last executing test programs:

14.006601041s ago: executing program 1 (id=1328):
r0 = syz_usb_connect(0x0, 0x24, &(0x7f00000007c0)=ANY=[@ANYBLOB="12010000ed3ec908cd0cb300ea2d010203010902120001000000000904"], 0x0)
syz_usb_control_io$hid(r0, 0x0, 0x0) (async)
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ecm(r0, 0x0, &(0x7f00000004c0)={0x1c, &(0x7f0000000dc0)=ANY=[], 0x0, 0x0}) (async)
syz_usb_control_io$cdc_ecm(r0, 0x0, 0x0) (async)
r1 = syz_usb_connect$hid(0x2, 0x36, &(0x7f0000000080)={{0x12, 0x1, 0x111, 0x0, 0x0, 0x0, 0x40, 0x28bd, 0x74, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x40, 0x9, [{{0x9, 0x4, 0x0, 0x4, 0x1, 0x3, 0x0, 0x0, 0x0, {0x9, 0x21, 0x7, 0x84, 0x1, {0x22, 0x7}}, {{{0x9, 0x5, 0x81, 0x3, 0x200, 0x0, 0x0, 0x5}}}}}]}}]}}, 0x0)
syz_usb_control_io$hid(r1, 0x0, 0x0)
syz_usb_control_io$hid(r1, &(0x7f0000000000)={0x24, 0x0, 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="00220700a2b6084500ad06951da2966fb8bbfd133ada7a7ec894828c1a073aa2629f01f0dae8fb356cedcd7afe7133802b7c02801abfb8a6d91fc2742334b3dd09b5c816d08d57f7fbabf92261359a3aecdb6a4023757a21397f4dea85726dbec89b55ccbfef3c6b701a6e2276cc15699722e13e86fd9f8aac390b0c8bae12600524b1f1759f2878f0e0f0d30b42319ccb54ebcba0d227fb96b3"], 0x0}, 0x0)

12.050080947s ago: executing program 4 (id=1335):
socket$nl_netfilter(0x10, 0x3, 0xc)
syz_open_dev$usbfs(0x0, 0x800, 0x101100)
socket$nl_route(0x10, 0x3, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f00000000c0)=0xfffffffffffffffe)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
socket$tipc(0x1e, 0x2, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
r1 = add_key(&(0x7f0000000000)='keyring\x00', &(0x7f0000000040)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffd)
pipe2$watch_queue(&(0x7f0000000180)={<r2=>0xffffffffffffffff}, 0x80)
keyctl$KEYCTL_WATCH_KEY(0x20, r1, r2, 0xc)
unshare(0x28000600)
pipe2$watch_queue(&(0x7f0000000080)={0xffffffffffffffff, <r3=>0xffffffffffffffff}, 0x80)
keyctl$KEYCTL_WATCH_KEY(0x20, r1, r3, 0xffffffffffffffff)
socket$nl_netfilter(0x10, 0x3, 0xc)
munmap(&(0x7f0000002000/0x4000)=nil, 0x4000)
r4 = syz_open_dev$sg(&(0x7f00000004c0), 0x0, 0x20c02)
writev(r4, &(0x7f0000000000)=[{&(0x7f0000000040)="aefdda9d240303005a90f57f07703aeff0f64eb9ee07962c220a2e11b44e65d76641cb010852f426072a", 0x2a}], 0x1)
read(r4, &(0x7f0000001400)=""/4076, 0xfec)
connect$pppl2tp(0xffffffffffffffff, &(0x7f0000000040)=@pppol2tp={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x0, @multicast2}, 0x2}}, 0x26)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
r6 = socket$nl_rdma(0x10, 0x3, 0x14)
sendmsg$RDMA_NLDEV_CMD_SYS_SET(r6, &(0x7f0000000280)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x800000}, 0xc, &(0x7f0000000240)={&(0x7f0000000200)=ANY=[@ANYBLOB="180000000714000229bd7000fddbdf25fdffec8100000000"], 0x18}}, 0x20000000)
syz_open_dev$vbi(&(0x7f00000002c0), 0x0, 0x2)
r7 = syz_genetlink_get_family_id$l2tp(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$L2TP_CMD_TUNNEL_GET(r5, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000080)={0x14, r7, 0x325, 0x0, 0x0, {0x8}}, 0x14}}, 0x0)

11.376863637s ago: executing program 0 (id=1336):
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
mkdir(&(0x7f00000000c0)='./file1\x00', 0x154)
mount(0x0, &(0x7f0000000240)='./file1\x00', &(0x7f0000000000)='tmpfs\x00', 0x0, &(0x7f0000000300)='usrquota')
chdir(&(0x7f0000000140)='./file1\x00')
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='net_prio.prioidx\x00', 0x275a, 0x0)
quotactl_fd$Q_SETQUOTA(r1, 0xffffffff80000800, 0x0, &(0x7f0000000280)={0x8, 0x3, 0x8000000000000000, 0x2, 0x9, 0xfffffffffffffffb, 0x0, 0x0, 0x982d})
r2 = open(&(0x7f0000000180)='./bus\x00', 0x14927e, 0x0)
fallocate(r2, 0x0, 0x0, 0x1001f0)
open(&(0x7f0000000180)='./bus\x00', 0x14927e, 0x0)
setsockopt$IPT_SO_SET_REPLACE(r0, 0x4000000000000, 0x40, &(0x7f0000000400)=@raw={'raw\x00', 0x41, 0x3, 0x208, 0x0, 0x19, 0x0, 0x0, 0x0, 0x170, 0x1f0, 0x1f0, 0x170, 0x1f0, 0x3, 0x0, {[{{@uncond, 0x0, 0xb8, 0xd8, 0x0, {0x0, 0xffffffffa0028000}, [@common=@socket0={{0x20}}, @common=@inet=@tos={{0x28}, {0x2, 0x6}}]}, @unspec=@TRACE={0x20}}, {{@ip={@empty, @empty, 0x0, 0xffffff00, 'veth0_vlan\x00', 'netpci0\x00', {}, {}, 0x0, 0x1, 0x20}, 0x0, 0x70, 0x98}, @common=@unspec=@NFQUEUE3={0x28, 'NFQUEUE\x00', 0x3, {0x9, 0x7fff, 0x2}}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28, '\x00', 0x4}}}}, 0x268)

11.375933998s ago: executing program 4 (id=1337):
r0 = syz_io_uring_setup(0xbc6, &(0x7f0000001480)={0x0, 0x1061, 0x80, 0x3, 0x1ab}, &(0x7f0000000040)=<r1=>0x0, &(0x7f00000000c0)=<r2=>0x0)
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000300)=@bpf_lsm={0x12, 0x5, &(0x7f0000000080)=ANY=[@ANYBLOB="b60a0000000000006b113a0000000000180000000000000000000000000000009500000020004f8dc83c7b1ccbcb9711a24c5b59f8bcfbcdf3a81bfc266f20"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0xf, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80)
syz_io_uring_submit(r1, r2, &(0x7f0000000300)=@IORING_OP_WRITEV={0x2, 0x0, 0x0, @fd_index=0x2, 0xa3d8, &(0x7f00000005c0)=[{&(0x7f0000000240)=']', 0x1}], 0x1, 0x8, 0x1, {0x1}})
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
fsopen(&(0x7f0000000080)='sysfs\x00', 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
r5 = dup(r4)
ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f0000000840)={0x1fe, 0x2, 0x2000, 0x1000, &(0x7f0000003000/0x1000)=nil})
r6 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r6, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000040)=[@text64={0x40, 0x0}], 0x1, 0x11, 0x0, 0x0)
syz_kvm_setup_cpu$x86(r5, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000200)=[@text16={0x10, &(0x7f0000000100)="f30f6ffebaf80c66b89a16a28766efbafc0cb82300eff6dcba4300ec0f01df660f3880159a0000d6000f974c3964668921ba610066ed", 0x36}], 0x1, 0x60, 0x0, 0x0)
ioctl$KVM_RUN(r6, 0xae80, 0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
io_uring_enter(r0, 0x47f8, 0x0, 0x0, 0x0, 0x0)
r7 = openat$sw_sync_info(0xffffffffffffff9c, &(0x7f00000001c0), 0x2000, 0x0)
read$FUSE(0xffffffffffffffff, &(0x7f0000001500)={0x2020, 0x0, <r8=>0x0, 0x0, 0x0, <r9=>0x0}, 0x2020)
sendmsg$inet(r7, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000500)=[{&(0x7f0000003540)="50c0c455eb54b4c2d0a0782b19d731f6ac182ca4ff675ae70d551db9f60b5d7bfdfa1eefea06ee912643b86efeb0426f3cb3f637dedf7fa58438a584ea1f789c6f829b47a60476ef7dac371a207e2d3bd15ebfaaa8f1762289b56ce73e93afbdb90384f4fb0208d4bb4f63bd67d48a8492f0b42e6660e6b10b5e5c08c37deb6e47d07094c1498887aba7a5b8e74162be86180957dd9eff014ec2d54ef545961dcc5ac95ef83eca254cfa13de809e7008587d5b7a5417c39cd0ec372d91c321d12d397947cdd1bc7c8dd52cfd96a88cc20330b29336ae50e9610575080f9b0c14201e05335fd8cfbbec20708dab39fd1e3c6a15729d4d4f7befd478700cb4405c694d9f4f6ca0ef241f364957cc45a3efca42e4dd0de2be4ab57a8ee611a567617b6b15ac956bf310c0ae769cf40bb77997cef2c0c9b3f159a0416271617d74fd383d843925bbc5d00a593a6e3d44f3564b93f1b633cc9a7b89dba4133fa455d9779ff8a74808875ee2c14ba14bc77bbf791654562dca7d8723bb1aaa32e88e6d03979ae998957028e3cb46a7e0fff0cdc01bd1e16ec86ce20e2d11f99ecb555fc5cb9aacd120ee3f5633fcbda1000371355901cfae7828b64fe709b2bd7ba23b151635c21a73ee5bcc9bae6f8d8fc1a31e1665a38f3a288599a918f3802b5937e2e26fa187f5a37475932086115d820ee60883be30ca71c815adc2ae0e23b533dde1606b1ce114f22b9552c2b3e0244f0db2153bc31842d1fad4362cb144eff7a4fa1e9516b1c8b96d74319a5a452cbb074ef6513182af10f246ed6c0899c472645dc08963455ea2bb73671b75497e050bfb24004a9a2f2fa435585c099a5744170fe9dd0be78e6a1b0206beea719b01f1a443f70ea3f094b4ff7b41aca94278ba97063e5d1b5ba4cadc2a195a7557cb20f9ce78c9173af561895031c6589b5f4f5c6378e5e5b8e98f45473277cc0727bd8575439e474278f4c21b3b5051bebc75b94efcd2b74de406b2a4718647ff342cca449c230124f9b928a371ec79fd09748eab26ec18c2d42c3e61ff35e2eae04fec3a4d4086f7f1364be215cca87a4f69af667bfdfaf0bdc3288b424c7e2c0db0385cb583e07de4de62c2e486d4b1518886f9e20c7f94d0a626d1ccd53e06f228578e5443679a29bee37d403566594dda0d82562a003e9b3163d398a506b700dd79d05dd7b2c14e7733e374d0b6a6e752ab4b90a039be4e66ed8c25a1ad8a2186fbedf6c0c93244e4aae8186452d2166d0750d86302b4b0422b9b6f4d6423da47ad58cff14e75fbe52d4e8b96ce739009a533f4348ee8444e9cf88e75baafe6f3411296447f6042c4335887d6cda57ec6b52cbe4c25a624393f646602cc1037d3c9107bc6503e70a0205cd75915b403cbc6b4dd31932908c5ffcf8471dc46bd2446701aef58fad0013e3800cb8b41b0abea990b6d2ec64d2533098416cf19b0a96a7f15f425b03fa5ccda49beefba4124e5fa7628713b49808dd150734878cf67ed29891d35042d79bf1a51f82e75e9d598f8164ae7db10bcdf698f9eb87540555dcbb2209bc95348f311e1bb5a3994e23de5ed3eeca5ece3c9f69655f405b39a68e60ea8e30bb8229c1a3e6a91a52e1ca49103a78883a0b81544435e910eda656458815b1312a6f62f97a40811d687380737bb1550f1316f4d48c3d514d37e8c2da57e8f64be8c79a7f80128ccfec6f6dc1e1d7ed2e97c44caf243f872ce96220aad3a623cba5b24b481110f4544cbcfd9086d9721f5094cca3ab74cb1e0d5fc9a3f7df56b888b91163196dc0d3c961988be55ffa74189164970b0ccd2b3ff35212e3753afa7ba10406e5ad5d48c8f6af76652cc410ab6f2493d6190be23e60b69821d774d6bf57224ffbec97051ed5e121416a1df0a316bdbbf5034e30ec5d510e5389d42d8115c9ff536371907def0bcd9c8ac10598d7bd4365e60e767e9cd3ef369cdbcd1844fa5ad7d6b06468d3a934af38d3cb3b2dff469ef7d7084ce85abf9d56b42b1428335557aa9b8dee8e7e7ba838299ae440ac9c83caac012b30108640e6ed69e686552c219797bfc2629d7be46b74eb3257a06cd9aafb2ee85c2e4d3dee7b016ce262de35695cb883c9d73e2113c16ecfc86c024ce75321f8b7828a8f9bc0d1dda369a56d086bf41e97a308f740bddb0d72789a4a6518cf430d72c1e02d55fe906bd6fd1477d71517ab461e07b5dfad3e0fa75a67126e60c60587a732da30bb2abd74f21977645c1efadbf46b3b1a15530f541a8709b0f2e7633ce2c046e9caf0c6fa4db8adb7593bab06e1c52676390fe4565230b0551c9b04870d1ceee5d50fe5a561df44d1a298ccfc7b51bdb0905511120f620c5e3d6ad7b641d6729926a2d71fa45611ef25a5a667ec144bc46536e21edc5f4321ef83445b39adb1f4cedf7381bab8396e454f4f1e7f6a3fb13c382325be8170e7f2f968e10e56729c307d6c19445372b54e10b2953e87a666a51cfe36b7041e7a3a5eea0f6f53e244fbde32c1d642de04cba5793afe3be4aad3e8c277f5e2ce5593ecd1720ae1ed8ca692a7f208bcd734f52eb0cf6499dd4bfdc2ed1b0b2c9b94c077484629c42b71755f7957b86b6b66ab1db3960e80b4f9814ff7511066e48571abd8aed3c3c1f392de74726d8857ed7a647fef1242cabb026c655e054a75d8f74c9dcdea670010e1da13eb3bff8df92e034a8afc39e0ff913424898b7aeb2700134f551e52d6846fe777510debf9116d034c08f7bbf4633c4d608304a7a442cb8306a4bb65e879558b00d1723fc0d3afce8f11f7c46eb78d969cc6e790c6bfecd2133e450c35fcc981227dfd8541d540d6a2ad90473a3dd75e7ca2b84c2a8b02267b6232953bd18acd40439e61af9c68b8dd55a7978d7d393c7acf45a0fedf200bb60f7be5294e816a3dfe999d8a7e18067a4d566666d8cefe4314cba3b8061d515cfdfd4304eeb8d035cb40748954288a5e86773d959a414dcb7b949fce9d5f62904e25aa4196c734b9acce28c2d894194ee19614819d0105570ebcc291172077e741df4fa8b95b7e4352727d219ae09292bbc59036ad5ef1716e525e5deecf239af1cdc66a9c2a4eb916a2f2ef37360aff43c0496cfbe77f3b91e8179cfbf8c0403ed93e95cf63f337ae3bb26efd8e7689f869e1ec117939d153022294ed7eb4559c3ed6ba33c7734bfea63c627948a9ce9e8002bcd641da9321e009e37f40288cf47412d060e0ae6e1108ca3b5030a89e57768e5991186cec1ca2d1838f2fad140703699c4c4cacce35878f0f342e7f2a3569ab966586b48ffc801a757d7780f788a3c8f297462b0787684e690626dff69b75a3b9b9fba706eccf6eeeb3b30299bdda59828178741f91ce72a48a32d8ad9e7a0a45257f99acaf8f8c7e66b5758b59c383a1283fa8f75fcb94079635d1474bdbac9b968c48894e7f1e01e20238d8cc7ff111ac0cc84939d9bdb5090c82c9a97282bffbdc11afd98d877850d31ea9c317824d0fca5be1a92a3ff5175078bf628193f9a82bc9513ce8b19b564a2c34745f79f2cdfb8d151d52902bc2e0b94f41c61fd64b77ec0cc7798153728c980eecf156972cbdc93ba11dd92b40829c3184a078861cae412172b8ad1cf6d3374d49cd6ef7bf2c194e5e5c63a5235daecf1bcb621119e2d963a5c64e3efc1641ad7f31af985fe6a9228d81c1ffb6441a2e97cfee06d9f5b2cdcfd392c96b3c92322920a18544773bfa954e7efb577c8068415557d6bbcdf3435532cd41c495f8d82983a358d69fbd98463d0a0a967d3fb2e1b03a5c601672bdc303739a24e792df449ee08b4476b203d9b308623a7c60bf5ffa059b62e9c843edd9984b147bacc0ef43c419872085be7df250601c7a21f04fe7a91f4e15116aae6bcb47259f37ba8ea22a5d55167f1bc3ba0a4c8be8ecd80a14961741cf6ceb776bb07eeae68bab0d0820abf09a2102afba68c8998d8bdbcf366e527e9bf95b13c8bad52410c2cb0ac33637ea0fd5ef6d3517aaab7d6d2fb72ba97060e90d6c4070e14113e7b34afde285a5d89d2ed809d238b787a5e4e02d71fe75ea3a79db129765313fded10ea2aaa04ee77863c3d68a0ef30a03cae9b8a78a429da153589d76d20e1b0490876baae19413588c28dae442016033b02e31c51a08df8b2faa1850b287721774c866bab2d1a29b2e0a26017c89b0f4de2e44e8589a76fb8d9ed338a1cc153d061e99a98c9713e7096a12507e228dfd193b4af998e99920dd354e0a60c72581f58bc3c398c15ef70c71263273518cf6d683962b3dc0d99d9fbd9ad1bbfc5eb4c1a947fb3642241a08a6c53520b98b6db0251d9fc82c881249fa903732b9aba8275ef351737e1cca7d928543bdd2359cc0254caebcee53a35112d81ec06de4c7a1d18f212e776bfe0e1aced0aca431cd26f5010dc8d12dc4a9e6519b35ab441fa4c1d184091b33a3662af8ebc2b5c3cc0055af2b20bced3899d68c73a705c6315114b717af396ea6efa1a5011c056bc9c3bc52ddcc0b76fccc31ff29234e27a1d12f6fe16d79ef88bdad2bda4068db8c460c9844b18cc76558fdddc8dad7b65327074ef67d9d11b2e622ed4234094895954773e1703855173a5eacef9232b876c532ceee427f8946b923725804f7345544d74bfe2ff8e7c1b4df84a9dc98491fc61b1286a682378b916970a333e668bf6411a35d96993bfc6df6705d704535283e9f78e1a94f4d1dd0b7fce0975f23cda877369c60c1833e252c0e409ad3617d575ed7670c11f4d2cf14cce26b4c56c19fabe615487036d8e985867f5f979abd78240d31b9c96b4ed759a0ba53cf38dffb73f84fe677a73d0e79e3a3c0e6d696971b18e5531accc318071b941e527333610840608800227c13302296522fed1f04b1aee87394a8a5d4d60427e0aae40c820ea15e5757b46953c044911b8037ac9af8a73883a9052b392f87dcbbd4eb714cdfbec9390b3e650b8399cf404f0de92cf0e265859380e1300542fee1027678950707d8f7220aa8e0c18424df771ea92dab91fecfd28415cbeae0f1339d8d273e1b036b212d7dc52a64a2226f59237eddfdcb2fe4aa8035668046ee800e324e63799911cb42602a531eb25db7bcd129596c4adf6dcfc89fbf5b5e81a217da37f0ed7a0537d5af948069f688deb9f1187ae7a71c576c9a4f7faebab738eb054ae295c3c55e41ebb5496780d373ff77502efec57bcdf34224cf93cda175f683a6cbd3b9d5c3b6be1dd5f015dc02031a2504f0397ed7f40e3086d210cf3a83fd040405cf67b99169428c266149d334ca98de6392ba698b0b1a944cbc0746df4c47f24a13d7f570d19ef1b5a32ee282163c85f3f75df2a7a22e16b094b5c4bc18c1958fcebe610c905d133f3e663d08b457a7f4e87552e6aac8561cabd49dab0354b5b5f0438b8737ed0399a3bbd8e9e0b43e7d1170f832d063e817b6d62ba7feb8b651ef4b5849b1ca84036fe921487507812267eb815489295dd566c754fc122600956a6ad855817d6f34053b19fb37a053137420876f61410e010d2a7f4769653a1e453db583690835f00c3b0c6e0333ea5b777d14ab5fbc6d36582822a7cd1fd7658b363d41316740ddd45874e773daf5934ab5f7c8898d32a2d2712868d4b9d0fb0571ef1edcf7b61d517056d54175381137892124e0309c2cd0b5090c04c60cc6b3793210b8199477f08cee2d75e3531b2f66e2b243f9a61d59b18155b57744d6547f6e2523c56e3946e6e5a1cb2d733468424319a2752327671f11211546665", 0x1000}, {&(0x7f00000003c0)="d07400e889abdb754d5479e5d5cee83fc80b2611c8b766f90b45b2d93ed465a8c36a7ebe781d7072529812bb9a8b774eee93af1dfd70250eba7c11a1e890b5f0d9bfd79ead1fa464e63a53fd192943a3d6c6b5d58502538c8972265bb668e955e05349bb5a0336c8392b64762f54e39e845b8cf887cee8c393ebc76ad836d42bf74c5b2db2f940fd503c1168c1234e8f5f5e0e0c2af5f76705f2f64c87fa8829b975d19f7292bb13b19714fa178176cee896e5c9660d48a5b5c20240afbd695cb1cda39a81d0044b4806c33b4d242717c743587ad6229767361c431b71cf0f31da0c029e9cbe96bc4ab8aca678e453c736c55baa77f08816ad2a5df234", 0xfd}, {&(0x7f0000000280)="3bc5c3e9b94714a43ebb9e3b9f903bccad821e45b44a20496a11d49d8612", 0x1e}], 0x3, &(0x7f0000000800)=[@ip_tos_u8={{0x11, 0x0, 0x1, 0x1}}, @ip_tos_int={{0x14, 0x0, 0x1, 0xd}}], 0x30}, 0x0)
write$FUSE_INIT(r7, &(0x7f0000000340)={0x50, 0x0, r8, {0x7, 0x2b, 0x3, 0x8, 0x2, 0x5, 0x36, 0x3, 0x0, 0x0, 0x4, 0xfff}}, 0x50)
r10 = ioctl$KVM_CREATE_VM(r7, 0xae01, 0x0)
ioctl$KVM_CAP_HYPERV_TLBFLUSH(r10, 0x4068aea3, &(0x7f0000000780))
r11 = syz_open_procfs(r9, &(0x7f0000000580)='fdinfo\x00')
r12 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0xa0000, 0x0)
r13 = ioctl$KVM_CREATE_VM(r12, 0xae01, 0x0)
r14 = ioctl$KVM_CREATE_VCPU(r13, 0xae41, 0x0)
sendmsg$netlink(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000100), 0x0, 0x0, 0x0, 0x400048c0}, 0x0)
ioctl$KVM_SET_MSRS(r14, 0x4018aee1, &(0x7f0000000040)=ANY=[])
syz_usb_connect(0x0, 0x5a, &(0x7f00000000c0)=ANY=[@ANYBLOB, @ANYRESHEX=0x0, @ANYRES8=r11], 0x0)
r15 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000100)={0x18, 0xb, &(0x7f0000000640)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020000000000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f00000004c0)='GPL\x00', 0x5, 0x0, 0x0, 0x41100, 0x20, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xb, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000002c0)='contention_begin\x00', r15, 0x0, 0xd}, 0x18)
socket$kcm(0x2b, 0x1, 0x0)

11.009872928s ago: executing program 0 (id=1339):
r0 = syz_usb_connect(0x6, 0x2d, &(0x7f0000000000)=ANY=[], 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io$printer(r0, 0x0, 0x0)
r1 = socket(0x2a, 0x2, 0x0)
getsockname$packet(r1, &(0x7f0000000200)={0x11, 0x0, <r2=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000040)=0x14)
syz_memcpy_off$IO_URING_METADATA_GENERIC(0x0, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000380)=@IORING_OP_PROVIDE_BUFFERS={0x1f, 0x0, 0x0, 0x7, 0x0, 0x0, 0x200, 0x0, 0x1})
io_uring_enter(0xffffffffffffffff, 0x47fa, 0x0, 0x0, 0x0, 0x0)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000001c0)={<r3=>0xffffffffffffffff})
syz_io_uring_submit(0x0, 0x0, &(0x7f00000001c0)=@IORING_OP_RECVMSG={0xa, 0x20, 0x2, r3, 0x0, &(0x7f00000002c0)={0x0, 0x0, 0x0}, 0x0, 0x0, 0x1})
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000380)=@newqdisc={0x24, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, {}, {0xffff, 0xffff}}}, 0x24}}, 0x0)
r4 = socket$unix(0x1, 0x1, 0x0)
bind$unix(r4, &(0x7f0000000180)=@file={0x1}, 0x6e)
listen(r4, 0x0)
r5 = socket$unix(0x1, 0x1, 0x0)
connect$unix(r5, &(0x7f0000000080)=@file={0x1}, 0x6e)
mprotect(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x9)
accept4(r4, &(0x7f0000000100)=@nfc, &(0x7f0000000000)=0x80, 0x80000)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000005840)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000001240)=@newqdisc={0x24, 0x24, 0x5820a61ca228651, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, {0x0, 0x2}, {0xffff, 0xffff}}}, 0x24}}, 0x0)
r6 = socket$can_j1939(0x1d, 0x2, 0x7)
bind$can_j1939(r6, &(0x7f0000000000)={0x1d, r2, 0x1, {0x0, 0x1}, 0xff}, 0x18)
syz_usb_control_io(r0, 0x0, 0x0)
r7 = syz_open_dev$I2C(&(0x7f0000000080), 0x200001, 0x40)
ioctl$I2C_RDWR(r7, 0x707, &(0x7f0000000100)={&(0x7f00000000c0)=[{0x94, 0x6a00, 0x2, &(0x7f0000000040)="86ab"}], 0x1})

10.157612247s ago: executing program 1 (id=1340):
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100))
r0 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000500), 0xffffffffffffffff)
socket$nl_generic(0x10, 0x3, 0x10)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x3)
sched_setaffinity(0x0, 0xffffffffffffff5b, &(0x7f00000002c0)=0x400000bce)
r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8)
r4 = syz_genetlink_get_family_id$devlink(&(0x7f0000000100), 0xffffffffffffffff)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$DEVLINK_CMD_TRAP_GROUP_SET(r5, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000280)={0x4c, r4, 0x1, 0x0, 0x0, {0x3d}, [{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0xffffffffffffffc8, 0x82}, {0x5, 0x87}}]}, 0x4c}}, 0x0)
setsockopt$ARPT_SO_SET_REPLACE(0xffffffffffffffff, 0x0, 0x60, &(0x7f0000000440)={'filter\x00', 0x4, 0x4, 0x3c8, 0xe8, 0x0, 0x0, 0x2e0, 0x2e0, 0x2e0, 0x4, 0x0, {[{{@uncond, 0xc0, 0xe8}, @unspec=@STANDARD={0x28, '\x00', 0x0, 0x1d0}}, {{@arp={@multicast2, @initdev={0xac, 0x1e, 0x0, 0x0}, 0xff000000, 0xff, 0xd, 0x5, {@empty, {[0xff, 0x0, 0xff]}}, {@empty, {[0xff, 0x0, 0x0, 0x0, 0x0, 0xff]}}, 0x6, 0x8a2d, 0x1000, 0x100, 0xa, 0xc, 'sit0\x00', 'team0\x00', {0xff}, {}, 0x0, 0x290}, 0xc0, 0xe8}, @unspec=@NFQUEUE1={0x28, 'NFQUEUE\x00', 0x1, {0x0, 0xff03}}}, {{@arp={@multicast2, @multicast1, 0x0, 0x0, 0x0, 0x0, {}, {@mac=@link_local}, 0x0, 0x40, 0x0, 0x0, 0x0, 0x0, 'xfrm0\x00', 'pim6reg\x00'}, 0xc0, 0x110}, @mangle={0x50, 'mangle\x00', 0x0, {@mac=@local, @empty, @initdev={0xac, 0x1e, 0x0, 0x0}, @broadcast, 0x1}}}], {{'\x00', 0xc0, 0xe8}, {0x28}}}}, 0x418)
connect$inet6(0xffffffffffffffff, &(0x7f0000000140)={0xa, 0x0, 0x0, @remote, 0x1}, 0x1c)
openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000080), 0x140, 0x0)
r6 = socket(0x2, 0x80805, 0x0)
getsockopt$inet_sctp_SCTP_MAX_BURST(r6, 0x84, 0xc, &(0x7f0000000040)=@assoc_value={<r7=>0x0}, &(0x7f0000000000)=0x8)
setsockopt$inet_sctp6_SCTP_RTOINFO(r6, 0x84, 0x0, &(0x7f0000000100)={r7, 0x1000000, 0x5, 0x3}, 0x10)
sendmsg(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000100), 0x0, 0x0, 0x0, 0x2c}, 0x44004)
r8 = semget$private(0x0, 0x207, 0x0)
semctl$SETALL(r8, 0x0, 0x11, &(0x7f0000000180))
r9 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000040)='/sys/power/pm_print_times', 0x0, 0x0)
lseek(r9, 0x5, 0x3)
setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x8, &(0x7f0000000000), 0x4)
sendmsg$NL80211_CMD_SET_INTERFACE(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000880)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="000423bd7000fbdbdf250600000008000300", @ANYRES32=0x0, @ANYBLOB="08000500060000002386a56b4405e8e5c6285f188b75908994ae2691e32ce39c2609a7a7569c237e6e6a093a19f0f253bac3529a6a2bc51b6ec7ee5b87561487794500419eb153cb82a3a06512dc80eb39625f3c7fe75e0c9578ffc03c38aac8af79210000000000000000000000be595e5605a3b85ff0fd1a4e67e213725827f167eda4e7df83afcf240a7ce64c541972"], 0x24}, 0x1, 0x0, 0x0, 0x40048}, 0x48c0)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000300)={'wlan0\x00'})

9.471728388s ago: executing program 0 (id=1342):
mkdir(0x0, 0x0)
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x0, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9d, 0x11e41e7a, 0x5, 0x0, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x804}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socket$igmp6(0xa, 0x3, 0x2)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
dup(r3)
r4 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r4, 0x84, 0x9, &(0x7f0000000140)={0x0, @in={{0x2, 0x0, @empty}}, 0x0, 0x0, 0x3f8, 0x0, 0x32}, 0x9c)
unlink(0x0)
bind$inet6(r4, &(0x7f00004b8fe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c)
sendto$inet6(r4, &(0x7f0000847fff)='X', 0xfee4, 0x0, &(0x7f000005ffe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c)
socket$inet_udplite(0x2, 0x2, 0x88)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.net/syz0\x00', 0x1ff)
r5 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
madvise(&(0x7f0000bdc000/0x4000)=nil, 0x86ac726dff2f4713, 0xa)
syz_clone3(&(0x7f00000003c0)={0x385200080, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0, 0x0, {r5}}, 0x58)
mount$tmpfs(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000400), 0x0, &(0x7f0000000180)=ANY=[@ANYBLOB='huge=always,mpol=interleave'])

9.397921173s ago: executing program 1 (id=1343):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000280)=0x8)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000180)=0x7)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, 0x0}], 0x1, 0xe8, 0x0, 0x0)
ioctl$KVM_RUN(r3, 0xae80, 0x0)
ioctl$KVM_SET_GUEST_DEBUG(r3, 0x4048ae9b, &(0x7f0000019180)={0x1b0001, 0x0, [0x10000007, 0x400000000000000c, 0xd, 0xff, 0xfffffffffffffefd, 0x0, 0xc, 0x5]})
ioctl$KVM_RUN(r3, 0xae80, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x0, 0x0, &(0x7f00000001c0)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
connect$unix(r4, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
syz_open_procfs(0x0, 0x0)
socket(0x1, 0x803, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000002c0)=ANY=[@ANYBLOB="480000001000010400"/20, @ANYRES32=r2, @ANYBLOB="000000000000000028001280090001007665746800000000180002801400010000000000", @ANYRES32=0x0, @ANYBLOB="0000000000a68f953e311d9083c35266a4ef51000000"], 0x48}}, 0x1)
r6 = open(&(0x7f00000000c0)='.\x00', 0x0, 0x0)
getdents(r6, 0x0, 0x0)
bpf$MAP_CREATE(0x0, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, 0x0, &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x100}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)

8.220262691s ago: executing program 1 (id=1344):
socket$nl_generic(0x10, 0x3, 0x10)
capset(0x0, &(0x7f0000000140))
r0 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r1 = dup(r0)
write$6lowpan_enable(r1, &(0x7f0000000000)='0', 0xfffffd2c)
syz_io_uring_setup(0x1ad7, &(0x7f0000000400)={0x0, 0x400f691, 0x10100, 0x0, 0x2b4}, &(0x7f0000000180)=<r2=>0x0, &(0x7f00000001c0)=<r3=>0x0)
syz_io_uring_submit(r2, r3, &(0x7f0000000040)=@IORING_OP_SPLICE={0x1e, 0x27, 0x0, @fd_index=0x5, 0x8, {}, 0x5, 0x4})
socket$alg(0x26, 0x5, 0x0)
r4 = dup(0xffffffffffffffff)
r5 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000380), 0x80042, 0x0)
ioctl$TIOCSETD(r5, 0x5423, &(0x7f0000000080)=0xe)
bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r6 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000040), 0x1a01, 0x0)
ioctl$EVIOCGPROP(r6, 0x40047438, &(0x7f0000000180)=""/246)
r7 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0)
connect$bt_l2cap(r7, &(0x7f0000000080)={0x1f, 0x0, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}, 0x7ff}, 0xe)
r8 = syz_init_net_socket$bt_hidp(0x1f, 0x3, 0x6)
ioctl$sock_bt_hidp_HIDPCONNADD(r8, 0x400448c8, &(0x7f0000000480)={r7, r7, 0x8, 0x0, 0x0, 0x86, 0x4a, 0x15c2, 0x5886, 0x801, 0x0, 0x8, 'syz1\x00'})
ioctl$TIOCVHANGUP(r5, 0x5437, 0x0)
ioctl$sock_bt_hidp_HIDPCONNDEL(r8, 0x400448c9, &(0x7f0000000100)={@fixed={'\xaa\xaa\xaa\xaa\xaa', 0xe}})
ioctl$PPPIOCGIDLE32(r6, 0x8008743f, 0x0)
write$RDMA_USER_CM_CMD_BIND(r4, 0x0, 0x0)
r9 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r9, 0x6, 0x13, &(0x7f0000000040)=0x100000001, 0x76dc)
connect$inet6(r9, 0x0, 0x0)
recvfrom$inet6(r9, &(0x7f0000000080)=""/121, 0x79, 0x40010122, 0x0, 0x0)
ioctl$USBDEVFS_SETINTERFACE(0xffffffffffffffff, 0x80085504, 0x0)

8.119027781s ago: executing program 4 (id=1345):
io_setup(0x8, &(0x7f0000000600)=<r0=>0x0)
r1 = openat$qrtrtun(0xffffffffffffff9c, &(0x7f0000002740), 0x101002)
io_submit(r0, 0x1, &(0x7f0000000080)=[&(0x7f0000000140)={0x0, 0x4, 0x0, 0x1, 0x0, r1, &(0x7f00000000c0)="01", 0x400000}])
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r2, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000000)=@ipmr_newroute={0x54, 0x18, 0x200, 0x70bd28, 0x25dfdbfd, {0x80, 0x80, 0x20, 0x0, 0xfc, 0x0, 0xfe, 0x8, 0x1900}, [@RTA_SPORT={0x6, 0x1c, 0x4e22}, @RTA_ENCAP_TYPE={0x6, 0x15, 0x6}, @RTA_DPORT={0x6, 0x1d, 0x4e23}, @RTA_IP_PROTO={0x5, 0x1b, 0x6}, @RTA_FLOW={0x8, 0xb, 0xe}, @RTA_TABLE={0x8, 0xf, 0x9}, @RTA_DST={0x8, 0x1, @remote}]}, 0x54}}, 0x0)

8.036581584s ago: executing program 2 (id=1346):
bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x0, 0x10, &(0x7f0000000580)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb702000008"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
pipe2$9p(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff017f000e0800395032303030"], 0x15)
r2 = dup(r1)
open(&(0x7f0000000100)='./file0\x00', 0x440, 0x0)
write$FUSE_BMAP(r2, &(0x7f0000000000)={0x18, 0x0, 0x0, {0x3b9}}, 0x18)
write$FUSE_DIRENTPLUS(r2, &(0x7f00000003c0)=ANY=[@ANYBLOB="b0"], 0xb0)
write$FUSE_GETXATTR(r2, &(0x7f00000000c0)={0x18}, 0x18)
write$FUSE_DIRENTPLUS(r2, &(0x7f00000005c0)=ANY=[@ANYBLOB], 0xb8)
mount$9p_fd(0x0, &(0x7f0000000400)='./file0\x00', &(0x7f0000000080), 0x1010412, &(0x7f0000000700)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r2}, 0x2c, {[{@cache_fscache}]}})
r3 = openat(0xffffffffffffff9c, &(0x7f000000c380)='./file0\x00', 0x20842, 0x22)
writev(r3, &(0x7f0000000000)=[{&(0x7f00000006c0)='\t', 0x2003f}], 0x1)

7.574526408s ago: executing program 3 (id=1347):
socket$nl_netfilter(0x10, 0x3, 0xc)
syz_open_dev$usbfs(0x0, 0x800, 0x101100)
socket$nl_route(0x10, 0x3, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f00000000c0)=0xfffffffffffffffe)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
socket$tipc(0x1e, 0x2, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
r1 = add_key(&(0x7f0000000000)='keyring\x00', &(0x7f0000000040)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffd)
pipe2$watch_queue(&(0x7f0000000180)={<r2=>0xffffffffffffffff}, 0x80)
keyctl$KEYCTL_WATCH_KEY(0x20, r1, r2, 0xc)
unshare(0x28000600)
pipe2$watch_queue(&(0x7f0000000080)={0xffffffffffffffff, <r3=>0xffffffffffffffff}, 0x80)
keyctl$KEYCTL_WATCH_KEY(0x20, r1, r3, 0xffffffffffffffff)
socket$nl_netfilter(0x10, 0x3, 0xc)
munmap(&(0x7f0000002000/0x4000)=nil, 0x4000)
r4 = syz_open_dev$sg(&(0x7f00000004c0), 0x0, 0x20c02)
writev(r4, &(0x7f0000000000)=[{&(0x7f0000000040)="aefdda9d240303005a90f57f07703aeff0f64eb9ee07962c220a2e11b44e65d76641cb010852f426072a", 0x2a}], 0x1)
read(r4, &(0x7f0000001400)=""/4076, 0xfec)
connect$pppl2tp(0xffffffffffffffff, &(0x7f0000000040)=@pppol2tp={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x0, @multicast2}, 0x2}}, 0x26)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
r6 = socket$nl_rdma(0x10, 0x3, 0x14)
sendmsg$RDMA_NLDEV_CMD_SYS_SET(r6, &(0x7f0000000280)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x800000}, 0xc, &(0x7f0000000240)={&(0x7f0000000200)=ANY=[@ANYBLOB="180000000714000229bd7000fddbdf25fdffec8100000000"], 0x18}}, 0x20000000)
syz_open_dev$vbi(&(0x7f00000002c0), 0x0, 0x2)
r7 = syz_genetlink_get_family_id$l2tp(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$L2TP_CMD_TUNNEL_GET(r5, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000080)={0x14, r7, 0x325, 0x0, 0x0, {0x8}}, 0x14}}, 0x0)

7.180507566s ago: executing program 4 (id=1348):
socket$nl_generic(0x10, 0x3, 0x10)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000013c0)={0x18, 0x3, &(0x7f0000000080)=ANY=[@ANYBLOB="1800"/22], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000040)='contention_end\x00', r0}, 0x10)
r1 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0)
connect$bt_l2cap(r1, &(0x7f0000000240)={0x1f, 0x21, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}}, 0xe)
r2 = syz_open_dev$mouse(&(0x7f0000000100), 0x3, 0x228a02)
ioctl$KVM_SET_CLOCK(r2, 0x4030ae7b, &(0x7f0000000140)={0x6, 0x8, 0x1, 0x1000, 0x7})
write$UHID_INPUT(0xffffffffffffffff, 0x0, 0x0)

7.172242728s ago: executing program 0 (id=1349):
gettid()
timer_settime(0x0, 0x1, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x3938700}}, 0x0)
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000300)='./binderfs/binder0\x00', 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20008b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x3)
sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x3, 0x0)
bind$bt_hci(0xffffffffffffffff, 0x0, 0x0)
setsockopt$netlink_NETLINK_TX_RING(0xffffffffffffffff, 0x10e, 0xc, 0x0, 0x0)
socket$kcm(0x11, 0x3, 0x0)
syz_emit_vhci(&(0x7f0000000080)=ANY=[@ANYBLOB="043e660204010100000000000016cb8ee51a65152031399491dc60689675ae6ae59aea9e08020000000000000006583586c37997080300aaaaaaaaaa101e9056acac14dd1ddeaf57f0fa1dbac1393f2220d9a42bf753d5530cf2e35b0801"], 0x69)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000001a40)=""/102392, 0x18ff8)
userfaultfd(0x801)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$team(&(0x7f0000000040), 0xffffffffffffffff)
ioctl$ifreq_SIOCGIFINDEX_team(r1, 0x8933, &(0x7f0000000040)={'team0\x00', <r3=>0x0})
r4 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000600)={0x11, 0x3, &(0x7f0000000200)=@framed, &(0x7f00000003c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='contention_end\x00', r4}, 0x10)
r5 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
sendmsg$netlink(r5, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000003e00)=[{&(0x7f0000000400)=ANY=[@ANYBLOB="140100002e0001000000000000000000010100800c0001000000000000000000140003002001000000000000000000000000000050bb2d6f67d29d6fabadb107d0def49c88ea04abde1d5e8d3d3cb854363fb22a1b5046778bdafefc46b0449ade68bf84b36ec72dd71265fc2e882348c26c2126237dd5b37f5ae655b1086cda40e00aec5875ff030000d750351dc076eb43d9621dc08c029d1608a487f26fbe8101000000010000008bb482565856555ee923deb0a99b962bc0fe94a3fcae3697bd7b85b3a682167c43dbf137115a40ebddcad74875ec58e9a3ddb9ad02a078cf0d972df9e99f079767734f69ce475f55ac64337803f5eb4e5842f4d98fe3fa370d47eb640dc5061dc35817c8a66c29be82fd000000"], 0x114}], 0x1}, 0x0)
sendmsg$TEAM_CMD_OPTIONS_GET(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000005c0)=ANY=[@ANYBLOB="a78a3cdc", @ANYRES16=r2, @ANYBLOB="230e27bd7000ffdbdf250200000008000100", @ANYRES32=r3, @ANYBLOB="04000280"], 0x20}}, 0x4080)
r6 = openat$dma_heap(0xffffffffffffff9c, &(0x7f0000000000), 0x82, 0x0)
close(r6)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000001440)={0x11, 0x0, &(0x7f0000000080), &(0x7f0000000080)='GPL\x00', 0x7, 0xfffffffffffffc2b, 0x0, 0x41100, 0x40, '\x00', r3, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x7, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000980)={&(0x7f0000000940)='rxrpc_recvmsg\x00'}, 0x10)
r7 = socket(0x21, 0x2, 0x10000000000002)
connect$rxrpc(r7, &(0x7f0000000140)=@in4={0x21, 0x1, 0x2, 0x10, {0x2, 0x4e21, @multicast2}}, 0x24)
sendmmsg(r7, &(0x7f0000000180)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="18000000000000001001000001"], 0x18, 0xe000}, 0x5}], 0x1, 0x0)
recvmmsg(r1, &(0x7f0000002d40)=[{{0x0, 0x0, 0x0}}], 0x1, 0x2161, 0x0)

7.112221364s ago: executing program 2 (id=1350):
sendmsg$netlink(0xffffffffffffffff, &(0x7f0000001e00)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f00000003c0)=ANY=[@ANYBLOB="28000f002d00030500000000000000001800008008000000000000000c000f000000000000000000f18384947b3ccc1cef77cf348c6dfda97fe82631451a90"], 0x28}], 0x1}, 0x4008000)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x6, &(0x7f0000000400)={0x1, &(0x7f0000000200)=[{0x6, 0x0, 0x0, 0x7fffffff}]})
socket$nl_generic(0x10, 0x3, 0x10)
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x3, 0x0)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x80800, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
r3 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000004002, 0x0)
dup(r3)
madvise(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x1)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, 0x0}], 0x1, 0xe8, 0x0, 0x0)
r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x275a, 0x0)
mmap(&(0x7f0000002000/0x4000)=nil, 0x4000, 0xedc623580215bdcd, 0x12, r4, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
syz_usb_connect(0x5, 0x0, 0x0, &(0x7f0000000a00)={0x0, 0x0, 0x0, 0x0})
setsockopt$inet_msfilter(0xffffffffffffffff, 0x0, 0x29, 0x0, 0x1c)
r5 = socket$nl_route(0x10, 0x3, 0x0)
r6 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000340)={'bridge0\x00', <r7=>0x0})
r8 = socket(0x10, 0x80002, 0x0)
sendmsg$nl_route(r8, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)=ANY=[@ANYBLOB="440000001300290a000000000000000007000000", @ANYRES32=r7, @ANYBLOB="00000000000000001c001a800800028008000200080000003e1200000800020010"], 0x44}}, 0x0)
sendmsg$nl_route_sched(r5, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)=@getchain={0x24, 0x11, 0x1, 0x2000000, 0x0, {0x0, 0x0, 0x0, r7, {}, {}, {0xfff3}}}, 0x24}}, 0x0)

6.592966036s ago: executing program 1 (id=1351):
r0 = openat$ipvs(0xffffffffffffff9c, &(0x7f0000000100)='/proc/sys/net/ipv4/vs/drop_packet\x00', 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x3)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x3, 0x0, 0x2, 0x0)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000006c0)={0x11, 0xb, &(0x7f0000000640)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000000850000007300000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000280)='kfree\x00', r2}, 0x18)
map_shadow_stack(&(0x7f0000bff000/0x400000)=nil, 0x400000, 0x0)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
sendmsg$NL80211_CMD_GET_SCAN(r3, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000000c0)=ANY=[], 0x1c}, 0x1, 0x0, 0x0, 0x8041}, 0x4000)
r4 = fsopen(&(0x7f0000000400)='autofs\x00', 0x0)
fsconfig$FSCONFIG_SET_STRING(r4, 0x1, &(0x7f0000000240)=',-\x10*\x00', &(0x7f0000000380)='$\x00', 0x0)
fsconfig$FSCONFIG_SET_FD(r4, 0x5, &(0x7f00000005c0)='\x00H\xeb', 0x0, r4)
close(r4)
sched_setscheduler(0x0, 0x2, 0x0)
syz_open_dev$sndpcmp(0x0, 0x0, 0xa2c65)
mknodat$loop(0xffffffffffffff9c, 0x0, 0x1000, 0x1)
socket$nl_generic(0x10, 0x3, 0x10)
r5 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r5, 0x84, 0x64, &(0x7f0000000000)=[@in6={0xa, 0x4e23, 0x401, @empty}], 0x1c)
sendto$inet6(r5, &(0x7f0000000500)="a4", 0x34000, 0x2000c851, &(0x7f0000000140)={0xa, 0x4e23, 0x0, @loopback, 0xffffffff}, 0x1c)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3, 0x8031, 0xffffffffffffffff, 0x0)
close(0x4)
gettid()
socket$inet(0x2, 0x80001, 0x84)
socket$inet_sctp(0x2, 0x1, 0x84)
socket$inet_sctp(0x2, 0x1, 0x84)

6.26305403s ago: executing program 3 (id=1352):
r0 = syz_usb_connect(0x6, 0x2d, &(0x7f0000000000)=ANY=[], 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io$printer(r0, 0x0, 0x0)
r1 = socket(0x2a, 0x2, 0x0)
getsockname$packet(r1, &(0x7f0000000200)={0x11, 0x0, <r2=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000040)=0x14)
syz_memcpy_off$IO_URING_METADATA_GENERIC(0x0, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000380)=@IORING_OP_PROVIDE_BUFFERS={0x1f, 0x0, 0x0, 0x7, 0x0, 0x0, 0x200, 0x0, 0x1})
io_uring_enter(0xffffffffffffffff, 0x47fa, 0x0, 0x0, 0x0, 0x0)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000001c0)={<r3=>0xffffffffffffffff})
syz_io_uring_submit(0x0, 0x0, &(0x7f00000001c0)=@IORING_OP_RECVMSG={0xa, 0x20, 0x2, r3, 0x0, &(0x7f00000002c0)={0x0, 0x0, 0x0}, 0x0, 0x0, 0x1})
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000380)=@newqdisc={0x24, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, {}, {0xffff, 0xffff}}}, 0x24}}, 0x0)
r4 = socket$unix(0x1, 0x1, 0x0)
bind$unix(r4, &(0x7f0000000180)=@file={0x1}, 0x6e)
listen(r4, 0x0)
r5 = socket$unix(0x1, 0x1, 0x0)
connect$unix(r5, &(0x7f0000000080)=@file={0x1}, 0x6e)
mprotect(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x9)
accept4(r4, &(0x7f0000000100)=@nfc, &(0x7f0000000000)=0x80, 0x80000)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000005840)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000001240)=@newqdisc={0x24, 0x24, 0x5820a61ca228651, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, {0x0, 0x2}, {0xffff, 0xffff}}}, 0x24}}, 0x0)
r6 = socket$can_j1939(0x1d, 0x2, 0x7)
bind$can_j1939(r6, &(0x7f0000000000)={0x1d, r2, 0x1, {0x0, 0x1}, 0xff}, 0x18)
syz_usb_control_io(r0, 0x0, 0x0)
r7 = syz_open_dev$I2C(&(0x7f0000000080), 0x200001, 0x40)
ioctl$I2C_RDWR(r7, 0x707, &(0x7f0000000100)={&(0x7f00000000c0)=[{0x94, 0x6a00, 0x2, &(0x7f0000000040)="86ab"}], 0x1})

5.991089044s ago: executing program 0 (id=1353):
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100))
r0 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000500), 0xffffffffffffffff)
socket$nl_generic(0x10, 0x3, 0x10)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x3)
sched_setaffinity(0x0, 0xffffffffffffff5b, &(0x7f00000002c0)=0x400000bce)
r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8)
r4 = syz_genetlink_get_family_id$devlink(&(0x7f0000000100), 0xffffffffffffffff)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$DEVLINK_CMD_TRAP_GROUP_SET(r5, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000280)={0x4c, r4, 0x1, 0x0, 0x0, {0x3d}, [{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0xffffffffffffffc8, 0x82}, {0x5, 0x87}}]}, 0x4c}}, 0x0)
setsockopt$ARPT_SO_SET_REPLACE(0xffffffffffffffff, 0x0, 0x60, &(0x7f0000000440)={'filter\x00', 0x4, 0x4, 0x3c8, 0xe8, 0x0, 0x0, 0x2e0, 0x2e0, 0x2e0, 0x4, 0x0, {[{{@uncond, 0xc0, 0xe8}, @unspec=@STANDARD={0x28, '\x00', 0x0, 0x1d0}}, {{@arp={@multicast2, @initdev={0xac, 0x1e, 0x0, 0x0}, 0xff000000, 0xff, 0xd, 0x5, {@empty, {[0xff, 0x0, 0xff]}}, {@empty, {[0xff, 0x0, 0x0, 0x0, 0x0, 0xff]}}, 0x6, 0x8a2d, 0x1000, 0x100, 0xa, 0xc, 'sit0\x00', 'team0\x00', {0xff}, {}, 0x0, 0x290}, 0xc0, 0xe8}, @unspec=@NFQUEUE1={0x28, 'NFQUEUE\x00', 0x1, {0x0, 0xff03}}}, {{@arp={@multicast2, @multicast1, 0x0, 0x0, 0x0, 0x0, {}, {@mac=@link_local}, 0x0, 0x40, 0x0, 0x0, 0x0, 0x0, 'xfrm0\x00', 'pim6reg\x00'}, 0xc0, 0x110}, @mangle={0x50, 'mangle\x00', 0x0, {@mac=@local, @empty, @initdev={0xac, 0x1e, 0x0, 0x0}, @broadcast, 0x1}}}], {{'\x00', 0xc0, 0xe8}, {0x28}}}}, 0x418)
connect$inet6(0xffffffffffffffff, &(0x7f0000000140)={0xa, 0x0, 0x0, @remote, 0x1}, 0x1c)
openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000080), 0x140, 0x0)
r6 = socket(0x2, 0x80805, 0x0)
getsockopt$inet_sctp_SCTP_MAX_BURST(r6, 0x84, 0xc, &(0x7f0000000040)=@assoc_value={<r7=>0x0}, &(0x7f0000000000)=0x8)
setsockopt$inet_sctp6_SCTP_RTOINFO(r6, 0x84, 0x0, &(0x7f0000000100)={r7, 0x1000000, 0x5, 0x3}, 0x10)
sendmsg(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000100), 0x0, 0x0, 0x0, 0x2c}, 0x44004)
r8 = semget$private(0x0, 0x207, 0x0)
semctl$SETALL(r8, 0x0, 0x11, &(0x7f0000000180))
r9 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000040)='/sys/power/pm_print_times', 0x0, 0x0)
lseek(r9, 0x5, 0x3)
setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x8, &(0x7f0000000000), 0x4)
sendmsg$NL80211_CMD_SET_INTERFACE(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000880)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="000423bd7000fbdbdf250600000008000300", @ANYRES32=0x0, @ANYBLOB="08000500060000002386a56b4405e8e5c6285f188b75908994ae2691e32ce39c2609a7a7569c237e6e6a093a19f0f253bac3529a6a2bc51b6ec7ee5b87561487794500419eb153cb82a3a06512dc80eb39625f3c7fe75e0c9578ffc03c38aac8af79210000000000000000000000be595e5605a3b85ff0fd1a4e67e213725827f167eda4e7df83afcf240a7ce64c541972"], 0x24}, 0x1, 0x0, 0x0, 0x40048}, 0x48c0)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000300)={'wlan0\x00'})

5.886116963s ago: executing program 4 (id=1354):
openat$smackfs_ipv6host(0xffffff9c, &(0x7f0000000040), 0x2, 0x0)
prlimit64(0x0, 0xe, 0x0, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000040)=0x8)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000000)={0x8, 0x100008b}, 0x0)
sched_setaffinity(0x0, 0x11, &(0x7f0000000180)=0x1400200bce)
sched_setscheduler(0x0, 0x1, &(0x7f0000002200)=0x1)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000002700)=""/102392, 0x18ff8)
r1 = fsopen(&(0x7f0000000280)='ceph\x00', 0x0)
fsconfig$FSCONFIG_SET_STRING(r1, 0x1, &(0x7f0000000000)='source', &(0x7f0000000040)='c:::\x00', 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r1, 0x6, 0x0, 0x0, 0x0)
syz_open_dev$vim2m(&(0x7f00000000c0), 0x9cb5, 0x2)
openat(0xffffffffffffff9c, 0x0, 0x80042, 0x1f7)
inotify_add_watch(0xffffffffffffffff, 0x0, 0x2000775)
r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r2}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r3 = getpid()
sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x7)
mount$fuse(0x0, 0x0, 0x0, 0x1000000, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
connect$unix(r4, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r6 = openat$vga_arbiter(0xffffffffffffff9c, 0x0, 0x80082, 0x0)
write$vga_arbiter(r6, &(0x7f0000000040)=ANY=[@ANYBLOB='tar'], 0x13)

4.742336889s ago: executing program 3 (id=1355):
r0 = socket$inet_udp(0x2, 0x2, 0x0)
r1 = syz_open_procfs$pagemap(0x0, &(0x7f0000001080))
mount$fuse(0x0, 0x0, 0x0, 0x0, &(0x7f0000002280)={{}, 0x2c, {'rootmode', 0x3d, 0x2000}})
madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15)
ioctl$PAGEMAP_SCAN(r1, 0xc0606610, &(0x7f00000001c0)={0x60, 0x0, &(0x7f0000001000/0x3000)=nil, &(0x7f0000ffb000/0x4000)=nil, 0x0, &(0x7f0000000000)=[{0x7, 0x0, 0x83}], 0x1, 0x1, 0x0, 0x0, 0x42, 0x5c})
setsockopt$sock_int(r0, 0x1, 0x21, 0x0, 0x0)

4.572522831s ago: executing program 0 (id=1356):
r0 = creat(&(0x7f00000002c0)='./file0\x00', 0x6)
write$tun(r0, &(0x7f0000000640)=ANY=[], 0x38)
setsockopt$IP6T_SO_SET_REPLACE(0xffffffffffffffff, 0x29, 0x40, &(0x7f0000000600)=@raw={'raw\x00', 0x9, 0x3, 0x360, 0x0, 0xffffffff, 0xffffffff, 0xf8, 0xffffffff, 0x290, 0xffffffff, 0xffffffff, 0x290, 0xffffffff, 0x3, &(0x7f0000000100), {[{{@uncond, 0x0, 0xd0, 0xf8, 0x0, {}, [@common=@inet=@dscp={{0x28}, {0x4d, 0x1}}]}, @common=@unspec=@NFQUEUE3={0x28, 'NFQUEUE\x00', 0x3, {0xff0c, 0x0, 0x2}}}, {{@ipv6={@mcast2, @private1={0xfc, 0x1, '\x00', 0x1}, [0xff000000, 0xff000000, 0x0, 0xffffff], [0xffffff00, 0xff, 0xffffffff, 0xff], 'veth1_vlan\x00', 'ip6_vti0\x00', {}, {0xff}, 0xff, 0x1e, 0x4, 0x20}, 0x0, 0x160, 0x198, 0x0, {}, [@inet=@rpfilter={{0x28}, {0xb}}, @common=@srh1={{0x90}, {0x67, 0x1, 0xf, 0x7, 0x3ff, @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, @remote, @loopback, [0x0, 0x0, 0xffffffff, 0xff000000], [0xff, 0xff, 0xffffff00, 0xff000000], [0xffffffff, 0xff000000, 0x0, 0xffffffff], 0x12a, 0x2124}}]}, @common=@inet=@SET3={0x38, 'SET\x00', 0x3, {{0x3, 0x4, 0x5}, {0x4, 0x5, 0x4}, {0x4, 0x5}, 0x6, 0xa}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x3c0) (async)
r1 = open$dir(&(0x7f0000000080)='./file0\x00', 0x0, 0x0)
mmap$xdp(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x0, 0x12, r1, 0x0) (async)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x2, 0x4, &(0x7f0000000200)=ANY=[@ANYBLOB="180000000300000000000000fe020010850000000700000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x100, 0x70, '\x00', 0x0, @fallback=0x30, 0x0, 0x0, 0x0, 0xffffffffffffff88, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) (async)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000480)={0xa, 0x3, &(0x7f00000005c0)=ANY=[@ANYBLOB="89a000fe0000000069100c000000000095"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
syz_clone(0x41805000, 0x0, 0x0, 0x0, 0x0, 0x0)
ioctl$IOCTL_VMCI_NOTIFY_RESOURCE(r0, 0x7a5, &(0x7f0000000180)={{@host, 0x23f}, 0x1, 0x1, 0xfffffff7})
r3 = socket$inet_smc(0x2b, 0x1, 0x0)
getsockopt$IP_VS_SO_GET_TIMEOUT(r3, 0x0, 0x486, &(0x7f0000000000), &(0x7f0000000040)=0xc) (async)
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f00000005c0)={r2, 0x0, 0x30, 0x1, @val=@uprobe_multi={&(0x7f0000000140)='./file0\x00', &(0x7f00000004c0)=[0x7], &(0x7f0000000500)=[0x2], 0x0, 0x1f}}, 0x3c)

4.375572407s ago: executing program 3 (id=1357):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x70bd2b, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9d, 0x11e41e7b, 0x20000000, 0x0, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x804}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, 0x0)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6)
syz_open_dev$dri(0x0, 0x1f, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000380)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r1, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bind$inet6(0xffffffffffffffff, &(0x7f0000d84000)={0xa, 0x2, 0x200008, @loopback, 0x39}, 0x1c)
r4 = socket$netlink(0x10, 0x3, 0xc)
bind$netlink(r4, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc)
setsockopt$sock_int(r4, 0x1, 0x8, &(0x7f0000000200), 0x4)
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r5, 0x0, 0x0)
sendmsg$IPCTNL_MSG_CT_DELETE(0xffffffffffffffff, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000300)={0x14, 0x2, 0x1, 0x101, 0x0, 0x0, {0x0, 0x0, 0x2}}, 0x14}, 0x1, 0x0, 0x0, 0x8094}, 0x4)
sendto$inet6(0xffffffffffffffff, 0x0, 0x0, 0x20000841, 0x0, 0x0)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r6 = openat$sysfs(0xffffff9c, &(0x7f0000000640)='/sys/power/pm_trace_dev_match', 0x20140, 0x8)
read$FUSE(r6, &(0x7f0000001b00)={0x2020}, 0x2020)

3.961418522s ago: executing program 3 (id=1358):
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl802154(&(0x7f00000003c0), 0xffffffffffffffff)
r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$netlbl_calipso(&(0x7f0000000140), r1)
sendmsg$NLBL_CALIPSO_C_ADD(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000004c0)={0x24, r2, 0x1, 0x70bd29, 0xa5dfdbfd, {}, [@NLBL_CALIPSO_A_MTYPE={0x8}, @NLBL_CALIPSO_A_DOI={0x8, 0x1, 0x2}]}, 0x24}, 0x1, 0x0, 0x0, 0x24000801}, 0x4040054)
sendmsg$NLBL_CALIPSO_C_ADD(r0, &(0x7f0000000140)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x20000}, 0xc, &(0x7f0000000100)={&(0x7f0000000340)=ANY=[@ANYBLOB="41008000", @ANYRES16=r2, @ANYBLOB="100027bd7000fddbdf2501000000080002000200000008000200020000000800010000000000080002000200000008000200020000000800010001000000080002000200000008000200020000000800020002000000"], 0x5c}, 0x1, 0x0, 0x0, 0x111}, 0x20000080)
r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
sendfile(0xffffffffffffffff, r3, &(0x7f0000000040)=0x7fffffffffffffff, 0xa)
openat$sndtimer(0xffffffffffffff9c, 0x0, 0x101040)
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x6, &(0x7f0000000280)=0x7)
r4 = getpid()
sched_setaffinity(0x0, 0x0, 0x0)
sched_setscheduler(r4, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff})
connect$unix(r5, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r6, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r4, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r5, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
mount(0x0, &(0x7f0000000080)='./bus\x00', &(0x7f0000000040)='iso9660\x00', 0x0, 0x0)
mount$overlay(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000180), 0x0, &(0x7f00000001c0)={[{@lowerdir={'lowerdir', 0x3d, './file0'}, 0x3a}], [], 0x2f})
mkdir(&(0x7f0000000040)='./file1\x00', 0x0)
mkdir(&(0x7f0000000300)='./bus\x00', 0x0)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000340)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@xino_on}, {@upperdir={'upperdir', 0x3d, './file1'}}]})
chdir(&(0x7f00000003c0)='./bus\x00')
getdents(0xffffffffffffffff, &(0x7f0000001fc0)=""/184, 0x20002078)
bpf$MAP_CREATE_RINGBUF(0x0, 0x0, 0x48)

3.902083974s ago: executing program 2 (id=1359):
mkdir(0x0, 0x0)
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x0, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9d, 0x11e41e7a, 0x5, 0x0, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x804}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socket$igmp6(0xa, 0x3, 0x2)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
dup(r3)
r4 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r4, 0x84, 0x9, &(0x7f0000000140)={0x0, @in={{0x2, 0x0, @empty}}, 0x0, 0x0, 0x3f8, 0x0, 0x32}, 0x9c)
unlink(0x0)
bind$inet6(r4, &(0x7f00004b8fe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c)
sendto$inet6(r4, &(0x7f0000847fff)='X', 0xfee4, 0x0, &(0x7f000005ffe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c)
socket$inet_udplite(0x2, 0x2, 0x88)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.net/syz0\x00', 0x1ff)
r5 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
madvise(&(0x7f0000bdc000/0x4000)=nil, 0x86ac726dff2f4713, 0xa)
syz_clone3(&(0x7f00000003c0)={0x385200080, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0, 0x0, {r5}}, 0x58)
mount$tmpfs(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000400), 0x0, &(0x7f0000000180)=ANY=[@ANYBLOB='huge=always,mpol=interleave'])

2.028156718s ago: executing program 4 (id=1360):
bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x0, 0x10, &(0x7f0000000580)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb702000008"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
pipe2$9p(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff017f000e0800395032303030"], 0x15)
r2 = dup(r1)
open(&(0x7f0000000100)='./file0\x00', 0x440, 0x0)
write$FUSE_BMAP(r2, &(0x7f0000000000)={0x18, 0x0, 0x0, {0x3b9}}, 0x18)
write$FUSE_DIRENTPLUS(r2, &(0x7f00000003c0)=ANY=[@ANYBLOB="b0"], 0xb0)
write$FUSE_GETXATTR(r2, &(0x7f00000000c0)={0x18}, 0x18)
write$FUSE_DIRENTPLUS(r2, &(0x7f00000005c0)=ANY=[@ANYBLOB="b900"], 0xb8)
mount$9p_fd(0x0, &(0x7f0000000400)='./file0\x00', &(0x7f0000000080), 0x1010412, &(0x7f0000000700)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r2}, 0x2c, {[{@cache_fscache}]}})
r3 = openat(0xffffffffffffff9c, &(0x7f000000c380)='./file0\x00', 0x20842, 0x22)
writev(r3, &(0x7f0000000000)=[{&(0x7f00000006c0)='\t', 0x2003f}], 0x1)

1.92594084s ago: executing program 2 (id=1361):
bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x0, 0x10, &(0x7f0000000580)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa40000000000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
pipe2$9p(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff017f000e0800395032303030"], 0x15)
r2 = dup(r1)
open(&(0x7f0000000100)='./file0\x00', 0x440, 0x0)
write$FUSE_BMAP(r2, &(0x7f0000000000)={0x18, 0x0, 0x0, {0x3b9}}, 0x18)
write$FUSE_DIRENTPLUS(r2, &(0x7f00000003c0)=ANY=[@ANYBLOB="b0"], 0xb0)
write$FUSE_GETXATTR(r2, &(0x7f00000000c0)={0x18}, 0x18)
write$FUSE_DIRENTPLUS(r2, &(0x7f00000005c0)=ANY=[@ANYBLOB="b9000000"], 0xb8)
mount$9p_fd(0x0, &(0x7f0000000400)='./file0\x00', &(0x7f0000000080), 0x1010412, &(0x7f0000000700)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r2}, 0x2c, {[{@cache_fscache}]}})
r3 = openat(0xffffffffffffff9c, &(0x7f000000c380)='./file0\x00', 0x20842, 0x22)
writev(r3, &(0x7f0000000000)=[{&(0x7f00000006c0)='\t', 0x2003f}], 0x1)

1.533905038s ago: executing program 2 (id=1362):
socket$nl_netfilter(0x10, 0x3, 0xc)
syz_open_dev$usbfs(0x0, 0x800, 0x101100)
socket$nl_route(0x10, 0x3, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f00000000c0)=0xfffffffffffffffe)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
socket$tipc(0x1e, 0x2, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
r1 = add_key(&(0x7f0000000000)='keyring\x00', &(0x7f0000000040)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffd)
pipe2$watch_queue(&(0x7f0000000180)={<r2=>0xffffffffffffffff}, 0x80)
keyctl$KEYCTL_WATCH_KEY(0x20, r1, r2, 0xc)
unshare(0x28000600)
pipe2$watch_queue(&(0x7f0000000080)={0xffffffffffffffff, <r3=>0xffffffffffffffff}, 0x80)
keyctl$KEYCTL_WATCH_KEY(0x20, r1, r3, 0xffffffffffffffff)
socket$nl_netfilter(0x10, 0x3, 0xc)
munmap(&(0x7f0000002000/0x4000)=nil, 0x4000)
r4 = syz_open_dev$sg(&(0x7f00000004c0), 0x0, 0x20c02)
writev(r4, &(0x7f0000000000)=[{&(0x7f0000000040)="aefdda9d240303005a90f57f07703aeff0f64eb9ee07962c220a2e11b44e65d76641cb010852f426072a", 0x2a}], 0x1)
read(r4, &(0x7f0000001400)=""/4076, 0xfec)
connect$pppl2tp(0xffffffffffffffff, &(0x7f0000000040)=@pppol2tp={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x0, @multicast2}, 0x2}}, 0x26)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
r6 = socket$nl_rdma(0x10, 0x3, 0x14)
sendmsg$RDMA_NLDEV_CMD_SYS_SET(r6, &(0x7f0000000280)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x800000}, 0xc, &(0x7f0000000240)={&(0x7f0000000200)=ANY=[@ANYBLOB="180000000714000229bd7000fddbdf25fdffec8100000000"], 0x18}}, 0x20000000)
syz_open_dev$vbi(&(0x7f00000002c0), 0x0, 0x2)
r7 = syz_genetlink_get_family_id$l2tp(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$L2TP_CMD_TUNNEL_GET(r5, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000080)={0x14, r7, 0x325, 0x0, 0x0, {0x8}}, 0x14}}, 0x0)

624.181385ms ago: executing program 3 (id=1363):
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$wireguard(&(0x7f0000000080), r1)
creat(&(0x7f0000000240)='./file0\x00', 0x0)
pipe2$9p(&(0x7f0000001900)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r4, &(0x7f0000000340)=ANY=[@ANYBLOB="1500000065ffff048000000800395032303030"], 0x15)
r5 = dup(r4)
write$FUSE_BMAP(r5, &(0x7f0000000100)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r5, &(0x7f00000000c0)={0x14c}, 0x137)
mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000040), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r5}, 0x2c, {[], [], 0x6b}})
chmod(&(0x7f0000000140)='./file0\x00', 0x0)
r6 = creat(&(0x7f0000000300)='./file0\x00', 0x0)
r7 = syz_open_dev$loop(&(0x7f0000000080), 0x47ffffa, 0x62800)
mmap(&(0x7f0000001000/0x4000)=nil, 0x4000, 0x5, 0x12, r7, 0x0)
write$UHID_INPUT(r6, &(0x7f0000000540)={0x8, {"1a17924ab218eacb15a3fccf929e2dd2497903c1f853d95b995c65e99449ff953fa11c7723b2149ecdaa7f833f60e13b19a66e963f7e8da4297ebbfdda5b36fb4d01bd02e6c652dc4d99e2cb82c2a1d4a45e4c89ba9994e82f854bbc34a40b3a58aa256c9b4512fbf91b9846446c4909e4ec53982e7d7fd11ee0bdeab0bb4c469c9665dde8cb58f0ca148223b6cc4e2f306cfbeccedec8db5212f2fc4e14f836c68bdace4db1afbde9d463e5ac24567925b5fdf0e3af1a52dbd7669fe9227302c8f635bc2ddbf5bd7dccd7b92a9bd5c7363375a57851c2bc72509f2005f138f5a59cf85e9ddb1c972c89d50806e8941b7059cd3eca77527a7f20af70841b4d6f026614bdbb276a6814cc74d91856b968c5fdb52674d892a90d01ab91841b6811def78bdac9bc6f9df2598569fbdfef75079832b2750801dc83fd1987713c61136ac9e5f2f7e67f302109bb9a7fea75290b506a89a19d7e0e472937a8c9ecfe16ef6eb88c7a88a060756196d55d6a3d3f7cdf9915d22b6b3af69ec55017b821ec0621e8a59414efc2b46977a85846b53ae75a350947afcafbdef7233cc371bc2a6f29c0315b352ac2741c81df534303ddb30a4408db5679d05d245259c245c9d7f861711cc287cfd0462b948512623b921060386c587fd166df29e71ecfc8ed90031e95b2af1406b5ae73f6084e39e88194e3d37dc801982656b5b66342d74100f9f5b8c94c1e91b626bbf426a07b4be91dbdb76a6e40d0b788f89359e462e69bc4499fd4f9aa1e7f0c3f73a996b6ecef606c7651286e1f18a6823eed7191cd542057eaaf09aa32e8ce370c09050278b85fd359b8ca23e66e9d294ec57b3ddd90409d9b1ca28c6993b244f8ca46f6bf478ff22fb1df53e33abdda4b2b1e5cff7de19957bdc8e7ca39e4762204b1f9f33b9375b7282422b91841706751038e42023ba45c1cd0998c1794c1c2a5ff65466189bbb27bcbf01e5a48bfd8b6845f7d5c87d977df4ded5273ebf56b96c50b4eadc44bfaa0994259eeb1031644415fa9d729753d2138b06f9b7b624d9eeb1ef71dfdff0b639078f058c7a070451c4670af0c6eb1202f77be82faba9b6287995066b5f7e59b7967706d8d8c5bde48137e13df537ae54664fe4e8460b1bdf5b92a1dcf39ee1726bc6690d0ac5f799bcfab918c59cb132c45054ba17b8a44d505ad3eaeee95b4275b25b2087da8902552727a1e739014df348cfa3a1102661c35a6a38df6c410f5343577955dd57de5af089e3f1bcdf96d4ef1d5944243470b0ed10616144cccc5cac44e36fefd9441120c5d047867af0ea353da21fc0ae73b78b84d53a62efeb94ea8d441cc698c92fd7b36cf41472d036c5093bbdf943620c29ffa3b21ef4a0bb9274912b046834ee6f855ceadf18fb488040d5829ab6e8bf69a90315f7f84d002ac4e929e9f1010a8486746bd316799ba3a65744980c388202324ba50768c77a8481ba74d135da7507048c82714a8234837b69922126e4084a68f7418bfd26417cade786c7f8185e2492e3b64eb9d2c2c721504c7b4aeb383503f745fd69315c56b5b0158decd1b1606a63366b7e2d2b9124b6efca4480c703c8f37d6ddff55b0ec15f2ce6be6c902d06aec2ccabeba13b442b608076c33d19e690ab66cf6678d679758d22fb5d8d963f25d00c45576f8b2938543080297b9cb6c305e3131d2f412f00370c285251909f8ebefc3d18a23e25a183997b08251450b29fff32781e6a70e6e070ab3921f3f809392deb732d6f30cc034b5f77d41218bca86d515b16da0457dbf7aaefdcef9d5358e7b4f1e5d1a410f55449e765609d122f938fd57b71482244dff0523067cabfd322fc47aca1c331112e3d969f5fe3594c3c7adea7c36e9b9af6754cdea5ccf05b139f783d4b24540c50a6a9f7dff472d47c87c151d8439b5740cd1f423335dae2680050bd44766159cba66666b7dbc9e190130494327a0d8c9dbed5c8b831ce2b2bb236353ff7175a48b61a0f3209fa3db44f07a21a485ef1682a33cdf632ac2d6ca993b6cd90913e31704bb851711e1f2b5ebb19baaba102dd42d550933e9dfc17311665fef4d0206d7debbcbbd97efafffb905bf9a77b8eeb67d5f8bef8526f6f8607672bb3c50b14e16c264265594e05fa481f724290abdc9f60a899f26033236e3b90548c24288a7b627b51c4d7c638c359ec6325b0d79e1d69cf18cd9136a263b6aa84ad062b9831fc7c201b7ccec7d3b7ea2132ee4579632bf614bcde285527c36ef8a8e12651ef34a677a8d2f84360afa2f2245e4e0d61a12e8e446045fae61375082f983363795f11848edad24b3f7ae53f0eeb329fa62b6d7b446e3b2c1257981f9c0c3ea371c71021af834a285203b2e3177ddf5251044ea215c048f78701dec36a94ca3c435278d1fd889996adf5ea7c8db62f2b1331bc22c4b7798d587a5c4e619b7b576e19d92996bc0bdc0c8c15374e11b6eeda0e18b35aac4b96db9cdba025080bf5bea4ffdf4fa3c93ec5feede0a140f7f6727ef255783565935d59d348aaa6d12c060afd5f6d084346309d8cbf54b33050ecccf30ae083c4034165880214a94a5296427e2fcb6d90692a82212b6b8d86c6d163f0643944aaba4af1171aed463994f1374e1ec1654b89b04e9d635074e8d131bc2443daf1caad455671470329a287f4c711cb907403d5c05184cd3a647823b5b9c6dc4451fdde92dc1cb87010197026458b40d4809ab60aca1af6bb3702a3e0506cdd21faa6d9909f4ed74723de75fc48d44314fa3cc0c8e8ea226ec1d5875b9595aeacdff0a9f75b4a60dde781c58179f997ecb6479c91ecacc65bfe293a2d26c21ae7c1d7be1241cc1c4ea86a6cf8d93012bd98508aae8db723ff167026298cab227b7d0062c27ccc8e81df7268423ad063638760b44e77147ee9bd84140166ae2bfd592f845ca68c719f7520ae3c9988cc89db73bf93ad6f2f7d9394b2288f0176723acd167081ade4e066a26832f7b655cd874aa5026a7369bb9912c90599d1407f0488a9c540a31997890f5433bd1df91ba13a9e0721c9a707eac7cff1c3efef6cd716779c7ad631c3560caa2031d9d2591329c1867d0d5f96b5897cac2c6a381f0ce5c27969c2b3e7d188e1e896d815b01a3e177933817325953140272ad718a36ae522d43de109ba92255ee66d2a14897f2b2014dc9a495c108727e0eef54df617e269e43a0c48d28a91aaf14d58719e21ea39c1c534e39a1dfabb61377b55d2f69fe79c7d5111b8b952c388925ea8ab1503ae68bce95a34a10a85aa0e5da52add14b93eaac5861a6504e23dda8034e809253c1071ddda934663faac454cd378c5725f5c6f4d943779994357185e512a4b6993156e624f25d86d24e7254d3e9b231aa80ed5a32e108cb528d402f93e58c25ac937420ff7dcd7d9ec2126c7fe7cefa47c038f23de40523d5e026fe3bb4cfd3040f9bd9631cf5a2cde1e20a6032703cd64c2ad97ea95d05a7aa3ea3b3b9d5a86961116dd1338c0a2caae0ceab3178ac7736dfa8a949cd81d261748e6678cb730b57468fb2b7e22c5eb08ad496e76775dce0c31950a596580ad7d6c3fd9ce90dded340f20b77fe53e81fb6e2a7a6c450b8ac9009c7c077893f704457a90401fb758c0769fbfd38e40ae692e410b889bbf0b09a32dc731b6768c0fa3963a5b6279b6a5db611174339f3218fff567f6cfb7377ddc8e2c730da35cc3ec680a6bc95010dd03834caab7afb2c0023ad9ce3aae3c0fd1ece42ea840bf5fc798a0b5fbe7692f13549cdba4a0b68f722ef6877856a76fc3c39f7cfd760675a9f341d9f09f381972be9171e50455ed13e665e61a03b0c2a79276a871c25fc5c486639a71a8dfdf36174373b8995014752aba3026045be6b43074ac3824d687bbf5f6544228cea52791828f54980ee9f728534ea32edd205aaace717adcf61ce28f92719048d44b09812bcfd2d22cc9d7a45ed6b4634756f6b3189908c71728c373ea94aa5c74ce4a73c20138b8cb21db6e2dfb35329b86b1805a5208dd370b8342ca8aa3cbd3e7a3ec79d7b8ee677b04e19c524ddc6de0b22443ac15de908f61719399d0f9890ca2b0283a7db914944f424af10ba0ec9e3e253c060d7b28552eaae5eed1e906f8f93c2195293deabdad6cb38ddab51603e4a96ef1e086de911fb716ffbca467294d9e66e5d0f8225bc28d6c074c4ffba76706f61b0b386b7e4b6500a15fad291f34f6c84f1596a97512f31196a529a7a5725437c038e17d531da3838c8aef3bade6bc1d4c7624560d4fba72e5f8be2c5dc905e1e4bcb2aa7eddb275408ef4288ac69c7a18ae58fb26c2f5a6964f051b81d2e426fc2a5d8617050341b96d5a746e3419fbe94bd3752403868b655c2dba6f48ef109a2e6ec0041842fae52bfab70481ecfe8d27f3d5e444f1b941d871c8057cbe35df68665bc3aadea02d203b106d1179a428daa7d9fea9dbddd8955bb289a92ec790de74cd6a1edf925ab85471633dedf8ba46abe456963a2381addce2aa16c06dd80bb54d8e53d7c82607916af175061da29122afde8687add6b6f42233b76a1164893dcc1ec3dcf935576d2d0f3ab3b1adbace086da915234b4f9bad0afc2915608fc4f6611dc3b91d7e0e48cb0a0f3fdc70ef70ef82043afbd3325f0f6186390ab28ca9f0009184637530d79f0c5a77c6e912afbe6533988f543fc6c02d3d44fbdb0e2ebfad2680184f1ed451991667df958a71fb41cf4367bdb931389ea8b6340e225b312a09dadd8e2ac2d200db6e75323d48c73c6b819e13f92b01bf405e796a2e10b863e773598abcbcc196987e18b19530337809b56480778207103a12acfff1c0ad62846088251a1a0d0d6b300059a99698c84ccac78d53eb32e3984001978db7679960b4d75d71b49696909826c66320526fe02a060265821d15b8b2337121a201402a118ec03ff0d4f3dfa48f2dadd20b510ecdf4e6440b5b2466b9bf28e32327189f0405245694a6371dbe4eae7a8293cdc15193c284123d64690120634f808096a8f3f7a04a5bac9dd86c09f2e4e87c7d7c98d0b370e84ea5f265730f5480eb1375d4f82c7d4efbb6e58c5a92848331b2becd2531f6c456b5d0e690b102dd8faec55bde56f95727f4abf52c58543faaeb9cefd39bba788bd7e2b02b27ecbc1679a1ac00823c83e1ae29690cd25544d3ae0a8db25e963e9fb5bd94987637ac3546b9b312bf04d5c6211c135e806525d423fde9ccb5ef7962ec1e056e6f29adaeebb331f6c234586d1fe21577f56d620c6942a29d4915772144cc60008d1236db21100d5a3112c29396b9e18cdb5b104bed2df2b6ea72c9aa03bb6082f3eb07f0eae359864967a749492d21005b0d39c9613c20b1e21700ab66a4f5ca03ec08d67b95f759252d758743820ba243032e1708447fbaebc27e1316af4cf547cef3ac4966a1f04dd07012f257a0204107c23a0046b12493d9784b24dc561c1f88e591056bcc3b338ab1de65e5ad578021f26f93e9b12f00b5f8c8ae2db6b7b8f254303c7ff06514735974e65fb9a93dc79b115a12310040490ca11ef315340af104e20a2e22dcd132f7d7a61d9d3a12e832ee048a2170dbe03d747ed7402180eb964fde0ecb77e778b18a4e5a83479bb7e0ea0a7d5145ffed4607bd7e6b8f961625d5e3dcac2d4a05e71dc9c2e52195bd55aed4e6749dc1c329e2cda966d18e9bf882c05db627c1047fc71533bbba2c8a83d04db5bad6da349a9ad1992eb88e0274d32a16137e2396ad973c0ecbbc2d243e68b6959bf9b", 0x1000}}, 0x1006)
ioctl$ifreq_SIOCGIFINDEX_wireguard(r0, 0x8933, &(0x7f00000002c0)={'wg2\x00', <r8=>0x0})
sendmsg$WG_CMD_SET_DEVICE(r1, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000840)=ANY=[@ANYBLOB="e0100000", @ANYRES16=r2, @ANYBLOB="0500000000000000000001000000060006004e240000901008809005008024000100d1732899f611cd8994034d7f413dc957630e5493c285aca40065cb6311be696b24000100000000000000000000000000000000000000000000000000000000000000000024000200fcbefe9641719404cc5c9ab2766dd4793e367b0ea55e65e2e3416ac9d4e68841240002001171ee8da334a5099295af229a5d237a7f4102f01f28b34347d6cbbe135d83ec24000100975c9d81c983c8209ee781254b899f8ed925ae9f0923c23c62f53c57cdbf691cb40409807c000080060001000a00000014000200000000000000000000000000000000010500030002000000060001000200000008000200ac1414aa0500030001000000060001000a00000014000200ff0100000000000000000000000000010500030001000000060001000200000008000200e00000010500030000000000f4000080060001000a00000014000200fc0000000000000000000000000000000500030001000000060001000a00000014000200fc0200000000000000000000000000010500030000000000060001000200000008000200e00000020500030003000000060001000200000008000200000000000500030000000000060001000200000008000200ac1414bb0500030001000000060001000200000008000200ac1414bb0500030000000000060001000a00000014000200000000000000000000000000000000010500030002000000060001000a00000014000200fc0200000000000000000000000000000500030003000000340000800600010002000000080002000a0101010500030004000000060001000200000008000200ac1414aa050003000300000064000080060001000a00000014000200200100000000000000000000000000000500030002000000060001000200000008000200ac1414aa0500030001000000060001000a00000014000200ff010000000000000000000000000001050003000200000094000080060001000200000008000200ac1e00010500030002000000060001000200000008000200e00000010500030002000000060001000a00000014000200fc0000000000000000000000000000000500030002000000060001000200000008000200000000000500030003000000060001000a00000014000200fe80000000000000000000000000000e050003000000000040000080060001000a00000014000200fc0200000000000000000000000000000500030002000000060001000200000008000200ac1414aa050003000000000064000080060001000a00000014000200200100000000000000000000000000020500030001000000060001000a00000014000200fc02000000000000000000000000000105000300020000000600010002000000080002000a010100050003000200000070000080060001000a00000014000200ff0200000000000000000000000000010500030000000000060001000a00000014000200000000000000000000000000000000000500030002000000060001000a0000001400020000000000000000000000000000000001050003000000000000010080060001000a00000014000200ff0200000000000000000000000000010500030000000000060001000200000008000200000000000500030003000000060001000200000008000200640101000500030002000000060001000200000008000200640101010500030001000000060001000200000008000200ac1414aa0500030002000000060001000a00000014000200fe8000000000000000000000000000bb05000300020000000600010002000000080002007f0000010500030002000000060001000a00000014000200fc0200000000000000000000000000010500030003000000060001000200000008000200640101010500030001000000240002005da952055e5857d673cddd36909746c80efa3ff95c317de1063db32bc80a0b3e1803008024000100f44da367a88ee6564f020211456727082f5cebee8b1bf5eb7337341b459b39220600050005000000e802098058000080060001000200000008000200ac1e00010500030001000000060001000a00000014000200000000000000000000000000000000010500030000000000060001000200000008000200ffffffff05000300010000007c000080060001000a00000014000200000000000000000000000000000000010500030002000000060001000200000008000200ac1414bb0500030002000000060001000a000000140002000000000000000000000000000000000105000300020000000600010002000000080002000a0101010500030003000000f4000080060001000a0000001400020000000000000000000000ffffac1414aa0500030003000000060001000200000008000200ac1414aa05000300000000000600010002000000080002000a01010205000300020000000600010002000000080002007f00000105000300000000000600010002000000080002000a0101010500030003000000060001000200000008000200e00000010500030003000000060001000a00000014000200fc01000000000000000000000000000005000300010000000600010002000000080002000a0101000500030000000000060001000200000008000200ac1e0101050003000200000094000080060001000a00000014000200fc0200000000000000000000000000010500030002000000060001000a00000014000200ff0100000000000000000000000000010500030001000000060001000200000008000200e00000010500030002000000060001000200000008000200ac1414bb0500030001000000060001000200000008000200ffffffff050003000200000088000080060001000a00000014000200fe8000000000000000000000000000aa0500030001000000060001000200000008000200ac1414aa0500030002000000060001000a00000014000200fe8800000000000000000000000001010500030002000000060001000a00000014000200ff02000000000000000000000000000105000300020000007c000080200004000a004e2100000006fc0100000000000000000000000000010400000008000a000100000024000100f44da367a88ee6564f020211456727082f5cebee8b1bf5eb7337341b459b3922080003000300000024000200379aa288b2244a5b504ba04bea45625d328fb93b62e607a1b2e4da2f7f76a549780000800800030001000000080003000400000024000100f44da367a88ee6564f020211456727082f5cebee8b1bf5eb7337341b459b3922080003000000000024000100d1732899f611cd8994034d7f413dc957630e5493c285aca40065cb6311be696b1400040002004e22000000000000000000000000e4060080dc020980f4000080060001000a00000014000200000000000000000000000000000000000500030002000000060001000a00000014000200fc0000000000000000000000000000000500030001000000060001000200000008000200ffffffff0500030001000000060001000200000008000200ac1e00010500030001000000060001000200000008000200e000000105000300020000000600010002000000080002007f0000010500030002000000060001000a00000014000200000000000000000000000000000000010500030001000000060001000a00000014000200fc010000000000000000000000000001050003000300000034000080060001000200000008000200640101000500030001000000060001000200000008000200ac1414bb050003000200000000010080060001000a00000014000200200100000000000000000000000000010500030000000000060001000200000008000200e000000205000300020000000600010002000000080002006401010005000300020000000600010002000000080002007f00000105000300010000000600010002000000080002007f0000010500030001000000060001000a00000014000200fe8000000000000000000000000000bb0500030000000000060001000200000008000200ffffffff0500030000000000060001000200000008000200e00000010500030003000000060001000a00000014000200fc0100000000000000000000000000010500030000000000940000800600010002000000080002006401010005000300010000000600010002000000080002006401010205000300000000000600010002000000080002007f0000010500030003000000060001000200000008000200e00000020500030003000000060001000200000008000200ac1414120500030002000000060001000200000008000200ac14142d05000300020000001c000080060001000200000008000200ffffffff05000300030000000800030002000000200004000a004e2000000005fc010000000000000000000000000001000000009403098094000080060001000a0000001400020000000000000000000000ffffac1414bb0500030003000000060001000a00000014000200fe8800000000000000000000000000010500030002000000060001000a00000014000200ff0100000000000000000000000000010500030003000000060001000a00000014000200fe880000000000000000000000000101050003000100000064000080060001000a00000014000200fe8000000000000000000000000000bb0500030000000000060001000200000008000200ac1414bb0500030001000000060001000a0000001400020000000000000000000000ffffe00000020500030003000000f4000080060001000200000008000200000000000500030001000000060001000a00000014000200000000000000000000000000000000010500030003000000060001000200000008000200ac1414aa0500030001000000060001000a00000014000200fe80000000000000000000000000003e05000300010000000600010002000000080002007f0000010500030001000000060001000a00000014000200ff0200000000000000000000000000010500030001000000060001000a00000014000200000000000000000000000000000000010500030000000000060001000200000008000200e0000001050003000000000058000080060001000a00000014000200fe8000000000000000000000000000bb0500030000000000060001000200000008000200ac1414410500030010000000060001000200000008000200ac1e00010500030001000000f4000080060001000200000008000200640101000500030002000000060001000a00000014000200200100000000000000000000000000000500030000000000060001000a00000014000200fc0200000000000000000000000000010500030003000000060001000a00000014000200fe8000000000000000000000000000aa0500030003000000060001000200000008000200ac1414aa0500030000000000060001000200000008000200000000000500030000000000060001000200000008000200ac1414270500030000000000060001000a0000001400020020010000000000000000000000000002050003000100000058000080060001000200000008000200ac1414aa0500030001000000060001000a00000014000200fe8000000000000000000000000000140500030000000000060001000200000008000200e0000001050003000000000024000100d1732899f611cd8994034d7f413dc957630e5493c285aca40065cb6311be696b240002000f1b8b82264208ab1a2dce776c03b9f348f500ef8e7606466943f5ba2ae2881e0c0000800800030006000000060006004e24000008000100", @ANYRES32=r8, @ANYBLOB="240003"], 0x10e0}}, 0x0)

237.339828ms ago: executing program 1 (id=1364):
r0 = syz_init_net_socket$ax25(0x3, 0x5, 0x6)
ioctl$SIOCAX25DELUID(r0, 0x89e2, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
socket$netlink(0x10, 0x3, 0x0)
prlimit64(0x0, 0x1, &(0x7f0000000040)={0x8, 0xf59}, 0x0)
close_range(r1, r1, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000740)=0x3)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000000c0)=0x6)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8)
bpf$MAP_CREATE(0x0, 0x0, 0x48)
bpf$BPF_MAP_LOOKUP_AND_DELETE_ELEM(0x15, 0x0, 0x0)
socket$netlink(0x10, 0x3, 0x0)
r3 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000040), 0x42002)
ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r3, 0xc08c5332, 0x0)
r4 = syz_open_dev$usbfs(&(0x7f0000000100), 0x76, 0x101301)
ioctl$USBDEVFS_IOCTL(r4, 0xc0105512, &(0x7f0000000c00)=@usbdevfs_driver={0x8, 0x28000000, &(0x7f0000000bc0)='~'})
write$sndseq(r3, &(0x7f0000000000), 0x0)
openat$sndseq(0xffffffffffffff9c, &(0x7f00000018c0), 0x0)
mmap(&(0x7f0000ffe000/0x1000)=nil, 0x1000, 0x1000006, 0x28011, 0xffffffffffffffff, 0x0)
mount(&(0x7f0000000080)=@nullb, &(0x7f0000000000)='./cgroup\x00', &(0x7f0000000040)='btrfs\x00', 0x208000, 0x0)

0s ago: executing program 2 (id=1365):
r0 = syz_usb_connect(0x6, 0x2d, &(0x7f0000000000)=ANY=[], 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io$printer(r0, 0x0, 0x0)
r1 = socket(0x2a, 0x2, 0x0)
getsockname$packet(r1, &(0x7f0000000200)={0x11, 0x0, <r2=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000040)=0x14)
syz_memcpy_off$IO_URING_METADATA_GENERIC(0x0, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000380)=@IORING_OP_PROVIDE_BUFFERS={0x1f, 0x0, 0x0, 0x7, 0x0, 0x0, 0x200, 0x0, 0x1})
io_uring_enter(0xffffffffffffffff, 0x47fa, 0x0, 0x0, 0x0, 0x0)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000001c0)={<r3=>0xffffffffffffffff})
syz_io_uring_submit(0x0, 0x0, &(0x7f00000001c0)=@IORING_OP_RECVMSG={0xa, 0x20, 0x2, r3, 0x0, &(0x7f00000002c0)={0x0, 0x0, 0x0}, 0x0, 0x0, 0x1})
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000380)=@newqdisc={0x24, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, {}, {0xffff, 0xffff}}}, 0x24}}, 0x0)
r4 = socket$unix(0x1, 0x1, 0x0)
bind$unix(r4, &(0x7f0000000180)=@file={0x1}, 0x6e)
listen(r4, 0x0)
r5 = socket$unix(0x1, 0x1, 0x0)
connect$unix(r5, &(0x7f0000000080)=@file={0x1}, 0x6e)
mprotect(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x9)
accept4(r4, &(0x7f0000000100)=@nfc, &(0x7f0000000000)=0x80, 0x80000)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000005840)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000001240)=@newqdisc={0x24, 0x24, 0x5820a61ca228651, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, {0x0, 0x2}, {0xffff, 0xffff}}}, 0x24}}, 0x0)
r6 = socket$can_j1939(0x1d, 0x2, 0x7)
bind$can_j1939(r6, &(0x7f0000000000)={0x1d, r2, 0x1, {0x0, 0x1}, 0xff}, 0x18)
syz_usb_control_io(r0, 0x0, 0x0)
r7 = syz_open_dev$I2C(&(0x7f0000000080), 0x200001, 0x40)
ioctl$I2C_RDWR(r7, 0x707, &(0x7f0000000100)={&(0x7f00000000c0)=[{0x94, 0x6a00, 0x2, &(0x7f0000000040)="86ab"}], 0x1})

kernel console output (not intermixed with test programs):

devsim1 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[  157.885793][ T6453] netdevsim netdevsim1 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[  157.963355][ T6453] netdevsim netdevsim1 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[  158.003075][  T976] usb 3-1: Using ep0 maxpacket: 8
[  158.024754][  T976] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  158.048752][  T976] usb 3-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22
[  158.077552][  T976] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  158.121109][  T976] usb 3-1: config 0 descriptor??
[  158.181662][ T6483] capability: warning: `syz.3.168' uses 32-bit capabilities (legacy support in use)
[  158.193730][ T6483] process 'syz.3.168' launched './file2' with NULL argv: empty string added
[  158.234488][ T6493] overlayfs: missing 'lowerdir'
[  158.337956][  T976] iowarrior 3-1:0.0: IOWarrior product=0x1512, serial= interface=0 now attached to iowarrior0
[  158.542799][  T976] usb 3-1: USB disconnect, device number 2
[  159.372067][ T6497] can0: slcan on ttyprintk.
[  159.714908][ T6506] overlayfs: upper fs does not support file handles, falling back to index=off.
[  159.866160][ T6508] overlay: ./bus is not a directory
[  160.245913][ T6496] can0 (unregistered): slcan off ttyprintk.
[  160.526425][ T6521] netlink: 24 bytes leftover after parsing attributes in process `syz.3.175'.
[  160.667676][ T6532] input: syz0 as /devices/virtual/input/input9
[  160.782859][ T6538] overlayfs: missing 'lowerdir'
[  162.528383][ T6566] overlayfs: upper fs does not support file handles, falling back to index=off.
[  162.982231][ T6575] netlink: 24 bytes leftover after parsing attributes in process `syz.0.191'.
[  163.432221][ T6590] input: syz0 as /devices/virtual/input/input10
[  163.530314][   T30] kauditd_printk_skb: 5 callbacks suppressed
[  163.530328][   T30] audit: type=1326 audit(1747524753.666:72): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6589 comm="syz.0.196" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f78bab8e969 code=0x0
[  163.883947][ T6598] loop2: detected capacity change from 0 to 7
[  164.002339][ T6207] Dev loop2: unable to read RDB block 7
[  164.090212][ T6207]  loop2: AHDI p1 p2
[  164.118714][ T6207] loop2: partition table partially beyond EOD, truncated
[  164.180414][ T6207] loop2: p1 size 4244635647 extends beyond EOD, truncated
[  164.290472][ T6598] Dev loop2: unable to read RDB block 7
[  164.344915][ T6598]  loop2: AHDI p1 p2
[  164.352038][ T6598] loop2: partition table partially beyond EOD, truncated
[  164.397695][ T6598] loop2: p1 size 4244635647 extends beyond EOD, truncated
[  164.722308][ T6207] udevd[6207]: inotify_add_watch(7, /dev/loop2p1, 10) failed: No such file or directory
[  164.835062][ T6207] udevd[6207]: inotify_add_watch(7, /dev/loop2p1, 10) failed: No such file or directory
[  165.268657][ T5821] Bluetooth: hci2: ISO packet for unknown connection handle 0
[  166.350412][ T6638] hub 6-0:1.0: USB hub found
[  166.380596][ T6638] hub 6-0:1.0: 1 port detected
[  166.428695][ T6634] netlink: 24 bytes leftover after parsing attributes in process `syz.1.207'.
[  170.099602][ T6682] netlink: 24 bytes leftover after parsing attributes in process `syz.0.221'.
[  171.089836][ T6689] netlink: 8 bytes leftover after parsing attributes in process `syz.4.215'.
[  171.607512][ T6702] netlink: 32 bytes leftover after parsing attributes in process `syz.0.226'.
[  171.954698][ T6707] netlink: 12 bytes leftover after parsing attributes in process `syz.0.228'.
[  174.245442][ T6732] netlink: 4 bytes leftover after parsing attributes in process `syz.0.234'.
[  174.401614][ T6732] bridge_slave_1: left allmulticast mode
[  174.507256][ T6732] bridge_slave_1: left promiscuous mode
[  174.514021][ T6732] bridge0: port 2(bridge_slave_1) entered disabled state
[  174.946325][ T6737] overlayfs: missing 'lowerdir'
[  175.037374][ T6738] 9pnet_fd: Insufficient options for proto=fd
[  175.668793][ T6732] bridge_slave_0: left allmulticast mode
[  175.675053][ T6732] bridge_slave_0: left promiscuous mode
[  176.404880][ T6732] bridge0: port 1(bridge_slave_0) entered disabled state
[  176.906338][ T6748] loop6: detected capacity change from 0 to 524287999
[  176.917464][ T6748] Buffer I/O error on dev loop6, logical block 0, async page read
[  176.927396][ T6748] Buffer I/O error on dev loop6, logical block 0, async page read
[  176.937956][ T6748] Buffer I/O error on dev loop6, logical block 0, async page read
[  176.947420][ T6748] Buffer I/O error on dev loop6, logical block 0, async page read
[  176.957264][ T6748] Buffer I/O error on dev loop6, logical block 0, async page read
[  176.967299][ T6748] Buffer I/O error on dev loop6, logical block 0, async page read
[  176.978937][ T6748] Buffer I/O error on dev loop6, logical block 0, async page read
[  176.989423][ T6748] Buffer I/O error on dev loop6, logical block 0, async page read
[  176.998325][ T6748] ldm_validate_partition_table(): Disk read failed.
[  177.006334][ T6748] Buffer I/O error on dev loop6, logical block 0, async page read
[  177.020150][ T6748] Buffer I/O error on dev loop6, logical block 0, async page read
[  177.034105][ T6748] Dev loop6: unable to read RDB block 0
[  177.045066][ T6748]  loop6: unable to read partition table
[  177.052825][ T6748] loop_reread_partitions: partition scan of loop6 (3��x��C�

) failed (rc=-5)
[  178.077753][ T6757] 9pnet_fd: Insufficient options for proto=fd
[  181.702925][ T6792] loop8: detected capacity change from 0 to 8
[  181.762237][ T6791] netlink: 8 bytes leftover after parsing attributes in process `syz.0.250'.
[  181.771355][ T6791] netlink: 4 bytes leftover after parsing attributes in process `syz.0.250'.
[  181.861824][ T6791] ipvlan2: entered allmulticast mode
[  181.867375][ T6791] veth0_vlan: entered allmulticast mode
[  182.009243][ T6792] Dev loop8: unable to read RDB block 8
[  182.014926][ T6792]  loop8: unable to read partition table
[  182.020928][ T6792] loop8: partition table beyond EOD, truncated
[  182.027350][ T6792] loop_reread_partitions: partition scan of loop8 (�被x�^>�� �) failed (rc=-5)
[  182.292753][ T6797] netlink: 64 bytes leftover after parsing attributes in process `syz.2.251'.
[  183.349753][ T6806] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  183.351045][ T6810] 9pnet_fd: Insufficient options for proto=fd
[  183.492107][ T6811] tipc: Started in network mode
[  183.517536][ T6811] tipc: Node identity da9cf305a98d, cluster identity 4711
[  183.578718][ T6811] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  183.770029][ T6814] syzkaller0: entered promiscuous mode
[  183.785581][ T6814] syzkaller0: entered allmulticast mode
[  183.789717][ T6815] 9pnet_fd: Insufficient options for proto=fd
[  183.868262][ T6811] tipc: Resetting bearer <eth:syzkaller0>
[  183.881567][ T6808] tipc: Resetting bearer <eth:syzkaller0>
[  183.932972][ T6808] tipc: Disabling bearer <eth:syzkaller0>
[  184.287807][ T6822] hugetlbfs: syz.1.258 (6822): Using mlock ulimits for SHM_HUGETLB is obsolete
[  187.456649][ T6850] 9pnet_fd: Insufficient options for proto=fd
[  188.827213][    T9] usb 1-1: new high-speed USB device number 2 using dummy_hcd
[  189.737813][    T9] usb 1-1: Using ep0 maxpacket: 16
[  189.779246][    T9] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 112, changing to 10
[  189.837731][ T6865] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  189.895759][    T9] usb 1-1: New USB device found, idVendor=05ac, idProduct=0224, bcdDevice= 0.00
[  189.916010][    T9] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  189.983785][    T9] usb 1-1: config 0 descriptor??
[  190.288478][    T9] usb 1-1: string descriptor 0 read error: -71
[  191.049071][    T9] input: bcm5974 as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/input/input11
[  191.074530][ T5175] bcm5974 1-1:0.0: could not read from device
[  191.076985][    T9] usb 1-1: USB disconnect, device number 2
[  191.489238][ T6879] 9pnet_fd: Insufficient options for proto=fd
[  191.555420][ T6881] netlink: 8 bytes leftover after parsing attributes in process `syz.2.272'.
[  191.564477][ T6881] netlink: 16 bytes leftover after parsing attributes in process `syz.2.272'.
[  193.490708][ T6898] netlink: 'syz.3.278': attribute type 10 has an invalid length.
[  193.589982][ T6898] team0: Port device wlan1 added
[  193.628011][   T47] usb 1-1: new full-speed USB device number 3 using dummy_hcd
[  193.913008][   T47] usb 1-1: config 16 has an invalid descriptor of length 0, skipping remainder of the config
[  194.146046][ T6905] xt_CT: You must specify a L4 protocol and not use inversions on it
[  194.628966][ T1298] ieee802154 phy0 wpan0: encryption failed: -22
[  194.647495][ T1298] ieee802154 phy1 wpan1: encryption failed: -22
[  194.731100][   T47] usb 1-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  194.740281][   T47] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  195.266887][ T6914] overlayfs: missing 'lowerdir'
[  195.327746][ T6915] 9pnet_fd: Insufficient options for proto=fd
[  196.694171][    T9] usb 1-1: USB disconnect, device number 3
[  196.710091][ T6920] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  196.806076][ T6925] overlayfs: failed to resolve './file1': -2
[  196.857564][   T47] usb 3-1: new high-speed USB device number 3 using dummy_hcd
[  197.039764][ T6930] netlink: 8 bytes leftover after parsing attributes in process `syz.3.287'.
[  197.101617][   T47] usb 3-1: Using ep0 maxpacket: 16
[  197.144206][   T47] usb 3-1: config 0 has an invalid interface number: 251 but max is 0
[  197.163934][ T6931] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci4/hci4:200/input12
[  197.181589][   T47] usb 3-1: config 0 has no interface number 0
[  197.190190][   T47] usb 3-1: config 0 interface 251 altsetting 0 bulk endpoint 0x4 has invalid maxpacket 16
[  197.387313][   T47] usb 3-1: config 0 interface 251 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 64
[  197.406485][   T47] usb 3-1: New USB device found, idVendor=0b95, idProduct=172a, bcdDevice=f7.f4
[  197.420206][   T47] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  197.429829][   T47] usb 3-1: Product: syz
[  197.434645][   T47] usb 3-1: Manufacturer: syz
[  197.439919][   T47] usb 3-1: SerialNumber: syz
[  197.467993][   T47] usb 3-1: config 0 descriptor??
[  197.482002][ T6918] raw-gadget.1 gadget.2: fail, usb_ep_enable returned -22
[  197.489846][ T6918] raw-gadget.1 gadget.2: fail, usb_ep_enable returned -22
[  197.703227][ T6917] raw-gadget.1 gadget.2: fail, usb_ep_enable returned -22
[  197.710672][ T6917] raw-gadget.1 gadget.2: fail, usb_ep_enable returned -22
[  197.903755][ T6943] overlayfs: failed to resolve './file0': -2
[  197.921102][   T47] asix 3-1:0.251 (unnamed net_device) (uninitialized): Failed to read reg index 0x0000: -61
[  198.148201][   T47] asix 3-1:0.251 (unnamed net_device) (uninitialized): Failed to read MAC address: -61
[  198.483829][   T47] asix 3-1:0.251: probe with driver asix failed with error -5
[  198.819753][ T6952] netlink: 8 bytes leftover after parsing attributes in process `syz.1.293'.
[  198.828881][ T6952] netlink: 16 bytes leftover after parsing attributes in process `syz.1.293'.
[  199.397071][  T976] usb 3-1: USB disconnect, device number 3
[  200.213531][ T6960] NILFS (nbd4): device size too small
[  201.159315][ T6964] overlayfs: failed to resolve './file1': -2
[  201.336242][ T5827] usb 1-1: new full-speed USB device number 4 using dummy_hcd
[  201.578993][ T5827] usb 1-1: config 16 has an invalid descriptor of length 0, skipping remainder of the config
[  201.763487][ T5827] usb 1-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  201.860921][ T5827] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  201.991397][ T6971] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  202.765926][ T6977] netlink: 8 bytes leftover after parsing attributes in process `syz.2.299'.
[  204.162298][  T976] usb 1-1: USB disconnect, device number 4
[  205.770840][ T7003] overlayfs: failed to resolve './file1': -2
[  205.837177][ T5873] usb 4-1: new high-speed USB device number 3 using dummy_hcd
[  206.027220][ T5873] usb 4-1: Using ep0 maxpacket: 16
[  206.069263][ T5873] usb 4-1: config 0 has an invalid interface number: 251 but max is 0
[  206.298074][ T5873] usb 4-1: config 0 has no interface number 0
[  206.389860][ T5873] usb 4-1: config 0 interface 251 altsetting 0 bulk endpoint 0x4 has invalid maxpacket 16
[  206.557576][ T5873] usb 4-1: config 0 interface 251 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 64
[  206.631759][ T5873] usb 4-1: New USB device found, idVendor=0b95, idProduct=172a, bcdDevice=f7.f4
[  206.659688][ T5873] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  206.669317][ T5873] usb 4-1: Product: syz
[  206.673651][ T5873] usb 4-1: Manufacturer: syz
[  206.678983][ T5873] usb 4-1: SerialNumber: syz
[  206.709799][ T5873] usb 4-1: config 0 descriptor??
[  206.732011][ T6999] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22
[  206.739488][ T6999] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22
[  206.799804][ T7015] input: syz0 as /devices/virtual/input/input13
[  206.872382][ T7017] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  206.957095][ T6998] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22
[  206.964560][ T6998] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22
[  207.175693][ T5873] asix 4-1:0.251 (unnamed net_device) (uninitialized): Failed to read reg index 0x0000: -61
[  207.215506][ T5873] asix 4-1:0.251 (unnamed net_device) (uninitialized): Failed to read MAC address: -61
[  207.371273][ T5873] asix 4-1:0.251: probe with driver asix failed with error -5
[  208.532350][ T5873] usb 4-1: USB disconnect, device number 3
[  208.863745][ T5878] usb 1-1: new full-speed USB device number 5 using dummy_hcd
[  208.919894][ T7040] overlayfs: failed to resolve './file0': -2
[  209.205725][ T7046] xt_CT: You must specify a L4 protocol and not use inversions on it
[  209.795187][ T5878] usb 1-1: config 16 has an invalid descriptor of length 0, skipping remainder of the config
[  209.806432][ T5878] usb 1-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  209.892058][ T5878] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  210.857354][ T5878] usb 1-1: can't set config #16, error -71
[  210.956081][ T7059] 9pnet_fd: Insufficient options for proto=fd
[  212.322151][ T5878] usb 1-1: USB disconnect, device number 5
[  212.783043][ T7069] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  213.017922][ T5878] usb 1-1: new high-speed USB device number 6 using dummy_hcd
[  214.397204][ T5878] usb 1-1: Using ep0 maxpacket: 16
[  214.408716][ T5878] usb 1-1: device descriptor read/all, error -71
[  215.673827][ T7099] NILFS (nbd2): device size too small
[  216.096076][ T5878] usb 1-1: new full-speed USB device number 7 using dummy_hcd
[  216.419380][ T5878] usb 1-1: config 16 has an invalid descriptor of length 0, skipping remainder of the config
[  216.509923][ T7108] input: syz0 as /devices/virtual/input/input15
[  217.174751][ T5829] Bluetooth: hci0: command 0x0406 tx timeout
[  217.180951][ T5837] Bluetooth: hci1: command 0x0406 tx timeout
[  217.188643][ T5130] Bluetooth: hci2: command 0x0406 tx timeout
[  217.195273][ T5130] Bluetooth: hci3: command 0x0406 tx timeout
[  217.347341][ T5878] usb 1-1: config 16 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 3
[  217.455208][ T5878] usb 1-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  217.464932][ T5878] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  217.480384][ T5878] usbtmc 1-1:16.0: bulk endpoints not found
[  217.986793][ T7123] netlink: 8 bytes leftover after parsing attributes in process `syz.4.344'.
[  217.995824][ T7123] netlink: 16 bytes leftover after parsing attributes in process `syz.4.344'.
[  219.344266][ T7130] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci4/hci4:200/input16
[  219.516376][   T47] usb 1-1: USB disconnect, device number 7
[  220.347624][ T7147] NILFS (nbd2): device size too small
[  221.030998][ T7152] input: syz0 as /devices/virtual/input/input17
[  222.158126][ T5909] usb 1-1: new high-speed USB device number 8 using dummy_hcd
[  222.372249][ T5909] usb 1-1: Using ep0 maxpacket: 8
[  222.395863][ T5909] usb 1-1: config 2 has an invalid interface number: 31 but max is 0
[  222.425497][ T5909] usb 1-1: config 2 has no interface number 0
[  223.124479][ T5909] usb 1-1: config 2 interface 31 has no altsetting 0
[  223.147953][ T5909] usb 1-1: New USB device found, idVendor=1a86, idProduct=e092, bcdDevice=53.3f
[  223.175657][ T5909] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  223.194123][ T5909] usb 1-1: Product: syz
[  223.207147][ T5909] usb 1-1: Manufacturer: syz
[  223.214359][ T5909] usb 1-1: SerialNumber: syz
[  223.505295][ T5909] ch9200 1-1:2.31: probe with driver ch9200 failed with error -22
[  224.547619][ T5909] usb 4-1: new high-speed USB device number 4 using dummy_hcd
[  224.898422][ T5909] usb 4-1: Using ep0 maxpacket: 8
[  224.906241][ T5909] usb 4-1: config 0 has no interfaces?
[  224.922440][ T5909] usb 4-1: New USB device found, idVendor=10f0, idProduct=2002, bcdDevice=dc.4d
[  224.935122][ T5909] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  224.953366][ T5909] usb 4-1: Product: syz
[  225.295363][ T7191] NILFS (nbd2): device size too small
[  225.577419][ T5909] usb 4-1: Manufacturer: syz
[  225.592383][ T5909] usb 4-1: SerialNumber: syz
[  225.605060][    T9] usb 1-1: USB disconnect, device number 8
[  225.730279][ T5909] usb 4-1: config 0 descriptor??
[  226.015374][ T7180] netlink: 4 bytes leftover after parsing attributes in process `syz.3.360'.
[  226.026297][ T7180] netlink: 4 bytes leftover after parsing attributes in process `syz.3.360'.
[  226.093799][ T5909] usb 4-1: USB disconnect, device number 4
[  226.668538][ T5909] usb 2-1: new high-speed USB device number 3 using dummy_hcd
[  226.760787][ T7208] loop6: detected capacity change from 0 to 524287999
[  226.776397][ T7208] buffer_io_error: 7 callbacks suppressed
[  226.776438][ T7208] Buffer I/O error on dev loop6, logical block 0, async page read
[  226.797382][ T7208] Buffer I/O error on dev loop6, logical block 0, async page read
[  226.825769][ T7208] Buffer I/O error on dev loop6, logical block 0, async page read
[  226.835332][ T7208] Buffer I/O error on dev loop6, logical block 0, async page read
[  226.844941][ T7208] Buffer I/O error on dev loop6, logical block 0, async page read
[  226.854417][ T7208] Buffer I/O error on dev loop6, logical block 0, async page read
[  226.870046][ T7208] Buffer I/O error on dev loop6, logical block 0, async page read
[  226.881321][ T7208] Buffer I/O error on dev loop6, logical block 0, async page read
[  226.890957][ T7208] ldm_validate_partition_table(): Disk read failed.
[  226.899219][ T7208] Buffer I/O error on dev loop6, logical block 0, async page read
[  226.909063][ T7208] Buffer I/O error on dev loop6, logical block 0, async page read
[  226.923813][ T7208] Dev loop6: unable to read RDB block 0
[  226.939010][ T7208]  loop6: unable to read partition table
[  226.949546][ T7208] loop_reread_partitions: partition scan of loop6 (3��x��C�

) failed (rc=-5)
[  227.144219][ T5909] usb 2-1: Using ep0 maxpacket: 8
[  227.317181][ T5909] usb 2-1: config 16 has an invalid descriptor of length 0, skipping remainder of the config
[  227.333707][ T5909] usb 2-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  227.356532][ T5909] usb 2-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  227.366569][ T5909] usb 2-1: config 16 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 3
[  227.381172][ T5909] usb 2-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  227.390497][ T5909] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  227.421580][ T5909] usbtmc 2-1:16.0: bulk endpoints not found
[  229.548086][ T5878] usb 2-1: USB disconnect, device number 3
[  229.608197][    T9] usb 4-1: new high-speed USB device number 5 using dummy_hcd
[  229.893524][ T7244] vhci_hcd vhci_hcd.0: pdev(2) rhport(0) sockfd(11)
[  229.900375][ T7244] vhci_hcd vhci_hcd.0: devid(0) speed(4) speed_str(wireless)
[  229.908662][ T7244] vhci_hcd vhci_hcd.0: Device attached
[  229.997540][    T9] usb 4-1: Using ep0 maxpacket: 8
[  230.595635][    T9] usb 4-1: config 2 has an invalid interface number: 31 but max is 0
[  230.660826][ T5873] vhci_hcd: vhci_device speed not set
[  230.672816][ T7245] vhci_hcd: connection closed
[  230.675047][ T3523] vhci_hcd: stop threads
[  230.689263][ T3523] vhci_hcd: release socket
[  230.704803][    T9] usb 4-1: config 2 has no interface number 0
[  230.728854][ T3523] vhci_hcd: disconnect device
[  230.738159][ T5873] usb 37-1: new full-speed USB device number 2 using vhci_hcd
[  230.738196][    T9] usb 4-1: config 2 interface 31 has no altsetting 0
[  230.754491][ T7252] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci4/hci4:200/input18
[  230.794431][    T9] usb 4-1: New USB device found, idVendor=1a86, idProduct=e092, bcdDevice=53.3f
[  230.799772][ T5873] usb 37-1: enqueue for inactive port 0
[  230.807257][    T9] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  230.829338][    T9] usb 4-1: Product: syz
[  230.833572][    T9] usb 4-1: Manufacturer: syz
[  230.838282][    T9] usb 4-1: SerialNumber: syz
[  230.861786][    T9] ch9200 4-1:2.31: probe with driver ch9200 failed with error -22
[  231.003445][ T5873] vhci_hcd: vhci_device speed not set
[  232.335533][ T5873] usb 4-1: USB disconnect, device number 5
[  233.888884][ T7287] input: syz0 as /devices/virtual/input/input19
[  234.378558][ T7299] x_tables: ip6_tables: sctp match: only valid for protocol 132
[  235.023416][ T7297] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(11)
[  235.030097][ T7297] vhci_hcd vhci_hcd.0: devid(0) speed(4) speed_str(wireless)
[  235.076286][ T7297] vhci_hcd vhci_hcd.0: Device attached
[  235.337296][ T7302] vhci_hcd: connection closed
[  235.338319][ T5873] vhci_hcd: vhci_device speed not set
[  235.362949][ T7165] vhci_hcd: stop threads
[  235.372040][ T7165] vhci_hcd: release socket
[  235.449721][ T7310] 9pnet_fd: Insufficient options for proto=fd
[  236.148183][ T7165] vhci_hcd: disconnect device
[  236.177445][   T47] usb 4-1: new full-speed USB device number 6 using dummy_hcd
[  236.207217][ T5873] usb 35-1: new full-speed USB device number 2 using vhci_hcd
[  236.214874][ T5873] usb 35-1: enqueue for inactive port 0
[  236.519392][ T5873] vhci_hcd: vhci_device speed not set
[  236.539029][   T47] usb 4-1: config 16 has an invalid descriptor of length 0, skipping remainder of the config
[  236.550210][   T47] usb 4-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  236.977624][ T7321] xt_CT: You must specify a L4 protocol and not use inversions on it
[  237.332321][   T47] usb 4-1: config 16 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 3
[  237.408108][   T47] usb 4-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  237.417560][   T47] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  237.436937][   T47] usbtmc 4-1:16.0: bulk endpoints not found
[  237.446333][ T7322] netlink: 4 bytes leftover after parsing attributes in process `syz.2.398'.
[  237.569639][ T7322] bridge_slave_1: left allmulticast mode
[  237.575357][ T7322] bridge_slave_1: left promiscuous mode
[  237.624850][ T7322] bridge0: port 2(bridge_slave_1) entered disabled state
[  237.700993][ T7322] bridge_slave_0: left allmulticast mode
[  237.706848][ T7322] bridge_slave_0: left promiscuous mode
[  237.838059][ T7322] bridge0: port 1(bridge_slave_0) entered disabled state
[  238.085177][ T7335] tipc: Started in network mode
[  238.104071][ T7335] tipc: Node identity 9affa5fa49b3, cluster identity 4711
[  238.125919][ T7335] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  238.141363][ T7337] syzkaller0: entered promiscuous mode
[  238.147182][ T7337] syzkaller0: entered allmulticast mode
[  238.162173][ T7334] tipc: Resetting bearer <eth:syzkaller0>
[  238.182164][ T7334] tipc: Disabling bearer <eth:syzkaller0>
[  239.344624][ T7348] 9pnet_fd: Insufficient options for proto=fd
[  239.454288][ T5873] usb 4-1: USB disconnect, device number 6
[  241.062719][ T7363] xt_CT: You must specify a L4 protocol and not use inversions on it
[  241.828613][ T7368] tipc: Started in network mode
[  241.871944][ T7368] tipc: Node identity 420c78d8c0ec, cluster identity 4711
[  241.899147][ T7368] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  242.018135][ T7368] syzkaller0: entered promiscuous mode
[  242.023709][ T7368] syzkaller0: entered allmulticast mode
[  242.097566][ T7367] tipc: Resetting bearer <eth:syzkaller0>
[  242.196871][ T7367] tipc: Disabling bearer <eth:syzkaller0>
[  242.671293][ T7376] loop6: detected capacity change from 0 to 524287999
[  242.686495][ T7376] buffer_io_error: 7 callbacks suppressed
[  242.686543][ T7376] Buffer I/O error on dev loop6, logical block 0, async page read
[  242.703511][ T7376] Buffer I/O error on dev loop6, logical block 0, async page read
[  242.713410][ T7376] Buffer I/O error on dev loop6, logical block 0, async page read
[  242.722232][ T7376] Buffer I/O error on dev loop6, logical block 0, async page read
[  242.731516][ T7376] Buffer I/O error on dev loop6, logical block 0, async page read
[  242.740866][ T7376] Buffer I/O error on dev loop6, logical block 0, async page read
[  242.749045][ T7376] Buffer I/O error on dev loop6, logical block 0, async page read
[  242.757032][ T7376] Buffer I/O error on dev loop6, logical block 0, async page read
[  242.765117][ T7376] ldm_validate_partition_table(): Disk read failed.
[  242.772479][ T7376] Buffer I/O error on dev loop6, logical block 0, async page read
[  242.780601][ T7376] Buffer I/O error on dev loop6, logical block 0, async page read
[  242.788876][ T7376] Dev loop6: unable to read RDB block 0
[  242.795123][ T7376]  loop6: unable to read partition table
[  242.801186][ T7376] loop_reread_partitions: partition scan of loop6 (3��x��C�

) failed (rc=-5)
[  242.857449][ T5821] Bluetooth: hci1: ISO packet for unknown connection handle 0
[  243.609814][ T7387] overlayfs: overlapping lowerdir path
[  243.864987][ T7394] netlink: 4 bytes leftover after parsing attributes in process `syz.2.422'.
[  243.967191][ T5895] usb 4-1: new full-speed USB device number 7 using dummy_hcd
[  244.386203][ T5895] usb 4-1: config 16 has an invalid descriptor of length 0, skipping remainder of the config
[  244.797219][ T5895] usb 4-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  244.807017][ T5895] usb 4-1: config 16 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 3
[  244.821534][ T5895] usb 4-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  244.830985][ T5895] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  244.850407][ T5895] usbtmc 4-1:16.0: bulk endpoints not found
[  245.424811][ T7406] 9pnet_fd: Insufficient options for proto=fd
[  247.679936][ T7422] 9pnet: Could not find request transport: fd0x00000000000000070x0000000000000007
[  248.150011][ T7425] x_tables: ip6_tables: sctp match: only valid for protocol 132
[  248.262939][ T7428] fuse: Unknown parameter 'user_i00000000000000000000'
[  248.288301][ T5873] usb 4-1: USB disconnect, device number 7
[  248.340410][ T7429] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  248.364629][ T7431] overlayfs: overlapping lowerdir path
[  248.378156][ T7429] syzkaller0: entered promiscuous mode
[  248.383684][ T7429] syzkaller0: entered allmulticast mode
[  248.524764][ T7426] tipc: Resetting bearer <eth:syzkaller0>
[  249.457910][    T9] tipc: Node number set to 3545015802
[  249.933111][ T7447] overlayfs: missing 'lowerdir'
[  250.024612][ T7448] 9pnet_fd: Insufficient options for proto=fd
[  250.609670][ T5831] Bluetooth: hci4: command 0x0405 tx timeout
[  251.042623][ T5821] Bluetooth: hci0: ISO packet for unknown connection handle 0
[  251.083263][ T7426] tipc: Disabling bearer <eth:syzkaller0>
[  251.302830][ T7455] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  251.617311][    T9] usb 3-1: new high-speed USB device number 4 using dummy_hcd
[  252.085420][ T7462] NILFS (nbd0): device size too small
[  252.560363][    T9] usb 3-1: Using ep0 maxpacket: 8
[  252.574847][    T9] usb 3-1: config 0 has no interfaces?
[  252.589678][    T9] usb 3-1: New USB device found, idVendor=10f0, idProduct=2002, bcdDevice=dc.4d
[  252.617954][    T9] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  252.626035][    T9] usb 3-1: Product: syz
[  252.643576][    T9] usb 3-1: Manufacturer: syz
[  252.667314][    T9] usb 3-1: SerialNumber: syz
[  252.889522][    T9] usb 3-1: config 0 descriptor??
[  253.579496][ T7469] 9pnet: Could not find request transport: fd0x00000000000000070x0000000000000007
[  253.704468][ T7457] netlink: 4 bytes leftover after parsing attributes in process `syz.2.440'.
[  253.786055][ T7457] batadv0: entered promiscuous mode
[  253.824835][ T7457] macvtap1: entered promiscuous mode
[  253.863215][ T7473] netlink: 4 bytes leftover after parsing attributes in process `syz.2.440'.
[  253.882334][ T7457] macvtap1: entered allmulticast mode
[  253.955128][ T7457] batadv0: entered allmulticast mode
[  253.995206][ T7457] 8021q: adding VLAN 0 to HW filter on device macvtap1
[  254.020946][ T7473] batadv0: left allmulticast mode
[  254.032461][ T7473] batadv0: left promiscuous mode
[  254.118939][ T7479] x_tables: ip6_tables: sctp match: only valid for protocol 132
[  254.217947][ T5895] usb 2-1: new full-speed USB device number 4 using dummy_hcd
[  254.293841][ T5878] usb 3-1: USB disconnect, device number 4
[  254.371754][ T7486] RDS: rds_bind could not find a transport for fc02::, load rds_tcp or rds_rdma?
[  254.381538][ T7483] overlayfs: overlapping lowerdir path
[  254.399289][ T5895] usb 2-1: config 16 has an invalid descriptor of length 0, skipping remainder of the config
[  254.411283][ T5895] usb 2-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  254.432595][ T5895] usb 2-1: config 16 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 3
[  254.491172][ T5895] usb 2-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  254.575094][ T5895] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  254.605880][ T5895] usbtmc 2-1:16.0: bulk endpoints not found
[  254.896681][ T7494] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  254.906964][ T7494] syzkaller0: entered promiscuous mode
[  254.913017][ T7494] syzkaller0: entered allmulticast mode
[  254.925172][ T7493] tipc: Resetting bearer <eth:syzkaller0>
[  255.144806][ T7496] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  255.409730][ T7493] tipc: Disabling bearer <eth:syzkaller0>
[  255.574979][ T1298] ieee802154 phy0 wpan0: encryption failed: -22
[  255.582269][ T1298] ieee802154 phy1 wpan1: encryption failed: -22
[  256.341357][ T7511] xt_CT: You must specify a L4 protocol and not use inversions on it
[  257.281475][ T7512] 9pnet: Could not find request transport: fd0x00000000000000070x0000000000000007
[  257.604664][ T5873] usb 2-1: USB disconnect, device number 4
[  259.077544][ T7529] netlink: 40 bytes leftover after parsing attributes in process `syz.4.461'.
[  259.377058][ T7523] x_tables: ip6_tables: sctp match: only valid for protocol 132
[  259.408212][ T7531] fuse: Unknown parameter 'user_id00000000000000000000'
[  260.632045][ T7545] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  260.643379][ T7545] syzkaller0: entered promiscuous mode
[  260.651220][ T7545] syzkaller0: entered allmulticast mode
[  260.663695][ T7542] tipc: Resetting bearer <eth:syzkaller0>
[  260.697391][ T7540] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  260.778916][ T7542] tipc: Disabling bearer <eth:syzkaller0>
[  260.936490][ T7548] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci4/hci4:200/input20
[  261.965026][ T7569] fuse: Unknown parameter 'user_id00000000000000000000'
[  262.350708][ T7575] overlayfs: missing 'lowerdir'
[  262.457780][ T7576] 9pnet_fd: Insufficient options for proto=fd
[  263.936022][ T7581] tipc: Started in network mode
[  264.010824][ T7581] tipc: Node identity aad373a2e1dc, cluster identity 4711
[  264.080190][ T7581] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  264.121060][ T7587] tipc: Resetting bearer <eth:syzkaller0>
[  264.215655][ T7580] tipc: Disabling bearer <eth:syzkaller0>
[  264.297414][ T7590] x_tables: ip6_tables: sctp match: only valid for protocol 132
[  264.384219][ T7591] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  266.117575][ T7607] netlink: 8 bytes leftover after parsing attributes in process `syz.1.485'.
[  266.126606][ T7607] netlink: 16 bytes leftover after parsing attributes in process `syz.1.485'.
[  267.940324][ T7617] x_tables: ip6_tables: sctp match: only valid for protocol 132
[  268.671626][ T7625] tipc: Started in network mode
[  268.676695][ T7625] tipc: Node identity ae744f0ec369, cluster identity 4711
[  268.686972][ T7625] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  268.702603][ T7625] tipc: Resetting bearer <eth:syzkaller0>
[  268.745852][ T7628] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  268.855447][ T7624] tipc: Disabling bearer <eth:syzkaller0>
[  270.189842][ T5821] Bluetooth: hci4: ISO packet for unknown connection handle 0
[  270.763038][ T7654] x_tables: ip6_tables: sctp match: only valid for protocol 132
[  273.032455][ T7672] NILFS (nbd1): device size too small
[  274.142416][ T7677] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  277.268341][ T7718] input: syz0 as /devices/virtual/input/input21
[  277.377339][ T5895] usb 1-1: new high-speed USB device number 9 using dummy_hcd
[  277.860835][ T7722] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  277.967694][ T5895] usb 1-1: Using ep0 maxpacket: 8
[  278.020963][ T5895] usb 1-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  278.032082][ T5895] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  278.060760][ T5895] usb 1-1: config 16 interface 0 altsetting 0 endpoint 0x8B has invalid wMaxPacketSize 0
[  278.078263][ T5895] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 0
[  278.103786][ T5895] usb 1-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  278.148985][ T5895] usb 1-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  278.194021][ T5895] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  278.268469][ T5895] usbtmc 1-1:16.0: probe with driver usbtmc failed with error -22
[  278.571513][ T7736] input: syz0 as /devices/virtual/input/input22
[  279.217409][ T7754] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  279.454507][ T5821] Bluetooth: hci0: ISO packet for unknown connection handle 0
[  280.100780][ T5895] usb 1-1: USB disconnect, device number 9
[  281.071327][ T7768] xt_CT: You must specify a L4 protocol and not use inversions on it
[  282.012691][ T7774] netlink: 8 bytes leftover after parsing attributes in process `syz.0.543'.
[  282.021939][ T7774] netlink: 16 bytes leftover after parsing attributes in process `syz.0.543'.
[  284.419267][ T7798] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  284.788913][ T7804] overlayfs: missing 'lowerdir'
[  284.883802][ T7805] 9pnet_fd: Insufficient options for proto=fd
[  287.437131][ T5821] Bluetooth: hci4: ISO packet for unknown connection handle 0
[  288.533011][ T7827] overlayfs: overlapping lowerdir path
[  288.590602][ T7827] overlayfs: overlapping lowerdir path
[  288.712283][ T7834] netlink: 4 bytes leftover after parsing attributes in process `syz.3.560'.
[  288.918031][ T7834] bridge_slave_1: left allmulticast mode
[  288.973952][ T7834] bridge_slave_1: left promiscuous mode
[  289.031865][ T7834] bridge0: port 2(bridge_slave_1) entered disabled state
[  289.074357][ T7834] bridge_slave_0: left allmulticast mode
[  289.090129][ T7834] bridge_slave_0: left promiscuous mode
[  289.096081][ T7834] bridge0: port 1(bridge_slave_0) entered disabled state
[  289.459726][ T5895] usb 1-1: new high-speed USB device number 10 using dummy_hcd
[  289.619634][ T5821] Bluetooth: hci4: SCO packet for unknown connection handle 0
[  289.718339][ T7842] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  289.867314][ T5895] usb 1-1: Using ep0 maxpacket: 8
[  289.874820][ T5895] usb 1-1: config 2 has an invalid interface number: 31 but max is 0
[  289.896041][ T5895] usb 1-1: config 2 has no interface number 0
[  289.912083][ T5895] usb 1-1: config 2 interface 31 has no altsetting 0
[  289.932914][ T5895] usb 1-1: New USB device found, idVendor=1a86, idProduct=e092, bcdDevice=53.3f
[  289.945873][ T5895] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  289.961630][ T5895] usb 1-1: Product: syz
[  289.975065][ T5895] usb 1-1: Manufacturer: syz
[  289.985672][ T5895] usb 1-1: SerialNumber: syz
[  290.022659][ T5895] ch9200 1-1:2.31: probe with driver ch9200 failed with error -22
[  292.035634][ T5878] usb 1-1: USB disconnect, device number 10
[  292.303431][ T7864] RDS: rds_bind could not find a transport for fc02::, load rds_tcp or rds_rdma?
[  293.317718][ T7881] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  293.520621][ T7888] loop6: detected capacity change from 0 to 524287999
[  293.570561][ T7888] buffer_io_error: 7 callbacks suppressed
[  293.570682][ T7888] Buffer I/O error on dev loop6, logical block 0, async page read
[  293.590235][ T7888] Buffer I/O error on dev loop6, logical block 0, async page read
[  293.608974][ T7888] Buffer I/O error on dev loop6, logical block 0, async page read
[  293.626372][ T7888] Buffer I/O error on dev loop6, logical block 0, async page read
[  293.873406][ T7888] Buffer I/O error on dev loop6, logical block 0, async page read
[  294.547285][ T7888] Buffer I/O error on dev loop6, logical block 0, async page read
[  294.570512][ T7888] Buffer I/O error on dev loop6, logical block 0, async page read
[  294.581907][ T7888] Buffer I/O error on dev loop6, logical block 0, async page read
[  294.590389][ T7888] ldm_validate_partition_table(): Disk read failed.
[  294.597670][ T7888] Buffer I/O error on dev loop6, logical block 0, async page read
[  294.606596][ T7888] Buffer I/O error on dev loop6, logical block 0, async page read
[  294.617174][ T7888] Dev loop6: unable to read RDB block 0
[  294.627002][ T7888]  loop6: unable to read partition table
[  294.635076][ T7888] loop_reread_partitions: partition scan of loop6 (3��x��C�

) failed (rc=-5)
[  294.767378][ T5895] usb 2-1: new high-speed USB device number 5 using dummy_hcd
[  295.142460][ T5895] usb 2-1: Using ep0 maxpacket: 8
[  295.210844][ T5895] usb 2-1: config 2 has an invalid interface number: 31 but max is 0
[  295.863848][ T5831] Bluetooth: hci2: SCO packet for unknown connection handle 0
[  296.161144][ T5895] usb 2-1: config 2 has no interface number 0
[  296.202923][ T5895] usb 2-1: config 2 interface 31 has no altsetting 0
[  296.383076][ T5895] usb 2-1: New USB device found, idVendor=1a86, idProduct=e092, bcdDevice=53.3f
[  296.394273][ T5895] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  296.402669][ T5895] usb 2-1: Product: syz
[  296.406873][ T5895] usb 2-1: Manufacturer: syz
[  296.411789][ T5895] usb 2-1: SerialNumber: syz
[  296.553857][ T5895] ch9200 2-1:2.31: probe with driver ch9200 failed with error -22
[  296.627875][ T7914] netlink: 8 bytes leftover after parsing attributes in process `syz.0.586'.
[  296.636883][ T7914] netlink: 16 bytes leftover after parsing attributes in process `syz.0.586'.
[  297.213104][ T5895] usb 2-1: USB disconnect, device number 5
[  297.305141][ T7917] syzkaller0: entered promiscuous mode
[  297.314130][ T7917] syzkaller0: entered allmulticast mode
[  297.489730][ T7921] RDS: rds_bind could not find a transport for fc02::, load rds_tcp or rds_rdma?
[  297.655486][ T7926] netlink: 8 bytes leftover after parsing attributes in process `syz.1.591'.
[  298.076588][ T7932] overlayfs: missing 'lowerdir'
[  298.166574][ T7933] 9pnet_fd: Insufficient options for proto=fd
[  298.876137][ T7934] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  301.657219][ T5895] usb 3-1: new high-speed USB device number 5 using dummy_hcd
[  301.937663][    T9] usb 4-1: new high-speed USB device number 8 using dummy_hcd
[  302.822012][ T5831] Bluetooth: hci2: ISO packet for unknown connection handle 0
[  303.316130][ T5895] usb 3-1: device not accepting address 5, error -71
[  303.474727][ T7962] netlink: 8 bytes leftover after parsing attributes in process `syz.1.602'.
[  303.928349][ T5821] Bluetooth: hci4: ISO packet for unknown connection handle 0
[  305.697605][ T7980] overlayfs: missing 'lowerdir'
[  306.037621][ T7981] 9pnet_fd: Insufficient options for proto=fd
[  306.502764][ T5821] Bluetooth: hci3: ISO packet for unknown connection handle 0
[  307.338956][ T7989] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  307.738547][ T7996] xt_CT: You must specify a L4 protocol and not use inversions on it
[  309.495463][ T8007] loop6: detected capacity change from 0 to 524287999
[  309.506642][ T8007] buffer_io_error: 7 callbacks suppressed
[  309.506681][ T8007] Buffer I/O error on dev loop6, logical block 0, async page read
[  309.653597][ T8007] Buffer I/O error on dev loop6, logical block 0, async page read
[  309.666136][ T8007] Buffer I/O error on dev loop6, logical block 0, async page read
[  309.677337][ T8007] Buffer I/O error on dev loop6, logical block 0, async page read
[  309.693776][ T8007] Buffer I/O error on dev loop6, logical block 0, async page read
[  309.716645][ T8007] Buffer I/O error on dev loop6, logical block 0, async page read
[  309.733805][ T8007] Buffer I/O error on dev loop6, logical block 0, async page read
[  309.751271][ T8007] Buffer I/O error on dev loop6, logical block 0, async page read
[  309.785517][ T8007] ldm_validate_partition_table(): Disk read failed.
[  309.792551][ T8007] Buffer I/O error on dev loop6, logical block 0, async page read
[  309.802212][ T8007] Buffer I/O error on dev loop6, logical block 0, async page read
[  309.817138][ T8007] Dev loop6: unable to read RDB block 0
[  309.827671][ T8007]  loop6: unable to read partition table
[  309.836846][ T8007] loop_reread_partitions: partition scan of loop6 (3��x��C�

) failed (rc=-5)
[  310.116860][ T8010] overlayfs: missing 'lowerdir'
[  310.143136][ T8013] netlink: 8 bytes leftover after parsing attributes in process `syz.4.616'.
[  310.432583][ T8018] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore
[  310.501637][ T8018] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent
[  310.707205][    T9] usb 5-1: new high-speed USB device number 7 using dummy_hcd
[  311.427408][    T9] usb 5-1: device descriptor read/64, error -71
[  311.825589][ T8039] xt_CT: You must specify a L4 protocol and not use inversions on it
[  312.309342][ T8040] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  312.357493][    T9] usb 5-1: new high-speed USB device number 8 using dummy_hcd
[  312.557278][    T9] usb 5-1: device descriptor read/64, error -71
[  312.708046][    T9] usb usb5-port1: attempt power cycle
[  313.063488][ T8045] loop6: detected capacity change from 0 to 524287999
[  313.110469][    T9] usb 5-1: new high-speed USB device number 9 using dummy_hcd
[  313.121503][ T8045] ldm_validate_partition_table(): Disk read failed.
[  313.132321][ T8045] Dev loop6: unable to read RDB block 0
[  313.141252][ T8045]  loop6: unable to read partition table
[  313.152306][ T8045] loop_reread_partitions: partition scan of loop6 (3��x��C�

) failed (rc=-5)
[  313.218511][    T9] usb 5-1: device descriptor read/8, error -71
[  313.479731][    T9] usb 5-1: new high-speed USB device number 10 using dummy_hcd
[  313.500070][ T8050] netlink: 40 bytes leftover after parsing attributes in process `syz.3.629'.
[  313.717449][    T9] usb 5-1: device not accepting address 10, error -71
[  313.740206][    T9] usb usb5-port1: unable to enumerate USB device
[  313.763033][ T7847] usb 1-1: new high-speed USB device number 11 using dummy_hcd
[  314.005978][ T8058] xt_CT: You must specify a L4 protocol and not use inversions on it
[  314.699612][ T7847] usb 1-1: Using ep0 maxpacket: 8
[  314.733735][ T7847] usb 1-1: config 0 has no interfaces?
[  314.762033][ T8055] loop6: detected capacity change from 0 to 524287999
[  314.794000][ T8055] buffer_io_error: 24 callbacks suppressed
[  314.794019][ T8055] Buffer I/O error on dev loop6, logical block 0, async page read
[  314.825357][ T8055] Buffer I/O error on dev loop6, logical block 0, async page read
[  314.841044][ T8055] Buffer I/O error on dev loop6, logical block 0, async page read
[  314.850785][ T8055] Buffer I/O error on dev loop6, logical block 0, async page read
[  314.860156][ T8055] Buffer I/O error on dev loop6, logical block 0, async page read
[  314.870261][ T8055] Buffer I/O error on dev loop6, logical block 0, async page read
[  314.880343][ T8055] Buffer I/O error on dev loop6, logical block 0, async page read
[  314.890111][ T8055] Buffer I/O error on dev loop6, logical block 0, async page read
[  314.899210][ T8055] ldm_validate_partition_table(): Disk read failed.
[  314.906189][ T8055] Buffer I/O error on dev loop6, logical block 0, async page read
[  314.915173][ T8055] Buffer I/O error on dev loop6, logical block 0, async page read
[  314.926460][ T8055] Dev loop6: unable to read RDB block 0
[  314.934205][ T8055]  loop6: unable to read partition table
[  314.941082][ T8055] loop_reread_partitions: partition scan of loop6 (3��x��C�

) failed (rc=-5)
[  315.282093][ T7847] usb 1-1: New USB device found, idVendor=10f0, idProduct=2002, bcdDevice=dc.4d
[  315.329200][ T7847] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  315.375501][ T7847] usb 1-1: Product: syz
[  315.417358][ T7847] usb 1-1: Manufacturer: syz
[  315.469290][ T7847] usb 1-1: SerialNumber: syz
[  315.749968][ T7847] usb 1-1: config 0 descriptor??
[  316.630539][ T7847] usb 1-1: can't set config #0, error -71
[  316.648892][ T7847] usb 1-1: USB disconnect, device number 11
[  316.889282][ T8076] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  317.300727][ T8085] xt_CT: You must specify a L4 protocol and not use inversions on it
[  317.907665][ T1298] ieee802154 phy0 wpan0: encryption failed: -22
[  317.919270][ T1298] ieee802154 phy1 wpan1: encryption failed: -22
[  318.581029][ T7847] usb 2-1: new high-speed USB device number 6 using dummy_hcd
[  318.651089][ T8095] xt_CT: You must specify a L4 protocol and not use inversions on it
[  319.088516][ T7847] usb 2-1: device descriptor read/64, error -71
[  319.217962][ T8100] input: syz0 as /devices/virtual/input/input23
[  319.659743][ T7847] usb 2-1: new high-speed USB device number 7 using dummy_hcd
[  319.697352][ T5821] Bluetooth: hci0: ISO packet for unknown connection handle 0
[  319.898226][ T7847] usb 2-1: device descriptor read/64, error -71
[  320.187641][ T7847] usb usb2-port1: attempt power cycle
[  320.465738][ T8117] input: syz0 as /devices/virtual/input/input24
[  320.557243][ T7847] usb 2-1: new high-speed USB device number 8 using dummy_hcd
[  320.608214][ T7847] usb 2-1: device descriptor read/8, error -71
[  321.581010][ T7847] usb 2-1: new high-speed USB device number 9 using dummy_hcd
[  322.249948][ T7847] usb 2-1: device descriptor read/8, error -71
[  322.383552][ T7847] usb usb2-port1: unable to enumerate USB device
[  323.417913][ T8147] netlink: 4 bytes leftover after parsing attributes in process `syz.1.654'.
[  324.063304][ T5831] Bluetooth: hci4: ISO packet for unknown connection handle 0
[  324.477928][ T8158] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(11)
[  324.484673][ T8158] vhci_hcd vhci_hcd.0: devid(0) speed(4) speed_str(wireless)
[  324.708382][ T5821] Bluetooth: hci4: ISO packet for unknown connection handle 0
[  325.079050][ T8158] vhci_hcd vhci_hcd.0: Device attached
[  325.260241][ T5878] vhci_hcd: vhci_device speed not set
[  325.272960][ T8160] vhci_hcd: connection closed
[  325.283471][ T3497] vhci_hcd: stop threads
[  325.322311][ T3497] vhci_hcd: release socket
[  325.350094][ T3497] vhci_hcd: disconnect device
[  325.357226][ T5878] usb 33-1: new full-speed USB device number 2 using vhci_hcd
[  325.387835][ T5878] usb 33-1: enqueue for inactive port 0
[  325.483629][ T5878] vhci_hcd: vhci_device speed not set
[  327.704915][ T7847] usb 3-1: new high-speed USB device number 7 using dummy_hcd
[  327.867193][ T7847] usb 3-1: device descriptor read/64, error -71
[  329.753536][ T5821] Bluetooth: hci0: ISO packet for unknown connection handle 0
[  329.856277][ T8197] overlayfs: missing 'lowerdir'
[  330.097200][ T7847] usb 3-1: new high-speed USB device number 8 using dummy_hcd
[  330.418386][ T7847] usb 3-1: device descriptor read/64, error -71
[  330.659688][ T7847] usb usb3-port1: attempt power cycle
[  332.463048][ T8216] NILFS (nbd2): device size too small
[  332.582809][ T8217] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  332.659176][ T8219] syzkaller0: entered promiscuous mode
[  332.664810][ T8219] syzkaller0: entered allmulticast mode
[  332.737919][ T8217] tipc: Resetting bearer <eth:syzkaller0>
[  332.791876][ T8215] tipc: Resetting bearer <eth:syzkaller0>
[  332.815866][ T8215] tipc: Disabling bearer <eth:syzkaller0>
[  333.559572][ T8231] overlayfs: missing 'lowerdir'
[  334.162975][ T8235] 9pnet_fd: Insufficient options for proto=fd
[  335.291892][ T8240] 9pnet_fd: Insufficient options for proto=fd
[  335.684187][ T8248] loop6: detected capacity change from 0 to 524287999
[  335.704245][ T8248] buffer_io_error: 7 callbacks suppressed
[  335.704263][ T8248] Buffer I/O error on dev loop6, logical block 0, async page read
[  335.815222][ T8251] 9pnet_fd: Insufficient options for proto=fd
[  336.480473][ T8248] Buffer I/O error on dev loop6, logical block 0, async page read
[  336.625361][ T8248] Buffer I/O error on dev loop6, logical block 0, async page read
[  336.656982][ T8248] Buffer I/O error on dev loop6, logical block 0, async page read
[  336.703796][ T8248] Buffer I/O error on dev loop6, logical block 0, async page read
[  336.713489][ T8248] Buffer I/O error on dev loop6, logical block 0, async page read
[  336.725763][ T8248] Buffer I/O error on dev loop6, logical block 0, async page read
[  336.737294][ T8248] Buffer I/O error on dev loop6, logical block 0, async page read
[  336.745230][ T8248] ldm_validate_partition_table(): Disk read failed.
[  336.943079][ T8248] Buffer I/O error on dev loop6, logical block 0, async page read
[  336.957559][ T8248] Buffer I/O error on dev loop6, logical block 0, async page read
[  336.987433][ T8248] Dev loop6: unable to read RDB block 0
[  337.784770][ T8248]  loop6: unable to read partition table
[  337.835252][ T8248] loop_reread_partitions: partition scan of loop6 (3��x��C�

) failed (rc=-5)
[  339.513069][ T8272] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(11)
[  339.519731][ T8274] netlink: 'syz.0.691': attribute type 1 has an invalid length.
[  339.519736][ T8272] vhci_hcd vhci_hcd.0: devid(0) speed(4) speed_str(wireless)
[  339.535033][ T8272] vhci_hcd vhci_hcd.0: Device attached
[  339.541907][ T8277] vhci_hcd: connection closed
[  339.553557][ T7165] vhci_hcd: stop threads
[  339.598624][ T7165] vhci_hcd: release socket
[  339.608743][ T7165] vhci_hcd: disconnect device
[  340.175628][ T8293] NILFS (nbd2): device size too small
[  340.295210][ T5821] Bluetooth: hci3: ISO packet for unknown connection handle 0
[  344.133457][ T8326] netlink: 20 bytes leftover after parsing attributes in process `syz.4.707'.
[  344.137741][ T8323] RDS: rds_bind could not find a transport for fc02::, load rds_tcp or rds_rdma?
[  344.160953][ T8326] netlink: 212408 bytes leftover after parsing attributes in process `syz.4.707'.
[  344.717717][ T8336] capability: warning: `syz.4.707' uses deprecated v2 capabilities in a way that may be insecure
[  345.302358][ T8332] syz.4.707 uses obsolete (PF_INET,SOCK_PACKET)
[  345.329386][ T8332] netlink: 8 bytes leftover after parsing attributes in process `syz.4.707'.
[  347.044294][ T8365] loop8: detected capacity change from 0 to 8
[  347.091058][ T8365] Dev loop8: unable to read RDB block 8
[  347.120893][ T8367] NILFS (nbd3): device size too small
[  347.124788][ T8365]  loop8: unable to read partition table
[  347.158190][ T8365] loop8: partition table beyond EOD, truncated
[  347.214280][ T8365] loop_reread_partitions: partition scan of loop8 (�被x�^>�� �) failed (rc=-5)
[  349.757461][ T8380] RDS: rds_bind could not find a transport for fc02::, load rds_tcp or rds_rdma?
[  354.296220][ T8428] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  354.924643][ T8432] vhci_hcd vhci_hcd.0: pdev(4) rhport(0) sockfd(11)
[  354.931323][ T8432] vhci_hcd vhci_hcd.0: devid(0) speed(4) speed_str(wireless)
[  354.940125][ T8432] vhci_hcd vhci_hcd.0: Device attached
[  354.948108][ T8437] vhci_hcd: connection closed
[  354.982727][  T148] vhci_hcd: stop threads
[  354.992703][  T148] vhci_hcd: release socket
[  355.035724][  T148] vhci_hcd: disconnect device
[  356.493202][ T8462] xt_CT: You must specify a L4 protocol and not use inversions on it
[  357.397315][ T5821] Bluetooth: hci0: ISO packet for unknown connection handle 0
[  357.760111][ T5878] usb 3-1: new high-speed USB device number 10 using dummy_hcd
[  358.071803][ T5878] usb 3-1: Using ep0 maxpacket: 8
[  358.108397][ T5878] usb 3-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  358.127588][ T5878] usb 3-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  358.500443][ T5878] usb 3-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  359.034422][ T7847] usb 2-1: new high-speed USB device number 10 using dummy_hcd
[  359.512199][ T8474] netlink: 4 bytes leftover after parsing attributes in process `syz.3.746'.
[  359.633352][ T7847] usb 2-1: Using ep0 maxpacket: 16
[  360.387403][ T5878] usb 3-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  360.401009][ T5878] usb 3-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  360.410284][ T5878] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  360.597454][ T5878] usb 3-1: can't set config #16, error -71
[  360.650864][ T7847] usb 2-1: config 0 has an invalid interface number: 126 but max is 0
[  360.668004][ T5878] usb 3-1: USB disconnect, device number 10
[  360.672256][ T7847] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  360.745946][ T7847] usb 2-1: config 0 has no interface number 0
[  360.766430][ T7847] usb 2-1: config 0 interface 126 altsetting 0 has an endpoint descriptor with address 0xB7, changing to 0x87
[  360.815644][ T7847] usb 2-1: config 0 interface 126 altsetting 0 endpoint 0x87 has invalid maxpacket 34328, setting to 1024
[  360.875988][ T7847] usb 2-1: config 0 interface 126 altsetting 0 endpoint 0xA has invalid maxpacket 512, setting to 64
[  360.903963][ T7847] usb 2-1: config 0 interface 126 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  360.935232][ T7847] usb 2-1: config 0 interface 126 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0
[  360.960930][ T7847] usb 2-1: config 0 interface 126 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 4
[  360.993172][ T7847] usb 2-1: New USB device found, idVendor=0763, idProduct=1015, bcdDevice=56.88
[  361.004742][ T7847] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  361.032711][ T7847] usb 2-1: config 0 descriptor??
[  361.121490][ T8472] raw-gadget.1 gadget.1: fail, usb_ep_enable returned -22
[  361.173570][ T7847] usb 2-1: Quirk or no altset; falling back to MIDI 1.0
[  361.412372][ T6207] udevd[6207]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.126/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  362.515895][ T5930] usb 2-1: USB disconnect, device number 10
[  362.822531][ T8502] netlink: 'syz.2.757': attribute type 10 has an invalid length.
[  363.257985][ T8502] hsr_slave_0: left promiscuous mode
[  363.307125][ T8502] hsr_slave_1: left promiscuous mode
[  363.997682][ T8512] xt_CT: You must specify a L4 protocol and not use inversions on it
[  364.358096][ T5821] Bluetooth: hci1: ISO packet for unknown connection handle 0
[  366.321945][ T8525] x_tables: ip6_tables: sctp match: only valid for protocol 132
[  368.019356][ T8515] delete_channel: no stack
[  368.291524][ T8541] Sensor B: =================  START STATUS  =================
[  368.299658][ T8541] Sensor B: Test Pattern: 75% Colorbar
[  368.305761][ T8541] Sensor B: Show Information: All
[  368.311325][ T8541] Sensor B: Vertical Flip: false
[  368.316522][ T8541] Sensor B: Horizontal Flip: false
[  368.322026][ T8541] Sensor B: Brightness: 128
[  368.326801][ T8541] Sensor B: Contrast: 128
[  368.331558][ T8541] Sensor B: Hue: 0
[  368.335470][ T8541] Sensor B: Saturation: 128
[  368.585480][ T8541] Sensor B: ==================  END STATUS  ==================
[  368.658452][ T8537] netlink: 4 bytes leftover after parsing attributes in process `syz.1.765'.
[  368.691240][ T8537] bridge_slave_1: left allmulticast mode
[  368.760956][ T8537] bridge_slave_1: left promiscuous mode
[  368.953498][ T8537] bridge0: port 2(bridge_slave_1) entered disabled state
[  369.614598][ T8537] bridge_slave_0: left allmulticast mode
[  369.639678][ T8537] bridge_slave_0: left promiscuous mode
[  369.665254][ T8537] bridge0: port 1(bridge_slave_0) entered disabled state
[  369.696149][ T5821] Bluetooth: hci3: ISO packet for unknown connection handle 0
[  370.498823][ T8562] netlink: 'syz.3.771': attribute type 1 has an invalid length.
[  370.507162][ T8562] netlink: 'syz.3.771': attribute type 2 has an invalid length.
[  370.532921][ T8562] netlink: 4 bytes leftover after parsing attributes in process `syz.3.771'.
[  373.175870][ T8571] input: syz0 as /devices/virtual/input/input25
[  374.563981][ T8588] loop6: detected capacity change from 0 to 524287999
[  374.577506][ T8588] buffer_io_error: 7 callbacks suppressed
[  374.577549][ T8588] Buffer I/O error on dev loop6, logical block 0, async page read
[  374.592350][ T8588] Buffer I/O error on dev loop6, logical block 0, async page read
[  374.601938][ T8588] Buffer I/O error on dev loop6, logical block 0, async page read
[  374.628224][ T8588] Buffer I/O error on dev loop6, logical block 0, async page read
[  374.637252][ T8588] Buffer I/O error on dev loop6, logical block 0, async page read
[  374.646425][ T8588] Buffer I/O error on dev loop6, logical block 0, async page read
[  374.655491][ T8588] Buffer I/O error on dev loop6, logical block 0, async page read
[  374.664941][ T8588] Buffer I/O error on dev loop6, logical block 0, async page read
[  374.674111][ T8588] ldm_validate_partition_table(): Disk read failed.
[  374.681732][ T8588] Buffer I/O error on dev loop6, logical block 0, async page read
[  374.691148][ T8588] Buffer I/O error on dev loop6, logical block 0, async page read
[  374.704131][ T8588] Dev loop6: unable to read RDB block 0
[  374.713578][ T8588]  loop6: unable to read partition table
[  374.721983][ T8588] loop_reread_partitions: partition scan of loop6 (3��x��C�

) failed (rc=-5)
[  375.173019][ T5190] ldm_validate_partition_table(): Disk read failed.
[  375.185892][ T5190] Dev loop6: unable to read RDB block 0
[  375.196521][ T5190]  loop6: unable to read partition table
[  376.807361][ T5827] usb 2-1: new high-speed USB device number 11 using dummy_hcd
[  377.787460][ T5827] usb 2-1: Using ep0 maxpacket: 32
[  377.880203][ T5821] Bluetooth: hci4: ISO packet for unknown connection handle 0
[  378.453800][ T1298] ieee802154 phy0 wpan0: encryption failed: -22
[  378.460598][ T1298] ieee802154 phy1 wpan1: encryption failed: -22
[  378.603233][ T5827] usb 2-1: New USB device found, idVendor=0c72, idProduct=000d, bcdDevice=27.9b
[  378.624803][ T5827] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  378.745253][ T5827] usb 2-1: Product: syz
[  378.752903][ T5827] usb 2-1: Manufacturer: syz
[  378.760993][ T5827] usb 2-1: SerialNumber: syz
[  378.802272][ T5827] usb 2-1: config 0 descriptor??
[  379.729749][ T8623] netlink: 8 bytes leftover after parsing attributes in process `syz.2.788'.
[  379.738847][ T8623] netlink: 16 bytes leftover after parsing attributes in process `syz.2.788'.
[  380.507381][ T5827] peak_usb 2-1:0.0 can0: unable to request usb[type=0 value=1] err=-71
[  380.537207][ T5827] peak_usb 2-1:0.0: unable to read PCAN-USB Pro firmware info (err -71)
[  380.638309][ T5827] peak_usb 2-1:0.0: probe with driver peak_usb failed with error -71
[  380.818795][ T5827] usb 2-1: USB disconnect, device number 11
[  381.770735][ T8640] loop6: detected capacity change from 0 to 524287999
[  381.789386][ T8640] buffer_io_error: 23 callbacks suppressed
[  381.789405][ T8640] Buffer I/O error on dev loop6, logical block 0, async page read
[  381.810245][ T8640] Buffer I/O error on dev loop6, logical block 0, async page read
[  381.825108][ T8640] Buffer I/O error on dev loop6, logical block 0, async page read
[  381.837262][ T8640] Buffer I/O error on dev loop6, logical block 0, async page read
[  381.845728][ T8640] Buffer I/O error on dev loop6, logical block 0, async page read
[  381.855090][ T8640] Buffer I/O error on dev loop6, logical block 0, async page read
[  381.864469][ T8640] Buffer I/O error on dev loop6, logical block 0, async page read
[  381.873654][ T8640] Buffer I/O error on dev loop6, logical block 0, async page read
[  381.882582][ T8640] ldm_validate_partition_table(): Disk read failed.
[  381.936685][ T8640] Buffer I/O error on dev loop6, logical block 0, async page read
[  381.946643][ T8640] Buffer I/O error on dev loop6, logical block 0, async page read
[  381.959067][ T8640] Dev loop6: unable to read RDB block 0
[  381.968656][ T8640]  loop6: unable to read partition table
[  381.976751][ T8640] loop_reread_partitions: partition scan of loop6 (3��x��C�

) failed (rc=-5)
[  387.010107][   T24] usb 4-1: new high-speed USB device number 9 using dummy_hcd
[  387.477460][   T24] usb 4-1: Using ep0 maxpacket: 8
[  387.487453][ T5821] Bluetooth: hci3: ISO packet for unknown connection handle 0
[  388.430153][ T8682] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(9)
[  388.436763][ T8682] vhci_hcd vhci_hcd.0: devid(0) speed(4) speed_str(wireless)
[  388.445808][ T8682] vhci_hcd vhci_hcd.0: Device attached
[  388.473540][ T8685] vhci_hcd: connection closed
[  388.487427][ T7165] vhci_hcd: stop threads
[  388.562910][ T7165] vhci_hcd: release socket
[  388.581173][ T7165] vhci_hcd: disconnect device
[  388.647642][ T5895] vhci_hcd: vhci_device speed not set
[  390.623886][ T5873] usb 1-1: new high-speed USB device number 12 using dummy_hcd
[  390.807203][ T5873] usb 1-1: Using ep0 maxpacket: 16
[  390.815574][ T5873] usb 1-1: config 0 has an invalid interface number: 251 but max is 0
[  390.826280][ T5873] usb 1-1: config 0 has no interface number 0
[  390.833253][ T5873] usb 1-1: config 0 interface 251 altsetting 0 bulk endpoint 0x4 has invalid maxpacket 16
[  390.843961][ T5873] usb 1-1: config 0 interface 251 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 64
[  390.862206][ T5873] usb 1-1: New USB device found, idVendor=0b95, idProduct=172a, bcdDevice=f7.f4
[  390.872681][ T5873] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  390.881462][ T5873] usb 1-1: Product: syz
[  390.886267][ T5873] usb 1-1: Manufacturer: syz
[  390.896897][ T5873] usb 1-1: SerialNumber: syz
[  390.920513][ T5873] usb 1-1: config 0 descriptor??
[  390.926759][ T8701] raw-gadget.1 gadget.0: fail, usb_ep_enable returned -22
[  390.934160][ T8701] raw-gadget.1 gadget.0: fail, usb_ep_enable returned -22
[  390.988461][   T24] usb 4-1: unable to read config index 0 descriptor/start: -71
[  391.006545][   T24] usb 4-1: can't read configurations, error -71
[  391.154699][ T8700] raw-gadget.1 gadget.0: fail, usb_ep_enable returned -22
[  391.162239][ T8700] raw-gadget.1 gadget.0: fail, usb_ep_enable returned -22
[  391.318687][ T8711] netlink: 28 bytes leftover after parsing attributes in process `syz.1.812'.
[  391.376541][ T5873] asix 1-1:0.251 (unnamed net_device) (uninitialized): Failed to read reg index 0x0000: -61
[  391.482669][ T5873] asix 1-1:0.251 (unnamed net_device) (uninitialized): Failed to read MAC address: -61
[  391.851768][ T5873] asix 1-1:0.251: probe with driver asix failed with error -5
[  392.982361][ T8722] netlink: 212408 bytes leftover after parsing attributes in process `syz.1.816'.
[  393.057520][ T5831] Bluetooth: hci0: ISO packet for unknown connection handle 0
[  393.329980][ T5873] usb 1-1: USB disconnect, device number 12
[  394.693967][ T8719] netlink: 24 bytes leftover after parsing attributes in process `syz.2.815'.
[  395.890140][ T5831] Bluetooth: hci4: command 0x0405 tx timeout
[  396.214444][ T8756] netlink: 4 bytes leftover after parsing attributes in process `syz.1.825'.
[  396.963528][ T8762] xt_CT: You must specify a L4 protocol and not use inversions on it
[  398.916019][ T8776] input: syz0 as /devices/virtual/input/input26
[  399.745336][ T8784] tipc: Enabled bearer <eth:team0>, priority 0
[  400.858292][ T5895] tipc: Node number set to 2195749080
[  402.951424][ T8789] Bluetooth: hci0: Opcode 0x0c1a failed: -110
[  402.957980][ T5821] Bluetooth: hci0: command 0x0406 tx timeout
[  403.441018][ T8789] Bluetooth: hci0: Opcode 0x0406 failed: -4
[  403.537120][ T8789] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[  403.544006][ T8789] Bluetooth: hci2: Opcode 0x0406 failed: -4
[  403.628024][ T8789] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[  403.634170][ T8789] Bluetooth: hci3: Opcode 0x0406 failed: -4
[  403.802672][ T8789] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[  403.938702][ T8789] Bluetooth: hci1: Opcode 0x0406 failed: -4
[  404.132646][ T8789] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[  404.152799][ T8789] Bluetooth: hci4: Opcode 0x0406 failed: -4
[  405.008000][ T5821] Bluetooth: hci0: command 0x0406 tx timeout
[  405.240905][ T5895] usb 3-1: new high-speed USB device number 11 using dummy_hcd
[  405.307221][ T5909] usb 5-1: new high-speed USB device number 11 using dummy_hcd
[  405.483318][ T8839] NILFS (nbd1): device size too small
[  405.498089][ T8840] netlink: 40 bytes leftover after parsing attributes in process `syz.0.849'.
[  405.597159][ T5821] Bluetooth: hci2: command 0x0406 tx timeout
[  405.648138][ T5821] Bluetooth: hci3: command 0x0406 tx timeout
[  405.723146][ T8842] input: syz0 as /devices/virtual/input/input27
[  405.737810][ T5895] usb 3-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 2
[  405.766993][ T5895] usb 3-1: Duplicate descriptor for config 0 interface 0 altsetting 0, skipping
[  405.787498][ T5909] usb 5-1: Using ep0 maxpacket: 16
[  405.806025][ T5909] usb 5-1: config 0 has an invalid interface number: 251 but max is 0
[  405.807321][ T5821] Bluetooth: hci1: command 0x0406 tx timeout
[  405.840521][ T5895] usb 3-1: New USB device found, idVendor=1781, idProduct=0938, bcdDevice=9b.49
[  405.862879][ T5909] usb 5-1: config 0 has no interface number 0
[  405.897903][ T5895] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  405.924147][ T5909] usb 5-1: config 0 interface 251 altsetting 0 bulk endpoint 0x4 has invalid maxpacket 16
[  406.012138][ T5895] usb 3-1: Product: syz
[  406.047308][ T5909] usb 5-1: config 0 interface 251 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 64
[  406.061868][ T5895] usb 3-1: Manufacturer: syz
[  406.066663][ T5895] usb 3-1: SerialNumber: syz
[  406.206566][ T5909] usb 5-1: New USB device found, idVendor=0b95, idProduct=172a, bcdDevice=f7.f4
[  406.216575][ T5821] Bluetooth: hci4: command 0x0405 tx timeout
[  406.274981][ T5895] usb 3-1: config 0 descriptor??
[  406.408515][ T5909] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  406.464282][ T5895] usb 3-1: can't set config #0, error -71
[  406.500653][ T5909] usb 5-1: Product: syz
[  406.504885][ T5909] usb 5-1: Manufacturer: syz
[  406.522831][ T5895] usb 3-1: USB disconnect, device number 11
[  406.538955][ T5909] usb 5-1: SerialNumber: syz
[  406.656860][ T5909] usb 5-1: config 0 descriptor??
[  406.715848][ T8829] raw-gadget.1 gadget.4: fail, usb_ep_enable returned -22
[  406.723550][ T8829] raw-gadget.1 gadget.4: fail, usb_ep_enable returned -22
[  406.943859][ T8828] raw-gadget.1 gadget.4: fail, usb_ep_enable returned -22
[  406.951258][ T8828] raw-gadget.1 gadget.4: fail, usb_ep_enable returned -22
[  407.645868][ T5909] asix 5-1:0.251 (unnamed net_device) (uninitialized): Failed to read reg index 0x0000: -61
[  407.658100][ T5821] Bluetooth: hci2: command 0x0406 tx timeout
[  407.729261][ T5821] Bluetooth: hci3: command 0x0406 tx timeout
[  407.782498][ T5909] asix 5-1:0.251 (unnamed net_device) (uninitialized): Failed to read MAC address: -61
[  407.792721][ T5909] asix 5-1:0.251: probe with driver asix failed with error -5
[  407.892849][ T5821] Bluetooth: hci1: command 0x0406 tx timeout
[  408.293227][ T5821] Bluetooth: hci4: command 0x0405 tx timeout
[  408.890044][ T5909] usb 5-1: USB disconnect, device number 11
[  410.479109][ T8881] syz.2.863: attempt to access beyond end of device
[  410.479109][ T8881] nbd2: rw=0, sector=64, nr_sectors = 1 limit=0
[  410.493317][ T8881] syz.2.863: attempt to access beyond end of device
[  410.493317][ T8881] nbd2: rw=0, sector=256, nr_sectors = 1 limit=0
[  410.506266][ T8881] UDF-fs: error (device nbd2): udf_read_tagged: read failed, block=256, location=256
[  410.516015][ T8881] syz.2.863: attempt to access beyond end of device
[  410.516015][ T8881] nbd2: rw=0, sector=512, nr_sectors = 1 limit=0
[  410.529037][ T8881] UDF-fs: error (device nbd2): udf_read_tagged: read failed, block=512, location=512
[  410.539729][ T8881] syz.2.863: attempt to access beyond end of device
[  410.539729][ T8881] nbd2: rw=0, sector=64, nr_sectors = 2 limit=0
[  410.553078][ T8881] syz.2.863: attempt to access beyond end of device
[  410.553078][ T8881] nbd2: rw=0, sector=512, nr_sectors = 2 limit=0
[  410.566653][ T8881] UDF-fs: error (device nbd2): udf_read_tagged: read failed, block=256, location=256
[  410.576339][ T8881] syz.2.863: attempt to access beyond end of device
[  410.576339][ T8881] nbd2: rw=0, sector=1024, nr_sectors = 2 limit=0
[  410.589299][ T8881] UDF-fs: error (device nbd2): udf_read_tagged: read failed, block=512, location=512
[  410.599280][ T8881] syz.2.863: attempt to access beyond end of device
[  410.599280][ T8881] nbd2: rw=0, sector=64, nr_sectors = 4 limit=0
[  410.612260][ T8881] syz.2.863: attempt to access beyond end of device
[  410.612260][ T8881] nbd2: rw=0, sector=1024, nr_sectors = 4 limit=0
[  410.625253][ T8881] UDF-fs: error (device nbd2): udf_read_tagged: read failed, block=256, location=256
[  410.635030][ T8881] syz.2.863: attempt to access beyond end of device
[  410.635030][ T8881] nbd2: rw=0, sector=2048, nr_sectors = 4 limit=0
[  410.647987][ T8881] UDF-fs: error (device nbd2): udf_read_tagged: read failed, block=512, location=512
[  410.657986][ T8881] syz.2.863: attempt to access beyond end of device
[  410.657986][ T8881] nbd2: rw=0, sector=64, nr_sectors = 8 limit=0
[  410.671782][ T8881] UDF-fs: error (device nbd2): udf_read_tagged: read failed, block=256, location=256
[  410.682368][ T8881] UDF-fs: error (device nbd2): udf_read_tagged: read failed, block=512, location=512
[  410.692113][ T8881] UDF-fs: warning (device nbd2): udf_fill_super: No partition found (1)
[  411.091169][ T8887] overlay: ./file1 is not a directory
[  412.921940][ T8895] input: syz0 as /devices/virtual/input/input28
[  415.105940][ T8924] netlink: 'syz.0.876': attribute type 1 has an invalid length.
[  415.113739][ T8924] netlink: 'syz.0.876': attribute type 2 has an invalid length.
[  415.121475][ T8924] netlink: 4 bytes leftover after parsing attributes in process `syz.0.876'.
[  416.184961][ T8935] tipc: Cannot configure node identity twice
[  417.753098][ T5895] usb 4-1: new high-speed USB device number 11 using dummy_hcd
[  418.083842][ T8952] netlink: 32 bytes leftover after parsing attributes in process `syz.4.883'.
[  418.107119][ T5895] usb 4-1: Using ep0 maxpacket: 16
[  418.943464][ T5895] usb 4-1: config 0 has an invalid interface number: 251 but max is 0
[  418.977188][ T5895] usb 4-1: config 0 has no interface number 0
[  418.983457][ T5895] usb 4-1: config 0 interface 251 altsetting 0 bulk endpoint 0x4 has invalid maxpacket 16
[  419.056727][ T5895] usb 4-1: config 0 interface 251 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 64
[  419.268503][ T5895] usb 4-1: New USB device found, idVendor=0b95, idProduct=172a, bcdDevice=f7.f4
[  419.289468][ T5895] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  419.298970][ T5895] usb 4-1: Product: syz
[  419.303160][ T5895] usb 4-1: Manufacturer: syz
[  419.307836][ T5895] usb 4-1: SerialNumber: syz
[  419.348307][ T5895] usb 4-1: config 0 descriptor??
[  419.354082][ T8946] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22
[  419.361365][ T8946] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22
[  419.483078][ T5895] asix 4-1:0.251: probe with driver asix failed with error -71
[  419.689498][ T5895] usb 4-1: USB disconnect, device number 11
[  422.247211][   T24] usb 3-1: new high-speed USB device number 12 using dummy_hcd
[  422.759976][ T5821] Bluetooth: hci2: ISO packet for unknown connection handle 0
[  422.957875][   T24] usb 3-1: too many configurations: 65, using maximum allowed: 8
[  424.233503][   T24] usb 3-1: New USB device found, idVendor=046d, idProduct=08c1, bcdDevice=ee.8d
[  424.303584][   T24] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  424.771948][ T9000] xt_CT: You must specify a L4 protocol and not use inversions on it
[  424.869022][   T24] usb 3-1: can't set config #250, error -71
[  424.879597][   T24] usb 3-1: USB disconnect, device number 12
[  425.500531][ T9007] overlayfs: failed to clone upperpath
[  426.148041][ T5895] usb 2-1: new high-speed USB device number 12 using dummy_hcd
[  426.550777][ T5895] usb 2-1: Using ep0 maxpacket: 16
[  426.745997][ T5895] usb 2-1: config 0 has an invalid interface number: 251 but max is 0
[  427.447120][ T5895] usb 2-1: config 0 has no interface number 0
[  427.453292][ T5895] usb 2-1: config 0 interface 251 altsetting 0 bulk endpoint 0x4 has invalid maxpacket 16
[  427.600707][ T5895] usb 2-1: config 0 interface 251 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 64
[  427.640815][ T5895] usb 2-1: New USB device found, idVendor=0b95, idProduct=172a, bcdDevice=f7.f4
[  427.690869][ T5895] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  427.751210][ T5895] usb 2-1: Product: syz
[  427.755449][ T5895] usb 2-1: Manufacturer: syz
[  427.793046][ T5895] usb 2-1: SerialNumber: syz
[  427.824916][ T5895] usb 2-1: config 0 descriptor??
[  428.057463][ T9030] overlayfs: missing 'lowerdir'
[  428.530175][ T9010] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22
[  428.537645][ T9010] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22
[  428.777153][ T5821] Bluetooth: hci0: ISO packet for unknown connection handle 0
[  428.827701][ T9009] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22
[  428.835054][ T9009] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22
[  429.178671][ T5895] asix 2-1:0.251 (unnamed net_device) (uninitialized): Failed to read reg index 0x0000: -61
[  429.189337][ T5895] asix 2-1:0.251 (unnamed net_device) (uninitialized): Failed to read MAC address: -61
[  429.202198][ T5895] asix 2-1:0.251: probe with driver asix failed with error -5
[  430.751575][   T24] usb 2-1: USB disconnect, device number 12
[  431.174662][ T9055] netlink: 8 bytes leftover after parsing attributes in process `syz.4.911'.
[  431.174838][ T9055] netlink: 16 bytes leftover after parsing attributes in process `syz.4.911'.
[  433.284471][ T9045] syz.2.909 (9045): drop_caches: 2
[  435.223754][ T9079] overlayfs: missing 'lowerdir'
[  437.667389][ T5878] usb 5-1: new high-speed USB device number 12 using dummy_hcd
[  438.313526][ T5878] usb 5-1: config 199 has an invalid interface number: 224 but max is 3
[  438.379005][ T5878] usb 5-1: config 199 has an invalid descriptor of length 1, skipping remainder of the config
[  438.444430][ T5878] usb 5-1: config 199 has 1 interface, different from the descriptor's value: 4
[  438.467559][ T5878] usb 5-1: config 199 has no interface number 0
[  438.473982][ T5878] usb 5-1: config 199 interface 224 altsetting 5 has 0 endpoint descriptors, different from the interface descriptor's value: 15
[  438.570120][ T5878] usb 5-1: config 199 interface 224 has no altsetting 0
[  438.629927][ T9104] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  438.674529][ T5878] usb 5-1: New USB device found, idVendor=0424, idProduct=9505, bcdDevice= 2.63
[  438.683834][ T5878] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  438.709613][ T5878] usb 5-1: Product: █ӷ蛙퍟쓿柉⤸ꭼத馐א꾞
[  438.720648][ T5878] usb 5-1: Manufacturer: 㐁
[  438.736736][ T5878] usb 5-1: SerialNumber: ဇ
[  438.976855][ T9095] netlink: 18 bytes leftover after parsing attributes in process `syz.4.922'.
[  439.026464][ T5878] smsc95xx v2.0.0
[  439.037904][ T5878] smsc95xx 5-1:199.224 (unnamed net_device) (uninitialized): usbnet_get_endpoints failed: -22
[  439.060042][ T5878] smsc95xx 5-1:199.224: probe with driver smsc95xx failed with error -22
[  439.113842][ T5878] usb 5-1: USB disconnect, device number 12
[  439.895104][ T1298] ieee802154 phy0 wpan0: encryption failed: -22
[  439.901844][ T1298] ieee802154 phy1 wpan1: encryption failed: -22
[  440.408078][ T9136] xt_CT: You must specify a L4 protocol and not use inversions on it
[  441.905190][ T5821] Bluetooth: hci0: ISO packet for unknown connection handle 0
[  442.327856][ T9156] input: syz0 as /devices/virtual/input/input29
[  442.592745][ T9161] netlink: 'syz.2.941': attribute type 1 has an invalid length.
[  442.600647][ T9161] netlink: 'syz.2.941': attribute type 2 has an invalid length.
[  442.608897][ T9161] netlink: 4 bytes leftover after parsing attributes in process `syz.2.941'.
[  444.872813][ T9180] block nbd4: NBD_DISCONNECT
[  444.873359][ T9180] block nbd4: Send disconnect failed -22
[  444.874057][ T9171] block nbd4: Disconnected due to user request.
[  444.874100][ T9171] block nbd4: shutting down sockets
[  445.324886][ T9187] vhci_hcd vhci_hcd.0: pdev(2) rhport(0) sockfd(10)
[  445.324917][ T9187] vhci_hcd vhci_hcd.0: devid(0) speed(4) speed_str(wireless)
[  445.324993][ T9187] vhci_hcd vhci_hcd.0: Device attached
[  445.963990][ T9189] vhci_hcd: connection closed
[  445.964214][ T8909] vhci_hcd: stop threads
[  445.964244][ T8909] vhci_hcd: release socket
[  445.964260][ T8909] vhci_hcd: disconnect device
[  446.964302][ T5821] Bluetooth: hci2: ISO packet for unknown connection handle 0
[  448.402268][ T9208] loop6: detected capacity change from 0 to 524287999
[  448.414631][ T9208] buffer_io_error: 7 callbacks suppressed
[  448.414669][ T9208] Buffer I/O error on dev loop6, logical block 0, async page read
[  448.429385][ T9208] Buffer I/O error on dev loop6, logical block 0, async page read
[  448.438319][ T9208] Buffer I/O error on dev loop6, logical block 0, async page read
[  448.449173][ T9208] Buffer I/O error on dev loop6, logical block 0, async page read
[  448.463926][ T9208] Buffer I/O error on dev loop6, logical block 0, async page read
[  448.493612][ T9208] Buffer I/O error on dev loop6, logical block 0, async page read
[  448.505650][ T9208] Buffer I/O error on dev loop6, logical block 0, async page read
[  448.517904][ T9208] Buffer I/O error on dev loop6, logical block 0, async page read
[  448.527065][ T9208] ldm_validate_partition_table(): Disk read failed.
[  448.535582][ T9208] Buffer I/O error on dev loop6, logical block 0, async page read
[  448.546675][ T9208] Buffer I/O error on dev loop6, logical block 0, async page read
[  448.558728][ T9208] Dev loop6: unable to read RDB block 0
[  448.568646][ T9208]  loop6: unable to read partition table
[  448.576764][ T9208] loop_reread_partitions: partition scan of loop6 (3��x��C�

) failed (rc=-5)
[  449.182744][ T9213] netlink: 'syz.4.955': attribute type 1 has an invalid length.
[  449.190607][ T9213] netlink: 'syz.4.955': attribute type 2 has an invalid length.
[  449.198825][ T9213] netlink: 4 bytes leftover after parsing attributes in process `syz.4.955'.
[  449.848035][ T9217] tipc: Enabling of bearer <eth:syzkaller0> rejected, failed to enable media
[  450.447855][ T9220] netlink: 56 bytes leftover after parsing attributes in process `syz.2.958'.
[  451.101965][ T9229] 9pnet_fd: Insufficient options for proto=fd
[  452.180364][ T9237] vhci_hcd vhci_hcd.0: pdev(4) rhport(0) sockfd(10)
[  452.187045][ T9237] vhci_hcd vhci_hcd.0: devid(0) speed(4) speed_str(wireless)
[  452.194645][ T9237] vhci_hcd vhci_hcd.0: Device attached
[  452.771517][ T9240] vhci_hcd: connection closed
[  452.781747][ T3523] vhci_hcd: stop threads
[  452.908994][ T3523] vhci_hcd: release socket
[  453.181847][ T5821] Bluetooth: hci4: ISO packet for unknown connection handle 0
[  453.424189][ T3523] vhci_hcd: disconnect device
[  453.706778][ T9248] sctp: [Deprecated]: syz.1.964 (pid 9248) Use of struct sctp_assoc_value in delayed_ack socket option.
[  453.706778][ T9248] Use struct sctp_sack_info instead
[  453.819605][ T9248] sctp: [Deprecated]: syz.1.964 (pid 9248) Use of struct sctp_assoc_value in delayed_ack socket option.
[  453.819605][ T9248] Use struct sctp_sack_info instead
[  454.597099][ T9259] netlink: 'syz.4.969': attribute type 1 has an invalid length.
[  454.604832][ T9259] netlink: 'syz.4.969': attribute type 2 has an invalid length.
[  454.613333][ T9259] netlink: 4 bytes leftover after parsing attributes in process `syz.4.969'.
[  456.898610][ T9278] bond0: entered promiscuous mode
[  456.903722][ T9278] bond_slave_0: entered promiscuous mode
[  456.917508][ T9278] bond_slave_1: entered promiscuous mode
[  456.994830][ T9278] 8021q: adding VLAN 0 to HW filter on device macvlan2
[  457.231842][ T9278] bond0: left promiscuous mode
[  457.236691][ T9278] bond_slave_0: left promiscuous mode
[  457.447414][ T9278] bond_slave_1: left promiscuous mode
[  457.676329][ T9293] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(10)
[  457.683014][ T9293] vhci_hcd vhci_hcd.0: devid(0) speed(4) speed_str(wireless)
[  457.690673][ T9293] vhci_hcd vhci_hcd.0: Device attached
[  458.326861][ T9294] vhci_hcd: connection closed
[  458.367151][   T53] vhci_hcd: stop threads
[  458.437168][   T53] vhci_hcd: release socket
[  458.462979][   T53] vhci_hcd: disconnect device
[  458.501759][ T5878] vhci_hcd: vhci_device speed not set
[  458.878493][ T5821] Bluetooth: hci0: ISO packet for unknown connection handle 0
[  460.385517][ T9309] sctp: [Deprecated]: syz.0.981 (pid 9309) Use of struct sctp_assoc_value in delayed_ack socket option.
[  460.385517][ T9309] Use struct sctp_sack_info instead
[  460.402256][ T9309] sctp: [Deprecated]: syz.0.981 (pid 9309) Use of struct sctp_assoc_value in delayed_ack socket option.
[  460.402256][ T9309] Use struct sctp_sack_info instead
[  460.722883][ T9313] netlink: 'syz.0.982': attribute type 1 has an invalid length.
[  460.730815][ T9313] netlink: 'syz.0.982': attribute type 2 has an invalid length.
[  460.740384][ T9313] netlink: 4 bytes leftover after parsing attributes in process `syz.0.982'.
[  462.647257][ T5878] usb 3-1: new high-speed USB device number 13 using dummy_hcd
[  462.818381][ T5878] usb 3-1: Using ep0 maxpacket: 16
[  462.843762][ T5878] usb 3-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xF3, changing to 0x83
[  462.890938][ T5878] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7
[  462.923088][ T5878] usb 3-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1
[  462.952970][ T5878] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  462.969815][ T9332] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  462.989945][ T9332] tipc: Resetting bearer <eth:syzkaller0>
[  463.002684][ T5878] usb 3-1: Product: syz
[  463.008893][ T9331] tipc: Disabling bearer <eth:syzkaller0>
[  463.014887][ T5878] usb 3-1: Manufacturer: syz
[  463.025137][ T5878] usb 3-1: SerialNumber: syz
[  463.046214][ T5878] usb 3-1: config 0 descriptor??
[  463.214591][ T5878] em28xx 3-1:0.0: New device syz syz @ 480 Mbps (2040:0264, interface 0, class 0)
[  463.232416][ T5878] em28xx 3-1:0.0: Audio interface 0 found (Vendor Class)
[  463.262406][ T5821] Bluetooth: hci2: ISO packet for unknown connection handle 0
[  463.474965][ T9339] netlink: 'syz.0.993': attribute type 1 has an invalid length.
[  463.482968][ T9339] netlink: 'syz.0.993': attribute type 2 has an invalid length.
[  463.490776][ T9339] netlink: 4 bytes leftover after parsing attributes in process `syz.0.993'.
[  463.621677][ T9343] netlink: 12 bytes leftover after parsing attributes in process `syz.0.995'.
[  463.714739][ T5878] em28xx 3-1:0.0: unknown em28xx chip ID (0)
[  463.722084][ T5878] em28xx 3-1:0.0: Config register raw data: 0xfffffffb
[  463.807921][ T5930] usb 2-1: new full-speed USB device number 13 using dummy_hcd
[  463.988124][ T5930] usb 2-1: too many configurations: 98, using maximum allowed: 8
[  464.010389][ T5930] usb 2-1: unable to read config index 0 descriptor/start: -61
[  464.021539][ T5930] usb 2-1: can't read configurations, error -61
[  464.377401][ T9349] bio_check_eod: 2 callbacks suppressed
[  464.377452][ T9349] syz.4.996: attempt to access beyond end of device
[  464.377452][ T9349] loop0: rw=2048, sector=0, nr_sectors = 8 limit=0
[  465.094694][ T5930] usb 2-1: new full-speed USB device number 14 using dummy_hcd
[  465.133451][ T5878] em28xx 3-1:0.0: Unknown AC97 audio processor detected!
[  465.149150][ T9327] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  465.318864][ T9327] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  465.337384][ T5930] usb 2-1: too many configurations: 98, using maximum allowed: 8
[  465.404816][ T5930] usb 2-1: unable to read config index 0 descriptor/start: -61
[  465.463320][ T5930] usb 2-1: can't read configurations, error -61
[  465.617801][ T5930] usb usb2-port1: attempt power cycle
[  465.979876][ T9358] NILFS (nbd3): device size too small
[  466.458675][ T5878] em28xx 3-1:0.0: couldn't setup AC97 register 2
[  466.471547][ T5878] em28xx 3-1:0.0: couldn't setup AC97 register 4
[  466.482312][ T5878] em28xx 3-1:0.0: couldn't setup AC97 register 6
[  466.508076][ T5878] em28xx 3-1:0.0: couldn't setup AC97 register 54
[  466.592387][ T5878] em28xx 3-1:0.0: couldn't setup AC97 register 56
[  466.734757][ T5878] usb 3-1: USB disconnect, device number 13
[  468.551713][ T5821] Bluetooth: hci4: ISO packet for unknown connection handle 0
[  469.583008][ T5821] Bluetooth: hci4: ISO packet for unknown connection handle 0
[  471.563972][ T9416] xt_hashlimit: max too large, truncated to 1048576
[  471.630758][ T9416] No such timeout policy "syz1"
[  474.167049][ T5821] Bluetooth: hci0: ISO packet for unknown connection handle 0
[  476.546573][   T30] audit: type=1326 audit(1747525066.676:73): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9456 comm="syz.1.1030" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f3f86d8e969 code=0x0
[  476.825430][ T9465] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1030'.
[  476.887204][ T9465] netlink: 16 bytes leftover after parsing attributes in process `syz.1.1030'.
[  477.201682][ T9468] netlink: 24 bytes leftover after parsing attributes in process `syz.3.1033'.
[  478.665801][ T5821] Bluetooth: hci0: ISO packet for unknown connection handle 0
[  479.622836][ T9496] netlink: 'syz.0.1043': attribute type 1 has an invalid length.
[  479.630662][ T9496] netlink: 'syz.0.1043': attribute type 2 has an invalid length.
[  479.638478][ T9496] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1043'.
[  480.219433][ T5930] usb 3-1: new high-speed USB device number 14 using dummy_hcd
[  480.547662][ T5930] usb 3-1: Using ep0 maxpacket: 8
[  480.565036][ T5930] usb 3-1: config 2 has an invalid interface number: 31 but max is 0
[  480.583143][ T5930] usb 3-1: config 2 has no interface number 0
[  480.596517][ T5930] usb 3-1: config 2 interface 31 has no altsetting 0
[  480.622782][ T5930] usb 3-1: New USB device found, idVendor=1a86, idProduct=e092, bcdDevice=53.3f
[  480.664746][ T5930] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  480.687833][ T5930] usb 3-1: Product: syz
[  480.703515][ T5930] usb 3-1: Manufacturer: syz
[  480.717254][ T5930] usb 3-1: SerialNumber: syz
[  480.772779][ T5930] ch9200 3-1:2.31: probe with driver ch9200 failed with error -22
[  480.976119][   T24] usb 3-1: USB disconnect, device number 14
[  482.603012][ T9528] 9pnet_fd: Insufficient options for proto=fd
[  483.646502][ T5831] Bluetooth: hci3: Received unexpected HCI Event 0x00
[  483.729925][ T9531] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1053'.
[  484.757759][ T9545] usb usb8: usbfs: process 9545 (syz.4.1057) did not claim interface 0 before use
[  485.562657][ T9552] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1062'.
[  485.577313][ T5821] Bluetooth: hci5: Opcode 0x1003 failed: -110
[  486.027540][ T5873] usb 3-1: new high-speed USB device number 15 using dummy_hcd
[  486.473123][ T5831] Bluetooth: hci1: ISO packet for unknown connection handle 0
[  486.557483][ T5873] usb 3-1: Using ep0 maxpacket: 8
[  486.564911][ T5873] usb 3-1: config 2 has an invalid interface number: 31 but max is 0
[  486.586541][ T5873] usb 3-1: config 2 has no interface number 0
[  486.600520][ T5831] Bluetooth: hci2: ISO packet for unknown connection handle 0
[  486.618530][ T5873] usb 3-1: config 2 interface 31 has no altsetting 0
[  486.648137][ T5873] usb 3-1: New USB device found, idVendor=1a86, idProduct=e092, bcdDevice=53.3f
[  486.662499][ T5873] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  486.672083][ T5873] usb 3-1: Product: syz
[  486.683840][ T5873] usb 3-1: Manufacturer: syz
[  486.691700][ T5873] usb 3-1: SerialNumber: syz
[  486.759752][ T5873] ch9200 3-1:2.31: probe with driver ch9200 failed with error -22
[  486.945454][ T5878] usb 3-1: USB disconnect, device number 15
[  487.357794][ T9579] sctp: [Deprecated]: syz.1.1070 (pid 9579) Use of struct sctp_assoc_value in delayed_ack socket option.
[  487.357794][ T9579] Use struct sctp_sack_info instead
[  487.358264][ T9579] sctp: [Deprecated]: syz.1.1070 (pid 9579) Use of struct sctp_assoc_value in delayed_ack socket option.
[  487.358264][ T9579] Use struct sctp_sack_info instead
[  488.647254][ T9586] sctp: [Deprecated]: syz.4.1072 (pid 9586) Use of struct sctp_assoc_value in delayed_ack socket option.
[  488.647254][ T9586] Use struct sctp_sack_info instead
[  488.664767][ T9586] sctp: [Deprecated]: syz.4.1072 (pid 9586) Use of struct sctp_assoc_value in delayed_ack socket option.
[  488.664767][ T9586] Use struct sctp_sack_info instead
[  489.107553][ T9596] x_tables: ip6_tables: sctp match: only valid for protocol 132
[  491.257851][ T5831] Bluetooth: hci3: Received unexpected HCI Event 0x00
[  491.737218][ T9621] sctp: [Deprecated]: syz.1.1084 (pid 9621) Use of struct sctp_assoc_value in delayed_ack socket option.
[  491.737218][ T9621] Use struct sctp_sack_info instead
[  491.759742][ T9621] sctp: [Deprecated]: syz.1.1084 (pid 9621) Use of struct sctp_assoc_value in delayed_ack socket option.
[  491.759742][ T9621] Use struct sctp_sack_info instead
[  492.479039][   T30] audit: type=1326 audit(1747525082.616:74): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9633 comm="syz.3.1091" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa3ac38e969 code=0x7ffc0000
[  492.602312][   T30] audit: type=1326 audit(1747525082.616:75): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9633 comm="syz.3.1091" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa3ac38e969 code=0x7ffc0000
[  492.637145][   T30] audit: type=1326 audit(1747525082.636:76): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9633 comm="syz.3.1091" exe="/root/syz-executor" sig=0 arch=c000003e syscall=126 compat=0 ip=0x7fa3ac38e969 code=0x7ffc0000
[  493.487208][   T30] audit: type=1326 audit(1747525082.636:77): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9633 comm="syz.3.1091" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa3ac38e969 code=0x7ffc0000
[  493.513468][   T30] audit: type=1326 audit(1747525082.636:78): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9633 comm="syz.3.1091" exe="/root/syz-executor" sig=0 arch=c000003e syscall=157 compat=0 ip=0x7fa3ac38e969 code=0x7ffc0000
[  493.547252][   T30] audit: type=1326 audit(1747525082.766:79): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9633 comm="syz.3.1091" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa3ac38e969 code=0x7ffc0000
[  493.582563][   T30] audit: type=1326 audit(1747525082.766:80): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9633 comm="syz.3.1091" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa3ac38e969 code=0x7ffc0000
[  493.701921][   T30] audit: type=1326 audit(1747525082.766:81): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9633 comm="syz.3.1091" exe="/root/syz-executor" sig=0 arch=c000003e syscall=223 compat=0 ip=0x7fa3ac38e969 code=0x7ffc0000
[  493.817688][   T30] audit: type=1326 audit(1747525082.766:82): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9633 comm="syz.3.1091" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7fa3ac32ab39 code=0x7ffc0000
[  493.839575][   T30] audit: type=1326 audit(1747525082.766:83): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9633 comm="syz.3.1091" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7fa3ac32ab39 code=0x7ffc0000
[  494.093443][ T9653] x_tables: ip6_tables: sctp match: only valid for protocol 132
[  495.007893][ T9666] sctp: [Deprecated]: syz.1.1099 (pid 9666) Use of struct sctp_assoc_value in delayed_ack socket option.
[  495.007893][ T9666] Use struct sctp_sack_info instead
[  495.462343][ T9668] netlink: 24 bytes leftover after parsing attributes in process `syz.4.1097'.
[  496.247088][    T9] usb 4-1: new high-speed USB device number 12 using dummy_hcd
[  496.459610][    T9] usb 4-1: config 0 has an invalid interface number: 235 but max is 0
[  496.474847][    T9] usb 4-1: config 0 has no interface number 0
[  496.502341][    T9] usb 4-1: config 0 interface 235 altsetting 0 bulk endpoint 0x87 has invalid maxpacket 1024
[  498.340605][    T9] usb 4-1: New USB device found, idVendor=eb1a, idProduct=2800, bcdDevice=8c.f6
[  498.392002][    T9] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  498.397156][   T24] usb 3-1: new high-speed USB device number 16 using dummy_hcd
[  498.514038][ T9692] x_tables: ip6_tables: sctp match: only valid for protocol 132
[  498.526936][    T9] usb 4-1: Product: syz
[  498.607324][   T24] usb 3-1: Using ep0 maxpacket: 16
[  498.627540][    T9] usb 4-1: Manufacturer: syz
[  498.641020][   T24] usb 3-1: config 0 has an invalid interface number: 251 but max is 0
[  498.649287][    T9] usb 4-1: SerialNumber: syz
[  498.652552][    T9] usb 4-1: config 0 descriptor??
[  498.726904][   T24] usb 3-1: config 0 has no interface number 0
[  498.743851][ T9670] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22
[  498.817550][   T24] usb 3-1: config 0 interface 251 altsetting 0 bulk endpoint 0x4 has invalid maxpacket 16
[  498.922935][   T24] usb 3-1: config 0 interface 251 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 64
[  499.039836][   T24] usb 3-1: New USB device found, idVendor=0b95, idProduct=172a, bcdDevice=f7.f4
[  499.065551][   T24] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  499.083690][   T24] usb 3-1: Product: syz
[  499.247073][   T24] usb 3-1: Manufacturer: syz
[  499.251741][   T24] usb 3-1: SerialNumber: syz
[  499.295550][   T24] usb 3-1: config 0 descriptor??
[  499.301373][    T9] usb 4-1: USB disconnect, device number 12
[  499.339558][   T24] usb 3-1: can't set config #0, error -71
[  499.377861][   T24] usb 3-1: USB disconnect, device number 16
[  499.691623][ T5831] Bluetooth: hci4: ISO packet for unknown connection handle 0
[  499.711402][ T9707] loop6: detected capacity change from 0 to 524287999
[  499.739920][ T6049] buffer_io_error: 7 callbacks suppressed
[  499.739941][ T6049] Buffer I/O error on dev loop6, logical block 0, async page read
[  499.837519][ T6049] Buffer I/O error on dev loop6, logical block 0, async page read
[  499.888417][ T6049] Buffer I/O error on dev loop6, logical block 0, async page read
[  499.923129][ T6049] Buffer I/O error on dev loop6, logical block 0, async page read
[  499.966648][ T9712] netlink: 24 bytes leftover after parsing attributes in process `syz.0.1115'.
[  499.980295][ T6049] Buffer I/O error on dev loop6, logical block 0, async page read
[  500.030227][ T6049] Buffer I/O error on dev loop6, logical block 0, async page read
[  500.048789][ T6049] Buffer I/O error on dev loop6, logical block 0, async page read
[  500.085475][ T6049] Buffer I/O error on dev loop6, logical block 0, async page read
[  500.113842][ T6049] ldm_validate_partition_table(): Disk read failed.
[  500.148207][ T6049] Buffer I/O error on dev loop6, logical block 0, async page read
[  500.157177][ T6049] Buffer I/O error on dev loop6, logical block 0, async page read
[  500.170562][ T6049] Dev loop6: unable to read RDB block 0
[  500.186387][ T6049]  loop6: unable to read partition table
[  500.205109][ T9714] sctp: [Deprecated]: syz.0.1116 (pid 9714) Use of struct sctp_assoc_value in delayed_ack socket option.
[  500.205109][ T9714] Use struct sctp_sack_info instead
[  500.393779][ T9707] ldm_validate_partition_table(): Disk read failed.
[  500.427604][ T9707] Dev loop6: unable to read RDB block 0
[  500.490418][ T9707]  loop6: unable to read partition table
[  500.532413][ T9707] loop_reread_partitions: partition scan of loop6 (3��x��C�

) failed (rc=-5)
[  501.277696][ T9725] xt_CT: You must specify a L4 protocol and not use inversions on it
[  501.331620][ T1298] ieee802154 phy0 wpan0: encryption failed: -22
[  501.344182][ T1298] ieee802154 phy1 wpan1: encryption failed: -22
[  502.276567][ T9730] 9pnet_fd: Insufficient options for proto=fd
[  504.834313][ T9743] netlink: 24 bytes leftover after parsing attributes in process `syz.4.1126'.
[  505.646750][ T9753] sctp: [Deprecated]: syz.1.1129 (pid 9753) Use of struct sctp_assoc_value in delayed_ack socket option.
[  505.646750][ T9753] Use struct sctp_sack_info instead
[  507.254940][ T5831] Bluetooth: hci3: Received unexpected HCI Event 0x00
[  508.062498][ T9774] overlayfs: missing 'lowerdir'
[  508.152167][ T9775] 9pnet_fd: Insufficient options for proto=fd
[  509.040191][ T9785] loop6: detected capacity change from 0 to 524287999
[  509.048998][ T9785] buffer_io_error: 23 callbacks suppressed
[  509.049038][ T9785] Buffer I/O error on dev loop6, logical block 0, async page read
[  509.064239][ T9785] Buffer I/O error on dev loop6, logical block 0, async page read
[  509.160973][ T9785] Buffer I/O error on dev loop6, logical block 0, async page read
[  509.722994][ T9785] Buffer I/O error on dev loop6, logical block 0, async page read
[  509.777854][ T9785] Buffer I/O error on dev loop6, logical block 0, async page read
[  509.806378][ T9785] Buffer I/O error on dev loop6, logical block 0, async page read
[  509.870936][ T9785] Buffer I/O error on dev loop6, logical block 0, async page read
[  509.935178][ T9785] Buffer I/O error on dev loop6, logical block 0, async page read
[  509.960337][ T9785] ldm_validate_partition_table(): Disk read failed.
[  509.974181][ T9785] Buffer I/O error on dev loop6, logical block 0, async page read
[  509.995608][ T9785] Buffer I/O error on dev loop6, logical block 0, async page read
[  510.191672][ T9785] Dev loop6: unable to read RDB block 0
[  510.243725][ T9785]  loop6: unable to read partition table
[  510.267452][ T9785] loop_reread_partitions: partition scan of loop6 (3��x��C�

) failed (rc=-5)
[  510.417226][    T9] usb 3-1: new high-speed USB device number 17 using dummy_hcd
[  510.629363][    T9] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  510.647268][    T9] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  510.677094][    T9] usb 3-1: New USB device found, idVendor=1e7d, idProduct=319c, bcdDevice= 0.00
[  510.703443][    T9] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  510.745667][    T9] usb 3-1: config 0 descriptor??
[  511.180628][ T9795] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  511.217451][ T9795] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  511.282381][    T9] isku 0003:1E7D:319C.0001: unknown main item tag 0x0
[  511.331173][    T9] isku 0003:1E7D:319C.0001: unknown main item tag 0x0
[  511.418937][    T9] isku 0003:1E7D:319C.0001: unknown main item tag 0x0
[  511.456603][    T9] isku 0003:1E7D:319C.0001: unknown main item tag 0x0
[  511.476812][    T9] isku 0003:1E7D:319C.0001: unknown main item tag 0x0
[  511.503365][    T9] isku 0003:1E7D:319C.0001: unknown main item tag 0x0
[  511.763063][    T9] isku 0003:1E7D:319C.0001: unknown main item tag 0x0
[  511.871636][ T9810] 9pnet_fd: Insufficient options for proto=fd
[  512.430599][    T9] isku 0003:1E7D:319C.0001: hidraw0: USB HID v0.00 Device [HID 1e7d:319c] on usb-dummy_hcd.2-1/input0
[  512.948265][ T5831] Bluetooth: hci1: ISO packet for unknown connection handle 0
[  513.645766][    T9] isku 0003:1E7D:319C.0001: couldn't init struct isku_device
[  513.681070][    T9] isku 0003:1E7D:319C.0001: couldn't install keyboard
[  513.729429][    T9] isku 0003:1E7D:319C.0001: probe with driver isku failed with error -71
[  513.819677][    T9] usb 3-1: USB disconnect, device number 17
[  514.173381][ T9828] xt_CT: You must specify a L4 protocol and not use inversions on it
[  514.277964][ T9825] netlink: 24 bytes leftover after parsing attributes in process `syz.1.1147'.
[  514.641930][ T9815] fido_id[9815]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.2/usb3/3-1/report_descriptor': No such file or directory
[  514.837942][ T9830] mmap: syz.2.1148 (9830) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst.
[  516.109106][ T9843] xt_CT: You must specify a L4 protocol and not use inversions on it
[  517.032540][ T9849] Invalid logical block size (17746)
[  517.767093][ T9859] 9pnet_fd: Insufficient options for proto=fd
[  520.093111][ T9877] netlink: 24 bytes leftover after parsing attributes in process `syz.3.1161'.
[  521.267161][ T7847] usb 4-1: new high-speed USB device number 13 using dummy_hcd
[  521.457156][ T7847] usb 4-1: Using ep0 maxpacket: 16
[  521.498937][ T7847] usb 4-1: config 0 has an invalid interface number: 251 but max is 0
[  521.597033][ T7847] usb 4-1: config 0 has no interface number 0
[  521.603281][ T7847] usb 4-1: config 0 interface 251 altsetting 0 bulk endpoint 0x4 has invalid maxpacket 16
[  521.644850][ T7847] usb 4-1: config 0 interface 251 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 64
[  521.712431][ T7847] usb 4-1: New USB device found, idVendor=0b95, idProduct=172a, bcdDevice=f7.f4
[  521.757100][ T7847] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  521.785516][ T7847] usb 4-1: Product: syz
[  521.805790][ T7847] usb 4-1: Manufacturer: syz
[  521.830919][ T7847] usb 4-1: SerialNumber: syz
[  521.862302][ T7847] usb 4-1: config 0 descriptor??
[  521.888081][ T9882] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22
[  521.895670][ T9882] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22
[  522.116896][ T9881] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22
[  522.124340][ T9881] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22
[  522.334220][ T7847] asix 4-1:0.251 (unnamed net_device) (uninitialized): Failed to read reg index 0x0000: -61
[  522.399346][ T7847] asix 4-1:0.251 (unnamed net_device) (uninitialized): Failed to read MAC address: -61
[  522.444633][ T7847] asix 4-1:0.251: probe with driver asix failed with error -5
[  523.633713][ T7847] usb 4-1: USB disconnect, device number 13
[  524.216393][    C0] vkms_vblank_simulate: vblank timer overrun
[  525.904481][ T9917] netlink: 24 bytes leftover after parsing attributes in process `syz.3.1172'.
[  528.141056][ T9943] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  528.647294][ T7847] usb 5-1: new high-speed USB device number 13 using dummy_hcd
[  528.898706][ T9938] tipc: Disabling bearer <eth:syzkaller0>
[  528.947528][ T7847] usb 5-1: Using ep0 maxpacket: 16
[  528.970060][ T7847] usb 5-1: config 0 has an invalid interface number: 251 but max is 0
[  528.992265][ T7847] usb 5-1: config 0 has no interface number 0
[  529.011736][ T7847] usb 5-1: config 0 interface 251 altsetting 0 bulk endpoint 0x4 has invalid maxpacket 16
[  529.058020][ T7847] usb 5-1: config 0 interface 251 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 64
[  529.272877][ T7847] usb 5-1: New USB device found, idVendor=0b95, idProduct=172a, bcdDevice=f7.f4
[  529.327414][ T7847] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  529.389790][ T7847] usb 5-1: Product: syz
[  529.394245][ T7847] usb 5-1: Manufacturer: syz
[  529.429969][ T7847] usb 5-1: SerialNumber: syz
[  529.598461][ T7847] usb 5-1: config 0 descriptor??
[  529.626212][ T9951] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22
[  529.633700][ T9951] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22
[  529.854028][ T9950] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22
[  529.862207][ T9950] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22
[  530.135539][ T9965] sctp: [Deprecated]: syz.1.1180 (pid 9965) Use of struct sctp_assoc_value in delayed_ack socket option.
[  530.135539][ T9965] Use struct sctp_sack_info instead
[  530.152290][ T7847] asix 5-1:0.251 (unnamed net_device) (uninitialized): Failed to read reg index 0x0000: -61
[  530.164141][ T7847] asix 5-1:0.251 (unnamed net_device) (uninitialized): Failed to read MAC address: -61
[  530.169026][ T7847] asix 5-1:0.251: probe with driver asix failed with error -5
[  530.890068][ T9965] sctp: [Deprecated]: syz.1.1180 (pid 9965) Use of struct sctp_assoc_value in delayed_ack socket option.
[  530.890068][ T9965] Use struct sctp_sack_info instead
[  531.547215][ T9969] binder: 9962:9969 ioctl c0306201 2000000003c0 returned -14
[  531.547808][ T9969] binder_alloc: 9962: binder_alloc_buf, no vma
[  531.989148][ T7847] usb 5-1: USB disconnect, device number 13
[  532.409878][ T9974] ieee802154 phy0 wpan0: encryption failed: -22
[  534.279311][ T9989] netlink: 24 bytes leftover after parsing attributes in process `syz.4.1187'.
[  535.242429][ T9993] hpfs: Bad magic ... probably not HPFS
[  535.467942][T10002] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1191'.
[  536.382940][T10014] binder: 10013:10014 ioctl 6611 0 returned -22
[  537.258299][T10023] NILFS (nbd1): device size too small
[  540.863059][T10053] netlink: 24 bytes leftover after parsing attributes in process `syz.1.1208'.
[  541.442336][   T30] kauditd_printk_skb: 173 callbacks suppressed
[  541.442360][   T30] audit: type=1326 audit(1747525131.576:257): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10056 comm="syz.3.1211" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa3ac38e969 code=0x7ffc0000
[  541.521035][   T30] audit: type=1326 audit(1747525131.576:258): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10056 comm="syz.3.1211" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa3ac38e969 code=0x7ffc0000
[  541.649816][   T30] audit: type=1326 audit(1747525131.676:259): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10056 comm="syz.3.1211" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7fa3ac38e969 code=0x7ffc0000
[  541.722829][   T30] audit: type=1326 audit(1747525131.676:260): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10056 comm="syz.3.1211" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa3ac38e969 code=0x7ffc0000
[  542.133044][T10070] pimreg: entered allmulticast mode
[  542.788963][   T30] audit: type=1326 audit(1747525131.676:261): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10056 comm="syz.3.1211" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa3ac38e969 code=0x7ffc0000
[  542.993393][   T30] audit: type=1326 audit(1747525131.676:262): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10056 comm="syz.3.1211" exe="/root/syz-executor" sig=0 arch=c000003e syscall=157 compat=0 ip=0x7fa3ac38e969 code=0x7ffc0000
[  543.063377][   T30] audit: type=1326 audit(1747525131.826:263): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10056 comm="syz.3.1211" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa3ac38e969 code=0x7ffc0000
[  543.204728][   T30] audit: type=1326 audit(1747525131.826:264): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10056 comm="syz.3.1211" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa3ac38e969 code=0x7ffc0000
[  546.608542][T10101] netlink: 'syz.4.1224': attribute type 11 has an invalid length.
[  546.751531][T10108] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1224'.
[  547.748988][ T7847] libceph: connect (1)[c::]:6789 error -101
[  548.216808][ T7847] libceph: mon0 (1)[c::]:6789 connect error
[  548.493945][ T5895] libceph: connect (1)[c::]:6789 error -101
[  548.532006][ T5895] libceph: mon0 (1)[c::]:6789 connect error
[  549.059340][ T5895] libceph: connect (1)[c::]:6789 error -101
[  549.076443][ T5895] libceph: mon0 (1)[c::]:6789 connect error
[  549.289420][T10106] ceph: No mds server is up or the cluster is laggy
[  550.055143][T10153] xt_CT: You must specify a L4 protocol and not use inversions on it
[  551.375427][T10177] FAULT_INJECTION: forcing a failure.
[  551.375427][T10177] name fail_usercopy, interval 1, probability 0, space 0, times 1
[  551.389284][T10177] CPU: 0 UID: 0 PID: 10177 Comm: syz.1.1246 Not tainted 6.15.0-rc6-syzkaller-00278-g172a9d94339c #0 PREEMPT(full) 
[  551.389323][T10177] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  551.389344][T10177] Call Trace:
[  551.389357][T10177]  <TASK>
[  551.389370][T10177]  dump_stack_lvl+0x189/0x250
[  551.389406][T10177]  ? __lock_acquire+0xaac/0xd20
[  551.389439][T10177]  ? __pfx_dump_stack_lvl+0x10/0x10
[  551.389469][T10177]  ? __pfx__printk+0x10/0x10
[  551.389503][T10177]  ? __might_fault+0xb0/0x130
[  551.389549][T10177]  should_fail_ex+0x414/0x560
[  551.389579][T10177]  _copy_from_iter+0x1db/0x15a0
[  551.389616][T10177]  ? trace_kmem_cache_alloc+0x1f/0xc0
[  551.389647][T10177]  ? kmem_cache_alloc_node_noprof+0x217/0x3c0
[  551.389683][T10177]  ? __pfx__copy_from_iter+0x10/0x10
[  551.389713][T10177]  ? __build_skb_around+0x257/0x3e0
[  551.389745][T10177]  ? netlink_sendmsg+0x642/0xb30
[  551.389770][T10177]  ? skb_put+0x11b/0x210
[  551.389802][T10177]  netlink_sendmsg+0x6b2/0xb30
[  551.389826][T10177]  ? is_bpf_text_address+0x26/0x2b0
[  551.389866][T10177]  ? __pfx_netlink_sendmsg+0x10/0x10
[  551.389902][T10177]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  551.389926][T10177]  ? __pfx_netlink_sendmsg+0x10/0x10
[  551.389953][T10177]  __sock_sendmsg+0x219/0x270
[  551.389980][T10177]  ____sys_sendmsg+0x505/0x830
[  551.390017][T10177]  ? __pfx_____sys_sendmsg+0x10/0x10
[  551.390059][T10177]  ? import_iovec+0x74/0xa0
[  551.390094][T10177]  ___sys_sendmsg+0x21f/0x2a0
[  551.390154][T10177]  ? __pfx____sys_sendmsg+0x10/0x10
[  551.390226][T10177]  ? __fget_files+0x2a/0x420
[  551.390246][T10177]  ? __fget_files+0x3a0/0x420
[  551.390280][T10177]  __x64_sys_sendmsg+0x19b/0x260
[  551.390320][T10177]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  551.390371][T10177]  ? do_syscall_64+0xba/0x210
[  551.390406][T10177]  do_syscall_64+0xf6/0x210
[  551.390435][T10177]  ? clear_bhb_loop+0x60/0xb0
[  551.390463][T10177]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  551.390485][T10177] RIP: 0033:0x7f3f86d8e969
[  551.390514][T10177] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  551.390534][T10177] RSP: 002b:00007f3f87b55038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  551.390557][T10177] RAX: ffffffffffffffda RBX: 00007f3f86fb5fa0 RCX: 00007f3f86d8e969
[  551.390574][T10177] RDX: 0000000000000000 RSI: 0000200000000900 RDI: 0000000000000006
[  551.390588][T10177] RBP: 00007f3f87b55090 R08: 0000000000000000 R09: 0000000000000000
[  551.390602][T10177] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  551.390615][T10177] R13: 0000000000000000 R14: 00007f3f86fb5fa0 R15: 00007fff079b8868
[  551.390649][T10177]  </TASK>
[  552.964194][T10199] xt_CT: You must specify a L4 protocol and not use inversions on it
[  554.119690][T10205] 9pnet_fd: Insufficient options for proto=fd
[  554.130855][T10205] netlink: 'syz.3.1253': attribute type 10 has an invalid length.
[  554.138882][T10205] netlink: 40 bytes leftover after parsing attributes in process `syz.3.1253'.
[  554.992321][T10205] batadv0: entered promiscuous mode
[  554.999571][T10205] batadv0: entered allmulticast mode
[  555.010425][T10205] A link change request failed with some changes committed already. Interface batadv0 may have been left with an inconsistent configuration, please check.
[  555.723131][T10210] loop6: detected capacity change from 0 to 524287999
[  555.730516][T10210] buffer_io_error: 7 callbacks suppressed
[  555.730528][T10210] Buffer I/O error on dev loop6, logical block 0, async page read
[  555.744212][T10210] Buffer I/O error on dev loop6, logical block 0, async page read
[  555.752180][T10210] Buffer I/O error on dev loop6, logical block 0, async page read
[  555.760178][T10210] Buffer I/O error on dev loop6, logical block 0, async page read
[  555.769560][T10210] Buffer I/O error on dev loop6, logical block 0, async page read
[  555.777533][T10210] Buffer I/O error on dev loop6, logical block 0, async page read
[  555.785451][T10210] Buffer I/O error on dev loop6, logical block 0, async page read
[  555.793439][T10210] Buffer I/O error on dev loop6, logical block 0, async page read
[  555.801351][T10210] ldm_validate_partition_table(): Disk read failed.
[  555.808058][T10210] Buffer I/O error on dev loop6, logical block 0, async page read
[  555.816013][T10210] Buffer I/O error on dev loop6, logical block 0, async page read
[  555.824087][T10210] Dev loop6: unable to read RDB block 0
[  555.830062][T10210]  loop6: unable to read partition table
[  555.835870][T10210] loop_reread_partitions: partition scan of loop6 (3��x��C�

) failed (rc=-5)
[  557.617785][T10232] 9pnet_fd: Insufficient options for proto=fd
[  559.119862][T10247] xt_CT: You must specify a L4 protocol and not use inversions on it
[  559.219778][T10248] netlink: 24 bytes leftover after parsing attributes in process `syz.1.1264'.
[  559.947262][   T30] audit: type=1326 audit(1747525150.076:265): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10252 comm="syz.0.1266" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f78bab8e969 code=0x7ffc0000
[  560.146167][   T30] audit: type=1326 audit(1747525150.106:266): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10252 comm="syz.0.1266" exe="/root/syz-executor" sig=0 arch=c000003e syscall=326 compat=0 ip=0x7f78bab8e969 code=0x7ffc0000
[  560.187465][   T30] audit: type=1326 audit(1747525150.106:267): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10252 comm="syz.0.1266" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f78bab8e969 code=0x7ffc0000
[  560.247599][   T30] audit: type=1326 audit(1747525150.106:268): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10252 comm="syz.0.1266" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f78bab8e969 code=0x7ffc0000
[  560.273825][   T30] audit: type=1326 audit(1747525150.106:269): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10252 comm="syz.0.1266" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f78bab8e969 code=0x7ffc0000
[  560.298485][   T30] audit: type=1326 audit(1747525150.106:270): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10252 comm="syz.0.1266" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f78bab8e969 code=0x7ffc0000
[  560.322960][   T30] audit: type=1326 audit(1747525150.106:271): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10252 comm="syz.0.1266" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f78bab8e969 code=0x7ffc0000
[  560.779785][   T30] audit: type=1326 audit(1747525150.106:272): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10252 comm="syz.0.1266" exe="/root/syz-executor" sig=0 arch=c000003e syscall=44 compat=0 ip=0x7f78bab8e969 code=0x7ffc0000
[  560.816037][   T30] audit: type=1326 audit(1747525150.106:273): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10252 comm="syz.0.1266" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f78bab8e969 code=0x7ffc0000
[  560.882518][   T30] audit: type=1326 audit(1747525150.106:274): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10252 comm="syz.0.1266" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f78bab8e969 code=0x7ffc0000
[  562.772763][ T1298] ieee802154 phy0 wpan0: encryption failed: -22
[  562.780170][ T1298] ieee802154 phy1 wpan1: encryption failed: -22
[  563.676504][T10279] kvm: emulating exchange as write
[  564.209623][T10291] xt_CT: You must specify a L4 protocol and not use inversions on it
[  564.270483][T10297] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1280'.
[  564.843909][T10302] /dev/nullb0: Can't lookup blockdev
[  565.826002][T10311] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1285'.
[  565.835830][T10311] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1285'.
[  565.897897][T10315] sctp: [Deprecated]: syz.0.1287 (pid 10315) Use of struct sctp_assoc_value in delayed_ack socket option.
[  565.897897][T10315] Use struct sctp_sack_info instead
[  565.916607][T10315] sctp: [Deprecated]: syz.0.1287 (pid 10315) Use of struct sctp_assoc_value in delayed_ack socket option.
[  565.916607][T10315] Use struct sctp_sack_info instead
[  567.101041][T10340] overlayfs: missing 'lowerdir'
[  567.187636][T10341] 9pnet_fd: Insufficient options for proto=fd
[  570.410780][T10361] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1302'.
[  570.443363][T10361] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1302'.
[  570.520603][T10367] input: syz0 as /devices/virtual/input/input31
[  570.987153][ T5878] usb 3-1: new high-speed USB device number 18 using dummy_hcd
[  571.640705][T10381] FAULT_INJECTION: forcing a failure.
[  571.640705][T10381] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  571.654175][T10381] CPU: 0 UID: 0 PID: 10381 Comm: syz.4.1309 Not tainted 6.15.0-rc6-syzkaller-00278-g172a9d94339c #0 PREEMPT(full) 
[  571.654205][T10381] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  571.654218][T10381] Call Trace:
[  571.654227][T10381]  <TASK>
[  571.654235][T10381]  dump_stack_lvl+0x189/0x250
[  571.654267][T10381]  ? __lock_acquire+0xaac/0xd20
[  571.654298][T10381]  ? __pfx_dump_stack_lvl+0x10/0x10
[  571.654326][T10381]  ? __pfx__printk+0x10/0x10
[  571.654357][T10381]  ? __might_fault+0xb0/0x130
[  571.654401][T10381]  should_fail_ex+0x414/0x560
[  571.654427][T10381]  _copy_from_user+0x2d/0xb0
[  571.654457][T10381]  __sys_bpf+0x1ed/0x860
[  571.654484][T10381]  ? __pfx___sys_bpf+0x10/0x10
[  571.654522][T10381]  ? ksys_write+0x1f0/0x250
[  571.654564][T10381]  __x64_sys_bpf+0x7c/0x90
[  571.654587][T10381]  do_syscall_64+0xf6/0x210
[  571.654615][T10381]  ? clear_bhb_loop+0x60/0xb0
[  571.654641][T10381]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  571.654661][T10381] RIP: 0033:0x7f450cb8e969
[  571.654679][T10381] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  571.654697][T10381] RSP: 002b:00007f450d9de038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[  571.654719][T10381] RAX: ffffffffffffffda RBX: 00007f450cdb6080 RCX: 00007f450cb8e969
[  571.654734][T10381] RDX: 0000000000000094 RSI: 00002000000006c0 RDI: 0000000000000005
[  571.654747][T10381] RBP: 00007f450d9de090 R08: 0000000000000000 R09: 0000000000000000
[  571.654760][T10381] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  571.654772][T10381] R13: 0000000000000001 R14: 00007f450cdb6080 R15: 00007ffebdc4b958
[  571.654812][T10381]  </TASK>
[  572.308475][ T5878] usb 3-1: device descriptor read/64, error -71
[  572.773640][ T5878] usb 3-1: new high-speed USB device number 19 using dummy_hcd
[  573.062645][ T5878] usb 3-1: device descriptor read/64, error -71
[  573.308243][ T5878] usb usb3-port1: attempt power cycle
[  573.633544][T10396] overlayfs: missing 'lowerdir'
[  573.735778][T10397] 9pnet_fd: Insufficient options for proto=fd
[  574.428015][ T5878] usb 3-1: new high-speed USB device number 20 using dummy_hcd
[  574.657105][ T5878] usb 3-1: device not accepting address 20, error -71
[  575.183099][T10413] netlink: 24 bytes leftover after parsing attributes in process `syz.3.1316'.
[  576.223958][T10419] input: syz0 as /devices/virtual/input/input32
[  577.973992][T10437] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(9)
[  577.974027][T10437] vhci_hcd vhci_hcd.0: devid(0) speed(4) speed_str(wireless)
[  577.974112][T10437] vhci_hcd vhci_hcd.0: Device attached
[  578.627427][T10440] vhci_hcd: connection closed
[  578.627940][ T6990] vhci_hcd: stop threads
[  578.627961][ T6990] vhci_hcd: release socket
[  578.627980][ T6990] vhci_hcd: disconnect device
[  578.644146][T10444] netlink: 20 bytes leftover after parsing attributes in process `syz.0.1325'.
[  578.791331][T10444] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1325'.
[  579.363588][T10457] FAULT_INJECTION: forcing a failure.
[  579.363588][T10457] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  579.376897][T10457] CPU: 1 UID: 0 PID: 10457 Comm: syz.4.1329 Not tainted 6.15.0-rc6-syzkaller-00278-g172a9d94339c #0 PREEMPT(full) 
[  579.376932][T10457] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  579.376944][T10457] Call Trace:
[  579.376954][T10457]  <TASK>
[  579.376963][T10457]  dump_stack_lvl+0x189/0x250
[  579.376995][T10457]  ? __lock_acquire+0xaac/0xd20
[  579.377025][T10457]  ? __pfx_dump_stack_lvl+0x10/0x10
[  579.377054][T10457]  ? __pfx__printk+0x10/0x10
[  579.377085][T10457]  ? __might_fault+0xb0/0x130
[  579.377129][T10457]  should_fail_ex+0x414/0x560
[  579.377157][T10457]  _copy_from_iter+0x1db/0x15a0
[  579.377191][T10457]  ? trace_kmem_cache_alloc+0x1f/0xc0
[  579.377220][T10457]  ? kmem_cache_alloc_node_noprof+0x217/0x3c0
[  579.377254][T10457]  ? __pfx__copy_from_iter+0x10/0x10
[  579.377283][T10457]  ? __build_skb_around+0x257/0x3e0
[  579.377315][T10457]  ? netlink_sendmsg+0x642/0xb30
[  579.377338][T10457]  ? skb_put+0x11b/0x210
[  579.377369][T10457]  netlink_sendmsg+0x6b2/0xb30
[  579.377392][T10457]  ? is_bpf_text_address+0x26/0x2b0
[  579.377430][T10457]  ? __pfx_netlink_sendmsg+0x10/0x10
[  579.377463][T10457]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  579.377486][T10457]  ? __pfx_netlink_sendmsg+0x10/0x10
[  579.377513][T10457]  __sock_sendmsg+0x219/0x270
[  579.377538][T10457]  ____sys_sendmsg+0x505/0x830
[  579.377573][T10457]  ? __pfx_____sys_sendmsg+0x10/0x10
[  579.377612][T10457]  ? import_iovec+0x74/0xa0
[  579.377645][T10457]  ___sys_sendmsg+0x21f/0x2a0
[  579.377676][T10457]  ? __pfx____sys_sendmsg+0x10/0x10
[  579.377743][T10457]  ? __fget_files+0x2a/0x420
[  579.377762][T10457]  ? __fget_files+0x3a0/0x420
[  579.377800][T10457]  __x64_sys_sendmsg+0x19b/0x260
[  579.377832][T10457]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  579.377880][T10457]  ? do_syscall_64+0xba/0x210
[  579.377911][T10457]  do_syscall_64+0xf6/0x210
[  579.377939][T10457]  ? clear_bhb_loop+0x60/0xb0
[  579.377965][T10457]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  579.377985][T10457] RIP: 0033:0x7f450cb8e969
[  579.378004][T10457] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  579.378022][T10457] RSP: 002b:00007f450d9ff038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  579.378045][T10457] RAX: ffffffffffffffda RBX: 00007f450cdb5fa0 RCX: 00007f450cb8e969
[  579.378061][T10457] RDX: 0000000000000000 RSI: 0000200000001200 RDI: 0000000000000003
[  579.378074][T10457] RBP: 00007f450d9ff090 R08: 0000000000000000 R09: 0000000000000000
[  579.378087][T10457] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  579.378099][T10457] R13: 0000000000000000 R14: 00007f450cdb5fa0 R15: 00007ffebdc4b958
[  579.378130][T10457]  </TASK>
[  579.797255][ T7847] usb 2-1: new high-speed USB device number 16 using dummy_hcd
[  580.107199][ T7847] usb 2-1: Using ep0 maxpacket: 8
[  581.005448][T10470] random: crng reseeded on system resumption
[  581.075092][ T7847] usb 2-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2d.ea
[  581.084626][ T7847] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  581.092842][ T7847] usb 2-1: Product: syz
[  581.097223][ T7847] usb 2-1: Manufacturer: syz
[  581.102311][ T7847] usb 2-1: SerialNumber: syz
[  581.110668][ T7847] usb 2-1: config 0 descriptor??
[  581.371739][ T7847] usb 2-1: dvb_usb_v2: found a 'TerraTec NOXON DAB Stick' in warm state
[  582.459312][T10455] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  582.459762][T10455] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  582.470883][ T7847] dvb_usb_rtl28xxu 2-1:0.0: probe with driver dvb_usb_rtl28xxu failed with error -71
[  582.486050][ T7847] usb 2-1: USB disconnect, device number 16
[  582.697619][    C0] hrtimer: interrupt took 1015088 ns
[  582.699849][   T24] usb 5-1: new high-speed USB device number 14 using dummy_hcd
[  582.907197][   T24] usb 5-1: device descriptor read/64, error -71
[  583.147198][   T24] usb 5-1: new high-speed USB device number 15 using dummy_hcd
[  583.297404][   T24] usb 5-1: device descriptor read/64, error -71
[  583.716176][T10497] netlink: 24 bytes leftover after parsing attributes in process `syz.1.1340'.
[  583.811580][   T24] usb usb5-port1: attempt power cycle
[  584.488585][   T24] usb 5-1: new high-speed USB device number 16 using dummy_hcd
[  584.841396][   T24] usb 5-1: device descriptor read/8, error -71
[  585.234560][T10505] llcp: nfc_llcp_send_ui_frame: Could not allocate PDU (error=-512)
[  587.621057][T10536] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1350'.
[  588.398073][T10538] netlink: 24 bytes leftover after parsing attributes in process `syz.0.1353'.
[  589.122922][T10550] lo speed is unknown, defaulting to 1000
[  591.491015][T10566] Cache volume key already in use (9p,(null),)
[  591.800036][T10568] overlayfs: overlapping lowerdir path
[  591.861378][T10569] overlayfs: "xino=on" is useless with all layers on same fs, ignore.
[  593.227396][T10576] netfs: Couldn't get user pages (rc=-14)
[  594.314947][ T3497] ==================================================================
[  594.323071][ T3497] BUG: KASAN: slab-out-of-bounds in iov_iter_revert+0x1da/0x5f0
[  594.330738][ T3497] Read of size 4 at addr ffff8880239331f8 by task kworker/u8:8/3497
[  594.338750][ T3497] 
[  594.341097][ T3497] CPU: 1 UID: 0 PID: 3497 Comm: kworker/u8:8 Not tainted 6.15.0-rc6-syzkaller-00278-g172a9d94339c #0 PREEMPT(full) 
[  594.341125][ T3497] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  594.341140][ T3497] Workqueue: events_unbound netfs_write_collection_worker
[  594.341168][ T3497] Call Trace:
[  594.341179][ T3497]  <TASK>
[  594.341189][ T3497]  dump_stack_lvl+0x189/0x250
[  594.341220][ T3497]  ? __kasan_check_byte+0x12/0x40
[  594.341255][ T3497]  ? __pfx_dump_stack_lvl+0x10/0x10
[  594.341284][ T3497]  ? lock_release+0x4b/0x3e0
[  594.341312][ T3497]  ? lock_release+0x4b/0x3e0
[  594.341344][ T3497]  ? __virt_addr_valid+0x469/0x540
[  594.341373][ T3497]  print_report+0xb4/0x290
[  594.341398][ T3497]  ? iov_iter_revert+0x1da/0x5f0
[  594.341432][ T3497]  kasan_report+0x118/0x150
[  594.341468][ T3497]  ? iov_iter_revert+0x1da/0x5f0
[  594.341511][ T3497]  iov_iter_revert+0x1da/0x5f0
[  594.341545][ T3497]  netfs_retry_writes+0x1645/0x1840
[  594.341583][ T3497]  ? __pfx_netfs_retry_writes+0x10/0x10
[  594.341605][ T3497]  ? __lock_acquire+0xaac/0xd20
[  594.341637][ T3497]  ? do_raw_spin_lock+0x121/0x290
[  594.341668][ T3497]  netfs_write_collection_worker+0x2007/0x2bd0
[  594.341711][ T3497]  ? process_scheduled_works+0x9ec/0x17a0
[  594.341751][ T3497]  process_scheduled_works+0xadb/0x17a0
[  594.341801][ T3497]  ? __pfx_process_scheduled_works+0x10/0x10
[  594.341844][ T3497]  worker_thread+0x8a0/0xda0
[  594.341880][ T3497]  kthread+0x70e/0x8a0
[  594.341907][ T3497]  ? __pfx_worker_thread+0x10/0x10
[  594.341926][ T3497]  ? __pfx_kthread+0x10/0x10
[  594.341950][ T3497]  ? __pfx_kthread+0x10/0x10
[  594.341975][ T3497]  ? _raw_spin_unlock_irq+0x23/0x50
[  594.341999][ T3497]  ? lockdep_hardirqs_on+0x9c/0x150
[  594.342025][ T3497]  ? __pfx_kthread+0x10/0x10
[  594.342049][ T3497]  ret_from_fork+0x4b/0x80
[  594.342070][ T3497]  ? __pfx_kthread+0x10/0x10
[  594.342093][ T3497]  ret_from_fork_asm+0x1a/0x30
[  594.342135][ T3497]  </TASK>
[  594.342142][ T3497] 
[  594.531955][ T3497] Allocated by task 9680:
[  594.536312][ T3497]  kasan_save_track+0x3e/0x80
[  594.541015][ T3497]  __kasan_kmalloc+0x93/0xb0
[  594.545626][ T3497]  __kmalloc_cache_noprof+0x230/0x3d0
[  594.551032][ T3497]  ref_tracker_alloc+0x133/0x460
[  594.555985][ T3497]  dst_init+0xd9/0x450
[  594.560083][ T3497]  dst_alloc+0x12a/0x170
[  594.564349][ T3497]  ip_route_output_key_hash_rcu+0x140d/0x2330
[  594.570444][ T3497]  ip_route_output_key_hash+0x1b9/0x2e0
[  594.576035][ T3497]  __ip4_datagram_connect+0x8ae/0x1230
[  594.581545][ T3497]  __ip6_datagram_connect+0x1b3/0x1150
[  594.587056][ T3497]  udpv6_connect+0x36/0x240
[  594.591591][ T3497]  __sys_connect+0x313/0x440
[  594.596320][ T3497]  __x64_sys_connect+0x7a/0x90
[  594.601114][ T3497]  do_syscall_64+0xf6/0x210
[  594.605749][ T3497]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  594.611661][ T3497] 
[  594.614001][ T3497] The buggy address belongs to the object at ffff8880239331c0
[  594.614001][ T3497]  which belongs to the cache kmalloc-32 of size 32
[  594.628079][ T3497] The buggy address is located 24 bytes to the right of
[  594.628079][ T3497]  allocated 32-byte region [ffff8880239331c0, ffff8880239331e0)
[  594.642589][ T3497] 
[  594.644924][ T3497] The buggy address belongs to the physical page:
[  594.651342][ T3497] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x23933
[  594.660119][ T3497] ksm flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[  594.667598][ T3497] page_type: f5(slab)
[  594.671598][ T3497] raw: 00fff00000000000 ffff88801a041780 ffffea0001372d80 dead000000000003
[  594.680201][ T3497] raw: 0000000000000000 0000000000400040 00000000f5000000 0000000000000000
[  594.688797][ T3497] page dumped because: kasan: bad access detected
[  594.695226][ T3497] page_owner tracks the page as allocated
[  594.700947][ T3497] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x52800(GFP_NOWAIT|__GFP_NORETRY|__GFP_COMP), pid 1259, tgid 1259 (kworker/u8:3), ts 10243867270, free_ts 10230530540
[  594.719203][ T3497]  post_alloc_hook+0x1d8/0x230
[  594.723983][ T3497]  get_page_from_freelist+0x21c7/0x22a0
[  594.729548][ T3497]  __alloc_frozen_pages_noprof+0x181/0x370
[  594.735373][ T3497]  alloc_pages_mpol+0x232/0x4a0
[  594.740247][ T3497]  allocate_slab+0x8a/0x3b0
[  594.744776][ T3497]  ___slab_alloc+0xbfc/0x1480
[  594.749469][ T3497]  __kmalloc_cache_noprof+0x296/0x3d0
[  594.754874][ T3497]  kmem_cache_free+0x169/0x3f0
[  594.759664][ T3497]  fput_close+0x119/0x200
[  594.764009][ T3497]  path_openat+0x313c/0x3830
[  594.768614][ T3497]  do_filp_open+0x1fa/0x410
[  594.773136][ T3497]  do_open_execat+0x135/0x450
[  594.777829][ T3497]  alloc_bprm+0x28/0xbc0
[  594.782093][ T3497]  kernel_execve+0x9b/0x9f0
[  594.786616][ T3497]  call_usermodehelper_exec_async+0x210/0x360
[  594.792707][ T3497]  ret_from_fork+0x4b/0x80
[  594.797156][ T3497] page last free pid 976 tgid 976 stack trace:
[  594.803313][ T3497]  __free_frozen_pages+0xb05/0xcd0
[  594.808449][ T3497]  vfree+0x1a6/0x330
[  594.812354][ T3497]  delayed_vfree_work+0x55/0x80
[  594.817217][ T3497]  process_scheduled_works+0xadb/0x17a0
[  594.822783][ T3497]  worker_thread+0x8a0/0xda0
[  594.827384][ T3497]  kthread+0x70e/0x8a0
[  594.831480][ T3497]  ret_from_fork+0x4b/0x80
[  594.835909][ T3497]  ret_from_fork_asm+0x1a/0x30
[  594.840701][ T3497] 
[  594.843039][ T3497] Memory state around the buggy address:
[  594.848770][ T3497]  ffff888023933080: 00 00 00 00 fc fc fc fc fa fb fb fb fc fc fc fc
[  594.856844][ T3497]  ffff888023933100: fa fb fb fb fc fc fc fc 00 00 00 00 fc fc fc fc
[  594.864916][ T3497] >ffff888023933180: fa fb fb fb fc fc fc fc 00 00 00 00 fc fc fc fc
[  594.872994][ T3497]                                                                 ^
[  594.880978][ T3497]  ffff888023933200: 00 00 00 00 fc fc fc fc 00 00 00 00 fc fc fc fc
[  594.889060][ T3497]  ffff888023933280: fa fb fb fb fc fc fc fc 00 00 00 00 fc fc fc fc
[  594.897133][ T3497] ==================================================================
[  595.050984][ T3497] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[  595.058241][ T3497] CPU: 0 UID: 0 PID: 3497 Comm: kworker/u8:8 Not tainted 6.15.0-rc6-syzkaller-00278-g172a9d94339c #0 PREEMPT(full) 
[  595.070424][ T3497] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  595.080518][ T3497] Workqueue: events_unbound netfs_write_collection_worker
[  595.087691][ T3497] Call Trace:
[  595.090993][ T3497]  <TASK>
[  595.093949][ T3497]  dump_stack_lvl+0x99/0x250
[  595.098579][ T3497]  ? __asan_memcpy+0x40/0x70
[  595.103192][ T3497]  ? __pfx_dump_stack_lvl+0x10/0x10
[  595.108407][ T3497]  ? __pfx__printk+0x10/0x10
[  595.113039][ T3497]  panic+0x2db/0x790
[  595.116956][ T3497]  ? __pfx_preempt_schedule+0x10/0x10
[  595.122346][ T3497]  ? __pfx_panic+0x10/0x10
[  595.126777][ T3497]  ? _raw_spin_unlock_irqrestore+0xfd/0x110
[  595.132684][ T3497]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  595.139025][ T3497]  ? iov_iter_revert+0x1da/0x5f0
[  595.143976][ T3497]  check_panic_on_warn+0x89/0xb0
[  595.148927][ T3497]  ? iov_iter_revert+0x1da/0x5f0
[  595.153875][ T3497]  end_report+0x78/0x160
[  595.158146][ T3497]  kasan_report+0x129/0x150
[  595.162667][ T3497]  ? iov_iter_revert+0x1da/0x5f0
[  595.167622][ T3497]  iov_iter_revert+0x1da/0x5f0
[  595.172454][ T3497]  netfs_retry_writes+0x1645/0x1840
[  595.177674][ T3497]  ? __pfx_netfs_retry_writes+0x10/0x10
[  595.183222][ T3497]  ? __lock_acquire+0xaac/0xd20
[  595.188085][ T3497]  ? do_raw_spin_lock+0x121/0x290
[  595.193122][ T3497]  netfs_write_collection_worker+0x2007/0x2bd0
[  595.199301][ T3497]  ? process_scheduled_works+0x9ec/0x17a0
[  595.205038][ T3497]  process_scheduled_works+0xadb/0x17a0
[  595.210614][ T3497]  ? __pfx_process_scheduled_works+0x10/0x10
[  595.216620][ T3497]  worker_thread+0x8a0/0xda0
[  595.221230][ T3497]  kthread+0x70e/0x8a0
[  595.225309][ T3497]  ? __pfx_worker_thread+0x10/0x10
[  595.230423][ T3497]  ? __pfx_kthread+0x10/0x10
[  595.235022][ T3497]  ? __pfx_kthread+0x10/0x10
[  595.239621][ T3497]  ? _raw_spin_unlock_irq+0x23/0x50
[  595.244832][ T3497]  ? lockdep_hardirqs_on+0x9c/0x150
[  595.250047][ T3497]  ? __pfx_kthread+0x10/0x10
[  595.254648][ T3497]  ret_from_fork+0x4b/0x80
[  595.259074][ T3497]  ? __pfx_kthread+0x10/0x10
[  595.263671][ T3497]  ret_from_fork_asm+0x1a/0x30
[  595.268470][ T3497]  </TASK>
[  595.271756][ T3497] Kernel Offset: disabled
[  595.276083][ T3497] Rebooting in 86400 seconds..