last executing test programs:

7.3570943s ago: executing program 0 (id=1507):
r0 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt(r0, 0x84, 0x81, &(0x7f0000000280)="1a00000002000000", 0x8)
sendto$inet6(r0, &(0x7f0000000100)="b8", 0xffe0, 0x2000c851, &(0x7f0000000140)={0xa, 0x4e23, 0x0, @loopback, 0xffffffff}, 0x1c)
sendmsg$inet6(r0, &(0x7f0000000740)={0x0, 0x0, &(0x7f0000000440)=[{&(0x7f0000000180)="ca67475fb8cc2f", 0x7}], 0x1}, 0x20040004)
setsockopt$inet_sctp6_SCTP_AUTH_ACTIVE_KEY(r0, 0x84, 0x18, &(0x7f0000000300), 0x8)

7.062215734s ago: executing program 0 (id=1508):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000440)={{0x14}, [], {0x14, 0x10, 0x1, 0x0, 0x0, {0x1, 0x84}}}, 0x28}, 0x1, 0x0, 0x0, 0x800}, 0x0)
syz_emit_ethernet(0x6a, &(0x7f0000000000)=ANY=[@ANYBLOB="bbbbbbbbbbbb4aa468739b8508060001080006040001aaaaaaaaaaaa0a01010057330377ba25ac1414ff"], 0x0)
r1 = syz_usb_connect$hid(0x0, 0x36, &(0x7f00000000c0)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x40, 0x6cb, 0x2968, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x1, 0x3, 0x0, 0x0, 0x0, {0x9, 0x21, 0x0, 0x0, 0x1, {0x22, 0x5}}}}]}}]}}, 0x0)
syz_usb_control_io$hid(r1, 0x0, 0x0)
syz_usb_control_io$hid(r1, &(0x7f0000000000)={0x24, 0x0, 0x0, &(0x7f0000000100)={0x0, 0x22, 0x5, {[@global=@item_4={0x3, 0x1, 0x5, "17321748"}]}}, 0x0}, 0x0)

6.478337242s ago: executing program 2 (id=1511):
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xf, 0x4008032, 0xffffffffffffffff, 0x0)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000380)={&(0x7f0000000200)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x38, 0x38, 0x9, [@struct={0x0, 0x1, 0x0, 0x4, 0x0, 0xff, [{0x5, 0x4, 0x40}]}, @func_proto={0x0, 0x1, 0x0, 0xd, 0x0, [{}]}, @const]}, {0x0, [0x0, 0x0, 0x2e, 0x0, 0x61, 0x61, 0x5f]}}, &(0x7f0000000340)=""/5, 0x59, 0x5, 0x1}, 0x20)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000340)={0x11, 0x3, &(0x7f0000001680)=ANY=[@ANYBLOB="1800000000030000000000000000000095"], &(0x7f0000001700)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41000}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f00000000c0)='contention_end\x00', r0}, 0x18)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x4)
ioctl$UFFDIO_API(0xffffffffffffffff, 0xc018aa3f, &(0x7f00000000c0))
mbind(&(0x7f0000001000/0x800000)=nil, 0x800000, 0x0, 0x0, 0x0, 0x2)
ioctl$UFFDIO_REGISTER(0xffffffffffffffff, 0xc020aa00, &(0x7f0000000080)={{&(0x7f00000e2000/0xc00000)=nil, 0xc00000}, 0x2})
ioctl$UFFDIO_COPY(0xffffffffffffffff, 0xc028aa05, &(0x7f0000000180)={&(0x7f00002b9000/0x400000)=nil, &(0x7f00003ab000/0x2000)=nil, 0x400000, 0x2, 0x2})

5.996467244s ago: executing program 1 (id=1512):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000240)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x9)
r1 = syz_open_dev$sg(&(0x7f0000000080), 0x90, 0x101400)
ioctl$SG_BLKTRACESETUP(r1, 0xc0481273, &(0x7f00000000c0)={'\x00', 0x7, 0x9, 0x2, 0x409, 0x9, r0})
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
sendmsg$unix(0xffffffffffffffff, 0x0, 0x4040884)
socket$inet_sctp(0x2, 0x1, 0x84)
bind$unix(0xffffffffffffffff, 0x0, 0x0)
openat$sw_sync(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
syz_init_net_socket$x25(0x9, 0x5, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r4 = getpid()
sched_setscheduler(r4, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff})
connect$unix(r5, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r6, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r5, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x18, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41000, 0x8, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
openat$nullb(0xffffffffffffff9c, 0x0, 0x169802, 0x0)

5.852208418s ago: executing program 2 (id=1513):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x22102, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file1\x00', 0x42, 0x0)
unshare(0x600)
r2 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60)
r3 = eventfd(0xff7ffff7)
ioctl$KVM_SET_SREGS2(r1, 0x4140aecd, &(0x7f0000000180)={{0x5000, 0xeeef0004, 0xd, 0xde, 0xeb, 0x4, 0x7b, 0x0, 0x3, 0x5, 0xac, 0x4}, {0xf000, 0x100000, 0x10, 0x0, 0x4, 0x6, 0x8, 0x7, 0x7, 0x1, 0x4, 0xaa}, {0x0, 0xeeee0000, 0x10, 0x40, 0x4, 0x6, 0x8, 0x6, 0xf, 0x40, 0x53, 0x8}, {0x1000, 0x5000, 0xf, 0x3, 0x6, 0xfd, 0x4, 0x0, 0x9, 0x6, 0xf5, 0x7}, {0xd5f70000, 0x3000, 0xd, 0x1, 0x3, 0xd, 0x8, 0x81, 0x8, 0x0, 0x5, 0x5}, {0x1000, 0x0, 0x0, 0x0, 0x9, 0x8, 0x0, 0xfe, 0x7, 0xf, 0x7f, 0xa4}, {0x10000, 0x8000000, 0xf, 0x9, 0x9, 0xa, 0x4, 0x8, 0x4, 0x1, 0xe7, 0x8}, {0x80a0000, 0x4000, 0x9, 0x3, 0xe0, 0x2, 0x10, 0x5, 0x2, 0x3, 0x9a, 0x7}, {0x10000, 0x6be}, {0x2000, 0x4}, 0xc0010027, 0x0, 0x2000, 0x101, 0xa, 0x4000, 0x3005, 0x3d3f886ad5d3c4b4, [0x400, 0x6, 0xffffffff, 0xc0000]})
r4 = openat$dsp(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
ioctl$SOUND_PCM_READ_BITS(r4, 0x80045005, &(0x7f0000000340))
ioctl$KVM_IRQFD(r2, 0x4020ae76, &(0x7f0000000140)={r3, 0x9, 0x2, r1})

5.610263583s ago: executing program 4 (id=1514):
openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f00000001c0)=0x8)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x6770c000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = socket$inet_tcp(0x2, 0x1, 0x0)
getsockopt$inet_tcp_int(r3, 0x6, 0x4, 0x0, &(0x7f0000000080))
sendmmsg$inet_sctp(0xffffffffffffffff, &(0x7f00000032c0)=[{&(0x7f00000000c0)=@in={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10, 0x0}], 0x1, 0x0)
munmap(&(0x7f000045e000/0x1000)=nil, 0x1000)
mremap(&(0x7f00006bd000/0x2000)=nil, 0x2000, 0x4000, 0x3, &(0x7f0000721000/0x4000)=nil)
munmap(&(0x7f000060f000/0x4000)=nil, 0x4000)
munmap(&(0x7f0000694000/0x3000)=nil, 0x3000)
mremap(&(0x7f000061c000/0x13000)=nil, 0x13000, 0x4000, 0x3, &(0x7f0000fb0000/0x4000)=nil)
munmap(&(0x7f00003fe000/0xc00000)=nil, 0xc00000)

5.609889013s ago: executing program 2 (id=1515):
r0 = userfaultfd(0x80001)
ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f00000000c0))
ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000000080)={{&(0x7f00000e2000/0xc00000)=nil, 0xc00000}, 0x2})
ioctl$UFFDIO_COPY(r0, 0xc028aa03, &(0x7f0000000000)={&(0x7f000067d000/0x2000)=nil, &(0x7f000053d000/0x1000)=nil, 0x2000})
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x40, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
socket$inet_tcp(0x2, 0x1, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x6)
mkdirat(0xffffffffffffffff, &(0x7f00000000c0)='./file0\x00', 0x62)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000100)={0x2, &(0x7f0000000040)=[{0x400, 0x0, 0x7, 0x9bf}, {0x7, 0x4, 0x3, 0x2b8b1e26}]})
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f0000000380)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x400000000000041, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r5 = socket$igmp6(0xa, 0x3, 0x2)
setsockopt$inet6_IPV6_ADDRFORM(r5, 0x29, 0x1, &(0x7f0000000000), 0x4)
r6 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r7 = ioctl$KVM_CREATE_VCPU(r6, 0xae41, 0x2)
r8 = dup(r7)
ioctl$KVM_SET_MSRS(r8, 0xc008ae88, &(0x7f00000002c0)=ANY=[@ANYBLOB="8200000000000000f2000040"])

4.082730556s ago: executing program 2 (id=1516):
r0 = socket$xdp(0x2c, 0x3, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0xd40, 0xd2)
close(r1)
socket$tipc(0x1e, 0x2, 0x0)
r2 = socket$phonet_pipe(0x23, 0x5, 0x2)
mount$9p_fd(0x0, &(0x7f0000000080)='./file1\x00', &(0x7f00000000c0), 0x200000, &(0x7f0000000000)={'trans=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r2}})
setsockopt$XDP_UMEM_REG(r0, 0x11b, 0x4, &(0x7f00000000c0)={&(0x7f0000000000)=""/74, 0x328000, 0x1000, 0xdf0}, 0x20)
pipe2(&(0x7f0000000000)={0xffffffffffffffff, <r3=>0xffffffffffffffff}, 0x0)
madvise(&(0x7f0000bdc000/0x4000)=nil, 0x86ac726dff2f4713, 0xa)
syz_clone3(&(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, &(0x7f0000000240)=[0x0], 0x1}, 0x58)
syz_usb_connect(0x0, 0x4f, &(0x7f0000000100)=ANY=[@ANYBLOB="120100005cdd2e106307151088560000000109023d00010000d00009047e0004ff5b34000905b74318860809050725018705ee7b09050a000002810bac090504"], 0x0)
close_range(r3, 0xffffffffffffffff, 0x0)

3.987173496s ago: executing program 4 (id=1517):
io_uring_setup(0x2001b82, &(0x7f0000000600)={0x0, 0x4632, 0x40, 0x2, 0x2b1})
r0 = socket$nl_generic(0x10, 0x3, 0x10)
setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f00000000c0)={0x2, &(0x7f0000000000)=[{0x28, 0x4, 0x76, 0xfffff024}, {0x6, 0x2, 0x3, 0x208}]}, 0x10)
syz_genetlink_get_family_id$devlink(&(0x7f0000000080), r0)
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r1}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@file={0x1, './file0\x00'}, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
statx(0xffffffffffffffff, 0x0, 0x2000, 0x20, 0x0)
socketpair$tipc(0x1e, 0x5, 0x0, 0x0)
syz_emit_vhci(&(0x7f0000001400)=@HCI_ACLDATA_PKT={0x2, {0xc9, 0x0, 0x0, 0x12}, @l2cap_cid_le_signaling={{0xe}, @l2cap_le_conn_req={{0x14, 0x2, 0xa}, {0x5, 0x2, 0xd3, 0xcb, 0x5}}}}, 0x17)
setsockopt$TIPC_GROUP_JOIN(0xffffffffffffffff, 0x10f, 0x87, 0x0, 0x0)
sendmsg$tipc(0xffffffffffffffff, 0x0, 0x4004000)
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000180)=@bpf_lsm={0xd, 0x5, &(0x7f0000000040)=@framed={{0x76, 0xa, 0x0, 0x0, 0x0, 0x61, 0x11, 0x4c}, [@initr0]}, &(0x7f0000000000)='GPL\x00'}, 0x90)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
mkdirat(0xffffffffffffff9c, &(0x7f0000000280)='./file0\x00', 0x0)
mount(0x0, &(0x7f0000000240)='./file0\x00', &(0x7f0000000280)='hugetlbfs\x00', 0x0, 0x0)
ioctl$sock_ipv6_tunnel_SIOCGET6RD(0xffffffffffffffff, 0x89f8, &(0x7f0000000440)={'syztnl1\x00', &(0x7f0000000340)={'syztnl0\x00', <r5=>0x0, 0x700, 0x8, 0x5, 0x50581ee6, {{0x2a, 0x4, 0x1, 0x6, 0xa8, 0x68, 0x0, 0x4, 0x4, 0x0, @rand_addr=0x64010102, @private=0xa010100, {[@ssrr={0x89, 0x23, 0xd0, [@empty, @dev={0xac, 0x14, 0x14, 0x2b}, @multicast2, @broadcast, @private=0xa010102, @broadcast, @broadcast, @rand_addr=0x64010101]}, @timestamp_addr={0x44, 0x1c, 0x9e, 0x1, 0x1, [{@dev={0xac, 0x14, 0x14, 0x3b}, 0xffffffc0}, {@multicast2, 0x4e}, {@multicast2, 0x1ff}]}, @timestamp_addr={0x44, 0x34, 0x1b, 0x1, 0x9, [{@multicast1, 0x1}, {@empty, 0x1ff}, {@initdev={0xac, 0x1e, 0x0, 0x0}, 0x6}, {@multicast2, 0x2}, {@broadcast, 0x7}, {@remote, 0x40}]}, @timestamp={0x44, 0xc, 0x79, 0x0, 0x3, [0x7, 0x9]}, @rr={0x7, 0x13, 0xe, [@initdev={0xac, 0x1e, 0x1, 0x0}, @dev={0xac, 0x14, 0x14, 0x2e}, @private=0xa010100, @loopback]}, @noop]}}}}})
sendmsg$BATADV_CMD_GET_VLAN(r0, &(0x7f0000000540)={&(0x7f0000000300)={0x10, 0x0, 0x0, 0x1}, 0xc, &(0x7f0000000500)={&(0x7f0000000480)={0x48, 0x0, 0x400, 0x70bd29, 0x25dfdbff, {}, [@BATADV_ATTR_HARD_IFINDEX={0x8, 0x6, r5}, @BATADV_ATTR_MULTICAST_FORCEFLOOD_ENABLED={0x5, 0x37, 0x1}, @BATADV_ATTR_THROUGHPUT_OVERRIDE={0x8, 0x3b, 0x8}, @BATADV_ATTR_AGGREGATED_OGMS_ENABLED={0x5, 0x29, 0x1}, @BATADV_ATTR_HOP_PENALTY={0x5, 0x35, 0x3}, @BATADV_ATTR_ORIG_ADDRESS={0xa, 0x9, @multicast}]}, 0x48}, 0x1, 0x0, 0x0, 0x4008804}, 0x0)
r6 = socket(0x2b, 0x80801, 0x1)
bind$unix(r6, &(0x7f0000000000)=@abs={0x1, 0x0, 0x4e23}, 0x6e)

3.870368745s ago: executing program 0 (id=1518):
r0 = socket$netlink(0x10, 0x3, 0x0)
r1 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x0)
ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TIMER(r1, 0x40605346, &(0x7f00000000c0)={0x4002, 0x0, {0x0, 0x0, 0x0, 0x2}, 0xc668})
sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000000)=ANY=[@ANYBLOB="18000000760009070600000000000000070200fb"], 0x18}, 0x1, 0x5502000000000000}, 0x23f58e5b766e3706)

3.804419309s ago: executing program 0 (id=1519):
sendmsg$MPTCP_PM_CMD_GET_LIMITS(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x41}, 0x809d) (async, rerun: 64)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0) (rerun: 64)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000003c0)={0x0, 0x3c}, 0x1, 0x0, 0x0, 0x4040000}, 0x0) (async)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000300)='blkio.bfq.io_merged_recursive\x00', 0x275a, 0x0)
syz_emit_ethernet(0x36, &(0x7f0000000100)=ANY=[@ANYBLOB="000002f0d31209000000bc2e79e995"], 0x0) (async, rerun: 32)
write$binfmt_script(r2, &(0x7f0000000100), 0x208e24b) (rerun: 32)
r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r3, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x2}) (async)
ioctl$DRM_IOCTL_MODE_CREATE_LEASE(0xffffffffffffffff, 0xc01864c6, &(0x7f0000000140)={&(0x7f00000000c0)=[0x0, 0x0, 0x0], 0x3, 0x800, 0x0, <r4=>0xffffffffffffffff})
ioctl$AUTOFS_IOC_EXPIRE(r4, 0x810c9365, &(0x7f0000000480)={{0xa0, 0x1}, 0x100, '.\x00'}) (async)
r5 = socket(0x400000000010, 0x3, 0x0)
r6 = socket$unix(0x1, 0x5, 0x0)
ioctl$sock_SIOCGIFINDEX(r6, 0x8933, 0x0) (async)
sendmsg$nl_route_sched(r5, 0x0, 0x0) (async, rerun: 32)
r7 = syz_init_net_socket$bt_l2cap(0x1f, 0x5, 0x0) (rerun: 32)
bind$bt_l2cap(r7, &(0x7f0000000000)={0x1f, 0x0, @any, 0x4, 0x1}, 0xe)
listen(r7, 0x90004) (async)
socket$pptp(0x18, 0x1, 0x2) (async, rerun: 64)
syz_emit_vhci(&(0x7f0000000280)=ANY=[@ANYBLOB, @ANYRESOCT=r7], 0x16) (rerun: 64)
syz_open_dev$sndmidi(&(0x7f0000000100), 0x2, 0x101121) (async)
r8 = userfaultfd(0x801)
ioctl$UFFDIO_API(r8, 0xc018aa3f, &(0x7f00000000c0)={0xaa, 0x495}) (async)
pselect6(0x40, &(0x7f00000001c0)={0x0, 0x0, 0x3, 0xfffffffffffffffd}, 0x0, &(0x7f00000002c0)={0x3ff, 0x0, 0x0, 0x9, 0x0, 0x0, 0x7fffffff}, 0x0, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x4010, r8, 0x0) (async)
preadv(r2, &(0x7f00000015c0)=[{&(0x7f0000000080)=""/124, 0xffffff23}], 0x3e, 0x0, 0x0) (async)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) (async)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000fe6000/0x18000)=nil, &(0x7f0000000040)=[@text16={0x10, &(0x7f0000000180)="66b9800000c00f326635000800000f300f0f1c9a65660ff3b20618baa000ec672e660f38803d004000000f285473f61366b9800000c00f326635004000000f300f20e06635800000000f22e0f30fa6c8", 0x50}], 0x1, 0x0, 0x0, 0x0) (async, rerun: 32)
ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) (rerun: 32)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x20004000}, 0x14)

3.754287567s ago: executing program 3 (id=1520):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a58000000160a03020002000000000000020000000900020073797a30000000000900010073797a30000000002c00038008000140000000000800024000000000180003801400010073797a5f74756e00000000000000000014000000110001"], 0x80}}, 0x0)
read$msr(0xffffffffffffffff, &(0x7f0000000240)=""/188, 0xbc)
syz_emit_ethernet(0x32, &(0x7f0000000300)={@local, @link_local, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0x24, 0x0, 0x0, 0x4, 0x6, 0x0, @remote, @local}, {0x1, 0x4e20, 0x10, 0x0, @gue={{0x2, 0x0, 0x0, 0xfe}}}}}}}, 0x0)

3.282339145s ago: executing program 3 (id=1521):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000013c0)={0x18, 0x0, 0x0, &(0x7f0000000000)='syzkaller\x00'}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000005c0)={&(0x7f0000000600)='contention_end\x00', r0}, 0x18)
prlimit64(0x0, 0xe, &(0x7f0000000000)={0x5, 0x1000086}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
r1 = openat$rfkill(0xffffffffffffff9c, &(0x7f0000000280), 0x40900, 0x0)
r2 = syz_io_uring_setup(0x495, &(0x7f0000000200)={0x0, 0x10079bc, 0x400, 0x7, 0x1d5}, &(0x7f0000000340)=<r3=>0x0, &(0x7f0000000400)=<r4=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x4, &(0x7f0000000000)=0xffb, 0x0, 0x4)
syz_io_uring_submit(r3, r4, &(0x7f0000000140)=@IORING_OP_READ=@pass_buffer={0x16, 0x50, 0x2007, @fd=r1, 0x6, &(0x7f0000000580)=""/207, 0xcf, 0x2, 0x1})
io_uring_enter(r2, 0x74d1, 0x4c3, 0x43, 0x0, 0xfffffffffffffd1d)
openat$nci(0xffffffffffffff9c, &(0x7f00000027c0), 0x2, 0x0)

2.958640645s ago: executing program 4 (id=1522):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0xea100, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x2)
ioctl$KVM_SET_IRQCHIP(0xffffffffffffffff, 0x8208ae63, &(0x7f0000000100)={0x0, 0x0, @ioapic={0x8000001, 0x7, 0x6, 0x1, 0x0, [{0x8, 0xb, 0xb, '\x00', 0x9}, {0x1, 0x1, 0x1}, {0x8, 0x5, 0x0, '\x00', 0x10}, {0x6, 0x1, 0x9, '\x00', 0x9}, {0x5, 0x5, 0x2, '\x00', 0xb6}, {0x3e, 0xc, 0x6, '\x00', 0x1}, {0x1, 0x5, 0x0, '\x00', 0x7f}, {0xa, 0x80, 0x4, '\x00', 0x81}, {0x4, 0x4, 0x8, '\x00', 0x40}, {0xff, 0x0, 0x4, '\x00', 0x7}, {0x7, 0x5, 0x5, '\x00', 0x3}, {0x5, 0x9, 0x8, '\x00', 0x40}, {0x2, 0xd, 0x7, '\x00', 0x40}, {0x7, 0x7, 0x5, '\x00', 0x2}, {0x2, 0x17, 0xfa, '\x00', 0x2}, {0x2, 0x9, 0x9, '\x00', 0x5}, {0xa, 0x5, 0x5, '\x00', 0x14}, {0xe, 0x1, 0x67}, {0x7, 0x3, 0x6, '\x00', 0x4}, {0x8, 0xff, 0x8e, '\x00', 0xd1}, {0x2, 0x8, 0x1, '\x00', 0x8}, {0x4, 0x1, 0x5, '\x00', 0x3}, {0x5, 0x4, 0x8, '\x00', 0x1}, {0x3, 0xf7, 0x9, '\x00', 0x6b}]}})
r2 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000740)=ANY=[@ANYBLOB="000000006d00673c24bd7000ffdbdf2500000000", @ANYRES32=0x0, @ANYRES32=r0], 0x44}, 0x1, 0x0, 0x0, 0x8000}, 0x0)
memfd_create(&(0x7f0000000040)='\x01\xfd\xae.+\xa6\x8c\xf8\xff2\x199\x94S,|\x99x?Ue[\xbd\xe1!\x03[d \xa0\x97\xf5G\x97A\xc2\xd8\xf0Uq\xe6+\xa5l\x94\v\xd3\a\x17\\\xfb\x04!\xe4\xc4\xb1\xa2\x1c\xffC;\x94Q\r\xb6}\x9c\xecC\v\xcf\xeb\xe4\x9aR\xe5,\x82\x03\xfa\x18\x8dR\xbb\xea5F\x00G\xe8\xc6\xb9\xe4\xb4\x99\x8a\x19P\xb8\x8cx\b\x99\x04R\x05\xaf\xa2\xea5\f\xccV\xa6w%\x06\x19\x7f\xc3\xb3O\xe5t3\x03\x1a\x9b\x00Uf\xa5\xf7\x80Tgiz\nX\b\x91\xfd0\x8e\xb6\xa3\v#\xa1\xdf\xb4\xc0\xe6\xb4\xef\xa8i\xd8\xa2\xd2(\x98\x9bA\x8f\x13\xeb\xf4b/\xef!\x8f\xf6]-\xe9k\xb62\x89gEv\x13\xf4\xc7\xb2\xf5\\\x17\x90\xb5\xa6\xa8\xb8o\x0f\xe2 \xe7\x9c$\xd7\xf2@\xf7cdv[\t\x00\x8d\xf3\xcc1\r$\x1e\xff\xf0P\xb2\x97\xb8\xbc\xeb\x91\x87\x8bu\xbf\xd4\'\xff\x1f\f\x016\x9dQ\xeeT\xe8\bY\x00\xb2\x06\xa6x\xd5O\xd6h\\I\xc9\x8d\a\x1d\xc9\x0f\x82\xdbs\xc7\x83L\x9e\xa2\xd1\xb3\xac\x8d\xd8\xb4\xb4\xea\x90Q\xd8\xc7\xeb%\x8bOp\x1ab\x96\xcf\xbb\x15\xcf\xfcN\xed\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\a\x00\x00\x00\x00\x00\x00\x00p+\x96\x1ei|n\xda\xee\x01\xae\x96*\x82*\xb8j\xda\xaa\x14\x1f\x1d\x9f\xf8\xae\xfcH\xc4\xb3j\xe8\xcfO\xef\x0e\xafe\xb5*\x89\x18\xb2w\x96\b\x1by\xeaT\xdd\xb3g6\xbc\x85\xb2Y\xccv\x06\x00\x00\x00\xc5e\x90\xc51\x9f\v_# \b\xa5\xbcP,|\xe9\xd6s\x1f\x1f\xbe\xd3\x80\xb1\xa8 \xce|df\x903\v\x02\xea.\x03X\xb5\xe4,8\xb7\xadEI\xdcA\xa7\xcc\xd7\xf9n\x1b\x95\xf8\x11Z\xe6:\xf4\xcd\xfe\x02\x8ctdy~_oC\x9e\xef\xf0\xa2K\xe9;\x8e:\x01\x03C\x92\xeb\x16\x1c\xbf\xbe\xef\xccUxhg\xffY\xe6\x83\xa6z\xff\x01\x9d o_{!O\xaajU\x84 \xe9\xb59r\x9cw\x18Z\xd3\xcd\x0e\xba\\\xdb\xf0\xe1\x86\t\xaf\ti\xdc\xbf?\xf5\n\xbd^\x05\xc0\xceuC}\xa8\xc7\xad\x86\xd7\x17&\xb9]1\x05J\x96\xf0\x84\xc1\f\xa6p\x96\xb8\x02\x13pA\x19\tf\x12\x88\xc8\x9c\xc9Cn\xd4\xa47V\'+\xcc\xbf\r\xa9\x10\x1d\xcf\xebKlb\xe5:\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00G\xdf\xbb\xc0_\x99F\xf4n]\x14\xbc\xcd\xd3\x9f\x9fe\xc5\xe6\xe8Mb\xc6\x82\x82\xcc\b\x00\x00\x00\x00\x00\x00\x00\xb8\x18\xe2C\xeb\xa9\x17&\x01&\'w\xa1t0\x80\xf0\x93\x80\x9f\x9b\xe0\x9f\xea\xb9\x9eD]#V\xda\x92\xca\xc6\xfa.\xd6\xe31\xfe\xe8\x02\xebX\xbd\nz\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01;\xbfM.\xe3\x84\x82\x9c\x91\a\x9b\x191c\xaeLz\xe0\x04Daz\x8d\xc3\x03\xab\x8dEGC$\x00e,\x94#\xcd4\xf9\x05\x88.\x13\x03\x04\xdb', 0x4)
r3 = syz_genetlink_get_family_id$tipc(&(0x7f0000000000), 0xffffffffffffffff)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$TIPC_CMD_SHOW_LINK_STATS(r4, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000180)=ANY=[@ANYBLOB="1f000000", @ANYRES16=r3, @ANYBLOB="0100fcfffffffcffffff01"], 0x30}}, 0x0)
r5 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x1c3042, 0x0)
r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r6, 0xae60)
ioctl$KVM_CREATE_VCPU(r6, 0xae41, 0x2)
socket$nl_netfilter(0x10, 0x3, 0xc)
r7 = socket$inet(0x2, 0x6, 0x0)
setsockopt$inet_tcp_int(r7, 0x6, 0x80000000000002, &(0x7f00000004c0)=0xd, 0x4)
close(0xffffffffffffffff)
r8 = syz_io_uring_setup(0x178e, &(0x7f0000000340)={0x0, 0x80800, 0x13291}, &(0x7f0000000100), &(0x7f0000000080))
io_uring_enter(r8, 0x0, 0x0, 0x1, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8d}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0xffffffffffffff1a, &(0x7f0000000200)=0x400000bce)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r9 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r9, &(0x7f0000019680)=""/102392, 0x18ff8)
fsmount(0xffffffffffffffff, 0x0, 0x0)
mkdirat(0xffffffffffffff9c, 0x0, 0x20)
futex_waitv(&(0x7f0000001a40), 0x0, 0x0, 0x0, 0x1)
bind$inet(r7, &(0x7f0000000080)={0x2, 0x4e23, @local}, 0x10)

2.899332295s ago: executing program 0 (id=1523):
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xf, 0x4008032, 0xffffffffffffffff, 0x0)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000380)={&(0x7f0000000200)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x38, 0x38, 0x9, [@struct={0x0, 0x1, 0x0, 0x4, 0x0, 0xff, [{0x5, 0x4, 0x40}]}, @func_proto={0x0, 0x1, 0x0, 0xd, 0x0, [{}]}, @const]}, {0x0, [0x0, 0x0, 0x2e, 0x0, 0x61, 0x61, 0x5f]}}, &(0x7f0000000340)=""/5, 0x59, 0x5, 0x1}, 0x20)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000340)={0x11, 0x3, &(0x7f0000001680)=ANY=[@ANYBLOB="1800000000030000000000000000000095"], &(0x7f0000001700)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41000}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f00000000c0)='contention_end\x00', r0}, 0x18)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x4)
ioctl$UFFDIO_API(0xffffffffffffffff, 0xc018aa3f, &(0x7f00000000c0))
mbind(&(0x7f0000001000/0x800000)=nil, 0x800000, 0x0, 0x0, 0x0, 0x2)
ioctl$UFFDIO_REGISTER(0xffffffffffffffff, 0xc020aa00, &(0x7f0000000080)={{&(0x7f00000e2000/0xc00000)=nil, 0xc00000}, 0x2})
ioctl$UFFDIO_COPY(0xffffffffffffffff, 0xc028aa05, &(0x7f0000000180)={&(0x7f00002b9000/0x400000)=nil, &(0x7f00003ab000/0x2000)=nil, 0x400000, 0x2, 0x2})

2.549762249s ago: executing program 3 (id=1524):
r0 = syz_open_dev$dri(&(0x7f0000000080), 0xfffffffffffffe01, 0x0)
ioctl$DRM_IOCTL_GET_MAGIC(r0, 0x80046402, &(0x7f0000000040)=0x200)

1.738260297s ago: executing program 1 (id=1525):
socket$nl_generic(0x10, 0x3, 0x10)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000100))
syz_io_uring_setup(0x9b, &(0x7f0000000640)={0x0, 0xccf5, 0x0, 0x0, 0x40000333}, &(0x7f0000000280)=<r0=>0x0, &(0x7f00000001c0)=<r1=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r0, 0x108, &(0x7f0000000180)=0x8, 0x0, 0x4)
syz_io_uring_submit(r0, r1, &(0x7f0000000200)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x0, @fd_index=0x4, 0x0, &(0x7f0000000240)=[{&(0x7f0000001800)=""/216, 0xd8}], 0x1})
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
r3 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_int(r3, 0x107, 0xf, &(0x7f0000000040)=0x46c, 0x4)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'vlan1\x00', <r4=>0x0})
open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00'}, 0x10)
socketpair$unix(0x1, 0x2, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
bpf$MAP_CREATE(0x0, 0x0, 0x50)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
r5 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r5, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r6=>0xffffffffffffffff, <r7=>0xffffffffffffffff})
connect$unix(r6, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e21}, 0x6e)
sendmmsg$unix(r7, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r5, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r6, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r8 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
ptrace(0x10, r8)
ptrace$pokeuser(0x6, r8, 0x358, 0x2)
setsockopt$packet_int(r3, 0x107, 0x14, &(0x7f0000000000)=0x5, 0x4)
sendto$packet(r3, &(0x7f0000000080)="33031600d1fd140000007ef52f555f2a0c9fe67025c1d97bfbf719143baa4b1f0f858c6632f47042195e", 0xfdef, 0x40008c1, &(0x7f00000000c0)={0x11, 0x86dd, r4, 0x1, 0x62}, 0x14)

1.738069475s ago: executing program 3 (id=1526):
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
syz_io_uring_setup(0xf04, &(0x7f0000000180)={0x0, 0xd96d, 0x3f, 0xfffffffe, 0x24000, 0x0, 0x0}, 0x0, 0x0)
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000540)={0x3, 0x3, &(0x7f0000000480)=@framed, &(0x7f0000000500)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @sched_cls, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000140)={@map=0x1, r0, 0x2f, 0x0, 0xffffffffffffffff, @void, @value=0x0}, 0x20)

1.685415265s ago: executing program 4 (id=1527):
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000000), 0x20a000, 0x0)
ioctl$IOC_PR_RESERVE(r0, 0x401070c9, &(0x7f0000000040)={0x4, 0x1, 0x1}) (async)
ioctl$SIOCX25SFACILITIES(0xffffffffffffffff, 0x89e3, &(0x7f0000000080)={0x17, 0x72c0, 0xc, 0x4, 0x8, 0x81})
ioctl$BLKPBSZGET(r0, 0x127b, &(0x7f00000000c0)) (async)
ioctl$INCFS_IOC_READ_FILE_SIGNATURE(0xffffffffffffffff, 0x8010671f, &(0x7f00000001c0)={&(0x7f0000000100)=""/177, 0xb1})
r1 = getuid()
quotactl_fd$Q_GETNEXTQUOTA(r0, 0xffffffff80000901, r1, &(0x7f0000000200)) (async)
r2 = openat$drirender128(0xffffffffffffff9c, &(0x7f0000000280), 0x105401, 0x0)
ioctl$DRM_IOCTL_FREE_BUFS(r2, 0x4010641a, &(0x7f0000000300)={0x7, &(0x7f00000002c0)=[0xff, 0x3, 0x101, 0x2, 0xe, 0x8, 0x4]}) (async, rerun: 64)
ioctl$DRM_IOCTL_MODE_GETRESOURCES(r2, 0xc04064a0, &(0x7f0000000440)={&(0x7f0000000340)=[0x0, 0x0, 0x0], &(0x7f0000000380)=[<r3=>0x0], &(0x7f00000003c0)=[0x0], &(0x7f0000000400)=[0x0, 0x0, 0x0], 0x3, 0x1, 0x1, 0x3}) (rerun: 64)
ioctl$DRM_IOCTL_MODE_CURSOR2(r2, 0xc02464bb, &(0x7f0000000480)={0x2, r3, 0x7, 0x80, 0x5f, 0x3, 0x400, 0x4522, 0x3}) (async)
r4 = syz_open_dev$rtc(&(0x7f00000004c0), 0x3, 0x80)
ioctl$FIOCLEX(r4, 0x5451) (async)
syz_open_dev$ndb(&(0x7f0000000500), 0x0, 0x200000) (async, rerun: 32)
ioctl$BLKSECTGET(r0, 0x1267, &(0x7f0000000540)) (async, rerun: 32)
r5 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000580), 0x40, 0x0)
ioctl$IOMMU_VFIO_CHECK_EXTENSION(r5, 0x3b65, 0x3) (async)
ioctl$FS_IOC_SETFLAGS(r4, 0x40086602, &(0x7f00000005c0)=0x2000) (async, rerun: 64)
writev(r5, &(0x7f00000008c0)=[{&(0x7f0000000600)="9d876395cedb45dcd98b1cc59e8de8a27c6509c6a2fee5c9900d75385fce528ce8f682081d3651da4e71a2c25bc88164437284d5a44a1d20effb22098426e8aa294ddc0387b7ba34a2fd61c47a0b5aec209b882bc7244d2ffc2d13375a6848eab0d0ea", 0x63}, {&(0x7f0000000680)="c99186ca5fa9a604262c33b11e119359189d99e887eda349abeccfe2215715bfb0199059738fcea30adaf0aacd9162cff5cd88bf8071914021be828352f5280d912dcb8aec54715d2bbf0af027ba280f46b63e5de90eb33f696a7dca88b45a4da87d66809e5872915152d9062f8403cd1722c0e80e3c11e84566f74f6e8121dd487e14458df1bb830d42e359d9ebc2295066fa68554ee0607ae2a3b4763086ad9e9bedd8dc654d7f8a", 0xa9}, {&(0x7f0000000740)="a1a9ad56bdae062a9a8fa3c15777fa143a297f4f296e6f492bca031557085880bafb3a96ce69ee728a62e90c932a9e08a99efeead827dd5b58fa048fd9169b0a6e1363412d4a584bae6508be922f9d6345f0ded8bb650e61a8fead3cd6a644645e7ec9545bff7c5d2eaaf4e48464c254a62b0e87966fbbd681d3dc1edc6cf38cd3c001549902f873230a4a7c22e7d831d96ffd020fdc958844c925b7624730da457252fa62e36fab85eca2ec85046b860c3c36e6e7c49303f4743a42423c10a5ade865754e940cfb102b50fed5e19a6e297b0aeda4a458d80733454b4744b024ab39ad50a23a3f9621", 0xe9}, {&(0x7f0000000840)}, {&(0x7f0000000880)="b69ec315f369641fa6d8de30dbe013543e536bc2b2", 0x15}], 0x5) (rerun: 64)
sendmsg$IPCTNL_MSG_CT_GET_STATS_CPU(r4, &(0x7f0000000a00)={&(0x7f0000000940)={0x10, 0x0, 0x0, 0x20000008}, 0xc, &(0x7f00000009c0)={&(0x7f0000000980)={0x14, 0x4, 0x1, 0x301, 0x0, 0x0, {0x5, 0x0, 0xa}, [""]}, 0x14}, 0x1, 0x0, 0x0, 0x80}, 0x0) (async, rerun: 32)
r6 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000a40)='/proc/timer_list\x00', 0x0, 0x0) (rerun: 32)
connect$vsock_stream(r6, &(0x7f0000000a80)={0x28, 0x0, 0xffffffff, @local}, 0x10)
r7 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$ieee802154(&(0x7f0000000ac0), r7) (async)
ioctl$VIDIOC_TRY_ENCODER_CMD(r6, 0xc028564e, &(0x7f0000000b00)={0x2, 0x0, [0xfffffff8, 0x81, 0x5, 0x8001, 0xffff1508, 0x133, 0x4f, 0x7ff]}) (async)
sendfile(r4, r4, &(0x7f0000000b40), 0x7e3) (async)
syz_io_uring_setup(0x1084, &(0x7f0000000b80)={0x0, 0x1676, 0x4000, 0x3, 0x2ee, 0x0, r6}, &(0x7f0000000c00), &(0x7f0000000c40)) (async)
ioctl$DRM_IOCTL_MODE_GETRESOURCES(r6, 0xc04064a0, &(0x7f0000000d80)={&(0x7f0000000c80)=[0x0, 0x0, 0x0, 0x0], &(0x7f0000000cc0)=[0x0], &(0x7f0000000d00)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], &(0x7f0000000d40)=[0x0, 0x0, 0x0], 0x4, 0x1, 0x8, 0x3}) (async)
r8 = syz_clone(0x2a860400, &(0x7f0000000dc0)="b40e4b", 0x3, &(0x7f0000000e00), &(0x7f0000000e40), &(0x7f0000000e80)="23cfd0a936183211969e4d9d1c2408213e56c2a71283851d1bfc81099606a0e7cf80e628364e5385e1c3d7e396d3db641027e3f39ca506e188aec03f5da8d506a7c7513a7a50b13f6eb3a76ddb0814e5777699aa25781b0847dc79")
prlimit64(r8, 0xc, &(0x7f0000000f00)={0xffffffff, 0xa5d}, &(0x7f0000000f40))

1.506959003s ago: executing program 4 (id=1528):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$sock_ipv6_tunnel_SIOCCHGTUNNEL(0xffffffffffffffff, 0x89f3, &(0x7f0000000080)={'syztnl0\x00', &(0x7f0000000100)={'syztnl0\x00', 0x0, 0x2f, 0x5, 0x80, 0x10001, 0x71, @remote, @remote, 0x7800, 0x7, 0x4, 0xfffffffc}})
ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x2)
syz_genetlink_get_family_id$ethtool(0x0, 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000180)={0x8, 0xf59}, 0x0)
sched_setscheduler(0xffffffffffffffff, 0x2, &(0x7f0000000280)=0x3)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000000c0)=0x6)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r2, &(0x7f000001af00)=""/102388, 0x18ff4)
r3 = io_uring_setup(0x1abf, 0x0)
io_uring_register$IORING_REGISTER_IOWQ_MAX_WORKERS(r3, 0x13, &(0x7f0000000080)=[0xfff, 0x6], 0x2)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$devlink(&(0x7f0000000400), 0xffffffffffffffff)
sendmsg$DEVLINK_CMD_RATE_GET(r4, &(0x7f0000000000)={0x0, 0xffffffffffffffcd, &(0x7f00000003c0)={&(0x7f0000000040)=ANY=[@ANYBLOB="3fbc26d6eac2025c0c679d1a7701", @ANYRES16=r5, @ANYBLOB="01030000000000000000340000000e0001006e657464657673696d0000000f0002006e657464657673696d300000"], 0x34}}, 0x0)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000180)={0x0, 0x0})
r6 = socket$inet6(0xa, 0x5, 0x0)
setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_ADD(r6, 0x84, 0x64, &(0x7f0000000600)=[@in6={0xa, 0x4e23, 0x9, @ipv4={'\x00', '\xff\xff', @rand_addr=0x64010102}, 0x1}, @in={0x2, 0x0, @remote}], 0x1e)
io_setup(0x8, &(0x7f00000002c0)=<r7=>0x0)
r8 = openat$sysfs(0xffffff9c, &(0x7f00000037c0)='/sys/kernel/notes', 0x0, 0x0)
io_submit(r7, 0x1, &(0x7f0000000140)=[&(0x7f0000000180)={0x0, 0x0, 0x0, 0x0, 0x0, r8, 0x0, 0x0, 0x1000}])
timerfd_create(0x7, 0x81000)
r9 = socket$netlink(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r9, 0x8933, &(0x7f0000001ec0)={'ip6gretap0\x00'})
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x13, 0xffffffffffffffff, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x19)
mlock2(&(0x7f0000018000/0x2000)=nil, 0x2000, 0x0)
mlock(&(0x7f0000000000/0x800000)=nil, 0x800000)

642.187935ms ago: executing program 1 (id=1529):
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) (async)
r3 = fsopen(&(0x7f0000000180)='proc\x00', 0x1)
fsconfig$FSCONFIG_CMD_CREATE(r3, 0x6, 0x0, 0x0, 0x0)
r4 = fsmount(r3, 0x0, 0x1)
fchdir(r4) (async)
ioctl$KVM_SET_XCRS(r4, 0x4188aea7, &(0x7f00000000c0)={0x4, 0x3, [{0x7, 0x0, 0x6}, {0xff, 0x0, 0x4}, {0x624, 0x0, 0xffffffffffffffff}, {}, {0x1, 0x0, 0x3}, {0xf05f, 0x0, 0xfffffffffffffff0}, {0x80000001, 0x0, 0x3}, {0xa0, 0x0, 0x7}, {0x6, 0x0, 0x8}, {0x3fc00000, 0x0, 0xeb}, {0x3, 0x0, 0x2}, {0x935f, 0x0, 0x6}, {0xd2f, 0x0, 0x1}, {0xb7e8, 0x0, 0x10e}, {0xff, 0x0, 0x9}, {0x1, 0x0, 0x6}]}) (async)
ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) (async)
syz_emit_ethernet(0x6f, &(0x7f0000000a40)={@local, @broadcast, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0x61, 0x0, 0x0, 0x0, 0x88, 0x0, @empty}, {0x0, 0x0, 0x4d, 0x0, @opaque="965b0156895dff3de39eeee15aa5a25cc5cc1f5a10142e53948d759fb61af979127fd9b8e95212ade7bdc25c9fb10b6f34034a0d2fb4f9eb3697d3a005e8b03db36e3279e2"}}}}}, 0x0) (async)
r5 = eventfd2(0x1, 0x801)
ioctl$KVM_IRQFD(r2, 0x4020ae76, &(0x7f0000000080)={r5, 0x80000000})
ioctl$KVM_IRQFD(r2, 0x4020ae76, &(0x7f00000004c0)={r5, 0x4, 0x1}) (async)
sendmsg$nl_route_sched(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000000)=@newtaction={0x64, 0x30, 0xb, 0x0, 0x0, {}, [{0x50, 0x1, [@m_ct={0x4c, 0x1, 0x0, 0x0, {{0x56}, {0x24, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x0, 0x0, 0xfffffffffffffff7}}, @TCA_CT_ACTION={0x6, 0x3, 0x1d}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0x64}, 0x1, 0x0, 0x0, 0x8800}, 0x0)

625.05126ms ago: executing program 3 (id=1530):
mkdir(&(0x7f0000000140)='./file0\x00', 0x0) (async, rerun: 32)
mount(0x0, &(0x7f0000000100)='./file0\x00', &(0x7f0000000400)='ramfs\x00', 0x2800000, 0x0) (async, rerun: 32)
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs2/custom0\x00', 0x2, 0x0) (async)
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) (async)
r1 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000140)='/sys/kernel/profiling', 0x141b82, 0x180)
write$cgroup_int(r1, &(0x7f0000000040)=0x9, 0x12)
ioctl$IOMMU_VFIO_IOAS$GET(r1, 0x3b88, &(0x7f0000000180)={0xc}) (async)
sendmsg$NFT_BATCH(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000240)={{0x14}, [@NFT_MSG_NEWRULE={0x58, 0x6, 0xa, 0x40b, 0x0, 0x0, {0x2}, [@NFTA_RULE_EXPRESSIONS={0x2c, 0x4, 0x0, 0x1, [{0x28, 0x1, 0x0, 0x1, @ct={{0x7}, @val={0x1c, 0x2, 0x0, 0x1, [@NFTA_CT_DREG={0x8, 0x1, 0x1, 0x0, 0x1}, @NFTA_CT_DIRECTION={0x5}, @NFTA_CT_KEY={0x8, 0x2, 0x1, 0x0, 0x13}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14}}, 0x80}}, 0x0) (async)
syz_emit_ethernet(0x86, &(0x7f0000001500)={@broadcast, @link_local={0x1, 0x80, 0xc2, 0x0, 0xd}, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0x78, 0x2000, 0x0, 0x0, 0x88, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @local}, {0x0, 0x0, 0x64, 0x0, @wg=@response={0x2, 0x0, 0x0, "8908981864d689ac43445c1c26e95299e94ccad8794114ae3061e328af342f99", "e4d0ce57abcb41f7f5c8ab8f63dd38a1", {"bb3ce5a4bbb68671a2892fa0317a823c", "be9d98ca816f77013a778b6c40b49ea9"}}}}}}}, 0x0) (async)
chdir(&(0x7f0000000000)='./file0\x00')
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x8)
mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0) (async, rerun: 64)
mkdir(&(0x7f0000000300)='./bus\x00', 0x0) (async, rerun: 64)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000400)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}, {@metacopy_on}]})

600.593174ms ago: executing program 2 (id=1531):
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7)
socket$inet6_mptcp(0xa, 0x1, 0x106)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0)
r0 = socket$inet(0x2, 0x3, 0x4)
setsockopt$inet_int(r0, 0x0, 0xf, &(0x7f0000000040)=0x80000001, 0x4)
bind$inet(r0, &(0x7f0000000000)={0x2, 0x0, @loopback}, 0x10)
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000280)=@bpf_lsm={0x6, 0x3, &(0x7f00000003c0)=ANY=[@ANYBLOB="18000000003f000000000000000000f1"], 0x0}, 0x94)
dup(0xffffffffffffffff)
socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$ethtool(0x0, 0xffffffffffffffff)
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000007c0)=ANY=[], 0x48)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000180)={0x8, 0xf59}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000280)=0x3)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000000c0)=0x6)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000032680)=""/102392, 0x18ff8)
r2 = io_uring_setup(0x1abf, &(0x7f0000000000)={0x0, 0xa4ec, 0x400, 0x1, 0x102a8})
io_uring_register$IORING_REGISTER_IOWQ_MAX_WORKERS(r2, 0x13, &(0x7f0000000080)=[0xfff, 0x6], 0x2)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000180)={0x0, 0x0})
timerfd_create(0x7, 0x81000)
r3 = socket$netlink(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000001ec0)={'ip6gretap0\x00', <r4=>0x0})
sendmsg$nl_route_sched(r3, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000001c0)=@newqdisc={0x3c, 0x24, 0xd0f, 0x70bd2d, 0xfffffffc, {0x60, 0x0, 0x0, r4, {0x0, 0x7}, {0xffff, 0xffff}, {0x8, 0x1}}, [@qdisc_kind_options=@q_cake={{0x9}, {0xc, 0x2, [@TCA_CAKE_INGRESS={0x8}]}}]}, 0x3c}, 0x1, 0x0, 0x0, 0x4040010}, 0x3000c88c)
bpf$MAP_CREATE(0x0, &(0x7f0000000480)=ANY=[@ANYBLOB="0f0000000400000004000000ff07000000000000c63bc11eeba14a4e6e93df6907a174e50eee5511f1e98c20f579197afb6171ba55997f6e54e3f4dd5c13800b0700000000000000ddc1fdddf98419192304dec6844130ae87280cf9161678a41acdaaa8d5f33881f62b35b1e824d740b9af78f5eb16", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="000000000300"/28], 0x50)
bpf$BPF_MAP_LOOKUP_AND_DELETE_ELEM(0x15, &(0x7f0000000d80)={0xffffffffffffffff, 0x0, 0x0}, 0x20)
openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000100), 0x100, 0x0)

431.539733ms ago: executing program 0 (id=1532):
r0 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x2440, 0x0)
fcntl$setlease(r0, 0x400, 0x0) (async)
r1 = gettid()
timer_create(0x0, &(0x7f00000003c0)={0x0, 0x21, 0x800000000004, @tid=r1}, &(0x7f0000000380)) (async, rerun: 32)
timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) (async, rerun: 32)
r2 = open(&(0x7f00009e1000)='./file0\x00', 0x60840, 0x0)
fcntl$setlease(r2, 0x400, 0x0) (async)
unshare(0x24040000)
r3 = syz_io_uring_setup(0x10d, &(0x7f0000000140)={0x0, 0x3, 0x800}, &(0x7f0000001200)=<r4=>0x0, &(0x7f0000001040)=<r5=>0x0)
getsockopt$inet_sctp_SCTP_ENABLE_STREAM_RESET(r2, 0x84, 0x76, &(0x7f0000000100)={<r6=>0x0, 0xd758}, &(0x7f0000000200)=0x8)
setsockopt$inet_sctp_SCTP_AUTH_ACTIVE_KEY(r0, 0x84, 0x18, &(0x7f0000000300)={r6, 0x1000}, 0x8) (async, rerun: 64)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r4, 0x80, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) (rerun: 64)
r7 = syz_open_dev$evdev(&(0x7f0000000000), 0x0, 0x0)
ioctl$EVIOCGSND(r7, 0x8040451a, 0xffffffffffffffff) (async)
r8 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_int(r8, 0x29, 0x31, &(0x7f0000000000)=0xffff7b6e, 0x4)
setsockopt$inet6_int(r8, 0x29, 0x33, &(0x7f0000000040)=0x2, 0x4) (async)
getsockopt$inet6_buf(r8, 0x29, 0x6, &(0x7f00000000c0)=""/24, &(0x7f0000000240)=0x18) (async)
syz_io_uring_submit(r4, r5, &(0x7f00000002c0)=@IORING_OP_UNLINKAT={0x24, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f00000001c0)='./file0\x00', 0x0, 0x200, 0x1}) (async, rerun: 64)
io_uring_enter(r3, 0x47f9, 0x0, 0x0, 0x0, 0x0) (async, rerun: 64)
truncate(&(0x7f0000000040)='./file0\x00', 0x0)

398.839472ms ago: executing program 1 (id=1533):
r0 = socket$netlink(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$devlink(&(0x7f0000000180), 0xffffffffffffffff)
sendmsg$DEVLINK_CMD_RELOAD(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000200)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="010026bd700000000000250000000e0001006e"], 0x3c}, 0x1, 0x0, 0x0, 0x4040010}, 0x80)
r2 = socket$inet6_sctp(0xa, 0x5, 0x84)
fcntl$lock(r2, 0x7, &(0x7f0000000040)={0x0, 0x2, 0x5, 0x6})
fcntl$lock(r2, 0x7, &(0x7f0000000280)={0x1, 0x1, 0x7, 0x10})
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
r3 = syz_open_procfs(0xffffffffffffffff, &(0x7f00000002c0)='net/l2cap\x00')
r4 = creat(&(0x7f0000000300)='./file0\x00', 0x28)
pipe2$9p(&(0x7f00000001c0)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff}, 0x0)
r7 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000013c0)={0x18, 0x3, &(0x7f0000000080)=@framed, &(0x7f0000000000)='syzkaller\x00'}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000040)='contention_end\x00', r7}, 0x10)
r8 = syz_open_dev$loop(&(0x7f0000000440), 0x81, 0x0)
ioctl$LOOP_GET_STATUS64(r8, 0x4c05, &(0x7f0000000000))
write$P9_RVERSION(r6, &(0x7f0000000080)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e4c"], 0x15)
r9 = dup(r6)
write$FUSE_BMAP(r9, &(0x7f0000000100)={0x18}, 0x18)
write$FUSE_DIRENTPLUS(r9, &(0x7f0000000400)=ANY=[@ANYBLOB="38010000fe0000", @ANYRES64=r4, @ANYBLOB="f4b02b86df87851e7be7b383760d80"], 0x138)
ioctl$SNDCTL_SEQ_GETOUTCOUNT(r4, 0x80045104, &(0x7f0000000240))
mount$9p_fd(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000004500), 0x1022d32acbf52dfe, &(0x7f0000000340)={'trans=fd,', {'rfdno', 0x3d, r5}, 0x2c, {'wfdno', 0x3d, r6}, 0x2c, {[], [{@subj_user={'subj_user', 0x3d, '}'}}, {@flag='posixacl'}, {@dont_appraise}, {@uid_lt}]}})
r10 = socket$nl_route(0x10, 0x3, 0x0)
setsockopt$netlink_NETLINK_TX_RING(r10, 0x10e, 0xc, &(0x7f0000000040)={0x80}, 0x10)
sendmsg$nl_route(r10, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000007c0)={&(0x7f0000000000)=@ipv4_newroute={0x1c, 0x1a, 0x1, 0x80000000, 0x25dfdbfb, {0xa, 0x80, 0x80, 0x0, 0xfc}}, 0x1c}}, 0x20000050)
lgetxattr(&(0x7f0000000000)='./file0\x00', &(0x7f0000000200)=@known='user.syz\x00', 0x0, 0x0)
preadv(r3, &(0x7f00000005c0)=[{&(0x7f0000000040)=""/196, 0xc4}], 0x1, 0x8, 0xffffffff)
r11 = openat$ttynull(0xffffffffffffff9c, &(0x7f0000000000), 0x103902, 0x0)
ioctl$TIOCSETD(r11, 0x5423, &(0x7f0000000280)=0x15)
syz_open_procfs(0x0, &(0x7f0000000080)='loginuid\x00')
socket$inet6_sctp(0xa, 0x1, 0x84)
ioctl$TIOCL_BLANKSCREEN(r3, 0x541c, &(0x7f0000000140))

294.307181ms ago: executing program 2 (id=1534):
syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x2) (async)
r0 = syz_io_uring_setup(0x88f, &(0x7f0000000140)={0x0, 0x1646, 0x3c00, 0xffffffff, 0x1b9}, &(0x7f0000000000)=<r1=>0x0, &(0x7f0000000340)=<r2=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x5, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) (async)
syz_io_uring_submit(r1, r2, &(0x7f00000002c0)=@IORING_OP_POLL_ADD={0x6, 0x0, 0x0, @fd_index=0x3})
io_uring_enter(r0, 0x47f6, 0x0, 0x49, 0x0, 0x0) (async)
syz_open_procfs(0x0, &(0x7f00000001c0)='fd/3\x00') (async)
socket(0xa, 0x2, 0x2) (async)
syz_io_uring_complete(r1) (async)
syz_usb_connect(0x5, 0x36, &(0x7f0000000200)={{0x12, 0x1, 0x300, 0x8c, 0xe3, 0xf, 0x40, 0x54c, 0x6c3, 0x2a3d, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x7, 0x6, 0xb0, 0x9, [{{0x9, 0x4, 0xb5, 0x3, 0x2, 0x5e, 0x79, 0xe9, 0x2, [], [{{0x9, 0x5, 0xa, 0x0, 0x3ff, 0x8, 0xb0, 0x1}}, {{0x9, 0x5, 0x1, 0x2, 0x20, 0x6, 0x0, 0x5d}}]}}]}}]}}, &(0x7f0000000980)={0x0, 0x0, 0x0, 0x0}) (async)
pwritev2(0xffffffffffffffff, 0x0, 0x0, 0x40e7b, 0x0, 0x0)
openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000040), 0x1e4011, 0x0) (async)
syz_io_uring_setup(0x78bb, &(0x7f00000000c0)={0x0, 0xe055, 0x1, 0x2, 0x316}, &(0x7f0000000200), &(0x7f0000000240))

214.398384ms ago: executing program 3 (id=1535):
r0 = socket(0x10, 0x3, 0x0)
write(r0, &(0x7f0000000580)="240000001e005f031400ff01000000f80700b3586ff606c2e553797c080008e467dc0000", 0x24)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x2200, 0x0)
ioctl$KVM_CHECK_EXTENSION(r1, 0xae03, 0xc3)
recvmmsg(r0, &(0x7f0000005180), 0x400000000000166, 0x1a000, 0x0)

211.801896ms ago: executing program 1 (id=1536):
bpf$PROG_LOAD(0x5, &(0x7f00000054c0)={0xc, 0x16, &(0x7f0000000340)=ANY=[@ANYBLOB="61124c00000000006113500000000000bf2000000000000007000000080000002d0301000000000095000000000000006926000000000000bf67000000000000150600000fff070067060000200000006a0200000ee60000bf050000000000003d350000000000006507000002000000070700004a0000000f75000000000000bf54000000000000070400000400f9ff2d53010000000000840400000000000073720000000000009500000000000000db13d5d8b741f2cdaabc8383caf56b8c2b84a8d09535a157f9005bd38addaa65b925cd3ded25b8b9e2a095d2c51ef45c5588ec78c7f32946b17cecfe54c53ab530c58b67851b7e0e82452a083b98a6aa766401047d150203b0417edef332233b081df18961d6822d133bf72a4de1c2ea17f04537fc211576846ac629d1d93265ba474580047a9dc88de358ce795731891a2031de4e09740c64e5306f991ed4785a9773a433e0db9c1a7d4ab9d658ce9cfdb4db3bed62bcb2bc91ddcdfac2e6d4421c49fb6641cbf56914e76702f673b586c767562a90a3967093b000e3806f825f1d0da2a304e06543b56d35235d78b7a7fe912971aab876022e96f5143b6234f5a6b701690b07fb664a44e22b72e843e7cf55f394cf75d1cd3ee79a25fb98cc45b3fde43e42e150d4a2fddd9a976774"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x5}, 0x48)
r0 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000000), 0x60300, 0x0)
r1 = syz_io_uring_setup(0xd3, &(0x7f0000000480)={0x0, 0x6776, 0x8, 0x22, 0x335}, &(0x7f0000000080)=<r2=>0x0, &(0x7f0000000100)=<r3=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x4, &(0x7f0000000000)=0x103, 0x0, 0x4)
syz_io_uring_submit(r2, r3, &(0x7f0000000200)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0})
io_uring_enter(r1, 0x47ba, 0x0, 0x0, 0x0, 0x0)
r4 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000040), 0x140, 0x0)
ioctl$SNDCTL_SEQ_GETTIME(r4, 0x80045113, &(0x7f00000000c0))
ioctl$SNDCTL_SEQ_SYNC(r0, 0x5100)

71.139902ms ago: executing program 4 (id=1537):
r0 = openat$comedi(0xffffffffffffff9c, &(0x7f0000000080)='/dev/comedi3\x00', 0x400, 0x0)
ioctl$COMEDI_DEVCONFIG(r0, 0x40946400, 0x0)
r1 = openat$audio1(0xffffffffffffff9c, &(0x7f0000000080), 0x129202, 0x0)
write$dsp(r1, &(0x7f0000000140)='u', 0x1)
rseq(&(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={0x0, 0x6, 0x2, 0xd, 0x7}, 0x7}, 0x20, 0x0, 0x0)
ioctl$SNDCTL_DSP_SYNC(r1, 0x5001, 0x0)
ioctl$SNDCTL_DSP_GETOPTR(r1, 0x800c5012, &(0x7f0000000080))
ioctl$COMEDI_DEVCONFIG(r0, 0x40946400, &(0x7f0000000180)={'pcl816\x00', [0x4f27, 0xd, 0x3, 0x81, 0x5, 0xcc9, 0xf, 0x7, 0xa, 0xe8aa, 0x58, 0x1, 0xfffffffe, 0x1, 0x6, 0x101, 0x0, 0x1a449, 0x100003, 0x40000003, 0x99, 0xcaa7, 0x0, 0x20001e58, 0x7, 0xe69, 0x3c, 0x8, 0x2, 0x0, 0xfffffff8]})
openat$comedi(0xffffff9c, &(0x7f0000000040)='/dev/comedi1\x00', 0x2180, 0x0)
r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000002c80)={0x3, 0xc, &(0x7f0000000140)=ANY=[@ANYBLOB="18020000000000000000000000000000850000009b000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000000850000"], 0x0}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000002c0)={r2, 0x0, 0xe, 0x0, &(0x7f00000000c0)="e0b9547ed387dbe9abc86a457991", 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)
openat$vhost_vsock(0xffffffffffffff9c, 0x0, 0x2, 0x0)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000780)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020786c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000000085000000060000"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000240)={&(0x7f0000000200)='sched_switch\x00', r3}, 0x10)
r4 = socket(0x10, 0x3, 0x0)
setsockopt$netlink_NETLINK_TX_RING(r4, 0x10e, 0xc, &(0x7f00000001c0)={0x5813}, 0x10)
sendmsg$nl_route(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000440)=@ipv6_getaddrlabel={0x24, 0x1e, 0x492dfc465ae32a8d, 0x70bd2a, 0x25dfdbfb, {}, [@IFAL_LABEL={0x8, 0x2, 0x7}]}, 0x24}}, 0x0)
r5 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
setsockopt$netrom_NETROM_T4(0xffffffffffffffff, 0x103, 0x6, &(0x7f0000000040)=0x3, 0x4)
ioctl$TIOCSSOFTCAR(r5, 0x541a, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0)
r6 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r6, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
syz_emit_ethernet(0x56, &(0x7f0000000440)={@local, @link_local, @void, {@ipv4={0x800, @tcp={{0xd, 0x4, 0x0, 0x0, 0x48, 0x0, 0x0, 0x0, 0x5, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @dev={0xac, 0x14, 0x14, 0x2f}, {[@timestamp_addr={0x44, 0x4, 0x5, 0x3}, @ssrr={0x89, 0x17, 0xce, [@initdev={0xac, 0x1e, 0x1, 0x0}, @local, @initdev={0xac, 0x1e, 0x1, 0x0}, @empty, @broadcast]}, @generic={0x83, 0x2}]}}, {{0x0, 0x0, 0x41424344, 0x41424344, 0x0, 0x6, 0x5, 0x0, 0xffff}}}}}}, 0x0)
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0xb, 0x31, 0xffffffffffffffff, 0x0)
rt_sigprocmask(0x1, &(0x7f0000001fc0)={[0x8]}, &(0x7f0000002000), 0x8)
socket$inet6_icmp_raw(0xa, 0x3, 0x3a)

0s ago: executing program 1 (id=1538):
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000280), 0x2000, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
r1 = open(&(0x7f00009e1000)='./file0\x00', 0x60840, 0x0)
mremap(&(0x7f00000ab000/0x4000)=nil, 0x4000, 0x2000, 0x0, &(0x7f0000ffc000/0x2000)=nil)
r2 = openat$fuse(0xffffffffffffff9c, &(0x7f00000001c0), 0x42, 0x0)
mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="6664bd", @ANYRESHEX=r2, @ANYBLOB=',rootmode=000000000100000,user_id=', @ANYRESDEC=0x0, @ANYRESHEX=r0, @ANYRESDEC=0x0])
read$FUSE(r2, &(0x7f0000006300)={0x2020, 0x0, <r3=>0x0, <r4=>0x0, <r5=>0x0}, 0x2020)
write$RDMA_USER_CM_CMD_JOIN_MCAST(r1, 0x0, 0x0)
write$FUSE_INIT(r2, &(0x7f0000000040)={0x50, 0x0, r3, {0x7, 0x1f, 0x0, 0x10408}}, 0x50)
syz_fuse_handle_req(r2, &(0x7f00000021c0)="0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000e00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000800000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000dc4e00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ba045abcd5dfc67d00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000081000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000230000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000050000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000090000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000dc000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000008000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000209bfd66eea210560000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000020000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000003dc150f4000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000030000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f50000000000000000000000000000000000000000000000000000000000000000000000000000000000c6d90000000000001354c4b6000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f8000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001a00", 0x2000, &(0x7f00000062c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000300)={0x20}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_fuse_handle_req(r2, &(0x7f0000004200)="a28096c80abf3543ecde7564abff5085d2227ebcb0f164ae92706ad0b083a3f469a3efd15b4921e9c3063b98b3082068e7c31950dde842eac55df0f991453cad62a6956b0b6f7b8cf49b506a3060fe1127eca99663ade8efa89ee189acb5f3b92f6bc4c46621c803eed0d0bb5f32384870ed08f89d4f74445762fb99715e083c4c92a8878be19ffacc30d0f2da64f971cd40563163adc15670ecf25cd3ad96138967c4b53ad9d04b5193ab5fb674aa0030a9d703d1baf810ce897f969121f142161919e583c275671b999e7f363891dfdfdf3556d01b86ee29eca8fccbfeaf1771395148706cc6e6be7ce29fc9ffef061b5420950c1a525bf75ad06edec51538d1c5bbc77da72dc90fd9998936fffdda2427e5a68966c7e2208f76304680182ec73007e482f034195712af922db2726195d997708734db9e7825a864be00b2a4f800881fc0363f5e618398454f35b148b4ccb88d418269fac868a8ba4a2d5b4f06a1ac01b5ad158b842e05adca22c7372585bf4ce95560b6c1e021a3ed2ff7bd3b6b3c7734c3b66d7e4c460096312082f89b16baa6e73814aa60925780cd92cd65087e260ec046fc363264366a9df2c849c0644911303946adad544521ceb469a3e193ecc9a7876403fac461a4a70d6193b2451189a5c5120b3535e9edf619108af7f517b58abd3fa7fb1ab832213430d2e6901076fba9c9e1acc6c6f48ff0e419bbc45589745a176f52a7407ad5e3dd49acb31b47862806f47077dda04905e45a80a12cbcd4d2dd9fe66c2d1f99394fed8ec60961cd2dc7115a96ece432fac86d51bebb08b95f447a83792fe80291fca7b298c9043ef2c26f0f7e42798d3f54c84b94c24c76c555d83ecc53b99bb22d71845e5cf21a5ba7fbeffeb6306e1730db14561b950a3f24bcfd78d4ab0d97de8054bb1a6077ae7cca6e45d846d3df82298d07212922742cb0facac3b77edfbab90e9ee2d4f7b0ee9b17bb11ec5e5721340d84cb6bd93428167e69b47759172557acda313c3decdfc6fe9336bfade459f43b39d0f2289f9142db280f4ee668e650e12858c577e12e2b9a57ee66c834be97979bcbe94747fa5d8d0b7d3a9f8f218df1bf960f828429a1efe838616b18faf6629236ddbded43a093efae163228e5c38fd7714743c2fcca47e3382bcfb1ab893fd7377527b4ec43f3fa60ebd338161d8de7cad65b15579e4af258f5fe3a63c2637a15703207029b0899b5427767647baef11e291358e6e54f6f13d3d2ca7a5e7969e04d2733b3b9ab822c69a3cfac097384de5071a9b74a656136d55eb1000008747b509fd610ff62b4950ef71c934fe21a48a4931d3d9458b415f112cee65c660f5490e982341da1c58634b3967ca6f3596d20cc90f508382156e36f16539093240ef5f2aa6a2c0dff2a67df30dcf50bf6e0b82a3d49f2d532a8dde1b3ceefcf0837190b74186090d1c18b59917d7efce1adfb238ef4a7b1d22c4cef09320221de883e97e6882466508de06fcdabad3b741bdca2cff879d57ddda52f42b3dcb8a78cfc05826af7e4ff155960ff8491194f4d321ef195990abaeeefdcb852d1e1e3703f317385a9458b6c2dd9db830f757ec29c9939fc7313e639fe485bc1e41ddaaef3fbf1f7cc527c8fad0d21b8082482caad7bee440e5097665f636c3dfec82f8c98afb6243bc3944939675a594277d278ba4361461f7da52e224e4ce5dee4a467bf6ae9f67b61ac6eb0a440406abac2016eec907e241c57f5f44be47290fd0fef785ff04df3810ccd637b4d97a84bae8486a36f75d872e645fe46625969fc2d1f032c56ed44bd98ea27bd9b6ddc8eb2dc2ec9f90f2f1ca1bd20e37ac58b03c84c872f4ba47310654986641460dfdd531ac62a76ad87b89c103ac5c9c2e7e70c66447b3412d4a1e5cbc30e16939505116c04de33ae054ed366de8d1f971c2de439957a194e22a488f58d7efd46439177f3f3c45a1475927eecd846d3d2e6a2ab5c7f8addd99062c2fc6b272d1f51bb8f22f1b6f8bb3faf8aa85e5eb9abf7df5cf8f26267323808b0833a987989cbe59205e7ad06556e2d1b8a4873ca1cbcbc8d43abc145fd4eb832e7a58ab2c793d003ce7b1850ce45eb7480417a1e9eb9d39a1028a2a04a2aa649c098c4f8eee514db5f6021173bb254b8e22b150b2ca01dc7ff235db46ed78d07f43d1adab13b8445d1b32069eb45f9d389fcf5a3f7d3ebe243c5b1fe17b1f5a3d571b65f21b9e471e818172554dc956749b99cb7a5f303ec480d7194a2ba86e204f06aa1becdddc8c49082c527e7064ac2ad77dc05639d3d2a7778f6943ed6105ebf6f0b9e94fddbe05c236ec000f4d1d4e496b10068211ab68ada4c7f7ac61f5f5ba5f1810d5bbe87ff4f8356af0d3f682baedb0ad8f8488b277421f0a03fc5e3095ee34bc4472d8f17e3f7013cf2f79f5ff3ea4b6bae56d1365a33b09bfa9a496323f7da923b7e29dce4beb80035f13130004c96e56d7ef6ca6c101d20c27a218e623227c33c9e488b17e7ae9ac20da8240501f7b614a1730f164553fe479ef149866e4ea47296814284a3d3eb7cbb294289ffb996e0eb053b9c16e54cf267832e3d360eb196ed51305630223309ea97215628f01ec9d3ea48096418d5e962cac5063460f0a18772ec7ce66d14a1cce14b52c40bbbfafccbf1e76f09e57ff0718048e5b993157a6cf4718826b1e09430413a3596a15c4a620fa8c8e1d1663e5739f9f790ddbb3be0e00187d43717d659242467d8681ac10303346157f894d9037641417010e9654c6a5b22383e73a5a37128f50078a980c30930321aa5c5e7851d5d392ddce3a14a96916fa8421ae6728f37f5de7c3e98feb4babd4e1bd2315d595e209d52748f70adc2284fcdaa6ad880470d2a071f3490aaf3491fb64b4547419e8eccdc491a8921156cb4811ad1e66514a32b0b31b641438881f28c1e6461b4f451938999af671e8c6a5cd0c072a9fe4cdbefe24ca616f3d0a15ac97cca835b1a440e04fa28340c6044176c8ecc8ee0d033d47db8a0aacfa0eabdfa1c9509fc2604008f01cbafeb5bd2b503b809ed672340b9a576593f1ef388391b54b605e7a15bef7b1345627a34fca57738b0f8f4f19eea93c903495274a4425a1a1cc6c4c6e335b631df5185c95b485a4257867b5347a40e4e14dcc560f061fd4fd265137dc68afd548adde778f1330f769acb1ccf5da14ff6992c24e210ea6e6179421881b803393bc6974e37106c5b5b3b5d0b3469f8969bffb7e4ceb2c98e928e74366492d27235ae4c74a2f48511aeeaa53a2beafa7a331b50e454c507af1b63350a5cef35668a5b9325014192277e509561008b3601088f79d42eaa8b1e4ae2000b31749e2b8094312ddb7f3c1cd625ef885c11fa22a66e374b52b3425e0b8016154e1fd8471339e32e7373d63ab646d893fbe09ae07b06074c01401ea76b3c382a9d32f24f93c789964e16bc4206ecd75c10917ab84ffd8d6cdf4cd28fd90375ff28518f8c1a3befc538e1b9e427fb671988d29f2fb2fcd039f4d341c84eb4d7cf600ddaba88bb094e4d87a1419180149f491368e648b69985b05ac39a4ecdd3c5135f3a5c8ad7792dacb6470144bb9e67805a211efb3ec9ccaf8e0901345fb19e4da579e1fbe86a1207f4f13c3436009c2c640b7cf3f8b77ca7bd994bf93308027359c6dd1b7db1e153fc0821968ef36c003b6c73fe890f4de24f5c6458dbaaf3819edeaa91783c3cfc7e773689236248195c7bbd60113f2476fa3687621d668d1728ee433d2f8f4db707345d30f1e52ab87a2a0afd547c6bb06500f59f17facde48f693490e22494b75d11df1a143b85068d143ef6a9bb5937a9df380c8948f1a01e9675e18409edb0f6b9605b68e34632fcce472dc50b90b0f6dcd57931f78e1e8861a0fb62e72b0baad6f9d23c1cfb0f19b25013c8d9fcd786a2f6f79768b5fb398f7b2baa31ce8156d1fc4a46c1c463fdf30360d42aeed2ef11611d0b7f654bb51052fd4dc39328f8ec4c58bbda05e6f1b3c8f6d8adca0268f2410e9a4a7d63b6616006d0e02f6edacc10e5c54fd85f15a8bd7648a293f23d6a699bd9a675250475a73a96d7475e4fabb89fb5e7de5d7a3479aa485c0befc60d0ac4fd5ac6dbecceb06cad86e219fc0ce4720758917811a3215f8d13e413bfb64fc065fc421aede0b56691797dac428c7e463479fa591b9072c309b7533e427c5cc11a1f6cf9a5b995d328d796d874c5b55dfc12a5039b413ce319cf5ba1f355c4e0717d32650b43e18010f37f048731931c52c4f36eb969dda702afe96c2a5241350a67ba2d026946189c5e281293c9a8e2cff3784776f1de78b917101b54e5ab00c045ea15f28a0e3f509962cf8bd3385d85250737eae5c34ece86b86669c13b00308a3b13c0ac3c83ff26fb52a4aa83c1233a9490cb9ca917a056908931751bddb88a62379a713395f0764e4a393faf253a4026d0472270e6036287d56850df1751543484d65b3062155b6300e0024241c59a862ae769c1a9232a2d9fb24705177a09cceb3eefbf9f106f67e01be14cdeb4d2fc7d8661df3e75de5ccd09a7e559f028fb9837c621ea0045b4d1b679067f246339c974631aa7134d4e910efb28d3c48929cef1df7e6c73668762d55086b6c59c36ac90154135fd7ca4e4047dd0aa161fa982d8edf9c0cb9666477e096c55718f6e4742415fefd4f696d1f1ccd6322bc19496ddebd36282a7c707d5b44113e30678e6e33ab7d34be04a59ac614d6a54134490998be02636fa91633d6294781c2b9a54c611c0045cfcfe81f49aa21b29d835cd2047c854486fd8e65a2ebf629f7ced602b9dd107bfde483e5c9b5cbba4a08cdce09920bda9978b7fc2b4a89bf1573a26389e52090fdf5dccf22111dc8c42fd3c8c477092895398086cc22cca665269e193fc650742a361a44b857d258429f701f22e9b7615bc3dab78c1479a41cf8575cdb17169470b347adfc03e03daea3e269725cfc72df5664b9df36d2f2b55013b71133e0b80577a47182511ebb308b6248d457bd2af7b28e77182c305241178c4124ab102771fd5a8c3dacb8775de881301d71587c76bcf0a97a72ad244d0c42fd71aceec32dd48bb5c9a95b391166c832ac5bac8c7cae4d18b3f7d9f2e4782fdf97732e3d51f67bbb57f989ee0d7589dbd0c2a5c63840e914b9d7d720fa120acbffebf816b588b2ccc052e7fa78992e0ea39dd21a122add41195f8e2e1acd777c1a4e8ef4362fef441feb4d9252c6bfbd2742152300a32027776e3341620d3c8d9365e10e81adcca7d87a0e555c98a0353c692557d90ee9be3fbaab766abf93e2462149fd99c92a5fc58d899ee75535cd1fe1386c5ab0b157c2102039d6015258f59cef3f15b951893a30ae839f740402a30b34e7be73796286403c5beb0853d856d83f1b00b48328f56dcb32e1faab08a3435b1482bf18b21c95aefeaafa7fd761c7f28d416fcde06bf7aee5c6e9eb50e55874253ba3f1d0ce2505b4fc7c3fc996bfbb8446bafe84f5bea94bfd7ca5aeaf237fe793b66e5c521d4092e4e1f9bde1dfcfe53fa55005d21cfa833a338fd9792614129336060e10d1911862070761aa20c2902eb7c5a355eff4cf6253d7102a2ca1fead4c53b57d576d104c081310d92797e4e2e8c269d19910d0d4cedf30fa28ba680c00137f83de940624229b6a125ce5233c6cf4a3640b74f58f288dad8451fbe37641c5559a5f3caf1299c8bfb230723652278fe378efd8e459b9da26cffeb58468a6301dbc06d713ba2d8d43d9038f5f2dc8b831ba58a88eeb5b1786b21e398aeeeb7c1f3d6f01d82b3947862fb9e7cbd7da5d04c5fcd34da28d53e2246e3ac1e3a619ad174efa6435eaa0fc94d610799ce0158421dce046306eb5042143daa336d52206b12610ea6389cdda49bf5af1d4ee42ac090a94ae7b7612073f3a5c36a2245eda887f41478f7d20f18667f941f71eebcfa76c1ab28f2a49a3bd56bd3f4e6bd079ab3fe2d94782236e83585a03e52907abaef7456a95d5d3f3d37efdc035dbfd7c41b8ba0af2df8adf1cf24f7ff0beccd3d26bc91caf42314ef7e466f74e19ae0df2e2298fc2f694a7ec134632035585d530e7e19f65c256f001d75382d9825ef741bc213af186377d9ca10d3722354e1897ca5c23ac6a52c9ad0e6b686e1776f7ec65df033e8f4d5db80c1bc354093b319cb70df93d610667675816328c99322f14e636b95f04e6497f139d508b453f53ddb5c289d849fd5407c9bdcefd1642abd46e28cb4e94371bdc606eeb67c9fe17747c68f2d50e82711da4d3edb0eda06f41b7f93fa8fb4d83cf21c79da67000bac2275508217ade1659fa8d24e5f8efb9f4bd21073ebef3d06368eb03fa3cf0d638448bd055ed20d292033ffdba538559c8ff9a2a5c8f83b5c393643d6585d1df994c3be43e72b8f3f53114d2a5f6bcedb573842b23b6a3eb7fca8495bf03bd03fde7b19bd39a16cec49e01f38e671af33cae082d9788e3202799bc466babec2080528d0609c0b731964719093735b4c1e73bd0705637c47516922197c552baeaf3516b5e3bbc2cd1afa3ef8215196ed580d9561092f620b897e98e786a0c7cbb0eedda8063292ba6482497f5f6bb62fb5ab4c97cb7658dc6579718eb97b547fcf47ced1426561af93a15fb4dc6d3d93b868644943c2c94b23b0570bbb81df2666c24f5abccfcdd71e209f3bb43c01d17f9bc8b9af2c26762fc6a741a150b7d1186e4f35175f3c315243e1c11e92c43a1fc492eef5a13c77a81fcf514ebfd0f8e645dae15a07e86b2f01fda065db4505a5eea83cb616f744f6bee731be191c65449c02603556d5a51422cf9c2f19f8d6843e0c1091e0708aa271e91f71c8602b9fa72189e036b7cb6af1569f21269283de94a6d7fe5849fd433d5b719c80419873db0587fc29786cc598d896fb16360bddd2ce12e54d05418f4f5e5f2d7aafe9fcd6268cbe2e9e6329ffb6c67fab8f3ce673028cc06aaa6b857556bba3b44d3fab5b6e875e70a2f3ad4b2ff76f31ead3462d3801ba373b3c2f545e94f57021575e2947f81f53283fc0a5137fd44fa3d074c92de54a0a3465c858f5a7ef08313faddbc3663e4e0167f3cba39612057a7518fbfb031f5ad0f9f75831973ebd733b82e554bf3fdec84e51f65dab6028c6c51366d9d4700fdf255e4c7bd70766e7f2281b3f2a5363f85ce49f9135904d14bcb117ad754c2594dcdca2d30e40ff265b5accfb116f64ed99aad570c4c5a91efdbb984ac651d8721405a0342cf77f448c17a152eabf29e88950558a86d0074e1cefab1eb7c366682f686ee1338737e675ea58eb8b4c86b9f28a6f6e96459f29e3b4dc59ff044c61a0dcc5c31d803e6e98420e446229ccdec3d0f705e92ffe016bb3696373eadab7f35ccf65ab4d9be09a085ce21bbd7c0555376e4d7fe68b5e7a64f48b5127825fb2be598d991f9c1a54bf52713417dcc599e812d85513a537e6eafa738edc972b67e065595d11678449bce6cd3d69800a649b560d0e057c502ca3e72e97820829ecfea801192c3f4e2c8763c095a43ee6fe45fe8730130937668df1d4ee577ada28238be03286481f2d2a004cc4d48856e71fbd64f1a0043a4520ecbbf1b3abdc96b87a27be8495a20542967aa4cd3a44a11502419a083d84e97abfde0901b66dde48388649a0ed6d93b9f20c530e990c7c52370a114d800d6ab3f6687d6bbc105b63738fe05fa6cac98ad6663936bb18cb923264e4c921012b68a26a70977446b8f15f9d62467d8b356560c183a6bd6cd76ec868c3bd94a595cd7bf996755a508a814980c5e588b275200c45afd900c8c2de329ec2484b0e3ecd7b0960e5e3425881d1ff7f8bd8b20f5cc98ffc3acb77f5e88775a4bd3ab9f9eb027e27d3af55ebdf4eebab48ea911128d668d00fc3f5b5480aa0d9a4af563ba577384448e5425157133d59e1cef3c722f33700bd372825046b1fa5824e405154a3af1440bc2b75acfbd07cf92e8c162587e74b5ab66b1c6aeab3ad5fa3ee91da4900ef30ad04baea326df912517dd96e1696b4a91faa66675978a375e81f25464a1073dc6737af08d7e25956bb31d438548a7da38662d49db812a8cf1d6cc65f5c63879fd9ee7fd2a66ca3fc1a768cb239aab88c87206470b4c60592afeb6d69ed97a8f990155862ba4e22b64804142c131a23792937aa8a8696e165c24d7692a04bb4471b0f0d2507fe7c8618421428fc7a0acc984ca5cc6bacb772e8a717bbaa646f9643275910a6037afaf5a80678d18edda138a4e13d06d04a5d06431eab48738225cf1567e960e765728dc12e91b91c6f2b33dfb6e033aa68c1c2334d24335abc4a7a1df5636dec29091da54d5f5a1fff41e4a35a0c2f04f968f7d78e2f51c73577e2192bb20f289aaba5a175c2ed533855bd9ed9a842ad482136dd5e0cf45eb5e2d31ff62a3be1cf8a94a58316e74f4ab9fc54f3a0bb83beef0f355993bdea2c83e61cdc796bf2564ae51fae616799e8711998cd88d35cd9824452fdd65226174b46792cb87f4dd282e4e6f67eb66da413ad877ed6ce775f7e19bc93f48bb9e5ec04009de3c042aeacf7f4b25ad6b30e017303f64fe07ac79e8744aab6926d117f13513d0469cef335fe1d0d787c2d0b2c031a9521786ac10e9f8b768271680337f2c3262abdccb5d3107c632bf1f74c83ee91f49988222fb080cc8faa9b1a02526d8b6087e0b2354173d29016b3309587c16f057dd812aa63c3169150de81f3af97d082a8f8da4ce4f909ff649821d7f96d97613552e8cc4902e046ecfa329b1d980ff5ece69b8f1615fdff5244f41cec0af924624ae1641ecae5fa26c5fb9006e57100ee71377ced7c255ae17a0845e2ee0287c62c1852f93877f9f86157ca9675d383fff5cd6f2b001ec0136c07cf37f5ace1853122c2baa1092d418e2a490c4a5c8f56b828ce1bafeef4e77f095d6b4ed99d56f66812cb19be540ebe5d52e7eff2d69cbb8477e11514f7e3604bf9999f78c2f1ca6f60a2216b87fa0f25269c425b7d50709b200912b3b7899c95e12d6e9c4dacc19e327721860e0477a53e6793fbb7fb9704a848f395f48c24a6e79b9e1358cc3497251de88b8d3a7b22c6d8af1a7fab81530d9f0cc98f62debb222b54780d89794238532717b447d71b46a60ed481c21db85b590b31720009695ecffd4ef029964e5d5149622233ac013e960a005c924f73ea82c318455546c53d74aa3f7e2ff26aa074c40a55aba8b08027fc19b596eec6c4f89bae39e74b9aad88344f7cc5ad3eefa5095f2ab47222e9a357ecd71c6700ac576025201490d9e446603dfd4bda7617dd500981b2d2ab8c43882a5208494cb3f8ebc720bca8a7cf6c80bd7aaaf89507bb3412ea490a78973f12cc30413e9df1458917ea3d68b438d424c1314bc8d01939c5a5a842438281e62d0c800dee704b2a6cd3e1e4b885a6b26b894a98765fa3308c9e4b87f93625faecdb17c29a27cd243bf6030a67874ec9f2443cf8154261ac2a834c01cbe1f314ee7aa3ca552e1648cf8b42a63f249e3538026e09e44d69dc259adb0d1a0cbccb5a5dd5d0dccc90d023da79d5634188ff060f7e35a5f9d7ad99546824d63975d4452de876093f4e997dc46eedcd80a9eebf5e4f077fbb10c7d9e19a3419e7b845972a3b62613c5404a209b16fa88e0ff49d7b4f21fecc1f773c5b4be61021e0cab8602c6e8257649303aaeafcbb178e7a460ff07f219c46eb6fe5bf8113723e454003bd707767c107daf4255751daaf8decf35262640058924eb6587868b2c08230b317e97396ebc928ba8d274ca0eed0bfcb637676003c64e8c1e1a0420b6c96a44226061ced41b8448382abd2f3d0c472afcde231fbc9ee90c2f1132f8e2391246f95ad93354c7460e20de996ad0f61b13b27646887a637cede90b94b7d8c3130f0fe060e8d955c711a2700b302a75bdeb32a0a6802ea795cb114f5f82a1a381a86bbff88b299e47728b746dff964c94c52b661b9429376b1320b46081426b7c340206dc0da151bf84be2a49e78b6b5938753d2b1be8d9e67c43c5d70e72519f5f90d0500e84ee38f82b191ac4d968b0a37901fd923cb289d585693ac3c3f8a94fca6df45e694e199a9cd0b1bc1fa7394bcc96aae670dca6605a998793b7e067ac410ba631057b8b76fcbe9524df820c02efef1608b743cd2aa6d60d3d8e476fa12d3acc329f8272b087d89471177ed531fec1f9c24a975ca2fcd8c246a33e291a3f00b7f234052067a0059c86762475256bb5e7dac6f121a0925506b18933c6e314915d4b3b2130aafc2483ef22ff8bb7b887565b1bd22fabca22037d8fc9437f675c5313526266f60bb7c7c47f30c7d567ed142ea5ec367c4298328d20e5344f01c0c90cf8a6302f4d84b6ba7495fba314a05ba29b63bb6d458fdb05a4411136958309f418fb178e19aa09ff9e62b29732fb2986c96e738f7a688cb2122dbb8f2ad9a5f28bc49ec0c462413552afee8e403259b55ad6dc334dde7f2d306929dd01f2aa6036cafd41874522689301b81c9e50e86828894140356db0a3317b081ed9d8148c41e77e6bda6287762532b86eb91f5480915680deb8a91fb8656b7f0109064865d2b846af0861f67d3f720d6e306540cd7b68f095ef3690b88ea93fb6a402ff5697597cda83171f159e85307d1a8c01611189bd4eb4f0453ab88d43ae181a562a76902a67c687514079d6f4304d9a7c0fa24b6e86074ea0a9fd8187c120312078f5ebfa674adc0303734bf8f6b5585943706594192ad64c9f7d9794fb83758924f862855ddd50bff58b522c43d73c03289baec628cd693cab93101b1e473b76532510e10f03e86812fea6f2d6f5467dcf29e6d7cf8524f383a0ded3f0951c3ffb171a6b8a6d97b5fa8899a19f1a3d0e934a1d4741076e4394ba225158f697bf7d5651717c6950229a0be22e8120d76a414edbcd03d505264b7ede8272ccbd6dbdcebaf11daf6a652f6f9eb74ba7a3ecc942892891388005ae5d971e4e79d696564906dffd44845b704a9abc2fa5ba1bb69a548423a08044ad6d0e365db7e6bea0f3844a452759716cb98dcf326001ec90c1c343174098cdf47ea2e13341058ca014d2a30e9ba3c526de72a6e387181bf76a278c9cbc518d8c374a3f1d9802a39464a100903dbec16f8f095f5d82d9d09507281e4f7fe0ce4fbeced193902a5f658af2a4c1d0952dabdc6ae5830b6b5a2c3f5b8d33a73665990822e5f4a7ce5366755a1615543bdf78299c71e890e0bedb6ec277b10a389d6a3ba9c037221421279e51ab50fb115de2076cc99444202e88ebd9d0fbe4e60234b7b761495ac6c9e615ddac8176164a88fb6d6cc2b52672c8949afe3efc1e87a598896bc93e421423844fcaafe65af898a015b3bcaf623ebeef9a57155af5278ceb52b995f7ca466d9e18b05e86380679e0257cff6d0c6750078462f2ee4701d6d8289ed848b877cf5918625b7937060d667c11119881c30809056892352c6c53c01e395af6866ea350e6f21fa3db772c1177c759999973b51e11ffc590800", 0x2000, &(0x7f0000000c80)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000580)={0x78, 0x0, 0x400000400, {0x0, 0x0, 0x0, {0x2, 0x10000000, 0x0, 0x6, 0x7ff, 0xfffffffffffffffd, 0x0, 0x3966, 0x3, 0x8000, 0x4, r4, r5, 0xc3d, 0x4}}}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
r6 = openat(0xffffffffffffff9c, &(0x7f000000c380)='./file0\x00', 0x80101, 0x0)
write$tcp_congestion(r6, &(0x7f00000000c0)='lp\x00', 0xfffffdef)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r7 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$HCIINQUIRY(r7, 0x400448e1, &(0x7f0000000240)={0x1, 0xfffe, "be4108"})
r8 = dup2(r6, r2)
fallocate(r8, 0x10, 0x9, 0x3ff)

kernel console output (not intermixed with test programs):

rcu_read_unlock_special+0x10/0x10
[  330.725860][ T8773]  ? netlink_deliver_tap+0x2e/0x1b0
[  330.725887][ T8773]  ? netlink_deliver_tap+0x2e/0x1b0
[  330.725916][ T8773]  netlink_unicast+0x75c/0x8e0
[  330.725944][ T8773]  netlink_sendmsg+0x805/0xb30
[  330.725974][ T8773]  ? __pfx_netlink_sendmsg+0x10/0x10
[  330.726008][ T8773]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  330.726024][ T8773]  ? __pfx_netlink_sendmsg+0x10/0x10
[  330.726047][ T8773]  __sock_sendmsg+0x21c/0x270
[  330.726068][ T8773]  ____sys_sendmsg+0x505/0x830
[  330.726097][ T8773]  ? __pfx_____sys_sendmsg+0x10/0x10
[  330.726128][ T8773]  ? import_iovec+0x74/0xa0
[  330.726153][ T8773]  ___sys_sendmsg+0x21f/0x2a0
[  330.726179][ T8773]  ? __pfx____sys_sendmsg+0x10/0x10
[  330.726232][ T8773]  ? __fget_files+0x2a/0x420
[  330.726249][ T8773]  ? __fget_files+0x3a0/0x420
[  330.726276][ T8773]  __x64_sys_sendmsg+0x19b/0x260
[  330.726313][ T8773]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  330.726357][ T8773]  ? __pfx_ksys_write+0x10/0x10
[  330.726382][ T8773]  ? do_syscall_64+0xbe/0x3b0
[  330.726411][ T8773]  do_syscall_64+0xfa/0x3b0
[  330.726437][ T8773]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  330.726457][ T8773]  ? asm_sysvec_call_function_single+0x1a/0x20
[  330.726474][ T8773]  ? clear_bhb_loop+0x60/0xb0
[  330.726493][ T8773]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  330.726508][ T8773] RIP: 0033:0x7f38a798eb69
[  330.726523][ T8773] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  330.726536][ T8773] RSP: 002b:00007f38a57f6038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  330.726553][ T8773] RAX: ffffffffffffffda RBX: 00007f38a7bb6080 RCX: 00007f38a798eb69
[  330.726565][ T8773] RDX: 0000000000000000 RSI: 0000200000000240 RDI: 0000000000000006
[  330.726574][ T8773] RBP: 00007f38a57f6090 R08: 0000000000000000 R09: 0000000000000000
[  330.726584][ T8773] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  330.726593][ T8773] R13: 0000000000000000 R14: 00007f38a7bb6080 R15: 00007ffef0c27c38
[  330.726617][ T8773]  </TASK>
[  332.027122][ T8789] cgroup: Name too long
[  332.058411][ T8791] netlink: 28 bytes leftover after parsing attributes in process `syz.0.750'.
[  332.088142][ T8791] netlink: 28 bytes leftover after parsing attributes in process `syz.0.750'.
[  332.381178][ T8804] netlink: 'syz.4.753': attribute type 1 has an invalid length.
[  332.389560][ T8804] netlink: 'syz.4.753': attribute type 2 has an invalid length.
[  332.397559][ T8804] netlink: 'syz.4.753': attribute type 2 has an invalid length.
[  333.093613][ T8801] bond0: (slave lo): enslaved VLAN challenged slave. Adding VLANs will be blocked as long as it is part of bond.
[  333.105695][ T8801] bond0: (slave lo): Error: Device can not be enslaved while up
[  333.252640][ T8808] comedi comedi1: c6xdigio: I/O port conflict (0x8001,3)
[  334.218552][ T8822] netlink: 8 bytes leftover after parsing attributes in process `syz.2.758'.
[  334.229022][ T8822] netlink: 16 bytes leftover after parsing attributes in process `syz.2.758'.
[  334.248150][ T8822] FAULT_INJECTION: forcing a failure.
[  334.248150][ T8822] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  334.261844][ T8822] CPU: 0 UID: 0 PID: 8822 Comm: syz.2.758 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) 
[  334.261873][ T8822] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  334.261887][ T8822] Call Trace:
[  334.261895][ T8822]  <TASK>
[  334.261905][ T8822]  dump_stack_lvl+0x189/0x250
[  334.261933][ T8822]  ? lockdep_hardirqs_on+0x9c/0x150
[  334.261957][ T8822]  ? __pfx_dump_stack_lvl+0x10/0x10
[  334.261995][ T8822]  should_fail_ex+0x414/0x560
[  334.262021][ T8822]  _copy_to_user+0x31/0xb0
[  334.262053][ T8822]  simple_read_from_buffer+0xe1/0x170
[  334.262079][ T8822]  proc_fail_nth_read+0x1df/0x250
[  334.262109][ T8822]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  334.262133][ T8822]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  334.262160][ T8822]  ? vfs_read+0x1e5/0x980
[  334.262194][ T8822]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  334.262223][ T8822]  vfs_read+0x200/0x980
[  334.262255][ T8822]  ? __pfx_rcu_read_unlock_special+0x10/0x10
[  334.262291][ T8822]  ? __pfx___mutex_lock+0x10/0x10
[  334.262317][ T8822]  ? __pfx_vfs_read+0x10/0x10
[  334.262363][ T8822]  ? __rcu_read_unlock+0x84/0xe0
[  334.262395][ T8822]  ? __fget_files+0x3a0/0x420
[  334.262418][ T8822]  ? __fget_files+0x2a/0x420
[  334.262452][ T8822]  ksys_read+0x145/0x250
[  334.262474][ T8822]  ? __pfx_ksys_read+0x10/0x10
[  334.262498][ T8822]  ? __x64_sys_read+0x28/0x90
[  334.262522][ T8822]  do_syscall_64+0xfa/0x3b0
[  334.262549][ T8822]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  334.262570][ T8822]  ? asm_sysvec_call_function_single+0x1a/0x20
[  334.262593][ T8822]  ? clear_bhb_loop+0x60/0xb0
[  334.262619][ T8822]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  334.262640][ T8822] RIP: 0033:0x7f9885d8d57c
[  334.262660][ T8822] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[  334.262679][ T8822] RSP: 002b:00007f9886bf3030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  334.262701][ T8822] RAX: ffffffffffffffda RBX: 00007f9885fb6080 RCX: 00007f9885d8d57c
[  334.262718][ T8822] RDX: 000000000000000f RSI: 00007f9886bf30a0 RDI: 0000000000000007
[  334.262731][ T8822] RBP: 00007f9886bf3090 R08: 0000000000000000 R09: 0000000000000000
[  334.262744][ T8822] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  334.262758][ T8822] R13: 0000000000000000 R14: 00007f9885fb6080 R15: 00007fff54c741c8
[  334.262791][ T8822]  </TASK>
[  334.858730][ T8821] binder: 8820:8821 ioctl 400c620e 200000000000 returned -22
[  334.899850][ T8825] binder: Bad value for 'stats'
[  334.905328][ T8826] binder: Bad value for 'stats'
[  335.983158][   T12] nci: nci_add_new_protocol: the target found does not have the desired protocol
[  335.994985][ T8846] netlink: 8 bytes leftover after parsing attributes in process `syz.4.765'.
[  339.210716][ T8863] netlink: 32 bytes leftover after parsing attributes in process `syz.3.770'.
[  339.305897][ T8866] netlink: 'syz.0.771': attribute type 2 has an invalid length.
[  339.313686][ T8866] netlink: 'syz.0.771': attribute type 11 has an invalid length.
[  339.321535][ T8866] netlink: 132 bytes leftover after parsing attributes in process `syz.0.771'.
[  339.408503][ T5916] usb 2-1: new full-speed USB device number 38 using dummy_hcd
[  339.612611][ T5916] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10
[  339.690824][ T5916] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 512, setting to 64
[  339.747369][ T5916] usb 2-1: New USB device found, idVendor=22d4, idProduct=1503, bcdDevice= 0.00
[  339.802055][ T5916] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  339.889009][ T5916] usb 2-1: config 0 descriptor??
[  339.894970][ T8861] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22
[  340.178280][  T978] usb 4-1: new high-speed USB device number 28 using dummy_hcd
[  340.328149][  T978] usb 4-1: device descriptor read/64, error -71
[  340.631272][ T8875] netlink: 'syz.0.773': attribute type 4 has an invalid length.
[  340.639629][ T8875] netlink: 152 bytes leftover after parsing attributes in process `syz.0.773'.
[  340.831739][ T8875] : renamed from bond0 (while UP)
[  340.883404][ T5916] glorious 0003:22D4:1503.0007: item fetching failed at offset 5/7
[  340.926880][ T5916] glorious 0003:22D4:1503.0007: probe with driver glorious failed with error -22
[  340.940931][  T978] usb 4-1: new high-speed USB device number 29 using dummy_hcd
[  340.983829][ T5916] usb 2-1: USB disconnect, device number 38
[  341.108573][  T978] usb 4-1: device descriptor read/64, error -71
[  341.382051][ T8854] bridge0: port 2(bridge_slave_1) entered disabled state
[  341.390006][ T8854] bridge0: port 1(bridge_slave_0) entered disabled state
[  341.398730][  T978] usb usb4-port1: attempt power cycle
[  342.198130][ T5938] usb 5-1: new full-speed USB device number 28 using dummy_hcd
[  342.498674][  T978] usb 4-1: new high-speed USB device number 30 using dummy_hcd
[  342.564136][  T978] usb 4-1: device descriptor read/8, error -71
[  342.929058][  T978] usb 4-1: new high-speed USB device number 31 using dummy_hcd
[  343.315574][ T8854] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  343.514630][ T8854] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  343.763599][  T978] usb 4-1: device descriptor read/8, error -71
[  343.870090][ T8854] netdevsim netdevsim4 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0
[  343.882260][ T8854] netdevsim netdevsim4 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0
[  343.892414][ T8854] netdevsim netdevsim4 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0
[  343.912315][  T978] usb usb4-port1: unable to enumerate USB device
[  343.928879][ T8854] netdevsim netdevsim4 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0
[  344.254376][ T8854] bond1: left promiscuous mode
[  344.281908][ T8854] bond1: left allmulticast mode
[  344.328426][ T8854] veth3: left promiscuous mode
[  344.387443][ T8888] syzkaller0: entered promiscuous mode
[  344.396399][ T8888] syzkaller0: entered allmulticast mode
[  344.443130][ T8878] lo speed is unknown, defaulting to 1000
[  344.588062][ T5916] usb 4-1: new high-speed USB device number 32 using dummy_hcd
[  344.628123][  T978] usb 2-1: new high-speed USB device number 39 using dummy_hcd
[  344.768186][ T5916] usb 4-1: Using ep0 maxpacket: 8
[  344.799047][ T5916] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 4
[  344.812216][  T978] usb 2-1: Using ep0 maxpacket: 32
[  344.829588][ T5916] usb 4-1: New USB device found, idVendor=1b1c, idProduct=1b09, bcdDevice= 0.00
[  344.853566][  T978] usb 2-1: config index 0 descriptor too short (expected 38930, got 18)
[  344.863237][  T978] usb 2-1: config 51 has too many interfaces: 91, using maximum allowed: 32
[  344.878489][ T5916] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  344.893620][  T978] usb 2-1: config 51 has an invalid descriptor of length 21, skipping remainder of the config
[  344.906965][  T978] usb 2-1: config 51 has 0 interfaces, different from the descriptor's value: 91
[  344.919496][ T5916] usb 4-1: config 0 descriptor??
[  344.937330][  T978] usb 2-1: New USB device found, idVendor=06a2, idProduct=0003, bcdDevice=b4.8c
[  344.957135][  T978] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  344.966776][  T978] usb 2-1: Product: syz
[  344.971556][  T978] usb 2-1: Manufacturer: syz
[  344.976241][  T978] usb 2-1: SerialNumber: syz
[  345.048441][ T5941] usb 3-1: new full-speed USB device number 49 using dummy_hcd
[  345.213846][ T5941] usb 3-1: config 0 has an invalid interface number: 1 but max is 0
[  345.235566][ T5941] usb 3-1: config 0 has no interface number 0
[  345.275769][ T5941] usb 3-1: New USB device found, idVendor=0b48, idProduct=1005, bcdDevice=8c.1e
[  345.302708][ T5941] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  345.342875][ T5941] usb 3-1: config 0 descriptor??
[  345.344599][ T5916] corsair 0003:1B1C:1B09.0008: unbalanced delimiter at end of report description
[  345.372640][ T5941] usb 3-1: selecting invalid altsetting 1
[  345.381068][ T5916] corsair 0003:1B1C:1B09.0008: parse failed
[  345.381183][ T5916] corsair 0003:1B1C:1B09.0008: probe with driver corsair failed with error -22
[  345.420915][ T5941] dvb_ttusb_budget: ttusb_init_controller: error
[  345.433571][ T5941] dvbdev: DVB: registering new adapter (Technotrend/Hauppauge Nova-USB)
[  345.601506][ T8932] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  345.626830][ T8932] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  345.642117][ T8938] netlink: 32 bytes leftover after parsing attributes in process `syz.1.787'.
[  345.753890][ T5941] DVB: Unable to find symbol cx22700_attach()
[  345.817030][ T5941] DVB: Unable to find symbol tda10046_attach()
[  345.845934][ T5941] dvb_ttusb_budget: no frontend driver found for device [0b48:1005]
[  346.297226][ T5941] usb 3-1: USB disconnect, device number 49
[  348.411330][ T8946] nvme_fabrics: missing parameter 'transport=%s'
[  348.437605][ T8946] nvme_fabrics: missing parameter 'nqn=%s'
[  348.628793][   T24] usb 4-1: USB disconnect, device number 32
[  348.638153][ T5941] usb 2-1: USB disconnect, device number 39
[  348.883849][ T8951] mmap: syz.2.793 (8951): VmData 37597184 exceed data ulimit 8. Update limits or use boot option ignore_rlimit_data.
[  349.138109][   T24] usb 4-1: new high-speed USB device number 33 using dummy_hcd
[  349.155987][ T8964] netlink: 8 bytes leftover after parsing attributes in process `syz.1.796'.
[  349.570252][   T24] usb 4-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[  349.582550][   T24] usb 4-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47
[  349.592783][   T24] usb 4-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[  349.602063][   T24] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  349.643269][ T8953] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22
[  349.671884][   T24] usb 4-1: Quirk or no altset; falling back to MIDI 1.0
[  349.889969][   T24] usb 4-1: USB disconnect, device number 33
[  350.232941][ T8977] fuse: Unknown parameter 'rootmodsãŽU0000000000000dL040000'
[  350.245013][ T8974] overlay: Unknown parameter 'euid'
[  351.565226][ T8982] openvswitch: netlink: IP tunnel attribute has 20 unknown bytes.
[  351.940791][ T8988] overlayfs: upperdir is in-use as upperdir/workdir of another mount, mount with '-o index=off' to override exclusive upperdir protection.
[  352.608288][  T978] usb 4-1: new high-speed USB device number 34 using dummy_hcd
[  352.778207][  T978] usb 4-1: Using ep0 maxpacket: 32
[  352.814924][  T978] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  352.832535][ T5916] usb 2-1: new high-speed USB device number 40 using dummy_hcd
[  352.879179][  T978] usb 4-1: New USB device found, idVendor=22b8, idProduct=6027, bcdDevice=c2.80
[  352.903207][  T978] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  352.914519][  T978] usb 4-1: Product: syz
[  352.931482][  T978] usb 4-1: Manufacturer: syz
[  352.936265][  T978] usb 4-1: SerialNumber: syz
[  352.957597][  T978] usb 4-1: config 0 descriptor??
[  352.974456][  T978] usb 4-1: bad CDC descriptors
[  352.981238][  T978] usb 4-1: unsupported MDLM descriptors
[  352.998050][ T5916] usb 2-1: Using ep0 maxpacket: 8
[  353.010068][ T5916] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 4
[  353.031492][ T9006] binder: BINDER_SET_CONTEXT_MGR already set
[  353.037966][ T9006] binder: 9003:9006 ioctl 40046207 0 returned -16
[  353.052422][ T5916] usb 2-1: New USB device found, idVendor=1b1c, idProduct=1b09, bcdDevice= 0.00
[  353.064011][ T5916] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  353.084455][ T5916] usb 2-1: config 0 descriptor??
[  353.178496][   T24] usb 5-1: new high-speed USB device number 29 using dummy_hcd
[  353.252327][ T9010] sctp: failed to load transform for md5: -2
[  353.348386][   T24] usb 5-1: Using ep0 maxpacket: 32
[  353.358847][   T24] usb 5-1: too many configurations: 195, using maximum allowed: 8
[  353.364859][  T978] usb 4-1: USB disconnect, device number 34
[  353.395249][   T24] usb 5-1: unable to read config index 0 descriptor/start: -61
[  353.404510][   T24] usb 5-1: can't read configurations, error -61
[  353.552266][ T5916] corsair 0003:1B1C:1B09.0009: unbalanced delimiter at end of report description
[  353.589094][   T24] usb 5-1: new high-speed USB device number 30 using dummy_hcd
[  353.593779][ T5916] corsair 0003:1B1C:1B09.0009: parse failed
[  353.743889][ T5916] corsair 0003:1B1C:1B09.0009: probe with driver corsair failed with error -22
[  354.728721][   T24] usb 5-1: Using ep0 maxpacket: 32
[  354.744124][   T24] usb 5-1: too many configurations: 195, using maximum allowed: 8
[  354.763505][ T5916] usb 4-1: new high-speed USB device number 35 using dummy_hcd
[  354.764322][   T24] usb 5-1: unable to read config index 0 descriptor/start: -61
[  354.794806][   T24] usb 5-1: can't read configurations, error -61
[  354.818016][   T24] usb usb5-port1: attempt power cycle
[  354.859841][ T9020] netlink: 8 bytes leftover after parsing attributes in process `syz.2.810'.
[  354.869053][ T9020] netlink: 16 bytes leftover after parsing attributes in process `syz.2.810'.
[  355.028240][ T5916] usb 4-1: Using ep0 maxpacket: 32
[  355.037479][ T5916] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  355.070442][ T5916] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  355.106572][ T5916] usb 4-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40
[  355.132570][ T5916] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  355.181119][ T5916] usb 4-1: config 0 descriptor??
[  355.202154][ T5916] hub 4-1:0.0: USB hub found
[  355.360402][   T24] usb 5-1: new high-speed USB device number 31 using dummy_hcd
[  355.388661][   T24] usb 5-1: Using ep0 maxpacket: 32
[  355.394955][   T24] usb 5-1: too many configurations: 195, using maximum allowed: 8
[  355.406604][ T5916] hub 4-1:0.0: 1 port detected
[  355.414094][   T24] usb 5-1: unable to read config index 0 descriptor/start: -61
[  355.428111][   T24] usb 5-1: can't read configurations, error -61
[  355.568270][   T24] usb 5-1: new high-speed USB device number 32 using dummy_hcd
[  355.614282][   T24] usb 5-1: Using ep0 maxpacket: 32
[  355.636607][   T24] usb 5-1: too many configurations: 195, using maximum allowed: 8
[  355.653467][   T24] usb 5-1: unable to read config index 0 descriptor/start: -61
[  355.666766][   T24] usb 5-1: can't read configurations, error -61
[  355.684533][   T24] usb usb5-port1: unable to enumerate USB device
[  356.068200][   T24] usb 2-1: USB disconnect, device number 40
[  356.355845][ T9025] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  356.400440][ T9025] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  356.818748][  T978] hub 4-1:0.0: activate --> -90
[  357.008106][ T9055] openvswitch: netlink: IP tunnel attribute has 20 unknown bytes.
[  357.166495][ T9044] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  357.232318][ T9044] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  357.451002][   T30] audit: type=1800 audit(1754269682.297:223): pid=9025 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed comm="syz.3.812" name="SYSV00000000" dev="hugetlbfs" ino=0 res=0 errno=0
[  357.941716][  T978] usb 4-1-port1: cannot disable (err = -32)
[  357.950819][  T978] usb 4-1-port1: cannot disable (err = -32)
[  357.990973][ T9044] lo speed is unknown, defaulting to 1000
[  358.252543][ T9076] openvswitch: netlink: Missing valid actions attribute.
[  358.325539][ T9076] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  358.904758][ T5941] usb 4-1: USB disconnect, device number 35
[  358.998360][   T24] usb 3-1: new high-speed USB device number 50 using dummy_hcd
[  359.152075][   T30] audit: type=1326 audit(1754269684.007:224): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9097 comm="syz.3.824" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc1bdd8eb69 code=0x7ffc0000
[  359.210926][   T24] usb 3-1: Using ep0 maxpacket: 16
[  359.375024][ T9100] netlink: 8 bytes leftover after parsing attributes in process `syz.3.824'.
[  359.590445][   T24] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  359.747028][   T24] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  359.747061][   T30] audit: type=1326 audit(1754269684.007:225): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9097 comm="syz.3.824" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc1bdd8eb69 code=0x7ffc0000
[  359.770879][   T24] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  359.825900][   T24] usb 3-1: New USB device found, idVendor=1781, idProduct=0898, bcdDevice= 0.00
[  359.895989][   T24] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  359.966546][   T24] usb 3-1: config 0 descriptor??
[  359.995917][   T30] audit: type=1326 audit(1754269684.027:226): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9097 comm="syz.3.824" exe="/root/syz-executor" sig=0 arch=c000003e syscall=83 compat=0 ip=0x7fc1bdd8eb69 code=0x7ffc0000
[  360.022891][   T24] input: PXRC Flight Controller Adapter as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/input/input16
[  360.064611][   T30] audit: type=1326 audit(1754269684.027:227): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9097 comm="syz.3.824" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc1bdd8eb69 code=0x7ffc0000
[  360.116140][ T5193] pxrc 3-1:0.0: pxrc_open - usb_submit_urb failed, error: -90
[  360.147754][   T30] audit: type=1326 audit(1754269684.027:228): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9097 comm="syz.3.824" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc1bdd8eb69 code=0x7ffc0000
[  360.219908][ T5193] pxrc 3-1:0.0: pxrc_open - usb_submit_urb failed, error: -90
[  360.250591][   T30] audit: type=1326 audit(1754269684.027:229): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9097 comm="syz.3.824" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7fc1bdd8eb69 code=0x7ffc0000
[  360.261148][ T5193] pxrc 3-1:0.0: pxrc_open - usb_submit_urb failed, error: -90
[  360.320667][ T5848] pxrc 3-1:0.0: pxrc_open - usb_submit_urb failed, error: -90
[  360.333564][   T30] audit: type=1326 audit(1754269684.027:230): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9097 comm="syz.3.824" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc1bdd8eb69 code=0x7ffc0000
[  360.372163][ T9086] pxrc 3-1:0.0: pxrc_open - usb_submit_urb failed, error: -90
[  360.392728][   T30] audit: type=1326 audit(1754269684.027:231): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9097 comm="syz.3.824" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc1bdd8eb69 code=0x7ffc0000
[  360.425380][ T5193] pxrc 3-1:0.0: pxrc_open - usb_submit_urb failed, error: -90
[  360.453134][   T24] usb 3-1: USB disconnect, device number 50
[  360.480011][   T30] audit: type=1326 audit(1754269684.027:232): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9097 comm="syz.3.824" exe="/root/syz-executor" sig=0 arch=c000003e syscall=165 compat=0 ip=0x7fc1bdd8eb69 code=0x7ffc0000
[  361.155459][ T9133] netlink: 12 bytes leftover after parsing attributes in process `syz.3.830'.
[  361.803810][ T9141] netlink: 4 bytes leftover after parsing attributes in process `syz.2.831'.
[  361.814329][ T9141] netlink: 12 bytes leftover after parsing attributes in process `syz.2.831'.
[  361.864568][ T9140] netlink: 'syz.4.828': attribute type 4 has an invalid length.
[  361.866361][ T9141] netlink: 4 bytes leftover after parsing attributes in process `syz.2.831'.
[  362.728348][ T9144] netlink: 4 bytes leftover after parsing attributes in process `syz.3.833'.
[  362.978517][   T24] usb 3-1: new full-speed USB device number 51 using dummy_hcd
[  362.985420][ T9151] netlink: 8 bytes leftover after parsing attributes in process `syz.3.836'.
[  362.996768][ T9151] netlink: 16 bytes leftover after parsing attributes in process `syz.3.836'.
[  363.181494][   T24] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10
[  363.256673][   T24] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 512, setting to 64
[  363.355982][   T24] usb 3-1: config 1 interface 1 altsetting 1 endpoint 0x82 has invalid maxpacket 512, setting to 64
[  363.445066][   T24] usb 3-1: config 1 interface 1 altsetting 1 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  363.486980][   T24] usb 3-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  363.497205][   T24] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  363.523097][   T24] usb 3-1: Product: syz
[  363.527344][   T24] usb 3-1: Manufacturer: syz
[  363.550395][   T24] usb 3-1: SerialNumber: syz
[  363.569449][ T9146] raw-gadget.1 gadget.2: fail, usb_ep_enable returned -22
[  363.603214][   T24] cdc_ncm 3-1:1.0: skipping garbage
[  363.655139][ T9155] netlink: 20 bytes leftover after parsing attributes in process `syz.0.837'.
[  363.762515][ T9160] binder: BINDER_SET_CONTEXT_MGR already set
[  363.785466][ T9160] binder: 9158:9160 ioctl 4018620d 2000000000c0 returned -16
[  363.855757][ T9146] fuse: Unknown parameter ''
[  363.909614][ T9160] binder: BINDER_SET_CONTEXT_MGR already set
[  363.916058][ T9160] binder: 9158:9160 ioctl 4018620d 2000000000c0 returned -16
[  363.925910][ T9160] binder: BINDER_SET_CONTEXT_MGR already set
[  363.933166][ T9160] binder: 9158:9160 ioctl 4018620d 2000000000c0 returned -16
[  363.985360][   T24] cdc_ncm 3-1:1.0: bind() failure
[  364.039461][   T24] cdc_ncm 3-1:1.1: CDC Union missing and no IAD found
[  364.076920][   T24] cdc_ncm 3-1:1.1: bind() failure
[  364.149434][   T24] usb 3-1: USB disconnect, device number 51
[  364.414924][ T7108] udevd[7108]: inotify_add_watch(7, /dev/nbd64, 10) failed: No such file or directory
[  364.638331][   T24] usb 4-1: new high-speed USB device number 36 using dummy_hcd
[  364.691354][ T9184] batadv0: entered promiscuous mode
[  364.712570][ T9184] macsec1: entered promiscuous mode
[  364.720405][ T9184] macsec1: entered allmulticast mode
[  364.725947][ T9184] batadv0: entered allmulticast mode
[  364.740380][ T9184] batadv0: left allmulticast mode
[  364.746104][ T9184] batadv0: left promiscuous mode
[  364.801645][   T24] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  364.814007][   T24] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  364.826022][   T24] usb 4-1: New USB device found, idVendor=1e7d, idProduct=2cf6, bcdDevice= 0.00
[  364.835633][   T24] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  364.856318][   T24] usb 4-1: config 0 descriptor??
[  364.918874][ T5941] usb 5-1: new high-speed USB device number 33 using dummy_hcd
[  365.497568][   T24] pyra 0003:1E7D:2CF6.000A: unknown main item tag 0x0
[  365.505059][   T24] pyra 0003:1E7D:2CF6.000A: unknown main item tag 0x0
[  365.515802][   T24] pyra 0003:1E7D:2CF6.000A: unknown main item tag 0x0
[  365.522750][   T24] pyra 0003:1E7D:2CF6.000A: unknown main item tag 0x0
[  365.529652][   T24] pyra 0003:1E7D:2CF6.000A: unknown main item tag 0x0
[  365.536940][   T24] pyra 0003:1E7D:2CF6.000A: unknown main item tag 0x0
[  365.544215][   T24] pyra 0003:1E7D:2CF6.000A: unknown main item tag 0x0
[  365.561184][ T9195] netlink: 8 bytes leftover after parsing attributes in process `syz.2.847'.
[  365.570316][   T24] pyra 0003:1E7D:2CF6.000A: hidraw0: USB HID v0.00 Device [HID 1e7d:2cf6] on usb-dummy_hcd.3-1/input0
[  365.585720][ T9195] netlink: 16 bytes leftover after parsing attributes in process `syz.2.847'.
[  365.631014][ T5941] usb 5-1: Using ep0 maxpacket: 8
[  365.651708][ T5941] usb 5-1: config 0 has an invalid interface number: 151 but max is 1
[  365.668044][ T5941] usb 5-1: config 0 has no interface number 1
[  365.674288][ T5941] usb 5-1: config 0 interface 151 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[  365.697799][ T5941] usb 5-1: config 0 interface 151 altsetting 0 has an endpoint descriptor with address 0xA3, changing to 0x83
[  365.716364][ T5941] usb 5-1: config 0 interface 151 altsetting 0 endpoint 0x83 has invalid maxpacket 64466, setting to 1024
[  365.729085][ T5941] usb 5-1: config 0 interface 151 altsetting 0 bulk endpoint 0x83 has invalid maxpacket 1024
[  365.759617][ T5941] usb 5-1: config 0 interface 151 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 1
[  365.783167][ T5941] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x2 has an invalid bInterval 0, changing to 7
[  365.797512][ T5941] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x2 has invalid wMaxPacketSize 0
[  365.840635][ T5941] usb 5-1: New USB device found, idVendor=0499, idProduct=500a, bcdDevice=e7.b7
[  365.853804][ T5941] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  365.863392][ T5941] usb 5-1: Product: syz
[  365.867753][ T5941] usb 5-1: Manufacturer: syz
[  365.876560][ T5941] usb 5-1: SerialNumber: syz
[  365.888271][ T5941] usb 5-1: config 0 descriptor??
[  365.895392][ T9187] raw-gadget.1 gadget.4: fail, usb_ep_enable returned -22
[  365.904798][ T9202] fuse: Bad value for 'fd'
[  365.912988][ T5941] usb 5-1: Quirk or no altset; falling back to MIDI 1.0
[  365.922903][   T30] kauditd_printk_skb: 37 callbacks suppressed
[  365.922922][   T30] audit: type=1800 audit(1754269690.777:270): pid=9202 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed comm="syz.2.850" name="SYSV00000000" dev="tmpfs" ino=1 res=0 errno=0
[  365.927682][ T5941] usb 5-1: Quirk or no altset; falling back to MIDI 1.0
[  365.956505][ T5941] usb 5-1: invalid MIDI in EP 0
[  365.992868][ T5941] snd-usb-audio 5-1:0.0: probe with driver snd-usb-audio failed with error -22
[  366.127304][ T5941] usb 5-1: USB disconnect, device number 33
[  366.948944][  T978] usb 2-1: new high-speed USB device number 41 using dummy_hcd
[  367.009907][ T9233] netdevsim netdevsim4 netdevsim0: entered allmulticast mode
[  367.128208][  T978] usb 2-1: Using ep0 maxpacket: 8
[  367.147412][  T978] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  367.187633][  T978] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  367.189432][ T9238] netlink: 8 bytes leftover after parsing attributes in process `syz.4.858'.
[  367.213693][  T978] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 5
[  367.214716][ T9238] netlink: 16 bytes leftover after parsing attributes in process `syz.4.858'.
[  367.227619][  T978] usb 2-1: New USB device found, idVendor=046d, idProduct=c293, bcdDevice= 0.00
[  367.246787][  T978] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  367.269266][  T978] usb 2-1: config 0 descriptor??
[  367.642858][   T24] pyra 0003:1E7D:2CF6.000A: couldn't init struct pyra_device
[  367.651317][   T24] pyra 0003:1E7D:2CF6.000A: couldn't install mouse
[  367.664399][   T24] pyra 0003:1E7D:2CF6.000A: probe with driver pyra failed with error -71
[  367.691403][   T24] usb 4-1: USB disconnect, device number 36
[  367.761027][  T978] logitech 0003:046D:C293.000B: nested delimiters
[  367.799462][  T978] logitech 0003:046D:C293.000B: item 0 4 2 10 parsing failed
[  367.831378][  T978] logitech 0003:046D:C293.000B: parse failed
[  367.845183][  T978] logitech 0003:046D:C293.000B: probe with driver logitech failed with error -22
[  368.084394][ T9249] tipc: Enabled bearer <eth:xfrm0>, priority 10
[  368.107438][   T24] usb 2-1: USB disconnect, device number 41
[  368.848395][ T9267] netlink: 96 bytes leftover after parsing attributes in process `syz.2.866'.
[  369.044117][ T9270] kvm: kvm [9269]: vcpu0, guest rIP: 0xfff0 Unhandled RDMSR(0x4000001b)
[  369.083010][   T24] tipc: Node number set to 2886997007
[  369.085637][ T9274] netlink: 8 bytes leftover after parsing attributes in process `syz.4.870'.
[  369.097893][ T9274] netlink: 16 bytes leftover after parsing attributes in process `syz.4.870'.
[  369.663288][ T9271] binder: 9266:9271 ioctl c00c620f 200000000500 returned -22
[  369.921983][ T9300] netlink: 'syz.2.877': attribute type 1 has an invalid length.
[  370.296768][ T9317] netlink: 64 bytes leftover after parsing attributes in process `syz.2.881'.
[  370.344225][ T9317] netlink: 64 bytes leftover after parsing attributes in process `syz.2.881'.
[  370.413110][ T9320] syzkaller1: entered promiscuous mode
[  370.434843][ T9320] syzkaller1: entered allmulticast mode
[  370.469027][ T9321] netlink: 8 bytes leftover after parsing attributes in process `syz.1.882'.
[  371.269764][ T9327] loop8: detected capacity change from 0 to 8
[  371.295258][ T9327] Dev loop8: unable to read RDB block 8
[  371.318301][ T9327]  loop8: unable to read partition table
[  371.378479][ T9327] loop8: partition table beyond EOD, truncated
[  371.384776][ T9327] loop_reread_partitions: partition scan of loop8 (þ被xü^>Ñà– ) failed (rc=-5)
[  371.718750][ T9346] x_tables: duplicate underflow at hook 1
[  371.738241][ T9346] x_tables: duplicate underflow at hook 1
[  371.743590][ T9345] tun0: tun_chr_ioctl cmd 1074025677
[  371.750084][ T9345] tun0: linktype set to 1
[  371.759036][ T9346] netlink: 'syz.4.890': attribute type 1 has an invalid length.
[  371.765302][ T9345] x_tables: duplicate underflow at hook 3
[  371.766751][ T9346] netlink: 'syz.4.890': attribute type 4 has an invalid length.
[  371.975265][ T9352] nfs: Unknown parameter ''
[  372.746073][ T9359] netlink: 'syz.0.893': attribute type 10 has an invalid length.
[  372.813673][ T9359] 8021q: adding VLAN 0 to HW filter on device batadv0
[  372.873888][ T9359] : (slave batadv0): Enslaving as an active interface with an up link
[  372.950876][ T9361] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  372.976372][ T9361] batman_adv: batadv0: Removing interface: batadv_slave_0
[  373.007653][   T30] audit: type=1326 audit(1754269697.857:271): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9373 comm="syz.2.896" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9885d8eb69 code=0x7ffc0000
[  373.029444][    C0] vkms_vblank_simulate: vblank timer overrun
[  373.049326][ T9361] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  373.074865][ T9361] batman_adv: batadv0: Removing interface: batadv_slave_1
[  373.140046][   T30] audit: type=1326 audit(1754269697.857:272): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9373 comm="syz.2.896" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9885d8eb69 code=0x7ffc0000
[  373.161694][    C0] vkms_vblank_simulate: vblank timer overrun
[  373.173647][ T9361] : (slave batadv0): Releasing backup interface
[  373.307157][   T30] audit: type=1326 audit(1754269697.857:273): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9373 comm="syz.2.896" exe="/root/syz-executor" sig=0 arch=c000003e syscall=46 compat=0 ip=0x7f9885d8eb69 code=0x7ffc0000
[  373.329141][    C0] vkms_vblank_simulate: vblank timer overrun
[  373.349222][   T30] audit: type=1326 audit(1754269697.857:274): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9373 comm="syz.2.896" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9885d8eb69 code=0x7ffc0000
[  373.498821][   T30] audit: type=1326 audit(1754269697.857:275): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9373 comm="syz.2.896" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9885d8eb69 code=0x7ffc0000
[  373.529255][   T30] audit: type=1326 audit(1754269697.897:276): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9373 comm="syz.2.896" exe="/root/syz-executor" sig=0 arch=c000003e syscall=451 compat=0 ip=0x7f9885d8eb69 code=0x7ffc0000
[  373.623583][   T30] audit: type=1326 audit(1754269697.897:277): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9373 comm="syz.2.896" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9885d8eb69 code=0x7ffc0000
[  373.645132][    C0] vkms_vblank_simulate: vblank timer overrun
[  373.684830][   T30] audit: type=1326 audit(1754269697.897:278): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9373 comm="syz.2.896" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9885d8eb69 code=0x7ffc0000
[  373.741544][   T30] audit: type=1326 audit(1754269697.907:279): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9373 comm="syz.2.896" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f9885d8eb69 code=0x7ffc0000
[  373.763001][    C0] vkms_vblank_simulate: vblank timer overrun
[  373.950299][   T30] audit: type=1326 audit(1754269697.907:280): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9373 comm="syz.2.896" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9885d8eb69 code=0x7ffc0000
[  374.033751][ T9385] overlayfs: failed to resolve 'uid<00000000004294967295': -2
[  374.055744][ T9383] 9p: Unknown uid 00000000004294967295
[  374.116838][ T9388] 9pnet_fd: Insufficient options for proto=fd
[  374.269511][ T5916] usb 2-1: new high-speed USB device number 42 using dummy_hcd
[  374.438407][ T5916] usb 2-1: Using ep0 maxpacket: 16
[  374.479555][ T5916] usb 2-1: config 0 has an invalid interface number: 1 but max is 0
[  374.498438][ T5916] usb 2-1: config 0 has no interface number 0
[  374.520390][ T5916] usb 2-1: config 0 interface 1 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  374.592713][ T5916] usb 2-1: config 0 interface 1 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  374.658603][ T5916] usb 2-1: New USB device found, idVendor=28bd, idProduct=0071, bcdDevice= 0.00
[  374.718168][ T5916] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  374.766127][ T5916] usb 2-1: config 0 descriptor??
[  374.794444][ T9404] netlink: 4 bytes leftover after parsing attributes in process `syz.2.904'.
[  378.658427][ T5916] usbhid 2-1:0.1: can't add hid device: -71
[  378.673721][ T5916] usbhid 2-1:0.1: probe with driver usbhid failed with error -71
[  378.777434][ T5916] usb 2-1: USB disconnect, device number 42
[  378.928409][ T5938] usb 5-1: new high-speed USB device number 34 using dummy_hcd
[  379.088124][ T5938] usb 5-1: Using ep0 maxpacket: 8
[  379.090769][ T9447] netlink: 4 bytes leftover after parsing attributes in process `syz.2.918'.
[  379.106236][ T5938] usb 5-1: New USB device found, idVendor=0c45, idProduct=613a, bcdDevice=c4.6d
[  379.129845][ T5938] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  379.158206][ T5938] usb 5-1: Product: syz
[  379.162628][ T5938] usb 5-1: Manufacturer: syz
[  379.167274][ T5938] usb 5-1: SerialNumber: syz
[  379.224156][ T5938] usb 5-1: config 0 descriptor??
[  379.314116][ T5938] gspca_main: sonixj-2.14.0 probing 0c45:613a
[  379.522677][ T9451] tmpfs: Bad value for 'mpol'
[  380.586025][ T9433] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  380.589569][ T5941] usb 2-1: new high-speed USB device number 43 using dummy_hcd
[  380.599359][ T9433] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  380.622691][ T5938] gspca_sonixj: reg_w1 err -71
[  380.698507][ T5938] sonixj 5-1:0.0: probe with driver sonixj failed with error -71
[  380.752453][ T5938] usb 5-1: USB disconnect, device number 34
[  380.777475][ T5941] usb 2-1: New USB device found, idVendor=20b7, idProduct=1540, bcdDevice=b7.5a
[  380.799638][ T5941] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  380.810960][ T5941] usb 2-1: Product: syz
[  380.815400][ T5941] usb 2-1: Manufacturer: syz
[  380.825871][ T5941] usb 2-1: SerialNumber: syz
[  380.846887][ T5941] usb 2-1: config 0 descriptor??
[  380.975345][ T9470] netlink: 20 bytes leftover after parsing attributes in process `syz.2.925'.
[  381.278500][ T5941] usb 2-1: Firmware: major: 213, minor: 124, hardware type: UNKNOWN (48)
[  381.468784][ T5895] usb 5-1: new high-speed USB device number 35 using dummy_hcd
[  381.478836][ T5941] usb 2-1: failed to fetch extended address, random address set
[  381.491323][ T5941] usb 2-1: atusb_probe: initialization failed, error = -524
[  381.499414][ T5941] atusb 2-1:0.0: probe with driver atusb failed with error -524
[  381.638127][ T5895] usb 5-1: Using ep0 maxpacket: 16
[  381.661620][ T5895] usb 5-1: config 0 has an invalid interface number: 1 but max is 0
[  381.673249][ T5895] usb 5-1: config 0 has no interface number 0
[  381.685201][ T5895] usb 5-1: config 0 interface 1 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  381.698718][ T5895] usb 5-1: config 0 interface 1 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  381.713011][  T978] usb 2-1: USB disconnect, device number 43
[  381.725122][ T5895] usb 5-1: New USB device found, idVendor=28bd, idProduct=0071, bcdDevice= 0.00
[  381.737340][ T5895] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  381.751480][ T5895] usb 5-1: config 0 descriptor??
[  382.304373][ T9499] vim2m vim2m.0: Fourcc format (0x47425247) invalid.
[  383.330633][ T9517] netlink: 4 bytes leftover after parsing attributes in process `syz.2.937'.
[  383.420668][ T9522] netlink: 'syz.1.939': attribute type 29 has an invalid length.
[  383.863118][ T1304] ieee802154 phy0 wpan0: encryption failed: -22
[  383.879029][ T1304] ieee802154 phy1 wpan1: encryption failed: -22
[  384.451795][ T9549] sctp: failed to load transform for md5: -2
[  384.853771][ T9561] netlink: 8 bytes leftover after parsing attributes in process `syz.2.948'.
[  385.106892][ T9557] binder: 9556:9557 ioctl c00c620f 200000000500 returned -22
[  385.523721][ T5895] usbhid 5-1:0.1: can't add hid device: -71
[  386.402813][ T5895] usbhid 5-1:0.1: probe with driver usbhid failed with error -71
[  386.515278][ T5895] usb 5-1: USB disconnect, device number 35
[  386.681279][ T9579] netlink: 44 bytes leftover after parsing attributes in process `syz.2.954'.
[  386.709816][ T9578] xt_TCPMSS: path-MTU clamping only supported in FORWARD, OUTPUT and POSTROUTING hooks
[  386.839633][ T5952] usb 4-1: new full-speed USB device number 37 using dummy_hcd
[  388.001089][ T5952] usb 4-1: config 0 interface 0 altsetting 251 endpoint 0x9 has invalid wMaxPacketSize 0
[  388.023921][ T5952] usb 4-1: config 0 interface 0 has no altsetting 0
[  388.046721][ T5952] usb 4-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b
[  388.064960][ T5952] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  388.083895][ T5952] usb 4-1: Product: syz
[  388.089457][ T9587] vivid-000: disconnect
[  388.103714][ T5952] usb 4-1: Manufacturer: syz
[  388.108666][ T5952] usb 4-1: SerialNumber: syz
[  388.119602][ T5952] usb 4-1: config 0 descriptor??
[  388.158272][ T5952] usb 4-1: selecting invalid altsetting 0
[  388.195700][ T9583] vivid-000: reconnect
[  388.363518][   T30] kauditd_printk_skb: 22 callbacks suppressed
[  388.363550][   T30] audit: type=1326 audit(1754269713.217:303): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9591 comm="syz.0.957" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f094cf8eb69 code=0x7ffc0000
[  388.391808][ T9576] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  388.421430][ T9576] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  388.421645][   T30] audit: type=1326 audit(1754269713.267:304): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9591 comm="syz.0.957" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f094cf8eb69 code=0x7ffc0000
[  388.470774][   T30] audit: type=1326 audit(1754269713.267:305): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9591 comm="syz.0.957" exe="/root/syz-executor" sig=0 arch=c000003e syscall=274 compat=0 ip=0x7f094cf8eb69 code=0x7ffc0000
[  388.494957][ T9595] fuse: Bad value for 'user_id'
[  388.514638][ T9595] fuse: Bad value for 'user_id'
[  388.597338][ T5952] usb 4-1: USB disconnect, device number 37
[  388.655127][ T9597] cgroup: fork rejected by pids controller in /syz4
[  388.936980][   T30] audit: type=1326 audit(1754269713.267:306): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9591 comm="syz.0.957" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f094cf8eb69 code=0x7ffc0000
[  389.165186][   T30] audit: type=1326 audit(1754269713.267:307): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9591 comm="syz.0.957" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f094cf8eb69 code=0x7ffc0000
[  389.224206][   T30] audit: type=1326 audit(1754269713.267:308): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9591 comm="syz.0.957" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f094cf8eb69 code=0x7ffc0000
[  389.254086][   T30] audit: type=1326 audit(1754269713.267:309): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9591 comm="syz.0.957" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f094cf8eb69 code=0x7ffc0000
[  389.276887][   T30] audit: type=1326 audit(1754269713.267:310): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9591 comm="syz.0.957" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f094cf8eb69 code=0x7ffc0000
[  389.347194][ T8325] udevd[8325]: error opening ATTR{/sys/devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  389.347211][   T30] audit: type=1326 audit(1754269713.267:311): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9591 comm="syz.0.957" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f094cf8eb69 code=0x7ffc0000
[  389.364489][   T30] audit: type=1326 audit(1754269713.267:312): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9591 comm="syz.0.957" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f094cf8eb69 code=0x7ffc0000
[  389.870302][T10945] overlayfs: upperdir is in-use as upperdir/workdir of another mount, mount with '-o index=off' to override exclusive upperdir protection.
[  390.231348][T10951] netlink: 4 bytes leftover after parsing attributes in process `syz.1.962'.
[  390.636075][T10954] openvswitch: netlink: Either Ethernet header or EtherType is required.
[  390.797432][T10957] netlink: 16 bytes leftover after parsing attributes in process `syz.4.965'.
[  390.967198][T10958] netlink: 'syz.4.965': attribute type 4 has an invalid length.
[  391.438092][ T5895] usb 5-1: new high-speed USB device number 36 using dummy_hcd
[  391.608435][ T5895] usb 5-1: Using ep0 maxpacket: 16
[  391.640450][ T5895] usb 5-1: config 0 has an invalid interface number: 1 but max is 0
[  391.657980][ T5895] usb 5-1: config 0 has no interface number 0
[  391.675838][ T5895] usb 5-1: config 0 interface 1 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  391.712175][ T5895] usb 5-1: config 0 interface 1 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  391.731729][ T5895] usb 5-1: New USB device found, idVendor=28bd, idProduct=0071, bcdDevice= 0.00
[  391.766315][ T5895] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  391.893857][ T5895] usb 5-1: config 0 descriptor??
[  393.968019][ T5952] usb 4-1: new high-speed USB device number 38 using dummy_hcd
[  394.120481][  T978] usb 2-1: new high-speed USB device number 45 using dummy_hcd
[  394.147515][ T5952] usb 4-1: New USB device found, idVendor=6189, idProduct=182d, bcdDevice= 1.73
[  394.178768][ T5952] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  394.206513][ T5952] usb 4-1: Product: syz
[  394.220370][ T5952] usb 4-1: Manufacturer: syz
[  394.234758][ T5952] usb 4-1: SerialNumber: syz
[  394.258369][ T5952] usb 4-1: config 0 descriptor??
[  394.288112][  T978] usb 2-1: Using ep0 maxpacket: 32
[  394.297658][  T978] usb 2-1: config 0 has an invalid interface number: 133 but max is 0
[  394.315629][  T978] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  394.340853][  T978] usb 2-1: config 0 has no interface number 0
[  394.362016][  T978] usb 2-1: config 0 interface 133 altsetting 0 bulk endpoint 0xB has invalid maxpacket 1024
[  394.391934][  T978] usb 2-1: config 0 interface 133 altsetting 0 bulk endpoint 0xF has invalid maxpacket 528
[  394.426480][  T978] usb 2-1: config 0 interface 133 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  394.467197][  T978] usb 2-1: New USB device found, idVendor=0424, idProduct=012c, bcdDevice=71.1e
[  394.490786][  T978] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  394.515689][  T978] usb 2-1: Product: syz
[  394.525969][  T978] usb 2-1: Manufacturer: syz
[  394.550464][  T978] usb 2-1: SerialNumber: syz
[  394.575070][  T978] usb 2-1: config 0 descriptor??
[  394.605815][T11006] raw-gadget.3 gadget.1: fail, usb_ep_enable returned -22
[  394.636706][T11006] raw-gadget.3 gadget.1: fail, usb_ep_enable returned -22
[  394.835367][ T5895] usbhid 5-1:0.1: can't add hid device: -71
[  394.849524][ T5895] usbhid 5-1:0.1: probe with driver usbhid failed with error -71
[  394.907473][ T5895] usb 5-1: USB disconnect, device number 36
[  394.914932][  T978] usb 2-1: probing VID:PID(0424:012C)   
[  394.932364][  T978] usb 2-1: vub300 testing BULK OUT EndPoint(0) 0B
[  394.961153][  T978] usb 2-1: vub300 testing BULK OUT EndPoint(1) 0F
[  394.977893][  T978] usb 2-1: Could not find two sets of bulk-in/out endpoint pairs
[  395.022775][  T978] vub300 2-1:0.133: probe with driver vub300 failed with error -22
[  395.061703][  T978] usb 2-1: USB disconnect, device number 45
[  397.051866][ T5952] asix 4-1:0.0 (unnamed net_device) (uninitialized): Failed to read reg index 0x0000: -71
[  397.072649][ T5952] asix 4-1:0.0: probe with driver asix failed with error -71
[  397.119754][ T5952] usb 4-1: USB disconnect, device number 38
[  397.199414][T11032] sctp: [Deprecated]: syz.2.988 (pid 11032) Use of int in maxseg socket option.
[  397.199414][T11032] Use struct sctp_assoc_value instead
[  397.518516][T11047] binder: BINDER_SET_CONTEXT_MGR already set
[  397.525347][T11047] binder: 11040:11047 ioctl 4018620d 200000004a80 returned -16
[  397.598031][  T978] usb 5-1: new full-speed USB device number 37 using dummy_hcd
[  398.099597][  T978] usb 5-1: config 150 has an invalid interface number: 204 but max is 1
[  398.164050][  T978] usb 5-1: config 150 has no interface number 0
[  398.173279][  T978] usb 5-1: config 150 interface 204 has no altsetting 0
[  398.193358][  T978] usb 5-1: config 150 interface 1 has no altsetting 0
[  398.223571][  T978] usb 5-1: New USB device found, idVendor=04e2, idProduct=1424, bcdDevice=c7.eb
[  398.264906][  T978] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  398.300397][  T978] usb 5-1: Product: syz
[  398.309600][  T978] usb 5-1: Manufacturer: syz
[  398.316571][  T978] usb 5-1: SerialNumber: syz
[  398.502528][T11067] binder: 11062:11067 ioctl c018620b 0 returned -14
[  398.523159][T11067] netlink: 16 bytes leftover after parsing attributes in process `syz.3.998'.
[  398.535709][T11067] openvswitch: netlink: Missing key (keys=40, expected=10000000)
[  398.579558][  T978] xr_serial 5-1:150.204: xr_serial converter detected
[  398.669882][T11063] netlink: 4 bytes leftover after parsing attributes in process `syz.3.998'.
[  399.186124][ T5895] usb 2-1: new high-speed USB device number 46 using dummy_hcd
[  399.309210][T11081] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1002'.
[  399.319173][T11081] netlink: 16 bytes leftover after parsing attributes in process `syz.0.1002'.
[  399.496893][  T978] usb 5-1: xr_serial converter now attached to ttyUSB0
[  399.695259][ T5895] usb 2-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[  399.716700][ T5895] usb 2-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47
[  399.747500][ T5895] usb 2-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[  399.762119][ T5895] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  399.774711][T11077] raw-gadget.1 gadget.1: fail, usb_ep_enable returned -22
[  399.823333][ T5895] usb 2-1: Quirk or no altset; falling back to MIDI 1.0
[  399.840643][  T978] usb 5-1: USB disconnect, device number 37
[  399.886572][  T978] xr_serial ttyUSB0: xr_serial converter now disconnected from ttyUSB0
[  399.929473][  T978] xr_serial 5-1:150.204: device disconnected
[  399.953210][T11085] 9pnet_fd: Insufficient options for proto=fd
[  400.193508][ T5952] usb 2-1: USB disconnect, device number 46
[  400.199848][  T890] usb 4-1: new full-speed USB device number 39 using dummy_hcd
[  400.370001][  T890] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  400.386595][  T890] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 3
[  400.433305][  T890] usb 4-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  400.473968][  T890] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  400.511540][  T890] usb 4-1: Product: syz
[  400.529336][  T890] usb 4-1: Manufacturer: syz
[  400.546532][  T890] usb 4-1: SerialNumber: syz
[  400.791968][  T890] usb 4-1: 0:2 : does not exist
[  400.844403][  T890] usb 4-1: 5:0: failed to get current value for ch 0 (-22)
[  400.957864][  T890] usb 4-1: USB disconnect, device number 39
[  401.278089][ T5952] usb 5-1: new high-speed USB device number 38 using dummy_hcd
[  401.418043][ T5952] usb 5-1: device descriptor read/64, error -71
[  401.658213][ T5952] usb 5-1: new high-speed USB device number 39 using dummy_hcd
[  401.763251][T11113] cgroup: fork rejected by pids controller in /syz3
[  401.865267][ T5952] usb 5-1: device descriptor read/64, error -71
[  401.998633][ T5952] usb usb5-port1: attempt power cycle
[  402.335524][T12135] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1012'.
[  402.361115][T12135] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1012'.
[  402.397138][ T5952] usb 5-1: new high-speed USB device number 40 using dummy_hcd
[  402.469438][ T5952] usb 5-1: device descriptor read/8, error -71
[  402.684768][T12146] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1014'.
[  403.204178][ T5952] usb 5-1: new high-speed USB device number 41 using dummy_hcd
[  403.288423][ T5952] usb 5-1: device descriptor read/8, error -71
[  403.409807][ T5952] usb usb5-port1: unable to enumerate USB device
[  403.451941][ T5895] Process accounting resumed
[  404.937676][T12182] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1022'.
[  406.071202][T12186] lo speed is unknown, defaulting to 1000
[  406.917356][T12206] syz.1.1029: attempt to access beyond end of device
[  406.917356][T12206] nbd1: rw=4096, sector=0, nr_sectors = 1 limit=0
[  407.217605][T12213] syz.1.1029: attempt to access beyond end of device
[  407.217605][T12213] nbd1: rw=4096, sector=0, nr_sectors = 1 limit=0
[  407.250940][T12221] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=640 (1280 ns) > initial count (34 ns). Using initial count to start timer.
[  407.378026][  T978] usb 4-1: new high-speed USB device number 40 using dummy_hcd
[  407.906226][T12234] netlink: 'syz.0.1033': attribute type 6 has an invalid length.
[  407.936823][T12234] netlink: 20 bytes leftover after parsing attributes in process `syz.0.1033'.
[  407.950055][  T978] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  407.978131][  T978] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  407.988651][ T5895] usb 2-1: new high-speed USB device number 47 using dummy_hcd
[  408.017214][  T978] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 6
[  408.055633][  T978] usb 4-1: New USB device found, idVendor=2133, idProduct=0018, bcdDevice= 0.00
[  408.085811][  T978] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  408.139451][ T5895] usb 2-1: device descriptor read/64, error -71
[  408.152455][  T978] usb 4-1: config 0 descriptor??
[  408.552011][ T5895] usb 2-1: new high-speed USB device number 48 using dummy_hcd
[  409.448581][  T978] viewsonic 0003:2133:0018.000C: hidraw0: USB HID v0.00 Device [HID 2133:0018] on usb-dummy_hcd.3-1/input0
[  409.530661][ T5938] usb 4-1: USB disconnect, device number 40
[  409.538250][ T5895] usb 2-1: device descriptor read/64, error -71
[  410.053790][T12252] input: syz0 as /devices/virtual/input/input17
[  410.417593][ T5895] usb usb2-port1: attempt power cycle
[  410.641806][T12243] fido_id[12243]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.3/usb4/report_descriptor': No such file or directory
[  411.831025][T12276] netlink: 'syz.4.1041': attribute type 2 has an invalid length.
[  412.018489][T12276] þ: entered promiscuous mode
[  412.188406][  T890] usb 2-1: new high-speed USB device number 50 using dummy_hcd
[  412.340840][  T890] usb 2-1: device descriptor read/64, error -71
[  413.159564][  T890] usb 2-1: new high-speed USB device number 51 using dummy_hcd
[  413.217503][T12292] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1045'.
[  413.226617][T12292] netlink: 16 bytes leftover after parsing attributes in process `syz.2.1045'.
[  413.328496][  T890] usb 2-1: device descriptor read/64, error -71
[  413.549716][  T890] usb usb2-port1: attempt power cycle
[  414.628335][  T890] usb 2-1: new high-speed USB device number 52 using dummy_hcd
[  414.677767][T12308] openvswitch: netlink: IP tunnel attribute has 20 unknown bytes.
[  414.845319][  T890] usb 2-1: device descriptor read/8, error -71
[  415.020377][T12316] netlink: 'syz.2.1052': attribute type 2 has an invalid length.
[  415.212443][T12326] netlink: 88 bytes leftover after parsing attributes in process `syz.2.1056'.
[  416.160030][T12332] bridge1: entered promiscuous mode
[  416.196015][T12332] bridge1: entered allmulticast mode
[  416.218226][T12334] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1057'.
[  416.474444][T12346] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  416.963398][ T5895] usb 4-1: new high-speed USB device number 41 using dummy_hcd
[  417.338898][ T5895] usb 4-1: Using ep0 maxpacket: 16
[  417.441487][ T5895] usb 4-1: config 0 has an invalid interface number: 1 but max is 0
[  417.838019][ T5895] usb 4-1: config 0 has no interface number 0
[  417.844414][ T5895] usb 4-1: config 0 interface 1 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  417.934310][ T5895] usb 4-1: config 0 interface 1 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  418.106148][ T5895] usb 4-1: New USB device found, idVendor=28bd, idProduct=0071, bcdDevice= 0.00
[  418.126003][ T5895] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  418.140114][ T5895] usb 4-1: config 0 descriptor??
[  422.349325][ T5895] usbhid 4-1:0.1: can't add hid device: -71
[  422.373961][ T5895] usbhid 4-1:0.1: probe with driver usbhid failed with error -71
[  422.448042][ T5895] usb 4-1: USB disconnect, device number 41
[  422.505666][T12384] /dev/nullb0: Can't open blockdev
[  422.568919][T12384] dlm: no local IP address has been set
[  422.575092][T12384] dlm: cannot start dlm midcomms -107
[  423.464055][T12391] netlink: 16 bytes leftover after parsing attributes in process `syz.3.1071'.
[  423.553108][T12392] loop8: detected capacity change from 0 to 8
[  423.626903][T12393] binder: Bad value for 'max'
[  424.095185][T12395] netlink: 'syz.2.1072': attribute type 3 has an invalid length.
[  424.103479][T12395] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  424.144034][T12392]  loop8: [POWERTEC] p1 p2 p3 p4 p5 p6 p7 p8 p9 p10 p11 p12
[  424.164638][T12392] loop8: p1 start 1953705584 is beyond EOD, truncated
[  424.222972][T12392] loop8: p2 start 700027685 is beyond EOD, truncated
[  425.113596][T12392] loop8: p3 start 31919608 is beyond EOD, truncated
[  425.120683][T12392] loop8: p4 start 4201384960 is beyond EOD, truncated
[  425.196319][T12392] loop8: p5 start 2842431134 is beyond EOD, truncated
[  425.245527][T12392] loop8: p6 start 1584160440 is beyond EOD, truncated
[  425.253125][T12392] loop8: p7 start 2589729944 is beyond EOD, truncated
[  425.267111][T12392] loop8: p8 start 1229243498 is beyond EOD, truncated
[  425.274343][T12392] loop8: p9 start 1043497832 is beyond EOD, truncated
[  425.281554][T12392] loop8: p10 start 883525942 is beyond EOD, truncated
[  425.291076][T12392] loop8: p11 start 2065041852 is beyond EOD, truncated
[  425.298569][T12392] loop8: p12 start 3320555364 is beyond EOD, truncated
[  426.098202][ T5916] usb 2-1: new high-speed USB device number 54 using dummy_hcd
[  426.997993][ T5916] usb 2-1: Using ep0 maxpacket: 16
[  427.005225][ T5916] usb 2-1: config 0 has an invalid interface number: 1 but max is 0
[  427.043891][ T5916] usb 2-1: config 0 has no interface number 0
[  427.065980][T12444] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1086'.
[  427.079277][T12445] netlink: 36 bytes leftover after parsing attributes in process `syz.0.1085'.
[  427.088643][ T5916] usb 2-1: config 0 interface 1 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  427.125307][ T5916] usb 2-1: config 0 interface 1 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  427.151533][ T5916] usb 2-1: New USB device found, idVendor=28bd, idProduct=0071, bcdDevice= 0.00
[  427.750755][  T890] usb 4-1: new high-speed USB device number 42 using dummy_hcd
[  427.877325][ T5916] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  427.986886][  T890] usb 4-1: Using ep0 maxpacket: 16
[  427.995209][ T5916] usb 2-1: config 0 descriptor??
[  428.024805][  T890] usb 4-1: config 0 has an invalid interface number: 1 but max is 0
[  428.065272][  T890] usb 4-1: config 0 has no interface number 0
[  428.089590][  T890] usb 4-1: config 0 interface 1 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  428.156685][  T890] usb 4-1: config 0 interface 1 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  428.183640][  T890] usb 4-1: New USB device found, idVendor=28bd, idProduct=0071, bcdDevice= 0.00
[  428.203313][  T890] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  428.496497][  T890] usb 4-1: config 0 descriptor??
[  429.225353][T12489] netlink: 112 bytes leftover after parsing attributes in process `syz.2.1092'.
[  429.305646][T12493] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1096'.
[  429.504223][T12495] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1092'.
[  429.738080][ T5952] usb 5-1: new high-speed USB device number 42 using dummy_hcd
[  429.919767][ T5952] usb 5-1: Using ep0 maxpacket: 8
[  429.967713][ T5952] usb 5-1: New USB device found, idVendor=2770, idProduct=930c, bcdDevice=8d.6a
[  429.998753][ T5952] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  430.031054][ T5952] usb 5-1: Product: syz
[  430.048054][ T5952] usb 5-1: Manufacturer: syz
[  430.066875][ T5952] usb 5-1: SerialNumber: syz
[  430.102392][ T5952] usb 5-1: config 0 descriptor??
[  430.139454][ T5952] gspca_main: sq930x-2.14.0 probing 2770:930c
[  431.298285][ T5952] gspca_sq930x: ucbus_write failed -110
[  432.054780][ T5916] usbhid 2-1:0.1: can't add hid device: -71
[  432.075151][ T5916] usbhid 2-1:0.1: probe with driver usbhid failed with error -71
[  432.116339][ T5916] usb 2-1: USB disconnect, device number 54
[  432.718044][ T5952] gspca_sq930x: Unknown sensor
[  432.724925][ T5952] sq930x 5-1:0.0: probe with driver sq930x failed with error -22
[  432.830455][ T5952] usb 5-1: USB disconnect, device number 42
[  432.857299][  T890] usbhid 4-1:0.1: can't add hid device: -71
[  432.872611][  T890] usbhid 4-1:0.1: probe with driver usbhid failed with error -71
[  432.935728][T12536] netlink: 64 bytes leftover after parsing attributes in process `syz.1.1106'.
[  433.097484][T12517] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  433.328312][  T890] usb 4-1: USB disconnect, device number 42
[  433.658791][T12545] netlink: 24 bytes leftover after parsing attributes in process `syz.0.1107'.
[  433.744388][T12550] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1107'.
[  433.815105][T12552] input: syz0 as /devices/virtual/input/input18
[  433.939396][  T890] usb 2-1: new full-speed USB device number 55 using dummy_hcd
[  434.098030][ T5952] usb 5-1: new high-speed USB device number 43 using dummy_hcd
[  434.110086][  T890] usb 2-1: config 0 has an invalid interface number: 50 but max is 0
[  434.134436][  T890] usb 2-1: config 0 has no interface number 0
[  434.147853][  T890] usb 2-1: config 0 interface 50 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0
[  434.231294][T12569] vlan2: entered promiscuous mode
[  434.240703][T12569] netdevsim netdevsim2 netdevsim0: entered promiscuous mode
[  434.251652][T12569] vlan2: entered allmulticast mode
[  434.256851][T12569] netdevsim netdevsim2 netdevsim0: entered allmulticast mode
[  434.284865][  T890] usb 2-1: New USB device found, idVendor=0c45, idProduct=1010, bcdDevice=e6.fc
[  434.301604][  T890] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  434.310222][  T890] usb 2-1: Product: syz
[  434.314534][  T890] usb 2-1: Manufacturer: syz
[  434.319697][  T890] usb 2-1: SerialNumber: syz
[  434.335580][  T890] usb 2-1: config 0 descriptor??
[  434.348930][ T5952] usb 5-1: Using ep0 maxpacket: 32
[  434.357029][  T890] yurex 2-1:0.50: Could not find endpoints
[  434.364872][ T5952] usb 5-1: config 0 has an invalid interface number: 1 but max is 0
[  434.377959][ T5952] usb 5-1: config 0 has no interface number 0
[  434.406551][ T5952] usb 5-1: New USB device found, idVendor=8086, idProduct=9500, bcdDevice=b6.d8
[  434.434474][ T5952] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  434.454413][ T5952] usb 5-1: Product: syz
[  434.627105][T12549] netlink: 328 bytes leftover after parsing attributes in process `syz.1.1109'.
[  434.668430][ T5952] usb 5-1: Manufacturer: syz
[  434.674614][ T5952] usb 5-1: SerialNumber: syz
[  434.712769][ T5952] usb 5-1: config 0 descriptor??
[  434.733157][ T5952] usb 5-1: dvb_usb_v2: found a 'Intel CE9500 reference design' in warm state
[  434.743030][ T5952] usb 5-1: selecting invalid altsetting 1
[  434.752567][ T5952] usb 5-1: dvb_usb_ce6230: usb_set_interface() failed=-22
[  435.703283][ T5952] usb 5-1: dvb_usb_v2: will pass the complete MPEG2 transport stream to the software demuxer
[  435.704763][ T5916] usb 2-1: USB disconnect, device number 55
[  435.728403][ T5952] dvbdev: DVB: registering new adapter (Intel CE9500 reference design)
[  435.737812][ T5952] usb 5-1: media controller created
[  435.800910][ T5952] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  437.161388][ T5952] usb 5-1: dvb_usb_ce6230: usb_set_interface() failed=-71
[  438.138082][ T5158] Bluetooth: hci3: ACL packet for unknown connection handle 201
[  438.756772][T12587] ALSA: mixer_oss: invalid OSS volume ''
[  438.768636][T12591] fuse: Bad value for 'fd'
[  438.787622][ T5952] usb 5-1: USB disconnect, device number 43
[  438.802873][T12593] netlink: 36 bytes leftover after parsing attributes in process `syz.0.1121'.
[  438.984685][T12595] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1125'.
[  439.010455][T12595] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1125'.
[  439.061446][T12599] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1126'.
[  439.910700][T12613] netlink: 24 bytes leftover after parsing attributes in process `syz.1.1129'.
[  440.717179][T12628] netlink: 10 bytes leftover after parsing attributes in process `syz.2.1133'.
[  440.816321][T12628] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1133'.
[  440.911053][T12628] hsr_slave_0: left promiscuous mode
[  440.936987][T12628] hsr_slave_1: left promiscuous mode
[  441.408153][ T5941] usb 4-1: new high-speed USB device number 43 using dummy_hcd
[  442.288095][ T5941] usb 4-1: Using ep0 maxpacket: 16
[  442.298250][ T5941] usb 4-1: config 0 has an invalid interface number: 1 but max is 0
[  442.306418][ T5941] usb 4-1: config 0 has no interface number 0
[  442.324134][T12653] dummy0: entered promiscuous mode
[  442.332886][ T5941] usb 4-1: config 0 interface 1 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  442.355189][T12653] dummy0: left promiscuous mode
[  442.358206][ T5941] usb 4-1: config 0 interface 1 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  442.408274][ T5941] usb 4-1: New USB device found, idVendor=28bd, idProduct=0071, bcdDevice= 0.00
[  442.428303][ T5941] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  442.440140][ T5941] usb 4-1: config 0 descriptor??
[  442.915611][T12658] 9pnet_fd: Insufficient options for proto=fd
[  442.931251][T12658] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1140'.
[  443.188040][ T5916] usb 5-1: new high-speed USB device number 44 using dummy_hcd
[  443.369190][ T5916] usb 5-1: Using ep0 maxpacket: 8
[  443.490318][T12666] usb usb1: check_ctrlrecip: process 12666 (syz.1.1142) requesting ep 01 but needs 81
[  443.547161][ T5916] usb 5-1: too many configurations: 20, using maximum allowed: 8
[  443.623759][ T5916] usb 5-1: unable to read config index 0 descriptor/start: -61
[  443.635015][ T5916] usb 5-1: can't read configurations, error -61
[  443.998059][ T5916] usb 5-1: new high-speed USB device number 45 using dummy_hcd
[  444.218191][ T5916] usb 5-1: Using ep0 maxpacket: 8
[  444.227645][ T5916] usb 5-1: too many configurations: 20, using maximum allowed: 8
[  444.245533][ T5916] usb 5-1: unable to read config index 0 descriptor/start: -61
[  444.256213][ T5916] usb 5-1: can't read configurations, error -61
[  444.269966][ T5916] usb usb5-port1: attempt power cycle
[  444.584974][T12675] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[  444.592177][T12675] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[  444.608070][ T5916] usb 5-1: new high-speed USB device number 46 using dummy_hcd
[  444.623824][T12675] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[  444.648158][ T5916] usb 5-1: Using ep0 maxpacket: 8
[  444.658215][ T5916] usb 5-1: too many configurations: 20, using maximum allowed: 8
[  444.670003][ T5916] usb 5-1: unable to read config index 0 descriptor/start: -61
[  444.688069][ T5916] usb 5-1: can't read configurations, error -61
[  444.795250][   T30] kauditd_printk_skb: 71 callbacks suppressed
[  444.795269][   T30] audit: type=1326 audit(1754269769.647:384): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12683 comm="syz.0.1146" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f094cf8eb69 code=0x7ffc0000
[  444.930315][ T5916] usb 5-1: new high-speed USB device number 47 using dummy_hcd
[  445.168308][ T5916] usb 5-1: Using ep0 maxpacket: 8
[  445.198043][   T30] audit: type=1326 audit(1754269769.687:385): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12683 comm="syz.0.1146" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f094cf8eb69 code=0x7ffc0000
[  445.240390][ T5916] usb 5-1: too many configurations: 20, using maximum allowed: 8
[  445.301154][ T5916] usb 5-1: unable to read config index 0 descriptor/start: -61
[  445.353824][   T30] audit: type=1326 audit(1754269769.707:386): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12683 comm="syz.0.1146" exe="/root/syz-executor" sig=0 arch=c000003e syscall=317 compat=0 ip=0x7f094cf8eb69 code=0x7ffc0000
[  445.380655][ T5916] usb 5-1: can't read configurations, error -61
[  445.394570][ T1304] ieee802154 phy0 wpan0: encryption failed: -22
[  445.395437][ T5916] usb usb5-port1: unable to enumerate USB device
[  445.408147][ T1304] ieee802154 phy1 wpan1: encryption failed: -22
[  445.510691][   T30] audit: type=1326 audit(1754269769.727:387): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12683 comm="syz.0.1146" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f094cf8eb69 code=0x7ffc0000
[  445.568991][   T30] audit: type=1326 audit(1754269769.757:388): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12683 comm="syz.0.1146" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f094cf8eb69 code=0x7ffc0000
[  445.594173][   T30] audit: type=1326 audit(1754269769.777:389): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12683 comm="syz.0.1146" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f094cf8d4d0 code=0x7ffc0000
[  445.617499][ T5941] usbhid 4-1:0.1: can't add hid device: -71
[  445.624327][ T5941] usbhid 4-1:0.1: probe with driver usbhid failed with error -71
[  445.657637][ T5941] usb 4-1: USB disconnect, device number 43
[  445.753373][   T30] audit: type=1326 audit(1754269769.777:390): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12683 comm="syz.0.1146" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f094cf8eb69 code=0x7ffc0000
[  445.837543][   T30] audit: type=1326 audit(1754269769.797:391): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12683 comm="syz.0.1146" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f094cf8eb69 code=0x7ffc0000
[  445.936293][   T30] audit: type=1326 audit(1754269769.807:392): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12683 comm="syz.0.1146" exe="/root/syz-executor" sig=0 arch=c000003e syscall=190 compat=0 ip=0x7f094cf8eb69 code=0x7ffc0000
[  446.033658][   T30] audit: type=1326 audit(1754269769.827:393): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12683 comm="syz.0.1146" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f094cf8eb69 code=0x7ffc0000
[  446.620606][ T5158] Bluetooth: hci2: command 0x0406 tx timeout
[  446.658169][ T5158] Bluetooth: hci4: command 0x0406 tx timeout
[  446.664506][ T5158] Bluetooth: hci3: command 0x0406 tx timeout
[  446.888043][ T5895] usb 2-1: new full-speed USB device number 56 using dummy_hcd
[  446.944536][T12701] input: syz0 as /devices/virtual/input/input19
[  447.129199][T12706] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1152'.
[  447.180101][ T5895] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x6 has invalid maxpacket 1023, setting to 64
[  447.298026][ T5895] usb 2-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xBA, changing to 0x8A
[  447.368351][ T5895] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x8A has invalid maxpacket 121, setting to 64
[  447.411102][ T5895] usb 2-1: New USB device found, idVendor=2294, idProduct=425b, bcdDevice=a2.10
[  447.452291][ T5895] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  447.496440][ T5895] usb 2-1: Product: syz
[  447.502322][ T5895] usb 2-1: Manufacturer: syz
[  447.507092][ T5895] usb 2-1: SerialNumber: syz
[  447.568997][ T5895] usb 2-1: config 0 descriptor??
[  447.576149][T12696] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22
[  447.589185][T12696] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22
[  447.603953][ T5895] usb 2-1: ucan: probing device on interface #0
[  448.524226][T12720] netlink: 'syz.3.1156': attribute type 2 has an invalid length.
[  448.533027][T12720] netlink: 723 bytes leftover after parsing attributes in process `syz.3.1156'.
[  449.772833][ T5895] ucan 2-1:0.0 can0: registered device
[  449.783066][ T5895] ucan 2-1:0.0 can0: firmware string: w
[  449.997143][ T5895] usb 2-1: USB disconnect, device number 56
[  450.429873][ T5952] usb 4-1: new high-speed USB device number 44 using dummy_hcd
[  450.663622][ T5952] usb 4-1: Using ep0 maxpacket: 16
[  450.852339][ T5952] usb 4-1: config 0 has an invalid interface number: 1 but max is 0
[  450.879631][ T5952] usb 4-1: config 0 has no interface number 0
[  450.948195][  T978] usb 5-1: new high-speed USB device number 48 using dummy_hcd
[  451.043308][T12747] netlink: 16 bytes leftover after parsing attributes in process `syz.2.1163'.
[  451.564609][ T5952] usb 4-1: config 0 interface 1 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  451.591033][  T978] usb 5-1: Using ep0 maxpacket: 16
[  451.592173][ T5952] usb 4-1: config 0 interface 1 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  451.608907][  T978] usb 5-1: config 1 has an invalid interface number: 105 but max is 0
[  451.628097][  T978] usb 5-1: config 1 has no interface number 0
[  451.634583][  T978] usb 5-1: config 1 interface 105 altsetting 2 bulk endpoint 0x4 has invalid maxpacket 16
[  451.658058][  T978] usb 5-1: config 1 interface 105 altsetting 2 bulk endpoint 0x82 has invalid maxpacket 64
[  451.668882][ T5952] usb 4-1: New USB device found, idVendor=28bd, idProduct=0071, bcdDevice= 0.00
[  451.668917][ T5952] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  451.693080][ T5952] usb 4-1: config 0 descriptor??
[  451.750378][  T978] usb 5-1: config 1 interface 105 has no altsetting 0
[  451.797709][  T978] usb 5-1: New USB device found, idVendor=20f4, idProduct=e05a, bcdDevice=6c.6d
[  451.844840][  T978] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  451.870730][  T978] usb 5-1: Product: syz
[  451.875180][  T978] usb 5-1: Manufacturer: syz
[  451.887653][  T978] usb 5-1: SerialNumber: syz
[  451.906515][T12742] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22
[  451.927026][T12742] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22
[  452.848493][T12742] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  452.858670][T12742] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  453.343584][T12762] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22
[  453.354643][T12762] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22
[  453.369720][ T5952] usbhid 4-1:0.1: can't add hid device: -71
[  453.496347][ T5952] usbhid 4-1:0.1: probe with driver usbhid failed with error -71
[  453.518083][ T5952] usb 4-1: USB disconnect, device number 44
[  453.563213][ T5842] Bluetooth: hci3: unexpected event for opcode 0x201c
[  453.603667][ T5895] libceph: connect (1)[c::]:6789 error -101
[  453.610521][ T5895] libceph: mon0 (1)[c::]:6789 connect error
[  453.725193][T12755] delete_channel: no stack
[  453.782463][  T978] aqc111 5-1:1.105 (unnamed net_device) (uninitialized): Failed to read(0x1) reg index 0x0001: -32
[  453.798664][T12774] tmpfs: Bad value for 'mpol'
[  453.934201][ T5902] libceph: connect (1)[c::]:6789 error -101
[  454.149771][ T5902] libceph: mon0 (1)[c::]:6789 connect error
[  454.379479][T12766] ceph: No mds server is up or the cluster is laggy
[  454.584141][  T978] aqc111 5-1:1.105 (unnamed net_device) (uninitialized): Failed to read(0x1) reg index 0x0001: -71
[  454.631920][  T978] aqc111 5-1:1.105 eth1: register 'aqc111' at usb-dummy_hcd.4-1, USB-C 3.1 to 5GBASE-T Ethernet Adapter, ba:02:70:f8:de:ed
[  454.736913][  T978] usb 5-1: USB disconnect, device number 48
[  454.774084][  T978] aqc111 5-1:1.105 eth1: unregister 'aqc111' usb-dummy_hcd.4-1, USB-C 3.1 to 5GBASE-T Ethernet Adapter
[  455.728806][  T978] aqc111 5-1:1.105 eth1 (unregistered): Failed to write(0x1) reg index 0x0002: -19
[  455.768480][  T978] aqc111 5-1:1.105 eth1 (unregistered): Failed to write(0x1) reg index 0x0002: -19
[  455.806891][  T978] aqc111 5-1:1.105 eth1 (unregistered): Failed to write(0x61) reg index 0x0000: -19
[  455.889862][T12795] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1172'.
[  455.910319][T12795] openvswitch: netlink: Unknown nsh attribute 0
[  455.916684][T12795] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  461.908421][ T5952] usb 4-1: new high-speed USB device number 45 using dummy_hcd
[  462.088124][ T5952] usb 4-1: Using ep0 maxpacket: 16
[  462.120797][ T5952] usb 4-1: config 0 has an invalid interface number: 1 but max is 0
[  462.172217][ T5952] usb 4-1: config 0 has no interface number 0
[  462.270239][ T5952] usb 4-1: config 0 interface 1 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  462.330985][ T5952] usb 4-1: config 0 interface 1 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  462.400884][ T5952] usb 4-1: New USB device found, idVendor=28bd, idProduct=0071, bcdDevice= 0.00
[  462.450435][ T5952] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  462.607637][ T5952] usb 4-1: config 0 descriptor??
[  462.714868][T12876] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1189'.
[  462.750979][T12877] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  462.781632][T12876] netlink: 'syz.2.1189': attribute type 1 has an invalid length.
[  462.823712][T12877] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  463.093205][ T5916] usb 2-1: new high-speed USB device number 57 using dummy_hcd
[  463.221057][T12891] cgroup: Unknown subsys name 'cgroup'
[  463.323890][ T5916] usb 2-1: config 1 contains an unexpected descriptor of type 0x2, skipping
[  463.337190][ T5916] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  463.380402][ T5916] usb 2-1: config 1 has 2 interfaces, different from the descriptor's value: 3
[  463.448010][ T5916] usb 2-1: config 1 has no interface number 1
[  463.504917][ T5916] usb 2-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 0
[  463.580527][ T5916] usb 2-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  463.615871][ T5916] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  463.634899][ T5916] usb 2-1: Product: syz
[  463.659745][ T5916] usb 2-1: Manufacturer: syz
[  463.682499][ T5916] usb 2-1: SerialNumber: syz
[  464.013650][ T5916] usb 2-1: No MIDI 2.0 at altset 1, falling back to MIDI 1.0
[  464.054113][ T5916] usb 2-1: MIDIStreaming interface descriptor not found
[  464.203974][ T5916] usb 2-1: USB disconnect, device number 57
[  464.336086][T12912] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1196'.
[  464.345944][T12912] netlink: 16 bytes leftover after parsing attributes in process `syz.4.1196'.
[  464.950282][ T5846] udevd[5846]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  466.216658][T12925] netlink: 56 bytes leftover after parsing attributes in process `syz.1.1200'.
[  466.446422][T12930] loop0: detected capacity change from 0 to 524287999
[  466.491028][T12930] buffer_io_error: 10 callbacks suppressed
[  466.491107][T12930] Buffer I/O error on dev loop0, logical block 0, async page read
[  466.568508][T12930] Buffer I/O error on dev loop0, logical block 0, async page read
[  466.578093][T12930] Buffer I/O error on dev loop0, logical block 0, async page read
[  466.592597][T12930] Buffer I/O error on dev loop0, logical block 0, async page read
[  466.618378][T12930] Buffer I/O error on dev loop0, logical block 0, async page read
[  466.629882][T12930] Buffer I/O error on dev loop0, logical block 0, async page read
[  466.641923][T12930] Buffer I/O error on dev loop0, logical block 0, async page read
[  466.651494][T12930] Buffer I/O error on dev loop0, logical block 0, async page read
[  466.660882][T12930] ldm_validate_partition_table(): Disk read failed.
[  466.670241][T12930] Buffer I/O error on dev loop0, logical block 0, async page read
[  466.679916][T12930] Buffer I/O error on dev loop0, logical block 0, async page read
[  466.701576][T12930] Dev loop0: unable to read RDB block 0
[  466.712038][T12930]  loop0: unable to read partition table
[  466.721234][T12930] loop_reread_partitions: partition scan of loop0 (3Ÿ¾x³˜CÖ

) failed (rc=-5)
[  468.358640][   T30] kauditd_printk_skb: 29 callbacks suppressed
[  468.358660][   T30] audit: type=1326 audit(1754269793.217:423): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12939 comm="syz.0.1204" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f094cf8eb69 code=0x7ffc0000
[  468.400604][ T5952] usbhid 4-1:0.1: can't add hid device: -32
[  468.407014][ T5952] usbhid 4-1:0.1: probe with driver usbhid failed with error -32
[  468.468058][   T30] audit: type=1326 audit(1754269793.217:424): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12939 comm="syz.0.1204" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f094cf8eb69 code=0x7ffc0000
[  468.578386][   T30] audit: type=1326 audit(1754269793.217:425): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12939 comm="syz.0.1204" exe="/root/syz-executor" sig=0 arch=c000003e syscall=87 compat=0 ip=0x7f094cf8eb69 code=0x7ffc0000
[  468.854782][   T30] audit: type=1326 audit(1754269793.217:426): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12939 comm="syz.0.1204" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f094cf8eb69 code=0x7ffc0000
[  468.903754][T12951] netlink: 44 bytes leftover after parsing attributes in process `syz.2.1207'.
[  468.926269][   T30] audit: type=1326 audit(1754269793.217:427): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12939 comm="syz.0.1204" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f094cf8eb69 code=0x7ffc0000
[  469.091663][   T30] audit: type=1326 audit(1754269793.227:428): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12939 comm="syz.0.1204" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f094cf8d4d0 code=0x7ffc0000
[  469.102114][T12955] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  469.375631][   T30] audit: type=1326 audit(1754269793.227:429): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12939 comm="syz.0.1204" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f094cf8eb69 code=0x7ffc0000
[  469.448038][ T5952] usb 4-1: USB disconnect, device number 45
[  469.454263][   T30] audit: type=1326 audit(1754269793.267:430): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12939 comm="syz.0.1204" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f094cf8eb69 code=0x7ffc0000
[  470.009588][   T30] audit: type=1326 audit(1754269793.267:431): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12939 comm="syz.0.1204" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f094cf8eb69 code=0x7ffc0000
[  470.079549][   T30] audit: type=1326 audit(1754269793.267:432): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12939 comm="syz.0.1204" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f094cf8eb69 code=0x7ffc0000
[  470.332679][T12958] binder: 12956:12958 ioctl c00c620f 200000000500 returned -22
[  471.497604][T12981] overlayfs: failed to clone upperpath
[  472.604287][  T890] usb 4-1: new high-speed USB device number 46 using dummy_hcd
[  472.740650][T12999] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1218'.
[  472.793855][  T890] usb 4-1: Using ep0 maxpacket: 8
[  472.814175][  T890] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 4
[  472.838079][  T890] usb 4-1: New USB device found, idVendor=1b1c, idProduct=1b09, bcdDevice= 0.00
[  472.851558][  T890] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  472.902688][  T890] usb 4-1: config 0 descriptor??
[  473.626668][  T890] corsair 0003:1B1C:1B09.000D: unbalanced delimiter at end of report description
[  473.836124][  T890] corsair 0003:1B1C:1B09.000D: parse failed
[  473.848428][  T890] corsair 0003:1B1C:1B09.000D: probe with driver corsair failed with error -22
[  474.775247][T13031] sp0: Synchronizing with TNC
[  475.077274][ T5941] usb 4-1: USB disconnect, device number 46
[  476.010257][T13009] bridge_slave_0: default FDB implementation only supports local addresses
[  477.867980][ T5916] usb 4-1: new high-speed USB device number 47 using dummy_hcd
[  478.233593][ T5916] usb 4-1: config index 0 descriptor too short (expected 64811, got 43)
[  478.243497][ T5916] usb 4-1: config 0 has an invalid interface number: 156 but max is -1
[  478.264278][ T5916] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 0
[  478.343894][ T5916] usb 4-1: config 0 has no interface number 0
[  478.472220][ T5916] usb 4-1: config 0 interface 156 altsetting 0 endpoint 0x3 has an invalid bInterval 0, changing to 7
[  478.840351][ T5916] usb 4-1: config 0 interface 156 altsetting 0 endpoint 0x3 has invalid wMaxPacketSize 0
[  478.885810][ T5916] usb 4-1: config 0 interface 156 altsetting 0 endpoint 0xF has invalid wMaxPacketSize 0
[  478.938530][ T5916] usb 4-1: New USB device found, idVendor=abcd, idProduct=cdee, bcdDevice= 5.b9
[  478.969937][ T5916] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  479.222703][ T5916] usb 4-1: config 0 descriptor??
[  479.257476][ T5916] gspca_main: spca561-2.14.0 probing abcd:cdee
[  480.382867][T13090] wg2: entered promiscuous mode
[  480.388099][T13090] wg2: entered allmulticast mode
[  482.040663][ T5916] spca561 4-1:0.156: probe with driver spca561 failed with error -22
[  482.083424][ T5916] usb 4-1: Quirk or no altset; falling back to MIDI 1.0
[  482.102399][ T5916] usb 4-1: MIDIStreaming interface descriptor not found
[  482.204854][ T5952] usb 4-1: USB disconnect, device number 47
[  482.628676][T13131] fuse: Unknown parameter 'group_d<00000000000000000000'
[  482.989657][ T5909] usb 2-1: new high-speed USB device number 58 using dummy_hcd
[  483.411603][ T5909] usb 2-1: New USB device found, idVendor=056e, idProduct=4010, bcdDevice=20.1c
[  483.450845][ T5909] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  483.502173][ T5909] usb 2-1: config 0 descriptor??
[  483.664826][T13150] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1257'.
[  486.162297][T13156] netlink: 68 bytes leftover after parsing attributes in process `syz.3.1258'.
[  486.174434][ T5909] pegasus 2-1:0.0: probe with driver pegasus failed with error -71
[  486.366359][ T5909] usb 2-1: USB disconnect, device number 58
[  486.501826][T13158] netlink: 552 bytes leftover after parsing attributes in process `syz.4.1261'.
[  486.595007][T13158] bridge1: the hash_elasticity option has been deprecated and is always 16
[  487.956963][T13183] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1266'.
[  488.801567][T13196] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1269'.
[  488.811204][T13196] netlink: 20 bytes leftover after parsing attributes in process `syz.2.1269'.
[  488.835935][T13196] netdevsim netdevsim2 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0
[  488.845311][T13196] netdevsim netdevsim2 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0
[  488.854342][T13196] netdevsim netdevsim2 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0
[  488.863342][T13196] netdevsim netdevsim2 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0
[  490.206374][T13217] random: crng reseeded on system resumption
[  491.046954][T13215] netlink: 'syz.4.1276': attribute type 10 has an invalid length.
[  491.094005][T13220] loop2: detected capacity change from 0 to 7
[  491.099815][T13215] netlink: 40 bytes leftover after parsing attributes in process `syz.4.1276'.
[  491.115049][T13220]  loop2: p1
[  491.125324][T13220] loop2: partition table partially beyond EOD, truncated
[  491.132802][T13220] loop2: p1 size 1919251295 extends beyond EOD, truncated
[  491.160997][T13215] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  491.179310][T13215] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  491.216653][T13215] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  491.263936][T13215] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  491.339108][T13215] team0: Port device geneve0 added
[  491.851606][T13228] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1278'.
[  491.860946][T13228] netlink: 16 bytes leftover after parsing attributes in process `syz.3.1278'.
[  492.342183][T13235] bond0: option active_slave: mode dependency failed, not supported in mode balance-rr(0)
[  493.003457][T13243] syz_tun: entered allmulticast mode
[  493.085307][T13243] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1282'.
[  493.194491][T13242] syz_tun: left allmulticast mode
[  493.722859][T13270] loop2: detected capacity change from 0 to 7
[  493.760078][T13270]  loop2: p1
[  493.769099][T13270] loop2: partition table partially beyond EOD, truncated
[  493.787141][T13270] loop2: p1 size 1919251295 extends beyond EOD, truncated
[  494.008022][ T5916] usb 2-1: new high-speed USB device number 59 using dummy_hcd
[  494.149922][T13280] block nbd0: shutting down sockets
[  494.182071][ T5916] usb 2-1: New USB device found, idVendor=0b95, idProduct=772b, bcdDevice=a2.4c
[  494.191781][ T5916] usb 2-1: New USB device strings: Mfr=24, Product=2, SerialNumber=3
[  494.200054][ T5916] usb 2-1: Product: syz
[  494.204355][ T5916] usb 2-1: Manufacturer: syz
[  494.209218][ T5916] usb 2-1: SerialNumber: syz
[  494.216542][ T5916] usb 2-1: config 0 descriptor??
[  494.227605][T13283] (unnamed net_device) (uninitialized): option all_slaves_active: invalid value (8)
[  494.560367][ T5916] asix 2-1:0.0 (unnamed net_device) (uninitialized): Failed to read reg index 0x0000: -71
[  494.571298][ T5916] asix 2-1:0.0: probe with driver asix failed with error -71
[  494.587428][ T5916] usb 2-1: USB disconnect, device number 59
[  494.678283][  T978] usb 4-1: new high-speed USB device number 48 using dummy_hcd
[  494.808058][  T978] usb 4-1: device descriptor read/64, error -71
[  494.929282][ T5916] usb 2-1: new high-speed USB device number 60 using dummy_hcd
[  495.048040][  T978] usb 4-1: new high-speed USB device number 49 using dummy_hcd
[  495.089857][ T5916] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  495.101097][ T5916] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  495.111045][ T5916] usb 2-1: New USB device found, idVendor=054c, idProduct=0df2, bcdDevice=d6.af
[  495.121425][ T5916] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  495.134055][ T5916] usb 2-1: config 0 descriptor??
[  495.188078][  T978] usb 4-1: device descriptor read/64, error -71
[  495.298487][  T978] usb usb4-port1: attempt power cycle
[  495.346424][ T5916] playstation 0003:054C:0DF2.000E: unknown main item tag 0x0
[  495.354542][ T5916] playstation 0003:054C:0DF2.000E: unknown main item tag 0x0
[  495.362406][ T5916] playstation 0003:054C:0DF2.000E: unknown main item tag 0x0
[  495.371129][ T5916] playstation 0003:054C:0DF2.000E: unknown main item tag 0x0
[  495.378964][ T5916] playstation 0003:054C:0DF2.000E: unknown main item tag 0x0
[  495.390548][ T5916] playstation 0003:054C:0DF2.000E: hidraw0: USB HID v1.01 Device [HID 054c:0df2] on usb-dummy_hcd.1-1/input0
[  495.546012][ T5916] playstation 0003:054C:0DF2.000E: Failed to retrieve feature with reportID 9: -71
[  495.556673][ T5916] playstation 0003:054C:0DF2.000E: Failed to retrieve DualSense pairing info: -71
[  495.566403][ T5916] playstation 0003:054C:0DF2.000E: Failed to get MAC address from DualSense
[  495.575521][ T5916] playstation 0003:054C:0DF2.000E: Failed to create dualsense.
[  495.586211][ T5916] playstation 0003:054C:0DF2.000E: probe with driver playstation failed with error -71
[  495.599214][ T5916] usb 2-1: USB disconnect, device number 60
[  495.639256][  T978] usb 4-1: new high-speed USB device number 50 using dummy_hcd
[  495.658758][  T978] usb 4-1: device descriptor read/8, error -71
[  495.898424][  T978] usb 4-1: new high-speed USB device number 51 using dummy_hcd
[  495.918923][  T978] usb 4-1: device descriptor read/8, error -71
[  496.029595][  T978] usb usb4-port1: unable to enumerate USB device
[  497.207594][T13311] loop2: detected capacity change from 0 to 7
[  497.251068][T13311]  loop2: p1
[  497.254372][T13311] loop2: partition table partially beyond EOD, truncated
[  497.308558][T13311] loop2: p1 size 1919251295 extends beyond EOD, truncated
[  497.443473][T13318] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1303'.
[  497.445783][T13321] netlink: 'syz.1.1305': attribute type 10 has an invalid length.
[  497.469737][T13318] netlink: 120 bytes leftover after parsing attributes in process `syz.0.1303'.
[  497.481701][T13318] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1303'.
[  497.513875][T13321] qnx6: wrong signature (magic) at position (0x2000) - will try alternative position (0x0000).
[  497.524981][T13321] qnx6: wrong signature (magic) in superblock #1.
[  497.531591][T13321] qnx6: unable to read the first superblock
[  497.808266][ T5941] usb 4-1: new high-speed USB device number 52 using dummy_hcd
[  497.911801][T13330] binder: 13328:13330 ioctl c00c620f 200000000500 returned -22
[  497.960531][T13337] overlayfs: failed to resolve './file1': -2
[  497.978125][ T5941] usb 4-1: Using ep0 maxpacket: 8
[  497.990534][ T5941] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 4
[  498.013624][ T5941] usb 4-1: New USB device found, idVendor=1b1c, idProduct=1b09, bcdDevice= 0.00
[  498.031857][ T5941] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  498.055848][ T5941] usb 4-1: config 0 descriptor??
[  498.195115][T13341] tty tty21: ldisc open failed (-12), clearing slot 20
[  498.285244][T13341] delete_channel: no stack
[  498.854525][ T5941] corsair 0003:1B1C:1B09.000F: unbalanced delimiter at end of report description
[  498.865338][ T5941] corsair 0003:1B1C:1B09.000F: parse failed
[  498.871429][ T5941] corsair 0003:1B1C:1B09.000F: probe with driver corsair failed with error -22
[  500.955419][T13375] binder: 13373:13375 ioctl c00c620f 200000000500 returned -22
[  501.172236][ T5941] usb 4-1: USB disconnect, device number 52
[  501.302794][T13387] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  501.950796][T13413] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1327'.
[  502.091349][T13419] loop2: detected capacity change from 0 to 7
[  502.109595][T13419]  loop2: p1
[  502.112909][T13419] loop2: partition table partially beyond EOD, truncated
[  502.153211][T13419] loop2: p1 size 1919251295 extends beyond EOD, truncated
[  502.258466][T13153] af_packet: tpacket_rcv: packet too big, clamped from 176 to 4294967272. macoff=96
[  502.285242][T13429] netlink: 'syz.2.1331': attribute type 25 has an invalid length.
[  502.331560][T13429] netlink: 'syz.2.1331': attribute type 3 has an invalid length.
[  502.576660][T13435] binder: 13433:13435 ioctl c00c620f 200000000500 returned -22
[  502.628298][  T978] usb 5-1: new high-speed USB device number 50 using dummy_hcd
[  502.650039][ T5909] usb 2-1: new high-speed USB device number 61 using dummy_hcd
[  502.802033][  T978] usb 5-1: Using ep0 maxpacket: 32
[  502.826587][ T5909] usb 2-1: Using ep0 maxpacket: 8
[  502.834057][  T978] usb 5-1: unable to get BOS descriptor or descriptor too short
[  502.842086][ T5909] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 4
[  502.900715][ T5909] usb 2-1: New USB device found, idVendor=1b1c, idProduct=1b09, bcdDevice= 0.00
[  502.914333][ T5909] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  502.926308][  T978] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 2
[  502.986508][  T978] usb 5-1: config 1 has no interface number 0
[  503.115715][ T5909] usb 2-1: config 0 descriptor??
[  503.128408][  T978] usb 5-1: config 1 interface 1 altsetting 1 endpoint 0x82 has invalid maxpacket 1048, setting to 1024
[  503.209663][  T978] usb 5-1: config 1 interface 1 altsetting 1 bulk endpoint 0x82 has invalid maxpacket 1024
[  503.329787][  T978] usb 5-1: config 1 interface 1 altsetting 1 bulk endpoint 0x3 has invalid maxpacket 32
[  503.376089][  T978] usb 5-1: config 1 interface 1 has no altsetting 0
[  503.401106][  T978] usb 5-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  503.424498][  T978] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  503.433162][  T978] usb 5-1: Product: syz
[  503.437423][  T978] usb 5-1: Manufacturer: syz
[  503.442361][  T978] usb 5-1: SerialNumber: syz
[  503.573478][T13453] overlayfs: missing 'lowerdir'
[  505.171604][ T5909] corsair 0003:1B1C:1B09.0010: unbalanced delimiter at end of report description
[  505.272966][ T5909] corsair 0003:1B1C:1B09.0010: parse failed
[  505.310736][ T5909] corsair 0003:1B1C:1B09.0010: probe with driver corsair failed with error -22
[  505.591276][  T978] cdc_ncm 5-1:1.1: CDC Union missing and no IAD found
[  505.612553][  T978] cdc_ncm 5-1:1.1: bind() failure
[  505.635355][  T978] usb 5-1: USB disconnect, device number 50
[  505.688004][ T5941] usb 4-1: new high-speed USB device number 53 using dummy_hcd
[  505.818069][ T5941] usb 4-1: device descriptor read/64, error -71
[  506.058122][ T5941] usb 4-1: new high-speed USB device number 54 using dummy_hcd
[  506.188134][ T5941] usb 4-1: device descriptor read/64, error -71
[  506.366851][  T890] usb 2-1: USB disconnect, device number 61
[  506.799018][ T1304] ieee802154 phy0 wpan0: encryption failed: -22
[  506.805966][ T1304] ieee802154 phy1 wpan1: encryption failed: -22
[  507.208124][ T5941] usb usb4-port1: attempt power cycle
[  507.311770][T13487] SET target dimension over the limit!
[  507.581348][  T978] usb 5-1: new high-speed USB device number 51 using dummy_hcd
[  507.586587][T13497] netlink: 40 bytes leftover after parsing attributes in process `syz.1.1349'.
[  507.599057][ T5941] usb 4-1: new high-speed USB device number 55 using dummy_hcd
[  507.875992][ T5941] usb 4-1: device descriptor read/8, error -71
[  508.139432][  T978] usb 5-1: Using ep0 maxpacket: 8
[  508.150960][  T978] usb 5-1: unable to get BOS descriptor or descriptor too short
[  508.170689][  T978] usb 5-1: config 0 has an invalid interface number: 88 but max is 0
[  508.182745][  T978] usb 5-1: config 0 has no interface number 0
[  508.190842][  T978] usb 5-1: config 0 interface 88 altsetting 8 endpoint 0x86 has an invalid bInterval 0, changing to 7
[  508.203873][  T978] usb 5-1: config 0 interface 88 altsetting 8 endpoint 0x86 has invalid wMaxPacketSize 0
[  508.218054][ T5941] usb 4-1: new high-speed USB device number 56 using dummy_hcd
[  508.395073][  T978] usb 5-1: config 0 interface 88 has no altsetting 0
[  508.420409][  T978] usb 5-1: New USB device found, idVendor=0460, idProduct=0004, bcdDevice=96.31
[  508.489226][  T978] usb 5-1: New USB device strings: Mfr=1, Product=84, SerialNumber=3
[  508.497637][  T978] usb 5-1: Product: syz
[  508.508072][  T978] usb 5-1: Manufacturer: syz
[  508.512971][  T978] usb 5-1: SerialNumber: syz
[  508.527771][ T5941] usb 4-1: device descriptor read/8, error -71
[  508.533250][  T978] usb 5-1: config 0 descriptor??
[  509.118160][  T978] input: syz syz as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.88/input/input20
[  509.161020][  T978] usb 5-1: USB disconnect, device number 51
[  509.230625][ T5941] usb usb4-port1: unable to enumerate USB device
[  509.494744][   T30] kauditd_printk_skb: 21 callbacks suppressed
[  509.494764][   T30] audit: type=1326 audit(1754269834.347:454): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13507 comm="syz.2.1352" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f9885d8eb69 code=0x7ffe0000
[  510.619782][ T5842] Bluetooth: hci4: unexpected event for opcode 0x0c20
[  511.008009][ T5941] usb 4-1: new low-speed USB device number 57 using dummy_hcd
[  511.828821][ T5941] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  511.858140][ T5941] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 3
[  511.877539][ T5941] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x1 has an invalid bInterval 0, changing to 4
[  511.895790][ T5941] usb 4-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 4
[  511.931379][ T5941] usb 4-1: string descriptor 0 read error: -22
[  511.937797][ T5941] usb 4-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  511.948050][ T5941] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  511.965027][ T5941] usb 4-1: 0:2 : does not exist
[  512.098070][  T978] usb 2-1: new high-speed USB device number 62 using dummy_hcd
[  512.248262][  T978] usb 2-1: Using ep0 maxpacket: 16
[  512.255457][  T978] usb 2-1: too many endpoints for config 0 interface 0 altsetting 61: 48, using maximum allowed: 30
[  512.266555][  T978] usb 2-1: config 0 interface 0 altsetting 61 has 0 endpoint descriptors, different from the interface descriptor's value: 48
[  512.280202][  T978] usb 2-1: config 0 interface 0 has no altsetting 0
[  512.289972][  T978] usb 2-1: New USB device found, idVendor=1235, idProduct=0010, bcdDevice=29.82
[  512.299651][  T978] usb 2-1: New USB device strings: Mfr=83, Product=5, SerialNumber=10
[  512.308189][  T978] usb 2-1: Product: syz
[  512.312478][  T978] usb 2-1: Manufacturer: syz
[  512.317192][  T978] usb 2-1: SerialNumber: syz
[  512.325169][  T978] usb 2-1: config 0 descriptor??
[  512.334835][  T978] usb 2-1: selecting invalid altsetting 1
[  512.361878][  T978] snd-usb-audio 2-1:0.0: probe with driver snd-usb-audio failed with error -22
[  512.584725][ T5941] usb 2-1: USB disconnect, device number 62
[  512.772947][T13551] libceph: resolve '4..' (ret=-3): failed
[  513.201736][T13569] sch_tbf: peakrate 8 is lower than or equals to rate 12 !
[  513.211980][ T5909] usb 4-1: USB disconnect, device number 57
[  514.491089][T13587] loop2: detected capacity change from 0 to 7
[  514.503781][T13587]  loop2: p1
[  514.507365][T13587] loop2: partition table partially beyond EOD, truncated
[  514.514991][T13587] loop2: p1 size 1919251295 extends beyond EOD, truncated
[  514.808045][   T24] usb 4-1: new high-speed USB device number 58 using dummy_hcd
[  514.968002][   T24] usb 4-1: Using ep0 maxpacket: 8
[  514.982935][   T24] usb 4-1: New USB device found, idVendor=2770, idProduct=930c, bcdDevice=8d.6a
[  514.998049][   T24] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  515.023541][   T24] usb 4-1: Product: syz
[  515.027785][   T24] usb 4-1: Manufacturer: syz
[  515.042009][   T24] usb 4-1: SerialNumber: syz
[  515.062133][   T24] usb 4-1: config 0 descriptor??
[  515.073356][   T24] gspca_main: sq930x-2.14.0 probing 2770:930c
[  515.328278][  T890] usb 5-1: new high-speed USB device number 52 using dummy_hcd
[  515.420098][T13610] 9pnet_fd: Insufficient options for proto=fd
[  515.478511][   T30] audit: type=1800 audit(1754269840.327:455): pid=13613 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz.1.1385" name="file1" dev="overlay" ino=1454 res=0 errno=0
[  515.499103][  T890] usb 5-1: Using ep0 maxpacket: 16
[  515.518032][  T890] usb 5-1: config 0 has an invalid interface number: 41 but max is 0
[  515.530312][  T890] usb 5-1: config 0 has no interface number 0
[  515.545142][  T890] usb 5-1: config 0 interface 41 altsetting 2 bulk endpoint 0x4 has invalid maxpacket 16
[  515.576794][  T890] usb 5-1: config 0 interface 41 altsetting 2 bulk endpoint 0x82 has invalid maxpacket 64
[  515.598825][   T24] gspca_sq930x: reg_r 001f failed -110
[  515.607625][   T24] sq930x 4-1:0.0: probe with driver sq930x failed with error -110
[  515.619903][  T890] usb 5-1: config 0 interface 41 has no altsetting 0
[  515.637401][  T890] usb 5-1: New USB device found, idVendor=0fe6, idProduct=9700, bcdDevice=d1.9a
[  515.668170][  T890] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  515.676250][  T890] usb 5-1: Product: syz
[  515.692821][  T890] usb 5-1: Manufacturer: syz
[  515.697595][  T890] usb 5-1: SerialNumber: syz
[  516.447629][  T890] usb 5-1: config 0 descriptor??
[  516.736998][T13598] raw-gadget.1 gadget.4: fail, usb_ep_enable returned -22
[  516.746680][T13598] raw-gadget.1 gadget.4: fail, usb_ep_enable returned -22
[  516.829763][T13626] loop2: detected capacity change from 0 to 7
[  516.841630][T13626]  loop2: p1
[  516.848586][T13626] loop2: partition table partially beyond EOD, truncated
[  516.863934][T13626] loop2: p1 size 1919251295 extends beyond EOD, truncated
[  516.964205][T13598] raw-gadget.1 gadget.4: fail, usb_ep_enable returned -22
[  516.986830][T13598] raw-gadget.1 gadget.4: fail, usb_ep_enable returned -22
[  517.309478][  T978] usb 4-1: USB disconnect, device number 58
[  517.426052][  T890] Error reading MAC address
[  517.434055][T13598] raw-gadget.1 gadget.4: fail, usb_ep_enable returned -22
[  517.442115][ T5902] usb 2-1: new high-speed USB device number 63 using dummy_hcd
[  517.453082][T13598] raw-gadget.1 gadget.4: fail, usb_ep_enable returned -22
[  517.652448][ T5902] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  517.671915][ T5902] usb 2-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40
[  517.773479][ T5902] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  517.880790][  T890] sr9700 5-1:0.41 (unnamed net_device) (uninitialized): Error reading MAC address
[  517.948242][ T5902] usb 2-1: config 0 descriptor??
[  518.284159][T13645] delete_channel: no stack
[  518.304600][  T890] usb 5-1: USB disconnect, device number 52
[  518.594855][ T5902] usbhid 2-1:0.0: can't add hid device: -71
[  518.601431][ T5902] usbhid 2-1:0.0: probe with driver usbhid failed with error -71
[  518.639762][ T5902] usb 2-1: USB disconnect, device number 63
[  518.798066][ T5909] usb 4-1: new high-speed USB device number 59 using dummy_hcd
[  518.976955][ T5909] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  519.138998][ T5909] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  519.166829][ T5909] usb 4-1: New USB device found, idVendor=10c4, idProduct=ea90, bcdDevice= 0.00
[  519.442339][ T5909] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  519.455358][ T5909] usb 4-1: config 0 descriptor??
[  519.878146][ T5909] cp2112 0003:10C4:EA90.0011: unknown main item tag 0x0
[  519.926822][ T5909] cp2112 0003:10C4:EA90.0011: hidraw0: USB HID v0.00 Device [HID 10c4:ea90] on usb-dummy_hcd.3-1/input0
[  520.077281][ T5909] cp2112 0003:10C4:EA90.0011: Part Number: 0x00 Device Version: 0x4D
[  520.124953][T13690] 8021q: VLANs not supported on ip6gre0
[  520.702667][T13704] netlink: 'syz.4.1412': attribute type 10 has an invalid length.
[  520.713033][T13704] netlink: 40 bytes leftover after parsing attributes in process `syz.4.1412'.
[  520.740721][T13704] netdevsim netdevsim4 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0
[  520.750851][T13704] netdevsim netdevsim4 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0
[  520.759027][T13707] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  520.761187][T13704] netdevsim netdevsim4 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0
[  520.778535][T13704] netdevsim netdevsim4 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0
[  520.792338][T13707] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  521.158664][  T978] usb 2-1: new high-speed USB device number 64 using dummy_hcd
[  521.276399][T13718] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1413'.
[  521.923885][T13726] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  521.938427][T13726] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  522.518582][  T978] usb 2-1: device descriptor read/64, error -71
[  522.579558][T13732] lo speed is unknown, defaulting to 1000
[  522.588103][ T5909] cp2112 0003:10C4:EA90.0011: error reading lock byte: -71
[  522.628550][ T5909] usb 4-1: USB disconnect, device number 59
[  522.808902][  T978] usb 2-1: new high-speed USB device number 65 using dummy_hcd
[  522.987998][  T978] usb 2-1: Using ep0 maxpacket: 32
[  523.034898][  T978] usb 2-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  523.058378][  T978] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 255, changing to 11
[  523.066333][T13749] netlink: 'syz.4.1424': attribute type 11 has an invalid length.
[  523.091535][  T978] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024
[  523.091902][T13749] netlink: 224 bytes leftover after parsing attributes in process `syz.4.1424'.
[  523.128406][  T978] usb 2-1: New USB device found, idVendor=046d, idProduct=c314, bcdDevice= 0.40
[  523.132844][   T24] hid-generic 0000:0000:0000.0012: unknown main item tag 0x0
[  523.150225][  T978] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  523.164158][  T978] usb 2-1: config 0 descriptor??
[  523.184185][T13727] raw-gadget.4 gadget.1: fail, usb_ep_enable returned -22
[  523.199651][  T978] hub 2-1:0.0: USB hub found
[  523.213514][   T24] hid-generic 0000:0000:0000.0012: hidraw0: <UNKNOWN> HID v0.00 Device [syz1] on syz0
[  523.423335][  T978] hub 2-1:0.0: config failed, can't read hub descriptor (err -22)
[  523.448460][ T5909] usb 4-1: new high-speed USB device number 60 using dummy_hcd
[  523.466168][  T978] hid-generic 0003:046D:C314.0013: unknown main item tag 0x0
[  523.503639][  T978] hid-generic 0003:046D:C314.0013: hidraw0: USB HID v8.00 Device [HID 046d:c314] on usb-dummy_hcd.1-1/input0
[  523.578033][ T5842] Bluetooth: hci3: ACL packet for unknown connection handle 200
[  523.608063][ T5909] usb 4-1: Using ep0 maxpacket: 16
[  523.621804][ T5909] usb 4-1: config 0 interface 0 altsetting 8 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  523.642411][ T5909] usb 4-1: config 0 interface 0 altsetting 8 endpoint 0x81 has invalid wMaxPacketSize 0
[  523.676389][ T5909] usb 4-1: config 0 interface 0 has no altsetting 0
[  523.688590][ T5909] usb 4-1: New USB device found, idVendor=17ef, idProduct=6009, bcdDevice= 0.00
[  523.710553][ T5909] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  523.764315][ T5909] usb 4-1: config 0 descriptor??
[  523.769712][  T978] usb 2-1: USB disconnect, device number 65
[  524.795462][T13751] xt_CT: No such helper "snmp"
[  525.035199][ T5909] usbhid 4-1:0.0: can't add hid device: -71
[  525.093663][ T5909] usbhid 4-1:0.0: probe with driver usbhid failed with error -71
[  525.116422][T13796] bond0: option active_slave: mode dependency failed, not supported in mode balance-rr(0)
[  525.338333][ T5909] usb 4-1: USB disconnect, device number 60
[  526.318168][T13796] syz.4.1433 (13796) used greatest stack depth: 15800 bytes left
[  526.442672][T13804] xt_TCPMSS: Only works on TCP SYN packets
[  526.767836][T13799] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  526.965707][T13799] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  527.066359][T13825] xt_hashlimit: size too large, truncated to 1048576
[  527.192394][T13799] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  527.473355][T13799] bond0: (slave netdevsim0): Releasing backup interface
[  527.519005][  T890] usb 5-1: new low-speed USB device number 53 using dummy_hcd
[  527.535958][T13799] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  527.656646][T13799] netdevsim netdevsim1 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[  527.667973][  T890] usb 5-1: device descriptor read/64, error -71
[  527.690025][T13799] netdevsim netdevsim1 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[  527.727406][T13834] sctp: [Deprecated]: syz.0.1445 (pid 13834) Use of int in max_burst socket option.
[  527.727406][T13834] Use struct sctp_assoc_value instead
[  527.746928][ T5902] usb 4-1: new full-speed USB device number 61 using dummy_hcd
[  527.757444][T13799] netdevsim netdevsim1 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[  527.780767][T13799] netdevsim netdevsim1 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[  527.908061][  T890] usb 5-1: new low-speed USB device number 54 using dummy_hcd
[  527.921096][ T5902] usb 4-1: unable to get BOS descriptor or descriptor too short
[  527.933435][ T5902] usb 4-1: not running at top speed; connect to a high speed hub
[  527.952095][ T5902] usb 4-1: config 3 has an invalid interface number: 1 but max is 0
[  527.963477][ T5902] usb 4-1: config 3 has no interface number 0
[  527.978041][ T5902] usb 4-1: config 3 interface 1 has no altsetting 0
[  527.992091][ T5902] usb 4-1: New USB device found, idVendor=1b80, idProduct=e421, bcdDevice=35.5d
[  528.004146][ T5902] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  528.028176][ T5902] usb 4-1: Product: syz
[  528.044632][ T5902] usb 4-1: Manufacturer: syz
[  528.049872][ T5902] usb 4-1: SerialNumber: syz
[  528.168002][  T890] usb 5-1: device descriptor read/64, error -71
[  528.298403][  T890] usb usb5-port1: attempt power cycle
[  529.422737][  T890] usb 5-1: new low-speed USB device number 55 using dummy_hcd
[  529.468865][  T890] usb 5-1: device descriptor read/8, error -71
[  530.226606][ T5902] cx231xx 4-1:3.1: New device syz syz @ 12 Mbps (1b80:e421) with 1 interfaces
[  530.284917][ T5902] cx231xx 4-1:3.1: Not found matching IAD interface
[  530.498795][  T890] usb 5-1: new low-speed USB device number 56 using dummy_hcd
[  530.612768][  T890] usb 5-1: device descriptor read/8, error -71
[  530.641154][ T5902] usb 4-1: USB disconnect, device number 61
[  531.335997][T13859] tmpfs: Unknown parameter 'm‹ol'
[  531.336811][  T890] usb usb5-port1: unable to enumerate USB device
[  531.570973][T13866] lo speed is unknown, defaulting to 1000
[  531.587779][T13873] FAULT_INJECTION: forcing a failure.
[  531.587779][T13873] name failslab, interval 1, probability 0, space 0, times 0
[  531.605933][T13873] CPU: 0 UID: 0 PID: 13873 Comm: syz.4.1457 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) 
[  531.605973][T13873] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  531.605991][T13873] Call Trace:
[  531.606004][T13873]  <TASK>
[  531.606015][T13873]  dump_stack_lvl+0x189/0x250
[  531.606045][T13873]  ? __pfx____ratelimit+0x10/0x10
[  531.606070][T13873]  ? __pfx_dump_stack_lvl+0x10/0x10
[  531.606095][T13873]  ? __pfx__printk+0x10/0x10
[  531.606126][T13873]  ? __pfx___might_resched+0x10/0x10
[  531.606150][T13873]  ? fs_reclaim_acquire+0x7d/0x100
[  531.606182][T13873]  should_fail_ex+0x414/0x560
[  531.606212][T13873]  should_failslab+0xa8/0x100
[  531.606239][T13873]  __kmalloc_cache_noprof+0x70/0x3d0
[  531.606261][T13873]  ? virtual_ncidev_open+0x54/0x1a0
[  531.606297][T13873]  virtual_ncidev_open+0x54/0x1a0
[  531.606321][T13873]  ? __pfx_virtual_ncidev_open+0x10/0x10
[  531.606340][T13873]  misc_open+0x2b9/0x330
[  531.606369][T13873]  chrdev_open+0x4c9/0x5e0
[  531.606398][T13873]  ? __pfx_chrdev_open+0x10/0x10
[  531.606432][T13873]  ? __pfx_chrdev_open+0x10/0x10
[  531.606457][T13873]  do_dentry_open+0xdf0/0x1970
[  531.606504][T13873]  vfs_open+0x3b/0x340
[  531.606528][T13873]  ? path_openat+0x2ecd/0x3830
[  531.606572][T13873]  path_openat+0x2ee5/0x3830
[  531.606602][T13873]  ? arch_stack_walk+0xfc/0x150
[  531.606666][T13873]  ? __pfx_path_openat+0x10/0x10
[  531.606693][T13873]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  531.606737][T13873]  do_filp_open+0x1fa/0x410
[  531.606768][T13873]  ? __lock_acquire+0xab9/0xd20
[  531.606790][T13873]  ? __pfx_do_filp_open+0x10/0x10
[  531.606855][T13873]  ? _raw_spin_unlock+0x28/0x50
[  531.606888][T13873]  ? alloc_fd+0x64c/0x6c0
[  531.606924][T13873]  do_sys_openat2+0x121/0x1c0
[  531.606957][T13873]  ? __pfx_do_sys_openat2+0x10/0x10
[  531.606988][T13873]  ? ksys_write+0x22a/0x250
[  531.607011][T13873]  ? __pfx_ksys_write+0x10/0x10
[  531.607036][T13873]  __x64_sys_openat+0x138/0x170
[  531.607070][T13873]  do_syscall_64+0xfa/0x3b0
[  531.607094][T13873]  ? lockdep_hardirqs_on+0x9c/0x150
[  531.607116][T13873]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  531.607138][T13873]  ? clear_bhb_loop+0x60/0xb0
[  531.607165][T13873]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  531.607185][T13873] RIP: 0033:0x7f38a798eb69
[  531.607203][T13873] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  531.607222][T13873] RSP: 002b:00007f38a8721038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[  531.607245][T13873] RAX: ffffffffffffffda RBX: 00007f38a7bb5fa0 RCX: 00007f38a798eb69
[  531.607261][T13873] RDX: 0000000000000002 RSI: 00002000000027c0 RDI: ffffffffffffff9c
[  531.607276][T13873] RBP: 00007f38a8721090 R08: 0000000000000000 R09: 0000000000000000
[  531.607289][T13873] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  531.607301][T13873] R13: 0000000000000001 R14: 00007f38a7bb5fa0 R15: 00007ffef0c27c38
[  531.607335][T13873]  </TASK>
[  533.442859][T13900] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1465'.
[  533.468194][T13900] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1465'.
[  533.538767][T13904] futex_wake_op: syz.1.1466 tries to shift op by 32; fix this program
[  533.798263][ T5909] usb 2-1: new high-speed USB device number 66 using dummy_hcd
[  533.928139][  T890] usb 5-1: new high-speed USB device number 57 using dummy_hcd
[  533.947980][ T5909] usb 2-1: device descriptor read/64, error -71
[  534.088133][  T890] usb 5-1: Using ep0 maxpacket: 8
[  534.098495][  T890] usb 5-1: config 0 has an invalid interface number: 148 but max is 0
[  534.107101][  T890] usb 5-1: config 0 has no interface number 0
[  534.118806][  T890] usb 5-1: New USB device found, idVendor=0d46, idProduct=2012, bcdDevice=4d.36
[  534.130999][  T890] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  534.139605][  T890] usb 5-1: Product: syz
[  534.144069][  T890] usb 5-1: Manufacturer: syz
[  534.151210][  T890] usb 5-1: SerialNumber: syz
[  534.161141][  T890] usb 5-1: config 0 descriptor??
[  534.185205][  T890] kobil_sct 5-1:0.148: required endpoints missing
[  534.191916][ T5909] usb 2-1: new high-speed USB device number 67 using dummy_hcd
[  534.338906][ T5909] usb 2-1: device descriptor read/64, error -71
[  534.448557][ T5909] usb usb2-port1: attempt power cycle
[  534.465088][ T5916] usb 5-1: USB disconnect, device number 57
[  534.557969][  T978] usb 4-1: new high-speed USB device number 62 using dummy_hcd
[  534.722249][  T978] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  534.738340][  T978] usb 4-1: config 1 interface 1 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  534.762340][  T978] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  534.773422][  T978] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  534.789495][  T978] usb 4-1: Product: syz
[  534.798796][  T978] usb 4-1: Manufacturer: syz
[  534.803469][  T978] usb 4-1: SerialNumber: syz
[  534.817379][  T978] usb 4-1: selecting invalid altsetting 1
[  534.824336][ T5909] usb 2-1: new high-speed USB device number 68 using dummy_hcd
[  534.870195][ T5909] usb 2-1: device descriptor read/8, error -71
[  535.022006][T13928] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1475'.
[  535.116767][  T978] cdc_ncm 4-1:1.1: failed GET_NTB_PARAMETERS
[  535.138197][  T978] cdc_ncm 4-1:1.1: bind() failure
[  535.148044][ T5909] usb 2-1: new high-speed USB device number 69 using dummy_hcd
[  535.169527][  T978] usb 4-1: USB disconnect, device number 62
[  535.258016][ T5909] usb 2-1: device descriptor read/8, error -71
[  535.278651][T13933] netdevsim netdevsim4 netdevsim0: entered promiscuous mode
[  535.379434][ T5909] usb usb2-port1: unable to enumerate USB device
[  535.555556][T13933] netlink: 'syz.4.1476': attribute type 1 has an invalid length.
[  536.201365][T13932] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  536.266673][T13933] vlan0: entered allmulticast mode
[  536.287242][T13933] veth1: entered allmulticast mode
[  538.164788][T13983] netlink: 40 bytes leftover after parsing attributes in process `syz.2.1489'.
[  538.175493][T13979] binder: 13977:13979 ioctl c0306201 2000000003c0 returned -14
[  538.299252][T13993] binder: BINDER_SET_CONTEXT_MGR already set
[  538.305483][T13993] binder: 13977:13993 ioctl 4018620d 2000000000c0 returned -16
[  538.498409][T13995] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1490'.
[  538.507567][T13995] netlink: 16 bytes leftover after parsing attributes in process `syz.1.1490'.
[  538.869311][T13993] binder: BINDER_SET_CONTEXT_MGR already set
[  538.876134][T13993] binder: 13977:13993 ioctl 4018620d 200000000040 returned -16
[  538.934079][T13993] binder: 13977:13993 ioctl 40082102 200000000200 returned -22
[  539.098065][   T30] audit: type=1326 audit(1754269863.937:456): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14002 comm="syz.4.1495" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f38a798eb69 code=0x7ffc0000
[  539.167391][   T30] audit: type=1326 audit(1754269863.947:457): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14002 comm="syz.4.1495" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f38a798eb69 code=0x7ffc0000
[  539.208504][  T978] hid-generic FFFA:0008:0008.0014: unknown main item tag 0x4
[  539.243713][   T30] audit: type=1326 audit(1754269863.947:458): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14002 comm="syz.4.1495" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f38a798eb69 code=0x7ffc0000
[  539.247034][  T978] hid-generic FFFA:0008:0008.0014: hidraw0: <UNKNOWN> HID v7fffff.ff Device [syz1] on syz0
[  539.306134][   T30] audit: type=1326 audit(1754269863.947:459): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14002 comm="syz.4.1495" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f38a798eb69 code=0x7ffc0000
[  539.343823][   T30] audit: type=1326 audit(1754269863.947:460): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14002 comm="syz.4.1495" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f38a798eb69 code=0x7ffc0000
[  539.372895][   T30] audit: type=1326 audit(1754269863.947:461): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14002 comm="syz.4.1495" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f38a798eb69 code=0x7ffc0000
[  539.400134][   T30] audit: type=1326 audit(1754269864.017:462): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14002 comm="syz.4.1495" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f38a798eb69 code=0x7ffc0000
[  539.429538][   T30] audit: type=1326 audit(1754269864.017:463): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14002 comm="syz.4.1495" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f38a798eb69 code=0x7ffc0000
[  539.459305][   T30] audit: type=1326 audit(1754269864.047:464): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14002 comm="syz.4.1495" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f38a798eb69 code=0x7ffc0000
[  539.505413][   T30] audit: type=1326 audit(1754269864.047:465): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14002 comm="syz.4.1495" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f38a798eb69 code=0x7ffc0000
[  539.513551][T14009] x_tables: duplicate underflow at hook 1
[  540.108047][  T890] usb 5-1: new high-speed USB device number 58 using dummy_hcd
[  540.210092][T14036] tmpfs: Bad value for 'mpol'
[  540.249157][  T890] usb 5-1: device descriptor read/64, error -71
[  540.548364][  T890] usb 5-1: new high-speed USB device number 59 using dummy_hcd
[  540.779477][  T890] usb 5-1: device descriptor read/64, error -71
[  540.988855][  T890] usb usb5-port1: attempt power cycle
[  541.319368][T14044] openvswitch: netlink: Either Ethernet header or EtherType is required.
[  541.362982][  T890] usb 5-1: new high-speed USB device number 60 using dummy_hcd
[  541.399618][  T890] usb 5-1: device descriptor read/8, error -71
[  541.648187][  T890] usb 5-1: new high-speed USB device number 61 using dummy_hcd
[  541.684163][  T890] usb 5-1: device descriptor read/8, error -71
[  541.798596][  T890] usb usb5-port1: unable to enumerate USB device
[  548.093583][T14966] kernel profiling enabled (shift: 9)
[  548.206416][T14976] netlink: 24 bytes leftover after parsing attributes in process `syz.1.1533'.
[  548.595587][T14989] ==================================================================
[  548.603739][T14989] BUG: KASAN: slab-use-after-free in sysfs_remove_file_ns+0x3d/0x70
[  548.611766][T14989] Read of size 8 at addr ffff888032f0ec30 by task syz.4.1537/14989
[  548.619696][T14989] 
[  548.622042][T14989] CPU: 0 UID: 0 PID: 14989 Comm: syz.4.1537 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) 
[  548.622067][T14989] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  548.622080][T14989] Call Trace:
[  548.622090][T14989]  <TASK>
[  548.622098][T14989]  dump_stack_lvl+0x189/0x250
[  548.622124][T14989]  ? __virt_addr_valid+0x1c8/0x5c0
[  548.622146][T14989]  ? rcu_is_watching+0x15/0xb0
[  548.622174][T14989]  ? __pfx_dump_stack_lvl+0x10/0x10
[  548.622199][T14989]  ? rcu_is_watching+0x15/0xb0
[  548.622217][T14989]  ? lock_release+0x4b/0x3e0
[  548.622233][T14989]  ? _raw_spin_lock_irqsave+0xb3/0xf0
[  548.622263][T14989]  ? __virt_addr_valid+0x1c8/0x5c0
[  548.622284][T14989]  ? __virt_addr_valid+0x4a5/0x5c0
[  548.622306][T14989]  print_report+0xca/0x240
[  548.622333][T14989]  ? sysfs_remove_file_ns+0x3d/0x70
[  548.622350][T14989]  kasan_report+0x118/0x150
[  548.622369][T14989]  ? sysfs_remove_file_ns+0x3d/0x70
[  548.622391][T14989]  sysfs_remove_file_ns+0x3d/0x70
[  548.622410][T14989]  bus_remove_driver+0x198/0x2f0
[  548.622435][T14989]  comedi_device_detach+0x134/0x720
[  548.622462][T14989]  comedi_unlocked_ioctl+0xbd2/0xfc0
[  548.622484][T14989]  ? __pfx_comedi_unlocked_ioctl+0x10/0x10
[  548.622509][T14989]  ? __pfx_smack_log+0x10/0x10
[  548.622534][T14989]  ? smk_access+0x14c/0x4e0
[  548.622562][T14989]  ? smk_tskacc+0x2fc/0x370
[  548.622588][T14989]  ? smack_file_ioctl+0x24a/0x340
[  548.622605][T14989]  ? __pfx_smack_file_ioctl+0x10/0x10
[  548.622626][T14989]  ? __fget_files+0x2a/0x420
[  548.622645][T14989]  ? __fget_files+0x3a0/0x420
[  548.622664][T14989]  ? __fget_files+0x2a/0x420
[  548.622684][T14989]  ? bpf_lsm_file_ioctl+0x9/0x20
[  548.622705][T14989]  ? __pfx_comedi_unlocked_ioctl+0x10/0x10
[  548.622721][T14989]  __se_sys_ioctl+0xfc/0x170
[  548.622748][T14989]  do_syscall_64+0xfa/0x3b0
[  548.622769][T14989]  ? lockdep_hardirqs_on+0x9c/0x150
[  548.622786][T14989]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  548.622803][T14989]  ? clear_bhb_loop+0x60/0xb0
[  548.622823][T14989]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  548.622842][T14989] RIP: 0033:0x7f38a798eb69
[  548.622858][T14989] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  548.622874][T14989] RSP: 002b:00007f38a8721038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  548.622894][T14989] RAX: ffffffffffffffda RBX: 00007f38a7bb5fa0 RCX: 00007f38a798eb69
[  548.622907][T14989] RDX: 0000000000000000 RSI: 0000000040946400 RDI: 0000000000000003
[  548.622919][T14989] RBP: 00007f38a7a11df1 R08: 0000000000000000 R09: 0000000000000000
[  548.622931][T14989] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  548.622942][T14989] R13: 0000000000000000 R14: 00007f38a7bb5fa0 R15: 00007ffef0c27c38
[  548.622962][T14989]  </TASK>
[  548.622969][T14989] 
[  548.899787][T14989] Allocated by task 13786:
[  548.904221][T14989]  kasan_save_track+0x3e/0x80
[  548.909024][T14989]  __kasan_kmalloc+0x93/0xb0
[  548.913631][T14989]  __kmalloc_noprof+0x27a/0x4f0
[  548.918535][T14989]  io_cache_alloc_new+0x40/0x100
[  548.923579][T14989]  __io_prep_rw+0x23f/0xd80
[  548.928564][T14989]  io_prep_read+0x22/0xd0
[  548.932920][T14989]  io_submit_sqes+0x90c/0x1c50
[  548.937719][T14989]  __se_sys_io_uring_enter+0x2df/0x2b20
[  548.943279][T14989]  do_syscall_64+0xfa/0x3b0
[  548.947811][T14989]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  548.954081][T14989] 
[  548.956432][T14989] Freed by task 5902:
[  548.960431][T14989]  kasan_save_track+0x3e/0x80
[  548.965135][T14989]  kasan_save_free_info+0x46/0x50
[  548.970176][T14989]  __kasan_slab_free+0x62/0x70
[  548.975427][T14989]  kfree+0x18e/0x440
[  548.979349][T14989]  io_clean_op+0x386/0x400
[  548.983803][T14989]  __io_submit_flush_completions+0xc20/0xe40
[  548.989805][T14989]  io_fallback_req_func+0x135/0x180
[  548.995024][T14989]  process_scheduled_works+0xade/0x17b0
[  549.000681][T14989]  worker_thread+0x8a0/0xda0
[  549.005285][T14989]  kthread+0x70e/0x8a0
[  549.009380][T14989]  ret_from_fork+0x3fc/0x770
[  549.013994][T14989]  ret_from_fork_asm+0x1a/0x30
[  549.018777][T14989] 
[  549.021109][T14989] The buggy address belongs to the object at ffff888032f0ec00
[  549.021109][T14989]  which belongs to the cache kmalloc-256 of size 256
[  549.035176][T14989] The buggy address is located 48 bytes inside of
[  549.035176][T14989]  freed 256-byte region [ffff888032f0ec00, ffff888032f0ed00)
[  549.048994][T14989] 
[  549.051334][T14989] The buggy address belongs to the physical page:
[  549.057762][T14989] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x32f0e
[  549.066542][T14989] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[  549.075055][T14989] flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff)
[  549.082625][T14989] page_type: f5(slab)
[  549.086793][T14989] raw: 00fff00000000040 ffff88801a441b40 dead000000000100 dead000000000122
[  549.095392][T14989] raw: 0000000000000000 0000000000100010 00000000f5000000 0000000000000000
[  549.103991][T14989] head: 00fff00000000040 ffff88801a441b40 dead000000000100 dead000000000122
[  549.112676][T14989] head: 0000000000000000 0000000000100010 00000000f5000000 0000000000000000
[  549.121449][T14989] head: 00fff00000000001 ffffea0000cbc381 00000000ffffffff 00000000ffffffff
[  549.130314][T14989] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[  549.139094][T14989] page dumped because: kasan: bad access detected
[  549.145601][T14989] page_owner tracks the page as allocated
[  549.151429][T14989] page last allocated via order 1, migratetype Unmovable, gfp_mask 0xd2040(__GFP_IO|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 5964, tgid 5964 (syz-executor), ts 102706162320, free_ts 102700681227
[  549.172289][T14989]  post_alloc_hook+0x240/0x2a0
[  549.177075][T14989]  get_page_from_freelist+0x21d5/0x22b0
[  549.183168][T14989]  __alloc_frozen_pages_noprof+0x181/0x370
[  549.189197][T14989]  alloc_pages_mpol+0x232/0x4a0
[  549.194065][T14989]  allocate_slab+0x8a/0x3b0
[  549.198584][T14989]  ___slab_alloc+0xbfc/0x1480
[  549.203274][T14989]  __kmalloc_noprof+0x305/0x4f0
[  549.208311][T14989]  security_inode_init_security+0x107/0x3f0
[  549.214233][T14989]  shmem_symlink+0xd9/0x510
[  549.218749][T14989]  vfs_symlink+0x143/0x2f0
[  549.223177][T14989]  do_symlinkat+0x1b1/0x3f0
[  549.227694][T14989]  __x64_sys_symlinkat+0x95/0xb0
[  549.232642][T14989]  do_syscall_64+0xfa/0x3b0
[  549.237159][T14989]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  549.243082][T14989] page last free pid 5208 tgid 5208 stack trace:
[  549.249435][T14989]  __free_frozen_pages+0xc65/0xe60
[  549.254561][T14989]  __put_partials+0x161/0x1c0
[  549.259254][T14989]  put_cpu_partial+0x17c/0x250
[  549.264045][T14989]  __slab_free+0x2f7/0x400
[  549.268484][T14989]  qlist_free_all+0x97/0x140
[  549.273093][T14989]  kasan_quarantine_reduce+0x148/0x160
[  549.278575][T14989]  __kasan_slab_alloc+0x22/0x80
[  549.283480][T14989]  __kmalloc_noprof+0x224/0x4f0
[  549.288343][T14989]  tomoyo_realpath_from_path+0xe3/0x5d0
[  549.293909][T14989]  tomoyo_path_perm+0x213/0x4b0
[  549.298858][T14989]  security_inode_getattr+0x12f/0x330
[  549.304244][T14989]  __x64_sys_newfstat+0xfc/0x200
[  549.309200][T14989]  do_syscall_64+0xfa/0x3b0
[  549.313719][T14989]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  549.319717][T14989] 
[  549.322213][T14989] Memory state around the buggy address:
[  549.327906][T14989]  ffff888032f0eb00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  549.335992][T14989]  ffff888032f0eb80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  549.344176][T14989] >ffff888032f0ec00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  549.352375][T14989]                                      ^
[  549.358027][T14989]  ffff888032f0ec80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  549.366174][T14989]  ffff888032f0ed00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  549.374353][T14989] ==================================================================
[  549.388958][T14989] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[  549.396247][T14989] CPU: 1 UID: 0 PID: 14989 Comm: syz.4.1537 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) 
[  549.406274][T14989] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  549.416469][T14989] Call Trace:
[  549.419783][T14989]  <TASK>
[  549.422745][T14989]  dump_stack_lvl+0x99/0x250
[  549.427393][T14989]  ? __asan_memcpy+0x40/0x70
[  549.432128][T14989]  ? __pfx_dump_stack_lvl+0x10/0x10
[  549.437367][T14989]  ? __pfx__printk+0x10/0x10
[  549.442283][T14989]  panic+0x2db/0x790
[  549.446226][T14989]  ? __pfx_preempt_schedule+0x10/0x10
[  549.451656][T14989]  ? __pfx_panic+0x10/0x10
[  549.456189][T14989]  ? _raw_spin_unlock_irqrestore+0xfd/0x110
[  549.462146][T14989]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  549.468535][T14989]  ? sysfs_remove_file_ns+0x3d/0x70
[  549.473869][T14989]  check_panic_on_warn+0x89/0xb0
[  549.478861][T14989]  ? sysfs_remove_file_ns+0x3d/0x70
[  549.484107][T14989]  end_report+0x78/0x160
[  549.488478][T14989]  kasan_report+0x129/0x150
[  549.493183][T14989]  ? sysfs_remove_file_ns+0x3d/0x70
[  549.498432][T14989]  sysfs_remove_file_ns+0x3d/0x70
[  549.503498][T14989]  bus_remove_driver+0x198/0x2f0
[  549.509009][T14989]  comedi_device_detach+0x134/0x720
[  549.514279][T14989]  comedi_unlocked_ioctl+0xbd2/0xfc0
[  549.519640][T14989]  ? __pfx_comedi_unlocked_ioctl+0x10/0x10
[  549.525506][T14989]  ? __pfx_smack_log+0x10/0x10
[  549.530365][T14989]  ? smk_access+0x14c/0x4e0
[  549.534931][T14989]  ? smk_tskacc+0x2fc/0x370
[  549.539657][T14989]  ? smack_file_ioctl+0x24a/0x340
[  549.544726][T14989]  ? __pfx_smack_file_ioctl+0x10/0x10
[  549.550148][T14989]  ? __fget_files+0x2a/0x420
[  549.554788][T14989]  ? __fget_files+0x3a0/0x420
[  549.559658][T14989]  ? __fget_files+0x2a/0x420
[  549.564264][T14989]  ? bpf_lsm_file_ioctl+0x9/0x20
[  549.569228][T14989]  ? __pfx_comedi_unlocked_ioctl+0x10/0x10
[  549.575158][T14989]  __se_sys_ioctl+0xfc/0x170
[  549.579793][T14989]  do_syscall_64+0xfa/0x3b0
[  549.584331][T14989]  ? lockdep_hardirqs_on+0x9c/0x150
[  549.589663][T14989]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  549.595755][T14989]  ? clear_bhb_loop+0x60/0xb0
[  549.600457][T14989]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  549.606375][T14989] RIP: 0033:0x7f38a798eb69
[  549.610807][T14989] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  549.630438][T14989] RSP: 002b:00007f38a8721038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  549.638876][T14989] RAX: ffffffffffffffda RBX: 00007f38a7bb5fa0 RCX: 00007f38a798eb69
[  549.646890][T14989] RDX: 0000000000000000 RSI: 0000000040946400 RDI: 0000000000000003
[  549.654891][T14989] RBP: 00007f38a7a11df1 R08: 0000000000000000 R09: 0000000000000000
[  549.662882][T14989] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  549.670875][T14989] R13: 0000000000000000 R14: 00007f38a7bb5fa0 R15: 00007ffef0c27c38
[  549.678964][T14989]  </TASK>
[  549.682602][T14989] Kernel Offset: disabled
[  549.687004][T14989] Rebooting in 86400 seconds..