last executing test programs:

1m4.304828126s ago: executing program 2 (id=1329):
pipe(&(0x7f0000000200))
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e20}, 0x6e)
sendmmsg$unix(r1, 0x0, 0x0, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = syz_io_uring_setup(0x88f, &(0x7f0000000140)={0x0, 0x3cfa, 0x0, 0x2, 0x69}, &(0x7f0000000200)=<r3=>0x0, &(0x7f0000000280)=<r4=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r3, r4, &(0x7f00000002c0)=@IORING_OP_POLL_ADD={0x6, 0x0, 0x0, @fd_index=0x3})
io_uring_enter(r2, 0x47f6, 0x0, 0x2, 0x0, 0x0)
munmap(&(0x7f0000003000/0x4000)=nil, 0x4000)

1m3.221750012s ago: executing program 2 (id=1334):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_TIMEOUT_NEW(r0, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000380)={&(0x7f00000002c0)={0x3c, 0x0, 0x8, 0x201, 0x0, 0x0, {0xa, 0x0, 0x2}, [@CTA_TIMEOUT_NAME={0x9, 0x1, 'syz1\x00'}, @CTA_TIMEOUT_L3PROTO={0x6, 0x2, 0x1, 0x0, 0x6005}, @CTA_TIMEOUT_L4PROTO={0x5, 0x3, 0x21}, @CTA_TIMEOUT_DATA={0xc, 0x4, 0x0, 0x1, @gre=[@CTA_TIMEOUT_GRE_UNREPLIED={0x8, 0x1, 0x1, 0x0, 0xc}]}]}, 0x3c}, 0x1, 0x0, 0x0, 0xc0000}, 0x8810)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]})
sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000001001000001"], 0x18, 0x68000000}, 0x0)
r1 = socket$kcm(0x21, 0x2, 0xa)
sendmsg$kcm(r1, &(0x7f0000000080)={&(0x7f0000000100)=@rxrpc=@in6={0x21, 0x2, 0x2, 0x1c, {0xa, 0x4e23, 0x9, @private1}}, 0xa0, 0x0, 0x0, &(0x7f0000000180)=ANY=[], 0x18, 0x68000000}, 0x80fe)
r2 = socket$kcm(0x21, 0x2, 0xa)
sendmsg$kcm(r2, &(0x7f0000000080)={&(0x7f0000000100)=@rxrpc=@in6={0x21, 0x0, 0x2, 0x1c, {0xa, 0x4e23, 0x0, @private0={0xfc, 0x0, '\x00', 0x1}}}, 0x80, 0x0, 0x0, &(0x7f0000000180)=ANY=[], 0x18, 0x68000000}, 0x80fe)
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x0)
r3 = openat$tun(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0)
ioctl$TUNSETIFF(r3, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x4801})
ioctl$TUNSETLINK(r3, 0x400454cd, 0x20)
r4 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
close(r4)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000500))
ioctl$SIOCSIFHWADDR(r4, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast})
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000005e00)={0xffffffffffffffff, <r5=>0xffffffffffffffff})
ioctl$F2FS_IOC_MOVE_RANGE(r5, 0x541b, &(0x7f0000000140)={<r6=>0xffffffffffffffff, 0xf, 0x4, 0xfffffffffffffffe})
close_range(r6, 0xffffffffffffffff, 0x0)
modify_ldt$read(0x0, &(0x7f0000000140)=""/6, 0x6)
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file1/file3\x00', 0x0)
renameat2(0xffffffffffffff9c, &(0x7f0000000180)='./file1/file3\x00', 0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x2)
openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/binder/failed_transaction_log\x00', 0x0, 0x0)

1m1.147690528s ago: executing program 2 (id=1335):
r0 = syz_open_dev$loop(&(0x7f0000000140), 0x760, 0xa382)
r1 = memfd_create(&(0x7f0000000880)='C\x13\xfc2\x95WD\xaa\xba^\x90\xfd\x8d\xc2\xb1[\x81\xda\xda\xd6\x8c\xc99\xec\x0e*||\xe4\xb3\xc4\xb6\v\xaa\x15\x86,\xac\x8d\x89cu\x10\xdc\x93\x9b\xb4\x93\xafE*:\xe4\xdd\xa5\xa75\xb8\x1e;7\xb7.V\xdcrw[\r\x98\x93j\x9c\xf6\xf8\x99\xefF_\xcd\xdf!b\xc5\xec\ntb\xff\b\xaaF?!\x9f\a\x1a\x03\f\xe94\x1deU\x06zS\xc90\xb9voI\xa5/\xb4\xa7@\xa1\\B\xc2@\r_b\x9a\xeb\b\x81\x00V\xd6/N\xc5\xc6f\xb1\x95Z\xe5w^\xd8\xe7J\x80\xf7\xae\xafuv\x84\x9eG\xd1\xe7\x9b\xf0_9\xc2\x9b\xfd\xc3\xf3\xe4\x95P\xf1m\xcf\xc2\xe1\xe6\xa6\x8c\x11\xfb\xb8S\x8b\x92\\\asW-Ee\x02\x00\x00\x00\xd0;Q\xc1~\x89\xec\xc8\x9b\x88\a\xf2\x93\x82(\x8b\x00\xd8\xb4T\x80\x95\x93\x9c5\xcf\t\x04\x00\x00\x00\x00\x00\x00v\xef\xee+\xab\x9c\x00^R\xb2n?i=\xbe\x16\x8a\xbf\xe3\xcdB\xed\xe14\xe8\xd0\xb7\xff\xfeQ\x1c\x85n8\x1b\xc1\b\x00\x00\x00\x00\x00\x00\x00\x17\x94\xdfW<GE\xf1\xe9\xf1q\x8c\xf0\xae\x98\x8c\xe0\xc1g}\xaeW\xaa\xa1\x90\x8c\n$\xa6\xbb\x10\xaf\xc7~\x11\x03<v\xe9\xc7K\xf6]\x11)u\xd3\x15\x01}\xe25$\xb0\x86v\x80\r\x9c\xb8\xe6\xd3(\xa0G2s\xa9&\xb3QU~u\x13\x05kKp\xa6&\x8eu\x1d\xb2\xa9!\xc9\xfa\xd0dG5\xcbf<}r\xab\x9c\xd9f6iN\xaa>\x92z\xbe\xb2R)\xf1K\xd7\xaf\x99\xf6d\xe8\xec\xb7\xbd+T3\xa6\xa9\xfaY-1qs\x82\xefn*\x96\xc9\x1e\xf4\xd1\x02Dt\xc0\x19\xf7\x89\x96.D [F\xeeYW\x95\x13\xc7;\x94\x13^\x13\xaf\xf0C\x9c\xabf\x1daCS2\x02\xb0\xef\xc7\x8c\x9e\xed\a\n<V\xaa\xbfZ1\xa82\x85\x99\x0e$U\xb4X\xc7\xfa\f\b\x8f\xc4\xbeIt\xe4\xc51\xba\xb9H\xe8\x96\x94\xd7\xdc\x81\x111\t\xafl\x97\xd8T\xd40\x90ON\xaaFY\xb4\xb3\xf4\xf8JT\xc5:\xc5\aGc\xb5\x12\x90\x7f\x00\x91\xce@\xe5\xd3A\xcc\xd5|\x9f\x8e5\x042\x9a\xc1\xa1\a\xb7\xf5\xbc,\xd1\xd3k8\xc5', 0x1)
pwritev(r1, &(0x7f0000000240)=[{&(0x7f0000000780)="1040cc31be7e48aeb59eefe06d7e6851614b39e6738a5dd174ff57a9d51752c707711d8a5cb2313a735f846779f2c3aa00242a963c654c87f74ea6adfafbd6a943147c9105ef9b4bec020dd3af7492e5f06f6fce84c2713cce7864718543efbb", 0x60}], 0x1, 0x9e8f, 0x0)
ioctl$LOOP_CHANGE_FD(r0, 0x4c00, r1)
sendfile(r0, r0, 0x0, 0x24002de8)
ioctl$LOOP_SET_STATUS(r0, 0x4c02, &(0x7f0000000ac0)={0x0, {}, 0x0, {}, 0x201, 0x4, 0xfffffffd, 0x10, "28f5da69a14f0000200000000070aa3aaf6ec3bd5bba00005f17bf01d7ecdd91b59ca8d54100000000001b00000000000200", "07a9310978042a8bfe1406584a128d7469166f4f07b84819e7df4af14e1df82d", [0xa, 0x3]})

1m0.751960479s ago: executing program 2 (id=1336):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x200, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r3 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$netlink(r3, 0x0, 0x24004080)
syz_open_dev$video4linux(0x0, 0x7fffffff, 0x80100)
sendmsg(r2, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0)
read$FUSE(0xffffffffffffffff, 0x0, 0x0)
r4 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000002a82, 0x0)
r5 = dup(r4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000006, 0x28011, r5, 0x2f126000)
ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15)
r6 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r7 = ioctl$KVM_CREATE_VCPU(r6, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r7, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, 0x0}], 0x1, 0x64, 0x0, 0x0)
ioctl$KVM_GET_NESTED_STATE(r7, 0xc080aebe, &(0x7f000000a100)={{0x0, 0x0, 0x80}})

59.687758926s ago: executing program 3 (id=1339):
syz_open_dev$usbfs(&(0x7f0000000100), 0x76, 0x301)
syz_open_procfs(0x0, &(0x7f0000000000)='fd/3\x00')
socket$packet(0x11, 0x3, 0x300)
r0 = openat$vmci(0xffffffffffffff9c, 0x0, 0x2, 0x0)
ioctl$IOCTL_VMCI_QUEUEPAIR_ALLOC(r0, 0x7a8, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e24}, 0x6e)
setsockopt$inet6_int(0xffffffffffffffff, 0x29, 0xcf, 0x0, 0x0)
r2 = mmap$KVM_VCPU(&(0x7f0000ffb000/0x1000)=nil, 0x930, 0x1000002, 0x4018831, 0xffffffffffffffff, 0x0)
r3 = userfaultfd(0x1)
ioctl$UFFDIO_API(r3, 0xc018aa3f, &(0x7f00000000c0))
ioctl$UFFDIO_REGISTER(r3, 0xc020aa00, &(0x7f0000000040)={{&(0x7f0000ffa000/0x3000)=nil, 0x3000}, 0x1})
syz_memcpy_off$KVM_EXIT_HYPERCALL(r2, 0x20, &(0x7f0000000000)="1c681411f7a496c0dacc6a3c24465b016f64b4c00b5f7c691cb24cb8000000001a0000200000000000201500", 0x0, 0x48)
readv(r3, &(0x7f00000001c0)=[{&(0x7f0000000400)=""/4096, 0x1000}], 0x1)
syz_memcpy_off$KVM_EXIT_HYPERCALL(r2, 0x20, &(0x7f0000000140)="e403402e6d69aa1cef9ef9a6a8a811114a73730561f86ec24fbd20a031516af10645443ba1ea91a31e618c729fb36241fc852cf7795cc3c0d78ae4de1e5110eafba42f764d048680", 0x0, 0x48)
ioctl$UFFDIO_WAKE(r3, 0x8010aa02, &(0x7f00000002c0)={&(0x7f0000ffa000/0x1000)=nil, 0x1000})
recvmmsg(r1, 0x0, 0x0, 0x2, 0x0)
openat$vmci(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
openat$vmci(0xffffffffffffff9c, 0x0, 0x2, 0x0)
ioprio_set$uid(0x3, 0x0, 0x0)
r4 = openat$nullb(0xffffffffffffff9c, &(0x7f00000000c0), 0xc102, 0x0)
sendfile(r4, r4, 0x0, 0x40008)
io_uring_enter(0xffffffffffffffff, 0x3516, 0x0, 0x0, 0x0, 0x0)
lstat(&(0x7f0000000280)='./file0\x00', 0x0)
syz_mount_image$fuse(0x0, &(0x7f0000000240)='./file0\x00', 0x2000400, &(0x7f0000000380)={{}, 0x2c, {'rootmode', 0x3d, 0xa000}, 0x2c, {}, 0x2c, {}, 0x2c, {[], [{@subj_type={'subj_type', 0x3d, '/dev/vmci\x00'}}, {@subj_type}, {@obj_role={'obj_role', 0x3d, '/dev/bus/usb/00#/00#\x00'}}, {@audit}, {@permit_directio}, {@smackfstransmute={'smackfstransmute', 0x3d, 'target default\x00'}}, {@flag='silent'}, {@audit}]}}, 0x1, 0x0, &(0x7f0000000540)="ec4d6d7c2b7f338c1606fecd19f817fa409f3bc1f47ba7d8e421af0099a3891e44adf5ffe6f8624f4eb34ef61a07d696dd41c88296c77ffc414fd38758559252551f85fb46728be60d518ae10c3cc7355c6e80006a8359ce3ff013d3f70081cf3e63830c2574eac9ccd1f791377fd3909826468b778b4a5304b85bb791136dc0fddc325430a4ba7fc71d0bbcf4d3d9")
r5 = syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0)
r6 = syz_pidfd_open(r5, 0x0)
wait4(r5, 0x0, 0x40000000, 0x0)
ioctl$FS_IOC_GETVERSION(r6, 0xc040ff0b, &(0x7f0000000180))

58.41988214s ago: executing program 3 (id=1342):
r0 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt(r0, 0x84, 0x81, &(0x7f0000000280)="1a00000002000000", 0x8)
setsockopt$inet_sctp6_SCTP_AUTH_CHUNK(r0, 0x84, 0x15, &(0x7f00000000c0), 0x1)
setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r0, 0x84, 0x64, &(0x7f0000000000)=[@in6={0xa, 0x4e23, 0x401, @loopback}], 0x1c)
sendto$inet6(r0, &(0x7f0000000080)="b1", 0x1, 0x400c0d4, &(0x7f0000000140)={0xa, 0x4e23, 0x0, @loopback={0xf00000000000000}, 0xffffffff}, 0x1c)

57.925671094s ago: executing program 3 (id=1343):
syz_open_dev$sndctrl(&(0x7f0000000100), 0x0, 0x0)
add_key(&(0x7f0000000100)='rxrpc\x00', 0x0, 0x0, 0x0, 0x0)
syz_emit_ethernet(0x9a, &(0x7f00000000c0)=ANY=[@ANYBLOB="aaaaaaaaaaaa00000000000086dd603000bb00642b00fc02007fbcec7a4d6ba6df4d91bdcd0200000000000000000000000000fe80"], 0x0)
syz_emit_ethernet(0x52, &(0x7f0000000180)=ANY=[@ANYBLOB="faffffffffffffffaa"], 0x0)
fsconfig$FSCONFIG_SET_STRING(0xffffffffffffffff, 0x1, 0x0, &(0x7f0000000100)='0.::/', 0x0)
setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, &(0x7f00000000c0)=0x1fffe, 0x4)
r0 = add_key$user(&(0x7f00000001c0), &(0x7f0000000300)={'syz', 0x0}, &(0x7f0000000080)="bc5d", 0x2, 0xfffffffffffffffe)
sendmmsg$inet6(0xffffffffffffffff, &(0x7f0000002340)=[{{0x0, 0x0, &(0x7f0000000140)=[{&(0x7f00000000c0)='O', 0x1}], 0x1}}], 0x1, 0x8044000)
r1 = io_uring_setup(0x5751, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x1, 0xfffffffc})
io_uring_register$IORING_REGISTER_BUFFERS(r1, 0x19, 0x0, 0x0)
r2 = add_key$user(&(0x7f00000003c0), &(0x7f0000000440), &(0x7f00000000c0), 0xc9, 0xfffffffffffffffd)
keyctl$dh_compute(0x17, &(0x7f0000000140)={r0, r2, r0}, &(0x7f00000000c0)=""/83, 0xfffffffffffffe4f, 0x0)
sendmmsg$inet6(0xffffffffffffffff, &(0x7f00000000c0)=[{{&(0x7f0000000140)={0xa, 0x0, 0x0, @mcast2}, 0x1c, 0x0}}], 0x1, 0x0)
setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x0, &(0x7f0000000240)=0x5, 0x4)
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x20042, 0x0)
ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r4, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000680)=ANY=[@ANYBLOB="14000000100001000000000000b890c1a000000a80000000160a01030000000000000000020000000900020073797a30000000000900010073797a30000000005400038008000240000000000800014000000000400003801400010076657468315f746f5f6272696467650014000100776732000000000000000000000000001400010076657468305f746f5f7465616d00000014000000110001"], 0xa8}}, 0x0)
sendmsg$NFT_BATCH(r4, &(0x7f0000000500)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f00000002c0)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x5}}, [@NFT_MSG_DELFLOWTABLE={0x5c, 0x18, 0xa, 0x5, 0x0, 0x0, {0x2}, [@NFTA_FLOWTABLE_HOOK={0x30, 0x3, 0x0, 0x1, [@NFTA_FLOWTABLE_HOOK_DEVS={0x2c, 0x3, 0x0, 0x1, [{0x14, 0x1, 'wg2\x00'}, {0x14, 0x1, 'veth1_to_bridge\x00'}]}]}, @NFTA_FLOWTABLE_NAME={0x9, 0x2, 'syz0\x00'}, @NFTA_FLOWTABLE_TABLE={0x9, 0x1, 'syz0\x00'}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x3}}}, 0x84}, 0x1, 0x0, 0x0, 0x40000}, 0x20008000)
ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0)

57.838114638s ago: executing program 2 (id=1344):
pipe(&(0x7f0000000200))
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e20}, 0x6e)
sendmmsg$unix(r1, 0x0, 0x0, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = syz_io_uring_setup(0x88f, &(0x7f0000000140)={0x0, 0x3cfa, 0x0, 0x2, 0x69}, &(0x7f0000000200)=<r3=>0x0, &(0x7f0000000280)=<r4=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r3, r4, &(0x7f00000002c0)=@IORING_OP_POLL_ADD={0x6, 0x0, 0x0, @fd_index=0x3})
io_uring_enter(r2, 0x47f6, 0x0, 0x2, 0x0, 0x0)
munmap(&(0x7f0000003000/0x4000)=nil, 0x4000)

57.666860041s ago: executing program 3 (id=1345):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_TIMEOUT_NEW(r0, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000380)={&(0x7f00000002c0)={0x3c, 0x0, 0x8, 0x201, 0x0, 0x0, {0xa, 0x0, 0x2}, [@CTA_TIMEOUT_NAME={0x9, 0x1, 'syz1\x00'}, @CTA_TIMEOUT_L3PROTO={0x6, 0x2, 0x1, 0x0, 0x6005}, @CTA_TIMEOUT_L4PROTO={0x5, 0x3, 0x21}, @CTA_TIMEOUT_DATA={0xc, 0x4, 0x0, 0x1, @gre=[@CTA_TIMEOUT_GRE_UNREPLIED={0x8, 0x1, 0x1, 0x0, 0xc}]}]}, 0x3c}, 0x1, 0x0, 0x0, 0xc0000}, 0x8810)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]})
sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000001001000001"], 0x18, 0x68000000}, 0x0)
r1 = socket$kcm(0x21, 0x2, 0xa)
sendmsg$kcm(r1, &(0x7f0000000080)={&(0x7f0000000100)=@rxrpc=@in6={0x21, 0x2, 0x2, 0x1c, {0xa, 0x4e23, 0x9, @private1}}, 0xa0, 0x0, 0x0, &(0x7f0000000180)=ANY=[], 0x18, 0x68000000}, 0x80fe)
r2 = socket$kcm(0x21, 0x2, 0xa)
sendmsg$kcm(r2, &(0x7f0000000080)={&(0x7f0000000100)=@rxrpc=@in6={0x21, 0x0, 0x2, 0x1c, {0xa, 0x4e23, 0x0, @private0={0xfc, 0x0, '\x00', 0x1}}}, 0x80, 0x0, 0x0, &(0x7f0000000180)=ANY=[], 0x18, 0x68000000}, 0x80fe)
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x0)
r3 = openat$tun(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0)
ioctl$TUNSETIFF(r3, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x4801})
ioctl$TUNSETLINK(r3, 0x400454cd, 0x20)
r4 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
close(r4)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000500))
ioctl$SIOCSIFHWADDR(r4, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast})
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000005e00)={0xffffffffffffffff, <r5=>0xffffffffffffffff})
ioctl$F2FS_IOC_MOVE_RANGE(r5, 0x541b, &(0x7f0000000140)={<r6=>0xffffffffffffffff, 0xf, 0x4, 0xfffffffffffffffe})
close_range(r6, 0xffffffffffffffff, 0x0)
modify_ldt$read(0x0, &(0x7f0000000140)=""/6, 0x6)
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file1/file3\x00', 0x0)
renameat2(0xffffffffffffff9c, &(0x7f0000000180)='./file1/file3\x00', 0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x2)
openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/binder/failed_transaction_log\x00', 0x0, 0x0)

57.19971899s ago: executing program 3 (id=1348):
r0 = syz_usb_connect(0x0, 0x36, &(0x7f0000000080)=ANY=[@ANYRESHEX], 0x0)
r1 = add_key$keyring(&(0x7f00000000c0), &(0x7f0000000000)={'syz', 0x3}, 0x0, 0x0, 0xffffffffffffffff)
keyctl$KEYCTL_MOVE(0x1e, r1, r1, r1, 0x0)
r2 = socket$kcm(0x10, 0x2, 0x0)
ioctl$sock_SIOCETHTOOL(r2, 0x89f1, &(0x7f0000000000)={'sit0\x00', &(0x7f0000000040)=@ethtool_cmd={0xa, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x87, 0x1, 0xfffffffc, 0x0, 0x3, 0x0, 0x0, 0x80000045, [0x2, 0x9]}})
syz_usb_control_io$printer(r0, 0x0, &(0x7f0000000400)={0x34, &(0x7f0000000000)=ANY=[@ANYBLOB="40032e"], 0x0, 0x0, 0x0, 0x0, 0x0})

56.826920932s ago: executing program 2 (id=1350):
socket$alg(0x26, 0x5, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x2000000000000001, 0x0, 0x2, 0x0)
syz_emit_ethernet(0x36, &(0x7f0000000180)=ANY=[@ANYBLOB="bbbbbbbbbbbbaaaaaaaaaabb080045000028000000000006907864010101ac1414aa00004e22", @ANYRES32=0x41424344, @ANYRES32=0x41424344, @ANYBLOB="0ca515977c5b4e10"], 0x0)
sendmmsg$inet(0xffffffffffffffff, 0x0, 0x0, 0x40844)
ioctl$SNDRV_PCM_IOCTL_STATUS_EXT64(0xffffffffffffffff, 0xc0984124, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFVLAN_ADD_VLAN_CMD(r2, 0x8982, &(0x7f00000023c0)={0x0, 'veth0_vlan\x00', {0xffe}, 0x2b1})
add_key$user(0x0, 0x0, &(0x7f00000000c0), 0x0, 0xfffffffffffffffd)
syz_usb_connect(0x0, 0x5f, &(0x7f0000000000)=ANY=[@ANYBLOB="12010000b1f203401e0903003bd7010203010902"], 0x0)
r3 = socket$netlink(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_GET(r3, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x8040}, 0x0)
writev(r3, &(0x7f00000003c0)=[{&(0x7f0000000180)="390000001300034700bb65e1c3e4ffff0100a600010000005600000025000000190004000400000007fd17e5ffff0800040000000000000000", 0x39}], 0x1)
recvmmsg(r3, &(0x7f0000000740)=[{{0x0, 0x0, 0x0}, 0x5}], 0x1, 0x40010000, 0x0)
r4 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x6, 0x4, 0x8, 0x12, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x8, 0xd, &(0x7f0000000040)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000001000000850000000800000095"], &(0x7f00000001c0)='syzkaller\x00', 0x1, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @cgroup_skb, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
setsockopt$MRT_ADD_VIF(0xffffffffffffffff, 0x0, 0xca, &(0x7f00000002c0)={0x1, 0x4, 0x0, 0x0, @vifc_lcl_ifindex, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10)
setsockopt$MRT_FLUSH(0xffffffffffffffff, 0x0, 0xd4, &(0x7f0000000000)=0xe, 0x4)
getsockopt$packet_buf(0xffffffffffffffff, 0x107, 0x2, &(0x7f0000000240)=""/254, &(0x7f0000000040)=0xfe)
r5 = socket$packet(0x11, 0x2, 0x300)
setsockopt$packet_fanout(r5, 0x107, 0x12, &(0x7f0000000080)={0xfefc, 0x7}, 0x4)
setsockopt$packet_fanout(r5, 0x107, 0x12, &(0x7f0000000000)={0x0, 0x1}, 0x4)
r6 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r6, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000000)=ANY=[@ANYBLOB="30bd7000fcdbdf250a00204094330a65d8d3278a9e8c8ac044000000021200000014000200fe8000000000000800000000003000aa0000000000000000"], 0x30}, 0x1, 0x0, 0x0, 0x24040804}, 0x0)

56.494894053s ago: executing program 0 (id=1351):
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
add_key$user(0x0, &(0x7f00000000c0)={'syz', 0x0}, 0x0, 0x0, 0x0)
add_key$user(0x0, &(0x7f0000000440), &(0x7f00000000c0), 0x0, 0xfffffffffffffffd)
r2 = add_key$user(&(0x7f0000000000), &(0x7f00000001c0)={'syz', 0x0}, &(0x7f0000000540)="bc3009bb66682c9d4233b0cc644f5fdae5b9d17f7ada03bc77aea173022c18232e1fb162caf50d08fda40c6e9c515c4a2c7245660296c0460cbff563b781695432f5a83f5ab8979bf6fd1c17aaa22ada927f1feb5074053514edf5734d63b2b58edc5b848d6fa38f7956549438addc5e72bb0cdbce326b0b3f673b0174949173922f6ee103a5a4af7b30", 0x8a, 0xfffffffffffffffe)
r3 = add_key$user(&(0x7f00000003c0), &(0x7f0000000440), 0x0, 0x0, 0xfffffffffffffffd)
keyctl$dh_compute(0x17, &(0x7f0000000140)={r2, r3, r2}, &(0x7f00000000c0)=""/83, 0xfffffffffffffe4f, 0x0)

54.193392241s ago: executing program 0 (id=1357):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r0, 0x0, 0x4000)
mremap(&(0x7f0000000000/0x9000)=nil, 0x600600, 0x200000, 0x3, &(0x7f0000a00000/0x600000)=nil)
ppoll(&(0x7f0000000280)=[{0xffffffffffffffff, 0x2000}], 0x1, 0x0, 0x0, 0x0)

54.066287253s ago: executing program 3 (id=1358):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x200, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r3 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$netlink(r3, 0x0, 0x24004080)
syz_open_dev$video4linux(0x0, 0x7fffffff, 0x80100)
sendmsg(r2, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0)
read$FUSE(0xffffffffffffffff, 0x0, 0x0)
r4 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000002a82, 0x0)
r5 = dup(r4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000006, 0x28011, r5, 0x2f126000)
ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f00000000c0)={'wlan0\x00'})
madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15)
r6 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r7 = ioctl$KVM_CREATE_VCPU(r6, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r7, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x64, 0x0, 0x0)
ioctl$KVM_GET_NESTED_STATE(r7, 0xc080aebe, &(0x7f000000a100)={{0x0, 0x0, 0x80}})

53.418905392s ago: executing program 0 (id=1359):
r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000002c0)={0x8, 0xf, &(0x7f00000006c0)=@ringbuf={{0x18, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, {{0x18, 0x1, 0x1, 0x7b, r0}, {}, {}, {0x85, 0x0, 0x0, 0x19}}, {{0x5, 0x0, 0x3}}, [], {{0x7, 0x1, 0xb, 0x8}, {0x6, 0x0, 0x5, 0x8}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000000180)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_skb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)

53.085914609s ago: executing program 0 (id=1360):
pipe(&(0x7f0000000200))
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e20}, 0x6e)
sendmmsg$unix(r1, 0x0, 0x0, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = syz_io_uring_setup(0x88f, &(0x7f0000000140)={0x0, 0x3cfa, 0x0, 0x2, 0x69}, &(0x7f0000000200)=<r3=>0x0, &(0x7f0000000280)=<r4=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r3, r4, &(0x7f00000002c0)=@IORING_OP_POLL_ADD={0x6, 0x0, 0x0, @fd_index=0x3})
io_uring_enter(r2, 0x47f6, 0x0, 0x2, 0x0, 0x0)
munmap(&(0x7f0000003000/0x4000)=nil, 0x4000)

46.75736945s ago: executing program 0 (id=1365):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x200, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r3 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$netlink(r3, 0x0, 0x24004080)
syz_open_dev$video4linux(0x0, 0x7fffffff, 0x80100)
sendmsg(r2, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0)
read$FUSE(0xffffffffffffffff, 0x0, 0x0)
r4 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000002a82, 0x0)
r5 = dup(r4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000006, 0x28011, r5, 0x2f126000)
ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f00000000c0)={'wlan0\x00'})
madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15)
r6 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r7 = ioctl$KVM_CREATE_VCPU(r6, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r7, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x64, 0x0, 0x0)
ioctl$KVM_GET_NESTED_STATE(r7, 0xc080aebe, &(0x7f000000a100)={{0x0, 0x0, 0x80}})

41.031448836s ago: executing program 32 (id=1350):
socket$alg(0x26, 0x5, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x2000000000000001, 0x0, 0x2, 0x0)
syz_emit_ethernet(0x36, &(0x7f0000000180)=ANY=[@ANYBLOB="bbbbbbbbbbbbaaaaaaaaaabb080045000028000000000006907864010101ac1414aa00004e22", @ANYRES32=0x41424344, @ANYRES32=0x41424344, @ANYBLOB="0ca515977c5b4e10"], 0x0)
sendmmsg$inet(0xffffffffffffffff, 0x0, 0x0, 0x40844)
ioctl$SNDRV_PCM_IOCTL_STATUS_EXT64(0xffffffffffffffff, 0xc0984124, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFVLAN_ADD_VLAN_CMD(r2, 0x8982, &(0x7f00000023c0)={0x0, 'veth0_vlan\x00', {0xffe}, 0x2b1})
add_key$user(0x0, 0x0, &(0x7f00000000c0), 0x0, 0xfffffffffffffffd)
syz_usb_connect(0x0, 0x5f, &(0x7f0000000000)=ANY=[@ANYBLOB="12010000b1f203401e0903003bd7010203010902"], 0x0)
r3 = socket$netlink(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_GET(r3, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x8040}, 0x0)
writev(r3, &(0x7f00000003c0)=[{&(0x7f0000000180)="390000001300034700bb65e1c3e4ffff0100a600010000005600000025000000190004000400000007fd17e5ffff0800040000000000000000", 0x39}], 0x1)
recvmmsg(r3, &(0x7f0000000740)=[{{0x0, 0x0, 0x0}, 0x5}], 0x1, 0x40010000, 0x0)
r4 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x6, 0x4, 0x8, 0x12, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x8, 0xd, &(0x7f0000000040)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000001000000850000000800000095"], &(0x7f00000001c0)='syzkaller\x00', 0x1, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @cgroup_skb, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
setsockopt$MRT_ADD_VIF(0xffffffffffffffff, 0x0, 0xca, &(0x7f00000002c0)={0x1, 0x4, 0x0, 0x0, @vifc_lcl_ifindex, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10)
setsockopt$MRT_FLUSH(0xffffffffffffffff, 0x0, 0xd4, &(0x7f0000000000)=0xe, 0x4)
getsockopt$packet_buf(0xffffffffffffffff, 0x107, 0x2, &(0x7f0000000240)=""/254, &(0x7f0000000040)=0xfe)
r5 = socket$packet(0x11, 0x2, 0x300)
setsockopt$packet_fanout(r5, 0x107, 0x12, &(0x7f0000000080)={0xfefc, 0x7}, 0x4)
setsockopt$packet_fanout(r5, 0x107, 0x12, &(0x7f0000000000)={0x0, 0x1}, 0x4)
r6 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r6, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000000)=ANY=[@ANYBLOB="30bd7000fcdbdf250a00204094330a65d8d3278a9e8c8ac044000000021200000014000200fe8000000000000800000000003000aa0000000000000000"], 0x30}, 0x1, 0x0, 0x0, 0x24040804}, 0x0)

37.970553199s ago: executing program 33 (id=1358):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x200, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r3 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$netlink(r3, 0x0, 0x24004080)
syz_open_dev$video4linux(0x0, 0x7fffffff, 0x80100)
sendmsg(r2, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0)
read$FUSE(0xffffffffffffffff, 0x0, 0x0)
r4 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000002a82, 0x0)
r5 = dup(r4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000006, 0x28011, r5, 0x2f126000)
ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f00000000c0)={'wlan0\x00'})
madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15)
r6 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r7 = ioctl$KVM_CREATE_VCPU(r6, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r7, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x64, 0x0, 0x0)
ioctl$KVM_GET_NESTED_STATE(r7, 0xc080aebe, &(0x7f000000a100)={{0x0, 0x0, 0x80}})

35.895833843s ago: executing program 0 (id=1373):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x200, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r3 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$netlink(r3, 0x0, 0x24004080)
syz_open_dev$video4linux(0x0, 0x7fffffff, 0x80100)
sendmsg(r2, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0)
read$FUSE(0xffffffffffffffff, 0x0, 0x0)
r4 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000002a82, 0x0)
r5 = dup(r4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000006, 0x28011, r5, 0x2f126000)
ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f00000000c0)={'wlan0\x00'})
madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15)
r6 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r7 = ioctl$KVM_CREATE_VCPU(r6, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r7, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x64, 0x0, 0x0)
ioctl$KVM_GET_NESTED_STATE(r7, 0xc080aebe, &(0x7f000000a100)={{0x0, 0x0, 0x80}})

17.138614372s ago: executing program 34 (id=1373):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x200, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r3 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$netlink(r3, 0x0, 0x24004080)
syz_open_dev$video4linux(0x0, 0x7fffffff, 0x80100)
sendmsg(r2, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0)
read$FUSE(0xffffffffffffffff, 0x0, 0x0)
r4 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000002a82, 0x0)
r5 = dup(r4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000006, 0x28011, r5, 0x2f126000)
ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f00000000c0)={'wlan0\x00'})
madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15)
r6 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r7 = ioctl$KVM_CREATE_VCPU(r6, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r7, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x64, 0x0, 0x0)
ioctl$KVM_GET_NESTED_STATE(r7, 0xc080aebe, &(0x7f000000a100)={{0x0, 0x0, 0x80}})

16.658890904s ago: executing program 1 (id=1380):
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3, 0x8031, 0xffffffffffffffff, 0x0) (async)
ioctl$ifreq_SIOCGIFINDEX_wireguard(0xffffffffffffffff, 0x8933, 0x0)
socket$nl_route(0x10, 0x3, 0x0) (async)
r0 = socket(0x10, 0x803, 0x0) (async)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000002240)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) (async, rerun: 64)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) (async, rerun: 64)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) (async)
sendmsg(r2, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0) (async)
r3 = add_key$keyring(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x0}, 0x0, 0x0, 0xfffffffffffffffd)
keyctl$KEYCTL_MOVE(0x1e, r3, 0xfffffffffffffffd, 0xfffffffffffffffe, 0x1)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0xb49, 0x9, 0x8, 0x0, 0x3}, 0x0) (async)
r4 = syz_open_procfs(0x0, &(0x7f0000000080)='net/igmp\x00')
r5 = socket$pppl2tp(0x18, 0x1, 0x1)
connect$pppl2tp(r5, &(0x7f00000000c0)=@pppol2tpv3in6={0x18, 0x1, {0x0, r0, 0x3, 0x0, 0x1, 0x0, {0xa, 0x4e23, 0x3, @private1, 0x7}}}, 0x3a)
read$FUSE(r4, &(0x7f00000001c0)={0x2020}, 0x2020)
sendmsg$SMC_PNETID_GET(r0, 0x0, 0x0) (async)
r6 = openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$TUNSETIFF(r6, 0x400454ca, &(0x7f0000000140)={'pim6reg1\x00', 0x1}) (async)
ioctl$TUNSETLINK(r6, 0x400454cd, 0x306)
openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000540), 0x2, 0x0)
socket$kcm(0x11, 0x3, 0x0) (async, rerun: 64)
bind$inet(0xffffffffffffffff, &(0x7f0000000080)={0x2, 0x0, @loopback}, 0x10) (async, rerun: 64)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={<r7=>0xffffffffffffffff, <r8=>0xffffffffffffffff})
connect$unix(r7, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r8, &(0x7f00000bd000), 0x318, 0x0) (async, rerun: 64)
recvmmsg(r7, &(0x7f00000000c0), 0x10106, 0x2, 0x0) (async, rerun: 64)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)

10.591310384s ago: executing program 1 (id=1382):
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000004c0)=@updpolicy={0x13c, 0x19, 0x1, 0x0, 0x0, {{@in=@multicast1, @in=@remote, 0x0, 0x0, 0x0, 0x0, 0xa, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff}, {0x0, 0x0, 0x0, 0x0, 0x300}}, [@tmpl={0x84, 0x5, [{{@in=@local, 0x0, 0x3c}, 0x0, @in=@broadcast}, {{@in=@remote, 0x0, 0x2b}, 0x8, @in6=@private1, 0x0, 0x4, 0x0, 0x0, 0xfffffffe}]}]}, 0x13c}}, 0x0)

10.238021302s ago: executing program 1 (id=1383):
r0 = socket(0x1e, 0x4, 0x0)
setsockopt$packet_tx_ring(r0, 0x10f, 0x87, &(0x7f0000000100)=@req={0x3fc, 0x4000}, 0x10)
r1 = socket(0x1e, 0x4, 0x0)
setsockopt$packet_tx_ring(r1, 0x10f, 0x87, &(0x7f0000000440)=@req={0x3fc}, 0x10)
sendmmsg(r1, &(0x7f00000030c0)=[{{0x0, 0xa9cc7003, &(0x7f0000000400)=[{&(0x7f00000000c0)="ee", 0x101d0}], 0x1}}], 0x400000000000181, 0x9200000000000000)
setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000000000), 0x4)
timer_create(0xfffffffd, 0x0, 0x0)
timer_create(0xfffffffd, 0x0, &(0x7f0000000040)=<r2=>0x0)
r3 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000000400)={0x200, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0)
r5 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r5, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="440000001800010010000000000000000a370000", @ANYRES32=0x0, @ANYBLOB="0000000014000500000100fe88000000000000000000000004000100"], 0x44}}, 0x0)
mmap(&(0x7f0000004000/0x2000)=nil, 0x2000, 0xa, 0x810, r4, 0xe7c85000)
ioctl$KVM_RUN(r4, 0xae80, 0x0)
r6 = socket(0x2, 0x80805, 0x0)
getsockopt$bt_hci(r6, 0x84, 0x82, &(0x7f0000000000)=""/4087, &(0x7f0000001080)=0xff7)
timer_settime(r2, 0x0, &(0x7f00000001c0)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x8}, {0x0, 0x9}}, 0x0)
r7 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r7, 0x4020ae46, &(0x7f0000001000)={0x1fe, 0x0, 0xffff1000, 0x1000, &(0x7f0000008000/0x1000)=nil})
r8 = openat$fuse(0xffffffffffffff9c, &(0x7f0000002080), 0x42, 0x0)
mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f0000002140)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r8, @ANYBLOB=',rootmode=00000000000000000100000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0])
read$FUSE(r8, &(0x7f00000021c0)={0x2020, 0x0, <r9=>0x0, 0x0, <r10=>0x0}, 0x2020)
write$FUSE_INIT(r8, &(0x7f0000000040)={0x50, 0x0, r9, {0x7, 0x1f, 0x0, 0x490420, 0x2}}, 0x50)
syz_fuse_handle_req(r8, &(0x7f000000e3c0)="000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000080000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000dc4e00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ba045abcd5dfc67d000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000230000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000050000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000d838aae8c05dd22d0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000008000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000209bfd66eea210560000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000020000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001354c4b600", 0x2000, &(0x7f00000062c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f00000001c0)={0x20}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_fuse_handle_req(r8, &(0x7f0000004200)="a28096c80abf3543ecde7564abff5085d2227ebcb0f164ae92706ad0b083a3f469a3efd15b4921e9c3063b98b3082068e7c31950dde842eac55df0f991453cad62a6956b0b6f7b8cf49b506a3060fe1127eca99663ade8efa89ee189acb5f3b92f6bc4c46621c803eed0d0bb5f32384870ed08f89d4f74445762fb99715e083c4c92a8878be19ffacc30d0f2da64f971cd40563163adc15670ecf25cd3ad96138967c4b53ad9d04b5193ab5fb674aa0030a9d703d1baf810ce897f969121f142161919e583c275671b999e7f363891dfdfdf3556d01b86ee29eca8fccbfeaf1771395148706cc6e6be7ce29fc9ffef061b5420950c1a525bf75ad06edec51538d1c5bbc77da72dc90fd9998936fffdda2427e5a68966c7e2208f76304680182ec73007e482f034195712af922db2726195d997708734db9e7825a864be00b2a4f800881fc0363f5e618398454f35b148b4ccb88d418269fac868a8ba4a2d5b4f06a1ac01b5ad158b842e05adca22c7372585bf4ce95560b6c1e021a3ed2ff7bd3b6b3c7734c3b66d7e4c460096312082f89b16baa6e73814aa60925780cd92cd65087e260ec046fc363264366a9df2c849c0644911303946adad544521ceb469a3e193ecc9a7876403fac461a4a70d6193b2451189a5c5120b3535e9edf619108af7f517b58abd3fa7fb1ab832213430d2e6901076fba9c9e1acc6c6f48ff0e419bbc45589745a176f52a7407ad5e3dd49acb31b47862806f47077dda04905e45a80a12cbcd4d2dd9fe66c2d1f99394fed8ec60961cd2dc7115a96ece432fac86d51bebb08b95f447a83792fe80291fca7b298c9043ef2c26f0f7e42798d3f54c84b94c24c76c555d83ecc53b99bb22d71845e5cf21a5ba7fbeffeb6306e1730db14561b950a3f24bcfd78d4ab0d97de8054bb1a6077ae7cca6e45d846d3df82298d07212922742cb0facac3b77edfbab90e9ee2d4f7b0ee9b17bb11ec5e5721340d84cb6bd93428167e69b47759172557acda313c3decdfc6fe9336bfade459f43b39d0f2289f9142db280f4ee668e650e12858c577e12e2b9a57ee66c834be97979bcbe94747fa5d8d0b7d3a9f8f218df1bf960f828429a1efe838616b18faf6629236ddbded43a093efae163228e5c38fd7714743c2fcca47e3382bcfb1ab893fd7377527b4ec43f3fa60ebd338161d8de7cad65b15579e4af258f5fe3a63c2637a15703207029b0899b5427767647baef11e291358e6e54f6f13d3d2ca7a5e7969e04d2733b3b9ab822c69a3cfac097384de5071a9b74a656136d55eb190df08747b509fd610ff62b4950ef71c934fe21a48a4931d3d9458b415f112cee65c660f5490e982341da1c58634b3967ca6f3596d20cc90f508382156e36f16539093240ef5f2aa6a2c0dff2a67df30dcf50bf6e0b82a3d49f2d532a8dde1b3ceefcf0837190b74186090d1c18b59917d7efce1adfb238ef4a7b1d22c4cef09320221de883e97e6882466508de06fcdabad3b741bdca2cff879d57ddda52f42b3dcb8a78cfc05826af7e4ff155960ff8491194f4d321ef195990abaeeefdcb852d1e1e3703f317385a9458b6c2dd9db830f757ec29c9939fc7313e639fe485bc1e41ddaaef3fbf1f7cc527c8fad0d21b8082482caad7bee440e5097665f636c3dfec82f8c98afb6243bc3944939675a594277d278ba4361461f7da52e224e4ce5dee4a467bf6ae9f67b61ac6eb0a440406abac2016eec907e241c57f5f44be47290fd0fef785ff04df3810ccd637b4d97a84bae8486a36f75d872e645fe46625969fc2d1f032c56ed44bd98ea27bd9b6ddc8eb2dc2ec9f90f2f1ca1bd20e37ac58b03c84c872f4ba47310654986641460dfdd531ac62a76ad87b89c103ac5c9c2e7e70c66447b3412d4a1e5cbc30e16939505116c04de33ae054ed366de8d1f971c2de439957a194e22a488f58d7efd46439177f3f3c45a1475927eecd846d3d2e6a2ab5c7f8addd99062c2fc6b272d1f51bb8f22f1b6f8bb3faf8aa85e5eb9abf7df5cf8f26267323808b0833a987989cbe59205e7ad06556e2d1b8a4873ca1cbcbc8d43abc145fd4eb832e7a58ab2c793d003ce7b1850ce45eb7480417a1e9eb9d39a1028a2a04a2aa649c098c4f8eee514db5f6021173bb254b8e22b150b2ca01dc7ff235db46ed78d07f43d1adab13b8445d1b32069eb45f9d389fcf5a3f7d3ebe243c5b1fe17b1f5a3d571b65f21b9e471e818172554dc956749b99cb7a5f303ec480d7194a2ba86e204f06aa1becdddc8c49082c527e7064ac2ad77dc05639d3d2a7778f6943ed6105ebf6f0b9e94fddbe05c236ec000f4d1d4e496b10068211ab68ada4c7f7ac61f5f5ba5f1810d5bbe87ff4f8356af0d3f682baedb0ad8f8488b277421f0a03fc5e3095ee34bc4472d8f17e3f7013cf2f79f5ff3ea4b6bae56d1365a33b09bfa9a496323f7da923b7e29dce4beb81035f13130004c96e56d7ef6ca6c101d20c27a218e623227c33c9e488b17e7ae9ac20da8240501f7b614a1730f164553fe479ef149866e4ea47296814284a3d3eb7cbb294289ffb996e0eb053b9c16e54cf267832e3d360eb196ed51305630223309ea97215628f01ec9d3ea48096418d5e962cac5063460f0a18772ec7ce66d14a1cce14b52c40bbbfafccbf1e76f09e57ff0718048e5b993157a6cf4718826b1e09430413a3596a15c4a620fa8c8e1d1663e5739f9f790ddbb3be0e00187d43717d659242467d8681ac10303346157f894d9037641417010e9654c6a5b22263e73a5a37128f50078a980c30930321aa5c5e7851d5d392ddce3a14a96916fa8421ae6728f37f5de7c3e98feb4babd4e1bd2315d595e209d52748f70adc2284fcdaa6ad880470d2a071f3490aaf3491fb64b4547419e8eccdc491a8921156cb4811ad1e66514a32b0b31b641438881f28c1e6461b4f451938999af671e8c6a5cd0c072a9fe4cdbefe24ca616f3d0a15ac97cca835b1a440e04fa28340c6044176c8ecc8ee0d033d47db8a0aacfa0eabdfa1c9509fc2604008f01cbafeb5bd2b503b809ed672340b9a576593f1ef388391b54b605e7a15bef7b1345627a34fca57738b0f8f4f19eea93c903495274a4425a1a1cc6c4c6e335b631df5185c95b485e4257867b5347a40e4e14dcc560f061fd4fd265137dc68afd548adde778f1330f769acb1ccf5da14ff6992c24e210ea6e6179421881b803393bc6974e37106c5b5b3b5d0b3469f8969bffb7e4ceb2c98e928e74366492d27235ae4c74a2f48511aeeaa53a2beafa7a331b50e454c507af1b63350a5cef35668a5b9325014192277e509561008b3601088f79d42eaa8b1e4ae2000b31749e2b8094312ddb7f3c1cd625ef885c11fa22a66e374b52b3425e0b8016154e1fd8471339e32e7373d63ab646d893fbe09ae07b06074c01401ea76b3c382a9d32f24f93c789964e16bc4206ecd75c10917ab84ffd8d6cdf4cd28fd90375ff28518f8c1a3befc538e1b9e427fb671988d29f2fb2fcd039f4d341c84eb4d7cf600ddaba88bb094e4d87a1419180149f491368e648b69985b05ac39a4ecdd3c5135f3a5c8ad7792dacb6470144bb9e67805a211efb3ec9ccaf8e0901345fb19e4da579e1fbe86a1207f4f13c3436009c2c640b7cf3f8b77ca7bd994bf93308027359c6dd1b7db1e153fc0821968ef36c003b6c73fe890f4de24f5c6458dbaaf3819edeaa91783c3cfc7e773689236248195c7bbd60113f2476fa3687621d668d1728ee433d2f8f4db707345d30f1e52ab87a2a0afd547c6bb06500f59f17facde48f693490e22494b75d11df1a143b85068d143ef6a9bb5937a9df380c8948f1a01e9675e18409edb0f6b9605b68e34632fcce472dc50b90b0f6dcd57931f78e1e8861a0fb62e72b0baad6f9d23c1cfb0f19b25013c8d9fcd786a2f6f79768b5fb398f7b2baa31ce8156d1fc4a46c1c463fdf30360d42aeed2ef11611d0b7f654bb51052fd4dc39328f8ec4c58bbda05e6f1b3c8f6d8adca0268f2410e9a4a7d63b6616006d0e02f6edacc10e5c54fd85f15a8bd7648a293f23d6a699bd9a675250475a73a96d7475e4fabb89fb5e7de5d7a3479aa485c0befc60d0ac4fd5ac6dbecceb06cad86e219fc0ce4720758917811a3215f8d13e413bfb64fc065fc421aede0b56691797dac428c7e463479fa591b9072c309b7533e427c5cc11a1f6cf9a5b995d328d796d874c5b55dfc12a5039b413ce319cf5ba1f355c4e0717d32650b43e18010f37f048731931c52c4f36eb969dda702afe96c2a5241350a67ba2d026946189c5e281293c9a8e2cff3784776f1de78b917101b54e5ab00c045ea15f28a0e3f509962cf8bd3385d85250737eae5c34ece86b86669c13b00308a3b13c0ac3c83ff26fb52a4aa83c1233a9490cb9ca917a056908931751bddb88a62379a713395f0764e4a393faf253a4026d0472270e6036287d56850df1751543484d65b3062155b6300e0024241c59a862ae769c1a9232a2d9fb24705177a09cceb3eefbf9f106f67e01be14cdeb4d2fc7d8661df3e75de5ccd09a7e559f028fb9837c621ea0045b4d1b679067f246339c974631aa7134d4e910efb28d3c48929cef1df7e6c73668762d55086b6c59c36ac90154135fd7ca4e4047dd0aa161fa982d8edf9c0cb9666477e096c55718f6e4742415fefd4f696d1f1ccd6322bc19496ddebd36282a7c707d5b44113e30678e6e33ab7d34be04a59ac614d6a54134490998be02636fa91633d6294781c2b9a54c611c0045cfcfe81f49aa21b29d835cd2047c854486fd8e65a2ebf629f7ced602b9dd107bfde483e5c9b5cbba4a08cdce09920bda9978b7fc2b4a89bf1573a26389e52090fdf5dccf22111dc8c42fd3c8c477092895398086cc22cca665269e193fc650742a361a44b857d258429f701f22e9b7615bc3dab78c1479a41cf8575cdb17169470b347adfc03e03daea3e269725cfc72df5664b9df36d2f2b55013b71133e0b80577a47182511ebb308b6248d457bd2af7b28e77182c305241178c4124ab102771fd5a8c3dacb8775de881301d71587c76bcf0a97a72ad244d0c42fd71aceec32dd48bb5c9a95b391166c832ac5bac8c7cae4d18b3f7d9f2e4782fdf97732e3d51f67bbb57f989ee0d7589dbd0c2a5c63840e914b9d7d720fa120acbffebf816b588b2ccc052e7fa78992e0ea39dd21a122add41195f8e2e1acd777c1a4e8ef4362fef441feb4d9252c6bfbd2742152300a32027776e3341620d3c8d9365e10e81adcca7d87a0e555c98a0353c692557d90ee9be3fbaab766abf93e2462149fd99c92a5fc58d899ee75535cd1fe1386c5ab0b157c2102039d6015258f59cef3f15b951893a30ae839f740402a30b34e7be73796286403c5beb0853d856d83f1b00b48328f56dcb32e1faab08a3435b1482bf18b21c95aefeaafa7fd761c7f28d416fcde06bf7aee5c6e9eb50e55874253ba3f1d0ce2505b4fc7c3fc996bfbb8446bafe84f5bea94bfd7ca5aeaf237fe793b66e5c521d4092e4e1f9bde1dfcfe53fa55005d21cfa833a338fd9792614129336060e10d1911862070761aa20c2902eb7c5a355eff4cf6253d7102a2ca1fead4c53b57d576d104c081310d92797e4e2e8c269d19910d0d4cedf30fa28ba680c00137f83de940624229b6a125ce5233c6cf4a3640b74f58f288dad8451fbe37641c5559a5f3caf1299c8bfb230723652278fe378efd8e459b9da26cffeb58468a6301dbc06d713ba2d8d43d9038f5f2dc8b831ba58a88eeb5b1786b21e398aeeeb7c1f3d6f01d82b3947862fb9e7cbd7da5d04c5fcd34da28d53e2246e3ac1e3a619ad174efa6435eaa0fc94d610799ce0158421dce046306eb5042143daa336d52206b12610ea6389cdda49bf5af1d4ee42ac090a94ae7b7612073f3a5c36a2205eda887f41478f7d20f18667f941f71eebcfa76c1ab28f2a49a3bd56bd3f4e6bd079ab3fe2d94782236e83585a03e52907abaef7456a95d5d3f3d37efdc035dbfd7c41b8ba0af2df8adf1cf24f7ff0beccd3d26bc91caf42314ef7e466f74e19ae0df2e2298fc2f694a7ec134632035585d530e7e19f65c256f001d75382d9825ef741bc213af186377d9ca10d3722354e1897ca5c23ac6a52c9ad0e6b686e1776f7ec65df033e8f4d5db80c1bc354093b319cb70df93d610667675816328c99322f14e636b95f04e6497f139d508b453f53ddb5c289d849fd5407c9bdcefd1642abd46e28cb4e94371bdc606eeb67c9fe17747c68f2d50e82711da4d3edb0eda06f41b7f93fa8fb4d83cf21c79da67000bac2275508217ade1659fa8d24e5f8efb9f4bd21073ebef3d06368eb03fa3cf0d638448bd055ed20d292033ffdba538559c8ff9a2a5c8f83b5c393643d6585d1df994c3be43e72b8f3f53114d2a5f6bcedb573842b23b6a3eb7fca8495bf03bd03fde7b19bd39a16cec49e01f38e671af33cae082d9788e3202799bc466babec2080528d0609c0b731964719093735b4c1e73bd0705637c47516922197c552baeaf3516b5e3bbc2cd1afa3ef8215196ed580d9561092f620b897e98e786a0c7cbb0eedda8063292ba6482497f5f6bb62fb5ab4c97cb7658dc6579718eb97b547fcf47ced1426561af93a15fb4dc6d3d93b868644943c2c94b23b0570bbb81df2666c24f5abccfcdd71e209f3bb43c01d17f9bc8b9af2c26762fc6a741a150b7d1186e4f35175f3c315243e1c11e92c43a1fc492eef5a13c77a81fcf514ebfd0f8e645dae15a07e86b2f01fda065db4505a5eea83cb616f744f6bee731be191c65449c02603556d5a51422cf9c2f19f8d6843e0c1091e0708aa271e91f71c8602b9fa72189e036b7cb6af1569f21269283de94a6d7fe5849fd433d5b719c80419873db0587fc29786cc598d896fb16360bddd2ce12e54d05418f4f5e5f2d7aafe9fcd6268cbe2e9e6329ffb6c67fab8f3ce673028cc06aaa6b857556bba3b44d3fab5b6e875e70a2f3ad4b2ff76f31ead3462d3801ba373b3c2f545e94f57021575e2947f81f53283fc0a5137fd44fa3d074c92de54a0a3465c858f5a7ef08313faddbc3663e4e0167f3cba39612057a7518fbfb031f5ad0f9f75831973ebd733b82e554bf3fdec84e51f65dab6028c6c51366d9d4700fdf255e4c7bd70766e7f2281b3f2a5363f85ce49f9135904d14bcb117ad754c2594dcdca2d30e40ff265b5accfb116f64ed99aad570c4c5a91efdbb984ac651d8721405a0342cf77f448c17a152eabf29e88950558a86d0074e1cefab1eb7c366682f686ee1338737e675ea58eb8b4c86b9f28a6f6e96459f29e3b4dc59ff044c61a0dcc5c31d803e6e98420e446229ccdec3d0f705e92ffe016bb3696373eadab7f35ccf65ab4d9be09a085ce21bbd7c0555376e4d7fe68b5e7a64f48b5127825fb2be598d991f9c1a54bf52713417dcc599e812d85513a537e6eafa738edc972b67e065595d11678449bce6cd3d69800a649b560d0e057c502ca3e72e97820829ecfea801192c3f4e2c8763c095a43ee6fe45fe8730130937668df1d4ee577ada28238be03286481f2d2a004cc4d48856e71fbd64f1a0043a4520ecbbf1b3abdc96b87a27be8495a20542967aa4cd3a44a11502419a083d84e97abfde0901b66dde48388649a0ed6d93b9f20c530e990c7c52370a114d800d6ab3f6687d6bbc105b63738fe05fa6cac98ad6663936bb18cb923264e44312c24c2ce8e642bb73c921012b68a26a70977446b8f15f9d62467d8b356560c183a6bd6cd76ec868c3bd94a595cd7bf996755a508a814980c5e588b275200c45afd900c8c2de329ec2484b0e3ecd7b0960e5e3425881d1ff7f8bd8b20f5cc98ffc3acb77f5e88775a4bd3ab9f9eb027e27d3af55ebdf4eebab48ea911128d668d00fc3f5b5480aa0d9a4af563ba577384448e5425157133d59e1cef3c722f33700bd372825046b1fa5824e405154a3af1440bc2b75acfbd07cf92e8c162587e74b5ab66b1c6aeab3ad5fa3ee91da4900ef30ad04baea326df912517dd96e1696b4a91faa66675978a375e81f25464a1073dc6737af08d7e25956bb31d438548a7da38662d49db812a8cf1d6cc65f5c63879fd9ee7fd2a66ca3fc1a768cb239aab88c87206470b4c60592afeb6d69ed97a8f990155862ba4e22b64804142c131a23792937aa8a8696e165c24d7692a04bb4471b0f0d2507fe7c8618421428fc7a0acc984ca5cc6bacb772e8a717bbaa646f9643275910a6037afaf5a80678d18edda138a4e13d06d04a5d06431eab48738225cf1567e960e765728dc12e91b91c6f2b33dfb6e033aa68c1c2334d24335abc4a7a1df5636dec29091da54d5f5a1fff41e4a35a0c2f04f968f7d78e2f51c73577e2192bb20f289aaba5a175c2ed533855bd9ed9a842ad482136dd5e0cf45eb5e2d31ff62a3be1cf8a94a58316e74f4ab9fc54f3a0bb83beef0f355993bdea2c83e61cdc796bf2564ae51fae616799e8711998cd88d35cd9824452fdd65226174b46792cb87f4dd282e4e6f67eb66da413ad877ed6ce775f7e19bc93f48bb9e5ec04009de3c042aeacf7f4b25ad6b30e017303f64fe07ac79e8744aab6926d117f13513d0469cef335fe1d0d787c2d0b2c031a9521786ac10e9f8b768271680337f2c3262abdccb5d3107c632bf1f74c83ee91f49988222fb080cc8faa9b1a02526d8b6087e0b2354173d29016b3309587c16f057dd812aa63c3169150de81f3af97d082a8f8da4ce4f909ff649821d7f96d97613552e8cc4902e046ecfa329b1d980ff5ece69b8f1615fdff5244f41cec0af924624ae1641ecae5fa26c5fb9006e57100ee71377ced7c255ae17a0845e2ee0287c62c1852f93877f9f86157ca9675d383fff5cd6f2b001ec0136c07cf37f5ace1853122c2baa1092d418e2a490c4a5c8f56b828ce1bafeef4e77f095d6b4ed99d56f66812cb19be540ebe5d52e7eff2d69cbb8477e11514f7e3604bf9999f78c2f1ca6f60a2216b87fa0f25269c425b7d50709b200912b3b7899c95e12d6e9c4dacc19e327721860e0477a53e6793fbb7fb9704a848f395f48c24a6e79b9e1358cc3497251de88b8d3a7b22c6d8af1a7fab81530d9f0cc98f62debb222b54780d89794238532717b447d71b46a60ed481c21db85b590b31720009695ecffd4ef029964e5d5149622233ac013e960a005c924f73ea82c318455546c53d74aa3f7e2ff26aa074c40a55aba8b08027fc19b596eec6c4f89bae39e74b9aad88344f7cc5ad3eefa5095f2ab47222e9a357ecd71c6700ac576025201490d9e446603dfd4bda7617dd500981b2d2ab8c43882a5208494cb3f8ebc720bca8a7cf6c80bd7aaaf89507bb3412ea490a78973f12cc30413e9df1458917ea3d68b438d424c1314bc8d01939c5a5a842438281e62d0c800dee704b2a6cd3e1e4b885a6b26b894a98765fa3308c9e4b87f93625faecdb17c29a27cd243bf6030a67874ec9f2443cf8154261ac2a834c01cbe1f314ee7aa3ca552e1648cf8b42a63f249e3538026e09e44d69dc259adb0d1a0cbccb5a5dd5d0dccc90d023da79d5634188ff060f7e35a5f9d7ad99546824d63975d4452de876093f4e997dc46eedcd80a9eebf5e4f077fbb10c7d9e19a3419e7b845972a3b62613c5404a209b16fa88e0ff49d7b4f21fecc1f773c5b4be61021e0cab8602c6e8257649303aaeafcbb178e7a460ff07f219c46eb6fe5bf8113723e454003bd707767c107daf4255751daaf8decf35262640058924eb6587868b2c08230b317e97396ebc928ba8d274ca0eed0bfcb637676003c64e8c1e1a0420b6c96a44226061ced41b8448382abd2f3d0c472afcde231fbc9ee90c2f1132f8e2391246f95ad93354c7460e20de996ad0f61b13b27646887a637cede90b94b7d8c3130f0fe060e8d955c711a2700b302a75bdeb32a0a6802ea795cb114f5f82a1a381a86bbff88b299e47728b746dff964c94c52b661b9429376b1320b46081426b7c340206dc0da151bf84be2a49e78b6b5938753d2b1be8d9e67c43c5d70e72519f5f90d0500e84ee38f82b191ac4d968b0a37901fd923cb289d585693ac3c3f8a94fca6df45e694e199a9cd0b1bc1fa7394bcc96aae670dca6605a998793b7e067ac410ba631057b8b76fcbe9524df820c02efef1608b743cd2aa6d60d3d8e476fa12d3acc329f8272b087d89471177ed531fec1f9c24a975ca2fcd8c246a33e291a3f00b7f234052067a0059c86762475256bb5e7dac6f121a0925506b18933c6e314915d4b3b2130aafc2483ef22ff8bb7b887565b1bd22fabca22037d8fc9437f675c5313526266f60bb7c7c47f30c7d567ed142ea5ec367c4298328d20e5344f01c0c90cf8a6302f4d84b6ba7495fba314a05ba29b63bb6d458fdb05a4411136958309f418fb178e19aa09ff9e62b29732fb2986c96e738f7a688cb2122dbb8f2ad9a5f28bc49ec0c462413552afee8e403259b55ad6dc334dde7f2d306929dd01f2aa6036cafd41874522689301b81c9e50e86828894140356db0a3317b081ed9d8148c41e77e6bda6287762532b86eb91f5480915680deb8a91fb8656b7f0109064865d2b846af0861f67d3f720d6e306540cd7b68f095ef3690b88ea93fb6a402ff5697597cda83171f159e85307d1a8c01611189bd4eb4f0453ab88d43ae181a562a76902a67c687514079d6f4304d9a7c0fa24b6e86074ea0a9fd8187c120312078f5ebfa674adc0303734bf8f6b5585943706594192ad24c9f7d9794fb83758924f862855ddd50bff58b522c43d73c03289baec628cd693cab93101b1e473b76532510e10f03e86812fea6f2d6f5467dcf29e6d7cf8524f383a0ded3f0951c3ffb171a6b8a6d97b5fa8899a19f1a3d0e934a1d4741076e4394ba225158f697bf7d5651717c6950229a0be22e8120d76a414edbcd03d505264b7ede8272ccbd6dbdcebaf11daf6a652f6f9eb74ba7a3ecc942892891388005ae5d971e4e79d696564906dffd44845b704a9abc2fa5ba1bb69a548423a08044ad6d0e365db7e6bea0f3844a452759716cb98dcf326001ec90c1c343174098cdf47ea2e13341058ca014d2a30e9ba3c526de72a6e387181bf76a278c9cbc518d8c374a3f1d9802a39464a100903dbec16f8f095f5d82d9d09507281e4f7fe0ce4fbeced193902a5f658af2a4c1d0952dabdc6ae5830b6b5a2c3f5b8d33a73665990822e5f4a7ce5366755a1615543bdf78299c71e890e0bedb6ec277b10a389d6a3ba9c037221421279e51ab50fb115de2076cc99444202e88ebd9d0fbe4e60234b7b761495ac6c9e615ddac8176164a88fb6d6cc2b52672c8949afe3efc1e87a598896bc93e421423844fcaafe65af898a015b3bcaf623ebeef9a57155af5278ceb52b995f7ca466d9e18b05e86380679e0257cff6d0c6750078462f2ee4701d6d8289ed848b877cf5918625b7937060d667c11119881c30809056892352c6c53c01e395af6866ea350e6f21fa3db772c1177c759999973b51e11ffc5908", 0x2000, &(0x7f0000000c80)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000540)={0x78, 0x0, 0x0, {0x0, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000, 0x0, 0x0, r10}}}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
getgroups(0x2, &(0x7f0000003ec0)=[0xffffffffffffffff, <r11=>0x0])
syz_fuse_handle_req(0xffffffffffffffff, &(0x7f00000010c0)="e9ff518e3b3eae522de082eda42a9054c0356ebb4cc91ff4fa60e32e5462ed226cf6f58b685b168cfb2313e94acd58b8e1a421f69e1b3319e62cc32f151d896412ca4f8d3de61fcbfe808ff435041eb1befad4b9d8d4975dde9ca567726ddf0df7a3137c5d3a23e89c3bf3c6617e20ec3e6e78d56e8512d978f1c54c3ffc2e374ff5feb5126cb669c3f5d763cf72ebc97125cafa8322f4c3425504f14efbfb0bc006e7dc1cb47d421b5ec499e1d570c35e86f93ea41d0c23821aea7dc9eb6ede86f688126ecaf5712c1da3ac8c1b6eb0b2dcc209b973c9b33f807525c8e91cb363a1ef4af2db775ab217347e43f743efa4aa3969e085d153d44f9d7d99dcedd7403d548546ebe4c4a8678184e1e92c14a5b67b0295b0909a8dd0e083f0d701f3bc508008bcc881431392976c2d73fbdf3fabc4e27de4937ad214f02e260b6bd6ad46b3bb357a364b8696bc0cb166e5e2821c3d9f37c7b9b95799f22199829a04b2ccd654cd13d5c7a3d495e3e30528e76651ec1122b5d354a2e395467fe0e0456f7633b75dbde9591dcb4bcb0aedcd4eb2156aee9a4d8a51fa6176ee06d0399fc0651c7c309e701c7470bc004a03b6a4c00b28db068457130d7523e424b98461a7fd8118836db1e91992a117b8818e29ccbf740201378794733e3bec84d422a220cd092dbf9df80164e7e97971d7af273f60a148a6d70fb8e0b633ec58be947a13c2b2128e18aa684fc27670a65e83d06546f2d44a2dd41342bb43727b73a0499412bb062f324049f6965d837cc941b5887bfac94dea996f0e00cfef3d14f40afa895e31e8d098b71723243075faa35587521907b9b165c517b6206cbcc565cfe2d3ab79dee619e69ada87974b29d75a3a2087231ded07d0278703e945d02894dd5bdd556c3941cf77b5cddf13d898c1e9916dd1d290d7cf86e0fa61e89351df1901a3a7d4b91888d18a56abf22582f799951ff551c7fc4eb919d72e6e2a10ae47d48786152a6cf34f003b846344a6c2cf1fd3f09d964629dadfdfe013e6b8de1eca74866fb8a04b8a4ba20b5e6f9d94c8ebc78c50b4603b5769d837756ce26f2e273dbdfd241a2a16a45015c1c881f3000c0157309a3c2d833a3f3f5c153c0ac6ee58619f3f9f0131e667d08ee9235226561b757af8e680c96bbc266c987ca55778c6eda5c4444b87427f13e6810399b534f23eb6ba246c06b5a0bd0d62d1e493dbd75ff29e760d2c993a0155e9da0a855ed6412a6e80a7b67b5e786e4d1c93abba2943ec9e301b62bff3305c41b06740a23d5a3affb313e367e4f3eb7fae46089d4ca34c09dc5d6542edacc7ce76d4fc57a0db6e8d737022c4abef2e8d2935c470e9ec08268fa0224efcbb349611760034e5aa3be97e0ed7e446bb654389163902d630ae86f063f426aae9cee0356af388b80ed4fa099bac0039a9dc970e5efae567f72bc0d1d5ac136a223b2b10a37b56024442543727a0398974cf452a29f0822584c4e18455c02551f8c1ea3f08c93af15a9826d412406cd2eca4b08c441f2f84db1273fa4a67b2e52dfd1bbfbc06f8c16dc5b47d2402bb2ed7d17bfb165c674681576123732e7c26471c9132372a86b0228cc7b1b8c8700bb574f6336e1d416406746bb7763d14ffda41b002a40fa684762d850d3e1b32af3144514baaf19ed3262ad2b7cb37089859ed8ed5369821a40654b1cff41485aeaa722c9d58a8a8d07fc187730d4baa5bf61805e863554b9306d910f6b6282638428c5c2beed2dd8952e37cb8f5c4a4c35a93fe0573a7a6d4a9c185557643ef88937d1fc04e6c972f8dc7ec83db2502ac2cce5e8fa8f319dab9bf270f8aef8341d84c4bd9587702dd186fae488627dbbeecb97608fa48c372c21b0a0b5e359f0564de7ac85ed33dc1601238715e5ee377305b4144552fe7bcd48f73af51b43fea5a99e08bede343b6be91dfdf93c952d0f0a0536efb235dbf771c938fa6ae6ebc825d589bf82683e74f612bc9e29f3040999f98485ac539b6dfff5aeb81e2fa3a6b72be55591dd5932a3b72d195819a4596b347ea00dfe3dd8ae04e3fbe81d8c6a6bbbf736811708097a4cbbffc8d4e8704934c3723b77feafbed422f2a89a922ca433499931e7e8f80a40a2b59761b5695843cc36c910f38c35196909c5da897afd942440d10f44a21b39de3bbb9309c4f62f3f4bda60d729e1a3a5da59fd0f2dab9f7935318dc06e3df4ec832d9eb3f766f5dc2d98c5dad1802edbd1f6b6e972330428c41fc1ff421490b6d0085e089d34514e5bce68b4c955a1cd31e5e988c53c86a9f3e3b97dee79460485b641e622585aa830644e688f813c9077fcd52c6a036cb7c5f7d48e28359a0e94fcbff667d6d9c61643317de7f76363e0a4f711ce4492cdd688a4a14c952f9a55234c7273787327b5b52de4359deb896d350b0721712ae5e4668256535ec03c26e3ba81fe237eef79eeec2920d5f5684886c9804fbfac7bb55641c855e66a5b96c3e8883637a46d9a839a3f5bd05b248478b264d9ae6cfe6b50a643663960862c8a4f601853eae79dd2fb5fb9fd28292f74168da0e7c004c9c66768c34268e48a850fbc70adfa15be99face2e0f3d605f058112ecbd29b4c94b616af9095bae382c42ec82b2236b634e8d1c9b5a69e82b1ef0d7306f30662515416181482ddf7f9210bc45ab25712925815509e0fa4eb37dea6f7af715e02fb0921fef7a75b4f2f5b8b3f7f163ec5c522f00afd8d64fe1eefd16445f835fa34a2f478f1b8e8949dedc7a178268e820c4f461ea43c014b59921e22c117131f5e9f089cd539be4c602520a0136b81aa81a3279d81c87baa70dcf72a7d3bd2e71e22d611f439293823b9ac32a4944321818e1bfb84b852279b6679f3f622d0a0f67ecdcd302fd747cae2d1bd00e2d1d0c598e8ef16b1d5c7e4a06a9cbd45b1178a4daf4d9f6a927e1f45c86d6e5bb423031b50727a7755b9d15172c50b3f78357a672f2c86ea1e2f7c0caea6b2079607dea4eed901262657412a5cdea26e6644c72932f27c53895a3ce18c5dd6fae8c3095ec6b5334fdf8397c913e57d5245ab2a6e5ff930ecd7d6c4231e1c670d33388f58b63900e5657bba9df3af70c2a380c1e516115309fb6584fe79a5a959ddf2e1c0ef8ad20d8c06f335791b69e2c5cdbda42d2db304855cb078f544a76b9b1a64452800af9e403e19b3ecc1d7dee8e028ca85abf621b2cb7570437598199c371a350055882a78338794d5917cd171ababcba3e44e7e5da45b638eb07b289d2bf2d4c127abe9c6aa977a54e8cfaf401739ebfe1ddb1a7443028cc04dd4ac3d50064ddfbdadf5ee1aeab84ac368351609881fa1aed91f30c2f859d5d6405118216f1d5dec32393365bba259498d82ee4b1242da51700a89eefb372ce11c51e743737c24d1c5fee5809ba4bc9ad9d747842980eafbdbc29787d392901ec51fad2f4ad65140ec06f2c82ed652e9ef025ac7efa50746cfbbc9e73fe9661ed1a679d76993aeccb8f28bac5591728098b0bc2e46f8d9030cb0048527fefad4cdc1f55826d3f5cc3c57f0bd3b576fa4b5066d962385431fa80bee6f99a5f36cd815a3ad0318d483385b20d0bb46d4886dcd14d1d90fadf10e70be15214f364eb70a537efaf1e9472150cab7377a854fc88f48fbcafa7196606a3527d0b81b68545159c2bb61897fe656c4e520f9b73d88a6935b72dc5fd3f6d62e11d397eaef57ab569897a31b25672b46cb29714dcbf810f10e9f3cea8e1c0980fd478c5f592b5e53b4e4fa31f00345d16d8e66d4ea27cd68729023cac33c577c04c663112af58dfb4ba07af26472317b69d946589b5d3e5427967902d82a0b366ed4dc7d05f08509386bde7f086df5120a129bc7098c38eb40019c852a1f414dc78ee1ee497b8173c58c0dad0c52ec339b4f3be37826136c1fc785cc25b9142db4e15973d7b1e83efceedabf44050d86a90d8c55632e7b9665931a2a288c34c0a4ce34ec7ee24bc0f592c99a80fe9a76b24b9b6aa0317cd81122281e9d4ca7ad7a2f2cbe2cba63a9ac40f3fb2135a0a84fdabd79f2463c31818c410c7fa198213a55636f4f5725deae907232e7fd6e0ab6a5a92867c0c95601633a8869a4c4d0a22fb722c9f4953ce3e361649677e2b317789c752f086c768ca0e2180c0b7889d3f94fb4a896641d6ebf70e077b92a7167bd11277a5f0c96836b4128cb84a3f373c3af1c99ed765fc345f46635115e71f1112e260a87dfd01c7a462fef12f7e30e423e7de45a737c5ebd256d4a2804c2e86c4a7bc820c2059d45770889ceea74072ee059a997d442b7f618c5b92cabdc5b8b334362d90bb02da2f6218e00cef5c69373ab270aa753fff841e6e21b18e1153641b4842e9e7906ee6bcca73003209eb0456f386126d4fee418f45bf43c64e8d29fd0743328facd318412a42c231041f4cd295108eaea359a61c445dbc169dd802aecdd1d6bf6b8be3e644157bc832b05dbf8df72144751f24d81a9b96e7b071cb406eb583c9107de54f8c400ad0a84d09305c980622e31ee2962fe63cf5da9cdb08c3c4f2abf904b1e43d64ee73b45fea8007f25b5a42e2786678ff6cb6f1ce5107b15a9df84ff002f82823e925cb97e71885269db93b416ac363335e46572751628a4b2c2e50d8187e9a9a1a509884c7e7471551b0ea61738db7bba4a544e4d877bb7e7ecfcd931f9f1f0c4621ab138083934e8e3431c0b21ff8f8313d907625a7c385ff5e8549b7e6b052468e06ff7258a2f06a26406139b781f93649f6fd994bd964bce459c84b03ead6f22f146424576825c7225e8a7f0c918b1b3cc1dce4a3158cd9e507d4fc48950799b6638116ca8cf28dd61888158be63dbce6ecfc66f7b295c4a256a7911ebcd5167e9ab33dbe1c14f01e8d2fada752d65a8fde44149864c06b2e3ba73faa803978509b30d3c00e3612dd950037e054144589de1ef270fc0487cb70869aff00b54c66d9ed407da6fabe5c2686164c5fa65f2a9d456f4a191bee06833972fb942acbeb75ec129bfbf08d031a57d61fea3d4130cc69973f8d47eec9f79e74003601fadbd17fd6a20692d47b041ce972e024e36532cdf5e13c013b8ffbe623b10128667211b45df3fd7abdc54a57a09c89409e6514cb972edaaf20c3faa7d1c24460a076cce4f333d556a8e853cb44a6a6a594c7e7c7a86a8508d0ca0c7dfc97ecae7a67a5f917a713cff209e48be35a7a5685ab19c79c6f1d76ea1e34ff44d00ef67fc6c1f1436a8dd4f314909826e6de00ab54fbb4b044f14e949ce1a570d7ea25176eaf1b26b9b8e36f0e77e1b373f83c400628addfa1a1d4f58e5978e67bf5dfec884a3bde70781d48fcdaa56eb59aa7ad0ce8a52daf232ab3ceca1bc5929c6a76f767a685bbd21f3ec12565cf92e1c110a68840f4e660feac8607dc3c1374c8b0f590b6f9af21d8a231bc6ff4fd0fa2b8ecaa228787fca48b247b071501a6c94aaefd29d68b07d9ca66d166a996f46f6ebd997326e84f19991e9d52c63b36a3a126f9dca2ee443c600b257e25998de905e56ba55cbea25426768b735a53a2ecd74feb685b3ba9033d128ace9de5802ddc0aedcba0eb2d132e77539c62a3bcb0e49c9a8c103f6f879d2a8f7ea6c6d9353066c46b3d2ccf3ab95cdcdbac01cdd02fbfc9201c286ac870f32760a21252f561d93b93ce4c3682d876d3742a588b81f2a3874f786c942fab0e067f04dca9b2b6d974b12391063ccfaf947bc41b9aa11637b0265339b4134940fe67b32878f6fa454b8c3efa7c4d4d7a7855005fcc5a11bbd75c10f32c73cc31863fbc9027ca529f148327e5a3b9a412b8476f05a25c1992c9eaa02e72aaf0b1aa815364a805e3e7f45c63ff96e5d04d9044524db1c04ad4a9bc1f12e8cc1cb3767362b06877e47d90910c303623065799a98e6b9b78c4e7653247635186cf2a8364e63a8896420a0de159974cd49338f8be8f9f0df69ffdbf4bbf9e55ead868def438fbe44b16095831bafaee804b97d25130fb3779bc0d5bc79f128368231d18218242b762980787619aa1214b927d6114089eb0cd6d07d2533ad20c289cbcf2b6ce94bf113d0c7b23ae95d37e4deffd5b4f03c3297978cac81bb165f9515037cb52921c360611fc706b548858b03ae67f4f9d5d8055a9606235f7ddeb4bc55c2bc8f88c0c604a59b70dc2d811f225aa6caba26014529ccae2f3a002fca67eb826fd09ad5f58f237e789d3593679cacd6023ffdf2efd5b8e8a08461ec5b6f5a36fe7440ec266c325ae9270018552148fa286e789197d75249a303e08d854b2b79e969e0e54556f19fcca4407dcab3a3198769cf3d3454f33e46c5161074b749fa245840e6cb43960d633feb7fef975cb952f6f9f85721fd60b2fff274e8b6115f7facee43d5f27a2a8764176a9debe806285353f8ea2737fd29d33b46e5e2d4bfef998cc8cc85ac3833e67e53aafe049655a8b5593add7988b630e1d70a8cd5ea412184903904dd407e4dafc2f563e3bd3dd20624be5cf421898d61cf94bd79b98819292bf69914d2eae6c8aa6521f398684448a8ebff789c21391e273200894bf39556516edd74dfe73f9dcd29c4afa7c3287bab39719289b214df69277783280989ce6d97448e7cd7474835c402f4ab3bfa3ae207e4e2f46a1cee3ddc6d8443c42beb1dba881f85c7fe3e7bceb1d0a269448ea27e72f49ba2b4ceef88e45cb850d1e92e7cb499b97d3f3473144ebb8f1eff74449415de57ff91ccac4a26fe93e5597e7740312a0e23b56222da6251a94539637b924c459ea1bd7c845c4621376ad1dcb7198a064c969da18479756dbcb9df78f5c7a879683219442cd937ed472614ec66bacf6095376419e59187b2e9faf49820500ec05732a68431f3c6e5fbe2694830a537d30dcb9ba11af76bceba42742500fb74bf48800ba95176354d6082b3365b79b2b1b3867e70030632d53e3b30c8eee9fb8af69afd9f33e22d4164d1e5ecdb0d5838993efb9a6a6cd5de7721de62d4c72e4ab1dc5526fcf119c5b13bc4bb00e6ad7f52d0979d0e6037144ffeeb2c314787364ebfc82d09e2ba333f7203198332a1f06d39d748368c35bb5ef84ec4d904349c393dde2c90e26f84b9035fec9bb1c76fc87e00aa22cd922126015deb154f927acd120443e76e06db3a12261fa9d183eb1242e13a4738ff60a8a03a0e110b0cc94c11adad153cc36f9115f9c643385eb5dca81d9834c335f1403e200d4488b73013952ad9029ca2e63295e8386e12ca3947bb4911221ddccd0e4e35613258dc34fce006e187fccc2bbd53cf3cf285a7acf22eff5e544f7acba308370d7038f23b68e367567b90dc1c1760c0c001f2c73c084349c09496c6eb7e36d709ab380179c1269fca2f27e68f67914b09586edb013598a4ff8b1ee5b22ef5836ca6005f4aa08cefbfd00eea8207e5543d9b0fbc661e8e5d9557ce9261f668edaf52f4c42aa38218416fad105dc4e7c7bb5c1d92b173818514f092d71abfb43e42f38094bcdae46d3e878f52d6e651ed7aa69e6e1842cc507f11993ea8457fa0c99d1bc61f8dc711d1c32b94b8b07a8a688bc5a5c6478b4620c263f8538e908a3e5b5917b6b56e75c9e25ac1c8d699bc984d76b2c653c9f74db464ed4c2c6cf963cabb5869da0538cd6d683e1337df2bed7bbd5e29cb9a818b5bfc6989e49dcbc4049aff10de0c722b388c3dc2f2b7f59ec73f998773ccfd4ce70243c5170cf9e0100fb21e6fafc87bb35a7cc1cde77f07aee20b0e455dc8bac29af6a0d2dbb74b04cc2d23824142f676c06b4534e12bdfe558b212d01ffcf3c502e428be37ad42269699b2001c2d9078850ff633dc54c9bdab2d5d699e1d82ad458c887fa3499b828a68448dc8a782060a588855836f3f29a1ffe68d71827b9ebea3a2d5d17e1fc22dd4bcd80bfa5a62cccc7e1b499824fb3f0c3458650f475df9e7f2b0ff3f646dc062df0326b8d60331e7b257ee7c26f023c8df35b5199797757ce8ca3385d1e7e0f180d8580cdfbbba40285f538ba3354ea76aacbb3f7f056dc8e7b471ee3cf98886aa3b784896c71e6cfa9ede640ffd6350dbb8fba4a6ef6e7d7d0012c53a267f6fad1d9da6ffe989e9755b004467f2db48fadab8c1ea9890278a100349b15f8b1708ef4c3f50b78fc5b3f4a118a9d1ac78205181a09645f18c0e4d6cef9c18d7931af637767883a11ffb887ef8ae34eed3a2f649dcc1273e708e2d0ae50002be25ef8409694caa94d4f319caaca2095e8c9edd32c832a0ebbd867ed9f0153f88eba0727c30528a8840ab882a0e192e7e93f24a36a15128f42ec3e609f9eb19bf6aafb770a67ef56e57acda77ba9b81ff71d660893aa869da4ba766953070a684dfa3c3a2f3a026ea4c6239b8ae2b6f55f9334c29d71e78f96385a7001c28befc6d3431bd8c03ab9a2679623fd979029e4ece3681990afabf71fb8b281dc0681419064a2dc58701b1375417bdab12b0d846c37614ea5b63d6d616e155640f234a4422ff12862f53d6a45f6a3bf0c46ebeb4e3a270d89a4c2018aa51c0651d44d1bc572cc4add82283b37ec6430ab6dcb25f06e7f3845d7ac6673607815f08bee70c4252bec4901ca3003e76ac1294e20dcc6a4c4dc32ce7a035a6cfd016b16e36820ee01f283ef30b31f168aab8d56ef19bbcc06f70f6546fb1ffe3356d35afc730940f78c619d638eb619f3bd2b697461dd34ed4f354c481f6d64f24133d26ea44ff9f080b41b3c263a12bd5d45911a66b6d14451e925eca8d2134b7d870594412d13f46833aea44777ece40241767cb30c59a4004eafc928dd678a1a34639657d52f4ee579c3ce271c8e9074f0de331f44ebb63c45dfd7d9902889c8f92f3a1591f1b83f3a615a3fe35696df8995dcab5f0de3e918c9c1bbe58d05978ea4df568ef5bea07a0b9b91bb689b6cf638095ad7553d16a9c47a000b4918b7d30364b5f7ca48ef26de7633cc2364ce951e406e1e6fa13a85c20442e1041bf5e721ffa15bbb78c9d7abbad542947e87ae85ee757d38f80b66e307f1a7f5e5746d1ad010b92f436e8f397736a397ddbe4a223826926deeb39ee5847c6196b853bd474bc36a2dcb7209ee999750fa1fbc61d9bb2892131673bab2c7048e27a1beb13e2fd47deea4598a81a9f75154c43d006eeec375d07e098ac2f18075e87c82b3ed7d17be73640bff958533e674e333d2546ab3bdedb2e97c1778789d85e1a78f592c3d4b8f1af04eb4749e0d3ba37c8fee8ecd5a548f3a26ca07929a5358695b695caffe7ae6a423c27c2952198aad37b889bc49f70f5f5015f2bb5a6dfa7763878999bf7a219586b4d7ef518723c9e2d097c0fd6918fe95644bd791e179a5b0c9c2929e0f98142fb33c4a3994b3284cd30d4ddb82c8f27ea9bd358a6eaad06beb91b3e83983c59d9f1e3fde0c2680e22840d08f285799462baffaa72bbdce4a38930c5bce4a37b569158853cc67e191ee2412783efa0e3083f1e3f45dfb8ad35541dc069405aa62eb75d62b18c33f059057eb9084e5a3bec17cb9e594bb97980ce1f8146d5cefa6fe41a7aa79a5a7ec284f5a5c9bb2a95847b4e2a8d8b6270630f8aabdae7e76f4a83db29b4ad3274899cfd30e9fe0f4262b5d46b158a92a72143fabe14eccc2e8cb118f7f8e55a9dfd82c6909928b3553fcfb4990ec33bf10de006edb88dc89231e3d1f49eae2fb559696ce8575b667656e9e6807db501ce91cf629b2b5a8535fffa42f2e38b1034b8d75219081e8a0ede17f21d73f2c31cd1c398c339a2342fe0a3b68ae15cb91086546690925402d9a079f2988f6c3f99446ee48aad8078e77bc6f6c2e1bfa52ec8a96a17c0cf8dff9b9bc068c6fc24f03918f8fdde0f8c1a9fb59348872d5aa10b1cabf14fe9f6c8d6aed1ddc008d3059d5b1110ad3e364dd36082051c35305b9d0338455f320fbc52b6ab34e52cd52ef27fba978181dcc97e1df05ecb89527f0b1598abdd4223939cbbccbda3cf99465787e4dc1a2e96b85c012beab7585b99960e7b58c5f485785da5b8767fc0119875cffdadc7dae7adad930d1be841006037b81be5c9e7258a0ab96daa52b92624471c3e24d9075f52bea0cab93bb47e00b67da408e41ffcf1d67823e8286921c7ca83d639c87261c735a1ad14b51ec53ea56d8737342e97368f0b595d6a89d2f28920ef5e32abad6e261e6e0b0acb0a6da3c17eba1b3c6acf2b384015d97c1ab1cbf2d34a1041118833603e59b4f881f2200df6b0296e3677b6720d39323533185a265b2e898c42d0babaabb29f2916f589aa64049627d39908d20bf5c0f819d3e4cdc8f42902ad664eab3ce7fa6346f41033a63d862164e4089c5d353e843687d429d601ec37e9524afa1d7d49d7c0f24bd541ec2a746a83d028a0853570d2dc68b58fc12d94eef45d781f6010d93ed41d6a74c669f26f6b28fcbd9ba74ab16470c264f6cdb057700de5e22257842db0c1454c2722e849c207920bdf44ce5c9f43b13bb8f5b04d89a2ee701ccd82071f49901470617bc8a096e93abbd7f00fd21fac5b3fc5fdc0c91a61fff70b993e2b5bf50847b9992103580d9fecc00c9a9b3d065ca915a17269c96d2a24a0eab0d3891d0cdb699b50f0a0267db24b781553b5b8d12f535e9e171b6cfdef96ec46ba6cc1b7ed838c65e349ad533a1edfc25b646d3511840e0e4e5ffe95ecb46527e27d4ee488c3b60249010f1402e41f547f0d0831854d133c049a9ce5e563982542a37f1b26ebe300c0001cd7de851ddc5e4e5ce5ef2b61c23ee4532ebcba65cc6fdfa0faeff33d5141ab08ac058ce6083153d701f64745bbee89195a8925f9cabd7a096e4139f044f32bd9a386f1f1ca8437a5216756b9a1a6c4337cc338a067f2aebe0901ad7a29ab2e5b64efdcdf1a7cee463ddb4a49287533a40523fcd851468b3b922526ea87ca82870b52b032be85489a1ae14e18ebe0a322c7daa03e0c5119e10f41c9119348e1ed55538dc2b17a565f56d44eca6285924d3b32d011b6bac03cf0065deb942d2374ca677868decfda5c1fe99931fb8c02b8b85e06284d661ce228504defde3986a0146f68cf17f2d45099f5cad53f36a93f68c8fb6511748d03b95af3838af276a7d6171a97b18069ffaea4b22eb3bb7babce77079c126509b2607c16fefaca11ef49efb5d338b13da89524f1a1a3a0ece7efa769d2db1965fa158818ac2ac38be64e990e5c809ee7500b5a7822428eee4956ec5db2e4155a79914cdbc03c71cf64b8b2330a7cd0a83e8037969b6f86234ebc75c91bb337e7630ca7cdbab55172f140ac6dae3dc208ef315fd67d5b95b064a963d6dee27fcb95c23dca97daf372af020ca8fcde4f02559a04f1169a3536510a23d595e1fa0b6ad0b74f166bf96fcc081223dfe4d6661c7cb6041eb4ae8e226bd600b6943ac4e3a3d983bb345399a1a4796aa0c48a6c798c3df1bf58a8a6b1c4b45919a3a10fe02c02901ac6df5c26f2b44010b8c72d5f320cb8919ba55f74966c0360511d4120ec32311811fd68cee6ed57c9f777d33ec4e58b244c59c8a6dcfe55dcb6b5ff223159dbf3eaa4af01ead3c7bd52", 0x2000, &(0x7f0000004040)={&(0x7f0000003100)={0x50, 0xffffffffffffffda, 0x180000000000, {0x7, 0x2b, 0x0, 0x20000100, 0x3, 0x1, 0x6, 0x9, 0x0, 0x0, 0x4, 0x3670}}, &(0x7f0000003180)={0x18, 0x0, 0x5, {0x1}}, &(0x7f00000031c0)={0x18, 0x0, 0x7ff, {0xf0e1}}, &(0x7f0000003200)={0x18, 0x0, 0x2, {0x5}}, &(0x7f0000003240)={0x18, 0x0, 0x30b0, {0x5}}, &(0x7f00000033c0)={0x28, 0xfffffffffffffffe, 0x3, {{0x4, 0xa6bd, 0x3}}}, &(0x7f0000003400)={0x60, 0xffffffffffffffda, 0x7, {{0x1, 0x0, 0x101, 0x2, 0x2, 0xb, 0xe0, 0x3}}}, &(0x7f0000003480)={0x18, 0x0, 0x4, {0x10001}}, &(0x7f00000034c0)=ANY=[@ANYBLOB="120000000000000003e79500000000002300"], &(0x7f0000003500)={0x20, 0xfffffffffffffffe, 0x5, {0x0, 0x8}}, &(0x7f0000003680)={0x78, 0xffffffffffffffda, 0x2, {0x401, 0x4, 0x0, {0x6, 0x5, 0x6, 0x400002, 0xe, 0xfffffffffffffe01, 0x80000001, 0x8, 0x5, 0x4000, 0x9, 0x0, 0x0, 0x5, 0x9}}}, &(0x7f0000003780)={0x90, 0x0, 0xc69e, {0x5, 0x1, 0x6, 0x879, 0xffff539f, 0x5, {0x4, 0x1, 0x5, 0x9, 0x800, 0x4, 0x9, 0xbb, 0x5, 0x8000, 0x80000000, 0x0, 0x0, 0x0, 0x1}}}, &(0x7f0000003840)=ANY=[@ANYBLOB="6000000000000000712c08790000000000000000000000000200000000000000050000001c0a0000247b40214000000084000000000000000100000000000000000000000f0000000200000000000000ff020000000000000000000005000000"], &(0x7f0000003b80)=ANY=[@ANYBLOB="e8010000f5ffffff08000000000000000200000000000000000000000000000009000000000000000900000000000000070000000200000004000000000000000500000000000000030000000000000000000080000000000000000000000000000000000000000005000000ffffffff03000000008000000000f0ff", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="0100000001000000000000000000000000000000080000000000000001000000020000007d0000000000000001000000000000000100000000000000ff000000000000000200000000000000fcffffff0400000001000000000000000200000000000000010000000000000001000000000000000201000000000000e3000000000000000000000000000100020000000020000009000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="00800000ff5f10eec00000000200000000000000010000000000000000000000546200000300000000200000000000000000000008000000000000001c0000000000000006000000070004d8000004000000ae00000003000000000000000400000000000000030000000000000001000000000000005e02000000000000400000007578000040000000002000000008", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="0100000009000000000000000400000000000000070000000000000001000000010000007b00000000000000"], &(0x7f0000003d80)={0xa0, 0x0, 0x7fffffffffffffff, {{0x6, 0x3, 0x7, 0x2, 0x401, 0x957, {0x2, 0x8001, 0x3, 0x7, 0x1000, 0x100000001, 0x222, 0x3, 0x401, 0x2000, 0x0, 0x0, r10, 0x6, 0x4}}}}, &(0x7f0000003e40)={0x20, 0x0, 0x6, {0x1a8d, 0x4, 0x5, 0x2}}, &(0x7f0000003f00)={0x130, 0x0, 0x48, {0x323, 0x6, 0x0, '\x00', {0x1000, 0xfff, 0x4, 0x0, 0x0, r11, 0x6000, '\x00', 0xfffffffffffffc01, 0xfffffffffffffffd, 0x5, 0xfffffc0000000000, {0x0, 0x5}, {0x3, 0x20000000}, {0xfffffffffffffeff, 0x7fffffff}, {0x5, 0x1}, 0xfffffffd, 0xeb, 0x3, 0xfff}}}})

9.071490822s ago: executing program 1 (id=1385):
bpf$BPF_BTF_LOAD(0x12, 0x0, 0x0)
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r1 = socket(0x400000000010, 0x3, 0x0)
r2 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r3=>0x0})
sendmsg$nl_route_sched(r1, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000002c0)=@newqdisc={0x44, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r3, {0x0, 0xfff1}, {0xffff, 0xffff}, {0x8, 0xf}}, [@qdisc_kind_options=@q_hfsc={{0x9}, {0x14, 0x2, @TCA_HFSC_RSC={0x10, 0x1, {0x7, 0xa, 0xfffffff3}}}}]}, 0x44}}, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f0000006040)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000340)=@newtfilter={0xb4, 0x2c, 0xd2b, 0x800, 0x25dfdbfb, {0x0, 0x0, 0x0, r3, {0x9, 0xd}, {}, {0x7, 0xf}}, [@filter_kind_options=@f_basic={{0xa}, {0x84, 0x2, [@TCA_BASIC_ACT={0x80, 0x3, [@m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x2}, {0x1e, 0x6, "1e37af4672d0538fe650cc27c700000000000060000000000000"}, {0xc, 0x7, {0x1}}, {0xc, 0x8, {0x0, 0x2}}}}, @m_tunnel_key={0x34, 0x100d, 0x0, 0x0, {{0xf}, {0x4}, {0x4}, {0xc, 0x7, {0x1}}, {0xc, 0x8, {0x3, 0x2}}}}]}]}}]}, 0xb4}, 0x1, 0x0, 0x0, 0x2404c044}, 0x24044094)

2.174135038s ago: executing program 4 (id=1388):
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000010a000000000000000000000001", @ANYRES32=0x0, @ANYBLOB="1000000000000000280012800b0001006d616373656300001800028005000300100000000c000400"], 0x48}}, 0x0)

1.871007663s ago: executing program 4 (id=1389):
syz_emit_ethernet(0x4a, &(0x7f0000000240)=ANY=[@ANYBLOB="aaaa"], 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x8, 0xf, &(0x7f0000000200)=ANY=[@ANYBLOB="1800008080b63428e900"/20, @ANYRES32, @ANYBLOB="0000000000000000b702000014000000b7020000000000008500000051000000bf0900000000000055"], 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x6, @void, @value}, 0x94)
r0 = syz_open_dev$loop(&(0x7f0000000100), 0x2, 0x0)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000200)='blkio.bfq.io_service_bytes_recursive\x00', 0x275a, 0x0)
sendmsg$unix(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000380), 0x0, 0x4000040}, 0x0)
write$binfmt_misc(r1, &(0x7f0000000040), 0xe09)
ioctl$LOOP_CONFIGURE(r0, 0x4c0a, &(0x7f00000002c0)={r1, 0x0, {0x2a00, 0x80010041, 0x0, 0x2, 0x0, 0x0, 0x0, 0xb, 0x1c, "fee8a2ab78fc979fd1e00d96072000001ea89de2b7fb0000e60080b8785d96000100", "2809e8dbe108598948224ad54afac11d875397bdb22d0000b420a1a93c5240f45f819e01177d3d458dd4992861ac00", "f4bd000000801900", [0x0, 0x2000000000001]}})

1.629296175s ago: executing program 4 (id=1390):
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_xfrm(0xffffffffffffffff, 0x0, 0x4004)
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000340)=@updpolicy={0xb8, 0x19, 0x1, 0x0, 0x0, {{@in=@multicast2, @in=@empty, 0x0, 0x0, 0xffff, 0x0, 0xa, 0x0, 0x0, 0x29}, {0x600, 0x0, 0x9, 0x0, 0x0, 0x2, 0xffffffffffffffff}, {0x0, 0x0, 0x0, 0xffffffffffffffff}, 0x7}}, 0xb8}, 0x1, 0x0, 0x0, 0x8004}, 0x10)

1.466561308s ago: executing program 4 (id=1391):
r0 = syz_open_procfs(0x0, &(0x7f0000000500)='fdinfo\x00')
r1 = socket$kcm(0x21, 0x2, 0x2)
sendmsg$inet(r1, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, &(0x7f00000004c0)=[@ip_pktinfo={{0x1c, 0x110, 0xd, {0x0, @loopback=0x7f000300, @empty}}}], 0x20}, 0x0)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000000)="584cbca7f7e73aae232376f510012b7cc221e4285b6312462b56d117f1a3912eb21660c476213dc35c575cc19088579bc8739a99c2e031d968ba1dd5491566854e7355c923ba301c6197a41af6da5e03a04a45640ab661", 0x57)
r2 = syz_open_dev$sg(&(0x7f00000060c0), 0x0, 0x8002)
ioctl$SG_IO(r2, 0x2285, 0x0)
r3 = fcntl$dupfd(r2, 0x0, r2)
write$sndseq(r3, &(0x7f0000000180)=[{0x0, 0x0, 0x0, 0x0, @tick, {}, {}, @raw32}, {0x0, 0x0, 0x0, 0x0, @time, {}, {}, @quote}], 0x38)
write$sndseq(r3, &(0x7f0000000200)=[{0x0, 0x0, 0x0, 0x0, @tick, {}, {}, @raw32}, {0x0, 0x0, 0x0, 0x0, @tick, {}, {}, @ext={0x0, 0x0}}, {0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time}, {0x0, 0x0, 0x0, 0x0, @time={0x2, 0x400}, {}, {}, @control}, {0x0, 0x0, 0x0, 0x0, @time, {}, {}, @connect}, {0x0, 0x0, 0x0, 0x0, @time, {}, {}, @raw8={"448cc880fe353ca0f2c2e953"}}, {0x0, 0x0, 0x0, 0x0, @time, {}, {}, @connect}], 0xc4)
write$sndseq(r3, &(0x7f0000000640)=[{0x0, 0x0, 0x0, 0x0, @tick, {}, {0x8}, @ext={0x0, 0x0}}, {0x0, 0x0, 0x0, 0x0, @tick, {}, {}, @addr}, {0x0, 0x0, 0x0, 0x0, @tick, {}, {}, @connect}, {0x0, 0x0, 0x0, 0x0, @time, {}, {}, @raw32}, {0x0, 0x0, 0x0, 0x0, @tick, {}, {0x0, 0xea}, @connect}, {0x0, 0x0, 0x0, 0x0, @time, {}, {0x0, 0xfe}, @queue={0x8, {0x9, 0xfffffffd}}}, {0x0, 0x0, 0x0, 0x0, @time={0xffffff81}, {}, {}, @time=@time={0x0, 0xb03f}}], 0xc4)
write$sndseq(r3, &(0x7f0000000900)=[{0x8, 0x9, 0xad, 0x3d, @tick=0x5, {0x4, 0x4f}, {0x80, 0x1}, @addr={0x7e, 0xf7}}, {0x30, 0x80, 0xfb, 0x7, @time={0x3, 0x12}, {0xf6, 0x3}, {0x2, 0x8}, @result={0x2, 0xfffffc01}}, {0x6, 0x3, 0x4, 0x9, @time={0x3000000, 0x9}, {0x5, 0x40}, {0x7, 0xa6}, @note={0xed, 0x9, 0x50, 0x80, 0x1000}}, {0x3, 0x1, 0x4, 0x0, @time={0x0, 0x3}, {0x9, 0x5}, {0x38, 0x10}, @time=@tick=0x599}, {0x8, 0xd, 0x5, 0xf8, @tick=0x3ff, {0x3, 0x4}, {0xbc, 0xd}, @note={0x1, 0xc, 0xc, 0x3, 0x89b4}}, {0x1, 0x7, 0x7, 0x4, @tick=0x27, {0x76, 0x8}, {0x18, 0x8}, @note={0xd, 0xa, 0x4, 0x2, 0x9}}, {0x7f, 0xb, 0x1, 0xcf, @time={0x1, 0x2e}, {0x36, 0x5}, {0x3, 0x8}, @addr={0x7, 0x7f}}, {0x0, 0x2, 0x1, 0x7, @tick=0x4, {0x8, 0x5}, {0xd, 0xe}, @time=@tick=0xcb2}], 0xe0)
r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x20040, 0x0)
r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
r6 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r6, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000600)=[@text64={0x40, 0x0}], 0x1, 0x74, 0x0, 0x0)
r7 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x181040, 0x0)
r8 = ioctl$KVM_CREATE_VM(r7, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r8, 0xae60)
r9 = ioctl$KVM_CREATE_VCPU(r8, 0xae41, 0x0)
ioctl$KVM_SET_MSRS(r9, 0x4008ae89, &(0x7f0000000500)=ANY=[@ANYBLOB="010000000000000070000040"])
write$sndseq(r3, &(0x7f0000000300)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @result}, {0x0, 0x0, 0x0, 0x0, @tick, {}, {}, @raw32}, {0x0, 0x0, 0x0, 0x0, @tick, {}, {}, @queue}, {0x0, 0x0, 0x0, 0x0, @time, {}, {}, @ext={0x0, 0x0}}, {0x0, 0x0, 0x0, 0x0, @tick, {}, {}, @time}, {0x0, 0x0, 0x0, 0x0, @time, {}, {}, @connect}, {0x0, 0x0, 0x0, 0x0, @tick, {}, {}, @control}], 0xc4)
write$sndseq(r3, &(0x7f0000000a40)=[{0x0, 0x0, 0x0, 0x0, @time}, {0x0, 0x0, 0x0, 0x0, @tick, {}, {}, @raw32}, {0x0, 0x0, 0x0, 0x0, @time, {}, {}, @quote}, {0x0, 0x0, 0x0, 0x0, @tick, {}, {}, @queue}, {0x0, 0x0, 0x0, 0x0, @time, {}, {}, @queue}], 0x8c)
write$sndseq(r2, &(0x7f0000000000)=[{0x0, 0x0, 0x0, 0x0, @tick, {}, {}, @addr}, {0x0, 0x0, 0x0, 0x0, @tick, {}, {}, @raw32}, {0x0, 0x0, 0x0, 0x0, @time, {}, {}, @control}], 0x54)
write$sndseq(r3, &(0x7f0000000f80)=[{0x0, 0x0, 0x0, 0x0, @tick, {}, {}, @queue}, {0x0, 0x0, 0x0, 0x0, @tick, {}, {}, @quote}, {0x0, 0x0, 0x0, 0x0, @time, {}, {}, @quote}, {0x0, 0x0, 0x0, 0x0, @time, {}, {}, @addr}, {}, {0x0, 0x0, 0x0, 0x0, @time, {}, {}, @quote}, {0x0, 0x0, 0x0, 0x0, @tick, {}, {}, @quote}], 0xc4)
write$sndseq(r3, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @queue}, {0x0, 0x0, 0x0, 0x0, @tick, {}, {}, @time=@time}, {0x0, 0x0, 0x0, 0x0, @tick, {}, {}, @control}, {0x0, 0x0, 0x0, 0x0, @time, {}, {}, @result}, {0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time}], 0x8c)
write$sndseq(r3, &(0x7f0000000740), 0x0)
write$sndseq(r3, &(0x7f0000000b00)=[{0x0, 0x0, 0x0, 0x0, @tick, {0x0, 0xb7}, {}, @result}, {0x0, 0x0, 0x0, 0x0, @time={0x6, 0x1000}}, {0x0, 0x0, 0x0, 0x0, @time, {}, {}, @raw8={"b5f8fbe8c20c855083221c33"}}, {0x0, 0x0, 0x0, 0x0, @time, {}, {}, @addr={0x3}}, {0x0, 0x0, 0x0, 0x0, @tick=0xfff, {}, {}, @control}, {0x0, 0x0, 0x0, 0x0, @time, {}, {}, @raw32}, {0x0, 0x0, 0x0, 0x0, @time, {}, {}, @ext={0x0, 0x0}}], 0xc4)
write$sndseq(r3, &(0x7f00000004c0)=[{0x81, 0x80, 0x2, 0x4, @time={0x8, 0x5}, {0x3, 0x31}, {0xff, 0x7f}, @queue={0x80, {0x7, 0x4}}}, {0x8, 0x2, 0x8f, 0x6, @time={0x3, 0x1cddab93}, {0x0, 0x6e}, {0xf2, 0x30}, @addr={0x9, 0x1}}, {0x8, 0x7, 0x0, 0xe3, @time={0x200, 0x9}, {0x8}, {0x6, 0x1}, @raw8={"7aa27555b79e43403e7fa600"}}, {0x0, 0x7, 0x3, 0x3, @time={0x0, 0x7}, {0x8, 0xfd}, {0x93, 0x80}, @queue={0x14, {0x10, 0x80}}}, {0x6, 0x8, 0x3, 0x40, @tick=0xf6, {0x2, 0x8}, {0x3}, @ext={0x0, 0x0}}, {0xba, 0xa, 0xfa, 0x7, @time={0xe5b, 0x10001}, {0x80, 0x8}, {0x6, 0x7f}, @control={0x5, 0x40, 0x5}}, {0x3, 0x2b, 0x4, 0x6, @time={0x6, 0x1}, {0x10, 0x4}, {0x8, 0xa}, @raw8={"80408bcf99ee1216e4e59519"}}, {0xd2, 0x5, 0xd9, 0x0, @time={0x8, 0x4}, {0x54, 0x6}, {0x8, 0x8}, @queue={0x10, {0x7f, 0x40}}}, {0xcf, 0x1, 0xff, 0x5, @tick=0x9, {0x4, 0xb3}, {0x80, 0xd}, @control={0x66, 0x802, 0x3}}], 0xfc)
write$sndseq(r3, &(0x7f0000000800)=[{0x0, 0x0, 0x0, 0x0, @time={0xb, 0x3}, {}, {}, @connect}, {0x0, 0x0, 0x0, 0x0, @tick, {}, {}, @ext={0x0, 0x0}}, {0x0, 0x0, 0x0, 0x0, @tick, {}, {}, @control}, {0x0, 0x0, 0x0, 0x0, @time, {}, {}, @quote}, {0x0, 0x0, 0x0, 0x0, @time, {}, {0x0, 0xe7}}, {0x0, 0x0, 0x0, 0x0, @tick, {}, {}, @time=@time}, {0x0, 0x0, 0x0, 0x0, @tick, {}, {}, @raw8={"ce274516c7da5b6da0b16993"}}, {0x0, 0x0, 0x0, 0x0, @time, {}, {}, @raw8={"b134b141793d8609365bda4d"}}, {}], 0xfc)
write$sndseq(r3, &(0x7f0000000080)=[{0x0, 0x0, 0x0, 0x0, @tick, {}, {}, @quote}, {0x0, 0x0, 0x0, 0x0, @time={0x0, 0xfffffffc}, {}, {}, @control}], 0x38)

535.59091ms ago: executing program 4 (id=1392):
r0 = openat$ttyprintk(0xffffffffffffff9c, &(0x7f0000000000), 0x8801, 0x0)
ioctl$TCSETAF(r0, 0x5408, &(0x7f00000000c0)={0xffff, 0x6d7, 0x0, 0x79, 0x3, "5acf8f53872ebc82"})
writev(r0, &(0x7f00000024c0)=[{&(0x7f0000000480)="b9e94d05d9adf5e171261092d920194b9c340d5b93021429ce551bb07db881c794edda114aefac7d4eb0736504662a9c09a387dfffe56e075aedc01a665b465f68aea60527aa845722f37803e57eb6ce06effa3b76410898295e8860fb1a314304273a7ac2de1bf7e3c3fade464f62fe092a3fdb9f638b7a9873affd3c387a4ef1b7909aa0f198bef445798d09549d543c2463d052bf11e696bb032f5667dfd0e30c087b79ab7e59355c1e97013be6837a96d344780507a09f8379f64180ec227849ae6616a67b82c5604124e3ada135353f19ad01e9d773ab61e36da2e56f89a410abfdedbb2a4b80b617009696d4527ff652f5ab838f125012ac154fb47a99320402749081c6bcf0ceffcd920af46f87340d9c9a55b7a962d52b1220277e4749de837251185ec1bf992c282d7ca2f8fa9f1b86eb2d3c833626b5c5682e7a39c9ce2fda724aeea9b099b3eb88c52b29d6ad4bcea62e9b116e48d541236c77235266379650d9aafbcd6d61780780cf1b5d8ca49b6c6e226b01068c6d0b2b2c4717b65362b4686a82b9cb78efeca7e943cefd510784150d", 0x197}], 0x1)
fsopen(&(0x7f0000000100)='ceph\x00', 0x0)

263.598163ms ago: executing program 1 (id=1393):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000540)=ANY=[@ANYBLOB="140000001000010000000000000000000200000a20000000000a03000000000000000000030000000900010073797a300000000040000000030a03000000000000000000030000000900030073797a30000000000900010073797a3000000000140004800800024000000000080001400000000028000000000a01040000000000000000030000000900010073797a3000000000080002400000000114000000110001"], 0xb0}}, 0x0)

74.027606ms ago: executing program 1 (id=1394):
syz_genetlink_get_family_id$nl80211(&(0x7f0000000580), 0xffffffffffffffff)
socket$nl_generic(0x10, 0x3, 0x10)
gettid()
syz_open_procfs$pagemap(0x0, &(0x7f0000000140))
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r1 = dup(r0)
write$6lowpan_enable(r1, &(0x7f0000000000)='0', 0xfffffd2c)
r2 = syz_io_uring_setup(0x239, &(0x7f0000000380)={0x0, 0xfbc6, 0x10100, 0x8000003}, &(0x7f0000000080)=<r3=>0x0, &(0x7f00000001c0)=<r4=>0x0)
r5 = syz_open_dev$sg(&(0x7f00000060c0), 0x0, 0x8102)
r6 = fcntl$dupfd(r5, 0x406, r5)
ioctl$SG_IO(0xffffffffffffffff, 0x2285, &(0x7f0000000400)={0x53, 0xfffffffffffffffb, 0x11, 0x1, @buffer={0x0, 0x0, 0x0}, &(0x7f0000000280)="00000000000012800bf4d8767bbdbadd3e", 0x0, 0x0, 0x0, 0x2, 0x0})
write$tun(r6, &(0x7f0000000400)=ANY=[], 0xa2)
syz_io_uring_submit(r3, r4, &(0x7f0000000040)=@IORING_OP_POLL_ADD={0x6, 0x2, 0x0, @fd_index=0x4, 0x0, 0x0, 0x0, {0x230}})
add_key$keyring(&(0x7f00000000c0), 0x0, 0x0, 0x0, 0xffffffffffffffff)
io_uring_enter(r2, 0x2ded, 0x4000, 0x0, 0x0, 0x0)
r7 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r7, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000400)=@newsa={0x1c4, 0x10, 0x633, 0x0, 0x0, {{@in=@dev={0xac, 0x14, 0x14, 0x25}, @in=@initdev={0xac, 0x1e, 0x0, 0x0}}, {@in6=@empty, 0x0, 0x32}, @in6=@empty, {0xfffffffffffffffd, 0x0, 0x0, 0x2dcd}, {}, {}, 0x0, 0x0, 0x2}, [@algo_crypt={0x48, 0x2, {{'ecb(cipher_null)\x00'}}}, @algo_auth={0x89, 0x1, {{'md5\x00'}, 0x208, "fd2f480f2e2ebb04183ebcaed78f40b20e8473b935f6cf6f3d2c402e34b339e1b0cd2b29cd33e8f258cf85e6c1348f664a094fe82198b2247fe438734b6b8a3542"}}]}, 0x1c4}}, 0x0)
r8 = socket$inet6_tcp(0xa, 0x1, 0x0)
close(r8)
r9 = socket$inet6_mptcp(0xa, 0x1, 0x106)
bind$inet6(r8, &(0x7f0000000040)={0xa, 0x4e22, 0x0, @empty, 0x1}, 0x1c)
listen(r9, 0x0)
r10 = socket$inet_mptcp(0x2, 0x1, 0x106)
connect$inet(r10, &(0x7f0000000000)={0x2, 0x4e22, @empty}, 0x10)
r11 = accept(r8, 0x0, 0x0)
sendmsg$TEAM_CMD_OPTIONS_SET(r11, &(0x7f0000000600)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000640)=ANY=[@ANYRES16=r1, @ANYRES16=r11, @ANYRESOCT=r7], 0xfffffdef}}, 0x801)
getsockopt$inet_sctp6_SCTP_AUTH_ACTIVE_KEY(r1, 0x84, 0x18, 0x0, &(0x7f0000000240))
recvfrom(r10, &(0x7f0000000180)=""/60, 0xfffffffffffffecb, 0x4100, 0x0, 0x0)

0s ago: executing program 4 (id=1395):
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f00000000c0)={0x73622a85, 0x110b, 0x8000000000002})
r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000200)='./binderfs/custom1\x00', 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=[@increfs], 0x0, 0x0, 0x0})
r2 = dup3(r1, r0, 0x0)
clock_gettime(0x0, &(0x7f0000002740)={<r3=>0x0, <r4=>0x0})
recvmmsg$unix(r2, &(0x7f0000002640)=[{{0x0, 0x0, &(0x7f0000000580)=[{&(0x7f0000000280)=""/16, 0x10}, {&(0x7f00000004c0)=""/129, 0x81}, {&(0x7f0000000a00)=""/4096, 0x1000}, {&(0x7f00000002c0)=""/90, 0x5a}], 0x4, &(0x7f00000005c0)=[@cred={{0x1c}}, @cred={{0x1c}}, @rights={{0x24, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @cred={{0x1c}}, @rights={{0x30, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @cred={{0x1c}}, @rights={{0x14, 0x1, 0x1, [0xffffffffffffffff]}}, @cred={{0x1c}}], 0x110}}, {{&(0x7f00000027c0)=@abs, 0x6e, &(0x7f0000000700)=[{&(0x7f0000000780)=""/8, 0x8}, {&(0x7f0000001a00)=""/168, 0xa8}, {&(0x7f0000001bc0)=""/213, 0xd5}, {&(0x7f0000001ac0)=""/200, 0xc8}, {&(0x7f0000002840)=""/194, 0xc2}], 0x5, &(0x7f0000002940)=[@cred={{0x1c}}, @rights={{0x30, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @rights={{0x1c, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, <r5=>0xffffffffffffffff]}}], 0x70}}, {{&(0x7f0000001cc0)=@abs, 0x6e, &(0x7f0000002100)=[{&(0x7f0000001d40)=""/94, 0x5e}, {&(0x7f0000001dc0)=""/105, 0x69}, {&(0x7f0000001e40)=""/184, 0xb8}, {&(0x7f0000001f00)=""/229, 0xe5}, {&(0x7f0000002000)=""/240, 0xf0}], 0x5, &(0x7f0000002180)=[@rights={{0x38, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, <r6=>0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @cred={{0x1c}}], 0x58}}, {{&(0x7f0000002200), 0x6e, &(0x7f00000025c0)=[{&(0x7f0000002280)=""/153, 0x99}, {&(0x7f0000002340)=""/182, 0xb6}, {&(0x7f0000002400)=""/182, 0xb6}, {&(0x7f00000024c0)=""/21, 0x15}, {&(0x7f0000002500)=""/151, 0x97}], 0x5}}], 0x4, 0x2, &(0x7f0000002780)={r3, r4+60000000})
r7 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000000)='./binderfs/binder0\x00', 0x802, 0x0)
mmap$binder(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1, 0x11, r7, 0x10000000000)
mknodat$loop(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x1000, 0x0)
r8 = openat(0xffffffffffffff9c, &(0x7f000000c380)='./file0\x00', 0x20842, 0x0)
write$FUSE_STATFS(r8, &(0x7f0000000200)={0x60, 0x0, 0x0, {{0x9, 0x5, 0x5, 0x2, 0x400069a, 0xae, 0x2400000, 0x800}}}, 0xfffffec2)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r7, 0x4018620d, &(0x7f0000000040)={0x73622a85, 0x10a})
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f00000003c0)={0x8, 0x0, &(0x7f0000000340)=[@acquire], 0xb, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000001c0)={0x4c, 0x0, &(0x7f0000000100)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x70, 0x88, &(0x7f0000000800)={@ptr={0x70742a85, 0x0, 0x0, 0x0, 0x2, 0x1e}, @ptr={0x70742a85, 0x0, &(0x7f0000000900)=""/206, 0xce, 0x1, 0xffffffffffffffff}, @fda={0x66646185, 0x5, 0x1, 0xba}}, &(0x7f0000000240)={0x0, 0x28, 0x50}}, 0x1000}], 0x0, 0x0, 0x0})
r9 = syz_open_dev$dri(&(0x7f0000000180), 0x1, 0x0)
read$FUSE(r6, &(0x7f00000029c0)={0x2020, 0x0, <r10=>0x0}, 0x2020)
write$FUSE_DIRENT(r5, &(0x7f0000004a00)={0xf8, 0xffffffffffffffda, r10, [{0x4, 0x401, 0xf, 0x6, '/dev/dri/card#\x00'}, {0x1, 0xfff, 0x11, 0x7f, '\xcc+%\\$!(%\\@%{-\\.\\@'}, {0x1, 0xf, 0x1, 0x9, '\x00'}, {0x4, 0xfffffffffffff079, 0x13, 0x3, './binderfs/binder0\x00'}, {0x3, 0xaf8, 0x1, 0x4, '\x00'}, {0x3, 0x7, 0x8, 0x465, '{#+u$#:{'}]}, 0xf8)
ioctl$DRM_IOCTL_MODE_CREATEPROPBLOB(r9, 0xc01064bd, &(0x7f00000000c0)={&(0x7f0000000040)="c0e243", 0x3, <r11=>0x0})
ioctl$DRM_IOCTL_MODE_DESTROYPROPBLOB(r9, 0xc00464be, &(0x7f0000000100)={r11})
syz_usb_connect$uac1(0x4, 0x71, &(0x7f0000000440)={{0x12, 0x1, 0x110, 0x0, 0x0, 0x0, 0x40, 0x1d6b, 0x101, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x5f, 0x3, 0x1, 0x6, 0x30, 0x2, {{0x9, 0x4, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, {{0xa, 0x24, 0x1, 0x400, 0xfd}}}, {}, {0x9, 0x4, 0x1, 0x1, 0x1, 0x1, 0x2, 0x0, 0x0, {}, {{0x9, 0x5, 0x1, 0x9, 0x20, 0x2, 0x74, 0x5, {0x7, 0x25, 0x1, 0x2, 0x6, 0x7}}}}, {}, {0x9, 0x4, 0x2, 0x1, 0x1, 0x1, 0x2, 0x0, 0x0, {}, {{0x9, 0x5, 0x82, 0x9, 0x3ff, 0xa, 0xfc, 0x87, {0x7, 0x25, 0x1, 0x2, 0x5c, 0xd5e5}}}}}}}]}}, 0x0)

kernel console output (not intermixed with test programs):

 number: 89 but max is 0
[  467.711441][T10039] usb 2-1: config 0 has no interface number 0
[  467.740620][T10039] usb 2-1: config 0 interface 89 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 64
[  467.781901][T10039] usb 2-1: config 0 interface 89 altsetting 0 endpoint 0xA has invalid maxpacket 1023, setting to 64
[  467.829857][T10039] usb 2-1: New USB device found, idVendor=0bfd, idProduct=0114, bcdDevice= 4.be
[  467.839417][T10039] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  467.856970][T10039] usb 2-1: Product: syz
[  467.861462][T10039] usb 2-1: Manufacturer: syz
[  467.866462][T10039] usb 2-1: SerialNumber: syz
[  467.879469][T10039] usb 2-1: config 0 descriptor??
[  467.895384][T10213] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22
[  467.904532][T10039] kvaser_usb 2-1:0.89: error -ENODEV: Cannot get usb endpoint(s)
[  468.074390][T10031] usb 3-1: new high-speed USB device number 61 using dummy_hcd
[  468.116899][T10039] usb 2-1: USB disconnect, device number 47
[  468.234839][T10031] usb 3-1: Using ep0 maxpacket: 8
[  468.241675][T10031] usb 3-1: config 0 has an invalid interface number: 108 but max is 0
[  468.250391][T10031] usb 3-1: config 0 has no interface number 0
[  468.257737][T10031] usb 3-1: too many endpoints for config 0 interface 108 altsetting 111: 119, using maximum allowed: 30
[  468.283382][T10031] usb 3-1: config 0 interface 108 altsetting 111 has 0 endpoint descriptors, different from the interface descriptor's value: 119
[  468.349751][T10031] usb 3-1: config 0 interface 108 has no altsetting 0
[  468.368117][T10031] usb 3-1: New USB device found, idVendor=0c45, idProduct=613a, bcdDevice=c4.6d
[  468.380791][T10031] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  468.396635][T10031] usb 3-1: Product: syz
[  468.412165][T10031] usb 3-1: Manufacturer: syz
[  468.421931][T10031] usb 3-1: SerialNumber: syz
[  468.440291][T10031] usb 3-1: config 0 descriptor??
[  468.707254][T10031] gspca_main: sonixj-2.14.0 probing 0c45:613a
[  469.223738][T10051] usb 2-1: new high-speed USB device number 48 using dummy_hcd
[  469.370147][T10031] gspca_sonixj: reg_r err -32
[  469.375042][T10031] sonixj 3-1:0.108: probe with driver sonixj failed with error -32
[  469.728536][T10239] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  469.741322][T10239] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  469.824452][T10051] usb 2-1: config 0 interface 0 altsetting 251 endpoint 0x9 has invalid wMaxPacketSize 0
[  469.835084][T10051] usb 2-1: config 0 interface 0 has no altsetting 0
[  469.855587][T10051] usb 2-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b
[  469.864783][T10051] usb 2-1: New USB device strings: Mfr=1, Product=228, SerialNumber=2
[  469.881590][T10051] usb 2-1: Product: syz
[  469.890402][T10051] usb 2-1: Manufacturer: syz
[  469.918818][T10051] usb 2-1: SerialNumber: syz
[  469.932473][   T30] kauditd_printk_skb: 31 callbacks suppressed
[  469.932493][   T30] audit: type=1326 audit(1750236707.919:354): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10242 comm="syz.4.1135" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5578b8e929 code=0x7ffc0000
[  469.941530][T10051] usb 2-1: config 0 descriptor??
[  469.987533][T10051] usb 2-1: selecting invalid altsetting 0
[  470.064651][   T30] audit: type=1326 audit(1750236707.919:355): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10242 comm="syz.4.1135" exe="/root/syz-executor" sig=0 arch=c000003e syscall=46 compat=0 ip=0x7f5578b8e929 code=0x7ffc0000
[  470.093704][   T30] audit: type=1326 audit(1750236707.919:356): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10242 comm="syz.4.1135" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5578b8e929 code=0x7ffc0000
[  470.123410][   T30] audit: type=1326 audit(1750236707.919:357): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10242 comm="syz.4.1135" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5578b8e929 code=0x7ffc0000
[  470.151173][   T30] audit: type=1326 audit(1750236707.919:358): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10242 comm="syz.4.1135" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f5578b8e929 code=0x7ffc0000
[  470.177773][   T30] audit: type=1326 audit(1750236707.919:359): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10242 comm="syz.4.1135" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5578b8e929 code=0x7ffc0000
[  470.210575][   T30] audit: type=1326 audit(1750236707.919:360): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10242 comm="syz.4.1135" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5578b8e929 code=0x7ffc0000
[  470.236561][T10243] syzkaller0: entered promiscuous mode
[  470.243696][T10243] syzkaller0: entered allmulticast mode
[  470.253726][   T30] audit: type=1326 audit(1750236707.919:361): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10242 comm="syz.4.1135" exe="/root/syz-executor" sig=0 arch=c000003e syscall=46 compat=0 ip=0x7f5578b8e929 code=0x7ffc0000
[  470.280792][   T30] audit: type=1326 audit(1750236708.059:362): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10242 comm="syz.4.1135" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5578b8e929 code=0x7ffc0000
[  470.307652][   T30] audit: type=1326 audit(1750236708.059:363): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10242 comm="syz.4.1135" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5578b8e929 code=0x7ffc0000
[  470.623013][T10250] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  470.637018][T10250] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  470.708217][T10051] usb 2-1: USB disconnect, device number 48
[  470.952841][T10050] usb 3-1: USB disconnect, device number 61
[  471.319544][T10257] netlink: 'syz.2.1138': attribute type 10 has an invalid length.
[  471.331338][T10257] netlink: 32 bytes leftover after parsing attributes in process `syz.2.1138'.
[  471.688595][T10050] usb 1-1: new high-speed USB device number 53 using dummy_hcd
[  471.745742][T10269] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
[  471.753026][T10269] IPv6: NLM_F_CREATE should be set when creating new route
[  471.946959][T10050] usb 1-1: config 0 has no interfaces?
[  472.023201][T10050] usb 1-1: New USB device found, idVendor=091e, idProduct=0003, bcdDevice=d7.3b
[  472.056549][T10050] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  472.085272][T10050] usb 1-1: Product: syz
[  472.100533][T10050] usb 1-1: Manufacturer: syz
[  472.133362][T10050] usb 1-1: SerialNumber: syz
[  472.198752][T10050] usb 1-1: config 0 descriptor??
[  472.420921][T10277] tipc: Enabling of bearer <udp:syz1> rejected, failed to enable media
[  472.915165][T10282] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1145'.
[  474.010833][T10050] usb 1-1: USB disconnect, device number 53
[  474.308263][T10296] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  474.401903][T10297] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1150'.
[  474.588061][T10304] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1152'.
[  474.688137][T10305] input: syz0 as /devices/virtual/input/input27
[  475.063766][T10031] usb 1-1: new high-speed USB device number 54 using dummy_hcd
[  475.328996][T10031] usb 1-1: config 0 has an invalid interface number: 255 but max is 0
[  475.353740][T10031] usb 1-1: config 0 has no interface number 0
[  475.367351][T10031] usb 1-1: config 0 interface 255 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0
[  475.396030][T10031] usb 1-1: config 0 interface 255 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 0
[  475.449518][T10031] usb 1-1: New USB device found, idVendor=10cf, idProduct=8065, bcdDevice=91.79
[  475.490823][T10031] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  475.556944][T10031] usb 1-1: Product: syz
[  475.573373][T10031] usb 1-1: Manufacturer: syz
[  475.583675][T10050] usb 3-1: new high-speed USB device number 62 using dummy_hcd
[  475.603637][T10031] usb 1-1: SerialNumber: syz
[  475.658990][T10031] usb 1-1: config 0 descriptor??
[  475.722388][T10031] vmk80xx 1-1:0.255: driver 'vmk80xx' failed to auto-configure device.
[  475.774013][T10031] vmk80xx 1-1:0.255: probe with driver vmk80xx failed with error -22
[  475.941195][T10050] usb 3-1: config 0 has no interfaces?
[  475.953721][   T51] Bluetooth: hci2: unexpected event for opcode 0x2062
[  476.107204][T10050] usb 3-1: New USB device found, idVendor=091e, idProduct=0003, bcdDevice=d7.3b
[  476.169651][T10050] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  476.179777][T10050] usb 3-1: Product: syz
[  476.190358][T10050] usb 3-1: Manufacturer: syz
[  476.196626][T10050] usb 3-1: SerialNumber: syz
[  476.223117][T10050] usb 3-1: config 0 descriptor??
[  476.388053][T10051] usb 1-1: USB disconnect, device number 54
[  477.828613][T10334] netlink: 4400 bytes leftover after parsing attributes in process `syz.0.1163'.
[  477.861876][ T5842] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[  477.862339][T10334] sysfs: cannot create duplicate filename '/class/ieee80211/�`]��I�q�!�>�s���*��!)\�+`�iF=#'
[  477.883645][ T5842] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[  477.892156][ T5842] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[  477.903278][ T5842] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[  477.912303][ T5842] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[  477.940326][T10334] CPU: 1 UID: 0 PID: 10334 Comm: syz.0.1163 Not tainted 6.16.0-rc2-syzkaller-00047-g52da431bf03b #0 PREEMPT(full) 
[  477.940359][T10334] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  477.940373][T10334] Call Trace:
[  477.940383][T10334]  <TASK>
[  477.940394][T10334]  dump_stack_lvl+0x189/0x250
[  477.940450][T10334]  ? __pfx_dump_stack_lvl+0x10/0x10
[  477.940485][T10334]  ? __pfx__printk+0x10/0x10
[  477.940509][T10334]  ? kernfs_path_from_node+0x2c/0x260
[  477.940549][T10334]  ? kernfs_path_from_node+0x2c/0x260
[  477.940570][T10334]  ? kernfs_path_from_node+0x2c/0x260
[  477.940596][T10334]  ? kernfs_path_from_node+0x22c/0x260
[  477.940619][T10334]  ? kernfs_path_from_node+0x2c/0x260
[  477.940648][T10334]  sysfs_warn_dup+0x8e/0xa0
[  477.940683][T10334]  sysfs_do_create_link_sd+0xc0/0x110
[  477.940709][T10334]  device_add_class_symlinks+0x1cf/0x240
[  477.940736][T10334]  device_add+0x475/0xb50
[  477.940759][T10334]  wiphy_register+0x199a/0x26b0
[  477.940796][T10334]  ? __pfx_wiphy_register+0x10/0x10
[  477.940817][T10334]  ? minstrel_ht_alloc+0x6dd/0x7e0
[  477.940846][T10334]  ? ieee80211_init_rate_ctrl_alg+0x56d/0x5f0
[  477.940876][T10334]  ieee80211_register_hw+0x33e1/0x4120
[  477.940920][T10334]  ? ieee80211_register_hw+0x1451/0x4120
[  477.940962][T10334]  ? __pfx_ieee80211_register_hw+0x10/0x10
[  477.940993][T10334]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  477.941034][T10334]  ? __hrtimer_setup+0x187/0x210
[  477.941065][T10334]  ? __pfx_mac80211_hwsim_beacon+0x10/0x10
[  477.941093][T10334]  mac80211_hwsim_new_radio+0x2f0e/0x5340
[  477.941144][T10334]  ? __pfx_mac80211_hwsim_new_radio+0x10/0x10
[  477.941163][T10334]  ? trace_kmalloc+0x1f/0xd0
[  477.941178][T10334]  ? __kmalloc_node_track_caller_noprof+0x28e/0x4e0
[  477.941198][T10334]  ? kstrndup+0xbf/0x160
[  477.941232][T10334]  hwsim_new_radio_nl+0xea4/0x1b10
[  477.941256][T10334]  ? __pfx___nla_validate_parse+0x10/0x10
[  477.941302][T10334]  ? __pfx_hwsim_new_radio_nl+0x10/0x10
[  477.941336][T10334]  ? __nla_parse+0x40/0x60
[  477.941369][T10334]  ? genl_family_rcv_msg_attrs_parse+0x1c9/0x2a0
[  477.941418][T10334]  genl_family_rcv_msg_doit+0x212/0x300
[  477.941458][T10334]  ? __pfx_genl_family_rcv_msg_doit+0x10/0x10
[  477.941500][T10334]  ? bpf_lsm_capable+0x9/0x20
[  477.941518][T10334]  ? security_capable+0x7e/0x2e0
[  477.941551][T10334]  genl_rcv_msg+0x60e/0x790
[  477.941589][T10334]  ? __pfx_genl_rcv_msg+0x10/0x10
[  477.941617][T10334]  ? ref_tracker_free+0x63a/0x7d0
[  477.941644][T10334]  ? __pfx_hwsim_new_radio_nl+0x10/0x10
[  477.941665][T10334]  ? __pfx_ref_tracker_free+0x10/0x10
[  477.941722][T10334]  netlink_rcv_skb+0x205/0x470
[  477.941749][T10334]  ? __pfx_genl_rcv_msg+0x10/0x10
[  477.941783][T10334]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  477.941836][T10334]  ? down_read+0x1ad/0x2e0
[  477.941878][T10334]  genl_rcv+0x28/0x40
[  477.941908][T10334]  netlink_unicast+0x758/0x8d0
[  477.941943][T10334]  netlink_sendmsg+0x805/0xb30
[  477.941980][T10334]  ? __pfx_netlink_sendmsg+0x10/0x10
[  477.942010][T10334]  ? aa_sock_msg_perm+0x94/0x160
[  477.942041][T10334]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  477.942069][T10334]  ? __pfx_netlink_sendmsg+0x10/0x10
[  477.942095][T10334]  __sock_sendmsg+0x21c/0x270
[  477.942132][T10334]  ____sys_sendmsg+0x505/0x830
[  477.942165][T10334]  ? __pfx_____sys_sendmsg+0x10/0x10
[  477.942203][T10334]  ? import_iovec+0x74/0xa0
[  477.942228][T10334]  ___sys_sendmsg+0x21f/0x2a0
[  477.942257][T10334]  ? __pfx____sys_sendmsg+0x10/0x10
[  477.942323][T10334]  ? __fget_files+0x2a/0x420
[  477.942348][T10334]  ? __fget_files+0x3a0/0x420
[  477.942386][T10334]  __x64_sys_sendmsg+0x19b/0x260
[  477.942430][T10334]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  477.942469][T10334]  ? rcu_is_watching+0x15/0xb0
[  477.942511][T10334]  ? do_syscall_64+0xbe/0x3b0
[  477.942537][T10334]  do_syscall_64+0xfa/0x3b0
[  477.942556][T10334]  ? lockdep_hardirqs_on+0x9c/0x150
[  477.942589][T10334]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  477.942611][T10334]  ? clear_bhb_loop+0x60/0xb0
[  477.942639][T10334]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  477.942661][T10334] RIP: 0033:0x7fe37798e929
[  477.942681][T10334] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  477.942701][T10334] RSP: 002b:00007fe3787fa038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  477.942725][T10334] RAX: ffffffffffffffda RBX: 00007fe377bb5fa0 RCX: 00007fe37798e929
[  477.942741][T10334] RDX: 0000000000000084 RSI: 0000200000000100 RDI: 0000000000000004
[  477.942755][T10334] RBP: 00007fe377a10b39 R08: 0000000000000000 R09: 0000000000000000
[  477.942768][T10334] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  477.942781][T10334] R13: 0000000000000000 R14: 00007fe377bb5fa0 R15: 00007fe377cdfa28
[  477.942815][T10334]  </TASK>
[  478.403223][    C1] vkms_vblank_simulate: vblank timer overrun
[  478.960055][T10342] netlink: 4400 bytes leftover after parsing attributes in process `syz.0.1165'.
[  478.963548][T10051] usb 3-1: USB disconnect, device number 62
[  479.008902][T10342] sysfs: cannot create duplicate filename '/class/ieee80211/�`]��I�q�!�>�s���*��!)\�+`�iF=#'
[  479.023727][T10342] CPU: 0 UID: 0 PID: 10342 Comm: syz.0.1165 Not tainted 6.16.0-rc2-syzkaller-00047-g52da431bf03b #0 PREEMPT(full) 
[  479.023761][T10342] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  479.023775][T10342] Call Trace:
[  479.023784][T10342]  <TASK>
[  479.023794][T10342]  dump_stack_lvl+0x189/0x250
[  479.023839][T10342]  ? __pfx_dump_stack_lvl+0x10/0x10
[  479.023876][T10342]  ? __pfx__printk+0x10/0x10
[  479.023901][T10342]  ? kernfs_path_from_node+0x2c/0x260
[  479.023929][T10342]  ? kernfs_path_from_node+0x2c/0x260
[  479.023955][T10342]  ? kernfs_path_from_node+0x2c/0x260
[  479.023984][T10342]  ? kernfs_path_from_node+0x22c/0x260
[  479.024009][T10342]  ? kernfs_path_from_node+0x2c/0x260
[  479.024039][T10342]  sysfs_warn_dup+0x8e/0xa0
[  479.024064][T10342]  sysfs_do_create_link_sd+0xc0/0x110
[  479.024094][T10342]  device_add_class_symlinks+0x1cf/0x240
[  479.024124][T10342]  device_add+0x475/0xb50
[  479.024152][T10342]  wiphy_register+0x199a/0x26b0
[  479.024197][T10342]  ? __pfx_wiphy_register+0x10/0x10
[  479.024221][T10342]  ? minstrel_ht_alloc+0x6dd/0x7e0
[  479.024256][T10342]  ? ieee80211_init_rate_ctrl_alg+0x56d/0x5f0
[  479.024290][T10342]  ieee80211_register_hw+0x33e1/0x4120
[  479.024366][T10342]  ? ieee80211_register_hw+0x1451/0x4120
[  479.024405][T10342]  ? __pfx_ieee80211_register_hw+0x10/0x10
[  479.024440][T10342]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  479.024480][T10342]  ? __hrtimer_setup+0x187/0x210
[  479.024512][T10342]  ? __pfx_mac80211_hwsim_beacon+0x10/0x10
[  479.024543][T10342]  mac80211_hwsim_new_radio+0x2f0e/0x5340
[  479.024599][T10342]  ? __pfx_mac80211_hwsim_new_radio+0x10/0x10
[  479.024622][T10342]  ? trace_kmalloc+0x1f/0xd0
[  479.024639][T10342]  ? __kmalloc_node_track_caller_noprof+0x28e/0x4e0
[  479.024661][T10342]  ? kstrndup+0xbf/0x160
[  479.024701][T10342]  hwsim_new_radio_nl+0xea4/0x1b10
[  479.024726][T10342]  ? __pfx___nla_validate_parse+0x10/0x10
[  479.024781][T10342]  ? __pfx_hwsim_new_radio_nl+0x10/0x10
[  479.024820][T10342]  ? __nla_parse+0x40/0x60
[  479.024858][T10342]  ? genl_family_rcv_msg_attrs_parse+0x1c9/0x2a0
[  479.024904][T10342]  genl_family_rcv_msg_doit+0x212/0x300
[  479.024947][T10342]  ? __pfx_genl_family_rcv_msg_doit+0x10/0x10
[  479.024997][T10342]  ? bpf_lsm_capable+0x9/0x20
[  479.025016][T10342]  ? security_capable+0x7e/0x2e0
[  479.025051][T10342]  genl_rcv_msg+0x60e/0x790
[  479.025091][T10342]  ? __pfx_genl_rcv_msg+0x10/0x10
[  479.025120][T10342]  ? ref_tracker_free+0x63a/0x7d0
[  479.025148][T10342]  ? __pfx_hwsim_new_radio_nl+0x10/0x10
[  479.025170][T10342]  ? __pfx_ref_tracker_free+0x10/0x10
[  479.025213][T10342]  netlink_rcv_skb+0x205/0x470
[  479.025240][T10342]  ? __pfx_genl_rcv_msg+0x10/0x10
[  479.025275][T10342]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  479.025328][T10342]  ? down_read+0x1ad/0x2e0
[  479.025355][T10342]  genl_rcv+0x28/0x40
[  479.025387][T10342]  netlink_unicast+0x758/0x8d0
[  479.025425][T10342]  netlink_sendmsg+0x805/0xb30
[  479.025465][T10342]  ? __pfx_netlink_sendmsg+0x10/0x10
[  479.025497][T10342]  ? aa_sock_msg_perm+0x94/0x160
[  479.025528][T10342]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  479.025557][T10342]  ? __pfx_netlink_sendmsg+0x10/0x10
[  479.025586][T10342]  __sock_sendmsg+0x21c/0x270
[  479.025626][T10342]  ____sys_sendmsg+0x505/0x830
[  479.025664][T10342]  ? __pfx_____sys_sendmsg+0x10/0x10
[  479.025705][T10342]  ? import_iovec+0x74/0xa0
[  479.025733][T10342]  ___sys_sendmsg+0x21f/0x2a0
[  479.025766][T10342]  ? __pfx____sys_sendmsg+0x10/0x10
[  479.025839][T10342]  ? __fget_files+0x2a/0x420
[  479.025863][T10342]  ? __fget_files+0x3a0/0x420
[  479.025902][T10342]  __x64_sys_sendmsg+0x19b/0x260
[  479.025935][T10342]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  479.025976][T10342]  ? rcu_is_watching+0x15/0xb0
[  479.026018][T10342]  ? do_syscall_64+0xbe/0x3b0
[  479.026043][T10342]  do_syscall_64+0xfa/0x3b0
[  479.026063][T10342]  ? lockdep_hardirqs_on+0x9c/0x150
[  479.026094][T10342]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  479.026113][T10342]  ? clear_bhb_loop+0x60/0xb0
[  479.026135][T10342]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  479.026152][T10342] RIP: 0033:0x7fe37798e929
[  479.026169][T10342] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  479.026186][T10342] RSP: 002b:00007fe3787fa038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  479.026206][T10342] RAX: ffffffffffffffda RBX: 00007fe377bb5fa0 RCX: 00007fe37798e929
[  479.026219][T10342] RDX: 0000000000000084 RSI: 0000200000000100 RDI: 0000000000000004
[  479.026231][T10342] RBP: 00007fe377a10b39 R08: 0000000000000000 R09: 0000000000000000
[  479.026243][T10342] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  479.026254][T10342] R13: 0000000000000000 R14: 00007fe377bb5fa0 R15: 00007fe377cdfa28
[  479.026282][T10342]  </TASK>
[  479.801123][T10336] chnl_net:caif_netlink_parms(): no params data found
[  479.873777][T10051] usb 3-1: new high-speed USB device number 63 using dummy_hcd
[  479.995312][ T5842] Bluetooth: hci2: Controller not accepting commands anymore: ncmd = 0
[  480.004367][ T5842] Bluetooth: hci2: Injecting HCI hardware error event
[  480.012874][ T5842] Bluetooth: hci2: hardware error 0x00
[  480.073734][T10051] usb 3-1: Using ep0 maxpacket: 16
[  480.116355][T10051] usb 3-1: config 0 has an invalid interface number: 251 but max is 0
[  480.137624][T10051] usb 3-1: config 0 has no interface number 0
[  480.157249][T10051] usb 3-1: config 0 interface 251 altsetting 0 bulk endpoint 0x4 has invalid maxpacket 16
[  480.175742][T10336] bridge0: port 1(bridge_slave_0) entered blocking state
[  480.187135][T10336] bridge0: port 1(bridge_slave_0) entered disabled state
[  480.191838][T10051] usb 3-1: config 0 interface 251 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 64
[  480.197409][T10336] bridge_slave_0: entered allmulticast mode
[  480.221605][T10051] usb 3-1: New USB device found, idVendor=0b95, idProduct=172a, bcdDevice=f7.f4
[  480.226436][T10336] bridge_slave_0: entered promiscuous mode
[  480.238161][T10051] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  480.272576][T10051] usb 3-1: Product: syz
[  480.278070][T10051] usb 3-1: Manufacturer: syz
[  480.282810][T10051] usb 3-1: SerialNumber: syz
[  480.314076][T10364] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1168'.
[  480.334727][T10336] bridge0: port 2(bridge_slave_1) entered blocking state
[  480.350342][T10051] usb 3-1: config 0 descriptor??
[  480.354114][T10336] bridge0: port 2(bridge_slave_1) entered disabled state
[  480.357749][T10345] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22
[  480.376547][T10336] bridge_slave_1: entered allmulticast mode
[  480.377279][T10345] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22
[  480.399785][T10336] bridge_slave_1: entered promiscuous mode
[  480.413795][ T9670] usb 2-1: new high-speed USB device number 49 using dummy_hcd
[  480.497136][   T51] Bluetooth: hci1: command tx timeout
[  480.543679][ T9670] usb 2-1: device descriptor read/64, error -71
[  480.557736][T10368] SET target dimension over the limit!
[  480.600086][T10336] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  480.618244][T10345] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22
[  480.625850][T10345] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22
[  480.640050][T10336] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  480.790792][T10336] team0: Port device team_slave_0 added
[  480.801705][ T9670] usb 2-1: new high-speed USB device number 50 using dummy_hcd
[  480.841609][T10371] netlink: 104 bytes leftover after parsing attributes in process `syz.0.1173'.
[  480.872532][T10336] team0: Port device team_slave_1 added
[  480.950900][T10336] batman_adv: batadv0: Adding interface: batadv_slave_0
[  480.963845][ T9670] usb 2-1: device descriptor read/64, error -71
[  480.963864][T10336] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  481.052003][T10336] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  481.073939][T10345] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  481.082698][T10345] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  481.092224][ T9670] usb usb2-port1: attempt power cycle
[  481.276679][T10336] batman_adv: batadv0: Adding interface: batadv_slave_1
[  481.286751][T10336] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  481.307517][T10051] asix 3-1:0.251 (unnamed net_device) (uninitialized): Invalid PHY address 0xd9
[  481.327866][T10336] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  481.443845][ T9670] usb 2-1: new high-speed USB device number 51 using dummy_hcd
[  481.466175][ T9670] usb 2-1: device descriptor read/8, error -71
[  481.618125][T10051] usb 3-1: USB disconnect, device number 63
[  481.643172][T10336] hsr_slave_0: entered promiscuous mode
[  481.682203][T10336] hsr_slave_1: entered promiscuous mode
[  481.706621][T10336] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  481.713618][ T9670] usb 2-1: new high-speed USB device number 52 using dummy_hcd
[  481.723988][T10336] Cannot create hsr debugfs directory
[  481.744465][ T9670] usb 2-1: device descriptor read/8, error -71
[  481.917510][ T9670] usb usb2-port1: unable to enumerate USB device
[  482.073613][ T5842] Bluetooth: hci2: Opcode 0x0c03 failed: -110
[  482.554934][ T5842] Bluetooth: hci1: command tx timeout
[  482.557890][T10377] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=3070988179 (3070988179 ns) > initial count (1876204212 ns). Using initial count to start timer.
[  483.040190][T10336] netdevsim netdevsim4 netdevsim0: renamed from eth0
[  483.064997][T10336] netdevsim netdevsim4 netdevsim1: renamed from eth1
[  483.078885][T10336] netdevsim netdevsim4 netdevsim2: renamed from eth2
[  483.113227][T10336] netdevsim netdevsim4 netdevsim3: renamed from eth3
[  483.434747][T10039] usb 1-1: new high-speed USB device number 55 using dummy_hcd
[  483.524529][T10336] 8021q: adding VLAN 0 to HW filter on device bond0
[  483.578941][T10336] 8021q: adding VLAN 0 to HW filter on device team0
[  483.598524][ T9150] bridge0: port 1(bridge_slave_0) entered blocking state
[  483.605756][ T9150] bridge0: port 1(bridge_slave_0) entered forwarding state
[  483.633990][T10039] usb 1-1: Using ep0 maxpacket: 32
[  483.647688][ T9148] bridge0: port 2(bridge_slave_1) entered blocking state
[  483.654981][ T9148] bridge0: port 2(bridge_slave_1) entered forwarding state
[  483.665339][T10039] usb 1-1: New USB device found, idVendor=041e, idProduct=400b, bcdDevice=3e.e7
[  483.675706][T10039] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  483.697202][T10039] usb 1-1: config 0 descriptor??
[  483.729841][T10039] gspca_main: sunplus-2.14.0 probing 041e:400b
[  483.910932][T10336] 8021q: adding VLAN 0 to HW filter on device batadv0
[  484.109923][T10336] veth0_vlan: entered promiscuous mode
[  484.139667][T10336] veth1_vlan: entered promiscuous mode
[  484.226771][T10336] veth0_macvtap: entered promiscuous mode
[  484.257260][T10336] veth1_macvtap: entered promiscuous mode
[  484.331114][T10336] batman_adv: batadv0: Interface activated: batadv_slave_0
[  484.359606][T10336] batman_adv: batadv0: Interface activated: batadv_slave_1
[  484.397628][T10336] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  484.423781][T10336] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  484.432686][T10336] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  484.480154][T10336] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  484.635099][ T5842] Bluetooth: hci1: command tx timeout
[  484.676431][ T9153] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  484.710621][ T9153] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  484.851684][ T9153] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  484.876514][T10039] gspca_sunplus: reg_w_riv err -71
[  484.902194][T10039] sunplus 1-1:0.0: probe with driver sunplus failed with error -71
[  484.920504][ T9153] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  484.971700][T10039] usb 1-1: USB disconnect, device number 55
[  485.283001][T10413] netlink: 2052 bytes leftover after parsing attributes in process `syz.1.1184'.
[  485.300913][T10413] (unnamed net_device) (uninitialized): option lacp_active: mode dependency failed, not supported in mode balance-rr(0)
[  485.542703][T10419] netlink: 2048 bytes leftover after parsing attributes in process `syz.2.1185'.
[  485.562363][T10419] netlink: 24 bytes leftover after parsing attributes in process `syz.2.1185'.
[  485.703769][ T9670] usb 4-1: new high-speed USB device number 50 using dummy_hcd
[  486.287624][ T9670] usb 4-1: config 0 has no interfaces?
[  486.300036][ T9670] usb 4-1: New USB device found, idVendor=091e, idProduct=0003, bcdDevice=d7.3b
[  486.403654][ T9670] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  486.439494][ T9670] usb 4-1: Product: syz
[  486.492835][ T9670] usb 4-1: Manufacturer: syz
[  486.516397][ T9670] usb 4-1: SerialNumber: syz
[  486.574575][ T9670] usb 4-1: config 0 descriptor??
[  486.707330][   T30] kauditd_printk_skb: 27 callbacks suppressed
[  486.707348][   T30] audit: type=1326 audit(1750236724.699:391): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10429 comm="syz.0.1189" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe37798e929 code=0x7ffc0000
[  486.740709][ T5842] Bluetooth: hci1: command tx timeout
[  486.770698][   T30] audit: type=1326 audit(1750236724.749:392): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10429 comm="syz.0.1189" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7fe37798d290 code=0x7ffc0000
[  486.793087][    C1] vkms_vblank_simulate: vblank timer overrun
[  486.832598][T10431] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1188'.
[  486.884795][T10436] netlink: 4400 bytes leftover after parsing attributes in process `syz.2.1188'.
[  486.913053][T10436] sysfs: cannot create duplicate filename '/class/ieee80211/�`]��I�q�!�>�s���*��!)\�+`�iF=#'
[  486.951537][T10436] CPU: 0 UID: 0 PID: 10436 Comm: syz.2.1188 Not tainted 6.16.0-rc2-syzkaller-00047-g52da431bf03b #0 PREEMPT(full) 
[  486.951559][T10436] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  486.951568][T10436] Call Trace:
[  486.951574][T10436]  <TASK>
[  486.951580][T10436]  dump_stack_lvl+0x189/0x250
[  486.951610][T10436]  ? __pfx_dump_stack_lvl+0x10/0x10
[  486.951633][T10436]  ? __pfx__printk+0x10/0x10
[  486.951649][T10436]  ? kernfs_path_from_node+0x2c/0x260
[  486.951667][T10436]  ? kernfs_path_from_node+0x2c/0x260
[  486.951682][T10436]  ? kernfs_path_from_node+0x2c/0x260
[  486.951700][T10436]  ? kernfs_path_from_node+0x22c/0x260
[  486.951716][T10436]  ? kernfs_path_from_node+0x2c/0x260
[  486.951735][T10436]  sysfs_warn_dup+0x8e/0xa0
[  486.951752][T10436]  sysfs_do_create_link_sd+0xc0/0x110
[  486.951771][T10436]  device_add_class_symlinks+0x1cf/0x240
[  486.951790][T10436]  device_add+0x475/0xb50
[  486.951807][T10436]  wiphy_register+0x199a/0x26b0
[  486.951835][T10436]  ? __pfx_wiphy_register+0x10/0x10
[  486.951850][T10436]  ? minstrel_ht_alloc+0x6dd/0x7e0
[  486.951872][T10436]  ? ieee80211_init_rate_ctrl_alg+0x56d/0x5f0
[  486.951894][T10436]  ieee80211_register_hw+0x33e1/0x4120
[  486.951926][T10436]  ? ieee80211_register_hw+0x1451/0x4120
[  486.951951][T10436]  ? __pfx_ieee80211_register_hw+0x10/0x10
[  486.951973][T10436]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  486.952000][T10436]  ? __hrtimer_setup+0x187/0x210
[  486.952021][T10436]  ? __pfx_mac80211_hwsim_beacon+0x10/0x10
[  486.952041][T10436]  mac80211_hwsim_new_radio+0x2f0e/0x5340
[  486.952076][T10436]  ? __pfx_mac80211_hwsim_new_radio+0x10/0x10
[  486.952090][T10436]  ? trace_kmalloc+0x1f/0xd0
[  486.952101][T10436]  ? __kmalloc_node_track_caller_noprof+0x28e/0x4e0
[  486.952115][T10436]  ? kstrndup+0xbf/0x160
[  486.952140][T10436]  hwsim_new_radio_nl+0xea4/0x1b10
[  486.952157][T10436]  ? __pfx___nla_validate_parse+0x10/0x10
[  486.952188][T10436]  ? __pfx_hwsim_new_radio_nl+0x10/0x10
[  486.952212][T10436]  ? __nla_parse+0x40/0x60
[  486.952235][T10436]  ? genl_family_rcv_msg_attrs_parse+0x1c9/0x2a0
[  486.952264][T10436]  genl_family_rcv_msg_doit+0x212/0x300
[  486.952291][T10436]  ? __pfx_genl_family_rcv_msg_doit+0x10/0x10
[  486.952322][T10436]  ? bpf_lsm_capable+0x9/0x20
[  486.952335][T10436]  ? security_capable+0x7e/0x2e0
[  486.952359][T10436]  genl_rcv_msg+0x60e/0x790
[  486.952384][T10436]  ? __pfx_genl_rcv_msg+0x10/0x10
[  486.952404][T10436]  ? ref_tracker_free+0x63a/0x7d0
[  486.952422][T10436]  ? __pfx_hwsim_new_radio_nl+0x10/0x10
[  486.952437][T10436]  ? __pfx_ref_tracker_free+0x10/0x10
[  486.952492][T10436]  netlink_rcv_skb+0x205/0x470
[  486.952511][T10436]  ? __pfx_genl_rcv_msg+0x10/0x10
[  486.952535][T10436]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  486.952566][T10436]  ? down_read+0x1ad/0x2e0
[  486.952584][T10436]  genl_rcv+0x28/0x40
[  486.952604][T10436]  netlink_unicast+0x758/0x8d0
[  486.952628][T10436]  netlink_sendmsg+0x805/0xb30
[  486.952654][T10436]  ? __pfx_netlink_sendmsg+0x10/0x10
[  486.952675][T10436]  ? aa_sock_msg_perm+0x94/0x160
[  486.952696][T10436]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  486.952716][T10436]  ? __pfx_netlink_sendmsg+0x10/0x10
[  486.952735][T10436]  __sock_sendmsg+0x21c/0x270
[  486.952761][T10436]  ____sys_sendmsg+0x505/0x830
[  486.952785][T10436]  ? __pfx_____sys_sendmsg+0x10/0x10
[  486.952812][T10436]  ? import_iovec+0x74/0xa0
[  486.952829][T10436]  ___sys_sendmsg+0x21f/0x2a0
[  486.952851][T10436]  ? __pfx____sys_sendmsg+0x10/0x10
[  486.952898][T10436]  ? __fget_files+0x2a/0x420
[  486.952915][T10436]  ? __fget_files+0x3a0/0x420
[  486.952940][T10436]  __x64_sys_sendmsg+0x19b/0x260
[  486.952961][T10436]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  486.952989][T10436]  ? rcu_is_watching+0x15/0xb0
[  486.953017][T10436]  ? do_syscall_64+0xbe/0x3b0
[  486.953034][T10436]  do_syscall_64+0xfa/0x3b0
[  486.953047][T10436]  ? lockdep_hardirqs_on+0x9c/0x150
[  486.953069][T10436]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  486.953084][T10436]  ? clear_bhb_loop+0x60/0xb0
[  486.953102][T10436]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  486.953117][T10436] RIP: 0033:0x7fbd7b98e929
[  486.953131][T10436] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  486.953145][T10436] RSP: 002b:00007fbd7c7b9038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  486.953161][T10436] RAX: ffffffffffffffda RBX: 00007fbd7bbb6080 RCX: 00007fbd7b98e929
[  486.953172][T10436] RDX: 0000000000000084 RSI: 0000200000000100 RDI: 0000000000000004
[  486.953182][T10436] RBP: 00007fbd7ba10b39 R08: 0000000000000000 R09: 0000000000000000
[  486.953191][T10436] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  486.953200][T10436] R13: 0000000000000000 R14: 00007fbd7bbb6080 R15: 00007fbd7bcdfa28
[  486.953223][T10436]  </TASK>
[  487.498039][   T30] audit: type=1326 audit(1750236724.749:393): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10429 comm="syz.0.1189" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe37798e929 code=0x7ffc0000
[  487.520593][   T30] audit: type=1326 audit(1750236724.749:394): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10429 comm="syz.0.1189" exe="/root/syz-executor" sig=0 arch=c000003e syscall=186 compat=0 ip=0x7fe37798e929 code=0x7ffc0000
[  487.543009][   T30] audit: type=1326 audit(1750236724.749:395): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10429 comm="syz.0.1189" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe37798e929 code=0x7ffc0000
[  487.566336][   T30] audit: type=1326 audit(1750236724.749:396): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10429 comm="syz.0.1189" exe="/root/syz-executor" sig=0 arch=c000003e syscall=222 compat=0 ip=0x7fe37798e929 code=0x7ffc0000
[  487.588767][   T30] audit: type=1326 audit(1750236724.749:397): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10429 comm="syz.0.1189" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe37798e929 code=0x7ffc0000
[  487.611186][   T30] audit: type=1326 audit(1750236724.749:398): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10429 comm="syz.0.1189" exe="/root/syz-executor" sig=0 arch=c000003e syscall=223 compat=0 ip=0x7fe37798e929 code=0x7ffc0000
[  487.633575][   T30] audit: type=1326 audit(1750236724.749:399): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10429 comm="syz.0.1189" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7fe3779858e7 code=0x7ffc0000
[  487.655873][   T30] audit: type=1326 audit(1750236724.749:400): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10429 comm="syz.0.1189" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7fe37792ab19 code=0x7ffc0000
[  487.726313][T10414] loop4: detected capacity change from 0 to 524255232
[  487.786365][T10414] Dev loop4: unable to read RDB block 8
[  487.792334][T10414]  loop4: unable to read partition table
[  487.798698][T10414] loop_reread_partitions: partition scan of loop4 (3�����) failed (rc=-5)
[  487.915118][T10035] usb 2-1: new low-speed USB device number 53 using dummy_hcd
[  488.421164][T10444] netlink: 4400 bytes leftover after parsing attributes in process `syz.4.1192'.
[  488.510588][T10444] debugfs: Directory '�`]��I�q�!�>�s���*��!)\�+`�iF=#' with parent 'ieee80211' already present!
[  488.533561][T10035] usb 2-1: Invalid ep0 maxpacket: 16
[  488.778168][ T9670] usb 4-1: USB disconnect, device number 50
[  488.784955][T10035] usb 2-1: new low-speed USB device number 54 using dummy_hcd
[  488.935046][T10446] netlink: 4400 bytes leftover after parsing attributes in process `syz.2.1193'.
[  488.974366][T10035] usb 2-1: Invalid ep0 maxpacket: 16
[  489.006939][T10035] usb usb2-port1: attempt power cycle
[  489.448014][T10035] usb 2-1: new low-speed USB device number 55 using dummy_hcd
[  489.881995][T10465] netlink: 'syz.3.1196': attribute type 10 has an invalid length.
[  489.944142][T10465] netlink: 40 bytes leftover after parsing attributes in process `syz.3.1196'.
[  490.066460][T10465] team0: Port device geneve0 added
[  490.743824][T10051] usb 5-1: new high-speed USB device number 59 using dummy_hcd
[  490.923638][T10051] usb 5-1: device descriptor read/64, error -71
[  491.183843][T10051] usb 5-1: new high-speed USB device number 60 using dummy_hcd
[  491.333610][T10051] usb 5-1: device descriptor read/64, error -71
[  491.424363][T10035] usb 2-1: device descriptor read/8, error -71
[  491.444012][T10051] usb usb5-port1: attempt power cycle
[  491.870074][T10051] usb 5-1: new high-speed USB device number 61 using dummy_hcd
[  491.909109][T10051] usb 5-1: device descriptor read/8, error -71
[  492.216780][T10487] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1203'.
[  492.226327][T10051] usb 5-1: new high-speed USB device number 62 using dummy_hcd
[  492.254268][T10051] usb 5-1: device descriptor read/8, error -71
[  492.282633][T10487] netlink: 4400 bytes leftover after parsing attributes in process `syz.0.1203'.
[  492.320697][T10487] sysfs: cannot create duplicate filename '/class/ieee80211/�`]��I�q�!�>�s���*��!)\�+`�iF=#'
[  492.333109][T10487] CPU: 0 UID: 0 PID: 10487 Comm: syz.0.1203 Not tainted 6.16.0-rc2-syzkaller-00047-g52da431bf03b #0 PREEMPT(full) 
[  492.333137][T10487] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  492.333147][T10487] Call Trace:
[  492.333154][T10487]  <TASK>
[  492.333161][T10487]  dump_stack_lvl+0x189/0x250
[  492.333194][T10487]  ? __pfx_dump_stack_lvl+0x10/0x10
[  492.333226][T10487]  ? __pfx__printk+0x10/0x10
[  492.333244][T10487]  ? kernfs_path_from_node+0x2c/0x260
[  492.333264][T10487]  ? kernfs_path_from_node+0x2c/0x260
[  492.333282][T10487]  ? kernfs_path_from_node+0x2c/0x260
[  492.333302][T10487]  ? kernfs_path_from_node+0x22c/0x260
[  492.333320][T10487]  ? kernfs_path_from_node+0x2c/0x260
[  492.333341][T10487]  sysfs_warn_dup+0x8e/0xa0
[  492.333359][T10487]  sysfs_do_create_link_sd+0xc0/0x110
[  492.333380][T10487]  device_add_class_symlinks+0x1cf/0x240
[  492.333401][T10487]  device_add+0x475/0xb50
[  492.333421][T10487]  wiphy_register+0x199a/0x26b0
[  492.333453][T10487]  ? __pfx_wiphy_register+0x10/0x10
[  492.333478][T10487]  ? minstrel_ht_alloc+0x6dd/0x7e0
[  492.333513][T10487]  ? ieee80211_init_rate_ctrl_alg+0x56d/0x5f0
[  492.333545][T10487]  ieee80211_register_hw+0x33e1/0x4120
[  492.333594][T10487]  ? ieee80211_register_hw+0x1451/0x4120
[  492.333633][T10487]  ? __pfx_ieee80211_register_hw+0x10/0x10
[  492.333669][T10487]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  492.333706][T10487]  ? __hrtimer_setup+0x187/0x210
[  492.333731][T10487]  ? __pfx_mac80211_hwsim_beacon+0x10/0x10
[  492.333752][T10487]  mac80211_hwsim_new_radio+0x2f0e/0x5340
[  492.333792][T10487]  ? __pfx_mac80211_hwsim_new_radio+0x10/0x10
[  492.333808][T10487]  ? trace_kmalloc+0x1f/0xd0
[  492.333820][T10487]  ? __kmalloc_node_track_caller_noprof+0x28e/0x4e0
[  492.333836][T10487]  ? kstrndup+0xbf/0x160
[  492.333864][T10487]  hwsim_new_radio_nl+0xea4/0x1b10
[  492.333883][T10487]  ? __pfx___nla_validate_parse+0x10/0x10
[  492.333928][T10487]  ? __pfx_hwsim_new_radio_nl+0x10/0x10
[  492.333955][T10487]  ? genl_family_rcv_msg_attrs_parse+0xa3/0x2a0
[  492.334001][T10487]  ? __nla_parse+0x40/0x60
[  492.334037][T10487]  ? genl_family_rcv_msg_attrs_parse+0x1c9/0x2a0
[  492.334069][T10487]  genl_family_rcv_msg_doit+0x212/0x300
[  492.334100][T10487]  ? __pfx_genl_family_rcv_msg_doit+0x10/0x10
[  492.334135][T10487]  ? bpf_lsm_capable+0x9/0x20
[  492.334149][T10487]  ? security_capable+0x7e/0x2e0
[  492.334175][T10487]  genl_rcv_msg+0x60e/0x790
[  492.334204][T10487]  ? __pfx_genl_rcv_msg+0x10/0x10
[  492.334233][T10487]  ? ref_tracker_free+0x63a/0x7d0
[  492.334254][T10487]  ? __pfx_hwsim_new_radio_nl+0x10/0x10
[  492.334271][T10487]  ? __pfx_ref_tracker_free+0x10/0x10
[  492.334301][T10487]  netlink_rcv_skb+0x205/0x470
[  492.334321][T10487]  ? __pfx_genl_rcv_msg+0x10/0x10
[  492.334346][T10487]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  492.334378][T10487]  ? down_read+0x1ad/0x2e0
[  492.334396][T10487]  genl_rcv+0x28/0x40
[  492.334417][T10487]  netlink_unicast+0x758/0x8d0
[  492.334442][T10487]  netlink_sendmsg+0x805/0xb30
[  492.334470][T10487]  ? __pfx_netlink_sendmsg+0x10/0x10
[  492.334491][T10487]  ? aa_sock_msg_perm+0x94/0x160
[  492.334514][T10487]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  492.334534][T10487]  ? __pfx_netlink_sendmsg+0x10/0x10
[  492.334554][T10487]  __sock_sendmsg+0x21c/0x270
[  492.334582][T10487]  ____sys_sendmsg+0x505/0x830
[  492.334607][T10487]  ? __pfx_____sys_sendmsg+0x10/0x10
[  492.334635][T10487]  ? import_iovec+0x74/0xa0
[  492.334654][T10487]  ___sys_sendmsg+0x21f/0x2a0
[  492.334676][T10487]  ? __pfx____sys_sendmsg+0x10/0x10
[  492.334726][T10487]  ? __fget_files+0x2a/0x420
[  492.334743][T10487]  ? __fget_files+0x3a0/0x420
[  492.334769][T10487]  __x64_sys_sendmsg+0x19b/0x260
[  492.334792][T10487]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  492.334821][T10487]  ? rcu_is_watching+0x15/0xb0
[  492.334851][T10487]  ? do_syscall_64+0xbe/0x3b0
[  492.334869][T10487]  do_syscall_64+0xfa/0x3b0
[  492.334882][T10487]  ? lockdep_hardirqs_on+0x9c/0x150
[  492.334905][T10487]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  492.334921][T10487]  ? clear_bhb_loop+0x60/0xb0
[  492.334940][T10487]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  492.334956][T10487] RIP: 0033:0x7fe37798e929
[  492.334973][T10487] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  492.334986][T10487] RSP: 002b:00007fe3787fa038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  492.335003][T10487] RAX: ffffffffffffffda RBX: 00007fe377bb5fa0 RCX: 00007fe37798e929
[  492.335015][T10487] RDX: 0000000000000084 RSI: 0000200000000100 RDI: 0000000000000004
[  492.335026][T10487] RBP: 00007fe377a10b39 R08: 0000000000000000 R09: 0000000000000000
[  492.335041][T10487] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  492.335054][T10487] R13: 0000000000000000 R14: 00007fe377bb5fa0 R15: 00007fe377cdfa28
[  492.335088][T10487]  </TASK>
[  492.802502][T10035] usb 2-1: new high-speed USB device number 56 using dummy_hcd
[  492.810613][T10051] usb usb5-port1: unable to enumerate USB device
[  493.333650][T10035] usb 2-1: Using ep0 maxpacket: 16
[  493.368009][T10035] usb 2-1: New USB device found, idVendor=17ef, idProduct=6047, bcdDevice= 0.00
[  493.397955][T10035] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  493.604306][T10035] usb 2-1: config 0 descriptor??
[  494.150135][T10035] lenovo 0003:17EF:6047.0010: hidraw0: USB HID v1.01 Device [HID 17ef:6047] on usb-dummy_hcd.1-1/input0
[  494.340840][T10508] netlink: 4400 bytes leftover after parsing attributes in process `syz.4.1208'.
[  494.911077][T10051] usb 1-1: new high-speed USB device number 56 using dummy_hcd
[  495.272090][T10051] usb 1-1: unable to read config index 0 descriptor/start: -61
[  495.317470][T10051] usb 1-1: can't read configurations, error -61
[  495.503347][T10051] usb 1-1: new high-speed USB device number 57 using dummy_hcd
[  495.591356][T10035] lenovo 0003:17EF:6047.0010: Failed to switch F7/9/11 mode: -71
[  495.678195][T10035] lenovo 0003:17EF:6047.0010: Failed to switch middle button: -71
[  495.716529][T10035] lenovo 0003:17EF:6047.0010: Fn-lock setting failed: -71
[  495.771266][T10035] lenovo 0003:17EF:6047.0010: Sensitivity setting failed: -71
[  495.800066][T10051] usb 1-1: unable to read config index 0 descriptor/start: -61
[  495.873718][T10051] usb 1-1: can't read configurations, error -61
[  495.889138][T10035] usb 2-1: USB disconnect, device number 56
[  495.913928][T10051] usb usb1-port1: attempt power cycle
[  496.320817][T10051] usb 1-1: new high-speed USB device number 58 using dummy_hcd
[  496.405303][T10035] usb 5-1: new high-speed USB device number 63 using dummy_hcd
[  496.434857][T10530] netlink: 212376 bytes leftover after parsing attributes in process `syz.1.1213'.
[  496.470303][T10051] usb 1-1: unable to read config index 0 descriptor/start: -61
[  496.491889][T10051] usb 1-1: can't read configurations, error -61
[  496.593648][T10035] usb 5-1: Using ep0 maxpacket: 16
[  496.605868][T10035] usb 5-1: config 0 has an invalid interface number: 39 but max is 0
[  496.641558][T10035] usb 5-1: config 0 has no interface number 0
[  496.673366][T10051] usb 1-1: new high-speed USB device number 59 using dummy_hcd
[  496.815986][T10035] usb 5-1: config 0 interface 39 altsetting 0 endpoint 0x82 has invalid maxpacket 1104, setting to 1024
[  496.839564][T10035] usb 5-1: config 0 interface 39 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 1024
[  496.861732][T10035] usb 5-1: New USB device found, idVendor=0c52, idProduct=2212, bcdDevice= 1.ca
[  496.961140][T10051] usb 1-1: unable to read config index 0 descriptor/start: -61
[  496.974487][T10035] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  497.010250][T10051] usb 1-1: can't read configurations, error -61
[  497.028553][T10035] usb 5-1: Product: syz
[  497.034456][T10051] usb usb1-port1: unable to enumerate USB device
[  497.041219][T10035] usb 5-1: Manufacturer: syz
[  497.060837][T10035] usb 5-1: SerialNumber: syz
[  497.080781][T10035] usb 5-1: config 0 descriptor??
[  497.122486][T10528] raw-gadget.1 gadget.4: fail, usb_ep_enable returned -22
[  497.148956][T10035] ftdi_sio 5-1:0.39: FTDI USB Serial Device converter detected
[  497.174243][T10035] usb 5-1: Detected SIO
[  497.188116][T10035] usb 5-1: FTDI USB Serial Device converter now attached to ttyUSB0
[  497.299315][T10540] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1217'.
[  497.327915][T10540] netlink: 4400 bytes leftover after parsing attributes in process `syz.3.1217'.
[  497.361075][T10528] binder: 10527:10528 ioctl c018620b 200000000000 returned -14
[  497.425071][T10540] sysfs: cannot create duplicate filename '/class/ieee80211/�`]��I�q�!�>�s���*��!)\�+`�iF=#'
[  497.503641][T10540] CPU: 1 UID: 0 PID: 10540 Comm: syz.3.1217 Not tainted 6.16.0-rc2-syzkaller-00047-g52da431bf03b #0 PREEMPT(full) 
[  497.503667][T10540] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  497.503680][T10540] Call Trace:
[  497.503689][T10540]  <TASK>
[  497.503698][T10540]  dump_stack_lvl+0x189/0x250
[  497.503741][T10540]  ? __pfx_dump_stack_lvl+0x10/0x10
[  497.503777][T10540]  ? __pfx__printk+0x10/0x10
[  497.503798][T10540]  ? kernfs_path_from_node+0x2c/0x260
[  497.503817][T10540]  ? kernfs_path_from_node+0x2c/0x260
[  497.503834][T10540]  ? kernfs_path_from_node+0x2c/0x260
[  497.503854][T10540]  ? kernfs_path_from_node+0x22c/0x260
[  497.503871][T10540]  ? kernfs_path_from_node+0x2c/0x260
[  497.503891][T10540]  sysfs_warn_dup+0x8e/0xa0
[  497.503909][T10540]  sysfs_do_create_link_sd+0xc0/0x110
[  497.503929][T10540]  device_add_class_symlinks+0x1cf/0x240
[  497.503949][T10540]  device_add+0x475/0xb50
[  497.503969][T10540]  wiphy_register+0x199a/0x26b0
[  497.504000][T10540]  ? __pfx_wiphy_register+0x10/0x10
[  497.504016][T10540]  ? minstrel_ht_alloc+0x6dd/0x7e0
[  497.504041][T10540]  ? ieee80211_init_rate_ctrl_alg+0x56d/0x5f0
[  497.504063][T10540]  ieee80211_register_hw+0x33e1/0x4120
[  497.504098][T10540]  ? ieee80211_register_hw+0x1451/0x4120
[  497.504125][T10540]  ? __pfx_ieee80211_register_hw+0x10/0x10
[  497.504149][T10540]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  497.504178][T10540]  ? __hrtimer_setup+0x187/0x210
[  497.504201][T10540]  ? __pfx_mac80211_hwsim_beacon+0x10/0x10
[  497.504222][T10540]  mac80211_hwsim_new_radio+0x2f0e/0x5340
[  497.504272][T10540]  ? __pfx_mac80211_hwsim_new_radio+0x10/0x10
[  497.504291][T10540]  ? trace_kmalloc+0x1f/0xd0
[  497.504303][T10540]  ? __kmalloc_node_track_caller_noprof+0x28e/0x4e0
[  497.504317][T10540]  ? kstrndup+0xbf/0x160
[  497.504342][T10540]  hwsim_new_radio_nl+0xea4/0x1b10
[  497.504359][T10540]  ? __pfx___nla_validate_parse+0x10/0x10
[  497.504392][T10540]  ? __pfx_hwsim_new_radio_nl+0x10/0x10
[  497.504414][T10540]  ? genl_family_rcv_msg_attrs_parse+0xa3/0x2a0
[  497.504444][T10540]  ? __nla_parse+0x40/0x60
[  497.504468][T10540]  ? genl_family_rcv_msg_attrs_parse+0x1c9/0x2a0
[  497.504497][T10540]  genl_family_rcv_msg_doit+0x212/0x300
[  497.504524][T10540]  ? __pfx_genl_family_rcv_msg_doit+0x10/0x10
[  497.504556][T10540]  ? bpf_lsm_capable+0x9/0x20
[  497.504569][T10540]  ? security_capable+0x7e/0x2e0
[  497.504592][T10540]  genl_rcv_msg+0x60e/0x790
[  497.504618][T10540]  ? __pfx_genl_rcv_msg+0x10/0x10
[  497.504637][T10540]  ? ref_tracker_free+0x63a/0x7d0
[  497.504658][T10540]  ? __pfx_hwsim_new_radio_nl+0x10/0x10
[  497.504673][T10540]  ? __pfx_ref_tracker_free+0x10/0x10
[  497.504701][T10540]  netlink_rcv_skb+0x205/0x470
[  497.504718][T10540]  ? __pfx_genl_rcv_msg+0x10/0x10
[  497.504741][T10540]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  497.504770][T10540]  ? down_read+0x1ad/0x2e0
[  497.504786][T10540]  genl_rcv+0x28/0x40
[  497.504805][T10540]  netlink_unicast+0x758/0x8d0
[  497.504846][T10540]  netlink_sendmsg+0x805/0xb30
[  497.504879][T10540]  ? __pfx_netlink_sendmsg+0x10/0x10
[  497.504909][T10540]  ? aa_sock_msg_perm+0x94/0x160
[  497.504934][T10540]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  497.504954][T10540]  ? __pfx_netlink_sendmsg+0x10/0x10
[  497.504973][T10540]  __sock_sendmsg+0x21c/0x270
[  497.505000][T10540]  ____sys_sendmsg+0x505/0x830
[  497.505024][T10540]  ? __pfx_____sys_sendmsg+0x10/0x10
[  497.505050][T10540]  ? import_iovec+0x74/0xa0
[  497.505069][T10540]  ___sys_sendmsg+0x21f/0x2a0
[  497.505090][T10540]  ? __pfx____sys_sendmsg+0x10/0x10
[  497.505138][T10540]  ? __fget_files+0x2a/0x420
[  497.505155][T10540]  ? __fget_files+0x3a0/0x420
[  497.505180][T10540]  __x64_sys_sendmsg+0x19b/0x260
[  497.505202][T10540]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  497.505230][T10540]  ? rcu_is_watching+0x15/0xb0
[  497.505258][T10540]  ? do_syscall_64+0xbe/0x3b0
[  497.505275][T10540]  do_syscall_64+0xfa/0x3b0
[  497.505288][T10540]  ? lockdep_hardirqs_on+0x9c/0x150
[  497.505311][T10540]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  497.505326][T10540]  ? clear_bhb_loop+0x60/0xb0
[  497.505344][T10540]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  497.505359][T10540] RIP: 0033:0x7ff83ff8e929
[  497.505374][T10540] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  497.505387][T10540] RSP: 002b:00007ff840e0d038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  497.505404][T10540] RAX: ffffffffffffffda RBX: 00007ff8401b5fa0 RCX: 00007ff83ff8e929
[  497.505425][T10540] RDX: 0000000000000084 RSI: 0000200000000100 RDI: 0000000000000004
[  497.505435][T10540] RBP: 00007ff840010b39 R08: 0000000000000000 R09: 0000000000000000
[  497.505444][T10540] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  497.505453][T10540] R13: 0000000000000000 R14: 00007ff8401b5fa0 R15: 00007ff8402dfa28
[  497.505477][T10540]  </TASK>
[  498.035404][T10035] usb 5-1: USB disconnect, device number 63
[  498.045176][T10035] ftdi_sio ttyUSB0: FTDI USB Serial Device converter now disconnected from ttyUSB0
[  498.055150][T10035] ftdi_sio 5-1:0.39: device disconnected
[  498.263585][T10548] netlink: 'syz.0.1218': attribute type 10 has an invalid length.
[  498.272160][T10548] team0: Device dummy0 is up. Set it down before adding it as a team port
[  498.593636][T10037] usb 1-1: new high-speed USB device number 60 using dummy_hcd
[  498.611823][T10553] netlink: 'syz.3.1220': attribute type 10 has an invalid length.
[  498.642255][T10553] netlink: 40 bytes leftover after parsing attributes in process `syz.3.1220'.
[  498.730565][T10037] usb 1-1: device descriptor read/64, error -71
[  498.760486][T10555] FAULT_INJECTION: forcing a failure.
[  498.760486][T10555] name fail_page_alloc, interval 1, probability 0, space 0, times 1
[  498.775444][T10555] CPU: 1 UID: 0 PID: 10555 Comm: syz.4.1221 Not tainted 6.16.0-rc2-syzkaller-00047-g52da431bf03b #0 PREEMPT(full) 
[  498.775479][T10555] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  498.775492][T10555] Call Trace:
[  498.775500][T10555]  <TASK>
[  498.775509][T10555]  dump_stack_lvl+0x189/0x250
[  498.775547][T10555]  ? __pfx____ratelimit+0x10/0x10
[  498.775579][T10555]  ? __pfx_dump_stack_lvl+0x10/0x10
[  498.775612][T10555]  ? __pfx__printk+0x10/0x10
[  498.775637][T10555]  ? fs_reclaim_acquire+0x7d/0x100
[  498.775671][T10555]  should_fail_ex+0x414/0x560
[  498.775703][T10555]  prepare_alloc_pages+0x213/0x610
[  498.775737][T10555]  __alloc_frozen_pages_noprof+0x123/0x370
[  498.775768][T10555]  ? __pfx___alloc_frozen_pages_noprof+0x10/0x10
[  498.775805][T10555]  ? policy_nodemask+0x27c/0x720
[  498.775824][T10555]  ? __pfx_rcu_preempt_deferred_qs_irqrestore+0x10/0x10
[  498.775859][T10555]  alloc_pages_mpol+0x232/0x4a0
[  498.775887][T10555]  vma_alloc_folio_noprof+0xe4/0x200
[  498.775913][T10555]  ? __pfx_vma_alloc_folio_noprof+0x10/0x10
[  498.775948][T10555]  folio_prealloc+0x30/0x180
[  498.775972][T10555]  do_wp_page+0x1231/0x5800
[  498.776027][T10555]  ? __pfx_do_wp_page+0x10/0x10
[  498.776055][T10555]  ? do_raw_spin_lock+0x121/0x290
[  498.776082][T10555]  ? __pfx_do_raw_spin_lock+0x10/0x10
[  498.776117][T10555]  __handle_mm_fault+0x1144/0x5620
[  498.776169][T10555]  ? __pfx___handle_mm_fault+0x10/0x10
[  498.776223][T10555]  ? find_vma+0xe7/0x160
[  498.776242][T10555]  ? __pfx_find_vma+0x10/0x10
[  498.776264][T10555]  handle_mm_fault+0x40a/0x8e0
[  498.776307][T10555]  do_user_addr_fault+0x764/0x1390
[  498.776352][T10555]  exc_page_fault+0x76/0xf0
[  498.776386][T10555]  asm_exc_page_fault+0x26/0x30
[  498.776405][T10555] RIP: 0010:__put_user_nocheck_4+0x3/0x10
[  498.776438][T10555] Code: d9 0f 01 cb 89 01 31 c9 0f 01 ca e9 d7 31 03 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 0f 01 cb <89> 01 31 c9 0f 01 ca c3 cc cc cc cc 90 90 90 90 90 90 90 90 90 90
[  498.776456][T10555] RSP: 0018:ffffc9000bc478b8 EFLAGS: 00050246
[  498.776484][T10555] RAX: 0000000000000020 RBX: 0000000000000020 RCX: 0000200000004030
[  498.776499][T10555] RDX: ffff8880773e9e00 RSI: 0000000000000000 RDI: 00000000ffffffff
[  498.776519][T10555] RBP: ffffc9000bc47a30 R08: ffffffff8fa10df7 R09: 1ffffffff1f421be
[  498.776535][T10555] R10: dffffc0000000000 R11: fffffbfff1f421bf R12: 0000000000000000
[  498.776553][T10555] R13: dffffc0000000000 R14: 0000000000000000 R15: 0000200000004000
[  498.776586][T10555]  ____sys_recvmsg+0x2ab/0x460
[  498.776625][T10555]  ? __pfx_____sys_recvmsg+0x10/0x10
[  498.776670][T10555]  ? import_iovec+0x74/0xa0
[  498.776695][T10555]  ___sys_recvmsg+0x1b5/0x510
[  498.776728][T10555]  ? __pfx____sys_recvmsg+0x10/0x10
[  498.776790][T10555]  ? __might_fault+0xb0/0x130
[  498.776814][T10555]  do_recvmmsg+0x307/0x770
[  498.776851][T10555]  ? __pfx_do_recvmmsg+0x10/0x10
[  498.776892][T10555]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[  498.776931][T10555]  __x64_sys_recvmmsg+0x190/0x240
[  498.776963][T10555]  ? __pfx___x64_sys_recvmmsg+0x10/0x10
[  498.776989][T10555]  ? rcu_is_watching+0x15/0xb0
[  498.777026][T10555]  ? do_syscall_64+0xbe/0x3b0
[  498.777049][T10555]  do_syscall_64+0xfa/0x3b0
[  498.777066][T10555]  ? lockdep_hardirqs_on+0x9c/0x150
[  498.777096][T10555]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  498.777116][T10555]  ? clear_bhb_loop+0x60/0xb0
[  498.777142][T10555]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  498.777179][T10555] RIP: 0033:0x7f931598e929
[  498.777197][T10555] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  498.777215][T10555] RSP: 002b:00007f93168b9038 EFLAGS: 00000246 ORIG_RAX: 000000000000012b
[  498.777235][T10555] RAX: ffffffffffffffda RBX: 00007f9315bb5fa0 RCX: 00007f931598e929
[  498.777251][T10555] RDX: 0000000000000600 RSI: 0000200000003700 RDI: 0000000000000004
[  498.777265][T10555] RBP: 00007f93168b9090 R08: 0000000000000000 R09: 0000000000000000
[  498.777278][T10555] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  498.777290][T10555] R13: 0000000000000000 R14: 00007f9315bb5fa0 R15: 00007f9315cdfa28
[  498.777323][T10555]  </TASK>
[  499.348476][T10037] usb 1-1: new high-speed USB device number 61 using dummy_hcd
[  499.460713][T10562] netlink: 'syz.1.1224': attribute type 1 has an invalid length.
[  499.483718][T10037] usb 1-1: device descriptor read/64, error -71
[  499.609538][T10037] usb usb1-port1: attempt power cycle
[  499.670591][T10562] 8021q: adding VLAN 0 to HW filter on device bond2
[  499.757205][T10568] bond2: (slave gretap1): making interface the new active one
[  499.783750][T10035] usb 3-1: new high-speed USB device number 64 using dummy_hcd
[  499.807490][T10568] bond2: (slave gretap1): Enslaving as an active interface with an up link
[  499.873770][T10564] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[  499.880051][T10564] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[  499.886534][T10564] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[  499.899682][T10564] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[  499.918929][T10564] Bluetooth: hci1: Opcode 0x0406 failed: -4
[  499.937145][T10564] Bluetooth: hci1: Opcode 0x0406 failed: -4
[  499.967991][T10035] usb 3-1: config 0 has no interfaces?
[  499.983839][T10037] usb 1-1: new high-speed USB device number 62 using dummy_hcd
[  499.999151][T10035] usb 3-1: New USB device found, idVendor=091e, idProduct=0003, bcdDevice=d7.3b
[  500.012146][T10035] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  500.014568][T10037] usb 1-1: device descriptor read/8, error -71
[  500.020385][T10035] usb 3-1: Product: syz
[  500.038150][T10035] usb 3-1: Manufacturer: syz
[  500.051466][T10035] usb 3-1: SerialNumber: syz
[  500.079329][T10035] usb 3-1: config 0 descriptor??
[  500.216204][T10051] usb 2-1: new high-speed USB device number 57 using dummy_hcd
[  500.283746][T10037] usb 1-1: new high-speed USB device number 63 using dummy_hcd
[  500.321623][T10037] usb 1-1: device descriptor read/8, error -71
[  500.413602][T10051] usb 2-1: Using ep0 maxpacket: 16
[  500.436239][T10051] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  500.444303][T10037] usb usb1-port1: unable to enumerate USB device
[  500.450374][T10051] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  500.611856][T10578] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  500.639689][T10578] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  500.897969][T10051] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9
[  500.980804][T10051] usb 2-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00
[  500.994717][T10051] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  501.007199][T10051] usb 2-1: config 0 descriptor??
[  501.178883][T10582] netlink: 'syz.4.1227': attribute type 27 has an invalid length.
[  501.453837][T10583] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  501.610607][T10583] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  501.779401][T10051] microsoft 0003:045E:07DA.0011: No inputs registered, leaving
[  501.812308][T10051] microsoft 0003:045E:07DA.0011: hidraw0: USB HID v0.00 Device [HID 045e:07da] on usb-dummy_hcd.1-1/input0
[  501.829799][T10051] microsoft 0003:045E:07DA.0011: no inputs found
[  501.836831][T10051] microsoft 0003:045E:07DA.0011: could not initialize ff, continuing anyway
[  501.913835][   T51] Bluetooth: hci1: command 0x0405 tx timeout
[  501.919959][ T5842] Bluetooth: hci4: command 0x0405 tx timeout
[  501.920008][ T5840] Bluetooth: hci3: command 0x0406 tx timeout
[  501.932158][ T5846] Bluetooth: hci0: command 0x0406 tx timeout
[  502.563841][T10051] usb 1-1: new high-speed USB device number 64 using dummy_hcd
[  502.591117][T10595] netlink: 16 bytes leftover after parsing attributes in process `syz.4.1231'.
[  502.727396][T10051] usb 1-1: unable to read config index 0 descriptor/start: -61
[  502.736012][T10051] usb 1-1: can't read configurations, error -61
[  502.873768][T10051] usb 1-1: new high-speed USB device number 65 using dummy_hcd
[  502.920999][ T9670] usb 3-1: USB disconnect, device number 64
[  503.075943][T10037] usb 2-1: USB disconnect, device number 57
[  503.087360][T10051] usb 1-1: unable to read config index 0 descriptor/start: -61
[  503.102813][T10051] usb 1-1: can't read configurations, error -61
[  503.112098][T10051] usb usb1-port1: attempt power cycle
[  503.475127][T10051] usb 1-1: new high-speed USB device number 66 using dummy_hcd
[  503.693424][T10609] bridge0: port 2(bridge_slave_1) entered disabled state
[  503.702631][T10609] bridge0: port 1(bridge_slave_0) entered disabled state
[  503.744718][T10051] usb 1-1: unable to read config index 0 descriptor/start: -61
[  503.752332][T10051] usb 1-1: can't read configurations, error -61
[  503.935770][T10051] usb 1-1: new high-speed USB device number 67 using dummy_hcd
[  503.982200][T10051] usb 1-1: unable to read config index 0 descriptor/start: -61
[  503.992266][T10051] usb 1-1: can't read configurations, error -61
[  503.998890][   T51] Bluetooth: hci1: command 0x0405 tx timeout
[  504.007656][T10051] usb usb1-port1: unable to enumerate USB device
[  504.130749][T10618] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1238'.
[  504.148762][T10618] netlink: 4400 bytes leftover after parsing attributes in process `syz.4.1238'.
[  504.166498][T10618] sysfs: cannot create duplicate filename '/class/ieee80211/�`]��I�q�!�>�s���*��!)\�+`�iF=#'
[  504.194170][T10619] loop6: detected capacity change from 0 to 524287999
[  504.201746][T10619] buffer_io_error: 7 callbacks suppressed
[  504.201764][T10619] Buffer I/O error on dev loop6, logical block 0, async page read
[  504.215773][T10619] Buffer I/O error on dev loop6, logical block 0, async page read
[  504.223902][T10619] Buffer I/O error on dev loop6, logical block 0, async page read
[  504.232046][T10619] Buffer I/O error on dev loop6, logical block 0, async page read
[  504.240299][T10619] Buffer I/O error on dev loop6, logical block 0, async page read
[  504.261986][T10618] CPU: 0 UID: 0 PID: 10618 Comm: syz.4.1238 Not tainted 6.16.0-rc2-syzkaller-00047-g52da431bf03b #0 PREEMPT(full) 
[  504.262022][T10618] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  504.262037][T10618] Call Trace:
[  504.262047][T10618]  <TASK>
[  504.262056][T10618]  dump_stack_lvl+0x189/0x250
[  504.262114][T10618]  ? __pfx_dump_stack_lvl+0x10/0x10
[  504.262145][T10618]  ? __pfx__printk+0x10/0x10
[  504.262165][T10618]  ? kernfs_path_from_node+0x2c/0x260
[  504.262188][T10618]  ? kernfs_path_from_node+0x2c/0x260
[  504.262207][T10618]  ? kernfs_path_from_node+0x2c/0x260
[  504.262229][T10618]  ? kernfs_path_from_node+0x22c/0x260
[  504.262248][T10618]  ? kernfs_path_from_node+0x2c/0x260
[  504.262271][T10618]  sysfs_warn_dup+0x8e/0xa0
[  504.262290][T10618]  sysfs_do_create_link_sd+0xc0/0x110
[  504.262312][T10618]  device_add_class_symlinks+0x1cf/0x240
[  504.262339][T10618]  device_add+0x475/0xb50
[  504.262361][T10618]  wiphy_register+0x199a/0x26b0
[  504.262395][T10618]  ? __pfx_wiphy_register+0x10/0x10
[  504.262419][T10618]  ? minstrel_ht_alloc+0x6dd/0x7e0
[  504.262447][T10618]  ? ieee80211_init_rate_ctrl_alg+0x56d/0x5f0
[  504.262473][T10618]  ieee80211_register_hw+0x33e1/0x4120
[  504.262511][T10618]  ? ieee80211_register_hw+0x1451/0x4120
[  504.262542][T10618]  ? __pfx_ieee80211_register_hw+0x10/0x10
[  504.262569][T10618]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  504.262601][T10618]  ? __hrtimer_setup+0x187/0x210
[  504.262626][T10618]  ? __pfx_mac80211_hwsim_beacon+0x10/0x10
[  504.262649][T10618]  mac80211_hwsim_new_radio+0x2f0e/0x5340
[  504.262701][T10618]  ? __pfx_mac80211_hwsim_new_radio+0x10/0x10
[  504.262717][T10618]  ? trace_kmalloc+0x1f/0xd0
[  504.262731][T10618]  ? __kmalloc_node_track_caller_noprof+0x28e/0x4e0
[  504.262748][T10618]  ? kstrndup+0xbf/0x160
[  504.262779][T10618]  hwsim_new_radio_nl+0xea4/0x1b10
[  504.262799][T10618]  ? __pfx___nla_validate_parse+0x10/0x10
[  504.262837][T10618]  ? __pfx_hwsim_new_radio_nl+0x10/0x10
[  504.262857][T10618]  ? genl_family_rcv_msg_attrs_parse+0xa3/0x2a0
[  504.262891][T10618]  ? __nla_parse+0x40/0x60
[  504.262922][T10618]  ? genl_family_rcv_msg_attrs_parse+0x1c9/0x2a0
[  504.262956][T10618]  genl_family_rcv_msg_doit+0x212/0x300
[  504.262989][T10618]  ? __pfx_genl_family_rcv_msg_doit+0x10/0x10
[  504.263028][T10618]  ? bpf_lsm_capable+0x9/0x20
[  504.263043][T10618]  ? security_capable+0x7e/0x2e0
[  504.263071][T10618]  genl_rcv_msg+0x60e/0x790
[  504.263102][T10618]  ? __pfx_genl_rcv_msg+0x10/0x10
[  504.263126][T10618]  ? ref_tracker_free+0x63a/0x7d0
[  504.263149][T10618]  ? __pfx_hwsim_new_radio_nl+0x10/0x10
[  504.263167][T10618]  ? __pfx_ref_tracker_free+0x10/0x10
[  504.263200][T10618]  netlink_rcv_skb+0x205/0x470
[  504.263221][T10618]  ? __pfx_genl_rcv_msg+0x10/0x10
[  504.263248][T10618]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  504.263282][T10618]  ? down_read+0x1ad/0x2e0
[  504.263301][T10618]  genl_rcv+0x28/0x40
[  504.263325][T10618]  netlink_unicast+0x758/0x8d0
[  504.263352][T10618]  netlink_sendmsg+0x805/0xb30
[  504.263381][T10618]  ? __pfx_netlink_sendmsg+0x10/0x10
[  504.263404][T10618]  ? aa_sock_msg_perm+0x94/0x160
[  504.263428][T10618]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  504.263452][T10618]  ? __pfx_netlink_sendmsg+0x10/0x10
[  504.263477][T10618]  __sock_sendmsg+0x21c/0x270
[  504.263514][T10618]  ____sys_sendmsg+0x505/0x830
[  504.263546][T10618]  ? __pfx_____sys_sendmsg+0x10/0x10
[  504.263585][T10618]  ? import_iovec+0x74/0xa0
[  504.263610][T10618]  ___sys_sendmsg+0x21f/0x2a0
[  504.263641][T10618]  ? __pfx____sys_sendmsg+0x10/0x10
[  504.263718][T10618]  ? __fget_files+0x2a/0x420
[  504.263741][T10618]  ? __fget_files+0x3a0/0x420
[  504.263776][T10618]  __x64_sys_sendmsg+0x19b/0x260
[  504.263808][T10618]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  504.263846][T10618]  ? rcu_is_watching+0x15/0xb0
[  504.263878][T10618]  ? do_syscall_64+0xbe/0x3b0
[  504.263897][T10618]  do_syscall_64+0xfa/0x3b0
[  504.263913][T10618]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  504.263930][T10618]  ? asm_sysvec_reschedule_ipi+0x1a/0x20
[  504.263947][T10618]  ? clear_bhb_loop+0x60/0xb0
[  504.263968][T10618]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  504.263984][T10618] RIP: 0033:0x7f931598e929
[  504.264001][T10618] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  504.264016][T10618] RSP: 002b:00007f93168b9038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  504.264036][T10618] RAX: ffffffffffffffda RBX: 00007f9315bb5fa0 RCX: 00007f931598e929
[  504.264049][T10618] RDX: 0000000000000084 RSI: 0000200000000100 RDI: 0000000000000004
[  504.264059][T10618] RBP: 00007f9315a10b39 R08: 0000000000000000 R09: 0000000000000000
[  504.264070][T10618] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  504.264079][T10618] R13: 0000000000000000 R14: 00007f9315bb5fa0 R15: 00007f9315cdfa28
[  504.264105][T10618]  </TASK>
[  504.264928][T10619] Buffer I/O error on dev loop6, logical block 0, async page read
[  504.786356][T10619] Buffer I/O error on dev loop6, logical block 0, async page read
[  504.801211][T10619] Buffer I/O error on dev loop6, logical block 0, async page read
[  504.839996][T10619] ldm_validate_partition_table(): Disk read failed.
[  504.847364][T10619] Buffer I/O error on dev loop6, logical block 0, async page read
[  504.858939][T10619] Buffer I/O error on dev loop6, logical block 0, async page read
[  504.869484][T10619] Dev loop6: unable to read RDB block 0
[  504.877828][T10619]  loop6: unable to read partition table
[  504.886326][T10619] loop_reread_partitions: partition scan of loop6 (3��x��C�

) failed (rc=-5)
[  505.053770][T10050] usb 4-1: new high-speed USB device number 51 using dummy_hcd
[  505.213585][T10050] usb 4-1: Using ep0 maxpacket: 32
[  505.297629][T10050] usb 4-1: config 1 interface 0 has no altsetting 0
[  505.320785][T10050] usb 4-1: New USB device found, idVendor=5543, idProduct=006e, bcdDevice= 0.40
[  505.350486][T10050] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  505.394786][T10050] usb 4-1: Product: syz
[  505.415292][T10050] usb 4-1: SerialNumber: syz
[  505.421816][T10625] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1239'.
[  505.908504][T10619] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  505.919666][T10619] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  506.083638][   T51] Bluetooth: hci1: command 0x0405 tx timeout
[  506.394085][T10039] usb 5-1: new high-speed USB device number 64 using dummy_hcd
[  506.496518][T10637] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
[  506.565616][T10037] usb 1-1: new high-speed USB device number 68 using dummy_hcd
[  506.579657][T10039] usb 5-1: config 0 has an invalid interface number: 120 but max is 0
[  506.599928][T10039] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  506.661184][T10039] usb 5-1: config 0 has no interface number 0
[  506.678621][T10039] usb 5-1: config 0 interface 120 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[  506.718064][ T1299] ieee802154 phy0 wpan0: encryption failed: -22
[  506.719116][T10039] usb 5-1: New USB device found, idVendor=16e3, idProduct=f9e9, bcdDevice= 0.58
[  506.728156][ T1299] ieee802154 phy1 wpan1: encryption failed: -22
[  506.741000][T10037] usb 1-1: Using ep0 maxpacket: 32
[  506.765906][T10037] usb 1-1: New USB device found, idVendor=041e, idProduct=400b, bcdDevice=3e.e7
[  506.820897][T10037] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  506.884020][T10039] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  506.917157][   T30] kauditd_printk_skb: 325 callbacks suppressed
[  506.917176][   T30] audit: type=1326 audit(1750236744.909:726): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10640 comm="syz.1.1246" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f282698e929 code=0x7ffc0000
[  506.966069][T10037] usb 1-1: config 0 descriptor??
[  506.980763][T10039] usb 5-1: config 0 descriptor??
[  506.992231][T10037] gspca_main: sunplus-2.14.0 probing 041e:400b
[  507.015330][   T30] audit: type=1326 audit(1750236744.909:727): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10640 comm="syz.1.1246" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f282698e929 code=0x7ffc0000
[  507.038147][    C0] vkms_vblank_simulate: vblank timer overrun
[  507.063744][   T30] audit: type=1326 audit(1750236744.909:728): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10640 comm="syz.1.1246" exe="/root/syz-executor" sig=0 arch=c000003e syscall=46 compat=0 ip=0x7f282698e929 code=0x7ffc0000
[  507.086107][    C0] vkms_vblank_simulate: vblank timer overrun
[  507.126004][T10641] syzkaller0: entered promiscuous mode
[  507.131610][T10641] syzkaller0: entered allmulticast mode
[  507.138179][   T30] audit: type=1326 audit(1750236744.909:729): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10640 comm="syz.1.1246" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f282698e929 code=0x7ffc0000
[  507.162424][   T30] audit: type=1326 audit(1750236744.909:730): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10640 comm="syz.1.1246" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f282698e929 code=0x7ffc0000
[  507.354562][   T30] audit: type=1326 audit(1750236744.939:731): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10640 comm="syz.1.1246" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f282698e929 code=0x7ffc0000
[  507.434033][T10633] netlink: 32 bytes leftover after parsing attributes in process `syz.0.1243'.
[  507.461020][   T30] audit: type=1326 audit(1750236744.939:732): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10640 comm="syz.1.1246" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f282698e929 code=0x7ffc0000
[  507.485789][T10633] netlink: 32 bytes leftover after parsing attributes in process `syz.0.1243'.
[  507.522009][T10037] gspca_sunplus: reg_w_riv err -110
[  507.531809][T10037] sunplus 1-1:0.0: probe with driver sunplus failed with error -110
[  507.542369][T10633] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  507.566959][T10633] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  507.579579][   T30] audit: type=1326 audit(1750236744.939:733): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10640 comm="syz.1.1246" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f282698e929 code=0x7ffc0000
[  507.740092][   T30] audit: type=1326 audit(1750236744.939:734): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10640 comm="syz.1.1246" exe="/root/syz-executor" sig=0 arch=c000003e syscall=46 compat=0 ip=0x7f282698e929 code=0x7ffc0000
[  507.841067][   T30] audit: type=1326 audit(1750236744.999:735): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10640 comm="syz.1.1246" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f282698e929 code=0x7ffc0000
[  507.951789][T10050] usbhid 4-1:1.0: can't add hid device: -71
[  508.049610][T10050] usbhid 4-1:1.0: probe with driver usbhid failed with error -71
[  508.171680][T10050] usb 4-1: USB disconnect, device number 51
[  508.197178][T10649] block device autoloading is deprecated and will be removed.
[  508.344117][T10037] usb 3-1: new high-speed USB device number 65 using dummy_hcd
[  508.396778][T10051] usb 1-1: USB disconnect, device number 68
[  508.493589][T10037] usb 3-1: Using ep0 maxpacket: 32
[  508.503380][T10037] usb 3-1: unable to get BOS descriptor or descriptor too short
[  508.512703][T10037] usb 3-1: unable to read config index 0 descriptor/start: -71
[  508.522717][T10037] usb 3-1: can't read configurations, error -71
[  508.773623][T10050] usb 4-1: new high-speed USB device number 52 using dummy_hcd
[  508.913056][T10668] tipc: Enabling of bearer <udp:syz1> rejected, failed to enable media
[  508.960640][T10050] usb 4-1: Using ep0 maxpacket: 32
[  508.969579][T10050] usb 4-1: New USB device found, idVendor=055f, idProduct=d001, bcdDevice=88.92
[  508.993618][T10050] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  509.100824][T10050] usb 4-1: config 0 descriptor??
[  509.133097][T10050] gspca_main: nw80x-2.14.0 probing 055f:d001
[  509.783612][T10051] usb 1-1: new high-speed USB device number 69 using dummy_hcd
[  510.114079][T10051] usb 1-1: Using ep0 maxpacket: 16
[  510.125363][T10039] usb 5-1: USB disconnect, device number 64
[  510.183416][T10051] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 0
[  510.423566][T10051] usb 1-1: New USB device found, idVendor=05ac, idProduct=0244, bcdDevice= 0.00
[  510.458181][T10051] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  510.507103][T10680] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  510.514831][T10050] gspca_nw80x: reg_r err -110
[  510.522833][T10050] nw80x 4-1:0.0: probe with driver nw80x failed with error -110
[  510.540117][T10680] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  510.544826][T10051] usb 1-1: config 0 descriptor??
[  510.733527][T10051] input: bcm5974 as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/input/input29
[  510.855791][ T5191] bcm5974 1-1:0.0: could not read from device
[  510.872832][T10051] usb 1-1: USB disconnect, device number 69
[  510.901389][ T5191] bcm5974 1-1:0.0: could not read from device
[  511.166934][T10690] SET target dimension over the limit!
[  511.584574][T10694] syzkaller0: entered promiscuous mode
[  511.590397][T10694] syzkaller0: entered allmulticast mode
[  511.911435][T10037] usb 4-1: USB disconnect, device number 52
[  512.342557][T10706] netlink: 20 bytes leftover after parsing attributes in process `syz.2.1264'.
[  512.587752][T10715] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1266'.
[  512.651809][T10037] usb 5-1: new full-speed USB device number 65 using dummy_hcd
[  512.733592][T10039] usb 1-1: new high-speed USB device number 70 using dummy_hcd
[  512.820040][T10037] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  512.830995][T10037] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 10
[  512.975706][T10039] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  513.116830][T10039] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  513.131692][T10037] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x2 has invalid wMaxPacketSize 0
[  513.183826][T10039] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  513.236594][T10037] usb 5-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 5
[  513.252297][T10039] usb 1-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  513.280004][T10037] usb 5-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42
[  513.303044][T10039] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  513.329106][T10037] usb 5-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0
[  513.341206][T10726] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[  513.372549][T10726] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[  513.392168][T10039] usb 1-1: config 0 descriptor??
[  513.402131][T10037] usb 5-1: Manufacturer: syz
[  513.414374][T10726] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[  513.534255][T10726] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[  513.534339][T10037] usb 5-1: config 0 descriptor??
[  513.835885][T10039] plantronics 0003:047F:FFFF.0012: ignoring exceeding usage max
[  513.876181][T10039] plantronics 0003:047F:FFFF.0012: No inputs registered, leaving
[  513.941582][T10039] plantronics 0003:047F:FFFF.0012: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.0-1/input0
[  513.972517][   T30] kauditd_printk_skb: 76 callbacks suppressed
[  513.972537][   T30] audit: type=1326 audit(1750236751.959:812): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10731 comm="syz.2.1270" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbd7b98e929 code=0x7ffc0000
[  514.043735][   T30] audit: type=1326 audit(1750236751.999:813): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10731 comm="syz.2.1270" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbd7b98e929 code=0x7ffc0000
[  514.069774][   T30] audit: type=1326 audit(1750236751.999:814): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10731 comm="syz.2.1270" exe="/root/syz-executor" sig=0 arch=c000003e syscall=46 compat=0 ip=0x7fbd7b98e929 code=0x7ffc0000
[  514.093291][   T30] audit: type=1326 audit(1750236751.999:815): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10731 comm="syz.2.1270" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbd7b98e929 code=0x7ffc0000
[  514.116415][   T30] audit: type=1326 audit(1750236751.999:816): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10731 comm="syz.2.1270" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbd7b98e929 code=0x7ffc0000
[  514.144116][   T30] audit: type=1326 audit(1750236751.999:817): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10731 comm="syz.2.1270" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7fbd7b98e929 code=0x7ffc0000
[  514.166739][   T30] audit: type=1326 audit(1750236752.009:818): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10731 comm="syz.2.1270" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbd7b98e929 code=0x7ffc0000
[  514.210459][   T30] audit: type=1326 audit(1750236752.009:819): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10731 comm="syz.2.1270" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbd7b98e929 code=0x7ffc0000
[  514.210523][T10733] syzkaller0: entered promiscuous mode
[  514.290867][T10039] usb 1-1: USB disconnect, device number 70
[  514.329188][   T30] audit: type=1326 audit(1750236752.059:820): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10731 comm="syz.2.1270" exe="/root/syz-executor" sig=0 arch=c000003e syscall=46 compat=0 ip=0x7fbd7b98e929 code=0x7ffc0000
[  514.334466][T10037] rc_core: IR keymap rc-hauppauge not found
[  514.351884][T10733] syzkaller0: entered allmulticast mode
[  514.419237][T10736] fido_id[10736]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.0/usb1/report_descriptor': No such file or directory
[  514.430633][T10037] Registered IR keymap rc-empty
[  514.462781][   T30] audit: type=1326 audit(1750236752.099:821): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10731 comm="syz.2.1270" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbd7b98e929 code=0x7ffc0000
[  514.463242][T10037] mceusb 5-1:0.0: Error: mce write submit urb error = -90
[  514.485327][    C0] vkms_vblank_simulate: vblank timer overrun
[  514.502620][T10738] netlink: 24 bytes leftover after parsing attributes in process `syz.4.1263'.
[  514.674798][T10037] mceusb 5-1:0.0: Error: mce write submit urb error = -90
[  514.727373][T10037] rc rc0: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/rc/rc0
[  514.784240][T10037] input: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/rc/rc0/input30
[  514.815270][T10037] mceusb 5-1:0.0: Error: mce write submit urb error = -90
[  514.844067][T10037] mceusb 5-1:0.0: Error: mce write submit urb error = -90
[  514.864648][T10037] mceusb 5-1:0.0: Error: mce write submit urb error = -90
[  514.905109][T10037] mceusb 5-1:0.0: Error: mce write submit urb error = -90
[  514.928758][T10747] usb usb1: usbfs: interface 0 claimed by hub while 'syz.3.1271' sets config #0
[  514.945390][T10747] usb usb1: usbfs: interface 0 claimed by hub while 'syz.3.1271' sets config #1
[  515.185120][T10037] mceusb 5-1:0.0: Error: mce write submit urb error = -90
[  515.227787][T10037] mceusb 5-1:0.0: Error: mce write submit urb error = -90
[  515.293584][ T9385] usb 3-1: new low-speed USB device number 67 using dummy_hcd
[  515.333670][T10037] mceusb 5-1:0.0: Error: mce write submit urb error = -90
[  515.363657][ T5842] Bluetooth: hci0: command 0x0406 tx timeout
[  515.393856][T10037] mceusb 5-1:0.0: Error: mce write submit urb error = -90
[  515.413871][T10037] mceusb 5-1:0.0: Error: mce write submit urb error = -90
[  515.434118][ T5842] Bluetooth: hci4: command 0x0405 tx timeout
[  515.438895][   T51] Bluetooth: hci3: command 0x0406 tx timeout
[  515.440433][T10037] mceusb 5-1:0.0: Error: mce write submit urb error = -90
[  515.455403][ T9385] usb 3-1: config 9 has an invalid descriptor of length 0, skipping remainder of the config
[  515.494359][ T9385] usb 3-1: config 9 has 0 interfaces, different from the descriptor's value: 1
[  515.551553][T10037] mceusb 5-1:0.0: Registered 424242424242 with mce emulator interface version 1
[  515.593694][ T9385] usb 3-1: New USB device found, idVendor=05ac, idProduct=0264, bcdDevice= 0.00
[  515.604566][   T51] Bluetooth: hci1: command 0x0405 tx timeout
[  515.692725][T10037] mceusb 5-1:0.0: 2 tx ports (0x0 cabled) and 2 rx sensors (0x0 active)
[  515.712443][ T9385] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  515.825450][T10037] usb 5-1: USB disconnect, device number 65
[  516.159255][T10748] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  516.175412][T10748] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  516.390288][T10765] netlink: 'syz.1.1275': attribute type 1 has an invalid length.
[  516.467511][T10748] pimreg: entered allmulticast mode
[  516.746003][T10765] batman_adv: batadv0: Adding interface: dummy0
[  516.755843][T10765] batman_adv: batadv0: The MTU of interface dummy0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  516.833682][T10765] batman_adv: batadv0: Not using interface dummy0 (retrying later): interface not active
[  516.895512][T10765] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1275'.
[  517.352082][T10775] netlink: 104 bytes leftover after parsing attributes in process `syz.4.1279'.
[  518.973874][T10787] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1282'.
[  519.066408][ T9385] usb 3-1: USB disconnect, device number 67
[  519.397723][T10796] netlink: 32 bytes leftover after parsing attributes in process `syz.0.1283'.
[  521.493661][T10035] usb 3-1: new high-speed USB device number 68 using dummy_hcd
[  521.670758][T10035] usb 3-1: Using ep0 maxpacket: 16
[  521.695689][T10035] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  521.726389][T10035] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  521.746653][T10035] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9
[  521.778533][T10039] usb 5-1: new full-speed USB device number 66 using dummy_hcd
[  521.798183][T10035] usb 3-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00
[  521.817820][T10035] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  521.847619][T10035] usb 3-1: config 0 descriptor??
[  521.955671][T10039] usb 5-1: New USB device found, idVendor=17e9, idProduct=8b4e, bcdDevice=9c.08
[  521.976933][T10039] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  522.001038][T10039] usb 5-1: config 0 descriptor??
[  522.312653][T10035] microsoft 0003:045E:07DA.0013: unknown main item tag 0x0
[  522.335710][T10035] microsoft 0003:045E:07DA.0013: unknown main item tag 0x0
[  522.363229][T10035] microsoft 0003:045E:07DA.0013: unknown main item tag 0x0
[  522.374078][T10035] microsoft 0003:045E:07DA.0013: unknown main item tag 0x0
[  522.381754][T10035] microsoft 0003:045E:07DA.0013: unknown main item tag 0x0
[  522.389284][T10035] microsoft 0003:045E:07DA.0013: unknown main item tag 0x0
[  522.397963][T10035] microsoft 0003:045E:07DA.0013: unknown main item tag 0x0
[  522.405621][T10035] microsoft 0003:045E:07DA.0013: unknown main item tag 0x0
[  522.413196][T10035] microsoft 0003:045E:07DA.0013: unknown main item tag 0x0
[  522.420825][T10035] microsoft 0003:045E:07DA.0013: unknown main item tag 0x0
[  522.468717][T10035] microsoft 0003:045E:07DA.0013: No inputs registered, leaving
[  522.512043][T10806] ip6_tunnel: non-ECT from fe80:0000:0000:0000:0000:0000:0000:00aa with DS=0xee
[  522.533322][T10035] microsoft 0003:045E:07DA.0013: hidraw0: USB HID v0.00 Device [HID 045e:07da] on usb-dummy_hcd.2-1/input0
[  522.653569][T10039] usb 4-1: new high-speed USB device number 53 using dummy_hcd
[  522.710054][T10035] microsoft 0003:045E:07DA.0013: no inputs found
[  522.767950][T10035] microsoft 0003:045E:07DA.0013: could not initialize ff, continuing anyway
[  522.909147][T10039] usb 4-1: config 0 has no interfaces?
[  522.921263][T10835] netlink: 44 bytes leftover after parsing attributes in process `syz.1.1294'.
[  522.931588][T10039] usb 4-1: New USB device found, idVendor=091e, idProduct=0003, bcdDevice=d7.3b
[  522.943644][T10039] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  522.951745][T10039] usb 4-1: Product: syz
[  522.963156][T10035] usb 3-1: USB disconnect, device number 68
[  523.036596][T10039] usb 4-1: Manufacturer: syz
[  523.066101][T10039] usb 4-1: SerialNumber: syz
[  523.118341][T10039] usb 4-1: config 0 descriptor??
[  523.181510][T10832] fido_id[10832]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.2/usb3/report_descriptor': No such file or directory
[  524.639496][T10037] usb 5-1: USB disconnect, device number 66
[  525.327963][T10849] FAULT_INJECTION: forcing a failure.
[  525.327963][T10849] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  525.497903][T10849] CPU: 0 UID: 0 PID: 10849 Comm: syz.0.1297 Not tainted 6.16.0-rc2-syzkaller-00047-g52da431bf03b #0 PREEMPT(full) 
[  525.497936][T10849] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  525.497949][T10849] Call Trace:
[  525.497958][T10849]  <TASK>
[  525.497968][T10849]  dump_stack_lvl+0x189/0x250
[  525.498009][T10849]  ? __pfx____ratelimit+0x10/0x10
[  525.498042][T10849]  ? __pfx_dump_stack_lvl+0x10/0x10
[  525.498075][T10849]  ? __pfx__printk+0x10/0x10
[  525.498112][T10849]  should_fail_ex+0x414/0x560
[  525.498147][T10849]  _copy_to_user+0x31/0xb0
[  525.498171][T10849]  simple_read_from_buffer+0xe1/0x170
[  525.498200][T10849]  proc_fail_nth_read+0x1df/0x250
[  525.498230][T10849]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  525.498260][T10849]  ? rw_verify_area+0x258/0x650
[  525.498291][T10849]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  525.498319][T10849]  vfs_read+0x200/0x980
[  525.498358][T10849]  ? __pfx___mutex_lock+0x10/0x10
[  525.498380][T10849]  ? __pfx_vfs_read+0x10/0x10
[  525.498414][T10849]  ? __fget_files+0x2a/0x420
[  525.498443][T10849]  ? __fget_files+0x3a0/0x420
[  525.498466][T10849]  ? __fget_files+0x2a/0x420
[  525.498500][T10849]  ksys_read+0x145/0x250
[  525.498522][T10849]  ? __pfx_ksys_read+0x10/0x10
[  525.498552][T10849]  ? rcu_is_watching+0x15/0xb0
[  525.498592][T10849]  ? do_syscall_64+0xbe/0x3b0
[  525.498616][T10849]  do_syscall_64+0xfa/0x3b0
[  525.498634][T10849]  ? lockdep_hardirqs_on+0x9c/0x150
[  525.498666][T10849]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  525.498697][T10849]  ? clear_bhb_loop+0x60/0xb0
[  525.498723][T10849]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  525.498744][T10849] RIP: 0033:0x7fe37798d33c
[  525.498763][T10849] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[  525.498782][T10849] RSP: 002b:00007fe3787fa030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  525.498805][T10849] RAX: ffffffffffffffda RBX: 00007fe377bb5fa0 RCX: 00007fe37798d33c
[  525.498821][T10849] RDX: 000000000000000f RSI: 00007fe3787fa0a0 RDI: 0000000000000003
[  525.498834][T10849] RBP: 00007fe3787fa090 R08: 0000000000000000 R09: 0000000000000000
[  525.498847][T10849] R10: 0000200000000580 R11: 0000000000000246 R12: 0000000000000001
[  525.498860][T10849] R13: 0000000000000000 R14: 00007fe377bb5fa0 R15: 00007fe377cdfa28
[  525.498894][T10849]  </TASK>
[  525.938563][T10037] usb 4-1: USB disconnect, device number 53
[  526.298380][T10861] netlink: 'syz.0.1300': attribute type 4 has an invalid length.
[  526.745078][T10866] netlink: 'syz.3.1303': attribute type 10 has an invalid length.
[  526.752979][T10866] netlink: 40 bytes leftover after parsing attributes in process `syz.3.1303'.
[  527.129800][T10037] usb 2-1: new high-speed USB device number 58 using dummy_hcd
[  527.318574][T10037] usb 2-1: config 0 has an invalid interface number: 120 but max is 0
[  527.329150][T10037] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  527.370502][T10037] usb 2-1: config 0 has no interface number 0
[  527.418103][T10037] usb 2-1: config 0 interface 120 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[  527.524254][T10037] usb 2-1: New USB device found, idVendor=16e3, idProduct=f9e9, bcdDevice= 0.58
[  527.543595][T10037] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  527.677932][T10037] usb 2-1: config 0 descriptor??
[  527.696942][T10878] kvm: requested 4190 ns i8254 timer period limited to 200000 ns
[  528.123591][T10051] usb 3-1: new high-speed USB device number 69 using dummy_hcd
[  528.327279][T10051] usb 3-1: config 0 interface 0 altsetting 251 endpoint 0x9 has invalid wMaxPacketSize 0
[  528.337388][T10051] usb 3-1: config 0 interface 0 has no altsetting 0
[  528.384757][T10051] usb 3-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b
[  528.405933][T10051] usb 3-1: New USB device strings: Mfr=1, Product=228, SerialNumber=2
[  528.417980][T10051] usb 3-1: Product: syz
[  528.423582][T10051] usb 3-1: Manufacturer: syz
[  528.428318][T10051] usb 3-1: SerialNumber: syz
[  528.463062][T10051] usb 3-1: config 0 descriptor??
[  528.508313][T10051] usb 3-1: selecting invalid altsetting 0
[  528.550079][T10885] netlink: 20 bytes leftover after parsing attributes in process `syz.4.1308'.
[  528.596470][T10885] netlink: 20 bytes leftover after parsing attributes in process `syz.4.1308'.
[  529.081352][T10895] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  529.091179][T10895] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  529.140258][ T9385] usb 3-1: USB disconnect, device number 69
[  530.405776][T10918] netlink: 44 bytes leftover after parsing attributes in process `syz.3.1314'.
[  531.305361][T10037] usb 2-1: USB disconnect, device number 58
[  531.756308][T10923] netlink: 'syz.2.1316': attribute type 10 has an invalid length.
[  531.793147][T10923] netlink: 40 bytes leftover after parsing attributes in process `syz.2.1316'.
[  532.363617][T10037] usb 2-1: new high-speed USB device number 59 using dummy_hcd
[  532.553040][T10037] usb 2-1: config 0 has no interfaces?
[  532.684041][T10037] usb 2-1: New USB device found, idVendor=091e, idProduct=0003, bcdDevice=d7.3b
[  532.721887][T10037] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  532.730155][T10936] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1320'.
[  532.740720][T10936] netlink: 4400 bytes leftover after parsing attributes in process `syz.2.1320'.
[  532.775632][T10936] sysfs: cannot create duplicate filename '/class/ieee80211/�`]��I�q�!�>�s���*��!)\�+`�iF=#'
[  532.803877][T10936] CPU: 1 UID: 0 PID: 10936 Comm: syz.2.1320 Not tainted 6.16.0-rc2-syzkaller-00047-g52da431bf03b #0 PREEMPT(full) 
[  532.803902][T10936] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  532.803912][T10936] Call Trace:
[  532.803918][T10936]  <TASK>
[  532.803925][T10936]  dump_stack_lvl+0x189/0x250
[  532.803958][T10936]  ? __pfx_dump_stack_lvl+0x10/0x10
[  532.803984][T10936]  ? __pfx__printk+0x10/0x10
[  532.804002][T10936]  ? kernfs_path_from_node+0x2c/0x260
[  532.804021][T10936]  ? kernfs_path_from_node+0x2c/0x260
[  532.804039][T10936]  ? kernfs_path_from_node+0x2c/0x260
[  532.804059][T10936]  ? kernfs_path_from_node+0x22c/0x260
[  532.804077][T10936]  ? kernfs_path_from_node+0x2c/0x260
[  532.804098][T10936]  sysfs_warn_dup+0x8e/0xa0
[  532.804116][T10936]  sysfs_do_create_link_sd+0xc0/0x110
[  532.804137][T10936]  device_add_class_symlinks+0x1cf/0x240
[  532.804158][T10936]  device_add+0x475/0xb50
[  532.804178][T10936]  wiphy_register+0x199a/0x26b0
[  532.804209][T10936]  ? __pfx_wiphy_register+0x10/0x10
[  532.804226][T10936]  ? minstrel_ht_alloc+0x6dd/0x7e0
[  532.804251][T10936]  ? ieee80211_init_rate_ctrl_alg+0x56d/0x5f0
[  532.804275][T10936]  ieee80211_register_hw+0x33e1/0x4120
[  532.804310][T10936]  ? ieee80211_register_hw+0x1451/0x4120
[  532.804338][T10936]  ? __pfx_ieee80211_register_hw+0x10/0x10
[  532.804363][T10936]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  532.804392][T10936]  ? __hrtimer_setup+0x187/0x210
[  532.804416][T10936]  ? __pfx_mac80211_hwsim_beacon+0x10/0x10
[  532.804453][T10936]  mac80211_hwsim_new_radio+0x2f0e/0x5340
[  532.804494][T10936]  ? __pfx_mac80211_hwsim_new_radio+0x10/0x10
[  532.804509][T10936]  ? trace_kmalloc+0x1f/0xd0
[  532.804522][T10936]  ? __kmalloc_node_track_caller_noprof+0x28e/0x4e0
[  532.804539][T10936]  ? kstrndup+0xbf/0x160
[  532.804571][T10936]  hwsim_new_radio_nl+0xea4/0x1b10
[  532.804590][T10936]  ? __pfx___nla_validate_parse+0x10/0x10
[  532.804626][T10936]  ? __pfx_hwsim_new_radio_nl+0x10/0x10
[  532.804652][T10936]  ? __nla_parse+0x40/0x60
[  532.804679][T10936]  ? genl_family_rcv_msg_attrs_parse+0x1c9/0x2a0
[  532.804711][T10936]  genl_family_rcv_msg_doit+0x212/0x300
[  532.804742][T10936]  ? __pfx_genl_family_rcv_msg_doit+0x10/0x10
[  532.804777][T10936]  ? bpf_lsm_capable+0x9/0x20
[  532.804796][T10936]  ? security_capable+0x7e/0x2e0
[  532.804822][T10936]  genl_rcv_msg+0x60e/0x790
[  532.804850][T10936]  ? __pfx_genl_rcv_msg+0x10/0x10
[  532.804872][T10936]  ? ref_tracker_free+0x63a/0x7d0
[  532.804893][T10936]  ? __pfx_hwsim_new_radio_nl+0x10/0x10
[  532.804909][T10936]  ? __pfx_ref_tracker_free+0x10/0x10
[  532.804940][T10936]  netlink_rcv_skb+0x205/0x470
[  532.804959][T10936]  ? __pfx_genl_rcv_msg+0x10/0x10
[  532.804984][T10936]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  532.805016][T10936]  ? down_read+0x1ad/0x2e0
[  532.805034][T10936]  genl_rcv+0x28/0x40
[  532.805056][T10936]  netlink_unicast+0x758/0x8d0
[  532.805080][T10936]  netlink_sendmsg+0x805/0xb30
[  532.805107][T10936]  ? __pfx_netlink_sendmsg+0x10/0x10
[  532.805129][T10936]  ? aa_sock_msg_perm+0x94/0x160
[  532.805152][T10936]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  532.805172][T10936]  ? __pfx_netlink_sendmsg+0x10/0x10
[  532.805192][T10936]  __sock_sendmsg+0x21c/0x270
[  532.805220][T10936]  ____sys_sendmsg+0x505/0x830
[  532.805245][T10936]  ? __pfx_____sys_sendmsg+0x10/0x10
[  532.805273][T10936]  ? import_iovec+0x74/0xa0
[  532.805292][T10936]  ___sys_sendmsg+0x21f/0x2a0
[  532.805314][T10936]  ? __pfx____sys_sendmsg+0x10/0x10
[  532.805364][T10936]  ? __fget_files+0x2a/0x420
[  532.805381][T10936]  ? __fget_files+0x3a0/0x420
[  532.805407][T10936]  __x64_sys_sendmsg+0x19b/0x260
[  532.805430][T10936]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  532.805459][T10936]  ? rcu_is_watching+0x15/0xb0
[  532.805488][T10936]  ? do_syscall_64+0xbe/0x3b0
[  532.805506][T10936]  do_syscall_64+0xfa/0x3b0
[  532.805519][T10936]  ? lockdep_hardirqs_on+0x9c/0x150
[  532.805543][T10936]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  532.805558][T10936]  ? clear_bhb_loop+0x60/0xb0
[  532.805583][T10936]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  532.805598][T10936] RIP: 0033:0x7fbd7b98e929
[  532.805614][T10936] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  532.805628][T10936] RSP: 002b:00007fbd7c7da038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  532.805645][T10936] RAX: ffffffffffffffda RBX: 00007fbd7bbb5fa0 RCX: 00007fbd7b98e929
[  532.805657][T10936] RDX: 0000000000000084 RSI: 0000200000000100 RDI: 0000000000000004
[  532.805668][T10936] RBP: 00007fbd7ba10b39 R08: 0000000000000000 R09: 0000000000000000
[  532.805677][T10936] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  532.805687][T10936] R13: 0000000000000000 R14: 00007fbd7bbb5fa0 R15: 00007fbd7bcdfa28
[  532.805711][T10936]  </TASK>
[  533.319665][T10037] usb 2-1: Product: syz
[  533.378424][T10037] usb 2-1: Manufacturer: syz
[  533.383104][T10037] usb 2-1: SerialNumber: syz
[  533.802040][T10037] usb 2-1: config 0 descriptor??
[  533.990169][   T30] kauditd_printk_skb: 30 callbacks suppressed
[  533.990189][   T30] audit: type=1326 audit(1750236771.979:852): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10940 comm="syz.0.1321" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe37798e929 code=0x7ffc0000
[  534.023818][   T30] audit: type=1326 audit(1750236772.009:853): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10940 comm="syz.0.1321" exe="/root/syz-executor" sig=0 arch=c000003e syscall=46 compat=0 ip=0x7fe37798e929 code=0x7ffc0000
[  534.093301][   T30] audit: type=1326 audit(1750236772.009:854): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10940 comm="syz.0.1321" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe37798e929 code=0x7ffc0000
[  534.116270][   T30] audit: type=1326 audit(1750236772.009:855): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10940 comm="syz.0.1321" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe37798e929 code=0x7ffc0000
[  534.200316][T10943] syzkaller0: entered promiscuous mode
[  534.216222][T10943] syzkaller0: entered allmulticast mode
[  534.226267][   T30] audit: type=1326 audit(1750236772.009:856): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10940 comm="syz.0.1321" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7fe37798e929 code=0x7ffc0000
[  534.308053][   T30] audit: type=1326 audit(1750236772.009:857): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10940 comm="syz.0.1321" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe37798e929 code=0x7ffc0000
[  534.523036][   T30] audit: type=1326 audit(1750236772.009:858): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10940 comm="syz.0.1321" exe="/root/syz-executor" sig=0 arch=c000003e syscall=46 compat=0 ip=0x7fe37798e929 code=0x7ffc0000
[  534.723840][T10927] loop4: detected capacity change from 0 to 524255232
[  534.731645][   T30] audit: type=1326 audit(1750236772.069:859): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10940 comm="syz.0.1321" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe37798e929 code=0x7ffc0000
[  534.896069][   T30] audit: type=1326 audit(1750236772.069:860): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10940 comm="syz.0.1321" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe37798e929 code=0x7ffc0000
[  535.048444][   T30] audit: type=1326 audit(1750236772.169:861): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10940 comm="syz.0.1321" exe="/root/syz-executor" sig=0 arch=c000003e syscall=46 compat=0 ip=0x7fe37798e929 code=0x7ffc0000
[  535.493640][T10037] usb 1-1: new high-speed USB device number 71 using dummy_hcd
[  535.613775][ T9385] usb 4-1: new high-speed USB device number 54 using dummy_hcd
[  535.734586][T10037] usb 1-1: Using ep0 maxpacket: 16
[  535.788418][ T9385] usb 4-1: Using ep0 maxpacket: 32
[  535.803334][T10037] usb 1-1: New USB device found, idVendor=17ef, idProduct=6047, bcdDevice= 0.00
[  535.812678][T10037] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  535.821391][ T9385] usb 4-1: config 0 has an invalid interface number: 12 but max is 0
[  535.829672][ T9385] usb 4-1: config 0 has no interface number 0
[  535.890660][ T9385] usb 4-1: config 0 interface 12 has no altsetting 0
[  535.909726][T10037] usb 1-1: config 0 descriptor??
[  535.935783][ T9385] usb 4-1: New USB device found, idVendor=2c42, idProduct=1202, bcdDevice=85.40
[  535.961223][T10031] usb 2-1: USB disconnect, device number 59
[  535.970329][ T9385] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  536.003894][ T9385] usb 4-1: Product: syz
[  536.008117][ T9385] usb 4-1: Manufacturer: syz
[  536.106983][T10964] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1327'.
[  536.140033][T10964] netlink: 4400 bytes leftover after parsing attributes in process `syz.4.1327'.
[  536.142198][ T9385] usb 4-1: SerialNumber: syz
[  536.219598][ T9385] usb 4-1: config 0 descriptor??
[  536.230894][T10966] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1328'.
[  536.297010][T10964] sysfs: cannot create duplicate filename '/class/ieee80211/�`]��I�q�!�>�s���*��!)\�+`�iF=#'
[  536.381601][T10037] lenovo 0003:17EF:6047.0014: hidraw0: USB HID v1.01 Device [HID 17ef:6047] on usb-dummy_hcd.0-1/input0
[  536.397473][T10964] CPU: 0 UID: 0 PID: 10964 Comm: syz.4.1327 Not tainted 6.16.0-rc2-syzkaller-00047-g52da431bf03b #0 PREEMPT(full) 
[  536.397518][T10964] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  536.397533][T10964] Call Trace:
[  536.397543][T10964]  <TASK>
[  536.397553][T10964]  dump_stack_lvl+0x189/0x250
[  536.397599][T10964]  ? __pfx_dump_stack_lvl+0x10/0x10
[  536.397638][T10964]  ? __pfx__printk+0x10/0x10
[  536.397664][T10964]  ? kernfs_path_from_node+0x2c/0x260
[  536.397693][T10964]  ? kernfs_path_from_node+0x2c/0x260
[  536.397720][T10964]  ? kernfs_path_from_node+0x2c/0x260
[  536.397750][T10964]  ? kernfs_path_from_node+0x22c/0x260
[  536.397776][T10964]  ? kernfs_path_from_node+0x2c/0x260
[  536.397808][T10964]  sysfs_warn_dup+0x8e/0xa0
[  536.397834][T10964]  sysfs_do_create_link_sd+0xc0/0x110
[  536.397864][T10964]  device_add_class_symlinks+0x1cf/0x240
[  536.397896][T10964]  device_add+0x475/0xb50
[  536.397927][T10964]  wiphy_register+0x199a/0x26b0
[  536.397973][T10964]  ? __pfx_wiphy_register+0x10/0x10
[  536.397997][T10964]  ? minstrel_ht_alloc+0x6dd/0x7e0
[  536.398034][T10964]  ? ieee80211_init_rate_ctrl_alg+0x56d/0x5f0
[  536.398069][T10964]  ieee80211_register_hw+0x33e1/0x4120
[  536.398117][T10964]  ? ieee80211_register_hw+0x1451/0x4120
[  536.398160][T10964]  ? __pfx_ieee80211_register_hw+0x10/0x10
[  536.398197][T10964]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  536.398239][T10964]  ? __hrtimer_setup+0x187/0x210
[  536.398272][T10964]  ? __pfx_mac80211_hwsim_beacon+0x10/0x10
[  536.398304][T10964]  mac80211_hwsim_new_radio+0x2f0e/0x5340
[  536.398364][T10964]  ? __pfx_mac80211_hwsim_new_radio+0x10/0x10
[  536.398387][T10964]  ? trace_kmalloc+0x1f/0xd0
[  536.398406][T10964]  ? __kmalloc_node_track_caller_noprof+0x28e/0x4e0
[  536.398429][T10964]  ? kstrndup+0xbf/0x160
[  536.398469][T10964]  hwsim_new_radio_nl+0xea4/0x1b10
[  536.398497][T10964]  ? __pfx___nla_validate_parse+0x10/0x10
[  536.398557][T10964]  ? __pfx_hwsim_new_radio_nl+0x10/0x10
[  536.398596][T10964]  ? __nla_parse+0x40/0x60
[  536.398634][T10964]  ? genl_family_rcv_msg_attrs_parse+0x1c9/0x2a0
[  536.398680][T10964]  genl_family_rcv_msg_doit+0x212/0x300
[  536.398724][T10964]  ? __pfx_genl_family_rcv_msg_doit+0x10/0x10
[  536.398775][T10964]  ? bpf_lsm_capable+0x9/0x20
[  536.398797][T10964]  ? security_capable+0x7e/0x2e0
[  536.398834][T10964]  genl_rcv_msg+0x60e/0x790
[  536.398875][T10964]  ? __pfx_genl_rcv_msg+0x10/0x10
[  536.398906][T10964]  ? ref_tracker_free+0x63a/0x7d0
[  536.398934][T10964]  ? __pfx_hwsim_new_radio_nl+0x10/0x10
[  536.398957][T10964]  ? __pfx_ref_tracker_free+0x10/0x10
[  536.398999][T10964]  netlink_rcv_skb+0x205/0x470
[  536.399027][T10964]  ? __pfx_genl_rcv_msg+0x10/0x10
[  536.399062][T10964]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  536.399110][T10964]  ? down_read+0x1ad/0x2e0
[  536.399136][T10964]  genl_rcv+0x28/0x40
[  536.399167][T10964]  netlink_unicast+0x758/0x8d0
[  536.399205][T10964]  netlink_sendmsg+0x805/0xb30
[  536.399245][T10964]  ? __pfx_netlink_sendmsg+0x10/0x10
[  536.399278][T10964]  ? aa_sock_msg_perm+0x94/0x160
[  536.399310][T10964]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  536.399338][T10964]  ? __pfx_netlink_sendmsg+0x10/0x10
[  536.399368][T10964]  __sock_sendmsg+0x21c/0x270
[  536.399408][T10964]  ____sys_sendmsg+0x505/0x830
[  536.399445][T10964]  ? __pfx_____sys_sendmsg+0x10/0x10
[  536.399486][T10964]  ? import_iovec+0x74/0xa0
[  536.399519][T10964]  ___sys_sendmsg+0x21f/0x2a0
[  536.399552][T10964]  ? __pfx____sys_sendmsg+0x10/0x10
[  536.399622][T10964]  ? __fget_files+0x2a/0x420
[  536.399648][T10964]  ? __fget_files+0x3a0/0x420
[  536.399686][T10964]  __x64_sys_sendmsg+0x19b/0x260
[  536.399719][T10964]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  536.399762][T10964]  ? rcu_is_watching+0x15/0xb0
[  536.399804][T10964]  ? do_syscall_64+0xbe/0x3b0
[  536.399831][T10964]  do_syscall_64+0xfa/0x3b0
[  536.399851][T10964]  ? lockdep_hardirqs_on+0x9c/0x150
[  536.399884][T10964]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  536.399907][T10964]  ? clear_bhb_loop+0x60/0xb0
[  536.399933][T10964]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  536.399955][T10964] RIP: 0033:0x7f931598e929
[  536.399976][T10964] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  536.399995][T10964] RSP: 002b:00007f93168b9038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  536.400019][T10964] RAX: ffffffffffffffda RBX: 00007f9315bb5fa0 RCX: 00007f931598e929
[  536.400036][T10964] RDX: 0000000000000084 RSI: 0000200000000100 RDI: 0000000000000004
[  536.400049][T10964] RBP: 00007f9315a10b39 R08: 0000000000000000 R09: 0000000000000000
[  536.400062][T10964] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  536.400076][T10964] R13: 0000000000000000 R14: 00007f9315bb5fa0 R15: 00007f9315cdfa28
[  536.400112][T10964]  </TASK>
[  537.137016][ T9385] f81534 4-1:0.12: f81534_set_register: reg: 1002 data: 3 failed: -71
[  537.209773][ T9385] f81534 4-1:0.12: f81534_find_config_idx: read failed: -71
[  537.217329][ T9385] f81534 4-1:0.12: f81534_calc_num_ports: find idx failed: -71
[  537.226989][ T9385] f81534 4-1:0.12: probe with driver f81534 failed with error -71
[  537.239829][ T9385] usb 4-1: USB disconnect, device number 54
[  537.357771][ T5842] Bluetooth: hci1: command 0x0405 tx timeout
[  539.517216][   T30] kauditd_printk_skb: 52 callbacks suppressed
[  539.517238][   T30] audit: type=1326 audit(1750236777.469:914): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10989 comm="syz.2.1334" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbd7b98e929 code=0x7ffc0000
[  539.555645][T10990] syzkaller0: entered promiscuous mode
[  539.618690][T10990] syzkaller0: entered allmulticast mode
[  539.708719][   T30] audit: type=1326 audit(1750236777.469:915): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10989 comm="syz.2.1334" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbd7b98e929 code=0x7ffc0000
[  539.803714][   T30] audit: type=1326 audit(1750236777.489:916): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10989 comm="syz.2.1334" exe="/root/syz-executor" sig=0 arch=c000003e syscall=3 compat=0 ip=0x7fbd7b98e929 code=0x7ffc0000
[  539.898818][   T30] audit: type=1326 audit(1750236777.489:917): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10989 comm="syz.2.1334" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbd7b98e929 code=0x7ffc0000
[  540.021570][   T30] audit: type=1326 audit(1750236777.539:918): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10989 comm="syz.2.1334" exe="/root/syz-executor" sig=0 arch=c000003e syscall=53 compat=0 ip=0x7fbd7b98e929 code=0x7ffc0000
[  540.093901][   T30] audit: type=1326 audit(1750236777.539:919): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10989 comm="syz.2.1334" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbd7b98e929 code=0x7ffc0000
[  540.153679][   T30] audit: type=1326 audit(1750236777.539:920): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10989 comm="syz.2.1334" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbd7b98e929 code=0x7ffc0000
[  540.186987][   T30] audit: type=1326 audit(1750236777.549:921): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10989 comm="syz.2.1334" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7fbd7b98e929 code=0x7ffc0000
[  540.347591][   T30] audit: type=1326 audit(1750236777.629:922): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10989 comm="syz.2.1334" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbd7b98e929 code=0x7ffc0000
[  540.369971][    C1] vkms_vblank_simulate: vblank timer overrun
[  540.546706][   T30] audit: type=1326 audit(1750236777.629:923): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10989 comm="syz.2.1334" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbd7b98e929 code=0x7ffc0000
[  540.569101][    C1] vkms_vblank_simulate: vblank timer overrun
[  541.242546][T10037] lenovo 0003:17EF:6047.0014: Failed to switch F7/9/11 mode: -71
[  541.251101][T10037] lenovo 0003:17EF:6047.0014: Failed to switch middle button: -71
[  541.300827][T10037] lenovo 0003:17EF:6047.0014: Fn-lock setting failed: -71
[  541.349948][T10037] lenovo 0003:17EF:6047.0014: Sensitivity setting failed: -71
[  541.516095][T11008] loop6: detected capacity change from 0 to 524287999
[  541.525929][T11008] buffer_io_error: 7 callbacks suppressed
[  541.525948][T11008] Buffer I/O error on dev loop6, logical block 0, async page read
[  541.542614][T10037] usb 1-1: USB disconnect, device number 71
[  541.792853][T11008] Buffer I/O error on dev loop6, logical block 0, async page read
[  541.801122][T11008] Buffer I/O error on dev loop6, logical block 0, async page read
[  541.873717][T11008] Buffer I/O error on dev loop6, logical block 0, async page read
[  541.883600][T11008] Buffer I/O error on dev loop6, logical block 0, async page read
[  541.892285][T11008] Buffer I/O error on dev loop6, logical block 0, async page read
[  541.900582][T11008] Buffer I/O error on dev loop6, logical block 0, async page read
[  541.908801][T11008] Buffer I/O error on dev loop6, logical block 0, async page read
[  541.917248][T11008] ldm_validate_partition_table(): Disk read failed.
[  541.924181][T11008] Buffer I/O error on dev loop6, logical block 0, async page read
[  541.932312][T11008] Buffer I/O error on dev loop6, logical block 0, async page read
[  541.941151][T11008] Dev loop6: unable to read RDB block 0
[  541.947759][T11008]  loop6: unable to read partition table
[  541.954005][T11008] loop_reread_partitions: partition scan of loop6 (3��x��C�

) failed (rc=-5)
[  542.444107][T10035] usb 5-1: new high-speed USB device number 67 using dummy_hcd
[  542.476074][T11017] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1340'.
[  542.496748][T11017] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1340'.
[  542.656954][T10035] usb 5-1: Using ep0 maxpacket: 32
[  542.670508][T10035] usb 5-1: config 1 interface 0 has no altsetting 0
[  542.691587][T10035] usb 5-1: New USB device found, idVendor=5543, idProduct=006e, bcdDevice= 0.40
[  542.701002][T10035] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  542.709129][T10035] usb 5-1: Product: syz
[  542.713361][T10035] usb 5-1: SerialNumber: syz
[  542.903562][T10051] usb 1-1: new high-speed USB device number 72 using dummy_hcd
[  542.997189][T11008] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  543.007435][T11008] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  543.093731][T10051] usb 1-1: Using ep0 maxpacket: 32
[  543.226988][T10051] usb 1-1: config 0 interface 0 has no altsetting 0
[  543.234135][T10051] usb 1-1: New USB device found, idVendor=1e71, idProduct=2011, bcdDevice= 0.00
[  543.243629][T10051] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  543.346994][T10051] usb 1-1: config 0 descriptor??
[  543.937283][T11035] syzkaller0: entered promiscuous mode
[  543.943192][T11035] syzkaller0: entered allmulticast mode
[  543.988076][T10051] usbhid 1-1:0.0: can't add hid device: -71
[  543.997442][T10051] usbhid 1-1:0.0: probe with driver usbhid failed with error -71
[  544.032821][T10051] usb 1-1: USB disconnect, device number 72
[  544.553693][T10051] usb 4-1: new high-speed USB device number 55 using dummy_hcd
[  544.739804][T10051] usb 4-1: device descriptor read/64, error -71
[  545.105361][T10051] usb 4-1: new high-speed USB device number 56 using dummy_hcd
[  545.303971][T10035] usbhid 5-1:1.0: can't add hid device: -71
[  545.363603][T10035] usbhid 5-1:1.0: probe with driver usbhid failed with error -71
[  545.363626][T10037] usb 3-1: new high-speed USB device number 70 using dummy_hcd
[  545.389796][T10051] usb 4-1: device descriptor read/64, error -71
[  545.423772][T10035] usb 5-1: USB disconnect, device number 67
[  545.514686][T10051] usb usb4-port1: attempt power cycle
[  545.786044][T10037] usb 3-1: config 0 has no interfaces?
[  545.795545][T10037] usb 3-1: New USB device found, idVendor=091e, idProduct=0003, bcdDevice=d7.3b
[  545.805590][T10037] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  545.893590][T10037] usb 3-1: Product: syz
[  545.907292][T10037] usb 3-1: Manufacturer: syz
[  545.912137][T10037] usb 3-1: SerialNumber: syz
[  545.942079][T10037] usb 3-1: config 0 descriptor??
[  545.953776][T10051] usb 4-1: new high-speed USB device number 57 using dummy_hcd
[  546.075519][T10051] usb 4-1: device descriptor read/8, error -71
[  546.353628][T10051] usb 4-1: new high-speed USB device number 58 using dummy_hcd
[  546.436964][T10051] usb 4-1: device descriptor read/8, error -71
[  546.443588][T10035] usb 5-1: new high-speed USB device number 68 using dummy_hcd
[  546.566492][T11062] netlink: 'syz.1.1353': attribute type 4 has an invalid length.
[  546.623619][T10035] usb 5-1: device descriptor read/64, error -71
[  546.654655][T10051] usb usb4-port1: unable to enumerate USB device
[  546.863684][T10035] usb 5-1: new high-speed USB device number 69 using dummy_hcd
[  546.993819][T10035] usb 5-1: device descriptor read/64, error -71
[  547.105033][T10035] usb usb5-port1: attempt power cycle
[  547.463678][T10035] usb 5-1: new high-speed USB device number 70 using dummy_hcd
[  547.524522][T10035] usb 5-1: device descriptor read/8, error -71
[  548.143661][T10035] usb 5-1: new high-speed USB device number 71 using dummy_hcd
[  548.213343][T10035] usb 5-1: device descriptor read/8, error -71
[  548.445342][T10035] usb usb5-port1: unable to enumerate USB device
[  554.822928][T11101] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1364'.
[  555.322092][T10050] usb 3-1: USB disconnect, device number 70
[  560.121944][ T1310] sched: DL replenish lagged too much
[  562.694869][T11113] FAULT_INJECTION: forcing a failure.
[  562.694869][T11113] name failslab, interval 1, probability 0, space 0, times 0
[  562.814161][T11113] CPU: 1 UID: 0 PID: 11113 Comm: syz.4.1368 Not tainted 6.16.0-rc2-syzkaller-00047-g52da431bf03b #0 PREEMPT(full) 
[  562.814193][T11113] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  562.814206][T11113] Call Trace:
[  562.814215][T11113]  <TASK>
[  562.814224][T11113]  dump_stack_lvl+0x189/0x250
[  562.814262][T11113]  ? __pfx____ratelimit+0x10/0x10
[  562.814293][T11113]  ? __pfx_dump_stack_lvl+0x10/0x10
[  562.814325][T11113]  ? __pfx__printk+0x10/0x10
[  562.814350][T11113]  ? __pfx___might_resched+0x10/0x10
[  562.814419][T11113]  ? fs_reclaim_acquire+0x7d/0x100
[  562.814449][T11113]  should_fail_ex+0x414/0x560
[  562.814481][T11113]  should_failslab+0xa8/0x100
[  562.814505][T11113]  __kmalloc_noprof+0xcb/0x4f0
[  562.814524][T11113]  ? __pfx___local_bh_enable_ip+0x10/0x10
[  562.814554][T11113]  ? sock_kmalloc+0xd6/0x160
[  562.814585][T11113]  sock_kmalloc+0xd6/0x160
[  562.814616][T11113]  hash_recvmsg+0x1d4/0x840
[  562.814649][T11113]  ? __pfx_hash_recvmsg+0x10/0x10
[  562.814677][T11113]  sock_recvmsg_nosec+0x183/0x1c0
[  562.814712][T11113]  ____sys_recvmsg+0x3aa/0x460
[  562.814748][T11113]  ? __pfx_____sys_recvmsg+0x10/0x10
[  562.814791][T11113]  ? import_iovec+0x74/0xa0
[  562.814817][T11113]  ___sys_recvmsg+0x1b5/0x510
[  562.814850][T11113]  ? __pfx____sys_recvmsg+0x10/0x10
[  562.814908][T11113]  ? __might_fault+0xb0/0x130
[  562.814932][T11113]  do_recvmmsg+0x307/0x770
[  562.814968][T11113]  ? __pfx_do_recvmmsg+0x10/0x10
[  562.815008][T11113]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[  562.815046][T11113]  __x64_sys_recvmmsg+0x190/0x240
[  562.815077][T11113]  ? __pfx___x64_sys_recvmmsg+0x10/0x10
[  562.815102][T11113]  ? rcu_is_watching+0x15/0xb0
[  562.815139][T11113]  ? do_syscall_64+0xbe/0x3b0
[  562.815162][T11113]  do_syscall_64+0xfa/0x3b0
[  562.815183][T11113]  ? lockdep_hardirqs_on+0x9c/0x150
[  562.815213][T11113]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  562.815233][T11113]  ? clear_bhb_loop+0x60/0xb0
[  562.815258][T11113]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  562.815278][T11113] RIP: 0033:0x7f931598e929
[  562.815296][T11113] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  562.815315][T11113] RSP: 002b:00007f93168b9038 EFLAGS: 00000246 ORIG_RAX: 000000000000012b
[  562.815336][T11113] RAX: ffffffffffffffda RBX: 00007f9315bb5fa0 RCX: 00007f931598e929
[  562.815351][T11113] RDX: 0000000000000600 RSI: 0000200000003700 RDI: 0000000000000004
[  562.815364][T11113] RBP: 00007f93168b9090 R08: 0000000000000000 R09: 0000000000000000
[  562.815385][T11113] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  562.815398][T11113] R13: 0000000000000000 R14: 00007f9315bb5fa0 R15: 00007f9315cdfa28
[  562.815429][T11113]  </TASK>
[  565.749548][ T5842] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[  565.862402][ T5842] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[  565.891694][ T5842] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[  565.947742][ T5842] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[  565.971917][ T5842] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[  566.182812][   T12] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  568.154129][ T5842] Bluetooth: hci4: command tx timeout
[  570.293756][ T1299] ieee802154 phy0 wpan0: encryption failed: -22
[  570.300954][ T1299] ieee802154 phy1 wpan1: encryption failed: -22
[  570.811770][   T51] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1
[  570.841724][   T51] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9
[  570.850237][T11139] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1374'.
[  570.888868][   T51] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9
[  570.924208][   T51] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4
[  570.935773][   T51] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2
[  572.903623][   T51] Bluetooth: hci4: command tx timeout
[  573.033818][   T51] Bluetooth: hci5: command tx timeout
[  574.402604][   T12] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  574.954274][   T51] Bluetooth: hci4: command tx timeout
[  575.114449][   T51] Bluetooth: hci5: command tx timeout
[  575.331952][T11146] bond0: entered promiscuous mode
[  575.339300][T11146] bond_slave_0: entered promiscuous mode
[  575.369778][T11146] bond_slave_1: entered promiscuous mode
[  576.144275][T11148] netlink: 'syz.1.1376': attribute type 16 has an invalid length.
[  576.163030][T11148] netlink: 'syz.1.1376': attribute type 17 has an invalid length.
[  576.458517][   T12] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  577.033746][ T5842] Bluetooth: hci4: command tx timeout
[  577.199798][ T5842] Bluetooth: hci5: command tx timeout
[  579.273620][ T5842] Bluetooth: hci5: command tx timeout
[  584.421453][   T12] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  586.391673][T11130] chnl_net:caif_netlink_parms(): no params data found
[  590.509533][   T51] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[  590.521736][   T51] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[  590.531137][   T51] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[  590.547518][   T51] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[  590.556372][   T51] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[  591.325965][   T12] bridge_slave_1: left allmulticast mode
[  591.331935][   T12] bridge_slave_1: left promiscuous mode
[  591.449919][   T12] bridge0: port 2(bridge_slave_1) entered disabled state
[  591.600483][T11191] netlink: 16 bytes leftover after parsing attributes in process `syz.1.1383'.
[  591.621555][   T12] bridge_slave_0: left allmulticast mode
[  591.689060][   T12] bridge_slave_0: left promiscuous mode
[  591.725147][   T12] bridge0: port 1(bridge_slave_0) entered disabled state
[  592.633674][   T51] Bluetooth: hci2: command tx timeout
[  596.823858][   T51] Bluetooth: hci2: command tx timeout
[  598.442814][   T12] team0: Port device geneve0 removed
[  598.708201][   T12] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  598.752824][   T12] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  598.799599][   T12] bond0 (unregistering): Released all slaves
[  598.883552][   T51] Bluetooth: hci2: command tx timeout
[  599.182768][   T12] bond1 (unregistering): (slave veth3): Releasing active interface
[  599.206487][   T12] bond1 (unregistering): Released all slaves
[  599.623123][T11220] loop2: detected capacity change from 0 to 7
[  599.638992][T11220] Dev loop2: unable to read RDB block 7
[  599.654641][T11220]  loop2: unable to read partition table
[  599.660650][T11220] loop2: partition table beyond EOD, truncated
[  599.685643][T11220] loop_reread_partitions: partition scan of loop2 (�被x������ ) failed (rc=-5)
[  599.796282][   T12] bond2 (unregistering): Released all slaves
[  600.330590][   T12] bond3 (unregistering): (slave veth5): Releasing active interface
[  600.397740][   T12] bond3 (unregistering): Released all slaves
[  600.459984][T11141] chnl_net:caif_netlink_parms(): no params data found
[  600.954653][ T5842] Bluetooth: hci2: command tx timeout
[  601.049874][T11232] [U] ��M٭��Q&�� K�4
[  601.069201][T11232] [U] [�)�U�}��ǔ��JϬ}N�SEF*�	�����NZ��F[F_H��'��W"�X�~����;VA�)^�`�1C':Z�������FOB�	*?۟C�Z�S��<8ZNѷ���ј��EY�	T�T<$C�R�Ɩ�/VG���{Y�~Y5\�
;ƃZ��DX���Y�A��"XI�F�{��`A$í�55?�
��S�A�M��O����ͻ*K��
[  601.165373][T11232] [U] �O�4
[  601.168975][T11232] [U] ��U��B�+ '~GIރRQ^���,(-|��ڟ��-<�6&��H.Z9��/�RJΩ���ˈ�+)֭KΦ.�NH�A#LW#RF7�P٪��MAX��]���LN"K
�M+,G�SB�HJ���X�̧�C��Q�
[  601.502695][T11239] binder: BINDER_SET_CONTEXT_MGR already set
[  601.518108][T11239] binder: 11237:11239 ioctl 4018620d 200000000040 returned -16
[  629.705339][ T1299] ieee802154 phy0 wpan0: encryption failed: -22
[  629.719925][ T1299] ieee802154 phy1 wpan1: encryption failed: -22
[  691.177817][ T1299] ieee802154 phy0 wpan0: encryption failed: -22
[  744.283413][    C1] rcu: INFO: rcu_preempt detected stalls on CPUs/tasks:
[  744.290449][    C1] rcu: 	Tasks blocked on level-0 rcu_node (CPUs 0-1): P5830/1:b..l P5206/1:b..l
[  744.300018][    C1] rcu: 	(detected by 1, t=10502 jiffies, g=58749, q=333 ncpus=2)
[  744.307797][    C1] task:udevd           state:R  running task     stack:22952 pid:5206  tgid:5206  ppid:1      task_flags:0x400140 flags:0x00004002
[  744.322471][    C1] Call Trace:
[  744.325798][    C1]  <TASK>
[  744.328772][    C1]  __schedule+0x16f5/0x4d00
[  744.333349][    C1]  ? preempt_schedule_irq+0xb5/0x150
[  744.338688][    C1]  ? __pfx___schedule+0x10/0x10
[  744.343600][    C1]  ? is_bpf_text_address+0x292/0x2b0
[  744.348945][    C1]  ? preempt_schedule_irq+0xaa/0x150
[  744.354291][    C1]  preempt_schedule_irq+0xb5/0x150
[  744.359458][    C1]  ? __pfx_preempt_schedule_irq+0x10/0x10
[  744.365241][    C1]  ? rcu_irq_exit_check_preempt+0xdf/0x210
[  744.371115][    C1]  irqentry_exit+0x6f/0x90
[  744.375579][    C1]  asm_sysvec_apic_timer_interrupt+0x1a/0x20
[  744.381594][    C1] RIP: 0010:lock_acquire+0x175/0x360
[  744.387061][    C1] Code: 00 00 00 00 9c 8f 44 24 30 f7 44 24 30 00 02 00 00 0f 85 cd 00 00 00 f7 44 24 08 00 02 00 00 74 01 fb 65 48 8b 05 3b bd fe 10 <48> 3b 44 24 58 0f 85 f2 00 00 00 48 83 c4 60 5b 41 5c 41 5d 41 5e
[  744.406726][    C1] RSP: 0018:ffffc900032178f8 EFLAGS: 00000206
[  744.412839][    C1] RAX: 5d2f5dff56995300 RBX: 0000000000000000 RCX: 5d2f5dff56995300
[  744.420843][    C1] RDX: 0000000000000000 RSI: ffffffff8db6ecc7 RDI: ffffffff8be28b80
[  744.428847][    C1] RBP: ffffffff822d2d7e R08: 0000000000000000 R09: ffffffff822d2d7e
[  744.436938][    C1] R10: 000000000000000d R11: ffffffff81acf690 R12: 0000000000000002
[  744.444957][    C1] R13: ffffffff8e13eda0 R14: 0000000000000000 R15: 0000000000000246
[  744.452970][    C1]  ? __update_page_owner_free_handle+0x2e/0x470
[  744.459269][    C1]  ? __pfx_stack_trace_consume_entry+0x10/0x10
[  744.465468][    C1]  ? __update_page_owner_free_handle+0x2e/0x470
[  744.471766][    C1]  ? put_cpu_partial+0x17c/0x250
[  744.476750][    C1]  ? __slab_free+0x2f7/0x400
[  744.481383][    C1]  ? qlist_free_all+0x97/0x140
[  744.486197][    C1]  ? __kasan_slab_alloc+0x22/0x80
[  744.491257][    C1]  ? kmem_cache_alloc_noprof+0x1c1/0x3c0
[  744.496932][    C1]  ? getname_flags+0xb8/0x540
[  744.501644][    C1]  ? vfs_fstatat+0x43/0x170
[  744.506187][    C1]  ? __update_page_owner_free_handle+0x2e/0x470
[  744.512461][    C1]  __update_page_owner_free_handle+0x4b/0x470
[  744.518569][    C1]  ? __update_page_owner_free_handle+0x2e/0x470
[  744.524851][    C1]  ? page_ext_put+0x97/0xc0
[  744.529489][    C1]  __reset_page_owner+0x85/0x1f0
[  744.534469][    C1]  __free_frozen_pages+0xc71/0xe70
[  744.539636][    C1]  __put_partials+0x161/0x1c0
[  744.544362][    C1]  put_cpu_partial+0x17c/0x250
[  744.549166][    C1]  ? put_cpu_partial+0x6d/0x250
[  744.554067][    C1]  __slab_free+0x2f7/0x400
[  744.558547][    C1]  ? __phys_addr+0xd3/0x180
[  744.563112][    C1]  qlist_free_all+0x97/0x140
[  744.567774][    C1]  kasan_quarantine_reduce+0x148/0x160
[  744.573287][    C1]  __kasan_slab_alloc+0x22/0x80
[  744.578181][    C1]  kmem_cache_alloc_noprof+0x1c1/0x3c0
[  744.583693][    C1]  ? getname_flags+0xb8/0x540
[  744.588421][    C1]  getname_flags+0xb8/0x540
[  744.592971][    C1]  vfs_fstatat+0x43/0x170
[  744.597349][    C1]  __x64_sys_newfstatat+0x116/0x190
[  744.602604][    C1]  ? __pfx___x64_sys_newfstatat+0x10/0x10
[  744.608364][    C1]  ? rcu_is_watching+0x15/0xb0
[  744.613207][    C1]  ? do_syscall_64+0xbe/0x3b0
[  744.617919][    C1]  do_syscall_64+0xfa/0x3b0
[  744.622453][    C1]  ? lockdep_hardirqs_on+0x9c/0x150
[  744.627701][    C1]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  744.633801][    C1]  ? clear_bhb_loop+0x60/0xb0
[  744.638508][    C1]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  744.644440][    C1] RIP: 0033:0x7f802ad11b0a
[  744.648890][    C1] RSP: 002b:00007fff2c93d648 EFLAGS: 00000246 ORIG_RAX: 0000000000000106
[  744.657339][    C1] RAX: ffffffffffffffda RBX: 000055b0876d2420 RCX: 00007f802ad11b0a
[  744.665344][    C1] RDX: 00007fff2c93d650 RSI: 000055b0876c0ef3 RDI: 00000000ffffff9c
[  744.673347][    C1] RBP: 000055b08f8cb118 R08: 00063478c1c69200 R09: 7fffffffffffffff
[  744.681356][    C1] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  744.689361][    C1] R13: 00007fff2c93d650 R14: 0000000000000000 R15: 00063478c1c69200
[  744.697403][    C1]  </TASK>
[  744.700543][    C1] task:syz-executor    state:R  running task     stack:24136 pid:5830  tgid:5830  ppid:5824   task_flags:0x40050c flags:0x00004004
[  744.714106][    C1] Call Trace:
[  744.717425][    C1]  <TASK>
[  744.720389][    C1]  __schedule+0x16f5/0x4d00
[  744.724959][    C1]  ? preempt_schedule_common+0x83/0xd0
[  744.730463][    C1]  ? __pfx___schedule+0x10/0x10
[  744.735365][    C1]  ? do_raw_spin_lock+0x121/0x290
[  744.740440][    C1]  ? preempt_schedule+0xae/0xc0
[  744.745338][    C1]  preempt_schedule_common+0x83/0xd0
[  744.750674][    C1]  preempt_schedule+0xae/0xc0
[  744.755396][    C1]  ? __pfx_preempt_schedule+0x10/0x10
[  744.760821][    C1]  preempt_schedule_thunk+0x16/0x30
[  744.766068][    C1]  _raw_spin_unlock+0x3f/0x50
[  744.770799][    C1]  unmap_page_range+0x3842/0x41c0
[  744.775915][    C1]  ? __pfx_unmap_page_range+0x10/0x10
[  744.781340][    C1]  ? unmap_vmas+0x144/0x580
[  744.785887][    C1]  unmap_vmas+0x399/0x580
[  744.790265][    C1]  ? __pfx_unmap_vmas+0x10/0x10
[  744.795185][    C1]  exit_mmap+0x248/0xb50
[  744.799485][    C1]  ? uprobe_clear_state+0x20f/0x290
[  744.804732][    C1]  ? __pfx_exit_mmap+0x10/0x10
[  744.809535][    C1]  ? __mutex_unlock_slowpath+0x1cd/0x700
[  744.815221][    C1]  ? __pfx_exit_aio+0x10/0x10
[  744.819944][    C1]  ? uprobe_clear_state+0x274/0x290
[  744.825210][    C1]  __mmput+0x118/0x420
[  744.829327][    C1]  exit_mm+0x1da/0x2c0
[  744.833435][    C1]  ? __pfx_exit_mm+0x10/0x10
[  744.838066][    C1]  ? rcu_is_watching+0x15/0xb0
[  744.842881][    C1]  do_exit+0x640/0x22e0
[  744.847081][    C1]  ? do_raw_spin_lock+0x121/0x290
[  744.852148][    C1]  ? __pfx_do_exit+0x10/0x10
[  744.856792][    C1]  do_group_exit+0x21c/0x2d0
[  744.861419][    C1]  ? lockdep_hardirqs_on+0x9c/0x150
[  744.866665][    C1]  get_signal+0x1286/0x1340
[  744.871237][    C1]  arch_do_signal_or_restart+0x9a/0x750
[  744.876828][    C1]  ? __pfx___x64_sys_wait4+0x10/0x10
[  744.882160][    C1]  ? __pfx_arch_do_signal_or_restart+0x10/0x10
[  744.888379][    C1]  ? exit_to_user_mode_loop+0x40/0x110
[  744.893890][    C1]  exit_to_user_mode_loop+0x75/0x110
[  744.899223][    C1]  do_syscall_64+0x2bd/0x3b0
[  744.903847][    C1]  ? lockdep_hardirqs_on+0x9c/0x150
[  744.909088][    C1]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  744.915188][    C1]  ? clear_bhb_loop+0x60/0xb0
[  744.919901][    C1]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  744.925828][    C1] RIP: 0033:0x7f2826984b97
[  744.930280][    C1] RSP: 002b:00007ffeba527b80 EFLAGS: 00000293 ORIG_RAX: 000000000000003d
[  744.938734][    C1] RAX: fffffffffffffe00 RBX: 00000000000016da RCX: 00007f2826984b97
[  744.946733][    C1] RDX: 0000000040000000 RSI: 00007ffeba527bbc RDI: 00000000ffffffff
[  744.954734][    C1] RBP: 00007ffeba527bbc R08: 0000000000000000 R09: 0000000000000000
[  744.962737][    C1] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000008
[  744.970752][    C1] R13: 0000000000000003 R14: 0000000000000009 R15: 0000000000000000
[  744.978773][    C1]  </TASK>
[  744.981817][    C1] rcu: rcu_preempt kthread starved for 1520 jiffies! g58749 f0x0 RCU_GP_WAIT_FQS(5) ->state=0x0 ->cpu=1
[  744.993013][    C1] rcu: 	Unless rcu_preempt kthread gets sufficient CPU time, OOM is now expected behavior.
[  745.003034][    C1] rcu: RCU grace-period kthread stack dump:
[  745.008968][    C1] task:rcu_preempt     state:R  running task     stack:27320 pid:16    tgid:16    ppid:2      task_flags:0x208040 flags:0x00004000
[  745.022635][    C1] Call Trace:
[  745.025953][    C1]  <TASK>
[  745.028918][    C1]  __schedule+0x16f5/0x4d00
[  745.033489][    C1]  ? schedule+0x165/0x360
[  745.037868][    C1]  ? __pfx___schedule+0x10/0x10
[  745.042796][    C1]  ? schedule+0x91/0x360
[  745.047108][    C1]  schedule+0x165/0x360
[  745.051310][    C1]  schedule_timeout+0x12b/0x270
[  745.056202][    C1]  ? __pfx_schedule_timeout+0x10/0x10
[  745.061613][    C1]  ? _raw_spin_unlock_irqrestore+0x85/0x110
[  745.067551][    C1]  ? __pfx_process_timeout+0x10/0x10
[  745.072873][    C1]  ? prepare_to_swait_event+0x341/0x380
[  745.078460][    C1]  rcu_gp_fqs_loop+0x301/0x1540
[  745.083365][    C1]  ? __pfx_rcu_watching_snap_recheck+0x10/0x10
[  745.089565][    C1]  ? __pfx_rcu_gp_fqs_loop+0x10/0x10
[  745.094889][    C1]  ? _raw_spin_unlock_irq+0x2e/0x50
[  745.100133][    C1]  ? finish_swait+0xcd/0x1f0
[  745.104764][    C1]  rcu_gp_kthread+0x99/0x390
[  745.109397][    C1]  ? __pfx_rcu_gp_kthread+0x10/0x10
[  745.114663][    C1]  ? __kthread_parkme+0x7b/0x200
[  745.119639][    C1]  ? __kthread_parkme+0x1a1/0x200
[  745.124710][    C1]  kthread+0x70e/0x8a0
[  745.128820][    C1]  ? __pfx_rcu_gp_kthread+0x10/0x10
[  745.134051][    C1]  ? __pfx_kthread+0x10/0x10
[  745.138675][    C1]  ? _raw_spin_unlock_irq+0x23/0x50
[  745.143919][    C1]  ? lockdep_hardirqs_on+0x9c/0x150
[  745.149160][    C1]  ? __pfx_kthread+0x10/0x10
[  745.153806][    C1]  ret_from_fork+0x3f9/0x770
[  745.158460][    C1]  ? __pfx_ret_from_fork+0x10/0x10
[  745.163629][    C1]  ? __switch_to_asm+0x39/0x70
[  745.168427][    C1]  ? __switch_to_asm+0x33/0x70
[  745.173223][    C1]  ? __pfx_kthread+0x10/0x10
[  745.178035][    C1]  ret_from_fork_asm+0x1a/0x30
[  745.182859][    C1]  </TASK>
[  745.185911][    C1] rcu: Stack dump where RCU GP kthread last ran:
[  745.192269][    C1] CPU: 1 UID: 0 PID: 0 Comm: swapper/1 Not tainted 6.16.0-rc2-syzkaller-00047-g52da431bf03b #0 PREEMPT(full) 
[  745.203936][    C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  745.214112][    C1] RIP: 0010:pv_native_safe_halt+0x13/0x20
[  745.219883][    C1] Code: cc cc cc cc cc cc cc 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 66 90 0f 00 2d 23 e6 21 00 f3 0f 1e fa fb f4 <c3> cc cc cc cc cc cc cc cc cc cc cc cc 90 90 90 90 90 90 90 90 90
[  745.239712][    C1] RSP: 0018:ffffc90000197de0 EFLAGS: 000002c6
[  745.245886][    C1] RAX: 86be514bf76dc300 RBX: ffffffff81975d58 RCX: 86be514bf76dc300
[  745.253901][    C1] RDX: 0000000000000001 RSI: ffffffff8d9820d6 RDI: ffffffff8be28b80
[  745.261910][    C1] RBP: ffffc90000197f20 R08: ffff8880b8732f5b R09: 1ffff110170e65eb
[  745.269919][    C1] R10: dffffc0000000000 R11: ffffed10170e65ec R12: ffffffff8fa10df0
[  745.277922][    C1] R13: 0000000000000001 R14: 0000000000000001 R15: 1ffff11003a58b40
[  745.285934][    C1] FS:  0000000000000000(0000) GS:ffff888125d51000(0000) knlGS:0000000000000000
[  745.295169][    C1] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  745.301806][    C1] CR2: 00007fba3f820983 CR3: 0000000032faa000 CR4: 00000000003526f0
[  745.309847][    C1] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[  745.317851][    C1] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[  745.325858][    C1] Call Trace:
[  745.329166][    C1]  <TASK>
[  745.332121][    C1]  default_idle+0x13/0x20
[  745.336483][    C1]  default_idle_call+0x74/0xb0
[  745.341278][    C1]  do_idle+0x1e8/0x510
[  745.345390][    C1]  ? __pfx_do_idle+0x10/0x10
[  745.350008][    C1]  ? lockdep_hardirqs_on+0x9c/0x150
[  745.355269][    C1]  cpu_startup_entry+0x44/0x60
[  745.360066][    C1]  start_secondary+0x101/0x110
[  745.364870][    C1]  common_startup_64+0x13e/0x147
[  745.369895][    C1]  </TASK>
[  746.033594][ T1299] ieee802154 phy1 wpan1: encryption failed: -22
[  753.689547][ T1299] ieee802154 phy0 wpan0: encryption failed: -22
[  753.704935][ T5840] Bluetooth: hci2: command 0x0406 tx timeout
[  753.711073][ T5840] Bluetooth: hci5: command 0x0406 tx timeout
[  753.795900][ T5847] Bluetooth: hci4: command 0x0406 tx timeout