last executing test programs:

3m10.383881645s ago: executing program 1 (id=944):
r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000040)=ANY=[@ANYBLOB="1201105e04da07000000000001090224000100000000090400000903000000092100000006a3012222000905"], 0x0)
syz_usb_control_io$hid(r0, 0x0, 0x0) (async)
syz_usb_control_io$hid(r0, &(0x7f00000001c0)={0x24, 0x0, 0x0, &(0x7f0000000000)={0x0, 0x22, 0x22, {[@global=@item_012={0x2, 0x1, 0x9, "2313"}, @global=@item_012={0x2, 0x1, 0x0, "e53f"}, @local=@item_4={0x3, 0x2, 0x4, "53743ff6"}, @local=@item_012={0x2, 0x2, 0x2, "9000"}, @global=@item_4={0x3, 0x1, 0x0, "0600"}, @main=@item_4={0x3, 0x0, 0x8}, @global=@item_4={0x3, 0x1, 0x5, "a937a6fe"}, @local=@item_4={0x3, 0x2, 0x0, "00000400"}]}}, 0x0}, 0x0)

3m6.845641001s ago: executing program 1 (id=952):
kexec_load(0xfffffffffffffffc, 0x9, &(0x7f0000002340)=[{&(0x7f0000000000)="2e123f1f2fe13ade923fd9672e0b588e2f935d5394", 0x15, 0x400, 0x5a}, {&(0x7f0000000040)="20f441f19afd70ab215f5f5aff95106facfba67568e264724f8c5a4eecb841990346548e30d0de5be5bd612cae6ee65fb10c135d24dbdcd43c", 0x39, 0x7, 0x2}, {&(0x7f0000000080)="e75310f8175edcadbb7363631253d2929479325aa3e131da92694626d842bdabbeeb6b7764dbc5e23e5872d7a492871b834f06443b0853d27a51622e", 0x3c, 0x3, 0x2}, {&(0x7f00000000c0)="f3019788e089d68c7beb8950a1fdf22185b828cfb0a394f250ba98099a493ecb3d49ec8209b13ece68f04233beddcb0858f2b4cee23c148321df05a4b81933cb463a308b76dc1d9f612747264835489375540deac716b34952e0a460611267842d534dbac438356855b8c650c7c46c6a3059451ff2de53327ad6fdc94158a8277e834e412bee7d8b93a4a854f5f7b8554e8c7295a7393439c6507d2546df88ba16463fb629f997953aaa39091374fdfd989bbeb55f5a0b51552db2b0e8650badea9e5b7e568dc9f583b8f9b57c8c0d38", 0xd0, 0x0, 0x800}, {&(0x7f00000001c0)="0acfc3e5665c6933644a6dc3acce27087ed4337aff5ad2e5d673ea95df116c60b1bf8f0e69a59faa47b206c2291e6f20ed00dd4c8ba48f4659ae046c5ac7f07ad7a86df4b0d2b08ed9df1b1239a5087e23b9dbe64b0a0a11aee5a1ebc5dc12736d64ce90f26a2d6115db16c68a5b08390761965a42", 0x75, 0x8, 0x1}, {&(0x7f0000000240)="6daee25341be183bc474a574e1f9499b3eafe5ffaa1bfb1cf86e2e3afc44458694da3409610b373bff4455302b7a918a425847684d5278445f1a6ed93f532094431b37bc76d0ca336afd89d47e19acbf9de928865fe60a3375277984a1371ecd8b2c2bf9114a937d", 0x68, 0x101, 0xfb1}, {&(0x7f00000002c0)="ba908029a5d7dceb67382d346451008eddafc4f23e005269c4f687057f6aa3bdc2941b4b1f928b89342c431adab167e543fa4ec76a1b27ad8052eefb774df01ae62f0517bb417c4bcea87341af9ef761d8ed2737c6fda921546911b41a89146d3998cb878a9e80cd6161114dbdf09c912d3135a82f00e46645e8b630be26852e321838f66d3d87d82d08f91e3bcb94262710b3e32fb6a059ed26d6b104e4530a8b7f0daf0f2b3715d9889b68085b5aca85e9b161f8d9104ede878e03ec9e1fbb5cde4afae845ae5cd07d89d3de297018a586629422749bb409972821838d8313854aa2e935918030edf136e24a981b73892dedca4b66a489fde5724aecf09dc6f87f998e9d0f597330b42cadaa831cd6615e38d41e9c8f313af3abc3dc9d853a542d2dea391d890c7f0b363e2e790139f76cce255f948f8921d0eaf97a35bdb83a70acffafd027d5971ead6c520417e69e9f28bb94474eb5e4f29d184597053e4466b9d8fcd572b3f1184f781183bc79b8a65c7755b2a7fea294dc11a790d6720518c715b99c609625d5f61fd65ed1cde039da6215dd5e75d90a5584c2cb12eed52c7d0eaa203178015b1a8783b5722de9a791465417a95aceb56ee672136c08af26d4763d0b4d7eb2ad17816d1a00349673a5d456f17eb5be67d7cb9279d6944238141c425add0962eceb69e09bc848882bbf84e27f2dbfdfd2f0e1fe46b414e1b767ea0e91ec386332eed356242b9c0a4db0c5092f999bcb771d790022c87bf1cf3878283f30d34d72b02194a6d0f037dd02ab03e6dd26f6a791962439ac776171f16f5d7e611bb64dcafc430eb36654ffcd63b0fb8158b2049d420a9dd3d1761fc8cd927033b6ed112602694626e3ee0959f7d84e3f37aa791dcee3b5417e0dd3f27b0ae13bdc2ae5afb6c20e75196d53df3130e149e0e813d16e6dc679b8fce65095a391282c1d4c4b0423ba2ceadbfd63430b544286e1131035109822acc6b52e1ce5d5e40bbbe0022cd60fa49a39e4ce04762271936668ddd6a8f348324dcf691311decaacbeb7851397269ffea5f61b44d3e3b3ca2f389df04e33a554c795dbceaf1a9406477b3af83c58103afd921960c41fdfcbc0f235db7275df887b5548990ab78c6a18544bfca3703a6e0254645becc3f33a6b759333af18ba563bdac7373c8416ca182d8adc2e3fac36a44e3b3cd601075e002897b6ece0d4abe6ee8d6b720a6eb10ddfb147c626733530aff4e66a22a26eaa98d502a0ef807a111bf39215615bbe42e0b74c47e5ee39ebdbf9510f996a5dac15df29eb80c7b0891a538f0258b6e1fe9680237384ac185725a2e5ddf1470c1ebb64919c29f9705195d55f197e07339e318c21b9cd11db52232d84ce8cd486a097f1aabcad82aab200f988a0d7b896685d88b33579c0286c27317ef07053a3b6133c48dea915752a2204c664045bb5264abf21a5c1618ffb59dc30e5597463bcb562ad0ba960bf60d208576b129d9278d773a3f572aa76fb21299e8a896d4ad1f020dd757a057da61770a7b5c9cc552656df73cf77604282fa5faab76a43f69c080e8823e3538eee0c394acec23a6a91effcedda187ddff996b3979a0ca53a292a58b1698fa2650468271c259bf5efe05aba69a971dfb85813c7f779f2885166d477db86f45c4faadc4b56d071b520aa761122389fe61cb0567e048a83b069e59cd98bc0465623381ff2355510a8351e45beced7c20ce77aaa8caeae58b5b2acbcff70d6fa4c1faf449e37650968ff6c4f4eb4b932c6f0fe92322a6aeab7a1aa39cbf67aaf32bd0fbcbdd410199d70f002185f020b94f0728d66101aa68b3dc9367fd0bac86d28452975c105ca643043bee239bdb0439aa42fd77f7adda504fb55ae1c973da5f74565343b7c55352b015704b8041578aa74c25b448a6994fc8ec4472ea775cb27d85dc90ec44c718a72d7014ae0331d5121086dfe69ae8efa5cc6ca6e63baa0f834412fbe4e2677be8f7526fc22a4fda4b969c414e019d56065738e698164c81a93204b047b8fbda07ff0b1a51b322b019ee5192158d7d0b548412dfd020c4acd0b3dc1f10ef935bd4896e3a0b2347c86d22c065d57f77e52cef3485ebd583d1d036d3da20f0917f89263084755c53338fba896aed1cf6614144b793a3481e34f0b5121348220cbb6372a5d3f7b27c789e2b1a19bc65826bb2c5594b488fc7ce58647ed7f8e22da296e5658399ecba3c04b72ad434dda5104c735699ee6405bf69a9eb8785633730e618409e3965766111f77e425abd0f9ec3f3ea0e362198aa3cd7988c049e51fbb464de6ecef0904c780b48eae6839af2d40d4840df341f37e232a5fd811074006d2d06abfe00e309c1a5de0ba47bc7049afb0539c762721a3bc2a107adead6efcb745e75de1e1a74a15f2ca026ebf8659a98d79d4896fc1190ed82fe7e4924261a4442f081580eb4364bfd55cfeb4335fe8a1484d2f549981effa492cf84de65ead885df1cf9c109530ca64b695985b7dcc093f8e3bb214de1546fe672086f0118b266eb1d91b9e93a68a56acb8338ab05211b51e86d14a00a9d5e7f7ab6f8d4401ea236c7795e3f69012f59bd844d486e66dc62e34eaeb5205eaa9134db5d9bd5416ea22d1ac305988cdc922620ed41e482d7a8493c81475cedd4bf53f4841e9ef579da2eef60afc313389a367d422e8f2c61ea1b55d3149f1f5759479cd69f3ec220e42be37db98aefba9d9b6b60b3c5c80ec01fd850675014f985d107ce872a0b36857b1efd19566176e9be373a9fcc1fe738fd2ad087fa8de018f4edf4af830aad75a08a7c0e2217bd69995728c9f286eb393c2b6782085947d24827573c3d50f9d6bf12cf953eab30e2945cead4cd23bf2de5697b7a3b57bcee0465238da6e7daf5bc166b3b3c32e68563ff03b3952b92471be23e9a9d1687b64a5eef0d24736b1675202581d2cb0323eee2ac15b384949e0c4b4b2e763cdb505a5ef3c67eaefb41cf36822e6fa9b997ae3b4caee09cd501ea4b4fc3cabaa024b432dc40c48a56cf6ab5b51f7276f78124d65046d3f830c269e6adb90441eb318c541fe903e4affbc6d581d7cbc9f39c26ecad2312955c1f482192d76366673ff0c29c56dc066648359639625ece674442d096827b14097ca703c929f0eeed8b781022eef4aa8eb6299d7748833368c69c8fe0c8bcdb5b7cb9bfb25e40c8154e7a1d6795f6f922e93a1f252937d654ec4e0f3be227328ab149213d0b57dfb2decd6b4ca6591ba98d3bffde2cc95807e3ca0cdabe267e75138ca8380c18bf3164de98151e07e82c13af1aa674d69a6c47919d94ed8739083e0bcec83471776dc2a8cd5896ee4953b197dd449e3b1c8844a9d006d0871297ef0ce0846372df903b901d3c55615777f2a3a4247a3c60156bb7fcddd171dfec4f2c7f65bfbcc0e672381dbaa055862ef83bb82606ca33aba8b5c9ac7e4fe057834a758aa226666b2877848872647137893a1b272b643ff89d50de1480d9a3beaf74b6dd9640338dbb48c6ef3577e4ee385c17b39c3d298913f8ba4eb21b66949a0bfca21657ea9ca063632f2f9aedbf776027693d4dfb55b0a9eac12d6df5c932b19a76854e216c25e40c8655fd6dc7f5d0464a836cdec97115f80b18c6404496b80c87c8aaa960fcc1cebc5dc8c3f4259e08b65a13c628dacc076207a4f311583f06acaece1e6ca47ef8c9c23e711fb750cb63f6dfb259f22f93a215baad67491b03478ff5f80a9cb9cd6dadb862185405682bb0966965042a93d0c180f39e83d4d23ec180b4166fba96f9f254ecf6616f41f1388abfe4d554e4337e34fa143b3386e6ac43a58405f7b9802b2d3b3216c9cca3ea5beffe1953b423791f498321c479def1d60464bcc02d2ee90b3063196529d6500d47b4b291991dc32db8a7582f09d0b7de285b0578089352a6bb625b6f9dd47dd04b86c39d008631b4e70d0798f30edca3b52b56734631ad33c43dfec8fb0cd553a575aef68a9ef169f6da7f0999703b724a5a318148e70fc345067e242f551b0c03700d8cb29769392440add5505707222914a2e8239d5900c7ec4b77643fd475130abaa3aadaf104c93268d88dc6bbd69291276d7c49fb31643aa338e93010d7fddbd4a9848b942c3d75a50c3d74447fd7ce33ac3fb1d8a9ad074d9e7b57156bed0bb7fd5f84813b5d2af230377672bfe8829d92bd7b21b788bbac08882521b8dbea2de5fe9a173db52a3f074e2026b9fc1b9e26900984c0874c26c5f8f40b51eb601ca9ae0ea0b8f77f8f98cad98310f3b9fcc04c3973494ca0e31055009afb89c110cf1486e332fe4eacd0ea4ffae43b73fe581582fab2ec603712c01e730cac428c2497c71b40f273a2b5a6814d08d160be75e5b016e6583f3696cd35bd54fb6e52fbcffb026657df127ad645acf5a8b3d370abd22246e8aba0d54e9d950287d9be9db9510b5eca0a9dd5fde97df5e148eeb73a00c85edccf02af1311339aa003a72f7885004b75fae2bfb0b1daca48faad9355e25458105313adb297881a98a29a3b0e3756dbbb0536543b2a1523c8817aa0b711c3025b047bcd943e562519eab22144d335cf2ec1d6bf50081b19c368a3fb53ac527956192fa7330ec6801ef03621f7619a886f1b110904ca74cf785b2aa3a3a0638daf68eec19a03544305d91ed103ba7e6d5d87e46a06f154307f8fc8da5f4fa42e6515186974c49bdae244d7a27b8e9234361e34b0f1b1f477715912b94370d24ba40be8dc9bf69e94cd93f24783a8ddcf8db05e30677513d5b000e65b9f12a1bdd8b34ea04f5415f87c6c40e3f6ed871943f044a3e41b315a3dde5cf4df5694cf8cc8c398d2d34d237b804f69563b7acf395bd8ac1f4e938df4d184f01678485541f42f1204cbbdee3a4677603abf1b88a8ce3863f4c9b9b12f4b9acdd857482eb8068caa941f9f382e7335257ba8268c34c3ed09845004e8b631582e7b30049a09c20acfef60d018f598122876e7c88ffefb156d1b777eae5e529c65e3d00b478faca99c501a2661db20487a3834dbb0a8a19916480cb33cd5936bcc5c2571f728f9806c8f28ba202aad65b774667d6948a42c66999b8e97e6706b67bc005f29706cd43da50d13efe78e02c0c7f439c9cb3394b3a62f17925eba643e80f6e22a6070d0a340f2609da6d0c00ae28255900c758428e03a38517c6ab45666f19073798b1314c25727ed9cb9f2f4bbea9787433f8e7a1a2fdc1e8429f625296d11d2fe6fe295d1cca39efc47dd54eb18eea034546f0567b1c166921db723325d0604245993770199cc319addd9441ed3a6022955ec7a84021580811d3a7f264407034b4772f01ac7eaa4fc6d60c0b37b7b8a94ec81cb71ca2b2903a33b680adb3fe8e30298c7f4a3821740e89daaad3aabc64cc600e4b6754deef355d10f9bfb3736c5246f3d449e31cd1787c4b09f81f490c8ffb8e064aa427d98de98b963c6efc372784b5f65601bad981ca262c94688be349165e8f819dc8c3b1231a6612b71e932aa052eb6fa621d6b7d8b67f8ff644fb244dad7949532e02d6fbb2f4a86a0bab514eef8fd8c052a96441d3fe50935d681be3c04c6b6de9936bf7346658e364b932c0c1a70b8c499b2767179de072caf934c904a1af5a2639fd2a37c678cd6b75372f4ae597dba4dc2e2f1be00c96659f468fd879232e40a0ff7c2a8aab3a332dafceecf4dc1358100c08690aaa103305f13f3924ebe45ef86815d77490bd0cd7ec40e86973fb8656f8b0376271653e8b71b769d91ae64a", 0x1000, 0x8000000000000000, 0x8}, {&(0x7f00000012c0)="455bd6c62387b4cb7c2777c0aa22df38d4986f80e6fa63fe0a41bfe62d3bf984144b34815aaf71f913c46dece87d566c6e40e79f034828632d48e186aee3dc6031e7ba7bc838c69db4cec2a8adbb04", 0x4f, 0x517, 0x4}, {&(0x7f0000001340)="2b15a004ec56d8d93272f95c7eff96ed17b78847c23fb9b01abd9404422b63365ebd111eaa6c62749703b3aaf57f17f27dfa239884b235416b50270b0219d1063ffd14c7b8359345fdd95fecd2ce33cd7abe4d891df26a8874968bfa14cefd5077dbfdeba2080b402ec8e93423ae672597708ff29efc9ab06f5affdbc73f1a031b9d56ef24d323763d6489027ac0511ddd9664858964a7326be45d32d1a78325a9278376defff8f3c3fc549b7f782b9b943f4a709d63e89aca7a190bec5c2c37da248bb77fe73656f3069bb6c2eb0eae49f31626c6dc6eb410301fad11529e1575fca0a58fb5f528ddf3fc0de9adade7bc2f43b410d7efd8d8328551273a14eea08f4eb6d475ebf7587d96991fbcf7cf21315f442cc5e3c265c8ae6759b6261aa20e0e8a029bc183d74651fd9026747a95ee3faee66d1d858efd166bc888a9b745696ac9b95a690df7eae01d50fd3e1eb3b84768f6bb0b8ef8f281c9f77d2081bc09970edbc756ac5c72e61e587ceae111c4476ad5357402759521cc98dde127e63e7b1b3c392402c80c3a72a5c074e407bc4cb0155dd14dad04dd566eeff88167c22e3f296693d74e4cf0f49871ee13fd224bb2b67fff751e4da78fcfad27f987881c5dc8ae6ff003d4242a3ff14e6b70fe0f7015784f4b2d679658c299d74f96b36611ad1dd51fec73a184ec9dc4557f4e1786f0a5e3b0903d1252a3267a43f00c759e8bd7fa778da3aeadc8e7e437ced964e625545ce65b5787d75906ea33c9a646ab79ad2093345fdc72d5459ea4710e7c4e71a19e09ac3a749ade17d45856f51f27686235564c2cb2e42d713664bc19200e3d3468ddab71c190852491693454bd33becf943e00f14e00c88e6b38394451594d95787169f1772849bbb3499e22e3f1d737a90c06283f164cb0cf5f2209d600cd717b8f52ef183d8c76c7b3e21c8404e5a8a3ce260cf0b024a1bc723fb54c4c3294ef076dd94605c296c166effa0dedbbc1bf2e3d0882cb3e36d2be6a167abb59635ede4b03afec6a5af46908c6ed334338ee8db0b769101914b6b4e6fb38f0765550400349a5732c70c26d7c02c4f686e899a7ace5d991cacec10e823a7d13017371c4f1a6af9b0af41fbf5c5990e3ce5baa4fedf70e4ac367b43426dfcd0c87e76231c3530dedc5735a14a112b30c0466ca7bfca8485d488cfe91879aa930fe583a0e89d27ed91e425fd6f40acff483292cc05a410ae04d7df3b39b9499eaf9a292f906ae58a7b7efa90d4647ce54f40e194fb8bbef074ebe364837ddd0ca5ff4bc380a1c94079ff56815c88dd3905b367e727a320c683bca957a6c29847abff1379bc1a8d6e82e4422787cd7c3281388414c7a53f79e81ad77d22b3665e3222fc435c35ed51aa81f5db9fde531b6f47e6526eb857654acde3efc255477029114869b918e0dd70011951e77153a6257092c9e8cf43d3ee51b83bf8fc7b47a75855db8f55474a83ff2c849979f9846c17164759815d1ef8c58608fbd6cc9a65c1da7d8b68350d1e39ab74be78df17a2a5c074ea465d8f98a8ac8d963b898a3b2e8175ab90ffaec84c2cfee9dfd383407f8cfc7b1378046c1037a2eaf58f0f549e0108717e21963e637b1bd59e13f12971935c659e2212eec55931a1cc2963ff59318c5892c56cd1e23178c3d5605392c954b0965bc00c279d55a242ee99c11c5c3142ae43bc2928ccd34c9cf2a5d43495430378c0fa99e76997c5bbdce3111bd8bfaaa3df17c415a35f616f40e283c1acc3ccb5e037521cb787f80c3d4e6ff286f0eb71603c302cb73922018a9585dab34e3ada8813e3278bc84d5d3c4616cf746109a78d3f900d4a68272b99db4703c35b49bc17720b3de12b1325f125af2a92050af7948013b4981c26855ab9f0ddf4aaa588f209469e59a4f9d461f7d67cf7b9d0a974ad804694df844dc27af1f8c4c8fc34092a1c5bb46d152291b103aa879bdc06e61d38a3be0c2d687403cbe51f32ffd7e252cdccb9b6bd79c27eec7fafa4af91a66d0e7a1476a342cd0cf9aa6c00e156dd28a9e591cb49f27e687039266a3d4dbe3961f05d8ac4e2efede1f3af1836e6cee1c0f108080cf5e681456e6dc4e36e6e5b6608e1fa6c3a38b22261fd6dab2652cf9cb00917d2df3c5d88731d70546e7f20b1517338e470e97644136a6e288ea236bfecd61eefe4a9d24184fe2cfa4567e696d779b3501ac97ec74f538928bee6f717bad4b79ada91f81d79f016a77fa9692c9d23ccbaf1891c94f700f473b34ef9dae19877de8bcccae312265e63ce79df8947b7ab8c7b38182d470fc1929ffd588be20ed0c880c91a224a5ea048418b43ae0b8838f68f2c161d1ab0cef55d63f505fe39b70804251e798dcf9cce680cef6107783e652648da118240149ee5ef25f5b726921cdedc5748182bd1bc82468be0e61290b529c5f1b8efc612e550c5b2a58237f065ca71ff327ff4a799b5186520347c13ddab09d7bac701ba2a7190813a3b62239c28639cb18b9379b64dfbcfa17ee171ebb84f9fe051c7de06a02e8b484eb7158bd30aaa82a044ad1c6c4acb6f8cc012abe28a8e06e6d7f1a5bb4ff1ddf06f4f6f2cfdea8a900f0e3d07c6bb1ccb0a4626ebcd15c9ba4dbccc87a70b75d4252bc8f83ff90f1bf7ec65d3ff8f26822aba89691152a596506138fbd26d07050004f8c8b14ee7a1b819691fcf9d55c64a260c625c001df5a5985c6fb386718f26ab6ee7a4cb40bf1fbbb689dd87a99e0a504c62ce25fc6e387525c061538dcaac7212d72e2f57193c10ce03837f7c9a86aaefdf59ce400cd11815b5ac52e7955327c356dac9ac308b9229cb6dfe56639e6568e9ce4de451a2f47f8c17e631e9fb299da019e6475a6ba15bc0eeaf0b4eb2057669355d471d9c84d0936695a5434a3b645a10bfc906cc051bb4e9807b95c97c087bb0ecae21b88b93db5e1bcc6784cd089263dfec64abbb501416b5fabffadb79a7df204c880daa249fc7536b15d2ed2563395598d73a922b4ba8585cf91d199cb26e840c798a207b181aaf7c0c911aaf333b62e793b34ab690d2793470c8601fc237788e3b2ae0d85016e7482a8de4f09e5a798a1e1c4d1805c8d023a55bd19cf7f439b251a3937f0583a8794215e8ec093da13812ccac339f9fea9b456638ed4aef5b7666dadeb0bb6c1f517b6b5f2bb8e97c18aead295991095a5e6fde49a6ef6cf7d45cff70ef8dc063fc901a96699e0837dba3ee715c8c7b88edba18505fe68a3b78976efa973af6d46621e0cee452b07d6562ff4907172f478bb7d3ff652a4bd9af8f29a155e1778f12a3963f468a6af36ca2d94240bc307e40387b5278026a1e96ee2ec63cf0a540f16ce38703dd4490bbd001b3f8105f78d25c87be9574f329a750a5414249c6f097141ea8eca75ce1245116968cb5e37a3c3c1f4cfd39b14249bf856905f692b07993b0278d1dacc2088d4967e89f0b33b25270a4c0cdb41423c7dae8d4bf014eb448c124c9cce10345aa3e19676e84ba3a93fcaf41fd6bd3379883f5a815fc96ffab4a6ef19e89c6fd3e7043fe7048b1d5ab9167b187c8f771be4709891d277ad9851b3d214baabda6f418a5facd157a0206f066f927c3f4a604290431cddff9439a2c2b277e05d144a4a82d0e2aaa637efcccd0ae3e21008a368b050eb36a06ecdedfa7463fe3e80a2b11437cb3efdde2a1190f2904c85f451f9758ce589272583b6208f291f8b179029f7a971bafa09fa37259f0393a8bbe4854d2575eb5f4bc1c87ec08b634bc306355c0f63bda429660801714ad93fb12dcecba71ead1afd1b10927df6109adb6e57ae57d2cbc9d70646f39df6c4df94a16376df7bff26649954f96080a134cfb6e69f6247d176e37c1526dd73840fd8ccfdaa921821df0b6dbbeabe28d604366fae33a968a8f2117b80b6a3139171802281f4894156790ec638092061bf143058e0b5f1f41ed4b203566a83525756d0f4a8797ab8e758ebc17efdc6026c90c1762b05c93d1a87b4eb9c3096616c98c381f8358e86a39fbeeea4bf88987ba39af375fe4a6080dc876bb187686b337c84509ac00d13d27dc6e0d3772ad214c93f33380f3e539d1802c709bb1ef7ccd6148d7fd36b59df015d2806256bca0a69ffead916be976a631bc901bfd16548fd44b6a14bbb27dcafcf63cafd6a18f90f0adec2f2d66b26911e85d03713a498fa09bd5bbb7e6126dadfa53fb631713fcf9c94bca3f8e4728d4c2d153d50b0b33caada0afbc4ffb7dbe72467a3f052419655ea366576f04fc4a2cc628abd593cfaa02ec53f931293b08c4d7ef9877edfb1fa54b8ff7e79f4919f35d18515fca30150ad066d00e2090a183e15a20651638cb174d63ff063038b022b8c731d9cbfa00949b6868729078a8268928b4a7ffddc6bab86371d9311c1f9770420d70528f2bf7e630e8f1cd82e74d81f849c23170debc6dbf96dde6a729d35e6430aa6115f2a82c47c2b1c533251a489bc32ff55e0215f1050b5150016f02af610084dda120d679b2901f538d93008c37623cfa4c9a0f6cad916f924bad9e0f3bd8eb69dee6003534fd760924b15d4a660603230af8a33b5052d385b30d416cbdebac41afab322e1e219e344bd4f15acd6c9b3fb7743e0361a5e82a3e142f026d8edca92f2c423b5dd84230b4cdfb25fdf81cef41769f8dc1c115fdb6ab6d2411bef4b5d73525dcb987a7ea0592bf32f3206b63072b7374d69b5d259ed862e65f2168b603c59ae1e685711420ef8bd154a9bf3a1f50fb77d60ee301b1905021f369edbf07efeeca00f78730c2087328025819619594a9f335503aef08a31ca43a2d7f47ae702943f56b1543756341c32ad457736d2d656878eba46a3071dedd5201d9f98186219949fd758b5be0495e97fa983f175058366e68982d1c044e1902ce2564b291a3ab6d8ede877ea9bac581d8fa280dd21991291a2757894131f8fc5582c09443d0a06215f0c3ab958db3b36a9c42e19e58c399f7a83465f8651d47d3b11b13f2de42bf2413a3173440ced91f1e7d99cd186158c49aab529d2b0ea728419c8fdd5c5b35a7d3739bb10f689728d2e1bfa080f01c37ced0ced8640317fe2b9f2db4dc13211686cad4112eed155455722b5268f149559a7d6e5db5a47d3a4d8ee4124d4f6117381e0a86683fba7b47e8dead2b7ec1f896d05ac5559b7952124986a07510c34370cb809c9466d4af33b802b5bd8d42fb9b4df3981c090504a0517401c8cdc0fb7c1d02570b079209f1b7c03c3e851b132e819af3509b6c084d275b0f46991f50262b0469963662c4ffa6437eff53423b7585b142082f062c4a102aa5fe6153eadf6a7c9399cdbc2c5ad0d2aa34e5bbb375f232be34fec438383d73c8181b53a95b25c776849c7f74de0db5235f8bd42eb65f50a5337c97b478fd63aa025d5edecdbf6cbfe78114aa5b4c853318bcbe193d9680ed1dcd54337a729ce1de9f21aa7c1aa5b023216fa33de3135bc84db91930c4def3139c6bf20d84ae6d9dc6d98b964f4b6983a3ac9a198f0573a01f108704eec977ba79febf312f1e0489e4f679d2ac6309f848cbe4c52974fa154bac10790fa3f372e3883d55477dada7a402c41fcc2d8f6960a2c43ebfa27f899ecca3fd3dad5288fe617fb8f997af063f8ca253f09a1e2b62f37569d2bc04f27bf95a4f3ece111dc053d20cae166cc2f4be678eeae8f31533035dafa74d800e774d08451fdc4b70ebcf9625dc56f4438ed3213ec1d28c0cdce96c774f9ddbfe7673fbc6673a159f876aa4d98", 0x1000, 0xffffffff00000001, 0x2}], 0x2)
kexec_load(0x7, 0x6, &(0x7f0000002980)=[{&(0x7f0000002480)="8e3d6977aef8065e37ac2aedcd93c1ea0d127e0865c00f5b56896c9dee2131acd7b0520ce51e5e1ae7761dccc47f91fc1fcab7a7fa741b6cee68b6426f8ec66782adbee26a96c51dee5c6f3faa0afd8d041a2c1a0e0dfaf04961cc54a9174d70d1046f783f2de511d466232eb5d20d2d09847edbf70a9d69ee109ad317e29e323e6aae04312d1ffcefaa5f4c1f7b415924379b95897a6c31dd8281372aeb5efb9a4b505cef0732125c5cf7a25dfdb6287f26f978a1f63d3ea05e059a58282f4fc1a37b3af23b9064ddf62b9154776e74302e5c14de61895795ea201b2d9c5231768d52683d25ed4751dd6a", 0xeb, 0x3, 0x6}, {&(0x7f0000002580)="f9ebc010880286777014a70e19fa2172ccdde9f1646e092fa9a6c651021684d99c54b9f2e38911f87610d6519602e0a1419110911e1ffa65897a74cefd32e8375456d82a6182c2cfd2c9c69b12477d34154042dc5591393b8c3f78cd5272abbec751e8cfef49a8b8dcd9634851d443dd2ae3e263098dfe051a7f87cb384da975e969ed65f92f7ca40446f4c9a55625dde379d687cafec7ce7ad86c070b47f4896820edf71bae39b6f6e8f80f2aae8769c20a804420acfe5b8be3875898a3f43ea987cd1e64879c9c34e56102fb4ef07b", 0xd0, 0x5, 0x800}, {&(0x7f0000002680)="673519332a51a735fe6c299ffe5a482aebae5951ed50600f5f24cf7e0961aee4f093fd751506e6815e8e4fbee80afd459086189c2837a78977b015a8c344dde8146ff973b451b976b66ccee6b762c0b360dcf31dd542eb06d0a639b944de6d180bfbbe6129f8504e85929cbe82f11f1c963cddc340278255c4d253867e1f1fbadab37508c8f7ba3eba0142261b7de144006bb11cfefd12bdbddc69a2e9ece151b6945338816d4f01f7ae30b2f130d9d81d6b078fd1df0a32beaf0ea12311ac719fca414ad2e28dca398d8e35fc852aea75debaa7567c5d37c5b83644fb03252938bb815a0b6c", 0xe6, 0x7, 0x1}, {&(0x7f0000002780)="507dedf04d195aa9ca3e6adfdef3588de5bfc81aa0b8e4fb635e3009f21894551622d4b1f45579ae83c435f6ddb3651a8b2e70d2983a4a83ca1855b20bd3f7c610d172fe88de5c45773d0e0475e786c3573d873d41e19fe0656a66c017db50ff5e50ab7d4bca2ddb4216e6bfd492c1664bb3bf6206346df96b30d131d55630e805b30663f2bb339ea17da7b7c4ce6635c98451af85db3b43682e8c391adb4d8053f2ba5c2848e9aae8ec6c80f8c8d90806d5f1e19bceb65379793a82e43258d6e448128c6efc5c38aa26c02d0cc054c05e67fc418df48d82d8", 0xd9, 0x5, 0x3}, {&(0x7f0000002880)="741acd", 0x3, 0x10, 0x5f4f}, {&(0x7f00000028c0)="4354f96d15e6653c6f75da98d0dfcb53282144794cba433ee3e720c9be5ef0be080f3504d13c07bc46921868865ed4cf663c50e7a2fd750419ef602d0b70977cd460a4651d28240b73917e9695d6675171ed55ff12a14eddf0d686257b902ad8400a526562567bd70a273f9f12bea6bf584d274df48329b0f8e17cb8f4cdd99d5e10aa82eb12539b13cec12b03eb02ccdeb6216954a6fe0c9988c2800af187ac7aed474ae7025d", 0xa7, 0x200, 0x4}], 0x0)
r0 = syz_open_dev$mouse(&(0x7f0000002a40), 0xb, 0x2000)
r1 = open$dir(&(0x7f0000002ac0)='./file0\x00', 0x20000, 0x64)
renameat2(r0, &(0x7f0000002a80)='./file0\x00', r1, &(0x7f0000002b00)='./file0\x00', 0x1)
write$uinput_user_dev(r0, &(0x7f0000002b40)={'syz0\x00', {0x1ff, 0x0, 0x200, 0x6}, 0x1, [0x8, 0x1, 0xe096, 0x5, 0x0, 0x1630, 0x9, 0x4, 0x9, 0xa540, 0x7, 0x40, 0x2, 0x3ff, 0xa59, 0x4, 0xcb, 0x9, 0x3, 0x6, 0x6, 0x8, 0x4d, 0x7, 0x3, 0x2, 0x7, 0x40000, 0x341, 0x1b1, 0x0, 0x4, 0x1, 0xa, 0x80000001, 0x9, 0x1, 0x3, 0x9, 0x81, 0x2, 0x8, 0x1f41, 0x7f, 0x7, 0x6, 0x5f, 0xec50, 0x8, 0x5, 0x2, 0x4, 0x7ff, 0x4, 0x9, 0xfffffc00, 0x1ff, 0x6, 0x0, 0x4, 0x0, 0xdf6, 0x7fff, 0x7f], [0xe, 0x7f, 0x0, 0x6, 0x4, 0x3, 0x9, 0x10000, 0x9, 0x6b, 0x2, 0x200, 0x80000000, 0x80000001, 0x5, 0x3, 0x6, 0x8, 0xe596, 0x4, 0x0, 0x2, 0x9, 0x56e4c7f6, 0x7, 0x8, 0x3, 0x9, 0x2, 0x80, 0x5, 0x1f454050, 0x1, 0x200, 0x5, 0x7fffffff, 0xffffffb6, 0x4, 0xfd14, 0x6, 0x2, 0x6, 0x5, 0x2, 0x50, 0x4, 0x0, 0x4787, 0x4, 0x355, 0x4, 0x5, 0x0, 0xfffffffe, 0x4, 0x80000000, 0x4ed, 0x9, 0xfffffff8, 0x7fff, 0x401, 0x8, 0x2, 0xf], [0x2, 0xf, 0xd7, 0x10001, 0x187, 0x2, 0x9, 0x9, 0x5cf2, 0x0, 0xff, 0x3, 0x1de2, 0xa, 0x9, 0x8, 0x9, 0x5, 0x6, 0x2, 0x6, 0x400000, 0x2, 0x6893c92d, 0x6, 0x1, 0x1, 0x2, 0x8, 0x0, 0x8001, 0x2, 0xe, 0x2, 0x1, 0x7ff, 0x3, 0x10, 0x3, 0x6, 0x7, 0x97, 0x770, 0xf, 0x8, 0x1, 0x8715, 0x4, 0x10000, 0x81, 0x6, 0xfff, 0x800, 0xb, 0xe275, 0x3, 0x3, 0x3, 0x7, 0x7, 0x9, 0xfffffffc, 0x9, 0x7fff], [0xa, 0x1, 0x4, 0xe, 0x6, 0xb, 0x4, 0x2, 0x1, 0x10000, 0xdc, 0x4, 0x81, 0x7bcf, 0x1, 0x6, 0x89, 0x4, 0x5, 0x6, 0x84, 0x2, 0x400, 0x0, 0x80, 0x4, 0x7, 0x7f, 0x40, 0x5, 0xb, 0x3, 0x4, 0x6, 0xa, 0x80, 0x968f, 0x0, 0x75f7f346, 0x8001, 0x0, 0x400, 0x7ff, 0x3, 0xfffffff7, 0x6d, 0x246, 0x4, 0x0, 0x9, 0xfb1e, 0x3, 0xd655, 0x5, 0xf099, 0x5ba4, 0x4, 0x43, 0x6, 0x5, 0x753d1a4, 0x5, 0x3, 0xffff]}, 0x45c)
r2 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000003000)={&(0x7f0000002fc0)='module_load\x00', r0, 0x0, 0x77}, 0x18)
syz_genetlink_get_family_id$nl80211(&(0x7f0000003040), r0)
r3 = syz_io_uring_setup(0x2f2c, &(0x7f0000003080)={0x0, 0xcd9b, 0x20, 0x2, 0x33e}, &(0x7f0000003100), &(0x7f0000003140))
r4 = syz_io_uring_setup(0xbb8, &(0x7f0000003180)={0x0, 0x3ba0, 0x80, 0x1, 0x189, 0x0, r3}, &(0x7f0000003200), &(0x7f0000003240))
ioctl$PPPIOCUNBRIDGECHAN(r0, 0x7434)
bpf$OBJ_PIN_MAP(0x6, &(0x7f00000032c0)=@o_path={&(0x7f0000003280)='./file0/file0\x00', r0, 0x4000, r2}, 0x18)
tee(r3, r4, 0x6, 0x5)
close_range(r1, r0, 0x0)
kexec_load(0x70000000, 0x1, &(0x7f0000003380)=[{&(0x7f0000003300)="7e584e35233a893b86637b1183d53780a5c5e2f178ae0268f4e9336daf9896bf612ba67215176bdee95d5c5efeb20ce805836db861331bb71f4b92bd8e3332af4f45e3e1e980eafec2c1a328512b7a83fa035b6cbb2ae88e90b954915e2fc3b95fcb2cde57efaff19c666568f8", 0x6d, 0xe4, 0x7fffffff}], 0x280000)
mount$9p_xen(&(0x7f00000033c0), &(0x7f0000003400)='./file0/file0\x00', &(0x7f0000003440), 0x80, &(0x7f0000003480)={'trans=xen,', {[{@uname={'uname', 0x3d, 'nl80211\x00'}}, {@ignoreqv}, {@msize={'msize', 0x3d, 0x9}}], [{@flag='ro'}, {@fsuuid={'fsuuid', 0x3d, {[0x65, 0x39, 0x31, 0x62, 0x64, 0x66, 0x62, 0x39], 0x2d, [0x63, 0x5b, 0x33, 0x63], 0x2d, [0x62, 0x32, 0x34, 0x62], 0x2d, [0x39, 0x32, 0x32, 0x36], 0x2d, [0x65, 0x98, 0x34, 0x61, 0x7, 0x66, 0x32, 0x36]}}}, {@subj_user={'subj_user', 0x3d, 'nl80211\x00'}}, {@smackfsfloor={'smackfsfloor', 0x3d, 'nl80211\x00'}}, {@smackfstransmute}, {@subj_type={'subj_type', 0x3d, '/dev/input/mouse#\x00'}}]}})
mount(&(0x7f0000003540)=@nbd={'/dev/nbd', 0x0}, &(0x7f0000003580)='./file0/file0\x00', &(0x7f00000035c0)='affs\x00', 0x80, 0x0)
setsockopt$IPT_SO_SET_REPLACE(r0, 0x0, 0x40, &(0x7f0000003680)=@nat={'nat\x00', 0x1b, 0x5, 0x410, 0x110, 0x110, 0xffffffff, 0x110, 0x110, 0x378, 0x378, 0xffffffff, 0x378, 0x378, 0x5, &(0x7f0000003600), {[{{@ip={@local, @dev={0xac, 0x14, 0x14, 0xc}, 0xff, 0xff, 'veth0_to_hsr\x00', 'erspan0\x00', {0xff}, {}, 0x89, 0x1, 0x1c}, 0x0, 0xd8, 0x110, 0x0, {}, [@common=@set={{0x40}, {{0x3, [0x2, 0x0, 0x7, 0x5, 0x1, 0x3], 0x4, 0x1}}}, @common=@ttl={{0x28}, {0x1, 0x16}}]}, @NETMAP={0x38, 'NETMAP\x00', 0x0, {0x1, {0x5, @loopback, @remote, @port=0x4e21, @port=0x4e21}}}}, {{@ip={@broadcast, @private=0xa010100, 0xffffffff, 0xffffff00, 'ip6gre0\x00', 'veth1_to_batadv\x00', {}, {}, 0x73, 0x3, 0x50}, 0x0, 0xa0, 0xd8, 0x0, {}, [@common=@ah={{0x30}, {[0x4]}}]}, @MASQUERADE={0x38, 'MASQUERADE\x00', 0x0, {0x1, {0x0, @broadcast, @remote, @icmp_id=0x68, @icmp_id=0x67}}}}, {{@ip={@local, @multicast2, 0xff000000, 0xffffff00, 'ip6_vti0\x00', 'pim6reg1\x00', {}, {}, 0x32, 0x2, 0x42}, 0x0, 0xb0, 0xe8, 0x0, {}, [@common=@socket0={{0x20}}, @common=@socket0={{0x20}}]}, @REDIRECT={0x38, 'REDIRECT\x00', 0x0, {0x1, {0x11, @private=0xa010102, @empty, @icmp_id=0x68, @icmp_id=0x66}}}}, {{@uncond, 0x0, 0x70, 0xa8}, @SNAT0={0x38, 'SNAT\x00', 0x0, {0x1, {0x1, @dev={0xac, 0x14, 0x14, 0xd}, @multicast2, @port=0x4e22, @port=0x4e23}}}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x470)
ioctl$VHOST_SET_VRING_KICK(0xffffffffffffffff, 0x4008af20, &(0x7f0000003b00)={0x3, r0})
ioctl$VHOST_SET_VRING_BUSYLOOP_TIMEOUT(r0, 0x4008af23, &(0x7f0000003b40)={0x1, 0x7})
r5 = syz_genetlink_get_family_id$ethtool(&(0x7f0000003bc0), r0)
sendmsg$ETHTOOL_MSG_PAUSE_SET(r0, &(0x7f0000003c80)={&(0x7f0000003b80)={0x10, 0x0, 0x0, 0x8000}, 0xc, &(0x7f0000003c40)={&(0x7f0000003c00)={0x1c, r5, 0x0, 0x2, 0x25dfdbfd, {}, [@ETHTOOL_A_PAUSE_TX={0x5, 0x4, 0x1}]}, 0x1c}, 0x1, 0x0, 0x0, 0x80}, 0xd1fd5e7fc32d56c1)
umount2(&(0x7f0000003cc0)='./file0\x00', 0x8)
r6 = syz_init_net_socket$bt_hidp(0x1f, 0x3, 0x6)
r7 = getpid()
ioctl$NS_GET_OWNER_UID(r0, 0xb704, &(0x7f00000051c0)=<r8=>0x0)
fstat(r0, &(0x7f0000005200)={0x0, 0x0, 0x0, 0x0, 0x0, <r9=>0x0})
sendmmsg$unix(r0, &(0x7f00000052c0)=[{{0x0, 0x0, &(0x7f0000005140)=[{&(0x7f0000003d00)="96c7e94e59a4b3c148ee5b98ed4fd904e8ed7a69383d927d791ba837570991f1e30769008ad8c3df1808030f0d55c9cfbdaea0368eb28ff434cac47561c85697318cea57e05ff5a52bb49d182628faaeb485be8327cc19b7f26ac1f0353176bbdfcfd5d4111a8975348554794f22ed7b856ad00bf2371d6047aae65ccf91f33920d55fd2ea2acb0ca57eb42396742aced10ec220cfada2573eae7789eb49597e761ebcc34422c67f41bf02ca2d8eca4ca6ed235735bd22bf30c6b0582055825abc38abfc8ee4ac48b45dbf94cec858290427387f2e45f2aa947953278c918733441f492cfa54028443cb87122ebd678b9d1dde7af2b5cf94399375", 0xfb}, {&(0x7f0000003e00)="70f9dd5cb539078456141fc38070e74c00caa115d75c914e492bb08af7b1aee16ecbe9b2afa5fcb4233341a3eb15857384929eb73459edcaf7eec477345be94eddcc4c0259bb2890649e980f6ef2f09fe6917af4531daf6a85263e6b3c0032f49569e16c2c975fe0de279505f67bfbfe3c548f5fd4b85699651f74fbb151035cfabb2ca84dc13c332da95caac51d08407be1538ab3c769b053d70f6a57af417e0a75bb424186107a35f82e411d34659399808c69", 0xb4}, {&(0x7f0000003ec0)="b0c4437084dd970391843f588cebf2a6b31a23b7", 0x14}, {&(0x7f0000003f00)="5fcc5f51fd1ec4dcca924f3d1080a1e2df52409fe18e854ca8db45a5e685d5e911174e2093473b070ce42ec0ff8d00dc9696c7f70965e38d03725f71f79ddb0624ac3b6c5a3a716b380f7c3221085395e4415f857b317c3236fae31a3c6d211e33c6474ebc4b7aa91e437638156e46ef95560ffe1f40a1eae22c5256498ff5cdf408fe1e93d4efe668f632a937f44168308d9b7c596443adc1622ccd1499", 0x9e}, {&(0x7f0000003fc0)="0cf97d565bd565d5f15e58433d3c4d858def205bf8605e901a787d28780abfa7cd2cb769ccdfdc74cc276273201f26e65fd8ac6d3de194265f557f8bac827dd83b2dbffa79c669532a322862ef315366", 0x50}, {&(0x7f0000004040)="4f613effbb9d26f8c9c4fe2cb9f10c09a92998de2ac31362cd9d0e033053067f265cf1af07959ef4bcc4a438560a2012ada3ae54fa4b3284535e0fc0326a95c43e4f0a7f2ad3646f7f02582d6a61e26de42dbd194a25329038a7f5fc5ba606f7a50636ff50e4583190e19c225d3c6b64adb3b0aa7728a477949095aeb0bbf98c6e067775fd21c8b9039c8075adfce1ad1cfebb94a0b1c18be9be7200816402db7b480df66abe0a526db76428b530583c9130c0d4fb0a8edc580c4bb10abed7e2300601d21af8259ffc2e53c2c10a208dd790524d2988083df55dd3f40d849a79bac388086dd86ac071e21210c6cdf052a1c15b90ffac8594eac7adb5726da50e2b271025493252c72d596b2d51a230ded9241a949920bd9af47a160289b4ad38b2f6ead411586d700c93bb1643ab34590ada235a5f5a6dad5f1374e5b7617fdb54ef2abecf2f4360c571937454cceb222e2df01e30ee16d4f35d995bbeeea03bfad02063cc6549e9416c4654c8baf803166ae300919f2168b131c47c749edc4cf233005886bdce8bfd6a79a6c6fedb8dd3aa0e845a2be1c8470479170b74f4eb12ff8cbe06ff23b828c5c497adbcd15d16ecb34506e7f12c5ac14c486a14b6d46d0e62f6cedf25ca4a792a7f78520d942daaaf1f1690313b0e431ee818d0093fce797a357a7bde51cdeb2ac8fc0ba32d4da9aaf0fe9f82a2b4b24b429d61494ab6e46e1df32b7a9a2dedf1fdc16bebfc6a018de617a78a95056aa7f0ba40c28bd73983aaae129ee513fe39bdcfb56c160591d35fa139bae1902bb9a1751c58a296ec6f4ab9b5daf85ae1914c21e4207a541b587de80258a64ff7c4f951a4453b846d2cabbc56e7e099f18a534ccbf8496492ae4a27e0c717874f6f77a7ce3a1f600719ea963093dd2d56691a8694b08af0a088faa3b84121ea0c2bac115bc31adddd2a3957be9b61ca9f32e478ede2d819cf19d6e4388f5b601ec1203eb3b376634dec04295e18810df7e3aa85d67963871db9da1f7357ba5bdf28da3b71de7b9aa51fad41de4935d88fb8cce5fa7e253e890e1ae63b07c81040ecab2cffe71e765ba014af09f1f05918db0072f69ddb7a77b86a288207d2a6799ffbbc984e1b026bd3a7df3d4787c4582d68fbdace9a1b2986ac32b7509443e7f34742692e26da8d9940370cf92bc4a33b7f6f666efa63f27d6ef73f49c4c0079703bac6f34ca16540a1b03bc986ffba24169c81821e5f9e02c6cc7af1db5baff31307f904ab404f67c0a39550d3aa4266b323dc2845fa8361784504def3f1a13b207b057005791b5f572ae71807937d818078fc7df147cdfc5a286e938ebe64faf1d31929dca93933e63b2d22d1c8a77289db36b6cae0474e7da34bc7cab2d173584861236c9688753f97eefe5425d485eed817ffb125a8297ad923a6903951a6c340d9e69125ca4714190af4308dd5d79968fe5cfe0b2aa0a7fca1354cb1a660461529ca0aeadc6e87494d4d524bd1f9174ec92d7bc5b28be937107855cae3414639041a9c14965e012811091d7f6daff053e5977cd0847e97dfbaaeaede0fe5d9e1b8b025dfd20f719971d977b2b104586fa5c25e4d2f4c58493bd0cff0a6abdf575e0d5a58e348b1d96a6004da956dc3c97310093c14ae09fa5d76e1ff63e4dccf7c7ebf3169ce1b2e1ffc38d582ee5c059c7fc420d2994859828d68fe5776d224bd37025f7479b9b00f4e2c8048b747bccb638d6f58845bc60344a920371f1a58165616d1fa32e5ae3728f4201cecf9edf8eb130c1e8219f7d90fe8615080964a9b31dc8f50e180387484712f6c361fb123b2ff613ea12c4da965544e4ef5164c1c75c04bf72eca05152243439551e61d8e8c5228a3b78efba008a83174ab34892c45c721e55fccc7814551e482af2741b72a592522b0453c30da195d6c19dcef3b040ed771992ea1d1aa08c6ba0f58cf7e942b9d973c37f3a14380f051adc0f1bdc0c5c920d62b9590c295271d0ea7ba25f92983df907b6829fea3ebcdddaf2df89aea96d654e615f4893a843be353423e76e1b1afd7c55a77e3bd3f6c86a823f8e8212a6074498323088c23226e1254a7dc97a0613a4533a1ebaadc745cbf41c176a4dcd71827f017d7eeeb87eb42f6815b509a337377e98d2a1a965c3d68ff5dfe652e6c76ac0010e0a266e3d0f993c88d79a98caa09eecb0343d52a5d0939daff5c389524dd59707b2dfcc1d8d14d03e656079975d216cddfd515b7ed994740fa23da9de24e7cf9f52d7cb762844b88de6b704a5f39ef6e117fa38b45f00127494f236d37ca4f306068ef350682da4b391038781896cfd61d5cae270124819a897e080c1f858540f38e51ea69fb8a1e398677550a0e3b0de68c78696448abd4c10dbfe2e0b98d71467e119abd3095c4746a6f156e34a0c3a268496a15c50cf36455b3c020713634ef966f44c4f64de656355176b8bd8454f2f932ce01c5716101347be91213b094a5c6404937253351cab3b88be0138466f9d752d063bbbe75408db9694ea197e5c5ff9c84b942047f221e38c7b4d02f8d78defadcb5f5b6cbcaeced23465b193df8838c8d721ad49c686fb4bdf0ebe09d199c651bdb31e7a31ab7503a7e24093fc100f202b1da92335307425cb7da288ce2577efd4dac1f7d646ebb52cb98ad74df41ebd9aaf713b326aa8dc5998473b585afb6e54b529e4f0c850767431eabf11a61f1000d1eb30eecb121bf9a1a268de82503fd1ef328cfe55a6bd722d28f805fca0e2890a5ffd52ee72f6f271ce9678ba3eb2b76ad6c9ad24cdc08430f064bcb692359c2e544a01e02edf0f7131279b5e0e71c05b5b40dac205627a14e4e46e91a174176bceb6a8b85130b657a3daf3791931df9641ece3c61890c71f5070ea17d133623a6fa3557f13c912fa8197ba3056b232cdc3aeca14c7fac1138f438199b0169ef0a9c93636a4e286979fc05e8d4f8e94db3dc4b404546cde4e003b88c0523515dd2b243f4b5eac3b167b13359575c2f6ab03790998274b909b7eb082f483a4ff6e174adf60efa655cb963b0b8b56c49e2e3d1130f5f3fb2a2f2f4eee281708fb6995684a5141f7d3959eb8ac73018df99555ead32c64f040e16141cbb65dc65816a7b073a56a5cb101241a1000255541891cc49255155663a774c4ad07bd9f1ad50f8a6aa0bc4f49e12e623a77a91247e447fcd1f260e0d757d53060806ca51188fd3ed9323756136dd5b34d362847b892290ad784a67f3c5f2ec832e492b514e8f299338ab76f74111b9aa76ebe828fb2f995e8a0ab15c0265dc0811124a2f1979c29122f2c3376a958ce7314c6a022f606c9dc7de53603c190ea2cb281e300f8004a6fff8d026e06947fc8fdfd5860c1c47f3d0ae1e3865484d7733f6dc15716e3059aed14a288a394463e72925f044adac3e9ae33240c075f75b344542de63b6803982c41c309e83900e8a489d4bc19e3c713bf54e9ea14298ad8bb932c9b92c89b2b5742306df36a3f7733a622a11a1e7e075f5a87063be8720e2ebdb004b2c45f3f4b317eeebad2cd1fa866025444ba0052bb272081349040185987a9f4331526b7f41e5a8279c0b3c2b0b04e845415fb948fffb9834c55ebbffe28a142089f8bf95a8ba8e0faf5a78271974a1feba29fcdf15b4ba07475d84139944aa0d3fd0b76078fba97015df91e9f92f4fe5cd876eb1791a6585b8dc7602498ee0be1bcbf722dbeab8db79c945345f4518952d4e40088805411be877e87aa215f92d06519ee40d3f4de17fc4f17c9e1908f2ab5bd1a62d7d5b617e715effe89314fae14010a8e80b9bbabd7bdf302c2e8f913f02c07ec8910110a13b1d13ae99fb1d74e1312626b9ff065276f104e7e89d7af1bd2235292e2cbeca3fd240ae8a590b864eddef6f5b052ac76e3fd54f34bde41d3f55533365b9e1e09c0f536a1617be9acf45194b2fac61fed4cb319e7714f4a1df8431cf46f3bf3cb8c6a107718553c1489a0feecb0caa75675ebd5536a3a6edd31d10ea0ff4065cf92af3000a21f2f760d307a40a53cced6b04ffa4bdc2ef8d0defde6f857026c31be898b34a47dfb8bb1b9227db5042e1edafd886c518024fc843428acfafabc8fcf78f5fb193a7bec087ec7f804653d493edd362cb1128c665dca9966942b3be87d503c6ce3382b43d7ec36965e8f1ed66a3ab6aebc275677f08eefc4847b5c86046074f5d3e1096e601b94fef726a589ecbfce935a5176567b1df445f1f4854c9a9e8e1fd590baa4b6cf47f52b866032e26fc659ecf06b8c4e8c021af1b7b2223a385182d98746457c21a6f63033d72ee2757f0b6d8b5fb0b0b3b67e9d1effaab6085636731417e5495f954d6252a62332c01043283263aa1bd8fb85e2fca31954a4a985582d0ece0c7d028d9faa2322ef3b154254e6d92fd8c867aac1d9cd0eef09d7a4301f441f88d31c417ac0d310047f49c9c8f883f72031b8ec00f16a19ced91639be6a1fa0e5decfd19de5e064024110301b04ed0baa09da039888db059a687180dd951f97ec654a440da58934f70ce3216b3000a23eef7ddceeba0ce6368ed3a4baadd415ea2e4d9b524c07e0e94a54c67f26b5fd6ef8abf900b5ae240196d11e262ac69034bbf1f92409e0c45464801eaef05677cf19a72dbb337d7622d0f8f7a99b047c86dd1ccbd6ad9f60153d0b4a8bfd87725d58bab7174a5788f01d6f0ecd44c972c3131f467ef2465ebb0476d00e223fea189be288195ef693473da8b5d3d097517912cebbd89f639716b997e563aa0104233fa35e1bbda3f41815ec86ce4e93dd816d7b6260d1b719c208e158f38a2d3c62a5d77b7d7e9c6f8a24f6622ef51d1d982f1e69b6a847dff5a42c80742d374181f48fbf21f3b583034241b25f4a7aea4c244a7f30675f8b5594b45dbfc665fe95d35d915669e737ce824197af66cbb25b616d22e11cd8e7d3ceeb2524efaa685a12cb38961ecbd769df457e00eb02ce7c36e0b05e4e0edd0147c39230b291145ace2286246fe26e2490d16346da442e53f5bff5acda19d7b0d98fa51f0002f50b76a19147232393c09a22df2b955bf79de247a1ddccc44438beb0b960439b3480c769014b043ee0fd49145c70c8d6e6a950911e0e7981d9030d9795b64f6ce5ed8b3dc0638ab19dcf684c717cb9ef7d25ca35e391e2dc867987214a021dff548137ec0871607c7d12183f646d0b7f668c07e349ce1391cf2faa681e94929f28e693a5015659c19c849f2984bd72fb43ce84722f59451694ce2894a6a9286a53b2a3cf0c490d764e952d48f46cf3e5fed1a214d8622989ebb7185c0a90336dfbf4145d6e245b26a7c0fa08a98f4490904719f4592e8672de188a1f5072edf6bcc8464a89393953a94572c8a127404a7d799502203bad94e97b07c24ca3577c831dd1d2aebfb9b05056848e3a42f315fd23491203dd5f141cde256091f5e182cae039eb58578be0d5db19dcd6d426d3cff082b09d1b2bd883557d57b34cd7409600407e5c518bffa4b9fc054120bacbf3c2fa57146df2fad6dadaa2c86ef42c3cd5e0815d3df97bdca3d895ee8edb80b267a08e5b0ac7bf377198f84d969cf588027e900c98c4b6e90cd8604bff2be4184bb54f8da0c9f0e8561c849d2ebe871e8361e29ddd0d493ebabaaf52e53cf5ebb12e063fedf027384776763c8e9a305894a92d8246fe891400ad7a8b0fad40f61b127e04166c3b2c4bed8a7cc6c6961294c6c9165cd41986106a3c6e9afdd842d112b57ae098c4a93e09c088679d3ee040c7265", 0x1000}, {&(0x7f0000005040)="5636bbc9f61b37f19d7f47b04c3bb8891942f41b9a329ed6b600fee81a812a9368dec1393618d08a00ef1c0fa39a", 0x2e}, {&(0x7f0000005080)="21d9ebc0d89653b2e9e1308d4fcfd89fd1426e0ae8d9105949bb0461b267b53a08e4991244123bfd77a649b9e479196bb60fda9de6dbaebba2f1d826f1a023db48b5481f6221a001189d0b1c95f39a8ac7095f579166d83aed8939c9e762aadb9f6a46e169b6c11c1a38985b3185267c040929df1471e3bace8c9558480b993b2c5dbf4b170e48187239d3687906", 0x8e}], 0x8, &(0x7f0000005280)=[@rights={{0x20, 0x1, 0x1, [r0, r6, r2, r4]}}, @cred={{0x1c, 0x1, 0x2, {r7, r8, r9}}}], 0x40, 0x4004800}}], 0x1, 0x800)
prlimit64(r7, 0xb, &(0x7f0000005300)={0x8, 0x2}, &(0x7f0000005340))
getsockopt$EBT_SO_GET_INIT_INFO(r0, 0x0, 0x82, &(0x7f0000005380)={'nat\x00', 0x0, 0x0, 0x0, [0xf242, 0x401, 0x1, 0x1ea, 0xa45, 0x3]}, &(0x7f0000005400)=0x78)

3m6.486330689s ago: executing program 1 (id=956):
socket$nl_generic(0x10, 0x3, 0x10)
r0 = socket(0x10, 0x80002, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)=@newtaction={0x70, 0x30, 0x53b, 0x0, 0x0, {0x9}, [{0x5c, 0x1, [@m_sample={0x58, 0x1, 0x0, 0x0, {{0xb}, {0x2c, 0x2, 0x0, 0x1, [@TCA_SAMPLE_PSAMPLE_GROUP={0x8}, @TCA_SAMPLE_RATE={0x8, 0x3, 0x526}, @TCA_SAMPLE_PARMS={0x18}]}, {0x4}, {0xc}, {0xc, 0x4}}}]}]}, 0x70}}, 0x0)

3m3.840328407s ago: executing program 1 (id=961):
pipe2$9p(&(0x7f0000000000)={0xffffffffffffffff, <r0=>0xffffffffffffffff}, 0x4880)
r1 = socket$packet(0x11, 0x2, 0x300)
r2 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="19000000040000000800000008"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000107b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000925e850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x1, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x10, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
setsockopt$sock_attach_bpf(r1, 0x1, 0x32, &(0x7f0000000180)=r3, 0x4)
r4 = socket(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r4, &(0x7f0000000740)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000200)=@newqdisc={0x24, 0x24, 0xd0f, 0x3, 0x0, {0x60, 0x0, 0x0, 0x0, {0x0, 0x2}, {0xffff, 0xffff}, {0x4}}}, 0x24}, 0x1, 0x0, 0x0, 0x40001d4}, 0x8840) (async)
r5 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000140), 0x42, 0x0)
mount$fuse(0x0, &(0x7f00000042c0)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f0000000000)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r5, @ANYBLOB=',rootmode=00000000000000000040000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0]) (async)
ioctl$sock_SIOCGIFVLAN_SET_VLAN_FLAG_CMD(r4, 0x8982, &(0x7f0000000100)={0x7, 'vlan0\x00', {0x9}, 0x7ff})
r6 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r6, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000000c0)=@newlink={0x4c, 0x10, 0xffffffffffffffff, 0x70bd27, 0x25dfdbfb, {0x0, 0x0, 0x0, 0x0, 0x50a10, 0x51a23}, [@IFLA_LINKINFO={0x2c, 0x12, 0x0, 0x1, @ip6erspan={{0xe}, {0x18, 0x2, 0x0, 0x1, [@IFLA_GRE_COLLECT_METADATA={0x4}, @IFLA_GRE_ERSPAN_VER={0x5, 0x16, 0x1}, @IFLA_GRE_ERSPAN_INDEX={0x8, 0x15, 0x85452}]}}}]}, 0x4c}}, 0x20040040) (async)
read$FUSE(r5, &(0x7f0000002140)={0x2020, 0x0, 0x0, <r7=>0x0}, 0x2020)
chown(&(0x7f00000000c0)='./file0\x00', r7, 0x0) (async)
write$P9_RGETATTR(r0, &(0x7f0000000040)={0xa0, 0x19, 0x2, {0x400, {0x80, 0x2, 0x1}, 0x83, r7, 0xee01, 0xc5c4000000000000, 0x2, 0x2, 0x8, 0xa358, 0x25, 0x7, 0x1, 0x6, 0xdf, 0x40, 0xfffffffffffffff8, 0x7, 0x6, 0x1000}}, 0xa0)
syz_usb_connect(0x0, 0x3f, &(0x7f00000002c0)=ANY=[@ANYBLOB="12010000d0918108ac051582588f0000000109022d00010000000009040000030b08000009058d67c8002a000009050502000000000009058b6e", @ANYRESOCT], 0x0)

3m3.8336875s ago: executing program 1 (id=968):
r0 = socket$inet6_sctp(0xa, 0x1, 0x84)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r0, 0x84, 0x6f, &(0x7f0000000280)={0x0, 0x1c, &(0x7f0000000000)=[@in6={0xa, 0x0, 0x0, @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, 0x9}]}, &(0x7f00000002c0)=0x10)
r1 = add_key$user(&(0x7f00000006c0), &(0x7f0000000280)={'syz', 0x3}, &(0x7f00000008c0)="d3a24845fed3b644db111f6660fcd399052be391b829c18141634298ceeb56ee051e22d30dbb5f2c5ab2078c2c8cf5b9a0385ac162b836c7977ec2752acb894b12c965ca0e6ef3be0e26d7ce463ba7d45d493070046ee8bf617e890cd5321ff6387b3c061c485ebc22948c0292c94d7463b0a2daf8dd3e66c957e3aef3a4b95f4935d34e1bcbc49fc30eb919f98f0c8eeedbb598bc77f0ea766d13268eb19b0cfd6d9624efc20e49f72912e99e06f832a5d6a336636bcef1293071e0a88f8453a5e3f66a46bb0d1151d677b39ea96b1e0df37938a43869aff5ef6877c00111c7dac90bf1400828b2e8d7480538629ae1c49cdb837a0982effde78d4f7082d1dfb80a8f41721eec044f4790eb085ea33b852b9be529e6c61801bcf0fe530a3d2b1cb2d558411525eeafe4a910e61317eb7798c968ddd0c8855cbe842726dc0741707dd8e19707f6a2d21cc64134642ee1bae7a89e1774fc5e63d7e07610c78aaf4aefea35ac05112dccb45a19b01a16c6d7d5a710e1fda1b72947b1c859546f07373dc3c9e616f5f92090dfafd5f24579819f9988859e7b488420cd602bacefa6f338a88209c9601a5762d47ac6f73a3f3f5976aaba7b82cfbf625faa3c46dfa85db0b4f5897eebcec1d592a8c20e55c211da752d78449fefe4363238763974a71e0933d9e7dc3c4c78a98b51ec5e0d1bfde454beccdc6f9b4d", 0x1f9, 0xffffffffffffffff)
socket$inet6_tcp(0xa, 0x1, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x11, 0x8, &(0x7f0000001640)=ANY=[@ANYBLOB="620af8"], 0x0}, 0x94)
r2 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000040), 0xffffffffffffffff)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$IPVS_CMD_NEW_SERVICE(r3, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000080)={0x28, r2, 0x1, 0x0, 0x0, {}, [@IPVS_CMD_ATTR_DEST={0x14, 0x2, 0x0, 0x1, [@IPVS_DEST_ATTR_INACT_CONNS={0x8, 0x8, 0x10}, @IPVS_DEST_ATTR_TUN_PORT={0x6, 0xe, 0x4e21}]}]}, 0x28}}, 0x20000090)
r4 = socket$inet6_tcp(0xa, 0x1, 0x0)
getsockopt$IP_VS_SO_GET_SERVICES(r4, 0x0, 0x482, &(0x7f0000001640)=""/139, &(0x7f0000000100)=0x8)
r5 = openat$comedi(0xffffffffffffff9c, &(0x7f0000000080)='/dev/comedi3\x00', 0x400, 0x0)
ioctl$COMEDI_INSNLIST(r5, 0x8010640b, &(0x7f00000000c0)={0x1, &(0x7f0000000000)=[{0xe000003, 0x0, 0x0, 0x438, 0x4}]})
r6 = socket$nl_route(0x10, 0x3, 0x0)
mmap(&(0x7f0000fff000/0x1000)=nil, 0x1000, 0x1000004, 0x10010, r6, 0x77430000)
mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x0)
mount$fuse(0x0, 0x0, 0x0, 0x2b3c094, &(0x7f0000000400)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=0x0])
mount(0x0, &(0x7f0000000380)='./file1\x00', &(0x7f0000000040)='autofs\x00', 0x0, &(0x7f0000000400))
chdir(&(0x7f0000000080)='./file1\x00')
r7 = open(&(0x7f0000000000)='.\x00', 0x0, 0x0)
mkdir(&(0x7f00000002c0)='./file0\x00', 0x0)
mount(0x0, &(0x7f00000003c0)='./file0\x00', &(0x7f0000000580)='tracefs\x00', 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000003c0)={0x18, 0x4, &(0x7f0000000180)=ANY=[@ANYRES32=r7], 0x0, 0x8, 0x0, 0x0, 0x0, 0x50, '\x00', 0x0, @fallback=0x3, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, r7}, 0x94)
ioctl$AUTOFS_IOC_PROTOSUBVER(r7, 0x40049366, &(0x7f0000000180))
r8 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r8, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a0102000000000000000002000000090001007379d100000000006c000000160a01020000000000000000010000000900010073797a30000000000900020073797a300000000040000380080001400000000008000240000000002c00038014000100636169663000000000000000000000001400010065727370616e3000000000000000000048000000160a0101000b000000000000010000000900020073797a30000000000900010073797a30000000001c00038018000380140001007465616d30000000000000000000000044000000180a010400000000000000000000000a0900010073797a30000000000c000540000000000000000508000740000000000800074000000001080007400000000120000000120a01080000000000000000000000050c002640000000000000000528000000020a05000000000000000000050000010900010073797a3000000000080002400000000170000000140a010200000000270000000200000108000340000000040900010073797a30000000000900010073797a31000000000c0006"], 0x308}, 0x1, 0x0, 0x0, 0x40}, 0x800)
r9 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000080), 0x202, 0x0)
write$sequencer(r9, &(0x7f0000000000)=ANY=[@ANYBLOB="800357640423a80294"], 0x10)
r10 = add_key$user(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x3}, &(0x7f0000000080)="f9", 0x1, 0xfffffffffffffffe)
keyctl$dh_compute(0x17, &(0x7f0000000540)={r10, r1, r1}, &(0x7f0000000780)=""/86, 0x56, &(0x7f0000000400)={&(0x7f00000002c0)={'crc32c\x00'}})
getsockopt$inet_sctp6_SCTP_MAX_BURST(r0, 0x84, 0x83, &(0x7f0000000000)=@assoc_value, &(0x7f00000004c0)=0x27)

3m2.908153675s ago: executing program 1 (id=978):
setsockopt$SO_TIMESTAMPING(0xffffffffffffffff, 0x1, 0x25, 0x0, 0x0)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
r0 = syz_open_procfs(0x0, 0x0)
fchdir(r0)
mount(0x0, &(0x7f0000000080)='.\x00', 0x0, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000006c0)={0x18, 0xb, 0x0, &(0x7f00000004c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8d}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000540)=0x4)
r1 = syz_open_dev$dri(&(0x7f0000000000), 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r1, 0xc02064b2, &(0x7f00000000c0)={0x5, 0x100a, 0x9})
mmap(&(0x7f0000001000/0x4000)=nil, 0x4000, 0x4, 0x11, r1, 0x100000000)
r2 = syz_open_dev$dri(&(0x7f0000000a40), 0x1, 0x0)
ioctl$DRM_IOCTL_MODE_GETPROPBLOB(r2, 0xc01064ac, &(0x7f0000000000)={0x0, 0x1000, &(0x7f0000002a80)=""/4096})
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
r3 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r3, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
r4 = openat$adsp1(0xffffffffffffff9c, &(0x7f0000000040), 0xa0201, 0x0)
ioctl$SNDCTL_DSP_CHANNELS(r4, 0xc0045006, &(0x7f0000000180)=0x6e)
ioctl$SNDCTL_DSP_SPEED(r4, 0xc0045002, &(0x7f0000000080)=0x3ff)
write$dsp(r4, &(0x7f00000012c0)="a52876830a602214f6b4e928d758f38a5a7cb4b31c4c09289e9ebb6286784ca3", 0x4000)

2m47.491503054s ago: executing program 32 (id=978):
setsockopt$SO_TIMESTAMPING(0xffffffffffffffff, 0x1, 0x25, 0x0, 0x0)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
r0 = syz_open_procfs(0x0, 0x0)
fchdir(r0)
mount(0x0, &(0x7f0000000080)='.\x00', 0x0, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000006c0)={0x18, 0xb, 0x0, &(0x7f00000004c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8d}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000540)=0x4)
r1 = syz_open_dev$dri(&(0x7f0000000000), 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r1, 0xc02064b2, &(0x7f00000000c0)={0x5, 0x100a, 0x9})
mmap(&(0x7f0000001000/0x4000)=nil, 0x4000, 0x4, 0x11, r1, 0x100000000)
r2 = syz_open_dev$dri(&(0x7f0000000a40), 0x1, 0x0)
ioctl$DRM_IOCTL_MODE_GETPROPBLOB(r2, 0xc01064ac, &(0x7f0000000000)={0x0, 0x1000, &(0x7f0000002a80)=""/4096})
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
r3 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r3, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
r4 = openat$adsp1(0xffffffffffffff9c, &(0x7f0000000040), 0xa0201, 0x0)
ioctl$SNDCTL_DSP_CHANNELS(r4, 0xc0045006, &(0x7f0000000180)=0x6e)
ioctl$SNDCTL_DSP_SPEED(r4, 0xc0045002, &(0x7f0000000080)=0x3ff)
write$dsp(r4, &(0x7f00000012c0)="a52876830a602214f6b4e928d758f38a5a7cb4b31c4c09289e9ebb6286784ca3", 0x4000)

52.026768319s ago: executing program 5 (id=1592):
r0 = socket$inet_sctp(0x2, 0x1, 0x84)
setsockopt$inet_opts(r0, 0x0, 0x2, &(0x7f0000000180)="e9", 0x1)
sendmsg$inet_sctp(r0, &(0x7f00000000c0)={&(0x7f0000000340)=@in={0x2, 0x4e20, @local}, 0x10, &(0x7f00000006c0)=[{&(0x7f0000000100)="619072", 0x3}], 0x1, 0x0, 0x0, 0x800c840}, 0xc5)

51.913970335s ago: executing program 5 (id=1596):
munmap(&(0x7f0000001000/0x2000)=nil, 0x2000)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000080)={&(0x7f0000000000)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x18, 0x18, 0x2, [@func_proto={0x0, 0x0, 0x0, 0xd, 0x2}, @union={0x0, 0x0, 0x0, 0x5, 0x0, 0x80000000}]}}, &(0x7f0000000f40)=""/4084, 0x32, 0xff4, 0x7, 0x7ff}, 0x28)

51.765790472s ago: executing program 5 (id=1600):
r0 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/kexec_loaded', 0x200, 0x30)
read$FUSE(r0, &(0x7f0000000400)={0x2020}, 0x2020)

51.652703015s ago: executing program 5 (id=1603):
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0)
mount$bind(&(0x7f0000000380)='./file0\x00', &(0x7f0000000200)='./file0\x00', 0x0, 0x2125099, 0x0)
mount$bind(0x0, &(0x7f00000005c0)='./file0\x00', 0x0, 0x100000, 0x0)
r0 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901)
move_mount(r0, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0)
mount$bind(&(0x7f0000000000)='./file0/../file0\x00', &(0x7f0000000340)='./file0/file0\x00', 0x0, 0x89101a, 0x0)
mount$bind(0x0, &(0x7f0000000140)='./file0/file0\x00', 0x0, 0x80000, 0x0)
mount$bind(&(0x7f0000000100)='./file0\x00', &(0x7f0000000280)='./file0/../file0\x00', 0x0, 0x1adc51, 0x0)
open_tree(r0, &(0x7f0000000640)='\x00', 0x89901)
r1 = open_tree(r0, &(0x7f00000000c0)='./file0\x00', 0x8901)
move_mount(r1, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0)

51.346287087s ago: executing program 5 (id=1609):
r0 = socket$igmp6(0xa, 0x3, 0x2)
setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000b00)=@raw={'raw\x00', 0x8, 0x3, 0x428, 0xd0, 0xffffffff, 0xffffffff, 0xd0, 0xffffffff, 0x358, 0xffffffff, 0xffffffff, 0x358, 0xffffffff, 0x3, 0x0, {[{{@ipv6={@private0, @mcast2, [], [], 'veth0_macvtap\x00', 'dvmrp1\x00'}, 0x0, 0xa8, 0xd0}, @common=@unspec=@NFQUEUE0={0x28}}, {{@ipv6={@remote, @mcast2, [], [], 'wg1\x00', 'gre0\x00', {}, {}, 0x0, 0x0, 0x0, 0x50}, 0x0, 0x258, 0x288, 0x0, {}, [@common=@inet=@hashlimit1={{0x58}, {'pim6reg\x00', {0x0, 0x0, 0x5, 0x0, 0x0, 0x7, 0x3ff}}}, @common=@inet=@hashlimit3={{0x158}, {'wg1\x00', {0x3, 0x0, 0x41, 0x0, 0x0, 0x1000, 0x6, 0x3}}}]}, @common=@unspec=@CONNMARK={0x30}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28, '\x00', 0x7}}}}, 0x488)
syz_emit_ethernet(0x6e, &(0x7f0000000780)={@random="416a7a6c9779", @random="f08d2cea24a4", @void, {@ipv6={0x86dd, @dccp_packet={0x1, 0x6, "1e7a8c", 0x38, 0x21, 0x0, @remote, @dev={0xfe, 0x80, '\x00', 0x18}, {[@srh={0x73, 0x0, 0x4, 0x0, 0xe, 0x0, 0x2}, @routing={0x21, 0x0, 0x3, 0x3}, @fragment={0x29, 0x0, 0x3, 0x1, 0x0, 0xa, 0x67}], {{0x4e24, 0x4e23, 0x4, 0x1, 0xb, 0x0, 0x0, 0x9, 0x2, "60cb1b", 0x0, "c98b1b"}, "22861019379d3275aff5b188f677194e"}}}}}}, 0x0)

51.126496812s ago: executing program 5 (id=1617):
r0 = socket$packet(0x11, 0x2, 0x300)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000180)={'veth0_to_team\x00', <r1=>0x0})
bind$packet(r0, &(0x7f0000000000)={0x11, 0x3, r1, 0x1, 0x82, 0x6, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x19}}, 0x14)
r2 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='net/ptype\x00')
preadv(r2, &(0x7f0000000340)=[{&(0x7f0000000040)=""/21, 0x15}], 0x1, 0x0, 0x8)

50.673231428s ago: executing program 33 (id=1617):
r0 = socket$packet(0x11, 0x2, 0x300)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000180)={'veth0_to_team\x00', <r1=>0x0})
bind$packet(r0, &(0x7f0000000000)={0x11, 0x3, r1, 0x1, 0x82, 0x6, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x19}}, 0x14)
r2 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='net/ptype\x00')
preadv(r2, &(0x7f0000000340)=[{&(0x7f0000000040)=""/21, 0x15}], 0x1, 0x0, 0x8)

15.051088021s ago: executing program 4 (id=1842):
openat$ptmx(0xffffffffffffff9c, 0x0, 0x41, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
mkdir(0x0, 0x0)
openat$misdntimer(0xffffffffffffff9c, &(0x7f0000001440), 0x0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f00000009c0)=ANY=[@ANYBLOB="180100000000000000000000000000008500"], &(0x7f00000002c0)='GPL\x00', 0x5, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x41}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x7)
r0 = getpid()
mmap$IORING_OFF_SQES(&(0x7f0000059000/0x1000)=nil, 0x1000, 0x1000000, 0x30, 0xffffffffffffffff, 0x10000000)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbee2, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={0xffffffffffffffff, <r3=>0xffffffffffffffff})
mkdirat(0xffffffffffffffff, &(0x7f0000000040)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', 0x0)
r4 = syz_open_procfs(0x0, &(0x7f0000000180)='map_files\x00')
fchdir(r4)
sendmmsg$unix(r3, &(0x7f0000000d40)=[{{&(0x7f0000000080)=@abs={0x1, 0x30, 0x30}, 0x6e, 0x0}}], 0x1, 0x0)

14.818015278s ago: executing program 2 (id=1843):
ioctl$AUTOFS_DEV_IOCTL_PROTOVER(0xffffffffffffffff, 0xc0189372, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
r1 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0x0}, 0x50)
sendmsg$IPCTNL_MSG_EXP_GET(0xffffffffffffffff, 0x0, 0x8000)
r2 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000007c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
r3 = socket$inet6(0xa, 0x3, 0x2c)
setsockopt$IP6T_SO_SET_REPLACE(r3, 0x29, 0x40, &(0x7f0000000540)=@raw={'raw\x00', 0x3c1, 0x3, 0x2a8, 0x3a0, 0x150, 0x150, 0x0, 0xf8010000, 0x468, 0x238, 0x238, 0x468, 0x238, 0x3, 0x0, {[{{@ipv6={@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @ipv4={'\x00', '\xff\xff', @initdev={0xac, 0x1e, 0x0, 0x0}}, [], [], 'team_slave_0\x00', 'hsr0\x00', {}, {}, 0x84}, 0x0, 0xa8, 0x110}, @unspec=@CT2={0x68, 'CT\x00', 0x2, {0x0, 0x0, 0x0, 0x0, 'pptp\x00', 'syz0\x00'}}}, {{@ipv6={@empty, @mcast1, [], [], 'batadv_slave_0\x00', 'veth1\x00'}, 0x0, 0xa8, 0xc8}, @unspec=@NOTRACK={0x20}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x308)
r4 = syz_open_dev$vbi(&(0x7f0000000340), 0x0, 0x2)
ioctl$VIDIOC_S_PARM(r4, 0xc0cc5616, &(0x7f0000000440)={0x6, @capture={0x0, 0x1, {0xd, 0x400}, 0x2, 0x80000001}})
syz_emit_ethernet(0x0, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x6, 0x1c, &(0x7f0000000d80)=@ringbuf={{0x18, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, {{0x18, 0x1, 0x1, 0x0, r2}, {}, {}, {0x85, 0x0, 0x0, 0x5}, {0x4, 0x1, 0xb, 0x9, 0xa}}, {{0x5, 0x0, 0x3}}, [@snprintf={{0x5, 0x0, 0xb, 0x9, 0x0, 0x2, 0x2}, {0x3, 0x2, 0x3, 0xa, 0x9, 0xfe00}, {0x5, 0x0, 0xb, 0x9, 0x0, 0x0, 0x4}, {0x3, 0x0, 0x6, 0xa, 0x9, 0xfe04, 0xe1}, {0x7, 0x1, 0xb, 0x7, 0x8}, {0x7, 0x0, 0x0, 0x8}, {0x7, 0x1, 0xb, 0x4, 0xa, 0x20}, {}, {}, {0x18, 0x2, 0x2, 0x0, r1}, {}, {0x46, 0x8, 0xfff0, 0x76}}], {{0x7, 0x1, 0xb, 0x8}, {0x6, 0x0, 0x5, 0x8}, {0x85, 0x0, 0x0, 0x7}}}, &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r5 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt$inet_sctp6_SCTP_MAX_BURST(r5, 0x84, 0x14, &(0x7f0000000440)=@assoc_value={0x0, 0x10000}, 0x8)
setsockopt$inet_sctp6_SCTP_ENABLE_STREAM_RESET(r5, 0x84, 0x76, &(0x7f0000000200)={0x0, 0x7}, 0x8)
setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r5, 0x84, 0x64, &(0x7f0000000280)=[@in6={0xa, 0x4e23, 0x0, @loopback}], 0x1c)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000040)={'tunl0\x00', <r6=>0x0})
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000001200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000200)=@newqdisc={0x24, 0x24, 0x4ee4e6a52ff56541, 0x0, 0x25dfdbff, {0x0, 0x0, 0x0, r6, {0x0, 0xffe0}, {0xffff, 0xffff}, {0xffff, 0x4}}}, 0x24}}, 0x0)

14.042414322s ago: executing program 4 (id=1847):
r0 = syz_open_dev$vim2m(&(0x7f0000000000), 0x47b, 0x2)
ioctl$vim2m_VIDIOC_S_CTRL(r0, 0xc008561c, &(0x7f0000000100)={0xf0f002})

12.548932465s ago: executing program 4 (id=1851):
mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x1000002, 0x200000005c831, 0xffffffffffffffff, 0x0)
madvise(&(0x7f0000c0c000/0x1000)=nil, 0x1000, 0x4)
r0 = openat$sndseq(0xffffffffffffff9c, 0x0, 0xe0c81)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r1, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000080)={0x48, 0x2, 0x6, 0x801, 0x0, 0x0, {0x1, 0x0, 0x3}, [@IPSET_ATTR_TYPENAME={0xc, 0x3, 'hash:ip\x00'}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0xa}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}, @IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_DATA={0x4}]}, 0x48}, 0x1, 0x0, 0x0, 0x2002c0c4}, 0x0)
r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000006c0)={0x18, 0xb, &(0x7f0000000640)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020000000000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f00000004c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000002c0)='contention_begin\x00', r2, 0x0, 0xd}, 0x18)
socket(0x40000000015, 0x5, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8d}, 0x0)
openat$procfs(0xffffffffffffff9c, 0x0, 0x0, 0x0)
syz_usb_connect(0x0, 0x24, &(0x7f0000000040)={{0x12, 0x1, 0x141, 0xc2, 0x8, 0x59, 0x20, 0x4e2, 0x1402, 0x9f1d, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x0, 0x0, 0x10, 0x0, [{{0x9, 0x4, 0xa1, 0x2, 0x0, 0x2, 0x63, 0x3c}}]}}]}}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000540)=0x4)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
r3 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
setuid(0xee00)
r4 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
waitid(0x0, r4, 0x0, 0x61000006, 0x0)
rt_tgsigqueueinfo(r4, r4, 0x13, &(0x7f0000000200)={0x9, 0x0, 0x80000000})
writev(r3, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
syz_io_uring_setup(0x7dca, &(0x7f0000000340)={0x0, 0x4, 0x10100, 0x0, 0x2000000}, 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, 0x0)
pselect6(0x40, &(0x7f0000000000)={0x3, 0x20000, 0x1fffffffffe, 0xfffffffffffffffd, 0x100000000, 0x0, 0x1000001000, 0x5f}, 0x0, &(0x7f00000002c0)={0x3fb, 0x8, 0x400000000001, 0x9, 0x40000000000000, 0xf, 0x80000002, 0x5}, 0x0, 0x0)
close_range(r0, 0xffffffffffffffff, 0x0)

12.548354877s ago: executing program 2 (id=1852):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20008b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x3)
sched_setaffinity(0x0, 0x8, &(0x7f0000000580)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$MSR(&(0x7f00000003c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000001a40)=""/102392, 0x18ff8)
r1 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000024002, 0x0)
r2 = dup(r1)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb, 0x13, r2, 0x2ef4000)
madvise(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x1)
mlock(&(0x7f0000000000/0x800000)=nil, 0x800000)

11.265873128s ago: executing program 2 (id=1856):
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, r0, 0x0)
fcntl$F_SET_RW_HINT(r0, 0x40c, &(0x7f0000000140))

7.853997274s ago: executing program 2 (id=1860):
r0 = openat$binderfs(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000200)='./binderfs/binder0\x00', 0x0, 0x0)
r2 = dup3(r1, r0, 0x0)
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000480)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x5, 0x8b}, 0x0)
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r3, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000003c0)={{0x14}, [@NFT_MSG_NEWRULE={0x50, 0x6, 0xa, 0x40b, 0x0, 0x0, {0x2}, [@NFTA_RULE_EXPRESSIONS={0x24, 0x4, 0x0, 0x1, [{0x20, 0x1, 0x0, 0x1, @ct={{0x7}, @val={0x14, 0x2, 0x0, 0x1, [@NFTA_CT_KEY={0x8, 0x2, 0x1, 0x0, 0xf}, @NFTA_CT_DREG={0x8, 0x1, 0x1, 0x0, 0x2}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14}}, 0x78}}, 0x0)
syz_emit_ethernet(0x66, &(0x7f0000000a40)={@local, @link_local, @void, {@ipv4={0x800, @gre={{0x5, 0x4, 0x0, 0x8, 0x58, 0x68, 0x0, 0xd6, 0x2f, 0x0, @remote, @local}, {{0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x880b, 0x0, 0x3}, {0x1, 0x0, 0x1, 0x1}, {0x1, 0x0, 0x0, 0x1}, {0x8, 0x88be, 0x2, {{0xd, 0x1, 0x9, 0x3}, 0x1, {0x1}}}, {0x8, 0x22eb, 0x3, {{0xb, 0x2, 0xf7, 0x1, 0x1, 0x2, 0x2, 0x3}, 0x2, {0x200, 0x2, 0x1, 0x0, 0x0, 0x1, 0x2, 0x0, 0x1}}}}}}}}, 0x0)
socket$inet_icmp_raw(0x2, 0x3, 0x1)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
mkdir(&(0x7f0000000300)='./bus\x00', 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000380)={[{@upperdir={'upperdir', 0x3d, './file1'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@workdir={'workdir', 0x3d, './bus'}}, {@nfs_export_on}]})
chdir(&(0x7f00000000c0)='./bus\x00')
r4 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r4, &(0x7f0000019680)=""/102392, 0x18ff8)
r5 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x42, 0x0)
r6 = creat(&(0x7f0000000580)='./file1\x00', 0x0)
r7 = fanotify_init(0xf00, 0x1)
fanotify_mark(r7, 0x105, 0x40009975, r6, 0x0)
fallocate(r5, 0x0, 0x1000000, 0x3)
mmap(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x27ffff7, 0x4012011, r5, 0x0)
ioctl$SNDRV_TIMER_IOCTL_SELECT(0xffffffffffffffff, 0x40345410, 0x0)
openat$sndseq(0xffffffffffffff9c, 0x0, 0x0)

7.853534992s ago: executing program 0 (id=1861):
mkdir(&(0x7f0000000300)='./bus\x00', 0x36)
mkdir(&(0x7f0000000580)='./file0\x00', 0x41)
mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0)
pipe2$9p(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000080)=ANY=[@ANYBLOB="1500000065ffff097b000008003950323030302e4c"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f0000000100)={0x18}, 0x18)
write$FUSE_DIRENTPLUS(r2, &(0x7f0000000440)=ANY=[@ANYBLOB="b0000000000000ab284dc9a94095f54e34f11a5a480d2115805745f8a24d"], 0xb0)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x30, 0x5, 0x0, {0x0, 0x1000, 0x1000, 0x80000}}, 0x1b)
mount$9p_fd(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000b80), 0x0, &(0x7f0000000340)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r2}})
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000a00)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]})

6.473687826s ago: executing program 3 (id=1862):
r0 = syz_open_dev$vim2m(&(0x7f0000000000), 0x47b, 0x2)
ioctl$vim2m_VIDIOC_S_CTRL(r0, 0xc008561c, &(0x7f0000000100)={0xf0f002})

6.43788725s ago: executing program 4 (id=1863):
r0 = socket$inet_sctp(0x2, 0x1, 0x84)
setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r0, 0x84, 0x64, &(0x7f0000000280)=[@in={0x2, 0x4e21, @loopback}], 0x10)
sendmsg$inet_sctp(r0, &(0x7f0000000700)={&(0x7f0000000340)=@in={0x2, 0x4e21, @loopback}, 0x10, &(0x7f0000000080)=[{&(0x7f0000000000)="fd", 0x1}], 0x1, 0x0, 0x0, 0x804c044}, 0x881)
setsockopt$inet_sctp_SCTP_FRAGMENT_INTERLEAVE(r0, 0x84, 0x12, &(0x7f00000002c0)=0x8, 0x4)
r1 = dup(r0)
write$RDMA_USER_CM_CMD_CREATE_ID(r1, &(0x7f00000001c0)={0x0, 0x18, 0xfa00, {0x0, 0x0, 0x106, 0x2}}, 0x20)
write$RDMA_USER_CM_CMD_CREATE_ID(r1, &(0x7f0000000440)={0x0, 0x18, 0xfa00, {0x4, 0x0, 0x106}}, 0x20)
setsockopt$inet_sctp_SCTP_DEFAULT_PRINFO(r1, 0x84, 0x72, &(0x7f0000000100)={0x0, 0x0, 0x20}, 0xc)
setsockopt$inet_sctp_SCTP_MAXSEG(r1, 0x84, 0xd, &(0x7f0000000040)=@assoc_value={0x0, 0xcc0}, 0x8)
setsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(r1, 0x84, 0x22, &(0x7f0000000240)={0x9, 0x201, 0x2, 0x10000}, 0x10)
write$RDMA_USER_CM_CMD_RESOLVE_ROUTE(r1, &(0x7f00000000c0)={0x4, 0x8, 0xfa00, {0xffffffffffffffff, 0x5}}, 0xfd87)

6.218368714s ago: executing program 3 (id=1864):
ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bind$tipc(0xffffffffffffffff, 0x0, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
bpf$BPF_BTF_LOAD(0x12, 0x0, 0x0)
fanotify_mark(0xffffffffffffffff, 0x105, 0x5000003a, 0xffffffffffffffff, 0x0)
epoll_create(0x6)
socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
r4 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
bind$bt_sco(r4, &(0x7f0000000580)={0x1f, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x11}}, 0x8)
listen(r3, 0x0)
bind$bt_sco(0xffffffffffffffff, &(0x7f0000000080)={0x1f, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x11}}, 0x8)
listen(0xffffffffffffffff, 0x86a)
r5 = fsopen(&(0x7f0000000080)='zonefs\x00', 0x1)
fsconfig$FSCONFIG_CMD_CREATE(r5, 0x6, 0x0, 0x0, 0x0)

6.199118979s ago: executing program 0 (id=1865):
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={0x0}, 0x18)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
add_key(0x0, &(0x7f0000000180), 0x0, 0x0, 0xfffffffffffffffe)
r3 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$netlbl_mgmt(&(0x7f0000000180), r4)
sendmsg$NLBL_MGMT_C_ADD(r3, &(0x7f0000009bc0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000009c00)={0x24, r5, 0x1, 0x70bd25, 0x0, {}, [@NLBL_MGMT_A_DOMAIN={0x5, 0x1, '\x00'}, @NLBL_MGMT_A_PROTOCOL={0x8, 0x2, 0x7}]}, 0x24}, 0x1, 0x0, 0x0, 0x4000010}, 0x40050)

5.353804431s ago: executing program 4 (id=1866):
r0 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
ptrace(0x10, r0)
mkdir(&(0x7f0000000140)='./file1\x00', 0x1a0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
socket$netlink(0x10, 0x3, 0x0)
sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x80001d00c0d1)
syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
mount(0x0, &(0x7f0000000200)='./file1\x00', &(0x7f00000002c0)='tmpfs\x00', 0x200000, &(0x7f0000000300)='usrquota')
chdir(&(0x7f0000000280)='./file1\x00')
r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='blkio.bfq.io_wait_time_recursive\x00', 0x275a, 0x0)
write$binfmt_script(r3, &(0x7f0000000000), 0x208e24b)
ptrace$getregset(0x4204, r0, 0x1, &(0x7f0000000340)={0x0})

5.134230174s ago: executing program 3 (id=1867):
prlimit64(0x0, 0xe, &(0x7f00000007c0)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
pselect6(0x0, 0x0, 0x0, &(0x7f00000002c0)={0x3ff, 0x0, 0x4, 0x0, 0x0, 0x0, 0xfc08}, 0x0, 0x0)
r1 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000d00), 0xffffffffffffffff)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$TIPC_NL_LINK_GET(r2, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000700)=ANY=[@ANYBLOB='|\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="030700000000000000000800000068000480040007801300010062726f6164636173742d6c696e6b00001900078008000300000000000800020000000000080003000000000008000200000000000800030000000000040004"], 0x7c}}, 0x0)
bpf$MAP_CREATE(0x0, 0x0, 0x48)
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0)
r6 = socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$inet_MCAST_JOIN_GROUP(r6, 0x0, 0x2a, 0x0, 0x0)
setsockopt$inet_MCAST_MSFILTER(r6, 0x0, 0x30, 0x0, 0x190)
setsockopt$inet_group_source_req(r6, 0x0, 0x2c, 0x0, 0x0)
ioctl$KVM_SET_MSRS(r5, 0xc008ae88, &(0x7f0000000000)={0x10000000000001bd})
add_key(&(0x7f0000000000)='dns_resolver\x00', 0x0, &(0x7f0000000040)='\x00\x00', 0x2, 0xfffffffffffffffd)
r7 = openat$binfmt(0xffffffffffffff9c, 0x0, 0x41, 0x1ff)
write$binfmt_misc(r7, &(0x7f00000000c0), 0x0)
r8 = syz_open_procfs(0x0, &(0x7f0000000080)='net\x00')
getdents64(r8, 0x0, 0x0)

5.133936426s ago: executing program 0 (id=1868):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
bpf$MAP_CREATE_RINGBUF(0x0, 0x0, 0x48)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r1 = dup(r0)
write$6lowpan_enable(r1, &(0x7f0000000000)='0', 0xfffffd2c)
r2 = syz_io_uring_setup(0x23b, &(0x7f0000000380)={0x0, 0xce0a, 0x10100, 0x3, 0x370, 0x0, r1}, &(0x7f0000000180)=<r3=>0x0, &(0x7f00000001c0)=<r4=>0x0)
syz_io_uring_submit(r3, r4, &(0x7f0000000040)=@IORING_OP_POLL_ADD={0x6, 0x2, 0x0, @fd_index=0x4, 0x0, 0x0, 0x0, {}, 0x1})
io_uring_enter(r2, 0x708, 0x41e3, 0x0, 0x0, 0x0)
io_setup(0x8, &(0x7f0000000680)=<r5=>0x0)
io_pgetevents(r5, 0x2, 0x2, &(0x7f00000000c0)=[{}, {}], 0x0, 0x0)

4.892380006s ago: executing program 2 (id=1870):
openat$dsp(0xffffffffffffff9c, 0x0, 0x42, 0x0)
r0 = syz_open_dev$sndctrl(&(0x7f0000000040), 0x0, 0x0)
ioctl$SNDRV_CTL_IOCTL_PCM_PREFER_SUBDEVICE(r0, 0x40045532, &(0x7f0000000100))
syz_open_dev$sndpcmp(&(0x7f00000001c0), 0x0, 0xa2c65)
r1 = socket$netlink(0x10, 0x3, 0x0)
bind$netlink(r1, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
socket(0x400000000010, 0x3, 0x0)
openat$dsp(0xffffffffffffff9c, &(0x7f0000000000), 0xa0842, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f00000002c0)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x20040, 0x0)
r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r5, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
r6 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r6, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000600)=[@text64={0x40, &(0x7f0000000640)="430fc73f0f2390b9800000c00f3235010000000f300f20d835080000000f22d8c4e18173f53866baf80cb83879e487ef66bafc0cec66b88e008ec02d1aa80000460f1c460041ae", 0x47}], 0x1, 0x76, 0x0, 0x0)
bpf$OBJ_GET_PROG(0x7, &(0x7f0000002200)=@generic={0x0}, 0x18)
getsockopt$sock_buf(0xffffffffffffffff, 0x1, 0x0, 0x0, &(0x7f0000000240))
bpf$BPF_BTF_LOAD(0x12, &(0x7f00000005c0)={0x0, 0x0, 0x0, 0x0, 0x1, 0x2}, 0x28)
ioctl$KVM_RUN(r6, 0xae80, 0x0)
setsockopt$RDS_CONG_MONITOR(0xffffffffffffffff, 0x114, 0x6, &(0x7f0000000000), 0x4)
r7 = socket$inet(0x2, 0x3, 0x8d)
setsockopt$inet_msfilter(r7, 0x0, 0x8, 0x0, 0x1)

4.147588051s ago: executing program 6 (id=1871):
add_key$fscrypt_provisioning(&(0x7f0000000200), &(0x7f0000000280)={'syz', 0x2}, &(0x7f0000000380)={0x1, 0x0, @a}, 0x48, 0xffffffffffffffff)

4.030330555s ago: executing program 3 (id=1872):
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000b00)={0x0, 0x0, &(0x7f00000000c0)={0x0}, 0x1, 0x0, 0x0, 0xc044}, 0x4000814)

4.030050649s ago: executing program 6 (id=1873):
socket$inet_icmp_raw(0x2, 0x3, 0x1)
r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
connect$inet(r0, &(0x7f0000000080)={0x2, 0x0, @empty}, 0x10)
syz_emit_ethernet(0x42, &(0x7f0000000200)={@link_local={0x3}, @random="fc12f1860799", @void, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x0, 0x0, 0x34, 0xfffd, 0x0, 0x0, 0x1, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @local}, @time_exceeded={0x3, 0x0, 0x0, 0x12, 0x0, 0x3f18, {0x5, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, @loopback, @loopback}, "00186371"}}}}}, 0x0)

4.008621465s ago: executing program 0 (id=1874):
r0 = syz_open_dev$vim2m(&(0x7f0000000000), 0x47b, 0x2)
ioctl$vim2m_VIDIOC_S_CTRL(r0, 0xc008561c, &(0x7f0000000100)={0xf0f002})

3.976927323s ago: executing program 3 (id=1875):
socket$nl_generic(0x10, 0x3, 0x10)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = socket(0x40000000015, 0x5, 0x0)
connect$inet(r0, &(0x7f0000000040)={0x2, 0x0, @loopback}, 0x10)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0x14, 0x30, 0x1}, 0x14}, 0x1, 0x0, 0x0, 0x804}, 0x0)
syz_genetlink_get_family_id$nfc(0x0, 0xffffffffffffffff)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setaffinity(0x0, 0x0, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r1, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bind$inet(r0, &(0x7f0000000340)={0x2, 0x0, @loopback}, 0x57)
sendmsg$xdp(r0, &(0x7f0000000100)={0x0, 0x0, 0x0}, 0x0)
recvmmsg(r0, &(0x7f0000000b40)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000000280)=""/11, 0xb}}], 0x5df, 0x2, 0x0)
setsockopt$packet_rx_ring(0xffffffffffffffff, 0x107, 0x5, 0x0, 0x0)

3.694752653s ago: executing program 0 (id=1876):
mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x0, 0x50, 0xffffffffffffffff, 0x0)
r0 = socket(0xa, 0x3, 0x3a)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0)
ioctl$SG_GET_VERSION_NUM(0xffffffffffffffff, 0x2284, 0x0)
mremap(&(0x7f000054e000/0x1000)=nil, 0x1000, 0x3000, 0x3, &(0x7f000022c000/0x3000)=nil)
mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x1000002, 0x200000005c831, 0xffffffffffffffff, 0x0)
remap_file_pages(&(0x7f0000800000/0x800000)=nil, 0x800000, 0x0, 0x0, 0x0)
r3 = bpf$MAP_CREATE(0x100000000000000, &(0x7f0000000140)=@base={0xa, 0x16, 0xb3, 0x7f}, 0x48)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000001c0)={0x11, 0xb, &(0x7f0000000080)=@framed={{0x18, 0x3}, [@func={0x85, 0x0, 0x1, 0x0, 0x6}, @map_fd={0x18, 0x0, 0x1, 0x0, r3}, @generic={0x66}, @initr0, @exit, @alu={0x4, 0x0, 0xa, 0x3, 0x0, 0x0, 0x4}]}, &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x28}, 0x94)
setsockopt$MRT6_ADD_MIF(r0, 0x29, 0xca, 0x0, 0x0)
r4 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
setsockopt$inet_int(r4, 0x0, 0x12, &(0x7f0000000300)=0x1, 0x4)
sendto$inet(r4, &(0x7f0000000000)="f461c5bbd75c3583", 0x8, 0x0, &(0x7f0000000100)={0x2, 0x4e23, @empty}, 0x10)
recvmmsg(r4, &(0x7f000000e280), 0x58a, 0x42, 0x0)
r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000380)=ANY=[@ANYBLOB="18010000120000000000000000000000850000006d000000180100002020642500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000"], &(0x7f0000000040)='GPL\x00', 0x7, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0xe, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000000}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000300)={&(0x7f0000000280)='contention_end\x00', r5}, 0x18)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.net/syz0\x00', 0x1ff)
r6 = openat$cgroup_freezer_state(0xffffffffffffffff, &(0x7f0000000140), 0x2, 0x0)
write$cgroup_freezer_state(r6, &(0x7f0000000040)='FROZEN\x00', 0x7)

3.693928003s ago: executing program 6 (id=1877):
r0 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
ioctl$VHOST_SET_VRING_BASE(r0, 0xaf01, 0x0)
ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f0000000140)={0x0, 0x0, 0x0, &(0x7f0000000180)=""/53, 0x0})
ioctl$VHOST_SET_FEATURES(r0, 0x4008af00, &(0x7f0000000400)=0x4000000)
ioctl$VHOST_SET_MEM_TABLE(r0, 0x4008af03, &(0x7f0000000000))
ioctl$VHOST_VSOCK_SET_RUNNING(r0, 0x4004af61, &(0x7f0000000500)=0x1)
ioctl$VHOST_SET_VRING_KICK(r0, 0x4008af04, &(0x7f0000000200))
ioctl$VHOST_SET_MEM_TABLE(r0, 0x4008af03, &(0x7f00000001c0)={0x1, 0x0, [{0xf5fe19b0d11b90e7, 0xbd, &(0x7f00000002c0)=""/189}]})

3.241824741s ago: executing program 6 (id=1878):
syz_usb_connect(0x0, 0x3f, &(0x7f0000000600)=ANY=[@ANYBLOB="11010000733336088dee1adb23610000000109022d0001100000000904000003fe03010009cd8d1f000200000009050502000000001009058b1e20"], 0x0)
r0 = syz_open_dev$char_usb(0xc, 0xb4, 0x0)
ioctl$FS_IOC_GETVERSION(r0, 0xc0045b0f, 0x0)

2.060550432s ago: executing program 0 (id=1879):
socket$nl_generic(0x10, 0x3, 0x10)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = socket(0x40000000015, 0x5, 0x0)
connect$inet(r0, &(0x7f0000000040)={0x2, 0x0, @loopback}, 0x10)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x0, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9d, 0x11e41e7a, 0x20000000, 0x7, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0xfffffffffffffead, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c, 0x1, {{0x0, 0x0, 0x10000000}}}]}, {0x3}, {0xc}, {0xc}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x804}, 0x0)
syz_genetlink_get_family_id$nfc(0x0, 0xffffffffffffffff)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
r1 = getpid()
sched_setaffinity(0x0, 0x0, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r1, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bind$inet(r0, &(0x7f0000000340)={0x2, 0x0, @loopback}, 0x57)
sendmsg$xdp(r0, &(0x7f0000000100)={0x0, 0x0, 0x0}, 0x0)
recvmmsg(r0, &(0x7f0000000b40)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000000280)=""/11, 0xb}}], 0x5df, 0x2, 0x0)
setsockopt$packet_rx_ring(0xffffffffffffffff, 0x107, 0x5, 0x0, 0x0)

1.786216057s ago: executing program 4 (id=1880):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
socket$unix(0x1, 0x1, 0x0)
r1 = socket(0x10, 0x803, 0x0)
write(r1, 0x0, 0x0)
sendmsg$nl_xfrm(0xffffffffffffffff, 0x0, 0x4000000)
socketpair$unix(0x1, 0x3, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
ioctl$vim2m_VIDIOC_S_FMT(0xffffffffffffffff, 0xc0d05605, &(0x7f0000000140)={0x3, @pix={0x434c, 0x8, 0x584e4f53, 0x4, 0x2, 0x7, 0x0, 0x5, 0x1, 0x4, 0x2, 0x7}})
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8)
r3 = socket$inet_udp(0x2, 0x2, 0x0)
bind$inet(r3, &(0x7f0000000040)={0x2, 0x4e20, @empty}, 0x10)
syz_emit_ethernet(0xbe, &(0x7f0000000000)={@dev={'\xaa\xaa\xaa\xaa\xaa', 0x23}, @link_local, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0xb0, 0x0, 0x0, 0x0, 0x11, 0x0, @empty, @empty}, {0x0, 0x4e20, 0x9c, 0x0, @wg=@initiation={0x1, 0x0, "7b4b143b7461fd777b1c012bd14efb9f49fcdb8f080c26a04883ad5c8c82b8af", "584cbf2649a50f2dbc43efa8698d0a881c51852e4451b57d037ad3c045942824251d7d17b5191584bcd4fbe40a23424d", "bcfd56f1375461caaa2f19935e6996c7096ffeeb0300000000000064", {"9a3bfbc1f39cb307b3472eb9cdb042d2", "643fcbb2c5a57df67d544af6e8dafe09"}}}}}}}, 0x0)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000140)={0x6, 0x3, &(0x7f0000000680)=ANY=[@ANYBLOB="1800000002000000000000000000000095"], 0x0, 0x2003}, 0x94)
r4 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000480)={0x6, 0x3, &(0x7f0000000680)=ANY=[], &(0x7f0000000200)='syzkaller\x00', 0x9}, 0x94)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r4, 0x5, 0xb68, 0x0, &(0x7f0000000000)='%', 0x0, 0xd01, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48)
recvmmsg(r3, &(0x7f00000024c0)=[{{0x0, 0x0, &(0x7f0000000d00)=[{&(0x7f0000000800)=""/245, 0xf5}], 0x1}, 0x9}], 0x1, 0x10000, 0x0)

1.651133303s ago: executing program 2 (id=1881):
r0 = socket$igmp(0x2, 0x3, 0x2)
socket$inet6_sctp(0xa, 0x5, 0x84)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './mnt\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sendmsg(r2, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0xb49, 0x6, 0x8, 0x0, 0x3}, 0x0)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(0xffffffffffffffff, 0x84, 0x9, &(0x7f0000000580)={0x0, @in6={{0xa, 0x4e22, 0x6, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', 0x6}}, 0x0, 0x0, 0x8, 0x0, 0x32}, 0x9c)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(0xffffffffffffffff, 0x84, 0x9, &(0x7f0000000000)={0x0, @in6={{0xa, 0x0, 0x0, @empty, 0x6}}, 0x0, 0x0, 0x0, 0x0, 0x8a}, 0x9c)
syz_open_procfs(0xffffffffffffffff, &(0x7f0000000240)='net/unix\x00')
r3 = openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='.\x00', 0x0, 0x0)
r4 = openat(0xffffffffffffff9c, &(0x7f0000000800)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x8042, 0x0)
fallocate(r4, 0x0, 0x1000000, 0x3)
mmap(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x27ffff7, 0x4012011, r4, 0x0)
r5 = fanotify_init(0x202, 0x1000)
fanotify_mark(r5, 0x1, 0x48000013, r3, 0x0)
syz_usb_connect$cdc_ncm(0x4, 0x0, 0x0, 0x0)
setsockopt$MRT_INIT(r0, 0x0, 0xc8, 0x0, 0x0)
r6 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
setsockopt$inet_mreq(r6, 0x0, 0x23, &(0x7f0000000000)={@multicast1=0xe0000300, @local}, 0x8)
syz_emit_ethernet(0x2a, &(0x7f0000000440)={@local, @remote, @void, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x0, 0x0, 0x1c, 0x0, 0x20, 0xdc, 0x2, 0x0, @rand_addr=0x1d, @multicast1=0xe0000300}, @echo_reply={0x0, 0x0, 0x0, 0x47}}}}}, 0x0)

390.338224ms ago: executing program 6 (id=1882):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1800000000000000000000004b64ffec850000007d000000850000000e00000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000100)='kfree\x00', r0}, 0x10)
madvise(&(0x7f0000ff9000/0x4000)=nil, 0x4000, 0xc)
prctl$PR_SET_VMA(0x53564d41, 0x0, &(0x7f0000ffb000/0x3000)=nil, 0x3000, &(0x7f0000000240)='}\x00')
madvise(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0xc)

131.894677ms ago: executing program 3 (id=1883):
openat$comedi(0xffffffffffffff9c, &(0x7f0000000040)='/dev/comedi2\x00', 0x181001, 0x0)
r0 = socket$inet6(0xa, 0x2, 0x0)
r1 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
ioctl$IOMMU_IOAS_ALLOC(r1, 0x3b81, &(0x7f00000000c0)={0xc, 0x0, <r2=>0x0})
ioctl$IOMMU_IOAS_ALLOW_IOVAS(r1, 0x3b82, &(0x7f0000000180)={0x20, r2, 0x2, 0x0, &(0x7f00000001c0)=[{0x0, 0x1}, {0x3, 0x5}]})
ioctl$IOMMU_IOAS_ALLOW_IOVAS(r1, 0x3b82, &(0x7f0000000640)={0x18, r2, 0x0, 0x0, 0x0})
setsockopt$inet6_mreq(r0, 0x29, 0x1b, &(0x7f0000000100)={@remote}, 0x14)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff)
sched_setaffinity(0x0, 0x8, &(0x7f00000000c0)=0xa)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r5 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r5, &(0x7f0000032680)=""/102400, 0x19000)
sendmsg$ETHTOOL_MSG_LINKSTATE_GET(r3, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f0000000600)={0x14, r4, 0x65283e1aaa2ddbb1}, 0x14}}, 0x0)
close(r0)
pipe2(&(0x7f0000000080)={0xffffffffffffffff, <r6=>0xffffffffffffffff}, 0x800)
syz_emit_ethernet(0x2a, &(0x7f0000000100)={@multicast, @random="8a0a63cdec59", @void, {@arp={0x806, @ether_ipv4={0x1, 0x800, 0x6, 0x4, 0x1, @dev={'\xaa\xaa\xaa\xaa\xaa', 0xa}, @remote, @dev, @remote}}}}, 0x0)
r7 = socket$packet(0x11, 0x2, 0x300)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r7, 0x8933, &(0x7f0000000080)={'batadv0\x00', <r8=>0x0})
sendto$packet(r7, &(0x7f0000000100)="f257a8ea7bc273dfaeab96850806", 0x2a, 0x0, &(0x7f0000000200)={0x11, 0x0, r8, 0x1, 0x0, 0x6, @link_local}, 0x14)
getsockopt$ARPT_SO_GET_REVISION_TARGET(r6, 0x0, 0x63, &(0x7f0000000140)={'NETMAP\x00'}, &(0x7f0000000180)=0x1e)
open(&(0x7f00009e1000)='./file0\x00', 0x60840, 0x0)
r9 = openat$fuse(0xffffffffffffff9c, &(0x7f00000001c0), 0x42, 0x0)
mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f0000002140)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r9, @ANYBLOB=',rootmode=000000000100000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0])
read$FUSE(r9, &(0x7f0000006300)={0x2020, 0x0, <r10=>0x0}, 0x2020)
write$FUSE_INIT(r9, &(0x7f0000000040)={0x50, 0x0, r10, {0x7, 0x1f, 0x0, 0x10408}}, 0x50)
syz_fuse_handle_req(r9, &(0x7f00000021c0)="0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000e00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000800000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000dc4e00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ba045abcd5dfc67d00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000081000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000230000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000050000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000090000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000dc000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000008000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000209bfd66eea210560000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000020000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000003dc150f4000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000030000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f50000000000000000000000000000000000000000000000000000000000000000000000000000000000c6d90000000000001354c4b6000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f8000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001a00", 0x2000, &(0x7f00000062c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000300)={0x20, 0x0, 0x0, {0x0, 0x14}}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
r11 = openat(0xffffffffffffff9c, &(0x7f000000c380)='./file0\x00', 0x80101, 0x0)
dup2(r11, r9)

0s ago: executing program 6 (id=1884):
r0 = openat$comedi(0xffffffffffffff9c, &(0x7f0000000080)='/dev/comedi3\x00', 0x400, 0x0)
openat$ttyprintk(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0)
openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0)
r1 = socket$vsock_stream(0x28, 0x1, 0x0)
connect$vsock_stream(r1, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
setfsuid(0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0)
bpf$MAP_CREATE(0x0, 0x0, 0x50)
r2 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r2, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x11, 0xc, 0x0, &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x21, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
mknod$loop(&(0x7f0000000140)='./file0\x00', 0xfff, 0x0)
r3 = socket$nl_route(0x10, 0x3, 0x0)
setsockopt$netlink_NETLINK_NO_ENOBUFS(r3, 0x10e, 0xc, 0x0, 0x0)
sendmsg$nl_route(r3, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000140)=@ipv6_getaddrlabel={0x24, 0x1a, 0x1, 0x0, 0x0, {0x2, 0x0, 0x20}, [@IFAL_LABEL={0x8}]}, 0x24}}, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
syz_open_dev$tty1(0xc, 0x4, 0x3)
pselect6(0x40, &(0x7f0000000280)={0x5, 0x0, 0x120000000000, 0x2, 0x500, 0x0, 0x1000001000, 0x49}, 0x0, &(0x7f0000000180)={0x3fe, 0x7, 0x0, 0x9, 0x86, 0x800, 0x80000002}, 0x0, 0x0)
ioctl$COMEDI_DEVCONFIG(r0, 0x40946400, 0x0)

kernel console output (not intermixed with test programs):

[  344.793469][ T5985] usb 1-1: config 0 descriptor??
[  345.357724][ T9316] CIFS: VFS: CIFS mount error: No usable UNC path provided in device string!
[  345.931387][ T5985] usbhid 1-1:0.0: can't add hid device: -71
[  345.937618][ T5985] usbhid 1-1:0.0: probe with driver usbhid failed with error -71
[  345.948454][ T5985] usb 1-1: USB disconnect, device number 39
[  345.993440][ T9338] batman_adv: batadv0: Adding interface: dummy0
[  346.021734][ T9338] batman_adv: batadv0: The MTU of interface dummy0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  346.088337][ T9338] batman_adv: batadv0: Interface activated: dummy0
[  346.189731][ T9340] batadv0: mtu less than device minimum
[  346.209893][ T9340] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320)
[  346.222290][ T9340] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320)
[  346.234155][ T9340] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320)
[  346.246294][ T9340] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320)
[  346.258473][ T9340] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320)
[  346.270327][ T9340] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320)
[  346.282317][ T9340] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320)
[  346.294285][ T9340] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320)
[  346.306054][ T9340] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320)
[  347.804026][   T30] kauditd_printk_skb: 140 callbacks suppressed
[  347.804044][   T30] audit: type=1326 audit(1754226737.535:2031): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9350 comm="syz.0.896" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f500118eb69 code=0x7ffc0000
[  348.744834][   T30] audit: type=1326 audit(1754226737.535:2032): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9350 comm="syz.0.896" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f500118eb69 code=0x7ffc0000
[  349.135260][   T30] audit: type=1326 audit(1754226737.535:2033): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9350 comm="syz.0.896" exe="/root/syz-executor" sig=0 arch=c000003e syscall=107 compat=0 ip=0x7f500118eb69 code=0x7ffc0000
[  349.735085][   T30] audit: type=1326 audit(1754226737.535:2034): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9350 comm="syz.0.896" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f500118eb69 code=0x7ffc0000
[  350.626243][   T30] audit: type=1326 audit(1754226737.535:2035): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9350 comm="syz.0.896" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f500118eb69 code=0x7ffc0000
[  350.710463][   T30] audit: type=1326 audit(1754226737.535:2036): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9350 comm="syz.0.896" exe="/root/syz-executor" sig=0 arch=c000003e syscall=46 compat=0 ip=0x7f500118eb69 code=0x7ffc0000
[  352.087496][ T9405] netlink: 8 bytes leftover after parsing attributes in process `syz.2.909'.
[  352.222612][ T9423] UBIFS error (pid: 9423): cannot open "c:::", error -22
[  352.223036][ T9422] netlink: 12 bytes leftover after parsing attributes in process `syz.0.912'.
[  352.307039][   T30] audit: type=1326 audit(1754226742.925:2037): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9426 comm="syz.2.913" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f01dfd8eb69 code=0x7ffc0000
[  352.315860][ T9429] (unnamed net_device) (uninitialized): option active_slave: mode dependency failed, not supported in mode broadcast(3)
[  352.377405][   T30] audit: type=1326 audit(1754226742.925:2038): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9426 comm="syz.2.913" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f01dfd8eb69 code=0x7ffc0000
[  352.404619][   T30] audit: type=1326 audit(1754226742.925:2039): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9426 comm="syz.2.913" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f01dfd8eb69 code=0x7ffc0000
[  352.435460][   T30] audit: type=1326 audit(1754226742.925:2040): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9426 comm="syz.2.913" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f01dfd8eb69 code=0x7ffc0000
[  353.627542][   T30] audit: type=1326 audit(1754226742.925:2041): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9426 comm="syz.2.913" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f01dfd8eb69 code=0x7ffc0000
[  353.670010][   T30] audit: type=1326 audit(1754226742.925:2042): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9426 comm="syz.2.913" exe="/root/syz-executor" sig=0 arch=c000003e syscall=42 compat=0 ip=0x7f01dfd8eb69 code=0x7ffc0000
[  353.723006][   T30] audit: type=1326 audit(1754226742.925:2043): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9426 comm="syz.2.913" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f01dfd8eb69 code=0x7ffc0000
[  353.754123][   T30] audit: type=1326 audit(1754226742.925:2044): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9426 comm="syz.2.913" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f01dfd8eb69 code=0x7ffc0000
[  353.782187][   T30] audit: type=1326 audit(1754226742.965:2045): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9426 comm="syz.2.913" exe="/root/syz-executor" sig=0 arch=c000003e syscall=425 compat=0 ip=0x7f01dfd8eb69 code=0x7ffc0000
[  354.048583][   T30] audit: type=1326 audit(1754226742.965:2046): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9426 comm="syz.2.913" exe="/root/syz-executor" sig=0 arch=c000003e syscall=9 compat=0 ip=0x7f01dfd8eba3 code=0x7ffc0000
[  354.127465][   T30] audit: type=1326 audit(1754226742.965:2047): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9426 comm="syz.2.913" exe="/root/syz-executor" sig=0 arch=c000003e syscall=9 compat=0 ip=0x7f01dfd8eba3 code=0x7ffc0000
[  354.310758][   T30] audit: type=1326 audit(1754226742.965:2048): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9426 comm="syz.2.913" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f01dfd8eb69 code=0x7ffc0000
[  354.545370][   T30] audit: type=1326 audit(1754226742.965:2049): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9426 comm="syz.2.913" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f01dfd8eb69 code=0x7ffc0000
[  354.580229][   T30] audit: type=1326 audit(1754226742.975:2050): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9426 comm="syz.2.913" exe="/root/syz-executor" sig=0 arch=c000003e syscall=427 compat=0 ip=0x7f01dfd8eb69 code=0x7ffc0000
[  355.831815][ T9469] binder: 9457:9469 ioctl c0306201 200000000640 returned -22
[  356.006843][ T9478] syzkaller1: entered promiscuous mode
[  356.012486][ T9478] syzkaller1: entered allmulticast mode
[  357.184256][ T9494] netlink: 16 bytes leftover after parsing attributes in process `syz.0.934'.
[  357.311731][ T9494] tipc: Invalid UDP bearer configuration
[  357.312862][ T9494] tipc: Enabling of bearer <udp:syz1> rejected, failed to enable media
[  357.570676][ T9511] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  357.646975][   T43] usb 5-1: new high-speed USB device number 26 using dummy_hcd
[  357.975833][   T43] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  358.111075][ T9524] netlink: 12 bytes leftover after parsing attributes in process `syz.0.943'.
[  358.277209][ T5954] usb 2-1: new high-speed USB device number 32 using dummy_hcd
[  358.313352][   T43] usb 5-1: New USB device found, idVendor=8086, idProduct=0b63, bcdDevice=ca.f3
[  358.419572][   T43] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  358.501002][ T5921] usb 3-1: new high-speed USB device number 26 using dummy_hcd
[  358.516069][   T43] usb 5-1: Product: syz
[  358.521577][   T43] usb 5-1: Manufacturer: syz
[  358.526257][   T43] usb 5-1: SerialNumber: syz
[  358.538286][   T43] usb 5-1: config 0 descriptor??
[  358.546538][   T43] ljca 5-1:0.0: bulk endpoints not found
[  358.570441][ T5954] usb 2-1: device descriptor read/64, error -71
[  358.860813][ T5954] usb 2-1: new high-speed USB device number 33 using dummy_hcd
[  358.862012][ T5921] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  358.898251][ T9499] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  358.966591][ T9499] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  358.969937][ T5921] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  359.031331][ T5921] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  359.057086][ T5921] usb 3-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  359.066335][ T5954] usb 2-1: device descriptor read/64, error -71
[  359.098013][   T43] usb 5-1: USB disconnect, device number 26
[  359.204487][ T5954] usb usb2-port1: attempt power cycle
[  359.250238][ T5921] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  359.303896][ T5921] usb 3-1: config 0 descriptor??
[  360.963975][ T5954] usb 2-1: new high-speed USB device number 34 using dummy_hcd
[  361.122894][ T5954] usb 2-1: device descriptor read/8, error -71
[  361.212832][ T5921] usbhid 3-1:0.0: can't add hid device: -71
[  361.229891][ T5921] usbhid 3-1:0.0: probe with driver usbhid failed with error -71
[  361.267495][ T5921] usb 3-1: USB disconnect, device number 26
[  361.904150][ T9583] ip6erspan0: entered allmulticast mode
[  362.437424][ T5954] usb 2-1: new high-speed USB device number 35 using dummy_hcd
[  362.518427][ T5954] usb 2-1: Using ep0 maxpacket: 8
[  362.649182][ T5954] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x8D has an invalid bInterval 42, changing to 9
[  362.759993][ T5954] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  362.829650][ T5954] usb 2-1: config 0 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  362.878901][ T5954] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x8B has invalid maxpacket 12592, setting to 1024
[  362.951582][ T5954] usb 2-1: config 0 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 1024
[  362.983849][ T5954] usb 2-1: New USB device found, idVendor=05ac, idProduct=8215, bcdDevice=8f.58
[  362.996335][ T5954] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  363.011751][ T5954] usb 2-1: config 0 descriptor??
[  363.017928][ T9585] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22
[  363.227080][  T978] usb 2-1: USB disconnect, device number 35
[  363.227655][   T51] Bluetooth: hci5: Opcode 0x0c03 failed: -71
[  364.344474][ T9621] IPVS: length: 8 != 1690580952
[  364.423635][ T9624] netlink: 48 bytes leftover after parsing attributes in process `syz.1.968'.
[  364.509026][ T9626] netlink: 4344 bytes leftover after parsing attributes in process `syz.3.972'.
[  364.932363][ T9648] netlink: 'syz.0.975': attribute type 9 has an invalid length.
[  364.944609][ T9648] netlink: 8 bytes leftover after parsing attributes in process `syz.0.975'.
[  364.960003][ T9648] hsr0: entered promiscuous mode
[  364.965377][ T9648] macvlan2: entered promiscuous mode
[  364.972116][ T9648] macvlan2: entered allmulticast mode
[  364.978077][ T9648] hsr0: entered allmulticast mode
[  364.983179][ T9648] hsr_slave_0: entered allmulticast mode
[  364.989415][ T9648] hsr_slave_1: entered allmulticast mode
[  365.157291][  T978] usb 5-1: new high-speed USB device number 27 using dummy_hcd
[  365.212654][ T9650] netlink: 'syz.2.979': attribute type 3 has an invalid length.
[  365.221908][ T9650] netlink: 199836 bytes leftover after parsing attributes in process `syz.2.979'.
[  365.479407][  T978] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  365.491424][  T978] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  365.501643][  T978] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  365.539940][  T978] usb 5-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  365.557386][  T978] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  365.588912][  T978] usb 5-1: config 0 descriptor??
[  366.410290][  T978] usbhid 5-1:0.0: can't add hid device: -71
[  366.464306][  T978] usbhid 5-1:0.0: probe with driver usbhid failed with error -71
[  366.727426][  T978] usb 5-1: USB disconnect, device number 27
[  367.161733][ T9681] mmap: syz.4.989 (9681): VmData 27111424 exceed data ulimit 0. Update limits or use boot option ignore_rlimit_data.
[  367.667166][ T5954] usb 3-1: new high-speed USB device number 27 using dummy_hcd
[  367.898130][ T5954] usb 3-1: Using ep0 maxpacket: 16
[  367.918922][ T5954] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 11
[  367.934909][ T5954] usb 3-1: config 1 interface 0 altsetting 3 endpoint 0xB has invalid wMaxPacketSize 0
[  367.955240][ T5954] usb 3-1: config 1 interface 0 altsetting 3 bulk endpoint 0xB has invalid maxpacket 0
[  367.975168][ T5954] usb 3-1: config 1 interface 0 altsetting 3 endpoint 0x8A has invalid wMaxPacketSize 0
[  367.993642][ T5954] usb 3-1: config 1 interface 0 altsetting 3 bulk endpoint 0x8A has invalid maxpacket 0
[  368.006436][ T5954] usb 3-1: config 1 interface 0 has no altsetting 0
[  368.013377][ T5954] usb 3-1: New USB device found, idVendor=04e6, idProduct=0003, bcdDevice= 1.77
[  368.023408][ T5954] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  368.054667][ T5954] ums-sddr09 3-1:1.0: USB Mass Storage device detected
[  368.136252][ T9707] netlink: 28 bytes leftover after parsing attributes in process `syz.4.996'.
[  368.564617][ T5954] scsi host1: usb-storage 3-1:1.0
[  368.767242][ T5954] usb 3-1: USB disconnect, device number 27
[  368.805880][ T9715] overlayfs: failed to clone upperpath
[  368.888314][ T9718] netlink: 'syz.4.999': attribute type 4 has an invalid length.
[  369.754506][ T9733] bridge0: entered promiscuous mode
[  369.762730][ T9733] macvlan2: entered promiscuous mode
[  369.800712][  T978] usb 3-1: new high-speed USB device number 28 using dummy_hcd
[  370.001946][  T978] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x4 has invalid wMaxPacketSize 0
[  370.027242][  T978] usb 3-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 1
[  370.069487][  T978] usb 3-1: New USB device found, idVendor=2294, idProduct=425a, bcdDevice=d1.41
[  370.087398][  T978] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  370.095457][  T978] usb 3-1: Product: syz
[  370.135154][  T978] usb 3-1: Manufacturer: syz
[  370.145308][  T978] usb 3-1: SerialNumber: syz
[  370.167108][  T978] usb 3-1: config 0 descriptor??
[  370.181724][  T978] usb 3-1: ucan: probing device on interface #0
[  370.190237][  T978] usb 3-1: ucan: invalid EP count (1)
[  370.195647][  T978] usb 3-1: ucan: probe failed; try to update the device firmware
[  370.382306][ T5975] usb 3-1: USB disconnect, device number 28
[  370.867537][ T5975] usb 5-1: new high-speed USB device number 28 using dummy_hcd
[  370.989170][ T9747] syz.2.1007 calls setitimer() with new_value NULL pointer. Misfeature support will be removed
[  371.032305][ T5975] usb 5-1: New USB device found, idVendor=0c45, idProduct=8003, bcdDevice=d6.bb
[  371.042657][ T5975] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  371.050807][ T5975] usb 5-1: Product: syz
[  371.054989][ T5975] usb 5-1: Manufacturer: syz
[  371.059696][ T5975] usb 5-1: SerialNumber: syz
[  371.066187][ T5975] usb 5-1: config 0 descriptor??
[  371.075990][ T5975] gspca_main: sn9c2028-2.14.0 probing 0c45:8003
[  371.146919][ T9749] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
[  371.147705][ T9750] netlink: 60 bytes leftover after parsing attributes in process `syz.0.1008'.
[  371.154538][ T9749] IPv6: NLM_F_CREATE should be set when creating new route
[  371.170841][ T9749] IPv6: NLM_F_CREATE should be set when creating new route
[  371.178099][ T9749] IPv6: NLM_F_CREATE should be set when creating new route
[  371.281914][ T9744] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  371.297700][ T9744] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  371.314939][ T5975] gspca_sn9c2028: read1 error -71
[  371.451207][ T5975] gspca_sn9c2028: read1 error -71
[  371.461598][ T5975] gspca_sn9c2028: read1 error -71
[  371.471366][ T5975] sn9c2028 5-1:0.0: probe with driver sn9c2028 failed with error -71
[  371.483005][ T5975] usb 5-1: USB disconnect, device number 28
[  372.375984][ T9766] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1012'.
[  372.534814][ T9766] net_ratelimit: 10 callbacks suppressed
[  372.534832][ T9766] openvswitch: netlink: Flow actions attr not present in new flow.
[  373.863322][   T30] kauditd_printk_skb: 3 callbacks suppressed
[  373.863340][   T30] audit: type=1326 audit(1754226764.485:2054): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9788 comm="syz.3.1018" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb76818eb69 code=0x7ffc0000
[  373.907244][   T30] audit: type=1326 audit(1754226764.515:2055): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9788 comm="syz.3.1018" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb76818eb69 code=0x7ffc0000
[  373.929883][   T30] audit: type=1326 audit(1754226764.525:2056): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9788 comm="syz.3.1018" exe="/root/syz-executor" sig=0 arch=c000003e syscall=144 compat=0 ip=0x7fb76818eb69 code=0x7ffc0000
[  373.954419][   T30] audit: type=1326 audit(1754226764.525:2057): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9788 comm="syz.3.1018" exe="/root/syz-executor" sig=0 arch=c000003e syscall=144 compat=0 ip=0x7fb76818eb69 code=0x7ffc0000
[  374.008718][   T30] audit: type=1326 audit(1754226764.525:2058): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9788 comm="syz.3.1018" exe="/root/syz-executor" sig=0 arch=c000003e syscall=144 compat=0 ip=0x7fb76818eb69 code=0x7ffc0000
[  374.115231][   T30] audit: type=1326 audit(1754226764.525:2059): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9788 comm="syz.3.1018" exe="/root/syz-executor" sig=0 arch=c000003e syscall=144 compat=0 ip=0x7fb76818eb69 code=0x7ffc0000
[  374.152095][   T30] audit: type=1326 audit(1754226764.525:2060): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9788 comm="syz.3.1018" exe="/root/syz-executor" sig=0 arch=c000003e syscall=144 compat=0 ip=0x7fb76818eb69 code=0x7ffc0000
[  374.182263][   T30] audit: type=1326 audit(1754226764.525:2061): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9788 comm="syz.3.1018" exe="/root/syz-executor" sig=0 arch=c000003e syscall=144 compat=0 ip=0x7fb76818eb69 code=0x7ffc0000
[  374.231044][ T9801] fuse: Bad value for 'fd'
[  374.245302][   T30] audit: type=1326 audit(1754226764.525:2062): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9788 comm="syz.3.1018" exe="/root/syz-executor" sig=0 arch=c000003e syscall=144 compat=0 ip=0x7fb76818eb69 code=0x7ffc0000
[  374.271769][   T30] audit: type=1326 audit(1754226764.525:2063): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9788 comm="syz.3.1018" exe="/root/syz-executor" sig=0 arch=c000003e syscall=144 compat=0 ip=0x7fb76818eb69 code=0x7ffc0000
[  375.331194][  T978] usb 1-1: new high-speed USB device number 40 using dummy_hcd
[  375.409284][ T9821] overlay: Unknown parameter '/'
[  375.494222][  T978] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  375.505873][  T978] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  375.516689][  T978] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  375.529965][  T978] usb 1-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  375.539418][  T978] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  375.566009][  T978] usb 1-1: config 0 descriptor??
[  376.557663][  T978] usbhid 1-1:0.0: can't add hid device: -71
[  376.564393][  T978] usbhid 1-1:0.0: probe with driver usbhid failed with error -71
[  376.581798][  T978] usb 1-1: USB disconnect, device number 40
[  376.716135][ T9833] bridge_slave_0: left allmulticast mode
[  376.723286][ T9833] bridge_slave_0: left promiscuous mode
[  376.729143][ T9833] bridge0: port 1(bridge_slave_0) entered disabled state
[  376.742848][ T9833] bridge_slave_1: left allmulticast mode
[  376.748706][ T9833] bridge_slave_1: left promiscuous mode
[  376.754474][ T9833] bridge0: port 2(bridge_slave_1) entered disabled state
[  376.771389][ T9833] bond0: (slave bond_slave_0): Releasing backup interface
[  376.787311][ T9833] bond0: (slave bond_slave_1): Releasing backup interface
[  376.802041][ T9833] team_slave_0: left allmulticast mode
[  376.821534][ T9833] team0: Port device team_slave_0 removed
[  376.828712][ T9833] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  376.829773][ T9834] netlink: 'syz.2.1028': attribute type 10 has an invalid length.
[  376.837334][ T9833] batman_adv: batadv0: Removing interface: batadv_slave_0
[  376.926598][ T9833] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  376.995707][ T9833] batman_adv: batadv0: Removing interface: batadv_slave_1
[  378.604578][ T1304] ieee802154 phy1 wpan1: encryption failed: -22
[  378.957593][   T51] Bluetooth: hci3: ACL packet for unknown connection handle 200
[  379.020001][ T9834] 8021q: adding VLAN 0 to HW filter on device bond0
[  379.048357][ T9834] bond0: entered allmulticast mode
[  379.060573][ T9834] team0: Port device bond0 added
[  379.124189][ T9851] bond2: entered promiscuous mode
[  379.129492][ T9851] bond2: entered allmulticast mode
[  379.135440][ T9851] 8021q: adding VLAN 0 to HW filter on device bond2
[  380.173798][ T9879] fuse: Unknown parameter '0x0000000000000006fd'
[  380.908012][ T5985] usb 5-1: new high-speed USB device number 29 using dummy_hcd
[  380.923445][ T9887] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1042'.
[  381.239015][ T5985] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  381.281920][ T5985] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  381.329489][ T5985] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  381.416535][ T5985] usb 5-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  381.450504][ T5985] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  381.511328][ T5985] usb 5-1: config 0 descriptor??
[  381.697323][  T978] usb 1-1: new high-speed USB device number 41 using dummy_hcd
[  381.807530][ T5848] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[  381.824921][ T5848] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[  381.844395][ T5848] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[  381.856190][ T5848] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[  381.859173][   T36] netdevsim netdevsim1 netdevsim3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  381.874281][  T978] usb 1-1: Using ep0 maxpacket: 8
[  381.889247][ T5848] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[  381.893994][  T978] usb 1-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  381.909946][  T978] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  381.920127][   T36] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  381.931790][  T978] usb 1-1: config 16 interface 0 altsetting 0 endpoint 0x8B has invalid wMaxPacketSize 0
[  381.970687][  T978] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 0
[  381.990979][  T978] usb 1-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  382.005331][  T978] usb 1-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  382.014560][  T981] usb 3-1: new high-speed USB device number 29 using dummy_hcd
[  382.033599][  T978] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  382.053012][  T978] usbtmc 1-1:16.0: probe with driver usbtmc failed with error -22
[  382.095850][   T36] netdevsim netdevsim1 netdevsim2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  382.107633][   T36] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  382.166927][ T5985] usbhid 5-1:0.0: can't add hid device: -71
[  382.174329][ T5985] usbhid 5-1:0.0: probe with driver usbhid failed with error -71
[  382.186267][ T5985] usb 5-1: USB disconnect, device number 29
[  382.195147][  T981] usb 3-1: Using ep0 maxpacket: 16
[  382.203707][  T981] usb 3-1: config 0 interface 0 altsetting 16 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  382.218206][   T36] netdevsim netdevsim1 netdevsim1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  382.228660][  T981] usb 3-1: config 0 interface 0 altsetting 16 endpoint 0x81 has invalid wMaxPacketSize 0
[  382.239648][   T36] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  382.250050][  T981] usb 3-1: config 0 interface 0 altsetting 16 has 1 endpoint descriptor, different from the interface descriptor's value: 28
[  382.277401][  T981] usb 3-1: config 0 interface 0 has no altsetting 0
[  382.294247][  T981] usb 3-1: New USB device found, idVendor=056a, idProduct=0331, bcdDevice= 0.00
[  382.314497][  T981] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  382.337675][  T981] usb 3-1: config 0 descriptor??
[  382.425180][   T36] netdevsim netdevsim1 netdevsim0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  382.435864][   T36] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  382.554434][  T981] hid (null): unknown global tag 0xd
[  382.579791][  T981] hid (null): report_id 0 is invalid
[  382.585204][  T981] hid (null): unknown global tag 0xc
[  382.592072][  T981] hid (null): unknown global tag 0xc9
[  382.601737][  T981] hid (null): report_id 399870579 is invalid
[  382.624196][  T981] hid (null): report_id 0 is invalid
[  382.639846][  T981] hid (null): unknown global tag 0xc
[  382.646726][ T9895] chnl_net:caif_netlink_parms(): no params data found
[  382.695047][ T9911] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  382.703878][ T9911] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  382.868595][ T9895] bridge0: port 1(bridge_slave_0) entered blocking state
[  382.876505][ T9895] bridge0: port 1(bridge_slave_0) entered disabled state
[  382.883916][ T9895] bridge_slave_0: entered allmulticast mode
[  382.892211][   T30] kauditd_printk_skb: 32 callbacks suppressed
[  382.892228][   T30] audit: type=1326 audit(1754226773.515:2096): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9919 comm="syz.3.1050" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fb76818eb69 code=0x0
[  382.893324][ T9895] bridge_slave_0: entered promiscuous mode
[  383.037142][ T5985] usb 5-1: new high-speed USB device number 30 using dummy_hcd
[  383.200737][ T5985] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  383.212448][ T5985] usb 5-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 0
[  383.229851][ T5985] usb 5-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  383.241776][ T5985] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  383.249952][ T5985] usb 5-1: Product: syz
[  383.254318][ T5985] usb 5-1: Manufacturer: syz
[  383.264067][ T5985] usb 5-1: SerialNumber: syz
[  383.267489][   T36] bond0 (unregistering): Released all slaves
[  383.288040][ T9895] bridge0: port 2(bridge_slave_1) entered blocking state
[  383.295512][ T9895] bridge0: port 2(bridge_slave_1) entered disabled state
[  383.305458][ T9895] bridge_slave_1: entered allmulticast mode
[  383.313302][ T9895] bridge_slave_1: entered promiscuous mode
[  383.379835][   T36] IPVS: stopping master sync thread 6415 ...
[  383.392166][ T9895] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  383.454049][ T9895] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  383.500259][ T9917] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  383.514580][ T9917] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  383.548642][ T5985] cdc_ether 5-1:1.0: probe with driver cdc_ether failed with error -22
[  383.561637][ T9895] team0: Port device team_slave_0 added
[  383.573914][ T5985] usb 5-1: USB disconnect, device number 30
[  383.610804][ T9895] team0: Port device team_slave_1 added
[  383.663112][ T9895] batman_adv: batadv0: Adding interface: batadv_slave_0
[  383.673489][ T9895] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  383.702876][ T9895] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  383.746662][   T36] hsr_slave_0: left promiscuous mode
[  383.756184][   T36] hsr_slave_1: left promiscuous mode
[  383.765823][   T36] batman_adv: batadv0: Interface deactivated: dummy0
[  383.773883][   T36] batman_adv: batadv0: Removing interface: dummy0
[  383.801736][   T36] batadv0: left promiscuous mode
[  383.807903][   T36] veth1_macvtap: left promiscuous mode
[  383.813948][   T36] veth0_macvtap: left promiscuous mode
[  383.824474][   T36] veth1_vlan: left promiscuous mode
[  383.830403][   T36] veth0_vlan: left promiscuous mode
[  383.958932][ T5848] Bluetooth: hci2: command tx timeout
[  384.002297][   T36] pim6reg (unregistering): left allmulticast mode
[  384.042474][ T5985] usb 5-1: new full-speed USB device number 31 using dummy_hcd
[  384.205039][ T5985] usb 5-1: config index 0 descriptor too short (expected 301, got 72)
[  384.227499][ T5985] usb 5-1: config 16 has an invalid descriptor of length 0, skipping remainder of the config
[  384.238394][ T5985] usb 5-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  384.253566][ T5985] usb 5-1: config 16 interface 0 altsetting 0 endpoint 0x8B has invalid maxpacket 1024, setting to 64
[  384.275426][ T5985] usb 5-1: config 16 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10
[  384.293197][ T5985] usb 5-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23
[  384.312546][ T5985] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  384.490248][   T43] usb 1-1: USB disconnect, device number 41
[  384.563275][ T5985] usb 5-1: usb_control_msg returned -71
[  384.569178][ T5985] usbtmc 5-1:16.0: can't read capabilities
[  384.601886][ T5985] usb 5-1: USB disconnect, device number 31
[  384.776868][  T978] usb 3-1: USB disconnect, device number 29
[  384.821760][ T9937] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1054'.
[  384.833898][ T9938] netlink: 24 bytes leftover after parsing attributes in process `syz.3.1054'.
[  384.854110][   T30] audit: type=1326 audit(1754226775.475:2097): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9939 comm="syz.2.1055" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f01dfd8eb69 code=0x7ffc0000
[  384.892465][   T30] audit: type=1326 audit(1754226775.475:2098): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9939 comm="syz.2.1055" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f01dfd8eb69 code=0x7ffc0000
[  385.085343][   T30] audit: type=1326 audit(1754226775.475:2099): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9939 comm="syz.2.1055" exe="/root/syz-executor" sig=0 arch=c000003e syscall=428 compat=0 ip=0x7f01dfd8eb69 code=0x7ffc0000
[  385.351711][ T9949] netlink: 32 bytes leftover after parsing attributes in process `syz.4.1057'.
[  385.410720][ T9928] Falling back ldisc for ptm0.
[  385.503552][   T30] audit: type=1326 audit(1754226775.475:2100): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9939 comm="syz.2.1055" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f01dfd8eb69 code=0x7ffc0000
[  385.525880][   T30] audit: type=1326 audit(1754226775.475:2101): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9939 comm="syz.2.1055" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f01dfd8eb69 code=0x7ffc0000
[  385.554862][ T9945] netlink: 'syz.2.1055': attribute type 4 has an invalid length.
[  385.557133][   T30] audit: type=1326 audit(1754226775.475:2102): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9939 comm="syz.2.1055" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f01dfd8eb69 code=0x7ffc0000
[  385.655801][   T30] audit: type=1326 audit(1754226775.585:2103): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9939 comm="syz.2.1055" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f01dfd8eb69 code=0x7ffc0000
[  385.710202][   T30] audit: type=1326 audit(1754226775.585:2104): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9939 comm="syz.2.1055" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f01dfd8eb69 code=0x7ffc0000
[  385.744229][   T30] audit: type=1326 audit(1754226775.585:2105): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9939 comm="syz.2.1055" exe="/root/syz-executor" sig=0 arch=c000003e syscall=53 compat=0 ip=0x7f01dfd8eb69 code=0x7ffc0000
[  385.900551][ T9895] batman_adv: batadv0: Adding interface: batadv_slave_1
[  385.907987][ T9895] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  385.934663][ T9895] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  386.018589][   T43] usb 5-1: new full-speed USB device number 32 using dummy_hcd
[  386.061439][ T5848] Bluetooth: hci2: command tx timeout
[  386.163045][ T9966] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1061'.
[  386.229993][   T43] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  386.266154][ T9895] hsr_slave_0: entered promiscuous mode
[  386.286741][   T43] usb 5-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[  386.325939][ T9895] hsr_slave_1: entered promiscuous mode
[  386.348477][ T9895] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  386.360405][   T43] usb 5-1: New USB device found, idVendor=04f3, idProduct=0755, bcdDevice= 0.00
[  386.381306][ T9895] Cannot create hsr debugfs directory
[  386.390214][   T43] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  386.476507][   T43] usb 5-1: config 0 descriptor??
[  386.670051][ T5954] usb 1-1: new high-speed USB device number 42 using dummy_hcd
[  386.868816][ T5954] usb 1-1: Using ep0 maxpacket: 8
[  386.903960][ T5954] usb 1-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  386.958010][ T5954] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  387.014920][ T5954] usb 1-1: config 16 interface 0 altsetting 0 endpoint 0x8B has invalid wMaxPacketSize 0
[  387.032333][ T5954] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 0
[  387.045372][ T5954] usb 1-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  387.110428][ T5954] usb 1-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  387.125639][ T5954] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  387.146856][ T5954] usbtmc 1-1:16.0: probe with driver usbtmc failed with error -22
[  387.529103][ T9895] netdevsim netdevsim5 netdevsim0: renamed from eth0
[  387.558436][ T9895] netdevsim netdevsim5 netdevsim1: renamed from eth1
[  387.583530][ T9895] netdevsim netdevsim5 netdevsim2: renamed from eth2
[  387.609668][ T9895] netdevsim netdevsim5 netdevsim3: renamed from eth3
[  388.117210][ T5848] Bluetooth: hci2: command tx timeout
[  388.291003][ T9990] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  388.304882][ T9990] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  388.610779][ T9895] 8021q: adding VLAN 0 to HW filter on device bond0
[  388.665053][ T9895] 8021q: adding VLAN 0 to HW filter on device team0
[  388.686214][ T3567] bridge0: port 1(bridge_slave_0) entered blocking state
[  388.694144][ T3567] bridge0: port 1(bridge_slave_0) entered forwarding state
[  388.721108][ T3567] bridge0: port 2(bridge_slave_1) entered blocking state
[  388.728436][ T3567] bridge0: port 2(bridge_slave_1) entered forwarding state
[  388.942395][  T981] usb 5-1: USB disconnect, device number 32
[  389.021705][T10003] netlink: 148 bytes leftover after parsing attributes in process `syz.3.1069'.
[  389.048823][   T30] kauditd_printk_skb: 6 callbacks suppressed
[  389.048842][   T30] audit: type=1326 audit(1754226779.675:2112): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10005 comm="syz.4.1070" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f639278eb69 code=0x7ffc0000
[  389.121055][   T30] audit: type=1326 audit(1754226779.705:2113): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10005 comm="syz.4.1070" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f639278eb69 code=0x7ffc0000
[  389.200889][   T30] audit: type=1326 audit(1754226779.705:2114): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10005 comm="syz.4.1070" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f639278eb69 code=0x7ffc0000
[  389.276507][   T30] audit: type=1326 audit(1754226779.705:2115): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10005 comm="syz.4.1070" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f639278eb69 code=0x7ffc0000
[  389.349457][T10017] C: renamed from team_slave_0 (while UP)
[  389.365948][   T30] audit: type=1326 audit(1754226779.705:2116): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10005 comm="syz.4.1070" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f639278eb69 code=0x7ffc0000
[  389.392974][T10017] netlink: 'syz.3.1072': attribute type 4 has an invalid length.
[  389.414894][T10017] netlink: 120 bytes leftover after parsing attributes in process `syz.3.1072'.
[  389.417417][   T30] audit: type=1326 audit(1754226779.705:2117): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10005 comm="syz.4.1070" exe="/root/syz-executor" sig=0 arch=c000003e syscall=10 compat=0 ip=0x7f639278eb69 code=0x7ffc0000
[  389.446159][   T30] audit: type=1326 audit(1754226779.715:2118): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10005 comm="syz.4.1070" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f639278eb69 code=0x7ffc0000
[  389.470894][T10017] A link change request failed with some changes committed already. Interface C may have been left with an inconsistent configuration, please check.
[  389.559295][ T9895] 8021q: adding VLAN 0 to HW filter on device batadv0
[  389.568705][   T30] audit: type=1326 audit(1754226779.715:2119): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10005 comm="syz.4.1070" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f639278eb69 code=0x7ffc0000
[  389.600976][ T5954] usb 1-1: USB disconnect, device number 42
[  389.621911][   T30] audit: type=1326 audit(1754226779.715:2120): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10005 comm="syz.4.1070" exe="/root/syz-executor" sig=0 arch=c000003e syscall=302 compat=0 ip=0x7f639278eb69 code=0x7ffc0000
[  389.669643][   T30] audit: type=1326 audit(1754226779.715:2121): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10005 comm="syz.4.1070" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f639278eb69 code=0x7ffc0000
[  390.197148][ T5848] Bluetooth: hci2: command tx timeout
[  390.833547][T10045] FAULT_INJECTION: forcing a failure.
[  390.833547][T10045] name failslab, interval 1, probability 0, space 0, times 0
[  390.869006][T10045] CPU: 1 UID: 0 PID: 10045 Comm: syz.2.1079 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) 
[  390.869026][T10045] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  390.869039][T10045] Call Trace:
[  390.869047][T10045]  <TASK>
[  390.869053][T10045]  dump_stack_lvl+0x189/0x250
[  390.869074][T10045]  ? __pfx____ratelimit+0x10/0x10
[  390.869088][T10045]  ? __pfx_dump_stack_lvl+0x10/0x10
[  390.869103][T10045]  ? __pfx__printk+0x10/0x10
[  390.869125][T10045]  ? ref_tracker_alloc+0x318/0x460
[  390.869143][T10045]  should_fail_ex+0x414/0x560
[  390.869159][T10045]  should_failslab+0xa8/0x100
[  390.869176][T10045]  kmem_cache_alloc_noprof+0x73/0x3c0
[  390.869188][T10045]  ? skb_clone+0x212/0x3a0
[  390.869205][T10045]  skb_clone+0x212/0x3a0
[  390.869220][T10045]  __netlink_deliver_tap+0x404/0x850
[  390.869247][T10045]  ? netlink_deliver_tap+0x2e/0x1b0
[  390.869267][T10045]  netlink_deliver_tap+0x19c/0x1b0
[  390.869286][T10045]  netlink_unicast+0x730/0x8e0
[  390.869311][T10045]  netlink_sendmsg+0x805/0xb30
[  390.869336][T10045]  ? __pfx_netlink_sendmsg+0x10/0x10
[  390.869360][T10045]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  390.869374][T10045]  ? __pfx_netlink_sendmsg+0x10/0x10
[  390.869393][T10045]  __sock_sendmsg+0x21c/0x270
[  390.869411][T10045]  ____sys_sendmsg+0x505/0x830
[  390.869435][T10045]  ? __pfx_____sys_sendmsg+0x10/0x10
[  390.869462][T10045]  ? import_iovec+0x74/0xa0
[  390.869483][T10045]  ___sys_sendmsg+0x21f/0x2a0
[  390.869505][T10045]  ? __pfx____sys_sendmsg+0x10/0x10
[  390.869550][T10045]  ? __fget_files+0x2a/0x420
[  390.869564][T10045]  ? __fget_files+0x3a0/0x420
[  390.869586][T10045]  __x64_sys_sendmsg+0x19b/0x260
[  390.869608][T10045]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  390.869635][T10045]  ? __pfx_ksys_write+0x10/0x10
[  390.869646][T10045]  ? rcu_is_watching+0x15/0xb0
[  390.869664][T10045]  ? do_syscall_64+0xbe/0x3b0
[  390.869681][T10045]  do_syscall_64+0xfa/0x3b0
[  390.869695][T10045]  ? lockdep_hardirqs_on+0x9c/0x150
[  390.869709][T10045]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  390.869722][T10045]  ? clear_bhb_loop+0x60/0xb0
[  390.869738][T10045]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  390.869750][T10045] RIP: 0033:0x7f01dfd8eb69
[  390.869762][T10045] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  390.869774][T10045] RSP: 002b:00007f01e0c86038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  390.869788][T10045] RAX: ffffffffffffffda RBX: 00007f01dffb5fa0 RCX: 00007f01dfd8eb69
[  390.869798][T10045] RDX: 0000000000000000 RSI: 0000200000000100 RDI: 0000000000000003
[  390.869806][T10045] RBP: 00007f01e0c86090 R08: 0000000000000000 R09: 0000000000000000
[  390.869814][T10045] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  390.869822][T10045] R13: 0000000000000000 R14: 00007f01dffb5fa0 R15: 00007ffccb844ae8
[  390.869842][T10045]  </TASK>
[  393.405729][ T9895] veth0_vlan: entered promiscuous mode
[  393.417214][ T5921] usb 3-1: new high-speed USB device number 30 using dummy_hcd
[  393.426090][ T9895] veth1_vlan: entered promiscuous mode
[  393.480482][ T9895] veth0_macvtap: entered promiscuous mode
[  393.502759][ T9895] veth1_macvtap: entered promiscuous mode
[  393.530733][ T9895] batman_adv: batadv0: Interface activated: batadv_slave_0
[  393.550845][ T9895] batman_adv: batadv0: Interface activated: batadv_slave_1
[  393.566301][ T9895] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  393.579911][ T9895] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  393.593107][ T9895] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  393.603456][ T9895] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  393.653454][ T5921] usb 3-1: Using ep0 maxpacket: 8
[  393.672874][ T5921] usb 3-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  393.709426][ T5921] usb 3-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  393.747218][ T5921] usb 3-1: config 16 interface 0 altsetting 0 endpoint 0x8B has invalid wMaxPacketSize 0
[  393.818178][ T5921] usb 3-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 0
[  393.843895][ T5921] usb 3-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  393.875619][ T5921] usb 3-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  393.896966][ T1096] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  393.905288][ T5921] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  393.923766][ T1096] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  394.373762][ T5921] usbtmc 3-1:16.0: probe with driver usbtmc failed with error -22
[  394.443861][   T13] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  394.487152][   T13] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  394.488787][T10087] FAULT_INJECTION: forcing a failure.
[  394.488787][T10087] name failslab, interval 1, probability 0, space 0, times 0
[  394.537409][T10087] CPU: 0 UID: 0 PID: 10087 Comm: syz.4.1090 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) 
[  394.537436][T10087] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  394.537449][T10087] Call Trace:
[  394.537457][T10087]  <TASK>
[  394.537466][T10087]  dump_stack_lvl+0x189/0x250
[  394.537503][T10087]  ? __pfx____ratelimit+0x10/0x10
[  394.537525][T10087]  ? __pfx_dump_stack_lvl+0x10/0x10
[  394.537547][T10087]  ? __pfx__printk+0x10/0x10
[  394.537580][T10087]  ? __pfx___might_resched+0x10/0x10
[  394.537601][T10087]  ? fs_reclaim_acquire+0x7d/0x100
[  394.537630][T10087]  should_fail_ex+0x414/0x560
[  394.537656][T10087]  should_failslab+0xa8/0x100
[  394.537680][T10087]  __kmalloc_cache_noprof+0x70/0x3d0
[  394.537699][T10087]  ? tcf_action_init_1+0x19f/0x6d0
[  394.537728][T10087]  tcf_action_init_1+0x19f/0x6d0
[  394.537757][T10087]  ? __pfx_tcf_action_init_1+0x10/0x10
[  394.537780][T10087]  ? _raw_read_unlock+0x28/0x50
[  394.537798][T10087]  ? tc_action_load_ops+0x214/0x4e0
[  394.537837][T10087]  ? __pfx_stack_trace_consume_entry+0x10/0x10
[  394.537867][T10087]  ? __nla_parse+0x40/0x60
[  394.537894][T10087]  tcf_action_init+0x2cf/0xab0
[  394.537928][T10087]  ? __pfx_tcf_action_init+0x10/0x10
[  394.537981][T10087]  ? __pfx___nla_validate_parse+0x10/0x10
[  394.538064][T10087]  tc_ctl_action+0x430/0xbd0
[  394.538100][T10087]  ? __pfx_tc_ctl_action+0x10/0x10
[  394.538134][T10087]  ? rcu_is_watching+0x15/0xb0
[  394.538209][T10087]  ? __pfx_tc_ctl_action+0x10/0x10
[  394.538234][T10087]  rtnetlink_rcv_msg+0x779/0xb70
[  394.538266][T10087]  ? rtnetlink_rcv_msg+0x1ab/0xb70
[  394.538293][T10087]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  394.538318][T10087]  ? ref_tracker_free+0x63a/0x7d0
[  394.538339][T10087]  ? __copy_skb_header+0xa7/0x550
[  394.538362][T10087]  ? __pfx_ref_tracker_free+0x10/0x10
[  394.538385][T10087]  ? __skb_clone+0x63/0x7a0
[  394.538413][T10087]  netlink_rcv_skb+0x205/0x470
[  394.538443][T10087]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  394.538473][T10087]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  394.538523][T10087]  ? netlink_deliver_tap+0x2e/0x1b0
[  394.538552][T10087]  ? netlink_deliver_tap+0x2e/0x1b0
[  394.538588][T10087]  netlink_unicast+0x75c/0x8e0
[  394.538627][T10087]  netlink_sendmsg+0x805/0xb30
[  394.538668][T10087]  ? __pfx_netlink_sendmsg+0x10/0x10
[  394.538708][T10087]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  394.538729][T10087]  ? __pfx_netlink_sendmsg+0x10/0x10
[  394.538760][T10087]  __sock_sendmsg+0x21c/0x270
[  394.538790][T10087]  ____sys_sendmsg+0x505/0x830
[  394.538829][T10087]  ? __pfx_____sys_sendmsg+0x10/0x10
[  394.538872][T10087]  ? import_iovec+0x74/0xa0
[  394.538906][T10087]  ___sys_sendmsg+0x21f/0x2a0
[  394.538941][T10087]  ? __pfx____sys_sendmsg+0x10/0x10
[  394.539015][T10087]  ? __fget_files+0x2a/0x420
[  394.539038][T10087]  ? __fget_files+0x3a0/0x420
[  394.539074][T10087]  __x64_sys_sendmsg+0x19b/0x260
[  394.539110][T10087]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  394.539153][T10087]  ? __pfx_ksys_write+0x10/0x10
[  394.539170][T10087]  ? rcu_is_watching+0x15/0xb0
[  394.539199][T10087]  ? do_syscall_64+0xbe/0x3b0
[  394.539227][T10087]  do_syscall_64+0xfa/0x3b0
[  394.539249][T10087]  ? lockdep_hardirqs_on+0x9c/0x150
[  394.539271][T10087]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  394.539303][T10087]  ? clear_bhb_loop+0x60/0xb0
[  394.539327][T10087]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  394.539347][T10087] RIP: 0033:0x7f639278eb69
[  394.539365][T10087] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  394.539382][T10087] RSP: 002b:00007f639355f038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  394.539414][T10087] RAX: ffffffffffffffda RBX: 00007f63929b5fa0 RCX: 00007f639278eb69
[  394.539428][T10087] RDX: 0000000000000000 RSI: 0000200000000100 RDI: 0000000000000003
[  394.539439][T10087] RBP: 00007f639355f090 R08: 0000000000000000 R09: 0000000000000000
[  394.539451][T10087] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  394.539462][T10087] R13: 0000000000000000 R14: 00007f63929b5fa0 R15: 00007ffda7c48788
[  394.539491][T10087]  </TASK>
[  395.042618][   T30] kauditd_printk_skb: 32 callbacks suppressed
[  395.042640][   T30] audit: type=1326 audit(1754226785.665:2154): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10090 comm="syz.0.1092" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f500118eb69 code=0x7ffc0000
[  395.070894][   T30] audit: type=1326 audit(1754226785.685:2155): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10090 comm="syz.0.1092" exe="/root/syz-executor" sig=0 arch=c000003e syscall=83 compat=0 ip=0x7f500118eb69 code=0x7ffc0000
[  395.093396][   T30] audit: type=1326 audit(1754226785.685:2156): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10090 comm="syz.0.1092" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f500118eb69 code=0x7ffc0000
[  395.115403][   T30] audit: type=1326 audit(1754226785.685:2157): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10090 comm="syz.0.1092" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f500118eb69 code=0x7ffc0000
[  395.137578][   T30] audit: type=1326 audit(1754226785.685:2158): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10090 comm="syz.0.1092" exe="/root/syz-executor" sig=0 arch=c000003e syscall=165 compat=0 ip=0x7f500118eb69 code=0x7ffc0000
[  395.160164][   T30] audit: type=1326 audit(1754226785.685:2159): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10090 comm="syz.0.1092" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f500118eb69 code=0x7ffc0000
[  395.182797][   T30] audit: type=1326 audit(1754226785.685:2160): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10090 comm="syz.0.1092" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f500118eb69 code=0x7ffc0000
[  395.205131][   T30] audit: type=1326 audit(1754226785.685:2161): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10090 comm="syz.0.1092" exe="/root/syz-executor" sig=0 arch=c000003e syscall=165 compat=0 ip=0x7f500118eb69 code=0x7ffc0000
[  395.227154][   T30] audit: type=1326 audit(1754226785.685:2162): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10090 comm="syz.0.1092" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f500118eb69 code=0x7ffc0000
[  395.249731][   T30] audit: type=1326 audit(1754226785.685:2163): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10090 comm="syz.0.1092" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f500118eb69 code=0x7ffc0000
[  395.365259][T10099] netlink: 48 bytes leftover after parsing attributes in process `syz.4.1094'.
[  395.522091][T10103] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  395.531361][T10103] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  396.201223][T10104] fuse: Bad value for 'rootmode'
[  396.362703][T10104] fuse: Bad value for 'user_id'
[  396.368502][T10104] fuse: Bad value for 'user_id'
[  396.877831][T10104] capability: warning: `syz.4.1094' uses 32-bit capabilities (legacy support in use)
[  397.267240][    T9] usb 6-1: new low-speed USB device number 2 using dummy_hcd
[  397.715619][  T978] usb 3-1: USB disconnect, device number 30
[  397.768587][    T9] usb 6-1: device descriptor read/64, error -71
[  398.029271][    T9] usb 6-1: new low-speed USB device number 3 using dummy_hcd
[  398.177254][    T9] usb 6-1: device descriptor read/64, error -71
[  398.197563][ T5975] usb 3-1: new high-speed USB device number 31 using dummy_hcd
[  398.291411][    T9] usb usb6-port1: attempt power cycle
[  398.499240][ T5975] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  398.515582][ T5975] usb 3-1: config 0 has no interfaces?
[  398.521406][ T5975] usb 3-1: New USB device found, idVendor=0471, idProduct=0304, bcdDevice=e4.df
[  398.533068][ T5975] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  398.607402][T10135] netlink: 'syz.3.1102': attribute type 11 has an invalid length.
[  399.547179][    T9] usb 6-1: new low-speed USB device number 4 using dummy_hcd
[  399.701759][ T5975] usb 3-1: config 0 descriptor??
[  399.747857][    T9] usb 6-1: device descriptor read/8, error -71
[  399.920182][ T5921] usb 3-1: USB disconnect, device number 31
[  399.997255][    T9] usb 6-1: new low-speed USB device number 5 using dummy_hcd
[  400.037348][    T9] usb 6-1: device descriptor read/8, error -71
[  400.244463][    T9] usb usb6-port1: unable to enumerate USB device
[  400.277951][T10143] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  400.439025][T10147] pim6reg: entered allmulticast mode
[  401.515197][T10157] netlink: 'syz.2.1107': attribute type 11 has an invalid length.
[  402.049284][T10157] workqueue: Failed to create a rescuer kthread for wq "nfc2_nci_rx_wq": -EINTR
[  402.694938][T10162] netlink: 24 bytes leftover after parsing attributes in process `syz.2.1110'.
[  402.831550][T10168] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1110'.
[  403.089302][    T9] usb 1-1: new high-speed USB device number 43 using dummy_hcd
[  403.129350][T10172] MTD: Attempt to mount non-MTD device "/dev/nullb0"
[  403.139096][T10172] /dev/nullb0: Can't open blockdev
[  403.740534][    T9] usb 1-1: Using ep0 maxpacket: 8
[  403.748659][    T9] usb 1-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  403.870325][    T9] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  403.899547][    T9] usb 1-1: config 16 interface 0 altsetting 0 endpoint 0x8B has invalid wMaxPacketSize 0
[  403.926056][    T9] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 0
[  403.937548][    T9] usb 1-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  403.951324][    T9] usb 1-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  403.960499][    T9] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  403.973649][    T9] usbtmc 1-1:16.0: probe with driver usbtmc failed with error -22
[  404.262316][T10184] netlink: 'syz.3.1113': attribute type 11 has an invalid length.
[  405.951538][T10200] netlink: 20 bytes leftover after parsing attributes in process `syz.3.1117'.
[  406.595240][T10196] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  406.603919][T10196] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  407.046414][T10210] loop2: detected capacity change from 0 to 7
[  407.064909][T10210]  loop2: p1
[  407.072807][T10210] loop2: partition table partially beyond EOD, truncated
[  407.091661][T10210] loop2: p1 size 1919251295 extends beyond EOD, truncated
[  407.388935][T10213] netlink: 56 bytes leftover after parsing attributes in process `syz.3.1121'.
[  407.672080][    T9] usb 1-1: USB disconnect, device number 43
[  408.517065][ T5975] usb 1-1: new high-speed USB device number 44 using dummy_hcd
[  408.697550][ T5975] usb 1-1: Using ep0 maxpacket: 32
[  408.709127][ T5975] usb 1-1: unable to get BOS descriptor or descriptor too short
[  408.754039][ T5975] usb 1-1: config 0 has an invalid interface number: 143 but max is 0
[  408.777264][ T5975] usb 1-1: config 0 has no interface number 0
[  408.790589][ T5975] usb 1-1: config 0 interface 143 altsetting 77 endpoint 0x5 has invalid maxpacket 1024, setting to 64
[  408.801851][ T5975] usb 1-1: config 0 interface 143 has no altsetting 0
[  408.813558][ T5975] usb 1-1: New USB device found, idVendor=13b1, idProduct=0041, bcdDevice=b0.69
[  408.826440][ T5975] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  409.311487][ T5975] usb 1-1: Product: syz
[  409.315729][ T5975] usb 1-1: Manufacturer: syz
[  409.320890][ T5975] usb 1-1: SerialNumber: syz
[  409.354804][ T5975] r8152-cfgselector 1-1: Unknown version 0x0000
[  409.379362][ T5975] r8152-cfgselector 1-1: config 0 descriptor??
[  409.408295][T10251] netlink: 144 bytes leftover after parsing attributes in process `syz.3.1131'.
[  409.433499][ T5975] r8152 1-1:0.143: Expected endpoints are not found
[  409.820216][T10271] netlink: 180 bytes leftover after parsing attributes in process `syz.2.1132'.
[  410.467655][    T9] r8152-cfgselector 1-1: USB disconnect, device number 44
[  410.624879][T10275] fuse: Bad value for 'user_id'
[  410.652155][T10275] fuse: Bad value for 'user_id'
[  410.698272][ T5975] hid-generic 000D:0006:0061.0010: item fetching failed at offset 3/58
[  410.725605][ T5975] hid-generic 000D:0006:0061.0010: probe with driver hid-generic failed with error -22
[  411.289212][ T5921] usb 6-1: new high-speed USB device number 6 using dummy_hcd
[  411.457244][ T5921] usb 6-1: Using ep0 maxpacket: 16
[  411.467837][ T5921] usb 6-1: config 0 has an invalid interface number: 8 but max is 0
[  411.482270][ T5921] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  411.503144][ T5921] usb 6-1: config 0 has no interface number 0
[  411.522505][ T5921] usb 6-1: config 0 interface 8 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[  411.563292][ T5921] usb 6-1: New USB device found, idVendor=0d8c, idProduct=000e, bcdDevice=8e.8f
[  411.584354][ T5921] usb 6-1: New USB device strings: Mfr=0, Product=24, SerialNumber=3
[  411.729212][ T5921] usb 6-1: Product: syz
[  411.745383][ T5921] usb 6-1: SerialNumber: syz
[  411.769612][ T5921] usb 6-1: config 0 descriptor??
[  411.789950][ T5921] usbhid 6-1:0.8: couldn't find an input interrupt endpoint
[  411.988740][ T5921] usb 6-1: USB disconnect, device number 6
[  412.017158][ T5975] usb 1-1: new high-speed USB device number 45 using dummy_hcd
[  412.188402][ T5975] usb 1-1: Using ep0 maxpacket: 8
[  412.203867][ T5975] usb 1-1: config index 0 descriptor too short (expected 28277, got 36)
[  412.225485][ T5975] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  412.258034][ T5975] usb 1-1: config 0 has no interfaces?
[  412.277909][ T5975] usb 1-1: New USB device found, idVendor=046d, idProduct=c20e, bcdDevice= 0.00
[  412.305839][ T5975] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  412.338144][ T5975] usb 1-1: config 0 descriptor??
[  413.710139][T10327] FAULT_INJECTION: forcing a failure.
[  413.710139][T10327] name failslab, interval 1, probability 0, space 0, times 0
[  413.733566][T10327] CPU: 0 UID: 0 PID: 10327 Comm: syz.2.1152 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) 
[  413.733596][T10327] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  413.733610][T10327] Call Trace:
[  413.733618][T10327]  <TASK>
[  413.733627][T10327]  dump_stack_lvl+0x189/0x250
[  413.733656][T10327]  ? __pfx____ratelimit+0x10/0x10
[  413.733679][T10327]  ? __pfx_dump_stack_lvl+0x10/0x10
[  413.733703][T10327]  ? __pfx__printk+0x10/0x10
[  413.733738][T10327]  ? __pfx___might_resched+0x10/0x10
[  413.733777][T10327]  should_fail_ex+0x414/0x560
[  413.733822][T10327]  should_failslab+0xa8/0x100
[  413.733847][T10327]  kmem_cache_alloc_node_noprof+0x76/0x3c0
[  413.733869][T10327]  ? __alloc_skb+0x112/0x2d0
[  413.733904][T10327]  __alloc_skb+0x112/0x2d0
[  413.733946][T10327]  tc_ctl_action+0x809/0xbd0
[  413.733979][T10327]  ? __pfx_tc_ctl_action+0x10/0x10
[  413.734022][T10327]  ? rcu_is_watching+0x15/0xb0
[  413.734089][T10327]  ? __pfx_tc_ctl_action+0x10/0x10
[  413.734112][T10327]  rtnetlink_rcv_msg+0x779/0xb70
[  413.734142][T10327]  ? rtnetlink_rcv_msg+0x1ab/0xb70
[  413.734167][T10327]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  413.734191][T10327]  ? ref_tracker_free+0x63a/0x7d0
[  413.734211][T10327]  ? __copy_skb_header+0xa7/0x550
[  413.734232][T10327]  ? __pfx_ref_tracker_free+0x10/0x10
[  413.734253][T10327]  ? __skb_clone+0x63/0x7a0
[  413.734280][T10327]  netlink_rcv_skb+0x205/0x470
[  413.734309][T10327]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  413.734337][T10327]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  413.734379][T10327]  ? netlink_deliver_tap+0x2e/0x1b0
[  413.734406][T10327]  ? netlink_deliver_tap+0x2e/0x1b0
[  413.734440][T10327]  netlink_unicast+0x75c/0x8e0
[  413.734487][T10327]  netlink_sendmsg+0x805/0xb30
[  413.734525][T10327]  ? __pfx_netlink_sendmsg+0x10/0x10
[  413.734562][T10327]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  413.734582][T10327]  ? __pfx_netlink_sendmsg+0x10/0x10
[  413.734611][T10327]  __sock_sendmsg+0x21c/0x270
[  413.734638][T10327]  ____sys_sendmsg+0x505/0x830
[  413.734694][T10327]  ? __pfx_____sys_sendmsg+0x10/0x10
[  413.734739][T10327]  ? import_iovec+0x74/0xa0
[  413.734774][T10327]  ___sys_sendmsg+0x21f/0x2a0
[  413.734810][T10327]  ? __pfx____sys_sendmsg+0x10/0x10
[  413.734896][T10327]  ? __fget_files+0x2a/0x420
[  413.734926][T10327]  ? __fget_files+0x3a0/0x420
[  413.734962][T10327]  __x64_sys_sendmsg+0x19b/0x260
[  413.735017][T10327]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  413.735075][T10327]  ? __pfx_ksys_write+0x10/0x10
[  413.735092][T10327]  ? rcu_is_watching+0x15/0xb0
[  413.735121][T10327]  ? do_syscall_64+0xbe/0x3b0
[  413.735149][T10327]  do_syscall_64+0xfa/0x3b0
[  413.735171][T10327]  ? lockdep_hardirqs_on+0x9c/0x150
[  413.735212][T10327]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  413.735233][T10327]  ? clear_bhb_loop+0x60/0xb0
[  413.735261][T10327]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  413.735282][T10327] RIP: 0033:0x7f01dfd8eb69
[  413.735300][T10327] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  413.735320][T10327] RSP: 002b:00007f01e0c86038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  413.735343][T10327] RAX: ffffffffffffffda RBX: 00007f01dffb5fa0 RCX: 00007f01dfd8eb69
[  413.735360][T10327] RDX: 0000000000000000 RSI: 0000200000000100 RDI: 0000000000000003
[  413.735374][T10327] RBP: 00007f01e0c86090 R08: 0000000000000000 R09: 0000000000000000
[  413.735387][T10327] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  413.735400][T10327] R13: 0000000000000000 R14: 00007f01dffb5fa0 R15: 00007ffccb844ae8
[  413.735434][T10327]  </TASK>
[  414.470921][  T978] usb 5-1: new high-speed USB device number 33 using dummy_hcd
[  414.667224][  T978] usb 5-1: Using ep0 maxpacket: 8
[  414.703204][  T978] usb 5-1: config 0 has an invalid descriptor of length 141, skipping remainder of the config
[  414.716375][  T978] usb 5-1: config 0 has 0 interfaces, different from the descriptor's value: 1
[  414.725600][  T978] usb 5-1: New USB device found, idVendor=0eef, idProduct=72c4, bcdDevice= 0.00
[  414.726623][ T5975] usb 1-1: USB disconnect, device number 45
[  414.734759][  T978] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  414.749169][ T5954] usb 3-1: new high-speed USB device number 32 using dummy_hcd
[  414.766030][  T978] usb 5-1: config 0 descriptor??
[  414.907116][ T5954] usb 3-1: Using ep0 maxpacket: 8
[  414.915298][ T5954] usb 3-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  414.926920][ T5954] usb 3-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  414.937545][ T5954] usb 3-1: config 16 interface 0 altsetting 0 endpoint 0x8B has invalid wMaxPacketSize 0
[  414.947516][ T5954] usb 3-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 0
[  414.957416][ T5954] usb 3-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  414.970637][ T5954] usb 3-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  414.979787][ T5954] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  414.993156][ T5954] usbtmc 3-1:16.0: probe with driver usbtmc failed with error -22
[  415.361020][  T978] hid-generic 0000:0000:0000.0011: unknown main item tag 0x0
[  415.388054][  T978] hid-generic 0000:0000:0000.0011: hidraw0: <UNKNOWN> HID v0.00 Device [syz1] on syz0
[  415.608783][T10356] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  415.617804][T10356] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  416.064608][T10361] syz.0.1162 (10361): attempted to duplicate a private mapping with mremap.  This is not supported.
[  416.298142][T10370] sch_tbf: burst 0 is lower than device ip6gre0 mtu (1448) !
[  416.565775][T10379] netlink: 4 bytes leftover after parsing attributes in process `syz.5.1168'.
[  417.116350][  T978] usb 5-1: USB disconnect, device number 33
[  417.277192][ T5954] usb 3-1: USB disconnect, device number 32
[  417.325643][T10394] batman_adv: batadv0: Adding interface: dummy0
[  417.352445][T10394] batman_adv: batadv0: The MTU of interface dummy0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  417.427221][T10394] batman_adv: batadv0: Interface activated: dummy0
[  417.434134][T10407] netlink: 'syz.4.1172': attribute type 10 has an invalid length.
[  417.448834][T10403] batadv0: mtu less than device minimum
[  417.455384][T10403] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320)
[  417.466593][T10403] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320)
[  417.477886][T10403] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320)
[  417.489615][T10403] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320)
[  417.501357][T10403] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320)
[  417.513224][T10403] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320)
[  417.524525][T10403] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320)
[  417.535814][T10403] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320)
[  417.547183][T10403] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320)
[  417.605962][T10407] 8021q: adding VLAN 0 to HW filter on device batadv0
[  417.617132][T10407] bond0: (slave batadv0): Enslaving as an active interface with an up link
[  418.283938][   T30] kauditd_printk_skb: 49 callbacks suppressed
[  418.283957][   T30] audit: type=1326 audit(1754226813.909:2213): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10405 comm="syz.3.1176" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb76818eb69 code=0x7fc00000
[  418.311890][   T30] audit: type=1326 audit(1754226813.909:2214): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10405 comm="syz.3.1176" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7fb76818eb69 code=0x7fc00000
[  418.333825][   T30] audit: type=1326 audit(1754226813.909:2215): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10405 comm="syz.3.1176" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb76818eb69 code=0x7fc00000
[  418.364536][   T30] audit: type=1326 audit(1754226813.909:2216): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10405 comm="syz.3.1176" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb76818eb69 code=0x7fc00000
[  418.390443][   T30] audit: type=1326 audit(1754226813.909:2217): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10405 comm="syz.3.1176" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb76818eb69 code=0x7fc00000
[  418.412483][   T30] audit: type=1326 audit(1754226813.909:2218): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10405 comm="syz.3.1176" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb76818eb69 code=0x7fc00000
[  418.456503][   T30] audit: type=1326 audit(1754226813.909:2219): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10405 comm="syz.3.1176" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb76818eb69 code=0x7fc00000
[  418.542234][   T30] audit: type=1326 audit(1754226813.909:2220): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10405 comm="syz.3.1176" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb76818eb69 code=0x7fc00000
[  418.564683][   T30] audit: type=1326 audit(1754226813.909:2221): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10405 comm="syz.3.1176" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb76818eb69 code=0x7fc00000
[  418.661958][   T30] audit: type=1326 audit(1754226813.909:2222): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10405 comm="syz.3.1176" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb76818eb69 code=0x7fc00000
[  418.977941][T10431] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1182'.
[  420.131877][T10448] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[  420.167122][  T978] usb 5-1: new full-speed USB device number 34 using dummy_hcd
[  420.277078][ T5921] usb 1-1: new high-speed USB device number 46 using dummy_hcd
[  420.329720][  T978] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 1023, setting to 64
[  420.343586][  T978] usb 5-1: New USB device found, idVendor=04f3, idProduct=0755, bcdDevice= 0.00
[  420.369081][  T978] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  420.387209][ T5975] usb 6-1: new high-speed USB device number 7 using dummy_hcd
[  420.391146][  T978] usb 5-1: config 0 descriptor??
[  420.405596][T10437] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22
[  420.427058][ T5921] usb 1-1: Using ep0 maxpacket: 8
[  420.434668][ T5921] usb 1-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  420.445015][ T5921] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  420.455421][ T5921] usb 1-1: config 16 interface 0 altsetting 0 endpoint 0x8B has invalid wMaxPacketSize 0
[  420.465337][ T5921] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 0
[  420.475350][ T5921] usb 1-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  420.488667][ T5921] usb 1-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  420.497802][ T5921] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  420.514538][T10457] netlink: 'syz.2.1189': attribute type 1 has an invalid length.
[  420.517154][ T5921] usbtmc 1-1:16.0: probe with driver usbtmc failed with error -22
[  420.537235][ T5975] usb 6-1: Using ep0 maxpacket: 32
[  420.550220][ T5975] usb 6-1: New USB device found, idVendor=046d, idProduct=0960, bcdDevice=a5.af
[  420.562215][ T5975] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  420.566714][T10457] 8021q: adding VLAN 0 to HW filter on device bond2
[  420.570347][ T5975] usb 6-1: Product: syz
[  420.570367][ T5975] usb 6-1: Manufacturer: syz
[  420.570383][ T5975] usb 6-1: SerialNumber: syz
[  420.594045][ T5975] usb 6-1: config 0 descriptor??
[  420.665059][ T5975] gspca_main: sunplus-2.14.0 probing 046d:0960
[  420.849281][ T5975] gspca_sunplus: reg_w_riv err -71
[  420.884110][ T5975] sunplus 6-1:0.0: probe with driver sunplus failed with error -71
[  420.896389][ T5975] usb 6-1: USB disconnect, device number 7
[  421.129064][  T978] elan 0003:04F3:0755.0012: hidraw0: USB HID v1.01 Device [HID 04f3:0755] on usb-dummy_hcd.4-1/input0
[  421.225330][ T5954] usb 5-1: USB disconnect, device number 34
[  421.258602][T10461] syz.2.1190: attempt to access beyond end of device
[  421.258602][T10461] nbd2: rw=0, sector=6, nr_sectors = 2 limit=0
[  421.273442][T10461] ADFS-fs (nbd2): error: unable to read block 3, try 0
[  421.296037][T10464] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  421.304756][T10464] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  421.374129][T10466] bond_slave_1: entered promiscuous mode
[  421.382437][T10466] bond_slave_1: left promiscuous mode
[  421.509250][T10468] ip6erspan0: entered allmulticast mode
[  424.809607][T10488] loop2: detected capacity change from 0 to 7
[  425.272406][T10488]  loop2: p1
[  425.275744][T10488] loop2: partition table partially beyond EOD, truncated
[  425.304337][T10488] loop2: p1 size 1919251295 extends beyond EOD, truncated
[  425.324926][ T5954] usb 1-1: USB disconnect, device number 46
[  425.783197][   T30] kauditd_printk_skb: 27 callbacks suppressed
[  425.783223][   T30] audit: type=1800 audit(1754226821.409:2250): pid=10492 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed comm="syz.0.1199" name="SYSV00000000" dev="hugetlbfs" ino=0 res=0 errno=0
[  425.847400][  T978] usb 5-1: new high-speed USB device number 35 using dummy_hcd
[  426.033893][T10477] syz.5.1194 (10477): drop_caches: 2
[  426.039772][  T978] usb 5-1: Using ep0 maxpacket: 16
[  426.054069][  T978] usb 5-1: config 1 contains an unexpected descriptor of type 0x2, skipping
[  426.095053][  T978] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  426.145825][  T978] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 3
[  426.159222][  T978] usb 5-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  426.172193][  T978] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  426.193257][  T978] usb 5-1: Product: syz
[  426.217384][  T978] usb 5-1: Manufacturer: syz
[  426.222048][  T978] usb 5-1: SerialNumber: syz
[  426.280614][T10504] tipc: Started in network mode
[  426.285628][T10504] tipc: Node identity , cluster identity 4711
[  426.292928][T10504] tipc: Failed to obtain node identity
[  426.298556][T10504] tipc: Enabling of bearer <eth:syzkaller0> rejected, failed to enable media
[  426.313601][T10508] netlink: 32 bytes leftover after parsing attributes in process `syz.3.1206'.
[  426.323950][T10508] netlink: 32 bytes leftover after parsing attributes in process `syz.3.1206'.
[  426.800148][  T978] usb 5-1: 0:2 : does not exist
[  429.917246][  T978] usb 5-1: 1:0: cannot get min/max values for control 2 (id 1)
[  429.978618][  T978] usb 5-1: USB disconnect, device number 35
[  430.237281][ T5921] usb 6-1: new high-speed USB device number 8 using dummy_hcd
[  430.399173][ T5921] usb 6-1: Using ep0 maxpacket: 8
[  430.406271][ T5921] usb 6-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  430.457528][ T5921] usb 6-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  430.505675][ T5921] usb 6-1: config 16 interface 0 altsetting 0 endpoint 0x8B has invalid wMaxPacketSize 0
[  430.527197][T10522] usb 3-1: new full-speed USB device number 33 using dummy_hcd
[  430.549827][ T5921] usb 6-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 0
[  430.559961][ T5921] usb 6-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  430.577328][ T5921] usb 6-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  430.586524][ T5921] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  430.601048][ T5921] usbtmc 6-1:16.0: probe with driver usbtmc failed with error -22
[  430.757388][T10522] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10
[  430.900401][T10522] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 512, setting to 64
[  430.947103][T10522] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 5
[  431.234873][T10522] usb 3-1: New USB device found, idVendor=0755, idProduct=2626, bcdDevice= 0.00
[  431.244107][T10522] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  431.267977][T10522] usb 3-1: config 0 descriptor??
[  431.290487][T10527] raw-gadget.1 gadget.2: fail, usb_ep_enable returned -22
[  431.519034][T10538] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  431.529429][T10538] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  432.480873][T10522] aureal 0003:0755:2626.0013: fixing Aureal Cy se W-01RN USB_V3.1 report descriptor.
[  432.515756][T10522] aureal 0003:0755:2626.0013: unknown main item tag 0x6
[  432.548896][T10522] aureal 0003:0755:2626.0013: report_id 29495 is invalid
[  432.575265][T10522] aureal 0003:0755:2626.0013: item 0 2 1 8 parsing failed
[  432.610043][T10522] aureal 0003:0755:2626.0013: probe with driver aureal failed with error -22
[  432.794119][T10522] usb 3-1: USB disconnect, device number 33
[  433.447300][  T978] usb 1-1: new high-speed USB device number 47 using dummy_hcd
[  433.462990][ T5985] usb 6-1: USB disconnect, device number 8
[  433.743845][  T978] usb 1-1: Using ep0 maxpacket: 8
[  434.119892][  T978] usb 1-1: config index 0 descriptor too short (expected 301, got 45)
[  434.151224][  T978] usb 1-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  434.170414][  T978] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  434.197750][  T978] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  434.220641][  T978] usb 1-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  434.236863][  T978] usb 1-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23
[  434.418529][  T978] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  435.168779][  T978] usb 1-1: usb_control_msg returned -71
[  435.186180][  T978] usbtmc 1-1:16.0: can't read capabilities
[  435.226503][  T978] usb 1-1: USB disconnect, device number 47
[  436.832136][T10587] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1227'.
[  436.928424][T10593] support for the xor transformation has been removed.
[  436.958612][T10593] netlink: 'syz.4.1230': attribute type 29 has an invalid length.
[  437.199890][ T5975] usb 6-1: new high-speed USB device number 9 using dummy_hcd
[  437.547101][ T5975] usb 6-1: Using ep0 maxpacket: 8
[  437.685403][T10608] overlayfs: missing 'lowerdir'
[  440.042250][ T1304] ieee802154 phy1 wpan1: encryption failed: -22
[  443.154711][ T5975] usb 6-1: unable to read config index 0 descriptor/start: -71
[  444.754303][ T5975] usb 6-1: can't read configurations, error -71
[  446.034265][T10649] xt_nat: multiple ranges no longer supported
[  447.403985][ T5975] usb 5-1: new high-speed USB device number 36 using dummy_hcd
[  447.604303][    C0] vcan0: j1939_tp_rxtimer: 0xffff888078a10c00: rx timeout, send abort
[  448.105698][    C0] vcan0: j1939_tp_rxtimer: 0xffff888059ab6000: rx timeout, send abort
[  448.114053][    C0] vcan0: j1939_tp_rxtimer: 0xffff888078a10c00: abort rx timeout. Force session deactivation
[  448.295322][ T5975] usb 5-1: Using ep0 maxpacket: 32
[  448.613968][    C0] vcan0: j1939_tp_rxtimer: 0xffff888059ab6000: abort rx timeout. Force session deactivation
[  448.940660][T10653] netlink: 'syz.0.1243': attribute type 6 has an invalid length.
[  449.021695][T10653] netlink: 16 bytes leftover after parsing attributes in process `syz.0.1243'.
[  449.038192][ T5975] usb 5-1: config 1 has an invalid descriptor of length 1, skipping remainder of the config
[  449.398247][T10653] netlink: 40 bytes leftover after parsing attributes in process `syz.0.1243'.
[  449.420219][ T5975] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 3
[  449.874279][ T5975] usb 5-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  450.528920][ T5975] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  450.633940][ T5975] usb 5-1: Product: ⛌㈡究鑳㚑쾢혊侷
[  450.698319][ T5975] usb 5-1: Manufacturer: Х
[  450.763895][ T5975] usb 5-1: SerialNumber: и
[  452.926268][T10665] overlayfs: conflicting options: nfs_export=on,metacopy=on
[  453.236121][ T5975] usb 5-1: 0:2 : does not exist
[  453.256414][T10665] ubi8: attaching mtd0
[  453.311935][T10665] ubi8: scanning is finished
[  453.344383][T10665] ubi8: empty MTD device detected
[  453.396486][ T5975] usb 5-1: USB disconnect, device number 36
[  453.456706][T10673] net_ratelimit: 11 callbacks suppressed
[  453.456725][T10673] openvswitch: netlink: Flow actions attr not present in new flow.
[  453.543579][T10665] ubi8: attached mtd0 (name "mtdram test device", size 0 MiB)
[  453.555598][T10665] ubi8: PEB size: 4096 bytes (4 KiB), LEB size: 3968 bytes
[  453.594562][T10665] ubi8: min./max. I/O unit sizes: 1/64, sub-page size 1
[  453.612209][T10665] ubi8: VID header offset: 64 (aligned 64), data offset: 128
[  453.623062][T10665] ubi8: good PEBs: 32, bad PEBs: 0, corrupted PEBs: 0
[  453.655285][T10665] ubi8: user volume: 0, internal volumes: 1, max. volumes count: 23
[  453.664196][T10665] ubi8: max/mean erase counter: 0/0, WL threshold: 4096, image sequence number: 1372366959
[  453.687282][T10522] usb 6-1: new high-speed USB device number 11 using dummy_hcd
[  453.728610][T10665] ubi8: available PEBs: 28, total reserved PEBs: 4, PEBs reserved for bad PEB handling: 0
[  453.800929][T10678] ubi8: background thread "ubi_bgt8d" started, PID 10678
[  454.243729][T10522] usb 6-1: Using ep0 maxpacket: 16
[  454.256307][T10522] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  454.283826][T10522] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  454.305715][T10522] usb 6-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 3
[  454.336759][T10522] usb 6-1: New USB device found, idVendor=0955, idProduct=7214, bcdDevice=ed.00
[  454.346404][T10522] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  454.358262][T10522] usb 6-1: config 0 descriptor??
[  454.778372][T10702] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  454.937964][T10702] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  454.987080][ T5975] usb 3-1: new high-speed USB device number 34 using dummy_hcd
[  455.554029][T10522] shield 0003:0955:7214.0014: unknown main item tag 0x0
[  455.565997][T10522] shield 0003:0955:7214.0014: unknown main item tag 0x0
[  455.600698][T10522] shield 0003:0955:7214.0014: unknown main item tag 0x0
[  455.661492][T10522] shield 0003:0955:7214.0014: unknown main item tag 0x0
[  455.677167][T10522] shield 0003:0955:7214.0014: unknown main item tag 0x0
[  455.697204][ T5975] usb 3-1: Using ep0 maxpacket: 32
[  455.710616][T10522] input: HID 0955:7214 Haptics as /devices/virtual/input/input24
[  455.710732][ T5975] usb 3-1: unable to get BOS descriptor or descriptor too short
[  455.755442][ T5975] usb 3-1: config 128 has an invalid interface number: 127 but max is 3
[  455.765671][ T5975] usb 3-1: config 128 has an invalid descriptor of length 0, skipping remainder of the config
[  455.786250][ T5975] usb 3-1: config 128 has 1 interface, different from the descriptor's value: 4
[  455.795482][T10522] shield 0003:0955:7214.0014: Registered Thunderstrike controller
[  455.808570][T10522] shield 0003:0955:7214.0014: : USB HID v0.00 Device [HID 0955:7214] on usb-dummy_hcd.5-1/input0
[  455.821749][ T5975] usb 3-1: config 128 has no interface number 0
[  455.833448][ T5975] usb 3-1: config 128 interface 127 altsetting 14 endpoint 0x5 has an invalid bInterval 0, changing to 7
[  455.870888][ T5975] usb 3-1: config 128 interface 127 altsetting 14 endpoint 0x5 has invalid wMaxPacketSize 0
[  455.897068][ T5975] usb 3-1: config 128 interface 127 has no altsetting 0
[  455.912548][ T5975] usb 3-1: New USB device found, idVendor=0582, idProduct=295c, bcdDevice=d4.55
[  455.929769][ T5975] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  455.950900][ T5975] usb 3-1: Product: syz
[  455.955108][ T5975] usb 3-1: Manufacturer: syz
[  455.974424][ T5975] usb 3-1: SerialNumber: syz
[  456.115723][T10672] random: crng reseeded on system resumption
[  456.218602][ T5975] usb 3-1: USB disconnect, device number 34
[  456.346726][ T5921] shield 0003:0955:7214.0014: Failed to output Thunderstrike HOSTCMD request HID report due to -EPROTO
[  456.358579][T10522] usb 6-1: USB disconnect, device number 11
[  456.367183][ T5921] shield 0003:0955:7214.0014: Failed to output Thunderstrike HOSTCMD request HID report due to -ENODEV
[  457.221008][T10759] netlink: 60 bytes leftover after parsing attributes in process `syz.2.1270'.
[  458.729674][ T5975] usb 6-1: new high-speed USB device number 12 using dummy_hcd
[  459.227378][ T5975] usb 6-1: Using ep0 maxpacket: 16
[  459.244911][ T5975] usb 6-1: config 0 interface 0 altsetting 2 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  459.352142][ T5975] usb 6-1: config 0 interface 0 altsetting 2 endpoint 0x81 has invalid wMaxPacketSize 0
[  459.461295][ T5975] usb 6-1: config 0 interface 0 has no altsetting 0
[  459.557261][ T5975] usb 6-1: New USB device found, idVendor=056a, idProduct=0331, bcdDevice= 0.00
[  459.606850][ T5975] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  459.642712][ T5975] usb 6-1: config 0 descriptor??
[  460.080604][ T5975] hid (null): report_id 0 is invalid
[  460.105836][ T5975] hid (null): unknown global tag 0xe
[  460.121337][ T5975] hid (null): unknown global tag 0xe
[  460.127343][ T5975] hid (null): report_id 1536620487 is invalid
[  460.138792][ T5975] hid (null): invalid report_count 47361
[  460.157998][T10823] loop2: detected capacity change from 0 to 7
[  460.641150][T10823]  loop2: p1
[  460.645041][T10823] loop2: partition table partially beyond EOD, truncated
[  460.649468][ T5975] usb 6-1: USB disconnect, device number 12
[  460.652801][T10823] loop2: p1 size 1919251295 extends beyond EOD, truncated
[  461.162416][T10846] Bluetooth: hci0: Opcode 0x0c1a failed: -22
[  461.667167][ T5832] usb 6-1: new high-speed USB device number 13 using dummy_hcd
[  461.680432][T10854] netlink: 'syz.4.1295': attribute type 10 has an invalid length.
[  461.837174][ T5832] usb 6-1: Using ep0 maxpacket: 8
[  461.855121][ T5832] usb 6-1: New USB device found, idVendor=046d, idProduct=08dd, bcdDevice=ff.f4
[  461.909086][ T5832] usb 6-1: New USB device strings: Mfr=8, Product=2, SerialNumber=3
[  461.922457][ T5832] usb 6-1: Product: syz
[  461.928265][T10522] usb 5-1: new high-speed USB device number 37 using dummy_hcd
[  461.931232][ T5832] usb 6-1: Manufacturer: syz
[  461.982867][ T5832] usb 6-1: SerialNumber: syz
[  462.005468][ T5832] usb 6-1: config 0 descriptor??
[  462.038255][ T5832] gspca_main: gspca_zc3xx-2.14.0 probing 046d:08dd
[  462.129256][T10522] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  462.154744][T10522] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  462.174861][T10522] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  462.212054][T10522] usb 5-1: New USB device found, idVendor=04f2, idProduct=1236, bcdDevice= 0.00
[  462.222856][T10522] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  462.262173][T10522] usb 5-1: config 0 descriptor??
[  462.557658][ T5832] gspca_zc3xx: reg_w_i err -110
[  462.567664][ T5832] gspca_zc3xx 6-1:0.0: probe with driver gspca_zc3xx failed with error -110
[  462.757839][T10522] chicony 0003:04F2:1236.0016: hidraw0: USB HID v0.00 Device [HID 04f2:1236] on usb-dummy_hcd.4-1/input0
[  463.185779][T10854] netlink: 'syz.4.1295': attribute type 10 has an invalid length.
[  463.211914][T10854] netlink: 40 bytes leftover after parsing attributes in process `syz.4.1295'.
[  463.227094][T10854] batadv0: entered promiscuous mode
[  463.241298][ T5848] Bluetooth: hci0: command tx timeout
[  463.241891][T10854] batadv0: entered allmulticast mode
[  463.278600][T10854] bond0: (slave batadv0): Releasing backup interface
[  463.304606][T10854] batman_adv: batadv0: Local translation table size (60) exceeds maximum packet size (-320); Ignoring new local tt entry: aa:aa:aa:aa:aa:2a
[  463.356139][T10854] bridge0: port 3(batadv0) entered blocking state
[  463.547223][T10854] bridge0: port 3(batadv0) entered disabled state
[  464.319608][ T1085] batman_adv: batadv0: No IGMP Querier present - multicast optimizations disabled
[  464.329457][ T1085] batman_adv: batadv0: No MLD Querier present - multicast optimizations disabled
[  464.349995][ T5832] usb 5-1: USB disconnect, device number 37
[  464.603336][T10522] usb 6-1: USB disconnect, device number 13
[  465.418378][T10916] Device name cannot be null; rc = [-22]
[  465.506744][T10917] gretap1: entered allmulticast mode
[  465.536722][T10920] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1312'.
[  465.546473][   T30] audit: type=1326 audit(1754226861.169:2251): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10918 comm="syz.2.1310" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f01dfd8eb69 code=0x7ffc0000
[  465.569205][T10920] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1312'.
[  465.601303][   T30] audit: type=1326 audit(1754226861.199:2252): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10918 comm="syz.2.1310" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f01dfd8eb69 code=0x7ffc0000
[  465.635856][   T30] audit: type=1326 audit(1754226861.199:2253): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10918 comm="syz.2.1310" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f01dfd8eb69 code=0x7ffc0000
[  465.750038][   T30] audit: type=1326 audit(1754226861.199:2254): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10918 comm="syz.2.1310" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f01dfd8eb69 code=0x7ffc0000
[  465.826718][   T30] audit: type=1326 audit(1754226861.199:2255): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10918 comm="syz.2.1310" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f01dfd8eb69 code=0x7ffc0000
[  465.870819][   T30] audit: type=1326 audit(1754226861.219:2256): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10918 comm="syz.2.1310" exe="/root/syz-executor" sig=0 arch=c000003e syscall=237 compat=0 ip=0x7f01dfd8eb69 code=0x7ffc0000
[  465.954587][   T30] audit: type=1326 audit(1754226861.219:2257): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10918 comm="syz.2.1310" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f01dfd8eb69 code=0x7ffc0000
[  466.012700][   T30] audit: type=1326 audit(1754226861.219:2258): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10918 comm="syz.2.1310" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f01dfd8eb69 code=0x7ffc0000
[  466.060399][ T5921] usb 6-1: new high-speed USB device number 14 using dummy_hcd
[  467.097044][ T5921] usb 6-1: Using ep0 maxpacket: 32
[  467.104243][ T5921] usb 6-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xA6, changing to 0x86
[  469.237014][ T5921] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x86 has an invalid bInterval 0, changing to 7
[  469.248342][ T5921] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x86 has invalid wMaxPacketSize 0
[  469.261983][ T5921] usb 6-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  469.286265][ T5921] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7
[  469.307000][ T5921] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024
[  470.395454][ T5921] usb 6-1: string descriptor 0 read error: -71
[  470.414107][ T5921] usb 6-1: New USB device found, idVendor=05ef, idProduct=020a, bcdDevice=91.36
[  470.436667][ T5921] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  470.475501][ T5921] usb 6-1: config 0 descriptor??
[  470.503129][ T5921] usb 6-1: can't set config #0, error -71
[  470.529371][ T5921] usb 6-1: USB disconnect, device number 14
[  471.492470][   T30] audit: type=1326 audit(1754226867.119:2259): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10960 comm="syz.3.1324" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb76818eb69 code=0x7ffc0000
[  471.531003][   T30] audit: type=1326 audit(1754226867.119:2260): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10960 comm="syz.3.1324" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb76818eb69 code=0x7ffc0000
[  471.557150][   T30] audit: type=1326 audit(1754226867.149:2261): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10960 comm="syz.3.1324" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fb76818eb69 code=0x7ffc0000
[  471.581199][   T30] audit: type=1326 audit(1754226867.149:2262): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10960 comm="syz.3.1324" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb76818eb69 code=0x7ffc0000
[  471.607443][   T30] audit: type=1326 audit(1754226867.149:2263): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10960 comm="syz.3.1324" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb76818eb69 code=0x7ffc0000
[  471.637408][   T30] audit: type=1326 audit(1754226867.149:2264): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10960 comm="syz.3.1324" exe="/root/syz-executor" sig=0 arch=c000003e syscall=237 compat=0 ip=0x7fb76818eb69 code=0x7ffc0000
[  471.662937][ T5832] usb 6-1: new high-speed USB device number 15 using dummy_hcd
[  471.677051][   T30] audit: type=1326 audit(1754226867.149:2265): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10960 comm="syz.3.1324" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb76818eb69 code=0x7ffc0000
[  471.702242][   T30] audit: type=1326 audit(1754226867.149:2266): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10960 comm="syz.3.1324" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb76818eb69 code=0x7ffc0000
[  471.827772][ T5832] usb 6-1: Using ep0 maxpacket: 32
[  471.839086][ T5832] usb 6-1: unable to get BOS descriptor or descriptor too short
[  471.849982][ T5832] usb 6-1: config 64 has an invalid interface number: 227 but max is 0
[  471.868963][ T5832] usb 6-1: config 64 has no interface number 0
[  471.939109][ T5832] usb 6-1: config 64 interface 227 altsetting 9 endpoint 0x7 has invalid maxpacket 512, setting to 64
[  471.950309][ T5832] usb 6-1: config 64 interface 227 has no altsetting 0
[  472.149590][ T5832] usb 6-1: New USB device found, idVendor=0bc7, idProduct=0006, bcdDevice=4f.a5
[  472.158895][ T5832] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  472.205090][ T5832] usb 6-1: Product: 䰊
[  472.257040][ T5832] usb 6-1: SerialNumber: 莆謥퓥ꍕକ炶澪㻹銽
[  472.600126][ T5832] ati_remote 6-1:64.227: ati_remote_probe: Unexpected endpoint_in
[  472.628623][ T5832] usb 6-1: USB disconnect, device number 15
[  473.091947][T11005] netdevsim netdevsim3: Direct firmware load for ./file0 failed with error -2
[  473.151591][T11007] tipc: Can't bind to reserved service type 1
[  473.190097][T11005] netdevsim netdevsim3: Falling back to sysfs fallback for: ./file0
[  473.587618][ T5921] usb 6-1: new full-speed USB device number 16 using dummy_hcd
[  473.782514][ T5921] usb 6-1: config 5 has an invalid interface number: 123 but max is 0
[  473.795456][ T5921] usb 6-1: config 5 has no interface number 0
[  473.801799][   T30] audit: type=1326 audit(1754226869.419:2267): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11015 comm="syz.4.1334" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f639278eb69 code=0x7ffc0000
[  473.827929][ T5921] usb 6-1: config 5 interface 123 altsetting 7 has an endpoint descriptor with address 0xEB, changing to 0x8B
[  473.889348][   T30] audit: type=1326 audit(1754226869.419:2268): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11015 comm="syz.4.1334" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f639278eb69 code=0x7ffc0000
[  473.977038][ T5921] usb 6-1: config 5 interface 123 altsetting 7 endpoint 0x4 has invalid wMaxPacketSize 0
[  474.030877][ T5921] usb 6-1: config 5 interface 123 has no altsetting 0
[  474.103701][ T5921] usb 6-1: New USB device found, idVendor=3923, idProduct=718a, bcdDevice=d8.d7
[  474.122002][ T5921] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  474.199815][ T5921] usb 6-1: Product: syz
[  474.220338][ T5921] usb 6-1: Manufacturer: syz
[  474.280107][ T5921] usb 6-1: SerialNumber: syz
[  474.512633][ T5921] ni6501 6-1:5.123: driver 'ni6501' failed to auto-configure device.
[  474.571902][ T5921] usb 6-1: USB disconnect, device number 16
[  474.967597][T11036] 9pnet_fd: Insufficient options for proto=fd
[  475.153039][T11045] trusted_key: syz.5.1342 sent an empty control message without MSG_MORE.
[  475.193789][T11019] delete_channel: no stack
[  475.221783][T11051] netlink: 'syz.4.1344': attribute type 3 has an invalid length.
[  475.233150][T11051] netlink: 199836 bytes leftover after parsing attributes in process `syz.4.1344'.
[  475.295583][T11054] 9pnet_fd: Insufficient options for proto=fd
[  475.688699][T11070] vhci_hcd vhci_hcd.0: pdev(5) rhport(0) sockfd(6)
[  475.695271][T11070] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed)
[  475.743586][T11070] vhci_hcd vhci_hcd.0: Device attached
[  475.817049][  T978] usb 3-1: new high-speed USB device number 35 using dummy_hcd
[  475.969374][  T978] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  475.980540][  T978] usb 3-1: New USB device found, idVendor=0471, idProduct=0304, bcdDevice=e4.df
[  475.989787][  T978] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  475.998293][T10522] usb 43-1: new low-speed USB device number 2 using vhci_hcd
[  476.008362][  T978] usb 3-1: config 0 descriptor??
[  476.017899][  T978] pwc: Askey VC010 type 2 USB webcam detected.
[  476.533256][T11098] geneve2: entered allmulticast mode
[  477.235286][  T978] pwc: recv_control_msg error -32 req 02 val 2b00
[  477.425264][  T978] pwc: recv_control_msg error -32 req 02 val 2700
[  477.432570][T11072] vhci_hcd: connection reset by peer
[  477.467464][  T978] pwc: recv_control_msg error -32 req 02 val 2c00
[  477.495131][  T978] pwc: recv_control_msg error -32 req 04 val 1000
[  477.576999][ T1105] vhci_hcd: stop threads
[  477.581300][ T1105] vhci_hcd: release socket
[  477.631235][  T978] pwc: recv_control_msg error -32 req 04 val 1300
[  477.639556][ T1105] vhci_hcd: disconnect device
[  477.693778][  T978] pwc: recv_control_msg error -32 req 04 val 1400
[  477.938621][  T978] pwc: recv_control_msg error -71 req 02 val 2100
[  477.965819][  T978] pwc: recv_control_msg error -71 req 04 val 1500
[  477.984546][  T978] pwc: recv_control_msg error -71 req 02 val 2500
[  477.995938][  T978] pwc: recv_control_msg error -71 req 02 val 2400
[  478.201008][  T978] pwc: recv_control_msg error -71 req 02 val 2600
[  478.209223][  T978] pwc: recv_control_msg error -71 req 02 val 2900
[  478.216229][  T978] pwc: recv_control_msg error -71 req 02 val 2800
[  478.223900][  T978] pwc: recv_control_msg error -71 req 04 val 1100
[  478.230950][  T978] pwc: recv_control_msg error -71 req 04 val 1200
[  478.245190][  T978] pwc: Registered as video103.
[  478.255492][  T978] input: PWC snapshot button as /devices/platform/dummy_hcd.2/usb3/3-1/input/input25
[  478.269221][  T978] usb 3-1: USB disconnect, device number 35
[  479.551010][T11126] syz.4.1356 (11126): drop_caches: 2
[  479.558955][T11126] syz.4.1356 (11126): drop_caches: 2
[  480.897864][T11138] netlink: 20 bytes leftover after parsing attributes in process `syz.2.1359'.
[  480.928100][   T30] kauditd_printk_skb: 20 callbacks suppressed
[  480.928117][   T30] audit: type=1326 audit(1754226876.559:2289): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11137 comm="syz.2.1359" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f01dfd8eb69 code=0x7ffc0000
[  481.064268][   T30] audit: type=1326 audit(1754226876.579:2290): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11137 comm="syz.2.1359" exe="/root/syz-executor" sig=0 arch=c000003e syscall=283 compat=0 ip=0x7f01dfd8eb69 code=0x7ffc0000
[  481.217166][T10522] vhci_hcd: vhci_device speed not set
[  481.267588][ T5921] usb 3-1: new low-speed USB device number 36 using dummy_hcd
[  481.340585][   T30] audit: type=1326 audit(1754226876.579:2291): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11137 comm="syz.2.1359" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f01dfd8eb69 code=0x7ffc0000
[  481.381274][   T30] audit: type=1326 audit(1754226876.589:2292): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11137 comm="syz.2.1359" exe="/root/syz-executor" sig=0 arch=c000003e syscall=287 compat=0 ip=0x7f01dfd8eb69 code=0x7ffc0000
[  481.427071][ T5921] usb 3-1: device descriptor read/64, error -71
[  481.428064][   T30] audit: type=1326 audit(1754226876.589:2293): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11137 comm="syz.2.1359" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f01dfd8eb69 code=0x7ffc0000
[  481.455198][   T30] audit: type=1326 audit(1754226876.589:2294): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11137 comm="syz.2.1359" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f01dfd8eb69 code=0x7ffc0000
[  481.494620][   T30] audit: type=1326 audit(1754226876.599:2295): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11137 comm="syz.2.1359" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f01dfd8eb69 code=0x7ffc0000
[  481.519293][   T30] audit: type=1326 audit(1754226876.599:2296): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11137 comm="syz.2.1359" exe="/root/syz-executor" sig=0 arch=c000003e syscall=49 compat=0 ip=0x7f01dfd8eb69 code=0x7ffc0000
[  481.544807][   T30] audit: type=1326 audit(1754226876.599:2297): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11137 comm="syz.2.1359" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f01dfd8eb69 code=0x7ffc0000
[  481.605122][   T30] audit: type=1326 audit(1754226876.599:2298): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11137 comm="syz.2.1359" exe="/root/syz-executor" sig=0 arch=c000003e syscall=43 compat=0 ip=0x7f01dfd8eb69 code=0x7ffc0000
[  481.697093][ T5921] usb 3-1: new low-speed USB device number 37 using dummy_hcd
[  481.920859][ T5921] usb 3-1: device descriptor read/64, error -71
[  482.713213][ T5921] usb usb3-port1: attempt power cycle
[  482.781243][T11168] netlink: 'syz.3.1368': attribute type 11 has an invalid length.
[  482.983676][T11168] could not allocate digest TFM handle xcbc(des3_ede)
[  483.080343][ T5921] usb 3-1: new low-speed USB device number 38 using dummy_hcd
[  483.118047][ T5921] usb 3-1: device descriptor read/8, error -71
[  483.507342][ T5921] usb 3-1: new low-speed USB device number 39 using dummy_hcd
[  483.540739][ T5921] usb 3-1: device descriptor read/8, error -71
[  483.680768][ T5921] usb usb3-port1: unable to enumerate USB device
[  484.939826][ T5832] usb 5-1: new high-speed USB device number 38 using dummy_hcd
[  484.965439][T11214] netlink: 100 bytes leftover after parsing attributes in process `syz.2.1382'.
[  485.180444][ T5832] usb 5-1: too many endpoints for config 0 interface 0 altsetting 0: 253, using maximum allowed: 30
[  485.281765][ T5832] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  485.353590][ T5832] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  485.439374][ T5832] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 253
[  485.515291][ T5832] usb 5-1: New USB device found, idVendor=05ac, idProduct=8243, bcdDevice=8b.40
[  485.524783][ T5832] usb 5-1: New USB device strings: Mfr=11, Product=0, SerialNumber=0
[  485.534807][ T5832] usb 5-1: Manufacturer: syz
[  485.556470][ T5832] usb 5-1: config 0 descriptor??
[  485.997213][ T5921] usb 3-1: new high-speed USB device number 40 using dummy_hcd
[  486.030279][T11234] loop6: detected capacity change from 0 to 7
[  486.052138][T11234] Dev loop6: unable to read RDB block 7
[  486.062647][T11234]  loop6: unable to read partition table
[  486.080759][T11234] loop6: partition table beyond EOD, truncated
[  486.090676][T11234] loop_reread_partitions: partition scan of loop6 (�被x������ ) failed (rc=-5)
[  486.144100][ T5832] appleir 0003:05AC:8243.0017: unknown main item tag 0x0
[  486.160033][ T5832] appleir 0003:05AC:8243.0017: hiddev0,hidraw0: USB HID v0.00 Device [syz] on usb-dummy_hcd.4-1/input0
[  486.160220][ T5921] usb 3-1: Using ep0 maxpacket: 32
[  486.185923][ T5921] usb 3-1: config 0 has an invalid interface number: 35 but max is 0
[  486.848470][ T5832] usb 5-1: USB disconnect, device number 38
[  486.937899][ T5921] usb 3-1: config 0 has no interface number 0
[  486.944101][ T5921] usb 3-1: config 0 interface 35 altsetting 0 endpoint 0x85 has an invalid bInterval 0, changing to 7
[  486.977077][ T5921] usb 3-1: config 0 interface 35 altsetting 0 endpoint 0x85 has invalid wMaxPacketSize 0
[  487.013895][ T5921] usb 3-1: New USB device found, idVendor=10c4, idProduct=818a, bcdDevice=7d.8f
[  487.057029][ T5921] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  487.065118][ T5921] usb 3-1: Product: syz
[  487.087019][ T5921] usb 3-1: Manufacturer: syz
[  487.117162][T11249] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  487.138811][ T5921] usb 3-1: SerialNumber: syz
[  487.162691][ T5921] usb 3-1: config 0 descriptor??
[  487.395037][T11223] netlink: 1010 bytes leftover after parsing attributes in process `syz.2.1385'.
[  487.436492][T11223] bridge: RTM_NEWNEIGH bridge0 without NUD_PERMANENT
[  487.462662][ T5921] radio-si470x 3-1:0.35: this is not a si470x device.
[  487.520285][ T5921] radio-raremono 3-1:0.35: this is not Thanko's Raremono.
[  487.536505][ T5921] usb 3-1: USB disconnect, device number 40
[  490.077516][T11407] bridge_slave_0: entered promiscuous mode
[  490.987814][T11455] bond0: (slave bond_slave_1): Releasing backup interface
[  491.039457][T11459] ptrace attach of "./syz-executor exec"[11463] was attempted by "./syz-executor exec"[11459]
[  491.419456][T11482] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1483'.
[  492.136840][T11515] team0: Port device team_slave_0 removed
[  493.254302][T11580] bridge0: port 2(bridge_slave_1) entered disabled state
[  493.262494][T11580] bridge0: port 1(bridge_slave_0) entered disabled state
[  493.358143][T11582] tap0: tun_chr_ioctl cmd 1074025677
[  493.363714][T11582] tap0: linktype set to 773
[  493.719620][T11603] bridge_slave_0: default FDB implementation only supports local addresses
[  494.063148][T11618] 8021q: adding VLAN 0 to HW filter on device team0
[  494.119158][T11618] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  494.829688][T11664] team0: No ports can be present during mode change
[  496.142749][T11738] sctp: [Deprecated]: syz.2.1594 (pid 11738) Use of int in max_burst socket option deprecated.
[  496.142749][T11738] Use struct sctp_assoc_value instead
[  496.475658][T11757] =======================================================
[  496.475658][T11757] WARNING: The mand mount option has been deprecated and
[  496.475658][T11757]          and is ignored by this kernel. Remove the mand
[  496.475658][T11757]          option from the mount to silence this warning.
[  496.475658][T11757] =======================================================
[  496.512272][T11761] tap0: tun_chr_ioctl cmd 1074025677
[  496.531918][T11761] tap0: linktype set to 778
[  496.854131][T11775] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  497.161533][ T8002] netdevsim netdevsim5 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  497.330001][ T8002] netdevsim netdevsim5 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  497.578167][ T8002] netdevsim netdevsim5 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  497.821174][ T8002] netdevsim netdevsim5 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  498.060877][   T51] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[  498.070677][   T51] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[  498.079342][   T51] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[  498.088159][   T51] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[  498.095826][   T51] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[  498.303411][ T8002] bridge_slave_1: left allmulticast mode
[  498.333668][ T8002] bridge_slave_1: left promiscuous mode
[  498.353362][ T8002] bridge0: port 2(bridge_slave_1) entered disabled state
[  498.375634][ T8002] bridge_slave_0: left allmulticast mode
[  498.381625][ T8002] bridge_slave_0: left promiscuous mode
[  498.387560][ T8002] bridge0: port 1(bridge_slave_0) entered disabled state
[  498.784368][ T8002] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  498.795247][ T8002] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  498.806064][ T8002] bond0 (unregistering): Released all slaves
[  498.828649][T11839] bridge0: entered promiscuous mode
[  498.858364][T11837] bridge0: left promiscuous mode
[  499.486749][ T8002] hsr_slave_0: left promiscuous mode
[  499.494404][ T8002] hsr_slave_1: left promiscuous mode
[  499.500645][ T8002] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  499.508357][ T8002] batman_adv: batadv0: Removing interface: batadv_slave_0
[  499.518942][ T8002] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  499.526464][ T8002] batman_adv: batadv0: Removing interface: batadv_slave_1
[  499.558982][ T8002] veth1_macvtap: left promiscuous mode
[  499.564805][ T8002] veth0_macvtap: left promiscuous mode
[  499.572130][ T8002] veth1_vlan: left promiscuous mode
[  499.577709][ T8002] veth0_vlan: left promiscuous mode
[  499.738097][ T8002] pim6reg (unregistering): left allmulticast mode
[  500.068883][ T8002] team0 (unregistering): Port device team_slave_1 removed
[  500.132196][ T5848] Bluetooth: hci2: command tx timeout
[  500.491732][T11886] veth0_macvtap: left promiscuous mode
[  500.666188][T11826] chnl_net:caif_netlink_parms(): no params data found
[  501.180902][T11826] bridge0: port 1(bridge_slave_0) entered blocking state
[  501.202054][T11826] bridge0: port 1(bridge_slave_0) entered disabled state
[  501.224545][T11826] bridge_slave_0: entered allmulticast mode
[  501.243964][T11826] bridge_slave_0: entered promiscuous mode
[  501.280492][T11826] bridge0: port 2(bridge_slave_1) entered blocking state
[  501.303865][T11826] bridge0: port 2(bridge_slave_1) entered disabled state
[  501.340874][T11826] bridge_slave_1: entered allmulticast mode
[  501.348853][T11826] bridge_slave_1: entered promiscuous mode
[  501.491096][ T1304] ieee802154 phy1 wpan1: encryption failed: -22
[  501.523620][T11826] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  501.546536][T11826] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  501.569786][T11942] sctp: [Deprecated]: syz.2.1679 (pid 11942) Use of struct sctp_assoc_value in delayed_ack socket option.
[  501.569786][T11942] Use struct sctp_sack_info instead
[  501.798137][T11826] team0: Port device team_slave_0 added
[  501.834828][T11826] team0: Port device team_slave_1 added
[  502.060259][T11826] batman_adv: batadv0: Adding interface: batadv_slave_0
[  502.088501][T11826] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  502.157287][T11826] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  502.170131][T11826] batman_adv: batadv0: Adding interface: batadv_slave_1
[  502.185232][T11826] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  502.216587][T11826] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  502.236657][ T5848] Bluetooth: hci2: command tx timeout
[  502.360025][T11826] hsr_slave_0: entered promiscuous mode
[  502.366682][T11826] hsr_slave_1: entered promiscuous mode
[  502.373799][T11826] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  502.381690][T11826] Cannot create hsr debugfs directory
[  502.850631][T11826] netdevsim netdevsim6 netdevsim0: renamed from eth0
[  502.884150][T11826] netdevsim netdevsim6 netdevsim1: renamed from eth1
[  502.917302][T11826] netdevsim netdevsim6 netdevsim2: renamed from eth2
[  502.938150][T11826] netdevsim netdevsim6 netdevsim3: renamed from eth3
[  503.111021][T11826] 8021q: adding VLAN 0 to HW filter on device bond0
[  503.149593][T11826] 8021q: adding VLAN 0 to HW filter on device team0
[  503.180959][ T8002] bridge0: port 1(bridge_slave_0) entered blocking state
[  503.188285][ T8002] bridge0: port 1(bridge_slave_0) entered forwarding state
[  503.233993][ T8002] bridge0: port 2(bridge_slave_1) entered blocking state
[  503.241240][ T8002] bridge0: port 2(bridge_slave_1) entered forwarding state
[  503.642399][T11826] 8021q: adding VLAN 0 to HW filter on device batadv0
[  504.241197][T11826] veth0_vlan: entered promiscuous mode
[  504.287400][ T5848] Bluetooth: hci2: command tx timeout
[  504.345448][T11826] veth1_vlan: entered promiscuous mode
[  504.429118][T11826] veth0_macvtap: entered promiscuous mode
[  504.444608][T11826] veth1_macvtap: entered promiscuous mode
[  504.484486][T11826] batman_adv: batadv0: Interface activated: batadv_slave_0
[  504.497111][ T5954] usb 5-1: new low-speed USB device number 39 using dummy_hcd
[  504.518465][T11826] batman_adv: batadv0: Interface activated: batadv_slave_1
[  504.542544][T11826] netdevsim netdevsim6 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  504.564233][T11826] netdevsim netdevsim6 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  504.581904][T11826] netdevsim netdevsim6 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  504.608975][T11826] netdevsim netdevsim6 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  504.621692][T12081] trusted_key: encrypted_key: hex blob is missing
[  504.770194][ T5954] usb 5-1: device descriptor read/64, error -71
[  504.956443][ T3523] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  504.978675][ T3523] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  505.058559][ T5954] usb 5-1: new low-speed USB device number 40 using dummy_hcd
[  505.154164][ T3567] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  505.173800][ T3567] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  505.267124][ T5954] usb 5-1: device descriptor read/64, error -71
[  505.399861][ T5954] usb usb5-port1: attempt power cycle
[  505.797298][ T5954] usb 5-1: new low-speed USB device number 41 using dummy_hcd
[  505.837937][ T5954] usb 5-1: device descriptor read/8, error -71
[  506.157217][ T5954] usb 5-1: new low-speed USB device number 42 using dummy_hcd
[  506.199912][ T5954] usb 5-1: device descriptor read/8, error -71
[  506.367558][ T5848] Bluetooth: hci2: command tx timeout
[  506.747132][ T5954] usb usb5-port1: unable to enumerate USB device
[  507.397265][T12119] netlink: 'syz.4.1746': attribute type 2 has an invalid length.
[  508.375429][   T30] kauditd_printk_skb: 33 callbacks suppressed
[  508.375447][   T30] audit: type=1326 audit(1754226903.999:2332): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12131 comm="syz.2.1754" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f01dfd8eb69 code=0x0
[  509.761854][T12146] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  511.107066][   T30] audit: type=1326 audit(1754226906.319:2333): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12149 comm="syz.2.1760" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f01dfd8eb69 code=0x0
[  512.371314][ T5985] usb 7-1: new full-speed USB device number 2 using dummy_hcd
[  513.240392][ T5985] usb 7-1: config 0 has an invalid interface number: 133 but max is 0
[  513.294393][ T5985] usb 7-1: config 0 has no interface number 0
[  513.600815][ T5985] usb 7-1: New USB device found, idVendor=06cd, idProduct=0121, bcdDevice=dd.3d
[  513.614042][ T5985] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  513.623918][ T5985] usb 7-1: Product: syz
[  513.629926][ T5985] usb 7-1: Manufacturer: syz
[  513.634564][ T5985] usb 7-1: SerialNumber: syz
[  513.644576][ T5985] usb 7-1: config 0 descriptor??
[  514.191898][ T5985] keyspan 7-1:0.133: Keyspan 1 port adapter converter detected
[  514.334682][ T5985] keyspan 7-1:0.133: found no endpoint descriptor for endpoint 81
[  514.413790][ T5985] keyspan 7-1:0.133: found no endpoint descriptor for endpoint 1
[  514.989265][ T5985] keyspan 7-1:0.133: found no endpoint descriptor for endpoint 2
[  515.030853][ T5985] usb 7-1: Keyspan 1 port adapter converter now attached to ttyUSB0
[  515.068408][ T5985] usb 7-1: USB disconnect, device number 2
[  515.144393][ T5985] keyspan_1 ttyUSB0: Keyspan 1 port adapter converter now disconnected from ttyUSB0
[  515.159661][ T5985] keyspan 7-1:0.133: device disconnected
[  515.906314][T12208] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  516.487540][T10522] usb 5-1: new full-speed USB device number 43 using dummy_hcd
[  516.687887][T12216] i: entered promiscuous mode
[  517.221053][T10522] usb 5-1: not running at top speed; connect to a high speed hub
[  517.256406][T10522] usb 5-1: config 1 has 2 interfaces, different from the descriptor's value: 3
[  517.277001][T10522] usb 5-1: config 1 has no interface number 1
[  517.289813][T10522] usb 5-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 0
[  517.360214][T10522] usb 5-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  517.375734][T10522] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  517.386517][T12221] netlink: 80 bytes leftover after parsing attributes in process `syz.3.1784'.
[  517.401618][T10522] usb 5-1: Product: syz
[  517.405817][T10522] usb 5-1: Manufacturer: syz
[  517.504495][T10522] usb 5-1: SerialNumber: syz
[  517.811605][T10522] usb 5-1: failed to enable PITCH for EP 0x82
[  517.924719][T10522] usb 5-1: USB disconnect, device number 43
[  520.131784][T12261] IPVS: lblc: UDP 224.0.0.2:0 - no destination available
[  520.618967][T12266] tipc: Failed to obtain node identity
[  520.664787][T12266] tipc: Enabling of bearer <ib:vlan0> rejected, failed to enable media
[  521.015792][T12275] dummy0: entered allmulticast mode
[  521.022038][T12275] dummy0: left allmulticast mode
[  522.237726][T12296] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=2142054965 (4284109930 ns) > initial count (2850433972 ns). Using initial count to start timer.
[  522.601667][ T5921] usb 3-1: new high-speed USB device number 41 using dummy_hcd
[  524.428507][   T30] audit: type=1326 audit(1754226920.029:2334): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12299 comm="syz.0.1814" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f500118eb69 code=0x7ff00000
[  524.451036][   T30] audit: type=1326 audit(1754226920.029:2335): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12299 comm="syz.0.1814" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f500118eb69 code=0x7ff00000
[  524.482644][   T30] audit: type=1326 audit(1754226920.029:2336): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12299 comm="syz.0.1814" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f500118eb69 code=0x7ff00000
[  524.507233][   T30] audit: type=1326 audit(1754226920.029:2337): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12299 comm="syz.0.1814" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f500118eb69 code=0x7ff00000
[  524.529844][ T5921] usb 3-1: Using ep0 maxpacket: 8
[  524.536125][   T30] audit: type=1326 audit(1754226920.029:2338): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12299 comm="syz.0.1814" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f500118eb69 code=0x7ff00000
[  524.565269][ T5921] usb 3-1: New USB device found, idVendor=04a5, idProduct=3003, bcdDevice=44.b2
[  524.574824][ T5921] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  524.594006][   T30] audit: type=1326 audit(1754226920.029:2339): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12299 comm="syz.0.1814" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f500118eb69 code=0x7ff00000
[  524.618729][ T5921] usb 3-1: Product: syz
[  524.622958][ T5921] usb 3-1: Manufacturer: syz
[  524.652852][ T5921] usb 3-1: SerialNumber: syz
[  524.696466][   T30] audit: type=1326 audit(1754226920.029:2340): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12299 comm="syz.0.1814" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f500118eb69 code=0x7ff00000
[  524.719174][ T5921] usb 3-1: config 0 descriptor??
[  524.750002][   T30] audit: type=1326 audit(1754226920.029:2341): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12299 comm="syz.0.1814" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f500118eb69 code=0x7ff00000
[  524.796786][   T30] audit: type=1326 audit(1754226920.029:2342): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12299 comm="syz.0.1814" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f500118eb69 code=0x7ff00000
[  524.842211][   T30] audit: type=1326 audit(1754226920.029:2343): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12299 comm="syz.0.1814" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f500118eb69 code=0x7ff00000
[  525.387456][ T5921] gspca_main: sunplus-2.14.0 probing 04a5:3003
[  525.603271][ T5921] gspca_sunplus: reg_w_riv err -71
[  525.612523][ T5921] sunplus 3-1:0.0: probe with driver sunplus failed with error -71
[  525.870696][ T5921] usb 3-1: USB disconnect, device number 41
[  527.486060][T10522] usb 7-1: new high-speed USB device number 3 using dummy_hcd
[  528.798094][T10522] usb 7-1: config 0 interface 0 altsetting 251 endpoint 0x9 has invalid wMaxPacketSize 0
[  529.294131][T10522] usb 7-1: config 0 interface 0 has no altsetting 0
[  529.599224][T10522] usb 7-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b
[  530.049535][T10522] usb 7-1: New USB device strings: Mfr=1, Product=228, SerialNumber=2
[  530.103049][T10522] usb 7-1: Product: syz
[  530.177001][T10522] usb 7-1: Manufacturer: syz
[  530.181828][T10522] usb 7-1: SerialNumber: syz
[  530.220354][T10522] usb 7-1: config 0 descriptor??
[  530.307756][T10522] usb 7-1: can't set config #0, error -71
[  530.360117][T10522] usb 7-1: USB disconnect, device number 3
[  531.690177][T12383] trusted_key: encrypted_key: insufficient parameters specified
[  533.165419][T12387] pimreg: entered allmulticast mode
[  536.028228][ T5985] usb 5-1: new high-speed USB device number 44 using dummy_hcd
[  536.215879][ T5985] usb 5-1: Using ep0 maxpacket: 32
[  536.294377][ T5985] usb 5-1: config 0 has an invalid interface number: 161 but max is 0
[  536.326364][ T5985] usb 5-1: config 0 has no interface number 0
[  536.379181][ T5985] usb 5-1: config 0 interface 161 has no altsetting 0
[  536.459347][ T5985] usb 5-1: New USB device found, idVendor=04e2, idProduct=1402, bcdDevice=9f.1d
[  536.486971][ T5985] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  536.515451][ T5985] usb 5-1: Product: syz
[  536.519821][ T5985] usb 5-1: Manufacturer: syz
[  536.541368][ T5985] usb 5-1: SerialNumber: syz
[  536.569723][ T5985] usb 5-1: config 0 descriptor??
[  540.384660][T12443] kAFS: No cell specified
[  541.326138][  T978] usb 5-1: USB disconnect, device number 44
[  541.638857][T12450] overlayfs: failed to clone upperpath
[  541.743778][T12453] evm: overlay not supported
[  542.932351][T12473] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1867'.
[  545.376232][ T5832] usb 7-1: new high-speed USB device number 4 using dummy_hcd
[  545.597008][ T5832] usb 7-1: Using ep0 maxpacket: 8
[  545.630720][ T5832] usb 7-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  545.677434][ T5832] usb 7-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  545.738325][ T5832] usb 7-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  545.776159][ T5832] usb 7-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  545.855394][ T5832] usb 7-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  545.896112][ T5832] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  546.185504][ T5832] usb 7-1: usb_control_msg returned -71
[  546.217300][ T5832] usbtmc 7-1:16.0: can't read capabilities
[  546.263189][ T5832] usb 7-1: USB disconnect, device number 4
[  549.014044][T12531] ==================================================================
[  549.022181][T12531] BUG: KASAN: slab-use-after-free in _raw_spin_lock_irqsave+0xa7/0xf0
[  549.030388][T12531] Read of size 1 at addr ffff888025214cb0 by task syz.6.1884/12531
[  549.038292][T12531] 
[  549.040643][T12531] CPU: 1 UID: 0 PID: 12531 Comm: syz.6.1884 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) 
[  549.040672][T12531] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  549.040693][T12531] Call Trace:
[  549.040704][T12531]  <TASK>
[  549.040715][T12531]  dump_stack_lvl+0x189/0x250
[  549.040743][T12531]  ? rcu_is_watching+0x15/0xb0
[  549.040766][T12531]  ? __kasan_check_byte+0x12/0x40
[  549.040791][T12531]  ? __pfx_dump_stack_lvl+0x10/0x10
[  549.040815][T12531]  ? rcu_is_watching+0x15/0xb0
[  549.040840][T12531]  ? lock_release+0x4b/0x3e0
[  549.040864][T12531]  ? __virt_addr_valid+0x1c8/0x5c0
[  549.040892][T12531]  ? __virt_addr_valid+0x4a5/0x5c0
[  549.040922][T12531]  print_report+0xca/0x240
[  549.040956][T12531]  ? _raw_spin_lock_irqsave+0xa7/0xf0
[  549.040993][T12531]  kasan_report+0x118/0x150
[  549.041017][T12531]  ? _raw_spin_lock_irqsave+0xa7/0xf0
[  549.041058][T12531]  ? remove_wait_queue+0x24/0x120
[  549.041090][T12531]  __kasan_check_byte+0x2a/0x40
[  549.041112][T12531]  lock_acquire+0x8d/0x360
[  549.041133][T12531]  ? __pfx_do_raw_spin_lock+0x10/0x10
[  549.041170][T12531]  _raw_spin_lock_irqsave+0xa7/0xf0
[  549.041205][T12531]  ? remove_wait_queue+0x24/0x120
[  549.041236][T12531]  ? __pfx__raw_spin_lock_irqsave+0x10/0x10
[  549.041274][T12531]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  549.041311][T12531]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  549.041352][T12531]  remove_wait_queue+0x24/0x120
[  549.041387][T12531]  poll_freewait+0xb1/0x240
[  549.041411][T12531]  do_select+0x172f/0x17e0
[  549.041438][T12531]  ? do_select+0xbb1/0x17e0
[  549.041473][T12531]  ? __pfx_do_select+0x10/0x10
[  549.041497][T12531]  ? _raw_spin_unlock_irqrestore+0x85/0x110
[  549.041534][T12531]  ? lockdep_hardirqs_on+0x9c/0x150
[  549.041577][T12531]  ? __pfx_pollwake+0x10/0x10
[  549.041602][T12531]  ? __pfx_pollwake+0x10/0x10
[  549.041626][T12531]  ? __pfx_pollwake+0x10/0x10
[  549.041651][T12531]  ? __pfx_pollwake+0x10/0x10
[  549.041675][T12531]  ? __pfx_pollwake+0x10/0x10
[  549.041707][T12531]  ? __pfx_pollwake+0x10/0x10
[  549.041731][T12531]  ? __pfx_pollwake+0x10/0x10
[  549.041756][T12531]  ? __pfx_pollwake+0x10/0x10
[  549.041781][T12531]  ? __pfx_pollwake+0x10/0x10
[  549.041818][T12531]  core_sys_select+0x6dd/0xa20
[  549.041846][T12531]  ? __pfx_core_sys_select+0x10/0x10
[  549.041882][T12531]  ? __pfx_set_user_sigmask+0x10/0x10
[  549.041906][T12531]  ? kmem_cache_free+0x18f/0x400
[  549.041933][T12531]  __se_sys_pselect6+0x27a/0x300
[  549.041959][T12531]  ? __pfx___se_sys_pselect6+0x10/0x10
[  549.041983][T12531]  ? rcu_is_watching+0x15/0xb0
[  549.042009][T12531]  ? __x64_sys_pselect6+0x21/0xf0
[  549.042033][T12531]  do_syscall_64+0xfa/0x3b0
[  549.042075][T12531]  ? lockdep_hardirqs_on+0x9c/0x150
[  549.042098][T12531]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  549.042121][T12531]  ? clear_bhb_loop+0x60/0xb0
[  549.042147][T12531]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  549.042170][T12531] RIP: 0033:0x7f2c7eb8eb69
[  549.042189][T12531] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  549.042209][T12531] RSP: 002b:00007f2c7fa29038 EFLAGS: 00000246 ORIG_RAX: 000000000000010e
[  549.042232][T12531] RAX: ffffffffffffffda RBX: 00007f2c7edb6080 RCX: 00007f2c7eb8eb69
[  549.042249][T12531] RDX: 0000000000000000 RSI: 0000200000000280 RDI: 0000000000000040
[  549.042264][T12531] RBP: 00007f2c7ec11df1 R08: 0000000000000000 R09: 0000000000000000
[  549.042278][T12531] R10: 0000200000000180 R11: 0000000000000246 R12: 0000000000000000
[  549.042293][T12531] R13: 0000000000000000 R14: 00007f2c7edb6080 R15: 00007ffe4f7fe478
[  549.042319][T12531]  </TASK>
[  549.042327][T12531] 
[  549.395885][T12531] Allocated by task 8562:
[  549.400224][T12531]  kasan_save_track+0x3e/0x80
[  549.404930][T12531]  __kasan_kmalloc+0x93/0xb0
[  549.409558][T12531]  __kmalloc_cache_noprof+0x230/0x3d0
[  549.414933][T12531]  comedi_device_postconfig+0x4a8/0xc90
[  549.420491][T12531]  comedi_device_attach+0x53a/0x670
[  549.425700][T12531]  comedi_unlocked_ioctl+0x686/0xfc0
[  549.430983][T12531]  __se_sys_ioctl+0xfc/0x170
[  549.435585][T12531]  do_syscall_64+0xfa/0x3b0
[  549.440097][T12531]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  549.445995][T12531] 
[  549.448316][T12531] Freed by task 12532:
[  549.452383][T12531]  kasan_save_track+0x3e/0x80
[  549.457080][T12531]  kasan_save_free_info+0x46/0x50
[  549.462118][T12531]  __kasan_slab_free+0x62/0x70
[  549.466890][T12531]  kfree+0x18e/0x440
[  549.470802][T12531]  comedi_device_detach+0x372/0x720
[  549.476019][T12531]  comedi_unlocked_ioctl+0xbd2/0xfc0
[  549.481312][T12531]  __se_sys_ioctl+0xfc/0x170
[  549.485919][T12531]  do_syscall_64+0xfa/0x3b0
[  549.490438][T12531]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  549.496337][T12531] 
[  549.498670][T12531] The buggy address belongs to the object at ffff888025214c00
[  549.498670][T12531]  which belongs to the cache kmalloc-256 of size 256
[  549.512733][T12531] The buggy address is located 176 bytes inside of
[  549.512733][T12531]  freed 256-byte region [ffff888025214c00, ffff888025214d00)
[  549.526554][T12531] 
[  549.528883][T12531] The buggy address belongs to the physical page:
[  549.535298][T12531] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x25214
[  549.544058][T12531] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[  549.552558][T12531] anon flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff)
[  549.560555][T12531] page_type: f5(slab)
[  549.564553][T12531] raw: 00fff00000000040 ffff88801a441b40 0000000000000000 dead000000000001
[  549.573149][T12531] raw: 0000000000000000 0000000000100010 00000000f5000000 0000000000000000
[  549.581742][T12531] head: 00fff00000000040 ffff88801a441b40 0000000000000000 dead000000000001
[  549.590413][T12531] head: 0000000000000000 0000000000100010 00000000f5000000 0000000000000000
[  549.599088][T12531] head: 00fff00000000001 ffffea0000948501 00000000ffffffff 00000000ffffffff
[  549.607763][T12531] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[  549.616433][T12531] page dumped because: kasan: bad access detected
[  549.622845][T12531] page_owner tracks the page as allocated
[  549.628583][T12531] page last allocated via order 1, migratetype Unmovable, gfp_mask 0xd2040(__GFP_IO|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 26, tgid 26 (kdevtmpfs), ts 9526061384, free_ts 0
[  549.647610][T12531]  post_alloc_hook+0x240/0x2a0
[  549.652403][T12531]  get_page_from_freelist+0x21d5/0x22b0
[  549.657976][T12531]  __alloc_frozen_pages_noprof+0x181/0x370
[  549.663802][T12531]  alloc_pages_mpol+0x232/0x4a0
[  549.668661][T12531]  allocate_slab+0x8a/0x3b0
[  549.673187][T12531]  ___slab_alloc+0xbfc/0x1480
[  549.677886][T12531]  __kmalloc_noprof+0x305/0x4f0
[  549.682743][T12531]  security_inode_init_security+0x107/0x3f0
[  549.688661][T12531]  shmem_mknod+0x1f6/0x3e0
[  549.693088][T12531]  vfs_mknod+0x37c/0x3c0
[  549.697352][T12531]  devtmpfs_work_loop+0x98b/0xd20
[  549.702391][T12531]  devtmpfsd+0x4d/0x50
[  549.706486][T12531]  kthread+0x70e/0x8a0
[  549.710574][T12531]  ret_from_fork+0x3fc/0x770
[  549.715170][T12531]  ret_from_fork_asm+0x1a/0x30
[  549.719946][T12531] page_owner free stack trace missing
[  549.725314][T12531] 
[  549.727645][T12531] Memory state around the buggy address:
[  549.733284][T12531]  ffff888025214b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  549.741356][T12531]  ffff888025214c00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  549.749427][T12531] >ffff888025214c80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  549.757510][T12531]                                      ^
[  549.763144][T12531]  ffff888025214d00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  549.771212][T12531]  ffff888025214d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  549.779315][T12531] ==================================================================
[  549.787415][T12531] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[  549.794626][T12531] CPU: 1 UID: 0 PID: 12531 Comm: syz.6.1884 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) 
[  549.804606][T12531] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  549.814675][T12531] Call Trace:
[  549.817967][T12531]  <TASK>
[  549.820906][T12531]  dump_stack_lvl+0x99/0x250
[  549.825609][T12531]  ? __asan_memcpy+0x40/0x70
[  549.830215][T12531]  ? __pfx_dump_stack_lvl+0x10/0x10
[  549.835432][T12531]  ? __pfx__printk+0x10/0x10
[  549.840036][T12531]  panic+0x2db/0x790
[  549.843936][T12531]  ? __pfx_panic+0x10/0x10
[  549.848366][T12531]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  549.854290][T12531]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  549.860673][T12531]  ? print_memory_metadata+0x314/0x400
[  549.866187][T12531]  ? _raw_spin_lock_irqsave+0xa7/0xf0
[  549.871587][T12531]  check_panic_on_warn+0x89/0xb0
[  549.876550][T12531]  ? _raw_spin_lock_irqsave+0xa7/0xf0
[  549.881940][T12531]  end_report+0x78/0x160
[  549.886184][T12531]  kasan_report+0x129/0x150
[  549.890694][T12531]  ? _raw_spin_lock_irqsave+0xa7/0xf0
[  549.896091][T12531]  ? remove_wait_queue+0x24/0x120
[  549.901165][T12531]  __kasan_check_byte+0x2a/0x40
[  549.906030][T12531]  lock_acquire+0x8d/0x360
[  549.910463][T12531]  ? __pfx_do_raw_spin_lock+0x10/0x10
[  549.915855][T12531]  _raw_spin_lock_irqsave+0xa7/0xf0
[  549.921072][T12531]  ? remove_wait_queue+0x24/0x120
[  549.926118][T12531]  ? __pfx__raw_spin_lock_irqsave+0x10/0x10
[  549.932031][T12531]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  549.937968][T12531]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  549.944314][T12531]  remove_wait_queue+0x24/0x120
[  549.949186][T12531]  poll_freewait+0xb1/0x240
[  549.953705][T12531]  do_select+0x172f/0x17e0
[  549.958134][T12531]  ? do_select+0xbb1/0x17e0
[  549.962655][T12531]  ? __pfx_do_select+0x10/0x10
[  549.967434][T12531]  ? _raw_spin_unlock_irqrestore+0x85/0x110
[  549.973360][T12531]  ? lockdep_hardirqs_on+0x9c/0x150
[  549.978591][T12531]  ? __pfx_pollwake+0x10/0x10
[  549.983315][T12531]  ? __pfx_pollwake+0x10/0x10
[  549.988001][T12531]  ? __pfx_pollwake+0x10/0x10
[  549.992686][T12531]  ? __pfx_pollwake+0x10/0x10
[  549.997380][T12531]  ? __pfx_pollwake+0x10/0x10
[  550.002085][T12531]  ? __pfx_pollwake+0x10/0x10
[  550.006774][T12531]  ? __pfx_pollwake+0x10/0x10
[  550.011458][T12531]  ? __pfx_pollwake+0x10/0x10
[  550.016145][T12531]  ? __pfx_pollwake+0x10/0x10
[  550.020846][T12531]  core_sys_select+0x6dd/0xa20
[  550.025632][T12531]  ? __pfx_core_sys_select+0x10/0x10
[  550.030934][T12531]  ? __pfx_set_user_sigmask+0x10/0x10
[  550.036339][T12531]  ? kmem_cache_free+0x18f/0x400
[  550.041311][T12531]  __se_sys_pselect6+0x27a/0x300
[  550.046284][T12531]  ? __pfx___se_sys_pselect6+0x10/0x10
[  550.051857][T12531]  ? rcu_is_watching+0x15/0xb0
[  550.056638][T12531]  ? __x64_sys_pselect6+0x21/0xf0
[  550.061669][T12531]  do_syscall_64+0xfa/0x3b0
[  550.066178][T12531]  ? lockdep_hardirqs_on+0x9c/0x150
[  550.071389][T12531]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  550.077466][T12531]  ? clear_bhb_loop+0x60/0xb0
[  550.082153][T12531]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  550.088061][T12531] RIP: 0033:0x7f2c7eb8eb69
[  550.092487][T12531] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  550.112208][T12531] RSP: 002b:00007f2c7fa29038 EFLAGS: 00000246 ORIG_RAX: 000000000000010e
[  550.120650][T12531] RAX: ffffffffffffffda RBX: 00007f2c7edb6080 RCX: 00007f2c7eb8eb69
[  550.128638][T12531] RDX: 0000000000000000 RSI: 0000200000000280 RDI: 0000000000000040
[  550.136633][T12531] RBP: 00007f2c7ec11df1 R08: 0000000000000000 R09: 0000000000000000
[  550.144616][T12531] R10: 0000200000000180 R11: 0000000000000246 R12: 0000000000000000
[  550.152619][T12531] R13: 0000000000000000 R14: 00007f2c7edb6080 R15: 00007ffe4f7fe478
[  550.160626][T12531]  </TASK>
[  550.163953][T12531] Kernel Offset: disabled
[  550.168291][T12531] Rebooting in 86400 seconds..