last executing test programs:

1m28.452974258s ago: executing program 3 (id=250):
r0 = socket(0x0, 0x6, 0x9)
setsockopt$inet_sctp_SCTP_PRIMARY_ADDR(r0, 0x84, 0x6, &(0x7f0000000000)={0x0, @in6={{0xa, 0x4e24, 0x7ff, @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, 0x9}}}, 0x84)
r1 = syz_io_uring_setup(0x5244, &(0x7f00000000c0)={0x0, 0x4af4, 0x80, 0x2, 0x24e}, &(0x7f0000000140)=<r2=>0x0, &(0x7f0000000180))
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x10c, &(0x7f00000001c0)=0x80000001, 0x0, 0x4)
r3 = syz_usb_connect$hid(0x6, 0x3f, &(0x7f0000000200)={{0x12, 0x1, 0x200, 0x0, 0x0, 0x0, 0x20, 0x56a, 0x16, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x2d, 0x1, 0x1, 0x81, 0x30, 0x1, [{{0x9, 0x4, 0x0, 0x6, 0x2, 0x3, 0x1, 0x1, 0x5, {0x9, 0x21, 0xf, 0x2, 0x1, {0x22, 0x360}}, {{{0x9, 0x5, 0x81, 0x3, 0x200, 0x40, 0x40, 0x2}}, [{{0x9, 0x5, 0x2, 0x3, 0x3ff, 0x5}}]}}}]}}]}}, &(0x7f0000000340)={0xa, &(0x7f0000000240)={0xa, 0x6, 0x201, 0x2, 0x4, 0x6, 0xff, 0x6e}, 0x40, &(0x7f0000000280)={0x5, 0xf, 0x40, 0x6, [@wireless={0xb, 0x10, 0x1, 0xc, 0x4, 0x95, 0xff, 0x8, 0x2}, @ss_cap={0xa, 0x10, 0x3, 0x7ff1dcde72c070e5, 0x2, 0xb, 0x5, 0xff3c}, @ext_cap={0x7, 0x10, 0x2, 0x0, 0xa, 0xa, 0x41c0}, @ss_cap={0xa, 0x10, 0x3, 0x2, 0x5, 0x3, 0x2, 0x9}, @wireless={0xb, 0x10, 0x1, 0x8, 0x8, 0x7, 0x8, 0x7, 0x5}, @ss_cap={0xa, 0x10, 0x3, 0x2, 0x8, 0x6, 0x8, 0x9}]}, 0x2, [{0x1f, &(0x7f00000002c0)=@string={0x1f, 0x3, "8faa49bcfa7c863f4ac319d44be53c185a32f4edff11f60701ae6388f7"}}, {0x4, &(0x7f0000000300)=@lang_id={0x4, 0x3, 0x44b}}]})
syz_usb_control_io$hid(r3, &(0x7f0000000500)={0x14, &(0x7f0000000380)={0x20, 0xe, 0x41, {0x41, 0x21, "05ef7cdad7348654ac14b2f2fc36a111abd1cf1ab424c38abe6d5b6865ecfb6676ea851e7003384bed2e7b5910b470a0116c4a3d71add19f0e9b9649eac36e"}}, &(0x7f0000000400)={0x0, 0x3, 0x6b, @string={0x6b, 0x3, "f933ce5558ee54528bf6a497464fda4a3116d184bb5badec56825efa71b639c986b5428ea70a99106eb1bb8f1c59ef63bfe77754f6722c62393dc1c9c05398d6736aa245507be1d73c45c8579c35b00657945268834127479c82368f9cdff3dec559ffa4f8985cdc32"}}, &(0x7f0000000480)={0x0, 0x22, 0xf, {[@main=@item_012={0x1, 0x0, 0xc, "8d"}, @global=@item_012={0x2, 0x1, 0x5, 'AX'}, @local=@item_012={0x1, 0x2, 0x3, "b8"}, @main=@item_4={0x3, 0x0, 0x8, "5a6fb8e1"}, @main=@item_012={0x1, 0x0, 0xa, '!'}, @local=@item_012={0x0, 0x2, 0x5}]}}, &(0x7f00000004c0)={0x0, 0x21, 0x9, {0x9, 0x21, 0x6, 0x5c, 0x1, {0x22, 0xaee}}}}, &(0x7f0000000740)={0x18, &(0x7f0000000540)={0x0, 0x16, 0x75, "d9e9e5a8acbcc490a92ea86685ce6a38cd1cc806f877e5a3d687a36f7c67fda6c4db37464b7ce13209659e6450bcae72a2118f4db78eb8e441b698946a71d2e99361a54b34af5c2bd811eaa003a137033b158b74997ad8a9cc3da804c7fc6b73e944c29574216ed2703b2a54cadee0d942e39b24e9"}, &(0x7f00000005c0)={0x0, 0xa, 0x1, 0xb}, &(0x7f0000000600)={0x0, 0x8, 0x1, 0x4}, &(0x7f0000000640)={0x20, 0x1, 0x95, "6380d637956db89b87cdc39d0c700621fa98a856961c3e8d4655dae4d8b04ef358324ef8889ece7c5523afef5188c84851bad8ece6621e166ddb254bfc7f292fdefdb82422456462662c6bba3eff35d0701893df2f2ae6b345d78fae818b1011b294ef1a0b51512c95c7c6b48f1808cfd226dfceebbb299945e16cc03102f961e75dfa0817dadf9056f9154a9313855c446ad080d7"}, &(0x7f0000000700)={0x20, 0x3, 0x1, 0x1}})
syz_usb_disconnect(0xffffffffffffffff)
r4 = syz_io_uring_complete(r2)
ioctl$sock_FIOSETOWN(r4, 0x8901, &(0x7f0000000780)=0xffffffffffffffff)
sendmsg$nl_route(r4, &(0x7f0000000880)={&(0x7f00000007c0)={0x10, 0x0, 0x0, 0x40000000}, 0xc, &(0x7f0000000840)={&(0x7f0000000800)=@ipv4_getnexthop={0x1c, 0x6a, 0x100, 0x70bd2a, 0x25dfdbfb, {}, [@NHA_GROUPS={0x4}]}, 0x1c}, 0x1, 0x0, 0x0, 0x88}, 0x48084)
getsockopt$inet_sctp_SCTP_GET_ASSOC_ID_LIST(r0, 0x84, 0x1d, &(0x7f00000008c0)={0x9, [0x0, 0x0, <r5=>0x0, 0x0, 0x0, <r6=>0x0, 0x0, 0x0, 0x0]}, &(0x7f0000000900)=0x28)
setsockopt$inet_sctp6_SCTP_RESET_STREAMS(r4, 0x84, 0x77, &(0x7f0000000940)={r5, 0x1ff, 0x3, [0x4, 0x97, 0x5]}, 0xe)
writev(r1, &(0x7f0000000a80)=[{&(0x7f0000000980)="c558532fa4e69f94559d9a814309a0041ca1", 0x12}, {&(0x7f00000009c0)="07f0ef068d64c2811720577182357b672c8d7569d66ab139e7b2672d84d0b5700536d52985ad48b36d0206d444a33630b72e735b14eda7488ad0c106aa48a6e1e6a731482539f1c54038b8b12dd1c5db31d3b39f2a3526f311371be48af3112de2c1cd6b61121332a1da2bd4cb01f169edfd67771037ba0112bb30cbb57d9deff9d42b8a", 0x84}], 0x2)
setsockopt$inet_sctp6_SCTP_AUTH_CHUNK(r0, 0x84, 0x15, &(0x7f0000000ac0)={0x85}, 0x1)
r7 = syz_genetlink_get_family_id$devlink(&(0x7f0000000b40), r0)
sendmsg$DEVLINK_CMD_SB_TC_POOL_BIND_GET(r4, &(0x7f0000000c80)={&(0x7f0000000b00)={0x10, 0x0, 0x0, 0x81846000}, 0xc, &(0x7f0000000c40)={&(0x7f0000000b80)={0x90, r7, 0x100, 0x70bd25, 0x25dfdbfd, {}, [{{@pci={{0x8}, {0x11}}, {0x8, 0x3, 0x2}}, {0x8, 0xb, 0x8}, {0x6, 0x16, 0xf6e3}, {0x5, 0x12, 0x1}}, {{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0x3, 0x1}}, {0x8, 0xb, 0x5}, {0x6, 0x16, 0x6}, {0x5}}]}, 0x90}, 0x1, 0x0, 0x0, 0x4040081}, 0x44)
getsockopt$inet_sctp6_SCTP_PR_STREAM_STATUS(r4, 0x84, 0x74, &(0x7f0000000cc0)=""/155, &(0x7f0000000d80)=0x9b)
r8 = socket$inet_sctp(0x2, 0x5, 0x84)
getsockopt$inet_sctp_SCTP_SOCKOPT_CONNECTX3(r8, 0x84, 0x6f, &(0x7f0000000e40)={r6, 0x58, &(0x7f0000000dc0)=[@in={0x2, 0x4e20, @empty}, @in={0x2, 0x4e24, @local}, @in6={0xa, 0x4e22, 0x3, @local}, @in6={0xa, 0x4e22, 0x7, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01'}]}, &(0x7f0000000e80)=0xc)
r9 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000f00), r4)
sendmsg$TIPC_NL_SOCK_GET(r0, &(0x7f0000000fc0)={&(0x7f0000000ec0)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f0000000f80)={&(0x7f0000000f40)={0x30, r9, 0x100, 0x70bd28, 0x25dfdbfe, {}, [@TIPC_NLA_PUBL={0x1c, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0xf}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0xa}, @TIPC_NLA_PUBL_UPPER={0x8}]}]}, 0x30}, 0x1, 0x0, 0x0, 0x4052}, 0x4000002)
recvmsg$can_raw(r0, &(0x7f00000011c0)={&(0x7f0000001000)=@vsock, 0x80, &(0x7f0000001100)=[{&(0x7f0000001080)=""/39, 0x27}, {&(0x7f00000010c0)=""/3, 0x3}], 0x2, &(0x7f0000001140)=""/102, 0x66}, 0x140)
r10 = pidfd_getfd(0xffffffffffffffff, 0xffffffffffffffff, 0x0)
getsockopt$inet_sctp6_SCTP_PR_SUPPORTED(r10, 0x84, 0x71, &(0x7f0000001200)={0x0, 0x7ff}, &(0x7f0000001240)=0x8)
sendmsg$IPCTNL_MSG_TIMEOUT_DEFAULT_SET(r4, &(0x7f00000013c0)={&(0x7f0000001280)={0x10, 0x0, 0x0, 0x40000000}, 0xc, &(0x7f0000001380)={&(0x7f00000012c0)={0xb8, 0x3, 0x8, 0x301, 0x0, 0x0, {0xa, 0x0, 0x8}, [@CTA_TIMEOUT_DATA={0x4c, 0x4, 0x0, 0x1, @sctp=[@CTA_TIMEOUT_SCTP_COOKIE_ECHOED={0x8, 0x3, 0x1, 0x0, 0x5}, @CTA_TIMEOUT_SCTP_CLOSED={0x8, 0x1, 0x1, 0x0, 0xffffff7f}, @CTA_TIMEOUT_SCTP_ESTABLISHED={0x8, 0x4, 0x1, 0x0, 0x1}, @CTA_TIMEOUT_SCTP_ESTABLISHED={0x8, 0x4, 0x1, 0x0, 0x5}, @CTA_TIMEOUT_SCTP_HEARTBEAT_ACKED={0x8, 0x9, 0x1, 0x0, 0xbc9}, @CTA_TIMEOUT_SCTP_CLOSED={0x8, 0x1, 0x1, 0x0, 0xffff}, @CTA_TIMEOUT_SCTP_HEARTBEAT_ACKED={0x8, 0x9, 0x1, 0x0, 0x8}, @CTA_TIMEOUT_SCTP_CLOSED={0x8, 0x1, 0x1, 0x0, 0x23d02178}, @CTA_TIMEOUT_SCTP_HEARTBEAT_SENT={0x8, 0x8, 0x1, 0x0, 0x336}]}, @CTA_TIMEOUT_L4PROTO={0x5, 0x3, 0x1}, @CTA_TIMEOUT_DATA={0x44, 0x4, 0x0, 0x1, @udp=[@CTA_TIMEOUT_UDP_REPLIED={0x8, 0x2, 0x1, 0x0, 0x81}, @CTA_TIMEOUT_UDP_REPLIED={0x8, 0x2, 0x1, 0x0, 0x2}, @CTA_TIMEOUT_UDP_UNREPLIED={0x8, 0x1, 0x1, 0x0, 0xffffff00}, @CTA_TIMEOUT_UDP_UNREPLIED={0x8, 0x1, 0x1, 0x0, 0x4}, @CTA_TIMEOUT_UDP_REPLIED={0x8, 0x2, 0x1, 0x0, 0x5}, @CTA_TIMEOUT_UDP_REPLIED={0x8, 0x2, 0x1, 0x0, 0x4}, @CTA_TIMEOUT_UDP_UNREPLIED={0x8, 0x1, 0x1, 0x0, 0xd}, @CTA_TIMEOUT_UDP_REPLIED={0x8, 0x2, 0x1, 0x0, 0x2}]}, @CTA_TIMEOUT_NAME={0x9, 0x1, 'syz0\x00'}]}, 0xb8}, 0x1, 0x0, 0x0, 0x40055}, 0x20008801)
setsockopt$MRT_FLUSH(r4, 0x0, 0xd4, &(0x7f0000001400)=0x8, 0x4)
sendmsg$IPSET_CMD_DESTROY(r0, &(0x7f0000001500)={&(0x7f0000001440)={0x10, 0x0, 0x0, 0x40042}, 0xc, &(0x7f00000014c0)={&(0x7f0000001480)={0x24, 0x3, 0x6, 0x101, 0x0, 0x0, {0x3, 0x0, 0x6}, [@IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_PROTOCOL={0x5}]}, 0x24}, 0x1, 0x0, 0x0, 0xc050}, 0x40)
r11 = syz_usb_connect$cdc_ecm(0x6, 0x5f, &(0x7f0000001540)={{0x12, 0x1, 0x201, 0x2, 0x0, 0x0, 0xb7, 0x525, 0xa4a1, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x4d, 0x1, 0x1, 0x3, 0x10, 0x5, [{{0x9, 0x4, 0x0, 0x5, 0x2, 0x2, 0x6, 0x0, 0x81, {{0x6, 0x24, 0x6, 0x0, 0x0, "9f"}, {0x5, 0x24, 0x0, 0xe}, {0xd, 0x24, 0xf, 0x1, 0xfffffc01, 0x6c0, 0x53}, [@mbim_extended={0x8, 0x24, 0x1c, 0x9, 0xa, 0x2}]}, {[{{0x9, 0x5, 0x81, 0x3, 0x3ff, 0x6, 0x81, 0x2}}], {{0x9, 0x5, 0x82, 0x2, 0x200, 0xe0, 0x3, 0x3}}, {{0x9, 0x5, 0x3, 0x2, 0x400, 0x5, 0xf9, 0xf8}}}}}]}}]}}, &(0x7f0000001a40)={0xa, &(0x7f00000015c0)={0xa, 0x6, 0x201, 0x8, 0xd, 0x8, 0x20, 0xc}, 0x19, &(0x7f0000001600)={0x5, 0xf, 0x19, 0x1, [@ss_container_id={0x14, 0x10, 0x4, 0x5, "cad09c5da41f7f2c92ccd37225d49713"}]}, 0x7, [{0x90, &(0x7f0000001640)=@string={0x90, 0x3, "b107f8b71bdde48797a73b7444a27358a36c0bdaabebae51a0f66427398726cd35186daad6471a2cd961b779e5dba219028df354476af1e39994bd5e3e7c52766ff008c735e79e3ed36812cbb69c2e283efa4572c787a2807a430e68c03356929a6dab74e5659bb2291634898e320f4b03cf8939c744abef062be105f9a0f57b0b9a62b94059d4b4911f735fe297"}}, {0xb, &(0x7f0000001700)=@string={0xb, 0x3, "5977fad2b185ddaf53"}}, {0x4, &(0x7f0000001740)=@lang_id={0x4, 0x3, 0x4ff}}, {0xe1, &(0x7f0000001780)=@string={0xe1, 0x3, "1db55e29cf86d61ff1674c0c62f9ab117a9832419db1a13407a308e2026662aec3de3a67911f5389d3dfd4e92f441b70960a2dd9eaac1a5e6950e1d6e411ec2f9402f36c196b5bf6ecf2f560e459bd0301a902461501a7af93cffc7a6149308cfe83e22fb364f976efb40d002e66041513edd74d469948788577b019793f2b3966a814f8b8a383b4d984bffd4d1d01a1c7d86ee892105760917f3292cc05a57146ac7e1cfe06fec25cd5edba0faefe3c0221bda59fc0c120eba76998ff5746455fa4072af0f4f776637d3320bb1f0c2c2fddca1fae2622dbec891908cdbf3b"}}, {0x3e, &(0x7f0000001880)=@string={0x3e, 0x3, "8c00391c68b50376315817470cffe68eb467055807f883bdd7fd802670cf5ca59977a9c1ccd720aa28887b77c18c7ca4122080bc9edb3272612a74bb"}}, {0x4, &(0x7f00000018c0)=@lang_id={0x4, 0x3, 0x1004}}, {0x101, &(0x7f0000001900)=@string={0x101, 0x3, "916ae769f9af8ac5173846f43b757f85de1704c6883d13182f275873678107b8259bac89eac9d474f71802d64c3fbcdcbb6aa3dc8cc54c8aee2f9940b923433b27319af9f2dac5efd8d5a06cad25e7a8b660317f70361ed35929efd6ae128e4e45a5c3ee805ad87c8d42f0c37e7e8a3436d33647b1f2e5f920f0909c6db6db28fdef245112f8977145b9d152b41125d7d058879fc20865191ae7a8544dda3506c35fff0c050a32f2300ef6a721541b31fd894b683829cae3734a09a48066a007b78fa31c95c014831a9a2b8420bd985ae4087ae62260de7cf39e24611d79d00ea326abfbd243f2edf772dc1fdd861182002db3449633f05c27272ecd295509"}}]})
syz_usb_control_io$cdc_ecm(r11, &(0x7f0000001bc0)={0xc, &(0x7f0000001ac0)={0x0, 0x21, 0x81, {0x81, 0x6, "87e5f2035b69cb1febedd714afd5611d754ea0a1e2b40deae1ad3522bae66726afa91f18f261f12a5642d25d225ead44077706d638d7c622217037f25a584ade30149c60548888cd133d328b00afba878b4a61c48ca7b5de8603da83c971f89f277ca8006d8a6d7e80ae0a2fd97576262c341ba16ff6e7a32236a69d15656e"}}, &(0x7f0000001b80)={0x0, 0x3, 0x1a, {0x1a}}}, &(0x7f0000001d00)={0x10, &(0x7f0000001c00)={0x20, 0x14, 0x6c, "88158bdd59b605c71d7907f234efee9553bb7e7478784c3044999a4506ae4ba508f5b5bd8798853acb92bbe1329cb5d8c73287e92170213b325b2f98b62a8b1e80f42fd2c28994209de19db143c422df9abcb50dbfab5319895291fe9ccc13d4fc7500334e6f64a3601f3af2"}, &(0x7f0000001c80)={0x0, 0xa, 0x1, 0xff}, &(0x7f0000001cc0)={0x0, 0x8, 0x1, 0x1}})
sendmsg$NL80211_CMD_DEL_TX_TS(r10, &(0x7f0000001e40)={&(0x7f0000001d40)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f0000001e00)={&(0x7f0000001dc0)={0x38, 0x0, 0x200, 0x70bd2a, 0x25dfdbfd, {{}, {@val={0x8}, @val={0xc, 0x99, {0x4, 0x66}}}}, [@NL80211_ATTR_TSID={0x5, 0xd2, 0xe}, @NL80211_ATTR_TSID={0x5, 0xd2, 0xb}]}, 0x38}, 0x1, 0x0, 0x0, 0x4004050}, 0x5)

1m27.20864231s ago: executing program 3 (id=261):
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000140)=[@text32={0x20, &(0x7f0000000180)="66b80e010f00d0b0060f21a20f01c40f009b2700000066b80c008ee00f3235008000000f30b80e0000000f23d80f21f835800000a00f23f8c9b9490300000f60b932c00a00b9730200000f32328fe858b660002fb90d090000b800680000ba000000000f30", 0x65}], 0x1, 0x0, 0x0, 0x0)
madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xe)
mlock(&(0x7f0000000000/0x800000)=nil, 0x800000)
syz_usb_connect(0x5, 0x3f, &(0x7f0000000580)={{0x12, 0x1, 0x0, 0xaa, 0x3a, 0x37, 0x40, 0xb48, 0x2003, 0x3961, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x2d, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x53, 0x0, 0x3, 0x27, 0xa1, 0x41, 0x0, [], [{{0x9, 0x5, 0xc, 0x10, 0x0, 0xa, 0x2, 0xfe}}, {{0x9, 0x5, 0x8b, 0x2, 0x200, 0x44, 0xb7, 0x3}}, {{0x9, 0x5, 0x3, 0xc, 0x8, 0x4, 0x9, 0x6}}]}}]}}]}}, 0x0)
mbind(&(0x7f000069e000/0x3000)=nil, 0x3000, 0x3, 0x0, 0x3, 0x3)
r0 = socket$pppl2tp(0x18, 0x1, 0x1)
r1 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$pppl2tp(r0, &(0x7f0000000740)=@pppol2tpv3={0x18, 0x1, {0x3, r1, {0x2, 0x4e24, @broadcast}, 0x2, 0x0, 0x4}}, 0x2e)
r2 = syz_genetlink_get_family_id$l2tp(&(0x7f0000000040), 0xffffffffffffffff)
r3 = socket$inet6_sctp(0xa, 0x1, 0x84)
r4 = socket$netlink(0x10, 0x3, 0x8000000004)
writev(r4, &(0x7f0000000040), 0x0)
setsockopt(r3, 0x84, 0x81, &(0x7f0000000280)="1a00000002", 0x5)
setsockopt$inet_sctp6_SCTP_AUTH_CHUNK(r3, 0x84, 0x15, 0x0, 0x0)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
r5 = open(0x0, 0x2a4c0, 0x0)
openat$fuse(0xffffffffffffff9c, 0x0, 0x42, 0x0)
syz_open_dev$video(0x0, 0x7, 0x100)
r6 = syz_io_uring_setup(0x6440, &(0x7f0000000080)={0x0, 0x0, 0x10100}, &(0x7f0000000040)=<r7=>0x0, &(0x7f0000000140)=<r8=>0x0)
syz_io_uring_submit(r7, 0x0, &(0x7f00000001c0)=@IORING_OP_PROVIDE_BUFFERS={0x1f, 0x40, 0x0, 0x3, 0x3, 0x0, 0xce})
r9 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpu.stat\x00', 0x275a, 0x0)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x5, 0x12, r9, 0x0)
syz_io_uring_submit(r7, r8, &(0x7f0000000000)=@IORING_OP_RENAMEAT={0x23, 0x12, 0x0, r5, &(0x7f0000000200)='./file0\x00', &(0x7f0000000240)='./file0\x00', r9})
io_uring_enter(r6, 0x2d3e, 0x0, 0x0, 0x0, 0x0)
r10 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$L2TP_CMD_SESSION_DELETE(r10, &(0x7f0000000640)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000001c0)={0x40, r2, 0x1, 0x70bd26, 0x4, {0x5}, [@L2TP_ATTR_CONN_ID={0x8, 0x9, 0x2}, @L2TP_ATTR_PEER_SESSION_ID={0x8, 0xc, 0x3}, @L2TP_ATTR_SESSION_ID={0x8}, @L2TP_ATTR_PW_TYPE={0x6, 0x1, 0x7}, @L2TP_ATTR_COOKIE={0xc, 0xf, 0x1}]}, 0x40}}, 0x20)
r11 = socket$pppl2tp(0x18, 0x1, 0x1)
connect$pppl2tp(r11, &(0x7f0000000000)=@pppol2tpv3={0x18, 0x1, {0x3, 0xffffffffffffffff, {0x2, 0x0, @dev}, 0x2}}, 0x2e)
writev(r11, &(0x7f00000000c0)=[{&(0x7f0000000180)="9f", 0x1}], 0x1)

1m24.471285559s ago: executing program 3 (id=266):
syz_usb_connect(0x3, 0x39, &(0x7f0000000000)=ANY=[@ANYBLOB="120110012b95d908e204121410ca01020301090227bd536ad82ccc41e3a1f6828e270d000102faa0bf09040008020806620009050a100800f807030324df0905090100020408f8"], 0x0)

1m22.687739551s ago: executing program 3 (id=273):
r0 = bpf$PROG_LOAD(0x5, &(0x7f00002a0fb8)={0x8, 0x4, &(0x7f0000000ec0)=ANY=[@ANYBLOB="8500000061000000350000000000002085000000080000009500000000000000f4670880271e3503200ffa95b2c8c037c5a142c9a8d76287066c51adde96fcc309926fa3b4b87b3e0cc7444a2391511c97fabd5f9810e81ae0b737136ea6f7be39e434d5ae35de38dde54704d25c79949c00a7c09cc28d7673294f42a5f0a8761b30d64b741a226de7bad76402320e13822c45c0f8612c10b1f3c075ff1ebb755a2dd5760903000000000000006c6386d7ec7209d031f40f3012e9576e51a7f578602f5807785b92e544fc46c744aeeee4418d6af3e4195cc03710212436a4ff3274cac948d85cec074c6949e1298901ebb39522f6649dd76d067a82f5fe47fe5f17f99ab1e394ab800f4104dbffff0000000000005c6d1d224b64be6c4d7f47ef21eb7e46f9aa4a9779f8555eaea768c1f2c221c410ef4b253d110ee282ab94de93d928cf95846be6277c04b4c5324812696aa89e393c941d9541cc6238d0703394a90231ccca9c3499c9a4cd3cd8a4f8070000000b1b2d2747c45b0c52087b5efabf84960ba0e3c4c00322de328c10752a42dca52fb98c1452b6518a6ef7297f7b2744419a2f238f173d0cd46daf2fcb5500f53e7309ec91d83cf4fbf975d9c07d8d3c76e65760ff000000b78863e629b3b200000000000000000000000000008b0000000a449c810d3174cc7ee545867a3126af7a8b20744ea9875b9cba735b9594aa904e5a4bb2c3dfa8ea63e3e7000860000000004a2147c1128c697d9966b3c9f0e9e203911a3fac929a4fc6e625247510bc24e20ad88d4fe6a3ae2f7967546c4aae83352106057ab9cd4b3442a5d10451b95e22f30a85f5681ca3000000000000000400000396e7b6e1aa007018f6d93e79fce95d405b809238cca421c82c96f10dfa978bee51f581d124216e8bd9b1855f77138e438bdc037865f05e7f98c068be4c6155ec273654108660594757e8844a3ea4cbe37e00000000006d6dc4dd63bb928ff58b3bd2a600089d172a884dcdb8b9f9050297815a371deec596838e38068b5e438cbcd585a8cf37c496a8d2dab79d4242a353917ebdf2dc7926d80260898d4e1ca5e3a833f8f65429845bc3c3092af2bc4ee7263d3cbd9cab24eafd961a2d0c7bbfca952475c7e6158bfbb32f187d18f977117101076bad4167d5559ac12ff1473fa0ac0c0e71925a25933bfe309a040034b0cc8f69074670efc8101b89477d23823605dfa8e5945c71a0225b50d18a010ecf3c349cbac4d5191c3d78b4bff5e05027ca5b338a62e955e514da8ca2846919b7b56c192bb43f7032e485cc664921b7f9133bdbc2ba3cd845997b0dd103c784a53ad0243624566e0dacfe4029ffbe59e7e7751b3a9e619107bde39bfa81791ff0e4577055528aef46891c3c49afda8137d03cf6893db7b0f1fe95f8a096159869db71853b6bb5c08ce5fc61353f1e659d7ac53f54a7e2c94cba21994930a423ac7f84ed873a76b0dda0a4b4c5f87eef3164a0c03bc2a7f08290ddf300b298de3fd9167fb8b9c2f26e27f97cf5e90586ea50b85eb5b420eebe171893782b8326148ef5f5174e7ea5dd7f1caa699e4a241291c2f43e9edbf44c0ffb8ee32a18b6e8f09a1836146e2eab9a760000c2c91190c96cf88466adf775b4cf517dc5e39be99c4ab471f381c3915203cd2f27466c8943a80ba03150699c787696de272affa4e4940e59d8b7c69f804d425e77976c00ca6d3fa7543176a4df033532e5053d72521d097dda0c7a70bd1278c61513c1b87b01d9a9ec4de14693096dab53d3224f245fd5d87984d58dc09d11ba0094ba8c39942be41f362e29bba1cdcf8068a4d8d67d2d6d79aa2d089bc4d475097d7523860ec41dab4fa4b0cfe674c163ad419753bd73882336d42036a179bb33162b31f2a58436ea88fba598fad987a60b1847cc63a77c2bb30477ecbeaaa590cde56be4102d0365987eed64bdf01bbd9aaeb77dde491845e612557fde64b3a185122ff97a365844582ef9086aa0b74bf8a1ba90bbdaf3c716f1e7d7d2b20c878027b2f15cb8576d4cbac85aee331a7e38473a91027daec042fc1e2e7665bf3d3e79aed63b521a1541b2e302c9cf222a86ba7a3889861aa18a3104d657a3a5eeac42d91fbaa41885"], &(0x7f0000000100)='syzkaller\x00', 0x0, 0x99, &(0x7f0000000240)=""/153, 0x0, 0x0, '\x00', 0x0, @cgroup_skb, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r1 = syz_open_dev$sndctrl(&(0x7f0000000000), 0x0, 0x82000)
sendmsg$key(0xffffffffffffffff, &(0x7f0000000000)={0x500, 0x0, &(0x7f0000000040)={&(0x7f0000000340)={0x2, 0x400000000000003, 0x3, 0x2, 0x2}, 0x10}}, 0x0)
ioctl$SNDRV_CTL_IOCTL_PCM_NEXT_DEVICE(r1, 0x80045530, &(0x7f0000000040)=""/180)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r0, 0x0, 0x22, 0x0, &(0x7f0000000000)="e00142e8680d85ff9782762f08009345cc91b77003af2f032aceec38232c63128e24", 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)
bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x8, 0x4, &(0x7f0000000080)=ANY=[@ANYBLOB="b4000000000000006111600000000000060000000000000095007400000000009f3b40607de90ed3e478dd20c0bf40d3aa47ffe846fbf681f1a9c829154d1e0bb4dd92520e86be"], &(0x7f0000003ff6)='GPL\x00', 0x2, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @cgroup_skb, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x48)
r2 = socket$key(0xf, 0x3, 0x2)
r3 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
syz_mount_image$fuse(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0x0, &(0x7f0000002240)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r3, @ANYBLOB=',rootmode=00000000000000000040000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0], 0x0, 0x0, 0x0)
r4 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901)
move_mount(r4, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000300)='./file0\x00', 0x0)
mount$fuse(0x0, &(0x7f0000000000)='./file0\x00', 0x0, 0x84000, 0x0)
sendmsg$key(r2, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000140)={0x2, 0xf, 0x40, 0x8, 0xb, 0x0, 0x70bd27, 0x25dfdbfc, [@sadb_lifetime={0x4, 0x4, 0x2, 0x2, 0xffffffffffffffff, 0x6}, @sadb_address={0x5, 0x17, 0xff, 0x20, 0x0, @in6={0xa, 0x4e20, 0x840, @dev={0xfe, 0x80, '\x00', 0x37}, 0xfffffffe}}]}, 0x58}}, 0x20010802)

1m21.578778585s ago: executing program 3 (id=278):
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000180)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r2 = gettid()
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, r2, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffff}, 0x0)
socket$inet6(0xa, 0x3, 0x6)
syz_usb_connect$printer(0x0, 0x2d, &(0x7f00000000c0)=ANY=[@ANYBLOB="12010000000000402505a8a440000102030109021b00010100c000090400000207"], 0x0)
dup(0xffffffffffffffff)
ioctl$DRM_IOCTL_MODE_CREATE_LEASE(0xffffffffffffffff, 0xc01864c6, 0x0)
r3 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=@newlink={0x28, 0x10, 0x1, 0x0, 0x1000000, {}, [@IFLA_GROUP={0x8}]}, 0x28}}, 0x0)

1m21.176565212s ago: executing program 3 (id=280):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000000c0)=ANY=[@ANYBLOB="140000001000010600000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff1b000000020000000900010073797a30000001000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
r1 = socket(0x10, 0x3, 0x0)
socket$unix(0x1, 0x2, 0x0)
socket$unix(0x1, 0x2, 0x0)
mprotect(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x0)
openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000000), 0x14b042, 0x0)
r2 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000000), 0x0)
ioctl$SNDRV_SEQ_IOCTL_UNSUBSCRIBE_PORT(r2, 0x40505331, &(0x7f0000000100)={{}, {0xe}, 0xbf00, 0xbf})
bind$vsock_stream(r1, &(0x7f00000010c0)={0x28, 0x0, 0x0, @my=0x0}, 0x10)
sendmsg$NFT_BATCH(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000440)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a3c000000120a01020000000000000000020000000900020073797a310000000008000440000000000900010073797a3000000000080003400000000a14000000110001"], 0x64}}, 0x0)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000300), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r3, 0x8933, &(0x7f00000000c0)={'wlan0\x00', <r5=>0x0})
sendmsg$NL80211_CMD_SET_CQM(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000200)=ANY=[@ANYBLOB="34020000", @ANYRES16=r4, @ANYBLOB="050000000000000000003f00000008000300", @ANYRES32=r5, @ANYBLOB="6c005e80080003000300000008000200a609000008000600c0dc000008000900050000000800070098010000200001"], 0x234}}, 0x0)

1m19.520033913s ago: executing program 32 (id=280):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000000c0)=ANY=[@ANYBLOB="140000001000010600000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff1b000000020000000900010073797a30000001000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
r1 = socket(0x10, 0x3, 0x0)
socket$unix(0x1, 0x2, 0x0)
socket$unix(0x1, 0x2, 0x0)
mprotect(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x0)
openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000000), 0x14b042, 0x0)
r2 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000000), 0x0)
ioctl$SNDRV_SEQ_IOCTL_UNSUBSCRIBE_PORT(r2, 0x40505331, &(0x7f0000000100)={{}, {0xe}, 0xbf00, 0xbf})
bind$vsock_stream(r1, &(0x7f00000010c0)={0x28, 0x0, 0x0, @my=0x0}, 0x10)
sendmsg$NFT_BATCH(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000440)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a3c000000120a01020000000000000000020000000900020073797a310000000008000440000000000900010073797a3000000000080003400000000a14000000110001"], 0x64}}, 0x0)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000300), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r3, 0x8933, &(0x7f00000000c0)={'wlan0\x00', <r5=>0x0})
sendmsg$NL80211_CMD_SET_CQM(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000200)=ANY=[@ANYBLOB="34020000", @ANYRES16=r4, @ANYBLOB="050000000000000000003f00000008000300", @ANYRES32=r5, @ANYBLOB="6c005e80080003000300000008000200a609000008000600c0dc000008000900050000000800070098010000200001"], 0x234}}, 0x0)

10.889015231s ago: executing program 5 (id=510):
socket$nl_netfilter(0x10, 0x3, 0xc)
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000044c0)={&(0x7f00000003c0)={0x54, 0x2, 0x6, 0x5, 0x0, 0x0, {}, [@IPSET_ATTR_DATA={0xc, 0x7, 0x0, 0x1, [@IPSET_ATTR_TIMEOUT={0x8, 0x6, 0x1, 0x0, 0x8260}]}, @IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0x2}, @IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_TYPENAME={0xd, 0x3, 'hash:net\x00'}]}, 0x54}}, 0x0)
r1 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$kcm(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040), 0x0, 0x0, 0x0, 0x7400}, 0x20000080)
socket$packet(0x11, 0x3, 0x300)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cpuset.effective_mems\x00', 0x275a, 0x0)
socket$inet_mptcp(0x2, 0x1, 0x106)
socket$nl_route(0x10, 0x3, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
socket$nl_netfilter(0x10, 0x3, 0xc)
r2 = socket$inet(0x2, 0x1, 0x0)
setsockopt$SO_BINDTODEVICE(r2, 0x1, 0x19, &(0x7f0000000040)='vcan0\x00', 0x10)
setsockopt$inet_opts(r2, 0x0, 0x4, &(0x7f0000000140)="441f08d600270bee724ef54e91eeffbe1e68d5040d73161feeb0", 0x1a)
r3 = socket$nl_route(0x10, 0x3, 0x0)
r4 = socket(0x1, 0x803, 0x0)
pipe(&(0x7f0000000100))
getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, <r5=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000001c0)=0x14)
sendmsg$nl_route(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000200)=@newlink={0x44, 0x10, 0x403, 0xfffffffc, 0x3f, {0x0, 0x0, 0x0, 0x0, 0x88adfda5}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @ipvlan={{0xb}, {0x4803}}}, @IFLA_LINK={0x8, 0x5, r5}, @IFLA_MASTER={0x8, 0xa, r5}]}, 0x44}, 0x1, 0x300000000000000, 0x0, 0x4004}, 0x0)

10.588379109s ago: executing program 0 (id=511):
socket$inet_udplite(0x2, 0x2, 0x88)
ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x8946, 0x0)
listen(0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sendmsg(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000200)}, 0x0)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0x401, 0x9, 0x8, 0x0, 0x7}, 0x0)
r2 = socket$key(0xf, 0x3, 0x2)
r3 = socket$vsock_stream(0x28, 0x1, 0x0)
sendmsg$sock(r3, 0x0, 0xc5)
sendmsg$key(r2, &(0x7f0000000040)={0x0, 0x3, &(0x7f00000000c0)={&(0x7f0000000240)={0x2, 0x5, 0xfc, 0x9, 0xe, 0x0, 0x70bd27, 0x7, [@sadb_address={0x5, 0x6, 0x0, 0x0, 0xe, @in6={0xa, 0x4e23, 0xfffffffd, @private1, 0x8598}}, @sadb_sa={0x2, 0x1, 0x4d4, 0x0, 0x81, 0x0, 0x0, 0xa0000000}, @sadb_address={0x5, 0x5, 0x0, 0x0, 0x0, @in6={0xa, 0x4e22, 0xfffff800, @private1={0xfc, 0x1, '\x00', 0x11}, 0x6}}]}, 0x70}, 0x1, 0x400000000000000}, 0x0)
r4 = socket$inet(0x2, 0x4000000000000001, 0x0)
sendto$inet(r4, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10)
syz_io_uring_setup(0x466, &(0x7f0000000440)={0x0, 0x86ed, 0x10100, 0x2}, &(0x7f0000000280), 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000200)={0x0}}, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)=ANY=[@ANYBLOB="4800000010001fff0000056842bb002552d215f6", @ANYRES32=0x0, @ANYBLOB="0000000000000000280012800a00010076786c616e00000018000280140011"], 0x48}}, 0x0)
socket(0x10, 0x3, 0x0)
r5 = syz_io_uring_setup(0x82e, &(0x7f0000000480)={0x0, 0xfffffffe, 0x10100}, &(0x7f0000000440)=<r6=>0x0, &(0x7f0000000080)=<r7=>0x0)
io_uring_register$IORING_REGISTER_PBUF_RING(r5, 0x16, &(0x7f0000000380)={&(0x7f0000001000)}, 0x1)
r8 = socket(0x10, 0x3, 0x0)
r9 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r9, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000300)=ANY=[@ANYBLOB="18000000240001030000000000000000010000000400ae"], 0x18}, 0x1, 0x0, 0x0, 0x8001}, 0x4000)
recvmmsg(r9, &(0x7f00000086c0)=[{{0x0, 0x0, 0x0}, 0x8}, {{0x0, 0x0, &(0x7f0000001a80)=[{0x0}], 0x1}, 0x80000000}], 0x2, 0x2020, 0x0)
syz_io_uring_submit(r6, r7, &(0x7f0000000700)=@IORING_OP_SEND={0x1a, 0x20, 0x0, r8, 0x0, 0x0, 0x0, 0x20044080, 0x1})
io_uring_enter(r5, 0x27e2, 0x0, 0x0, 0x0, 0x0)
setsockopt$inet_tcp_TCP_CONGESTION(r4, 0x6, 0xd, &(0x7f00000000c0)='vegas\x00', 0x6)

10.50207283s ago: executing program 5 (id=512):
r0 = syz_usb_connect(0x0, 0x3f, &(0x7f00000000c0)=ANY=[@ANYBLOB], 0x0)
syz_usb_control_io(r0, 0x0, &(0x7f0000000300)={0x84, &(0x7f0000000080)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
r1 = syz_open_dev$char_usb(0xc, 0xb4, 0x0)
ioctl$FS_IOC_GETVERSION(r1, 0x40015b19, &(0x7f0000000040))

10.021615337s ago: executing program 1 (id=514):
socket$inet6_tcp(0xa, 0x1, 0x0)
socket$inet6(0xa, 0x3, 0x8000000003c)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sendmsg(r2, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0)
listen(0xffffffffffffffff, 0x3)
bind$inet(0xffffffffffffffff, &(0x7f0000000180)={0x2, 0xc620, @local}, 0x10)
close(0x3)
socket(0x10, 0x3, 0x0)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000100)={0x0, 0xffffffffffffffff, 0x0, 0x7, &(0x7f0000000000)='cgroup\x00'}, 0x30)
r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
r4 = openat$cgroup_subtree(r3, &(0x7f0000000200), 0x2, 0x0)
write$cgroup_subtree(r4, &(0x7f0000000080)=ANY=[@ANYBLOB="2b637075a0"], 0x5)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup/syz1\x00', 0x1ff)
r5 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
openat$cgroup_int(r5, &(0x7f0000000180)='cpu.weight\x00', 0x2, 0x0)
write$cgroup_subtree(r4, &(0x7f0000000240)=ANY=[@ANYBLOB="2d6370752057488ab16591de1f7b4eaf886be74683a73310b7861003df0d35d6fe88d60e148cd860ebc3f782516815c499ab19b6409d44cb46e7f3748d397c985f354c3acb2ed6c985868dd0d383c1eb187820d256ec8ccc241ebe330392c9a546e6bf8e82d7d852765101c3df1a4f669b66dab77268f92e942f40007b4c0725fb2bdabc4dcb7f30ae067491e9a04138a4fe284b143b007c73ed91f44feaca80eee5f0956fe4e6dba321436fae64703b633d2468253d9129e3879a145f827eb8f29635305bda1734"], 0x5)

8.329494772s ago: executing program 0 (id=519):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
r3 = dup(r2)
r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
ioctl$KVM_XEN_HVM_CONFIG(r5, 0x4038ae7a, &(0x7f0000000000)={0x0, 0x40000105, 0x0, 0x0})
ioctl$KVM_SET_MSRS(r3, 0x4008ae89, &(0x7f0000000040)=ANY=[@ANYBLOB="01000000000800008b"]) (fail_nth: 3)

7.268411043s ago: executing program 0 (id=522):
socket(0x80000000000000a, 0x2, 0x0) (async)
socket$nl_generic(0x10, 0x3, 0x10) (async)
syz_open_dev$video4linux(&(0x7f0000000000), 0xf, 0x101800) (async)
r0 = syz_usb_connect(0x6, 0x24, &(0x7f00000001c0)=ANY=[], 0x0)
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0) (async)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)) (async)
socket$inet_smc(0x2b, 0x1, 0x0)
socket$nl_xfrm(0x10, 0x3, 0x6) (async)
socket$nl_route(0x10, 0x3, 0x0)
unshare(0x6a040000)
mmap(&(0x7f00002ad000/0xc00000)=nil, 0xc00000, 0x3, 0x8031, 0xffffffffffffffff, 0x0) (async)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(&(0x7f00000000c0), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000100)={'wlan0\x00'}) (async)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f00000001c0)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f0000000300)=@abs, 0x6e) (async)
socket$nl_audit(0x10, 0x3, 0x9)
sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) (async)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) (async)
bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x8, 0x3, &(0x7f0000000140)=ANY=[@ANYBLOB="1800000003000000097d1b525f21eabdd4df017e00"/33], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) (async)
sendmsg(r3, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0) (async)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0xb49, 0x9, 0x8, 0x0, 0x3}, 0x0) (async)
pidfd_getfd(0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r4 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f00000002c0)={'bridge_slave_0\x00', <r5=>0x0})
r6 = socket(0x10, 0x80002, 0x0)
sendmsg$nl_route(r6, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000080)=ANY=[@ANYBLOB="440000001300a7cc4a372eaf541d00200700", @ANYRES32=r5, @ANYBLOB="00000000100000001c001a80080002802d00ff0008000200", @ANYBLOB="35874207"], 0x44}}, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) (async)
userfaultfd(0x801)

7.22738468s ago: executing program 5 (id=523):
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, 0x0, 0x0)
r2 = syz_io_uring_setup(0x499, &(0x7f0000000400)={0x0, 0xd146, 0x0, 0xc, 0x288}, &(0x7f0000000100)=<r3=>0x0, &(0x7f0000000140)=<r4=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r3, r4, &(0x7f00000002c0)=@IORING_OP_SENDMSG={0x9, 0x40, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000540)={0x0, 0x0, 0x0, 0x0, &(0x7f0000001280)=ANY=[], 0x30}, 0x0, 0x0, 0x1})
io_uring_enter(r2, 0x3516, 0x0, 0x4, 0x0, 0x0)
shutdown(0xffffffffffffffff, 0x0)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
syz_usb_connect(0x0, 0x5a, 0x0, 0x0)
sendmsg(r1, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0)
sched_setattr(0x0, 0x0, 0x0)
r5 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r6 = dup(r5)
write$6lowpan_enable(r6, &(0x7f0000000000)='0', 0xfffffd2c)
r7 = syz_io_uring_setup(0x239, &(0x7f00000000c0)={0x0, 0x873d, 0x10100, 0x0, 0x1e3}, &(0x7f0000000180)=<r8=>0x0, &(0x7f00000001c0)=<r9=>0x0)
syz_io_uring_submit(r8, r9, &(0x7f0000000040)=@IORING_OP_POLL_ADD={0x6, 0x2, 0x0, @fd=r5, 0x0, 0x0, 0x0, {}, 0x1})
io_uring_enter(r7, 0x2ded, 0x4000, 0x0, 0x0, 0x45)
ioperm(0x0, 0x3, 0x2)
r10 = socket$nl_netfilter(0x10, 0x3, 0xc)
recvmsg(r10, &(0x7f0000001700)={0x0, 0x0, 0x0}, 0x0)
sendmsg$IPSET_CMD_LIST(r10, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000001540)=ANY=[@ANYBLOB="1c0000000706010800000000000000000a0000040500010007000000cfa7502043269fe73848914a"], 0x1c}, 0x1, 0x0, 0x0, 0x20000005}, 0x80)
r11 = syz_genetlink_get_family_id$batadv(&(0x7f0000000140), 0xffffffffffffffff)
sendmsg$BATADV_CMD_GET_MESH(r1, &(0x7f0000001040)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x400}, 0xc, &(0x7f0000001000)={&(0x7f0000000fc0)=ANY=[@ANYBLOB='<<', @ANYRES16=r11, @ANYBLOB="000129bd7000fbdbdf250100000008003b00ffffff7f08002c00ff010000050035009d00000008003b00ff0300000500290001000000"], 0x3c}, 0x1, 0x0, 0x0, 0x4008000}, 0x20000001)
setsockopt$packet_int(0xffffffffffffffff, 0x107, 0xf, 0x0, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r12=>0xffffffffffffffff})
sendmsg$unix(r12, &(0x7f0000000600)={0x0, 0x0, 0x0, 0x0, &(0x7f00000005c0)}, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)

7.164990373s ago: executing program 4 (id=524):
socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000005c0)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000040)={'bridge_slave_1\x00', <r1=>0x0})
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000140)=ANY=[@ANYBLOB="7c00000010000104000000000000000000000300", @ANYRES32=r1, @ANYBLOB="00000000000000005c001280110001006272696467655f736c6176650000000044000580050005"], 0x7c}}, 0x0)

7.136525224s ago: executing program 1 (id=525):
r0 = syz_io_uring_setup(0x10d2, &(0x7f0000000480)={0x0, 0x7734, 0x80, 0x0, 0x34f}, &(0x7f00000000c0)=<r1=>0x0, &(0x7f0000000080)=<r2=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x4, &(0x7f0000000180)=0xffff0000, 0x0, 0x4)
bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x8, 0xe, 0x0, &(0x7f0000000340)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_skb, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5)
syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_POLL_REMOVE={0x7, 0x15523ea56aa22b9a, 0x0, 0x0, 0x0, 0x12345})
r3 = mmap$KVM_VCPU(&(0x7f0000ffc000/0x4000)=nil, 0x930, 0x1000002, 0x4018831, 0xffffffffffffffff, 0x0)
r4 = userfaultfd(0x80801)
ioctl$UFFDIO_API(r4, 0xc018aa3f, &(0x7f00000000c0))
ioctl$UFFDIO_REGISTER(r4, 0xc020aa00, &(0x7f0000000040)={{&(0x7f0000ffa000/0x3000)=nil, 0x3000}, 0x1})
syz_memcpy_off$KVM_EXIT_HYPERCALL(r3, 0x20, &(0x7f0000000000)="1eb3bf65654102f4af4d221c8bd458d1e7cbdaf3657d0f34e790c85bdba7931791f6d15c3e681411f7a496c0dace6a3c242f5b016f64b4ef8a9cedaf6bec340dee49474360b24cb8", 0x0, 0x48)
ioctl$UFFDIO_WAKE(r4, 0x8010aa02, &(0x7f0000000080)={&(0x7f0000ffa000/0x2000)=nil, 0x2000})
io_uring_enter(r0, 0x47bc, 0x0, 0x0, 0x0, 0x0)

6.383260538s ago: executing program 4 (id=526):
rt_sigprocmask(0x0, &(0x7f0000000000)={[0xffffffed]}, 0x0, 0x8)
r0 = socket$netlink(0x10, 0x3, 0x0)
r1 = socket(0x10, 0x803, 0x0)
sendmsg$IPVS_CMD_SET_INFO(r1, &(0x7f0000000b00)={0x0, 0x0, &(0x7f0000000ac0)={0x0, 0x14}}, 0x0)
getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, <r2=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
socketpair$unix(0x1, 0x1, 0x0, 0x0)
close(0xffffffffffffffff)
setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x84, 0x64, 0x0, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000850600"/20, @ANYRES32=r2, @ANYBLOB="01000000000000001c0012000c000100626f6e64000000000c0002000800010006"], 0x3c}}, 0x0)
sendmsg$nl_route(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000540)=ANY=[@ANYBLOB="3c00000010001fff000000000100000000000000", @ANYRES32=0x0, @ANYBLOB="0000000000000000140012800900010076657468000000000400028008000a00", @ANYRES32=r2, @ANYBLOB="d5cd64931656e80585fdf3f576b777c49b5d4d229f3408cb2320f474d47ec4b7a681ab2e26c0f989ceadbbedcac5958262bc5dfbedc16be316c1b9ccad77c93d5fd0aabafd8ed303cbff010693328f5a21ffc6455687c6b053d3d5e9babeb9eb19bf1cd94f5df153774d3d813e72c0606e718b7e89a65b5522e807e3e573ea8518cf48c47f967eca0d65ad611825ee41d10be5c1a215b4a7ec42bd16696dd59cf114ddb7160381421e355d90241cb436117046d71b13e5abc92a7d"], 0x3c}, 0x1, 0x0, 0x0, 0x40000}, 0x0)
r3 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r3, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000640)=ANY=[@ANYRES32, @ANYRESHEX=r2, @ANYRESHEX=r2, @ANYRESOCT=0x0, @ANYRES64=r1, @ANYBLOB="d42250ec39ca0859c6b789de80659d70eead644b3db5cbaea9650927dfcc500be7f3185240115524dc71a0f011204029442088a8e13f232f4da9c8be3b61ab9de703c35d0783659a61abfc32a24681ac85f01f424bc24585ccaba27e0592781b2695c31c680ab2547c84524154cfa11f63b34fc611f259b1a630f2fc08aaeb3d7df2bbf64c230ea6c813763dda5ebf9468a196778c7910136cf6d9a2e610149591a73f4c4e98001ee7f30450c062b75d663db632a40473a37f06117cc723258b2e92560f701649e79f07", @ANYRESDEC=0x0, @ANYBLOB="14ba7b47c8e3b51c87e8560e1b486e07ae027622b73762806ad1c24c8432fb63c85d7bed22c39ce1ccf564a38ec52f449a718b5f4967a1be84821b149c57f30857cc2cca1253766f"], 0x3c}, 0x1, 0x0, 0x0, 0x4008040}, 0x8020)
r4 = socket$nl_route(0x10, 0x3, 0x0)
r5 = socket(0x1, 0x803, 0x0)
getsockname$packet(r5, &(0x7f0000000100)={0x11, 0x0, <r6=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000001c0)=0x14)
r7 = socket$unix(0x1, 0x1, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r7, 0x8933, &(0x7f0000000100)={'veth1\x00', <r8=>0x0})
sendmsg$nl_route(r4, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000400)=ANY=[@ANYBLOB="4c0000001000030400"/20, @ANYRES32=0x0, @ANYBLOB="46060900000000001c00128009000100766c616e000000000c000280060001000400000008000500", @ANYRES32=r8, @ANYBLOB='\b\x00\n\x00', @ANYRES32=r6, @ANYBLOB="4e7e813d3467b08503d82dbb36a99bb9e740126ef7417be78504c324883687ce5f10410e67a1fece953de7ddc4151abd5a41b210e27cecd7b56081cb6708e00e6336781cc8964f03981fbfbd5625bfa0fbab856597d7ebb483e9522c0b5081c58afe4431c9fc3790d089d4e46051ac343b4bc1397149f45f94fb3c914d683753aaac252290361b3d222cda426aab099194709e6e6d960618d9eb9419a73e73b95983761b19e07ebb89229d2ccc7e6abcf8c4aade97b26778d51a2a3a14461c"], 0x4c}, 0x1, 0x0, 0x0, 0x600}, 0x0)
r9 = socket$inet_sctp(0x2, 0x5, 0x84)
r10 = socket$inet6_sctp(0xa, 0x1, 0x84)
getsockopt$inet_sctp6_SCTP_MAX_BURST(r10, 0x84, 0x83, &(0x7f0000000000)=@assoc_value={<r11=>0x0}, &(0x7f0000000300)=0x8)
syz_usbip_server_init(0x1)
syz_usbip_server_init(0x2)
r12 = socket$nl_netfilter(0x10, 0x3, 0xc)
getsockopt$sock_int(r12, 0x1, 0x47, 0x0, &(0x7f0000000080))
getsockopt$inet_sctp_SCTP_DEFAULT_SEND_PARAM(r9, 0x84, 0xa, &(0x7f0000000000)={0x5, 0xfff, 0x8, 0x2, 0x5382285e, 0x80000000, 0x5, 0x48a5, r11}, &(0x7f0000000040)=0x20)
r13 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r13, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000007c0)=ANY=[@ANYBLOB="6c0100001700010029bd70000000000000000000fffffff70000ffffac1e00010000000000000000e0000054cb1a7f000000000000000000fe800000000000000000000000000000200100000000800000000000000000020000000000000000000000003b00000091ea3f2a3b816dfbf6550d74567a18532fc6b130d76215ab9e21ab2a229aa22dcf0900000000000000a1ee7ae8067f557a4f39f25c3eb0a9f77f7a64f873c0609b14fb217c18e9a0121f70cbefe884a9fbf1fe0f3e1eccd813babc9279966d78674a12c4197d4d53ba559365c86e05c06d26e0684f8655f116b0d7cd21a77a3c15ed57a4472a48ec55867b6883", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="ac1414aa0000000000000000000000002001000000000000000000000000000100000000000001ff0200000000000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000008000000000003000000000000000000000000000000000000000000010000000000000000000000000000000000000000000000000000000000000000000000000044000800000000000000000000000000000000000000000000000000000000007f00000100"/192], 0x16c}}, 0x0)
syz_genetlink_get_family_id$nl80211(&(0x7f00000003c0), 0xffffffffffffffff)

6.164790055s ago: executing program 1 (id=527):
r0 = socket$inet6_udplite(0xa, 0x2, 0x88)
preadv(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0)
setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f00000008c0)=@raw={'raw\x00', 0x3c1, 0x3, 0x34c, 0x1f0, 0xc8, 0x8, 0x1f0, 0x5803, 0x344, 0x2e8, 0x2e8, 0x344, 0x2e8, 0x3, 0x0, {[{{@uncond, 0x0, 0xc8, 0x130, 0x0, {0x0, 0x2000000000000}, [@common=@inet=@socket1={{0x24}}]}, @unspec=@CT1={0x68, 'CT\x00', 0x1, {0x1, 0x81, 0x8, 0x6, 'syz0\x00', 'syz1\x00', {0x33}}}}, {{@ipv6={@private0, @local, [0x0, 0xff000000], [0x0, 0xff, 0xffffff00, 0xffffff00], 'nr0\x00', 'macvlan0\x00', {0xff}, {}, 0x6, 0x6, 0x4, 0x4}, 0x0, 0xec, 0x154, 0x0, {}, [@common=@ipv6header={{0x24}, {0xc2}}, @inet=@rpfilter={{0x24}}]}, @unspec=@CT1={0x68, 'CT\x00', 0x1, {0x0, 0x0, 0x0, 0x0, 'netbios-ns\x00', 'syz1\x00'}}}], {{'\x00', 0x0, 0xa4, 0xc8}, {0x24}}}}, 0x3a8)
r1 = socket$inet6(0xa, 0x3, 0x8000000003c)
connect$inet6(r1, &(0x7f0000000040)={0xa, 0x0, 0x3, @dev, 0x9}, 0x1c)
sendmsg(r1, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2c}, 0x44004)

5.396074977s ago: executing program 1 (id=528):
r0 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r1 = dup(r0)
write$6lowpan_enable(r1, &(0x7f0000000000)='0', 0xfffffd2c)
r2 = syz_io_uring_setup(0x239, &(0x7f0000000740)={0x0, 0x1c2a, 0x10100, 0x2, 0xfffffffd, 0x0, r1}, &(0x7f0000000180)=<r3=>0x0, &(0x7f0000000340)=<r4=>0x0)
syz_io_uring_submit(r3, r4, &(0x7f0000000040)=@IORING_OP_POLL_ADD={0x6, 0x2, 0x0, @fd_index=0x4, 0x0, 0x0, 0x0, {0x88}, 0x1})
socket$nl_netfilter(0x10, 0x3, 0xc)
io_uring_enter(r2, 0x2ded, 0x4000, 0x0, 0x0, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000280)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff})
r7 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='memory.swap.events\x00', 0x275a, 0x0)
setsockopt$sock_attach_bpf(r5, 0x1, 0x2a, &(0x7f0000000100)=r7, 0x4)
sendmsg$unix(r6, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f00000001c0)='M', 0x1}], 0x1, 0x0, 0x0, 0x810}, 0x4000080)
recvmsg$unix(r5, &(0x7f0000000580)={0x0, 0x0, 0x0}, 0x10002)
syz_open_dev$vim2m(&(0x7f0000000440), 0x4, 0x2)
openat$sysfs(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/config', 0x0, 0x0)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000080)={0xffffffffffffffff, 0x18000000000002a0, 0xc1, 0x0, &(0x7f0000000100)="b9ff030f6044238cb89e14f088ca1bff43052f002000636777fbac141443e000000d62079f4b4d2f87e56dca6aab845013f2325f1a3901050b038da1880b25181aa59d943be3f4aed50ea5a6b8686731cb89ef77123c899b699eeaa8eaa0073461119663906400f30c0600000000000059b6d3296e8ca31bce1d8392078b72f24996ae17dffc2e43c8174b54b620636894aaacf28ff62616363c70a440aec4014caf28c0adc043084617d7ecf41e9d134589d46e5dfc4ca5780d38cae870b9a1df", 0x0, 0xfe, 0x60000000, 0x0, 0x0, 0x0, 0x0}, 0x4c)
r8 = socket$inet_sctp(0x2, 0x800000000000001, 0x84)
sendto$inet(r8, &(0x7f0000a34fff)='H', 0x1, 0x0, &(0x7f0000030ff0)={0x2, 0x0, @local={0xac, 0x14, 0xffffffffffffffff}}, 0x10)
mprotect(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1)
shutdown(r8, 0x1)
getsockopt$inet_sctp_SCTP_CONTEXT(r8, 0x84, 0x11, &(0x7f0000000140)={0x0, 0x1}, &(0x7f00000001c0)=0x8)
syz_open_dev$sndmidi(&(0x7f0000000100), 0x8, 0x20040)
r9 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r9, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000140)={0x24, 0x3e, 0x107, 0x0, 0x0, {0x4, 0x7c}, [@nested={0x4, 0x12}, @nested={0xc, 0x1, 0x0, 0x1, [@typed={0x8, 0x2, 0x0, 0x0, @uid=0xee00}]}]}, 0x24}, 0x1, 0x0, 0x0, 0x8000}, 0x0)
r10 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r10, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r11 = socket(0x400000000010, 0x3, 0x0)
r12 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r12, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r13=>0x0})
sendmsg$nl_route_sched(r11, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r13, {0x0, 0x1}, {0xffff, 0xffff}, {0x0, 0x9}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8}}]}, 0x38}}, 0x0)
sendmsg$nl_route_sched(r11, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000600)=@newtfilter={0x70, 0x2c, 0xd27, 0x30bd2b, 0x25dfdbfd, {0x0, 0x0, 0x0, r13, {0xd, 0xffff}, {}, {0x7}}, [@filter_kind_options=@f_flow={{0x9}, {0x40, 0x2, [@TCA_FLOW_EMATCHES={0x3c, 0xb, 0x0, 0x1, [@TCA_EMATCH_TREE_HDR={0x8, 0x1, {0x7}}, @TCA_EMATCH_TREE_LIST={0x30, 0x2, 0x0, 0x1, [@TCF_EM_IPT={0x2c, 0x1, 0x0, 0x0, {{0x2008, 0x9, 0x40}, [@TCA_EM_IPT_NFPROTO={0x5}, @TCA_EM_IPT_MATCH_DATA={0x4}, @TCA_EM_IPT_MATCH_NAME={0xb}, @TCA_EM_IPT_HOOK={0x8}]}}]}]}]}}]}, 0x70}, 0x1, 0x0, 0x0, 0x10}, 0x8c014)

4.108921046s ago: executing program 1 (id=530):
keyctl$set_reqkey_keyring(0x6, 0xfffffffffffffffd)
socket$inet6(0xa, 0x800000000000002, 0x0)
userfaultfd(0x801)
syz_io_uring_setup(0x48ba, &(0x7f0000000000)={0x0, 0xffffffff, 0x1000, 0xfffffffb, 0x333}, 0x0, 0x0)
pselect6(0x40, &(0x7f0000000100)={0x0, 0x3, 0x0, 0x100000000000000, 0x10000, 0x80000000000000, 0x80000}, 0x0, 0x0, 0x0, 0x0)
creat(&(0x7f00000003c0)='./bus\x00', 0x0)
r0 = open(&(0x7f00000006c0)='./bus\x00', 0x18d03e, 0x0)
r1 = open(&(0x7f00000004c0)='./bus\x00', 0xe2802, 0x0)
ioctl$AUTOFS_DEV_IOCTL_ASKUMOUNT(r1, 0xc018937d, &(0x7f0000000140)={{0x1, 0x1, 0x18, r0}, './bus\x00'})
mmap(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x7ffffe, 0x11, r0, 0x0)
r2 = gettid()
syz_usb_connect(0x5, 0x59, &(0x7f0000000040)=ANY=[@ANYBLOB="12010000ec13b2106c04e814280b0102030109024700010000000009046900000e010000082402010202"], 0x0)
process_vm_writev(r2, &(0x7f0000c22000)=[{&(0x7f000034afa4)=""/1, 0x1f80}], 0x2b, &(0x7f0000c22fa0)=[{&(0x7f0000000080)=""/1, 0x2034afa5}], 0x1, 0x0)
creat(&(0x7f0000000040)='./bus\x00', 0x0)
socket$nl_route(0x10, 0x3, 0x0)
r3 = socket$nl_route(0x10, 0x3, 0x0)
syz_open_dev$hidraw(&(0x7f0000000080), 0x0, 0x418000)
syz_usb_connect$cdc_ncm(0x0, 0x6e, &(0x7f0000000040)=ANY=[@ANYBLOB="12010000090000082502000000000000000109025c00020100f92a0904000001020900000524060001053408fa6e0d240f0100000000000d000a0006471a010000190581"], 0x0)
syz_open_dev$char_usb(0xc, 0xb4, 0x0)
r4 = userfaultfd(0x801)
r5 = socket$inet_udp(0x2, 0x2, 0x0)
ioctl$UFFDIO_API(r4, 0xc018aa3f, &(0x7f00000001c0))
ioctl$UFFDIO_REGISTER(r4, 0xc020aa00, &(0x7f0000000080)={{&(0x7f00000e2000/0xc00000)=nil, 0xc00000}, 0x2})
ioctl$UFFDIO_COPY(r4, 0xc028aa03, &(0x7f0000000000)={&(0x7f00002b9000/0x400000)=nil, &(0x7f0000779000/0x1000)=nil, 0x400000, 0x3, 0x2})
mmap(&(0x7f0000000000/0x400000)=nil, 0x400000, 0x1000002, 0x11012, r5, 0x0)
r6 = syz_open_procfs$namespace(0x0, &(0x7f0000000080)='ns/user\x00')
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000700)=ANY=[@ANYBLOB="30000000100000012bbd70000000000000000000", @ANYRES64, @ANYBLOB="000000000000000008001c00", @ANYRES32, @ANYBLOB="0800f42421d23a19a61c00", @ANYRES32=r6, @ANYBLOB], 0x30}}, 0x0)
ioctl$EXT4_IOC_SETFSUUID(r3, 0x4008662c, &(0x7f0000000640)={0x3ace403d1942a782, 0x0, "8ade450000000ea9af20c5842b030f02"})
r7 = memfd_create(&(0x7f0000000000)='prodM\xb0\xea\a\x06\xbe\xaen/\xce4\xb7\xc1\xef\xba!\x9d\rSt\xa24\t\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x1dz\xd05\xe2e,\xb1\x84\xea\x91^%A\xe5\x9e\x13TdT\xc6^p\xb0#R\x04\x06\xae\xebA;X\x14\x97\xabh\xd1/\x84\x8a\x91$GY\xeb\x8f\xec\xb4\xf9\x1f\xb7\x04\xc2\xc0\xc6\xb4\v\xff\xfc\x88\x90\xabC\x02\x00\xf04\x03\x88\xae9\'>R^P{Vr!\xe2\x02\x00\x00\x00\x00\x00\x00\x006\x96\xffZ\\A@\x00\x00\x00\xc9\xf3Y\xb8\x89#\xa1\xb1)Dk\xeb\xa1\t\x00{u[\xbd\x9d\xf4\xbf\\\xce\x02P\xf2MY\x05^\xffj\x9c\x14\xb7\xb6v2*1>\x00 \x00\x00\x00\x00\x14C?]\x8c\xb4Y\xcf\x80\x85\xd6\x036\xc8~\xa8\f\x00\x00\xb5M\x9a\x9dc\xaaAU\xec\xe06\xed\xe4\xfb\xdf\a\xd0lg\x13\xf9\x8b:s>\xd7s\xef\xb3\x9f#\x15)\xf9\xe10\xc7\xb262<k\xa8\x88\x01\x00fhD\xe7\xb6\x17\x80\x95\xa8\x1e\t\xb01KF\xcb\x00\x1e\x7fE\x7f\x02\x00\x00\x00y<nGR\x94\x99\xb8\x89\x9b\x8f\xd5\xe6\x02\xb5C\xad\"u\xf4>\x00\x00\x00\x00\x00\x00\x00\x00Nz\x0eu\x8f\x01\x00\x00\x00\x00\x00\x00\xdd\xff\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\xc3\xa7/\x0f\x9b`\xa5\x98\x81a\xeev\x00\x00\x00\x00\a\x10\x00m2\xf2\xd8,\x17\xf8\x8e\xae\xc8\xad\xed<\"\x8e\n\x9d\xb13\x8d\xef\x96\xd2I\"8=tg\xdfU\xd0q\x95/f\xec\xdc\xa3\xe1[\xc0\xaa\xefz\xc9\xf4[\x00\x00\x00Q\xff}5\x94\x88\xa1\xdc\xa1g\xe0q\xc5:\xe4\xdf\x80\xb3,\xb9\xb2\xdc\x81\x9f6\x0f\x84WY\xbfSY`\xb8\a\x19\xb1\x058\xa4\xc3\xbb\xf8aB:\x84\x02?\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xf3o-GU\xb0\x00F\xb3o(aI[\xd6\x9fG\xaeI\x83\x93\x8cC\xc0#\xe0q\xd0Ex|\xdb\xa8\x16\xfe>:\t0\xfd\x8a\xc7\x84\xb5\xc7M-0A\xf0\xc95\xcc\xb6\xf6\xe8o\xfd\x882\xb3\xa84\xac\x00\xdd}Ft\xc6\xcc\f}1X#\xe4\xe1\x94i\xce\xa1\xff\x95\x80\xb4T\x9c\x01\xf3\x1cLB\x94m(m\f\xbc\xebY\xa0\xf7\xf0\x9d\x10\xbd\x86\x1by\xe6\xdf\xc0\xc5\xb9\xb9\xbf\xdf~9\nC\xe9\xc5\x0e\xda\x9c(\x9b\"\xc7\x97\xfc\b\xd9\xc2T\xa7*}]\xc8\xb3 .\x9b\x89\x0f\xf8$\xdd>lU\x13EG\xbb1] \xda\x19\xc5\x9b\x15\x95\xc4\xfcw\xbb\x92\x91\xc4\xa6\x907XK\xfc\x17]\xfa\xff\'\xef\x92\x1c\xb8\x1fK\xb2o \xd1\xbd\xb2\x11+\xa3R\xefQ\xc2\xbdW\x05\xec\xb3=@\x03\xc6^\xa2\x15%\xb0\'D#\xb6Q\x8f\x82?S>\x0fP\x9cE\x92{d\xe6\x9cj1\x87\xb3\x01\xde\xd3\x84d\xf4\x134\x00\x00\x00\x00h\xaa\x15\x9a\xf7\x03\x00%\x88p\x90\xbb\x9dt\xa3\xe1\r\x8d\x94\"\x19\x8b\x17)\xea\xd5\x17\xeb\xe4\x1b\x0fBZ1\xbe\xee\xfa\x1c\xf9\xa6\x11\x94\x06\\P:\xaf\xcex\xc2\x82\x9a\x16\xfc\xa1\xf9q\x12\xe3\x1a\xdc\xb7\x12\xbba\b\xbb\xed\xb2\xd1W\xe2\x8b\x8d8}\x10W\xbd\xa60k2\x03\xfa\x890\x86#\bQ\xcb)\x00]\x9e\x14\xd2\xea\x82\xa8\xb7ZG\x15r\xf1\t\x00\x00\x00 \xc1\xaf\x19?\x00\\\x91\x13\x1b8\xe1\xc3\xa4\v\x94\xbfJ\xb5\xde\x95\x82\x00]B|\xe2[%\xe3\xf0\x04\xba\xed\xdb\xf5\x7f\x9d\xfe>\xf6m$M&\x7fq]\xe4\xf6\x82\xc3\x00\xb1zg}\x99E\xa4\x19\xe9\x1a4a\xd75D-k\x84\xa6\x12+\xebk\xa1\xfek\x89\xef\x18\xc1)6\xa65\xe2D\xbe\xe1\xdfq\xdd68\xf37g\xab9m\xe7\xddO\v?\xe0\xbe}\xa9U\xc7{\xd3\x16W\xbb\xe5\xd2\x93\xfe\xa4\x9d\r$\xe91c8`\x86\xbc)\xc6\x12\x8c_x\xa8\xfa\xb5K\x03\x85\x93k\xe1\x8e\x1f)\".\xcc\'\v\xa6\x1bj\\\n\xe98yA\xd8T\x85\x80A\xcbo\x99\x99\xeb)r\x1a\xce\x18(\x185LL\xbcOeO\'\xe2\x86&\xe4\xe2\xe7~\x92\xa2\xb2\x9b\xc3\x00\x85\xce\xad7\x87\xa0\xfcc\xf5\xf8\xaf\v,q\xd4\x18\xbdM\x1a\xde\xba*L\x05m6\xecH\xd0T\xb8m\xdb\b\xa6\x02\xfb\x13\xac\x91\x8a\x8d\x94\x93\x8d=\xb1\x84\x9c\x9b\xe5\xc7\xa6\xc9Q\xc1eUc\xcc\x180^\x00\x00\x00\x00\x00\x00\x00\x00\xe7]6+\\\x00\x00\x00\x00?#C.\x1dj\xd9\xc3\xdd&\x80g:N\xec\x06[\x8f\x92\xe2\xb01\xb0\xef\x10,\xde\xf3\x86D\x8b\xf7\xf1>AH\xef\\\xf9\x8b\a\xe0\xb2\xcb\xf0\x97\b\r\xd5`\xb9\xd6\xa4\x1e\xbe\x12-}\xc5\x84\xde@\x18\x87\f\x01O\xedS\x8f\x9en,\xbce\xb2\xe4\x82v\x1c\xed\x84-s\xab\x06b\x9c\xba\xec\xa5\xc9A\x84\xd0\xe0 S\xc8\xa2\xaf\x85\v\xad\xa5\x88\xcf\xb6}`\x14\'\xea\xbfN\xac)\xa1\xe8\xb2\x9f\x112TJ\x16\x8c9\xe9\xf5\x18\x15Dd\x8a%>\x91\x93\x88\xe9\x18\x82]\x9e&\xfa\xaa\xfa8Z2\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00?\xb35\x00\xfb\xac8wAph\xb4\x9d\x14\xf6\xec+f\'\xa3\xb9\xaf\x87X\xec\x13\x9c\xc5\x84\xde\x1b\x11\xe8\\}\xf81\xe6U3\xf9~\xdfD[\x1a\x02\x1f\xd2\x1as-\x9c\x01\x86\xa7\xb8\xc5\xeeOg\x99j\xedu\xafO@\x8e\xf24w\xad\x130Z&\xcb\x81\xfc\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00Lo\x12\x00\xa2\xa5$9\x05O\xfe\x0e\xd2N\x98\x84\x10\x01\x89\xaa)\x118\xcd\xf8>\xab\xd9\xbd\xcfH\xa5\x8e\x14\x12\xb0OF\x80\xbb\xb6B\x80Q \x85\'w\xc8D\xf9\xfa\fq\x9e\x83I\xe5\n\xae8\xb7\f\xab#\x85Y\xeeH\x98\x84\x8cRv\xdcZ<\x80\xbd\x8d~\n\x88-\xa1\x97\xaf2e\xa6\'\x8aQ\x85}\xf1\rJF\f\x8c_\x01\xbe\'\v1\xccL\x0e\x05\xbdIa\x85\xb8\x14\xe0;}\xb7\x11\xb5\xfa\xeb\x13\xd3\x92\x8a\xe47\xf9\x12\xd9\xd5\x99\xf4\t\xdf\x058\xc4]\xf7\x16J\xf9\xce\xf0zG\xe6i\xf1~\xaaL\xa5\xd5\xe5L\xban?\'\x11B\xeav\xbf|\xc6\xc9>\xfc\x14\xbe7T\x00\x05\x05\x13}', 0xf)
fcntl$setstatus(r7, 0x4, 0x42000)

4.108620458s ago: executing program 0 (id=531):
r0 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000480), 0x2, 0x0)
pwritev(r0, &(0x7f0000000600)=[{&(0x7f0000000040)="02000000", 0x4}, {&(0x7f0000000280)="f697079a161cfb7702311e629acda76933ddd0c24174eb4d4d28f9", 0x1b}, {&(0x7f000000a380)="527102587a0a4e43ad3f5ef0c0", 0xd}], 0x3, 0x0, 0x0)

3.909439948s ago: executing program 0 (id=532):
syz_fuse_handle_req(0xffffffffffffffff, 0x0, 0x0, 0x0)
timer_create(0x0, &(0x7f0000000080)={0x0, 0x11, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000000))
timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x8}, {0x0, 0x9}}, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x1, 0x3, &(0x7f0000000200)=@framed={{0xffffff85, 0x0, 0x0, 0x0, 0x2f, 0xffffffd4, 0x0, 0x0, 0x10}, [], {0x95, 0x0, 0x20}}, &(0x7f0000000240)='GPL\x00', 0x1, 0x473, &(0x7f0000000280)=""/195, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000000), 0xffffffffffffff60, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x48)

3.554571342s ago: executing program 5 (id=533):
r0 = syz_usb_connect(0x0, 0x3f, &(0x7f00000000c0)=ANY=[@ANYBLOB], 0x0)
syz_usb_control_io(r0, 0x0, &(0x7f0000000300)={0x84, &(0x7f0000000080)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
r1 = syz_open_dev$char_usb(0xc, 0xb4, 0x0)
ioctl$FS_IOC_GETVERSION(r1, 0x40015b19, &(0x7f0000000040))

3.254740774s ago: executing program 4 (id=534):
userfaultfd(0x80801)
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpu.stat\x00', 0x275a, 0x0)
write$uinput_user_dev(r0, &(0x7f00000006c0)={'syz0\x00', {0x4, 0x200, 0x6a, 0x9}, 0x40, [0x200, 0x10000000, 0x1, 0x458, 0xfff, 0x9, 0x5, 0xffffffff, 0x2, 0x1, 0x1000, 0xfff, 0x8, 0x7, 0x5, 0x2, 0x200, 0x5, 0xfffffffc, 0x9, 0x8001, 0x81, 0x8, 0x6, 0x0, 0x5, 0xa, 0x9, 0x98, 0x80000000, 0x5, 0x7fff, 0x8, 0x1c0000, 0xc, 0x5, 0xffff, 0x5, 0x2, 0x8, 0x4000006, 0x7, 0x3, 0xd27, 0x0, 0x4031, 0x8, 0x6, 0x9, 0x7e9, 0x9, 0x1, 0x7f, 0x5, 0x7f, 0x2, 0xd, 0x8001, 0x0, 0x9a5a, 0x3, 0x7, 0x200], [0x4, 0x4, 0x8, 0x6, 0x2, 0x7, 0x1, 0x21c04, 0x200, 0x9, 0x7, 0x10, 0x5, 0x10001, 0x10, 0x8, 0x5, 0x368, 0x1, 0x3ff, 0x6, 0xb51c, 0x6, 0xd438, 0x0, 0x4, 0x6, 0xc69, 0x8, 0x5, 0x98, 0x9, 0x50, 0x3, 0x5, 0x8, 0xffffffc0, 0x8, 0x101, 0x2, 0x686, 0xfffffffe, 0x85, 0x5, 0x4, 0x9, 0x4, 0x0, 0x8, 0x0, 0x4, 0x5, 0x8ef7, 0x1, 0x8, 0x74da, 0x1, 0x0, 0x10, 0x9, 0xff, 0x1c7, 0x1, 0x100], [0x400, 0x17, 0x1, 0x82, 0x4, 0x84c6, 0x200, 0xc, 0x22, 0x7, 0x7, 0x4, 0x3ff, 0x7f, 0x9, 0xac, 0x3, 0x0, 0x5, 0x5, 0x4, 0x10, 0x5, 0x3, 0x38b1, 0x4, 0x4, 0x9, 0xe, 0x8, 0x9, 0x2, 0xa1da, 0x4049, 0xc, 0x0, 0x1, 0x40d, 0x16, 0x8001, 0x10c, 0x8001, 0xfffffffa, 0x6, 0x0, 0x1, 0xb, 0x3, 0x6, 0x40, 0x81, 0x8, 0x1, 0x1, 0x65, 0x0, 0xe4, 0xffff, 0x2, 0x8, 0x5, 0x7, 0x7d, 0x1], [0x2, 0x7, 0x3, 0x5, 0x1, 0x7, 0x369, 0x3ff, 0x401, 0x1, 0x7, 0x0, 0x10001, 0x3, 0x6, 0x2, 0x4a1, 0x0, 0x9, 0x7, 0x9000, 0x7fffffff, 0xf, 0x2, 0x7, 0x1, 0x3, 0x4, 0x2, 0x3, 0x1, 0x40, 0x0, 0xe8e2, 0x0, 0x80000000, 0x13de, 0x8, 0xffffffff, 0x5, 0xd, 0x3, 0x2fece7e2, 0x0, 0x0, 0x3, 0x7ff, 0xff2, 0x53c5, 0x8, 0x4, 0x1, 0x400, 0x7, 0x4, 0x8c, 0x4, 0x4, 0xcf, 0x10001, 0xc, 0x3ff, 0x6, 0x900]}, 0x45c)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x9, 0x12, r0, 0x0)
prctl$PR_SET_VMA(0x53564d41, 0x0, &(0x7f0000fff000/0x1000)=nil, 0x1000, &(0x7f0000000000)='%#\a$-\xf4')

3.037296616s ago: executing program 2 (id=535):
r0 = socket(0x10, 0x3, 0x0)
setsockopt$netlink_NETLINK_TX_RING(r0, 0x10e, 0xc, &(0x7f0000000180)={0xffffff}, 0x10)
write(r0, &(0x7f0000000000)="240000001a005f0214f9f407000904001f00000000040001000000000800040001000000", 0x24)
r1 = socket$l2tp(0x2, 0x2, 0x73)
bind$l2tp(r1, &(0x7f0000000000), 0x10)
sendto$l2tp(r1, &(0x7f0000000300)="e5786a0d000000000000c83b82e1b3764d36221fcb4695763a959c713a34ffa7e414180e6ed38d711735c299bf30e818ea5cff67218b88733e7ee44dc35fce2ec67e5a8697f47507dbf8e193f2a6d9be2314876e733aa68d6f4b9919983cf21ac47b8f1df0ce8d6255e0d265d56feaa2ff1383a947159255fb2b4fcd7e22cb624dbf9bbbb26c08d40f838d92fe5e3a56e280b79595a6e465d25516ebfc5cbd96daf73041b6a9d3a50a39e077c5e285d2875434c2aacd72e0e5d0bce58f5e4d4537530cfb12838658c8e55c3337ee612bccb08ae3d5e2f67d7f533768645d71bcd2388d0259cd4a53eb29960a454a12644809c2b488847144dae2d6ebc79be97f659aa40f7412", 0x106, 0x24048014, &(0x7f0000000100)={0x2, 0x0, @loopback}, 0x10)
recvfrom$l2tp(r1, 0x0, 0x0, 0x20, 0x0, 0x0)

2.872695301s ago: executing program 4 (id=536):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
r2 = dup(r0)
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
ioctl$KVM_XEN_HVM_CONFIG(r4, 0x4038ae7a, &(0x7f0000000000)={0x0, 0x40000105, 0x0, 0x0})
ioctl$KVM_SET_MSRS(r2, 0x4008ae89, &(0x7f0000000040)=ANY=[@ANYBLOB="01000000000800008b"])

2.872470132s ago: executing program 2 (id=537):
unshare(0x6a040000)
mmap(&(0x7f00002ad000/0xc00000)=nil, 0xc00000, 0x2, 0x8031, 0xffffffffffffffff, 0xcb2e7000)
r0 = bpf$BPF_LINK_CREATE(0x8, 0x0, 0x9)
sendfile(r0, r0, &(0x7f0000000000)=0x800, 0x3)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x275a, 0x0)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x13, r1, 0x2000000)
ioctl$PPPOEIOCSFWD(r1, 0x4004b100, &(0x7f0000000040)={0x18, 0x0, {0x3, @random="2db7476f860c", 'pim6reg\x00'}})
r2 = socket$inet6_udp(0xa, 0x2, 0x0)
setsockopt$IP6T_SO_SET_ADD_COUNTERS(r2, 0x29, 0x41, &(0x7f0000000280)=ANY=[@ANYBLOB="6e6174000000000000000000000000000000000000000000000000000000000005000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000200"/116], 0x74)

2.515446566s ago: executing program 4 (id=538):
r0 = socket$inet6_udplite(0xa, 0x2, 0x88)
preadv(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0)
setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f00000008c0)=@raw={'raw\x00', 0x3c1, 0x3, 0x40c, 0x1f0, 0xc8, 0x8, 0x1f0, 0x5803, 0x344, 0x2e8, 0x2e8, 0x344, 0x2e8, 0x3, 0x0, {[{{@uncond, 0x0, 0x188, 0x1f0, 0x0, {0x0, 0x2000000000000}, [@common=@unspec=@string={{0xc0}, {0x0, 0x0, 'bm\x00', "cfcaf80c672f61cd17ae5119b5135c2aee68d23a465cd431e1ecef50c3234e082555f67222476147864fa03182f5df11d8c348cbd06dc8de1dcbde7d4e252c3394fed47bf78c70f607b0178fa5ea335019ac07a602061c96baebc989f1f35a214e67262c1fe4b124e0f7323a587d2a1fcfe36bbf12eca0a7b66c60c527bac2b5", 0x21, 0x2}}, @common=@inet=@socket1={{0x24}}]}, @unspec=@CT1={0x68, 'CT\x00', 0x1, {0x1, 0x81, 0x8, 0x6, 'syz0\x00', 'syz1\x00', {0x33}}}}, {{@ipv6={@private0, @local, [0x0, 0xff000000], [0x0, 0xff, 0xffffff00, 0xffffff00], 'nr0\x00', 'macvlan0\x00', {0xff}, {}, 0x6, 0x6, 0x4, 0x4}, 0x0, 0xec, 0x154, 0x0, {}, [@common=@ipv6header={{0x24}, {0xc2}}, @inet=@rpfilter={{0x24}}]}, @unspec=@CT1={0x68, 'CT\x00', 0x1, {0x0, 0x0, 0x0, 0x0, 'netbios-ns\x00', 'syz1\x00'}}}], {{'\x00', 0x0, 0xa4, 0xc8}, {0x24}}}}, 0x468)
r1 = socket$inet6(0xa, 0x3, 0x8000000003c)
connect$inet6(r1, 0x0, 0x0)
sendmsg(r1, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2c}, 0x44004)

2.172697838s ago: executing program 0 (id=539):
r0 = socket$nl_route(0x10, 0x3, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xf, 0x4008032, 0xffffffffffffffff, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0xb)
r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
ioctl$TIOCSETD(r1, 0x5423, &(0x7f0000000000)=0x3)
ioctl$TIOCSLCKTRMIOS(r1, 0x80047437, &(0x7f00000010c0))
r2 = syz_open_dev$tty1(0xc, 0x4, 0x1)
ioctl$TIOCSWINSZ(r2, 0x5414, &(0x7f0000000040)={0x9, 0x2, 0x1000, 0x5})
r3 = socket$inet6(0xa, 0x80003, 0xff)
setsockopt$inet6_int(r3, 0x29, 0x49, &(0x7f0000fcb000), 0x4)
mremap(&(0x7f0000001000/0xc00000)=nil, 0xc00000, 0x2000, 0x0, &(0x7f0000c87000/0x2000)=nil)
mremap(&(0x7f0000000000/0x9000)=nil, 0x600000, 0x200000, 0x3, &(0x7f0000a00000/0x600000)=nil)
setsockopt$inet6_int(r3, 0x29, 0x16, &(0x7f0000000000)=0xfffffffe, 0x4)
r4 = syz_genetlink_get_family_id$l2tp(&(0x7f0000000040), 0xffffffffffffffff)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$L2TP_CMD_SESSION_GET(r5, &(0x7f00000002c0)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRES16=r4, @ANYBLOB="01012abd700000000025081f0000140008"], 0x28}, 0x1, 0x0, 0x0, 0x20040000}, 0x4044000)
r6 = socket$inet6_sctp(0xa, 0x5, 0x84)
getsockopt$inet_sctp6_SCTP_PRIMARY_ADDR(r6, 0x84, 0x7a, 0x0, &(0x7f0000000040))
sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000000)=ANY=[], 0x28}, 0x1, 0x0, 0x0, 0x2400c880}, 0x40094)
r7 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x1ff)
write$binfmt_elf64(r7, &(0x7f0000000180)=ANY=[@ANYRES8=r3], 0xe8)
close(r7)
r8 = socket$inet6_sctp(0xa, 0x1, 0x84)
sendto$inet6(r8, &(0x7f0000847fff)='X', 0x34000, 0x0, &(0x7f000005ffe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c)
shutdown(r8, 0x2)
getsockopt$inet_sctp6_SCTP_STATUS(r8, 0x84, 0xe, &(0x7f0000000180)={0x0, 0x8000, 0xfffffff7, 0x8, 0xe, 0x6, 0x9, 0x4, {0x0, @in6={{0xa, 0x4e22, 0x4, @loopback, 0x800000}}, 0x6, 0x8, 0xdfbc, 0x3, 0x1}}, &(0x7f0000000240)=0xb0)
r9 = syz_usb_connect(0x0, 0x2d, &(0x7f0000000180)=ANY=[@ANYBLOB="1201fb0009030320d812010079de01ec020109021b0001000003000904000001785ecc00090585020004"], 0x0)
r10 = syz_open_dev$char_usb(0xc, 0xb4, 0x0)
syz_usb_disconnect(r9)
read$char_usb(r10, 0x0, 0x0)

2.056669614s ago: executing program 4 (id=540):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
openat$kvm(0xffffff9c, &(0x7f0000000080), 0x200540, 0x0)
r3 = dup(r2)
socket$inet6_sctp(0xa, 0x1, 0x84)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
connect$unix(r4, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r5, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r4, &(0x7f00000000c0), 0x0, 0x40000002, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
openat(0xffffffffffffff9c, &(0x7f000000c380)='./file0\x00', 0x40, 0x0)
r6 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000140), 0x42, 0x0)
mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000000100), 0x0, &(0x7f0000002140)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r6, @ANYBLOB=',rootmode=00000000000000000100000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0])
read$FUSE(r6, &(0x7f00000021c0)={0x2020, 0x0, <r7=>0x0}, 0x2020)
write$FUSE_INIT(r6, &(0x7f0000000040)={0x50, 0x0, r7, {0x7, 0x1f, 0x0, 0x10400}}, 0x50)
syz_fuse_handle_req(r6, &(0x7f0000008380)="000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000080000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000dc4e00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ba045abcd5dfc67d000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000230000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000050000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000008000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000209bfd66eea210560000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000020000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001354c4b600", 0x2000, &(0x7f00000062c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000480)={0x20, 0x0, 0x88, {0x0, 0x10}}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_fuse_handle_req(r6, &(0x7f0000004200)="a28096c80abf3543ecde7564abff5085d2227ebcb0f164ae92706ad0b083a3f469a3efd15b4921e9c3063b98b3082068e7c31950dde842eac55df0f991453cad62a6956b0b6f7b8cf49b506a3060fe1127eca99663ade8efa89ee189acb5f3b92f6bc4c46621c803eed0d0bb5f32384870ed08f89d4f74445762fb99715e083c4c92a8878be19ffacc30d0f2da64f971cd40563163adc15670ecf25cd3ad96138967c4b53ad9d04b5193ab5fb674aa0030a9d703d1baf810ce897f969121f142161919e583c275671b999e7f363891dfdfdf3556d01b86ee29eca8fccbfeaf1771395148706cc6e6be7ce29fc9ffef061b5420950c1a525bf75ad06edec51538d1c5bbc77da72dc90fd9998936fffdda2427e5a68966c7e2208f76304680182ec73007e482f034195712af922db2726195d997708734db9e7825a864be00b2a4f800881fc0363f5e618398454f35b148b4ccb88d418269fac868a8ba4a2d5b4f06a1ac01b5ad158b842e05adca22c7372585bf4ce95560b6c1e021a3ed2ff7bd3b6b3c7734c3b66d7e4c460096312082f89b16baa6e73814aa60925780cd92cd65087e260ec046fc363264366a9df2c849c0644911303946adad544521ceb469a3e193ecc9a7876403fac461a4a70d6193b2451189a5c5120b3535e9edf619108af7f517b58abd3fa7fb1ab832213430d2e6901076fba9c9e1acc6c6f48ff0e419bbc45589745a176f52a7407ad5e3dd49acb31b47862806f47077dda04905e45a80a12cbcd4d2dd9fe66c2d1f99394fed8ec60961cd2dc7115a96ece432fac86d51bebb08b95f447a83792fe80291fca7b298c9043ef2c26f0f7e42798d3f54c84b94c24c76c555d83ccc53b99bb22d71845e5cf21a5ba7fbeffeb6306e1730db14561b950a3f24bcfd78d4ab0d97de8054bb1a6077ae7cca6e45d846d3df82298d07212922742cb0facac3b77edfbab90e9ee2d4f7b0ee9b17bb11ec5e5721340d84cb6bd93428167e69b47759172557acda313c3decdfc6fe9336bfade459f43b39d0f2289f9142db280f4ee668e650e12858c577e12e2b9a57ee66c834be97979bcbe94747fa5d8d0b7d3a9f8f218df1bf960f828429a1efe838616b18faf6629236ddbded43a093efae163228e5c38fd7714743c2fcca47e3382bcfb1ab893fd7377527b4ec43f3fa60ebd338161d8de7cad65b15579e4af258f5fe3a63c2637a15703207029b0899b5427767647baef11e291358e6e54f6f13d3d2ca7a5e7969e04d2733b3b9ab822c69a3cfac097384de5071a9b74a656136d55eb190df08747b509fd610ff62b4950ef71c934fe21a48a4931d3d9458b415f112cee65c660f5490e982341da1c58634b3967ca6f3596d20cc90f508382156e36f16539093240ef5f2aa6a2c0dff2a67df30dcf50bf6e0b82a3d49f2d532a8dde1b3ceefcf0837190b74186090d1c18b59917d7efce1adfb238ef4a7b1d22c4cef09320221de883e97e6882466508de06fcdabad3b741bdca2cff879d57ddda52f42b3dcb8a78cfc05826af7e4ff155960ff8491194f4d321ef195990abaeeefdcb852d1e1e3703f317385a9458b6c2dd9db830f757ec29c9939fc7313e639fe485bc1e41ddaaef3fbf1f7cc527c8fad0d21b8082482caad7bee440e5097665f636c3dfec82f8c98afb6243bc3944939675a594277d278ba4361461f7da52e224e4ce5dee4a467bf6ae9f67b61ac6eb0a440406abac2016eec907e241c57f5f44be47290fd0fef785ff04df3810ccd637b4d97a84bae8486a36f75d872e645fe46625969fc2d1f032c56ed44bd98ea27bd9b6ddc8eb2dc2ec9f90f2f1ca1bd20e37ac58b03c84c872f4ba47310654986641460dfdd531ac62a76ad87b89c103ac5c9c2e7e70c66447b3412d4a1e5cbc30e16939505116c04de33ae054ed366de8d1f971c2de439957a194e22a488f58d7efd46439177f3f3c45a1475927eecd846d3d2e6a2ab5c7f8addd99062c2fc6b272d1f51bb8f22f1b6f8bb3faf8aa85e5eb9abf7df5cf8f26267323808b0833a987989cbe59205e7ad06556e2d1b8a4873ca1cbcbc8d43abc145fd4eb832e7a58ab2c793d003ce7b1850ce45eb7480417a1e9eb9d39a1028a2a04a2aa649c098c4f8eee514db5f6021173bb254b8e22b150b2ca01dc7ff235db46ed78d07f43d1adab13b8445d1b32069eb45f9d389fcf5a3f7d3ebe243c5b1fe17b1f5a3d571b65f21b9e471e818172554dc956749b99cb7a5f303ec480d7194a2ba86e204f06aa1becdddc8c49082c527e7064ac2ad77dc05639d3d2a7778f6943ed6105ebf6f0b9e94fddbe05c236ec000f4d1d4e496b10068211ab68ada4c7f7ac61f5f5ba5f1810d5bbe87ff4f8356af0d3f682baedb0ad8f8488b277421f0a03fc5e3095ee34bc4472d8f17e3f7013cf2f79f5ff3ea4b6bae56d1365a33b09bfa9a496323f7da923b7e29dce4beb81035f13130004c96e56d7ef6ca6c101d20c27a218e623227c33c9e488b17e7ae9ac20da8240501f7b614a1730f164553fe479ef149866e4ea47296814284a3d3eb7cbb294289ffb996e0eb053b9c16e54cf267832e3d360eb196ed51305630223309ea97215628f01ec9d3ea48096418d5e962cac5063460f0a18772ec7ce66d14a1cce14b52c40bbbfafccbf1e76f09e57ff0718048e5b993157a6cf4718826b1e09430413a3596a15c4a620fa8c8e1d1663e5739f9f790ddbb3be0e00187d43717d659242467d8681ac10303346157f894d9037641417010e9654c6a5b22263e73a5a37128f50078a980c30930321aa5c5e7851d5d392ddce3a14a96916fa8421ae6728f37f5de7c3e98feb4babd4e1bd2315d595e209d52748f70adc2284fcdaa6ad880470d2a071f3490aaf3491fb64b4547419e8eccdc491a8921156cb4811ad1e66514a32b0b31b641438881f28c1e6461b4f451938999af671e8c6a5cd0c072a9fe4cdbefe24ca616f3d0a15ac97cca835b1a440e04fa28340c6044176c8ecc8ee0d033d47db8a0aacfa0eabdfa1c9509fc2604008f01cbafeb5bd2b503b809ed672340b9a576593f1ef388391b54b605e7a15bef7b1345627a34fca57738b0f8f4f19eea93c903495274a4425a1a1cc6c4c6e335b631df5185c95b485e4257867b5347a40e4e14dcc560f061fd4fd265137dc68afd548adde778f1330f769acb1ccf5da14ff6992c24e210ea6e6179421881b803393bc6974e37106c5b5b3b5d0b3469f8969bffb7e4ceb2c98e928e74366492d27235ae4c74a2f48511aeeaa53a2beafa7a331b50e454c507af1b63350a5cef35668a5b9325014192277e509561008b3601088f79d42eaa8b1e4ae2000b31749e2b8094312ddb7f3c1cd625ef885c11fa22a66e374b52b3425e0b8016154e1fd8471339e32e7373d63ab646d893fbe09ae07b06074c01401ea76b3c382a9d32f24f93c789964e16bc4206ecd75c10917ab84ffd8d6cdf4cd28fd90375ff28518f8c1a3befc538e1b9e427fb671988d29f2fb2fcd039f4d341c84eb4d7cf600ddaba88bb094e4d87a1419180149f491368e648b69985b05ac39a4ecdd3c5135f3a5c8ad7792dacb6470144bb9e67805a211efb3ec9ccaf8e0901345fb19e4da579e1fbe86a1207f4f13c3436009c2c640b7cf3f8b77ca7bd994bf93308027359c6dd1b7db1e153fc0821968ef36c003b6c73fe890f4de24f5c6458dbaaf3819edeaa91783c3cfc7e773689236248195c7bbd60113f2476fa3687621d668d1728ee433d2f8f4db707345d30f1e52ab87a2a0afd547c6b3f0000f59f17facde48f693490e22494b75d11df1a143b85068d143ef6a9bb5937a9df380c8948f1a01e9675e18409edb0f6b9605b68e34632fcce472dc50b90b0f6dcd57931f78e1e8861a0fb62e72b0baad6f9d23c1cfb0f19b25013c8d9fcd786a2f6f79768b5fb398f7b2baa31ce8156d1fc4a46c1c463fdf30360d42aeed2ef11611d0b7f654bb51052fd4dc39328f8ec4c58bbda05e6f1b3c8f6d8adca0268f2410e9a4a7d63b6616006d0e02f6edacc10e5c54fd85f15a8bd7648a293f23d6a699bd9a675250475a73a96d7475e4fabb89fb5e7de5d7a3479aa485c0befc60d0ac4fd5ac6dbecceb06cad86e219fc0ce4720758917811a3215f8d13e413bfb64fc065fc421aede0b56691797dac428c7e463479fa591b9072c309b7533e427c5cc11a1f6cf9a5b995d328d796d874c5b55dfc12a5039b413ce319cf5ba1f355c4e0717d32650b43e18010f37f048731931c52c4f36eb969dda702afe96c2a5241350a67ba2d026946189c5e281293c9a8e2cff3784753f1de78b917101b54e5ab00c045ea15f28a0e3f509962cf8bd3385d85250737eae5c34ece86b86669c13b00308a3b13c0ac3c83ff26fb52a4aa83c1233a9490cb9ca917a056908931751bddb88a62379a713395f0764e4a393faf253a4026d0472270e6036287d56850df1751543484d65b3062155b6300e0024241c59a862ae769c1a9232a2d9fb24705177a09cceb3eefbf9f106f67e01be14cdeb4d2fc7d8661df3e75de5ccd09a7e559f028fb9837c621ea0045b4d1b679067f246339c974631aa7134d4e910efb28d3c48929cef1df7e6c73668762d55086b6c59c36ac90154135fd7ca4e4047dd0aa161fa982d8edf9c0cb9666477e096c55718f6e4742415fefd4f696d1f1ccd6322bc19496ddebd36282a7c707d5b44113e30678e6e33ab7d34be04a59ac614d6a54134490998be02636fa91633d6294781c2b9a54c611c0045cfcfe81f49aa21b29d835cd2047c854486fd8e65a2ebf629f7ced602b9dd107bfde483e5c9b5cbba4a08cdce09920bda9978b7fc2b4a89bf1573a26389e52090fdf5dccf22111dc8c42fd3c8c477092895398086cc22cca665269e193fc650742a361a44b857d258429f701f22e9b7615bc3dab78c1479a41cf8575cdb17169470b347adfc03e03daea3e269725cfc72df5664b9df36d2f2b55013b71133e0b80577a47182511ebb308b6248d457bd2af7b28e77182c305241178c4124ab102771fd5a8c3dacb8775de881301d71587c76bcf0a97a72ad244d0c42fd71aceec32dd48bb5c9a95b391166c832ac5bac8c7cae4d18b3f7d9f2e4782fdf97732e3d51f67bbb57f989ee0d7589dbd0c2a5c63840e914b9d7d720fa120acbffebf816b588b2ccc052e7fa78992e0ea39dd21a122add41195f8e2e1acd777c1a4e8ef4362fef441feb4d9252c6bfbd2742152300a32027776e3341620d3c8d9365e10e81adcca7d87a0e555c98a0353c692557d90ee9be3fbaab766abf93e2462149fd99c92a5fc58d899ee75535cd1fe1386c5ab0b157c2102039d6015258f59cef3f15b951893a30ae839f740402a30b34e7be73796286403c5beb0853d856d83f1b00b48328f56dcb32e1faab08a3435b1482bf18b21c95aefeaafa7fd761c7f28d416fcde06bf7aee5c6e9eb50e55874253ba3f1d0ce2505b4fc7c3fc996bfbb8446bafe84f5bea94bfd7ca5aeaf237fe793b66e5c521d4092e4e1f9bde1dfcfe53fa55005d21cfa833a338fd9792614129336060e10d1911862070761aa20c2902eb7c5a355eff4cf6253d7102a2ca1fead4c53b57d576d104c081310d92797e4e2e8c269d19910d0d4cedf30fa28ba680c00137f83de940624229b6a125ce5233c6cf4a3640b74f58f288dad8451fbe37641c5559a5f3caf1299c8bfb230723652278fe378efd8e459b9da26cffeb58468a6301dbc06d713ba2d8d43d9038f5f2dc8b831ba58a88eeb5b1786b21e398aeeeb7c1f3d6f01d82b3947862fb9e7cbd7da5d04c5fcd34da28d53e2246e3ac1e3a619ad174efa6435eaa0fc94d610799ce0158421dce046306eb5042143daa336d52206b12610ea6389cdda49bf5af1d4ee42ac090a94ae7b7612073f3a5c36a2205eda887f41478f7d20f18667f941f71eebcfa76c1ab28f2a49a3bd56bd3f4e6bd079ab3fe2d94782236e83585a03e52907abaef7456a95d5d3f3d37efdc035dbfd7c41b8ba0af2df8adf1cf24f7ff0beccd3d26bc91caf42314ef7e466f74e19ae0df2e2298fc2f694a7ec134632035585d530e7e19f65c256f001d75382d9825ef741bc213af186377d9ca10d3722354e1897ca5c23ac6a52c9ad0e6b686e1776f7ec65df033e8f4d5db80c1bc354093b319cb70df93d610667675816328c99322f14e636b95f04e6497f139d508b453f53ddb5c289d849fd5407c9bdcefd1642abd46e28cb4e94371bdc606eeb67c9fe17747c68f2d50e82711da4d3edb0eda06f41b7f93fa8fb4d83cf21c79da67000bac2275508217ade1659fa8d24e5f8efb9f4bd21073ebef3d06368eb03fa3cf0d638448bd055ed20d292033ffdba538559c8ff9a2a5c8f83b5c393643d6585d1df994c3be43e72b8f3f53114d2a5f6bcedb573842b23b6a3eb7fca8495bf03bd03fde7b19bd39a16cec49e01f38e671af33cae082d9788e3202799bc466babec2080528d0609c0b731964719093735b4c1e73bd0705637c47516922197c552baeaf3516b5e3bbc2cd1afa3ef8215196ed580d9561092f620b897e98e786a0c7cbb0eedda8063292ba6482497f5f6bb62fb5ab4c97cb7658dc6579718eb97b547fcf47ced1426561af93a15fb4dc6d3d93b868644943c2c94b23b0570bbb81df2666c24f5abccfcdd71e209f3bb43c01d17f9bc8b9af2c26762fc6a741a150b7d1186e4f35175f3c315243e1c11e92c43a1fc492eef5a13c77a81fcf514ebfd0f8e645dae15a07e86b2f01fda065db4505a5eea83cb616f744f6bee731be191c65449c02603556d5a51422cf9c2f19f8d6843e0c1091e0708aa271e91f71c8602b9fa72189e036b7cb6af1569f21269283de94a6d7fe5849fd433d5b719c80419873db0587fc29786cc598d896fb16360bddd2ce12e54d05418f4f5e5f2d7aafe9fcd6268cbe2e9e6329ffb6c67fab8f3ce673028cc06aaa6b857556bba3b44d3fab5b6e875e70a2f3ad4b2ff76f31ead3462d3801ba373b3c2f545e94f57021575e2947f81f53283fc0a5137fd44fa3d074c92de54a0a3465c858f5a7ef08313faddbc3663e4e0167f3cba39612057a7518fbfb031f5ad0f9f75831973ebd733b82e554bf3fdec84e51f65dab6028c6c51366d9d4700fdf255e4c7bd70766e7f2281b3f2a5363f85ce49f9135904d14bcb117ad754c2594dcdca2d30e40ff265b5accfb116f64ed99aad570c4c5a91efdbb984ac651d8721405a0342cf77f448c17a152eabf29e88950558a86d0074e1cefab1eb7c366682f686ee1338737e675ea58eb8b4c86b9f28a6f6e96459f29e3b4dc59ff044c61a0dcc5c31d803e6e98420e446229ccdec3d0f705e92ffe016bb3696373eadab7f35ccf65ab4d9be09a085ce21bbd7c0555376e4d7fe68b5e7a64f48b5127825fb2be598d991f9c1a54bf52713417dcc599e812d85513a537e6eafa738edc972b67e065595d11678449bce6cd3d69800a649b560d0e057c502ca3e72e97820829ecfea801192c3f4e2c8763c095a43ee6fe45fe8730130937668df1d4ee577ada28238be03286481f2d2a004cc4d48856e71fbd64f1a0043a4520ecbbf1b3abdc96b87a27be8495a20542967aa4cd3a44a11502419a083d84e97abfde0901b66dde48388649a0ed6d93b9f20c530e990c7c52370a114d800d6ab3f6687d6bbc105b63738fe05fa6cac98ad6663936bb18cb923264e44312c24c2ce8e642bb73c921012b68a26a70977446b8f15f9d62467d8b356560c183a6bd6cd76ec868c3bd94a595cd7bf996755a508a814980c5e588b275200c45afd900c8c2de329ec2484b0e3ecd7b0960e5e3425881d1ff7f8bd8b20f5cc98ffc3acb77f5e88775a4bd3ab9f9eb027e27d3af55ebdf4eebab48ea911128d668d00fc3f5b5480aa0d9a4af563ba577384448e5425157133d59e1cef3c722f33700bd372825046b1fa5824e405154a3af1440bc2b75acfbd07cf92e8c162587e74b5ab66b1c6aeab3ad5fa3ee91da4900ef30ad04baea326df912517dd96e1696b4a91faa66675978a375e81f25464a1073dc6737af08d7e25956bb31d438548a7da38662d49db812a8cf1d6cc65f5c63879fd9ee7fd2a66ca3fc1a748cb239aab88c87206470b4c60592afeb6d69ed97a8f990155862ba4e22b64804142c131a23792937aa8a8696e165c24d7692a04bb4471b0f0d2507fe7c8618421428fc7a0acc984ca5cc6bacb772e8a717bbaa646f9643275910a6037afaf5a80678d18edda138a4e13d06d04a5d06431eab48738225cf1567e960e765728dc12e91b91c6f2b33dfb6e033aa68c1c2334d24335abc4a7a1df5636dec29091da54d5f5a1fff41e4a35a0c2f04f968f7d78e2f51c73577e2192bb20f289aaba5a175c2ed533855bd9ed9a842ad482136dd5e0cf45eb5e2d31ff62a3be1cf8a94a58316e74f4ab9fc54f3a0bb83beef0f355993bdea2c83e61cdc796bf2564ae51fae616799e8711998cd88d35cd9824452fdd65226174b46792cb87f4dd282e4e6f67eb66da413ad877ed6ce775f7e19bc93f48bb9e5ec04009de3c042aeacf7f4b25ad6b30e017303f64fe07ac79e8744aab6926d117f13513d0469cef335fe1d0d787c2d0b2c031a9521786ac10e9f8b768271680337f2c3262abdccb5d3107c632bf1f74c83ee91f49988222fb080cc8faa9b1a02526d8b6087e0b2354173d29016b3309587c16f057dd812aa63c3169150de81f3af97d082a8f8da4ce4f909ff649821d7f96d97613552e8cc4902e046ecfa329b1d980ff5ece69b8f1615fdff5244f41cec0af924624ae1641ecae5fa26c5fb9006e57100ee71377ced7c255ae17a0845e2ee0287c62c1852f93877f9f86157ca9675d383fff5cd6f2b001ec0136c07cf37f5ace1853122c2baa1092d418e2a490c4a5c8f56b828ce1bafeef4e77f095d6b4ed99d56f66812cb19be540ebe5d52e7eff2d69cbb8477e11514f7e3604bf9999f78c2f1ca6f60a2216b87fa0f25269c425b7d50709b200912b3b7899c95e12d6e9c4dacc19e327721860e0477a53e6793fbb7fb9704a848f395f48c24a6e79b9e1358cc3497251de88b8d3a7b22c6d8af1a7fab81530d9f0cc98f62debb222b54780d89794238532717b447d71b46a60ed481c21db85b590b31720009695ecffd4ef029964e5d5149622233ac013e960a005c924f73ea82c318455546c53d74aa3f7e2ff26aa074c40a55aba8b08027fc19b596eec6c4f89bae39e74b9aad88344f7cc5ad3eefa5095f2ab47222e9a357ecd71c6700ac576025201490d9e446603dfd4bda7617dd500981b2d2ab8c43882a5208494cb3f8ebc720bca8a7cf6c80bd7aaaf89507bb3412ea490a78973f12cc30413e9df1458917ea3d68b438d424c1314bc8d01939c5a5a842438281e62d0c800dee704b2a6cd3e1e4b885a6b26b894a98765fa3308c9e4b87f93625faecdb17c29a27cd243bf6030a67874ec9f2443cf8154261ac2a834c01cbe1f314ee7aa3ca552e1648cf8b42a63f249e3538026e09e44d69dc259adb0d1a0cbccb5a5dd5d0dccc90d023da79d5634188ff060f7e35a5f9d7ad99546824d63975d4452de876093f4e997dc46eedcd80a9eebf5e4f077fbb10c7d9e19a3419e7b845972a3b62613c5404a209b16fa88e0ff49d7b4f21fecc1f773c5b4be61021e0cab8602c6e8257649303aaeafcbb178e7a460ff07f219c46eb6fe5bf8113723e454003bd707767c107daf4255751daaf8decf35262640058924eb6587868b2c08230b317e97396ebc928ba8d274ca0eed0bfcb637676003c64e8c1e1a0420b6c96a44226061ced41b8448382abd2f3d0c472afcde231fbc9ee90c2f1132f8e2391246f95ad93354c7460e20de996ad0f61b13b27646887a637cede90b94b7d8c3130f0fe060e8d955c711a2700b302a75bdeb32a0a6802ea795cb114f5f82a1a381a86bbff88b299e47728b746dff964c94c52b661b9429376b1320b46081426b7c340206dc0da151bf84be2a49e78b6b5938753d2b1be8d9e67c43c5d70e72519f5f90d9f95e84ee38f82b191ac4d968b0a37901fd923cb289d585693ac3c3f8a94fca6df45e694e199a9cd0b1bc1fa7394bcc96aae670dca6605a998793b7e067ac410ba631057b8b76fcbe9524df820c02efef1608b743cd2aa6d60d3d8e476fa12d3acc329f8272b087d89471177ed531fec1f9c24a975ca2fcd8c246a33e291a3f00b7f234052067a0059c86762475256bb5e7dac6f121a0925506b18933c6e314915d4b3b2130aafc2483ef22ff8bb7b887565b1bd22fabca22037d8fc9437f675c5313526266f60bb7c7c47f30c7d567ed142ea5ec367c4298328d20e5344f01c0c90cf8a6302f4d84b6ba7495fba314a05ba29b63bb6d458fdb05a4411136958309f418fb178e19aa09ff9e62b29732fb2986c96e738f7a688cb2122dbb8f2ad9a5f28bc49ec0c462413552afee8e403259b55ad6dc334dde7f2d306929dd01f2aa6036cafd41874522689301b81c9e50e86828894140356db0a3317b081ed9d8148c41e77e6bda6287762532b86eb91f5480915680deb8a91fb8656b7f0109064865d2b846af0861f67d3f720d6e306540cd7b68f095ef3690b88ea93fb6a402ff5697597cda83171f159e85307d1a8c01611189bd4eb4f0453ab88d43ae181a562a76902a67c687514079d6f4304d9a7c0fa24b6e86074ea0a9fd8187c120312078f5ebfa674adc0303734bf8f6b5585943706594192ad24c9f7d9794fb83758924f862855ddd50bff58b522c43d73c03289baec628cd693cab93101b1e473b76532510e10f03e86812fea6f2d6f5467dcf29e6d7cf8524f383a0ded3f0951c3ffb171a6b8a6d97b5fa8899a19f1a3d0e934a1d4741076e4394ba225158f697bf7d5651717c6950229a0be22e8120d76a414edbcd03d505264b7ede8272ccbd6dbdcebaf11daf6a652f6f9eb74ba7a3ecc942892891388005ae5d971e4e79d696564906dffd44845b704a9abc2fa5ba1bb69a548423a08044ad6d0e365db7e6bea0f3844a452759716cb98dcf326001ec90c1c343174098cdf47ea2e13341058ca014d2a30e9ba3c526de72a6e387181bf76a278c9cbc518d8c374a3f1d9802a39464a100903dbec16f8f095f5d82d9d09507281e4f7fe0ce4fbeced193902a5f658af2a4c1d0952dabdc6ae5830b6b5a2c3f5b8d33a73665990822e5f4a7ce5366755a1615543bdf78299c71e890e0bedb6ec277b10a389d6a3ba9c037221421279e51ab50fb115de2076cc99444202e88ebd9d0fbe4e60234b7b761495ac6c9e615ddac8176164a88fb6d6cc2b52672c8949afe3efc1e87a598896bc93e421423844fcaafe65af898a015b3bcaf623ebeef9a57155af5278ceb52b995f7ca466d9e18b05e86380679e0257cff6d0c6750078462f2ee4701d6d8289ed848b877cf5918625b7937060d667c11119881c30809056892352c6c53c01e395af6866ea350e6f21fa3db772c1177c759999973b51e11ffc5908", 0x2000, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000540)={0x78, 0x0, 0x0, {0x0, 0xfffffffc, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200000, 0x8000}}}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
r8 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x101001, 0x0)
syz_fuse_handle_req(r6, &(0x7f0000006380)="c66dd220cbdeb68f27c1f98bf43fd861bcf841572658a3308737983b31a434673f1003eeeb6d9b934bcd19cf754f4882114d61e15354449f763f772e86c9e2252731f7a098faad2accca3e470845b32918bcf530f9474d3cd610d9028cb7b247d3a73d887719f70554d8976c10784c8073e521a80b5ebe7501d6c3b6b5cf9a498a1e97b8201ac756e5f35d71bdd4d196e73cae0cc34c7140cde8380de823e8c76662f0844f549818b5ef6c732b8f412b79273508b69f2e6a653709b4d9bded080b6c15ca5c5b8ff23309e05d460dfb40403f60a3e5a0e1d4e1aa59d53823a047427673267e79d40fdd6f12ef696fe22887d24087373f64987e48ba20e7f47d1f08871e0c22a02593156648fc106c4529d8cf17c71d473f4ad43992b1cdbf5cfaaf1ce401d5ad8b9c6bdc3c60a88a91c52f5aae74a5d25e0cd738fd80169a98b84d4d24a7e86c9d8e4c3e3ff1a9fc44a87558aeb7acbfec13a26a4b121b2cb9ae628c682aa4c44311c45a673bab25880665d6cdf589e5c5415794c4fd6b940e7a44df93a34a684183581c850fbe97ef8c1de852ea836e0db1a104b498d6dd8fdf65c606e772de2e9dfe46a418fac3c0bdd72916c951e3df04f2ae85839305be2a86aebcf4898b6e49c27df6033ad2b8651279ceb20c779716240d3d0fef3bb6c417a8c6f75398a91942d8ab11f21f5795767650a96e246c7244f8e4935e9c01349616a098ae810487d657fd095beee05a36812f39f4266f25f4508e80f19a4aec7116f1d8bc48bc2c1f0f96ff34b66a965d428852766b78f1e7eb0260bbb355cc0859af6988ff7efa0b3fede3d5f2f2147ffae4a5eb58a7585b596270334c360a1547787a95634e13d59bf53f51f48e75a6a3e48f8348f4cb495d9699dfdf8cc71668c5b9622578100f7163394cb3171fc8a6c1e7f88f08b8c3cf4b0cd9a1bc16bd1488ebe43199d97cdf4bbcde8a06a79c5af6ff2ebf1a04add74830cfac0b946514b18de249e934dd8a1a96fce085320fa857c853480170208533acd3d41c4384a932eeccd4ce7d09827efae4c0d19d00c5b48943c4d877017be59434dae6bef767fb9ffd073c2261b06c0f23a0c77a5bcb1f5738dceb6abee00bd7c649f6ebc64b4b8b948319a22ed4add48eedda8a2cd1bad6799e1d9ed778e5ce22d5fead0cd06806cb4b7b5661f9db6bcf9ddcdc9e49e0e6a8ec98fc42c660d5d75311fb9c9d06074611ebbdbea45672dd78760ed92d0e95c1d5ae234d674dc3ffaeef3d928aa4b93c0fe55fa886bd3f2371a5bb22c4dd6b8bc13250490cf279d4e56b646dec4eaa53951d55f602c1f4081d49316f6bcb35aad0453b44c7f266e99838683404859bc372d1df5f1512f35558b3706b32093b72a78a40c8a188852a0b5aca11a34ba23195cb598ca595f243c260392cd793b65dda856f81be1b54d873a0366407ac26687262d6bda693e058f598bde80e304c83dd0c2fd0e634ff15e1ca4e2918bfa8e3a626aee7b5e445aa7fae096595fe58032c993eb06ce49c1045b1f132f2c90d6e23b76076838ad7ed7a6a74245d7ad72b38bdc04e458d3908d1d272f23fe18f68ad746e5440cfbcc3b7ad477dccd6fb2db536df0e4d24480d2765e724ca06cbde7e01cd32e36681796a454c801adc1b25b501cc4aaae778f3783dad15d12e656b09bb3d8f37efc86cc7faea5e51913902faed79ae5973f4413e275f78e7e66099f9e41bd73a07445a780dde0b189308e3b83d1a3cf5aef2d3e11fcad930eb6c60ebb899b22cdbd539412b2371d28a4331394d8f29d8b16f94ffd91d4eb5c278e7f6b4024fcc7af9dfde1b3c915b06dae683760fad05d6638c6389fdd19a9b12956c11e9b9ea7d30e09b13d9f681e012f1e41746341a61b71ac6c333b29883ca2cd1aaa3c02e66c85de1e3b2b7e77b0dd1469ab9db5c17beb2d33862db20fd77de685a1e70ba55b0d9cf4b2d3d1196196b5317324e5f189605baa37493c9586b7e475865b4bb21b335e8b291b9dea17f6afc1cd84618b189567817511de821a866a00b62c62516b716cf55dcf7f5b7d7520306fe03f00cc61b7dc297886459d74bedb8ac1d05cc506db74d018c877da735481c318224fd06f349b59f69b0d2d017c817e5a1f934d263789d418eb69c772d923b01a6a4a6afbba4a6980fbf7cddd84f8e4392eaccb98cdd30488919ea6d492d32f9ca4233649117474f4116f6ca4cb762d524c0f92bbb40d3f430dbd50dba20adda8b4170a73c3b66257c412311a7bd3ea3ecca0da47a7a00ef0a464ee0a4b2402b61db833f3cfe1847b9630de47f331d575f6e3c6fb44a9021700c6d8055ea982a05a5ba6a91a41e7445fdba7ac09202fee733a5c216b3c3090991225b98178508d1985832f8e7dae58482ec0fa2215c935bd0ef9f03c0ed3caf97bf4de023605aa8535f1e88e841471bd8842084c6715a3fd3acd07ec9c43f635e5f868d82cdc6f9424ed978d39e72cc92535c2637164f15e9a67770389535ba46cbf786189562908872274ba126b313bd1c0780e9d0ca38956d1277b58f04eaa1f97ed8c6c83d9c05df0df8b43da930707a84662e480a33d1868edc9ff65368d51fda828ad29ecbd3b2cc0ddb0aad251b4736f872ba5f066617a9e9675ed7f80685544af44c677b9d39a1a353984ea4ccbf36d759b490f8dcd5621e573baaa2c03ef367f543ca5d36d1c9d33d4762bb0b1e02ec67d3511582d69b06a57d15f5260fab5ed8d9361948eabf88d9e776a18c5c4f2d42bb46373861b613db9a91ccff8fbd563ddb37f0738fa1723c23c85cac0f9eb53a41d115fe0339eed3167f59b2f2f0739cf9c0ba5769b18a213d5809bccadecee6e781811bf584c22a6557516d12bd58420f5c67c673fdf0888ab31edcee3198927b5b87a63f89f7a07d1da8cb946f0a87e7d3bb455c888f394d17694378446c9073e54368564dc546b6c930ae17afcc8360cb2e31d87ad8923f60033aa637a399707398ffa51645ab1d9963c29375c834746004ac16d24d8f006e9674e45da3d938de524857c57fd39b22678f39096309527ed22c41677a65a67dc0998a8babc9cb688a56628d09a732773d9019d92399415e93852a12d66ccbfa571837b7689c7cc50026ed643a89c8f1bdef6d01016e6e1c21bb779db52c2254f5dae40ff173943ba62ce343ec035d93d5c92c64884d654777cf6995dd0c485c7c132db383769ae1f35f1980654d2b47e92b1862f653eeb81ada4eed6c9d0fe9da3d7db5dfb4d66b2d576676beddc4394ade2acf55f9ec24aee7c4c77138e799f62deb19367ce226a66715da515479b176c9ca06c739566d279142ce2163b8835c840a3de6e2d275b5d5a948b26ec8faa6cf322c5038fc00fb0a27f0b76b5e305780c9145e99feadf571bf8d87dc93ea0f8ff3bc246b16d4e43256507abc7ccc92e113a037ab13855058ba1e0770b90f52e0740c157d68963b3d236f681454589385c6124bddf948c5aa2e147a3543c301dc6d82acb504f76239c890b7d3d76dbd7c26445ab6fe66f9f71d95f4f0d6c51533ce4b05353ef27178f6b6813366189ff4cc19cc5c9f7aca4d6b6f3b5b213e828cbf8b8b5cacb42ade1fa2594cc4ccd3457a45a5b19926f17b9061c9072fdce96afbd3f2bbecc6dfbdf9d9b3e1a621e65a7cdf0a97cb0223b220b39a88b7414ce91e5fb52f3c9c7e10199ffc8fad826d40a798ecaebbd8881c1605f986bb0af06f416280f63f3a3c28d399d13c21e6d79501cbbfcc9483a73a931e91358807fbebefd39b466cb9f251fa4fc7d5f4fd2d87d4604c9750593d3a801b963085ad7aaa91e023977742b728d292b046d0bd49f81717a686f10096e154681b85aeb81a26fa8f46bf3dfdf5dc7c7ca37aa3da37e53a105be5935640baff476453f53ffcf786894eac35d1933a5e97fb9b6d975f9fbe7914d09dc948d305005eb4aba3a9b8cdefb30dbb3300f46041db06567956ba4327280721addb17425a2b223e81bc41467cb413cebbe16818468eeb5b24b6cd79ec4787f693f3c301e5dd10747bea13bf042d6fde42d18c48fec0e3e43454799da1d5501130fc98917fed27d696ae85a39debdb67d5b3d70a82a2097095476e24211757626c91a29e917796766bc4016456c4acf0436b6c02055778ce7f34e605264f7d6d1321072c4ba341866ac6f78e9b99a30478eb7f09a17f4fb3e23184e878c2f60d2c18617185007841778c7c256750a287ec0bbdd20bd37ab50538e43a5929456d336fb46a04593765b2692ba15e7b71b97788970a7903e12088211098bd356132862a4d586508b4aac077d3acd4f77c67d9066b436d14b20d3e2870cb19cdad5581de2e08da761fc95755c43cf0dc2cff84e6a3a8fa2d0390fcfee285a133b37ac7b2fefd0d3665b1705784187e228579680be97982194329136fb72d8b61cdeaa88f3dfc835ae22167c0130529fe81043b0e1c3aebccb1f4aadc28cb484f850158504439d389d1e559ff424217dc031d422a8b7b51731db75dc541e16fed8fae14f58c1f9c8d0fb91a685245ba558c1aeb243aa728db51c3f3aa6d8f7a4a547b8d95018402283a59a45173e7696f02304954ebfb43c2215f180c8e47e433e5262e279fdb63405c81b0f128b7d6a095ff5f85690331d94d34923a3e8beef5cccbf7b208b2a0aa898f9a32b2f1bb55aca4eaaefcdf09acd871f4b88feb535be87dfdbb5ad45ff3c26a2765230011d90baa4b5d5baaac5519f9013c8fd497d57083403ee6eb0c4e23428cf3846bd34d69840d021196f9a9a4fc101016fe2d4fbf4ec23c11e9d737c5e6d2cc3da7e0981c00ea9df07ed88ab05b7821033b2d311f2fe0525176660d0a33b0eb23a57f5b1d41e2c1698ac7bfe5f59c27792f899fd39610052b705862e798a27084450edfccd180a13d8adf8072430e9305f41b0a67bd1784b6ba9450b1e872794e0b7b55b22a2f649f83270b98d0a0137694fec0d16ec2ebf37c72d9398d231a71e40c912428929a29a433dc0fdcb697f64e07540da92067b1b5a7735fb7fb8ac8da2591fa44b676bbaa32ef5e6cc11f1b2ab3b262d9bc4b2082e081ee50fe71def63cf6e2d588bb8d66a8daa8c8a30ca07d2956463e1affc76003e4bacc632cdeee50098fe80cd7485fefed6eab639d8c42a1357fefae5a5a779fad536474e3bdebf6aab699552e807ffd8a44030f439756748dee9ddf19a6cbf5f75307b03c5ef4185a31a41583fb4ca3699e06319371c5d932d6e5f4e1bf77c02c70564d2140f7510e183ba2fa7ead8a9b8cfb085a9d0fa7dbca7561bd9dc1e5c1a1da0322982ff29c0fa2cc33bea18646445cc59b44965a01570b7b739d730df8f1f2cfe3558e7102de13994d6745ef8f91965265fbe0d29c3f381e1eb9c63242962a4409ddb0a4946ef9ce5b0eda90f8365362681943247a0d87d9b7fbbdd26d4902be34068499b6e2ab2ea746634402e1065c8cb9c32a211d10fc2796f1a7045c59b9cbc4771dbf56a5c38303f93951194d06a1b8cce31dd4869a148ae90a797d09de168e47974ed9699eab3a6424781f481d03cf1046df28b454af02df72c0f56c693343a82f7f383afb3ac452200ff155444010f6c988de71e3fb6f079bc6ac2bfab6ff451242b7e3e70578b8206529816764206d47115cda77b3e356e54f825ec745017ea8c3dcb412523b754b951d19fc075ec66012cceff51da925af9079f547e840c3f2774239cce5fd6533f3ee8d194812de2d4499ef18c4bebfa8d7273307d7aa0ac09e6ebfd95ba99946a585a4bd4afef8bb0b52857e8415a32b42e0a9ccb0749599d7a43cec793b22c96b3de91534c905456b25a5972124b83c7d8f0520cd71c5544e49afab26cccacdb7e112f0af1acbcb2b68760c7538aa6c990814d7cf7bde5ddd618bfd55bfbdd968e53e28f94042fafa2796b5bf2d1be612c81dbafbf90b0728b4b06fe216aab91b8898780ab06cff75be5239c39ac836dbdb5482222e61ff5971ea492c5b5ef509720fc886f8a07a9232653d427d176574c99d65244f1618fdaab109f732e1e1295391a25f9b750c9761bbceb81d316d9f9dcd555afb762191b7e173f06a4d8f4d97ab88b9ae19f6c85c361b8b5cbe91a3493cae594063ed457f3be99772485b34d3308da4e751e58a14cf7c771d8e5be77f88c7567af095caae1eb83d259cea709ea5441047ce96f0e21faf89ed491bba5d0dcc6bc33a07237fbef2fe671447ce14e16a1cae4361938767ce65ecfe0c63e1261cce5fbf603a2537d21b50c9a3a3ed6a7cf112a0586a653b43f813912a226aa4722f7edaf8dda5553efb22721dc71924aa73bf232c2439b1d806d3beaf157442643c81ce2b551b82d63cbcd4195029e2f63aef127ed4df0bffd41665d86213512557ce90ee54fcd01078a6a19085bde6a0343595f540b1ff610bd7a5a2d695bdc5e508cbf544d15cf5920b3e405ef4e10e6651c5ffff039adde2f805143b78916188fec05cadac443c93447d23bb25b0a0cfc787754a20f7efcdee5798de939b758f238f15c23f2622b8ed682378017c8f251dda0261baa33c6262d42d6365e68e85d43a46d92aaf04acee203c09487755df49f07ea1129782b1be0feb6f011bb914266fe2cf5361c377fe33a491089f701ac61bcab2bfa3bbe8bf7b0b834dba1bf187ab78fca751b57f1bddfc670c80d83c34c3461d823d7762b45ff0accc3af21b38137276d4e4d7a5d0a075902865f17f084cfa94cc28f70ee7296e216401b172184df0e060dd61be91efcdbeb03b4a6699c88a16ebb18f3e938cb458a377e29a3f3cbdaaf121e278b691c02b6f0dc790510840b3970b1f905b421a1cb376043cc7511e70e94cc63941ed0f864b4118592878538e12e986b9abaaf2ed588ad5f0e5e0851ffc29ef21aed080eb6f35fa10052f27767d0ddf3fea5a08c14657d68a9c3e6cba422d93a6aff222c40eee9f3c9fcb03a310453b616a80c48646f7d196433736fedcfc2ff4fa1a43bf9f8fc0a0660cf9f79fd0d8e106591a2319cff5eb0a5be578d178e0e184a9eca92991ca63bf1e9c5b1c56dba3c836975a74d9eb9b763ce7c5dc753cde77fb2d048e3656a15f9aa7f9dea249c4a3dc0456b64533513e69861fcb9f4348d78acd5b8ce1f3c41271b8551ba4d5754fbb123862236bc94192a5306c29adb2b0b053cd7d4deaa1be6c61f75bca27b53765a7356dd34a48437d5e5b356d48db64749243fea9b1f44e4625fe7ce820dc9f1a6022d77198e6e917cd4f5e23622d5b3b2fafd4f9be0b85db21371f5d35c7c651a616a8351a02dbfa74f9d273a0eb7d2ab9fca254bd28509b3d6f5420108cabc42d9a5670779dfdfb78afe74cd87fdf8e3be937e6c6981eb88156f5cbc91e4b92f8d65a151ee3307cce381dc189c54a29d21c9fa9f512c50dbc9f1c0ddb43b6b10d5190b8169f9e06f7c60a2103c9c3fa3fe0d1cab8358cf4ddf95d5e26fbed636b2f1f474b7d10426afb5aa21948f7486e0df5275ffa6c091c46c3868703c4e30e1a15a8d27a708b6d5fa7d123f1524c221fb93b5f9f8d87b0286de38c6112a05d1f07706923b531e335db326ff756acf6cf9a5e5352953d112a842d7b2f05d296f644b01bca413f2686dbdea6b2cc6dd8115e22d832af742eb801ee61f6b90f93d227b694fe474385125801d6eb58867c15246faa6c0a1cae0b05f104fb2e97476c73a79185796e0c26bb1b59527aba4b79db6ec99f1650898b996e068329d17b94730cd6ab79a3d77d80e5ed78eecc7d680b5425231357f24c46fd01732052eb18737634915131c7ffcdb0b48a35d8761c402ff5b56aa1a9080b46836e4a888c86d7a260fb6cc2f3b9f68d52201531220bbfe0e7b2890a390acb33831fa1126b88dceb126a555181edbfa4680cadb08d38abe00c91980ce68ab58274ec28eaa697f8a4d7d6db744d8c9daac2035d40a5eb565e12c8be5c2bc1d725f713d45a03ac14ceaf91bb1c5dddcac87553b9d22e23d738742e3bf994412ab153f66ddea53a35c9ec19c555a49ae1aea112a70ddc10201258536ba93ae0dc7fb60d51ffbbe9e96eb8eeea6878e3784dcd686fc0db4516249cdfcb9f6d880fdcf8f86cdadd23ea7455b3b7e3a0e8affc9b61be59814f8e32175c869adaf7dbb5acb4c994e2269d2657011e8751c5c0e6e97e9eda4e8e6c309e842c8ea01c20de3c5f4f6372cc8cb7cdf2b0e3519155e4c662fc8572c36d9d3b7eb3ee19e985bfab9eb20e077c20dec4172e584357cc54f9cd49742e0b31d1fed87812f19efa9ae81ebebb021df0c280aa9790d2f1acb94b38f268ca7861b1da63cbb86daaeac3a5b067c86fc532a1db230a29578563f16dee5b4267f9d474c81c9ad762216452cb3a37c8ed44cbaab2e4b9a9583b134da3a64390fe5f76946879a1757d127e6e10b3b3042de48189350d844ede16134c770dba47cf56483cc14e2cfc93fc11f47cd33b06b720f531efdd1ff1254966b68fc46645ec3b45c2a60427e69ba1d710f25571522ba90622315f9f0cad33f8b1a1053a45aa07964892621ecc9256b7c4e21716e546c235fdb618f339b55c377a30b61a9add4e3b5657e3433a6feaff5b67ef34771ae6d04449b5228b6b99ce7237996b307613d14602d76f21a58a55cdc71a1f348ca18265634f094012bf4eae241df634d7424de578eb4c4199de382f2795c17eefa11ac2ad4625be7263373de4bbe189d42fa51953652d433323b9e6110f00c7cb44e4e7df1e6e1cc421c5cc5e78eac4009824d73b4bf0a0340ebd883acb90e928f6034d6a44edee021abc40726df358ef83429351f46aaf10b63b0a5f4c68bdf4e425f8ce7c6a8ad95dc4874836a56a298f586a602ad7b33350fabaacfda30b80210432dc6b59cb807d50782399624d624bbb5e759c09daec8ab3afbff204f62f94754e377cca96b00ba4842d52d8f12a5ce7d1dd81b760c1c5392f739d91f8bdc8c290090fc6e3221ee69abd2648b6c7a818e8a0d04ffd83464f7b26002e4d5614392848205fc0e766713e4c65f46ec2f9d221e98fdeaa5c329d8a0e7481690164fa1ad829ce9dd2eec2fe92231b33415c3f564161353ea7f823e3dc97c9e905f40d693082be719aff77b3b35a832ed3fc16e3bf57305fbabfbbadea1d33ece1f05ba482d3dcc391e0c709c02c335a6289a8deb035fd5b99edde61f0d936631e21251eb65c1dc23574a7a8f9ba8fd0b6c958ee146954cdab3daf90c17ffe92aef5390b4e19d32fef469e9e60ef8ea16af6b66dab7de1d6ddfeeb602cd69d8f32e4d5f06bfaebe7f000d62abc793ad34d77d1369c63785e93c2ff205769589011208ed6affc73dda9287bc8f4d9e27d33038b699431f56285f92fd9f02e78745fcdca4a4840dcfc307bf8f1806146d954ed5ccc8a66edf2179e2a5356624b3b30f8f78839ddc9940794acce40290e5eb73dbb52fe1c633e88d1492aedc69b351912a0890b63eda0d8756a5b7c47c740fcd73a0f419fa363fbf0cd3fcdd38f0fd055627932c998421f086ee0cbe0520b2f2fd6d38fce1575a2c90fef9f81aa23fc7c4c5625d6f46fbfd02ac31cd1620a92c43b7884e4a050e5ef5bb9b8f9825a159bb0370c828519ef71090e09ab43ff2bd2cc75563fb9073eadcfd869f0d9b6986e4320b1986ce3f19a3f5dce202f8c13757726e5d6a9fc9e2b0b357625362fb873709fb307ee51bc58494857fdd3811f6a8aee0086b0a62da4e327c698e5639e373567d5eefc76e0d6725272527cdbc01a2b40e7511ac986e32bb7e48558756dca3b944855fd9dfdbb2358a52e53769817cad50af13d8a5941c41f6bd121cb267acdc461c500855c6f6c0750367c62dd32fa41595a6070e728f1915bab951e5536ff8230a0608ac96c2e19a5c1415209a3774c091174f575bc937d544d495370294aaffc5e6be76364c7a212bbb4ec7f3bd38db75a159b68e2b3075ae6bb68ffa02e6bfb42553b505da20f133b2855572b7e6f8f3de240d9ab1ff32b3d9825f087774f4932024be806b78f059d4b3b40414df456aef405d1cffb2f3604834dae38932d830298df7045d404f005f5edf81061850808d4998f6ce80bc7569081765875d908d4b6a0edcb434317543a4f5954a5e0e5b7c4da75cb369e2810e2aebf950b973ad3380bca5d0de8311e59a6ed3f01d8f7c1b39060fddc7ac1febe659626ed7ad27dcee7b3d409b9f84e4f55ceb2e462f55627857f8c485c35c9abdc2fa87c4281365790ecdf1971f3a285ea0bb2038ae91d927729f4bf847bf0fc724b002cb029d2a57b89218bd4a763ab01902b7b48cb609cf3b9ad8fb568aef0ceff20c5def1a4faee11d33d304e2227b83f3ab06f0b9fa5502b1d9c6fe2a34bf9abb9a5b13928800149488cead47e48c754c75a061d5ea8a515f7f55611b0c048b88c9772ca4b1eb3d6fc931801990f1611e9b1171223527dceccfe8cfd72600a88a8486e088e21c30b997af1b60b55bc5443cecb18c2dcf54dbca3ac34f10ad2be9d755679519bb674b42904be579df62436bcf06de4cfd636d592840d674d11195edeb4dfe61370e9a9453378957fdecf2115ee008224fb8c97fcd051ddb1ed8d0419b950f2cd085bf1debaafb2a46cf65be863939cffde741797fdf64c17f3b447464be0e6bb90324c4c65b3cf66958a15d537a1675dffbc4e41f7a6c92ed27c5ef0dd0dcce6f96225b4e0ece510ce00f9611e395215e116026499dce3417cee3fbde0106b2a6fbd5937423124f6549c2206afc2ad1df5bedcc5e1371ed2b9f09f76576589450b09dd990811c59c3f848c1a4fccdfe686968903edffbc010eb73f55ac5a675fa3db70db12c826c8b7360617d8abeacefa6e2a8da62e4f304543cc9217fe1b0ec4fb044ca849802c4a140b91cc056d566c8670e4600941a54b2eb8643ff206c3401c0bd9838a025545227ae3e6bcb47fa3dcd1b40d8a0917f63744fb1ec2b72211c6cfda13248b2d0b4232e4fe7015cc42d4928f07ca9161640102f22236cca7ca3b81ffc81c4ff20532b5203e0d94771b8d0ec70e637135fdbb788fa8b4704e11d3c6083a45f51efd8560c0e63435516586aa82eaa998c140767d3ce35491e301c12f74583c61cd4d2ef1caa6fea3e353637cdeb3332d964155c9d32f826829a7174ab06c44e32063e46ce742b7027cffb8999302b602949c60496a0bf3c7cdf859d4ba51102674414867af614cffb88ac177dfbdb6131f7370dcb851002cec1742fb1561257716850c9ed3b075a6c023bcf05b5d580ac8e5d7ab7e5b1723212c681989e5f91958b635e0d076634584920c1b98d7f6ea0ddded6be9eb74de778b3c57c36b18e0c56c3a051014e09fac70ce6a7b0f042f5eeca8b8885e500bcb41f6fd974e5f6888859abdf3600706a3de9fce060c3069600c63106aff24210461c5d3423fa4e350041fd166902ad86bdba8cf965917f7e3ab019e1911d8013dad576465319c4e04b89b5ee1d07f54705718592d6aa453558294743daa8dba33159fb0e291829ac220562b007597e067e5f65841563673b69cc1d549f50e9efbdf256d797fe8c7d09596c167a45d", 0x2000, &(0x7f0000000dc0)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000340)={0x18, 0xfffffffffffffff5, 0xffffffff, {0x4}}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
writev(r8, &(0x7f0000000000)=[{&(0x7f0000000cc0)="e1", 0x56000}], 0x1)
ioctl$KVM_TPR_ACCESS_REPORTING(r2, 0xc028ae92, &(0x7f00000000c0)={0x1, 0xfffffffd})
ioctl$KVM_SET_MSRS(r3, 0x4008ae89, &(0x7f0000000040)=ANY=[@ANYBLOB="01000000000800005902"])

1.757674621s ago: executing program 2 (id=541):
mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x4000002, 0x5d031, 0xffffffffffffffff, 0x0)
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201})
write$tun(r0, &(0x7f0000000ec0)={@val={0x1c, 0x800}, @val={0x2, 0x4, 0x2, 0x7, 0x1, 0x404}, @mpls={[], @ipv4=@udp={{0x5, 0x4, 0x3, 0x27, 0x1c, 0x65, 0x0, 0xc, 0x11, 0x0, @private=0xa010102, @broadcast}, {0x4e20, 0x4e21, 0x8}}}}, 0x2a)
mlock(&(0x7f00007d8000/0x800000)=nil, 0x800000)
r1 = userfaultfd(0x801)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f00000000c0)={0xaa, 0x4})
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000000000)={{&(0x7f0000400000/0xc00000)=nil, 0xc00000}, 0x1})
ioctl$UFFDIO_CONTINUE(r1, 0xc020aa08, &(0x7f0000000080)={{&(0x7f0000400000/0xc00000)=nil, 0xc00000}})

1.48285905s ago: executing program 2 (id=542):
r0 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000480), 0x2, 0x0)
pwritev(r0, &(0x7f0000000600)=[{&(0x7f0000000040)="02000000", 0x4}, {&(0x7f0000000280)="f697079a161cfb7702311e629acda76933ddd0c24174eb4d4d28f9", 0x1b}, {&(0x7f000000a380)="527102587a0a4e43", 0x8}], 0x3, 0x0, 0x0)

1.328877247s ago: executing program 2 (id=543):
ioctl$VIDIOC_EXPBUF(0xffffffffffffffff, 0xc0405610, 0x0)
pipe(&(0x7f0000000140)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = socket$inet_udp(0x2, 0x2, 0x0)
close(r2)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r3=>0xffffffffffffffff})
vmsplice(r1, &(0x7f00000000c0)=[{&(0x7f0000000200)='=', 0x1}], 0x1, 0x0)
recvmmsg(r3, &(0x7f0000001440)=[{{&(0x7f0000000280)=@un=@abs, 0x0, &(0x7f0000001400)=[{&(0x7f0000001480)=""/1}, {&(0x7f0000000300)=""/102}, {&(0x7f0000000380)=""/4096, 0xc08e}, {&(0x7f0000001380)=""/111}]}}], 0x700, 0x40002002, 0x0)
write$binfmt_misc(r2, &(0x7f0000000040), 0xffc1)
setsockopt$sock_int(r3, 0x1, 0x10, &(0x7f0000000180)=0x55b7, 0x4)
splice(r0, 0x0, r2, 0x0, 0x4ffe0, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200))

1.219032768s ago: executing program 2 (id=544):
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
syz_genetlink_get_family_id$ethtool(0x0, 0xffffffffffffffff)
sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0x3, 0xffffffff}, 0x0)
fsetxattr$security_capability(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x1)
r2 = openat$full(0xffffffffffffff9c, &(0x7f0000000000), 0x4c4183, 0x0)
preadv2(r2, &(0x7f0000001540)=[{0x0}, {&(0x7f0000001380)=""/129, 0x7ffff000}], 0x2, 0x0, 0x0, 0x0)
syz_emit_ethernet(0x5e, &(0x7f00000004c0)=ANY=[@ANYBLOB="aaaaaaaaaaaabbbbbbbbbbbb86dd603000bb00282b00fc020000000000000000000000000000fe8000000000000000000000000000aa"], 0x0)

781.209873ms ago: executing program 1 (id=545):
socket$inet_udplite(0x2, 0x2, 0x88)
ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x8946, 0x0)
listen(0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sendmsg(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000200)}, 0x0)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0x401, 0x9, 0x8, 0x0, 0x7}, 0x0)
r2 = socket$key(0xf, 0x3, 0x2)
r3 = socket$vsock_stream(0x28, 0x1, 0x0)
sendmsg$sock(r3, 0x0, 0xc5)
sendmsg$key(r2, &(0x7f0000000040)={0x0, 0x3, &(0x7f00000000c0)={&(0x7f0000000240)={0x2, 0x5, 0xfc, 0x9, 0xe, 0x0, 0x70bd27, 0x7, [@sadb_address={0x5, 0x6, 0x0, 0x0, 0xe, @in6={0xa, 0x4e23, 0xfffffffd, @private1, 0x8598}}, @sadb_sa={0x2, 0x1, 0x4d4, 0x0, 0x81, 0x0, 0x0, 0xa0000000}, @sadb_address={0x5, 0x5, 0x0, 0x0, 0x0, @in6={0xa, 0x4e22, 0xfffff800, @private1={0xfc, 0x1, '\x00', 0x11}, 0x6}}]}, 0x70}, 0x1, 0x400000000000000}, 0x0)
r4 = socket$inet(0x2, 0x4000000000000001, 0x0)
sendto$inet(r4, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10)
syz_io_uring_setup(0x466, &(0x7f0000000440)={0x0, 0x86ed, 0x10100, 0x2}, &(0x7f0000000280), 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000200)={0x0}}, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)=ANY=[@ANYBLOB="4800000010001fff0000056842bb002552d215f6", @ANYRES32=0x0, @ANYBLOB="0000000000000000280012800a00010076786c616e00000018000280140011"], 0x48}}, 0x0)
socket(0x10, 0x3, 0x0)
r5 = syz_io_uring_setup(0x82e, &(0x7f0000000480)={0x0, 0xfffffffe, 0x10100}, &(0x7f0000000440)=<r6=>0x0, &(0x7f0000000080)=<r7=>0x0)
io_uring_register$IORING_REGISTER_PBUF_RING(r5, 0x16, &(0x7f0000000380)={&(0x7f0000001000)}, 0x1)
r8 = socket(0x10, 0x3, 0x0)
r9 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r9, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000300)=ANY=[@ANYBLOB="18000000240001030000000000000000010000000400ae"], 0x18}, 0x1, 0x0, 0x0, 0x8001}, 0x4000)
recvmmsg(r9, &(0x7f00000086c0)=[{{0x0, 0x0, 0x0}, 0x8}, {{0x0, 0x0, &(0x7f0000001a80)=[{0x0}], 0x1}, 0x80000000}], 0x2, 0x2020, 0x0)
syz_io_uring_submit(r6, r7, &(0x7f0000000700)=@IORING_OP_SEND={0x1a, 0x20, 0x0, r8, 0x0, 0x0, 0x0, 0x20044080, 0x1})
io_uring_enter(r5, 0x27e2, 0x0, 0x0, 0x0, 0x0)
setsockopt$inet_tcp_TCP_CONGESTION(r4, 0x6, 0xd, &(0x7f00000000c0)='vegas\x00', 0x6)

280.944571ms ago: executing program 5 (id=546):
r0 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$kcm(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000005c0)=[{&(0x7f00000003c0)="d800000018117b18e00212ba0d8105040a0a1100fe0f040b067c55a1bc0009001e0006990300000015000500fe800000000000000300014002000c0901ac04000bd67f6f94007100a007a290457f0189b316277ce06bbace8017cbec4c2ee5a7cef4090000001fb791643a5ee4b01602b2a10c11ce1b14d6d930dfe1d9d322fe04fb95cae8c9010000730d7a5025ccca262f3d40fad95667e04adcdf634c1f215ce3bb9ad8ffd5e1cace81ed0b7fece0b42a9ecbee5de6ccd40dd601edef3d93452a92307f00000e97031e9f05e9f16e9cb5", 0xd2}, {&(0x7f00000004c0)="f80ec2e2badd", 0x6}], 0x2, 0x0, 0x0, 0x2663}, 0x0)

0s ago: executing program 5 (id=547):
r0 = openat$fuse(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0)
syz_mount_image$fuse(&(0x7f0000000040), &(0x7f0000000000)='./file0\x00', 0x0, &(0x7f0000002280)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x4000}}, 0x0, 0x0, 0x0)
r1 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901)
move_mount(r1, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0)
umount2(&(0x7f00000001c0)='./file0\x00', 0x3)
openat$fuse(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0) (async)
syz_mount_image$fuse(&(0x7f0000000040), &(0x7f0000000000)='./file0\x00', 0x0, &(0x7f0000002280)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x4000}}, 0x0, 0x0, 0x0) (async)
open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901) (async)
move_mount(r1, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0) (async)
umount2(&(0x7f00000001c0)='./file0\x00', 0x3) (async)

kernel console output (not intermixed with test programs):

id=6695 comm="syz.1.204" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f81539 code=0x7ffc0000
[  175.507473][ T6722] netlink: 'syz.0.210': attribute type 2 has an invalid length.
[  175.625879][ T6722] : entered promiscuous mode
[  175.865837][ T6732] netlink: 4 bytes leftover after parsing attributes in process `syz.2.213'.
[  175.905301][ T6732] netlink: 12 bytes leftover after parsing attributes in process `syz.2.213'.
[  175.936618][ T6732] netlink: 428 bytes leftover after parsing attributes in process `syz.2.213'.
[  176.012530][ T6732] netlink: 32 bytes leftover after parsing attributes in process `syz.2.213'.
[  176.330215][ T5926] usb 1-1: new high-speed USB device number 17 using dummy_hcd
[  176.514553][ T5926] usb 1-1: config 0 has an invalid interface number: 1 but max is 0
[  176.523651][ T5926] usb 1-1: config 0 has no interface number 0
[  176.529817][ T5926] usb 1-1: config 0 interface 1 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  176.553197][ T5926] usb 1-1: config 0 interface 1 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  176.578380][ T5926] usb 1-1: New USB device found, idVendor=041e, idProduct=2801, bcdDevice= 0.00
[  176.587854][ T5926] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  176.610477][ T5926] usb 1-1: config 0 descriptor??
[  176.661884][ T6608] usb 4-1: new high-speed USB device number 17 using dummy_hcd
[  176.740533][ T6606] usb 3-1: new high-speed USB device number 11 using dummy_hcd
[  176.800573][ T6608] usb 4-1: device descriptor read/64, error -71
[  176.905027][ T6606] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  176.918036][ T6606] usb 3-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40
[  176.960539][ T6606] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  176.978646][ T6606] usb 3-1: config 0 descriptor??
[  177.040582][ T6608] usb 4-1: new high-speed USB device number 18 using dummy_hcd
[  177.046002][ T5926] prodikeys 0003:041E:2801.0002: hidraw0: USB HID v0.00 Device [HID 041e:2801] on usb-dummy_hcd.0-1/input1
[  177.068628][ T5926] hid_prodikeys: hid-prodikeys: failed to find output report
[  177.068628][ T5926] 
[  177.603301][ T6606] usbhid 3-1:0.0: can't add hid device: -71
[  177.610653][ T6606] usbhid 3-1:0.0: probe with driver usbhid failed with error -71
[  177.620944][ T6738] process 'syz.0.215' launched './file2' with NULL argv: empty string added
[  177.632614][ T6606] usb 3-1: USB disconnect, device number 11
[  177.660988][ T6608] usb 4-1: device descriptor read/64, error -71
[  177.732620][ T6588] usb 1-1: USB disconnect, device number 17
[  177.764968][ T6755] fido_id[6755]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.0/usb1/report_descriptor': No such file or directory
[  177.775738][ T6608] usb usb4-port1: attempt power cycle
[  177.953105][ T6606] usb 3-1: new high-speed USB device number 12 using dummy_hcd
[  178.112932][ T6606] usb 3-1: Using ep0 maxpacket: 32
[  178.121263][ T6606] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  178.132883][ T6608] usb 4-1: new high-speed USB device number 19 using dummy_hcd
[  178.140985][ T6606] usb 3-1: New USB device found, idVendor=0f11, idProduct=1021, bcdDevice= 0.40
[  178.151543][ T6606] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  178.162579][ T6606] usb 3-1: config 0 descriptor??
[  178.172136][ T6606] ldusb 3-1:0.0: Interrupt out endpoint not found (using control endpoint instead)
[  178.182146][ T6608] usb 4-1: device descriptor read/8, error -71
[  178.195076][ T6606] ldusb 3-1:0.0: LD USB Device #0 now attached to major 180 minor 0
[  178.379555][ T6748] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  178.389496][ T6748] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  178.420637][ T6608] usb 4-1: new high-speed USB device number 20 using dummy_hcd
[  178.465655][ T6608] usb 4-1: device descriptor read/8, error -71
[  178.477004][ T6606] usb 3-1: USB disconnect, device number 12
[  178.521962][ T6606] ldusb 3-1:0.0: LD USB Device #0 now disconnected
[  178.586517][ T6608] usb usb4-port1: unable to enumerate USB device
[  178.795139][ T6770] bridge0: port 2(bridge_slave_1) entered disabled state
[  178.809257][ T6770] A link change request failed with some changes committed already. Interface bridge_slave_1 may have been left with an inconsistent configuration, please check.
[  178.831808][ T6775] trusted_key: syz.1.225 sent an empty control message without MSG_MORE.
[  178.921203][ T6777] netlink: 4 bytes leftover after parsing attributes in process `syz.4.226'.
[  178.932532][ T6777] netlink: 12 bytes leftover after parsing attributes in process `syz.4.226'.
[  178.945145][ T6777] netlink: 428 bytes leftover after parsing attributes in process `syz.4.226'.
[  178.957176][ T6777] netlink: 32 bytes leftover after parsing attributes in process `syz.4.226'.
[  179.511332][ T6788] syz.2.229(6788): Attempt to set a LOCK_MAND lock via flock(2). This support has been removed and the request ignored.
[  179.971046][ T6790] vivid-002: =================  START STATUS  =================
[  180.013437][ T6790] vivid-002: Radio HW Seek Mode: Bounded
[  180.024574][ T6790] vivid-002: Radio Programmable HW Seek: false
[  180.045496][ T6588] usb 3-1: new high-speed USB device number 13 using dummy_hcd
[  180.114548][ T6790] vivid-002: RDS Rx I/O Mode: Block I/O
[  180.126748][ T6790] vivid-002: Generate RBDS Instead of RDS: false
[  180.149553][ T6790] vivid-002: RDS Reception: true
[  180.205291][ T6790] vivid-002: RDS Program Type: 0 inactive
[  180.262261][ T6588] usb 3-1: config 0 has no interfaces?
[  180.391882][ T6790] vivid-002: RDS PS Name:  inactive
[  180.454129][ T6588] usb 3-1: New USB device found, idVendor=091e, idProduct=0003, bcdDevice=d7.3b
[  180.464187][ T6588] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  180.474871][ T6588] usb 3-1: Product: syz
[  180.488117][ T6588] usb 3-1: Manufacturer: syz
[  180.496874][ T6790] vivid-002: RDS Radio Text:  inactive
[  180.570663][ T6588] usb 3-1: SerialNumber: syz
[  180.571430][ T6790] vivid-002: RDS Traffic Announcement: false inactive
[  180.617982][ T6588] usb 3-1: config 0 descriptor??
[  180.623231][ T5926] usb 2-1: new high-speed USB device number 9 using dummy_hcd
[  180.769681][ T6790] vivid-002: RDS Traffic Program: false inactive
[  180.783475][ T6790] vivid-002: RDS Music: false inactive
[  180.802203][ T5926] usb 2-1: Using ep0 maxpacket: 8
[  180.834263][ T5926] usb 2-1: config 5 has an invalid interface number: 72 but max is 0
[  180.842748][ T5926] usb 2-1: config 5 has no interface number 0
[  180.880868][ T5926] usb 2-1: config 5 interface 72 altsetting 90 bulk endpoint 0xD has invalid maxpacket 959
[  180.895051][ T6790] vivid-002: ==================  END STATUS  ==================
[  180.909991][ T5926] usb 2-1: config 5 interface 72 has no altsetting 0
[  180.988228][ T5926] usb 2-1: New USB device found, idVendor=0ccd, idProduct=0078, bcdDevice=32.a9
[  181.020259][ T5926] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  181.063945][ T5926] usb 2-1: Product: syz
[  181.091823][ T5926] usb 2-1: Manufacturer: 熉⌚䏝牝肧돚깐ꌶ흈㆞彩⸝⻯⎆薿븥約꣸怀吣꼬ͮ䣸蚈柤幤腡尡㋔猑篐餱◅㷺ꋱⒶ쑫㆚焛ᅭЕﹶ쟁ઈ굎揠뽜᝾埝㠳캽둓봈䬧Ṟ滻⾏媫禡눚莀䚙哛띙账᪁侃螀걁
[  181.164769][ T5926] usb 2-1: SerialNumber: syz
[  181.219322][ T6794] raw-gadget.1 gadget.1: fail, usb_ep_enable returned -22
[  181.444310][ T6794] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  181.457271][ T6794] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  181.459619][ T6805] loop8: detected capacity change from 0 to 4
[  181.477197][ T5926] dvb-usb: found a 'Terratec Cinergy T USB XXS (HD)/ T3' in cold state, will try to load a firmware
[  181.527176][ T6805]  loop8: [POWERTEC] p1 p2 p3 p4 p5 p6 p7 p8 p9 p10 p11
[  181.550047][ T5926] dvb-usb: downloading firmware from file 'dvb-usb-dib0700-1.20.fw'
[  181.554293][ T6805] loop8: p1 start 1073741824 is beyond EOD, 
[  181.569417][ T5926] dib0700: firmware download failed at 7 with -22
[  181.585048][ T6805] truncated
[  181.604895][ T6805] loop8: p2 start 4 is beyond EOD, truncated
[  181.608837][ T5926] usb 2-1: USB disconnect, device number 9
[  181.649375][ T6805] loop8: p4 start 4 is beyond EOD, truncated
[  181.663177][ T6805] loop8: p6 start 1879048192 is beyond EOD, truncated
[  181.675477][ T6805] loop8: p7 start 4294967295 is beyond EOD, truncated
[  181.685160][ T6805] loop8: p8 size 7 extends beyond EOD, truncated
[  181.704677][ T6805] loop8: p9 size 6 extends beyond EOD, truncated
[  181.727887][ T6805] loop8: p10 start 149541451 is beyond EOD, truncated
[  181.740363][ T6805] loop8: p11 start 4207571694 is beyond EOD, truncated
[  181.883507][ T5956] udevd[5956]: inotify_add_watch(7, /dev/loop8p8, 10) failed: No such file or directory
[  181.894218][ T5886] udevd[5886]: inotify_add_watch(7, /dev/loop8p3, 10) failed: No such file or directory
[  181.916131][ T5922] udevd[5922]: inotify_add_watch(7, /dev/loop8p9, 10) failed: No such file or directory
[  181.943609][ T6012] udevd[6012]: inotify_add_watch(7, /dev/loop8p5, 10) failed: No such file or directory
[  182.148659][ T6810] loop8: detected capacity change from 0 to 4
[  182.163722][ T6810]  loop8: [POWERTEC] p1 p2 p3 p4 p5 p6 p7 p8 p9 p10 p11
[  182.207163][ T6810] loop8: p1 start 1073741824 is beyond EOD, truncated
[  182.215809][ T6812] netlink: 4 bytes leftover after parsing attributes in process `syz.4.237'.
[  182.250061][ T6810] loop8: p2 start 4 is beyond EOD, truncated
[  182.265090][ T6812] netlink: 12 bytes leftover after parsing attributes in process `syz.4.237'.
[  182.290553][ T6810] loop8: p4 start 4 is beyond EOD, truncated
[  182.304989][ T6812] netlink: 428 bytes leftover after parsing attributes in process `syz.4.237'.
[  182.334952][ T6810] loop8: p6 start 1879048192 is beyond EOD, truncated
[  182.348840][ T6812] netlink: 32 bytes leftover after parsing attributes in process `syz.4.237'.
[  182.358982][ T6810] loop8: p7 start 4294967295 is beyond EOD, truncated
[  182.404119][ T6810] loop8: p8 size 7 extends beyond EOD, truncated
[  182.434009][ T6810] loop8: p9 size 6 extends beyond EOD, truncated
[  182.474518][ T6810] loop8: p10 start 149541451 is beyond EOD, truncated
[  182.495289][ T6810] loop8: p11 start 4207571694 is beyond EOD, truncated
[  182.820061][ T5926] usb 1-1: new full-speed USB device number 18 using dummy_hcd
[  182.847042][ T6012] udevd[6012]: inotify_add_watch(7, /dev/loop8p5, 10) failed: No such file or directory
[  182.847228][ T5956] udevd[5956]: inotify_add_watch(7, /dev/loop8p8, 10) failed: No such file or directory
[  182.872276][ T5886] udevd[5886]: inotify_add_watch(7, /dev/loop8p3, 10) failed: No such file or directory
[  182.886224][ T5922] udevd[5922]: inotify_add_watch(7, /dev/loop8p9, 10) failed: No such file or directory
[  183.111420][ T5926] usb 1-1: config 0 has no interfaces?
[  183.143104][ T6608] usb 3-1: USB disconnect, device number 13
[  183.237112][ T5926] usb 1-1: New USB device found, idVendor=091e, idProduct=0003, bcdDevice=d7.3b
[  183.345969][ T5926] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  183.369062][ T5926] usb 1-1: Product: syz
[  183.376041][ T5926] usb 1-1: Manufacturer: syz
[  183.381126][ T5926] usb 1-1: SerialNumber: syz
[  183.389135][ T5926] usb 1-1: config 0 descriptor??
[  183.540692][ T6609] usb 2-1: new high-speed USB device number 10 using dummy_hcd
[  183.665401][ T6827] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=2834047395 (22672379160 ns) > initial count (8751802360 ns). Using initial count to start timer.
[  183.692780][ T6827] kvm: pic: single mode not supported
[  183.692914][ T6827] kvm: pic: level sensitive irq not supported
[  183.740421][ T6609] usb 2-1: Using ep0 maxpacket: 32
[  183.743101][ T6609] usb 2-1: config 0 has an invalid interface number: 89 but max is 0
[  183.743131][ T6609] usb 2-1: config 0 has no interface number 0
[  183.743162][ T6609] usb 2-1: config 0 interface 89 has no altsetting 0
[  183.745744][ T6609] usb 2-1: New USB device found, idVendor=0ccd, idProduct=10af, bcdDevice=38.4e
[  183.745777][ T6609] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  183.745798][ T6609] usb 2-1: Product: syz
[  183.745809][ T6609] usb 2-1: Manufacturer: syz
[  183.745820][ T6609] usb 2-1: SerialNumber: syz
[  183.748774][ T6609] usb 2-1: config 0 descriptor??
[  183.963254][ T6606] usb 3-1: new high-speed USB device number 14 using dummy_hcd
[  183.967933][ T6821] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  183.968376][ T6821] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  184.009047][ T6821] netlink: 4 bytes leftover after parsing attributes in process `syz.1.241'.
[  184.016291][ T5844] usb 2-1: USB disconnect, device number 10
[  184.160692][ T6606] usb 3-1: Using ep0 maxpacket: 8
[  184.187465][ T6606] usb 3-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2d.ea
[  184.201808][ T6606] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  184.218619][ T6606] usb 3-1: Product: syz
[  184.226451][ T6606] usb 3-1: Manufacturer: syz
[  184.234141][ T6606] usb 3-1: SerialNumber: syz
[  184.281097][ T6606] usb 3-1: config 0 descriptor??
[  184.493960][ T6606] usb 3-1: dvb_usb_v2: found a 'TerraTec NOXON DAB Stick' in warm state
[  184.661942][ T6840] binder: BINDER_SET_CONTEXT_MGR already set
[  184.669218][ T6840] binder: 6839:6840 ioctl 4018620d 80000040 returned -16
[  185.105670][ T6845] loop8: detected capacity change from 0 to 4
[  185.113560][ T6845] Dev loop8: unable to read RDB block 4
[  185.119516][ T6845]  loop8: unable to read partition table
[  185.127383][ T6845] loop8: partition table beyond EOD, truncated
[  185.134630][ T6845] loop_reread_partitions: partition scan of loop8 (�被x������ڬ��dƤ����ݡ�����
[  185.134630][ T6845] 
) failed (rc=-5)
[  185.400749][ T6847] netlink: 'syz.1.249': attribute type 10 has an invalid length.
[  185.412124][ T6840] syz.3.247 (6840): drop_caches: 2
[  185.454277][ T6847] netlink: 4 bytes leftover after parsing attributes in process `syz.1.249'.
[  185.918444][ T5844] usb 1-1: USB disconnect, device number 18
[  186.028646][ T6853] netlink: 28 bytes leftover after parsing attributes in process `syz.0.251'.
[  186.107266][ T6855] netlink: 4 bytes leftover after parsing attributes in process `syz.0.253'.
[  186.121112][ T6606] dvb_usb_rtl28xxu 3-1:0.0: probe with driver dvb_usb_rtl28xxu failed with error -71
[  186.122422][ T6855] netlink: 428 bytes leftover after parsing attributes in process `syz.0.253'.
[  186.140730][ T6855] netlink: 32 bytes leftover after parsing attributes in process `syz.0.253'.
[  186.153469][ T6606] usb 3-1: USB disconnect, device number 14
[  186.434355][ T6587] usb 5-1: new high-speed USB device number 20 using dummy_hcd
[  186.686785][ T6587] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  186.700019][ T6587] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  186.726179][ T6872] bond0: option fail_over_mac: unable to set because the bond device has slaves
[  186.748735][ T6587] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  186.815994][ T6587] usb 5-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  186.835966][ T6587] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  187.016001][ T6606] usb 2-1: new high-speed USB device number 11 using dummy_hcd
[  187.053200][ T6587] usb 5-1: config 0 descriptor??
[  187.097720][ T6878] netlink: 8 bytes leftover after parsing attributes in process `syz.2.260'.
[  187.170485][ T6606] usb 2-1: Using ep0 maxpacket: 32
[  187.237340][ T6606] usb 2-1: config 0 interface 0 has no altsetting 0
[  187.271372][ T6606] usb 2-1: New USB device found, idVendor=16d0, idProduct=10b8, bcdDevice=de.8e
[  187.298877][ T6606] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  187.325058][ T6606] usb 2-1: Product: syz
[  187.349752][ T6606] usb 2-1: Manufacturer: syz
[  187.366567][ T6606] usb 2-1: SerialNumber: syz
[  187.389749][ T6606] usb 2-1: config 0 descriptor??
[  187.440003][ T5844] usb 4-1: new high-speed USB device number 21 using dummy_hcd
[  187.831827][ T5844] usb 4-1: config 0 has an invalid interface number: 83 but max is 0
[  187.840989][ T5844] usb 4-1: config 0 has no interface number 0
[  187.849612][ T5844] usb 4-1: config 0 interface 83 altsetting 0 endpoint 0xC has invalid wMaxPacketSize 0
[  187.897383][ T5844] usb 4-1: New USB device found, idVendor=0b48, idProduct=2003, bcdDevice=39.61
[  187.944462][ T5844] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  188.057860][ T5844] usb 4-1: config 0 descriptor??
[  188.246607][ T5844] ttusbir 4-1:0.83: cannot find expected altsetting
[  188.504848][ T6606] gs_usb 2-1:0.0: Couldn't send data format (err=-110)
[  188.518615][ T6606] gs_usb 2-1:0.0: probe with driver gs_usb failed with error -110
[  189.206396][ T6895] netlink: 'syz.2.264': attribute type 10 has an invalid length.
[  189.233943][ T6895] netlink: 4 bytes leftover after parsing attributes in process `syz.2.264'.
[  189.275924][ T5844] usb 4-1: USB disconnect, device number 21
[  189.427500][ T6587] usbhid 5-1:0.0: can't add hid device: -71
[  189.442506][ T6587] usbhid 5-1:0.0: probe with driver usbhid failed with error -71
[  189.492212][ T6587] usb 5-1: USB disconnect, device number 20
[  189.684711][ T6606] usb 2-1: USB disconnect, device number 11
[  189.696235][ T6897] netlink: 4 bytes leftover after parsing attributes in process `syz.4.265'.
[  189.808794][ T6897] netlink: 428 bytes leftover after parsing attributes in process `syz.4.265'.
[  189.819280][ T6897] netlink: 32 bytes leftover after parsing attributes in process `syz.4.265'.
[  189.929972][ T5844] usb 4-1: new high-speed USB device number 22 using dummy_hcd
[  189.997516][ T6909] netlink: 12 bytes leftover after parsing attributes in process `syz.4.269'.
[  190.020037][ T5926] usb 1-1: new high-speed USB device number 19 using dummy_hcd
[  190.063034][ T6909] 8021q: adding VLAN 0 to HW filter on device bond1
[  190.091155][ T5844] usb 4-1: Using ep0 maxpacket: 8
[  190.105728][ T5844] usb 4-1: config index 0 descriptor too short (expected 48423, got 39)
[  190.117770][ T5844] usb 4-1: config 106 has too many interfaces: 83, using maximum allowed: 32
[  190.129794][ T5844] usb 4-1: config 106 has an invalid descriptor of length 65, skipping remainder of the config
[  190.146657][ T5844] usb 4-1: config 106 has 0 interfaces, different from the descriptor's value: 83
[  190.159429][ T5844] usb 4-1: New USB device found, idVendor=04e2, idProduct=1412, bcdDevice=ca.10
[  190.169411][ T5844] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  190.183756][ T5844] usb 4-1: Product: syz
[  190.188442][ T5844] usb 4-1: Manufacturer: syz
[  190.194155][ T5844] usb 4-1: SerialNumber: syz
[  190.200311][ T5926] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  190.213794][ T5926] usb 1-1: config 0 has no interfaces?
[  190.219977][ T5926] usb 1-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  190.240247][ T5926] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  190.252761][ T6588] usb 3-1: new high-speed USB device number 15 using dummy_hcd
[  190.306113][ T5926] usb 1-1: config 0 descriptor??
[  190.330436][ T6587] usb 2-1: new high-speed USB device number 12 using dummy_hcd
[  190.410213][ T6588] usb 3-1: Using ep0 maxpacket: 32
[  190.431403][ T6588] usb 3-1: config index 0 descriptor too short (expected 156, got 27)
[  190.465174][ T5844] usb 4-1: USB disconnect, device number 22
[  190.472021][ T6588] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  190.496512][ T6588] usb 3-1: config 0 has 0 interfaces, different from the descriptor's value: 1
[  190.509344][ T6587] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 0, changing to 7
[  190.523499][ T6587] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x3 has invalid wMaxPacketSize 0
[  190.541277][ T6587] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x8A has an invalid bInterval 0, changing to 7
[  190.555888][ T6588] usb 3-1: New USB device found, idVendor=0f11, idProduct=1021, bcdDevice=86.66
[  190.565866][ T6588] usb 3-1: New USB device strings: Mfr=85, Product=120, SerialNumber=172
[  190.575332][ T6588] usb 3-1: Product: syz
[  190.582046][ T6588] usb 3-1: Manufacturer: syz
[  190.588400][ T6587] usb 2-1: New USB device found, idVendor=0a07, idProduct=00d0, bcdDevice=10.13
[  190.603183][ T6587] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  190.612525][ T6588] usb 3-1: SerialNumber: syz
[  190.620278][ T6587] usb 2-1: Product: syz
[  190.624698][ T6587] usb 2-1: Manufacturer: syz
[  190.631407][ T6588] usb 3-1: config 0 descriptor??
[  190.647917][ T6587] usb 2-1: SerialNumber: syz
[  190.663264][ T6587] usb 2-1: config 0 descriptor??
[  190.723686][ T6606] usb 1-1: USB disconnect, device number 19
[  190.839714][ T6908] FAULT_INJECTION: forcing a failure.
[  190.839714][ T6908] name failslab, interval 1, probability 0, space 0, times 0
[  190.864082][ T6908] CPU: 0 UID: 0 PID: 6908 Comm: syz.2.270 Not tainted 6.15.0-rc6-syzkaller-00025-g627277ba7c23 #0 PREEMPT(full) 
[  190.864116][ T6908] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  190.864129][ T6908] Call Trace:
[  190.864138][ T6908]  <TASK>
[  190.864148][ T6908]  dump_stack_lvl+0x189/0x250
[  190.864194][ T6908]  ? __pfx_dump_stack_lvl+0x10/0x10
[  190.864226][ T6908]  ? __pfx__printk+0x10/0x10
[  190.864254][ T6908]  ? ref_tracker_alloc+0x318/0x460
[  190.864281][ T6908]  should_fail_ex+0x414/0x560
[  190.864309][ T6908]  should_failslab+0xa8/0x100
[  190.864340][ T6908]  kmem_cache_alloc_noprof+0x73/0x3c0
[  190.864367][ T6908]  ? skb_clone+0x212/0x3a0
[  190.864404][ T6908]  skb_clone+0x212/0x3a0
[  190.864438][ T6908]  __netlink_deliver_tap+0x404/0x850
[  190.864476][ T6908]  ? netlink_deliver_tap+0x2e/0x1b0
[  190.864501][ T6908]  netlink_deliver_tap+0x19c/0x1b0
[  190.864525][ T6908]  netlink_unicast+0x72f/0x8d0
[  190.864558][ T6908]  netlink_sendmsg+0x805/0xb30
[  190.864593][ T6908]  ? __pfx_netlink_sendmsg+0x10/0x10
[  190.864620][ T6908]  ? __import_iovec+0x5d4/0x7f0
[  190.864646][ T6908]  ? aa_sock_msg_perm+0x94/0x160
[  190.864672][ T6908]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  190.864695][ T6908]  ? __pfx_netlink_sendmsg+0x10/0x10
[  190.864720][ T6908]  __sock_sendmsg+0x21c/0x270
[  190.864745][ T6908]  ____sys_sendmsg+0x505/0x830
[  190.864780][ T6908]  ? __pfx_____sys_sendmsg+0x10/0x10
[  190.864826][ T6908]  ___sys_sendmsg+0x21f/0x2a0
[  190.864856][ T6908]  ? __pfx____sys_sendmsg+0x10/0x10
[  190.864925][ T6908]  ? __fget_files+0x2a/0x420
[  190.864957][ T6908]  ? __fget_files+0x3a0/0x420
[  190.864996][ T6908]  __sys_sendmsg+0x164/0x220
[  190.865027][ T6908]  ? __pfx___sys_sendmsg+0x10/0x10
[  190.865072][ T6908]  ? syscall_enter_from_user_mode_prepare+0x7f/0xe0
[  190.865101][ T6908]  ? lockdep_hardirqs_on+0x9c/0x150
[  190.865129][ T6908]  __do_fast_syscall_32+0xb4/0x110
[  190.865157][ T6908]  ? lockdep_hardirqs_on+0x9c/0x150
[  190.865201][ T6908]  do_fast_syscall_32+0x34/0x80
[  190.865229][ T6908]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  190.865255][ T6908] RIP: 0023:0xf703e539
[  190.865273][ T6908] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
[  190.865291][ T6908] RSP: 002b:00000000f502e55c EFLAGS: 00000206 ORIG_RAX: 0000000000000172
[  190.865313][ T6908] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000080001240
[  190.865327][ T6908] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  190.865339][ T6908] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  190.865351][ T6908] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[  190.865364][ T6908] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  190.865394][ T6908]  </TASK>
[  191.170949][ T6609] usb 3-1: USB disconnect, device number 15
[  191.539364][   T30] kauditd_printk_skb: 31 callbacks suppressed
[  191.539384][   T30] audit: type=1326 audit(1747115904.322:81): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6929 comm="syz.0.275" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f33539 code=0x7ffc0000
[  191.636269][ T6932] usb usb8: usbfs: process 6932 (syz.4.274) did not claim interface 0 before use
[  191.684661][   T30] audit: type=1326 audit(1747115904.322:82): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6929 comm="syz.0.275" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f33539 code=0x7ffc0000
[  191.849703][   T30] audit: type=1326 audit(1747115904.342:83): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6929 comm="syz.0.275" exe="/root/syz-executor" sig=0 arch=40000003 syscall=323 compat=1 ip=0xf7f33539 code=0x7ffc0000
[  191.922007][ T6609] usb 5-1: new high-speed USB device number 21 using dummy_hcd
[  191.928882][   T30] audit: type=1326 audit(1747115904.342:84): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6929 comm="syz.0.275" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f33539 code=0x7ffc0000
[  192.000578][   T30] audit: type=1326 audit(1747115904.342:85): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6929 comm="syz.0.275" exe="/root/syz-executor" sig=0 arch=40000003 syscall=359 compat=1 ip=0xf7f33539 code=0x7ffc0000
[  192.025712][ T6934] netlink: 'syz.2.276': attribute type 39 has an invalid length.
[  192.032503][   T30] audit: type=1326 audit(1747115904.342:86): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6929 comm="syz.0.275" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f33539 code=0x7ffc0000
[  192.063182][   T30] audit: type=1326 audit(1747115904.342:87): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6929 comm="syz.0.275" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f33539 code=0x7ffc0000
[  192.095391][   T30] audit: type=1326 audit(1747115904.342:88): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6929 comm="syz.0.275" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f33539 code=0x7ffc0000
[  192.120042][   T30] audit: type=1326 audit(1747115904.342:89): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6929 comm="syz.0.275" exe="/root/syz-executor" sig=0 arch=40000003 syscall=54 compat=1 ip=0xf7f33539 code=0x7ffc0000
[  192.155551][   T30] audit: type=1326 audit(1747115904.342:90): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6929 comm="syz.0.275" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f33539 code=0x7ffc0000
[  192.182943][ T6609] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  192.200728][ T6609] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 3
[  192.214651][ T6609] usb 5-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00
[  192.224996][ T6609] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3
[  192.396468][ T6609] usb 5-1: SerialNumber: syz
[  192.639193][ T6941] vhci_hcd vhci_hcd.0: pdev(2) rhport(0) sockfd(3)
[  192.646050][ T6941] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed)
[  192.672497][ T6941] vhci_hcd vhci_hcd.0: Device attached
[  192.737478][ T5849] syz-executor (5849) used greatest stack depth: 18600 bytes left
[  192.752693][ T6944] vhci_hcd: Failed attach request for unsupported USB speed: UNKNOWN
[  192.865684][ T6941] vhci_hcd: Failed attach request for unsupported USB speed: UNKNOWN
[  192.960112][ T6588] usb 37-1: new low-speed USB device number 2 using vhci_hcd
[  192.985096][ T6944] vhci_hcd: Failed attach request for unsupported USB speed: UNKNOWN
[  193.024830][ T6946] netlink: 20 bytes leftover after parsing attributes in process `syz.4.274'.
[  193.521529][ T6945] vhci_hcd vhci_hcd.0: pdev(2) rhport(2) sockfd(5)
[  193.528700][ T6945] vhci_hcd vhci_hcd.0: devid(0) speed(2) speed_str(full-speed)
[  193.664722][ T6945] vhci_hcd vhci_hcd.0: Device attached
[  193.690382][ T6949] vhci_hcd vhci_hcd.0: pdev(2) rhport(5) sockfd(12)
[  193.697254][ T6949] vhci_hcd vhci_hcd.0: devid(0) speed(2) speed_str(full-speed)
[  193.723590][ T6949] vhci_hcd vhci_hcd.0: Device attached
[  193.965509][ T6950] vhci_hcd: connection closed
[  193.966868][ T6947] vhci_hcd: connection closed
[  193.967222][ T6942] vhci_hcd: connection reset by peer
[  193.992816][ T1153] vhci_hcd: stop threads
[  194.012529][ T1153] vhci_hcd: release socket
[  194.019634][ T1153] vhci_hcd: disconnect device
[  194.069665][ T6587] adutux 2-1:0.0: ADU208  now attached to /dev/usb/adutux0
[  194.079003][ T1153] vhci_hcd: stop threads
[  194.089577][ T1153] vhci_hcd: release socket
[  194.104309][ T1153] vhci_hcd: disconnect device
[  194.125108][ T1153] vhci_hcd: stop threads
[  194.129706][ T1153] vhci_hcd: release socket
[  194.136159][ T6587] usb 2-1: USB disconnect, device number 12
[  194.137112][ T1153] vhci_hcd: disconnect device
[  194.324846][   T53] bond0: (slave netdevsim0): Releasing backup interface
[  194.506560][ T1299] ieee802154 phy0 wpan0: encryption failed: -22
[  194.514203][ T1299] ieee802154 phy1 wpan1: encryption failed: -22
[  194.906759][   T53] bridge_slave_1: left allmulticast mode
[  194.956636][   T53] bridge_slave_1: left promiscuous mode
[  194.998568][   T53] bridge0: port 2(bridge_slave_1) entered disabled state
[  195.053582][   T53] bridge_slave_0: left allmulticast mode
[  195.081647][   T53] bridge_slave_0: left promiscuous mode
[  195.110697][   T53] bridge0: port 1(bridge_slave_0) entered disabled state
[  195.244938][ T6609] usb 5-1: 0:2 : does not exist
[  195.341319][ T6960] FAULT_INJECTION: forcing a failure.
[  195.341319][ T6960] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  195.351021][ T6961] FAULT_INJECTION: forcing a failure.
[  195.351021][ T6961] name failslab, interval 1, probability 0, space 0, times 0
[  195.369479][ T6609] usb 5-1: USB disconnect, device number 21
[  195.402157][ T6960] CPU: 1 UID: 0 PID: 6960 Comm: syz.1.284 Not tainted 6.15.0-rc6-syzkaller-00025-g627277ba7c23 #0 PREEMPT(full) 
[  195.402189][ T6960] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  195.402203][ T6960] Call Trace:
[  195.402212][ T6960]  <TASK>
[  195.402220][ T6960]  dump_stack_lvl+0x189/0x250
[  195.402254][ T6960]  ? __lock_acquire+0xaac/0xd20
[  195.402287][ T6960]  ? __pfx_dump_stack_lvl+0x10/0x10
[  195.402316][ T6960]  ? __pfx__printk+0x10/0x10
[  195.402337][ T6960]  ? __might_fault+0xb0/0x130
[  195.402376][ T6960]  should_fail_ex+0x414/0x560
[  195.402404][ T6960]  _copy_from_user+0x2d/0xb0
[  195.402434][ T6960]  cmsghdr_from_user_compat_to_kern+0x394/0x800
[  195.402477][ T6960]  ? __pfx_cmsghdr_from_user_compat_to_kern+0x10/0x10
[  195.402516][ T6960]  ____sys_sendmsg+0x20f/0x830
[  195.402551][ T6960]  ? __pfx_____sys_sendmsg+0x10/0x10
[  195.402596][ T6960]  ___sys_sendmsg+0x21f/0x2a0
[  195.402626][ T6960]  ? __pfx____sys_sendmsg+0x10/0x10
[  195.402692][ T6960]  ? __fget_files+0x2a/0x420
[  195.402719][ T6960]  ? __fget_files+0x3a0/0x420
[  195.402765][ T6960]  __sys_sendmmsg+0x28e/0x430
[  195.402799][ T6960]  ? __pfx___sys_sendmmsg+0x10/0x10
[  195.402838][ T6960]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[  195.402885][ T6960]  ? ksys_write+0x1f0/0x250
[  195.402921][ T6960]  __ia32_compat_sys_sendmmsg+0xa2/0xc0
[  195.402950][ T6960]  __do_fast_syscall_32+0xb4/0x110
[  195.402980][ T6960]  ? lockdep_hardirqs_on+0x9c/0x150
[  195.403009][ T6960]  do_fast_syscall_32+0x34/0x80
[  195.403037][ T6960]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  195.403062][ T6960] RIP: 0023:0xf7f81539
[  195.403079][ T6960] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
[  195.403098][ T6960] RSP: 002b:00000000f50a655c EFLAGS: 00000206 ORIG_RAX: 0000000000000159
[  195.403120][ T6960] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000800032c0
[  195.403134][ T6960] RDX: 0000000000000001 RSI: 0000000000000000 RDI: 0000000000000000
[  195.403145][ T6960] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  195.403156][ T6960] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[  195.403174][ T6960] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  195.403204][ T6960]  </TASK>
[  195.642521][ T6961] CPU: 1 UID: 0 PID: 6961 Comm: syz.2.285 Not tainted 6.15.0-rc6-syzkaller-00025-g627277ba7c23 #0 PREEMPT(full) 
[  195.642552][ T6961] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  195.642565][ T6961] Call Trace:
[  195.642573][ T6961]  <TASK>
[  195.642581][ T6961]  dump_stack_lvl+0x189/0x250
[  195.642618][ T6961]  ? __pfx_dump_stack_lvl+0x10/0x10
[  195.642646][ T6961]  ? __pfx__printk+0x10/0x10
[  195.642670][ T6961]  ? __pfx___might_resched+0x10/0x10
[  195.642689][ T6961]  ? fs_reclaim_acquire+0x7d/0x100
[  195.642740][ T6961]  should_fail_ex+0x414/0x560
[  195.642764][ T6961]  should_failslab+0xa8/0x100
[  195.642792][ T6961]  kmem_cache_alloc_node_noprof+0x76/0x3c0
[  195.642819][ T6961]  ? __alloc_skb+0x112/0x2d0
[  195.642846][ T6961]  __alloc_skb+0x112/0x2d0
[  195.642874][ T6961]  netlink_ack+0x146/0xa50
[  195.642894][ T6961]  ? kasan_quarantine_put+0xdd/0x220
[  195.642925][ T6961]  ? kfree+0x193/0x440
[  195.642953][ T6961]  nfnetlink_rcv+0x22a0/0x2530
[  195.643013][ T6961]  ? __pfx_nfnetlink_rcv+0x10/0x10
[  195.643127][ T6961]  ? skb_clone+0x246/0x3a0
[  195.643178][ T6961]  ? netlink_deliver_tap+0x2e/0x1b0
[  195.643201][ T6961]  ? netlink_deliver_tap+0x2e/0x1b0
[  195.643243][ T6961]  netlink_unicast+0x758/0x8d0
[  195.643275][ T6961]  netlink_sendmsg+0x805/0xb30
[  195.643309][ T6961]  ? __pfx_netlink_sendmsg+0x10/0x10
[  195.643336][ T6961]  ? __import_iovec+0x5d4/0x7f0
[  195.643362][ T6961]  ? aa_sock_msg_perm+0x94/0x160
[  195.643388][ T6961]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  195.643412][ T6961]  ? __pfx_netlink_sendmsg+0x10/0x10
[  195.643437][ T6961]  __sock_sendmsg+0x21c/0x270
[  195.643460][ T6961]  ____sys_sendmsg+0x505/0x830
[  195.643512][ T6961]  ? __pfx_____sys_sendmsg+0x10/0x10
[  195.643557][ T6961]  ___sys_sendmsg+0x21f/0x2a0
[  195.643594][ T6961]  ? __pfx____sys_sendmsg+0x10/0x10
[  195.643658][ T6961]  ? __fget_files+0x2a/0x420
[  195.643683][ T6961]  ? __fget_files+0x3a0/0x420
[  195.643727][ T6961]  __sys_sendmsg+0x164/0x220
[  195.643757][ T6961]  ? __pfx___sys_sendmsg+0x10/0x10
[  195.643800][ T6961]  ? syscall_enter_from_user_mode_prepare+0x7f/0xe0
[  195.643838][ T6961]  ? lockdep_hardirqs_on+0x9c/0x150
[  195.643864][ T6961]  __do_fast_syscall_32+0xb4/0x110
[  195.643898][ T6961]  ? lockdep_hardirqs_on+0x9c/0x150
[  195.643926][ T6961]  do_fast_syscall_32+0x34/0x80
[  195.643953][ T6961]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  195.643977][ T6961] RIP: 0023:0xf703e539
[  195.643996][ T6961] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
[  195.644014][ T6961] RSP: 002b:00000000f502e55c EFLAGS: 00000206 ORIG_RAX: 0000000000000172
[  195.644036][ T6961] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000800000c0
[  195.644050][ T6961] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  195.644062][ T6961] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  195.644073][ T6961] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[  195.644085][ T6961] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  195.644114][ T6961]  </TASK>
[  196.058918][ T6969] netlink: 'syz.2.288': attribute type 23 has an invalid length.
[  196.082019][ T5847] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[  196.093714][ T5847] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[  196.120604][ T6610] usb 1-1: new high-speed USB device number 20 using dummy_hcd
[  196.163632][ T5886] udevd[5886]: error opening ATTR{/sys/devices/platform/dummy_hcd.4/usb5/5-1/5-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  196.216000][ T5847] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[  196.245928][ T5847] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[  196.261239][ T5847] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[  196.291248][ T6610] usb 1-1: device descriptor read/64, error -71
[  196.403125][   T53] bond0 (unregistering): (slave bridge0): Releasing backup interface
[  196.536338][ T6610] usb 1-1: new high-speed USB device number 21 using dummy_hcd
[  196.594449][   T53] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  196.608162][   T53] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  196.618564][   T53] bond0 (unregistering): Released all slaves
[  196.638714][   T53] bond1 (unregistering): Released all slaves
[  196.662095][ T6980] netlink: 'syz.1.291': attribute type 12 has an invalid length.
[  196.677553][ T6980] netlink: 'syz.1.291': attribute type 29 has an invalid length.
[  196.686328][ T6980] netlink: 148 bytes leftover after parsing attributes in process `syz.1.291'.
[  196.688366][ T6610] usb 1-1: device descriptor read/64, error -71
[  196.713387][ T6980] netlink: 'syz.1.291': attribute type 1 has an invalid length.
[  196.724749][ T6980] netlink: 'syz.1.291': attribute type 2 has an invalid length.
[  196.821482][ T6610] usb usb1-port1: attempt power cycle
[  196.963320][ T6986] netlink: 8 bytes leftover after parsing attributes in process `syz.4.293'.
[  197.269949][ T6587] usb 5-1: new low-speed USB device number 22 using dummy_hcd
[  197.471958][ T6610] usb 1-1: new high-speed USB device number 22 using dummy_hcd
[  197.518956][ T6610] usb 1-1: device descriptor read/8, error -71
[  197.701428][ T6587] usb 5-1: device descriptor read/64, error -71
[  197.715232][ T6992] IPVS: set_ctl: invalid protocol: 0 172.20.20.187:20004
[  197.770532][ T6610] usb 1-1: new high-speed USB device number 23 using dummy_hcd
[  197.821452][ T6610] usb 1-1: device descriptor read/8, error -71
[  197.939551][ T6610] usb usb1-port1: unable to enumerate USB device
[  197.952821][ T6587] usb 5-1: new low-speed USB device number 23 using dummy_hcd
[  197.994735][   T53] hsr_slave_0: left promiscuous mode
[  198.095466][ T6588] vhci_hcd: vhci_device speed not set
[  198.118198][   T53] hsr_slave_1: left promiscuous mode
[  198.143016][   T53] batman_adv: batadv0: Removing interface: dummy0
[  198.172444][ T6587] usb 5-1: device descriptor read/64, error -71
[  198.172641][   T53] batman_adv: batadv0: Removing interface: batadv_slave_0
[  198.198291][   T53] batman_adv: batadv0: Removing interface: batadv_slave_1
[  198.343372][ T5847] Bluetooth: hci1: command tx timeout
[  198.362949][ T6587] usb usb5-port1: attempt power cycle
[  198.759726][ T6587] usb 5-1: new low-speed USB device number 24 using dummy_hcd
[  198.790988][ T6587] usb 5-1: device descriptor read/8, error -71
[  199.084256][ T6587] usb 5-1: new low-speed USB device number 25 using dummy_hcd
[  199.142177][ T6587] usb 5-1: device descriptor read/8, error -71
[  199.257426][ T6587] usb usb5-port1: unable to enumerate USB device
[  200.422900][ T5847] Bluetooth: hci1: command tx timeout
[  200.440040][ T6588] usb 5-1: new high-speed USB device number 26 using dummy_hcd
[  200.528135][ T7024] loop8: detected capacity change from 0 to 4
[  200.544243][   T53] team0 (unregistering): Port device team_slave_1 removed
[  200.560687][ T7024]  loop8: [POWERTEC] p1 p2 p3 p4 p5 p6 p7 p8 p9 p10 p11
[  200.580036][ T7024] loop8: p1 start 1073741824 is beyond EOD, truncated
[  200.632208][ T7024] loop8: p2 start 4 is beyond EOD, truncated
[  200.650232][ T6588] usb 5-1: Using ep0 maxpacket: 8
[  200.705477][ T6588] usb 5-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid maxpacket 56832, setting to 1024
[  200.717130][ T6588] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 1024
[  200.736159][ T7024] loop8: p4 start 4 is beyond EOD, truncated
[  200.748122][ T7024] loop8: p6 start 1879048192 is beyond EOD, truncated
[  200.766111][ T6588] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  200.776755][ T7024] loop8: p7 start 4294967295 is beyond EOD, truncated
[  200.784543][ T6588] usb 5-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  200.798237][ T7024] loop8: p8 size 7 extends beyond EOD, truncated
[  200.807800][ T7024] loop8: p9 size 6 extends beyond EOD, truncated
[  200.816848][ T6588] usb 5-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  200.831736][ T7024] loop8: p10 start 149541451 is beyond EOD, truncated
[  200.839521][ T6588] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  200.852708][ T7024] loop8: p11 start 4207571694 is beyond EOD, truncated
[  200.949809][   T53] team0 (unregistering): Port device team_slave_0 removed
[  201.019753][ T5886] udevd[5886]: inotify_add_watch(7, /dev/loop8p3, 10) failed: No such file or directory
[  201.023172][ T5922] udevd[5922]: inotify_add_watch(7, /dev/loop8p9, 10) failed: No such file or directory
[  201.036705][ T5956] udevd[5956]: inotify_add_watch(7, /dev/loop8p8, 10) failed: No such file or directory
[  201.055140][ T6012] udevd[6012]: inotify_add_watch(7, /dev/loop8p5, 10) failed: No such file or directory
[  201.101479][ T6588] usb 5-1: GET_CAPABILITIES returned 0
[  201.107478][ T6588] usbtmc 5-1:16.0: can't read capabilities
[  201.364157][ T6609] usb 5-1: USB disconnect, device number 26
[  202.093845][ T6979] chnl_net:caif_netlink_parms(): no params data found
[  202.197358][ T7040] netlink: 76 bytes leftover after parsing attributes in process `syz.0.302'.
[  202.509100][ T5847] Bluetooth: hci1: command tx timeout
[  202.684338][ T7053] netlink: 4 bytes leftover after parsing attributes in process `syz.1.304'.
[  202.703625][ T7053] netlink: 4 bytes leftover after parsing attributes in process `syz.1.304'.
[  202.714950][ T7053] netlink: 4 bytes leftover after parsing attributes in process `syz.1.304'.
[  202.994459][ T7052] 8021q: adding VLAN 0 to HW filter on device bond2
[  203.023958][ T7052] bridge0: port 3(bond2) entered blocking state
[  203.034926][ T7052] bridge0: port 3(bond2) entered disabled state
[  203.177188][ T6588] usb 3-1: new high-speed USB device number 16 using dummy_hcd
[  203.360652][ T7052] bond2: entered allmulticast mode
[  203.409164][ T7052] bond2: entered promiscuous mode
[  203.456665][ T7052] bridge0: port 3(bond2) entered blocking state
[  203.463456][ T7052] bridge0: port 3(bond2) entered forwarding state
[  203.519991][ T6588] usb 3-1: config 1 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 2
[  203.554775][ T6588] usb 3-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40
[  203.579940][ T6588] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  203.644140][ T6588] usb 3-1: Product: syz
[  203.826486][ T6588] usb 3-1: Manufacturer: syz
[  203.862372][ T6588] usb 3-1: SerialNumber: syz
[  204.056378][ T1153] bridge0: port 3(bond2) entered disabled state
[  204.580117][ T5847] Bluetooth: hci1: command tx timeout
[  204.850298][ T6979] bridge0: port 1(bridge_slave_0) entered blocking state
[  204.884279][ T6979] bridge0: port 1(bridge_slave_0) entered disabled state
[  204.950358][ T6979] bridge_slave_0: entered allmulticast mode
[  205.041718][ T6979] bridge_slave_0: entered promiscuous mode
[  205.183389][ T6979] bridge0: port 2(bridge_slave_1) entered blocking state
[  205.196398][ T6979] bridge0: port 2(bridge_slave_1) entered disabled state
[  205.240864][ T6979] bridge_slave_1: entered allmulticast mode
[  205.308023][ T6979] bridge_slave_1: entered promiscuous mode
[  205.466158][ T7079] FAULT_INJECTION: forcing a failure.
[  205.466158][ T7079] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  205.505838][ T7079] CPU: 1 UID: 0 PID: 7079 Comm: syz.4.307 Not tainted 6.15.0-rc6-syzkaller-00025-g627277ba7c23 #0 PREEMPT(full) 
[  205.505869][ T7079] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  205.505878][ T7079] Call Trace:
[  205.505885][ T7079]  <TASK>
[  205.505892][ T7079]  dump_stack_lvl+0x189/0x250
[  205.505916][ T7079]  ? __lock_acquire+0xaac/0xd20
[  205.505939][ T7079]  ? __pfx_dump_stack_lvl+0x10/0x10
[  205.505960][ T7079]  ? __pfx__printk+0x10/0x10
[  205.505974][ T7079]  ? __might_fault+0xb0/0x130
[  205.506001][ T7079]  should_fail_ex+0x414/0x560
[  205.506020][ T7079]  _copy_from_iter+0x1db/0x15a0
[  205.506044][ T7079]  ? trace_kmem_cache_alloc+0x1f/0xc0
[  205.506061][ T7079]  ? kmem_cache_alloc_node_noprof+0x217/0x3c0
[  205.506081][ T7079]  ? __pfx__copy_from_iter+0x10/0x10
[  205.506100][ T7079]  ? __build_skb_around+0x257/0x3e0
[  205.506124][ T7079]  ? netlink_sendmsg+0x642/0xb30
[  205.506150][ T7079]  ? skb_put+0x11b/0x210
[  205.506180][ T7079]  netlink_sendmsg+0x6b2/0xb30
[  205.506214][ T7079]  ? __pfx_netlink_sendmsg+0x10/0x10
[  205.506242][ T7079]  ? __import_iovec+0x5d4/0x7f0
[  205.506261][ T7079]  ? aa_sock_msg_perm+0x94/0x160
[  205.506279][ T7079]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  205.506297][ T7079]  ? __pfx_netlink_sendmsg+0x10/0x10
[  205.506315][ T7079]  __sock_sendmsg+0x21c/0x270
[  205.506332][ T7079]  ____sys_sendmsg+0x505/0x830
[  205.506356][ T7079]  ? __pfx_____sys_sendmsg+0x10/0x10
[  205.506388][ T7079]  ___sys_sendmsg+0x21f/0x2a0
[  205.506410][ T7079]  ? __pfx____sys_sendmsg+0x10/0x10
[  205.506456][ T7079]  ? __fget_files+0x2a/0x420
[  205.506475][ T7079]  ? __fget_files+0x3a0/0x420
[  205.506503][ T7079]  __sys_sendmsg+0x164/0x220
[  205.506525][ T7079]  ? __pfx___sys_sendmsg+0x10/0x10
[  205.506556][ T7079]  ? syscall_enter_from_user_mode_prepare+0x7f/0xe0
[  205.506576][ T7079]  ? lockdep_hardirqs_on+0x9c/0x150
[  205.506595][ T7079]  __do_fast_syscall_32+0xb4/0x110
[  205.506615][ T7079]  ? lockdep_hardirqs_on+0x9c/0x150
[  205.506635][ T7079]  do_fast_syscall_32+0x34/0x80
[  205.506654][ T7079]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  205.506681][ T7079] RIP: 0023:0xf70ae539
[  205.506698][ T7079] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
[  205.506716][ T7079] RSP: 002b:00000000f509e55c EFLAGS: 00000206 ORIG_RAX: 0000000000000172
[  205.506738][ T7079] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000800000c0
[  205.506760][ T7079] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  205.506768][ T7079] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  205.506776][ T7079] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[  205.506785][ T7079] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  205.506805][ T7079]  </TASK>
[  206.127021][ T6979] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  206.157691][ T6979] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  206.243226][ T6610] usb 3-1: USB disconnect, device number 16
[  206.519347][ T6587] usb 5-1: new high-speed USB device number 27 using dummy_hcd
[  206.602510][ T7098] netlink: 'syz.2.312': attribute type 8 has an invalid length.
[  206.649343][ T7098] SET target dimension over the limit!
[  206.680066][ T6587] usb 5-1: Using ep0 maxpacket: 8
[  206.688035][ T6587] usb 5-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid maxpacket 56832, setting to 1024
[  206.691389][ T6979] team0: Port device team_slave_0 added
[  206.729240][ T6979] team0: Port device team_slave_1 added
[  206.738189][ T6587] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 1024
[  206.753287][ T6587] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  206.782308][ T6587] usb 5-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  206.808879][ T6587] usb 5-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  206.847248][ T6587] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  207.008675][ T6979] batman_adv: batadv0: Adding interface: batadv_slave_0
[  207.019444][ T6979] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  207.055519][ T6979] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  207.135098][ T6587] usb 5-1: usb_control_msg returned -71
[  207.146536][ T6587] usbtmc 5-1:16.0: can't read capabilities
[  207.166069][ T6979] batman_adv: batadv0: Adding interface: batadv_slave_1
[  207.173920][ T6587] usb 5-1: USB disconnect, device number 27
[  207.321165][ T6979] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  207.353714][ T6979] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  207.693394][ T6979] hsr_slave_0: entered promiscuous mode
[  207.721857][ T6979] hsr_slave_1: entered promiscuous mode
[  207.744741][ T6979] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  207.770556][ T6979] Cannot create hsr debugfs directory
[  207.913098][ T7108] loop8: detected capacity change from 0 to 4
[  207.946270][ T7108] Dev loop8: unable to read RDB block 4
[  207.968520][ T7108]  loop8: unable to read partition table
[  208.050685][ T7108] loop8: partition table beyond EOD, truncated
[  208.061813][ T7110] FAULT_INJECTION: forcing a failure.
[  208.061813][ T7110] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  208.080154][ T7108] loop_reread_partitions: partition scan of loop8 (�被x������ڬ��dƤ����ݡ�����
[  208.080154][ T7108] 
) failed (rc=-5)
[  208.110381][ T7110] CPU: 1 UID: 0 PID: 7110 Comm: syz.1.315 Not tainted 6.15.0-rc6-syzkaller-00025-g627277ba7c23 #0 PREEMPT(full) 
[  208.110412][ T7110] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  208.110424][ T7110] Call Trace:
[  208.110433][ T7110]  <TASK>
[  208.110441][ T7110]  dump_stack_lvl+0x189/0x250
[  208.110479][ T7110]  ? __pfx_dump_stack_lvl+0x10/0x10
[  208.110509][ T7110]  ? __pfx__printk+0x10/0x10
[  208.110543][ T7110]  should_fail_ex+0x414/0x560
[  208.110571][ T7110]  _copy_to_user+0x31/0xb0
[  208.110603][ T7110]  simple_read_from_buffer+0xe1/0x170
[  208.110634][ T7110]  proc_fail_nth_read+0x1df/0x250
[  208.110668][ T7110]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  208.110701][ T7110]  ? rw_verify_area+0x258/0x650
[  208.110723][ T7110]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  208.110753][ T7110]  vfs_read+0x1fd/0x980
[  208.110782][ T7110]  ? __pfx___mutex_lock+0x10/0x10
[  208.110810][ T7110]  ? __pfx_vfs_read+0x10/0x10
[  208.110835][ T7110]  ? __fget_files+0x2a/0x420
[  208.110867][ T7110]  ? __fget_files+0x3a0/0x420
[  208.110892][ T7110]  ? __fget_files+0x2a/0x420
[  208.110927][ T7110]  ksys_read+0x145/0x250
[  208.110954][ T7110]  ? __pfx_ksys_read+0x10/0x10
[  208.110980][ T7110]  ? syscall_enter_from_user_mode_prepare+0x7f/0xe0
[  208.111008][ T7110]  ? lockdep_hardirqs_on+0x9c/0x150
[  208.111036][ T7110]  __do_fast_syscall_32+0xb4/0x110
[  208.111064][ T7110]  ? lockdep_hardirqs_on+0x9c/0x150
[  208.111093][ T7110]  do_fast_syscall_32+0x34/0x80
[  208.111119][ T7110]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  208.111143][ T7110] RIP: 0023:0xf7f81539
[  208.111160][ T7110] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
[  208.111178][ T7110] RSP: 002b:00000000f50a6590 EFLAGS: 00000206 ORIG_RAX: 0000000000000003
[  208.111198][ T7110] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00000000f50a6620
[  208.111221][ T7110] RDX: 000000000000000f RSI: 00000000f7412ff4 RDI: 0000000000000000
[  208.111233][ T7110] RBP: 0000000000000001 R08: 0000000000000000 R09: 0000000000000000
[  208.111245][ T7110] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[  208.111257][ T7110] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  208.111288][ T7110]  </TASK>
[  208.758644][ T7120] openvswitch: netlink: IPv4 tunnel dst address is zero
[  209.245880][ T6979] netdevsim netdevsim5 netdevsim0: renamed from eth0
[  209.255615][ T7126] futex_wake_op: syz.0.319 tries to shift op by 144; fix this program
[  209.313787][ T6979] netdevsim netdevsim5 netdevsim1: renamed from eth1
[  209.375295][ T6979] netdevsim netdevsim5 netdevsim2: renamed from eth2
[  209.449063][ T6979] netdevsim netdevsim5 netdevsim3: renamed from eth3
[  209.764496][ T6979] 8021q: adding VLAN 0 to HW filter on device bond0
[  209.776383][ T7145] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  209.799457][ T7145] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  209.808292][ T6609] usb 2-1: new high-speed USB device number 13 using dummy_hcd
[  209.850980][ T6610] usb 5-1: new full-speed USB device number 28 using dummy_hcd
[  209.884241][ T6979] 8021q: adding VLAN 0 to HW filter on device team0
[  209.921569][   T62] bridge0: port 1(bridge_slave_0) entered blocking state
[  209.929510][   T62] bridge0: port 1(bridge_slave_0) entered forwarding state
[  209.970972][ T6609] usb 2-1: Using ep0 maxpacket: 8
[  209.985195][ T6609] usb 2-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid maxpacket 56832, setting to 1024
[  210.001505][   T53] bridge0: port 2(bridge_slave_1) entered blocking state
[  210.009200][   T53] bridge0: port 2(bridge_slave_1) entered forwarding state
[  210.030579][ T6610] usb 5-1: config 0 has an invalid interface number: 41 but max is 0
[  210.039158][ T6609] usb 2-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 1024
[  210.053846][ T6610] usb 5-1: config 0 has no interface number 0
[  210.075417][ T6610] usb 5-1: config 0 interface 41 has no altsetting 0
[  210.104746][ T6609] usb 2-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  210.133337][ T6610] usb 5-1: New USB device found, idVendor=0fe6, idProduct=9800, bcdDevice=d1.9a
[  210.164351][ T6609] usb 2-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  210.181982][ T6610] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  210.196375][ T6610] usb 5-1: Product: syz
[  210.203258][ T6610] usb 5-1: Manufacturer: syz
[  210.210574][ T6610] usb 5-1: SerialNumber: syz
[  210.216579][ T6609] usb 2-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  210.235314][ T6610] usb 5-1: config 0 descriptor??
[  210.247336][ T6609] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  210.263095][ T6979] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  210.426116][ T6979] 8021q: adding VLAN 0 to HW filter on device batadv0
[  210.498579][ T6609] usb 2-1: usb_control_msg returned -71
[  210.521898][ T6609] usbtmc 2-1:16.0: can't read capabilities
[  210.578106][ T7153] loop6: detected capacity change from 0 to 524287999
[  210.598766][ T6609] usb 2-1: USB disconnect, device number 13
[  210.686057][ T6979] veth0_vlan: entered promiscuous mode
[  210.909313][ T6979] veth1_vlan: entered promiscuous mode
[  211.077712][ T6610] CoreChips 5-1:0.41 (unnamed net_device) (uninitialized): sr_get_phy_addr : Error reading PHYID register:ffffffe0
[  211.104891][ T6979] veth0_macvtap: entered promiscuous mode
[  211.175233][ T6979] veth1_macvtap: entered promiscuous mode
[  211.275828][ T6979] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  211.307469][ T6979] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  211.356673][ T6979] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  211.489114][ T6979] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  211.508455][ T6979] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  211.535011][ T6979] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  211.565723][ T6979] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  211.586183][ T6979] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  211.598770][ T6979] batman_adv: batadv0: Interface activated: batadv_slave_0
[  211.654562][ T6979] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  211.667596][ T6979] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  211.719196][ T7178] usb usb8: usbfs: process 7178 (syz.1.330) did not claim interface 0 before use
[  211.741004][ T6979] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  211.758643][ T6979] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  211.794099][ T6979] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  211.823746][ T6979] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  211.875099][ T6979] batman_adv: batadv0: Interface activated: batadv_slave_1
[  211.925366][ T6979] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  211.939079][ T6979] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  211.954158][ T6979] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  211.963802][ T6979] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  211.980576][ T6609] usb 2-1: new high-speed USB device number 14 using dummy_hcd
[  212.201042][ T6609] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  212.254241][ T6609] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 3
[  212.389687][ T3032] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  212.400785][ T6610] CoreChips 5-1:0.41 (unnamed net_device) (uninitialized): Failed to send software reset:ffffffb9
[  212.431232][ T6610] CoreChips 5-1:0.41 (unnamed net_device) (uninitialized): Failed to reset PHY: -71
[  212.462739][ T6610] CoreChips 5-1:0.41: probe with driver CoreChips failed with error -71
[  212.490109][ T3032] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  212.597149][ T6610] usb 5-1: USB disconnect, device number 28
[  212.680574][ T6609] usb 2-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00
[  212.741640][ T6609] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3
[  212.748397][   T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  212.785067][   T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  212.815511][ T6609] usb 2-1: SerialNumber: syz
[  213.500958][ T6610] usb 1-1: new high-speed USB device number 24 using dummy_hcd
[  213.608641][   T30] kauditd_printk_skb: 24 callbacks suppressed
[  213.608661][   T30] audit: type=1326 audit(1747115926.392:115): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7184 comm="syz.4.332" exe="/root/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf70ae539 code=0x0
[  213.659096][ T7187] netlink: 'syz.5.281': attribute type 10 has an invalid length.
[  213.681125][ T7178] netlink: 20 bytes leftover after parsing attributes in process `syz.1.330'.
[  213.704207][ T6610] usb 1-1: Using ep0 maxpacket: 32
[  213.764455][ T6610] usb 1-1: config 0 interface 0 altsetting 128 has 1 endpoint descriptor, different from the interface descriptor's value: 5
[  213.824488][ T7190] netlink: 4 bytes leftover after parsing attributes in process `syz.5.281'.
[  213.842681][ T6610] usb 1-1: config 0 interface 0 has no altsetting 0
[  213.859665][ T6610] usb 1-1: New USB device found, idVendor=0458, idProduct=0138, bcdDevice= 0.00
[  213.883628][ T7187] 8021q: adding VLAN 0 to HW filter on device bond0
[  213.892392][ T6610] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  213.905419][ T7187] team0: Port device bond0 added
[  213.916012][ T6610] usb 1-1: config 0 descriptor??
[  214.867066][ T6610] usbhid 1-1:0.0: can't add hid device: -71
[  214.877078][ T6610] usbhid 1-1:0.0: probe with driver usbhid failed with error -71
[  214.975705][ T6609] usb 2-1: 0:2 : does not exist
[  215.027149][ T6610] usb 1-1: USB disconnect, device number 24
[  215.079344][ T7212] IPVS: set_ctl: invalid protocol: 0 172.20.20.187:100
[  215.487304][ T5844] usb 6-1: new high-speed USB device number 2 using dummy_hcd
[  215.515854][ T6609] usb 2-1: USB disconnect, device number 14
[  215.660017][ T5844] usb 6-1: device descriptor read/64, error -71
[  215.842058][ T5886] udevd[5886]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  215.930575][ T5844] usb 6-1: new high-speed USB device number 3 using dummy_hcd
[  216.050593][ T6609] usb 2-1: new high-speed USB device number 15 using dummy_hcd
[  216.130144][ T5844] usb 6-1: device descriptor read/64, error -71
[  216.295338][ T6609] usb 2-1: Using ep0 maxpacket: 16
[  216.300848][ T6609] usb 2-1: config 0 has no interfaces?
[  216.305369][ T6609] usb 2-1: New USB device found, idVendor=05d1, idProduct=2001, bcdDevice= 6.00
[  216.305395][ T6609] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  216.305412][ T6609] usb 2-1: Product: syz
[  216.305423][ T6609] usb 2-1: Manufacturer: syz
[  216.305435][ T6609] usb 2-1: SerialNumber: syz
[  216.307723][ T6609] usb 2-1: config 0 descriptor??
[  216.325013][ T5844] usb usb6-port1: attempt power cycle
[  216.697207][ T6587] usb 1-1: new high-speed USB device number 25 using dummy_hcd
[  216.711143][ T5844] usb 6-1: new high-speed USB device number 4 using dummy_hcd
[  216.732776][ T5844] usb 6-1: device descriptor read/8, error -71
[  216.998620][ T6587] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  217.009706][ T6587] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  217.017939][ T6587] usb 1-1: Product: syz
[  217.022347][ T5844] usb 6-1: new high-speed USB device number 5 using dummy_hcd
[  217.030835][ T6587] usb 1-1: Manufacturer: syz
[  217.035575][ T6587] usb 1-1: SerialNumber: syz
[  217.049962][ T6588] usb 3-1: new low-speed USB device number 18 using dummy_hcd
[  217.077008][ T5844] usb 6-1: device descriptor read/8, error -71
[  217.236474][ T5844] usb usb6-port1: unable to enumerate USB device
[  217.294676][ T6588] usb 3-1: device descriptor read/64, error -71
[  217.580030][ T6588] usb 3-1: new low-speed USB device number 19 using dummy_hcd
[  217.910707][ T6588] usb 3-1: device descriptor read/64, error -71
[  218.021907][ T6588] usb usb3-port1: attempt power cycle
[  218.338502][ T6587] cdc_ncm 1-1:1.0: MAC-Address: 42:42:42:42:42:42
[  218.353962][ T6587] cdc_ncm 1-1:1.0: setting rx_max = 16384
[  218.386244][ T6588] usb 3-1: new low-speed USB device number 20 using dummy_hcd
[  218.455098][ T6588] usb 3-1: device descriptor read/8, error -71
[  218.541237][ T6587] cdc_ncm 1-1:1.0: setting tx_max = 16384
[  218.616194][ T6591] usb 2-1: USB disconnect, device number 15
[  218.661199][ T5844] usb 6-1: new high-speed USB device number 6 using dummy_hcd
[  218.700546][ T6588] usb 3-1: new low-speed USB device number 21 using dummy_hcd
[  218.722905][ T6587] cdc_ncm 1-1:1.0 usb0: register 'cdc_ncm' at usb-dummy_hcd.0-1, CDC NCM (NO ZLP), 42:42:42:42:42:42
[  218.742121][ T6587] usb 1-1: USB disconnect, device number 25
[  218.761734][ T6588] usb 3-1: device descriptor read/8, error -71
[  218.794483][ T6587] cdc_ncm 1-1:1.0 usb0: unregister 'cdc_ncm' usb-dummy_hcd.0-1, CDC NCM (NO ZLP)
[  218.842490][ T5844] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  218.880795][ T5844] usb 6-1: config 0 interface 0 has no altsetting 0
[  218.890746][ T6588] usb usb3-port1: unable to enumerate USB device
[  218.913811][ T5844] usb 6-1: New USB device found, idVendor=10fd, idProduct=1513, bcdDevice=7e.ce
[  218.935534][ T5844] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  218.954736][ T7250] bond0: option arp_interval: invalid value (18446744071562069632)
[  218.971738][ T5844] usb 6-1: Product: syz
[  218.998370][ T7250] bond0: option arp_interval: allowed values 0 - 2147483647
[  219.007857][ T5844] usb 6-1: Manufacturer: syz
[  219.027075][ T5844] usb 6-1: SerialNumber: syz
[  219.054172][ T5844] usb 6-1: config 0 descriptor??
[  219.083427][ T5844] dvb-usb: found a 'MSI DIGI VOX mini II DVB-T USB2.0' in warm state.
[  219.112664][ T5844] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer.
[  219.138036][ T5844] dvbdev: DVB: registering new adapter (MSI DIGI VOX mini II DVB-T USB2.0)
[  219.162385][ T5844] usb 6-1: media controller created
[  219.240411][ T6588] usb 2-1: new high-speed USB device number 16 using dummy_hcd
[  219.243263][ T7255] netlink: 'syz.0.345': attribute type 10 has an invalid length.
[  219.259261][ T7255] netlink: 4 bytes leftover after parsing attributes in process `syz.0.345'.
[  219.276626][ T5844] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  219.420366][ T6588] usb 2-1: Using ep0 maxpacket: 16
[  219.430645][ T6588] usb 2-1: unable to read config index 0 descriptor/start: -61
[  219.438622][ T6588] usb 2-1: can't read configurations, error -61
[  219.474360][ T5844] DVB: Unable to find symbol tda10046_attach()
[  219.483034][ T5844] dvb-usb: no frontend was attached by 'MSI DIGI VOX mini II DVB-T USB2.0'
[  219.492822][ T5844] dvb-usb: MSI DIGI VOX mini II DVB-T USB2.0 successfully initialized and connected.
[  219.650818][ T6588] usb 2-1: new high-speed USB device number 17 using dummy_hcd
[  219.824323][ T6588] usb 2-1: Using ep0 maxpacket: 16
[  219.841579][ T6590] usb 5-1: new high-speed USB device number 29 using dummy_hcd
[  219.938817][ T6588] usb 2-1: unable to read config index 0 descriptor/start: -61
[  219.967934][ T6588] usb 2-1: can't read configurations, error -61
[  220.000385][ T6588] usb usb2-port1: attempt power cycle
[  220.142488][ T6590] usb 5-1: Using ep0 maxpacket: 8
[  220.202861][ T6590] usb 5-1: New USB device found, idVendor=0c45, idProduct=613e, bcdDevice=c4.6d
[  220.224038][ T6590] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  220.271615][ T6590] usb 5-1: Product: syz
[  220.295696][ T6590] usb 5-1: Manufacturer: syz
[  220.309288][ T6590] usb 5-1: SerialNumber: syz
[  220.326060][ T6590] usb 5-1: config 0 descriptor??
[  220.346259][ T6590] gspca_main: sonixj-2.14.0 probing 0c45:613e
[  220.415974][ T6588] usb 2-1: new high-speed USB device number 18 using dummy_hcd
[  220.478159][ T5844] dvb_usb_m920x 6-1:0.0: probe with driver dvb_usb_m920x failed with error -71
[  220.508339][ T5844] usb 6-1: USB disconnect, device number 6
[  220.554349][ T6588] usb 2-1: Using ep0 maxpacket: 16
[  220.622490][ T6588] usb 2-1: unable to read config index 0 descriptor/start: -61
[  220.632841][ T7259] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  220.650100][ T6588] usb 2-1: can't read configurations, error -61
[  220.684696][ T7259] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  220.818969][ T6588] usb 2-1: new high-speed USB device number 19 using dummy_hcd
[  220.820654][ T6609] usb 3-1: new high-speed USB device number 22 using dummy_hcd
[  220.884003][ T6590] gspca_sonixj: reg_w1 err -110
[  220.910139][ T6590] sonixj 5-1:0.0: probe with driver sonixj failed with error -110
[  220.936597][ T6588] usb 2-1: Using ep0 maxpacket: 16
[  220.945871][ T7266] netlink: 4 bytes leftover after parsing attributes in process `syz.4.346'.
[  220.968585][ T6588] usb 2-1: unable to read config index 0 descriptor/start: -61
[  220.997126][ T7282] netlink: 4 bytes leftover after parsing attributes in process `syz.0.350'.
[  221.028520][ T6588] usb 2-1: can't read configurations, error -61
[  221.057738][ T6588] usb usb2-port1: unable to enumerate USB device
[  221.207847][ T6609] usb 3-1: config 1 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 2
[  221.295500][ T6609] usb 3-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40
[  221.306124][ T6609] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  221.364294][ T6609] usb 3-1: Product: syz
[  221.425520][ T6609] usb 3-1: Manufacturer: syz
[  221.448126][ T6609] usb 3-1: SerialNumber: syz
[  222.189729][ T5845] Bluetooth: hci4: command 0x0406 tx timeout
[  222.197177][ T5845] Bluetooth: hci2: command 0x0406 tx timeout
[  222.207693][ T5845] Bluetooth: hci0: command 0x0406 tx timeout
[  222.216535][ T5843] Bluetooth: hci3: command 0x0406 tx timeout
[  222.313078][ T6590] usb 1-1: new high-speed USB device number 26 using dummy_hcd
[  222.630572][ T6590] usb 1-1: Using ep0 maxpacket: 32
[  222.645003][ T6590] usb 1-1: New USB device found, idVendor=0ac8, idProduct=0321, bcdDevice=6f.be
[  222.685399][ T6590] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  222.744825][ T6590] usb 1-1: config 0 descriptor??
[  222.796613][ T6590] gspca_main: vc032x-2.14.0 probing 0ac8:0321
[  222.894935][ T7312] netlink: 'syz.1.357': attribute type 10 has an invalid length.
[  222.903930][ T7312] netlink: 4 bytes leftover after parsing attributes in process `syz.1.357'.
[  223.716445][ T6588] usb 5-1: USB disconnect, device number 29
[  224.032410][ T7326] netlink: 8 bytes leftover after parsing attributes in process `syz.1.359'.
[  224.386236][ T6587] usb 3-1: USB disconnect, device number 22
[  224.599138][ T7295] bond0: option arp_interval: invalid value (18446744071562069632)
[  224.622563][ T7295] bond0: option arp_interval: allowed values 0 - 2147483647
[  224.667444][ T6590] gspca_vc032x: reg_w err -71
[  224.672314][ T6590] gspca_vc032x: I2c Bus Busy Wait 00
[  224.677704][ T6590] gspca_vc032x: I2c Bus Busy Wait 00
[  224.683397][ T6590] gspca_vc032x: I2c Bus Busy Wait 00
[  224.690402][ T6590] gspca_vc032x: I2c Bus Busy Wait 00
[  224.697404][ T6590] gspca_vc032x: I2c Bus Busy Wait 00
[  224.718617][ T6590] gspca_vc032x: I2c Bus Busy Wait 00
[  224.725794][ T6590] gspca_vc032x: I2c Bus Busy Wait 00
[  224.731913][ T6590] gspca_vc032x: I2c Bus Busy Wait 00
[  224.737424][ T6590] gspca_vc032x: I2c Bus Busy Wait 00
[  224.748089][ T6590] gspca_vc032x: I2c Bus Busy Wait 00
[  224.755585][ T6590] gspca_vc032x: I2c Bus Busy Wait 00
[  224.770255][ T6590] gspca_vc032x: I2c Bus Busy Wait 00
[  224.775715][ T6590] gspca_vc032x: I2c Bus Busy Wait 00
[  224.796161][ T6590] gspca_vc032x: I2c Bus Busy Wait 00
[  224.869463][ T6590] gspca_vc032x: I2c Bus Busy Wait 00
[  224.883736][ T6590] gspca_vc032x: I2c Bus Busy Wait 00
[  224.908294][ T6590] gspca_vc032x: I2c Bus Busy Wait 00
[  224.928618][ T6590] gspca_vc032x: I2c Bus Busy Wait 00
[  224.953709][ T6590] gspca_vc032x: Unknown sensor...
[  224.979386][ T6590] vc032x 1-1:0.0: probe with driver vc032x failed with error -22
[  225.019432][ T6590] usb 1-1: USB disconnect, device number 26
[  225.133616][   T30] audit: type=1326 audit(1747115937.902:116): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7332 comm="syz.2.362" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf703e539 code=0x7ffc0000
[  225.155900][    C1] vkms_vblank_simulate: vblank timer overrun
[  225.161466][ T7336] x_tables: ip6_tables: recent.0 match: invalid size 216 (kernel) != (user) 232
[  225.290234][   T30] audit: type=1326 audit(1747115937.902:117): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7332 comm="syz.2.362" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf703e539 code=0x7ffc0000
[  225.321090][ T7336] netlink: 20 bytes leftover after parsing attributes in process `syz.4.361'.
[  225.340280][ T7336] openvswitch: netlink: Flow set message rejected, Key attribute missing.
[  225.790642][   T30] audit: type=1326 audit(1747115937.902:118): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7332 comm="syz.2.362" exe="/root/syz-executor" sig=0 arch=40000003 syscall=433 compat=1 ip=0xf703e539 code=0x7ffc0000
[  226.029945][   T30] audit: type=1326 audit(1747115937.902:119): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7332 comm="syz.2.362" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf703e539 code=0x7ffc0000
[  226.157295][   T30] audit: type=1326 audit(1747115937.902:120): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7332 comm="syz.2.362" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf703e539 code=0x7ffc0000
[  226.318234][   T30] audit: type=1326 audit(1747115937.922:121): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7332 comm="syz.2.362" exe="/root/syz-executor" sig=0 arch=40000003 syscall=362 compat=1 ip=0xf703e539 code=0x7ffc0000
[  226.340375][    C1] vkms_vblank_simulate: vblank timer overrun
[  226.519954][   T30] audit: type=1326 audit(1747115937.922:122): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7332 comm="syz.2.362" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf703e539 code=0x7ffc0000
[  226.541996][    C1] vkms_vblank_simulate: vblank timer overrun
[  226.662314][   T30] audit: type=1326 audit(1747115937.922:123): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7332 comm="syz.2.362" exe="/root/syz-executor" sig=0 arch=40000003 syscall=345 compat=1 ip=0xf703e539 code=0x7ffc0000
[  227.076923][ T7364] netlink: 'syz.1.369': attribute type 10 has an invalid length.
[  227.111640][ T7364] netlink: 4 bytes leftover after parsing attributes in process `syz.1.369'.
[  227.709984][ T6590] usb 3-1: new high-speed USB device number 23 using dummy_hcd
[  227.880335][ T6590] usb 3-1: Using ep0 maxpacket: 16
[  227.893677][ T6590] usb 3-1: config 0 has an invalid interface number: 1 but max is 0
[  227.910051][ T6590] usb 3-1: config 0 has no interface number 0
[  227.932741][ T6590] usb 3-1: New USB device found, idVendor=04fc, idProduct=1528, bcdDevice=6d.5d
[  227.968046][ T6590] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  227.984772][ T6590] usb 3-1: Product: syz
[  227.989265][ T6590] usb 3-1: Manufacturer: syz
[  228.005763][ T5844] usb 6-1: new high-speed USB device number 7 using dummy_hcd
[  228.021207][ T6590] usb 3-1: SerialNumber: syz
[  228.051016][ T6590] usb 3-1: config 0 descriptor??
[  228.071397][ T6590] gspca_main: spca1528-2.14.0 probing 04fc:1528
[  228.162805][ T5844] usb 6-1: device descriptor read/64, error -71
[  228.428946][ T5844] usb 6-1: new high-speed USB device number 8 using dummy_hcd
[  228.480893][ T6590] gspca_spca1528: reg_w err -71
[  228.501474][ T6590] spca1528 3-1:0.1: probe with driver spca1528 failed with error -71
[  228.531973][ T6590] usb 3-1: USB disconnect, device number 23
[  228.580344][ T5844] usb 6-1: device descriptor read/64, error -71
[  228.690350][ T5844] usb usb6-port1: attempt power cycle
[  228.831556][ T7413] usb usb8: usbfs: process 7413 (syz.0.379) did not claim interface 0 before use
[  229.050104][ T5844] usb 6-1: new high-speed USB device number 9 using dummy_hcd
[  229.110847][ T5844] usb 6-1: device descriptor read/8, error -71
[  229.140122][ T6590] usb 1-1: new high-speed USB device number 27 using dummy_hcd
[  229.276944][ T7422] netlink: 'syz.1.383': attribute type 10 has an invalid length.
[  229.324223][ T7422] netlink: 4 bytes leftover after parsing attributes in process `syz.1.383'.
[  229.339601][ T6590] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  229.358747][ T6590] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 3
[  229.368734][ T5844] usb 6-1: new high-speed USB device number 10 using dummy_hcd
[  229.386665][ T6590] usb 1-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00
[  229.405510][ T6590] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3
[  229.414442][ T5844] usb 6-1: device descriptor read/8, error -71
[  229.424559][ T6590] usb 1-1: SerialNumber: syz
[  229.530715][ T5844] usb usb6-port1: unable to enumerate USB device
[  229.664415][ T7432] usb usb8: usbfs: process 7432 (syz.2.384) did not claim interface 0 before use
[  229.798981][ T7434] netlink: 20 bytes leftover after parsing attributes in process `syz.0.379'.
[  230.206202][ T5844] usb 3-1: new high-speed USB device number 24 using dummy_hcd
[  230.434376][ T7438] xt_policy: input policy not valid in POSTROUTING and OUTPUT
[  230.758133][ T5844] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  230.769174][ T5844] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 3
[  230.791055][ T5844] usb 3-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00
[  230.800316][ T5844] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3
[  230.817394][ T5844] usb 3-1: SerialNumber: syz
[  231.280876][ T7445] netlink: 20 bytes leftover after parsing attributes in process `syz.2.384'.
[  232.033862][ T6590] usb 1-1: 0:2 : does not exist
[  232.157146][ T6590] usb 1-1: USB disconnect, device number 27
[  232.334083][ T6012] udevd[6012]: error opening ATTR{/sys/devices/platform/dummy_hcd.0/usb1/1-1/1-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  233.190086][ T6591] usb 1-1: new high-speed USB device number 28 using dummy_hcd
[  233.442799][ T6591] usb 1-1: config 0 has no interfaces?
[  233.514941][ T5844] usb 3-1: 0:2 : does not exist
[  233.613268][ T6591] usb 1-1: New USB device found, idVendor=091e, idProduct=0003, bcdDevice=d7.3b
[  233.622870][ T6591] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  233.640323][ T5844] usb 3-1: USB disconnect, device number 24
[  233.678507][ T6591] usb 1-1: Product: syz
[  233.709034][ T6591] usb 1-1: Manufacturer: syz
[  233.736136][ T6591] usb 1-1: SerialNumber: syz
[  233.741209][ T7475] netlink: 'syz.2.396': attribute type 10 has an invalid length.
[  233.755959][ T7477] netlink: 8 bytes leftover after parsing attributes in process `syz.1.395'.
[  233.776671][ T7475] netlink: 4 bytes leftover after parsing attributes in process `syz.2.396'.
[  233.790136][ T6591] usb 1-1: config 0 descriptor??
[  233.820129][ T7477] openvswitch: netlink: nsh attribute has 65532 unknown bytes.
[  233.827891][ T7477] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  233.844264][ T5886] udevd[5886]: error opening ATTR{/sys/devices/platform/dummy_hcd.2/usb3/3-1/3-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  234.310546][ T6604] usb 6-1: new high-speed USB device number 11 using dummy_hcd
[  234.685038][ T6604] usb 6-1: config 0 has no interfaces?
[  234.711982][ T6604] usb 6-1: New USB device found, idVendor=091e, idProduct=0003, bcdDevice=d7.3b
[  234.729397][ T6604] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  234.747405][ T6604] usb 6-1: Product: syz
[  234.807811][ T6604] usb 6-1: Manufacturer: syz
[  234.850552][ T6604] usb 6-1: SerialNumber: syz
[  234.903731][ T6604] usb 6-1: config 0 descriptor??
[  235.783875][ T6604] usb 1-1: USB disconnect, device number 28
[  235.949418][ T7513] veth0_macvtap: entered allmulticast mode
[  237.430853][ T6605] usb 5-1: new high-speed USB device number 30 using dummy_hcd
[  237.628974][ T6605] usb 5-1: config 0 has an invalid interface number: 148 but max is 0
[  237.644533][ T6605] usb 5-1: config 0 has no interface number 0
[  237.707128][ T6605] usb 5-1: config 0 interface 148 has no altsetting 0
[  237.769614][ T6605] usb 5-1: New USB device found, idVendor=0403, idProduct=f06a, bcdDevice=12.d9
[  237.819756][ T6605] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  237.963473][ T6605] usb 5-1: Product: syz
[  237.967725][ T6605] usb 5-1: Manufacturer: syz
[  237.990493][ T6605] usb 5-1: SerialNumber: syz
[  238.026856][ T6605] usb 5-1: config 0 descriptor??
[  238.031248][ T5844] usb 6-1: USB disconnect, device number 11
[  238.351644][ T7530] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  238.364173][ T7530] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  238.554360][ T7539] FAULT_INJECTION: forcing a failure.
[  238.554360][ T7539] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  238.616882][ T7539] CPU: 0 UID: 0 PID: 7539 Comm: syz.1.408 Not tainted 6.15.0-rc6-syzkaller-00025-g627277ba7c23 #0 PREEMPT(full) 
[  238.616907][ T7539] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  238.616920][ T7539] Call Trace:
[  238.616926][ T7539]  <TASK>
[  238.616934][ T7539]  dump_stack_lvl+0x189/0x250
[  238.616961][ T7539]  ? __lock_acquire+0xaac/0xd20
[  238.616984][ T7539]  ? __pfx_dump_stack_lvl+0x10/0x10
[  238.617005][ T7539]  ? __pfx__printk+0x10/0x10
[  238.617019][ T7539]  ? __might_fault+0xb0/0x130
[  238.617047][ T7539]  should_fail_ex+0x414/0x560
[  238.617066][ T7539]  _copy_from_user+0x2d/0xb0
[  238.617088][ T7539]  copy_uabi_to_xstate+0x397/0x970
[  238.617109][ T7539]  ? __pfx_copy_uabi_to_xstate+0x10/0x10
[  238.617123][ T7539]  ? __local_bh_enable_ip+0x12d/0x1c0
[  238.617141][ T7539]  ? __pfx___local_bh_enable_ip+0x10/0x10
[  238.617163][ T7539]  fpu__restore_sig+0xf1b/0x10a0
[  238.617177][ T7539]  ? fpu__restore_sig+0xa05/0x10a0
[  238.617192][ T7539]  ? __lock_acquire+0xaac/0xd20
[  238.617214][ T7539]  ? __pfx_fpu__restore_sig+0x10/0x10
[  238.617255][ T7539]  ia32_restore_sigcontext+0x449/0x5b0
[  238.617278][ T7539]  ? __pfx_ia32_restore_sigcontext+0x10/0x10
[  238.617296][ T7539]  ? _raw_spin_lock_irq+0xae/0xf0
[  238.617312][ T7539]  ? __pfx__raw_spin_lock_irq+0x10/0x10
[  238.617337][ T7539]  ? _raw_spin_unlock_irq+0x23/0x50
[  238.617352][ T7539]  ? lockdep_hardirqs_on+0x9c/0x150
[  238.617372][ T7539]  __ia32_compat_sys_rt_sigreturn+0x140/0x200
[  238.617393][ T7539]  ? __pfx___ia32_compat_sys_rt_sigreturn+0x10/0x10
[  238.617414][ T7539]  ? do_int80_emulation+0xe8/0x200
[  238.617437][ T7539]  do_int80_emulation+0x11f/0x200
[  238.617456][ T7539]  ? clear_bhb_loop+0x60/0xb0
[  238.617470][ T7539]  ? clear_bhb_loop+0x60/0xb0
[  238.617487][ T7539]  asm_int80_emulation+0x1a/0x20
[  238.617501][ T7539] RIP: 0023:0xf7f81537
[  238.617515][ T7539] Code: 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 <cd> 80 5d 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
[  238.617528][ T7539] RSP: 002b:00000000f50a655c EFLAGS: 00000206
[  238.617541][ T7539] RAX: 0000000000000173 RBX: 0000000000000006 RCX: 0000000080000080
[  238.617550][ T7539] RDX: 0000000000059000 RSI: 0000000000000000 RDI: 0000000000000000
[  238.617559][ T7539] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  238.617568][ T7539] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[  238.617576][ T7539] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  238.617596][ T7539]  </TASK>
[  238.957570][ T7549] netlink: 'syz.2.412': attribute type 8 has an invalid length.
[  239.174768][ T7556] futex_wake_op: syz.2.412 tries to shift op by 144; fix this program
[  239.718766][ T6590] usb 1-1: new high-speed USB device number 29 using dummy_hcd
[  239.896721][ T6590] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  239.925419][ T6590] usb 1-1: config 1 interface 1 altsetting 1 bulk endpoint 0x82 has invalid maxpacket 1024
[  240.001660][ T6605] ftdi_sio 5-1:0.148: FTDI USB Serial Device converter detected
[  240.022835][ T6605] ftdi_sio ttyUSB0: unknown device type: 0x12d9
[  240.064108][ T6590] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  240.120598][ T6605] usb 5-1: USB disconnect, device number 30
[  240.153801][ T6590] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  240.158268][ T6605] ftdi_sio 5-1:0.148: device disconnected
[  240.188998][ T6590] usb 1-1: Product: syz
[  240.193708][ T6590] usb 1-1: Manufacturer: syz
[  240.220141][ T6590] usb 1-1: SerialNumber: syz
[  240.274066][ T7591] fuse: Bad value for 'fd'
[  240.527989][ T6590] cdc_mbim 1-1:1.0: bind() failure
[  240.575061][ T6590] cdc_ncm 1-1:1.1: CDC Union missing and no IAD found
[  240.598589][ T7595] netlink: 4 bytes leftover after parsing attributes in process `syz.2.421'.
[  240.670222][ T6590] cdc_ncm 1-1:1.1: bind() failure
[  240.706096][ T6590] usb 1-1: USB disconnect, device number 29
[  241.504841][ T6605] usb 5-1: new high-speed USB device number 31 using dummy_hcd
[  241.670509][ T6605] usb 5-1: Using ep0 maxpacket: 16
[  241.720715][ T6610] usb 1-1: new high-speed USB device number 30 using dummy_hcd
[  241.775641][   T30] audit: type=1326 audit(1747115954.522:124): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7620 comm="syz.1.428" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f81539 code=0x7ffc0000
[  241.798862][ T6605] usb 5-1: config 0 has no interfaces?
[  241.812639][ T6605] usb 5-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  241.872936][ T6605] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  241.941182][ T6605] usb 5-1: Product: syz
[  241.951095][ T6605] usb 5-1: Manufacturer: syz
[  241.954365][   T30] audit: type=1326 audit(1747115954.522:125): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7620 comm="syz.1.428" exe="/root/syz-executor" sig=0 arch=40000003 syscall=295 compat=1 ip=0xf7f81539 code=0x7ffc0000
[  241.956423][ T6605] usb 5-1: SerialNumber: syz
[  242.012172][ T6610] usb 1-1: Using ep0 maxpacket: 8
[  242.305766][ T6610] usb 1-1: config 4 has an invalid interface number: 112 but max is 0
[  242.334506][ T6610] usb 1-1: config 4 has no interface number 0
[  242.346658][ T6610] usb 1-1: config 4 interface 112 has no altsetting 0
[  242.362221][ T6605] usb 5-1: config 0 descriptor??
[  242.410951][ T6610] usb 1-1: New USB device found, idVendor=046d, idProduct=0897, bcdDevice=c4.5f
[  242.432476][ T6610] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  242.448320][ T6610] usb 1-1: Product: syz
[  242.473749][ T6610] usb 1-1: Manufacturer: syz
[  242.494476][ T6610] usb 1-1: SerialNumber: syz
[  242.496373][   T30] audit: type=1326 audit(1747115954.522:126): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7620 comm="syz.1.428" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f81539 code=0x7ffc0000
[  242.573712][   T30] audit: type=1326 audit(1747115954.522:127): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7620 comm="syz.1.428" exe="/root/syz-executor" sig=0 arch=40000003 syscall=54 compat=1 ip=0xf7f81539 code=0x7ffc0000
[  242.664332][   T30] audit: type=1326 audit(1747115954.522:128): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7620 comm="syz.1.428" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f81539 code=0x7ffc0000
[  242.721869][   T30] audit: type=1326 audit(1747115954.702:129): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7620 comm="syz.1.428" exe="/root/syz-executor" sig=0 arch=40000003 syscall=55 compat=1 ip=0xf7f81539 code=0x7ffc0000
[  242.746323][   T30] audit: type=1326 audit(1747115954.702:130): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7620 comm="syz.1.428" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f81539 code=0x7ffc0000
[  242.764720][ T7619] netlink: 20 bytes leftover after parsing attributes in process `syz.0.427'.
[  242.826392][ T7634] binder: 7632:7634 ioctl c0306201 800001c0 returned -22
[  242.866801][   T30] audit: type=1326 audit(1747115954.702:131): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7620 comm="syz.1.428" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f81539 code=0x7ffc0000
[  242.904734][ T6610] gspca_main: vc032x-2.14.0 probing 046d:0897
[  242.912254][ T6610] gspca_vc032x: reg_r err -71
[  242.918764][ T6610] gspca_vc032x: I2c Bus Busy Wait 00
[  242.927422][ T6610] gspca_vc032x: I2c Bus Busy Wait 00
[  242.933994][ T6610] gspca_vc032x: I2c Bus Busy Wait 00
[  242.941362][ T6610] gspca_vc032x: I2c Bus Busy Wait 00
[  242.959429][ T6610] gspca_vc032x: I2c Bus Busy Wait 00
[  242.981486][ T6610] gspca_vc032x: I2c Bus Busy Wait 00
[  243.500526][ T6610] gspca_vc032x: I2c Bus Busy Wait 00
[  243.508504][ T6610] gspca_vc032x: I2c Bus Busy Wait 00
[  243.519495][ T6610] gspca_vc032x: I2c Bus Busy Wait 00
[  243.534886][ T6610] gspca_vc032x: I2c Bus Busy Wait 00
[  243.545164][ T6610] gspca_vc032x: I2c Bus Busy Wait 00
[  243.551367][ T6610] gspca_vc032x: I2c Bus Busy Wait 00
[  243.556784][ T6610] gspca_vc032x: I2c Bus Busy Wait 00
[  243.562833][ T6610] gspca_vc032x: I2c Bus Busy Wait 00
[  243.568136][ T6610] gspca_vc032x: I2c Bus Busy Wait 00
[  243.574117][ T6610] gspca_vc032x: I2c Bus Busy Wait 00
[  243.579618][ T6610] gspca_vc032x: I2c Bus Busy Wait 00
[  243.586243][ T6610] gspca_vc032x: I2c Bus Busy Wait 00
[  243.601033][   T30] audit: type=1326 audit(1747115954.712:132): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7620 comm="syz.1.428" exe="/root/syz-executor" sig=0 arch=40000003 syscall=4 compat=1 ip=0xf7f81539 code=0x7ffc0000
[  243.623510][   T30] audit: type=1326 audit(1747115954.712:133): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7620 comm="syz.1.428" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f81539 code=0x7ffc0000
[  243.637146][ T6610] gspca_vc032x: Unknown sensor...
[  243.720478][ T6587] usb 5-1: USB disconnect, device number 31
[  243.720540][ T6610] vc032x 1-1:4.112: probe with driver vc032x failed with error -22
[  243.810878][ T6610] usb 1-1: USB disconnect, device number 30
[  244.208542][ T7654] netlink: 212376 bytes leftover after parsing attributes in process `syz.0.435'.
[  244.280115][ T7657] netlink: 8 bytes leftover after parsing attributes in process `syz.5.436'.
[  244.294686][ T7657] netlink: 40 bytes leftover after parsing attributes in process `syz.5.436'.
[  244.431794][ T7654] netlink: 'syz.0.435': attribute type 10 has an invalid length.
[  244.526602][ T7654] netlink: 24 bytes leftover after parsing attributes in process `syz.0.435'.
[  244.537749][ T7661] netlink: 'syz.4.437': attribute type 10 has an invalid length.
[  244.610928][ T7654] bridge0: port 2(bridge_slave_1) entered disabled state
[  244.639062][ T7654] bridge0: port 2(bridge_slave_1) entered disabled state
[  244.640725][ T7663] netlink: 4 bytes leftover after parsing attributes in process `syz.4.437'.
[  244.848453][ T7670] netlink: 8 bytes leftover after parsing attributes in process `syz.5.436'.
[  245.150234][ T6587] usb 6-1: new high-speed USB device number 12 using dummy_hcd
[  245.245529][ T7684] netlink: 28 bytes leftover after parsing attributes in process `syz.2.440'.
[  245.371397][ T6587] usb 6-1: Using ep0 maxpacket: 32
[  245.401490][ T6587] usb 6-1: New USB device found, idVendor=0fd9, idProduct=0025, bcdDevice=29.40
[  245.442956][ T6587] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  245.509619][ T6587] usb 6-1: config 0 descriptor??
[  245.580057][ T6590] usb 3-1: new high-speed USB device number 25 using dummy_hcd
[  245.722699][ T6590] usb 3-1: device descriptor read/64, error -71
[  245.902866][ T6587] dvb-usb: found a 'Elgato EyeTV Sat' in cold state, will try to load a firmware
[  245.952432][ T6587] usb 6-1: Direct firmware load for dvb-usb-az6027-03.fw failed with error -2
[  245.980050][ T6590] usb 3-1: new high-speed USB device number 26 using dummy_hcd
[  246.022670][ T6587] usb 6-1: Falling back to sysfs fallback for: dvb-usb-az6027-03.fw
[  246.162192][ T6590] usb 3-1: device descriptor read/64, error -71
[  246.320716][ T6590] usb usb3-port1: attempt power cycle
[  246.323214][ T7704] netlink: 24 bytes leftover after parsing attributes in process `syz.1.447'.
[  246.338178][ T7704] FAULT_INJECTION: forcing a failure.
[  246.338178][ T7704] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  246.371601][ T7704] CPU: 1 UID: 0 PID: 7704 Comm: syz.1.447 Not tainted 6.15.0-rc6-syzkaller-00025-g627277ba7c23 #0 PREEMPT(full) 
[  246.371639][ T7704] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  246.371662][ T7704] Call Trace:
[  246.371672][ T7704]  <TASK>
[  246.371679][ T7704]  dump_stack_lvl+0x189/0x250
[  246.371707][ T7704]  ? __pfx_dump_stack_lvl+0x10/0x10
[  246.371729][ T7704]  ? __pfx__printk+0x10/0x10
[  246.371757][ T7704]  should_fail_ex+0x414/0x560
[  246.371778][ T7704]  _copy_to_user+0x31/0xb0
[  246.371805][ T7704]  simple_read_from_buffer+0xe1/0x170
[  246.371828][ T7704]  proc_fail_nth_read+0x1df/0x250
[  246.371852][ T7704]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  246.371875][ T7704]  ? rw_verify_area+0x258/0x650
[  246.371892][ T7704]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  246.371914][ T7704]  vfs_read+0x1fd/0x980
[  246.371935][ T7704]  ? __pfx___mutex_lock+0x10/0x10
[  246.371955][ T7704]  ? __pfx_vfs_read+0x10/0x10
[  246.371973][ T7704]  ? __fget_files+0x2a/0x420
[  246.371995][ T7704]  ? __fget_files+0x3a0/0x420
[  246.372013][ T7704]  ? __fget_files+0x2a/0x420
[  246.372039][ T7704]  ksys_read+0x145/0x250
[  246.372055][ T7704]  ? rcu_is_watching+0x15/0xb0
[  246.372070][ T7704]  ? __pfx_ksys_read+0x10/0x10
[  246.372087][ T7704]  ? syscall_enter_from_user_mode_prepare+0x7f/0xe0
[  246.372114][ T7704]  ? lockdep_hardirqs_on+0x9c/0x150
[  246.372133][ T7704]  __do_fast_syscall_32+0xb4/0x110
[  246.372155][ T7704]  ? lockdep_hardirqs_on+0x9c/0x150
[  246.372176][ T7704]  do_fast_syscall_32+0x34/0x80
[  246.372195][ T7704]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  246.372214][ T7704] RIP: 0023:0xf7f81539
[  246.372228][ T7704] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
[  246.372241][ T7704] RSP: 002b:00000000f50a6590 EFLAGS: 00000206 ORIG_RAX: 0000000000000003
[  246.372259][ T7704] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00000000f50a6620
[  246.372271][ T7704] RDX: 000000000000000f RSI: 00000000f7412ff4 RDI: 0000000000000000
[  246.372283][ T7704] RBP: 0000000000000001 R08: 0000000000000000 R09: 0000000000000000
[  246.372293][ T7704] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[  246.372304][ T7704] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  246.372333][ T7704]  </TASK>
[  246.625642][ T5844] usb 5-1: new full-speed USB device number 32 using dummy_hcd
[  246.862161][ T5844] usb 5-1: config index 0 descriptor too short (expected 156, got 27)
[  246.870602][ T5844] usb 5-1: too many endpoints for config 0 interface 0 altsetting 191: 144, using maximum allowed: 30
[  246.890485][ T5844] usb 5-1: config 0 interface 0 altsetting 191 endpoint 0x87 has an invalid bInterval 0, changing to 10
[  246.903017][ T5844] usb 5-1: config 0 interface 0 altsetting 191 endpoint 0x87 has invalid maxpacket 255, setting to 64
[  246.944657][ T5844] usb 5-1: config 0 interface 0 altsetting 191 has 1 endpoint descriptor, different from the interface descriptor's value: 144
[  246.970160][ T6590] usb 3-1: new high-speed USB device number 27 using dummy_hcd
[  246.998412][ T6590] usb 3-1: device descriptor read/8, error -71
[  247.019882][ T5844] usb 5-1: config 0 interface 0 has no altsetting 0
[  247.051370][ T5844] usb 5-1: New USB device found, idVendor=0f11, idProduct=1021, bcdDevice=86.66
[  247.078040][ T5844] usb 5-1: New USB device strings: Mfr=85, Product=120, SerialNumber=172
[  247.114728][ T5844] usb 5-1: Product: syz
[  247.118994][ T5844] usb 5-1: Manufacturer: syz
[  247.149316][ T5844] usb 5-1: SerialNumber: syz
[  247.185096][ T5844] usb 5-1: config 0 descriptor??
[  247.223290][ T7699] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22
[  247.253047][ T5844] ldusb 5-1:0.0: Interrupt out endpoint not found (using control endpoint instead)
[  247.263872][ T6590] usb 3-1: new high-speed USB device number 28 using dummy_hcd
[  247.294522][ T6590] usb 3-1: device descriptor read/8, error -71
[  247.312253][ T5844] ldusb 5-1:0.0: LD USB Device #0 now attached to major 180 minor 0
[  247.430545][ T6590] usb usb3-port1: unable to enumerate USB device
[  247.492923][ T6609] usb 5-1: USB disconnect, device number 32
[  247.517671][ T6609] ldusb 5-1:0.0: LD USB Device #0 now disconnected
[  247.549181][ T6610] usb 2-1: new high-speed USB device number 20 using dummy_hcd
[  247.606562][ T7725] netlink: 'syz.0.452': attribute type 10 has an invalid length.
[  247.666326][ T7725] netlink: 4 bytes leftover after parsing attributes in process `syz.0.452'.
[  247.701574][ T7727] netlink: 'syz.5.453': attribute type 10 has an invalid length.
[  247.710469][ T6610] usb 2-1: Using ep0 maxpacket: 16
[  247.723381][ T6610] usb 2-1: config 0 has an invalid interface number: 8 but max is 0
[  247.737644][ T6610] usb 2-1: config 0 has no interface number 0
[  247.744967][ T7727] netlink: 4 bytes leftover after parsing attributes in process `syz.5.453'.
[  247.755134][ T6610] usb 2-1: config 0 interface 8 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7
[  247.778545][ T6610] usb 2-1: config 0 interface 8 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0
[  247.816580][ T6610] usb 2-1: New USB device found, idVendor=0d8c, idProduct=000e, bcdDevice=8e.8f
[  247.836446][ T6610] usb 2-1: New USB device strings: Mfr=0, Product=24, SerialNumber=3
[  247.847272][ T6610] usb 2-1: Product: syz
[  247.866535][ T6610] usb 2-1: SerialNumber: syz
[  247.916224][ T6610] usb 2-1: config 0 descriptor??
[  247.937649][ T6610] cm109 2-1:0.8: invalid payload size 0, expected 4
[  247.963436][ T6610] input: CM109 USB driver as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.8/input/input14
[  248.256426][    C0] cm109 2-1:0.8: cm109_urb_ctl_callback: urb status -71
[  248.265985][    C0] cm109 2-1:0.8: cm109_urb_ctl_callback: urb status -71
[  248.273888][    C0] cm109 2-1:0.8: cm109_urb_ctl_callback: urb status -71
[  248.281815][    C0] cm109 2-1:0.8: cm109_urb_ctl_callback: urb status -71
[  248.289122][    C0] cm109 2-1:0.8: cm109_urb_ctl_callback: urb status -71
[  248.297071][    C0] cm109 2-1:0.8: cm109_urb_ctl_callback: urb status -71
[  248.304996][    C0] cm109 2-1:0.8: cm109_urb_ctl_callback: urb status -71
[  248.312795][    C0] cm109 2-1:0.8: cm109_urb_ctl_callback: urb status -71
[  248.321691][    C0] cm109 2-1:0.8: cm109_urb_ctl_callback: urb status -71
[  248.329183][    C0] cm109 2-1:0.8: cm109_urb_ctl_callback: urb status -71
[  248.356828][ T6610] usb 2-1: USB disconnect, device number 20
[  248.363608][    C0] cm109 2-1:0.8: cm109_submit_buzz_toggle: usb_submit_urb (urb_ctl) failed -19
[  248.426542][ T6610] cm109 2-1:0.8: cm109_toggle_buzzer_sync: usb_control_msg() failed -19
[  248.491428][ T7743] netlink: 24 bytes leftover after parsing attributes in process `syz.2.455'.
[  248.507463][ T7727] team0 (unregistering): Port device team_slave_0 removed
[  248.565561][ T7727] team0 (unregistering): Port device team_slave_1 removed
[  248.597778][ T7727] team0 (unregistering): Port device bond0 removed
[  248.748328][ T7747] netlink: 16 bytes leftover after parsing attributes in process `syz.0.457'.
[  248.823581][ T7751] netlink: 'syz.2.458': attribute type 9 has an invalid length.
[  248.927396][ T7756] netlink: 28 bytes leftover after parsing attributes in process `syz.2.458'.
[  248.936476][ T7757] syzkaller1: entered promiscuous mode
[  248.936503][ T7757] syzkaller1: entered allmulticast mode
[  249.070618][ T6610] usb 1-1: new low-speed USB device number 31 using dummy_hcd
[  249.321437][ T6610] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  249.378747][ T6610] usb 1-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 3
[  249.409389][ T6610] usb 1-1: New USB device found, idVendor=12d1, idProduct=42f7, bcdDevice=aa.47
[  249.457699][ T6610] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  249.498943][ T6610] usb 1-1: config 0 descriptor??
[  249.546103][ T6610] qmi_wwan 1-1:0.0: probe with driver qmi_wwan failed with error -22
[  249.745666][ T6605] usb 1-1: USB disconnect, device number 31
[  249.891200][ T7783] netlink: 4 bytes leftover after parsing attributes in process `syz.4.465'.
[  251.150597][ T6605] usb 3-1: new high-speed USB device number 29 using dummy_hcd
[  251.332859][ T6605] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  251.378213][ T6605] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 3
[  251.405775][ T6605] usb 3-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00
[  251.418332][ T6605] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3
[  251.428093][ T6605] usb 3-1: SerialNumber: syz
[  251.550612][ T6590] usb 2-1: new high-speed USB device number 21 using dummy_hcd
[  251.700005][ T6590] usb 2-1: device descriptor read/64, error -71
[  251.747495][ T7813] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  251.767895][ T7813] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  251.770771][ T6610] usb 5-1: new high-speed USB device number 33 using dummy_hcd
[  251.950730][ T6610] usb 5-1: Using ep0 maxpacket: 32
[  251.988067][ T6590] usb 2-1: new high-speed USB device number 22 using dummy_hcd
[  251.988079][ T6610] usb 5-1: config 0 has an invalid interface number: 184 but max is 0
[  251.988112][ T6610] usb 5-1: config 0 has no interface number 0
[  252.039273][ T6605] usb 3-1: 0:2 : does not exist
[  252.078808][ T6610] usb 5-1: config 0 interface 184 has no altsetting 0
[  252.094249][ T6605] usb 3-1: USB disconnect, device number 29
[  252.113277][ T6610] usb 5-1: New USB device found, idVendor=0424, idProduct=7500, bcdDevice=69.ee
[  252.126879][ T6610] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  252.149934][ T6590] usb 2-1: device descriptor read/64, error -71
[  252.158707][ T6610] usb 5-1: Product: syz
[  252.174345][ T5886] udevd[5886]: error opening ATTR{/sys/devices/platform/dummy_hcd.2/usb3/3-1/3-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  252.194107][ T6610] usb 5-1: Manufacturer: syz
[  252.201364][ T6610] usb 5-1: SerialNumber: syz
[  252.210874][ T6610] usb 5-1: config 0 descriptor??
[  252.236301][ T6610] smsc75xx v1.0.0
[  252.282237][ T6590] usb usb2-port1: attempt power cycle
[  252.645828][ T6590] usb 2-1: new high-speed USB device number 23 using dummy_hcd
[  252.690796][ T6590] usb 2-1: device descriptor read/8, error -71
[  252.862246][ T6610] smsc75xx 5-1:0.184 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000040: -32
[  252.880549][ T6610] smsc75xx 5-1:0.184 (unnamed net_device) (uninitialized): Error reading E2P_CMD
[  253.290525][ T6590] usb 2-1: new high-speed USB device number 24 using dummy_hcd
[  253.330574][ T6590] usb 2-1: device descriptor read/8, error -71
[  253.452902][ T6590] usb usb2-port1: unable to enumerate USB device
[  253.799801][ T7837] pci 0000:00:05.0: vgaarb: VGA decodes changed: olddecodes=io+mem,decodes=io+mem:owns=io+mem
[  253.917841][ T6610] smsc75xx 5-1:0.184 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000014: -71
[  253.958721][ T6610] smsc75xx 5-1:0.184 (unnamed net_device) (uninitialized): Failed to read PMT_CTL: -71
[  254.013634][ T6610] smsc75xx 5-1:0.184 (unnamed net_device) (uninitialized): smsc75xx_reset error -71
[  254.054144][ T6610] smsc75xx 5-1:0.184: probe with driver smsc75xx failed with error -71
[  254.123954][ T6610] usb 5-1: USB disconnect, device number 33
[  255.038093][ T7851] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[  255.089654][ T7851] Bluetooth: hci0: Opcode 0x0406 failed: -4
[  255.191677][ T7851] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[  255.201686][ T7851] Bluetooth: hci2: Opcode 0x0406 failed: -4
[  255.245137][ T7851] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[  255.258585][ T7851] Bluetooth: hci3: Opcode 0x0406 failed: -4
[  255.313333][ T7851] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[  255.333908][ T7851] Bluetooth: hci4: Opcode 0x0406 failed: -4
[  255.516944][ T7851] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[  255.543330][ T7851] Bluetooth: hci1: Opcode 0x0406 failed: -4
[  255.787631][ T7851] Bluetooth: hci1: Opcode 0x0406 failed: -4
[  255.947990][ T1299] ieee802154 phy0 wpan0: encryption failed: -22
[  255.959659][ T1299] ieee802154 phy1 wpan1: encryption failed: -22
[  256.062171][ T6590] usb 5-1: new high-speed USB device number 34 using dummy_hcd
[  256.090723][ T7877] loop8: detected capacity change from 0 to 4
[  256.114476][ T5886] Dev loop8: unable to read RDB block 4
[  256.131591][ T5886]  loop8: unable to read partition table
[  256.137816][ T5886] loop8: partition table beyond EOD, truncated
[  256.148623][ T7877] Dev loop8: unable to read RDB block 4
[  256.188666][ T7877]  loop8: unable to read partition table
[  256.200294][ T7877] loop8: partition table beyond EOD, truncated
[  256.213796][ T7877] loop_reread_partitions: partition scan of loop8 (�被x������ڬ��dƤ����ݡ�����
[  256.213796][ T7877] 
) failed (rc=-5)
[  256.260407][ T6590] usb 5-1: Using ep0 maxpacket: 16
[  256.279977][ T6590] usb 5-1: config 0 interface 0 altsetting 5 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  256.297195][ T6590] usb 5-1: config 0 interface 0 altsetting 5 endpoint 0x81 has invalid wMaxPacketSize 0
[  256.315983][ T6590] usb 5-1: config 0 interface 0 altsetting 5 has 1 endpoint descriptor, different from the interface descriptor's value: 5
[  256.398757][ T6590] usb 5-1: config 0 interface 0 has no altsetting 0
[  256.408484][ T6590] usb 5-1: New USB device found, idVendor=0458, idProduct=5010, bcdDevice= 0.00
[  256.418299][ T6590] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  256.467086][ T6590] usb 5-1: config 0 descriptor??
[  256.544407][ T7885] FAULT_INJECTION: forcing a failure.
[  256.544407][ T7885] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  256.569039][ T7885] CPU: 1 UID: 0 PID: 7885 Comm: syz.2.486 Not tainted 6.15.0-rc6-syzkaller-00025-g627277ba7c23 #0 PREEMPT(full) 
[  256.569075][ T7885] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  256.569088][ T7885] Call Trace:
[  256.569096][ T7885]  <TASK>
[  256.569106][ T7885]  dump_stack_lvl+0x189/0x250
[  256.569139][ T7885]  ? __lock_acquire+0xaac/0xd20
[  256.569172][ T7885]  ? __pfx_dump_stack_lvl+0x10/0x10
[  256.569200][ T7885]  ? __pfx__printk+0x10/0x10
[  256.569220][ T7885]  ? __might_fault+0xb0/0x130
[  256.569257][ T7885]  should_fail_ex+0x414/0x560
[  256.569284][ T7885]  _copy_from_user+0x2d/0xb0
[  256.569314][ T7885]  ipv6_flowlabel_opt+0x116/0x2390
[  256.569353][ T7885]  ? __pfx_ipv6_flowlabel_opt+0x10/0x10
[  256.569377][ T7885]  ? look_up_lock_class+0x74/0x170
[  256.569419][ T7885]  ? register_lock_class+0x51/0x320
[  256.569454][ T7885]  ? __lock_acquire+0xaac/0xd20
[  256.569496][ T7885]  ? __local_bh_enable_ip+0x12d/0x1c0
[  256.569516][ T7885]  ? lockdep_hardirqs_on+0x9c/0x150
[  256.569541][ T7885]  ? __local_bh_enable_ip+0x12d/0x1c0
[  256.569575][ T7885]  do_ipv6_setsockopt+0xe8c/0x2fb0
[  256.569612][ T7885]  ? __pfx_do_ipv6_setsockopt+0x10/0x10
[  256.569638][ T7885]  ? __pfx_aa_label_sk_perm+0x10/0x10
[  256.569683][ T7885]  ? __pfx___might_resched+0x10/0x10
[  256.569707][ T7885]  ? rcu_read_lock_any_held+0xb3/0x120
[  256.569729][ T7885]  ? __pfx_rcu_read_lock_any_held+0x10/0x10
[  256.569758][ T7885]  ? aa_sk_perm+0x81e/0x950
[  256.569784][ T7885]  ? __pfx_aa_sk_perm+0x10/0x10
[  256.569815][ T7885]  ipv6_setsockopt+0x59/0x170
[  256.569839][ T7885]  ? __pfx_sock_common_setsockopt+0x10/0x10
[  256.569864][ T7885]  do_sock_setsockopt+0x25a/0x3e0
[  256.569896][ T7885]  ? __pfx_do_sock_setsockopt+0x10/0x10
[  256.569921][ T7885]  ? __fget_files+0x2a/0x420
[  256.569955][ T7885]  ? __fget_files+0x3a0/0x420
[  256.569980][ T7885]  ? __fget_files+0x2a/0x420
[  256.570016][ T7885]  __ia32_sys_setsockopt+0x18b/0x220
[  256.570051][ T7885]  __do_fast_syscall_32+0xb4/0x110
[  256.570079][ T7885]  ? lockdep_hardirqs_on+0x9c/0x150
[  256.570109][ T7885]  do_fast_syscall_32+0x34/0x80
[  256.570136][ T7885]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  256.570160][ T7885] RIP: 0023:0xf703e539
[  256.570178][ T7885] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
[  256.570197][ T7885] RSP: 002b:00000000f502e55c EFLAGS: 00000206 ORIG_RAX: 000000000000016e
[  256.570219][ T7885] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000000029
[  256.570232][ T7885] RDX: 0000000000000020 RSI: 0000000080000180 RDI: 0000000000000020
[  256.570245][ T7885] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  256.570256][ T7885] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[  256.570268][ T7885] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  256.570298][ T7885]  </TASK>
[  256.790102][ T6605] usb 2-1: new high-speed USB device number 25 using dummy_hcd
[  256.807810][   T55] Bluetooth: hci0: command 0x0406 tx timeout
[  256.970798][ T6605] usb 2-1: Using ep0 maxpacket: 8
[  256.992585][ T6605] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  257.030731][ T6605] usb 2-1: New USB device found, idVendor=0eef, idProduct=72c4, bcdDevice= 0.00
[  257.059290][ T6605] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  257.089727][ T6605] usb 2-1: config 0 descriptor??
[  257.220073][   T55] Bluetooth: hci2: command 0x0406 tx timeout
[  257.281772][ T6590] usbhid 5-1:0.0: can't add hid device: -71
[  257.290244][ T6590] usbhid 5-1:0.0: probe with driver usbhid failed with error -71
[  257.310299][   T55] Bluetooth: hci3: command 0x0406 tx timeout
[  257.325392][ T6590] usb 5-1: USB disconnect, device number 34
[  257.381455][   T55] Bluetooth: hci4: command 0x0406 tx timeout
[  257.539182][ T6605] hid-multitouch 0003:0EEF:72C4.0003: unknown main item tag 0x0
[  257.550441][   T55] Bluetooth: hci1: command 0x0c1a tx timeout
[  257.585041][ T6605] hid-multitouch 0003:0EEF:72C4.0003: hidraw0: USB HID v0.03 Device [HID 0eef:72c4] on usb-dummy_hcd.1-1/input0
[  257.963013][ T7902] loop8: detected capacity change from 0 to 4
[  257.979705][ T7902] Dev loop8: unable to read RDB block 4
[  257.986478][ T7891] ptrace attach of "./syz-executor exec"[5851] was attempted by "./syz-executor exec"[7891]
[  258.010807][ T7902]  loop8: unable to read partition table
[  258.020187][ T7902] loop8: partition table beyond EOD, truncated
[  258.036280][ T7902] loop_reread_partitions: partition scan of loop8 (�被x������ڬ��dƤ����ݡ�����
[  258.036280][ T7902] 
) failed (rc=-5)
[  258.057176][ T7904] netlink: 'syz.4.493': attribute type 6 has an invalid length.
[  258.067454][ T7904] netlink: 'syz.4.493': attribute type 1 has an invalid length.
[  258.087351][ T7904] netlink: 193500 bytes leftover after parsing attributes in process `syz.4.493'.
[  258.259755][ T7909] bridge0: port 1(bridge_slave_0) entered disabled state
[  258.502849][ T6605] usb 2-1: USB disconnect, device number 25
[  258.635493][ T7917] loop8: detected capacity change from 0 to 4
[  258.662637][ T7917] Dev loop8: unable to read RDB block 4
[  258.670503][ T7917]  loop8: unable to read partition table
[  258.676527][ T7917] loop8: partition table beyond EOD, truncated
[  258.694750][ T7913] @: renamed from vlan0 (while UP)
[  258.729959][ T7917] loop_reread_partitions: partition scan of loop8 (�被x������ڬ��dƤ����ݡ�����
[  258.729959][ T7917] 
) failed (rc=-5)
[  258.900089][   T55] Bluetooth: hci0: command 0x0406 tx timeout
[  258.979934][ T6590] usb 1-1: new high-speed USB device number 32 using dummy_hcd
[  259.130102][ T6590] usb 1-1: Using ep0 maxpacket: 8
[  259.149500][ T6590] usb 1-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2e.04
[  259.160839][ T6590] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  259.212489][ T6590] usb 1-1: Product: syz
[  259.226958][ T6590] usb 1-1: Manufacturer: syz
[  259.296228][ T6590] usb 1-1: SerialNumber: syz
[  259.302376][   T55] Bluetooth: hci2: command 0x0406 tx timeout
[  259.314131][ T6590] usb 1-1: config 0 descriptor??
[  259.380363][   T55] Bluetooth: hci3: command 0x0406 tx timeout
[  259.459974][   T55] Bluetooth: hci4: command 0x0406 tx timeout
[  259.573045][ T6590] usb 1-1: dvb_usb_v2: found a 'TerraTec NOXON DAB Stick' in warm state
[  259.620057][   T55] Bluetooth: hci1: command 0x0c1a tx timeout
[  259.775077][ T6590] dvb_usb_rtl28xxu 1-1:0.0: probe with driver dvb_usb_rtl28xxu failed with error -32
[  260.170078][ T6590] usb 3-1: new high-speed USB device number 30 using dummy_hcd
[  260.369962][ T6590] usb 3-1: Using ep0 maxpacket: 16
[  260.377942][ T6590] usb 3-1: config 0 has no interfaces?
[  260.384250][ T6590] usb 3-1: New USB device found, idVendor=0471, idProduct=0327, bcdDevice=61.a4
[  260.398856][ T6590] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  260.416102][ T6590] usb 3-1: config 0 descriptor??
[  260.939950][ T6590] usb 5-1: new high-speed USB device number 35 using dummy_hcd
[  261.122059][ T6590] usb 5-1: Using ep0 maxpacket: 16
[  261.599428][ T6590] usb 5-1: config 0 has an invalid descriptor of length 20, skipping remainder of the config
[  261.613905][ T6590] usb 5-1: too many endpoints for config 0 interface 0 altsetting 1: 145, using maximum allowed: 30
[  261.626267][ T6590] usb 5-1: config 0 interface 0 altsetting 1 has 0 endpoint descriptors, different from the interface descriptor's value: 145
[  261.660014][ T6590] usb 5-1: config 0 interface 0 has no altsetting 0
[  261.714896][   T55] Bluetooth: hci1: command 0x0c1a tx timeout
[  261.718484][ T6605] usb 1-1: USB disconnect, device number 32
[  261.778611][ T6590] usb 5-1: New USB device found, idVendor=06cb, idProduct=0006, bcdDevice=9a.eb
[  261.788448][ T6590] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  261.796724][ T6590] usb 5-1: Product: syz
[  261.801180][ T6590] usb 5-1: Manufacturer: syz
[  261.808220][ T6590] usb 5-1: SerialNumber: syz
[  261.818961][ T6590] usb 5-1: config 0 descriptor??
[  261.952163][ T7952] FAULT_INJECTION: forcing a failure.
[  261.952163][ T7952] name failslab, interval 1, probability 0, space 0, times 0
[  261.986416][ T7952] CPU: 1 UID: 0 PID: 7952 Comm: syz.0.507 Not tainted 6.15.0-rc6-syzkaller-00025-g627277ba7c23 #0 PREEMPT(full) 
[  261.986449][ T7952] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  261.986462][ T7952] Call Trace:
[  261.986471][ T7952]  <TASK>
[  261.986482][ T7952]  dump_stack_lvl+0x189/0x250
[  261.986527][ T7952]  ? __pfx_dump_stack_lvl+0x10/0x10
[  261.986556][ T7952]  ? __pfx__printk+0x10/0x10
[  261.986584][ T7952]  ? __pfx___might_resched+0x10/0x10
[  261.986603][ T7952]  ? fs_reclaim_acquire+0x7d/0x100
[  261.986640][ T7952]  should_fail_ex+0x414/0x560
[  261.986668][ T7952]  should_failslab+0xa8/0x100
[  261.986697][ T7952]  __kmalloc_noprof+0xcb/0x4f0
[  261.986723][ T7952]  ? security_inode_init_security+0x107/0x3f0
[  261.986757][ T7952]  security_inode_init_security+0x107/0x3f0
[  261.986786][ T7952]  ? __pfx_shmem_initxattrs+0x10/0x10
[  261.986810][ T7952]  ? __pfx_security_inode_init_security+0x10/0x10
[  261.986838][ T7952]  ? set_cached_acl+0xd2/0x180
[  261.986870][ T7952]  ? simple_acl_create+0x184/0x1b0
[  261.986896][ T7952]  shmem_mknod+0x1f6/0x3e0
[  261.986922][ T7952]  vfs_create+0x24e/0x400
[  261.986951][ T7952]  do_mknodat+0x3c6/0x4d0
[  261.986988][ T7952]  ? __pfx_do_mknodat+0x10/0x10
[  261.987016][ T7952]  ? strncpy_from_user+0x150/0x290
[  261.987040][ T7952]  ? getname_flags+0x1e5/0x540
[  261.987073][ T7952]  __ia32_sys_mknodat+0xa7/0xc0
[  261.987107][ T7952]  __do_fast_syscall_32+0xb4/0x110
[  261.987137][ T7952]  ? lockdep_hardirqs_on+0x9c/0x150
[  261.987167][ T7952]  do_fast_syscall_32+0x34/0x80
[  261.987193][ T7952]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  261.987218][ T7952] RIP: 0023:0xf7f33539
[  261.987235][ T7952] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
[  261.987252][ T7952] RSP: 002b:00000000f505655c EFLAGS: 00000206 ORIG_RAX: 0000000000000129
[  261.987273][ T7952] RAX: ffffffffffffffda RBX: 00000000ffffff9c RCX: 0000000080000140
[  261.987288][ T7952] RDX: 0000000000000000 RSI: 0000000000000103 RDI: 0000000000000000
[  261.987299][ T7952] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  261.987310][ T7952] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[  261.987322][ T7952] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  261.987352][ T7952]  </TASK>
[  262.413209][ T7955] loop8: detected capacity change from 0 to 4
[  262.514919][ T6012] Dev loop8: unable to read RDB block 4
[  262.525651][ T6012]  loop8: unable to read partition table
[  262.540632][ T6605] usb 2-1: new high-speed USB device number 26 using dummy_hcd
[  262.554428][ T6012] loop8: partition table beyond EOD, truncated
[  262.598514][ T7955] Dev loop8: unable to read RDB block 4
[  262.605260][ T7955]  loop8: unable to read partition table
[  262.628588][ T7955] loop8: partition table beyond EOD, truncated
[  262.640147][ T7955] loop_reread_partitions: partition scan of loop8 (�被x������ڬ��dƤ����ݡ�����
[  262.640147][ T7955] 
) failed (rc=-5)
[  262.701004][ T6605] usb 2-1: Using ep0 maxpacket: 8
[  262.717771][ T6605] usb 2-1: unable to get BOS descriptor or descriptor too short
[  262.730741][ T6605] usb 2-1: config 8 has an invalid interface number: 110 but max is 0
[  262.755144][ T6605] usb 2-1: config 8 has no interface number 0
[  262.789569][ T6605] usb 2-1: config 8 interface 110 altsetting 7 bulk endpoint 0x3 has invalid maxpacket 8
[  262.847224][ T6605] usb 2-1: config 8 interface 110 has no altsetting 0
[  262.862730][ T6605] usb 2-1: New USB device found, idVendor=0b48, idProduct=3014, bcdDevice=ca.75
[  262.879484][ T6605] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  263.040957][ T6605] usb 2-1: Product: syz
[  263.045222][ T6605] usb 2-1: Manufacturer: syz
[  263.060543][ T6605] usb 2-1: SerialNumber: syz
[  263.107873][ T7953] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22
[  263.144825][ T7959] ptrace attach of "./syz-executor exec"[5851] was attempted by "./syz-executor exec"[7959]
[  263.162042][ T7959] netlink: 4396 bytes leftover after parsing attributes in process `syz.2.500'.
[  263.297908][ T7961] netlink: 4 bytes leftover after parsing attributes in process `syz.5.510'.
[  263.437471][ T6605] usb 2-1: USB disconnect, device number 26
[  263.519506][ T6590] usb 5-1: Can not set alternate setting to 1, error: -71
[  263.558293][ T6590] synaptics_usb 5-1:0.0: probe with driver synaptics_usb failed with error -71
[  263.665856][ T6590] usb 5-1: USB disconnect, device number 35
[  264.200151][ T6590] usb 5-1: new high-speed USB device number 36 using dummy_hcd
[  264.424601][ T6590] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  264.443320][ T6590] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  264.455450][ T6590] usb 5-1: New USB device found, idVendor=1038, idProduct=12b6, bcdDevice= 0.00
[  264.468476][ T6590] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  264.550962][ T6590] usb 5-1: config 0 descriptor??
[  264.797416][ T5926] usb 3-1: USB disconnect, device number 30
[  265.095432][ T6590] hid (null): unknown global tag 0xc
[  265.107736][ T6590] steelseries 0003:1038:12B6.0004: unknown global tag 0xc
[  265.267744][ T6590] steelseries 0003:1038:12B6.0004: item 0 4 1 12 parsing failed
[  265.305604][ T6590] steelseries 0003:1038:12B6.0004: probe with driver steelseries failed with error -22
[  265.379743][ T6590] usb 5-1: USB disconnect, device number 36
[  265.818183][ T7989] FAULT_INJECTION: forcing a failure.
[  265.818183][ T7989] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  265.845591][ T7989] CPU: 1 UID: 0 PID: 7989 Comm: syz.0.519 Not tainted 6.15.0-rc6-syzkaller-00025-g627277ba7c23 #0 PREEMPT(full) 
[  265.845623][ T7989] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  265.845637][ T7989] Call Trace:
[  265.845647][ T7989]  <TASK>
[  265.845656][ T7989]  dump_stack_lvl+0x189/0x250
[  265.845690][ T7989]  ? __lock_acquire+0xaac/0xd20
[  265.845723][ T7989]  ? __pfx_dump_stack_lvl+0x10/0x10
[  265.845753][ T7989]  ? __pfx__printk+0x10/0x10
[  265.845775][ T7989]  ? __might_fault+0xb0/0x130
[  265.845814][ T7989]  should_fail_ex+0x414/0x560
[  265.845840][ T7989]  _copy_from_user+0x2d/0xb0
[  265.845873][ T7989]  kvm_arch_vcpu_ioctl+0x4ae/0x2a10
[  265.845900][ T7989]  ? kvm_arch_vcpu_ioctl+0x46e/0x2a10
[  265.845922][ T7989]  ? __pfx_kvm_arch_vcpu_ioctl+0x10/0x10
[  265.845943][ T7989]  ? load_gs_index+0x169/0x190
[  265.845961][ T7989]  ? __pfx_load_gs_index+0x10/0x10
[  265.845987][ T7989]  ? __lock_acquire+0xaac/0xd20
[  265.846029][ T7989]  ? __lock_acquire+0xaac/0xd20
[  265.846078][ T7989]  ? is_bpf_text_address+0x26/0x2b0
[  265.846113][ T7989]  ? is_bpf_text_address+0x292/0x2b0
[  265.846142][ T7989]  ? is_bpf_text_address+0x26/0x2b0
[  265.846175][ T7989]  ? kernel_text_address+0xa5/0xe0
[  265.846205][ T7989]  ? __kernel_text_address+0xd/0x40
[  265.846231][ T7989]  ? unwind_get_return_address+0x4d/0x90
[  265.846258][ T7989]  ? __pfx_stack_trace_consume_entry+0x10/0x10
[  265.846281][ T7989]  ? arch_stack_walk+0xfc/0x150
[  265.846332][ T7989]  ? __lock_acquire+0xaac/0xd20
[  265.846368][ T7989]  ? __mutex_trylock_common+0x153/0x260
[  265.846395][ T7989]  ? __pfx___mutex_trylock_common+0x10/0x10
[  265.846415][ T7989]  ? do_vfs_ioctl+0xf36/0x1eb0
[  265.846441][ T7989]  ? rcu_is_watching+0x15/0xb0
[  265.846459][ T7989]  ? trace_contention_end+0x39/0x120
[  265.846491][ T7989]  ? __mutex_lock+0x330/0xe80
[  265.846528][ T7989]  ? kvm_vcpu_ioctl+0x22c/0xe90
[  265.846560][ T7989]  ? __pfx___mutex_lock+0x10/0x10
[  265.846592][ T7989]  ? kasan_quarantine_put+0xdd/0x220
[  265.846628][ T7989]  kvm_vcpu_ioctl+0x74b/0xe90
[  265.846662][ T7989]  ? __pfx_kvm_vcpu_ioctl+0x10/0x10
[  265.846689][ T7989]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  265.846750][ T7989]  kvm_vcpu_compat_ioctl+0x203/0x390
[  265.846785][ T7989]  ? __pfx_kvm_vcpu_compat_ioctl+0x10/0x10
[  265.846815][ T7989]  ? __fget_files+0x3a0/0x420
[  265.846841][ T7989]  ? __fget_files+0x2a/0x420
[  265.846864][ T7989]  ? bpf_lsm_file_ioctl_compat+0x9/0x20
[  265.846887][ T7989]  __ia32_compat_sys_ioctl+0x551/0x840
[  265.846906][ T7989]  ? __pfx___ia32_compat_sys_ioctl+0x10/0x10
[  265.846922][ T7989]  ? __fget_files+0x3a0/0x420
[  265.846946][ T7989]  ? fput+0xa0/0xd0
[  265.846969][ T7989]  ? ksys_write+0x1f0/0x250
[  265.846991][ T7989]  ? syscall_enter_from_user_mode_prepare+0x7f/0xe0
[  265.847011][ T7989]  ? lockdep_hardirqs_on+0x9c/0x150
[  265.847031][ T7989]  __do_fast_syscall_32+0xb4/0x110
[  265.847050][ T7989]  ? lockdep_hardirqs_on+0x9c/0x150
[  265.847071][ T7989]  do_fast_syscall_32+0x34/0x80
[  265.847090][ T7989]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  265.847107][ T7989] RIP: 0023:0xf7f33539
[  265.847122][ T7989] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
[  265.847134][ T7989] RSP: 002b:00000000f505655c EFLAGS: 00000206 ORIG_RAX: 0000000000000036
[  265.847151][ T7989] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 000000004008ae89
[  265.847161][ T7989] RDX: 0000000080000040 RSI: 0000000000000000 RDI: 0000000000000000
[  265.847170][ T7989] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  265.847178][ T7989] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[  265.847187][ T7989] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  265.847208][ T7989]  </TASK>
[  266.586555][ T7996] netlink: 'syz.4.521': attribute type 1 has an invalid length.
[  266.620569][ T7996] 8021q: adding VLAN 0 to HW filter on device bond3
[  267.421889][ T8006] netlink: 56 bytes leftover after parsing attributes in process `syz.4.524'.
[  267.989259][ T8014] netlink: 'syz.4.526': attribute type 1 has an invalid length.
[  268.665561][ T8020] vhci_hcd vhci_hcd.0: pdev(4) rhport(0) sockfd(12)
[  268.672302][ T8020] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed)
[  268.756744][ T8014] 8021q: adding VLAN 0 to HW filter on device bond4
[  268.858549][ T8026] vhci_hcd vhci_hcd.0: pdev(4) rhport(1) sockfd(15)
[  268.865245][ T8026] vhci_hcd vhci_hcd.0: devid(0) speed(2) speed_str(full-speed)
[  268.941119][ T8020] vhci_hcd vhci_hcd.0: Device attached
[  268.949187][ T8026] vhci_hcd vhci_hcd.0: Device attached
[  269.252714][ T5926] usb 41-1: new low-speed USB device number 2 using vhci_hcd
[  269.534846][ T8014] netlink: 72 bytes leftover after parsing attributes in process `syz.4.526'.
[  269.782917][ T8017] bond4: (slave veth3): Enslaving as an active interface with a down link
[  269.848920][ T8019] vlan2: entered allmulticast mode
[  269.914821][ T8019] veth1: entered allmulticast mode
[  269.966786][ T8019] veth1: entered promiscuous mode
[  269.992147][ T8027] vhci_hcd: connection closed
[  269.992280][ T8021] vhci_hcd: connection reset by peer
[  269.994022][ T1153] vhci_hcd: stop threads
[  270.040622][ T1153] vhci_hcd: release socket
[  270.061038][ T8019] veth1: left promiscuous mode
[  270.061524][ T1153] vhci_hcd: disconnect device
[  270.073476][ T8019] bond4: (slave vlan2): making interface the new active one
[  270.096261][   T30] kauditd_printk_skb: 270 callbacks suppressed
[  270.096278][   T30] audit: type=1800 audit(1747115982.882:404): pid=8048 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.530" name="bus" dev="tmpfs" ino=619 res=0 errno=0
[  270.152808][ T8019] veth1: entered promiscuous mode
[  270.170793][ T8019] vlan2: entered promiscuous mode
[  270.186106][ T8019] bond4: (slave vlan2): Enslaving as an active interface with an up link
[  270.215947][ T1153] vhci_hcd: stop threads
[  270.238869][ T1153] vhci_hcd: release socket
[  270.277451][ T1153] vhci_hcd: disconnect device
[  271.784528][ T8066] xt_CT: No such helper "netbios-ns"
[  273.027748][ T6610] usb 1-1: new high-speed USB device number 33 using dummy_hcd
[  273.280419][ T6610] usb 1-1: Using ep0 maxpacket: 32
[  273.288091][ T6610] usb 1-1: config 0 interface 0 altsetting 0 bulk endpoint 0x85 has invalid maxpacket 1024
[  273.306837][ T6610] usb 1-1: New USB device found, idVendor=12d8, idProduct=0001, bcdDevice=de.79
[  273.332359][ T6610] usb 1-1: New USB device strings: Mfr=1, Product=236, SerialNumber=2
[  273.343812][ T6610] usb 1-1: Product: syz
[  273.350826][ T6610] usb 1-1: Manufacturer: syz
[  273.358006][ T6610] usb 1-1: SerialNumber: syz
[  273.375878][ T6610] usb 1-1: config 0 descriptor??
[  273.403850][ T8072] raw-gadget.1 gadget.0: fail, usb_ep_enable returned -22
[  273.417261][ T6610] hub 1-1:0.0: bad descriptor, ignoring hub
[  273.423849][ T6610] hub 1-1:0.0: probe with driver hub failed with error -5
[  273.921060][ T6610] usb 1-1: USB disconnect, device number 33
[  274.125598][ T8100] Oops: general protection fault, probably for non-canonical address 0xdffffc0000000009: 0000 [#1] SMP KASAN PTI
[  274.138207][ T8100] KASAN: null-ptr-deref in range [0x0000000000000048-0x000000000000004f]
[  274.146748][ T8100] CPU: 1 UID: 0 PID: 8100 Comm: syz.5.547 Not tainted 6.15.0-rc6-syzkaller-00025-g627277ba7c23 #0 PREEMPT(full) 
[  274.158805][ T8100] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  274.168885][ T8100] RIP: 0010:do_move_mount+0x27d/0xb10
[  274.174427][ T8100] Code: e8 08 26 83 ff 41 be ea ff ff ff 49 bd 00 00 00 00 00 fc ff df 48 8b 6c 24 18 4c 8b 7c 24 08 48 8d 5d 48 48 89 d8 48 c1 e8 03 <42> 80 3c 28 00 74 08 48 89 df e8 84 1a e5 ff 48 8b 1b 31 ff 48 89
[  274.194574][ T8100] RSP: 0018:ffffc9000add7d30 EFLAGS: 00010206
[  274.200913][ T8100] RAX: 0000000000000009 RBX: 0000000000000048 RCX: ffff88801ff30000
[  274.208984][ T8100] RDX: 0000000000000000 RSI: ffffffff8bc1d800 RDI: ffff888140458478
[  274.216965][ T8100] RBP: 0000000000000000 R08: ffffffff8dc1683b R09: 1ffffffff1b82d07
[  274.224975][ T8100] R10: dffffc0000000000 R11: fffffbfff1b82d08 R12: ffff88801cae6a40
[  274.233057][ T8100] R13: dffffc0000000000 R14: 00000000ffffffea R15: ffff88807ccbe900
[  274.241053][ T8100] FS:  0000000000000000(0000) GS:ffff8881261c7000(0063) knlGS:00000000f501db40
[  274.250011][ T8100] CS:  0010 DS: 002b ES: 002b CR0: 0000000080050033
[  274.257068][ T8100] CR2: 00000000f4fdbda4 CR3: 0000000022774000 CR4: 00000000003526f0
[  274.265767][ T8100] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[  274.273762][ T8100] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[  274.281845][ T8100] Call Trace:
[  274.285136][ T8100]  <TASK>
[  274.288170][ T8100]  __se_sys_move_mount+0x4aa/0x580
[  274.293469][ T8100]  ? __pfx___se_sys_move_mount+0x10/0x10
[  274.299123][ T8100]  ? syscall_enter_from_user_mode_prepare+0x7f/0xe0
[  274.305740][ T8100]  ? __ia32_sys_move_mount+0x20/0xc0
[  274.311156][ T8100]  __do_fast_syscall_32+0xb4/0x110
[  274.316536][ T8100]  do_fast_syscall_32+0x34/0x80
[  274.321611][ T8100]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  274.328001][ T8100] RIP: 0023:0xf704e539
[  274.332080][ T8100] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
[  274.351712][ T8100] RSP: 002b:00000000f501d55c EFLAGS: 00000206 ORIG_RAX: 00000000000001ad
[  274.360171][ T8100] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 0000000080000140
[  274.368271][ T8100] RDX: 00000000ffffff9c RSI: 0000000080000180 RDI: 0000000000000000
[  274.376284][ T8100] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  274.384623][ T8100] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[  274.392856][ T8100] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  274.400953][ T8100]  </TASK>
[  274.404088][ T8100] Modules linked in:
[  274.408862][ T8100] ---[ end trace 0000000000000000 ]---
[  274.453496][ T8100] RIP: 0010:do_move_mount+0x27d/0xb10
[  274.459968][ T8100] Code: e8 08 26 83 ff 41 be ea ff ff ff 49 bd 00 00 00 00 00 fc ff df 48 8b 6c 24 18 4c 8b 7c 24 08 48 8d 5d 48 48 89 d8 48 c1 e8 03 <42> 80 3c 28 00 74 08 48 89 df e8 84 1a e5 ff 48 8b 1b 31 ff 48 89
[  274.540736][ T5926] vhci_hcd: vhci_device speed not set
[  274.554212][ T8100] RSP: 0018:ffffc9000add7d30 EFLAGS: 00010206
[  274.564298][ T8100] RAX: 0000000000000009 RBX: 0000000000000048 RCX: ffff88801ff30000
[  274.573459][ T8100] RDX: 0000000000000000 RSI: ffffffff8bc1d800 RDI: ffff888140458478
[  274.582418][ T8100] RBP: 0000000000000000 R08: ffffffff8dc1683b R09: 1ffffffff1b82d07
[  274.591043][ T8100] R10: dffffc0000000000 R11: fffffbfff1b82d08 R12: ffff88801cae6a40
[  274.601515][ T8100] R13: dffffc0000000000 R14: 00000000ffffffea R15: ffff88807ccbe900
[  274.609731][ T8100] FS:  0000000000000000(0000) GS:ffff8881261c7000(0063) knlGS:00000000f501db40
[  274.632546][ T8100] CS:  0010 DS: 002b ES: 002b CR0: 0000000080050033
[  274.639784][ T8100] CR2: 00000000800b2018 CR3: 0000000022774000 CR4: 00000000003526f0
[  274.648272][ T8100] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[  274.656881][ T8100] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[  274.669336][ T8100] Kernel panic - not syncing: Fatal exception
[  274.676139][ T8100] Kernel Offset: disabled
[  274.680506][ T8100] Rebooting in 86400 seconds..