NFS export requires "redirect_dir=nofollow" on non-upper mount, falling back to nfs_export=off.
[  726.603818][T12389] overlayfs: missing 'lowerdir'
[  726.722960][ T2343] pvrusb2: Invalid write control endpoint
[  726.744685][ T2343] pvrusb2: ***WARNING*** Detected a wedged cx25840 chip; the device will not work.
[  727.004258][ T2343] pvrusb2: ***WARNING*** Try power cycling the pvrusb2 device.
[  727.028571][ T2343] pvrusb2: ***WARNING*** Disabling further access to the device to prevent other foul-ups.
[  727.517929][ T2343] pvrusb2: Device being rendered inoperable
[  727.524266][ T2343] cx25840 1-0044: Unable to detect h/w, assuming cx23887
[  727.531647][ T2343] cx25840 1-0044: cx23887 A/V decoder found @ 0x88 (pvrusb2_a)
[  727.555337][ T2343] pvrusb2: Attached sub-driver cx25840
[  727.563011][ T2343] pvrusb2: ***WARNING*** pvrusb2 device hardware appears to be jammed and I can't clear it.
[  727.584103][ T2343] pvrusb2: You might need to power cycle the pvrusb2 device in order to recover.
[  728.548762][T12410] fuse: Bad value for 'fd'
[  730.909621][T12436] bridge1: entered allmulticast mode
[  732.093980][T12451] Cannot find add_set index 0 as target
[  733.012920][T12459] libceph: resolve '400' (ret=-3): failed
[  733.708608][T12457] team_slave_0: entered promiscuous mode
[  733.714476][T12457] team_slave_1: entered promiscuous mode
[  733.732313][T12457] team0: Device macsec1 is already an upper device of the team interface
[  733.788839][T12457] team_slave_0: left promiscuous mode
[  733.794713][T12457] team_slave_1: left promiscuous mode
[  733.856500][T12459] tc_dump_action: action bad kind
[  734.155971][T12468] 9pnet_fd: Insufficient options for proto=fd
[  735.037179][T12480] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  735.757482][T12488] netlink: 68 bytes leftover after parsing attributes in process `syz.0.1727'.
[  736.032022][T12488] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1727'.
[  739.639046][T12518] 9pnet_fd: Insufficient options for proto=fd
[  740.105428][T12520] libceph: resolve '400' (ret=-3): failed
[  740.116885][T12520] tc_dump_action: action bad kind
[  742.159628][T10505] Bluetooth: hci5: Frame reassembly failed (-84)
[  742.192557][T12541] netlink: 8 bytes leftover after parsing attributes in process `syz.6.1742'.
[  742.286160][T12546] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci6/hci6:200/input20
[  743.523531][T12551] 8021q: adding VLAN 0 to HW filter on device bond0
[  743.573929][T12551] bond0: (slave rose0): Enslaving as an active interface with an up link
[  744.213665][ T5847] Bluetooth: hci5: Entering manufacturer mode failed (-110)
[  744.214994][ T5846] Bluetooth: hci5: command 0xfc11 tx timeout
[  744.303342][T12570] vxcan1 speed is unknown, defaulting to 1000
[  744.325708][   T30] audit: type=1326 audit(1755787224.855:31): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12569 comm="syz.5.1749" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fbcc198ebe9 code=0x0
[  744.573968][T12578] batadv1: entered promiscuous mode
[  744.585683][T12578] 8021q: adding VLAN 0 to HW filter on device batadv1
[  745.724556][T12585] 9pnet_fd: Insufficient options for proto=fd
[  751.022371][T12646] BTRFS info: 'norecovery' is for compatibility only, recommended to use 'rescue=nologreplay'
[  751.673868][T12649] netlink: 8 bytes leftover after parsing attributes in process `syz.6.1769'.
[  751.729478][T12649] openvswitch: netlink: nsh attribute has 65532 unknown bytes.
[  751.833140][T12649] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  752.799696][ T1299] ieee802154 phy0 wpan0: encryption failed: -22
[  752.813680][ T1299] ieee802154 phy1 wpan1: encryption failed: -22
[  753.890434][T10505] Bluetooth: hci5: Frame reassembly failed (-90)
[  753.927505][T10505] Bluetooth: hci5: Frame reassembly failed (-84)
[  755.861499][T10486] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  755.903751][ T5846] Bluetooth: hci5: command 0xfc11 tx timeout
[  755.907937][ T5847] Bluetooth: hci5: Entering manufacturer mode failed (-110)
[  756.828244][T10486] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  757.133464][T10486] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  757.243263][T10486] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  757.554615][T10486] bridge_slave_1: left allmulticast mode
[  757.568350][T10486] bridge_slave_1: left promiscuous mode
[  757.586689][T10486] bridge0: port 2(bridge_slave_1) entered disabled state
[  757.622571][T10486] bridge_slave_0: left allmulticast mode
[  757.638811][T10486] bridge_slave_0: left promiscuous mode
[  757.645506][T10486] bridge0: port 1(bridge_slave_0) entered disabled state
[  759.546464][T12736] libceph: resolve '400' (ret=-3): failed
[  764.199874][T10486] $Hÿ (unregistering): (slave bond_slave_0): Releasing backup interface
[  764.211842][T10486] bond_slave_0: left promiscuous mode
[  764.223039][T10486] $Hÿ (unregistering): (slave bond_slave_1): Releasing backup interface
[  764.234230][T10486] bond_slave_1: left promiscuous mode
[  764.242473][T10486] $Hÿ (unregistering): Released all slaves
[  764.282654][T12736] tc_dump_action: action bad kind
[  765.438992][ T5955] usb 6-1: new high-speed USB device number 21 using dummy_hcd
[  765.649976][ T5955] usb 6-1: Using ep0 maxpacket: 32
[  766.694351][ T5955] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  766.707039][ T5955] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  766.717428][ T5955] usb 6-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40
[  766.727055][ T5955] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  766.758377][ T5955] usb 6-1: config 0 descriptor??
[  767.005906][ T5955] hub 6-1:0.0: USB hub found
[  767.722836][ T5955] hub 6-1:0.0: 2 ports detected
[  768.594785][ T5955] hub 6-1:0.0: hub_hub_status failed (err = -71)
[  768.653291][ T5955] hub 6-1:0.0: config failed, can't get hub status (err -71)
[  768.772162][ T5955] usbhid 6-1:0.0: can't add hid device: -71
[  768.799519][ T5955] usbhid 6-1:0.0: probe with driver usbhid failed with error -71
[  768.879107][ T5955] usb 6-1: USB disconnect, device number 21
[  770.693177][ T5847] Bluetooth: hci5: Opcode 0x1003 failed: -110
[  770.926210][T12848] BTRFS info: 'norecovery' is for compatibility only, recommended to use 'rescue=nologreplay'
[  771.874927][ T6000] usb 2-1: new high-speed USB device number 44 using dummy_hcd
[  772.244086][ T6000] usb 2-1: Using ep0 maxpacket: 8
[  772.624331][ T6000] usb 2-1: New USB device found, idVendor=0ccd, idProduct=0039, bcdDevice=90.7b
[  772.663343][ T6000] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  772.787286][T10486] hsr_slave_0: left promiscuous mode
[  772.802623][ T6000] pvrusb2: Hardware description: Terratec Grabster AV400
[  772.827188][ T6000] pvrusb2: **********
[  772.832042][T10486] hsr_slave_1: left promiscuous mode
[  772.839976][T10486] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  772.852401][ T6000] pvrusb2: ***WARNING*** Support for this device (Terratec Grabster AV400) is experimental.
[  772.872205][T10486] batman_adv: batadv0: Removing interface: batadv_slave_0
[  772.884970][ T6000] pvrusb2: Important functionality might not be entirely working.
[  772.900476][ T6000] pvrusb2: Please consider contacting the driver author to help with further stabilization of the driver.
[  772.914339][T10486] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  772.945544][T10486] batman_adv: batadv0: Removing interface: batadv_slave_1
[  772.957273][ T6000] pvrusb2: **********
[  772.995576][ T2343] pvrusb2: Invalid write control endpoint
[  773.251055][T10486] veth1_macvtap: left promiscuous mode
[  773.264065][T12853] pvrusb2: Invalid write control endpoint
[  773.332429][T10486] veth0_macvtap: left promiscuous mode
[  773.353307][ T2343] pvrusb2: Invalid write control endpoint
[  773.360688][T10486] veth1_vlan: left promiscuous mode
[  773.369780][ T2343] pvrusb2: ***WARNING*** Detected a wedged cx25840 chip; the device will not work.
[  773.466415][T10486] veth0_vlan: left promiscuous mode
[  773.467492][ T2343] pvrusb2: ***WARNING*** Try power cycling the pvrusb2 device.
[  773.480831][ T2343] pvrusb2: ***WARNING*** Disabling further access to the device to prevent other foul-ups.
[  773.491085][ T2343] pvrusb2: Device being rendered inoperable
[  773.508090][ T2343] cx25840 1-0044: Unable to detect h/w, assuming cx23887
[  773.523074][ T2343] cx25840 1-0044: cx23887 A/V decoder found @ 0x88 (pvrusb2_a)
[  773.557186][ T2343] pvrusb2: Attached sub-driver cx25840
[  773.571752][ T2343] pvrusb2: ***WARNING*** pvrusb2 device hardware appears to be jammed and I can't clear it.
[  773.621205][ T2343] pvrusb2: You might need to power cycle the pvrusb2 device in order to recover.
[  773.845497][T12875] skbuff: bad partial csum: csum=65506/2 headroom=178 headlen=65526
[  774.673616][   T55] usb 6-1: new high-speed USB device number 22 using dummy_hcd
[  774.722714][ T5901] usb 2-1: USB disconnect, device number 44
[  774.883522][   T55] usb 6-1: Using ep0 maxpacket: 32
[  774.901570][   T55] usb 6-1: config 0 has an invalid interface number: 202 but max is 0
[  774.922495][   T55] usb 6-1: config 0 has an invalid descriptor of length 56, skipping remainder of the config
[  774.947920][   T55] usb 6-1: config 0 has no interface number 0
[  774.983643][   T55] usb 6-1: config 0 interface 202 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[  775.025549][   T55] usb 6-1: New USB device found, idVendor=08ca, idProduct=0109, bcdDevice=bf.1b
[  775.045555][   T55] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  775.054422][   T55] usb 6-1: Product: syz
[  775.058738][   T55] usb 6-1: Manufacturer: syz
[  775.064703][   T55] usb 6-1: SerialNumber: syz
[  775.075587][   T55] usb 6-1: config 0 descriptor??
[  775.285402][T12881] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  775.413087][T12881] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  776.250656][T10486] team0 (unregistering): Port device team_slave_1 removed
[  776.374920][T10486] team0 (unregistering): Port device team_slave_0 removed
[  778.767083][   T55] usb 6-1: USB disconnect, device number 22
[  779.412802][T12912] BTRFS info: 'norecovery' is for compatibility only, recommended to use 'rescue=nologreplay'
[  781.372576][T12922] fuse: Unknown parameter 'group_id б¾Íz[
±…rö'
[  782.773300][T12940] xt_CT: No such helper "pptp"
[  785.525654][T12979] netlink: 'syz.1.1843': attribute type 10 has an invalid length.
[  785.566690][T12979] netlink: 40 bytes leftover after parsing attributes in process `syz.1.1843'.
[  785.685862][T12979] A link change request failed with some changes committed already. Interface virt_wifi0 may have been left with an inconsistent configuration, please check.
[  786.060765][T12987] netlink: 8 bytes leftover after parsing attributes in process `syz.6.1842'.
[  787.133679][T13006] Cannot find add_set index 0 as target
[  788.583566][T13016] libceph: resolve '400' (ret=-3): failed
[  788.614527][T13016] tc_dump_action: action bad kind
[  790.778442][T13054] netlink: 36 bytes leftover after parsing attributes in process `syz.6.1857'.
[  790.845011][T13056] netlink: 8 bytes leftover after parsing attributes in process `syz.6.1857'.
[  792.787085][T13089] Cannot find add_set index 0 as target
[  797.509305][T13127] vxcan1 speed is unknown, defaulting to 1000
[  797.937838][   T24] hid-generic 0000:0000:0000.0006: unknown main item tag 0x0
[  797.988442][   T24] hid-generic 0000:0000:0000.0006: hidraw0: <UNKNOWN> HID v0.00 Device [syz1] on syz0
[  798.237750][T13135] fido_id[13135]: Failed to open report descriptor at '/sys/devices/virtual/misc/uhid/report_descriptor': No such file or directory
[  799.847829][T13159] overlayfs: failed to resolve './file1': -2
[  799.891583][T13155] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  800.200160][   T30] audit: type=1326 audit(1755787280.725:32): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13165 comm="syz.3.1883" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5fbb98ebe9 code=0x7ffc0000
[  800.288024][   T30] audit: type=1326 audit(1755787280.725:33): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13165 comm="syz.3.1883" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5fbb98ebe9 code=0x7ffc0000
[  800.523718][   T30] audit: type=1326 audit(1755787280.765:34): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13165 comm="syz.3.1883" exe="/root/syz-executor" sig=0 arch=c000003e syscall=254 compat=0 ip=0x7f5fbb98ebe9 code=0x7ffc0000
[  800.546229][   T30] audit: type=1326 audit(1755787280.765:35): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13165 comm="syz.3.1883" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5fbb98ebe9 code=0x7ffc0000
[  800.628590][T13170] netlink: 144 bytes leftover after parsing attributes in process `syz.3.1883'.
[  801.149417][   T30] audit: type=1326 audit(1755787280.765:36): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13165 comm="syz.3.1883" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5fbb98ebe9 code=0x7ffc0000
[  801.174427][   T30] audit: type=1326 audit(1755787280.775:37): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13165 comm="syz.3.1883" exe="/root/syz-executor" sig=0 arch=c000003e syscall=255 compat=0 ip=0x7f5fbb98ebe9 code=0x7ffc0000
[  801.220510][   T30] audit: type=1326 audit(1755787280.775:38): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13165 comm="syz.3.1883" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5fbb98ebe9 code=0x7ffc0000
[  801.402654][   T30] audit: type=1326 audit(1755787280.775:39): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13165 comm="syz.3.1883" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5fbb98ebe9 code=0x7ffc0000
[  801.473765][   T30] audit: type=1326 audit(1755787280.775:40): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13165 comm="syz.3.1883" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f5fbb98ebe9 code=0x7ffc0000
[  801.718109][   T30] audit: type=1326 audit(1755787280.795:41): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13165 comm="syz.3.1883" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5fbb98ebe9 code=0x7ffc0000
[  801.787227][   T24] usb 2-1: new high-speed USB device number 45 using dummy_hcd
[  803.149876][   T24] usb 2-1: Using ep0 maxpacket: 16
[  803.166208][   T24] usb 2-1: config 7 has an invalid descriptor of length 0, skipping remainder of the config
[  803.203570][   T24] usb 2-1: config 7 interface 0 altsetting 5 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  803.232503][   T24] usb 2-1: config 7 interface 0 altsetting 5 endpoint 0x81 has invalid wMaxPacketSize 0
[  803.257050][   T24] usb 2-1: config 7 interface 0 altsetting 5 has 1 endpoint descriptor, different from the interface descriptor's value: 5
[  803.301858][   T24] usb 2-1: config 7 interface 0 has no altsetting 0
[  803.328167][   T24] usb 2-1: New USB device found, idVendor=0458, idProduct=5010, bcdDevice= 0.00
[  803.361543][   T24] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  804.474997][   T24] input: HID 0458:5010 as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:7.0/0003:0458:5010.0007/input/input21
[  804.791095][ T5846] Bluetooth: hci5: Opcode 0x1003 failed: -110
[  804.798227][   T24] kye 0003:0458:5010.0007: input,hiddev0,hidraw0: USB HID v2.00 Device [HID 0458:5010] on usb-dummy_hcd.1-1/input0
[  804.974441][   T24] usb 2-1: USB disconnect, device number 45
[  806.059484][T13209] fido_id[13209]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.1/usb2/report_descriptor': No such file or directory
[  806.928590][T13247] xt_TPROXY: Can be used only with -p tcp or -p udp
[  807.535867][T13257] fuse: blksize only supported for fuseblk
[  809.502160][T13278] BTRFS info: 'norecovery' is for compatibility only, recommended to use 'rescue=nologreplay'
[  811.443658][T13301] fuse: Bad value for 'fd'
[  811.675615][T13304] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1915'.
[  811.690331][T13304] netdevsim netdevsim0 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0
[  811.699752][T13304] netdevsim netdevsim0 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0
[  811.708658][T13304] netdevsim netdevsim0 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0
[  811.717919][T13304] netdevsim netdevsim0 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0
[  811.824500][    T9] hid-generic 0000:0000:0000.0008: unknown main item tag 0x0
[  811.892707][    T9] hid-generic 0000:0000:0000.0008: hidraw0: <UNKNOWN> HID v0.00 Device [syz1] on syz0
[  813.948703][T13338] BTRFS info: 'norecovery' is for compatibility only, recommended to use 'rescue=nologreplay'
[  814.174443][ T1299] ieee802154 phy0 wpan0: encryption failed: -22
[  814.174509][ T1299] ieee802154 phy1 wpan1: encryption failed: -22
[  816.235254][ T6000] usb 7-1: new low-speed USB device number 3 using dummy_hcd
[  816.323716][ T1208] usb 2-1: new high-speed USB device number 46 using dummy_hcd
[  816.468324][ T6000] usb 7-1: config 9 has an invalid interface number: 1 but max is 0
[  816.517097][ T6000] usb 7-1: config 9 has no interface number 0
[  816.573694][ T1208] usb 2-1: Using ep0 maxpacket: 32
[  816.617937][ T6000] usb 7-1: config 9 interface 1 has no altsetting 0
[  816.646945][ T1208] usb 2-1: config 0 has an invalid interface number: 85 but max is 0
[  816.916185][ T1208] usb 2-1: config 0 has no interface number 0
[  816.925441][ T1208] usb 2-1: config 0 interface 85 altsetting 7 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  816.944341][ T6000] usb 7-1: string descriptor 0 read error: -22
[  816.950734][ T6000] usb 7-1: New USB device found, idVendor=2040, idProduct=b140, bcdDevice=75.36
[  816.960875][ T1208] usb 2-1: config 0 interface 85 has no altsetting 0
[  816.969339][ T6000] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  817.453569][ T1208] usb 2-1: New USB device found, idVendor=05ac, idProduct=0219, bcdDevice=f0.72
[  817.463101][ T1208] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  817.472892][ T6000] cx231xx 7-1:9.1: New device   @ 1.5 Mbps (2040:b140) with 1 interfaces
[  817.486732][ T6000] cx231xx 7-1:9.1: Not found matching IAD interface
[  817.513495][ T1208] usb 2-1: Product: syz
[  817.517746][ T1208] usb 2-1: Manufacturer: syz
[  817.522427][ T1208] usb 2-1: SerialNumber: syz
[  817.560868][ T1208] usb 2-1: config 0 descriptor??
[  817.659354][ T5955] usb 7-1: USB disconnect, device number 3
[  818.155599][T10497] Bluetooth: hci5: Frame reassembly failed (-84)
[  818.651625][ T1208] appletouch 2-1:0.85: Geyser mode initialized.
[  818.668058][ T1208] input: appletouch as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.85/input/input22
[  818.782321][T13404] vxcan1 speed is unknown, defaulting to 1000
[  818.851328][    T9] usb 2-1: USB disconnect, device number 46
[  818.898630][    T9] appletouch 2-1:0.85: input: appletouch disconnected
[  820.214851][ T5847] Bluetooth: hci5: command 0x1003 tx timeout
[  820.244233][ T5846] Bluetooth: hci5: Opcode 0x1003 failed: -110
[  820.745876][T13437] netlink: 'syz.1.1939': attribute type 10 has an invalid length.
[  820.754034][T13437] netlink: 40 bytes leftover after parsing attributes in process `syz.1.1939'.
[  821.503614][ T1208] usb 6-1: new high-speed USB device number 23 using dummy_hcd
[  821.664169][ T1208] usb 6-1: Using ep0 maxpacket: 8
[  821.676867][ T1208] usb 6-1: New USB device found, idVendor=0ccd, idProduct=0039, bcdDevice=90.7b
[  821.693534][ T1208] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  821.776442][ T1208] pvrusb2: Hardware description: Terratec Grabster AV400
[  821.815030][ T1208] pvrusb2: **********
[  821.834228][ T1208] pvrusb2: ***WARNING*** Support for this device (Terratec Grabster AV400) is experimental.
[  821.879652][ T1208] pvrusb2: Important functionality might not be entirely working.
[  822.007208][T13460] Cannot find add_set index 0 as target
[  822.208456][ T1208] pvrusb2: Please consider contacting the driver author to help with further stabilization of the driver.
[  822.530061][ T1208] pvrusb2: **********
[  822.584397][ T2343] pvrusb2: Invalid write control endpoint
[  822.867698][ T2343] pvrusb2: Invalid write control endpoint
[  822.907383][ T2343] pvrusb2: ***WARNING*** Detected a wedged cx25840 chip; the device will not work.
[  822.943755][ T2343] pvrusb2: ***WARNING*** Try power cycling the pvrusb2 device.
[  822.983565][ T2343] pvrusb2: ***WARNING*** Disabling further access to the device to prevent other foul-ups.
[  823.015722][ T2343] pvrusb2: Device being rendered inoperable
[  823.043527][ T2343] cx25840 1-0044: Unable to detect h/w, assuming cx23887
[  823.071183][ T2343] cx25840 1-0044: cx23887 A/V decoder found @ 0x88 (pvrusb2_a)
[  823.112146][ T2343] pvrusb2: Attached sub-driver cx25840
[  823.136726][ T2343] pvrusb2: ***WARNING*** pvrusb2 device hardware appears to be jammed and I can't clear it.
[  823.166332][ T2343] pvrusb2: You might need to power cycle the pvrusb2 device in order to recover.
[  824.389285][ T5914] usb 6-1: USB disconnect, device number 23
[  827.049292][T13517] kvm: pic: non byte write
[  827.950103][T13540] netlink: 168 bytes leftover after parsing attributes in process `syz.5.1961'.
[  828.208825][ T1208] usb 7-1: new high-speed USB device number 4 using dummy_hcd
[  828.273719][    T9] usb 2-1: new high-speed USB device number 47 using dummy_hcd
[  828.393789][ T1208] usb 7-1: Using ep0 maxpacket: 16
[  828.453894][    T9] usb 2-1: Using ep0 maxpacket: 8
[  828.465693][    T9] usb 2-1: New USB device found, idVendor=0ccd, idProduct=0039, bcdDevice=90.7b
[  828.495794][    T9] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  828.533076][    T9] pvrusb2: Hardware description: Terratec Grabster AV400
[  828.561010][    T9] pvrusb2: **********
[  828.574726][    T9] pvrusb2: ***WARNING*** Support for this device (Terratec Grabster AV400) is experimental.
[  828.614932][ T1208] usb 7-1: unable to get BOS descriptor or descriptor too short
[  828.640171][    T9] pvrusb2: Important functionality might not be entirely working.
[  828.656839][ T1208] usb 7-1: unable to read config index 0 descriptor/start: -71
[  828.671853][    T9] pvrusb2: Please consider contacting the driver author to help with further stabilization of the driver.
[  828.687000][ T1208] usb 7-1: can't read configurations, error -71
[  829.170942][    T9] pvrusb2: **********
[  829.189681][ T2343] pvrusb2: Invalid write control endpoint
[  829.312979][ T2343] pvrusb2: Invalid write control endpoint
[  829.343446][ T2343] pvrusb2: ***WARNING*** Detected a wedged cx25840 chip; the device will not work.
[  829.387358][ T2343] pvrusb2: ***WARNING*** Try power cycling the pvrusb2 device.
[  829.395765][ T2343] pvrusb2: ***WARNING*** Disabling further access to the device to prevent other foul-ups.
[  829.406358][ T2343] pvrusb2: Device being rendered inoperable
[  829.412696][ T2343] cx25840 1-0044: Unable to detect h/w, assuming cx23887
[  829.434676][ T2343] cx25840 1-0044: cx23887 A/V decoder found @ 0x88 (pvrusb2_a)
[  829.471854][ T2343] pvrusb2: Attached sub-driver cx25840
[  829.490434][ T2343] pvrusb2: ***WARNING*** pvrusb2 device hardware appears to be jammed and I can't clear it.
[  829.577527][ T2343] pvrusb2: You might need to power cycle the pvrusb2 device in order to recover.
[  831.092641][ T1208] usb 2-1: USB disconnect, device number 47
[  831.661822][T13598] netlink: 12 bytes leftover after parsing attributes in process `syz.6.1971'.
[  832.818072][ T5901] usb 7-1: new high-speed USB device number 6 using dummy_hcd
[  833.002180][ T5901] usb 7-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08
[  833.017450][ T5901] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  833.046522][ T5901] usb 7-1: Product: syz
[  833.052849][ T5901] usb 7-1: Manufacturer: syz
[  833.078426][ T5901] usb 7-1: SerialNumber: syz
[  833.097820][ T5901] usb 7-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested
[  833.124333][ T5955] usb 7-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008
[  833.479843][T13615] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1976'.
[  833.523016][T13615] 9pnet_fd: Insufficient options for proto=fd
[  833.549686][T13598] fuse: Unknown parameter '_‚õX»üöŠôÛUݵAb'
[  833.567975][ T1208] usb 7-1: USB disconnect, device number 6
[  834.868370][ T5955] ath9k_htc 7-1:1.0: ath9k_htc: Target is unresponsive
[  834.880871][ T5955] ath9k_htc: Failed to initialize the device
[  834.891781][ T1208] usb 7-1: ath9k_htc: USB layer deinitialized
[  835.019705][T13637] capability: warning: `syz.1.1983' uses 32-bit capabilities (legacy support in use)
[  836.284860][T13660] libceph: resolve '400' (ret=-3): failed
[  836.292069][T13660] tc_dump_action: action bad kind
[  837.334293][ T5846] Bluetooth: hci1: command 0x0406 tx timeout
[  837.343784][T13637] Bluetooth: hci1: Opcode 0x0c1a failed: -110
[  837.806505][T13693] fuse: Bad value for 'fd'
[  837.977958][T13637] Bluetooth: hci1: Opcode 0x0406 failed: -4
[  838.148902][T13637] Bluetooth: hci6: Opcode 0x0c1a failed: -4
[  838.248781][T13637] Bluetooth: hci6: Opcode 0x0406 failed: -4
[  838.343518][T13637] Bluetooth: hci6: Opcode 0x0406 failed: -4
[  839.414878][ T5846] Bluetooth: hci1: command 0x0406 tx timeout
[  839.455360][ T1208] usb 7-1: new high-speed USB device number 7 using dummy_hcd
[  839.656060][ T1208] usb 7-1: Using ep0 maxpacket: 16
[  839.834690][ T1208] usb 7-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  839.885435][ T1208] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  840.160315][ T1208] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x2 has invalid wMaxPacketSize 0
[  840.223627][ T5846] Bluetooth: hci6: command 0x0c1a tx timeout
[  840.488320][ T1208] usb 7-1: config 0 interface 0 altsetting 0 bulk endpoint 0x2 has invalid maxpacket 0
[  840.543147][ T1208] usb 7-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  840.657629][ T1208] usb 7-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42
[  840.706350][ T1208] usb 7-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0
[  840.753565][ T1208] usb 7-1: Manufacturer: syz
[  840.796494][ T1208] usb 7-1: config 0 descriptor??
[  840.895451][T13738] netlink: 4 bytes leftover after parsing attributes in process `syz.5.1999'.
[  840.923807][T13737] netlink: 4 bytes leftover after parsing attributes in process `syz.5.1999'.
[  841.163844][ T1208] rc_core: IR keymap rc-hauppauge not found
[  841.169932][ T1208] Registered IR keymap rc-empty
[  841.213665][ T1208] mceusb 7-1:0.0: Error: mce write submit urb error = -90
[  841.243528][ T1208] mceusb 7-1:0.0: Error: mce write submit urb error = -90
[  841.272412][ T1208] rc rc0: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.6/usb7/7-1/7-1:0.0/rc/rc0
[  841.308207][ T1208] input: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.6/usb7/7-1/7-1:0.0/rc/rc0/input23
[  841.341901][T13749] libceph: resolve '400' (ret=-3): failed
[  841.353285][T13749] tc_dump_action: action bad kind
[  841.384142][ T1208] mceusb 7-1:0.0: Error: mce write submit urb error = -90
[  841.454124][ T1208] mceusb 7-1:0.0: Error: mce write submit urb error = -90
[  841.494346][ T1208] mceusb 7-1:0.0: Error: mce write submit urb error = -90
[  841.533948][ T1208] mceusb 7-1:0.0: Error: mce write submit urb error = -90
[  841.574366][ T1208] mceusb 7-1:0.0: Error: mce write submit urb error = -90
[  841.623611][ T1208] mceusb 7-1:0.0: Error: mce write submit urb error = -90
[  841.683699][ T1208] mceusb 7-1:0.0: Error: mce write submit urb error = -90
[  841.724324][ T1208] mceusb 7-1:0.0: Error: mce write submit urb error = -90
[  841.783675][ T1208] mceusb 7-1:0.0: Error: mce write submit urb error = -90
[  841.796497][T13759] kvm: pic: non byte write
[  841.821247][ T1208] mceusb 7-1:0.0: Error: mce write submit urb error = -90
[  841.866073][ T1208] mceusb 7-1:0.0: Registered  with mce emulator interface version 1
[  841.884117][ T1208] mceusb 7-1:0.0: 2 tx ports (0x1 cabled) and 2 rx sensors (0x0 active)
[  841.943978][ T1208] usb 7-1: USB disconnect, device number 7
[  842.248784][T13769] A link change request failed with some changes committed already. Interface tunl0 may have been left with an inconsistent configuration, please check.
[  842.308634][ T5846] Bluetooth: hci6: command 0x0c1a tx timeout
[  844.382030][ T5846] Bluetooth: hci6: command 0x0c1a tx timeout
[  845.640671][T13815] MTD: Attempt to mount non-MTD device "/dev/nbd1"
[  845.710297][T13815] cramfs: wrong magic
[  846.789168][T13854] netlink: 201392 bytes leftover after parsing attributes in process `syz.3.2033'.
[  846.822178][T13857] netlink: 'syz.1.2034': attribute type 10 has an invalid length.
[  846.843146][T13859] netlink: 132 bytes leftover after parsing attributes in process `syz.3.2033'.
[  846.878267][T13857] team0: Port device dummy0 added
[  846.900164][T13854] openvswitch: netlink: ufid size 3068 bytes exceeds the range (1, 16)
[  846.914510][T13862] netlink: 'syz.1.2034': attribute type 10 has an invalid length.
[  846.923226][T13862] 
[  846.925611][T13862] ======================================================
[  846.932665][T13862] WARNING: possible circular locking dependency detected
[  846.939751][T13862] 6.16.0-syzkaller #0 Not tainted
[  846.944903][T13862] ------------------------------------------------------
[  846.952087][T13862] syz.1.2034/13862 is trying to acquire lock:
[  846.958291][T13862] ffff88807bc24e00 (team->team_lock_key#3){+.+.}-{4:4}, at: team_device_event+0x182/0xa20
[  846.963771][T13854] openvswitch: netlink: Message has 8454 unknown bytes.
[  846.968400][T13862] 
[  846.968400][T13862] but task is already holding lock:
[  846.968420][T13862] ffff88807bddcd30 (&dev_instance_lock_key#3){+.+.}-{4:4}, at: do_setlink+0x388/0x41c0
[  846.968495][T13862] 
[  846.968495][T13862] which lock already depends on the new lock.
[  846.968495][T13862] 
[  846.968504][T13862] 
[  846.968504][T13862] the existing dependency chain (in reverse order) is:
[  846.968512][T13862] 
[  846.968512][T13862] -> #1 (&dev_instance_lock_key#3){+.+.}-{4:4}:
[  847.020612][T13862]        lock_acquire+0x120/0x360
[  847.025707][T13862]        __mutex_lock+0x182/0xe80
[  847.030818][T13862]        dev_set_mtu+0x10e/0x260
[  847.035788][T13862]        team_add_slave+0x8b8/0x2840
[  847.041100][T13862]        do_set_master+0x530/0x6d0
[  847.046416][T13862]        do_setlink+0xcf0/0x41c0
[  847.051771][T13862]        rtnl_newlink+0x160b/0x1c70
[  847.057107][T13862]        rtnetlink_rcv_msg+0x7cc/0xb70
[  847.062600][T13862]        netlink_rcv_skb+0x205/0x470
[  847.067918][T13862]        netlink_unicast+0x75c/0x8e0
[  847.073233][T13862]        netlink_sendmsg+0x805/0xb30
[  847.078550][T13862]        __sock_sendmsg+0x21c/0x270
[  847.083863][T13862]        ____sys_sendmsg+0x505/0x830
[  847.089178][T13862]        ___sys_sendmsg+0x21f/0x2a0
[  847.094401][T13862]        __x64_sys_sendmsg+0x19b/0x260
[  847.099886][T13862]        do_syscall_64+0xfa/0x3b0
[  847.104968][T13862]        entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  847.111406][T13862] 
[  847.111406][T13862] -> #0 (team->team_lock_key#3){+.+.}-{4:4}:
[  847.119649][T13862]        validate_chain+0xb9b/0x2140
[  847.124998][T13862]        __lock_acquire+0xab9/0xd20
[  847.130221][T13862]        lock_acquire+0x120/0x360
[  847.135297][T13862]        __mutex_lock+0x182/0xe80
[  847.140353][T13862]        team_device_event+0x182/0xa20
[  847.145918][T13862]        notifier_call_chain+0x1b3/0x3e0
[  847.151579][T13862]        __dev_notify_flags+0x18d/0x2e0
[  847.157249][T13862]        netif_change_flags+0xe8/0x1a0
[  847.162835][T13862]        do_setlink+0xc55/0x41c0
[  847.167808][T13862]        rtnl_newlink+0x160b/0x1c70
[  847.173126][T13862]        rtnetlink_rcv_msg+0x7cc/0xb70
[  847.178629][T13862]        netlink_rcv_skb+0x205/0x470
[  847.183944][T13862]        netlink_unicast+0x75c/0x8e0
[  847.189339][T13862]        netlink_sendmsg+0x805/0xb30
[  847.194648][T13862]        __sock_sendmsg+0x21c/0x270
[  847.199869][T13862]        ____sys_sendmsg+0x505/0x830
[  847.205269][T13862]        ___sys_sendmsg+0x21f/0x2a0
[  847.210493][T13862]        __x64_sys_sendmsg+0x19b/0x260
[  847.215994][T13862]        do_syscall_64+0xfa/0x3b0
[  847.221056][T13862]        entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  847.227595][T13862] 
[  847.227595][T13862] other info that might help us debug this:
[  847.227595][T13862] 
[  847.237927][T13862]  Possible unsafe locking scenario:
[  847.237927][T13862] 
[  847.245738][T13862]        CPU0                    CPU1
[  847.251207][T13862]        ----                    ----
[  847.256765][T13862]   lock(&dev_instance_lock_key#3);
[  847.262012][T13862]                                lock(team->team_lock_key#3);
[  847.269500][T13862]                                lock(&dev_instance_lock_key#3);
[  847.277336][T13862]   lock(team->team_lock_key#3);
[  847.282338][T13862] 
[  847.282338][T13862]  *** DEADLOCK ***
[  847.282338][T13862] 
[  847.290602][T13862] 2 locks held by syz.1.2034/13862:
[  847.295904][T13862]  #0: ffffffff8f509f08 (rtnl_mutex){+.+.}-{4:4}, at: rtnl_newlink+0x8db/0x1c70
[  847.305086][T13862]  #1: ffff88807bddcd30 (&dev_instance_lock_key#3){+.+.}-{4:4}, at: do_setlink+0x388/0x41c0
[  847.315387][T13862] 
[  847.315387][T13862] stack backtrace:
[  847.321326][T13862] CPU: 1 UID: 0 PID: 13862 Comm: syz.1.2034 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) 
[  847.321350][T13862] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  847.321362][T13862] Call Trace:
[  847.321372][T13862]  <TASK>
[  847.321381][T13862]  dump_stack_lvl+0x189/0x250
[  847.321406][T13862]  ? __pfx_dump_stack_lvl+0x10/0x10
[  847.321425][T13862]  ? __pfx__printk+0x10/0x10
[  847.321449][T13862]  ? print_lock_name+0xde/0x100
[  847.321472][T13862]  print_circular_bug+0x2ee/0x310
[  847.321496][T13862]  check_noncircular+0x134/0x160
[  847.321520][T13862]  validate_chain+0xb9b/0x2140
[  847.321543][T13862]  ? __lock_acquire+0xab9/0xd20
[  847.321564][T13862]  __lock_acquire+0xab9/0xd20
[  847.321582][T13862]  ? team_device_event+0x182/0xa20
[  847.321605][T13862]  lock_acquire+0x120/0x360
[  847.321621][T13862]  ? team_device_event+0x182/0xa20
[  847.321639][T13862]  ? _raw_spin_unlock_irqrestore+0x85/0x110
[  847.321672][T13862]  __mutex_lock+0x182/0xe80
[  847.321691][T13862]  ? team_device_event+0x182/0xa20
[  847.321710][T13862]  ? __try_to_del_timer_sync+0x34a/0x3a0
[  847.321735][T13862]  ? team_device_event+0x182/0xa20
[  847.321752][T13862]  ? __pfx___mutex_lock+0x10/0x10
[  847.321769][T13862]  ? __timer_delete_sync+0x218/0x2d0
[  847.321803][T13862]  team_device_event+0x182/0xa20
[  847.321821][T13862]  notifier_call_chain+0x1b3/0x3e0
[  847.321845][T13862]  __dev_notify_flags+0x18d/0x2e0
[  847.321873][T13862]  ? __pfx___dev_notify_flags+0x10/0x10
[  847.321897][T13862]  ? __dev_change_flags+0x4cc/0x6d0
[  847.321926][T13862]  ? __pfx___dev_change_flags+0x10/0x10
[  847.321951][T13862]  ? __pfx_console_unlock+0x10/0x10
[  847.321973][T13862]  ? irq_work_queue+0xbc/0x140
[  847.322001][T13862]  netif_change_flags+0xe8/0x1a0
[  847.322030][T13862]  do_setlink+0xc55/0x41c0
[  847.322063][T13862]  ? __pfx_do_setlink+0x10/0x10
[  847.322088][T13862]  ? _printk+0xcf/0x120
[  847.322108][T13862]  ? __pfx____ratelimit+0x10/0x10
[  847.322131][T13862]  ? __lock_acquire+0xab9/0xd20
[  847.322151][T13862]  ? __mutex_trylock_common+0x153/0x260
[  847.322173][T13862]  ? __pfx___mutex_trylock_common+0x10/0x10
[  847.322196][T13862]  ? rcu_is_watching+0x15/0xb0
[  847.322215][T13862]  ? trace_contention_end+0x39/0x120
[  847.322237][T13862]  ? __mutex_lock+0x330/0xe80
[  847.322259][T13862]  ? rtnl_newlink+0x8db/0x1c70
[  847.322281][T13862]  ? rcu_is_watching+0x15/0xb0
[  847.322300][T13862]  ? __pfx___mutex_lock+0x10/0x10
[  847.322324][T13862]  ? ns_capable+0x8a/0xf0
[  847.322342][T13862]  ? rtnl_link_get_net_capable+0x16a/0x350
[  847.322371][T13862]  rtnl_newlink+0x160b/0x1c70
[  847.322393][T13862]  ? netlink_sendmsg+0x805/0xb30
[  847.322424][T13862]  ? __pfx_rtnl_newlink+0x10/0x10
[  847.322457][T13862]  ? kasan_quarantine_put+0xdd/0x220
[  847.322484][T13862]  ? lockdep_hardirqs_on+0x9c/0x150
[  847.322504][T13862]  ? nlmon_xmit+0xb0/0x100
[  847.322525][T13862]  ? kmem_cache_free+0x18f/0x400
[  847.322546][T13862]  ? __local_bh_enable_ip+0x12d/0x1c0
[  847.322564][T13862]  ? lockdep_hardirqs_on+0x9c/0x150
[  847.322582][T13862]  ? __local_bh_enable_ip+0x12d/0x1c0
[  847.322605][T13862]  ? __pfx___local_bh_enable_ip+0x10/0x10
[  847.322625][T13862]  ? __dev_queue_xmit+0x27e/0x3a70
[  847.322642][T13862]  ? __dev_queue_xmit+0x27e/0x3a70
[  847.322659][T13862]  ? __dev_queue_xmit+0x27e/0x3a70
[  847.322677][T13862]  ? __dev_queue_xmit+0x1cd7/0x3a70
[  847.322697][T13862]  ? __lock_acquire+0xab9/0xd20
[  847.322723][T13862]  ? __pfx_rtnl_newlink+0x10/0x10
[  847.322746][T13862]  rtnetlink_rcv_msg+0x7cc/0xb70
[  847.322770][T13862]  ? rtnetlink_rcv_msg+0x1ab/0xb70
[  847.322792][T13862]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  847.322814][T13862]  ? ref_tracker_free+0x63a/0x7d0
[  847.322832][T13862]  ? __copy_skb_header+0xa7/0x550
[  847.322850][T13862]  ? __pfx_ref_tracker_free+0x10/0x10
[  847.322868][T13862]  ? __skb_clone+0x63/0x7a0
[  847.322887][T13862]  netlink_rcv_skb+0x205/0x470
[  847.322911][T13862]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  847.322935][T13862]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  847.322965][T13862]  ? netlink_deliver_tap+0x2e/0x1b0
[  847.322988][T13862]  ? netlink_deliver_tap+0x2e/0x1b0
[  847.323015][T13862]  netlink_unicast+0x75c/0x8e0
[  847.323041][T13862]  netlink_sendmsg+0x805/0xb30
[  847.323071][T13862]  ? __pfx_netlink_sendmsg+0x10/0x10
[  847.323099][T13862]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  847.323116][T13862]  ? __pfx_netlink_sendmsg+0x10/0x10
[  847.323142][T13862]  __sock_sendmsg+0x21c/0x270
[  847.323164][T13862]  ____sys_sendmsg+0x505/0x830
[  847.323193][T13862]  ? __pfx_____sys_sendmsg+0x10/0x10
[  847.323224][T13862]  ? import_iovec+0x74/0xa0
[  847.323250][T13862]  ___sys_sendmsg+0x21f/0x2a0
[  847.323278][T13862]  ? __pfx____sys_sendmsg+0x10/0x10
[  847.323321][T13862]  ? __fget_files+0x2a/0x420
[  847.323340][T13862]  ? __fget_files+0x3a0/0x420
[  847.323367][T13862]  __x64_sys_sendmsg+0x19b/0x260
[  847.323399][T13862]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  847.323437][T13862]  ? do_user_addr_fault+0xc8a/0x1390
[  847.323466][T13862]  ? do_syscall_64+0xbe/0x3b0
[  847.323487][T13862]  do_syscall_64+0xfa/0x3b0
[  847.323506][T13862]  ? lockdep_hardirqs_on+0x9c/0x150
[  847.323523][T13862]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  847.323541][T13862]  ? clear_bhb_loop+0x60/0xb0
[  847.323560][T13862]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  847.323578][T13862] RIP: 0033:0x7fdc28d8ebe9
[  847.323601][T13862] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  847.323617][T13862] RSP: 002b:00007fdc29c60038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  847.323636][T13862] RAX: ffffffffffffffda RBX: 00007fdc28fb6090 RCX: 00007fdc28d8ebe9
[  847.323650][T13862] RDX: 0000000000000000 RSI: 0000200000000600 RDI: 0000000000000003
[  847.323661][T13862] RBP: 00007fdc28e11e19 R08: 0000000000000000 R09: 0000000000000000
[  847.323672][T13862] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  847.323682][T13862] R13: 00007fdc28fb6128 R14: 00007fdc28fb6090 R15: 00007ffc14b81fc8
[  847.323703][T13862]  </TASK>
[  847.954261][T13862] team0: Port device dummy0 removed
[  847.962597][T13862] dummy0: entered promiscuous mode
[  847.971717][T13862] bond0: (slave dummy0): Enslaving as an active interface with an up link