last executing test programs:

1m13.613101735s ago: executing program 2 (id=2049):
r0 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000000), 0x88800, 0x0)
ioctl$IOMMU_IOAS_ALLOC(r0, 0x3b81, &(0x7f00000003c0)={0xc, 0x0, <r1=>0x0})
ioctl$IOMMU_IOAS_MAP$PAGES(r0, 0x3b85, &(0x7f0000000040)={0x28, 0x7, r1, 0x0, &(0x7f0000800000/0x800000)=nil, 0x800000})

1m13.493295008s ago: executing program 2 (id=2050):
r0 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000040), 0x149002, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1d0)
r1 = openat$fuse(0xffffffffffffff9c, &(0x7f0000002080), 0x2, 0x0)
r2 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r2, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x8801}, 0x0)
r3 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000740)=@newsa={0x140, 0x1a, 0x1, 0xfffffffe, 0x100, {{@in=@initdev={0xac, 0x1e, 0x1, 0x0}, @in6=@private1={0xfc, 0x1, '\x00', 0x1}, 0x1, 0x717, 0x4e23, 0x5, 0xa, 0x0, 0x20, 0x3a}, {@in6=@mcast2, 0x4d4, 0x6c}, @in6=@private2={0xfc, 0x2, '\x00', 0x1}, {0xfe, 0x3, 0x9ba3, 0xffff, 0x8251c, 0x5, 0xfffffffffffffffc, 0x4}, {0xffffffffffffffff, 0x0, 0x1f, 0xfffffffffffffffe}, {0xfffffffe, 0x3fc}, 0x7e, 0x3505, 0x2, 0x1, 0x0, 0x20}, [@algo_comp={0x48, 0x3, {{'deflate\x00'}}}, @XFRMA_IF_ID={0x8, 0x1f, 0x2}]}, 0x140}}, 0x844)
mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x10005, &(0x7f0000002140)={{'fd', 0x3d, r1}, 0x2c, {'rootmode', 0x3d, 0x4000}})
openat2$dir(0xffffffffffffff9c, &(0x7f0000002000)='./file0/file1\x00', &(0x7f0000002040)={0x101140, 0x101, 0x8}, 0x18)
umount2(&(0x7f00000002c0)='./file0\x00', 0x9)
write$P9_RSTATu(r0, &(0x7f0000000540)={0x41c, 0x7d, 0x0, {{0x500, 0x2db, 0x0, 0x5000000, {0xcdb74b01717932d9, 0x400}, 0x10000000, 0x0, 0x0, 0x8000fe, 0x1f, '\x04nodev{cvfox\x92\xff\xff\xff\x81\x02\x00\x00\xff\xff\xff0\xff\xce\xbc\x92\x00\x00\x00', 0x120, 'pJ\x86\xce\xc6\x02\x00}\xfag>\xff\xeb\t\xb55\x1f[\xde\x05>\x00\x1e\x00\x00\x18{\x82O^\x97\xe5p\xbeg\xb0^\xb0V\xca|=9\x00\xb5\x00\x00;Y_\xcb\x14\x03\x03\x00\xb9\xfd\x9e\xf1\x96\xa5\x1c\xd5\x15z\xdc\x81\x1a\xb4\x94\xcc\xe37A\x95\xcc\x90U\xd1\xc8~x\xcdY\x96\xd9\x967\x87\xe7\xb6\x98\"l5\xf0\x17K\r\xf3\xf8\x91\xcf\x99lI\b\xe889d\x01,\xe2\x15]\xd6\xb3\xf4kb\xcay$\xeba\x13\x90\x98\xb2\"\xbc\xf4/\xeah1Z\x81ju\x16i\xd6%\xe5\xe4\xe4_\x96?\x1e\xe2\x1e\xb7N\xf3\xcd\xf9\x8f7\xb2?\r\xac\xc9\xd9\xe5\xd4\xbe\xbf\x91J\x8d,\x9f\x19fxu\xd1\r\xeb\xddkT\x03\xf6j\xe8}\x8a/\x067\xcdH\x82\x8f,W\xc3,\x19\xc3#9(O\xa5\x14\xa9#l\x1b\x17\xe7R\x93^J\xf4v\x86\xa6\xcfHC\x10\xec\xd1\xe8\x98l\x12_\xb7B\xfd2\xfc]\x87\xe0\x8aj\x8e\r\x94X\x02\xd7\x7f\x15\xb4G\t\x8b\xd5c\x9c\x0e\xba\\o\xd2\x132\xf6\xddX\x8b\x17\"=\xa7l-\xf5\x91\v_\xf9\xfc\x01\x9f\xd9&', 0x12, '\xcf\xc2\x00\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xf3\x13\xf6\x00', 0x157, '\xf8\xf6i\xfbqm\xcf1^\xca\xf3\x85+\x9a\xc6[\x94\bg\x8c,;\x9e\x1dR\xc3l\xde{\xa4\xa4\x00\xb4\xb0\xb4\xf1t\xa6f\xa8R\x9aE\x1b4\a\xdb\xda\xb2\x88K\xaf\x05\x00\x00\x00\x00\x00\x00\x00G\xec!\xca\xbf\xf2\x0f\x9c\x1c\xbe6\xf4\xfd\x1aL\xc2\x80\xe8\xd4\x89\xdad\x9a7\x00\xd0\x02\xaf\x02k\x9en\r\xca\x00\x89\xfdL\xd0\x9c\xf8\r\xbb\xe9Q\xb2\x1f5y\x8b\n\xb6hx\xc0\x9d\"\x8b7\x88\\\x10\x8a\xcb\xee\xcd\xbe\x06Kz\xd8\xd79\x9f\xd5\x18j\'t\x8f$\x88\'\x06\x8f\x89\x0fOPZ\x04\xc4$\xd7%\xc8\x1exa\xe1 --\xc4\xc94\x1dWH\xff\x9eS\x9e\rIT\x8fz\x1c\xcf^\xac\x9a\xa0\x92L\a\x00\x00\x00\xf3|c\xccjn1\xa7}\x1f\xad\x05\x83h\xae\xd5\xe3\xc1M\x89\x96\x87\n\v\t\xd0l\x97\x04\x98\v\xb4GxB\xb1\xed.\x8f%\x01\xb2_\xbc\\^\xe6}\x8bnN\xc7G\xe9]\x03\xf6x\xd7\x1a-\xa34\x92\xf8\xd4\x87\xeeB|Y\xf6\xe7\ni\xa9J}\x987\xd6\x02c\xd68\aM\xfa\x04\xa4V\x04\tD\xb7\x02\"gFh\xc7D\xb7\xba\xda\xad4uXO 5|\x84 \xc1IO\x8d\r4 *\xfb5\xccVp\xe2@\xbe\xba\x96SS\xaf\xe9F\xc0\xc1\xb5\t\x1d9U\xc8\xc8_\xf1\xc7q|\n'}, 0x12c, 'odev-n\xb1{#\x00\xf9\xda\xa5\xee#&n\xcf\x85\xfe\xa6^B\xd9y\xa3\xfd\xe5\xf4u\xda\xf0;\x11r\xd9{\xad\xc7\tZ\xfdv\xfeO\x04A\xf7\xf7t\x1e\xac\x03\x00\x00\xec\xff\x00\x00\xdb\xa0\xc2\xf7\xf0\x9f\xf5<~M\x1a\xd6n-\a\x01\x98\x01\x9f0\x11\x84G\xaa\x9at\xf5\x16\x85\xf5\x06\xae\x89H\x06\x87\x82g\xd5\xa1)\x8dy,J7\xf2\xe1\xcb\xbd$\x82\x92\x9a\r\x89r\xb5\xcf\x01.\xa5\xb0\xd7#\x85\x9d\xba?\x93\xae\xd3\xb49\xe7\xca\xc0}\xe0\x9d\x1dh\xa6\x033\xa8\x82F}+1\xaa\xcd\xf9\x18\x85I\xb1\x12]lL\x9b\x18\xc2\xfbV\xc5}}\xc6&\xe49\a\x96\xa1\xebH\'Fi\xab\x13\xf8\xb1\x1d\x14`Y\xf3\x10\xe2cMY?\xece\xd5)\xf3\x82\x06fd\xdf$NL\x90W\np\x04\x9f9\x9f\x06\x1fu\xb7y|\xe1\xfe\x11\xea\x91\x96\t\xd5\x1aA\xdd=\xe3\x04\xbd|~\xd0\xa4V\xf0\xae\x12Qa\x05\xc9\xce\x88}\xf5\xa6\xe0\xb6\xa7}Yl\xf8\x8b\xa6\xe5\xc69|}P!\xd7\x98\x95(\xfd\x179\xe1\xc2\xd8\x7f\xff\x00'/300, 0xffffffffffffffff, 0xee00}}, 0x41c)
syz_usb_connect(0x0, 0x5a, &(0x7f00000000c0)=ANY=[@ANYBLOB="12010000ec13b2106d04f308280b0102030109024800010000000009046900000e0100002b41"], 0x0)

1m12.937089631s ago: executing program 2 (id=2055):
sendmsg$GTP_CMD_NEWPDP(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x8100}, 0x0)
sendmsg$NL80211_CMD_RELOAD_REGDB(0xffffffffffffffff, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000340)={0x14, 0x0, 0x1, 0x70bd2d, 0x25dfdbfe}, 0x14}, 0x1, 0x0, 0x0, 0x24000000}, 0x20008004)
r0 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_int(r0, 0x107, 0xf, &(0x7f0000000100)=0x9, 0x4)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000003c0)={'ip6_vti0\x00', <r1=>0x0})
sendto$packet(r0, &(0x7f00000002c0)="1a040500d3fc03fc", 0x8, 0x4000004, &(0x7f0000000300)={0x11, 0x0, r1, 0x1, 0x6, 0x6, @remote}, 0x14)

1m12.901717919s ago: executing program 2 (id=2056):
r0 = syz_open_dev$video4linux(&(0x7f0000000040), 0x5, 0x0)
ioctl$VIDIOC_TRY_DECODER_CMD(r0, 0xc0585605, &(0x7f0000000080)={0x0, 0x1})
ioctl$ifreq_SIOCGIFINDEX_wireguard(0xffffffffffffffff, 0x8933, 0x0)
r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$NLBL_CIPSOV4_C_ADD(r1, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000000100)=ANY=[@ANYBLOB="84010000", @ANYRES16, @ANYBLOB="010000000000000000000100000004000480080002000100000008000100000000000400088058010c8054000b800800090000000000080009000000000008000a000000000008000a000000000008000a0000000000080009000000000008000a000000"], 0x184}}, 0x0)
r2 = socket(0x10, 0x803, 0x0)
ioctl$sock_SIOCETHTOOL(r2, 0x8946, &(0x7f0000000140)={'veth0_to_team\x00', &(0x7f0000000280)=@ethtool_channels={0x3d, 0xffffffff, 0x0, 0x0, 0x4, 0x2, 0x1}})
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1c0)
mount(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000000)='devpts\x00', 0x0, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
r3 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000240), 0x2, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r3, &(0x7f0000000200)={0x0, 0x18, 0xfa00, {0x1, &(0x7f0000000280), 0x13f, 0x1}}, 0x20)
socket$packet(0x11, 0x3, 0x300)
ioctl$FBIOPUTCMAP(0xffffffffffffffff, 0x4605, &(0x7f00000004c0)={0x2, 0x0, 0x0, &(0x7f0000000400)=[0x7, 0x6, 0x6, 0x400, 0x9d00], &(0x7f0000000440)=[0x3, 0x1, 0x8000, 0x1a], &(0x7f0000000480)=[0x1000]})
r4 = socket$kcm(0x10, 0x2, 0x4)
sendmsg$kcm(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000700)=[{&(0x7f0000000800)="39000000140081ae10003c000500018311001f9f660fcf066505acb612f691f3bd3508abca1be6eeb89c44ebb37358582bdbb7d553b4e92155", 0x39}], 0x1}, 0x0)

1m12.862726261s ago: executing program 2 (id=2057):
r0 = syz_open_dev$loop(0x0, 0x4, 0x40100)
ioctl$LOOP_CONFIGURE(r0, 0x4c0a, 0x0)
r1 = syz_kvm_add_vcpu$x86(0x0, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r1, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000280)=[@text16={0x10, &(0x7f0000000140)="baf80c66b8e8cc1b8866efbafc0c66edded166b9800000c00f326635010000000f3036650f77baf80c66b87b99c38e66efbafc0cb02feeba4200b000ee0fc7b1ec00f20f79da0fc73b0f001f"}], 0x1, 0x18, 0x0, 0xfffffe95)
socket$inet_mptcp(0x2, 0x1, 0x106)
r2 = openat$comedi(0xffffffffffffff9c, &(0x7f0000000040)='/dev/comedi0\x00', 0x0, 0x0)
ioctl$COMEDI_DEVCONFIG(r2, 0x40946400, &(0x7f00000000c0)={'dt2815\x00', [0x0, 0x5, 0x2005, 0x47, 0x2, 0xcc7, 0xfff, 0x80000001, 0x4, 0x3ff, 0x7f, 0x15fe, 0x5, 0x0, 0x3, 0xe1cb, 0xf3, 0x0, 0x1, 0x295, 0x80000089, 0x4, 0x6, 0x9, 0xffffeadc, 0x3, 0x401001c, 0x5, 0x4, 0x8000000, 0x2000005]})
prctl$PR_CAP_AMBIENT(0x2f, 0x3, 0x2a)
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000340)={0x0}, 0x1, 0x0, 0x0, 0x8800}, 0x4040)
r5 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
r6 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r5, 0x4020ae46, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x4000, 0xe, 0x5d031, 0xffffffffffffffff, 0x0)
ioctl$KVM_SET_REGS(r6, 0x4090ae82, &(0x7f00000003c0)={[0x60000000004, 0x1000000000, 0x5, 0x41, 0x2000000, 0x0, 0x2004cc, 0x0, 0xa1b, 0x8, 0x5, 0x0, 0x3, 0x2], 0x10000, 0x202})
ioctl$KVM_RUN(r6, 0xae80, 0x0)
ioctl$KVM_RUN(r6, 0xae80, 0x0)
ioctl$KVM_RUN(r6, 0xae80, 0x0)
ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0)

1m12.809747714s ago: executing program 2 (id=2058):
mkdir(&(0x7f0000000000)='./file0\x00', 0x0)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000040)={<r0=>0xffffffffffffffff})
pipe2$9p(&(0x7f00000001c0)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff}, 0x0)
mount$9p_fd(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000004500), 0x0, &(0x7f0000000100)={'trans=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r0}})
write$P9_RVERSION(r2, &(0x7f0000000080)=ANY=[], 0x15) (fail_nth: 1)

57.752640628s ago: executing program 32 (id=2058):
mkdir(&(0x7f0000000000)='./file0\x00', 0x0)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000040)={<r0=>0xffffffffffffffff})
pipe2$9p(&(0x7f00000001c0)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff}, 0x0)
mount$9p_fd(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000004500), 0x0, &(0x7f0000000100)={'trans=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r0}})
write$P9_RVERSION(r2, &(0x7f0000000080)=ANY=[], 0x15) (fail_nth: 1)

6.199887845s ago: executing program 3 (id=2657):
prctl$PR_SET_THP_DISABLE(0x29, 0x1)
prctl$PR_GET_THP_DISABLE(0x2a)
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
setgroups(0x0, 0x0)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
getsockopt$sock_buf(r1, 0x1, 0x3b, 0x0, &(0x7f0000000000))
bind$inet6(r0, &(0x7f0000000000)={0xa, 0x8001, 0x1, @loopback, 0xfffffff6}, 0x1c)
prctl$PR_GET_THP_DISABLE(0x2a)
r2 = openat$panthor(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
ioctl$DRM_IOCTL_ADD_BUFS(r2, 0xc0206416, &(0x7f0000000080)={0x7, 0x22800000, 0xc, 0x67, 0x8, 0x8000})
r3 = open(&(0x7f0000000280)='.\x00', 0x0, 0x40)
fcntl$notify(r3, 0x402, 0x8000003d)
close_range(r3, r3, 0x2)
ioctl$IOMMU_VFIO_IOMMU_UNMAP_DMA(r3, 0x3b72, &(0x7f00000000c0)={0xcf, 0x8, 0xdf, 0x400, "db8a3cef0798f26a1da037de7e663e04a04616b429b36943424349f7e1b9c635a3e6711b52792644d48bc2687de3b72c162b99e2a72aaee4e37e54725db94c5385bf5bb2b7073d3c50019abdeed1618d6ea224979261ebda5883386aa3e037305909b8efeb50a81be99f376a57b7bb5b5b597b3155540f78e1c8d3aa788e838faa11e19447d18a1c084c080e0f2249a13d227e1608f4ccf2196936fffcf39a87806edf82d182332ee9eadf12ebf6c3d55874a13ca81fe3"})

5.790832085s ago: executing program 0 (id=2658):
mkdir(&(0x7f0000000000)='./file0\x00', 0x0)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000040)={<r0=>0xffffffffffffffff})
pipe2$9p(&(0x7f00000001c0)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff}, 0x0)
mount$9p_fd(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000004500), 0x0, &(0x7f0000000100)={'trans=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r0}})
write$P9_RVERSION(r2, &(0x7f0000000080)=ANY=[@ANYBLOB="150000"], 0x15)

5.751532397s ago: executing program 3 (id=2660):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000002c0)={0x14, 0x40, 0x107, 0xfffffffe, 0x0, {0x1, 0x7c}}, 0x14}}, 0xc000)
sendmsg(r0, &(0x7f0000000740)={0x0, 0x0, &(0x7f0000000300)=[{&(0x7f0000000640)="3013f93f6a23826aeaa571d88a1fc628ec108a5ce411744d4e3ae79c5374eb3bdc7564d840b7d870c0da80f54b31a033a88be722054380d976", 0x39}], 0x1, &(0x7f0000003240)=ANY=[], 0xe10}, 0x40000)
r1 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r1, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-camellia-asm\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, &(0x7f0000000280)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18)
r2 = accept4(r1, 0x0, 0x0, 0x800)
sendmmsg$alg(r2, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0x10}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048", 0x4d}, {&(0x7f00000003c0)}], 0x3, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800)
recvmsg(r2, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x7ffff000}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2}, 0x0)
r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000013c0)={'wlan1\x00', <r4=>0x0})
sendmsg$NL80211_CMD_FRAME(r0, &(0x7f0000001380)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000dc0)=ANY=[@ANYBLOB="f4060000", @ANYRES16=r3, @ANYBLOB="01000000000000e14f003b00000008000300", @ANYRES32=r4, @ANYBLOB="d50633008000009effffffffffff080211000001"], 0x6f4}}, 0x0)

5.666404096s ago: executing program 0 (id=2661):
r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000240), 0x2, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f0000000200)={0x0, 0x18, 0xfa00, {0x1, &(0x7f0000000280)={<r1=>0xffffffffffffffff}, 0x13f, 0x1}}, 0x20)
write$RDMA_USER_CM_CMD_BIND(r0, &(0x7f0000000000)={0x14, 0x88, 0xfa00, {r1, 0x30, 0x0, @ib={0x1b, 0xdd9, 0xd4, {"ac9c638171762b29309712582306ee5d"}, 0x6c8000, 0x8}}}, 0x90)

5.593874621s ago: executing program 3 (id=2662):
getpid() (async)
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5) (async)
syz_open_dev$sndctrl(0x0, 0x80000000, 0x0) (async, rerun: 32)
r0 = syz_open_dev$vim2m(&(0x7f0000000080), 0x7, 0x2) (rerun: 32)
ioctl$vim2m_VIDIOC_ENUM_FMT(r0, 0xc0405602, &(0x7f00000000c0)={0x1, 0x1, 0x0, "3b189831cb9c1d4fd54c60d1dd004dbb6cba09ca3420217017d0a3dad57650f5"}) (async)
read$FUSE(0xffffffffffffffff, 0x0, 0x0) (async)
r1 = socket$inet(0x2, 0x1, 0x100)
setsockopt$sock_int(r1, 0x1, 0x48, &(0x7f0000000040)=0x3, 0x4) (async)
listen(r1, 0x7fff) (async)
ioctl$MEDIA_IOC_REQUEST_ALLOC(0xffffffffffffffff, 0x80047c05, &(0x7f0000000040)=<r2=>0xffffffffffffffff)
ioctl$vim2m_VIDIOC_PREPARE_BUF(r0, 0xc058565d, &(0x7f0000000180)=@multiplanar_mmap={0x9, 0x2, 0x4, 0xe000, 0x5, {0x77359400}, {0x3, 0x2, 0x1, 0x9, 0x0, 0x7, "6e70e466"}, 0x101, 0x1, {&(0x7f0000000100)=[{0xb0000000, 0x2, {0x6261}, 0x2}, {0xf0, 0x8, {0x1000}}]}, 0xb38, 0x0, r2}) (async)
openat2$dir(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup\x00', &(0x7f00000000c0)={0x10000, 0x0, 0x33}, 0x18) (async)
socket$nl_generic(0x10, 0x3, 0x10) (async, rerun: 32)
mmap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x2000007, 0x20000000ec071, 0xffffffffffffffff, 0x1000000000040000) (rerun: 32)

5.47847432s ago: executing program 0 (id=2664):
r0 = socket(0x10, 0x2, 0x0)
write(r0, &(0x7f0000000040)="1c0000001a009b8a140000003b9b301f00"/28, 0x1c)
r1 = syz_open_dev$dri(&(0x7f0000000000), 0x0, 0x0)
r2 = syz_open_dev$dri(&(0x7f00000008c0), 0xd21, 0x0)
ioctl$DRM_IOCTL_MODE_GETRESOURCES(r2, 0xc04064a0, &(0x7f00000001c0)={0x0, &(0x7f00000000c0)=[<r3=>0x0], 0x0, 0x0, 0x0, 0x1})
ioctl$DRM_IOCTL_MODE_GETCRTC(r2, 0xc06864a1, &(0x7f00000003c0)={0x0, 0x0, r3, <r4=>0x0})
ioctl$DRM_IOCTL_MODE_GETFB2(r2, 0xc06864ce, &(0x7f00000004c0)={r4, 0x0, 0x0, 0x0, 0x0, [<r5=>0x0], [0xfffffffc, 0x7, 0x3]})
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r1, 0xc02064b2, &(0x7f0000000140)={0x3ff, 0x2, 0x400f5})
ioctl$DRM_IOCTL_PRIME_HANDLE_TO_FD(r1, 0xc00c642d, &(0x7f0000000080)={r5, 0x0, <r6=>0xffffffffffffffff})
ioctl$DRM_IOCTL_PRIME_HANDLE_TO_FD(r2, 0xc00c642d, &(0x7f0000000180)={r5, 0x0, <r7=>0xffffffffffffffff})
ioctl$DRM_IOCTL_MODE_GETFB2(r2, 0xc06864ce, &(0x7f0000000200)={r4, 0x0, 0x0, 0x6, 0x0, [<r8=>0x0], [], [0x0, 0xfffffffc, 0xfffffff7], [0x0, 0x0, 0x0, 0xffffffffffffffff]})
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r2, 0xc00c642e, &(0x7f0000000300)={0x0, 0x0, r6})
ioctl$DRM_IOCTL_PRIME_HANDLE_TO_FD(r2, 0xc00c642d, &(0x7f0000000440)={r8})
r9 = syz_open_dev$ptys(0xc, 0x3, 0x0)
r10 = socket$pppl2tp(0x18, 0x1, 0x1)
setsockopt$inet6_buf(r10, 0x29, 0x32, 0x0, 0x0)
ioctl$FIONREAD(r9, 0x541b, &(0x7f0000000100))
r11 = syz_usb_connect(0x0, 0x2d, &(0x7f0000000080)=ANY=[@ANYBLOB="12010000a8f4d0086d0492082a6d0000000109021b0001000000000904"], 0x0)
syz_usb_control_io$hid(r11, 0x0, &(0x7f0000000000)={0x2c, &(0x7f0000000700)=ANY=[], 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$printer(r11, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r11, 0x0, &(0x7f0000000cc0)={0x44, &(0x7f0000000500)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io(r11, 0x0, 0x0)
syz_usb_control_io$rtl8150(r11, 0x0, &(0x7f0000000380)={0x2c, &(0x7f0000000140)=ANY=[@ANYBLOB], 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io(r11, 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_GETRESOURCES(r6, 0xc04064a0, &(0x7f0000000540)={&(0x7f0000000280)=[0x0, 0x0, 0x0, <r12=>0x0, 0x0, 0x0, 0x0, 0x0], &(0x7f00000002c0)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], &(0x7f0000000340)=[0x0, 0x0, 0x0], &(0x7f0000000480)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], 0x8, 0x7, 0x3, 0x7})
ioctl$DRM_IOCTL_MODE_GETFB2(r7, 0xc06864ce, &(0x7f0000000580)={r12, 0x59, 0x3, 0x6, 0x2, [], [0x3, 0x7ff, 0x0, 0x8000], [0xd, 0x3ff, 0x1, 0x8], [0xfffffffffffffe00, 0xfffffffffffffff7, 0x7fffffffffffffff, 0x8]})
recvmmsg(r0, &(0x7f0000002ec0), 0x400000000000ec0, 0x2, &(0x7f00000001c0)={0x77359400})
r13 = socket$can_raw(0x1d, 0x3, 0x1)
setsockopt$CAN_RAW_LOOPBACK(r13, 0x65, 0x3, &(0x7f0000000040)=0x1, 0x4)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x15)

5.478279124s ago: executing program 3 (id=2665):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$tipc(&(0x7f0000000180), 0xffffffffffffffff)
sendmsg$TIPC_CMD_RESET_LINK_STATS(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000440)=ANY=[@ANYBLOB='0\x00\x00', @ANYRES8=r1, @ANYBLOB="01002abd7000ffdbdf2501000000000000000c4100000014001462726f616463"], 0x30}, 0x1, 0x0, 0x0, 0x1}, 0x8080)
r2 = syz_usb_connect(0x0, 0x24, &(0x7f0000000040)=ANY=[@ANYBLOB="1201000003005740ed0b0011c3ec000000010902120001000000000904"], 0x0)
getsockopt$PNPIPE_IFINDEX(0xffffffffffffffff, 0x113, 0x2, &(0x7f00000004c0), &(0x7f0000000500)=0x4)
getsockopt$inet_mreqn(0xffffffffffffffff, 0x0, 0x7, &(0x7f0000000600)={@loopback, @empty}, &(0x7f00000006c0)=0xc)
sendmsg$ETHTOOL_MSG_TSINFO_GET(r0, 0x0, 0x20000001)
syz_usb_control_io(r2, 0x0, &(0x7f00000010c0)={0x84, &(0x7f0000000080)=ANY=[@ANYBLOB], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$hid(r2, 0x0, &(0x7f0000000640)={0x2c, &(0x7f0000000680)=ANY=[@ANYBLOB="00154d00"], 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$uac2(r2, &(0x7f0000000100)={0x14, &(0x7f0000000000)={0x40, 0x23, 0x2c, {0x2c, 0x30, "abd5c020a65e4585cfb431ea3d28e25d6389c48a25298762c9c6d8ea466602e7e40bc9d0ed7f854d8b5f"}}, &(0x7f00000000c0)={0x0, 0x3, 0xf, @string={0xf, 0x3, "8e324825d5791ade608ae3eff4"}}}, &(0x7f0000000400)={0x44, &(0x7f0000000140)={0x40, 0xb, 0xbe, "f7f0e056e497bb2922ab0bec9a5fa657f5ba7509b9765b0918c3942ec3cfb656235681a3367153ccf7ca2a9f989294072f77dffc4a74efb921992bb14c7f117a70e204ba6f4dc43fbf0dee206b18fa7787816dfc3a890cf987f25e10c64478b6e0923e0182140a4cf2a72f1817af2b834b76c05affbcab84a19e91bcbad4a36b0d16aeb16dc04792924974f3619246ac6430beeb297f01dc121c7fef8e30b2086920e2623e304e7d49fb68c22d43ec6c8c4e802c05e91f3d5dcebdaed379"}, &(0x7f0000000240)={0x0, 0xa, 0x1, 0x2d}, &(0x7f0000000280)={0x0, 0x8, 0x1, 0x1}, &(0x7f00000002c0)={0x20, 0x81, 0x1, "db"}, &(0x7f0000000300)={0x20, 0x82, 0x1, "d7"}, &(0x7f0000000340)={0x20, 0x83, 0x3, "b67146"}, &(0x7f0000000980)=ANY=[@ANYBLOB="2084020000009612b17a108660f39c7026e8e2c3cb6f6ffbce1ccbc9b26292030b85f169c929a432d774c478eeefa4ac3ca2bcaecc400d9684e3d8847aac9bdcd9a8d4e3c645cf2bd96419407716d46af11963ea20d107c74685eb78319b29b67e8e1e66bd39c237a5a6ea9089b1d4b2cd41712307df4d11780bcb586717d954719326bf1fad6972f5d963bc5b2893522927b43e9e2d10e9b3f8595364b991f63db31f35b5ac0af8de05dfacc44232788207b9e31b2cf38fb58251b93051460a3e25ed8aaf836bf5aa483f38bda24c2ceb1e777b540aaea1434b642a"], &(0x7f00000003c0)={0x20, 0x85, 0x3, "8cda26"}})

2.3545096s ago: executing program 3 (id=2683):
r0 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000040), 0x149002, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1d0)
r1 = openat$fuse(0xffffffffffffff9c, &(0x7f0000002080), 0x2, 0x0)
r2 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000003200)=@newsa={0x138, 0x10, 0x1, 0xfffffffe, 0x100, {{@in6=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @in6=@private1={0xfc, 0x1, '\x00', 0x1}, 0x1, 0x714, 0x4e22, 0x5, 0x0, 0x0, 0x0, 0x3a}, {@in6=@mcast2, 0x4d4, 0x6c}, @in6=@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02', {0x0, 0x192, 0x6, 0xffff, 0x8251c, 0x2, 0xfffffffffffffff8}, {0xffffffffffffffff, 0x0, 0x1f, 0xfffffffffffffffe}, {0x2, 0xfffffffc}, 0x70bd2a, 0x3504, 0x2, 0x0, 0x0, 0x20}, [@algo_comp={0x48, 0x3, {{'deflate\x00'}}}]}, 0x138}, 0x1, 0x0, 0x0, 0x8801}, 0x0)
r3 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000740)=@newsa={0x140, 0x1a, 0x1, 0xfffffffe, 0x100, {{@in=@initdev={0xac, 0x1e, 0x1, 0x0}, @in6=@private1={0xfc, 0x1, '\x00', 0x1}, 0x1, 0x717, 0x4e23, 0x5, 0xa, 0x0, 0x20, 0x3a}, {@in6=@mcast2, 0x4d4, 0x6c}, @in6=@private2={0xfc, 0x2, '\x00', 0x1}, {0xfe, 0x3, 0x9ba3, 0xffff, 0x8251c, 0x5, 0xfffffffffffffffc, 0x4}, {0xffffffffffffffff, 0x0, 0x1f, 0xfffffffffffffffe}, {0xfffffffe, 0x3fc}, 0x7e, 0x3505, 0x2, 0x1, 0x0, 0x20}, [@algo_comp={0x48, 0x3, {{'deflate\x00'}}}, @XFRMA_IF_ID={0x8, 0x1f, 0x2}]}, 0x140}}, 0x844)
mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x10005, &(0x7f0000002140)={{'fd', 0x3d, r1}, 0x2c, {'rootmode', 0x3d, 0x4000}})
openat2$dir(0xffffffffffffff9c, &(0x7f0000002000)='./file0/file1\x00', 0x0, 0x0)
umount2(&(0x7f00000002c0)='./file0\x00', 0x9)
write$P9_RSTATu(r0, &(0x7f0000000540)={0x41c, 0x7d, 0x0, {{0x500, 0x2db, 0x0, 0x5000000, {0xcdb74b01717932d9, 0x400}, 0x10000000, 0x0, 0x0, 0x8000fe, 0x1f, '\x04nodev{cvfox\x92\xff\xff\xff\x81\x02\x00\x00\xff\xff\xff0\xff\xce\xbc\x92\x00\x00\x00', 0x120, 'pJ\x86\xce\xc6\x02\x00}\xfag>\xff\xeb\t\xb55\x1f[\xde\x05>\x00\x1e\x00\x00\x18{\x82O^\x97\xe5p\xbeg\xb0^\xb0V\xca|=9\x00\xb5\x00\x00;Y_\xcb\x14\x03\x03\x00\xb9\xfd\x9e\xf1\x96\xa5\x1c\xd5\x15z\xdc\x81\x1a\xb4\x94\xcc\xe37A\x95\xcc\x90U\xd1\xc8~x\xcdY\x96\xd9\x967\x87\xe7\xb6\x98\"l5\xf0\x17K\r\xf3\xf8\x91\xcf\x99lI\b\xe889d\x01,\xe2\x15]\xd6\xb3\xf4kb\xcay$\xeba\x13\x90\x98\xb2\"\xbc\xf4/\xeah1Z\x81ju\x16i\xd6%\xe5\xe4\xe4_\x96?\x1e\xe2\x1e\xb7N\xf3\xcd\xf9\x8f7\xb2?\r\xac\xc9\xd9\xe5\xd4\xbe\xbf\x91J\x8d,\x9f\x19fxu\xd1\r\xeb\xddkT\x03\xf6j\xe8}\x8a/\x067\xcdH\x82\x8f,W\xc3,\x19\xc3#9(O\xa5\x14\xa9#l\x1b\x17\xe7R\x93^J\xf4v\x86\xa6\xcfHC\x10\xec\xd1\xe8\x98l\x12_\xb7B\xfd2\xfc]\x87\xe0\x8aj\x8e\r\x94X\x02\xd7\x7f\x15\xb4G\t\x8b\xd5c\x9c\x0e\xba\\o\xd2\x132\xf6\xddX\x8b\x17\"=\xa7l-\xf5\x91\v_\xf9\xfc\x01\x9f\xd9&', 0x12, '\xcf\xc2\x00\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xf3\x13\xf6\x00', 0x157, '\xf8\xf6i\xfbqm\xcf1^\xca\xf3\x85+\x9a\xc6[\x94\bg\x8c,;\x9e\x1dR\xc3l\xde{\xa4\xa4\x00\xb4\xb0\xb4\xf1t\xa6f\xa8R\x9aE\x1b4\a\xdb\xda\xb2\x88K\xaf\x05\x00\x00\x00\x00\x00\x00\x00G\xec!\xca\xbf\xf2\x0f\x9c\x1c\xbe6\xf4\xfd\x1aL\xc2\x80\xe8\xd4\x89\xdad\x9a7\x00\xd0\x02\xaf\x02k\x9en\r\xca\x00\x89\xfdL\xd0\x9c\xf8\r\xbb\xe9Q\xb2\x1f5y\x8b\n\xb6hx\xc0\x9d\"\x8b7\x88\\\x10\x8a\xcb\xee\xcd\xbe\x06Kz\xd8\xd79\x9f\xd5\x18j\'t\x8f$\x88\'\x06\x8f\x89\x0fOPZ\x04\xc4$\xd7%\xc8\x1exa\xe1 --\xc4\xc94\x1dWH\xff\x9eS\x9e\rIT\x8fz\x1c\xcf^\xac\x9a\xa0\x92L\a\x00\x00\x00\xf3|c\xccjn1\xa7}\x1f\xad\x05\x83h\xae\xd5\xe3\xc1M\x89\x96\x87\n\v\t\xd0l\x97\x04\x98\v\xb4GxB\xb1\xed.\x8f%\x01\xb2_\xbc\\^\xe6}\x8bnN\xc7G\xe9]\x03\xf6x\xd7\x1a-\xa34\x92\xf8\xd4\x87\xeeB|Y\xf6\xe7\ni\xa9J}\x987\xd6\x02c\xd68\aM\xfa\x04\xa4V\x04\tD\xb7\x02\"gFh\xc7D\xb7\xba\xda\xad4uXO 5|\x84 \xc1IO\x8d\r4 *\xfb5\xccVp\xe2@\xbe\xba\x96SS\xaf\xe9F\xc0\xc1\xb5\t\x1d9U\xc8\xc8_\xf1\xc7q|\n'}, 0x12c, 'odev-n\xb1{#\x00\xf9\xda\xa5\xee#&n\xcf\x85\xfe\xa6^B\xd9y\xa3\xfd\xe5\xf4u\xda\xf0;\x11r\xd9{\xad\xc7\tZ\xfdv\xfeO\x04A\xf7\xf7t\x1e\xac\x03\x00\x00\xec\xff\x00\x00\xdb\xa0\xc2\xf7\xf0\x9f\xf5<~M\x1a\xd6n-\a\x01\x98\x01\x9f0\x11\x84G\xaa\x9at\xf5\x16\x85\xf5\x06\xae\x89H\x06\x87\x82g\xd5\xa1)\x8dy,J7\xf2\xe1\xcb\xbd$\x82\x92\x9a\r\x89r\xb5\xcf\x01.\xa5\xb0\xd7#\x85\x9d\xba?\x93\xae\xd3\xb49\xe7\xca\xc0}\xe0\x9d\x1dh\xa6\x033\xa8\x82F}+1\xaa\xcd\xf9\x18\x85I\xb1\x12]lL\x9b\x18\xc2\xfbV\xc5}}\xc6&\xe49\a\x96\xa1\xebH\'Fi\xab\x13\xf8\xb1\x1d\x14`Y\xf3\x10\xe2cMY?\xece\xd5)\xf3\x82\x06fd\xdf$NL\x90W\np\x04\x9f9\x9f\x06\x1fu\xb7y|\xe1\xfe\x11\xea\x91\x96\t\xd5\x1aA\xdd=\xe3\x04\xbd|~\xd0\xa4V\xf0\xae\x12Qa\x05\xc9\xce\x88}\xf5\xa6\xe0\xb6\xa7}Yl\xf8\x8b\xa6\xe5\xc69|}P!\xd7\x98\x95(\xfd\x179\xe1\xc2\xd8\x7f\xff\x00'/300, 0xffffffffffffffff, 0xee00}}, 0x41c)
syz_usb_connect(0x0, 0x5a, &(0x7f00000000c0)=ANY=[@ANYBLOB="12010000ec13b2106d04f308280b0102030109024800010000000009046900000e0100002b41"], 0x0)

2.169144838s ago: executing program 1 (id=2684):
ioctl$KVM_SET_XSAVE(0xffffffffffffffff, 0x5000aea5, &(0x7f0000000140)={[0xbfb, 0x80, 0xfffffff9, 0x2, 0x42100000, 0x48, 0x8, 0x8, 0x400, 0x7, 0x1000, 0x10001, 0x47, 0x15b, 0x2, 0x3, 0x1000, 0x5, 0x8c49, 0x9, 0x5, 0x3, 0x7ff, 0x101, 0x0, 0xe, 0x7, 0x6, 0x4, 0x6, 0x400, 0x0, 0x1, 0x9, 0xff, 0x9ebd, 0x8, 0x9d, 0x0, 0xffffffff, 0x2, 0x9, 0xff, 0x5, 0x7, 0x4, 0x2, 0x5, 0xcde, 0x88e, 0x2, 0x3, 0x8b, 0x3, 0x1, 0x8, 0x1000, 0x72, 0x6, 0x4, 0x4, 0x5, 0x53e, 0x4, 0x5, 0x7, 0x10001, 0x2, 0x7, 0xe6, 0xc25, 0x7245, 0x0, 0xb2, 0x579, 0x5, 0x7, 0x0, 0x0, 0xee1, 0x7fffffff, 0x1, 0x3, 0x71, 0x8, 0x3, 0x5, 0x7e, 0x1, 0x9, 0x4, 0x9, 0xb84, 0x6, 0x5, 0x2, 0x1, 0x8, 0x100, 0xb8, 0xe, 0x10, 0xfff, 0x7, 0x5, 0x2, 0x6, 0x10, 0xfffffff9, 0x2e8, 0x8c, 0x1, 0xfffffffd, 0x1, 0x6, 0xb9, 0x7, 0x9, 0x7, 0x8, 0xffffff3e, 0x9, 0x80, 0x10, 0xb6, 0xe0, 0xc, 0x40, 0x4606, 0x7f, 0x6, 0x1ff, 0x1, 0x7fffffff, 0x5, 0x1, 0x22, 0x2, 0x0, 0x5, 0x20, 0x8, 0x4, 0xffffffd8, 0x7f, 0xf, 0x1, 0x3, 0x6, 0x14, 0x4fd, 0xe41, 0x34a, 0x4, 0xd, 0x8, 0x6, 0x101, 0x7, 0xe, 0x8, 0x6, 0x7f, 0x1000, 0xd, 0xfff, 0x9, 0xffff, 0x4, 0x7e8a, 0x1, 0x4, 0x2, 0xd7, 0x9, 0x8, 0x467, 0x2, 0x1f, 0x3, 0x1, 0xd24, 0x9, 0x7, 0x7ff, 0x8, 0x26, 0x9, 0xffffffff, 0x22a, 0x0, 0x4, 0x6, 0x8, 0x6, 0x7fff, 0x9c8, 0x8, 0x4, 0x1, 0x81, 0x6, 0x80, 0x187, 0x7, 0x3, 0x0, 0x1, 0x4, 0xffff, 0x4, 0x4, 0x1000, 0x9, 0x3ff, 0x1, 0x0, 0x3fc3130a, 0xffffffff, 0x80000001, 0x1000, 0x5e2, 0x9, 0xc5, 0x3, 0x4, 0x3, 0x4, 0x7, 0x80000001, 0x4, 0x8, 0x40, 0x9, 0x0, 0x9, 0x2, 0x517b, 0x1000, 0x4000000, 0x1ff, 0x952, 0x8, 0x18902681, 0x6, 0x4, 0x1, 0x4, 0xfff, 0x5bc00000, 0x10001, 0x7fffffff, 0x3, 0x6, 0x1830348, 0xd8fe, 0x113b, 0x8, 0x2, 0x95, 0x49d, 0xfffffff5, 0xffffff8a, 0x2, 0x0, 0x8, 0x8000, 0x8, 0x80000001, 0x7, 0x1, 0x8, 0x9f, 0x2, 0x5, 0x6, 0x8, 0x1, 0x7, 0x4, 0x7, 0x3, 0x6, 0x1, 0x71c, 0x2b7, 0x1, 0x8, 0xd, 0x3, 0xf7, 0x7ff, 0x1000, 0x6, 0xeeee, 0x2, 0x8, 0x3, 0x9, 0xe12b, 0x6, 0x80000000, 0xffffffc0, 0x3, 0x800, 0x7, 0xf66, 0xb, 0xed, 0x550c78e9, 0x9, 0x8c, 0x2b, 0x101, 0x6, 0x9, 0x7, 0x6d0, 0x5, 0x3, 0x1, 0xcfeb, 0x4, 0x35, 0x0, 0xffffff7f, 0x6, 0x7b17, 0x40, 0x3, 0x8, 0x1ff, 0xfffffffa, 0x4b6, 0x5, 0x0, 0x0, 0x1, 0x7ff, 0x4, 0x101, 0x81, 0x0, 0x81, 0x6, 0x4, 0x4, 0xa, 0x400, 0x4, 0x100, 0x40, 0x3, 0x7fffffff, 0x4, 0x3, 0x3, 0x0, 0x6, 0xffffffff, 0x6, 0x0, 0x3ff, 0x6, 0x4, 0x8, 0x9, 0x80, 0x9b1, 0x3, 0x8, 0x8, 0x1, 0x9, 0x5, 0xf, 0x1, 0x8, 0xd41, 0x3, 0x9, 0x80, 0x3, 0x7, 0x8, 0x9, 0x77bb, 0x190c, 0x8, 0x6, 0x9, 0x0, 0x5, 0x100, 0xc, 0xffff, 0xa9f9, 0x2, 0x1000, 0x6, 0xad, 0x26bb, 0x2, 0x1, 0x6, 0xf1, 0xfffffe01, 0x5, 0x2, 0x5, 0x7, 0x2492, 0xb, 0x3, 0x5, 0x448f, 0xc0e, 0x8, 0xc, 0xfffffffa, 0x1, 0x7, 0x9, 0x5, 0x4, 0x0, 0xfffffff6, 0x10, 0x1, 0x7, 0xe2a, 0x9, 0x300, 0x6, 0x4, 0xad9, 0x0, 0x6, 0x8000, 0x4, 0x4, 0x8, 0x100, 0x5, 0x7, 0xc7, 0x6, 0x708c, 0x1, 0x8, 0x10, 0x6, 0x2fce5e40, 0xe3c, 0x7, 0x0, 0x3, 0xc, 0x95c, 0x1000, 0x1000, 0x4, 0x6, 0x3, 0x7ff, 0x400, 0x4, 0x6b000000, 0xfffffff8, 0x4c, 0x0, 0x7b8, 0x2, 0x401, 0x1, 0x1, 0x4, 0x9, 0xada, 0x46dc, 0x0, 0x1, 0x0, 0x0, 0x2, 0x7, 0xf1, 0x6, 0x4, 0x81, 0x9097, 0x1000, 0x54c, 0x8, 0x5, 0x7fffffff, 0xab, 0x0, 0xfffff1c4, 0x5, 0x80ea, 0x1, 0x49e49dc4, 0x2, 0x1, 0x1, 0x9, 0x8, 0x7879321b, 0x3, 0x1000004, 0x5, 0xfffffffc, 0x2, 0x331, 0x1, 0x1e72, 0xffffffff, 0x0, 0x3, 0x8, 0x3, 0x4, 0x100, 0x7, 0x100, 0xb23, 0x80000000, 0xff, 0x3, 0x9, 0x3, 0x40, 0xfffffffe, 0x3, 0x9, 0x5, 0x5, 0x7, 0x3, 0x100, 0x5, 0x4, 0x0, 0x7, 0x1000, 0x10000, 0x7, 0x1, 0x8, 0x3, 0x3, 0x8, 0x2, 0x7, 0x8001, 0xb, 0x98c6, 0x7, 0xb719, 0x6, 0x7, 0x2, 0xfffffffb, 0x81, 0x6, 0x7, 0x2, 0x6, 0x10000, 0xb, 0x7, 0x7fff, 0x2, 0x7fffffff, 0x8001, 0x1, 0x5, 0x1, 0x8001, 0x0, 0x6fd5, 0x0, 0x80000000, 0x4, 0x1, 0x101, 0x903, 0xb, 0x3ff, 0x3, 0x80000001, 0x3, 0xffffff80, 0x277a, 0x7f, 0x1, 0x6, 0x9, 0x937, 0x4, 0x8, 0x2, 0xfffffff7, 0x84d, 0x8, 0x7, 0x8000, 0x401, 0x3, 0x0, 0x6, 0xd, 0x5, 0x9, 0x1, 0x6, 0xffff, 0x4, 0x1, 0x8, 0xfffffff7, 0xd366, 0xff, 0xfffff735, 0x0, 0x4, 0x9, 0x5, 0x6, 0x9, 0xfffffff8, 0x100, 0x10, 0x9, 0x8000, 0x3a, 0xf, 0x7, 0x2, 0xf, 0x1, 0x8001, 0x3, 0x4, 0x2, 0x1, 0x7, 0x9, 0x3, 0x6, 0x4, 0x8d, 0x2, 0x1cf, 0x6, 0x594b80b4, 0x200, 0xffff, 0x8, 0x5, 0xffffffff, 0xd, 0x7fffffff, 0x7, 0x7, 0x3, 0x8, 0x6, 0x9, 0x7, 0xce95, 0x82, 0x401, 0x5d1f, 0x4, 0x81, 0x4, 0x9, 0x0, 0x5, 0x9, 0x0, 0xa, 0xffff, 0x1f, 0x5, 0x1, 0x0, 0x0, 0x166c, 0x6, 0xff, 0x1, 0x8b, 0xffffffff, 0x0, 0x9, 0x2, 0x1, 0x200, 0x65, 0x7, 0xffffffff, 0x1ff, 0x7, 0x2, 0x8, 0x0, 0xfffffffb, 0x9, 0xffff, 0x8000, 0x80000001, 0x27e, 0x8001, 0x800, 0x9, 0x43, 0x400c, 0x0, 0x0, 0x8, 0x81, 0x4, 0xb4c, 0x10000, 0x862, 0x2, 0xbf2a, 0x0, 0x7, 0x3, 0xfffffff9, 0x3ff, 0x6, 0x91, 0x0, 0x3, 0xe36, 0x7, 0x0, 0x8, 0x9, 0x8, 0x7, 0xf, 0x6, 0x9, 0xd, 0xf, 0x0, 0x5, 0x9, 0x7f, 0x3, 0x7, 0x9, 0x2, 0x1ff, 0x4eb6, 0xff, 0x8, 0xfffffeff, 0xf8000000, 0xf19, 0x8000, 0x6, 0xcf, 0x4, 0x59, 0x0, 0x0, 0x80000001, 0x8, 0x6, 0x101, 0xff, 0xffffff81, 0x9, 0xd6e0, 0xddc5, 0x9, 0x0, 0x8, 0x7, 0xfff, 0x7f, 0xfffffffc, 0xfff, 0x8, 0x4, 0x9, 0xac9e, 0xa39, 0x8, 0x9, 0xdc, 0x2, 0x8, 0xfffff800, 0x3, 0x7, 0x4, 0x7, 0x6, 0x2, 0x10000, 0x5, 0x77c1, 0x7, 0x7, 0x10001, 0x4, 0x5, 0x6, 0x77, 0x399, 0x70, 0x8, 0x8000, 0x6, 0x6, 0x1, 0xfffffffe, 0x5, 0x1, 0xa, 0x0, 0x5, 0x3, 0x7fffffff, 0x4, 0x7, 0x3, 0x3, 0x3, 0x9, 0x3c, 0x0, 0x9, 0x9, 0x10000, 0xd, 0xffffffff, 0x0, 0x7f, 0x200, 0x8, 0x40000, 0x2, 0x6, 0x21, 0x3, 0x3, 0x8, 0x0, 0x7b, 0x23, 0x1, 0x2, 0x9, 0x1, 0x3, 0xdb5, 0x0, 0x4, 0x10001, 0x6, 0x4, 0x616f5d1a, 0x3, 0x3, 0x8, 0x1c, 0x3, 0x1, 0x0, 0x1, 0x2, 0x5, 0xeee, 0xee80, 0x18f, 0xfffffffc, 0xb79a, 0x7, 0xfffffffb, 0x2, 0x5, 0x9, 0x27, 0x9, 0x87dc, 0xa, 0x80000001, 0xfffffffe, 0x4, 0x8, 0x101, 0x754e2025, 0xa, 0xd, 0x6, 0xd, 0x8, 0xfffffffb, 0x7, 0x5, 0xc6d, 0x2, 0x4, 0xe29, 0x7, 0x7, 0x79f0, 0x800, 0x5, 0x7, 0x7fb, 0x5, 0xce2, 0x1000, 0xe7, 0x800, 0x1000, 0x9, 0x9, 0x6, 0x9, 0x2, 0x8000, 0x100, 0x70a0, 0x0, 0x585a, 0xe12a, 0x0, 0x81, 0x7, 0x60e3, 0x510a4007, 0x4, 0x0, 0x4, 0x8001, 0x400, 0x4, 0x277e, 0x9, 0x81, 0x6, 0x2, 0xa1, 0x8, 0xa, 0x5, 0x0, 0xffffff80, 0x200, 0x4c34, 0x6, 0x1, 0xfffffff0, 0x3, 0x1769ef05, 0x9, 0xc, 0x62d, 0x476d0137, 0x76, 0x4, 0xffffffff, 0x5, 0xfff, 0x9, 0xf9, 0xb0, 0x400, 0x4, 0x8, 0x3, 0x88, 0x4, 0xc, 0x65a, 0x7, 0x5, 0x2, 0xffffffff, 0x3, 0x8005, 0x100000, 0x1000, 0xfffff801, 0x3, 0x7, 0x8, 0x10000, 0x5, 0x6, 0x8, 0xeb1, 0x1ff, 0x52e, 0x4, 0x8, 0x3, 0x0, 0xfffff1f7, 0xfffffffe, 0x8000, 0x1, 0xf0, 0x79, 0x0, 0xffff, 0x1, 0x9, 0xa6, 0xff, 0x1000000, 0x7fff, 0x8]})
r0 = openat$tun(0xffffffffffffff9c, &(0x7f00000001c0), 0xa2f01, 0x0)
r1 = openat$drirender128(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$DRM_IOCTL_SYNCOBJ_RESET(r1, 0xc01064c4, &(0x7f0000000140)={0x0})
r2 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000004002, 0x0)
r3 = dup(r2)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xa, 0x13, r3, 0x5000)
r4 = openat$dsp(0xffffffffffffff9c, &(0x7f00000003c0), 0x101a02, 0x0)
ioctl$SNDCTL_DSP_SETFRAGMENT(r4, 0xc004500a, &(0x7f0000000080))
ioctl$SNDCTL_DSP_SETTRIGGER(r4, 0x40045010, &(0x7f0000000040))
writev(r4, &(0x7f0000000000)=[{&(0x7f0000000680)="3751f02b82f73ccfc7c431617753f5732f765c975ebce8947e5388c4ff26fa3893119fd147a1576d9456136ab5f15493d175754e4b666e989869d01d418adc376ca22d8077c1b54bea92b5977a41d70ebcc4735ce6c012a5fe5ab7fef98e864216699a25d70e26103e294b7894b34a794bc14a2edfdc6978c0c97bcb02de69264d", 0x81}], 0x1)
close(r4)
prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000180)={&(0x7f0000ffa000/0x3000)=nil, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000ff9000/0x1000)=nil, &(0x7f0000ffa000/0x1000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ff8000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ff8000/0x7000)=nil, &(0x7f0000ffb000/0x3000)=nil, 0x0}, 0x68)
r5 = syz_open_procfs(0x0, &(0x7f0000000100)='numa_maps\x00')
read$FUSE(r5, &(0x7f00000095c0)={0x2020}, 0x2020)
ioctl$AUTOFS_DEV_IOCTL_SETPIPEFD(r3, 0xc0189378, &(0x7f0000000000)={{0x1, 0x1, 0x18, r3, {<r6=>r3}}, './file0\x00'})
ioctl$IMCLEAR_L2(r3, 0x80044946, &(0x7f0000000080)=0x80000001)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x6bf1c2d5adba8c32})
r7 = socket$inet6_tcp(0xa, 0x1, 0x0)
r8 = dup(r7)
ioctl$SIOCSIFHWADDR(r8, 0x8914, &(0x7f0000000040)={'syzkaller1\x00', @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x2}})
write$tun(r0, &(0x7f0000000280)=ANY=[@ANYBLOB], 0x42)
ioctl$SNDRV_CTL_IOCTL_ELEM_READ(r6, 0xc4c85512, &(0x7f0000001140)={{0x3, 0x3, 0xec4, 0x0, 'syz0\x00', 0x4800000}, 0x0, [0x9, 0x6, 0x0, 0xffffffffffffffff, 0x10, 0x4, 0x10001, 0x7fffffffffffffff, 0x7c, 0x3, 0x80000000, 0x0, 0xff, 0x6, 0x1, 0xffffffffffffff62, 0x5, 0xffffffffffffff00, 0xffffffffffffffff, 0x5, 0x1, 0x0, 0x7fff, 0x0, 0xe2, 0xffffffffffff55e7, 0x101, 0x0, 0x5, 0x1, 0x2, 0x10, 0x0, 0x0, 0xf1a2, 0x7, 0x8, 0x3f19, 0x6, 0x10001, 0x9, 0x100000001, 0xffffffffffffffff, 0x2, 0x9, 0x4, 0xffffffff7fffffff, 0x67, 0x4, 0x9, 0x1, 0xfffffffffffffffd, 0xffffffffffff8000, 0x8000000000000000, 0x0, 0x4, 0x6, 0x400, 0xfff, 0x7, 0x7, 0x7, 0xdc09, 0x180000000000, 0x2, 0xfffffffffffffffa, 0x7, 0xc, 0x7fffffffffffffff, 0x8, 0x6, 0x7, 0xb6a, 0x0, 0x1, 0x684, 0x7ff, 0x101, 0xbb, 0x4, 0x8, 0x6, 0x5, 0x80000000, 0x9, 0x10001, 0x581949cf, 0x9, 0x1, 0x80000000, 0x6a58, 0x0, 0x0, 0x2, 0xfffffffffffffda5, 0xdd6, 0x0, 0xff9, 0x8, 0x5, 0x6, 0x6, 0xf, 0x5, 0xf810, 0x2, 0xffffffffffffff2f, 0x7ff, 0xffff, 0xfffffffffffffffa, 0x1, 0x4, 0xc, 0x9c, 0xd52, 0x80000001, 0x86e, 0x6, 0x7, 0xa8a, 0x5, 0x2, 0x0, 0x6, 0x2, 0x8000000000000000, 0x5, 0x1dacbff4]})

1.995284091s ago: executing program 1 (id=2685):
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000200)=ANY=[@ANYBLOB="140000001000010000000000000000000a00000a20000000000a01080000000000000000050000090900010073797a310000000054000000030a03000000000000000000050000030900010073797a31000000000900030073797a3200000000280004800800014000000001080002"], 0x9c}, 0x1, 0x0, 0x0, 0x24000144}, 0x20000050)
mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1)
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_EXP_GET(r0, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4085}, 0x20000004) (fail_nth: 1)

1.730518678s ago: executing program 1 (id=2686):
r0 = socket$inet(0x2, 0x4000000000000001, 0x0)
setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f00000004c0)=0x79, 0x4)
bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @multicast1}, 0x10)
setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000000)={0x1, &(0x7f0000000280)=[{0x6, 0xfa, 0x0, 0xe4}]}, 0x10)
sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10)
setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000100)='bbr', 0x3)
sendmmsg$inet(r0, &(0x7f0000001240)=[{{0x0, 0x0, &(0x7f0000001dc0)}}, {{0x0, 0x0, &(0x7f00000005c0)=[{&(0x7f0000000b80)="f77d2b5dd5f7d74f0748cf3d2cf218d644566a14103b1c7dd35fd2951bd022f10f2dc7f4ce0d8ac5f4abaca4b97b706153756913b7dd48248b5bfb10460019248bf238743fa2aeb5bef21ce832db670920dc5e911ef2ad63e849901d1001129dbacbfd4924d7545517fd18b5d29978f32a5b5c81755cb89cc0490958ba3211eb99df5cdbbc0f9c941aaa1495893dada02d8188acd26b5afd7476413f322c8f79de769debb56343f3eded2dca93ed6641", 0xb0}, {&(0x7f0000000d00)="31cef842d9c50636f60fc0cfdac56c75f1687f0c56287423f5eed69f117e766bdbad0c2171ad6227e1173ab6efa2fcb1c420a51a0917861009000000f049c606ccab7cda1f0e3490fbe385ea382294882839a22674037b8910bd8a1420e33eb1be6f10cfb24eb7cccdf1528ef33b34ab07cdb0909a9ba9547e1e343b451d9025c4e153612d4674b9411fb4de295599abbcb388d291aa839ab0954e6a8dfc19c3c1533a11d81e03a4879bd736f1caacc2bbf1194598a652677efb930a5b6ee292c57402e0cc07a9a2", 0xc8}, {&(0x7f0000001300)="e0cda6472d1ccfb4d1d46bf348a3b7ff9e5b6b3e30ef2266c86a085e37271763c50968fe2e2eb13b9472381bade936f9a85e26aac6ebd21115f086751d870434cf07dbd92e0ea2322f163473dad24cffe6d23ffa95b04a2653e8a7c9ab042ea1b0bf4bde850bc9f6147f1a48e86e", 0x6e}], 0x3}}, {{0x0, 0x0, &(0x7f0000000a00)=[{&(0x7f0000000640)='B', 0x1}], 0x1}}], 0x3, 0x2090)
setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000000600)=0xdfa, 0x4)
sendto$inet(r0, &(0x7f0000000580)="17", 0x59a, 0x10008095, 0x0, 0x0)

1.373364611s ago: executing program 1 (id=2688):
mkdirat(0xffffffffffffff9c, &(0x7f0000000400)='./file0\x00', 0x1e0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20000008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff})
connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000340)=0x6)
ioctl$vim2m_VIDIOC_S_CTRL(0xffffffffffffffff, 0xc008561c, 0x0)
r2 = socket$rds(0x15, 0x5, 0x0)
bind$rds(r2, 0x0, 0x0)
r3 = socket$netlink(0x10, 0x3, 0xc)
bind$netlink(r3, &(0x7f0000000340)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc)
setsockopt$netlink_NETLINK_BROADCAST_ERROR(r3, 0x10e, 0x4, &(0x7f0000000140)=0x6, 0x4)
setsockopt$sock_int(r3, 0x1, 0x8, &(0x7f0000000200), 0x4)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r4, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000006c0)={0x94, 0x0, 0x1, 0x401, 0x0, 0x0, {0xa}, [@CTA_TUPLE_ORIG={0x44, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @local}, {0x14, 0x4, @mcast1}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}, @CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x1}]}, @CTA_TUPLE_REPLY={0x3c, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @local}, {0x14, 0x4, @local}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}]}, 0x94}}, 0x0)
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_DELETE(r4, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000640)={0x14, 0x2, 0x1, 0x5, 0x0, 0x0, {0x2, 0x0, 0x8}}, 0x14}, 0x1, 0x0, 0x0, 0x20044804}, 0x40040)
sendmsg$IPCTNL_MSG_CT_GET_DYING(r5, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000005c0)={0x14, 0x6, 0x1, 0x301, 0x0, 0x0, {0xa, 0x0, 0x4}}, 0x14}, 0x1, 0x0, 0x0, 0x2404c031}, 0x20000000)
r6 = socket$inet6_sctp(0xa, 0x1, 0x84)
getsockopt$inet_sctp6_SCTP_STATUS(r6, 0x84, 0xe, 0x0, &(0x7f0000000180))
bind$inet6(0xffffffffffffffff, &(0x7f0000001300)={0xa, 0x0, 0x0, @dev, 0x6}, 0x1c)

1.37313724s ago: executing program 4 (id=2689):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000002c0)={0x14, 0x40, 0x107, 0xfffffffe, 0x0, {0x1, 0x7c}}, 0x14}}, 0xc000)
sendmsg(r0, &(0x7f0000000740)={0x0, 0x0, &(0x7f0000000300)=[{&(0x7f0000000640)="3013f93f6a23826aeaa571d88a1fc628ec108a5ce411744d4e3ae79c5374eb3bdc7564d840b7d870c0da80f54b31a033a88be722054380d976", 0x39}, {&(0x7f00000006c0)="ac5bf07dfbe37df362733fa6e33fcfe007a76905029bf5f167a7418ebe47895ee8a38f7c4ae25d6ae91633bc0b5bcd5572d067fa7af73dfb4605ec2b21cbe0ca844c8033fe927cd5f154695e5c65c966e80d4a08ff27a975d2ae54226a99d873d2ad6297b9", 0x65}], 0x2, &(0x7f0000003240)=ANY=[], 0xe10}, 0x40000)
r1 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r1, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-camellia-asm\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, &(0x7f0000000280)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18)
r2 = accept4(r1, 0x0, 0x0, 0x800)
sendmmsg$alg(r2, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0xfffffe3f}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048"}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343ef4674c45e2a085060f11"}], 0x1, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800)
recvmsg(r2, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{0x0}, {&(0x7f0000000200)=""/83, 0x53}], 0x2}, 0x0)
r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000013c0)={'wlan1\x00', <r4=>0x0})
sendmsg$NL80211_CMD_FRAME(r0, &(0x7f0000001380)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000dc0)=ANY=[@ANYBLOB="f4060000", @ANYRES16=r3, @ANYBLOB="01000000000000e14f003b00000008000300", @ANYRES32=r4, @ANYBLOB="d50633008000009effffffffffff080211000001"], 0x6f4}}, 0x0)

1.249735615s ago: executing program 4 (id=2690):
r0 = syz_open_dev$loop(&(0x7f0000000140), 0x75f, 0xa382)
r1 = socket$inet(0xa, 0x801, 0x84)
ioctl$LOOP_CHANGE_FD(r0, 0x4c06, r1) (fail_nth: 2)

1.220406967s ago: executing program 0 (id=2691):
r0 = syz_init_net_socket$bt_hidp(0x1f, 0x3, 0x6)
r1 = syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x0)
connect$bt_l2cap(r1, &(0x7f0000000080)={0x1f, 0x0, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}, 0x7ff}, 0xe)
ioctl$sock_bt_hidp_HIDPCONNADD(r0, 0x400448c8, &(0x7f0000000180)={r1, r1, 0x3, 0x2, &(0x7f0000000000)="f481", 0x9, 0xb, 0x10cf, 0x5508, 0xc336, 0x1, 0xb, 'syz1\x00'}) (fail_nth: 2)

1.054602864s ago: executing program 4 (id=2692):
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bind$bt_hci(r0, &(0x7f0000000080)={0x1f, 0xffff, 0x3}, 0x6)
write(r0, &(0x7f0000000000)="180000000100f4", 0x7)

1.044818186s ago: executing program 4 (id=2693):
ioctl$KVM_SET_XSAVE(0xffffffffffffffff, 0x5000aea5, &(0x7f0000000140)={[0xbfb, 0x80, 0xfffffff9, 0x2, 0x42100000, 0x48, 0x8, 0x8, 0x400, 0x7, 0x1000, 0x10001, 0x47, 0x15b, 0x2, 0x3, 0x1000, 0x5, 0x8c49, 0x9, 0x5, 0x3, 0x7ff, 0x101, 0x0, 0xe, 0x7, 0x6, 0x4, 0x6, 0x400, 0x0, 0x1, 0x9, 0xff, 0x9ebd, 0x8, 0x9d, 0x0, 0xffffffff, 0x2, 0x9, 0xff, 0x5, 0x7, 0x4, 0x2, 0x5, 0xcde, 0x88e, 0x2, 0x3, 0x8b, 0x3, 0x1, 0x8, 0x1000, 0x72, 0x6, 0x4, 0x4, 0x5, 0x53e, 0x4, 0x5, 0x7, 0x10001, 0x2, 0x7, 0xe6, 0xc25, 0x7245, 0x0, 0xb2, 0x579, 0x5, 0x7, 0x0, 0x0, 0xee1, 0x7fffffff, 0x1, 0x3, 0x71, 0x8, 0x3, 0x5, 0x7e, 0x1, 0x9, 0x4, 0x9, 0xb84, 0x6, 0x5, 0x2, 0x1, 0x8, 0x100, 0xb8, 0xe, 0x10, 0xfff, 0x7, 0x5, 0x2, 0x6, 0x10, 0xfffffff9, 0x2e8, 0x8c, 0x1, 0xfffffffd, 0x1, 0x6, 0xb9, 0x7, 0x9, 0x7, 0x8, 0xffffff3e, 0x9, 0x80, 0x10, 0xb6, 0xe0, 0xc, 0x40, 0x4606, 0x7f, 0x6, 0x1ff, 0x1, 0x7fffffff, 0x5, 0x1, 0x22, 0x2, 0x0, 0x5, 0x20, 0x8, 0x4, 0xffffffd8, 0x7f, 0xf, 0x1, 0x3, 0x6, 0x14, 0x4fd, 0xe41, 0x34a, 0x4, 0xd, 0x8, 0x6, 0x101, 0x7, 0xe, 0x8, 0x6, 0x7f, 0x1000, 0xd, 0xfff, 0x9, 0xffff, 0x4, 0x7e8a, 0x1, 0x4, 0x2, 0xd7, 0x9, 0x8, 0x467, 0x2, 0x1f, 0x3, 0x1, 0xd24, 0x9, 0x7, 0x7ff, 0x8, 0x26, 0x9, 0xffffffff, 0x22a, 0x0, 0x4, 0x6, 0x8, 0x6, 0x7fff, 0x9c8, 0x8, 0x4, 0x1, 0x81, 0x6, 0x80, 0x187, 0x7, 0x3, 0x0, 0x1, 0x4, 0xffff, 0x4, 0x4, 0x1000, 0x9, 0x3ff, 0x1, 0x0, 0x3fc3130a, 0xffffffff, 0x80000001, 0x1000, 0x5e2, 0x9, 0xc5, 0x3, 0x4, 0x3, 0x4, 0x7, 0x80000001, 0x4, 0x8, 0x40, 0x9, 0x0, 0x9, 0x2, 0x517b, 0x1000, 0x4000000, 0x1ff, 0x952, 0x8, 0x18902681, 0x6, 0x4, 0x1, 0x4, 0xfff, 0x5bc00000, 0x10001, 0x7fffffff, 0x3, 0x6, 0x1830348, 0xd8fe, 0x113b, 0x8, 0x2, 0x95, 0x49d, 0xfffffff5, 0xffffff8a, 0x2, 0x0, 0x8, 0x8000, 0x8, 0x80000001, 0x7, 0x1, 0x8, 0x9f, 0x2, 0x5, 0x6, 0x8, 0x1, 0x7, 0x4, 0x7, 0x3, 0x6, 0x1, 0x71c, 0x2b7, 0x1, 0x8, 0xd, 0x3, 0xf7, 0x7ff, 0x1000, 0x6, 0xeeee, 0x2, 0x8, 0x3, 0x9, 0xe12b, 0x6, 0x80000000, 0xffffffc0, 0x3, 0x800, 0x7, 0xf66, 0xb, 0xed, 0x550c78e9, 0x9, 0x8c, 0x2b, 0x101, 0x6, 0x9, 0x7, 0x6d0, 0x5, 0x3, 0x1, 0xcfeb, 0x4, 0x35, 0x0, 0xffffff7f, 0x6, 0x7b17, 0x40, 0x3, 0x8, 0x1ff, 0xfffffffa, 0x4b6, 0x5, 0x0, 0x0, 0x1, 0x7ff, 0x4, 0x101, 0x81, 0x0, 0x81, 0x6, 0x4, 0x4, 0xa, 0x400, 0x4, 0x100, 0x40, 0x3, 0x7fffffff, 0x4, 0x3, 0x3, 0x0, 0x6, 0xffffffff, 0x6, 0x0, 0x3ff, 0x6, 0x4, 0x8, 0x9, 0x80, 0x9b1, 0x3, 0x8, 0x8, 0x1, 0x9, 0x5, 0xf, 0x1, 0x8, 0xd41, 0x3, 0x9, 0x80, 0x3, 0x7, 0x8, 0x9, 0x77bb, 0x190c, 0x8, 0x6, 0x9, 0x0, 0x5, 0x100, 0xc, 0xffff, 0xa9f9, 0x2, 0x1000, 0x6, 0xad, 0x26bb, 0x2, 0x1, 0x6, 0xf1, 0xfffffe01, 0x5, 0x2, 0x5, 0x7, 0x2492, 0xb, 0x3, 0x5, 0x448f, 0xc0e, 0x8, 0xc, 0xfffffffa, 0x1, 0x7, 0x9, 0x5, 0x4, 0x0, 0xfffffff6, 0x10, 0x1, 0x7, 0xe2a, 0x9, 0x300, 0x6, 0x4, 0xad9, 0x0, 0x6, 0x8000, 0x4, 0x4, 0x8, 0x100, 0x5, 0x7, 0xc7, 0x6, 0x708c, 0x1, 0x8, 0x10, 0x6, 0x2fce5e40, 0xe3c, 0x7, 0x0, 0x3, 0xc, 0x95c, 0x1000, 0x1000, 0x4, 0x6, 0x3, 0x7ff, 0x400, 0x4, 0x6b000000, 0xfffffff8, 0x4c, 0x0, 0x7b8, 0x2, 0x401, 0x1, 0x1, 0x4, 0x9, 0xada, 0x46dc, 0x0, 0x1, 0x0, 0x0, 0x2, 0x7, 0xf1, 0x6, 0x4, 0x81, 0x9097, 0x1000, 0x54c, 0x8, 0x5, 0x7fffffff, 0xab, 0x0, 0xfffff1c4, 0x5, 0x80ea, 0x1, 0x49e49dc4, 0x2, 0x1, 0x1, 0x9, 0x8, 0x7879321b, 0x3, 0x1000004, 0x5, 0xfffffffc, 0x2, 0x331, 0x1, 0x1e72, 0xffffffff, 0x0, 0x3, 0x8, 0x3, 0x4, 0x100, 0x7, 0x100, 0xb23, 0x80000000, 0xff, 0x3, 0x9, 0x3, 0x40, 0xfffffffe, 0x3, 0x9, 0x5, 0x5, 0x7, 0x3, 0x100, 0x5, 0x4, 0x0, 0x7, 0x1000, 0x10000, 0x7, 0x1, 0x8, 0x3, 0x3, 0x8, 0x2, 0x7, 0x8001, 0xb, 0x98c6, 0x7, 0xb719, 0x6, 0x7, 0x2, 0xfffffffb, 0x81, 0x6, 0x7, 0x2, 0x6, 0x10000, 0xb, 0x7, 0x7fff, 0x2, 0x7fffffff, 0x8001, 0x1, 0x5, 0x1, 0x8001, 0x0, 0x6fd5, 0x0, 0x80000000, 0x4, 0x1, 0x101, 0x903, 0xb, 0x3ff, 0x3, 0x80000001, 0x3, 0xffffff80, 0x277a, 0x7f, 0x1, 0x6, 0x9, 0x937, 0x4, 0x8, 0x2, 0xfffffff7, 0x84d, 0x8, 0x7, 0x8000, 0x401, 0x3, 0x0, 0x6, 0xd, 0x5, 0x9, 0x1, 0x6, 0xffff, 0x4, 0x1, 0x8, 0xfffffff7, 0xd366, 0xff, 0xfffff735, 0x0, 0x4, 0x9, 0x5, 0x6, 0x9, 0xfffffff8, 0x100, 0x10, 0x9, 0x8000, 0x3a, 0xf, 0x7, 0x2, 0xf, 0x1, 0x8001, 0x3, 0x4, 0x2, 0x1, 0x7, 0x9, 0x3, 0x6, 0x4, 0x8d, 0x2, 0x1cf, 0x6, 0x594b80b4, 0x200, 0xffff, 0x8, 0x5, 0xffffffff, 0xd, 0x7fffffff, 0x7, 0x7, 0x3, 0x8, 0x6, 0x9, 0x7, 0xce95, 0x82, 0x401, 0x5d1f, 0x4, 0x81, 0x4, 0x9, 0x0, 0x5, 0x9, 0x0, 0xa, 0xffff, 0x1f, 0x5, 0x1, 0x0, 0x0, 0x166c, 0x6, 0xff, 0x1, 0x8b, 0xffffffff, 0x0, 0x9, 0x2, 0x1, 0x200, 0x65, 0x7, 0xffffffff, 0x1ff, 0x7, 0x2, 0x8, 0x0, 0xfffffffb, 0x9, 0xffff, 0x8000, 0x80000001, 0x27e, 0x8001, 0x800, 0x9, 0x43, 0x400c, 0x0, 0x0, 0x8, 0x81, 0x4, 0xb4c, 0x10000, 0x862, 0x2, 0xbf2a, 0x0, 0x7, 0x3, 0xfffffff9, 0x3ff, 0x6, 0x91, 0x0, 0x3, 0xe36, 0x7, 0x0, 0x8, 0x9, 0x8, 0x7, 0xf, 0x6, 0x9, 0xd, 0xf, 0x0, 0x5, 0x9, 0x7f, 0x3, 0x7, 0x9, 0x2, 0x1ff, 0x4eb6, 0xff, 0x8, 0xfffffeff, 0xf8000000, 0xf19, 0x8000, 0x6, 0xcf, 0x4, 0x59, 0x0, 0x0, 0x80000001, 0x8, 0x6, 0x101, 0xff, 0xffffff81, 0x9, 0xd6e0, 0xddc5, 0x9, 0x0, 0x8, 0x7, 0xfff, 0x7f, 0xfffffffc, 0xfff, 0x8, 0x4, 0x9, 0xac9e, 0xa39, 0x8, 0x9, 0xdc, 0x2, 0x8, 0xfffff800, 0x3, 0x7, 0x4, 0x7, 0x6, 0x2, 0x10000, 0x5, 0x77c1, 0x7, 0x7, 0x10001, 0x4, 0x5, 0x6, 0x77, 0x399, 0x70, 0x8, 0x8000, 0x6, 0x6, 0x1, 0xfffffffe, 0x5, 0x1, 0xa, 0x0, 0x5, 0x3, 0x7fffffff, 0x4, 0x7, 0x3, 0x3, 0x3, 0x9, 0x3c, 0x0, 0x9, 0x9, 0x10000, 0xd, 0xffffffff, 0x0, 0x7f, 0x200, 0x8, 0x40000, 0x2, 0x6, 0x21, 0x3, 0x3, 0x8, 0x0, 0x7b, 0x23, 0x1, 0x2, 0x9, 0x1, 0x3, 0xdb5, 0x0, 0x4, 0x10001, 0x6, 0x4, 0x616f5d1a, 0x3, 0x3, 0x8, 0x1c, 0x3, 0x1, 0x0, 0x1, 0x2, 0x5, 0xeee, 0xee80, 0x18f, 0xfffffffc, 0xb79a, 0x7, 0xfffffffb, 0x2, 0x5, 0x9, 0x27, 0x9, 0x87dc, 0xa, 0x80000001, 0xfffffffe, 0x4, 0x8, 0x101, 0x754e2025, 0xa, 0xd, 0x6, 0xd, 0x8, 0xfffffffb, 0x7, 0x5, 0xc6d, 0x2, 0x4, 0xe29, 0x7, 0x7, 0x79f0, 0x800, 0x5, 0x7, 0x7fb, 0x5, 0xce2, 0x1000, 0xe7, 0x800, 0x1000, 0x9, 0x9, 0x6, 0x9, 0x2, 0x8000, 0x100, 0x70a0, 0x0, 0x585a, 0xe12a, 0x0, 0x81, 0x7, 0x60e3, 0x510a4007, 0x4, 0x0, 0x4, 0x8001, 0x400, 0x4, 0x277e, 0x9, 0x81, 0x6, 0x2, 0xa1, 0x8, 0xa, 0x5, 0x0, 0xffffff80, 0x200, 0x4c34, 0x6, 0x1, 0xfffffff0, 0x3, 0x1769ef05, 0x9, 0xc, 0x62d, 0x476d0137, 0x76, 0x4, 0xffffffff, 0x5, 0xfff, 0x9, 0xf9, 0xb0, 0x400, 0x4, 0x8, 0x3, 0x88, 0x4, 0xc, 0x65a, 0x7, 0x5, 0x2, 0xffffffff, 0x3, 0x8005, 0x100000, 0x1000, 0xfffff801, 0x3, 0x7, 0x8, 0x10000, 0x5, 0x6, 0x8, 0xeb1, 0x1ff, 0x52e, 0x4, 0x8, 0x3, 0x0, 0xfffff1f7, 0xfffffffe, 0x8000, 0x1, 0xf0, 0x79, 0x0, 0xffff, 0x1, 0x9, 0xa6, 0xff, 0x1000000, 0x7fff, 0x8]})
r0 = openat$tun(0xffffffffffffff9c, &(0x7f00000001c0), 0xa2f01, 0x0)
r1 = openat$drirender128(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$DRM_IOCTL_SYNCOBJ_RESET(r1, 0xc01064c4, &(0x7f0000000140)={0x0})
r2 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000004002, 0x0)
r3 = dup(r2)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xa, 0x13, r3, 0x5000)
r4 = openat$dsp(0xffffffffffffff9c, &(0x7f00000003c0), 0x101a02, 0x0)
ioctl$SNDCTL_DSP_SETFRAGMENT(r4, 0xc004500a, &(0x7f0000000080))
ioctl$SNDCTL_DSP_SETTRIGGER(r4, 0x40045010, &(0x7f0000000040))
writev(r4, &(0x7f0000000000)=[{&(0x7f0000000680)="3751f02b82f73ccfc7c431617753f5732f765c975ebce8947e5388c4ff26fa3893119fd147a1576d9456136ab5f15493d175754e4b666e989869d01d418adc376ca22d8077c1b54bea92b5977a41d70ebcc4735ce6c012a5fe5ab7fef98e864216699a25d70e26103e294b7894b34a794bc14a2edfdc6978c0c97bcb02de69264d", 0x81}], 0x1)
close(r4)
prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000180)={&(0x7f0000ffa000/0x3000)=nil, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000ff9000/0x1000)=nil, &(0x7f0000ffa000/0x1000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ff8000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ff8000/0x7000)=nil, &(0x7f0000ffb000/0x3000)=nil, 0x0}, 0x68)
r5 = syz_open_procfs(0x0, &(0x7f0000000100)='numa_maps\x00')
read$FUSE(r5, &(0x7f00000095c0)={0x2020}, 0x2020)
ioctl$AUTOFS_DEV_IOCTL_SETPIPEFD(r3, 0xc0189378, &(0x7f0000000000)={{0x1, 0x1, 0x18, r3, {<r6=>r3}}, './file0\x00'})
ioctl$IMCLEAR_L2(r3, 0x80044946, &(0x7f0000000080)=0x80000001)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x6bf1c2d5adba8c32})
r7 = socket$inet6_tcp(0xa, 0x1, 0x0)
r8 = dup(r7)
ioctl$SIOCSIFHWADDR(r8, 0x8914, &(0x7f0000000040)={'syzkaller1\x00', @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x2}})
write$tun(r0, &(0x7f0000000280)=ANY=[@ANYBLOB], 0x42)
ioctl$SNDRV_CTL_IOCTL_ELEM_READ(r6, 0xc4c85512, &(0x7f0000001140)={{0x3, 0x3, 0xec4, 0x0, 'syz0\x00', 0x4800000}, 0x0, [0x9, 0x6, 0x0, 0xffffffffffffffff, 0x10, 0x4, 0x10001, 0x7fffffffffffffff, 0x7c, 0x3, 0x80000000, 0x0, 0xff, 0x6, 0x1, 0xffffffffffffff62, 0x5, 0xffffffffffffff00, 0xffffffffffffffff, 0x5, 0x1, 0x0, 0x7fff, 0x0, 0xe2, 0xffffffffffff55e7, 0x101, 0x0, 0x5, 0x1, 0x2, 0x10, 0x0, 0x0, 0xf1a2, 0x7, 0x8, 0x3f19, 0x6, 0x10001, 0x9, 0x100000001, 0xffffffffffffffff, 0x2, 0x9, 0x4, 0xffffffff7fffffff, 0x67, 0x4, 0x9, 0x1, 0xfffffffffffffffd, 0xffffffffffff8000, 0x8000000000000000, 0x0, 0x4, 0x6, 0x400, 0xfff, 0x7, 0x7, 0x7, 0xdc09, 0x180000000000, 0x2, 0xfffffffffffffffa, 0x7, 0xc, 0x7fffffffffffffff, 0x8, 0x6, 0x7, 0xb6a, 0x0, 0x1, 0x684, 0x7ff, 0x101, 0xbb, 0x4, 0x8, 0x6, 0x5, 0x80000000, 0x9, 0x10001, 0x581949cf, 0x9, 0x1, 0x80000000, 0x6a58, 0x0, 0x0, 0x2, 0xfffffffffffffda5, 0xdd6, 0x0, 0xff9, 0x8, 0x5, 0x6, 0x6, 0xf, 0x5, 0xf810, 0x2, 0xffffffffffffff2f, 0x7ff, 0xffff, 0xfffffffffffffffa, 0x1, 0x4, 0xc, 0x9c, 0xd52, 0x80000001, 0x86e, 0x6, 0x7, 0xa8a, 0x5, 0x2, 0x0, 0x6, 0x2, 0x8000000000000000, 0x5, 0x1dacbff4]})

804.438336ms ago: executing program 0 (id=2694):
r0 = syz_open_dev$loop(&(0x7f0000000140), 0x75f, 0xa382)
r1 = memfd_create(&(0x7f0000000880)='C\x13\xfc2\x95WD\xaa\xba^\x90\xfd\x8d\xc2\xb1[\x81\xda\xda\xd6\x8c\xc99\xec\x0e*||\xe4\xb3\xc4\xb6\v\xaa\x15\x86,\xac\x8d\x89cu\x10\xdc\x93\x9b\xb4\x93\xafE*:\xe4\xdd\xa5\xa75\xb8\x1e;7\xb7.V\xdcrw[\r\x98\x93j\x9c\xf6\xf8\x99\xefF_\xcd\xdf!b\xc5\xec\ntb\xff\b\xaaF?!\x9f\a\x1a\x03\f\xe94\x1deU\x06zS\xc90\xb9voI\xa5/\xb4\xa7@\xa1\\B\xc2@\r_b\x9a\xeb\b\x81\x00V\xd6/N\xc5\xc6f\xb1\x95Z\xe5w^\xd8\xe7J\x80\xf7\xae\xafuv\x84\x9eG\xd1\xe7\x9b\xf0_9\xc2\x9b\xfd\xc3\xf3\xe4\x95P\xf1m\xcf\xc2\xe1\xe6\xa6\x8c\x11\xfb\xb8S\x8b\x92\\\asW-Ee\x02\x00\x00\x00\xd0;Q\xc1~\x89\xec\xc8\x9b\x88\a\xf2\x93\x82(\x8b\x00\xd8\xb4T\x80\x95\x93\x9c5\xcf\t\x04\x00\x00\x00\x00\x00\x00v\xef\xee+\xab\x9c\x00^R\xb2n?i=\xbe\x16\x8a\xbf\xe3\xcdB\xed\xe14\xe8\xd0\xb7\xff\xfeQ\x1c\x85n8\x1b\xc1\b\x00\x00\x00\x00\x00\x00\x00\x17\x94\xdfW<GE\xf1\xe9\xf1q\x8c\xf0\xae\x98\x8c\xe0\xc1g}\xaeW\xaa\xa1\x90\x8c\n$\xa6\xbb\x10\xaf\xc7~\x11\x03<v\xe9\xc7K\xf6]\x11)u\xd3\x15\x01}\xe25$\xb0\x86v\x80\r\x9c\xb8\xe6\xd3(\xa0G2s\xa9&\xb3QU~u\x13\x05kKp\xa6&\x8eu\x1d\xb2\xa9!\xc9\xfa\xd0dG5\xcbf<}r\xab\x9c\xd9f6iN\xaa>\x92z\xbe\xb2R)\xf1K\xd7\xaf\x99\xf6d\xe8\xec\xb7\xbd+T3\xa6\xa9\xfaY-1qs\x82\xefn*\x96\xc9\x1e\xf4\xd1\x02Dt\xc0\x19\xf7\x89\x96.D [F\xeeYW\x95\x13\xc7;\x94\x13^\x13\xaf\xf0C\x9c\xabf\x1daCS2\x02\xb0\xef\xc7\x8c\x9e\xed\a\n<V\xaa\xbfZ1\xa82\x85\x99\x0e\xba\xb9H\xe8\x96\x94\xd7\xdc\x81\x111\t\xafl\x97\xd8T\xd40\x90ON\xaaFY\xb4\xb3\xf4\xf8JT\xc5:\xc5\aGc\xb5\x12\x90\x7f\x00\x91\xce@\xe5\xd3A\xcc\xd5|\x9f\x8e5\x042\x9a\xc1\xa1\a\xb7\xf5\xbc,\xd1\xd3k8\xc5\x00'/557, 0x1)
pwritev(r1, &(0x7f00000000c0)=[{&(0x7f0000000180)}], 0x1, 0x800000, 0x0)
ioctl$LOOP_CHANGE_FD(r0, 0x4c00, r1)

614.54372ms ago: executing program 0 (id=2695):
r0 = socket$igmp6(0xa, 0x3, 0x2)
getsockopt$inet6_int(r0, 0x29, 0x4b, 0x0, &(0x7f0000000100))
r1 = syz_usb_connect$sierra_net(0x0, 0x3f, &(0x7f0000000080)={{0x12, 0x1, 0x200, 0xff, 0xff, 0xff, 0x40, 0x1199, 0x68a3, 0x0, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x2d, 0x1, 0x1, 0x0, 0x80, 0xfa, "", {{0x9, 0x4, 0x7, 0x0, 0x3, 0xff, 0x0, 0x0, 0x0, "", {{0x9, 0x5, 0x7, 0x2, 0x40, 0x2, 0x1b, 0xfe}, {0x9, 0x5, 0x7, 0x2, 0x200, 0xc, 0x77, 0x3}, {0x9, 0x5, 0x9, 0x3, 0x20, 0x0, 0xfd, 0x32}}}}}}]}}, 0x0)
syz_usb_control_io$sierra_net(r1, 0x0, 0x0)
r2 = socket$xdp(0x2c, 0x3, 0x0)
getsockopt$XDP_STATISTICS(r2, 0x11b, 0x7, 0x0, &(0x7f0000000040)=0xffffffffffffff67)
r3 = syz_usb_connect$cdc_ecm(0x6, 0x75, &(0x7f0000000140)={{0x12, 0x1, 0x300, 0x2, 0x0, 0x0, 0x20, 0x525, 0xa4a1, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x63, 0x1, 0x1, 0x7, 0x10, 0x6, "", [{{0x9, 0x4, 0x0, 0x0, 0x3, 0x2, 0x6, 0x0, 0x0, {{0x8, 0x24, 0x6, 0x0, 0x0, "ddad38"}, {0x5, 0x24, 0x0, 0x7}, {0xd, 0x24, 0xf, 0x1, 0xf, 0xa, 0x0, 0xa}, [@mdlm={0x15, 0x24, 0x12, 0x3}, @dmm={0x7, 0x24, 0x14, 0x5, 0x2}]}, {[{{0x9, 0x5, 0x81, 0x3, 0x20, 0xd2, 0xb, 0x3}}], {{0x9, 0x5, 0x82, 0x2, 0x40, 0x2, 0x0, 0x9}}, {{0x9, 0x5, 0x3, 0x2, 0x0, 0xbc, 0x1, 0x9}}}}}]}}]}}, &(0x7f00000005c0)={0xa, &(0x7f0000000040)={0xa, 0x6, 0x110, 0x2, 0x82, 0x3, 0x10, 0x87}, 0x10, &(0x7f00000000c0)={0x5, 0xf, 0x10, 0x1, [@wireless={0xb, 0x10, 0x1, 0x2, 0xc4, 0x2, 0x1, 0x8, 0x4}]}, 0x7, [{0x4, &(0x7f00000001c0)=@lang_id={0x4, 0x3, 0x340a}}, {0x4, &(0x7f0000000200)=@lang_id={0x4, 0x3, 0x401}}, {0x4, &(0x7f0000000240)=@lang_id={0x4, 0x3, 0x419}}, {0x4, &(0x7f0000000280)=@lang_id={0x4, 0x3, 0x440a}}, {0xd4, &(0x7f0000000340)=@string={0xd4, 0x3, "19601f3abf5bb0595e939c63a2e21a155a0113ffb4b70056a490ee22629acb007d82b311a05b29580ab292776a100a3e7b3449907eba02792e18e30034f594e9d9b7a33d3012b459aa0661fe4f0723f634da57e32ad6344023b7e44f5621ad4b0c40791660f243ae7b0b8ee6bb76acf5577106ac59210964a8df4283cedd389f5a69099ece6e1f6efeac2eca9c624d9bd9c484d71e834bc1316295f0546b180665d160fd693c4cb0783b5c3b880575c8e0c7f355a9b8d6a3ad30f0860b52d66cf374ab94f31fc14ab258b4ee1c1a841032c7"}}, {0xe9, &(0x7f0000000440)=@string={0xe9, 0x3, "fe6074bd154aae9c351040efe2366266b0a3c9d61e39f908bc70b636f6801dcb8263c5e720df8a02cf36f250e24a27da4c45b9ad4afd470c5f3a4d6681a20d3aa8e853ec5183933d3533c8783d3aad32956ede19ffc5935b7e4eefe14af1e268b784370100d367afa971e6057f7aa0de13f68167872430c1d6ed8a481e6f648e506638263a32ff5ca2ef4ec109cf46551e0c345372aa00ff73ec4141629fa2e13a3600111de0bcc9eaed4ba0dad055d966c11c85741fd9d25b23bbb2cd677c7ba7ee5462451cbf470b30ac8f0dd00e9a2989a79f32ce39e58f7b081846067a82bd661c5a21bf5d"}}, {0x66, &(0x7f0000000540)=@string={0x66, 0x3, "33bd55a1277b6df53f70fefef2bf6b4811b8ff7cb07a1abc577c6af4f4cb6c4fbd3a2118e817e6abbcff7938b4d5b370445cb89bea064432741373d9224b5cee66de359560838fca6a3d53e0459c4a461054d014642ba9924cf7809fa2f0632e0f2f1715"}}]})
syz_usb_control_io$cdc_ecm(r3, &(0x7f00000006c0)={0x14, &(0x7f0000000640)={0x0, 0x21, 0x66, {0x66, 0x23, "eb5aa00559ca205a5fd930d4ff805a7a8c62daa09a4c5bc586da94d1b288c3f13e39d417fad2dedaef4ea982ddca14e8aff9d58add151a71fdf062c1be8646acc39c2275d545cb00f16ef55202facc3a44e9938887f1c60866229531598a575295d9ff85"}}, &(0x7f00000002c0)={0x0, 0x3, 0x1a, {0x1a}}}, &(0x7f00000007c0)={0x1c, &(0x7f0000000700)={0x0, 0xe, 0xd, "b6609423e23d3f0b047338a643"}, &(0x7f0000000740)={0x0, 0xa, 0x1, 0x4}, &(0x7f0000000780)={0x0, 0x8, 0x1, 0x7}})
r4 = socket$inet(0x2, 0x2, 0x0)
setsockopt$IP_VS_SO_SET_ZERO(r4, 0x0, 0x48f, &(0x7f0000000000)={0x3a, @broadcast, 0x4e23, 0x0, 'lc\x00', 0x2e, 0xfc, 0x5a}, 0x2c)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xc, &(0x7f0000000000)={0x2, &(0x7f0000000300)=[{0x2, 0x4, 0x20, 0xd}, {0x6, 0x1, 0x6, 0x5}]})

544.909028ms ago: executing program 4 (id=2696):
r0 = socket$inet(0x2, 0x4000000000000001, 0x0)
setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f00000004c0)=0x79, 0x4)
bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @multicast1}, 0x10)
setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000000)={0x1, &(0x7f0000000280)=[{0x6, 0xfa, 0x0, 0xe4}]}, 0x10)
sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10)
setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000100)='bbr', 0x3)
sendmmsg$inet(r0, &(0x7f0000001240)=[{{0x0, 0x0, &(0x7f0000001dc0)}}, {{0x0, 0x0, &(0x7f00000005c0)=[{&(0x7f0000000b80)="f77d2b5dd5f7d74f0748cf3d2cf218d644566a14103b1c7dd35fd2951bd022f10f2dc7f4ce0d8ac5f4abaca4b97b706153756913b7dd48248b5bfb10460019248bf238743fa2aeb5bef21ce832db670920dc5e911ef2ad63e849901d1001129dbacbfd4924d7545517fd18b5d29978f32a5b5c81755cb89cc0490958ba3211eb99df5cdbbc0f9c941aaa1495893dada02d8188acd26b5afd7476413f322c8f79de769debb56343f3eded2dca93ed6641", 0xb0}, {&(0x7f0000000d00)="31cef842d9c50636f60fc0cfdac56c75f1687f0c56287423f5eed69f117e766bdbad0c2171ad6227e1173ab6efa2fcb1c420a51a0917861009000000f049c606ccab7cda1f0e3490fbe385ea382294882839a22674037b8910bd8a1420e33eb1be6f10cfb24eb7cccdf1528ef33b34ab07cdb0909a9ba9547e1e343b451d9025c4e153612d4674b9411fb4de295599abbcb388d291aa839ab0954e6a8dfc19c3c1533a11d81e03a4879bd736f1caacc2bbf1194598a652677efb930a5b6ee292c57402e0cc07a9a2", 0xc8}, {&(0x7f0000001300)="e0cda6472d1ccfb4d1d46bf348a3b7ff9e5b6b3e30ef2266c86a085e37271763c50968fe2e2eb13b9472381bade936f9a85e26aac6ebd21115f086751d870434cf07dbd92e0ea2322f163473dad24cffe6d23ffa95b04a2653e8a7c9ab042ea1b0bf4bde850bc9f6147f1a48e86e", 0x6e}], 0x3}}, {{0x0, 0x0, &(0x7f0000000a00)=[{&(0x7f0000000640)='B', 0x1}], 0x1}}], 0x3, 0x2090)
setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000000600)=0xdfa, 0x4)
sendto$inet(r0, &(0x7f0000000580)="17", 0x59a, 0x10008095, 0x0, 0x0)

490.503864ms ago: executing program 1 (id=2697):
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040), 0x20200, 0x0)
ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000080)={0x0, 0x10, 0x572, 0x200800, 0x17, "ff000d00009a468e0cd912098d00"})
r1 = syz_open_pts(r0, 0x0)
ioctl$TIOCSTI(r1, 0x5412, &(0x7f0000000000)=0x13)
ioctl$TIOCSTI(r1, 0x5412, &(0x7f00000000c0))
r2 = socket$pppoe(0x18, 0x1, 0x0)
connect$pppoe(r2, &(0x7f0000000100)={0x18, 0x0, {0x11ff, @broadcast, 'bond_slave_1\x00'}}, 0x1e)
r3 = socket$kcm(0x10, 0x2, 0x0)
r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000002300), 0x101000, 0x0)
r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r5, 0xae60)
ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x0)
ioctl$KVM_IRQ_LINE_STATUS(r5, 0xc008ae67, &(0x7f0000002080)={0x0, 0xe17})
sendmsg$kcm(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000300)=[{&(0x7f0000000040)="2e00000010008108040f80ecdb4cb92e0a480e000f000000e8bd6efb250314000e000100240248ff050005001200", 0x2e}], 0x1}, 0x40880)
connect$pppoe(r2, &(0x7f00000000c0)={0x18, 0x0, {0x1, @random="97f6b71d917f", 'erspan0\x00'}}, 0x1e)
r6 = syz_open_dev$vim2m(&(0x7f00000014c0), 0x7, 0x2)
ioctl$vim2m_VIDIOC_CREATE_BUFS(r6, 0xc100565c, &(0x7f0000000140)={0x0, 0x2000bb22, 0x2, {0x1, @win={{0x5, 0xd, 0x5f7, 0x2}, 0x8, 0x9, 0x0, 0xc, 0x0, 0xa}}, 0x6})
r7 = syz_open_dev$vbi(&(0x7f0000000000), 0x0, 0x2)
r8 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_rx_ring(r8, 0x107, 0x5, &(0x7f0000000000)=@req3={0x1000, 0x3a, 0x1000, 0x3a}, 0x1c)
setsockopt$packet_int(r8, 0x107, 0xf, &(0x7f0000000180)=0xa, 0x4)
ioctl$VIDIOC_SUBDEV_QUERY_DV_TIMINGS(r7, 0x80845663, &(0x7f00000004c0))
ioctl$TCSETA(r1, 0x5406, 0x0)
ioctl$TIOCSTI(r1, 0x5412, &(0x7f0000000340)=0x9)

413.707758ms ago: executing program 4 (id=2698):
unshare(0x6a040000)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3, 0x8031, 0xffffffffffffffff, 0x0)
r0 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x26e1, 0x0)
close(r0)
socket$netlink(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$devlink(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$DEVLINK_CMD_GET(r0, &(0x7f0000000940)={0x0, 0x0, &(0x7f0000000900)={&(0x7f0000000800)={0x14, r1, 0xc2699618ba151721, 0x70bd2a, 0x25dfdbfc}, 0x14}, 0x1, 0x0, 0x0, 0x48880}, 0x20000010)

257.998331ms ago: executing program 1 (id=2699):
setsockopt$netlink_NETLINK_TX_RING(0xffffffffffffffff, 0x10e, 0xc, &(0x7f00000001c0)={0x3ffe, 0x10001}, 0x10)
madvise(&(0x7f0000a93000/0x4000)=nil, 0x4000, 0xe)
r0 = open$dir(&(0x7f0000000000)='./file0\x00', 0x80, 0x8)
r1 = syz_open_dev$mouse(&(0x7f0000000080), 0x7, 0x141000)
move_mount(r0, &(0x7f0000000040)='./file0\x00', r1, &(0x7f00000000c0)='./file0\x00', 0x10)
mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil)
mlock(&(0x7f0000000000/0x800000)=nil, 0x800000)
mbind(&(0x7f0000001000/0x800000)=nil, 0x800000, 0x0, 0x0, 0x0, 0x2)

0s ago: executing program 3 (id=2700):
mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0xfffffffffffffffe, 0x4031, 0xffffffffffffffff, 0x0)
r0 = userfaultfd(0x80001)
ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000000000))
ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000000140)={{&(0x7f00000e2000/0xc00000)=nil, 0xc00000}, 0x4})
ioctl$UFFDIO_COPY(r0, 0xc028aa03, &(0x7f0000000180)={&(0x7f0000778000/0x2000)=nil, &(0x7f0000800000/0x800000)=nil, 0x2000, 0x3, 0x6040000})
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x300000a, 0x4031, 0xffffffffffffffff, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600722, 0x19)
r1 = userfaultfd(0x80001)
r2 = syz_open_dev$vim2m(&(0x7f0000000580), 0x0, 0x2)
ioctl$vim2m_VIDIOC_S_FMT(r2, 0xc0d05605, &(0x7f0000000000)={0x2, @pix={0x0, 0x0, 0x59455247}})
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f00000000c0))
r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000180)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r3, 0xc018620c, &(0x7f0000000640)={0x0, 0x0, &(0x7f00000004c0), 0x0, 0x0, 0x0})
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000000100)={{&(0x7f00000e2000/0xc00000)=nil, 0xc00000}, 0x1})
ioctl$UFFDIO_REGISTER(r1, 0xc020aa07, &(0x7f0000000080)={{&(0x7f00000e2000/0xc00000)=nil, 0xc00000}, 0x1, 0x2})

kernel console output (not intermixed with test programs):

539130][ T7234] fuse: Bad value for 'fd'
[  163.441840][ T7306] fuse: Bad value for 'fd'
[  163.679231][ T7317] netlink: 20 bytes leftover after parsing attributes in process `syz.1.581'.
[  163.744963][ T7318] netlink: 8 bytes leftover after parsing attributes in process `syz.1.581'.
[  163.953047][ T5837] Bluetooth: min 0 < 6
[  164.029393][ T7330] fuse: Bad value for 'fd'
[  165.234547][ T7354] fuse: Bad value for 'fd'
[  165.241992][ T5837] Bluetooth: min 0 < 6
[  165.462977][ T7367] netlink: 4 bytes leftover after parsing attributes in process `syz.3.603'.
[  165.966484][ T5837] Bluetooth: hci2: command tx timeout
[  167.269191][ T7405] fuse: Bad value for 'fd'
[  167.326138][ T5837] Bluetooth: hci1: command tx timeout
[  168.760206][ T7431] fuse: Bad value for 'fd'
[  172.893184][ T7547] netlink: 64 bytes leftover after parsing attributes in process `syz.2.678'.
[  172.930319][ T7550] siw: device registration error -23
[  173.558750][ T7568] netlink: 28 bytes leftover after parsing attributes in process `syz.2.689'.
[  174.359724][ T7595] netlink: 212408 bytes leftover after parsing attributes in process `syz.3.702'.
[  175.258860][ T7624] siw: device registration error -23
[  176.018737][ T7646] siw: device registration error -23
[  176.059942][ T7648] netlink: 60 bytes leftover after parsing attributes in process `syz.0.727'.
[  176.684169][ T7669] netlink: 60 bytes leftover after parsing attributes in process `syz.2.736'.
[  176.991020][ T7685] siw: device registration error -23
[  177.388793][ T7708] siw: device registration error -23
[  177.634534][ T7717] netlink: 212408 bytes leftover after parsing attributes in process `syz.0.757'.
[  177.891040][ T7733] netlink: 60 bytes leftover after parsing attributes in process `syz.2.765'.
[  178.290295][ T7746] netlink: 212408 bytes leftover after parsing attributes in process `syz.2.770'.
[  178.417086][ T7753] netlink: 60 bytes leftover after parsing attributes in process `syz.0.774'.
[  178.933728][ T7777] netlink: 60 bytes leftover after parsing attributes in process `syz.1.786'.
[  179.022770][ T7781] netlink: 212408 bytes leftover after parsing attributes in process `syz.1.788'.
[  179.210824][ T7789] netlink: 12 bytes leftover after parsing attributes in process `syz.2.792'.
[  179.619608][ T7799] netlink: 60 bytes leftover after parsing attributes in process `syz.3.795'.
[  179.877593][ T7803] netlink: 140 bytes leftover after parsing attributes in process `syz.3.797'.
[  180.341223][ T7817] netlink: 60 bytes leftover after parsing attributes in process `syz.3.804'.
[  180.914293][ T7838] netlink: 60 bytes leftover after parsing attributes in process `syz.2.814'.
[  181.438156][ T7854] netlink: 140 bytes leftover after parsing attributes in process `syz.3.821'.
[  188.291593][ T8007] __nla_validate_parse: 2 callbacks suppressed
[  188.291617][ T8007] netlink: 140 bytes leftover after parsing attributes in process `syz.3.886'.
[  189.259307][ T8054] netlink: 212408 bytes leftover after parsing attributes in process `syz.1.907'.
[  190.903429][ T8092] netlink: 140 bytes leftover after parsing attributes in process `syz.1.921'.
[  192.412729][ T8118] netlink: 140 bytes leftover after parsing attributes in process `syz.2.931'.
[  192.659986][ T8130] netlink: 8 bytes leftover after parsing attributes in process `syz.3.936'.
[  192.669055][ T8130] netlink: 8 bytes leftover after parsing attributes in process `syz.3.936'.
[  192.681717][ T8130] netlink: 8 bytes leftover after parsing attributes in process `syz.3.936'.
[  193.914067][ T8158] netlink: 212408 bytes leftover after parsing attributes in process `syz.1.950'.
[  194.540223][ T1309] ieee802154 phy0 wpan0: encryption failed: -22
[  194.551519][ T1309] ieee802154 phy1 wpan1: encryption failed: -22
[  196.135545][ T8214] netlink: 212408 bytes leftover after parsing attributes in process `syz.1.975'.
[  196.818167][ T8238] netlink: 212408 bytes leftover after parsing attributes in process `syz.3.986'.
[  197.100864][ T8245] bond0: entered promiscuous mode
[  197.115986][ T8245] bond_slave_0: entered promiscuous mode
[  197.121974][ T8245] bond_slave_1: entered promiscuous mode
[  198.162741][ T8280] netlink: 212408 bytes leftover after parsing attributes in process `syz.1.1005'.
[  199.023328][ T8300] netlink: 212408 bytes leftover after parsing attributes in process `syz.2.1014'.
[  199.386866][ T8316] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1022'.
[  199.714591][ T8328] netlink: 'syz.2.1027': attribute type 7 has an invalid length.
[  199.734454][ T8328] : entered promiscuous mode
[  199.748278][ T8328] netlink: 1047 bytes leftover after parsing attributes in process `syz.2.1027'.
[  199.758458][ T8328] bridge: RTM_NEWNEIGH with invalid state 0x1
[  199.802316][ T8330] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1028'.
[  200.283992][ T8347] netlink: 212408 bytes leftover after parsing attributes in process `syz.0.1034'.
[  200.775515][ T8369] bond0: entered promiscuous mode
[  200.783305][ T8369] bond_slave_0: entered promiscuous mode
[  200.789627][ T8369] bond_slave_1: entered promiscuous mode
[  202.429009][ T8419] bond0: entered promiscuous mode
[  202.441620][ T8419] bond_slave_0: entered promiscuous mode
[  202.450736][ T8419] bond_slave_1: entered promiscuous mode
[  203.894762][ T8476] netlink: 80 bytes leftover after parsing attributes in process `syz.2.1093'.
[  204.015306][ T8483] netlink: 212408 bytes leftover after parsing attributes in process `syz.1.1096'.
[  204.441530][ T8508] netlink: 212408 bytes leftover after parsing attributes in process `syz.2.1108'.
[  204.734282][ T8522] netlink: 'syz.3.1114': attribute type 1 has an invalid length.
[  204.907430][ T8530] netlink: 'syz.2.1118': attribute type 1 has an invalid length.
[  205.456868][ T8554] overlayfs: upper fs does not support tmpfile.
[  205.633570][ T8563] netlink: 212408 bytes leftover after parsing attributes in process `syz.0.1133'.
[  205.831175][ T8574] netlink: 140 bytes leftover after parsing attributes in process `syz.0.1138'.
[  206.081225][ T8588] netlink: 212408 bytes leftover after parsing attributes in process `syz.0.1144'.
[  206.091375][ T8587] netlink: 'syz.1.1145': attribute type 1 has an invalid length.
[  206.326456][ T8599] netlink: 'syz.3.1149': attribute type 10 has an invalid length.
[  206.334504][ T8599] netlink: 55 bytes leftover after parsing attributes in process `syz.3.1149'.
[  206.708333][ T8613] netlink: 80 bytes leftover after parsing attributes in process `syz.2.1156'.
[  207.239887][ T8636] netlink: 'syz.3.1167': attribute type 1 has an invalid length.
[  207.945341][ T5837] Bluetooth: hci3: unexpected subevent 0x0e length: 30 > 15
[  207.954827][ T5837] Bluetooth: hci3: Unable to find connection for dst 5a:6d:a1:1b:b6:c3 sid 0x52
[  208.041329][ T8663] netlink: 'syz.3.1177': attribute type 1 has an invalid length.
[  208.155445][ T8666] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1179'.
[  208.164898][ T8666] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1179'.
[  209.692697][ T8737] netlink: 'syz.3.1212': attribute type 1 has an invalid length.
[  210.209641][ T8754] netlink: 'syz.3.1219': attribute type 9 has an invalid length.
[  210.235969][ T8754] netlink: 'syz.3.1219': attribute type 11 has an invalid length.
[  210.254197][ T8754] netlink: 'syz.3.1219': attribute type 12 has an invalid length.
[  210.273024][ T8758] netlink: 'syz.1.1221': attribute type 1 has an invalid length.
[  210.276893][ T8754] netlink: 210020 bytes leftover after parsing attributes in process `syz.3.1219'.
[  210.326316][ T8754] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1219'.
[  210.388503][ T8761] overlayfs: failed to clone upperpath
[  210.472272][ T8766] netlink: 'syz.1.1224': attribute type 1 has an invalid length.
[  211.155526][ T8783] netlink: 'syz.1.1232': attribute type 1 has an invalid length.
[  211.203365][ T8785] netlink: 'syz.3.1233': attribute type 1 has an invalid length.
[  211.268611][ T8788] netlink: 'syz.0.1234': attribute type 9 has an invalid length.
[  211.291561][ T8788] netlink: 'syz.0.1234': attribute type 11 has an invalid length.
[  211.320329][ T8788] netlink: 'syz.0.1234': attribute type 12 has an invalid length.
[  211.362704][ T8788] netlink: 210020 bytes leftover after parsing attributes in process `syz.0.1234'.
[  211.397339][ T8788] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1234'.
[  211.743477][ T8815] overlayfs: failed to clone upperpath
[  211.973422][ T5152] Bluetooth: hci3: command 0x0406 tx timeout
[  211.979584][   T52] Bluetooth: hci1: command 0x0406 tx timeout
[  211.983873][ T8746] Bluetooth: hci2: command 0x0406 tx timeout
[  211.988652][ T5152] Bluetooth: hci0: command 0x0406 tx timeout
[  212.024933][ T8831] netlink: 80 bytes leftover after parsing attributes in process `syz.2.1254'.
[  214.185940][ T8905] bond0: entered promiscuous mode
[  214.194419][ T8905] bond_slave_0: entered promiscuous mode
[  214.204641][ T8905] bond_slave_1: entered promiscuous mode
[  215.362744][ T8972] validate_nla: 6 callbacks suppressed
[  215.362766][ T8972] netlink: 'syz.0.1317': attribute type 1 has an invalid length.
[  218.557133][ T9072] netlink: 'syz.3.1364': attribute type 1 has an invalid length.
[  218.604397][ T9074] netlink: 'syz.3.1365': attribute type 1 has an invalid length.
[  218.805313][ T9082] netlink: 80 bytes leftover after parsing attributes in process `syz.1.1369'.
[  218.934528][ T9088] netlink: 'syz.2.1372': attribute type 1 has an invalid length.
[  219.024009][ T9092] netlink: 'syz.2.1374': attribute type 1 has an invalid length.
[  219.228912][ T9101] 9p: Bad value for 'wfdno'
[  219.349583][ T9108] netlink: 'syz.1.1382': attribute type 1 has an invalid length.
[  219.360457][ T9109] netlink: 'syz.0.1381': attribute type 1 has an invalid length.
[  219.441099][ T9113] rdma_rxe: rxe_newlink: rxe creation allowed on top of a real device only
[  219.481873][ T9115] netlink: 'syz.3.1385': attribute type 1 has an invalid length.
[  219.597643][ T9121] overlayfs: failed to clone upperpath
[  219.824325][ T9134] netlink: 'syz.0.1394': attribute type 1 has an invalid length.
[  219.973650][ T9142] netlink: 'syz.0.1398': attribute type 1 has an invalid length.
[  220.432599][ T9160] validate_nla: 2 callbacks suppressed
[  220.432622][ T9160] netlink: 'syz.1.1407': attribute type 1 has an invalid length.
[  220.671998][ T9175] netlink: 'syz.3.1413': attribute type 1 has an invalid length.
[  220.882212][ T9187] netlink: 'syz.3.1421': attribute type 1 has an invalid length.
[  221.200884][ T9201] lo speed is unknown, defaulting to 1000
[  221.609207][ T9224] netlink: 'syz.2.1437': attribute type 1 has an invalid length.
[  222.094864][ T9246] netlink: 'syz.3.1448': attribute type 1 has an invalid length.
[  222.632132][ T9270] netlink: 'syz.0.1459': attribute type 1 has an invalid length.
[  223.132391][ T5837] Bluetooth: Frame is too long (len 18, expected len 4)
[  223.951513][ T9337] netlink: 'syz.0.1487': attribute type 1 has an invalid length.
[  224.359344][ T9360] netlink: 'syz.1.1496': attribute type 1 has an invalid length.
[  224.483969][ T9365] netlink: 'syz.3.1498': attribute type 1 has an invalid length.
[  224.853129][ T9385] netlink: 'syz.0.1508': attribute type 1 has an invalid length.
[  225.538086][ T9422] netlink: 'syz.2.1518': attribute type 1 has an invalid length.
[  225.801354][ T9400] netlink: 277 bytes leftover after parsing attributes in process `syz.0.1512'.
[  226.313777][ T9457] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list
[  226.718973][ T9474] netlink: 'syz.2.1540': attribute type 10 has an invalid length.
[  226.914651][ T9486] af_packet: tpacket_rcv: packet too big, clamped from 32 to 4294967272. macoff=96
[  228.583569][ T9533] netlink: 'syz.1.1568': attribute type 4 has an invalid length.
[  228.601587][ T9533] netlink: 'syz.1.1568': attribute type 4 has an invalid length.
[  229.461112][ T9566] raw_sendmsg: syz.2.1584 forgot to set AF_INET. Fix it!
[  230.111102][ T9579] netlink: 'syz.2.1590': attribute type 12 has an invalid length.
[  230.120002][ T9579] netlink: 172 bytes leftover after parsing attributes in process `syz.2.1590'.
[  230.632783][ T9596] netlink: 24 bytes leftover after parsing attributes in process `syz.0.1598'.
[  231.259230][ T9615] netlink: 'syz.3.1605': attribute type 1 has an invalid length.
[  231.499122][ T9625] netlink: 60 bytes leftover after parsing attributes in process `syz.0.1610'.
[  232.144775][ T9658] netlink: 'syz.0.1621': attribute type 1 has an invalid length.
[  232.200778][ T9662] netlink: 96 bytes leftover after parsing attributes in process `syz.3.1622'.
[  232.363298][ T9671] netlink: 'syz.1.1626': attribute type 1 has an invalid length.
[  232.624050][   T30] kauditd_printk_skb: 1 callbacks suppressed
[  232.624072][   T30] audit: type=1326 audit(1773463428.226:13): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9682 comm="syz.1.1631" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fae42d9c799 code=0x0
[  232.962553][ T9693] netlink: 96 bytes leftover after parsing attributes in process `syz.0.1635'.
[  233.267703][ T9701] netlink: 'syz.3.1639': attribute type 1 has an invalid length.
[  233.445010][ T9705] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1641'.
[  233.667157][ T9705] nbd: socks must be embedded in a SOCK_ITEM attr
[  233.691007][ T9707] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1641'.
[  233.707916][ T9714] block nbd64: NBD_DISCONNECT
[  233.737337][ T9707] nbd: device at index 64 is going down
[  234.001268][ T9713] udevd[9713]: inotify_add_watch(7, /dev/nbd64, 10) failed: No such file or directory
[  234.037865][ T9728] netlink: 'syz.3.1648': attribute type 1 has an invalid length.
[  234.094886][ T9731] netlink: 88 bytes leftover after parsing attributes in process `syz.0.1649'.
[  234.521923][ T9747] netlink: 'syz.2.1655': attribute type 1 has an invalid length.
[  234.662315][ T9755] netlink: 88 bytes leftover after parsing attributes in process `syz.3.1660'.
[  235.112228][ T9778] netlink: 'syz.3.1670': attribute type 1 has an invalid length.
[  235.422468][ T9799] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1679'.
[  235.720533][ T9808] netlink: 'syz.0.1683': attribute type 1 has an invalid length.
[  236.140688][ T9831] netlink: 40 bytes leftover after parsing attributes in process `syz.2.1692'.
[  236.254742][ T9836] netlink: 'syz.3.1694': attribute type 1 has an invalid length.
[  236.522287][ T9850] fuse: Bad value for 'fd'
[  236.633599][ T9856] netlink: 'syz.0.1704': attribute type 1 has an invalid length.
[  236.801514][ T9864] netlink: 'syz.0.1708': attribute type 1 has an invalid length.
[  237.132012][ T9876] netlink: 'syz.2.1713': attribute type 1 has an invalid length.
[  237.202833][ T5837] Bluetooth: hci2: unexpected event for opcode 0x080f
[  237.376215][ T9885] netlink: 'syz.3.1717': attribute type 1 has an invalid length.
[  237.798817][ T9905] netlink: 20 bytes leftover after parsing attributes in process `syz.2.1725'.
[  238.240535][ T9917] capability: warning: `syz.0.1731' uses 32-bit capabilities (legacy support in use)
[  238.647655][ T9935] netlink: 212408 bytes leftover after parsing attributes in process `syz.2.1740'.
[  239.961204][ T9981] netlink: 52 bytes leftover after parsing attributes in process `syz.1.1763'.
[  240.153757][ T9990] netlink: 'syz.1.1767': attribute type 46 has an invalid length.
[  240.200321][ T9994] netlink: 212408 bytes leftover after parsing attributes in process `syz.3.1769'.
[  240.323620][T10001] netlink: 40 bytes leftover after parsing attributes in process `syz.3.1772'.
[  241.203898][T10021] netlink: 40 bytes leftover after parsing attributes in process `syz.3.1781'.
[  241.247672][ T5837] Bluetooth: hci2: Controller not accepting commands anymore: ncmd = 0
[  241.256400][ T5837] Bluetooth: hci2: Injecting HCI hardware error event
[  241.265067][ T5837] Bluetooth: hci2: hardware error 0x00
[  241.572828][T10032] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1785'.
[  241.588961][T10032] netlink: 60 bytes leftover after parsing attributes in process `syz.3.1785'.
[  241.616978][T10032] netlink: 60 bytes leftover after parsing attributes in process `syz.3.1785'.
[  242.111580][T10043] netlink: 80 bytes leftover after parsing attributes in process `syz.3.1792'.
[  243.251001][T10092] __nla_validate_parse: 2 callbacks suppressed
[  243.251022][T10092] netlink: 36 bytes leftover after parsing attributes in process `syz.0.1812'.
[  243.326046][ T5837] Bluetooth: hci2: Opcode 0x0c03 failed: -110
[  243.447719][T10102] netlink: 1047 bytes leftover after parsing attributes in process `syz.2.1817'.
[  243.476740][T10102] bridge: RTM_NEWNEIGH with invalid state 0x1
[  244.192113][T10117] netlink: 36 bytes leftover after parsing attributes in process `syz.2.1824'.
[  244.368882][T10125] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1828'.
[  244.446820][T10127] netlink: 'syz.2.1829': attribute type 1 has an invalid length.
[  244.817589][T10148] netlink: 'syz.1.1839': attribute type 1 has an invalid length.
[  244.947740][T10154] netlink: 80 bytes leftover after parsing attributes in process `syz.1.1842'.
[  245.189219][T10166] netlink: 'syz.1.1848': attribute type 1 has an invalid length.
[  245.321103][T10172] netlink: 80 bytes leftover after parsing attributes in process `syz.1.1851'.
[  245.475281][T10182] trusted_key: encrypted_key: insufficient parameters specified
[  245.951574][T10189] netlink: 'syz.3.1859': attribute type 1 has an invalid length.
[  246.092247][T10195] netlink: 80 bytes leftover after parsing attributes in process `syz.2.1862'.
[  246.341252][T10207] netlink: 'syz.1.1868': attribute type 1 has an invalid length.
[  246.933862][T10222] netlink: 80 bytes leftover after parsing attributes in process `syz.1.1872'.
[  247.022513][T10224] netlink: 'syz.1.1877': attribute type 1 has an invalid length.
[  247.371566][T10244] netlink: 80 bytes leftover after parsing attributes in process `syz.2.1885'.
[  247.451456][T10248] netlink: 'syz.2.1887': attribute type 1 has an invalid length.
[  247.784967][T10262] netlink: 'syz.3.1894': attribute type 1 has an invalid length.
[  247.854471][T10267] netlink: 'syz.1.1896': attribute type 1 has an invalid length.
[  248.736165][T10306] netlink: 'syz.0.1914': attribute type 1 has an invalid length.
[  248.992912][T10318] netlink: 80 bytes leftover after parsing attributes in process `syz.2.1919'.
[  249.594727][T10339] validate_nla: 1 callbacks suppressed
[  249.594749][T10339] netlink: 'syz.1.1927': attribute type 1 has an invalid length.
[  249.643435][T10342] netlink: 'syz.0.1929': attribute type 1 has an invalid length.
[  249.800673][T10351] netlink: 'syz.2.1933': attribute type 1 has an invalid length.
[  250.067146][T10366] netlink: 'syz.3.1940': attribute type 1 has an invalid length.
[  250.078749][T10368] netlink: 'syz.2.1941': attribute type 1 has an invalid length.
[  250.321204][T10380] netlink: 'syz.3.1947': attribute type 1 has an invalid length.
[  250.407309][T10382] netlink: 80 bytes leftover after parsing attributes in process `syz.3.1948'.
[  250.529413][T10386] netlink: 'syz.3.1950': attribute type 1 has an invalid length.
[  250.594494][T10389] netlink: 'syz.1.1951': attribute type 1 has an invalid length.
[  250.840469][T10402] netlink: 'syz.0.1956': attribute type 1 has an invalid length.
[  250.859611][T10406] netlink: 80 bytes leftover after parsing attributes in process `syz.1.1958'.
[  250.980210][T10410] netlink: 'syz.1.1960': attribute type 1 has an invalid length.
[  251.947089][T10467] netlink: 80 bytes leftover after parsing attributes in process `syz.2.1986'.
[  252.510060][T10492] netlink: 80 bytes leftover after parsing attributes in process `syz.0.1996'.
[  252.889061][T10515] netlink: 80 bytes leftover after parsing attributes in process `syz.3.2006'.
[  253.338346][    C1] IPv4: Oversized IP packet from 172.20.20.24
[  253.504481][T10543] netlink: 80 bytes leftover after parsing attributes in process `syz.0.2015'.
[  253.937636][T10566] netlink: 14 bytes leftover after parsing attributes in process `syz.3.2027'.
[  253.955702][T10566] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  253.973939][T10566] bond_slave_0: left promiscuous mode
[  254.005471][T10566] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  254.035162][T10566] bond_slave_1: left promiscuous mode
[  254.048623][T10566] bond0 (unregistering): Released all slaves
[  254.076447][T10567] warning: `syz.3.2027' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211
[  255.591994][T10608] capability: warning: `syz.3.2044' uses deprecated v2 capabilities in a way that may be insecure
[  255.605272][T10608] validate_nla: 2 callbacks suppressed
[  255.605284][T10608] netlink: 'syz.3.2044': attribute type 1 has an invalid length.
[  255.618896][T10608] netlink: 304 bytes leftover after parsing attributes in process `syz.3.2044'.
[  255.671969][T10608] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  255.760091][T10608] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  255.843284][T10608] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  255.972979][ T1309] ieee802154 phy0 wpan0: encryption failed: -22
[  255.983531][ T1309] ieee802154 phy1 wpan1: encryption failed: -22
[  256.005226][T10608] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  256.303497][ T3474] netdevsim netdevsim3 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[  256.332290][ T6707] netdevsim netdevsim3 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[  256.362954][ T6707] netdevsim netdevsim3 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[  256.390886][   T49] netdevsim netdevsim3 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[  258.766700][T10693] netlink: 28 bytes leftover after parsing attributes in process `syz.3.2079'.
[  258.878436][T10697] fuse: Bad value for 'fd'
[  259.206578][T10712] netlink: 28 bytes leftover after parsing attributes in process `syz.1.2088'.
[  259.620118][ T5833] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[  259.632724][ T5833] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[  259.641961][ T5833] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[  259.650511][ T5833] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[  259.663010][ T5833] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[  259.781593][T10719] lo speed is unknown, defaulting to 1000
[  260.180020][T10719] chnl_net:caif_netlink_parms(): no params data found
[  260.247473][T10732] netlink: 80 bytes leftover after parsing attributes in process `syz.1.2095'.
[  260.333657][T10736] netlink: 28 bytes leftover after parsing attributes in process `syz.1.2097'.
[  260.477188][T10719] bridge0: port 1(bridge_slave_0) entered blocking state
[  260.486886][T10719] bridge0: port 1(bridge_slave_0) entered disabled state
[  260.494635][T10719] bridge_slave_0: entered allmulticast mode
[  260.504783][T10719] bridge_slave_0: entered promiscuous mode
[  260.515181][T10719] bridge0: port 2(bridge_slave_1) entered blocking state
[  260.525161][T10719] bridge0: port 2(bridge_slave_1) entered disabled state
[  260.533098][T10719] bridge_slave_1: entered allmulticast mode
[  260.542979][T10719] bridge_slave_1: entered promiscuous mode
[  260.600152][T10719] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  260.613519][T10719] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  260.650494][T10719] team0: Port device team_slave_0 added
[  260.659438][T10719] team0: Port device team_slave_1 added
[  260.693150][T10719] batman_adv: batadv0: Adding interface: batadv_slave_0
[  260.700179][T10719] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  260.726669][T10719] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  260.746174][T10719] batman_adv: batadv0: Adding interface: batadv_slave_1
[  260.753414][T10719] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  260.782262][T10719] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  260.819718][   T49] netdevsim netdevsim3 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  260.893233][T10719] hsr_slave_0: entered promiscuous mode
[  260.900593][T10719] hsr_slave_1: entered promiscuous mode
[  260.908307][T10719] debugfs: 'hsr0' already exists in 'hsr'
[  260.914082][T10719] Cannot create hsr debugfs directory
[  260.941397][   T49] netdevsim netdevsim3 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  261.020009][   T49] netdevsim netdevsim3 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  261.160007][   T49] netdevsim netdevsim3 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  261.369263][   T49] bridge_slave_1: left allmulticast mode
[  261.386342][   T49] bridge_slave_1: left promiscuous mode
[  261.395536][   T49] bridge0: port 2(bridge_slave_1) entered disabled state
[  261.416944][   T49] bridge_slave_0: left allmulticast mode
[  261.422662][   T49] bridge_slave_0: left promiscuous mode
[  261.435314][   T49] bridge0: port 1(bridge_slave_0) entered disabled state
[  261.632909][T10760] netlink: 80 bytes leftover after parsing attributes in process `syz.0.2104'.
[  261.730356][ T5837] Bluetooth: hci4: command tx timeout
[  262.539223][   T49] hsr_slave_0: left promiscuous mode
[  262.559230][   T49] hsr_slave_1: left promiscuous mode
[  262.581587][   T49] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  262.589369][   T49] batman_adv: batadv0: Removing interface: batadv_slave_0
[  262.607548][   T49] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  262.627729][   T49] batman_adv: batadv0: Removing interface: batadv_slave_1
[  262.676878][   T49] veth1_macvtap: left promiscuous mode
[  262.684414][   T49] veth0_macvtap: left promiscuous mode
[  262.982230][T10797] netlink: 80 bytes leftover after parsing attributes in process `syz.0.2112'.
[  263.131087][   T49] team0 (unregistering): Port device team_slave_1 removed
[  263.150058][   T49] team0 (unregistering): Port device team_slave_0 removed
[  263.469244][T10719] netdevsim netdevsim3 netdevsim0: renamed from eth0
[  263.500361][T10719] netdevsim netdevsim3 netdevsim1: renamed from eth1
[  263.521216][T10719] netdevsim netdevsim3 netdevsim2: renamed from eth2
[  263.539319][T10719] netdevsim netdevsim3 netdevsim3: renamed from eth3
[  263.787010][T10719] 8021q: adding VLAN 0 to HW filter on device bond0
[  263.806719][ T5837] Bluetooth: hci4: command tx timeout
[  263.820221][T10719] 8021q: adding VLAN 0 to HW filter on device team0
[  263.834399][   T12] bridge0: port 1(bridge_slave_0) entered blocking state
[  263.842159][   T12] bridge0: port 1(bridge_slave_0) entered forwarding state
[  263.864526][   T12] bridge0: port 2(bridge_slave_1) entered blocking state
[  263.871935][   T12] bridge0: port 2(bridge_slave_1) entered forwarding state
[  264.111714][T10719] 8021q: adding VLAN 0 to HW filter on device batadv0
[  264.170363][T10719] veth0_vlan: entered promiscuous mode
[  264.185304][T10719] veth1_vlan: entered promiscuous mode
[  264.227691][T10719] veth0_macvtap: entered promiscuous mode
[  264.240788][T10719] veth1_macvtap: entered promiscuous mode
[  264.274732][T10719] batman_adv: batadv0: Interface activated: batadv_slave_0
[  264.300102][T10719] batman_adv: batadv0: Interface activated: batadv_slave_1
[  264.333111][ T6707] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  264.351050][ T6707] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  264.369346][ T6707] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  264.381343][ T6707] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  264.429462][T10826] netlink: 80 bytes leftover after parsing attributes in process `syz.0.2120'.
[  264.525727][   T49] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  264.544524][   T49] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  264.608135][   T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  264.625045][   T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  264.916701][T10844] netlink: 80 bytes leftover after parsing attributes in process `syz.1.2128'.
[  265.206041][ T5834] usb 4-1: new high-speed USB device number 5 using dummy_hcd
[  265.366068][ T5834] usb 4-1: Using ep0 maxpacket: 16
[  265.374996][ T5834] usb 4-1: config 0 has an invalid interface number: 105 but max is 0
[  265.384166][ T5834] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  265.394721][ T5834] usb 4-1: config 0 has no interface number 0
[  265.406402][ T5834] usb 4-1: New USB device found, idVendor=046d, idProduct=08f3, bcdDevice= b.28
[  265.421318][ T5834] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  265.430059][ T5834] usb 4-1: Product: syz
[  265.434347][ T5834] usb 4-1: Manufacturer: syz
[  265.440375][ T5834] usb 4-1: SerialNumber: syz
[  265.450079][ T5834] usb 4-1: config 0 descriptor??
[  265.461122][ T5834] uvcvideo 4-1:0.105: Found UVC 0.00 device syz (046d:08f3)
[  265.469285][ T5834] uvcvideo 4-1:0.105: No valid video chain found.
[  265.686551][ T5834] usb 4-1: USB disconnect, device number 5
[  265.828528][ T5837] Bluetooth: hci0: unexpected event for opcode 0x0c05
[  265.885934][ T5837] Bluetooth: hci4: command tx timeout
[  266.283375][T10875] FAULT_INJECTION: forcing a failure.
[  266.283375][T10875] name failslab, interval 1, probability 0, space 0, times 1
[  266.299981][T10875] CPU: 1 UID: 0 PID: 10875 Comm: syz.3.2140 Not tainted syzkaller #0 PREEMPT(full) 
[  266.300002][T10875] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[  266.300009][T10875] Call Trace:
[  266.300014][T10875]  <TASK>
[  266.300019][T10875]  dump_stack_lvl+0xe8/0x150
[  266.300043][T10875]  should_fail_ex+0x412/0x560
[  266.300059][T10875]  should_failslab+0xa8/0x100
[  266.300073][T10875]  __kmalloc_noprof+0xe8/0x760
[  266.300092][T10875]  ? tomoyo_realpath_from_path+0xe3/0x5d0
[  266.300114][T10875]  tomoyo_realpath_from_path+0xe3/0x5d0
[  266.300137][T10875]  ? tomoyo_path_number_perm+0x219/0x630
[  266.300152][T10875]  tomoyo_path_number_perm+0x246/0x630
[  266.300169][T10875]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  266.300185][T10875]  ? __lock_acquire+0x6b5/0x2cf0
[  266.300209][T10875]  ? __mutex_unlock_slowpath+0x1bd/0x7d0
[  266.300247][T10875]  ? __fget_files+0x2a/0x420
[  266.300275][T10875]  ? __fget_files+0x2a/0x420
[  266.300298][T10875]  ? __fget_files+0x3a0/0x420
[  266.300321][T10875]  ? __fget_files+0x2a/0x420
[  266.300340][T10875]  security_file_ioctl+0xc3/0x2a0
[  266.300356][T10875]  __se_sys_ioctl+0x47/0x170
[  266.300369][T10875]  do_syscall_64+0x14d/0xf80
[  266.300380][T10875]  ? trace_irq_disable+0x3b/0x150
[  266.300394][T10875]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  266.300406][T10875]  ? clear_bhb_loop+0x40/0x90
[  266.300420][T10875]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  266.300432][T10875] RIP: 0033:0x7f761bb9c799
[  266.300444][T10875] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  266.300455][T10875] RSP: 002b:00007f7619df6028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  266.300470][T10875] RAX: ffffffffffffffda RBX: 00007f761be15fa0 RCX: 00007f761bb9c799
[  266.300478][T10875] RDX: 0000000000000004 RSI: 0000000000004c06 RDI: 0000000000000003
[  266.300485][T10875] RBP: 00007f7619df6090 R08: 0000000000000000 R09: 0000000000000000
[  266.300492][T10875] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  266.300499][T10875] R13: 00007f761be16038 R14: 00007f761be15fa0 R15: 00007ffdac54c508
[  266.300517][T10875]  </TASK>
[  266.300522][T10875] ERROR: Out of memory at tomoyo_realpath_from_path.
[  266.765464][T10889] FAULT_INJECTION: forcing a failure.
[  266.765464][T10889] name fail_usercopy, interval 1, probability 0, space 0, times 1
[  266.779802][T10889] CPU: 1 UID: 0 PID: 10889 Comm: syz.3.2147 Not tainted syzkaller #0 PREEMPT(full) 
[  266.779831][T10889] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[  266.779842][T10889] Call Trace:
[  266.779850][T10889]  <TASK>
[  266.779859][T10889]  dump_stack_lvl+0xe8/0x150
[  266.779905][T10889]  should_fail_ex+0x412/0x560
[  266.779933][T10889]  _copy_from_user+0x2d/0xb0
[  266.779958][T10889]  ___sys_sendmsg+0x1c6/0x360
[  266.779984][T10889]  ? __pfx____sys_sendmsg+0x10/0x10
[  266.780042][T10889]  ? __fget_files+0x2a/0x420
[  266.780069][T10889]  ? __fget_files+0x3a0/0x420
[  266.780106][T10889]  __x64_sys_sendmsg+0x1bd/0x2a0
[  266.780130][T10889]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  266.780160][T10889]  ? __pfx_ksys_write+0x10/0x10
[  266.780193][T10889]  do_syscall_64+0x14d/0xf80
[  266.780217][T10889]  ? trace_irq_disable+0x3b/0x150
[  266.780240][T10889]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  266.780260][T10889]  ? clear_bhb_loop+0x40/0x90
[  266.780284][T10889]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  266.780302][T10889] RIP: 0033:0x7f761bb9c799
[  266.780322][T10889] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  266.780338][T10889] RSP: 002b:00007f7619df6028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  266.780361][T10889] RAX: ffffffffffffffda RBX: 00007f761be15fa0 RCX: 00007f761bb9c799
[  266.780375][T10889] RDX: 0000000020040040 RSI: 0000200000000500 RDI: 0000000000000003
[  266.780388][T10889] RBP: 00007f7619df6090 R08: 0000000000000000 R09: 0000000000000000
[  266.780400][T10889] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  266.780411][T10889] R13: 00007f761be16038 R14: 00007f761be15fa0 R15: 00007ffdac54c508
[  266.780443][T10889]  </TASK>
[  267.024131][T10895] FAULT_INJECTION: forcing a failure.
[  267.024131][T10895] name failslab, interval 1, probability 0, space 0, times 0
[  267.037904][T10895] CPU: 0 UID: 0 PID: 10895 Comm: syz.3.2150 Not tainted syzkaller #0 PREEMPT(full) 
[  267.037933][T10895] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[  267.037944][T10895] Call Trace:
[  267.037953][T10895]  <TASK>
[  267.037961][T10895]  dump_stack_lvl+0xe8/0x150
[  267.037996][T10895]  should_fail_ex+0x412/0x560
[  267.038022][T10895]  should_failslab+0xa8/0x100
[  267.038044][T10895]  __kmalloc_noprof+0xe8/0x760
[  267.038074][T10895]  ? tomoyo_realpath_from_path+0xe3/0x5d0
[  267.038109][T10895]  tomoyo_realpath_from_path+0xe3/0x5d0
[  267.038150][T10895]  ? tomoyo_path_number_perm+0x219/0x630
[  267.038176][T10895]  tomoyo_path_number_perm+0x246/0x630
[  267.038204][T10895]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  267.038233][T10895]  ? __lock_acquire+0x6b5/0x2cf0
[  267.038276][T10895]  ? __mutex_unlock_slowpath+0x1bd/0x7d0
[  267.038318][T10895]  ? __fget_files+0x2a/0x420
[  267.038348][T10895]  ? __fget_files+0x2a/0x420
[  267.038373][T10895]  ? __fget_files+0x3a0/0x420
[  267.038395][T10895]  ? __fget_files+0x2a/0x420
[  267.038425][T10895]  security_file_ioctl+0xc3/0x2a0
[  267.038451][T10895]  __se_sys_ioctl+0x47/0x170
[  267.038473][T10895]  do_syscall_64+0x14d/0xf80
[  267.038490][T10895]  ? trace_irq_disable+0x3b/0x150
[  267.038512][T10895]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  267.038531][T10895]  ? clear_bhb_loop+0x40/0x90
[  267.038550][T10895]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  267.038561][T10895] RIP: 0033:0x7f761bb9c799
[  267.038574][T10895] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  267.038592][T10895] RSP: 002b:00007f7619df6028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  267.038606][T10895] RAX: ffffffffffffffda RBX: 00007f761be15fa0 RCX: 00007f761bb9c799
[  267.038615][T10895] RDX: 0000200000000180 RSI: 00000000400448c8 RDI: 0000000000000004
[  267.038623][T10895] RBP: 00007f7619df6090 R08: 0000000000000000 R09: 0000000000000000
[  267.038630][T10895] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  267.038636][T10895] R13: 00007f761be16038 R14: 00007f761be15fa0 R15: 00007ffdac54c508
[  267.038655][T10895]  </TASK>
[  267.039053][T10895] ERROR: Out of memory at tomoyo_realpath_from_path.
[  267.274029][   T10] hid-generic 0005:10CF:5508.0001: item fetching failed at offset 0/2
[  267.283198][   T10] hid-generic 0005:10CF:5508.0001: probe with driver hid-generic failed with error -22
[  267.965986][ T5837] Bluetooth: hci4: command tx timeout
[  268.015995][ T5898] usb 4-1: new high-speed USB device number 6 using dummy_hcd
[  268.166297][ T5898] usb 4-1: Using ep0 maxpacket: 32
[  268.173158][ T5898] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  268.184682][ T5898] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  268.194538][ T5898] usb 4-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40
[  268.203811][ T5898] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  268.214508][ T5898] usb 4-1: config 0 descriptor??
[  268.226225][ T5898] hub 4-1:0.0: USB hub found
[  268.427966][ T5898] hub 4-1:0.0: 1 port detected
[  269.034545][ T5898] hub 4-1:0.0: activate --> -90
[  269.235249][ T5898] hub 4-1:0.0: hub_ext_port_status failed (err = 2)
[  269.547526][ T5898] usb 4-1: USB disconnect, device number 6
[  269.806760][ T5837] Bluetooth: hci1: Controller not accepting commands anymore: ncmd = 0
[  269.817006][ T5837] Bluetooth: hci1: Injecting HCI hardware error event
[  269.826858][ T5837] Bluetooth: hci1: hardware error 0x00
[  270.017575][T10977] comedi comedi0: dt2815: a I/O base address must be specified
[  270.017609][T10975] lo speed is unknown, defaulting to 1000
[  271.889399][ T5837] Bluetooth: hci1: Opcode 0x0c03 failed: -110
[  271.919715][T11006] comedi comedi0: dt2815: a I/O base address must be specified
[  271.945528][T11006] netlink: 'syz.3.2196': attribute type 1 has an invalid length.
[  272.100585][T11016] CIFS: No dialect specified on mount. Default has changed to a more secure dialect, SMB2.1 or later (e.g. SMB3.1.1), from CIFS (SMB1). To use the less secure SMB1 dialect to access old servers which do not support SMB3.1.1 (or even SMB3 or SMB2.1) specify vers=1.0 on mount.
[  272.172961][T11016] CIFS mount error: No usable UNC path provided in device string!
[  272.172961][T11016] 
[  272.193424][T11016] CIFS: VFS: CIFS mount error: No usable UNC path provided in device string!
[  272.252301][ T5833] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[  272.267638][ T5833] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[  272.276867][ T5833] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[  272.295004][ T5833] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[  272.309715][ T5833] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[  272.384686][T11020] lo speed is unknown, defaulting to 1000
[  272.520656][T11020] chnl_net:caif_netlink_parms(): no params data found
[  272.595942][   T10] usb 4-1: new high-speed USB device number 7 using dummy_hcd
[  272.619847][T11020] bridge0: port 1(bridge_slave_0) entered blocking state
[  272.627318][T11020] bridge0: port 1(bridge_slave_0) entered disabled state
[  272.634864][T11020] bridge_slave_0: entered allmulticast mode
[  272.643190][T11020] bridge_slave_0: entered promiscuous mode
[  272.652169][T11020] bridge0: port 2(bridge_slave_1) entered blocking state
[  272.659688][T11020] bridge0: port 2(bridge_slave_1) entered disabled state
[  272.667270][T11020] bridge_slave_1: entered allmulticast mode
[  272.675031][T11020] bridge_slave_1: entered promiscuous mode
[  272.714791][T11020] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  272.728997][T11020] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  272.766995][   T10] usb 4-1: Using ep0 maxpacket: 32
[  272.772578][T11020] team0: Port device team_slave_0 added
[  272.777909][   T10] usb 4-1: config 0 interface 0 altsetting 128 endpoint 0x2 has an invalid bInterval 0, changing to 7
[  272.783353][T11020] team0: Port device team_slave_1 added
[  272.790016][   T10] usb 4-1: config 0 interface 0 altsetting 128 endpoint 0x2 has invalid wMaxPacketSize 0
[  272.807281][   T10] usb 4-1: config 0 interface 0 has no altsetting 0
[  272.838039][   T10] usb 4-1: New USB device found, idVendor=1b1c, idProduct=0c10, bcdDevice= 0.00
[  272.841021][T11020] batman_adv: batadv0: Adding interface: batadv_slave_0
[  272.850759][   T10] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  272.867694][T11020] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  272.888565][   T10] usb 4-1: config 0 descriptor??
[  272.923321][T11020] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  272.958324][T11020] batman_adv: batadv0: Adding interface: batadv_slave_1
[  272.973967][T11020] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  273.027887][T11020] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  273.168473][T11020] hsr_slave_0: entered promiscuous mode
[  273.180550][T11042] netlink: 'syz.0.2208': attribute type 1 has an invalid length.
[  273.191647][T11020] hsr_slave_1: entered promiscuous mode
[  273.201241][T11020] debugfs: 'hsr0' already exists in 'hsr'
[  273.215912][T11020] Cannot create hsr debugfs directory
[  273.372309][   T10] corsair-cpro 0003:1B1C:0C10.0002: unknown main item tag 0x5
[  273.392844][   T10] corsair-cpro 0003:1B1C:0C10.0002: item fetching failed at offset 4/5
[  273.419371][   T10] corsair-cpro 0003:1B1C:0C10.0002: probe with driver corsair-cpro failed with error -22
[  273.574862][   T10] usb 4-1: USB disconnect, device number 7
[  273.796661][T11020] netdevsim netdevsim4 netdevsim0: renamed from eth0
[  273.813647][T11020] netdevsim netdevsim4 netdevsim1: renamed from eth1
[  273.829520][T11020] netdevsim netdevsim4 netdevsim2: renamed from eth2
[  273.843690][T11020] netdevsim netdevsim4 netdevsim3: renamed from eth3
[  274.027719][T11020] 8021q: adding VLAN 0 to HW filter on device bond0
[  274.070061][T11020] 8021q: adding VLAN 0 to HW filter on device team0
[  274.093317][  T392] bridge0: port 1(bridge_slave_0) entered blocking state
[  274.100648][  T392] bridge0: port 1(bridge_slave_0) entered forwarding state
[  274.129642][ T3474] bridge0: port 2(bridge_slave_1) entered blocking state
[  274.137246][ T3474] bridge0: port 2(bridge_slave_1) entered forwarding state
[  274.185309][T11077] comedi comedi0: dt2815: a I/O base address must be specified
[  274.207148][T11077] netlink: 'syz.3.2222': attribute type 1 has an invalid length.
[  274.367063][ T5837] Bluetooth: hci2: command tx timeout
[  274.574782][T11092] FAULT_INJECTION: forcing a failure.
[  274.574782][T11092] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  274.599909][T11092] CPU: 0 UID: 0 PID: 11092 Comm: syz.3.2226 Not tainted syzkaller #0 PREEMPT(full) 
[  274.599940][T11092] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[  274.599951][T11092] Call Trace:
[  274.599959][T11092]  <TASK>
[  274.599968][T11092]  dump_stack_lvl+0xe8/0x150
[  274.600005][T11092]  should_fail_ex+0x412/0x560
[  274.600033][T11092]  _copy_from_user+0x2d/0xb0
[  274.600059][T11092]  __sys_sendto+0x292/0x590
[  274.600092][T11092]  ? __pfx___sys_sendto+0x10/0x10
[  274.600118][T11092]  ? __mutex_unlock_slowpath+0x1bd/0x7d0
[  274.600153][T11092]  ? __fget_files+0x3a0/0x420
[  274.600191][T11092]  ? ksys_write+0x242/0x270
[  274.600214][T11092]  ? __pfx_ksys_write+0x10/0x10
[  274.600245][T11092]  __x64_sys_sendto+0xde/0x100
[  274.600278][T11092]  do_syscall_64+0x14d/0xf80
[  274.600296][T11092]  ? trace_irq_disable+0x3b/0x150
[  274.600321][T11092]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  274.600341][T11092]  ? clear_bhb_loop+0x40/0x90
[  274.600366][T11092]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  274.600386][T11092] RIP: 0033:0x7f761bb9c799
[  274.600406][T11092] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  274.600422][T11092] RSP: 002b:00007f7619df6028 EFLAGS: 00000246 ORIG_RAX: 000000000000002c
[  274.600445][T11092] RAX: ffffffffffffffda RBX: 00007f761be15fa0 RCX: 00007f761bb9c799
[  274.600460][T11092] RDX: 0000000000000001 RSI: 00002000000003c0 RDI: 0000000000000003
[  274.600472][T11092] RBP: 00007f7619df6090 R08: 0000200000000480 R09: 000000000000001c
[  274.600485][T11092] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  274.600497][T11092] R13: 00007f761be16038 R14: 00007f761be15fa0 R15: 00007ffdac54c508
[  274.600530][T11092]  </TASK>
[  274.845467][T11020] 8021q: adding VLAN 0 to HW filter on device batadv0
[  274.863979][T11097] comedi comedi0: dt2815: a I/O base address must be specified
[  275.333073][T11020] veth0_vlan: entered promiscuous mode
[  275.371294][T11020] veth1_vlan: entered promiscuous mode
[  275.450337][T11020] veth0_macvtap: entered promiscuous mode
[  275.472813][T11020] veth1_macvtap: entered promiscuous mode
[  275.515189][T11020] batman_adv: batadv0: Interface activated: batadv_slave_0
[  275.541868][T11020] batman_adv: batadv0: Interface activated: batadv_slave_1
[  275.566252][   T13] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  275.599056][   T13] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  275.617779][   T13] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  275.649403][   T13] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  275.871496][   T49] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  275.905131][   T49] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  276.053061][ T6707] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  276.069556][ T6707] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  276.070475][T11129] netlink: 'syz.3.2240': attribute type 10 has an invalid length.
[  276.110651][T11129] bond0: (slave wlan1): Enslaving as an active interface with an up link
[  276.318793][T11141] FAULT_INJECTION: forcing a failure.
[  276.318793][T11141] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  276.333516][T11141] CPU: 1 UID: 0 PID: 11141 Comm: syz.3.2245 Not tainted syzkaller #0 PREEMPT(full) 
[  276.333546][T11141] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[  276.333557][T11141] Call Trace:
[  276.333564][T11141]  <TASK>
[  276.333573][T11141]  dump_stack_lvl+0xe8/0x150
[  276.333611][T11141]  should_fail_ex+0x412/0x560
[  276.333639][T11141]  _copy_from_user+0x2d/0xb0
[  276.333664][T11141]  ___sys_sendmsg+0x1c6/0x360
[  276.333692][T11141]  ? __pfx____sys_sendmsg+0x10/0x10
[  276.333749][T11141]  ? __fget_files+0x2a/0x420
[  276.333774][T11141]  ? __fget_files+0x3a0/0x420
[  276.333820][T11141]  __x64_sys_sendmsg+0x1bd/0x2a0
[  276.333844][T11141]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  276.333875][T11141]  ? __pfx_ksys_write+0x10/0x10
[  276.333906][T11141]  do_syscall_64+0x14d/0xf80
[  276.333924][T11141]  ? trace_irq_disable+0x3b/0x150
[  276.333949][T11141]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  276.333969][T11141]  ? clear_bhb_loop+0x40/0x90
[  276.333995][T11141]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  276.334015][T11141] RIP: 0033:0x7f761bb9c799
[  276.334036][T11141] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  276.334051][T11141] RSP: 002b:00007f7619df6028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  276.334072][T11141] RAX: ffffffffffffffda RBX: 00007f761be15fa0 RCX: 00007f761bb9c799
[  276.334086][T11141] RDX: 0000000000000000 RSI: 0000200000000040 RDI: 0000000000000004
[  276.334098][T11141] RBP: 00007f7619df6090 R08: 0000000000000000 R09: 0000000000000000
[  276.334109][T11141] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  276.334120][T11141] R13: 00007f761be16038 R14: 00007f761be15fa0 R15: 00007ffdac54c508
[  276.334149][T11141]  </TASK>
[  276.486588][ T5837] Bluetooth: hci2: command tx timeout
[  276.959048][T11154] FAULT_INJECTION: forcing a failure.
[  276.959048][T11154] name failslab, interval 1, probability 0, space 0, times 0
[  276.986028][T11154] CPU: 0 UID: 0 PID: 11154 Comm: syz.3.2251 Not tainted syzkaller #0 PREEMPT(full) 
[  276.986058][T11154] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[  276.986070][T11154] Call Trace:
[  276.986078][T11154]  <TASK>
[  276.986087][T11154]  dump_stack_lvl+0xe8/0x150
[  276.986124][T11154]  should_fail_ex+0x412/0x560
[  276.986153][T11154]  should_failslab+0xa8/0x100
[  276.986177][T11154]  __kmalloc_noprof+0xe8/0x760
[  276.986208][T11154]  ? tomoyo_realpath_from_path+0xe3/0x5d0
[  276.986245][T11154]  tomoyo_realpath_from_path+0xe3/0x5d0
[  276.986285][T11154]  ? tomoyo_path_number_perm+0x219/0x630
[  276.986312][T11154]  tomoyo_path_number_perm+0x246/0x630
[  276.986341][T11154]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  276.986369][T11154]  ? __lock_acquire+0x6b5/0x2cf0
[  276.986411][T11154]  ? __mutex_unlock_slowpath+0x1bd/0x7d0
[  276.986454][T11154]  ? __fget_files+0x2a/0x420
[  276.986484][T11154]  ? __fget_files+0x2a/0x420
[  276.986509][T11154]  ? __fget_files+0x3a0/0x420
[  276.986534][T11154]  ? __fget_files+0x2a/0x420
[  276.986564][T11154]  security_file_ioctl+0xc3/0x2a0
[  276.986592][T11154]  __se_sys_ioctl+0x47/0x170
[  276.986626][T11154]  do_syscall_64+0x14d/0xf80
[  276.986644][T11154]  ? trace_irq_disable+0x3b/0x150
[  276.986668][T11154]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  276.986688][T11154]  ? clear_bhb_loop+0x40/0x90
[  276.986713][T11154]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  276.986733][T11154] RIP: 0033:0x7f761bb9c799
[  276.986753][T11154] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  276.986769][T11154] RSP: 002b:00007f7619df6028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  276.986792][T11154] RAX: ffffffffffffffda RBX: 00007f761be15fa0 RCX: 00007f761bb9c799
[  276.986807][T11154] RDX: 00002000000000c0 RSI: 0000000000005423 RDI: 0000000000000003
[  276.986819][T11154] RBP: 00007f7619df6090 R08: 0000000000000000 R09: 0000000000000000
[  276.986831][T11154] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  276.986843][T11154] R13: 00007f761be16038 R14: 00007f761be15fa0 R15: 00007ffdac54c508
[  276.986875][T11154]  </TASK>
[  276.986884][T11154] ERROR: Out of memory at tomoyo_realpath_from_path.
[  277.772437][T11169] FAULT_INJECTION: forcing a failure.
[  277.772437][T11169] name failslab, interval 1, probability 0, space 0, times 0
[  277.787108][T11169] CPU: 1 UID: 0 PID: 11169 Comm: syz.3.2258 Not tainted syzkaller #0 PREEMPT(full) 
[  277.787138][T11169] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[  277.787150][T11169] Call Trace:
[  277.787158][T11169]  <TASK>
[  277.787167][T11169]  dump_stack_lvl+0xe8/0x150
[  277.787202][T11169]  should_fail_ex+0x412/0x560
[  277.787228][T11169]  should_failslab+0xa8/0x100
[  277.787250][T11169]  __kmalloc_noprof+0xe8/0x760
[  277.787280][T11169]  ? tomoyo_realpath_from_path+0xe3/0x5d0
[  277.787315][T11169]  tomoyo_realpath_from_path+0xe3/0x5d0
[  277.787355][T11169]  ? tomoyo_path_number_perm+0x219/0x630
[  277.787380][T11169]  tomoyo_path_number_perm+0x246/0x630
[  277.787408][T11169]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  277.787435][T11169]  ? __lock_acquire+0x6b5/0x2cf0
[  277.787482][T11169]  ? __mutex_unlock_slowpath+0x1bd/0x7d0
[  277.787522][T11169]  ? __fget_files+0x2a/0x420
[  277.787550][T11169]  ? __fget_files+0x2a/0x420
[  277.787573][T11169]  ? __fget_files+0x3a0/0x420
[  277.787606][T11169]  ? __fget_files+0x2a/0x420
[  277.787635][T11169]  security_file_ioctl+0xc3/0x2a0
[  277.787660][T11169]  __se_sys_ioctl+0x47/0x170
[  277.787682][T11169]  do_syscall_64+0x14d/0xf80
[  277.787700][T11169]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  277.787719][T11169]  ? clear_bhb_loop+0x40/0x90
[  277.787743][T11169]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  277.787762][T11169] RIP: 0033:0x7f761bb9c799
[  277.787780][T11169] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  277.787796][T11169] RSP: 002b:00007f7619df6028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  277.787818][T11169] RAX: ffffffffffffffda RBX: 00007f761be15fa0 RCX: 00007f761bb9c799
[  277.787831][T11169] RDX: 0000000000000000 RSI: 0000000040047459 RDI: 0000000000000004
[  277.787842][T11169] RBP: 00007f7619df6090 R08: 0000000000000000 R09: 0000000000000000
[  277.787852][T11169] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  277.787863][T11169] R13: 00007f761be16038 R14: 00007f761be15fa0 R15: 00007ffdac54c508
[  277.787894][T11169]  </TASK>
[  277.787965][T11169] ERROR: Out of memory at tomoyo_realpath_from_path.
[  278.243496][T11177] overlayfs: missing 'lowerdir'
[  278.253816][T11180] FAULT_INJECTION: forcing a failure.
[  278.253816][T11180] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  278.269122][T11180] CPU: 1 UID: 0 PID: 11180 Comm: syz.3.2262 Not tainted syzkaller #0 PREEMPT(full) 
[  278.269151][T11180] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[  278.269162][T11180] Call Trace:
[  278.269170][T11180]  <TASK>
[  278.269178][T11180]  dump_stack_lvl+0xe8/0x150
[  278.269211][T11180]  should_fail_ex+0x412/0x560
[  278.269242][T11180]  _copy_from_user+0x2d/0xb0
[  278.269266][T11180]  ___sys_sendmsg+0x1c6/0x360
[  278.269294][T11180]  ? __pfx____sys_sendmsg+0x10/0x10
[  278.269348][T11180]  ? __fget_files+0x2a/0x420
[  278.269374][T11180]  ? __fget_files+0x3a0/0x420
[  278.269410][T11180]  __x64_sys_sendmsg+0x1bd/0x2a0
[  278.269432][T11180]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  278.269462][T11180]  ? __pfx_ksys_write+0x10/0x10
[  278.269492][T11180]  do_syscall_64+0x14d/0xf80
[  278.269511][T11180]  ? trace_irq_disable+0x3b/0x150
[  278.269533][T11180]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  278.269553][T11180]  ? clear_bhb_loop+0x40/0x90
[  278.269577][T11180]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  278.269606][T11180] RIP: 0033:0x7f761bb9c799
[  278.269626][T11180] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  278.269641][T11180] RSP: 002b:00007f7619df6028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  278.269664][T11180] RAX: ffffffffffffffda RBX: 00007f761be15fa0 RCX: 00007f761bb9c799
[  278.269678][T11180] RDX: 0000000002000000 RSI: 0000200000000400 RDI: 0000000000000004
[  278.269691][T11180] RBP: 00007f7619df6090 R08: 0000000000000000 R09: 0000000000000000
[  278.269703][T11180] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  278.269714][T11180] R13: 00007f761be16038 R14: 00007f761be15fa0 R15: 00007ffdac54c508
[  278.269745][T11180]  </TASK>
[  278.525975][ T5837] Bluetooth: hci2: command tx timeout
[  278.560642][T11185] netlink: 132 bytes leftover after parsing attributes in process `syz.1.2263'.
[  278.847472][T11191] netlink: 'syz.3.2265': attribute type 10 has an invalid length.
[  278.876013][T11191] netlink: 55 bytes leftover after parsing attributes in process `syz.3.2265'.
[  279.132736][T11202] FAULT_INJECTION: forcing a failure.
[  279.132736][T11202] name failslab, interval 1, probability 0, space 0, times 0
[  279.146230][T11202] CPU: 0 UID: 0 PID: 11202 Comm: syz.3.2269 Not tainted syzkaller #0 PREEMPT(full) 
[  279.146258][T11202] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[  279.146270][T11202] Call Trace:
[  279.146278][T11202]  <TASK>
[  279.146287][T11202]  dump_stack_lvl+0xe8/0x150
[  279.146324][T11202]  should_fail_ex+0x412/0x560
[  279.146352][T11202]  should_failslab+0xa8/0x100
[  279.146377][T11202]  __kmalloc_noprof+0xe8/0x760
[  279.146407][T11202]  ? tomoyo_realpath_from_path+0xe3/0x5d0
[  279.146442][T11202]  tomoyo_realpath_from_path+0xe3/0x5d0
[  279.146479][T11202]  ? tomoyo_path_number_perm+0x219/0x630
[  279.146503][T11202]  tomoyo_path_number_perm+0x246/0x630
[  279.146529][T11202]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  279.146557][T11202]  ? __lock_acquire+0x6b5/0x2cf0
[  279.146596][T11202]  ? __mutex_unlock_slowpath+0x1bd/0x7d0
[  279.146637][T11202]  ? __fget_files+0x2a/0x420
[  279.146667][T11202]  ? __fget_files+0x2a/0x420
[  279.146692][T11202]  ? __fget_files+0x3a0/0x420
[  279.146716][T11202]  ? __fget_files+0x2a/0x420
[  279.146747][T11202]  security_file_ioctl+0xc3/0x2a0
[  279.146773][T11202]  __se_sys_ioctl+0x47/0x170
[  279.146797][T11202]  do_syscall_64+0x14d/0xf80
[  279.146815][T11202]  ? trace_irq_disable+0x3b/0x150
[  279.146849][T11202]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  279.146870][T11202]  ? clear_bhb_loop+0x40/0x90
[  279.146895][T11202]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  279.146916][T11202] RIP: 0033:0x7f761bb9c799
[  279.146936][T11202] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  279.146952][T11202] RSP: 002b:00007f7619df6028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  279.146975][T11202] RAX: ffffffffffffffda RBX: 00007f761be15fa0 RCX: 00007f761bb9c799
[  279.146990][T11202] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000009
[  279.147002][T11202] RBP: 00007f7619df6090 R08: 0000000000000000 R09: 0000000000000000
[  279.147014][T11202] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  279.147025][T11202] R13: 00007f761be16038 R14: 00007f761be15fa0 R15: 00007ffdac54c508
[  279.147058][T11202]  </TASK>
[  279.147067][T11202] ERROR: Out of memory at tomoyo_realpath_from_path.
[  279.528177][T11211] netlink: 'syz.3.2273': attribute type 27 has an invalid length.
[  279.791452][T11223] comedi comedi0: dt2815: a I/O base address must be specified
[  280.150206][T11236] comedi comedi0: dt2815: a I/O base address must be specified
[  280.606918][ T5837] Bluetooth: hci2: command tx timeout
[  281.312515][T11290] comedi comedi0: dt2815: a I/O base address must be specified
[  281.522389][T11297] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2306'.
[  281.914322][ T5837] Bluetooth: Frame is too long (len 18, expected len 4)
[  282.216038][T11328] comedi comedi0: dt2815: a I/O base address must be specified
[  282.432183][T11331] netlink: 212 bytes leftover after parsing attributes in process `syz.3.2321'.
[  282.577569][T11333] comedi comedi0: dt2815: a I/O base address must be specified
[  282.772194][T11338] netlink: 72 bytes leftover after parsing attributes in process `syz.0.2324'.
[  283.034107][T11345] netlink: 'syz.1.2327': attribute type 10 has an invalid length.
[  283.057298][T11345] netlink: 55 bytes leftover after parsing attributes in process `syz.1.2327'.
[  283.138337][T11350] comedi comedi0: dt2815: a I/O base address must be specified
[  283.451560][T11354] netlink: 16 bytes leftover after parsing attributes in process `syz.3.2331'.
[  283.514594][T11354] syzkaller1: entered promiscuous mode
[  283.536183][T11354] syzkaller1: entered allmulticast mode
[  284.478020][T11380] faux_driver vgem: [drm] Unknown color mode 127; guessing buffer size.
[  284.691878][T11390] comedi comedi0: dt2815: a I/O base address must be specified
[  284.821092][T11393] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[  285.218240][T11411] comedi comedi0: dt2815: a I/O base address must be specified
[  285.505966][ T5834] usb 5-1: new high-speed USB device number 2 using dummy_hcd
[  285.646097][ T5922] usb 4-1: new high-speed USB device number 8 using dummy_hcd
[  285.667984][ T5834] usb 5-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3
[  285.683556][ T5834] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  285.704683][ T5834] usb 5-1: config 0 descriptor??
[  285.722624][ T5834] cp210x 5-1:0.0: cp210x converter detected
[  285.816237][ T5922] usb 4-1: Using ep0 maxpacket: 32
[  285.825733][ T5922] usb 4-1: config 0 interface 0 altsetting 128 endpoint 0x2 has an invalid bInterval 0, changing to 7
[  285.837525][ T5922] usb 4-1: config 0 interface 0 altsetting 128 endpoint 0x2 has invalid wMaxPacketSize 0
[  285.847805][ T5922] usb 4-1: config 0 interface 0 has no altsetting 0
[  285.854512][ T5922] usb 4-1: New USB device found, idVendor=1b1c, idProduct=0c10, bcdDevice= 0.00
[  285.863884][ T5922] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  285.874817][ T5922] usb 4-1: config 0 descriptor??
[  285.992608][T11437] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2364'.
[  286.007170][T11437] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2364'.
[  286.319391][ T5922] corsair-cpro 0003:1B1C:0C10.0003: unknown main item tag 0x5
[  286.341758][ T5922] corsair-cpro 0003:1B1C:0C10.0003: item fetching failed at offset 4/5
[  286.361982][ T5834] usb 5-1: cp210x converter now attached to ttyUSB0
[  286.374028][ T5922] corsair-cpro 0003:1B1C:0C10.0003: probe with driver corsair-cpro failed with error -22
[  286.487512][ T5833] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1
[  286.500526][ T5833] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9
[  286.506916][ T5920] usb 4-1: USB disconnect, device number 8
[  286.516637][ T5833] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9
[  286.526944][ T5833] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4
[  286.534825][ T5833] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2
[  286.541386][    T9] usb 5-1: USB disconnect, device number 2
[  286.607925][    T9] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0
[  286.663676][    T9] cp210x 5-1:0.0: device disconnected
[  286.692295][T11454] lo speed is unknown, defaulting to 1000
[  286.755567][T11457] netlink: 80 bytes leftover after parsing attributes in process `syz.0.2372'.
[  286.986802][   T49] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  287.020375][T11454] chnl_net:caif_netlink_parms(): no params data found
[  287.084851][T11465] comedi comedi0: dt2815: a I/O base address must be specified
[  287.094570][T11465] netlink: 'syz.3.2374': attribute type 1 has an invalid length.
[  287.186970][   T49] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  287.221134][T11468] netlink: 14 bytes leftover after parsing attributes in process `syz.4.2375'.
[  287.346844][   T49] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  287.568402][   T49] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  287.588554][T11454] bridge0: port 1(bridge_slave_0) entered blocking state
[  287.597460][T11454] bridge0: port 1(bridge_slave_0) entered disabled state
[  287.604994][T11454] bridge_slave_0: entered allmulticast mode
[  287.615555][T11454] bridge_slave_0: entered promiscuous mode
[  287.644545][T11454] bridge0: port 2(bridge_slave_1) entered blocking state
[  287.654490][T11454] bridge0: port 2(bridge_slave_1) entered disabled state
[  287.664208][T11454] bridge_slave_1: entered allmulticast mode
[  287.715646][T11454] bridge_slave_1: entered promiscuous mode
[  287.824490][T11454] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  287.857510][T11454] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  288.099219][T11454] team0: Port device team_slave_0 added
[  288.147168][T11454] team0: Port device team_slave_1 added
[  288.176391][T11489] netlink: 80 bytes leftover after parsing attributes in process `syz.3.2380'.
[  288.234076][   T49] bridge_slave_1: left allmulticast mode
[  288.240479][   T49] bridge_slave_1: left promiscuous mode
[  288.247090][   T49] bridge0: port 2(bridge_slave_1) entered disabled state
[  288.275316][   T49] bridge_slave_0: left allmulticast mode
[  288.297307][   T49] bridge_slave_0: left promiscuous mode
[  288.308140][   T49] bridge0: port 1(bridge_slave_0) entered disabled state
[  288.513376][   T49] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  288.523541][   T49] bond_slave_0: left promiscuous mode
[  288.529102][ T5920] usb 4-1: new high-speed USB device number 9 using dummy_hcd
[  288.543092][   T49] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  288.552429][   T49] bond_slave_1: left promiscuous mode
[  288.561658][   T49] bond0 (unregistering): Released all slaves
[  288.573002][T11454] batman_adv: batadv0: Adding interface: batadv_slave_0
[  288.580025][T11454] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  288.585957][ T5932] usb 5-1: new high-speed USB device number 3 using dummy_hcd
[  288.608981][T11454] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  288.616642][ T5837] Bluetooth: hci5: command tx timeout
[  288.632550][T11454] batman_adv: batadv0: Adding interface: batadv_slave_1
[  288.632567][T11454] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  288.632590][T11454] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  288.768756][ T5920] usb 4-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3
[  288.778109][ T5920] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  288.790728][ T5920] usb 4-1: config 0 descriptor??
[  288.810679][ T5920] cp210x 4-1:0.0: cp210x converter detected
[  288.818084][T11454] hsr_slave_0: entered promiscuous mode
[  288.828561][T11454] hsr_slave_1: entered promiscuous mode
[  288.837178][ T5932] usb 5-1: Using ep0 maxpacket: 32
[  288.843754][T11454] debugfs: 'hsr0' already exists in 'hsr'
[  288.860828][T11454] Cannot create hsr debugfs directory
[  288.866629][ T5932] usb 5-1: unable to get BOS descriptor or descriptor too short
[  288.876636][ T5932] usb 5-1: config 33 has an invalid interface number: 92 but max is 0
[  288.892508][ T5932] usb 5-1: config 33 has no interface number 0
[  288.921673][ T5932] usb 5-1: New USB device found, idVendor=0403, idProduct=6015, bcdDevice=b7.6e
[  288.948009][ T5932] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  288.969887][ T5932] usb 5-1: Product: syz
[  288.974389][ T5932] usb 5-1: Manufacturer: syz
[  288.987533][ T5932] usb 5-1: SerialNumber: syz
[  289.012599][ T5920] cp210x 4-1:0.0: failed to get vendor val 0x370b size 1: -32
[  289.030088][ T5920] cp210x 4-1:0.0: querying part number failed
[  289.075582][ T5920] usb 4-1: cp210x converter now attached to ttyUSB0
[  289.256640][ T5932] ftdi_sio 5-1:33.92: FTDI USB Serial Device converter detected
[  289.272007][   T49] hsr_slave_0: left promiscuous mode
[  289.279987][ T5932] ftdi_sio ttyUSB1: unknown device type: 0xb76e
[  289.288932][   T49] hsr_slave_1: left promiscuous mode
[  289.296638][   T49] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  289.309101][   T49] batman_adv: batadv0: Removing interface: batadv_slave_0
[  289.319042][ T5932] usb 5-1: USB disconnect, device number 3
[  289.329636][   T49] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  289.342842][ T5932] ftdi_sio 5-1:33.92: device disconnected
[  289.348995][   T49] batman_adv: batadv0: Removing interface: batadv_slave_1
[  289.385005][   T49] veth1_macvtap: left promiscuous mode
[  289.390862][   T49] veth0_macvtap: left promiscuous mode
[  289.704974][   T49] team0 (unregistering): Port device team_slave_1 removed
[  289.732582][   T49] team0 (unregistering): Port device team_slave_0 removed
[  289.892889][T11516] comedi comedi0: dt2815: a I/O base address must be specified
[  290.122234][T11519] netlink: 'syz.0.2387': attribute type 1 has an invalid length.
[  290.300927][T11524] netlink: 80 bytes leftover after parsing attributes in process `syz.0.2389'.
[  290.769996][ T5837] Bluetooth: hci5: command tx timeout
[  290.785894][ T5898] usb 5-1: new high-speed USB device number 4 using dummy_hcd
[  290.968024][ T5898] usb 5-1: Using ep0 maxpacket: 16
[  290.983584][ T5898] usb 5-1: config 0 has an invalid interface number: 105 but max is 0
[  291.013114][ T5898] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  291.045181][ T5898] usb 5-1: config 0 has no interface number 0
[  291.065741][ T5898] usb 5-1: New USB device found, idVendor=046d, idProduct=08f3, bcdDevice= b.28
[  291.075686][ T5898] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  291.093424][ T5898] usb 5-1: Product: syz
[  291.098764][ T5898] usb 5-1: Manufacturer: syz
[  291.103757][ T5898] usb 5-1: SerialNumber: syz
[  291.121971][T11454] netdevsim netdevsim1 netdevsim0: renamed from eth0
[  291.135525][ T5898] usb 5-1: config 0 descriptor??
[  291.161060][T11454] netdevsim netdevsim1 netdevsim1: renamed from eth1
[  291.169615][ T5898] uvcvideo 5-1:0.105: Found UVC 0.00 device syz (046d:08f3)
[  291.186297][ T5898] uvcvideo 5-1:0.105: No valid video chain found.
[  291.220502][T11454] netdevsim netdevsim1 netdevsim2: renamed from eth2
[  291.251581][T11454] netdevsim netdevsim1 netdevsim3: renamed from eth3
[  291.323707][ T5932] usb 4-1: USB disconnect, device number 9
[  291.371468][ T5932] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0
[  291.393589][ T5920] usb 5-1: USB disconnect, device number 4
[  291.433834][ T5932] cp210x 4-1:0.0: device disconnected
[  291.501010][T11563] comedi comedi0: dt2815: a I/O base address must be specified
[  291.527159][T11563] netlink: 'syz.3.2396': attribute type 1 has an invalid length.
[  291.643976][T11454] 8021q: adding VLAN 0 to HW filter on device bond0
[  291.720927][T11454] 8021q: adding VLAN 0 to HW filter on device team0
[  291.778246][  T392] bridge0: port 1(bridge_slave_0) entered blocking state
[  291.785564][  T392] bridge0: port 1(bridge_slave_0) entered forwarding state
[  291.849946][   T49] bridge0: port 2(bridge_slave_1) entered blocking state
[  291.857272][   T49] bridge0: port 2(bridge_slave_1) entered forwarding state
[  292.637226][T11454] 8021q: adding VLAN 0 to HW filter on device batadv0
[  292.831556][T11454] veth0_vlan: entered promiscuous mode
[  292.847542][ T5837] Bluetooth: hci5: command tx timeout
[  292.905501][T11454] veth1_vlan: entered promiscuous mode
[  293.001390][T11605] comedi comedi0: dt2815: a I/O base address must be specified
[  293.020716][T11454] veth0_macvtap: entered promiscuous mode
[  293.041060][T11454] veth1_macvtap: entered promiscuous mode
[  293.087139][ T5922] usb 5-1: new high-speed USB device number 5 using dummy_hcd
[  293.125047][T11454] batman_adv: batadv0: Interface activated: batadv_slave_0
[  293.169471][T11454] batman_adv: batadv0: Interface activated: batadv_slave_1
[  293.199533][   T12] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  293.218192][   T12] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  293.233885][   T12] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  293.267344][ T5922] usb 5-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3
[  293.277502][   T12] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  293.300475][ T5922] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  293.331132][ T5922] usb 5-1: config 0 descriptor??
[  293.349955][ T5922] cp210x 5-1:0.0: cp210x converter detected
[  293.487791][  T392] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  293.501067][  T392] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  293.550370][ T5922] cp210x 5-1:0.0: failed to get vendor val 0x370b size 1: -32
[  293.569319][ T5922] cp210x 5-1:0.0: querying part number failed
[  293.593428][ T6857] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  293.604189][ T5922] usb 5-1: cp210x converter now attached to ttyUSB0
[  293.617186][ T6857] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  293.807937][T11623] netlink: 'syz.0.2408': attribute type 1 has an invalid length.
[  294.926383][ T5837] Bluetooth: hci5: command tx timeout
[  294.994417][T11660] overlayfs: failed to clone upperpath
[  295.008044][ T5834] usb 2-1: new high-speed USB device number 6 using dummy_hcd
[  295.168194][ T5834] usb 2-1: Using ep0 maxpacket: 16
[  295.182723][T11664] netlink: 'syz.0.2418': attribute type 1 has an invalid length.
[  295.186431][ T5834] usb 2-1: config 0 has an invalid interface number: 105 but max is 0
[  295.204201][ T5834] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  295.227926][ T5834] usb 2-1: config 0 has no interface number 0
[  295.265698][ T5834] usb 2-1: New USB device found, idVendor=046d, idProduct=08f3, bcdDevice= b.28
[  295.275396][ T5834] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  295.283779][ T5834] usb 2-1: Product: syz
[  295.298084][ T5834] usb 2-1: Manufacturer: syz
[  295.310406][ T5834] usb 2-1: SerialNumber: syz
[  295.329162][ T5834] usb 2-1: config 0 descriptor??
[  295.357979][ T5834] uvcvideo 2-1:0.105: Found UVC 0.00 device syz (046d:08f3)
[  295.365463][ T5834] uvcvideo 2-1:0.105: No valid video chain found.
[  295.555562][ T5898] usb 2-1: USB disconnect, device number 6
[  295.813220][ T5898] usb 5-1: USB disconnect, device number 5
[  295.852393][ T5898] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0
[  295.886706][ T5898] cp210x 5-1:0.0: device disconnected
[  296.231548][T11676] comedi comedi0: dt2815: a I/O base address must be specified
[  296.489042][T11688] comedi comedi0: dt2815: a I/O base address must be specified
[  296.499050][T11688] netlink: 'syz.4.2427': attribute type 1 has an invalid length.
[  296.596122][ T5898] usb 2-1: new high-speed USB device number 7 using dummy_hcd
[  296.625895][ T5922] usb 4-1: new high-speed USB device number 10 using dummy_hcd
[  296.757377][ T5898] usb 2-1: Using ep0 maxpacket: 16
[  296.782989][ T5898] usb 2-1: config 0 has an invalid interface number: 105 but max is 0
[  296.801972][ T5922] usb 4-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[  296.814307][ T5898] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  296.835348][ T5922] usb 4-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47
[  296.850695][ T5898] usb 2-1: config 0 has no interface number 0
[  296.866263][ T5922] usb 4-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[  296.883969][ T5898] usb 2-1: New USB device found, idVendor=046d, idProduct=08f3, bcdDevice= b.28
[  296.893556][ T5922] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  296.913921][ T5898] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  296.927183][ T5898] usb 2-1: Product: syz
[  296.944403][T11685] raw-gadget.1 gadget.3: fail, usb_ep_enable returned -22
[  296.945962][ T5898] usb 2-1: Manufacturer: syz
[  296.990420][ T5898] usb 2-1: SerialNumber: syz
[  297.015559][ T5922] usb 4-1: Quirk or no altset; falling back to MIDI 1.0
[  297.025491][ T5898] usb 2-1: config 0 descriptor??
[  297.045428][ T5898] uvcvideo 2-1:0.105: Found UVC 0.00 device syz (046d:08f3)
[  297.067979][ T5898] uvcvideo 2-1:0.105: No valid video chain found.
[  297.242210][    T9] usb 2-1: USB disconnect, device number 7
[  297.425538][ T5922] usb 4-1: USB disconnect, device number 10
[  297.618701][T11696] netlink: 'syz.0.2430': attribute type 10 has an invalid length.
[  297.755400][T11698] lo speed is unknown, defaulting to 1000
[  297.852233][ T5932] usb 5-1: new high-speed USB device number 6 using dummy_hcd
[  298.021190][ T5932] usb 5-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3
[  298.051434][ T5932] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  298.085201][ T5932] usb 5-1: config 0 descriptor??
[  298.120751][ T5932] cp210x 5-1:0.0: cp210x converter detected
[  298.255935][ T5920] usb 2-1: new high-speed USB device number 8 using dummy_hcd
[  298.318099][ T5932] cp210x 5-1:0.0: failed to get vendor val 0x370b size 1: -32
[  298.342712][ T5932] cp210x 5-1:0.0: querying part number failed
[  298.365778][ T5932] usb 5-1: cp210x converter now attached to ttyUSB0
[  298.405962][ T5920] usb 2-1: Using ep0 maxpacket: 16
[  298.423501][ T5920] usb 2-1: config 0 has an invalid interface number: 105 but max is 0
[  298.442729][ T5920] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  298.471418][ T5920] usb 2-1: config 0 has no interface number 0
[  298.506954][ T5920] usb 2-1: New USB device found, idVendor=046d, idProduct=08f3, bcdDevice= b.28
[  298.524202][ T5920] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  298.549850][ T5920] usb 2-1: Product: syz
[  298.558387][ T5920] usb 2-1: Manufacturer: syz
[  298.574240][ T5920] usb 2-1: SerialNumber: syz
[  298.634456][ T5920] usb 2-1: config 0 descriptor??
[  298.660943][ T5920] uvcvideo 2-1:0.105: Found UVC 0.00 device syz (046d:08f3)
[  298.688850][ T5920] uvcvideo 2-1:0.105: No valid video chain found.
[  298.783478][T11712] comedi comedi0: dt2815: a I/O base address must be specified
[  298.864429][ T5920] usb 2-1: USB disconnect, device number 8
[  299.295938][ T5922] usb 4-1: new high-speed USB device number 11 using dummy_hcd
[  299.455955][ T5922] usb 4-1: Using ep0 maxpacket: 32
[  299.467892][ T5922] usb 4-1: config 0 has an invalid interface number: 67 but max is 0
[  299.477114][ T5922] usb 4-1: config 0 has no interface number 0
[  299.486626][ T5922] usb 4-1: New USB device found, idVendor=0424, idProduct=9901, bcdDevice=c2.57
[  299.501655][ T5922] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  299.512672][ T5922] usb 4-1: Product: syz
[  299.518393][ T5922] usb 4-1: Manufacturer: syz
[  299.523295][ T5922] usb 4-1: SerialNumber: syz
[  299.528896][T11728] binder: Binderfs stats mode cannot be changed during a remount
[  299.539745][ T5922] usb 4-1: config 0 descriptor??
[  299.702833][T11734] lo speed is unknown, defaulting to 1000
[  299.783398][T11737] comedi comedi0: dt2815: a I/O base address must be specified
[  299.993032][T11721] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  300.017914][T11721] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  300.032462][ T5922] smsc95xx 4-1:0.67 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000030: -32
[  300.043785][ T5922] smsc95xx 4-1:0.67 (unnamed net_device) (uninitialized): Error reading E2P_CMD
[  300.258790][ T5922] smsc95xx 4-1:0.67 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000014: -32
[  300.273927][T11721] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  300.305112][ T5922] smsc95xx 4-1:0.67: probe with driver smsc95xx failed with error -32
[  300.318788][T11721] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  300.331365][ T5920] usb 2-1: new full-speed USB device number 9 using dummy_hcd
[  300.383120][T11721] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  300.392655][T11721] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  300.528129][ T5920] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10
[  300.539290][ T5920] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  300.550678][ T5920] usb 2-1: New USB device found, idVendor=060b, idProduct=700a, bcdDevice= 0.00
[  300.560821][ T5920] usb 2-1: New USB device strings: Mfr=2, Product=0, SerialNumber=0
[  300.569473][ T5920] usb 2-1: Manufacturer: syz
[  300.577521][ T5920] usb 2-1: config 0 descriptor??
[  300.600765][    T9] usb 5-1: USB disconnect, device number 6
[  300.619524][    T9] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0
[  300.632099][    T9] cp210x 5-1:0.0: device disconnected
[  301.005124][ T5920] cougar 0003:060B:700A.0004: unknown main item tag 0x0
[  301.013424][ T5920] cougar 0003:060B:700A.0004: unknown main item tag 0x0
[  301.023100][ T5920] cougar 0003:060B:700A.0004: unknown main item tag 0x0
[  301.030606][ T5920] cougar 0003:060B:700A.0004: unknown main item tag 0x0
[  301.037666][ T5920] cougar 0003:060B:700A.0004: unknown main item tag 0x0
[  301.055354][ T5920] cougar 0003:060B:700A.0004: hidraw0: USB HID v0.00 Device [syz] on usb-dummy_hcd.1-1/input0
[  301.164069][T11762] comedi comedi0: dt2815: a I/O base address must be specified
[  301.202504][T11741] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  301.217414][T11741] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  301.228707][ T5922] usb 2-1: USB disconnect, device number 9
[  301.414013][T11761] fido_id[11761]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.1/usb2/report_descriptor': No such file or directory
[  301.568504][ T5920] usb 5-1: new high-speed USB device number 7 using dummy_hcd
[  301.736108][ T5920] usb 5-1: Using ep0 maxpacket: 32
[  301.743767][ T5920] usb 5-1: config 0 interface 0 altsetting 128 endpoint 0x2 has an invalid bInterval 0, changing to 7
[  301.755468][ T5920] usb 5-1: config 0 interface 0 altsetting 128 endpoint 0x2 has invalid wMaxPacketSize 0
[  301.765763][ T5920] usb 5-1: config 0 interface 0 has no altsetting 0
[  301.773506][ T5920] usb 5-1: New USB device found, idVendor=1b1c, idProduct=0c10, bcdDevice= 0.00
[  301.783369][ T5920] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  301.795482][ T5920] usb 5-1: config 0 descriptor??
[  302.003114][T11777] netlink: 212408 bytes leftover after parsing attributes in process `syz.1.2460'.
[  302.017729][T11777] FAULT_INJECTION: forcing a failure.
[  302.017729][T11777] name failslab, interval 1, probability 0, space 0, times 0
[  302.031134][T11777] CPU: 1 UID: 0 PID: 11777 Comm: syz.1.2460 Not tainted syzkaller #0 PREEMPT(full) 
[  302.031162][T11777] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[  302.031173][T11777] Call Trace:
[  302.031180][T11777]  <TASK>
[  302.031186][T11777]  dump_stack_lvl+0xe8/0x150
[  302.031216][T11777]  should_fail_ex+0x412/0x560
[  302.031241][T11777]  should_failslab+0xa8/0x100
[  302.031261][T11777]  __kmalloc_cache_noprof+0x88/0x660
[  302.031287][T11777]  ? newseg+0x287/0xc60
[  302.031313][T11777]  newseg+0x287/0xc60
[  302.031340][T11777]  ? __pfx_newseg+0x10/0x10
[  302.031363][T11777]  ? ipcget+0x141/0xec0
[  302.031389][T11777]  ? ipcget+0x141/0xec0
[  302.031412][T11777]  ipcget+0xa71/0xec0
[  302.031442][T11777]  ? ipcget+0x141/0xec0
[  302.031464][T11777]  ? __pfx_ipcget+0x10/0x10
[  302.031494][T11777]  __x64_sys_shmget+0x140/0x190
[  302.031520][T11777]  ? __pfx___x64_sys_shmget+0x10/0x10
[  302.031559][T11777]  do_syscall_64+0x14d/0xf80
[  302.031575][T11777]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  302.031592][T11777]  ? clear_bhb_loop+0x40/0x90
[  302.031612][T11777]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  302.031627][T11777] RIP: 0033:0x7f251af9c799
[  302.031643][T11777] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  302.031657][T11777] RSP: 002b:00007f251be54028 EFLAGS: 00000246 ORIG_RAX: 000000000000001d
[  302.031674][T11777] RAX: ffffffffffffffda RBX: 00007f251b215fa0 RCX: 00007f251af9c799
[  302.031686][T11777] RDX: 0000000000000200 RSI: 0000000000002000 RDI: 00000000798dd818
[  302.031699][T11777] RBP: 00007f251be54090 R08: 0000000000000000 R09: 0000000000000000
[  302.031710][T11777] R10: 0000200000ffc000 R11: 0000000000000246 R12: 0000000000000001
[  302.031720][T11777] R13: 00007f251b216038 R14: 00007f251b215fa0 R15: 00007ffd2ff19268
[  302.031753][T11777]  </TASK>
[  302.248352][ T5920] corsair-cpro 0003:1B1C:0C10.0005: unknown main item tag 0x5
[  302.260395][ T5920] corsair-cpro 0003:1B1C:0C10.0005: item fetching failed at offset 4/5
[  302.286023][ T5920] corsair-cpro 0003:1B1C:0C10.0005: probe with driver corsair-cpro failed with error -22
[  302.353634][T11783] comedi comedi0: dt2815: a I/O base address must be specified
[  302.364594][T11783] netlink: 'syz.1.2463': attribute type 1 has an invalid length.
[  302.435407][ T5922] usb 5-1: USB disconnect, device number 7
[  302.489573][T11787] 9p: Bad value for 'rfdno'
[  302.497741][T11787] tmpfs: Invalid gid '0x00000000ffffffff'
[  302.509449][T11787] netlink: 80 bytes leftover after parsing attributes in process `syz.0.2464'.
[  302.568706][   T29] usb 4-1: USB disconnect, device number 11
[  302.707162][T11794] netlink: 152 bytes leftover after parsing attributes in process `syz.0.2467'.
[  303.801129][T11839] comedi comedi0: dt2815: a I/O base address must be specified
[  303.820377][T11839] netlink: 'syz.1.2487': attribute type 1 has an invalid length.
[  304.106986][ T5922] usb 4-1: new high-speed USB device number 12 using dummy_hcd
[  304.275970][ T5922] usb 4-1: Using ep0 maxpacket: 8
[  304.292376][ T5922] usb 4-1: config 0 has no interfaces?
[  304.310415][ T5922] usb 4-1: New USB device found, idVendor=082d, idProduct=0100, bcdDevice=70.4b
[  304.325902][ T5922] usb 4-1: New USB device strings: Mfr=44, Product=2, SerialNumber=3
[  304.334174][T11856] bond0: entered promiscuous mode
[  304.339962][T11856] bond_slave_0: entered promiscuous mode
[  304.347322][T11856] bond_slave_1: entered promiscuous mode
[  304.348133][ T5922] usb 4-1: Product: syz
[  304.365917][ T5922] usb 4-1: Manufacturer: syz
[  304.372158][ T5922] usb 4-1: SerialNumber: syz
[  304.388385][ T5922] usb 4-1: config 0 descriptor??
[  304.623697][ T5922] usb 4-1: USB disconnect, device number 12
[  305.043979][T11879] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2504'.
[  305.053285][ T5922] usb 5-1: new high-speed USB device number 8 using dummy_hcd
[  305.067402][ T5932] usb 2-1: new high-speed USB device number 10 using dummy_hcd
[  305.217855][ T5922] usb 5-1: Using ep0 maxpacket: 32
[  305.226446][ T5932] usb 2-1: Using ep0 maxpacket: 8
[  305.228322][ T5922] usb 5-1: New USB device found, idVendor=055f, idProduct=d001, bcdDevice=88.92
[  305.245952][ T5932] usb 2-1: config 1 interface 2 altsetting 1 endpoint 0x82 has an invalid bInterval 96, changing to 7
[  305.252553][ T5922] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  305.282141][ T5932] usb 2-1: config 1 interface 2 altsetting 1 endpoint 0x82 has invalid maxpacket 33433, setting to 1024
[  305.312052][ T5932] usb 2-1: New USB device found, idVendor=2b73, idProduct=001b, bcdDevice= 0.40
[  305.314764][ T5922] gspca_main: nw80x-2.14.0 probing 055f:d001
[  305.325874][ T5932] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  305.350363][ T5932] usb 2-1: Product: syz
[  305.359375][T11882] comedi comedi0: dt2815: a I/O base address must be specified
[  305.362953][ T5932] usb 2-1: Manufacturer: syz
[  305.380396][T11882] netlink: 'syz.3.2506': attribute type 1 has an invalid length.
[  305.392585][ T5833] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[  305.395986][ T5932] usb 2-1: SerialNumber: syz
[  305.406723][ T5833] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[  305.416557][ T5833] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[  305.427028][ T5833] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[  305.436285][ T5833] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[  305.561292][T11883] lo speed is unknown, defaulting to 1000
[  305.754360][ T5922] gspca_nw80x: reg_r err -71
[  305.768215][T11864] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  305.781419][ T5922] nw80x 5-1:3.0: probe with driver nw80x failed with error -71
[  305.840989][ T5922] usb 5-1: USB disconnect, device number 8
[  306.194965][T11883] chnl_net:caif_netlink_parms(): no params data found
[  306.307235][ T5932] usb 2-1: 1:1 : UAC_AS_GENERAL descriptor not found
[  306.338281][ T5932] usb 2-1: 2:1 : UAC_AS_GENERAL descriptor not found
[  306.494846][ T5932] snd-usb-audio 2-1:1.0: probe with driver snd-usb-audio failed with error -71
[  306.535717][ T5932] usb 2-1: USB disconnect, device number 10
[  306.655094][T11883] bridge0: port 1(bridge_slave_0) entered blocking state
[  306.680691][T10720] udevd[10720]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  306.702366][T11883] bridge0: port 1(bridge_slave_0) entered disabled state
[  306.717885][T11883] bridge_slave_0: entered allmulticast mode
[  306.746573][T11883] bridge_slave_0: entered promiscuous mode
[  306.773138][T11883] bridge0: port 2(bridge_slave_1) entered blocking state
[  306.782090][T11883] bridge0: port 2(bridge_slave_1) entered disabled state
[  306.793391][T11883] bridge_slave_1: entered allmulticast mode
[  306.806321][T11883] bridge_slave_1: entered promiscuous mode
[  306.948746][T11883] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  306.982758][T11883] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  307.026366][   T29] usb 4-1: new high-speed USB device number 13 using dummy_hcd
[  307.162146][T11883] team0: Port device team_slave_0 added
[  307.183767][T11883] team0: Port device team_slave_1 added
[  307.217964][   T29] usb 4-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[  307.250685][   T29] usb 4-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47
[  307.273739][   T29] usb 4-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[  307.288025][   T29] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  307.299920][T11883] batman_adv: batadv0: Adding interface: batadv_slave_0
[  307.301517][T11902] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22
[  307.307856][T11883] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  307.329399][   T29] usb 4-1: Quirk or no altset; falling back to MIDI 1.0
[  307.363038][T11883] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  307.403281][T11883] batman_adv: batadv0: Adding interface: batadv_slave_1
[  307.434374][T11883] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  307.488353][ T5837] Bluetooth: hci1: command tx timeout
[  307.500625][T11883] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  307.531823][T11915] comedi comedi0: dt2815: a I/O base address must be specified
[  307.541046][T11915] netlink: 'syz.1.2514': attribute type 1 has an invalid length.
[  307.719928][   T29] usb 4-1: USB disconnect, device number 13
[  307.843391][T11883] hsr_slave_0: entered promiscuous mode
[  307.871915][T11883] hsr_slave_1: entered promiscuous mode
[  307.893856][T11883] debugfs: 'hsr0' already exists in 'hsr'
[  307.918045][T11883] Cannot create hsr debugfs directory
[  308.389016][T11883] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  308.525925][  T990] usb 5-1: new high-speed USB device number 9 using dummy_hcd
[  308.551425][T11883] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  308.696044][  T990] usb 5-1: Using ep0 maxpacket: 8
[  308.731824][  T990] usb 5-1: config 1 interface 2 altsetting 1 endpoint 0x82 has an invalid bInterval 96, changing to 7
[  308.753143][  T990] usb 5-1: config 1 interface 2 altsetting 1 endpoint 0x82 has invalid maxpacket 33433, setting to 1024
[  308.778815][T11883] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  308.800207][  T990] usb 5-1: New USB device found, idVendor=2b73, idProduct=001b, bcdDevice= 0.40
[  308.822299][  T990] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  308.829523][T11938] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=198462431 (396924862 ns) > initial count (148514 ns). Using initial count to start timer.
[  308.835306][  T990] usb 5-1: Product: syz
[  308.864681][  T990] usb 5-1: Manufacturer: syz
[  308.872860][  T990] usb 5-1: SerialNumber: syz
[  308.968081][T11883] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  309.085687][T11931] netlink: 172 bytes leftover after parsing attributes in process `syz.3.2519'.
[  309.261473][T11883] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  309.279582][T11883] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  309.297515][T11883] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  309.305163][ T5920] usb 2-1: new high-speed USB device number 11 using dummy_hcd
[  309.319875][T11883] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  309.483743][ T5920] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 0, changing to 7
[  309.504795][ T5920] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x3 has invalid wMaxPacketSize 0
[  309.526494][ T5920] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x8A has an invalid bInterval 0, changing to 7
[  309.553398][ T5920] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x8A has invalid wMaxPacketSize 0
[  309.569072][  T990] usb 5-1: 1:1 : UAC_AS_GENERAL descriptor not found
[  309.577061][ T5837] Bluetooth: hci1: command tx timeout
[  309.584111][  T990] usb 5-1: 2:1 : UAC_AS_GENERAL descriptor not found
[  309.604909][T11883] 8021q: adding VLAN 0 to HW filter on device bond0
[  309.608888][ T5920] usb 2-1: New USB device found, idVendor=0a07, idProduct=00d0, bcdDevice=10.13
[  309.623429][ T5920] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  309.653566][T11883] 8021q: adding VLAN 0 to HW filter on device team0
[  309.662777][ T5920] usb 2-1: Product: syz
[  309.668676][ T5920] usb 2-1: Manufacturer: syz
[  309.677576][   T13] bridge0: port 1(bridge_slave_0) entered blocking state
[  309.681767][ T5920] usb 2-1: SerialNumber: syz
[  309.684856][   T13] bridge0: port 1(bridge_slave_0) entered forwarding state
[  309.700205][ T5920] usb 2-1: config 0 descriptor??
[  309.721734][   T13] bridge0: port 2(bridge_slave_1) entered blocking state
[  309.723947][  T990] snd-usb-audio 5-1:1.0: probe with driver snd-usb-audio failed with error -71
[  309.729896][   T13] bridge0: port 2(bridge_slave_1) entered forwarding state
[  309.762128][  T990] usb 5-1: USB disconnect, device number 9
[  309.776898][ T5834] usb 4-1: new high-speed USB device number 14 using dummy_hcd
[  309.815703][T10720] udevd[10720]: error opening ATTR{/sys/devices/platform/dummy_hcd.4/usb5/5-1/5-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  309.928244][ T5920] adutux 2-1:0.0: ADU208 4242424 now attached to /dev/usb/adutux0
[  309.936772][ T5834] usb 4-1: Using ep0 maxpacket: 32
[  309.949657][ T5834] usb 4-1: config 0 has an invalid interface number: 85 but max is 0
[  309.967406][ T5834] usb 4-1: config 0 has no interface number 0
[  309.973616][ T5834] usb 4-1: config 0 interface 85 altsetting 7 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  309.987399][ T5834] usb 4-1: config 0 interface 85 has no altsetting 0
[  309.997993][ T5834] usb 4-1: New USB device found, idVendor=05ac, idProduct=0219, bcdDevice=f0.72
[  310.007925][ T5834] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  310.017450][ T5834] usb 4-1: Product: syz
[  310.021798][ T5834] usb 4-1: Manufacturer: syz
[  310.029450][ T5834] usb 4-1: SerialNumber: syz
[  310.038936][ T5834] usb 4-1: config 0 descriptor??
[  310.133813][T11941] usb 2-1: Couldn't submit interrupt_out_urb -90
[  310.171386][   T29] usb 2-1: USB disconnect, device number 11
[  310.174995][T11883] 8021q: adding VLAN 0 to HW filter on device batadv0
[  310.320333][T11883] veth0_vlan: entered promiscuous mode
[  310.367518][T11883] veth1_vlan: entered promiscuous mode
[  310.463511][T11883] veth0_macvtap: entered promiscuous mode
[  310.501863][T11883] veth1_macvtap: entered promiscuous mode
[  310.574099][T11883] batman_adv: batadv0: Interface activated: batadv_slave_0
[  310.633592][T11883] batman_adv: batadv0: Interface activated: batadv_slave_1
[  310.661272][ T5834] appletouch 4-1:0.85: Geyser mode initialized.
[  310.675128][   T13] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  310.691261][ T5834] input: appletouch as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.85/input/input8
[  310.704385][   T13] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  310.737026][   T13] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  310.765519][   T13] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  310.843108][T11960] comedi comedi0: dt2815: a I/O base address must be specified
[  310.883674][T11960] netlink: 'syz.4.2527': attribute type 1 has an invalid length.
[  311.115514][  T392] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  311.139536][  T392] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  311.198029][   T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  311.207461][   T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  311.646105][ T5837] Bluetooth: hci1: command tx timeout
[  311.665940][ T5920] usb 1-1: new high-speed USB device number 10 using dummy_hcd
[  311.827457][ T5920] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 0, changing to 7
[  311.839286][ T5920] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x3 has invalid wMaxPacketSize 0
[  311.849210][ T5920] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x8A has an invalid bInterval 0, changing to 7
[  311.860153][ T5920] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x8A has invalid wMaxPacketSize 0
[  311.871938][ T5920] usb 1-1: New USB device found, idVendor=0a07, idProduct=00d0, bcdDevice=10.13
[  311.881233][    T9] usb 2-1: new high-speed USB device number 12 using dummy_hcd
[  311.889161][ T5920] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  311.897759][ T5920] usb 1-1: Product: syz
[  311.902833][ T5920] usb 1-1: Manufacturer: syz
[  311.907986][ T5920] usb 1-1: SerialNumber: syz
[  311.915484][ T5920] usb 1-1: config 0 descriptor??
[  312.006043][ T5834] usb 5-1: new high-speed USB device number 10 using dummy_hcd
[  312.069062][    T9] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  312.080386][    T9] usb 2-1: New USB device found, idVendor=0cf3, idProduct=9374, bcdDevice=bc.3b
[  312.090452][    T9] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  312.101339][    T9] usb 2-1: config 0 descriptor??
[  312.125132][ T5920] adutux 1-1:0.0: ADU208 4242424 now attached to /dev/usb/adutux0
[  312.166032][ T5834] usb 5-1: Using ep0 maxpacket: 16
[  312.173375][ T5834] usb 5-1: config 0 has an invalid interface number: 105 but max is 0
[  312.182203][ T5834] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  312.194083][ T5834] usb 5-1: config 0 has no interface number 0
[  312.203909][ T5834] usb 5-1: New USB device found, idVendor=046d, idProduct=08f3, bcdDevice= b.28
[  312.213332][ T5834] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  312.221611][ T5834] usb 5-1: Product: syz
[  312.226191][ T5834] usb 5-1: Manufacturer: syz
[  312.230873][ T5834] usb 5-1: SerialNumber: syz
[  312.242528][ T5834] usb 5-1: config 0 descriptor??
[  312.253279][ T5834] uvcvideo 5-1:0.105: Found UVC 0.00 device syz (046d:08f3)
[  312.260919][ T5834] uvcvideo 5-1:0.105: No valid video chain found.
[  312.336678][ T5920] usb 1-1: USB disconnect, device number 10
[  312.455318][ T5834] usb 5-1: USB disconnect, device number 10
[  312.511294][    T9] ath6kl: Failed to read usb control message: -71
[  312.518164][    T9] ath6kl: Unable to read the bmi data from the device: -71
[  312.529982][    T9] ath6kl: Unable to recv target info: -71
[  312.539929][    T9] ath6kl: Failed to init ath6kl core: -71
[  312.551969][    T9] ath6kl_usb 2-1:0.0: probe with driver ath6kl_usb failed with error -71
[  312.565669][    T9] usb 2-1: USB disconnect, device number 12
[  312.588753][ T5922] usb 4-1: USB disconnect, device number 14
[  312.658577][ T5922] appletouch 4-1:0.85: input: appletouch disconnected
[  312.882936][T11985] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2535'.
[  312.932328][T11986] netlink: 'syz.0.2535': attribute type 11 has an invalid length.
[  312.942627][T11985] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2535'.
[  312.991393][T11985] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2535'.
[  313.061105][T11985] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2535'.
[  313.086013][ T5922] usb 4-1: new high-speed USB device number 15 using dummy_hcd
[  313.131972][T11985] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2535'.
[  313.259629][ T5922] usb 4-1: unable to get BOS descriptor or descriptor too short
[  313.259865][T11985] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2535'.
[  313.297680][ T5922] usb 4-1: config 1 interface 0 has no altsetting 0
[  313.320292][ T5922] usb 4-1: string descriptor 0 read error: -22
[  313.333629][ T5922] usb 4-1: New USB device found, idVendor=1e7d, idProduct=2ced, bcdDevice= 0.40
[  313.371901][ T5922] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  313.392226][T11985] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2535'.
[  313.484624][T11985] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2535'.
[  313.595361][T11985] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2535'.
[  313.705746][T12016] comedi comedi0: dt2815: a I/O base address must be specified
[  313.720874][T12016] netlink: 'syz.1.2540': attribute type 1 has an invalid length.
[  313.729095][ T5837] Bluetooth: hci1: command tx timeout
[  313.845777][ T5922] kone 0003:1E7D:2CED.0006: unknown main item tag 0x0
[  313.866806][ T5922] kone 0003:1E7D:2CED.0006: unknown main item tag 0x0
[  313.878741][ T5922] kone 0003:1E7D:2CED.0006: unknown main item tag 0x0
[  313.896141][ T5922] kone 0003:1E7D:2CED.0006: unknown main item tag 0x0
[  313.906021][ T5922] kone 0003:1E7D:2CED.0006: unknown main item tag 0x0
[  313.923370][ T5922] kone 0003:1E7D:2CED.0006: unknown main item tag 0x0
[  313.949659][ T5922] kone 0003:1E7D:2CED.0006: unknown main item tag 0x0
[  313.980783][ T5922] kone 0003:1E7D:2CED.0006: unknown main item tag 0x0
[  314.000625][ T5922] kone 0003:1E7D:2CED.0006: unknown main item tag 0x0
[  314.008883][ T5922] kone 0003:1E7D:2CED.0006: unknown main item tag 0x0
[  314.039526][T11983] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  314.070699][T11983] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  314.099496][T11983] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  314.126154][T11983] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  314.151401][ T5922] kone 0003:1E7D:2CED.0006: hidraw0: USB HID v0.05 Device [HID 1e7d:2ced] on usb-dummy_hcd.3-1/input0
[  314.402659][T12034] bond0: entered promiscuous mode
[  314.411278][T12034] bond_slave_0: entered promiscuous mode
[  314.428754][T12034] bond_slave_1: entered promiscuous mode
[  314.465592][T12037] __nla_validate_parse: 1 callbacks suppressed
[  314.465613][T12037] netlink: 92 bytes leftover after parsing attributes in process `syz.4.2546'.
[  315.495496][T12063] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  315.521628][T12064] Invalid source name
[  315.844371][ T5922] kone 0003:1E7D:2CED.0006: couldn't init struct kone_device
[  315.884098][ T5922] kone 0003:1E7D:2CED.0006: couldn't install mouse
[  315.927495][ T5922] kone 0003:1E7D:2CED.0006: probe with driver kone failed with error -5
[  315.970471][ T5922] usb 4-1: USB disconnect, device number 15
[  316.767179][ T5920] usb 5-1: new high-speed USB device number 11 using dummy_hcd
[  316.937280][ T5920] usb 5-1: Using ep0 maxpacket: 8
[  316.944200][ T5920] usb 5-1: config 179 has an invalid interface number: 65 but max is 0
[  316.953739][ T5920] usb 5-1: config 179 has no interface number 0
[  316.962628][ T5920] usb 5-1: config 179 interface 65 altsetting 0 endpoint 0xF has an invalid bInterval 0, changing to 7
[  316.976886][ T5920] usb 5-1: config 179 interface 65 altsetting 0 endpoint 0xF has invalid maxpacket 1025, setting to 1024
[  316.989128][ T5920] usb 5-1: config 179 interface 65 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7
[  317.001432][ T5920] usb 5-1: config 179 interface 65 altsetting 0 endpoint 0x83 has invalid maxpacket 41728, setting to 1024
[  317.013752][ T5920] usb 5-1: config 179 interface 65 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 23
[  317.028999][ T5920] usb 5-1: New USB device found, idVendor=12ab, idProduct=90a3, bcdDevice=1e.eb
[  317.038513][ T5920] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  317.056798][T12106] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22
[  317.307254][ T5920] input: Generic X-Box pad as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:179.65/input/input9
[  317.410485][ T1309] ieee802154 phy0 wpan0: encryption failed: -22
[  317.422626][ T1309] ieee802154 phy1 wpan1: encryption failed: -22
[  317.443370][T12132] libceph: resolve '4' (ret=-3): failed
[  318.441681][T12165] batadv_slave_0: entered promiscuous mode
[  318.463437][T12165] batadv_slave_0: left promiscuous mode
[  318.783610][T12173] netlink: 216 bytes leftover after parsing attributes in process `syz.0.2601'.
[  319.560989][  T990] usb 5-1: USB disconnect, device number 11
[  319.561059][    C0] xpad 5-1:179.65: xpad_irq_in - usb_submit_urb failed with result -19
[  319.575820][    C0] xpad 5-1:179.65: xpad_irq_out - usb_submit_urb failed with result -19
[  319.846073][   T30] audit: type=1800 audit(1773463523.445:14): pid=12212 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.0.2616" name="SYSV00000000" dev="tmpfs" ino=0 res=0 errno=0
[  319.997879][T12220] FAULT_INJECTION: forcing a failure.
[  319.997879][T12220] name failslab, interval 1, probability 0, space 0, times 0
[  320.010977][T12220] CPU: 0 UID: 0 PID: 12220 Comm: syz.4.2618 Not tainted syzkaller #0 PREEMPT(full) 
[  320.011012][T12220] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[  320.011024][T12220] Call Trace:
[  320.011032][T12220]  <TASK>
[  320.011040][T12220]  dump_stack_lvl+0xe8/0x150
[  320.011077][T12220]  should_fail_ex+0x412/0x560
[  320.011106][T12220]  should_failslab+0xa8/0x100
[  320.011131][T12220]  __kmalloc_noprof+0xe8/0x760
[  320.011162][T12220]  ? tomoyo_encode+0x28b/0x550
[  320.011199][T12220]  tomoyo_encode+0x28b/0x550
[  320.011234][T12220]  tomoyo_realpath_from_path+0x58d/0x5d0
[  320.011275][T12220]  ? tomoyo_path_number_perm+0x219/0x630
[  320.011300][T12220]  tomoyo_path_number_perm+0x246/0x630
[  320.011329][T12220]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  320.011359][T12220]  ? __lock_acquire+0x6b5/0x2cf0
[  320.011410][T12220]  ? __mutex_unlock_slowpath+0x1bd/0x7d0
[  320.011454][T12220]  ? __fget_files+0x2a/0x420
[  320.011485][T12220]  ? __fget_files+0x2a/0x420
[  320.011509][T12220]  ? __fget_files+0x3a0/0x420
[  320.011534][T12220]  ? __fget_files+0x2a/0x420
[  320.011563][T12220]  security_file_ioctl+0xc3/0x2a0
[  320.011589][T12220]  __se_sys_ioctl+0x47/0x170
[  320.011612][T12220]  do_syscall_64+0x14d/0xf80
[  320.011629][T12220]  ? trace_irq_disable+0x3b/0x150
[  320.011650][T12220]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  320.011670][T12220]  ? clear_bhb_loop+0x40/0x90
[  320.011695][T12220]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  320.011716][T12220] RIP: 0033:0x7f843739c799
[  320.011736][T12220] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  320.011753][T12220] RSP: 002b:00007f8438296028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  320.011776][T12220] RAX: ffffffffffffffda RBX: 00007f8437615fa0 RCX: 00007f843739c799
[  320.011791][T12220] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000007
[  320.011804][T12220] RBP: 00007f8438296090 R08: 0000000000000000 R09: 0000000000000000
[  320.011817][T12220] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  320.011829][T12220] R13: 00007f8437616038 R14: 00007f8437615fa0 R15: 00007ffd9b774378
[  320.011863][T12220]  </TASK>
[  320.011899][T12220] ERROR: Out of memory at tomoyo_realpath_from_path.
[  320.235981][ T5898] usb 4-1: new high-speed USB device number 16 using dummy_hcd
[  320.258433][T12220] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[  320.410469][ T5898] usb 4-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3
[  320.438567][ T5898] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  320.472073][ T5898] usb 4-1: config 0 descriptor??
[  320.511516][ T5898] cp210x 4-1:0.0: cp210x converter detected
[  320.621636][T12234] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[  320.695756][ T5898] cp210x 4-1:0.0: failed to get vendor val 0x370b size 1: -121
[  320.704040][ T5898] cp210x 4-1:0.0: querying part number failed
[  320.730474][ T5898] usb 4-1: cp210x converter now attached to ttyUSB0
[  320.829037][T12233] netlink: 56 bytes leftover after parsing attributes in process `syz.1.2623'.
[  320.849538][T12233] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2623'.
[  321.402637][T12263] sctp: [Deprecated]: syz.4.2635 (pid 12263) Use of int in max_burst socket option deprecated.
[  321.402637][T12263] Use struct sctp_assoc_value instead
[  323.179277][    T9] usb 4-1: USB disconnect, device number 16
[  323.198014][    T9] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0
[  323.891954][    T9] cp210x 4-1:0.0: device disconnected
[  324.517384][ T5922] usb 4-1: new high-speed USB device number 17 using dummy_hcd
[  324.646080][ T5920] usb 1-1: new high-speed USB device number 11 using dummy_hcd
[  324.709309][ T5922] usb 4-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3
[  324.727580][ T5922] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  324.761899][ T5922] usb 4-1: config 0 descriptor??
[  324.788484][ T5922] cp210x 4-1:0.0: cp210x converter detected
[  324.815962][ T5920] usb 1-1: Using ep0 maxpacket: 8
[  324.833146][ T5920] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  324.850337][ T5920] usb 1-1: New USB device found, idVendor=046d, idProduct=0892, bcdDevice=6d.2a
[  324.869987][ T5920] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  324.904486][ T5920] usb 1-1: config 0 descriptor??
[  324.927231][ T5920] gspca_main: vc032x-2.14.0 probing 046d:0892
[  324.988668][ T5922] cp210x 4-1:0.0: failed to get vendor val 0x370b size 1: -121
[  324.999603][T12336] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2666'.
[  325.025903][ T5922] cp210x 4-1:0.0: querying part number failed
[  325.044639][T12348] IPVS: sync thread started: state = BACKUP, mcast_ifn = vcan0, syncid = 0, id = 0
[  325.047737][ T5922] usb 4-1: cp210x converter now attached to ttyUSB0
[  326.435916][ T5920] usb 2-1: new high-speed USB device number 13 using dummy_hcd
[  326.618456][ T5920] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  326.621844][   T29] usb 1-1: USB disconnect, device number 11
[  326.630249][ T5920] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  326.669860][ T5920] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  326.685198][ T5920] usb 2-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  326.712015][ T5920] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  326.738719][ T5920] usb 2-1: config 0 descriptor??
[  326.895962][ T5922] usb 5-1: new high-speed USB device number 12 using dummy_hcd
[  326.965288][ T5920] usbhid 2-1:0.0: can't add hid device: -71
[  326.983507][ T5920] usbhid 2-1:0.0: probe with driver usbhid failed with error -71
[  327.030974][ T5920] usb 2-1: USB disconnect, device number 13
[  327.069318][ T5922] usb 5-1: Using ep0 maxpacket: 16
[  327.090910][ T5922] usb 5-1: config 0 has an invalid interface number: 105 but max is 0
[  327.109019][ T5922] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  327.119661][ T5922] usb 5-1: config 0 has no interface number 0
[  327.132689][T12381] netlink: 260 bytes leftover after parsing attributes in process `syz.1.2682'.
[  327.145705][ T5922] usb 5-1: New USB device found, idVendor=046d, idProduct=08f3, bcdDevice= b.28
[  327.156574][ T5922] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  327.166661][ T5922] usb 5-1: Product: syz
[  327.171552][ T5922] usb 5-1: Manufacturer: syz
[  327.176739][ T5922] usb 5-1: SerialNumber: syz
[  327.197035][ T5922] usb 5-1: config 0 descriptor??
[  327.209637][ T5922] uvcvideo 5-1:0.105: Found UVC 0.00 device syz (046d:08f3)
[  327.229932][ T5922] uvcvideo 5-1:0.105: No valid video chain found.
[  327.336369][ T5920] usb 4-1: USB disconnect, device number 17
[  327.384025][ T5920] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0
[  327.413043][ T5920] cp210x 4-1:0.0: device disconnected
[  327.418197][ T5922] usb 5-1: USB disconnect, device number 12
[  327.749191][T12394] FAULT_INJECTION: forcing a failure.
[  327.749191][T12394] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  327.762431][T12394] CPU: 0 UID: 0 PID: 12394 Comm: syz.1.2685 Not tainted syzkaller #0 PREEMPT(full) 
[  327.762458][T12394] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[  327.762470][T12394] Call Trace:
[  327.762478][T12394]  <TASK>
[  327.762486][T12394]  dump_stack_lvl+0xe8/0x150
[  327.762518][T12394]  should_fail_ex+0x412/0x560
[  327.762535][T12394]  _copy_from_user+0x2d/0xb0
[  327.762550][T12394]  ___sys_sendmsg+0x1c6/0x360
[  327.762566][T12394]  ? __pfx____sys_sendmsg+0x10/0x10
[  327.762600][T12394]  ? __fget_files+0x2a/0x420
[  327.762625][T12394]  ? __fget_files+0x3a0/0x420
[  327.762657][T12394]  __x64_sys_sendmsg+0x1bd/0x2a0
[  327.762671][T12394]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  327.762687][T12394]  ? __pfx_ksys_write+0x10/0x10
[  327.762712][T12394]  do_syscall_64+0x14d/0xf80
[  327.762722][T12394]  ? trace_irq_disable+0x3b/0x150
[  327.762737][T12394]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  327.762749][T12394]  ? clear_bhb_loop+0x40/0x90
[  327.762764][T12394]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  327.762776][T12394] RIP: 0033:0x7f251af9c799
[  327.762789][T12394] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  327.762799][T12394] RSP: 002b:00007f251be54028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  327.762814][T12394] RAX: ffffffffffffffda RBX: 00007f251b215fa0 RCX: 00007f251af9c799
[  327.762823][T12394] RDX: 0000000020000004 RSI: 0000200000000100 RDI: 0000000000000003
[  327.762831][T12394] RBP: 00007f251be54090 R08: 0000000000000000 R09: 0000000000000000
[  327.762838][T12394] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  327.762845][T12394] R13: 00007f251b216038 R14: 00007f251b215fa0 R15: 00007ffd2ff19268
[  327.762863][T12394]  </TASK>
[  328.006620][ T5920] usb 4-1: new high-speed USB device number 18 using dummy_hcd
[  328.025535][T12396] FAULT_INJECTION: forcing a failure.
[  328.025535][T12396] name failslab, interval 1, probability 0, space 0, times 0
[  328.042995][T12396] CPU: 1 UID: 0 PID: 12396 Comm: syz.4.2687 Not tainted syzkaller #0 PREEMPT(full) 
[  328.043023][T12396] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[  328.043035][T12396] Call Trace:
[  328.043043][T12396]  <TASK>
[  328.043052][T12396]  dump_stack_lvl+0xe8/0x150
[  328.043086][T12396]  should_fail_ex+0x412/0x560
[  328.043113][T12396]  should_failslab+0xa8/0x100
[  328.043136][T12396]  kmem_cache_alloc_node_noprof+0x8f/0x690
[  328.043164][T12396]  ? __alloc_skb+0x186/0x7d0
[  328.043188][T12396]  ? __alloc_skb+0x1d0/0x7d0
[  328.043211][T12396]  ? __local_bh_enable_ip+0xd0/0x130
[  328.043243][T12396]  __alloc_skb+0x1d0/0x7d0
[  328.043267][T12396]  ? bpf_lsm_socket_getpeersec_dgram+0x9/0x20
[  328.043302][T12396]  netlink_sendmsg+0x5d4/0xb40
[  328.043339][T12396]  ? __pfx_netlink_sendmsg+0x10/0x10
[  328.043367][T12396]  ? tomoyo_socket_sendmsg_permission+0x1e0/0x300
[  328.043404][T12396]  ? __pfx_netlink_sendmsg+0x10/0x10
[  328.043426][T12396]  sock_sendmsg_nosec+0x112/0x150
[  328.043447][T12396]  ____sys_sendmsg+0x589/0x8c0
[  328.043464][T12396]  ? __pfx_____sys_sendmsg+0x10/0x10
[  328.043487][T12396]  ? import_iovec+0x73/0xa0
[  328.043503][T12396]  ___sys_sendmsg+0x2a5/0x360
[  328.043517][T12396]  ? __pfx____sys_sendmsg+0x10/0x10
[  328.043547][T12396]  ? __fget_files+0x2a/0x420
[  328.043562][T12396]  ? __fget_files+0x3a0/0x420
[  328.043582][T12396]  __x64_sys_sendmsg+0x1bd/0x2a0
[  328.043601][T12396]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  328.043618][T12396]  ? __pfx_ksys_write+0x10/0x10
[  328.043636][T12396]  do_syscall_64+0x14d/0xf80
[  328.043646][T12396]  ? trace_irq_disable+0x3b/0x150
[  328.043661][T12396]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  328.043673][T12396]  ? clear_bhb_loop+0x40/0x90
[  328.043687][T12396]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  328.043699][T12396] RIP: 0033:0x7f843739c799
[  328.043719][T12396] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  328.043730][T12396] RSP: 002b:00007f8438296028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  328.043745][T12396] RAX: ffffffffffffffda RBX: 00007f8437615fa0 RCX: 00007f843739c799
[  328.043754][T12396] RDX: 0000000000000000 RSI: 0000200000002a40 RDI: 0000000000000004
[  328.043761][T12396] RBP: 00007f8438296090 R08: 0000000000000000 R09: 0000000000000000
[  328.043769][T12396] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  328.043776][T12396] R13: 00007f8437616038 R14: 00007f8437615fa0 R15: 00007ffd9b774378
[  328.043793][T12396]  </TASK>
[  328.378040][ T5920] usb 4-1: Using ep0 maxpacket: 16
[  328.399979][ T5920] usb 4-1: config 0 has an invalid interface number: 105 but max is 0
[  328.422974][ T5920] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  328.447408][ T5920] usb 4-1: config 0 has no interface number 0
[  328.466889][ T5920] usb 4-1: New USB device found, idVendor=046d, idProduct=08f3, bcdDevice= b.28
[  328.496424][ T5920] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  328.530662][ T5920] usb 4-1: Product: syz
[  328.537827][T12405] FAULT_INJECTION: forcing a failure.
[  328.537827][T12405] name failslab, interval 1, probability 0, space 0, times 0
[  328.551203][T12405] CPU: 1 UID: 0 PID: 12405 Comm: syz.4.2690 Not tainted syzkaller #0 PREEMPT(full) 
[  328.551230][T12405] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[  328.551242][T12405] Call Trace:
[  328.551250][T12405]  <TASK>
[  328.551258][T12405]  dump_stack_lvl+0xe8/0x150
[  328.551294][T12405]  should_fail_ex+0x412/0x560
[  328.551322][T12405]  should_failslab+0xa8/0x100
[  328.551344][T12405]  __kmalloc_noprof+0xe8/0x760
[  328.551375][T12405]  ? tomoyo_encode+0x28b/0x550
[  328.551411][T12405]  tomoyo_encode+0x28b/0x550
[  328.551447][T12405]  tomoyo_realpath_from_path+0x58d/0x5d0
[  328.551487][T12405]  ? tomoyo_path_number_perm+0x219/0x630
[  328.551513][T12405]  tomoyo_path_number_perm+0x246/0x630
[  328.551543][T12405]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  328.551570][T12405]  ? __lock_acquire+0x6b5/0x2cf0
[  328.551621][T12405]  ? __mutex_unlock_slowpath+0x1bd/0x7d0
[  328.551664][T12405]  ? __fget_files+0x2a/0x420
[  328.551695][T12405]  ? __fget_files+0x2a/0x420
[  328.551728][T12405]  ? __fget_files+0x3a0/0x420
[  328.551753][T12405]  ? __fget_files+0x2a/0x420
[  328.551783][T12405]  security_file_ioctl+0xc3/0x2a0
[  328.551810][T12405]  __se_sys_ioctl+0x47/0x170
[  328.551833][T12405]  do_syscall_64+0x14d/0xf80
[  328.551852][T12405]  ? trace_irq_disable+0x3b/0x150
[  328.551875][T12405]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  328.551894][T12405]  ? clear_bhb_loop+0x40/0x90
[  328.551918][T12405]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  328.551936][T12405] RIP: 0033:0x7f843739c799
[  328.551953][T12405] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  328.551971][T12405] RSP: 002b:00007f8438296028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  328.551992][T12405] RAX: ffffffffffffffda RBX: 00007f8437615fa0 RCX: 00007f843739c799
[  328.552006][T12405] RDX: 0000000000000004 RSI: 0000000000004c06 RDI: 0000000000000003
[  328.552018][T12405] RBP: 00007f8438296090 R08: 0000000000000000 R09: 0000000000000000
[  328.552029][T12405] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  328.552039][T12405] R13: 00007f8437616038 R14: 00007f8437615fa0 R15: 00007ffd9b774378
[  328.552068][T12405]  </TASK>
[  328.552117][T12405] ERROR: Out of memory at tomoyo_realpath_from_path.
[  328.553064][ T5920] usb 4-1: Manufacturer: syz
[  328.746972][T12407] FAULT_INJECTION: forcing a failure.
[  328.746972][T12407] name failslab, interval 1, probability 0, space 0, times 0
[  328.779235][ T5920] usb 4-1: SerialNumber: syz
[  328.788974][T12407] CPU: 1 UID: 0 PID: 12407 Comm: syz.0.2691 Not tainted syzkaller #0 PREEMPT(full) 
[  328.789000][T12407] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[  328.789011][T12407] Call Trace:
[  328.789019][T12407]  <TASK>
[  328.789026][T12407]  dump_stack_lvl+0xe8/0x150
[  328.789059][T12407]  should_fail_ex+0x412/0x560
[  328.789084][T12407]  should_failslab+0xa8/0x100
[  328.789106][T12407]  __kmalloc_noprof+0xe8/0x760
[  328.789133][T12407]  ? tomoyo_encode+0x28b/0x550
[  328.789164][T12407]  tomoyo_encode+0x28b/0x550
[  328.789196][T12407]  tomoyo_realpath_from_path+0x58d/0x5d0
[  328.789233][T12407]  ? tomoyo_path_number_perm+0x219/0x630
[  328.789257][T12407]  tomoyo_path_number_perm+0x246/0x630
[  328.789283][T12407]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  328.789309][T12407]  ? __lock_acquire+0x6b5/0x2cf0
[  328.789347][T12407]  ? __mutex_unlock_slowpath+0x1bd/0x7d0
[  328.789385][T12407]  ? __fget_files+0x2a/0x420
[  328.789412][T12407]  ? __fget_files+0x2a/0x420
[  328.789433][T12407]  ? __fget_files+0x3a0/0x420
[  328.789463][T12407]  ? __fget_files+0x2a/0x420
[  328.789489][T12407]  security_file_ioctl+0xc3/0x2a0
[  328.789513][T12407]  __se_sys_ioctl+0x47/0x170
[  328.789535][T12407]  do_syscall_64+0x14d/0xf80
[  328.789551][T12407]  ? trace_irq_disable+0x3b/0x150
[  328.789571][T12407]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  328.789594][T12407]  ? clear_bhb_loop+0x40/0x90
[  328.789617][T12407]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  328.789635][T12407] RIP: 0033:0x7ff859b9c799
[  328.789653][T12407] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  328.789668][T12407] RSP: 002b:00007ff85aab2028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  328.789688][T12407] RAX: ffffffffffffffda RBX: 00007ff859e15fa0 RCX: 00007ff859b9c799
[  328.789702][T12407] RDX: 0000200000000180 RSI: 00000000400448c8 RDI: 0000000000000004
[  328.789715][T12407] RBP: 00007ff85aab2090 R08: 0000000000000000 R09: 0000000000000000
[  328.789725][T12407] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  328.789736][T12407] R13: 00007ff859e16038 R14: 00007ff859e15fa0 R15: 00007ffd1ce061f8
[  328.789765][T12407]  </TASK>
[  328.789809][T12407] ERROR: Out of memory at tomoyo_realpath_from_path.
[  328.853151][ T5920] usb 4-1: config 0 descriptor??
[  328.861742][ T5920] uvcvideo 4-1:0.105: Found UVC 0.00 device syz (046d:08f3)
[  329.079222][ T5920] uvcvideo 4-1:0.105: No valid video chain found.
[  329.131072][ T5920] usb 4-1: USB disconnect, device number 18
[  329.313416][T12421] bond0: entered promiscuous mode
[  329.321318][T12421] bond_slave_0: entered promiscuous mode
[  329.328536][T12421] bond_slave_1: entered promiscuous mode
[  329.385980][   T29] usb 1-1: new high-speed USB device number 12 using dummy_hcd
[  329.397960][T12423] lo speed is unknown, defaulting to 1000
[  329.549738][   T29] usb 1-1: config 1 has an invalid interface number: 7 but max is 0
[  329.575921][   T29] usb 1-1: config 1 has no interface number 0
[  329.588509][   T29] usb 1-1: config 1 interface 7 altsetting 0 bulk endpoint 0x7 has invalid maxpacket 64
[  329.610660][   T29] usb 1-1: config 1 interface 7 altsetting 0 has a duplicate endpoint with address 0x7, skipping
[  329.631418][   T29] usb 1-1: config 1 interface 7 altsetting 0 endpoint 0x9 has an invalid bInterval 0, changing to 7
[  329.669020][   T29] usb 1-1: New USB device found, idVendor=1199, idProduct=68a3, bcdDevice= 0.00
[  329.691351][   T29] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  329.722681][   T29] usb 1-1: Product: syz
[  329.735017][   T29] usb 1-1: Manufacturer: syz
[  329.761610][   T29] usb 1-1: SerialNumber: syz
[  329.793878][T12417] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22
[  329.841551][   T29] usb 1-1: Expected 3 endpoints, found: 2
[  329.846352][T12430] 
[  329.849693][T12430] ======================================================
[  329.856735][T12430] WARNING: possible circular locking dependency detected
[  329.863771][T12430] syzkaller #0 Not tainted
[  329.868193][T12430] ------------------------------------------------------
[  329.875224][T12430] syz.3.2700/12430 is trying to acquire lock:
[  329.881301][T12430] ffff88807f1128b8 (&mm->mmap_lock){++++}-{4:4}, at: __might_fault+0xaf/0x130
[  329.890217][T12430] 
[  329.890217][T12430] but task is already holding lock:
[  329.897597][T12430] ffff88805bb22030 (&ctx->map_changing_lock){.+.+}-{4:4}, at: mfill_get_vma+0x162/0x660
[  329.907368][T12430] 
[  329.907368][T12430] which lock already depends on the new lock.
[  329.907368][T12430] 
[  329.917798][T12430] 
[  329.917798][T12430] the existing dependency chain (in reverse order) is:
[  329.926825][T12430] 
[  329.926825][T12430] -> #2 (&ctx->map_changing_lock){.+.+}-{4:4}:
[  329.935198][T12430]        down_read+0x47/0x2e0
[  329.939901][T12430]        mfill_get_vma+0x162/0x660
[  329.945032][T12430]        mfill_atomic_poison+0x194/0x13c0
[  329.950862][T12430]        userfaultfd_ioctl+0x25cb/0x4c70
[  329.956521][T12430]        __se_sys_ioctl+0xfc/0x170
[  329.961648][T12430]        do_syscall_64+0x14d/0xf80
[  329.966777][T12430]        entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  329.973210][T12430] 
[  329.973210][T12430] -> #1 (vm_lock){++++}-{0:0}:
[  329.980184][T12430]        __vma_start_exclude_readers+0x28a/0x940
[  329.986536][T12430]        __vma_start_write+0xdc/0x290
[  329.991931][T12430]        mprotect_fixup+0x5eb/0xa80
[  329.997147][T12430]        setup_arg_pages+0x565/0xac0
[  330.002454][T12430]        load_elf_binary+0xc5e/0x2980
[  330.007836][T12430]        bprm_execve+0x949/0x1470
[  330.012871][T12430]        kernel_execve+0x844/0x930
[  330.017999][T12430]        try_to_run_init_process+0x13/0x60
[  330.023831][T12430]        kernel_init+0xad/0x1d0
[  330.028700][T12430]        ret_from_fork+0x51e/0xb90
[  330.033832][T12430]        ret_from_fork_asm+0x1a/0x30
[  330.039136][T12430] 
[  330.039136][T12430] -> #0 (&mm->mmap_lock){++++}-{4:4}:
[  330.046716][T12430]        __lock_acquire+0x15a5/0x2cf0
[  330.052118][T12430]        lock_acquire+0xf0/0x2e0
[  330.057076][T12430]        __might_fault+0xcb/0x130
[  330.062127][T12430]        userfaultfd_ioctl+0x2c01/0x4c70
[  330.067785][T12430]        __se_sys_ioctl+0xfc/0x170
[  330.072915][T12430]        do_syscall_64+0x14d/0xf80
[  330.078133][T12430]        entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  330.084569][T12430] 
[  330.084569][T12430] other info that might help us debug this:
[  330.084569][T12430] 
[  330.094814][T12430] Chain exists of:
[  330.094814][T12430]   &mm->mmap_lock --> vm_lock --> &ctx->map_changing_lock
[  330.094814][T12430] 
[  330.108218][T12430]  Possible unsafe locking scenario:
[  330.108218][T12430] 
[  330.115681][T12430]        CPU0                    CPU1
[  330.121057][T12430]        ----                    ----
[  330.126433][T12430]   rlock(&ctx->map_changing_lock);
[  330.131654][T12430]                                lock(vm_lock);
[  330.137917][T12430]                                lock(&ctx->map_changing_lock);
[  330.145572][T12430]   rlock(&mm->mmap_lock);
[  330.150013][T12430] 
[  330.150013][T12430]  *** DEADLOCK ***
[  330.150013][T12430] 
[  330.158176][T12430] 2 locks held by syz.3.2700/12430:
[  330.163399][T12430]  #0: ffff888022b56088 (vm_lock){++++}-{0:0}, at: lock_vma_under_rcu+0x1d1/0x500
[  330.172660][T12430]  #1: ffff88805bb22030 (&ctx->map_changing_lock){.+.+}-{4:4}, at: mfill_get_vma+0x162/0x660
[  330.182886][T12430] 
[  330.182886][T12430] stack backtrace:
[  330.188884][T12430] CPU: 0 UID: 0 PID: 12430 Comm: syz.3.2700 Not tainted syzkaller #0 PREEMPT(full) 
[  330.188908][T12430] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[  330.188919][T12430] Call Trace:
[  330.188929][T12430]  <TASK>
[  330.188936][T12430]  dump_stack_lvl+0xe8/0x150
[  330.188965][T12430]  print_circular_bug+0x2e1/0x300
[  330.188985][T12430]  check_noncircular+0x12e/0x150
[  330.189003][T12430]  __lock_acquire+0x15a5/0x2cf0
[  330.189028][T12430]  ? __kernel_text_address+0xd/0x30
[  330.189051][T12430]  ? arch_stack_walk+0xfb/0x150
[  330.189069][T12430]  lock_acquire+0xf0/0x2e0
[  330.189091][T12430]  ? __might_fault+0xaf/0x130
[  330.189115][T12430]  ? __might_fault+0xaf/0x130
[  330.189136][T12430]  __might_fault+0xcb/0x130
[  330.189156][T12430]  ? __might_fault+0xaf/0x130
[  330.189177][T12430]  userfaultfd_ioctl+0x2c01/0x4c70
[  330.189198][T12430]  ? __kasan_slab_free+0x5c/0x80
[  330.189212][T12430]  ? kfree+0x1c5/0x650
[  330.189234][T12430]  ? __pfx_userfaultfd_ioctl+0x10/0x10
[  330.189263][T12430]  ? kasan_quarantine_put+0xbb/0x1f0
[  330.189288][T12430]  ? tomoyo_path_number_perm+0x219/0x630
[  330.189307][T12430]  ? tomoyo_path_number_perm+0x219/0x630
[  330.189326][T12430]  ? do_vfs_ioctl+0x1166/0x1530
[  330.189342][T12430]  ? __pfx_do_vfs_ioctl+0x10/0x10
[  330.189359][T12430]  ? do_futex+0x395/0x420
[  330.189381][T12430]  ? __fget_files+0x2a/0x420
[  330.189402][T12430]  ? __fget_files+0x2a/0x420
[  330.189422][T12430]  ? __fget_files+0x3a0/0x420
[  330.189441][T12430]  ? __fget_files+0x2a/0x420
[  330.189462][T12430]  ? bpf_lsm_file_ioctl+0x9/0x20
[  330.189477][T12430]  ? __pfx_userfaultfd_ioctl+0x10/0x10
[  330.189497][T12430]  __se_sys_ioctl+0xfc/0x170
[  330.189512][T12430]  do_syscall_64+0x14d/0xf80
[  330.189527][T12430]  ? trace_irq_disable+0x3b/0x150
[  330.189545][T12430]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  330.189560][T12430]  ? clear_bhb_loop+0x40/0x90
[  330.189576][T12430]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  330.189592][T12430] RIP: 0033:0x7f761bb9c799
[  330.189609][T12430] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  330.189630][T12430] RSP: 002b:00007f7619df6028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  330.189650][T12430] RAX: ffffffffffffffda RBX: 00007f761be15fa0 RCX: 00007f761bb9c799
[  330.189662][T12430] RDX: 0000200000000180 RSI: 00000000c028aa03 RDI: 0000000000000003
[  330.189672][T12430] RBP: 00007f761bc32c99 R08: 0000000000000000 R09: 0000000000000000
[  330.189682][T12430] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  330.189692][T12430] R13: 00007f761be16038 R14: 00007f761be15fa0 R15: 00007ffdac54c508
[  330.189708][T12430]  </TASK>
[  330.818993][T12432] IPVS: set_ctl: invalid protocol: 58 255.255.255.255:20003
[  330.827027][   T30] audit: type=1326 audit(1773463535.439:15): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12416 comm="syz.0.2695" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7ff859b9c799 code=0x0
[  332.143400][ T5922] usb 1-1: USB disconnect, device number 12