last executing test programs:

9.09585673s ago: executing program 3 (id=7216):
socket$inet_sctp(0x2, 0x5, 0x84)
r0 = socket$inet6_sctp(0xa, 0x5, 0x84)
getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r0, 0x84, 0x1d, 0x0, &(0x7f0000000100)=0xfffffffffffffe39)
socket$can_raw(0x1d, 0x3, 0x1)
socket$alg(0x26, 0x5, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
socket$nl_generic(0x10, 0x3, 0x10)
socket$vsock_stream(0x28, 0x1, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
setsockopt$SO_ATTACH_FILTER(r2, 0x1, 0x1a, &(0x7f0000000040)={0x3, &(0x7f0000000140)=[{0x20, 0x0, 0x0, 0xfffff010}, {0x5, 0x0, 0x0, 0x80000000}, {0x6}]}, 0x10)
writev(r1, &(0x7f00000001c0)=[{&(0x7f0000000240)="9a582215a09d", 0x589a}], 0x1)
syz_genetlink_get_family_id$ethtool(&(0x7f00000000c0), 0xffffffffffffffff)
r3 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000002540), 0x2, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r3, &(0x7f0000000140)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000040)={<r4=>0xffffffffffffffff}, 0x106}}, 0x20)
write$RDMA_USER_CM_CMD_QUERY(r3, &(0x7f0000000000)={0x13, 0x10, 0xfa00, {&(0x7f00000003c0), r4, 0x2}}, 0x18)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x20a, 0x1ffe0000000}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r5 = getpid()
sched_setscheduler(r5, 0x2, &(0x7f0000000200)=0x6)
r6 = openat$cgroup_int(0xffffffffffffffff, 0x0, 0x2, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000280)={<r7=>0xffffffffffffffff, <r8=>0xffffffffffffffff})
connect$unix(r7, &(0x7f000057eff8)=@abs, 0x6e)
syslog(0x2, &(0x7f0000000640), 0x0)
sendmmsg$unix(r8, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r7, &(0x7f0000008d80)=[{{&(0x7f0000000340)=@pppol2tpin6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @private0}}}, 0x80, &(0x7f00000002c0)=[{&(0x7f00000005c0)=""/69, 0x45}, {&(0x7f0000000640)=""/103, 0x67}, {&(0x7f00000006c0)=""/191, 0xbf}, {&(0x7f0000000180)=""/63, 0x3f}], 0x4, &(0x7f0000000780)=""/160, 0xa0}, 0x57}, {{&(0x7f0000000840)=@un=@abs, 0x80, &(0x7f0000000900)=[{&(0x7f00000008c0)=""/19, 0x13}], 0x1, &(0x7f0000000940)=""/4096, 0x1000}, 0x7ff}, {{&(0x7f0000001940)=@caif=@rfm, 0x80, &(0x7f0000001a80)=[{&(0x7f0000002580)=""/4096, 0x1000}, {&(0x7f00000019c0)=""/171, 0xab}], 0x2}, 0xff}, {{0x0, 0x0, &(0x7f0000001c80)=[{&(0x7f0000001ac0)=""/78, 0x4e}, {&(0x7f0000001b40)=""/177, 0xb1}, {&(0x7f0000001c00)=""/114, 0x72}], 0x3, &(0x7f0000009000)=""/60, 0x3c}, 0x10}, {{&(0x7f0000001d00)=@llc={0x1a, 0x0, 0x0, 0x0, 0x0, 0x0, @dev}, 0x80, &(0x7f0000001e00)=[{&(0x7f0000001d80)=""/77, 0x4d}], 0x1, &(0x7f0000001e40)=""/123, 0x7b}, 0xf24b}, {{0x0, 0x0, &(0x7f0000001f00)=[{&(0x7f0000001ec0)=""/61, 0x3d}, {&(0x7f0000003580)=""/4096, 0x1000}], 0x2, &(0x7f0000001f40)=""/185, 0xb9}, 0x3}, {{&(0x7f0000002000)=@l2tp6={0xa, 0x0, 0x0, @initdev}, 0x80, &(0x7f0000002080)=[{&(0x7f0000004580)=""/4096, 0x1000}], 0x1, &(0x7f00000020c0)=""/114, 0x72}, 0xb}, {{&(0x7f0000002140)=@l2, 0x80, &(0x7f0000002400)=[{&(0x7f00000021c0)=""/76, 0x4c}, {&(0x7f0000005580)=""/4096, 0x1000}, {&(0x7f0000002240)=""/37, 0x25}, {&(0x7f0000002280)=""/163, 0xa3}, {&(0x7f0000002340)=""/35, 0x23}, {&(0x7f0000002380)=""/13, 0xd}, {&(0x7f00000023c0)=""/62, 0x3e}], 0x7}, 0x8}, {{&(0x7f0000002480)=@nfc_llcp, 0x80, &(0x7f0000002500)=[{&(0x7f0000006580)=""/4096, 0x1000}], 0x1, &(0x7f0000001cc0)=""/35, 0x23}, 0x7fffffff}, {{&(0x7f00000075c0)=@l2tp={0x2, 0x0, @multicast1}, 0x80, &(0x7f0000008cc0)=[{&(0x7f0000007640)=""/4096, 0x1000}, {&(0x7f0000008640)=""/74, 0x4a}, {&(0x7f00000086c0)=""/246, 0xf6}, {&(0x7f00000087c0)=""/203, 0xcb}, {&(0x7f00000088c0)=""/126, 0x7e}, {&(0x7f0000008940)=""/127, 0x7f}, {&(0x7f00000089c0)=""/163, 0xa3}, {&(0x7f0000008a80)=""/214, 0xd6}, {&(0x7f0000008b80)=""/223, 0xdf}, {&(0x7f0000008c80)=""/10, 0xa}], 0xa}, 0x5}], 0xa, 0x2, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r6, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000280)=ANY=[], 0x38}, 0x1, 0x0, 0x0, 0x4008018}, 0x8001)
bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB], 0x50)

8.804027262s ago: executing program 2 (id=7219):
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r0, 0x6, 0x210000000013, &(0x7f00000000c0)=0x100000001, 0x4)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000180)={'wlan0\x00', <r2=>0x0})
r3 = syz_genetlink_get_family_id$nl80211(&(0x7f00000002c0), r1)
sendmsg$NL80211_CMD_SET_QOS_MAP(r1, &(0x7f0000000980)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000000)=ANY=[@ANYBLOB='4\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="010025bd7000fddbdf256800000008000300", @ANYRES32=r2, @ANYBLOB="1600c70001c0"], 0x34}, 0x1, 0x0, 0x0, 0x4}, 0x40)
bind$inet(r0, &(0x7f0000000280)={0x2, 0x4e21, @multicast1}, 0x10)
r4 = fanotify_init(0x200, 0x0)
fanotify_mark(r4, 0x80, 0x4800003e, 0xffffffffffffffff, 0x0)
connect$inet(r0, &(0x7f0000000180)={0x2, 0x4e21, @local}, 0x10)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r0, 0x8933, 0x0)
setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000100)='illinois\x00', 0x9)
setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r0, 0x6, 0x16, &(0x7f0000000000)=[@mss, @timestamp, @window={0x3, 0x7}, @mss={0x2, 0xfff}, @window={0x3, 0x0, 0x401}, @timestamp], 0x6)
setsockopt$inet_tcp_TCP_REPAIR(r0, 0x6, 0x13, &(0x7f00000001c0)=0xffffffffffffffff, 0x4)
socket$nl_route(0x10, 0x3, 0x0)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
r6 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000140), 0xffffffffffffffff)
r7 = socket$inet6(0xa, 0x5, 0x0)
setsockopt$sock_int(r7, 0x1, 0x4000000000000002, &(0x7f0000fee000)=0x3fa, 0x4)
bind$inet6(r7, &(0x7f0000000140)={0xa, 0x4e20, 0x0, @ipv4={'\x00', '\xff\xff', @local}}, 0x1c)
connect$inet6(r7, &(0x7f0000000240)={0xa, 0x4e22, 0x0, @private1}, 0x1c)
r8 = socket$inet6(0xa, 0x5, 0x0)
setsockopt$sock_int(r8, 0x1, 0x4000000000000002, &(0x7f0000fee000)=0x3fa, 0x4)
bind$inet6(r8, &(0x7f0000000140)={0xa, 0x4e20, 0x0, @ipv4={'\x00', '\xff\xff', @local}}, 0x1c)
connect$inet6(r8, &(0x7f0000000240)={0xa, 0x4e22, 0x0, @private1}, 0x1c)
sendmsg$NL80211_CMD_SET_COALESCE(r5, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000b00)={&(0x7f0000000240)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYRES16=r6, @ANYBLOB="010000000000000000000200000008000300", @ANYBLOB='\b\x00%'], 0x3c}, 0x1, 0x0, 0x0, 0x7000000}, 0x0)
r9 = syz_clone(0x100411, 0x0, 0x0, 0x0, 0x0, 0x0)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000400)={0x1, &(0x7f0000000040)=[{0x200000000006, 0x0, 0x0, 0x7ffc0002}]})
wait4(r9, 0x0, 0x20000000, 0x0)
socket$nl_route(0x10, 0x3, 0x0)

7.947165431s ago: executing program 2 (id=7223):
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000200)={0xffffffffffffffff, 0x0, 0x1, 0x0, &(0x7f0000000440)='\\', 0x0, 0x4000, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)
r0 = syz_io_uring_setup(0x10d2, &(0x7f0000000480)={0x0, 0x7737, 0x8, 0x3, 0x32}, &(0x7f00000000c0)=<r1=>0x0, &(0x7f0000000280)=<r2=>0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x7)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4)
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5)
syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_POLL_REMOVE={0x7, 0x50, 0x0, 0x0, 0x0, 0x1})
io_uring_enter(r0, 0x47bc, 0x0, 0x0, 0x0, 0x0)

7.85721923s ago: executing program 3 (id=7224):
r0 = socket$inet_sctp(0x2, 0x1, 0x84)
sendto$inet(r0, &(0x7f0000000140)='^', 0x34000, 0x0, &(0x7f0000004ff0)={0x2, 0x0, @rand_addr=0xfffffffffffffffe}, 0x10)
listen(r0, 0xda90)
setsockopt$inet_opts(r0, 0x0, 0x4, 0x0, 0x0)
r1 = accept4(r0, 0x0, 0x0, 0x0)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000100)={'wlan0\x00', <r2=>0x0})
sendmsg$NL80211_CMD_FRAME(0xffffffffffffffff, &(0x7f0000000240)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x200000}, 0xc, &(0x7f00000001c0)={&(0x7f0000000180)={0x2c, 0x0, 0x300, 0x70bd29, 0x25dfdbfc, {{}, {@val={0x8, 0x3, r2}, @val={0xc, 0x99, {0x80000000, 0x31}}}}, [@NL80211_ATTR_OFFCHANNEL_TX_OK={0x4}]}, 0x2c}, 0x1, 0x0, 0x0, 0x4000000}, 0x4048000)
r3 = epoll_create1(0x0)
socket$inet_icmp_raw(0x2, 0x3, 0x1)
syz_genetlink_get_family_id$ethtool(&(0x7f0000000080), r1)
accept4$phonet_pipe(0xffffffffffffffff, &(0x7f0000000000), &(0x7f0000000040)=0x10, 0x80000)
ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
fcntl$getown(r3, 0x9)

7.795335483s ago: executing program 2 (id=7225):
r0 = syz_open_dev$evdev(&(0x7f0000000080), 0x2, 0x842)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r1}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
getpid()
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000180)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
socket$caif_stream(0x25, 0x1, 0x1)
r4 = openat$udambuf(0xffffffffffffff9c, &(0x7f0000000000), 0x2)
r5 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r5, &(0x7f00000002c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc(twofish)\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r5, 0x117, 0x1, &(0x7f0000000440)='\x00'/16, 0x10)
r6 = accept4(r5, 0x0, 0x0, 0x0)
syz_genetlink_get_family_id$tipc2(&(0x7f00000000c0), r6)
sendmsg$TIPC_NL_BEARER_ENABLE(r6, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x20000000}, 0x240040c2)
fcntl$addseals(0xffffffffffffffff, 0x409, 0x7)
ioctl$UDMABUF_CREATE(r4, 0x40187542, &(0x7f0000000100)={0xffffffffffffffff, 0x0, 0x0, 0x1000})
syz_genetlink_get_family_id$tipc2(&(0x7f0000000100), 0xffffffffffffffff)
sendmsg$TIPC_NL_KEY_SET(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000280)=ANY=[], 0x20}, 0x1, 0x0, 0x0, 0x4}, 0x4000004)
sched_setattr(0xffffffffffffffff, &(0x7f0000000040)={0x38, 0x0, 0x10000020, 0x1, 0xfffffff3, 0x4, 0xfffffffffffffff9, 0x8, 0x9, 0xb}, 0x0)
ioctl$EVIOCGBITSND(r0, 0x40044591, 0x0)
r7 = syz_open_procfs(0x0, &(0x7f0000000000)='fd/3\x00')
mount$9p_fd(0x0, &(0x7f0000000340)='.\x00', &(0x7f0000000040), 0x0, &(0x7f0000000380)=ANY=[@ANYBLOB="0200616d733dd4dd753c66642c7266646e6f3d068dbc00000000000000005c8cc95cb613", @ANYRESHEX=r7, @ANYBLOB=',wfdno=', @ANYRESHEX=r0, @ANYBLOB=',\x00'])
bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x1d, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18020000fcff0010000000000000000085000000890000009500000000000000"], &(0x7f0000000280)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x8, '\x00', 0x0, @lsm=0x2b, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)

7.623911369s ago: executing program 0 (id=7226):
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000002080), 0x2, 0x0)
mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f0000002140)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x4000}})
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x11, 0x3, &(0x7f0000000140)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f00000000c0)='syzkaller\x00'}, 0x80)
read$FUSE(r0, &(0x7f00000021c0)={0x2020, 0x0, <r1=>0x0}, 0x2020)
write$FUSE_INIT(r0, &(0x7f0000004200)={0x50, 0x0, r1}, 0x50)
r2 = openat$dir(0xffffffffffffff9c, &(0x7f0000004280)='./file0\x00', 0x1, 0x7c)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)={0x20, 0x33, 0x107, 0x0, 0x0, {0x1, 0x7c}, [@nested={0xc, 0x1, 0x0, 0x1, [@typed={0x6, 0x6, 0x0, 0x0, @str='\x80\n'}]}]}, 0x20}, 0x1, 0x0, 0x0, 0xc091}, 0xc010)
r4 = socket$inet6_udp(0xa, 0x2, 0x0)
setsockopt$inet6_IPV6_RTHDRDSTOPTS(r4, 0x29, 0x37, &(0x7f0000000200)={0x2c}, 0x8)
getsockopt$inet6_opts(r4, 0x29, 0x3b, 0x0, &(0x7f0000000480))
syz_fuse_handle_req(r0, &(0x7f00000042c0), 0x2000, &(0x7f00000062c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000006380)={0x20, 0x0, 0x0, {0x0, 0x8}}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
getdents64(r2, &(0x7f00000063c0)=""/1024, 0x400)
syz_emit_ethernet(0x9e, &(0x7f0000000100)={@local, @local, @val, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "f81fcb", 0x60, 0x3a, 0x0, @private0, @mcast2, {[], @param_prob={0x4, 0x0, 0x0, 0x0, {0x0, 0x6, "4aa1d3", 0x0, 0x0, 0x0, @private1, @ipv4={'\x00', '\xff\xff', @loopback}, [@routing={0x2b, 0x0, 0x2}, @srh={0x0, 0x4, 0x4, 0x2, 0x0, 0x0, 0x0, [@ipv4={'\x00', '\xff\xff', @remote}, @private2={0xfc, 0x2, '\x00', 0x1}]}]}}}}}}}, 0x0)
syz_fuse_handle_req(r0, &(0x7f00000067c0), 0x2000, &(0x7f00000087c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000008880)={0x30, 0x0, 0x0, [{0x0, 0x0, 0x4, 0x0, '#,,-'}]}, 0x0, 0x0, 0x0, 0x0})

6.711381905s ago: executing program 0 (id=7227):
socketpair$unix(0x1, 0x2, 0x0, 0x0)
mount(&(0x7f0000000140)=@nullb, &(0x7f0000000040)='./cgroup\x00', &(0x7f0000000080)='xfs\x00', 0x200093, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
socket$kcm(0x10, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0)
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
ppoll(&(0x7f0000000140), 0x3c, 0x0, 0x0, 0x0)
close(0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, 0x0)
r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
openat$ttyS3(0xffffffffffffff9c, 0x0, 0x0, 0x0)
syz_open_dev$media(0x0, 0x7, 0x1)
socket$inet_tcp(0x2, 0x1, 0x0)
sendmmsg$inet6(0xffffffffffffffff, 0x0, 0x0, 0x48800)
r2 = socket$inet6_sctp(0xa, 0x801, 0x84)
r3 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000480), 0x2, 0x0)
write$FUSE_ATTR(r3, &(0x7f0000002880)={0x78, 0xfffffffffffffffe, 0x0, {0x44c3, 0x81, 0x0, {0x4, 0x4, 0x3, 0xa, 0x9, 0x0, 0xffffffff, 0xffffffff, 0x1, 0xa000, 0x3, 0x0, 0x0, 0x2, 0x8}}}, 0x78)
write$FUSE_NOTIFY_INVAL_ENTRY(r3, &(0x7f0000000340)=ANY=[@ANYBLOB="2100000003000000000000000000000002000000000000000000000000c0018ae6"], 0x21)
sendmmsg$inet6(r2, &(0x7f0000000780)=[{{&(0x7f0000000000)={0xa, 0x4e21, 0x5, @local, 0x1}, 0x1c, &(0x7f0000000100)=[{&(0x7f0000000040)="a4", 0x1}], 0x1}}, {{&(0x7f00000000c0)={0xa, 0x4e22, 0x5, @private0={0xfc, 0x0, '\x00', 0x1}}, 0x1c, &(0x7f00000005c0)=[{0x0}, {&(0x7f0000000900)="302ebc8412cba2186588c2ea645b4a2a1b3b3bc7caf950b9b068cf443dd27b8933c84b2296e61dc1a93d364ab3ee876b70a735ba2277f98a2e1e275f920e3ab6e80ee19c38649df408eb6fbb765b99b718b5b6e1f3a6069aaf906b517a4ceb63cc03dbffbb93f6abf5cb1800b95378677978716a8fffd7cc64a8db46005844", 0x7f}, {&(0x7f0000000a00)="8882d44e2ed1cdb63f5e88c61ea4c08a42bd64d77afde31251ba2184d2deac375669ebc378ac25a8ec6ed604c8773b9ee58d7356788de4fbbf3107779a7cec9a8975cce2d66f0c270709c16972252b7445ccd3cbcb07a6356917e6afefa66d5b843ad3556029e71c77fc8b849eddf6c74b1ab550902b60866e43b68ed18ae33f30781c1683a355c7864042c6a30b61a5c896ab1a0b98d52062979c4b1e83ce200671d1c5ee4ae0922b18f5fc62cf12984b2273", 0xb3}, {&(0x7f0000000ac0)="4d98228d359f296fe8d876c10859aaa18ac283c21b6d52b67d1bff54036cd845c05628ada351222add69316cdfd2f13ecc5f92321a5c610627896898c96a49400bb07a3e120c8365be38eb41bf9e688063d2d40600e89f5354802baa30987c401b84afa2f8d1e6265a5416e3a24fd7a0689bb8c50e1c81a18ab72787dfa229bbd1c86b381ccbf63799da6648de2de1c1dbe8c57e54e7e25bfce1501198c4479f0ae293f1ccfb46e95ca46bd855416d93d29a6697d46bc1ba", 0xb8}, {&(0x7f0000000240)="af77b3eaf98e62a6e9b9378fd824b7a8a4e8", 0x12}, {&(0x7f0000000f40)="29f2e18d3b4ae498abe0ced6f009d6ad47dc8dc490a4b2b0652668345bbc6693cd42d90813fe19f23cfb3485fd528d4980a72f496d308a4ece7ba18f9889a139023abab2babdf40af2fc552ea448", 0x4e}], 0x6, &(0x7f0000002900)=ANY=[], 0xf0}}], 0x2, 0x0)

6.239015492s ago: executing program 1 (id=7228):
socket$nl_netfilter(0x10, 0x3, 0xc)
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
open(&(0x7f0000000140)='./file0\x00', 0x800, 0x70)
socket$can_bcm(0x1d, 0x2, 0x2)
socket$inet6(0xa, 0x800000000000002, 0x0)
openat$sequencer(0xffffffffffffff9c, &(0x7f00000001c0), 0xa0602, 0x0)
syz_open_dev$sndmidi(0x0, 0x2, 0x141102)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
sendmsg$inet(r1, &(0x7f0000001b00)={0x0, 0x0, 0x0, 0x0, &(0x7f0000001d80)=ANY=[@ANYBLOB="28010000000000000100000001"], 0x128}, 0x0)
recvmsg$unix(r0, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000140), 0x100}, 0x0)
r2 = syz_io_uring_setup(0x10d2, &(0x7f0000000540)={0x0, 0x7734, 0x80, 0x0, 0x34f}, &(0x7f0000000600)=<r3=>0x0, &(0x7f00000005c0)=<r4=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x4, &(0x7f0000000380)=0x101, 0x0, 0x4)
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5)
syz_io_uring_submit(r3, r4, &(0x7f0000000200)=@IORING_OP_RECVMSG={0xa, 0x4, 0x1cd83f7c25e05491, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x100, 0x1, {0x3}})
io_uring_enter(r2, 0x47bc, 0x0, 0x0, 0x0, 0x0)

5.673187347s ago: executing program 0 (id=7229):
socket$nl_netfilter(0x10, 0x3, 0xc)
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
mkdir(&(0x7f0000000300)='./bus\x00', 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000100)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]})
seccomp$SECCOMP_SET_MODE_FILTER(0x1, 0x1, &(0x7f0000000140)={0x1, &(0x7f0000000280)=[{0x6, 0x0, 0x0, 0x7fff0000}]})
r0 = open(&(0x7f0000000140)='./file0\x00', 0x800, 0x70)
mknodat$loop(r0, &(0x7f0000001600)='./file1\x00', 0x0, 0x0)
socket$inet6(0xa, 0x800000000000002, 0x0)
openat$sequencer(0xffffffffffffff9c, &(0x7f00000001c0), 0xa0602, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
sendmsg$inet(r2, &(0x7f0000001b00)={0x0, 0x0, 0x0, 0x0, &(0x7f0000001d80)=ANY=[@ANYBLOB="28010000000000000100000001"], 0x128}, 0x0)
recvmsg$unix(r1, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000140), 0x100}, 0x0)
r3 = syz_io_uring_setup(0x10d2, &(0x7f0000000540)={0x0, 0x7734, 0x80, 0x0, 0x34f}, &(0x7f0000000600)=<r4=>0x0, &(0x7f00000005c0)=<r5=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r4, 0x4, &(0x7f0000000380)=0x101, 0x0, 0x4)
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5)
syz_io_uring_submit(r4, r5, &(0x7f0000000200)=@IORING_OP_RECVMSG={0xa, 0x4, 0x1cd83f7c25e05491, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x100, 0x1, {0x3}})
io_uring_enter(r3, 0x47bc, 0x0, 0x0, 0x0, 0x0)

5.605291983s ago: executing program 3 (id=7230):
socket(0x10, 0x803, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_LINKAT={0x27, 0x60, 0x0, 0xffffffffffffffff, &(0x7f0000000300)='./file1/file0\x00', &(0x7f0000000340)='./file1\x00', 0xffffffffffffffff, 0xc00, 0x1})
syz_io_uring_setup(0x81f, &(0x7f0000000480)={0x0, 0x0, 0x10, 0x0, 0x34f}, &(0x7f00000000c0), &(0x7f0000000080))
socket$nl_route(0x10, 0x3, 0x0)
gettid()
r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000000), 0x101000)
read(r0, &(0x7f0000000200)=""/209, 0xd1)
ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r0, 0x4040534e, &(0x7f0000000080)={0x335})
bpf$PROG_LOAD(0x5, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000180)={0x8, 0xf59}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000280)=0x3)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x0, 0x0)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000032680)=""/102384, 0x18ff0)
ioctl$SNDRV_CTL_IOCTL_SUBSCRIBE_EVENTS(0xffffffffffffffff, 0xc0045516, &(0x7f0000000240)=0x800004)
timerfd_settime(0xffffffffffffffff, 0x2, 0x0, 0x0)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
openat$sndseq(0xffffffffffffff9c, 0x0, 0x42002)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000540)={0x18, 0x4, &(0x7f0000000380)=ANY=[], &(0x7f0000000100)='GPL\x00', 0x10, 0x32, 0x0, 0x41000, 0x2, '\x00', 0x0, 0x2, r2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000440)={&(0x7f0000000040)='rpc_clnt_new\x00', r3}, 0x18)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r4 = getpid()
sched_setscheduler(r4, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff})
connect$unix(r5, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r6, &(0x7f0000000000), 0x651, 0x0)

5.555191103s ago: executing program 0 (id=7231):
r0 = syz_init_net_socket$rose(0xb, 0x5, 0x0)
getsockopt$inet_pktinfo(0xffffffffffffffff, 0x0, 0x8, &(0x7f0000000080)={<r1=>0x0, @multicast2}, &(0x7f00000000c0)=0xc)
r2 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000200)={'geneve1\x00', <r3=>0x0})
sendmsg$nl_route(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={0x0, 0x3c}, 0x1, 0x0, 0x0, 0x20040000}, 0x20000000)
getsockopt$inet_mreqn(0xffffffffffffffff, 0x0, 0x24, &(0x7f0000000100)={@loopback, @broadcast, <r4=>0x0}, &(0x7f0000000140)=0xc)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000180)={'netpci0\x00'})
ioctl$sock_ipv4_tunnel_SIOCCHGTUNNEL(r0, 0x89f3, &(0x7f0000000240)={'erspan0\x00', &(0x7f00000001c0)={'gretap0\x00', <r5=>0x0, 0x40, 0x20, 0x0, 0x401, {{0x10, 0x4, 0x2, 0x3, 0x40, 0x64, 0x0, 0x9, 0x29, 0x0, @dev={0xac, 0x14, 0x14, 0xa}, @dev={0xac, 0x14, 0x14, 0x15}, {[@timestamp_addr={0x44, 0x2c, 0x70, 0x1, 0x2, [{@remote, 0x9}, {@multicast1, 0x92ff}, {@dev={0xac, 0x14, 0x14, 0xb}, 0x1}, {@dev={0xac, 0x14, 0x14, 0x1a}, 0x9}, {@local, 0x1}]}]}}}}})
r6 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$ifreq_SIOCGIFINDEX_team(r6, 0x8933, &(0x7f0000004700)={'team0\x00', <r7=>0x0})
r8 = syz_genetlink_get_family_id$team(&(0x7f00000044c0), 0xffffffffffffffff)
sendmsg$TEAM_CMD_OPTIONS_SET(r6, &(0x7f0000004bc0)={0x0, 0x0, &(0x7f0000004b80)={&(0x7f0000000440)=ANY=[@ANYBLOB='`\x00\x00\x00', @ANYRES16=r8, @ANYBLOB="010029bd7000fedbdf250100000008000100", @ANYRES32=r7, @ANYBLOB="44c363b14d000280b375acd8341b8ac0ab4ee22a70be711b9ced451b47e883c609ef5328a9a5cf0e8668d62c982b8970e4465af2e2d92075968029f9751cca9c9c965c5da93d4eab89ea5d439dce1ec47e"], 0x60}, 0x1, 0x0, 0x0, 0x8015}, 0x44884)
sendmsg$ETHTOOL_MSG_CHANNELS_GET(0xffffffffffffffff, &(0x7f00000003c0)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x400}, 0xc, &(0x7f0000000380)={&(0x7f0000000280)={0xe8, 0x0, 0x20, 0x70bd25, 0x25dfdbff, {}, [@HEADER={0x28, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r1}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'gre0\x00'}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r3}]}, @HEADER={0x2c, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_INDEX={0x8}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x2}, @ETHTOOL_A_HEADER_FLAGS={0x8}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r4}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x3}]}, @HEADER={0x4c, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x1}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'pim6reg1\x00'}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r7}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'veth1_vlan\x00'}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r5}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x3}]}, @HEADER={0x34, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x2}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'gre0\x00'}]}]}, 0xe8}, 0x1, 0x0, 0x0, 0x20000000}, 0x40040)
bind$rose(r0, &(0x7f0000000000)=@short={0xb, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0x3}, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, 0x1, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}}, 0x1c)

5.432156218s ago: executing program 2 (id=7232):
syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20000008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
connect$unix(0xffffffffffffffff, &(0x7f0000000180)=@abs, 0x6e)
sendmmsg$unix(0xffffffffffffffff, &(0x7f00000bd000), 0x318, 0x0)
close(0x3)

5.4139176s ago: executing program 2 (id=7233):
bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0xa, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="b400000000000000dd110000000000"], 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x19}, 0x94)
r0 = syz_usb_connect(0x0, 0x2d, &(0x7f0000000140)={{0x12, 0x1, 0x0, 0x41, 0x3f, 0x5f, 0x20, 0x61d, 0xc150, 0xce6f, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x1b, 0x1, 0x0, 0x0, 0x10, 0x0, [{{0x9, 0x4, 0x33, 0x0, 0x1, 0x18, 0x70, 0xfd, 0x0, [], [{{0x9, 0x5, 0x82, 0x2, 0x200, 0x0, 0x4}}]}}]}}]}}, 0x0)
syz_usb_control_io$printer(r0, 0x0, 0x0)
syz_usb_ep_write$ath9k_ep1(r0, 0x82, 0xa8, &(0x7f0000000040)=ANY=[@ANYBLOB="a200004ef3b11f948ef66b0ee0b3d41b1b"])

5.390851957s ago: executing program 4 (id=7234):
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={0x0}, 0x1, 0x0, 0x0, 0x804}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r0, 0x0, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prlimit64(0x0, 0x2, &(0x7f0000000240)={0xfffffffffffffffe}, 0x0)
mprotect(&(0x7f0000ffc000/0x4000)=nil, 0x4008, 0x2)
mkdirat$cgroup_root(0xffffffffffffff9c, 0x0, 0x1ff)
r3 = syz_open_dev$dri(&(0x7f0000000080), 0x1ff, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r3, 0xc02064b2, &(0x7f0000000200)={0x8000, 0x2, 0xfa})
r4 = syz_open_dev$dri(&(0x7f0000000000), 0x1ff, 0x0)
ioctl$DRM_IOCTL_MODE_GETRESOURCES(r4, 0xc04064a0, &(0x7f0000000700)={0x0, &(0x7f0000000640)=[<r5=>0x0], 0x0, 0x0, 0x0, 0x1})
ioctl$DRM_IOCTL_MODE_CURSOR(r3, 0xc01c64a3, &(0x7f0000000040)={0x3, r5, 0x10000000, 0x80000001, 0xb, 0x1fd, 0x1})
close_range(r3, 0xffffffffffffffff, 0x0)

5.258418287s ago: executing program 1 (id=7235):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x3)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000032680)=""/102392, 0x18ff8)
r1 = socket$inet6(0xa, 0x2, 0x0)
sendmsg$inet6(r1, &(0x7f0000000380)={&(0x7f00000000c0)={0xa, 0x4e06, 0x80000, @loopback, 0xfffffffd}, 0x1c, 0x0, 0x0, &(0x7f00000004c0)=ANY=[@ANYBLOB="1800000000000000290000003900000000"], 0x18}, 0x20040081)
socket$inet6_udplite(0xa, 0x2, 0x88)
r2 = socket$inet6_sctp(0xa, 0x1, 0x84) (fail_nth: 1)
bind$inet6(r2, 0x0, 0x0)
socket(0x10, 0x80002, 0x0)
sendto$inet6(r2, &(0x7f0000000900)="582412748a9d54f5db757bc4bed58f792bd11ba21f", 0x15, 0x800, &(0x7f0000000240)={0xa, 0x4e23, 0xfffffffe, @loopback}, 0x1c)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(0xffffffffffffffff, 0x8933, 0x0)
syz_io_uring_setup(0x1255, 0x0, &(0x7f00000000c0), &(0x7f0000000100))

4.350345421s ago: executing program 4 (id=7236):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x3)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000032680)=""/102392, 0x18ff8)
r1 = socket$inet6(0xa, 0x2, 0x0)
sendmsg$inet6(r1, &(0x7f0000000380)={&(0x7f00000000c0)={0xa, 0x4e06, 0x80000, @loopback, 0xfffffffd}, 0x1c, 0x0, 0x0, &(0x7f00000004c0)=ANY=[@ANYBLOB="1800000000000000290000003900000000"], 0x18}, 0x20040081)
socket$inet6_udplite(0xa, 0x2, 0x88)
r2 = socket$inet6_sctp(0xa, 0x1, 0x84)
bind$inet6(r2, 0x0, 0x0)
socket(0x10, 0x80002, 0x0)
sendto$inet6(r2, &(0x7f0000000500)="582425938a9d54f5db757bc4bed58f108de0a0401f062255e6086110e6f725bf8f5c061302e16df329aa8656774de72f084a1d02e892b0c11d681a1b13cf79b05207f23f0f64412ab7af890405055be23abe98c45efc9600a70601e214bc46938ef7ec1bb57a3f2ca416359cb4cc9347dad907e9062e43401f5a7bd6c1aa2772812ae5fff6740e8786ffa406bd7e3037fb4638c3a08543842a05a7b6a03bae480a717bf9f1c6ccd736bc17dc1d93c0bc4b794fccb7d49c81c49bd0beda335d04cc2f72a4e96be35d358583df7f948f3ebcafa635242865e49f50e4d58b8dbe5c6477d3b24177c09f7efdcd9f6e524becb319ef15356094b89a918371beac0500000000000000471b83715c95224ed8d0047857dd0000fa5f4ff58bd4ead574385d653dee40ea83a6086b46c3d037259bd338eadc73271c8493b121e4754fd4e8ed36c2efcab4c5ca57db8b691ec0db861e11c5fcc18a0a9c4cdcb2534acf7de9ef429bd65ce0c2c638c68def000000", 0x16f, 0x800, &(0x7f0000000240)={0xa, 0x4e23, 0xfdfffffe, @loopback, 0x7}, 0xfffffffffffffe04)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(0xffffffffffffffff, 0x8933, 0x0)
syz_io_uring_setup(0x1255, 0x0, &(0x7f00000000c0), &(0x7f0000000100))

4.319019896s ago: executing program 0 (id=7237):
r0 = socket$inet(0xa, 0x801, 0x84)
connect$inet(r0, &(0x7f0000000340)={0x2, 0x0, @loopback}, 0x10)
listen(r0, 0x8)
r1 = accept4(r0, 0x0, 0x0, 0x0)
sendmmsg$unix(r1, &(0x7f0000001840)=[{{0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f0000000140)="c7f257", 0x3}], 0x1, 0x0, 0x0, 0x8054}}], 0x1, 0x4000045)
setsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(r1, 0x84, 0x22, &(0x7f0000000100)={0x3}, 0x10)
sendto$inet(r1, &(0x7f0000000300)="b3", 0x1, 0x0, 0x0, 0x0)
setsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r1, 0x84, 0x7b, &(0x7f00000003c0)={0x0, 0x2}, 0x8)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
r5 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt$inet_sctp6_SCTP_RESET_STREAMS(r5, 0x84, 0x77, 0x0, 0x1000f)
listen(r0, 0x4)

3.196533835s ago: executing program 0 (id=7238):
r0 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r1 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$TIOCSETD(r1, 0x5423, &(0x7f0000000040)=0x7)
ioctl$TIOCSTI(r1, 0x5412, &(0x7f0000000200)=0xc0)
ioctl$SNDCTL_SEQ_OUTOFBAND(r0, 0x40085112, &(0x7f0000000040)=@e={0xff, 0xa})
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="0100000042000000060000000800000600020000", @ANYRES32=0x1, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x48)
bpf$MAP_CREATE(0x0, &(0x7f0000000140)=ANY=[@ANYBLOB="0c000000040059c1977fc8a7637e0000000004006f792b90f064cc1d009840a28634de40290d6e1c3d4b9e02dae0d6ee42859252d9ac922014a2d80ba77f29943fefaff9f959ca21b573a70de474dddaf088c01f7c17a58074847698740459e50df466e5126c1388b0b675194fe08d5dce36d34b88c46291a164c7039cd0eb033c41cbf4462276b8c8d954d1ac831cc79d50eca0114301d7a1a5bd55dbe51ae1c9aff774190335f5103c57a2b6811607a4cf0cc3ef05d47f8219247e6f11491f0fb99d051d7573313a3e6616d6c328d1eb31268646aea1e9a002393ad403e2447fc200"/238, @ANYRES32=r2, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x50)
r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000580)=ANY=[@ANYBLOB="05000000050000000200000004"], 0x48)
close(0x3)
bpf$MAP_CREATE(0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="0a00000004000000dd0000000a00000000000000", @ANYRES32, @ANYBLOB="0000b41f71b1106fde99b4115f86c585b26b0000", @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x50)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x14, &(0x7f0000000000)=ANY=[@ANYRESHEX=r2, @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], &(0x7f0000000100)='GPL\x00', 0x8, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1d, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000004c0)={&(0x7f0000000300)='tlb_flush\x00', r4}, 0x10)
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000000480)={r4, 0x0, 0x25, 0x2, @val=@tcx={@void, @value=r4}}, 0x1c)
r5 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000015c0), 0x2, 0x0)
ioctl$VHOST_SET_VRING_BASE(r5, 0xaf01, 0x0)
r6 = eventfd(0xffffffff)
ioctl$VHOST_SET_LOG_FD(r5, 0x4004af07, &(0x7f0000000240)=r6)
ioctl$VHOST_SET_VRING_KICK(r5, 0x4008af20, &(0x7f0000000040)={0x1, r6})
r7 = syz_usb_connect(0x2, 0x3f, &(0x7f0000000040)=ANY=[@ANYBLOB="1201000016038308c5109a8146e40102230109022d0001000000000904000003030000000905be3b"], 0x0)
syz_usb_control_io(r7, 0x0, &(0x7f0000000bc0)={0x84, &(0x7f0000000600)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$printer(r7, 0x0, &(0x7f0000000440)={0x34, 0x0, 0x0, 0x0, 0x0, &(0x7f00000003c0)={0x20, 0x1, 0x1, 0x4}, 0x0})
syz_usb_control_io(r7, 0x0, 0x0)
syz_usb_control_io(r7, 0x0, 0x0)
ioctl$VHOST_SET_MEM_TABLE(r5, 0x4008af03, &(0x7f00000008c0)={0x1, 0x0, [{0x0, 0x73, &(0x7f00000001c0)=""/115}]})

3.172777741s ago: executing program 2 (id=7239):
r0 = epoll_create1(0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = syz_init_net_socket$rose(0xb, 0x5, 0x0)
bind$rose(r3, 0x0, 0x0)
connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
epoll_ctl$EPOLL_CTL_ADD(r0, 0x1, r2, &(0x7f0000000100)={0x20000014})
epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, r0, &(0x7f0000000000)={0xa0000001})
epoll_wait(0xffffffffffffffff, &(0x7f00000000c0)=[{}], 0x1, 0x1fffc002)
syz_open_dev$tty1(0xc, 0x4, 0x1)
r4 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000340)={'bridge_slave_0\x00'})
r5 = creat(&(0x7f00000002c0)='./file0\x00', 0x0)
r6 = open$dir(&(0x7f0000000080)='./file0\x00', 0x440, 0x12e)
mmap$xdp(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x0, 0x12, r6, 0x0)
write(r5, &(0x7f0000000180)="2cd889f0", 0x4)
r7 = io_uring_setup(0x6ddd, &(0x7f00000002c0)={0x0, 0x62af, 0x40, 0xffffffff})
io_uring_register$IORING_REGISTER_FILES_UPDATE2(r7, 0xd, &(0x7f0000000140)={0x7, 0x0, 0x0, 0x0}, 0x20)
io_uring_register$IORING_REGISTER_FILES_UPDATE2(r7, 0xe, &(0x7f0000001180)={0x0, 0x0, &(0x7f0000000040)=[{0x0, 0xfdfffffffffffffe}], 0x0, 0x7}, 0x20)
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f00000005c0)={0xffffffffffffffff, 0x0, 0x30, 0x0, @val=@uprobe_multi={&(0x7f0000000140)='./file0\x00', &(0x7f00000001c0)=[0x3], 0x0, 0x0, 0x1}}, 0x40)
r8 = memfd_create(&(0x7f0000000280)='\x00\x00\x00\x00\x00\x00z\x9b\xb6\xe8t;\xfc\x02\x00\x00\x009\xa0\x8b\x14d\xa2\xa1\xa8!\xe8\xd1\xa0\x8a\xce0\x1c\xb7\xf1\xccm\xce\xd4\xdb\x89\xe5\x8f\xe2\xb6\xd6\x9cF\xbd\xff\x14\x05\x00\x00\x00\x00\x00\x00\x00\xf3\xdc\x91\'\x06\\8\r\xfc\xeeG\xbe\x90C\x1c)5\x98\xa3\xfa\a\xf9\x98\xbb}\xeb\x86P=\xe51\x9d,\xb7\xe6_M\xbe\x19\xea#\xff[\xd1\xc3\x9a\xa3\x1b\xf9\xe9\x1d \xce1\xc9\x9f\xb0\x14\xc2\xeb\xf9\xceE\xad\xa4\x92\f\xef\x87g\xb6\xabW\xac\rP\xf42\xb7\xc8\xaajn\xd7\n\r\x802\xd7\x1b$\x95tO*\xf4\xae\xb8\xb8m\xbf\r\xd5\xbf*\xfd\xc7\x85\x1b\x8b\xe5\x97j`c\xe0\x88?\xda\x8a#t>r\xae\xe8\xc9)', 0x0)
write$binfmt_elf64(r8, &(0x7f0000000540)=ANY=[@ANYBLOB="7f454c46020000000d0200"], 0xfebe)
execveat(r8, &(0x7f0000000000)='\x00', 0x0, 0x0, 0x1000)
ioctl$TUNGETDEVNETNS(r2, 0x54e3, 0x0)
syz_usb_connect$uac1(0x0, 0xaa, &(0x7f0000000100)=ANY=[@ANYBLOB="12010000000000106b1d01014000010203010902980003010000000904000000010100000a2401000000020102132406040006030000000000000000000000000924030000010000ff0924050000f8431cfd0924030604030204001b2404040209", @ANYBLOB="06c9a276857326a76ff32ee5c9c5a2f8bdb1e2e4e0abff355d3b9992f15a3edee91bc6b9a308e508532036692382bbd1c1a0a432b1f8ae694aac56ef738c4f790fdf74fafac3d8a120d0ebe847d37bc6f9565d70a062af3b026aab321d800e2d9b4e1cc866fb"], 0x0)
r9 = socket$nl_generic(0x10, 0x3, 0x10)
r10 = syz_genetlink_get_family_id$batadv(&(0x7f0000005c00), r9)
sendmsg$BATADV_CMD_GET_GATEWAYS(r9, &(0x7f0000005d00)={0x0, 0x0, &(0x7f0000005cc0)={&(0x7f0000000380)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r10, @ANYBLOB="11072bbd7000fedbdf250a00000008000300", @ANYRES32=0x0, @ANYBLOB="5c5aac52cf58de014d7ca4e80f0fc4b7a8e0f2a09a4f0c4c1b6832a557009ae2ffb52b8c825a7414941355c369b8047f629d477e08758f10cf73af83ed852dec67a16897e55c56af215bb3c9f28236eda8e9a8b3f2a5c21149b58082c79eaf56ceff9c8a18ec3c03fab5485c56edf4a63098ff141e90e297fc3db7162c110b734c48b54ec36d3d9ac00c2505426c1890d8d54701b9"], 0x1c}, 0x1, 0x0, 0x0, 0x4000084}, 0x4000450)

3.020256994s ago: executing program 4 (id=7240):
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)=@ipv6_newnexthop={0x24, 0x68, 0x309, 0x4000, 0x0, {}, [@NHA_FDB={0x4}, @NHA_ID={0x8, 0x1, 0x1}]}, 0x24}}, 0x0)

2.800855662s ago: executing program 4 (id=7241):
socket$nl_netfilter(0x10, 0x3, 0xc)
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
mkdir(&(0x7f0000000300)='./bus\x00', 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000100)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]})
seccomp$SECCOMP_SET_MODE_FILTER(0x1, 0x1, &(0x7f0000000140)={0x1, &(0x7f0000000280)=[{0x6, 0x0, 0x0, 0x7fff0000}]})
open(&(0x7f0000000140)='./file0\x00', 0x800, 0x70)
socket$can_bcm(0x1d, 0x2, 0x2)
socket$inet6(0xa, 0x800000000000002, 0x0)
openat$sequencer(0xffffffffffffff9c, &(0x7f00000001c0), 0xa0602, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
sendmsg$inet(r1, &(0x7f0000001b00)={0x0, 0x0, 0x0, 0x0, &(0x7f0000001d80)=ANY=[@ANYBLOB="28010000000000000100000001"], 0x128}, 0x0)
recvmsg$unix(r0, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000140), 0x100}, 0x0)
r2 = syz_io_uring_setup(0x10d2, &(0x7f0000000540)={0x0, 0x7734, 0x80, 0x0, 0x34f}, &(0x7f0000000600)=<r3=>0x0, &(0x7f00000005c0)=<r4=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x4, &(0x7f0000000380)=0x101, 0x0, 0x4)
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5)
syz_io_uring_submit(r3, r4, &(0x7f0000000200)=@IORING_OP_RECVMSG={0xa, 0x4, 0x1cd83f7c25e05491, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x100, 0x1, {0x3}})
io_uring_enter(r2, 0x47bc, 0x0, 0x0, 0x0, 0x0)

2.639758073s ago: executing program 4 (id=7242):
r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000000)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x10, 0x1e7d, 0x31ce, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x2, 0x3, 0x0, 0x0, 0x0, {0x9, 0x21, 0x0, 0x0, 0x1, {0x22, 0xb}}}}]}}]}}, 0x0)
syz_usb_control_io$hid(r0, 0x0, 0x0)
r1 = openat$uinput(0xffffffffffffff9c, &(0x7f00000010c0), 0x403, 0x0)
r2 = socket$inet(0xa, 0x801, 0x84)
r3 = syz_usb_connect$uac1(0x3, 0xc9, &(0x7f0000000240)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x10, 0x1d6b, 0x101, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0xb7, 0x3, 0x1, 0x6, 0x20, 0x10, {{0x9, 0x4, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, {{0xa, 0x24, 0x1, 0x7ff, 0x38}, [@output_terminal={0x9, 0x24, 0x3, 0x1, 0x304, 0x4, 0x6, 0x8}, @feature_unit={0xd, 0x24, 0x6, 0x5, 0x5, 0x3, [0x3, 0x1, 0x0], 0x7}, @extension_unit={0xa, 0x24, 0x8, 0x6, 0x5, 0x0, "a96c77"}, @mixer_unit={0x9, 0x24, 0x4, 0x1, 0x7f, "3ab0478b"}, @processing_unit={0xc, 0x24, 0x7, 0x4, 0x0, 0x0, "f8c0fddc26"}]}}, {}, {0x9, 0x4, 0x1, 0x1, 0x1, 0x1, 0x2, 0x0, 0x0, {[@format_type_i_continuous={0xb, 0x24, 0x2, 0x1, 0xa3, 0x2, 0x8, 0x6, "d4", ' ?'}]}, {{0x9, 0x5, 0x1, 0x9, 0x8, 0x9, 0x10, 0x8, {0x7, 0x25, 0x1, 0x83, 0x4, 0x200}}}}, {}, {0x9, 0x4, 0x2, 0x1, 0x1, 0x1, 0x2, 0x0, 0x0, {[@format_type_i_discrete={0x8, 0x24, 0x2, 0x1, 0x2, 0x1, 0x4, 0xe}, @format_type_i_discrete={0x10, 0x24, 0x2, 0x1, 0x4, 0x3, 0x7, 0x6, "6787daa5d9c53cdd"}]}, {{0x9, 0x5, 0x82, 0x9, 0x0, 0x5, 0x4, 0x7, {0x7, 0x25, 0x1, 0x80, 0x0, 0x3d}}}}}}}]}}, &(0x7f0000000700)={0xa, &(0x7f0000000040)={0xa, 0x6, 0x200, 0x1, 0x0, 0x40, 0xff, 0x3f}, 0xe5, &(0x7f0000000340)={0x5, 0xf, 0xe5, 0x4, [@ss_cap={0xa, 0x10, 0x3, 0x2, 0x3, 0x9, 0x0, 0x5}, @ext_cap={0x7, 0x10, 0x2, 0x8, 0x5, 0x0, 0xfae8}, @generic={0xbb, 0x10, 0xb, "a7ead37c987d32ed5d0cc5a81f30a51658daadb712b4b5d88790925469084171a8b0b484e689e39a823e15b8c2e37c4314c32a886fd4066c6ccfed5eba5ae374adbc01a6234783360c13abfdc206449740fe326c8daeff77d789c64366ec5e5a654fc283b8fee03240fd4caaa70fd823567c93ad0af869986504a04e8ec5356d310f95c4b5c9ed0a3a716e3f7f9880c1bcb59bc30774e2a299d15bd6fa631b94efd788394c0a9b2abf3bde68b52bde3cf2295916fb4d24a7"}, @ss_container_id={0x14, 0x10, 0x4, 0x81, "c0b5b0a12244874279135334dcfebc14"}]}, 0xa, [{0x4, &(0x7f00000000c0)=@lang_id={0x4, 0x3, 0xc0c}}, {0x4, &(0x7f0000000100)=@lang_id={0x4, 0x3, 0x3001}}, {0x4, &(0x7f0000000180)=@lang_id={0x4, 0x3, 0x436}}, {0x19, &(0x7f00000001c0)=@string={0x19, 0x3, "892c048f495a8cc3ad233e2e68a95c15fcef7fac85a074"}}, {0x2e, &(0x7f0000000440)=@string={0x2e, 0x3, "550cfc051c522c4e52a0e7dec834a9db7f95dfed120e1b18065bd462ede39505525f58810b74b3b4ae3a6405"}}, {0xd8, &(0x7f0000000480)=@string={0xd8, 0x3, "f9c8b6cddc796f967812020a2392ac113d548ef1880888df2a25439b632e4b0dc8dc40adc05060d64f20f8d5354a47105290647f8799b2668453699c44a6831cdcad8c84dcc473045a46e9f49ce8a5e71318f77df26f15fca1ece6f2c1fff1feb7e5fa8ca10ddf2fb5715bf817fab401e92db478fdae44a2a83a0f232eef64805f87216698a5dee1e15a55fd108fd9c15ab134bcd5136084eae2913373168349070fff6220071832c1b666491a4f3f29f592b87b96e9c8862e5c9c1778f275307d4ca215c103f358238e012db68c0ca9403eae743be0"}}, {0x4, &(0x7f0000000580)=@lang_id={0x4, 0x3, 0x1409}}, {0x4, &(0x7f0000000600)=@lang_id={0x4, 0x3, 0x427}}, {0x51, &(0x7f0000000640)=@string={0x51, 0x3, "d18e8e04e32852cc8e824a8f596ba95d389911bc2b110b38d6232f4655c8f3289516657e92d31e6fd46568492c34955e6bb3b97e5ef9341245a3c071a9681084a81c2008c7d9b3c8fdb4d535e14474"}}, {0x4, &(0x7f00000006c0)=@lang_id={0x4, 0x3, 0x40a}}]})
syz_usb_control_io$uac1(r3, &(0x7f0000000880)={0x14, &(0x7f00000007c0)={0x40, 0x0, 0x6c, {0x6c, 0x8, "f9d9bd72ddb64e34d0609316687647b2191209cd70e0fd69129b88cc845edce4e900a641d635adaeff5e094110d819f2dab233613daf3ab33456bb62787586cd69eca0fc818855b343e3402046cae5dc2e8c0164d633e6555407bb2c266d78642538715669e04893dfcb"}}, &(0x7f0000000840)={0x0, 0x3, 0x4, @lang_id={0x4, 0x3, 0x81a}}}, &(0x7f0000000ac0)={0x44, &(0x7f00000008c0)={0x20, 0x15, 0x2e, "98acb0ecc32f378c432d0bf37f3503573afc98e3ba83b542e5c8b5eedd0376fa073bb81615d07df67b86a98c3f5e"}, &(0x7f0000000900)={0x0, 0xa, 0x1, 0x2}, &(0x7f0000000940)={0x0, 0x8, 0x1, 0x3}, &(0x7f0000000980)={0x20, 0x81, 0x1, "89"}, &(0x7f00000009c0)={0x20, 0x82, 0x3, "f5c8ec"}, &(0x7f0000000a00)={0x20, 0x83, 0x3, "a397b1"}, &(0x7f0000000a40)={0x20, 0x84, 0x4, "5a326603"}, &(0x7f0000000a80)={0x20, 0x85, 0x3, "45de16"}})
connect$inet(r2, &(0x7f0000004cc0)={0x2, 0x0, @remote={0xac, 0x14, 0xffffffffffffffff}}, 0x10)
listen(r2, 0x8)
r4 = accept4(r2, 0x0, 0x0, 0x0)
setsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(r4, 0x84, 0x22, &(0x7f0000000000)={0x2, 0x0, 0x6, 0xffffffff}, 0x10)
sendto$inet6(r4, &(0x7f0000000200)='x', 0x1, 0x0, 0x0, 0x0)
setsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r4, 0x84, 0x7b, &(0x7f0000000140)={0x0, 0x1}, 0x8)
setsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER_VALUE(r4, 0x84, 0x7c, &(0x7f0000001400)={0x0, 0x0, 0x7a}, 0x8)
setsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER_VALUE(r4, 0x84, 0x7c, &(0x7f00000005c0)={0x0, 0x2, 0x7a}, 0x8)
ioctl$UI_SET_EVBIT(r1, 0x40045564, 0x1)
ioctl$UI_SET_KEYBIT(r1, 0x40045565, 0x10000000002001ff)
syz_usb_control_io$hid(r0, &(0x7f0000000200)={0x24, 0x0, 0x0, &(0x7f0000000080)={0x0, 0x22, 0xb, {[@main=@item_012={0x2, 0x0, 0xc, "1417"}, @main=@item_012={0x2, 0x0, 0xc, 'k;'}, @local=@item_4={0x3, 0x2, 0x1, "92bacd41"}]}}, 0x0}, 0x0)

2.269583804s ago: executing program 1 (id=7243):
syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20000008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
connect$unix(0xffffffffffffffff, &(0x7f0000000180)=@abs, 0x6e)
sendmmsg$unix(0xffffffffffffffff, &(0x7f00000bd000), 0x318, 0x0)
close(0x3)

2.26618784s ago: executing program 3 (id=7244):
syz_init_net_socket$ax25(0x3, 0x3, 0xcf)
ioperm(0x1, 0x9, 0xfffffffffffffff8)
r0 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r0}, &(0x7f0000bbdffc))
timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
r1 = mq_open(&(0x7f0000000040)='!se\xf7ih,\x17i\xacP\xe6lNnuxselinux\x00', 0x6e93ebbbcc0884f2, 0x2, &(0x7f0000000300)={0x0, 0x1, 0x6})
mq_timedsend(r1, 0x0, 0x0, 0x0, 0x0)
mq_timedsend(r1, 0x0, 0x0, 0x0, 0x0)
r2 = syz_kvm_add_vcpu$x86(0x0, &(0x7f0000000540)={0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="02000000000000001800000000000000018000009b00000000000000000000001800000000000000fbffffffffffffff0100000000000000690000000000000066baf80cb88ac88084ef66bafc0cb000ee660f3882741e320fc7ad0f00000066bad00466edc4418571f6cd26400f07c421c455e40f2384c7442400dd000000c744240209000000ff2c24b9800000c00f3235008000000f30c302000000000000001800000000000000020000000c00000001000000000000007c00000000000000b9800000c00f3235001000000f300f01d1c48131dd3c0ab9800000c00f3235001000000f30b9f6020000b804000000ba000000000f302646ff2ca6c74424007f000000c74424020e000000ff2c2466baf80cb8fe9c4c8aef66bafc0cec66baa10066ed660fc7b57c393688c301000000000000006000000000000000f2663e650f01373e400f75f70fc76b0066b8e0000f00d0410f1b860600000066ba4300b800680000ef0fc75d003e660ff2acb3080000003e0fc73166baf80cb880253082ef66bafc0c66b8350066efc301000000000000005600000000000000c443790c5d0000b805000000b9b10000000f01d9470f1ed866460f3881b18000c0fe4e0fc79e030000000f078f68308faff67f0000020f07c4c22dadacfff8ffffff0f01c2c300000000100000001800000000000000b60000000000000002000000000000001800000000000000ffff00000b00000001000000000000005800000000000000b805000000b98d0000000f01c126430f01c8b9800000c00f3235000400000f300f01cf66ba6100ec430f0966baf80cb8e513118cef66bafc0cb0dcee400fc731470f01ca0f01eec301000000000000005a00000000000000b9010900000f3236660f38812552b4b2592665f30fc7370f21a6420f3266baf80cb82a5dca80ef66bafc0c66b870b966efc4c1cdd046003e1c0f236341a27300000000000000410f06c301000000000000004500000000000000420f01f844f4b9060800000f3266d1e9000f00d066ba6100b0bcee460f23a865420f2389f22e0f3266b804018ed08f2878a2d10fc301000000000000005200000000000000f39c8a0943e2c40f217966ba420066b8221b66ef66b876000f00d00f01c9b8010000000f01c10f3066baf80cb83473fd8fef66bafc0cb8e3b3a82def0f0f49ea0dc302000000000000001800000000000000050000000000000002000000000000001800000000000000020000000400000002000000000000001800000000000000fdffffffff01000000000000000000001800000000000000940500000000000002000000000000001800000000000000070000000800000002000000000000001800000000000000ffff00000000000000000000000000001800000000000000000000000000000001000000000000006600000000000000470f211126262e0f78520a66b819010f00d8674b0fc729b9830b00000f32c7442400fc000000c744240243870971ff1c24674a0fc7acdc2acee22066baf80cb819e23184ef66bafc0cb001ee360f01cff30f015d0ac3020000000000000018000000000000003e0000000400000002000000000000001800000000000000af000000030000000100000000000000420000000000000066ba2000b897000000eff2363e468aa32839000066ba210066ed67f40f421746a9c1ba3e9cf26f0f01f9420f01c30f01f6c3000000000000000018000000000000000900000000000000020000000000000018000000000000000000800300000000020000000000000018000000000000000700000007000000"], 0x524})
ioctl$KVM_CAP_HYPERV_SYNIC2(r2, 0x4068aea3, &(0x7f0000000580))
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f00000003c0)={0xffffffffffffffff, 0xe0, &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x44, 0x8, 0x0, 0x0}}, 0x10)
syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
socket$isdn_base(0x22, 0x3, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000300)=@ipv4_newrule={0x1c, 0x20, 0x301, 0x0, 0x0, {0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6}}, 0x1c}, 0x1, 0x0, 0x0, 0x4}, 0x0)
socket$inet6(0xa, 0x802, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x70bd2b, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9d, 0x11e41e7b, 0x20000000, 0x0, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x804}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r3 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x6)
r4 = syz_open_dev$dri(0x0, 0x1f, 0x0)
ioctl$DRM_IOCTL_MODE_GETRESOURCES(r4, 0xc04064a0, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000380)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff})
connect$unix(r5, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r6, &(0x7f0000000000), 0x400000000000041, 0x0)
recvmmsg(r5, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$OBJ_GET_MAP(0x7, 0x0, 0x0)

2.192203406s ago: executing program 1 (id=7245):
socket$nl_netfilter(0x10, 0x3, 0xc)
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
open(&(0x7f0000000140)='./file0\x00', 0x800, 0x70)
socket$can_bcm(0x1d, 0x2, 0x2)
socket$inet6(0xa, 0x800000000000002, 0x0)
openat$sequencer(0xffffffffffffff9c, &(0x7f00000001c0), 0xa0602, 0x0)
syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
socketpair$unix(0x1, 0x5, 0x0, 0x0)
sendmsg$inet(0xffffffffffffffff, &(0x7f0000001b00)={0x0, 0x0, 0x0, 0x0, &(0x7f0000001d80)=ANY=[@ANYBLOB="28010000000000000100000001"], 0x128}, 0x0)
recvmsg$unix(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000140), 0x100}, 0x0)
r0 = syz_io_uring_setup(0x10d2, &(0x7f0000000540)={0x0, 0x7734, 0x80, 0x0, 0x34f}, &(0x7f0000000600)=<r1=>0x0, &(0x7f00000005c0)=<r2=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x4, &(0x7f0000000380)=0x101, 0x0, 0x4)
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5)
syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_RECVMSG={0xa, 0x4, 0x1cd83f7c25e05491, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x100, 0x1, {0x3}})
io_uring_enter(r0, 0x47bc, 0x0, 0x0, 0x0, 0x0)

2.139447617s ago: executing program 1 (id=7246):
madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xe)
mlock(&(0x7f0000000000/0x800000)=nil, 0x800000)
mprotect(&(0x7f000004f000/0x800000)=nil, 0x800000, 0x0)
mlock2(&(0x7f000027f000/0x2000)=nil, 0x2000, 0x1)
r0 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(r0, &(0x7f0000000040)={0x3, 0x0, &(0x7f0000000340)={&(0x7f0000000080)={0x2, 0x2, 0x0, 0x2, 0xa, 0x0, 0x400, 0x0, [@sadb_address={0x3, 0x6, 0x0, 0x0, 0x0, @in={0x2, 0x0, @broadcast}}, @sadb_x_filter={0x5, 0x1a, @in=@loopback, @in6=@private2, 0x10, 0x0, 0x10}]}, 0x50}, 0x1, 0x7}, 0x40)
socket$netlink(0x10, 0x3, 0x15)
socket$inet6(0xa, 0x80002, 0x0)
sched_setscheduler(0x0, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
syz_open_dev$sndctrl(&(0x7f0000000080), 0x1, 0x0)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xa, &(0x7f0000000380)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x7fc00100}]})
pselect6(0x40, &(0x7f00000001c0)={0x0, 0x0, 0x3, 0xfffffffffffffffd}, 0x0, &(0x7f0000000040)={0x3ff, 0x0, 0x0, 0x9, 0xfeeb, 0x0, 0x7fffffff}, 0x0, 0x0)
munlockall()
madvise(&(0x7f0000000000/0xc00000)=nil, 0xc00003, 0x8)

1.975599188s ago: executing program 3 (id=7247):
madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xe)
mlock(&(0x7f0000000000/0x800000)=nil, 0x800000)
mprotect(&(0x7f000004f000/0x800000)=nil, 0x800000, 0x0)
mlock2(&(0x7f000027f000/0x2000)=nil, 0x2000, 0x1)
r0 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(r0, &(0x7f0000000040)={0x3, 0x0, &(0x7f0000000340)={&(0x7f0000000080)={0x2, 0x2, 0x0, 0x2, 0xa, 0x0, 0x400, 0x0, [@sadb_address={0x3, 0x6, 0x0, 0x0, 0x0, @in={0x2, 0x0, @broadcast}}, @sadb_x_filter={0x5, 0x1a, @in=@loopback, @in6=@private2, 0x10, 0x0, 0x10}]}, 0x50}, 0x1, 0x7}, 0x40)
socket$netlink(0x10, 0x3, 0x15)
socket$inet6(0xa, 0x80002, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
syz_open_dev$sndctrl(&(0x7f0000000080), 0x1, 0x0)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xa, &(0x7f0000000380)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x7fc00100}]})
pselect6(0x40, &(0x7f00000001c0)={0x0, 0x0, 0x3, 0xfffffffffffffffd}, 0x0, &(0x7f0000000040)={0x3ff, 0x0, 0x0, 0x9, 0xfeeb, 0x0, 0x7fffffff}, 0x0, 0x0)
munlockall()
madvise(&(0x7f0000000000/0xc00000)=nil, 0xc00003, 0x8)

1.131930952s ago: executing program 1 (id=7248):
r0 = socket$inet(0xa, 0x801, 0x84)
connect$inet(r0, &(0x7f0000000340)={0x2, 0x0, @loopback}, 0x10)
listen(r0, 0x8)
r1 = accept4(r0, 0x0, 0x0, 0x0)
setsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(r1, 0x84, 0x22, &(0x7f0000000100)={0x3}, 0x10)
sendto$inet(r1, &(0x7f0000000300)="b3", 0x1, 0x0, 0x0, 0x0)
setsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r1, 0x84, 0x7b, &(0x7f00000003c0)={0x0, 0x2}, 0x8)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
r5 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt$inet_sctp6_SCTP_RESET_STREAMS(r5, 0x84, 0x77, 0x0, 0x1000f)
listen(r0, 0x4)

938.090227ms ago: executing program 3 (id=7249):
syz_open_dev$sndctrl(&(0x7f0000000400), 0x0, 0x0)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000000)='sched_switch\x00', r0, 0x0, 0xfff7fffffffffff5}, 0x18)
sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
r2 = openat$audio(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$SNDCTL_DSP_CHANNELS(r2, 0xc0045006, &(0x7f0000000080)=0x7f)
r3 = socket(0x10, 0x3, 0x0)
r4 = socket$nl_route(0x10, 0x3, 0x0)
r5 = socket(0x10, 0x803, 0x2)
syz_genetlink_get_family_id$mptcp(&(0x7f00000000c0), r5)
getsockname$packet(r5, &(0x7f0000000100)={0x11, 0x0, <r6=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000003c0)=0x14)
sendmsg$nl_route(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffff11ffffffff000000", @ANYRES32=r6, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0)
sendmsg$nl_route_sched(r3, &(0x7f0000005840)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000540)=@newqdisc={0x4c, 0x24, 0x5820a61ca228651, 0x0, 0x0, {0x0, 0x0, 0x0, r6, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x1c, 0x2, {{0x1, 0x3, 0x10, 0x9, 0x40, 0xd3c25e1}}}}]}, 0x4c}}, 0x0)
sendmsg$nl_route_sched(r4, &(0x7f00000004c0)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000780)=@newtfilter={0x24, 0x28, 0xd27, 0x0, 0x25dfdbfc, {0x0, 0x0, 0x0, r6, {0xa}, {0xd}, {0x1, 0x3d}}}, 0x24}}, 0x40)
r7 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0)
bind$bt_l2cap(r7, &(0x7f00000002c0)={0x1f, 0x0, @any, 0xfff9}, 0xe)
connect$bt_l2cap(r7, &(0x7f0000000080)={0x1f, 0x0, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x11}, 0x7ff}, 0xe)
writev(r7, &(0x7f0000000100), 0x0)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000180), r7)
shutdown(r7, 0x1)
set_mempolicy(0x2, &(0x7f0000000080)=0x4716, 0x3)
socket(0x10, 0x3, 0x0)
setresuid(0x0, 0x0, 0x0)
socket$nl_route(0x10, 0x3, 0x0)

0s ago: executing program 4 (id=7250):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$sock_int(r0, 0x1, 0xf, &(0x7f0000000180)=0x800001, 0x4)
r1 = syz_io_uring_setup(0x10d, &(0x7f00000006c0)={0x0, 0xac24, 0x10000, 0x2}, &(0x7f0000000340)=<r2=>0x0, &(0x7f0000000280)=<r3=>0x0)
syz_io_uring_submit(r2, r3, &(0x7f00000002c0)=@IORING_OP_ACCEPT={0xd, 0x6, 0x5, r1, 0x0, 0x0, 0x0, 0x80800})
io_uring_enter(r1, 0x3516, 0xf2a2, 0x50, 0x0, 0x40)
r4 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$sock_int(r4, 0x1, 0xf, &(0x7f0000000180)=0x800001, 0x4)
bind$inet6(r4, &(0x7f0000000140)={0xa, 0x4e22, 0x0, @ipv4={'\x00', '\xff\xff', @empty}}, 0x1c)
mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x2, 0x5c831, 0xffffffffffffffff, 0x0)
r5 = syz_open_procfs$pagemap(0xffffffffffffffff, &(0x7f0000000000))
ioctl$PAGEMAP_SCAN(r5, 0xc0606610, &(0x7f0000000180)={0x60, 0x0, &(0x7f00001ab000/0x1000)=nil, &(0x7f0000a8c000/0xc000)=nil, 0x0, &(0x7f0000000200)=[{}], 0x60, 0x5f, 0x0, 0x0, 0x0, 0x8})
r6 = syz_open_dev$tty1(0xc, 0x4, 0x1)
r7 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r7, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000240)=ANY=[@ANYBLOB="380000001800010000000000000000000200000000000006000000000c00090008000000", @ANYRES32, @ANYBLOB="08000400", @ANYRES32, @ANYBLOB="080005"], 0x38}}, 0x0)
ioctl$KIOCSOUND(r6, 0x4b2f, 0x7)
mkdir(&(0x7f0000000140)='./file0\x00', 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x0)
mkdir(&(0x7f0000000080)='./bus\x00', 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r8=>0xffffffffffffffff, <r9=>0xffffffffffffffff})
r10 = syz_io_uring_setup(0x88f, &(0x7f0000000140)={0x0, 0xaee2, 0x0, 0x2, 0xbfdffffc}, &(0x7f0000000100)=<r11=>0x0, &(0x7f0000000000)=<r12=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r11, 0x4, &(0x7f0000000400)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r11, r12, &(0x7f00000002c0)=@IORING_OP_POLL_ADD={0x6, 0x0, 0x0, @fd_index=0x3})
io_uring_enter(r10, 0x47f6, 0x0, 0x0, 0x0, 0x0)
recvmmsg(r8, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sendmsg(r9, &(0x7f0000000180)={0x0, 0x0, 0x0, 0xfffffffffffffe79}, 0x0)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000400), 0x4000000, &(0x7f0000000240)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file1'}}, {@upperdir={'upperdir', 0x3d, './file0'}}]})
umount2(&(0x7f0000000100)='./bus\x00', 0x8)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000340)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]})
syz_emit_ethernet(0x4a, &(0x7f0000000000)=ANY=[@ANYBLOB="aaaaaaaaaaaaaaaaaaaaaa1c86dc600300000014060000000000000000000000000000000000fe8000000000000008000000000000aa00004e22", @ANYRES32=0x41424344, @ANYRES32=0x41424344, @ANYBLOB="5002000090780000"], 0x0)
ioctl$AUTOFS_DEV_IOCTL_EXPIRE(0xffffffffffffffff, 0xc018937c, &(0x7f00000001c0)={{0x1, 0x1, 0x18, r6, {0x1}}, './bus\x00'})

kernel console output (not intermixed with test programs):

 is useless in a non-upper mount, ignore
[ 1970.311305][T28206] overlayfs: missing 'lowerdir'
[ 1970.339722][T28196] netlink: 16 bytes leftover after parsing attributes in process `syz.0.6284'.
[ 1972.075270][T28234] xt_hashlimit: max too large, truncated to 1048576
[ 1972.106167][T28237] netlink: 68 bytes leftover after parsing attributes in process `syz.1.6299'.
[ 1972.202542][T25084] usb 4-1: new high-speed USB device number 46 using dummy_hcd
[ 1972.252454][  T979] usb 5-1: new high-speed USB device number 73 using dummy_hcd
[ 1972.320981][T28243] netlink: 12 bytes leftover after parsing attributes in process `syz.1.6302'.
[ 1972.374372][T25084] usb 4-1: Using ep0 maxpacket: 32
[ 1972.381876][T25084] usb 4-1: config 0 has an invalid interface number: 51 but max is 0
[ 1972.395717][T25084] usb 4-1: config 0 has no interface number 0
[ 1972.406212][T25084] usb 4-1: New USB device found, idVendor=061d, idProduct=c150, bcdDevice=ce.6f
[ 1972.428661][T25084] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1972.434510][T28245] batman_adv: Cannot find parent device. Skipping batadv-on-batadv check for gretap2
[ 1972.446099][  T979] usb 5-1: New USB device found, idVendor=0403, idProduct=6010, bcdDevice=c6.98
[ 1972.461028][T25084] usb 4-1: Product: syz
[ 1972.465338][  T979] usb 5-1: New USB device strings: Mfr=14, Product=0, SerialNumber=0
[ 1972.480219][T25084] usb 4-1: Manufacturer: syz
[ 1972.485212][T25084] usb 4-1: SerialNumber: syz
[ 1972.490046][T28248] netlink: 8 bytes leftover after parsing attributes in process `syz.1.6303'.
[ 1972.503509][  T979] usb 5-1: Manufacturer: syz
[ 1972.515520][T25084] usb 4-1: config 0 descriptor??
[ 1972.520772][T28248] openvswitch: netlink: Missing key (keys=40, expected=100)
[ 1972.533127][  T979] usb 5-1: config 0 descriptor??
[ 1972.541147][  T979] ftdi_sio 5-1:0.0: FTDI USB Serial Device converter detected
[ 1972.566814][T25084] quatech2 4-1:0.51: Quatech 2nd gen USB to Serial Driver converter detected
[ 1972.583612][  T979] ftdi_sio ttyUSB0: unknown device type: 0xc698
[ 1972.767092][  T979] usb 5-1: USB disconnect, device number 73
[ 1972.785274][  T979] ftdi_sio 5-1:0.0: device disconnected
[ 1972.815804][T25084] usb 4-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB0
[ 1972.834796][T25084] usb 4-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB1
[ 1973.147571][T28223] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1973.159442][T28223] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1973.380292][    C1] usb 4-1: qt2_read_bulk_callback - non-zero urb status: -71
[ 1973.391069][T20450] usb 4-1: USB disconnect, device number 46
[ 1973.402299][   T30] kauditd_printk_skb: 61 callbacks suppressed
[ 1973.402316][   T30] audit: type=1326 audit(1750894512.691:1908): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=28262 comm="syz.4.6309" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7fd9fa78e929 code=0x0
[ 1973.441555][T20450] quatech-serial ttyUSB0: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB0
[ 1973.460770][T28268] xt_hashlimit: max too large, truncated to 1048576
[ 1973.475050][T20450] quatech-serial ttyUSB1: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB1
[ 1973.489030][T20450] quatech2 4-1:0.51: device disconnected
[ 1974.201548][T28286] overlayfs: failed to clone upperpath
[ 1974.439534][T28293] netlink: 8 bytes leftover after parsing attributes in process `syz.4.6321'.
[ 1974.681238][T28299] netlink: 'syz.0.6322': attribute type 1 has an invalid length.
[ 1974.704347][T20450] usb 5-1: new low-speed USB device number 74 using dummy_hcd
[ 1974.922527][T20450] usb 5-1: device descriptor read/64, error -71
[ 1975.162286][T20450] usb 5-1: new low-speed USB device number 75 using dummy_hcd
[ 1975.514957][   T30] audit: type=1326 audit(1750894514.821:1909): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=28283 comm="syz.1.6317" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2f67f8e929 code=0x7fc00000
[ 1975.622196][   T30] audit: type=1326 audit(1750894514.841:1910): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=28283 comm="syz.1.6317" exe="/root/syz-executor" sig=0 arch=c000003e syscall=270 compat=0 ip=0x7f2f67f8e929 code=0x7fc00000
[ 1975.664111][   T30] audit: type=1326 audit(1750894514.841:1911): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=28283 comm="syz.1.6317" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2f67f8e929 code=0x7fc00000
[ 1975.672342][T20450] usb 5-1: device descriptor read/64, error -71
[ 1975.687474][   T30] audit: type=1326 audit(1750894514.841:1912): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=28283 comm="syz.1.6317" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2f67f8e929 code=0x7fc00000
[ 1975.721319][   T30] audit: type=1326 audit(1750894514.841:1913): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=28283 comm="syz.1.6317" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2f67f8e929 code=0x7fc00000
[ 1975.756581][   T30] audit: type=1326 audit(1750894514.841:1914): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=28283 comm="syz.1.6317" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2f67f8e929 code=0x7fc00000
[ 1975.783144][   T30] audit: type=1326 audit(1750894514.841:1915): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=28283 comm="syz.1.6317" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2f67f8e929 code=0x7fc00000
[ 1975.808821][   T30] audit: type=1326 audit(1750894514.841:1916): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=28283 comm="syz.1.6317" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2f67f8e929 code=0x7fc00000
[ 1975.830570][   T30] audit: type=1326 audit(1750894514.841:1917): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=28283 comm="syz.1.6317" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2f67f8e929 code=0x7fc00000
[ 1975.866302][T20450] usb usb5-port1: attempt power cycle
[ 1975.875581][T28309] xt_hashlimit: max too large, truncated to 1048576
[ 1976.232364][T20450] usb 5-1: new low-speed USB device number 76 using dummy_hcd
[ 1976.273007][T20450] usb 5-1: device descriptor read/8, error -71
[ 1976.340462][T28304] XFS (nullb0): Invalid superblock magic number
[ 1976.522332][T20450] usb 5-1: new low-speed USB device number 77 using dummy_hcd
[ 1976.539243][T28314] netdevsim netdevsim2: Direct firmware load for �J��n���gkN��q>�*x(O�@ēƙ�a�W��fV!����_�)�AD�I��w�C7�;�gB�|h�V`f�?:Vm�UWX:SZ;�˩6h?Ae���i��m�/���S��6��_C?�F failed with error -2
[ 1976.591985][T28314] netdevsim netdevsim2: Falling back to sysfs fallback for: �J��n���gkN��q>�*x(O�@ēƙ�a�W��fV!����_�)�AD�I��w�C7�;�gB�|h�V`f�?:Vm�UWX:SZ;�˩6h?Ae���i��m�/���S��6��_C?�F
[ 1976.596484][T20450] usb 5-1: device descriptor read/8, error -71
[ 1976.732752][T20450] usb usb5-port1: unable to enumerate USB device
[ 1976.784614][T28325] netlink: 'syz.0.6329': attribute type 6 has an invalid length.
[ 1980.524937][T28355] netlink: 28 bytes leftover after parsing attributes in process `syz.0.6339'.
[ 1981.290806][T28367] netdevsim netdevsim0: Direct firmware load for �J��n���gkN��q>�*x(O�@ēƙ�a�W��fV!����_�)�AD�I��w�C7�;�gB�|h�V`f�?:Vm�UWX:SZ;�˩6h?Ae���i��m�/���S��6��_C?�F failed with error -2
[ 1981.342194][T28367] netdevsim netdevsim0: Falling back to sysfs fallback for: �J��n���gkN��q>�*x(O�@ēƙ�a�W��fV!����_�)�AD�I��w�C7�;�gB�|h�V`f�?:Vm�UWX:SZ;�˩6h?Ae���i��m�/���S��6��_C?�F
[ 1981.360635][    C1] vkms_vblank_simulate: vblank timer overrun
[ 1986.268275][T28398] netlink: 68 bytes leftover after parsing attributes in process `syz.0.6349'.
[ 1989.267648][T28428] netdevsim netdevsim0: Direct firmware load for �J��n���gkN��q>�*x(O�@ēƙ�a�W��fV!����_�)�AD�I��w�C7�;�gB�|h�V`f�?:Vm�UWX:SZ;�˩6h?Ae���i��m�/���S��6��_C?�F failed with error -2
[ 1989.293715][T28428] netdevsim netdevsim0: Falling back to sysfs fallback for: �J��n���gkN��q>�*x(O�@ēƙ�a�W��fV!����_�)�AD�I��w�C7�;�gB�|h�V`f�?:Vm�UWX:SZ;�˩6h?Ae���i��m�/���S��6��_C?�F
[ 1992.601448][T28469] netlink: 12 bytes leftover after parsing attributes in process `syz.4.6369'.
[ 1994.270605][T28488] loop9: detected capacity change from 0 to 8
[ 1994.280257][T28488]  loop9: [CUMANA/ADFS] p1 [ADFS] p1
[ 1994.517827][T28494] netlink: 12 bytes leftover after parsing attributes in process `syz.4.6376'.
[ 1995.571124][T28488] loop9: partition table partially beyond EOD, truncated
[ 1995.615886][T28488] loop9: p1 size 81768186 extends beyond EOD, truncated
[ 1996.391026][T28488] sch_tbf: peakrate 8 is lower than or equals to rate 12 !
[ 1996.412178][   T30] kauditd_printk_skb: 58 callbacks suppressed
[ 1996.412194][   T30] audit: type=1326 audit(1750894535.711:1976): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=28477 comm="syz.1.6371" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2f67f8e929 code=0x7fc00000
[ 1996.441940][   T30] audit: type=1326 audit(1750894535.711:1977): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=28477 comm="syz.1.6371" exe="/root/syz-executor" sig=0 arch=c000003e syscall=270 compat=0 ip=0x7f2f67f8e929 code=0x7fc00000
[ 1996.464795][   T30] audit: type=1326 audit(1750894535.711:1978): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=28477 comm="syz.1.6371" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2f67f8e929 code=0x7fc00000
[ 1996.488708][   T30] audit: type=1326 audit(1750894535.711:1979): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=28477 comm="syz.1.6371" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2f67f8e929 code=0x7fc00000
[ 1996.514914][   T30] audit: type=1326 audit(1750894535.711:1980): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=28477 comm="syz.1.6371" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2f67f8e929 code=0x7fc00000
[ 1996.542228][   T30] audit: type=1326 audit(1750894535.711:1981): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=28477 comm="syz.1.6371" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2f67f8e929 code=0x7fc00000
[ 1996.571848][   T30] audit: type=1326 audit(1750894535.711:1982): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=28477 comm="syz.1.6371" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2f67f8e929 code=0x7fc00000
[ 1996.596551][   T30] audit: type=1326 audit(1750894535.711:1983): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=28477 comm="syz.1.6371" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2f67f8e929 code=0x7fc00000
[ 1996.623009][   T30] audit: type=1326 audit(1750894535.711:1984): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=28477 comm="syz.1.6371" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2f67f8e929 code=0x7fc00000
[ 1996.647159][   T30] audit: type=1326 audit(1750894535.711:1985): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=28477 comm="syz.1.6371" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2f67f8e929 code=0x7fc00000
[ 1997.922512][T28523] netlink: 28 bytes leftover after parsing attributes in process `syz.1.6384'.
[ 1998.847081][T28544] netlink: 12 bytes leftover after parsing attributes in process `syz.2.6392'.
[ 1999.120205][T28549] batadv_slave_1: entered promiscuous mode
[ 1999.175428][T28548] batadv_slave_1: left promiscuous mode
[ 1999.830025][T28556] netlink: 16 bytes leftover after parsing attributes in process `syz.1.6396'.
[ 2000.465972][T28575] netlink: 12 bytes leftover after parsing attributes in process `syz.1.6404'.
[ 2000.678471][T28581] batadv_slave_1: entered promiscuous mode
[ 2000.685836][T28580] batadv_slave_1: left promiscuous mode
[ 2001.367213][T28599] netlink: 12 bytes leftover after parsing attributes in process `syz.1.6413'.
[ 2001.577432][T28603] netdevsim netdevsim4: Direct firmware load for �J��n���gkN��q>�*x(O�@ēƙ�a�W��fV!����_�)�AD�I��w�C7�;�gB�|h�V`f�?:Vm�UWX:SZ;�˩6h?Ae���i��m�/���S��6��_C?�F failed with error -2
[ 2001.597427][T28603] netdevsim netdevsim4: Falling back to sysfs fallback for: �J��n���gkN��q>�*x(O�@ēƙ�a�W��fV!����_�)�AD�I��w�C7�;�gB�|h�V`f�?:Vm�UWX:SZ;�˩6h?Ae���i��m�/���S��6��_C?�F
[ 2004.515398][T28611] mkiss: ax0: crc mode is auto.
[ 2004.523733][T28614] batadv_slave_1: entered promiscuous mode
[ 2004.532014][T28613] batadv_slave_1: left promiscuous mode
[ 2004.902167][T20450] usb 4-1: new high-speed USB device number 47 using dummy_hcd
[ 2005.600524][T28630] F2FS-fs (nullb0): Magic Mismatch, valid(0xf2f52010) - read(0x0)
[ 2005.608655][T28630] F2FS-fs (nullb0): Can't find valid F2FS filesystem in 1th superblock
[ 2005.617458][T28630] F2FS-fs (nullb0): Magic Mismatch, valid(0xf2f52010) - read(0x0)
[ 2005.625319][T28630] F2FS-fs (nullb0): Can't find valid F2FS filesystem in 2th superblock
[ 2005.648374][T28630] netlink: 28 bytes leftover after parsing attributes in process `syz.4.6420'.
[ 2005.856809][T28624] netlink: 12 bytes leftover after parsing attributes in process `syz.0.6422'.
[ 2006.172134][T20450] usb 4-1: Using ep0 maxpacket: 8
[ 2007.037653][T20450] usb 4-1: New USB device found, idVendor=1557, idProduct=7720, bcdDevice=b7.eb
[ 2007.090808][T20450] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 2007.214708][T20450] usb 4-1: config 0 descriptor??
[ 2007.866594][T28655] batadv_slave_1: entered promiscuous mode
[ 2007.875470][T28654] batadv_slave_1: left promiscuous mode
[ 2008.257006][T20450] asix 4-1:0.0 (unnamed net_device) (uninitialized): Failed to read reg index 0x0000: -71
[ 2008.267358][T20450] asix 4-1:0.0: probe with driver asix failed with error -71
[ 2008.278342][T20450] usb 4-1: USB disconnect, device number 47
[ 2008.284350][ T5901] usb 5-1: new high-speed USB device number 78 using dummy_hcd
[ 2008.370702][T28664] netlink: 8 bytes leftover after parsing attributes in process `syz.2.6435'.
[ 2008.692111][ T5901] usb 5-1: Using ep0 maxpacket: 16
[ 2008.700913][ T5901] usb 5-1: too many configurations: 123, using maximum allowed: 8
[ 2008.727479][ T5901] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 2008.810014][ T5901] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 2008.904692][ T5901] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 2009.026744][ T5901] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 2009.169701][ T5901] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 2009.360576][ T5901] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 2009.381916][ T5901] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 2009.393465][ T5901] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 2009.404996][ T5901] usb 5-1: New USB device found, idVendor=05ac, idProduct=0244, bcdDevice= 0.00
[ 2009.414544][ T5901] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=45
[ 2009.422724][ T5901] usb 5-1: SerialNumber: syz
[ 2009.429931][ T5901] usb 5-1: config 0 descriptor??
[ 2009.442714][ T5901] input: bcm5974 as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/input/input16
[ 2009.478449][T28684] batadv_slave_1: entered promiscuous mode
[ 2009.493889][T28683] batadv_slave_1: left promiscuous mode
[ 2010.178890][T28677] netdevsim netdevsim3: Direct firmware load for �J��n���gkN��q>�*x(O�@ēƙ�a�W��fV!����_�)�AD�I��w�C7�;�gB�|h�V`f�?:Vm�UWX:SZ;�˩6h?Ae���i��m�/���S��6��_C?�F failed with error -2
[ 2010.198904][T28677] netdevsim netdevsim3: Falling back to sysfs fallback for: �J��n���gkN��q>�*x(O�@ēƙ�a�W��fV!����_�)�AD�I��w�C7�;�gB�|h�V`f�?:Vm�UWX:SZ;�˩6h?Ae���i��m�/���S��6��_C?�F
[ 2012.365900][T25084] usb 5-1: USB disconnect, device number 78
[ 2012.592823][ T5175] bcm5974 5-1:0.0: could not read from device
[ 2014.283864][T28719] batadv_slave_1: entered promiscuous mode
[ 2014.308159][T28718] batadv_slave_1: left promiscuous mode
[ 2014.568890][T28728] netlink: 12 bytes leftover after parsing attributes in process `syz.1.6458'.
[ 2014.902787][T28739] netdevsim netdevsim4: Direct firmware load for �J��n���gkN��q>�*x(O�@ēƙ�a�W��fV!����_�)�AD�I��w�C7�;�gB�|h�V`f�?:Vm�UWX:SZ;�˩6h?Ae���i��m�/���S��6��_C?�F failed with error -2
[ 2014.923198][T28739] netdevsim netdevsim4: Falling back to sysfs fallback for: �J��n���gkN��q>�*x(O�@ēƙ�a�W��fV!����_�)�AD�I��w�C7�;�gB�|h�V`f�?:Vm�UWX:SZ;�˩6h?Ae���i��m�/���S��6��_C?�F
[ 2016.592736][T28745] netlink: 8 bytes leftover after parsing attributes in process `syz.1.6462'.
[ 2018.005229][T28750] batadv_slave_1: entered promiscuous mode
[ 2018.014490][T28749] batadv_slave_1: left promiscuous mode
[ 2018.156132][T28759] netlink: 36 bytes leftover after parsing attributes in process `syz.4.6469'.
[ 2018.182389][T28759] netlink: 24 bytes leftover after parsing attributes in process `syz.4.6469'.
[ 2018.315856][T28766] netlink: 12 bytes leftover after parsing attributes in process `syz.0.6470'.
[ 2018.511283][T28765] batman_adv: Cannot find parent device. Skipping batadv-on-batadv check for gretap2
[ 2019.412411][T28782] loop6: detected capacity change from 0 to 524287999
[ 2019.432595][T28782] buffer_io_error: 22 callbacks suppressed
[ 2019.432614][T28782] Buffer I/O error on dev loop6, logical block 0, async page read
[ 2019.464264][T28782] Buffer I/O error on dev loop6, logical block 0, async page read
[ 2019.484878][T28782] Buffer I/O error on dev loop6, logical block 0, async page read
[ 2019.564693][T28782] Buffer I/O error on dev loop6, logical block 0, async page read
[ 2019.587950][T28782] Buffer I/O error on dev loop6, logical block 0, async page read
[ 2019.642332][T28782] Buffer I/O error on dev loop6, logical block 0, async page read
[ 2019.647793][T28790] netlink: 8 bytes leftover after parsing attributes in process `syz.0.6475'.
[ 2019.650328][T28782] Buffer I/O error on dev loop6, logical block 0, async page read
[ 2019.697543][T28788] batadv_slave_1: entered promiscuous mode
[ 2019.712689][T28782] Buffer I/O error on dev loop6, logical block 0, async page read
[ 2019.722005][T28782] ldm_validate_partition_table(): Disk read failed.
[ 2019.731270][T28782] Buffer I/O error on dev loop6, logical block 0, async page read
[ 2019.739819][T28786] batadv_slave_1: left promiscuous mode
[ 2020.082553][T28782] Buffer I/O error on dev loop6, logical block 0, async page read
[ 2020.762271][T28782] Dev loop6: unable to read RDB block 0
[ 2020.903273][T28782]  loop6: unable to read partition table
[ 2020.911462][T28782] loop_reread_partitions: partition scan of loop6 (3��x��C�

) failed (rc=-5)
[ 2020.922644][T28784] ldm_validate_partition_table(): Disk read failed.
[ 2020.929593][T28784] Dev loop6: unable to read RDB block 0
[ 2020.942377][T28784]  loop6: unable to read partition table
[ 2020.948227][T28784] loop_reread_partitions: partition scan of loop6 (3��x��C�

) failed (rc=-5)
[ 2021.835920][T28809] ldm_validate_partition_table(): Disk read failed.
[ 2021.861013][T28809] Dev loop6: unable to read RDB block 0
[ 2021.872755][T28809]  loop6: unable to read partition table
[ 2021.923354][T28809] loop_reread_partitions: partition scan of loop6 (3��x��C�

) failed (rc=-5)
[ 2021.971255][T28811] netlink: 8 bytes leftover after parsing attributes in process `syz.4.6485'.
[ 2022.384245][T28820] netlink: 12 bytes leftover after parsing attributes in process `syz.3.6486'.
[ 2023.257550][T28825] batadv_slave_1: entered promiscuous mode
[ 2023.270186][T28824] batadv_slave_1: left promiscuous mode
[ 2023.273448][T28823] netlink: 12 bytes leftover after parsing attributes in process `syz.2.6490'.
[ 2023.334649][T28829] netlink: 12 bytes leftover after parsing attributes in process `syz.2.6493'.
[ 2023.477325][T28831] netlink: 12 bytes leftover after parsing attributes in process `syz.4.6492'.
[ 2024.286336][T28836] FAULT_INJECTION: forcing a failure.
[ 2024.286336][T28836] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 2024.299532][T28836] CPU: 0 UID: 0 PID: 28836 Comm: syz.3.6495 Not tainted 6.16.0-rc3-syzkaller-00057-g92ca6c498a5e #0 PREEMPT(full) 
[ 2024.299558][T28836] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 2024.299569][T28836] Call Trace:
[ 2024.299577][T28836]  <TASK>
[ 2024.299586][T28836]  dump_stack_lvl+0x189/0x250
[ 2024.299615][T28836]  ? __pfx____ratelimit+0x10/0x10
[ 2024.299639][T28836]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 2024.299662][T28836]  ? __pfx__printk+0x10/0x10
[ 2024.299687][T28836]  ? __might_fault+0xb0/0x130
[ 2024.299719][T28836]  should_fail_ex+0x414/0x560
[ 2024.299745][T28836]  _copy_from_user+0x2d/0xb0
[ 2024.299763][T28836]  do_semtimedop+0x1ce/0x2d0
[ 2024.299859][T28836]  ? __pfx_do_semtimedop+0x10/0x10
[ 2024.299920][T28836]  ? __pfx_ksys_write+0x10/0x10
[ 2024.299936][T28836]  ? rcu_is_watching+0x15/0xb0
[ 2024.299964][T28836]  ? do_syscall_64+0xbe/0x3b0
[ 2024.299991][T28836]  do_syscall_64+0xfa/0x3b0
[ 2024.300012][T28836]  ? lockdep_hardirqs_on+0x9c/0x150
[ 2024.300033][T28836]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 2024.300049][T28836]  ? clear_bhb_loop+0x60/0xb0
[ 2024.300070][T28836]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 2024.300086][T28836] RIP: 0033:0x7fae00f8e929
[ 2024.300102][T28836] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 2024.300118][T28836] RSP: 002b:00007fae01d1a038 EFLAGS: 00000246 ORIG_RAX: 0000000000000041
[ 2024.300137][T28836] RAX: ffffffffffffffda RBX: 00007fae011b5fa0 RCX: 00007fae00f8e929
[ 2024.300150][T28836] RDX: 0000000000000002 RSI: 0000200000000000 RDI: 0000000000000000
[ 2024.300161][T28836] RBP: 00007fae01d1a090 R08: 0000000000000000 R09: 0000000000000000
[ 2024.300172][T28836] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 2024.300182][T28836] R13: 0000000000000000 R14: 00007fae011b5fa0 R15: 00007ffef6ec1ca8
[ 2024.300210][T28836]  </TASK>
[ 2025.258004][T28845] netlink: 68 bytes leftover after parsing attributes in process `syz.3.6498'.
[ 2025.439727][T28854] IPVS: sync thread started: state = MASTER, mcast_ifn = veth0_virt_wifi, syncid = 33554432, id = 0
[ 2026.045154][T28859] loop6: detected capacity change from 0 to 524287999
[ 2026.059838][T28859] buffer_io_error: 38 callbacks suppressed
[ 2026.059875][T28859] Buffer I/O error on dev loop6, logical block 0, async page read
[ 2026.078042][T28859] Buffer I/O error on dev loop6, logical block 0, async page read
[ 2026.087555][T28859] Buffer I/O error on dev loop6, logical block 0, async page read
[ 2026.107983][T28859] Buffer I/O error on dev loop6, logical block 0, async page read
[ 2026.116970][T28859] Buffer I/O error on dev loop6, logical block 0, async page read
[ 2026.133537][T28859] Buffer I/O error on dev loop6, logical block 0, async page read
[ 2026.142258][T28859] Buffer I/O error on dev loop6, logical block 0, async page read
[ 2026.152194][T28859] Buffer I/O error on dev loop6, logical block 0, async page read
[ 2026.166465][T28859] ldm_validate_partition_table(): Disk read failed.
[ 2026.173400][T28859] Buffer I/O error on dev loop6, logical block 0, async page read
[ 2026.182165][T28859] Buffer I/O error on dev loop6, logical block 0, async page read
[ 2026.195598][T28859] Dev loop6: unable to read RDB block 0
[ 2026.204600][T28859]  loop6: unable to read partition table
[ 2026.212596][T28859] loop_reread_partitions: partition scan of loop6 (3��x��C�

) failed (rc=-5)
[ 2026.467643][T28863] netlink: 8 bytes leftover after parsing attributes in process `syz.2.6503'.
[ 2026.583289][T28859] netlink: 8 bytes leftover after parsing attributes in process `syz.4.6501'.
[ 2026.583468][T28862] ldm_validate_partition_table(): Disk read failed.
[ 2026.610077][T28862] Dev loop6: unable to read RDB block 0
[ 2026.617481][T28862]  loop6: unable to read partition table
[ 2026.626696][T28862] loop_reread_partitions: partition scan of loop6 (3��x��C�

) failed (rc=-5)
[ 2027.323070][T28871] netlink: 12 bytes leftover after parsing attributes in process `syz.2.6505'.
[ 2027.445440][T28874] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 2027.911466][T28875] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 2028.129432][T28882] batadv_slave_1: entered promiscuous mode
[ 2028.276335][T28881] batadv_slave_1: left promiscuous mode
[ 2028.350929][T28878] batman_adv: Cannot find parent device. Skipping batadv-on-batadv check for gretap1
[ 2028.472675][T28884] netlink: 8 bytes leftover after parsing attributes in process `syz.2.6508'.
[ 2028.518295][T28884] openvswitch: netlink: Missing key (keys=40, expected=100)
[ 2029.394879][T28901] XFS (nullb0): Invalid superblock magic number
[ 2029.720757][T28905] loop6: detected capacity change from 0 to 524287999
[ 2030.531558][T28905] ldm_validate_partition_table(): Disk read failed.
[ 2030.538712][T28905] Dev loop6: unable to read RDB block 0
[ 2030.720882][T28922] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 2030.788561][T28899] netlink: 8 bytes leftover after parsing attributes in process `syz.3.6515'.
[ 2030.853023][T28928] batadv_slave_1: entered promiscuous mode
[ 2030.861204][T28926] batadv_slave_1: left promiscuous mode
[ 2031.147242][T28905] buffer_io_error: 36 callbacks suppressed
[ 2031.147256][T28905] Buffer I/O error on dev loop6, logical block 0, async page read
[ 2031.950946][T28905] Buffer I/O error on dev loop6, logical block 0, async page read
[ 2032.146880][T28938] batman_adv: Cannot find parent device. Skipping batadv-on-batadv check for gretap1
[ 2032.197562][T28905]  loop6: unable to read partition table
[ 2032.208395][T28905] loop_reread_partitions: partition scan of loop6 (3��x��C�

) failed (rc=-5)
[ 2032.251370][T28947] netlink: 4 bytes leftover after parsing attributes in process `syz.4.6526'.
[ 2032.265476][T28943] netlink: 8 bytes leftover after parsing attributes in process `syz.2.6525'.
[ 2032.275118][T28943] openvswitch: netlink: Missing key (keys=40, expected=100)
[ 2032.291251][T28947] netlink: 12 bytes leftover after parsing attributes in process `syz.4.6526'.
[ 2033.438457][T28963] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 2033.672706][  T979] usb 5-1: new full-speed USB device number 79 using dummy_hcd
[ 2033.925977][  T979] usb 5-1: unable to get BOS descriptor or descriptor too short
[ 2033.959411][  T979] usb 5-1: not running at top speed; connect to a high speed hub
[ 2034.000470][  T979] usb 5-1: config 1 interface 0 altsetting 222 endpoint 0x81 has invalid maxpacket 1023, setting to 64
[ 2034.081938][  T979] usb 5-1: config 1 interface 0 has no altsetting 0
[ 2034.179842][  T979] usb 5-1: New USB device found, idVendor=0c45, idProduct=5112, bcdDevice= 0.40
[ 2034.189237][T28971] batadv_slave_1: entered promiscuous mode
[ 2034.208011][T28969] batadv_slave_1: left promiscuous mode
[ 2034.225920][  T979] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 2034.241786][  T979] usb 5-1: Product: syz
[ 2034.251879][  T979] usb 5-1: Manufacturer: syz
[ 2034.257474][  T979] usb 5-1: SerialNumber: syz
[ 2034.271858][T28961] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22
[ 2034.497527][T28961] netlink: 'syz.4.6530': attribute type 27 has an invalid length.
[ 2034.577336][  T979] usbhid 5-1:1.0: can't add hid device: -71
[ 2034.591670][  T979] usbhid 5-1:1.0: probe with driver usbhid failed with error -71
[ 2034.613631][  T979] usb 5-1: USB disconnect, device number 79
[ 2034.852417][T28992] netdevsim netdevsim1: Direct firmware load for �J��n���gkN��q>�*x(O�@ēƙ�a�W��fV!����_�)�AD�I��w�C7�;�gB�|h�V`f�?:Vm�UWX:SZ;�˩6h?Ae���i��m�/���S��6��_C?�F failed with error -2
[ 2034.871870][T28992] netdevsim netdevsim1: Falling back to sysfs fallback for: �J��n���gkN��q>�*x(O�@ēƙ�a�W��fV!����_�)�AD�I��w�C7�;�gB�|h�V`f�?:Vm�UWX:SZ;�˩6h?Ae���i��m�/���S��6��_C?�F
[ 2036.401699][T29005] netlink: 8 bytes leftover after parsing attributes in process `syz.2.6545'.
[ 2036.545203][T29008] batadv_slave_1: entered promiscuous mode
[ 2036.555082][T29007] batadv_slave_1: left promiscuous mode
[ 2036.765618][T29017] FAULT_INJECTION: forcing a failure.
[ 2036.765618][T29017] name fail_futex, interval 1, probability 0, space 0, times 1
[ 2036.793094][T29016] netlink: 'syz.2.6550': attribute type 10 has an invalid length.
[ 2036.832169][ T5901] usb 5-1: new high-speed USB device number 80 using dummy_hcd
[ 2037.049987][T29017] CPU: 0 UID: 0 PID: 29017 Comm: syz.0.6548 Not tainted 6.16.0-rc3-syzkaller-00057-g92ca6c498a5e #0 PREEMPT(full) 
[ 2037.050016][T29017] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 2037.050028][T29017] Call Trace:
[ 2037.050035][T29017]  <TASK>
[ 2037.050043][T29017]  dump_stack_lvl+0x189/0x250
[ 2037.050072][T29017]  ? __pfx____ratelimit+0x10/0x10
[ 2037.050096][T29017]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 2037.050119][T29017]  ? __pfx__printk+0x10/0x10
[ 2037.050150][T29017]  should_fail_ex+0x414/0x560
[ 2037.050176][T29017]  get_futex_key+0x1a8/0x1640
[ 2037.050205][T29017]  ? look_up_lock_class+0x74/0x170
[ 2037.050232][T29017]  ? __pfx_get_futex_key+0x10/0x10
[ 2037.050257][T29017]  ? __lock_acquire+0xab9/0xd20
[ 2037.050297][T29017]  futex_wake+0xf8/0x560
[ 2037.050324][T29017]  ? __pfx_futex_wake+0x10/0x10
[ 2037.050347][T29017]  ? __lock_acquire+0xab9/0xd20
[ 2037.050378][T29017]  do_futex+0x395/0x420
[ 2037.050401][T29017]  ? __pfx_do_futex+0x10/0x10
[ 2037.050421][T29017]  ? __might_fault+0xb0/0x130
[ 2037.050444][T29017]  mm_release+0x188/0x390
[ 2037.050467][T29017]  ? __pfx_mm_release+0x10/0x10
[ 2037.050488][T29017]  ? lockdep_hardirqs_on+0x9c/0x150
[ 2037.050521][T29017]  exit_mm+0xa8/0x2c0
[ 2037.050542][T29017]  ? __pfx_exit_mm+0x10/0x10
[ 2037.050563][T29017]  ? rcu_is_watching+0x15/0xb0
[ 2037.050590][T29017]  do_exit+0x648/0x22e0
[ 2037.050614][T29017]  ? cgroup_freezing+0x20/0x360
[ 2037.050633][T29017]  ? __pfx_do_exit+0x10/0x10
[ 2037.050652][T29017]  ? cgroup_freezing+0x20/0x360
[ 2037.050669][T29017]  ? cgroup_freezing+0x20/0x360
[ 2037.050685][T29017]  ? cgroup_freezing+0x20/0x360
[ 2037.050712][T29017]  do_group_exit+0x21c/0x2d0
[ 2037.050730][T29017]  ? lockdep_hardirqs_on+0x9c/0x150
[ 2037.050754][T29017]  get_signal+0x125e/0x1310
[ 2037.050798][T29017]  arch_do_signal_or_restart+0x9a/0x750
[ 2037.050821][T29017]  ? __fget_files+0x2a/0x420
[ 2037.050844][T29017]  ? __pfx_arch_do_signal_or_restart+0x10/0x10
[ 2037.050879][T29017]  ? exit_to_user_mode_loop+0x40/0x110
[ 2037.050902][T29017]  exit_to_user_mode_loop+0x75/0x110
[ 2037.050922][T29017]  do_syscall_64+0x2bd/0x3b0
[ 2037.050943][T29017]  ? lockdep_hardirqs_on+0x9c/0x150
[ 2037.050964][T29017]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 2037.050981][T29017]  ? clear_bhb_loop+0x60/0xb0
[ 2037.051001][T29017]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 2037.051017][T29017] RIP: 0033:0x7f5f7b18e929
[ 2037.051032][T29017] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 2037.051047][T29017] RSP: 002b:00007f5f7bf7b038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[ 2037.051065][T29017] RAX: fffffffffffffe00 RBX: 00007f5f7b3b6160 RCX: 00007f5f7b18e929
[ 2037.051078][T29017] RDX: 0000000000000048 RSI: 0000200000000200 RDI: 0000000000000007
[ 2037.051088][T29017] RBP: 00007f5f7bf7b090 R08: 0000000000000000 R09: 0000000000000000
[ 2037.051098][T29017] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 2037.051107][T29017] R13: 0000000000000001 R14: 00007f5f7b3b6160 R15: 00007ffc9c1ff668
[ 2037.051132][T29017]  </TASK>
[ 2037.542270][ T5901] usb 5-1: Using ep0 maxpacket: 32
[ 2037.549958][ T5901] usb 5-1: config 0 has an invalid interface number: 51 but max is 0
[ 2037.558302][ T5901] usb 5-1: config 0 has no interface number 0
[ 2037.567023][ T5901] usb 5-1: New USB device found, idVendor=061d, idProduct=c150, bcdDevice=ce.6f
[ 2037.576162][ T5901] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 2037.584230][ T5901] usb 5-1: Product: syz
[ 2037.588397][ T5901] usb 5-1: Manufacturer: syz
[ 2037.593428][ T5901] usb 5-1: SerialNumber: syz
[ 2037.608391][ T5901] usb 5-1: config 0 descriptor??
[ 2037.619307][ T5901] quatech2 5-1:0.51: Quatech 2nd gen USB to Serial Driver converter detected
[ 2037.649938][T29027] netlink: 28 bytes leftover after parsing attributes in process `syz.3.6549'.
[ 2037.802177][T29029] netlink: 28 bytes leftover after parsing attributes in process `syz.2.6553'.
[ 2038.188290][T29027] netlink: 28 bytes leftover after parsing attributes in process `syz.3.6549'.
[ 2038.278652][ T5901] usb 5-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB0
[ 2038.297637][ T5901] usb 5-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB1
[ 2038.964846][    C0] usb 5-1: qt2_read_bulk_callback - non-zero urb status: -71
[ 2038.965759][  T979] usb 5-1: USB disconnect, device number 80
[ 2038.993188][  T979] quatech-serial ttyUSB0: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB0
[ 2039.011433][  T979] quatech-serial ttyUSB1: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB1
[ 2039.161433][  T979] quatech2 5-1:0.51: device disconnected
[ 2041.712406][   T30] kauditd_printk_skb: 61 callbacks suppressed
[ 2041.712422][   T30] audit: type=1326 audit(1750894581.021:2047): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=29052 comm="syz.4.6561" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd9fa78e929 code=0x7fc00000
[ 2041.742915][T29063] xt_hashlimit: max too large, truncated to 1048576
[ 2041.831578][T29067] F2FS-fs (nullb0): Magic Mismatch, valid(0xf2f52010) - read(0x0)
[ 2041.841460][T29067] F2FS-fs (nullb0): Can't find valid F2FS filesystem in 1th superblock
[ 2041.851002][T29067] F2FS-fs (nullb0): Magic Mismatch, valid(0xf2f52010) - read(0x0)
[ 2041.858927][T29067] F2FS-fs (nullb0): Can't find valid F2FS filesystem in 2th superblock
[ 2042.368407][   T30] audit: type=1326 audit(1750894581.021:2048): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=29052 comm="syz.4.6561" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd9fa78e929 code=0x7fc00000
[ 2042.390178][   T30] audit: type=1326 audit(1750894581.021:2049): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=29052 comm="syz.4.6561" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd9fa78e929 code=0x7fc00000
[ 2042.412392][   T30] audit: type=1326 audit(1750894581.021:2050): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=29052 comm="syz.4.6561" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd9fa78e929 code=0x7fc00000
[ 2042.440042][   T30] audit: type=1326 audit(1750894581.021:2051): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=29052 comm="syz.4.6561" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd9fa78e929 code=0x7fc00000
[ 2042.472834][   T30] audit: type=1326 audit(1750894581.021:2052): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=29052 comm="syz.4.6561" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd9fa78e929 code=0x7fc00000
[ 2042.499753][   T30] audit: type=1326 audit(1750894581.021:2053): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=29052 comm="syz.4.6561" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd9fa78e929 code=0x7fc00000
[ 2042.532256][   T30] audit: type=1326 audit(1750894581.021:2054): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=29052 comm="syz.4.6561" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd9fa78e929 code=0x7fc00000
[ 2042.567408][   T30] audit: type=1326 audit(1750894581.021:2055): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=29052 comm="syz.4.6561" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd9fa78e929 code=0x7fc00000
[ 2042.602162][   T30] audit: type=1326 audit(1750894581.021:2056): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=29052 comm="syz.4.6561" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd9fa78e929 code=0x7fc00000
[ 2043.102272][  T979] usb 5-1: new high-speed USB device number 81 using dummy_hcd
[ 2043.301275][  T979] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 226, changing to 11
[ 2043.620518][  T979] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 34456, setting to 1024
[ 2043.663540][  T979] usb 5-1: New USB device found, idVendor=0d8c, idProduct=0022, bcdDevice= 0.00
[ 2043.690761][  T979] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 2043.718666][  T979] usb 5-1: config 0 descriptor??
[ 2043.900356][T29084] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22
[ 2044.704715][  T979] cm6533_jd 0003:0D8C:0022.000D: unknown main item tag 0x0
[ 2044.719756][  T979] cm6533_jd 0003:0D8C:0022.000D: item fetching failed at offset 4/5
[ 2044.736756][  T979] cm6533_jd 0003:0D8C:0022.000D: parse failed
[ 2044.752468][  T979] cm6533_jd 0003:0D8C:0022.000D: probe with driver cm6533_jd failed with error -22
[ 2044.910273][ T5901] usb 5-1: USB disconnect, device number 81
[ 2045.027024][T29077] netlink: 28 bytes leftover after parsing attributes in process `syz.3.6566'.
[ 2045.142398][T29103] netlink: 8 bytes leftover after parsing attributes in process `syz.2.6576'.
[ 2046.385142][T29115] F2FS-fs (nullb0): Magic Mismatch, valid(0xf2f52010) - read(0x0)
[ 2046.393281][T29115] F2FS-fs (nullb0): Can't find valid F2FS filesystem in 1th superblock
[ 2046.402976][T29115] F2FS-fs (nullb0): Magic Mismatch, valid(0xf2f52010) - read(0x0)
[ 2046.410853][T29115] F2FS-fs (nullb0): Can't find valid F2FS filesystem in 2th superblock
[ 2047.219491][T29121] netlink: 104 bytes leftover after parsing attributes in process `syz.0.6582'.
[ 2047.302734][T25084] usb 5-1: new high-speed USB device number 82 using dummy_hcd
[ 2047.355761][T29121] input: syz0 as /devices/virtual/input/input18
[ 2047.363009][T29124] netlink: 28 bytes leftover after parsing attributes in process `syz.0.6582'.
[ 2047.506547][T25084] usb 5-1: New USB device found, idVendor=0403, idProduct=6010, bcdDevice=c6.98
[ 2047.535969][T25084] usb 5-1: New USB device strings: Mfr=14, Product=0, SerialNumber=0
[ 2047.612437][T25084] usb 5-1: Manufacturer: syz
[ 2047.690762][T25084] usb 5-1: config 0 descriptor??
[ 2047.714059][T25084] ftdi_sio 5-1:0.0: FTDI USB Serial Device converter detected
[ 2047.738006][T25084] ftdi_sio ttyUSB0: unknown device type: 0xc698
[ 2047.946589][  T979] usb 5-1: USB disconnect, device number 82
[ 2047.958697][  T979] ftdi_sio 5-1:0.0: device disconnected
[ 2048.507706][T29140] netlink: 48 bytes leftover after parsing attributes in process `syz.3.6584'.
[ 2048.921797][T29131] netlink: 12 bytes leftover after parsing attributes in process `syz.0.6585'.
[ 2049.343120][T29141] netlink: 12 bytes leftover after parsing attributes in process `syz.1.6587'.
[ 2049.703965][T29147] ALSA: mixer_oss: invalid OSS volume ''
[ 2050.032706][T29160] F2FS-fs (nullb0): Magic Mismatch, valid(0xf2f52010) - read(0x0)
[ 2050.040694][T29160] F2FS-fs (nullb0): Can't find valid F2FS filesystem in 1th superblock
[ 2050.052116][T29160] F2FS-fs (nullb0): Magic Mismatch, valid(0xf2f52010) - read(0x0)
[ 2050.060064][T29160] F2FS-fs (nullb0): Can't find valid F2FS filesystem in 2th superblock
[ 2050.614323][T29158] netlink: 8 bytes leftover after parsing attributes in process `syz.3.6588'.
[ 2050.717146][T29163] netlink: 36 bytes leftover after parsing attributes in process `syz.2.6593'.
[ 2050.729372][T29163] netlink: 24 bytes leftover after parsing attributes in process `syz.2.6593'.
[ 2050.741133][T29158] openvswitch: netlink: Missing key (keys=40, expected=100)
[ 2050.927210][T29147] batman_adv: Cannot find parent device. Skipping batadv-on-batadv check for gretap1
[ 2050.932013][T29172] loop6: detected capacity change from 0 to 524287999
[ 2051.032828][T29173] FAULT_INJECTION: forcing a failure.
[ 2051.032828][T29173] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 2051.046012][T29173] CPU: 1 UID: 0 PID: 29173 Comm: syz.0.6595 Not tainted 6.16.0-rc3-syzkaller-00057-g92ca6c498a5e #0 PREEMPT(full) 
[ 2051.046037][T29173] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 2051.046048][T29173] Call Trace:
[ 2051.046056][T29173]  <TASK>
[ 2051.046064][T29173]  dump_stack_lvl+0x189/0x250
[ 2051.046093][T29173]  ? __pfx____ratelimit+0x10/0x10
[ 2051.046116][T29173]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 2051.046139][T29173]  ? __pfx__printk+0x10/0x10
[ 2051.046153][T29173]  ? lock_acquire+0x175/0x360
[ 2051.046189][T29173]  should_fail_ex+0x414/0x560
[ 2051.046214][T29173]  _copy_from_iter+0x1db/0x16f0
[ 2051.046241][T29173]  ? rcu_is_watching+0x15/0xb0
[ 2051.046265][T29173]  ? kmem_cache_alloc_node_noprof+0x217/0x3c0
[ 2051.046287][T29173]  ? __pfx__copy_from_iter+0x10/0x10
[ 2051.046312][T29173]  ? __build_skb_around+0x257/0x3e0
[ 2051.046334][T29173]  ? netlink_sendmsg+0x642/0xb30
[ 2051.046351][T29173]  ? skb_put+0x11b/0x210
[ 2051.046373][T29173]  netlink_sendmsg+0x6b2/0xb30
[ 2051.046400][T29173]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 2051.046429][T29173]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 2051.046449][T29173]  __sock_sendmsg+0x219/0x270
[ 2051.046475][T29173]  ____sys_sendmsg+0x505/0x830
[ 2051.046500][T29173]  ? __pfx_____sys_sendmsg+0x10/0x10
[ 2051.046529][T29173]  ? import_iovec+0x74/0xa0
[ 2051.046549][T29173]  ___sys_sendmsg+0x21f/0x2a0
[ 2051.046571][T29173]  ? __pfx____sys_sendmsg+0x10/0x10
[ 2051.046627][T29173]  ? __fget_files+0x2a/0x420
[ 2051.046646][T29173]  ? __fget_files+0x3a0/0x420
[ 2051.046678][T29173]  __x64_sys_sendmsg+0x19b/0x260
[ 2051.046700][T29173]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[ 2051.046752][T29173]  do_syscall_64+0xfa/0x3b0
[ 2051.046777][T29173]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 2051.046793][T29173]  ? asm_sysvec_reschedule_ipi+0x1a/0x20
[ 2051.046810][T29173]  ? clear_bhb_loop+0x60/0xb0
[ 2051.046831][T29173]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 2051.046847][T29173] RIP: 0033:0x7f5f7b18e929
[ 2051.046863][T29173] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 2051.046879][T29173] RSP: 002b:00007f5f7bf7b038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 2051.046897][T29173] RAX: ffffffffffffffda RBX: 00007f5f7b3b6160 RCX: 00007f5f7b18e929
[ 2051.046910][T29173] RDX: 0000000004004010 RSI: 0000200000000000 RDI: 0000000000000003
[ 2051.046922][T29173] RBP: 00007f5f7bf7b090 R08: 0000000000000000 R09: 0000000000000000
[ 2051.046933][T29173] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 2051.046944][T29173] R13: 0000000000000000 R14: 00007f5f7b3b6160 R15: 00007ffc9c1ff668
[ 2051.046972][T29173]  </TASK>
[ 2051.748348][T29172] Buffer I/O error on dev loop6, logical block 0, async page read
[ 2051.757606][T29172] Buffer I/O error on dev loop6, logical block 0, async page read
[ 2051.766409][T29172] Buffer I/O error on dev loop6, logical block 0, async page read
[ 2051.775559][T29172] Buffer I/O error on dev loop6, logical block 0, async page read
[ 2051.795520][T29172] Buffer I/O error on dev loop6, logical block 0, async page read
[ 2052.695861][T29172] Buffer I/O error on dev loop6, logical block 0, async page read
[ 2052.705358][T29176] netlink: 8 bytes leftover after parsing attributes in process `syz.4.6594'.
[ 2052.705454][T29172] Buffer I/O error on dev loop6, logical block 0, async page read
[ 2052.798245][T29172] Buffer I/O error on dev loop6, logical block 0, async page read
[ 2052.831372][T29172] ldm_validate_partition_table(): Disk read failed.
[ 2052.838403][T29172] Buffer I/O error on dev loop6, logical block 0, async page read
[ 2052.846374][T29172] Buffer I/O error on dev loop6, logical block 0, async page read
[ 2052.869477][T29172] Dev loop6: unable to read RDB block 0
[ 2052.889174][T29172]  loop6: unable to read partition table
[ 2052.899148][T29172] loop_reread_partitions: partition scan of loop6 (3��x��C�

) failed (rc=-5)
[ 2053.105911][T29190] netdevsim netdevsim2: Direct firmware load for �J��n���gkN��q>�*x(O�@ēƙ�a�W��fV!����_�)�AD�I��w�C7�;�gB�|h�V`f�?:Vm�UWX:SZ;�˩6h?Ae���i��m�/���S��6��_C?�F failed with error -2
[ 2053.125526][T29190] netdevsim netdevsim2: Falling back to sysfs fallback for: �J��n���gkN��q>�*x(O�@ēƙ�a�W��fV!����_�)�AD�I��w�C7�;�gB�|h�V`f�?:Vm�UWX:SZ;�˩6h?Ae���i��m�/���S��6��_C?�F
[ 2054.600651][T29205] netlink: 28 bytes leftover after parsing attributes in process `syz.0.6602'.
[ 2054.612939][T29205] netlink: 8 bytes leftover after parsing attributes in process `syz.0.6602'.
[ 2054.640822][T29205] netlink: 'syz.0.6602': attribute type 10 has an invalid length.
[ 2054.650151][T29205] bridge0: port 4(team0) entered blocking state
[ 2054.679755][T29205] bridge0: port 4(team0) entered disabled state
[ 2054.697352][T29205] team0: entered allmulticast mode
[ 2054.719611][T29205] team_slave_0: entered allmulticast mode
[ 2054.744449][T29205] team0: entered promiscuous mode
[ 2054.749531][T29205] team_slave_0: entered promiscuous mode
[ 2054.775286][T29205] bridge0: port 4(team0) entered blocking state
[ 2054.781811][T29205] bridge0: port 4(team0) entered forwarding state
[ 2055.074644][T29213] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 2055.504660][T29219] netlink: 12 bytes leftover after parsing attributes in process `syz.2.6609'.
[ 2055.636340][T29223] F2FS-fs (nullb0): Magic Mismatch, valid(0xf2f52010) - read(0x0)
[ 2055.644525][T29223] F2FS-fs (nullb0): Can't find valid F2FS filesystem in 1th superblock
[ 2055.655446][T29223] F2FS-fs (nullb0): Magic Mismatch, valid(0xf2f52010) - read(0x0)
[ 2055.663591][T29223] F2FS-fs (nullb0): Can't find valid F2FS filesystem in 2th superblock
[ 2057.800586][T29245] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore
[ 2058.314353][T29245] overlayfs: option "index=on" is useless in a non-upper mount, ignore
[ 2058.331394][T29245] overlayfs: missing 'lowerdir'
[ 2058.491516][T29252] netdevsim netdevsim3: Direct firmware load for �J��n���gkN��q>�*x(O�@ēƙ�a�W��fV!����_�)�AD�I��w�C7�;�gB�|h�V`f�?:Vm�UWX:SZ;�˩6h?Ae���i��m�/���S��6��_C?�F failed with error -2
[ 2058.511001][T29252] netdevsim netdevsim3: Falling back to sysfs fallback for: �J��n���gkN��q>�*x(O�@ēƙ�a�W��fV!����_�)�AD�I��w�C7�;�gB�|h�V`f�?:Vm�UWX:SZ;�˩6h?Ae���i��m�/���S��6��_C?�F
[ 2059.360812][T29255] XFS (nullb0): Invalid superblock magic number
[ 2059.456588][T29255] xt_hashlimit: max too large, truncated to 1048576
[ 2061.155493][T29275] netlink: 20 bytes leftover after parsing attributes in process `syz.2.6623'.
[ 2061.280261][T29277] xt_hashlimit: max too large, truncated to 1048576
[ 2061.417471][T29279] QAT: failed to copy from user cfg_data.
[ 2061.544606][T29279] netlink: 16 bytes leftover after parsing attributes in process `syz.4.6626'.
[ 2062.039534][T29304] syz_tun: left allmulticast mode
[ 2062.045830][T29304] syz_tun: left promiscuous mode
[ 2062.051146][T29304] bridge0: port 1(syz_tun) entered disabled state
[ 2062.278834][T29304] : (slave batadv0): Releasing backup interface
[ 2062.286002][T29304] batadv0: left promiscuous mode
[ 2062.691679][T29314] netlink: 'syz.1.6629': attribute type 4 has an invalid length.
[ 2062.706126][T29314] netlink: 152 bytes leftover after parsing attributes in process `syz.1.6629'.
[ 2062.719396][T29309] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 2062.807744][T29304] : (slave bond_slave_0): Releasing backup interface
[ 2062.939125][T29304] bond_slave_0: left promiscuous mode
[ 2062.961169][T29304] : (slave bond_slave_1): Releasing backup interface
[ 2063.502751][T29304] bond_slave_1: left promiscuous mode
[ 2063.549340][T29322] netlink: 12 bytes leftover after parsing attributes in process `syz.2.6635'.
[ 2063.577152][T29304] team0: Port device team_slave_0 removed
[ 2063.608504][T29304] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[ 2063.620947][T29304] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 2063.635684][T29304] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[ 2063.645603][T29304] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 2063.667658][T29304] bond1: (slave gretap1): Releasing active interface
[ 2063.941044][T29327] xt_hashlimit: max too large, truncated to 1048576
[ 2064.037479][T29334] FAULT_INJECTION: forcing a failure.
[ 2064.037479][T29334] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 2064.076581][T29334] CPU: 1 UID: 0 PID: 29334 Comm: syz.0.6640 Not tainted 6.16.0-rc3-syzkaller-00057-g92ca6c498a5e #0 PREEMPT(full) 
[ 2064.076608][T29334] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 2064.076620][T29334] Call Trace:
[ 2064.076628][T29334]  <TASK>
[ 2064.076636][T29334]  dump_stack_lvl+0x189/0x250
[ 2064.076664][T29334]  ? __pfx____ratelimit+0x10/0x10
[ 2064.076687][T29334]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 2064.076710][T29334]  ? __pfx__printk+0x10/0x10
[ 2064.076739][T29334]  should_fail_ex+0x414/0x560
[ 2064.076765][T29334]  _copy_to_user+0x31/0xb0
[ 2064.076784][T29334]  simple_read_from_buffer+0xe1/0x170
[ 2064.076811][T29334]  proc_fail_nth_read+0x1df/0x250
[ 2064.076836][T29334]  ? __pfx_proc_fail_nth_read+0x10/0x10
[ 2064.076862][T29334]  ? rw_verify_area+0x258/0x650
[ 2064.076880][T29334]  ? __pfx_proc_fail_nth_read+0x10/0x10
[ 2064.076903][T29334]  vfs_read+0x1fd/0x980
[ 2064.076928][T29334]  ? __pfx___mutex_lock+0x10/0x10
[ 2064.076952][T29334]  ? __pfx_vfs_read+0x10/0x10
[ 2064.076972][T29334]  ? __fget_files+0x2a/0x420
[ 2064.076998][T29334]  ? __fget_files+0x3a0/0x420
[ 2064.077018][T29334]  ? __fget_files+0x2a/0x420
[ 2064.077048][T29334]  ksys_read+0x145/0x250
[ 2064.077069][T29334]  ? __pfx_ksys_read+0x10/0x10
[ 2064.077093][T29334]  ? do_syscall_64+0xbe/0x3b0
[ 2064.077120][T29334]  do_syscall_64+0xfa/0x3b0
[ 2064.077141][T29334]  ? lockdep_hardirqs_on+0x9c/0x150
[ 2064.077162][T29334]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 2064.077179][T29334]  ? clear_bhb_loop+0x60/0xb0
[ 2064.077200][T29334]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 2064.077216][T29334] RIP: 0033:0x7f5f7b18d33c
[ 2064.077233][T29334] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[ 2064.077248][T29334] RSP: 002b:00007f5f7bfbd030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[ 2064.077266][T29334] RAX: ffffffffffffffda RBX: 00007f5f7b3b5fa0 RCX: 00007f5f7b18d33c
[ 2064.077279][T29334] RDX: 000000000000000f RSI: 00007f5f7bfbd0a0 RDI: 0000000000000004
[ 2064.077290][T29334] RBP: 00007f5f7bfbd090 R08: 0000000000000000 R09: 0000000000000000
[ 2064.077300][T29334] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 2064.077310][T29334] R13: 0000000000000000 R14: 00007f5f7b3b5fa0 R15: 00007ffc9c1ff668
[ 2064.077339][T29334]  </TASK>
[ 2064.329285][T29336] netlink: 4 bytes leftover after parsing attributes in process `syz.2.6641'.
[ 2064.352264][T29336] netlink: 4 bytes leftover after parsing attributes in process `syz.2.6641'.
[ 2065.426295][T29356] netlink: 28 bytes leftover after parsing attributes in process `syz.3.6634'.
[ 2066.973744][T29373] xt_hashlimit: max too large, truncated to 1048576
[ 2066.996257][T29363] XFS (nullb0): Invalid superblock magic number
[ 2068.084033][T29388] input: syz1 as /devices/virtual/input/input19
[ 2068.572537][T29390] fuse: blksize only supported for fuseblk
[ 2068.751804][T29397] overlayfs: failed to clone upperpath
[ 2075.088748][T29449] netlink: 4 bytes leftover after parsing attributes in process `syz.2.6671'.
[ 2075.175870][T29454] netlink: 12 bytes leftover after parsing attributes in process `syz.2.6671'.
[ 2075.494784][T29462] netdevsim netdevsim3: Direct firmware load for �J��n���gkN��q>�*x(O�@ēƙ�a�W��fV!����_�)�AD�I��w�C7�;�gB�|h�V`f�?:Vm�UWX:SZ;�˩6h?Ae���i��m�/���S��6��_C?�F failed with error -2
[ 2075.514581][T29462] netdevsim netdevsim3: Falling back to sysfs fallback for: �J��n���gkN��q>�*x(O�@ēƙ�a�W��fV!����_�)�AD�I��w�C7�;�gB�|h�V`f�?:Vm�UWX:SZ;�˩6h?Ae���i��m�/���S��6��_C?�F
[ 2077.393824][T29465] netlink: 12 bytes leftover after parsing attributes in process `syz.0.6680'.
[ 2078.916802][T29492] netlink: 12 bytes leftover after parsing attributes in process `syz.0.6687'.
[ 2080.010669][T29511] netlink: 12 bytes leftover after parsing attributes in process `syz.2.6694'.
[ 2085.080216][T29561] netlink: 12 bytes leftover after parsing attributes in process `syz.4.6705'.
[ 2085.737516][T29572] xt_hashlimit: max too large, truncated to 1048576
[ 2089.984356][T29606] ALSA: mixer_oss: invalid OSS volume ''
[ 2090.180007][T29605] batman_adv: Cannot find parent device. Skipping batadv-on-batadv check for gretap1
[ 2090.202428][T29606] netlink: 8 bytes leftover after parsing attributes in process `syz.0.6718'.
[ 2090.212934][T29606] openvswitch: netlink: Missing key (keys=40, expected=100)
[ 2092.638852][T29620] netlink: 12 bytes leftover after parsing attributes in process `syz.1.6721'.
[ 2092.695418][T29621] xt_hashlimit: max too large, truncated to 1048576
[ 2093.723147][T29642] netlink: 68 bytes leftover after parsing attributes in process `syz.0.6729'.
[ 2093.748027][T29643] netdevsim netdevsim2: Direct firmware load for �J��n���gkN��q>�*x(O�@ēƙ�a�W��fV!����_�)�AD�I��w�C7�;�gB�|h�V`f�?:Vm�UWX:SZ;�˩6h?Ae���i��m�/���S��6��_C?�F failed with error -2
[ 2093.767942][T29643] netdevsim netdevsim2: Falling back to sysfs fallback for: �J��n���gkN��q>�*x(O�@ēƙ�a�W��fV!����_�)�AD�I��w�C7�;�gB�|h�V`f�?:Vm�UWX:SZ;�˩6h?Ae���i��m�/���S��6��_C?�F
[ 2095.574584][T29663] netlink: 'syz.1.6734': attribute type 4 has an invalid length.
[ 2095.583151][T29663] netlink: 152 bytes leftover after parsing attributes in process `syz.1.6734'.
[ 2095.681892][T29664] batman_adv: Cannot find parent device. Skipping batadv-on-batadv check for gretap1
[ 2095.727958][T29667] netlink: 8 bytes leftover after parsing attributes in process `syz.2.6736'.
[ 2095.746624][T29667] openvswitch: netlink: Missing key (keys=40, expected=100)
[ 2096.359110][T29674] netlink: 12 bytes leftover after parsing attributes in process `syz.0.6737'.
[ 2096.693227][T29680] netlink: 68 bytes leftover after parsing attributes in process `syz.3.6742'.
[ 2097.182355][ T5901] usb 4-1: new high-speed USB device number 48 using dummy_hcd
[ 2098.014764][ T5901] usb 4-1: config 0 has an invalid interface number: 246 but max is 0
[ 2098.222235][ T5901] usb 4-1: config 0 has no interface number 0
[ 2098.232372][ T5901] usb 4-1: New USB device found, idVendor=28a7, idProduct=71ab, bcdDevice=df.39
[ 2098.241606][ T5901] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 2098.249851][ T5901] usb 4-1: Product: syz
[ 2098.254638][ T5901] usb 4-1: Manufacturer: syz
[ 2098.259252][ T5901] usb 4-1: SerialNumber: syz
[ 2098.266048][ T5901] usb 4-1: config 0 descriptor??
[ 2098.753302][ T5901] cdc_wdm 4-1:0.246: More than one union descriptor, skipping ...
[ 2098.770671][ T5901] cdc_wdm 4-1:0.246: probe with driver cdc_wdm failed with error -22
[ 2099.567459][T25084] usb 4-1: USB disconnect, device number 48
[ 2099.575453][T29710] netlink: 28 bytes leftover after parsing attributes in process `syz.2.6749'.
[ 2099.683717][T29717] netlink: 68 bytes leftover after parsing attributes in process `syz.1.6753'.
[ 2099.866875][T29722] batman_adv: Cannot find parent device. Skipping batadv-on-batadv check for gretap1
[ 2099.909218][T29733] netlink: 8 bytes leftover after parsing attributes in process `syz.2.6757'.
[ 2099.918742][T29733] openvswitch: netlink: Missing key (keys=40, expected=100)
[ 2099.981251][T29725] netlink: 12 bytes leftover after parsing attributes in process `syz.1.6756'.
[ 2101.121067][T29754] bridge0: entered promiscuous mode
[ 2101.137297][T29754] macsec0: entered promiscuous mode
[ 2101.148047][T29754] bridge0: port 3(macsec0) entered blocking state
[ 2101.159937][T29754] bridge0: port 3(macsec0) entered disabled state
[ 2101.174768][T29754] macsec0: entered allmulticast mode
[ 2101.213008][T29754] bridge0: entered allmulticast mode
[ 2101.247124][T29754] macsec0: left allmulticast mode
[ 2101.257690][T29754] bridge0: left allmulticast mode
[ 2101.272475][T29754] bridge0: left promiscuous mode
[ 2101.597275][T29764] netlink: 8 bytes leftover after parsing attributes in process `syz.1.6767'.
[ 2101.729635][T29764] openvswitch: netlink: Missing key (keys=40, expected=100)
[ 2101.731399][T29762] batman_adv: Cannot find parent device. Skipping batadv-on-batadv check for gretap2
[ 2103.146380][T29780] F2FS-fs (nullb0): Magic Mismatch, valid(0xf2f52010) - read(0x0)
[ 2103.154611][T29780] F2FS-fs (nullb0): Can't find valid F2FS filesystem in 1th superblock
[ 2103.163986][T29780] F2FS-fs (nullb0): Magic Mismatch, valid(0xf2f52010) - read(0x0)
[ 2103.171849][T29780] F2FS-fs (nullb0): Can't find valid F2FS filesystem in 2th superblock
[ 2103.955536][T25084] IPVS: starting estimator thread 0...
[ 2104.383833][T29799] IPVS: using max 29 ests per chain, 69600 per kthread
[ 2106.187401][T29810] netdevsim netdevsim3: Direct firmware load for �J��n���gkN��q>�*x(O�@ēƙ�a�W��fV!����_�)�AD�I��w�C7�;�gB�|h�V`f�?:Vm�UWX:SZ;�˩6h?Ae���i��m�/���S��6��_C?�F failed with error -2
[ 2106.207263][T29810] netdevsim netdevsim3: Falling back to sysfs fallback for: �J��n���gkN��q>�*x(O�@ēƙ�a�W��fV!����_�)�AD�I��w�C7�;�gB�|h�V`f�?:Vm�UWX:SZ;�˩6h?Ae���i��m�/���S��6��_C?�F
[ 2110.579828][T29826] netlink: 128 bytes leftover after parsing attributes in process `syz.0.6785'.
[ 2111.040716][T29830] ALSA: mixer_oss: invalid OSS volume ''
[ 2111.156477][T29830] batman_adv: Cannot find parent device. Skipping batadv-on-batadv check for gretap1
[ 2111.343526][T29837] netlink: 8 bytes leftover after parsing attributes in process `syz.4.6786'.
[ 2111.351930][T29836] loop6: detected capacity change from 0 to 524287999
[ 2111.359328][T29837] openvswitch: netlink: Missing key (keys=40, expected=100)
[ 2111.360022][T29836] buffer_io_error: 6 callbacks suppressed
[ 2111.360035][T29836] Buffer I/O error on dev loop6, logical block 0, async page read
[ 2111.393629][T29836] Buffer I/O error on dev loop6, logical block 0, async page read
[ 2111.409177][T29836] Buffer I/O error on dev loop6, logical block 0, async page read
[ 2111.417465][T29836] Buffer I/O error on dev loop6, logical block 0, async page read
[ 2111.429128][T29836] Buffer I/O error on dev loop6, logical block 0, async page read
[ 2111.454827][T29836] Buffer I/O error on dev loop6, logical block 0, async page read
[ 2111.467619][T29836] Buffer I/O error on dev loop6, logical block 0, async page read
[ 2111.487162][T29836] Buffer I/O error on dev loop6, logical block 0, async page read
[ 2111.499606][T29836] ldm_validate_partition_table(): Disk read failed.
[ 2111.507589][T29836] Buffer I/O error on dev loop6, logical block 0, async page read
[ 2111.762469][T29836] Buffer I/O error on dev loop6, logical block 0, async page read
[ 2111.771860][T29842] netlink: 8 bytes leftover after parsing attributes in process `syz.0.6787'.
[ 2111.840033][T29836] Dev loop6: unable to read RDB block 0
[ 2111.852558][T29836]  loop6: unable to read partition table
[ 2111.859785][T29838] ldm_validate_partition_table(): Disk read failed.
[ 2111.866972][T29838] Dev loop6: unable to read RDB block 0
[ 2111.873108][T29838]  loop6: unable to read partition table
[ 2111.878977][T29838] loop_reread_partitions: partition scan of loop6 (3��x��C�

) failed (rc=-5)
[ 2111.888753][T29836] loop_reread_partitions: partition scan of loop6 (3��x��C�

) failed (rc=-5)
[ 2112.976401][T29851] F2FS-fs (nullb0): Magic Mismatch, valid(0xf2f52010) - read(0x0)
[ 2112.984341][T29851] F2FS-fs (nullb0): Can't find valid F2FS filesystem in 1th superblock
[ 2112.993033][T29851] F2FS-fs (nullb0): Magic Mismatch, valid(0xf2f52010) - read(0x0)
[ 2113.000849][T29851] F2FS-fs (nullb0): Can't find valid F2FS filesystem in 2th superblock
[ 2113.605014][T29866] netlink: 8 bytes leftover after parsing attributes in process `syz.0.6795'.
[ 2114.052147][ T5901] usb 4-1: new high-speed USB device number 49 using dummy_hcd
[ 2114.213439][ T5901] usb 4-1: Using ep0 maxpacket: 32
[ 2114.278952][ T5901] usb 4-1: config 0 has an invalid interface number: 51 but max is 0
[ 2114.408841][ T5901] usb 4-1: config 0 has no interface number 0
[ 2115.448953][T29880] netlink: 12 bytes leftover after parsing attributes in process `syz.2.6802'.
[ 2115.776220][ T5901] usb 4-1: New USB device found, idVendor=061d, idProduct=c150, bcdDevice=ce.6f
[ 2115.785420][ T5901] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 2115.793577][ T5901] usb 4-1: Product: syz
[ 2115.797759][ T5901] usb 4-1: Manufacturer: syz
[ 2115.832134][ T5901] usb 4-1: SerialNumber: syz
[ 2116.417261][ T5901] usb 4-1: config 0 descriptor??
[ 2116.737218][T29905] netdevsim netdevsim2: Direct firmware load for �J��n���gkN��q>�*x(O�@ēƙ�a�W��fV!����_�)�AD�I��w�C7�;�gB�|h�V`f�?:Vm�UWX:SZ;�˩6h?Ae���i��m�/���S��6��_C?�F failed with error -2
[ 2116.756831][T29905] netdevsim netdevsim2: Falling back to sysfs fallback for: �J��n���gkN��q>�*x(O�@ēƙ�a�W��fV!����_�)�AD�I��w�C7�;�gB�|h�V`f�?:Vm�UWX:SZ;�˩6h?Ae���i��m�/���S��6��_C?�F
[ 2116.951688][ T5901] usb 4-1: can't set config #0, error -71
[ 2116.972202][ T5901] usb 4-1: USB disconnect, device number 49
[ 2118.066600][   T30] kauditd_printk_skb: 57 callbacks suppressed
[ 2118.066621][   T30] audit: type=1326 audit(1750894657.361:2114): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=29920 comm="syz.2.6815" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f261af8e929 code=0x7fc00000
[ 2118.726043][   T30] audit: type=1326 audit(1750894657.361:2115): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=29920 comm="syz.2.6815" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f261af8e929 code=0x7fc00000
[ 2118.747912][   T30] audit: type=1326 audit(1750894657.361:2116): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=29920 comm="syz.2.6815" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f261af8e929 code=0x7fc00000
[ 2118.769756][   T30] audit: type=1326 audit(1750894657.361:2117): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=29920 comm="syz.2.6815" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f261af8e929 code=0x7fc00000
[ 2118.791598][   T30] audit: type=1326 audit(1750894657.371:2118): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=29920 comm="syz.2.6815" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f261af8e929 code=0x7fc00000
[ 2118.813764][   T30] audit: type=1326 audit(1750894657.371:2119): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=29920 comm="syz.2.6815" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f261af8e929 code=0x7fc00000
[ 2118.986783][   T30] audit: type=1326 audit(1750894657.371:2120): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=29920 comm="syz.2.6815" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f261af8e929 code=0x7fc00000
[ 2119.010114][   T30] audit: type=1326 audit(1750894657.371:2121): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=29920 comm="syz.2.6815" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f261af8e929 code=0x7fc00000
[ 2119.033040][   T30] audit: type=1326 audit(1750894657.371:2122): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=29920 comm="syz.2.6815" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f261af8e929 code=0x7fc00000
[ 2119.054807][   T30] audit: type=1326 audit(1750894657.371:2123): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=29920 comm="syz.2.6815" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f261af8e929 code=0x7fc00000
[ 2119.716126][T29936] xt_hashlimit: max too large, truncated to 1048576
[ 2119.782456][T29945] XFS (nullb0): Invalid superblock magic number
[ 2119.812770][T29944] netlink: 12 bytes leftover after parsing attributes in process `syz.1.6814'.
[ 2121.661463][T29971] F2FS-fs (nullb0): Magic Mismatch, valid(0xf2f52010) - read(0x0)
[ 2121.669694][T29971] F2FS-fs (nullb0): Can't find valid F2FS filesystem in 1th superblock
[ 2121.679139][T29971] F2FS-fs (nullb0): Magic Mismatch, valid(0xf2f52010) - read(0x0)
[ 2121.687078][T29971] F2FS-fs (nullb0): Can't find valid F2FS filesystem in 2th superblock
[ 2123.435256][T29991] xt_hashlimit: max too large, truncated to 1048576
[ 2126.362176][   T30] kauditd_printk_skb: 61 callbacks suppressed
[ 2126.362189][   T30] audit: type=1326 audit(1750894665.661:2185): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=30015 comm="syz.0.6843" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5f7b18e929 code=0x7fc00000
[ 2126.396396][   T30] audit: type=1326 audit(1750894665.661:2186): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=30015 comm="syz.0.6843" exe="/root/syz-executor" sig=0 arch=c000003e syscall=270 compat=0 ip=0x7f5f7b18e929 code=0x7fc00000
[ 2126.418948][   T30] audit: type=1326 audit(1750894665.661:2187): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=30015 comm="syz.0.6843" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5f7b18e929 code=0x7fc00000
[ 2126.446266][   T30] audit: type=1326 audit(1750894665.661:2188): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=30015 comm="syz.0.6843" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5f7b18e929 code=0x7fc00000
[ 2126.482130][   T30] audit: type=1326 audit(1750894665.661:2189): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=30015 comm="syz.0.6843" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5f7b18e929 code=0x7fc00000
[ 2126.572259][   T30] audit: type=1326 audit(1750894665.661:2190): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=30015 comm="syz.0.6843" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5f7b18e929 code=0x7fc00000
[ 2126.594040][   T30] audit: type=1326 audit(1750894665.661:2191): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=30015 comm="syz.0.6843" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5f7b18e929 code=0x7fc00000
[ 2126.625820][   T30] audit: type=1326 audit(1750894665.661:2192): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=30015 comm="syz.0.6843" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5f7b18e929 code=0x7fc00000
[ 2126.647578][   T30] audit: type=1326 audit(1750894665.661:2193): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=30015 comm="syz.0.6843" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5f7b18e929 code=0x7fc00000
[ 2126.669314][   T30] audit: type=1326 audit(1750894665.661:2194): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=30015 comm="syz.0.6843" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5f7b18e929 code=0x7fc00000
[ 2126.867308][T30030] netlink: 28 bytes leftover after parsing attributes in process `syz.3.6839'.
[ 2128.582212][  T979] usb 5-1: new high-speed USB device number 83 using dummy_hcd
[ 2128.793815][  T979] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 2128.812343][  T979] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 2128.824710][  T979] usb 5-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00
[ 2128.834397][  T979] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 2128.875614][  T979] usb 5-1: config 0 descriptor??
[ 2129.380050][T30072] netlink: 12 bytes leftover after parsing attributes in process `syz.1.6859'.
[ 2131.192761][  T979] uclogic 0003:256C:006D.000E: v1 frame probing failed: -71
[ 2131.200200][  T979] uclogic 0003:256C:006D.000E: failed probing parameters: -71
[ 2131.258223][  T979] uclogic 0003:256C:006D.000E: probe with driver uclogic failed with error -71
[ 2131.285227][  T979] usb 5-1: USB disconnect, device number 83
[ 2131.911034][T30089] F2FS-fs (nullb0): Magic Mismatch, valid(0xf2f52010) - read(0x0)
[ 2131.919001][T30089] F2FS-fs (nullb0): Can't find valid F2FS filesystem in 1th superblock
[ 2131.929147][T30089] F2FS-fs (nullb0): Magic Mismatch, valid(0xf2f52010) - read(0x0)
[ 2131.937153][T30089] F2FS-fs (nullb0): Can't find valid F2FS filesystem in 2th superblock
[ 2132.604929][T30111] netdevsim netdevsim4: Direct firmware load for �J��n���gkN��q>�*x(O�@ēƙ�a�W��fV!����_�)�AD�I��w�C7�;�gB�|h�V`f�?:Vm�UWX:SZ;�˩6h?Ae���i��m�/���S��6��_C?�F failed with error -2
[ 2132.624555][T30111] netdevsim netdevsim4: Falling back to sysfs fallback for: �J��n���gkN��q>�*x(O�@ēƙ�a�W��fV!����_�)�AD�I��w�C7�;�gB�|h�V`f�?:Vm�UWX:SZ;�˩6h?Ae���i��m�/���S��6��_C?�F
[ 2133.972162][  T979] usb 4-1: new high-speed USB device number 50 using dummy_hcd
[ 2134.044082][T30116] loop6: detected capacity change from 0 to 524287999
[ 2134.081025][T30116] buffer_io_error: 22 callbacks suppressed
[ 2134.081045][T30116] Buffer I/O error on dev loop6, logical block 0, async page read
[ 2134.099951][T30116] Buffer I/O error on dev loop6, logical block 0, async page read
[ 2134.109057][T30116] Buffer I/O error on dev loop6, logical block 0, async page read
[ 2134.118193][T30116] Buffer I/O error on dev loop6, logical block 0, async page read
[ 2134.162514][T30116] Buffer I/O error on dev loop6, logical block 0, async page read
[ 2134.171878][T30116] Buffer I/O error on dev loop6, logical block 0, async page read
[ 2134.181701][T30116] Buffer I/O error on dev loop6, logical block 0, async page read
[ 2134.190943][T30116] Buffer I/O error on dev loop6, logical block 0, async page read
[ 2134.202065][T30116] ldm_validate_partition_table(): Disk read failed.
[ 2134.208904][T30116] Buffer I/O error on dev loop6, logical block 0, async page read
[ 2134.294027][T30116] Buffer I/O error on dev loop6, logical block 0, async page read
[ 2134.307182][T30116] Dev loop6: unable to read RDB block 0
[ 2134.319967][T30116]  loop6: unable to read partition table
[ 2134.382598][T30116] loop_reread_partitions: partition scan of loop6 (3��x��C�

) failed (rc=-5)
[ 2134.385624][T30119] netlink: 8 bytes leftover after parsing attributes in process `syz.4.6873'.
[ 2134.583729][T30117] ldm_validate_partition_table(): Disk read failed.
[ 2134.595912][T30117] Dev loop6: unable to read RDB block 0
[ 2134.624185][T30117]  loop6: unable to read partition table
[ 2134.634235][T30117] loop_reread_partitions: partition scan of loop6 (3��x��C�

) failed (rc=-5)
[ 2135.017935][  T979] usb 4-1: New USB device found, idVendor=0403, idProduct=6010, bcdDevice=c6.98
[ 2135.048387][  T979] usb 4-1: New USB device strings: Mfr=14, Product=0, SerialNumber=0
[ 2135.065056][  T979] usb 4-1: Manufacturer: syz
[ 2135.079173][  T979] usb 4-1: config 0 descriptor??
[ 2135.159278][T30122] loop6: detected capacity change from 0 to 524287999
[ 2135.166123][  T979] ftdi_sio 4-1:0.0: FTDI USB Serial Device converter detected
[ 2135.225888][  T979] ftdi_sio ttyUSB0: unknown device type: 0xc698
[ 2135.238561][T30122] ldm_validate_partition_table(): Disk read failed.
[ 2135.250983][T30122] Dev loop6: unable to read RDB block 0
[ 2135.260701][T30122]  loop6: unable to read partition table
[ 2135.268853][T30122] loop_reread_partitions: partition scan of loop6 (3��x��C�

) failed (rc=-5)
[ 2135.676644][T30123] ldm_validate_partition_table(): Disk read failed.
[ 2135.688481][ T5901] usb 4-1: USB disconnect, device number 50
[ 2135.690320][T30123] Dev loop6: unable to read RDB block 0
[ 2135.696071][ T5901] ftdi_sio 4-1:0.0: device disconnected
[ 2135.707869][T30123]  loop6: unable to read partition table
[ 2135.721139][T30123] loop_reread_partitions: partition scan of loop6 (3��x��C�

) failed (rc=-5)
[ 2135.797738][T30128] netlink: 36 bytes leftover after parsing attributes in process `syz.3.6876'.
[ 2135.812342][T30128] netlink: 24 bytes leftover after parsing attributes in process `syz.3.6876'.
[ 2135.824058][T30122] netlink: 8 bytes leftover after parsing attributes in process `syz.4.6874'.
[ 2136.763855][T30137] netlink: 'syz.4.6879': attribute type 10 has an invalid length.
[ 2136.772777][T30137] bridge0: port 2(bridge_slave_1) entered disabled state
[ 2136.780376][T30137] bridge0: port 1(bridge_slave_0) entered disabled state
[ 2136.904403][T30137] bridge0: port 2(bridge_slave_1) entered blocking state
[ 2136.911612][T30137] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 2136.919164][T30137] bridge0: port 1(bridge_slave_0) entered blocking state
[ 2136.926393][T30137] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 2137.026838][T30137] : (slave bridge0): Enslaving as an active interface with an up link
[ 2137.117308][T30147] netlink: 'syz.1.6881': attribute type 10 has an invalid length.
[ 2137.719968][T30151] sp0: Synchronizing with TNC
[ 2137.992297][  T979] usb 5-1: new full-speed USB device number 84 using dummy_hcd
[ 2138.000506][T10872] Bluetooth: hci2: unexpected event for opcode 0x0c7a
[ 2138.162294][T20450] usb 4-1: new high-speed USB device number 51 using dummy_hcd
[ 2138.186345][  T979] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 2138.196976][  T979] usb 5-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xBE, changing to 0x8E
[ 2138.233596][  T979] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x8E has an invalid bInterval 0, changing to 10
[ 2138.272133][  T979] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x8E has invalid wMaxPacketSize 0
[ 2138.281933][  T979] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 3
[ 2138.325354][T20450] usb 4-1: Using ep0 maxpacket: 32
[ 2138.327041][  T979] usb 5-1: New USB device found, idVendor=10c5, idProduct=819a, bcdDevice=e4.46
[ 2138.342896][T20450] usb 4-1: config 0 has an invalid interface number: 51 but max is 0
[ 2138.348342][  T979] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=35
[ 2138.359326][  T979] usb 5-1: Product: syz
[ 2138.364020][  T979] usb 5-1: Manufacturer: syz
[ 2138.369223][  T979] usb 5-1: SerialNumber: syz
[ 2138.373571][T20450] usb 4-1: config 0 has no interface number 0
[ 2138.381867][  T979] usb 5-1: config 0 descriptor??
[ 2138.417618][T20450] usb 4-1: New USB device found, idVendor=061d, idProduct=c150, bcdDevice=ce.6f
[ 2138.427584][T20450] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 2138.437905][T20450] usb 4-1: Product: syz
[ 2138.442123][T20450] usb 4-1: Manufacturer: syz
[ 2138.447447][T20450] usb 4-1: SerialNumber: syz
[ 2138.476840][T20450] usb 4-1: config 0 descriptor??
[ 2138.977500][  T979] radio-si470x 5-1:0.0: DeviceID=0x0000 ChipID=0x0000
[ 2139.551682][  T979] radio-si470x 5-1:0.0: This driver is known to work with firmware version 12, but the device has firmware version 0.
[ 2139.609696][  T979] radio-si470x 5-1:0.0: software version 0, hardware version 0
[ 2139.617911][  T979] radio-si470x 5-1:0.0: This driver is known to work with hardware version 1, but the device has hardware version 0.
[ 2139.622837][T20450] quatech2 4-1:0.51: Quatech 2nd gen USB to Serial Driver converter detected
[ 2139.630351][  T979] radio-si470x 5-1:0.0: If you have some trouble using this driver, please report to V4L ML at linux-media@vger.kernel.org
[ 2139.658137][  T979] radio-si470x 5-1:0.0: submitting int urb failed (-90)
[ 2139.755505][T30181] xt_hashlimit: max too large, truncated to 1048576
[ 2140.365481][  T979] radio-si470x 5-1:0.0: si470x_get_report: usb_control_msg returned -71
[ 2140.783907][  T979] radio-si470x 5-1:0.0: probe with driver radio-si470x failed with error -22
[ 2140.798102][  T979] usb 5-1: USB disconnect, device number 84
[ 2140.935438][T20450] usb 4-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB0
[ 2140.937108][T30188] netlink: 'syz.1.6894': attribute type 10 has an invalid length.
[ 2140.998437][T20450] usb 4-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB1
[ 2141.279564][T30198] netlink: 'syz.1.6898': attribute type 10 has an invalid length.
[ 2142.730273][T30212] bond3: (slave dummy0): Releasing active interface
[ 2142.779525][T30212] bond0: (slave batadv0): Releasing backup interface
[ 2142.791556][T30212] batadv0: left promiscuous mode
[ 2142.805642][    C0] usb 4-1: qt2_read_bulk_callback - non-zero urb status: -71
[ 2142.833580][T20450] usb 4-1: USB disconnect, device number 51
[ 2142.843879][T20450] quatech-serial ttyUSB0: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB0
[ 2142.863237][T20450] quatech-serial ttyUSB1: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB1
[ 2142.879684][T20450] quatech2 4-1:0.51: device disconnected
[ 2143.141731][T30221] netlink: 12 bytes leftover after parsing attributes in process `syz.3.6905'.
[ 2143.281003][T30224] netlink: 56 bytes leftover after parsing attributes in process `syz.1.6902'.
[ 2143.422025][T30212] bridge_slave_0: left allmulticast mode
[ 2143.428354][T30212] bridge_slave_0: left promiscuous mode
[ 2143.447272][T30212] bridge0: port 1(bridge_slave_0) entered disabled state
[ 2143.495312][T30212] bridge_slave_1: left allmulticast mode
[ 2143.511454][T30212] bridge_slave_1: left promiscuous mode
[ 2143.524360][T30212] bridge0: port 2(bridge_slave_1) entered disabled state
[ 2143.552679][T30212] bond0: (slave bond_slave_0): Releasing backup interface
[ 2143.585997][T30212] bond_slave_0: left promiscuous mode
[ 2143.623982][T30212] bond0: (slave bond_slave_1): Releasing backup interface
[ 2143.643560][T30212] bond_slave_1: left promiscuous mode
[ 2143.675247][T30212] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 2143.697153][T30212] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[ 2143.714983][T30212] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 2143.745894][T30212] bond1: (slave veth3): Releasing active interface
[ 2143.770592][T30212] bond1: (slave veth3): the permanent HWaddr of slave - fa:84:2a:dd:0e:fa - is still in use by bond - set the HWaddr of slave to a different address to avoid conflicts
[ 2143.893858][T30212] bond1: (slave veth5): Releasing active interface
[ 2143.920153][T30212] bond2: (slave ip6gre1): Releasing backup interface
[ 2143.932026][T30212] ip6gre1: left promiscuous mode
[ 2144.499963][T30211] netlink: 'syz.4.6903': attribute type 25 has an invalid length.
[ 2144.507901][T30211] netlink: 'syz.4.6903': attribute type 7 has an invalid length.
[ 2144.708338][T30238] netlink: 'syz.2.6906': attribute type 13 has an invalid length.
[ 2147.065789][   T30] kauditd_printk_skb: 264 callbacks suppressed
[ 2147.065802][   T30] audit: type=1326 audit(1750897264.374:2459): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=30256 comm="syz.0.6914" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5f7b18e929 code=0x7ffc0000
[ 2147.102849][   T30] audit: type=1326 audit(1750897264.404:2460): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=30256 comm="syz.0.6914" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5f7b18e929 code=0x7ffc0000
[ 2147.124807][T20450] usb 5-1: new high-speed USB device number 85 using dummy_hcd
[ 2147.141774][   T30] audit: type=1326 audit(1750897264.404:2461): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=30256 comm="syz.0.6914" exe="/root/syz-executor" sig=0 arch=c000003e syscall=71 compat=0 ip=0x7f5f7b18e929 code=0x7ffc0000
[ 2147.281877][T20450] usb 5-1: Using ep0 maxpacket: 16
[ 2147.333383][   T30] audit: type=1326 audit(1750897264.404:2462): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=30256 comm="syz.0.6914" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5f7b18e929 code=0x7ffc0000
[ 2147.338982][T20450] usb 5-1: config 0 interface 0 altsetting 2 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 2147.355543][   T30] audit: type=1326 audit(1750897264.404:2463): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=30256 comm="syz.0.6914" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5f7b18e929 code=0x7ffc0000
[ 2147.387821][T20450] usb 5-1: config 0 interface 0 altsetting 2 endpoint 0x81 has invalid wMaxPacketSize 0
[ 2147.455676][T30263] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 2147.510201][T20450] usb 5-1: config 0 interface 0 has no altsetting 0
[ 2147.558613][T20450] usb 5-1: New USB device found, idVendor=056a, idProduct=0331, bcdDevice= 0.00
[ 2147.619782][T20450] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 2147.890095][   T30] audit: type=1326 audit(1750897264.404:2464): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=30256 comm="syz.0.6914" exe="/root/syz-executor" sig=0 arch=c000003e syscall=248 compat=0 ip=0x7f5f7b18e929 code=0x7ffc0000
[ 2147.912062][   T30] audit: type=1326 audit(1750897264.404:2465): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=30256 comm="syz.0.6914" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5f7b18e929 code=0x7ffc0000
[ 2147.934267][   T30] audit: type=1326 audit(1750897264.404:2466): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=30256 comm="syz.0.6914" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5f7b18e929 code=0x7ffc0000
[ 2147.939466][T20450] usb 5-1: config 0 descriptor??
[ 2148.248437][T30269] team0: left allmulticast mode
[ 2148.253763][T30269] team_slave_0: left allmulticast mode
[ 2148.259376][T30269] team0: left promiscuous mode
[ 2148.271529][T30269] team_slave_0: left promiscuous mode
[ 2148.280229][T30269] bridge0: port 4(team0) entered disabled state
[ 2148.298951][T30269] bridge_slave_0: left allmulticast mode
[ 2148.307073][T30269] bridge_slave_0: left promiscuous mode
[ 2148.314236][T30269] bridge0: port 1(bridge_slave_0) entered disabled state
[ 2148.328857][T30269] bridge_slave_1: left allmulticast mode
[ 2148.334935][T30269] bridge_slave_1: left promiscuous mode
[ 2148.342796][T30269] bridge0: port 2(bridge_slave_1) entered disabled state
[ 2148.364326][T30269] : (slave bond_slave_0): Releasing backup interface
[ 2148.387186][T30269] : (slave bond_slave_1): Releasing backup interface
[ 2148.427324][T30269] team0: Port device team_slave_0 removed
[ 2148.445352][T30269] batadv0: left allmulticast mode
[ 2148.450552][T30269] batadv0: left promiscuous mode
[ 2148.456072][T30269] bridge0: port 3(batadv0) entered disabled state
[ 2148.817173][T30288] netlink: 12 bytes leftover after parsing attributes in process `syz.2.6927'.
[ 2148.901051][T30291] netlink: 36 bytes leftover after parsing attributes in process `syz.2.6928'.
[ 2148.911852][T30291] netlink: 24 bytes leftover after parsing attributes in process `syz.2.6928'.
[ 2149.105703][T30297] Cannot find add_set index 0 as target
[ 2149.337803][T20450] usbhid 5-1:0.0: can't add hid device: -71
[ 2149.349143][T20450] usbhid 5-1:0.0: probe with driver usbhid failed with error -71
[ 2149.377238][T20450] usb 5-1: USB disconnect, device number 85
[ 2149.610420][T30308] netdevsim netdevsim4: Direct firmware load for �J��n���gkN��q>�*x(O�@ēƙ�a�W��fV!����_�)�AD�I��w�C7�;�gB�|h�V`f�?:Vm�UWX:SZ;�˩6h?Ae���i��m�/���S��6��_C?�F failed with error -2
[ 2149.630347][T30308] netdevsim netdevsim4: Falling back to sysfs fallback for: �J��n���gkN��q>�*x(O�@ēƙ�a�W��fV!����_�)�AD�I��w�C7�;�gB�|h�V`f�?:Vm�UWX:SZ;�˩6h?Ae���i��m�/���S��6��_C?�F
[ 2151.621553][T30319] netlink: 8 bytes leftover after parsing attributes in process `syz.1.6937'.
[ 2151.712368][T30325] netlink: 36 bytes leftover after parsing attributes in process `syz.4.6941'.
[ 2151.721474][T30325] netlink: 24 bytes leftover after parsing attributes in process `syz.4.6941'.
[ 2152.391085][T30335] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 2153.309243][T30355] netlink: 36 bytes leftover after parsing attributes in process `syz.4.6952'.
[ 2153.331766][T30355] netlink: 24 bytes leftover after parsing attributes in process `syz.4.6952'.
[ 2153.911416][T30363] F2FS-fs (nullb0): Magic Mismatch, valid(0xf2f52010) - read(0x0)
[ 2153.919355][T30363] F2FS-fs (nullb0): Can't find valid F2FS filesystem in 1th superblock
[ 2153.929603][T30363] F2FS-fs (nullb0): Magic Mismatch, valid(0xf2f52010) - read(0x0)
[ 2153.937608][T30363] F2FS-fs (nullb0): Can't find valid F2FS filesystem in 2th superblock
[ 2154.954825][T30372] loop6: detected capacity change from 0 to 524287999
[ 2155.005220][T30373] netlink: 12 bytes leftover after parsing attributes in process `syz.0.6957'.
[ 2155.249555][T30377] netlink: 8 bytes leftover after parsing attributes in process `syz.4.6956'.
[ 2155.801549][T30372] buffer_io_error: 54 callbacks suppressed
[ 2155.801567][T30372] Buffer I/O error on dev loop6, logical block 0, async page read
[ 2155.826135][T30372] Buffer I/O error on dev loop6, logical block 0, async page read
[ 2156.464420][T30372] Buffer I/O error on dev loop6, logical block 0, async page read
[ 2156.472481][T30372] Buffer I/O error on dev loop6, logical block 0, async page read
[ 2156.484429][T30372] Buffer I/O error on dev loop6, logical block 0, async page read
[ 2156.504188][T30372] Buffer I/O error on dev loop6, logical block 0, async page read
[ 2156.572572][T30372] Buffer I/O error on dev loop6, logical block 0, async page read
[ 2156.622775][T30372] Buffer I/O error on dev loop6, logical block 0, async page read
[ 2156.644042][T30372] ldm_validate_partition_table(): Disk read failed.
[ 2156.661787][T30372] Buffer I/O error on dev loop6, logical block 0, async page read
[ 2156.669851][T30372] Buffer I/O error on dev loop6, logical block 0, async page read
[ 2156.680092][T30372] Dev loop6: unable to read RDB block 0
[ 2156.690574][T30372]  loop6: unable to read partition table
[ 2156.700785][T30372] loop_reread_partitions: partition scan of loop6 (3��x��C�

) failed (rc=-5)
[ 2156.827168][T30398] netlink: 36 bytes leftover after parsing attributes in process `syz.4.6963'.
[ 2156.837269][T30398] netlink: 24 bytes leftover after parsing attributes in process `syz.4.6963'.
[ 2156.856918][T30394] netlink: 36 bytes leftover after parsing attributes in process `syz.0.6962'.
[ 2156.878291][T30394] netlink: 24 bytes leftover after parsing attributes in process `syz.0.6962'.
[ 2157.935901][T30426] FAULT_INJECTION: forcing a failure.
[ 2157.935901][T30426] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 2157.996879][T30426] CPU: 1 UID: 0 PID: 30426 Comm: syz.3.6973 Not tainted 6.16.0-rc3-syzkaller-00057-g92ca6c498a5e #0 PREEMPT(full) 
[ 2157.996907][T30426] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 2157.996917][T30426] Call Trace:
[ 2157.996924][T30426]  <TASK>
[ 2157.996932][T30426]  dump_stack_lvl+0x189/0x250
[ 2157.996959][T30426]  ? __pfx____ratelimit+0x10/0x10
[ 2157.996981][T30426]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 2157.997003][T30426]  ? __pfx__printk+0x10/0x10
[ 2157.997032][T30426]  should_fail_ex+0x414/0x560
[ 2157.997059][T30426]  _copy_to_user+0x31/0xb0
[ 2157.997077][T30426]  simple_read_from_buffer+0xe1/0x170
[ 2157.997109][T30426]  proc_fail_nth_read+0x1df/0x250
[ 2157.997134][T30426]  ? __pfx_proc_fail_nth_read+0x10/0x10
[ 2157.997158][T30426]  ? rw_verify_area+0x258/0x650
[ 2157.997175][T30426]  ? __pfx_proc_fail_nth_read+0x10/0x10
[ 2157.997198][T30426]  vfs_read+0x1fd/0x980
[ 2157.997222][T30426]  ? __pfx___mutex_lock+0x10/0x10
[ 2157.997247][T30426]  ? __pfx_vfs_read+0x10/0x10
[ 2157.997267][T30426]  ? __fget_files+0x2a/0x420
[ 2157.997292][T30426]  ? __fget_files+0x3a0/0x420
[ 2157.997311][T30426]  ? __fget_files+0x2a/0x420
[ 2157.997340][T30426]  ksys_read+0x145/0x250
[ 2157.997360][T30426]  ? __pfx_ksys_read+0x10/0x10
[ 2157.997383][T30426]  ? do_syscall_64+0xbe/0x3b0
[ 2157.997408][T30426]  do_syscall_64+0xfa/0x3b0
[ 2157.997427][T30426]  ? lockdep_hardirqs_on+0x9c/0x150
[ 2157.997448][T30426]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 2157.997463][T30426]  ? clear_bhb_loop+0x60/0xb0
[ 2157.997483][T30426]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 2157.997499][T30426] RIP: 0033:0x7fae00f8d33c
[ 2157.997514][T30426] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[ 2157.997528][T30426] RSP: 002b:00007fae01d1a030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[ 2157.997545][T30426] RAX: ffffffffffffffda RBX: 00007fae011b5fa0 RCX: 00007fae00f8d33c
[ 2157.997557][T30426] RDX: 000000000000000f RSI: 00007fae01d1a0a0 RDI: 0000000000000003
[ 2157.997566][T30426] RBP: 00007fae01d1a090 R08: 0000000000000000 R09: 0000000000000000
[ 2157.997576][T30426] R10: 0000000000000036 R11: 0000000000000246 R12: 0000000000000001
[ 2157.997586][T30426] R13: 0000000000000001 R14: 00007fae011b5fa0 R15: 00007ffef6ec1ca8
[ 2157.997612][T30426]  </TASK>
[ 2159.565855][T30438] netlink: 36 bytes leftover after parsing attributes in process `syz.2.6975'.
[ 2159.579683][T30438] netlink: 24 bytes leftover after parsing attributes in process `syz.2.6975'.
[ 2161.293984][T30455] netlink: 'syz.2.6979': attribute type 10 has an invalid length.
[ 2161.305806][T30455] netlink: 40 bytes leftover after parsing attributes in process `syz.2.6979'.
[ 2161.316856][T30455] bridge0: port 1(dummy0) entered blocking state
[ 2161.349997][T30455] bridge0: port 1(dummy0) entered disabled state
[ 2161.356685][T30455] dummy0: entered allmulticast mode
[ 2161.712815][T30467] netlink: 'syz.1.6985': attribute type 10 has an invalid length.
[ 2161.784440][T30472] netlink: 16 bytes leftover after parsing attributes in process `syz.1.6987'.
[ 2161.849962][T20450] usb 5-1: new high-speed USB device number 86 using dummy_hcd
[ 2162.009538][T20450] usb 5-1: Using ep0 maxpacket: 32
[ 2162.025951][T20450] usb 5-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xA6, changing to 0x86
[ 2162.039418][T20450] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x86 has an invalid bInterval 0, changing to 7
[ 2162.061556][T20450] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x86 has invalid wMaxPacketSize 0
[ 2162.072835][T20450] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x7 has an invalid bInterval 255, changing to 11
[ 2162.086962][T20450] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x7 has invalid maxpacket 59391, setting to 1024
[ 2162.102530][T20450] usb 5-1: New USB device found, idVendor=05ef, idProduct=020a, bcdDevice=91.36
[ 2162.643097][T20450] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 2162.651208][T20450] usb 5-1: Product: syz
[ 2162.655380][T20450] usb 5-1: Manufacturer: syz
[ 2162.660018][T20450] usb 5-1: SerialNumber: syz
[ 2162.668258][T20450] usb 5-1: config 0 descriptor??
[ 2162.971377][T30485] zonefs (nullb0) ERROR: Not a zoned block device
[ 2163.539741][T30495] netlink: 44 bytes leftover after parsing attributes in process `syz.3.6993'.
[ 2163.896305][T30460] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 2163.924414][T20450] iforce 5-1:0.0: usb_submit_urb failed: -32
[ 2163.927913][T30460] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 2163.930521][T20450] input input20: Device does not respond to id packet M
[ 2164.339140][T20450] iforce 5-1:0.0: usb_submit_urb failed: -32
[ 2164.345214][T20450] input input20: Device does not respond to id packet P
[ 2164.428818][T20450] input input20: Device does not respond to id packet B
[ 2164.638206][T20450] iforce 5-1:0.0: usb_submit_urb failed: -71
[ 2164.648754][T20450] input input20: Device does not respond to id packet N
[ 2164.656646][T20450] iforce 5-1:0.0: usb_submit_urb failed: -71
[ 2164.668625][T20450] iforce 5-1:0.0: usb_submit_urb failed: -71
[ 2164.677332][T20450] iforce 5-1:0.0: usb_submit_urb failed: -71
[ 2164.688590][T20450] iforce 5-1:0.0: usb_submit_urb failed: -71
[ 2164.705035][T20450] input: Unknown I-Force Device [%04x:%04x] as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/input/input20
[ 2164.848840][T20450] usb 5-1: USB disconnect, device number 86
[ 2166.493162][T30506] xt_hashlimit: max too large, truncated to 1048576
[ 2167.400045][T30518] netdevsim netdevsim3: Direct firmware load for �J��n���gkN��q>�*x(O�@ēƙ�a�W��fV!����_�)�AD�I��w�C7�;�gB�|h�V`f�?:Vm�UWX:SZ;�˩6h?Ae���i��m�/���S��6��_C?�F failed with error -2
[ 2167.419535][T30518] netdevsim netdevsim3: Falling back to sysfs fallback for: �J��n���gkN��q>�*x(O�@ēƙ�a�W��fV!����_�)�AD�I��w�C7�;�gB�|h�V`f�?:Vm�UWX:SZ;�˩6h?Ae���i��m�/���S��6��_C?�F
[ 2167.615967][T30540] netlink: 112 bytes leftover after parsing attributes in process `syz.0.7005'.
[ 2167.640491][  T979] usb 5-1: new high-speed USB device number 87 using dummy_hcd
[ 2167.798283][  T979] usb 5-1: Using ep0 maxpacket: 16
[ 2167.831709][T30545] netlink: 12 bytes leftover after parsing attributes in process `syz.2.7007'.
[ 2168.004940][  T979] usb 5-1: config 1 has an invalid descriptor of length 171, skipping remainder of the config
[ 2168.035778][  T979] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 3
[ 2168.052298][  T979] usb 5-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[ 2168.061878][  T979] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 2168.070401][  T979] usb 5-1: Product: syz
[ 2168.074639][  T979] usb 5-1: Manufacturer: syz
[ 2168.085206][  T979] usb 5-1: SerialNumber: syz
[ 2168.364882][T30551] batadv_slave_1: entered promiscuous mode
[ 2168.384766][T30550] batadv_slave_1: left promiscuous mode
[ 2168.644365][T30557] overlay: Unknown parameter 'defcontext'
[ 2168.829299][T30562] XFS (nullb0): Invalid superblock magic number
[ 2169.278522][T25084] usb 4-1: new high-speed USB device number 52 using dummy_hcd
[ 2169.447969][T25084] usb 4-1: Using ep0 maxpacket: 16
[ 2169.723059][T25084] usb 4-1: config 0 interface 0 altsetting 2 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 2169.758344][T25084] usb 4-1: config 0 interface 0 altsetting 2 endpoint 0x81 has invalid wMaxPacketSize 0
[ 2169.856788][T30575] xt_hashlimit: max too large, truncated to 1048576
[ 2169.863607][T25084] usb 4-1: config 0 interface 0 has no altsetting 0
[ 2169.890860][T25084] usb 4-1: New USB device found, idVendor=056a, idProduct=0331, bcdDevice= 0.00
[ 2170.100820][T25084] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 2170.149147][  T979] usb 5-1: 0:2 : does not exist
[ 2170.154658][  T979] usb 5-1: unit 9 not found!
[ 2170.687813][T25084] usb 4-1: config 0 descriptor??
[ 2170.701749][T30583] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore
[ 2170.734806][T30583] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent
[ 2170.772580][  T979] usb 5-1: USB disconnect, device number 87
[ 2170.853505][T30590] netlink: 36 bytes leftover after parsing attributes in process `syz.0.7020'.
[ 2170.932422][T25084] usbhid 4-1:0.0: can't add hid device: -71
[ 2170.942159][T25084] usbhid 4-1:0.0: probe with driver usbhid failed with error -71
[ 2170.955492][T25084] usb 4-1: USB disconnect, device number 52
[ 2171.244894][T30601] netlink: 'syz.0.7024': attribute type 1 has an invalid length.
[ 2171.592459][T30610] blktrace: Concurrent blktraces are not allowed on loop3
[ 2171.786373][T30617] XFS (nullb0): Invalid superblock magic number
[ 2171.956627][T30627] netlink: 328 bytes leftover after parsing attributes in process `syz.4.7032'.
[ 2172.211502][T30625] xt_hashlimit: max too large, truncated to 1048576
[ 2172.680896][T30649] blktrace: Concurrent blktraces are not allowed on loop3
[ 2173.106665][T30655] netlink: 48 bytes leftover after parsing attributes in process `syz.4.7040'.
[ 2174.565023][T30672] 9pnet_fd: Insufficient options for proto=fd
[ 2174.640357][ T5901] usb 5-1: new high-speed USB device number 88 using dummy_hcd
[ 2174.817365][ T5901] usb 5-1: Using ep0 maxpacket: 8
[ 2174.833849][ T5901] usb 5-1: New USB device found, idVendor=1557, idProduct=7720, bcdDevice=b7.eb
[ 2174.853357][ T5901] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 2174.883477][ T5901] usb 5-1: config 0 descriptor??
[ 2175.169542][T30688] x_tables: duplicate underflow at hook 1
[ 2175.451437][T30696] netlink: 68 bytes leftover after parsing attributes in process `syz.2.7055'.
[ 2176.331777][ T5901] asix 5-1:0.0 (unnamed net_device) (uninitialized): Failed to write reg index 0x0000: -71
[ 2176.346532][ T5901] asix 5-1:0.0 (unnamed net_device) (uninitialized): Failed to write RX_CTL mode to 0x0088: ffffffb9
[ 2176.369783][ T5901] asix 5-1:0.0: probe with driver asix failed with error -71
[ 2176.382904][ T5901] usb 5-1: USB disconnect, device number 88
[ 2177.676588][T25084] usb 4-1: new high-speed USB device number 53 using dummy_hcd
[ 2177.881756][T25084] usb 4-1: config index 0 descriptor too short (expected 65183, got 72)
[ 2177.898788][T25084] usb 4-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08
[ 2177.908172][T25084] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 2177.916237][T25084] usb 4-1: Product: syz
[ 2177.921328][T25084] usb 4-1: Manufacturer: syz
[ 2177.938097][T25084] usb 4-1: SerialNumber: syz
[ 2178.038225][T25084] usb 4-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested
[ 2178.153244][  T979] usb 4-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008
[ 2178.674059][T30730] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 2178.886710][T30730] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 2178.897510][T30746] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 2178.926020][T30750] netlink: 'syz.4.7075': attribute type 10 has an invalid length.
[ 2178.936703][T30750] bridge0: port 2(bridge_slave_1) entered disabled state
[ 2178.943953][T30750] bridge0: port 1(bridge_slave_0) entered disabled state
[ 2179.035830][T30730] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 2179.126689][T30730] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 2179.148601][T30730] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 2179.157875][T30730] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 2179.188863][  T979] ath9k_htc 4-1:1.0: ath9k_htc: Target is unresponsive
[ 2179.199064][  T979] ath9k_htc: Failed to initialize the device
[ 2179.235155][  T979] usb 4-1: ath9k_htc: USB layer deinitialized
[ 2179.268927][ T5901] usb 4-1: USB disconnect, device number 53
[ 2179.376283][T25084] usb 5-1: new high-speed USB device number 89 using dummy_hcd
[ 2179.527053][T25084] usb 5-1: Using ep0 maxpacket: 8
[ 2179.537991][T25084] usb 5-1: New USB device found, idVendor=1557, idProduct=7720, bcdDevice=b7.eb
[ 2179.556310][T25084] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 2179.702790][T25084] usb 5-1: config 0 descriptor??
[ 2180.300319][ T5901] usb 4-1: new high-speed USB device number 54 using dummy_hcd
[ 2180.516126][ T5901] usb 4-1: Using ep0 maxpacket: 32
[ 2180.540230][ T5901] usb 4-1: config index 0 descriptor too short (expected 241, got 72)
[ 2180.554176][ T5901] usb 4-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xA1, changing to 0x81
[ 2180.572649][ T5901] usb 4-1: config 0 interface 0 altsetting 0 has 6 endpoint descriptors, different from the interface descriptor's value: 5
[ 2180.727998][ T5901] usb 4-1: New USB device found, idVendor=110a, idProduct=2210, bcdDevice=bd.da
[ 2180.737771][ T5901] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 2180.771499][ T5901] usb 4-1: config 0 descriptor??
[ 2181.426052][ T5901] usb 4-1: can't set config #0, error -71
[ 2181.433490][ T5901] usb 4-1: USB disconnect, device number 54
[ 2181.507250][T25084] asix 5-1:0.0 (unnamed net_device) (uninitialized): Failed to write reg index 0x0000: -71
[ 2181.532955][T25084] asix 5-1:0.0 (unnamed net_device) (uninitialized): Failed to write RX_CTL mode to 0x0088: ffffffb9
[ 2181.584043][T25084] asix 5-1:0.0: probe with driver asix failed with error -71
[ 2181.595398][T25084] usb 5-1: USB disconnect, device number 89
[ 2181.900690][T30786] 9pnet_fd: Insufficient options for proto=fd
[ 2181.925945][ T5901] usb 4-1: new high-speed USB device number 55 using dummy_hcd
[ 2182.162129][ T5901] usb 4-1: New USB device found, idVendor=0403, idProduct=6010, bcdDevice=c6.98
[ 2182.178046][ T5901] usb 4-1: New USB device strings: Mfr=14, Product=0, SerialNumber=0
[ 2182.190247][ T5901] usb 4-1: Manufacturer: syz
[ 2182.200510][ T5901] usb 4-1: config 0 descriptor??
[ 2182.210289][ T5901] ftdi_sio 4-1:0.0: FTDI USB Serial Device converter detected
[ 2182.221490][ T5901] ftdi_sio ttyUSB0: unknown device type: 0xc698
[ 2182.522344][T25084] usb 4-1: USB disconnect, device number 55
[ 2182.582823][T25084] ftdi_sio 4-1:0.0: device disconnected
[ 2182.757894][T30802] netlink: 12 bytes leftover after parsing attributes in process `syz.4.7094'.
[ 2182.998870][T30803] xt_hashlimit: max too large, truncated to 1048576
[ 2184.248868][T30826] ALSA: mixer_oss: invalid OSS volume ''
[ 2184.441056][T30830] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 2184.513325][T30829] batman_adv: Cannot find parent device. Skipping batadv-on-batadv check for gretap1
[ 2184.530690][T30834] netlink: 8 bytes leftover after parsing attributes in process `syz.4.7102'.
[ 2184.547353][T30834] openvswitch: netlink: Missing key (keys=40, expected=100)
[ 2186.142964][T30846] netlink: 48 bytes leftover after parsing attributes in process `syz.0.7109'.
[ 2186.211132][T30848] netlink: 12 bytes leftover after parsing attributes in process `syz.3.7108'.
[ 2186.220595][T30848] smc: net device bond0 applied user defined pnetid SY
[ 2186.233800][T30848] smc: net device bond0 erased user defined pnetid SY
[ 2186.686843][   T30] audit: type=1326 audit(1750897304.001:2467): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=30841 comm="syz.4.7107" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd9fa78e929 code=0x7fc00000
[ 2186.716546][   T30] audit: type=1326 audit(1750897304.001:2468): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=30841 comm="syz.4.7107" exe="/root/syz-executor" sig=0 arch=c000003e syscall=270 compat=0 ip=0x7fd9fa78e929 code=0x7fc00000
[ 2186.758246][   T30] audit: type=1326 audit(1750897304.001:2469): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=30841 comm="syz.4.7107" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd9fa78e929 code=0x7fc00000
[ 2186.780031][   T30] audit: type=1326 audit(1750897304.001:2470): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=30841 comm="syz.4.7107" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd9fa78e929 code=0x7fc00000
[ 2186.820880][   T30] audit: type=1326 audit(1750897304.001:2471): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=30841 comm="syz.4.7107" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd9fa78e929 code=0x7fc00000
[ 2186.880555][   T30] audit: type=1326 audit(1750897304.001:2472): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=30841 comm="syz.4.7107" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd9fa78e929 code=0x7fc00000
[ 2186.976787][   T30] audit: type=1326 audit(1750897304.001:2473): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=30841 comm="syz.4.7107" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd9fa78e929 code=0x7fc00000
[ 2187.093005][   T30] audit: type=1326 audit(1750897304.001:2474): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=30841 comm="syz.4.7107" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd9fa78e929 code=0x7fc00000
[ 2187.190283][   T30] audit: type=1326 audit(1750897304.001:2475): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=30841 comm="syz.4.7107" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd9fa78e929 code=0x7fc00000
[ 2187.314397][   T30] audit: type=1326 audit(1750897304.001:2476): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=30841 comm="syz.4.7107" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd9fa78e929 code=0x7fc00000
[ 2190.724830][T30898] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 2190.743504][T30898] FAULT_INJECTION: forcing a failure.
[ 2190.743504][T30898] name failslab, interval 1, probability 0, space 0, times 0
[ 2190.756277][T30898] CPU: 0 UID: 0 PID: 30898 Comm: syz.3.7122 Not tainted 6.16.0-rc3-syzkaller-00057-g92ca6c498a5e #0 PREEMPT(full) 
[ 2190.756301][T30898] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 2190.756313][T30898] Call Trace:
[ 2190.756321][T30898]  <TASK>
[ 2190.756329][T30898]  dump_stack_lvl+0x189/0x250
[ 2190.756361][T30898]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 2190.756385][T30898]  ? __pfx__printk+0x10/0x10
[ 2190.756408][T30898]  ? kasan_check_range+0x80/0x2c0
[ 2190.756515][T30898]  should_fail_ex+0x414/0x560
[ 2190.756542][T30898]  should_failslab+0xa8/0x100
[ 2190.756565][T30898]  __kmalloc_noprof+0xcb/0x4f0
[ 2190.756584][T30898]  ? kfree+0x4d/0x440
[ 2190.756599][T30898]  ? tomoyo_realpath_from_path+0xe3/0x5d0
[ 2190.756628][T30898]  tomoyo_realpath_from_path+0xe3/0x5d0
[ 2190.756653][T30898]  ? tomoyo_domain+0xda/0x130
[ 2190.756683][T30898]  ? tomoyo_path_number_perm+0x1bc/0x5a0
[ 2190.756703][T30898]  tomoyo_path_number_perm+0x1e8/0x5a0
[ 2190.756726][T30898]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[ 2190.756748][T30898]  ? trace_sched_exit_tp+0x38/0x120
[ 2190.756769][T30898]  ? __schedule+0x16c0/0x4cb0
[ 2190.756802][T30898]  ? trace_irq_disable+0x37/0x110
[ 2190.756850][T30898]  ? security_file_ioctl+0x19/0x2d0
[ 2190.756878][T30898]  security_file_ioctl+0xcb/0x2d0
[ 2190.756901][T30898]  __se_sys_ioctl+0x47/0x170
[ 2190.756922][T30898]  do_syscall_64+0xfa/0x3b0
[ 2190.756947][T30898]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 2190.756963][T30898]  ? asm_sysvec_reschedule_ipi+0x1a/0x20
[ 2190.756979][T30898]  ? clear_bhb_loop+0x60/0xb0
[ 2190.757000][T30898]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 2190.757017][T30898] RIP: 0033:0x7fae00f8e929
[ 2190.757033][T30898] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 2190.757048][T30898] RSP: 002b:00007fadfedd5038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 2190.757067][T30898] RAX: ffffffffffffffda RBX: 00007fae011b6160 RCX: 00007fae00f8e929
[ 2190.757079][T30898] RDX: 0000200000000000 RSI: 00000000c0405602 RDI: 0000000000000007
[ 2190.757091][T30898] RBP: 00007fadfedd5090 R08: 0000000000000000 R09: 0000000000000000
[ 2190.757102][T30898] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 2190.757113][T30898] R13: 0000000000000000 R14: 00007fae011b6160 R15: 00007ffef6ec1ca8
[ 2190.757142][T30898]  </TASK>
[ 2190.757176][T30898] ERROR: Out of memory at tomoyo_realpath_from_path.
[ 2191.745155][T30902] ALSA: mixer_oss: invalid OSS volume ''
[ 2191.807547][T30902] batman_adv: Cannot find parent device. Skipping batadv-on-batadv check for gretap1
[ 2191.854309][T30910] netlink: 8 bytes leftover after parsing attributes in process `syz.4.7126'.
[ 2191.863607][T30910] openvswitch: netlink: Missing key (keys=40, expected=100)
[ 2191.941312][T30911] netlink: 8 bytes leftover after parsing attributes in process `syz.2.7129'.
[ 2192.005008][T30906] netlink: 12 bytes leftover after parsing attributes in process `syz.3.7127'.
[ 2193.226363][   T30] kauditd_printk_skb: 251 callbacks suppressed
[ 2193.226380][   T30] audit: type=1326 audit(1750897310.542:2728): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=30903 comm="syz.1.7128" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2f67f8e929 code=0x7fc00000
[ 2193.275807][   T30] audit: type=1326 audit(1750897310.572:2729): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=30903 comm="syz.1.7128" exe="/root/syz-executor" sig=0 arch=c000003e syscall=270 compat=0 ip=0x7f2f67f8e929 code=0x7fc00000
[ 2193.313218][   T30] audit: type=1326 audit(1750897310.572:2730): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=30903 comm="syz.1.7128" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2f67f8e929 code=0x7fc00000
[ 2193.340633][   T30] audit: type=1326 audit(1750897310.572:2731): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=30903 comm="syz.1.7128" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2f67f8e929 code=0x7fc00000
[ 2193.396316][   T30] audit: type=1326 audit(1750897310.572:2732): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=30903 comm="syz.1.7128" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2f67f8e929 code=0x7fc00000
[ 2193.429747][   T30] audit: type=1326 audit(1750897310.572:2733): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=30903 comm="syz.1.7128" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2f67f8e929 code=0x7fc00000
[ 2193.455543][   T30] audit: type=1326 audit(1750897310.572:2734): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=30903 comm="syz.1.7128" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2f67f8e929 code=0x7fc00000
[ 2193.525254][   T30] audit: type=1326 audit(1750897310.572:2735): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=30903 comm="syz.1.7128" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2f67f8e929 code=0x7fc00000
[ 2193.571934][   T30] audit: type=1326 audit(1750897310.572:2736): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=30903 comm="syz.1.7128" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2f67f8e929 code=0x7fc00000
[ 2193.593968][   T30] audit: type=1326 audit(1750897310.572:2737): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=30903 comm="syz.1.7128" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2f67f8e929 code=0x7fc00000
[ 2193.797435][T10872] Bluetooth: hci2: unexpected event for opcode 0x0c7a
[ 2193.842981][T30935] macvlan2: entered allmulticast mode
[ 2193.959814][T30940] netlink: 8 bytes leftover after parsing attributes in process `syz.2.7139'.
[ 2193.971026][T30937] batman_adv: Cannot find parent device. Skipping batadv-on-batadv check for gretap1
[ 2193.985355][T30940] openvswitch: netlink: Missing key (keys=40, expected=100)
[ 2194.047614][T25084] usb 5-1: new full-speed USB device number 90 using dummy_hcd
[ 2194.076312][T30943] netlink: 'syz.3.7141': attribute type 33 has an invalid length.
[ 2194.643401][T25084] usb 5-1: config 0 has an invalid interface number: 31 but max is 0
[ 2194.670423][T25084] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 2194.700988][T25084] usb 5-1: config 0 has no interface number 0
[ 2194.719460][T25084] usb 5-1: New USB device found, idVendor=046d, idProduct=08c3, bcdDevice=6b.16
[ 2194.789186][T25084] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 2194.800881][T25084] usb 5-1: Product: syz
[ 2194.805791][T25084] usb 5-1: Manufacturer: syz
[ 2194.810411][T25084] usb 5-1: SerialNumber: syz
[ 2194.822404][T25084] usb 5-1: config 0 descriptor??
[ 2194.837741][T25084] hub 5-1:0.31: bad descriptor, ignoring hub
[ 2194.853678][T25084] hub 5-1:0.31: probe with driver hub failed with error -5
[ 2194.865444][T25084] usb 5-1: Found UVC 0.04 device syz (046d:08c3)
[ 2194.873528][T30947] bond4: entered allmulticast mode
[ 2194.881606][T25084] uvcvideo 5-1:0.31: Entity type for entity Output 6 was not initialized!
[ 2194.914146][T25084] usb 5-1: Failed to create links for entity 6
[ 2194.940781][T25084] usb 5-1: Failed to register entities (-22).
[ 2195.058508][T30951] netlink: 12 bytes leftover after parsing attributes in process `syz.3.7142'.
[ 2195.088461][T30931] netlink: 12 bytes leftover after parsing attributes in process `syz.4.7137'.
[ 2195.113884][T30961] netlink: 68 bytes leftover after parsing attributes in process `syz.0.7145'.
[ 2195.276135][T30967] netlink: 'syz.2.7148': attribute type 2 has an invalid length.
[ 2195.285280][ T5901] usb 5-1: USB disconnect, device number 90
[ 2195.295265][T30967] netlink: 'syz.2.7148': attribute type 1 has an invalid length.
[ 2195.304980][T30967] netlink: 'syz.2.7148': attribute type 1 has an invalid length.
[ 2195.312736][T30967] netlink: 'syz.2.7148': attribute type 2 has an invalid length.
[ 2195.327888][T30967] netlink: 11 bytes leftover after parsing attributes in process `syz.2.7148'.
[ 2195.359218][T30966] netlink: 8 bytes leftover after parsing attributes in process `syz.1.7144'.
[ 2195.501670][T30977] netlink: 12 bytes leftover after parsing attributes in process `syz.2.7152'.
[ 2195.683550][ T5901] usb 4-1: new high-speed USB device number 56 using dummy_hcd
[ 2196.404121][T20450] usb 5-1: new high-speed USB device number 91 using dummy_hcd
[ 2196.465553][ T5901] usb 4-1: New USB device found, idVendor=0403, idProduct=6010, bcdDevice=c6.98
[ 2196.487492][ T5901] usb 4-1: New USB device strings: Mfr=14, Product=0, SerialNumber=0
[ 2196.509793][ T5901] usb 4-1: Manufacturer: syz
[ 2196.581042][ T5901] usb 4-1: config 0 descriptor??
[ 2196.667330][T20450] usb 5-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[ 2196.785449][T20450] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7
[ 2196.887025][T20450] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0
[ 2196.982872][T20450] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[ 2197.083907][T20450] usb 5-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[ 2197.182534][T20450] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 2197.450113][T20450] usb 5-1: config 0 descriptor??
[ 2197.845152][ T5901] ftdi_sio 4-1:0.0: FTDI USB Serial Device converter detected
[ 2197.861218][ T5901] ftdi_sio ttyUSB0: unknown device type: 0xc698
[ 2197.956181][T20450] plantronics 0003:047F:FFFF.000F: No inputs registered, leaving
[ 2198.791494][T20450] plantronics 0003:047F:FFFF.000F: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.4-1/input0
[ 2198.850372][T20450] usb 4-1: USB disconnect, device number 56
[ 2198.859677][T20450] ftdi_sio 4-1:0.0: device disconnected
[ 2198.880318][T30990] __nla_validate_parse: 1 callbacks suppressed
[ 2198.880331][T30990] netlink: 12 bytes leftover after parsing attributes in process `syz.1.7155'.
[ 2199.131239][T30998] XFS (nullb0): Invalid superblock magic number
[ 2199.317583][T31007] xt_hashlimit: max too large, truncated to 1048576
[ 2199.942607][T20450] usb 5-1: USB disconnect, device number 91
[ 2200.412248][T31015] netlink: 'syz.4.7164': attribute type 1 has an invalid length.
[ 2200.456485][T31015] netlink: 224 bytes leftover after parsing attributes in process `syz.4.7164'.
[ 2200.493696][T31006] netlink: 12 bytes leftover after parsing attributes in process `syz.1.7160'.
[ 2201.263683][   T30] kauditd_printk_skb: 61 callbacks suppressed
[ 2201.263702][   T30] audit: type=1326 audit(1750897318.553:2799): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=31012 comm="syz.2.7162" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f261af8e929 code=0x7fc00000
[ 2201.292409][T20450] usb 5-1: new full-speed USB device number 92 using dummy_hcd
[ 2201.323334][   T30] audit: type=1326 audit(1750897318.613:2800): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=31012 comm="syz.2.7162" exe="/root/syz-executor" sig=0 arch=c000003e syscall=46 compat=0 ip=0x7f261af8e929 code=0x7fc00000
[ 2201.598518][T31026] netlink: 8 bytes leftover after parsing attributes in process `syz.0.7165'.
[ 2201.800275][T20450] usb 5-1: config 1 has an invalid interface descriptor of length 2, skipping
[ 2201.816044][T20450] usb 5-1: config 1 has an invalid descriptor of length 36, skipping remainder of the config
[ 2201.844172][T20450] usb 5-1: too many endpoints for config 1 interface 0 altsetting 7: 255, using maximum allowed: 30
[ 2201.865835][T20450] usb 5-1: config 1 interface 0 altsetting 7 has 0 endpoint descriptors, different from the interface descriptor's value: 255
[ 2201.892563][T20450] usb 5-1: config 1 interface 0 has no altsetting 0
[ 2201.905428][T20450] usb 5-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[ 2201.914628][T20450] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1
[ 2201.922683][T20450] usb 5-1: SerialNumber: syz
[ 2201.953817][T20450] cdc_acm 5-1:1.0: Control and data interfaces are not separated!
[ 2201.961668][T20450] cdc_acm 5-1:1.0: This needs exactly 3 endpoints
[ 2201.991379][T20450] cdc_acm 5-1:1.0: probe with driver cdc_acm failed with error -22
[ 2202.036948][T31030] netlink: 'syz.2.7167': attribute type 10 has an invalid length.
[ 2202.147756][T31030] bridge0: entered promiscuous mode
[ 2202.153653][T31030] bond0: (slave bridge0): Enslaving as an active interface with an up link
[ 2202.737679][T31044] F2FS-fs (nullb0): Magic Mismatch, valid(0xf2f52010) - read(0x0)
[ 2202.745618][T31044] F2FS-fs (nullb0): Can't find valid F2FS filesystem in 1th superblock
[ 2202.754135][T31044] F2FS-fs (nullb0): Magic Mismatch, valid(0xf2f52010) - read(0x0)
[ 2202.761955][T31044] F2FS-fs (nullb0): Can't find valid F2FS filesystem in 2th superblock
[ 2202.816950][T25084] usb 5-1: USB disconnect, device number 92
[ 2203.634830][T10872] Bluetooth: hci2: unexpected event for opcode 0x0c7a
[ 2203.929168][T31066] FAULT_INJECTION: forcing a failure.
[ 2203.929168][T31066] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 2203.942692][T31066] CPU: 1 UID: 0 PID: 31066 Comm: syz.3.7174 Not tainted 6.16.0-rc3-syzkaller-00057-g92ca6c498a5e #0 PREEMPT(full) 
[ 2203.942718][T31066] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 2203.942729][T31066] Call Trace:
[ 2203.942738][T31066]  <TASK>
[ 2203.942745][T31066]  dump_stack_lvl+0x189/0x250
[ 2203.942774][T31066]  ? __pfx____ratelimit+0x10/0x10
[ 2203.942798][T31066]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 2203.942821][T31066]  ? __pfx__printk+0x10/0x10
[ 2203.942839][T31066]  ? __might_fault+0xb0/0x130
[ 2203.942870][T31066]  should_fail_ex+0x414/0x560
[ 2203.942896][T31066]  _copy_from_iter+0x1db/0x16f0
[ 2203.942923][T31066]  ? rcu_is_watching+0x15/0xb0
[ 2203.942948][T31066]  ? kmem_cache_alloc_node_noprof+0x217/0x3c0
[ 2203.942971][T31066]  ? __pfx__copy_from_iter+0x10/0x10
[ 2203.942996][T31066]  ? __build_skb_around+0x257/0x3e0
[ 2203.943017][T31066]  ? netlink_sendmsg+0x642/0xb30
[ 2203.943034][T31066]  ? skb_put+0x11b/0x210
[ 2203.943055][T31066]  netlink_sendmsg+0x6b2/0xb30
[ 2203.943085][T31066]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 2203.943113][T31066]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 2203.943133][T31066]  __sock_sendmsg+0x219/0x270
[ 2203.943160][T31066]  ____sys_sendmsg+0x505/0x830
[ 2203.943185][T31066]  ? __pfx_____sys_sendmsg+0x10/0x10
[ 2203.943215][T31066]  ? import_iovec+0x74/0xa0
[ 2203.943234][T31066]  ___sys_sendmsg+0x21f/0x2a0
[ 2203.943257][T31066]  ? __pfx____sys_sendmsg+0x10/0x10
[ 2203.943320][T31066]  ? __fget_files+0x2a/0x420
[ 2203.943341][T31066]  ? __fget_files+0x3a0/0x420
[ 2203.943373][T31066]  __x64_sys_sendmsg+0x19b/0x260
[ 2203.943395][T31066]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[ 2203.943440][T31066]  do_syscall_64+0xfa/0x3b0
[ 2203.943465][T31066]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 2203.943481][T31066]  ? asm_sysvec_reschedule_ipi+0x1a/0x20
[ 2203.943498][T31066]  ? clear_bhb_loop+0x60/0xb0
[ 2203.943518][T31066]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 2203.943535][T31066] RIP: 0033:0x7fae00f8e929
[ 2203.943551][T31066] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 2203.943565][T31066] RSP: 002b:00007fadfedd5038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 2203.943584][T31066] RAX: ffffffffffffffda RBX: 00007fae011b6160 RCX: 00007fae00f8e929
[ 2203.943597][T31066] RDX: 0000000004004010 RSI: 0000200000000000 RDI: 0000000000000003
[ 2203.943609][T31066] RBP: 00007fadfedd5090 R08: 0000000000000000 R09: 0000000000000000
[ 2203.943619][T31066] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 2203.943630][T31066] R13: 0000000000000000 R14: 00007fae011b6160 R15: 00007ffef6ec1ca8
[ 2203.943659][T31066]  </TASK>
[ 2205.126910][T31079] netdevsim netdevsim4: Direct firmware load for �J��n���gkN��q>�*x(O�@ēƙ�a�W��fV!����_�)�AD�I��w�C7�;�gB�|h�V`f�?:Vm�UWX:SZ;�˩6h?Ae���i��m�/���S��6��_C?�F failed with error -2
[ 2205.591888][T31079] netdevsim netdevsim4: Falling back to sysfs fallback for: �J��n���gkN��q>�*x(O�@ēƙ�a�W��fV!����_�)�AD�I��w�C7�;�gB�|h�V`f�?:Vm�UWX:SZ;�˩6h?Ae���i��m�/���S��6��_C?�F
[ 2205.646938][T31082] overlayfs: failed to clone upperpath
[ 2206.763184][T31086] netlink: 12 bytes leftover after parsing attributes in process `syz.3.7181'.
[ 2209.208236][T31124] sp0: Synchronizing with TNC
[ 2209.747070][T31142] netlink: 12 bytes leftover after parsing attributes in process `syz.1.7200'.
[ 2210.392656][T31147] netlink: 'syz.2.7201': attribute type 10 has an invalid length.
[ 2210.639081][T31150] netlink: 12 bytes leftover after parsing attributes in process `syz.4.7202'.
[ 2211.857166][T31163] tipc: Enabling of bearer <udp:syI*> rejected, failed to enable media
[ 2212.057381][T31177] xt_hashlimit: max too large, truncated to 1048576
[ 2212.075984][T31169] XFS (nullb0): Invalid superblock magic number
[ 2212.169866][T31181] netlink: 328 bytes leftover after parsing attributes in process `syz.4.7209'.
[ 2213.835942][T31199] netlink: 12 bytes leftover after parsing attributes in process `syz.4.7213'.
[ 2214.314858][T31210] netlink: 32 bytes leftover after parsing attributes in process `syz.2.7219'.
[ 2214.439618][   T30] audit: type=1326 audit(1750897331.755:2801): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=31204 comm="syz.2.7219" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f261af8e929 code=0x7ffc0000
[ 2214.461636][   T30] audit: type=1326 audit(1750897331.755:2802): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=31204 comm="syz.2.7219" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f261af8e929 code=0x7ffc0000
[ 2214.485566][   T30] audit: type=1326 audit(1750897331.755:2803): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=31204 comm="syz.2.7219" exe="/root/syz-executor" sig=0 arch=c000003e syscall=61 compat=0 ip=0x7f261af8e929 code=0x7ffc0000
[ 2214.560262][   T30] audit: type=1326 audit(1750897331.876:2804): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=31204 comm="syz.2.7219" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f261af2ab19 code=0x7ffc0000
[ 2214.589813][   T30] audit: type=1326 audit(1750897331.876:2805): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=31204 comm="syz.2.7219" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f261af8e929 code=0x7ffc0000
[ 2214.617285][   T30] audit: type=1326 audit(1750897331.906:2806): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=31204 comm="syz.2.7219" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f261af8e929 code=0x7ffc0000
[ 2215.120308][  T979] usb 5-1: new high-speed USB device number 93 using dummy_hcd
[ 2215.280437][  T979] usb 5-1: Using ep0 maxpacket: 16
[ 2215.291533][  T979] usb 5-1: config 0 interface 0 altsetting 2 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 2215.323768][  T979] usb 5-1: config 0 interface 0 altsetting 2 endpoint 0x81 has invalid wMaxPacketSize 0
[ 2215.338302][  T979] usb 5-1: config 0 interface 0 has no altsetting 0
[ 2215.349355][  T979] usb 5-1: New USB device found, idVendor=056a, idProduct=0331, bcdDevice= 0.00
[ 2215.379141][  T979] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 2215.437147][T31226] netlink: 'syz.0.7226': attribute type 1 has an invalid length.
[ 2215.461564][  T979] usb 5-1: config 0 descriptor??
[ 2216.357003][T31236] XFS (nullb0): Invalid superblock magic number
[ 2217.517697][  T979] usbhid 5-1:0.0: can't add hid device: -71
[ 2217.529945][  T979] usbhid 5-1:0.0: probe with driver usbhid failed with error -71
[ 2217.550268][  T979] usb 5-1: USB disconnect, device number 93
[ 2217.817864][T31259] netlink: 68 bytes leftover after parsing attributes in process `syz.0.7231'.
[ 2220.148417][T31275] sp0: Synchronizing with TNC
[ 2221.089319][  T979] usb 5-1: new high-speed USB device number 94 using dummy_hcd
[ 2221.379346][  T979] usb 5-1: Using ep0 maxpacket: 16
[ 2221.386590][  T979] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 2221.397694][  T979] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 2221.407592][  T979] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[ 2221.420607][  T979] usb 5-1: New USB device found, idVendor=1e7d, idProduct=31ce, bcdDevice= 0.00
[ 2221.429898][  T979] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 2221.440043][  T979] usb 5-1: config 0 descriptor??
[ 2221.748783][   T30] audit: type=1326 audit(1750897339.057:2807): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=31294 comm="syz.1.7246" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2f67f8e929 code=0x7fc00000
[ 2221.779513][   T30] audit: type=1326 audit(1750897339.057:2808): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=31294 comm="syz.1.7246" exe="/root/syz-executor" sig=0 arch=c000003e syscall=270 compat=0 ip=0x7f2f67f8e929 code=0x7fc00000
[ 2221.801656][   T30] audit: type=1326 audit(1750897339.057:2809): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=31294 comm="syz.1.7246" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2f67f8e929 code=0x7fc00000
[ 2221.824706][   T30] audit: type=1326 audit(1750897339.057:2810): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=31294 comm="syz.1.7246" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2f67f8e929 code=0x7fc00000
[ 2221.847856][   T30] audit: type=1326 audit(1750897339.057:2811): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=31294 comm="syz.1.7246" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2f67f8e929 code=0x7fc00000
[ 2221.856047][T31287] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 2221.870909][   T30] audit: type=1326 audit(1750897339.097:2812): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=31294 comm="syz.1.7246" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2f67f8e929 code=0x7fc00000
[ 2221.885113][T31287] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 2221.901170][   T30] audit: type=1326 audit(1750897339.097:2813): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=31294 comm="syz.1.7246" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2f67f8e929 code=0x7fc00000
[ 2221.907514][    C1] vkms_vblank_simulate: vblank timer overrun
[ 2221.928592][  T979] ryos 0003:1E7D:31CE.0010: collection stack underflow
[ 2221.930493][   T30] audit: type=1326 audit(1750897339.097:2814): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=31294 comm="syz.1.7246" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2f67f8e929 code=0x7fc00000
[ 2221.944489][  T979] ryos 0003:1E7D:31CE.0010: item 0 2 0 12 parsing failed
[ 2221.974993][   T30] audit: type=1326 audit(1750897339.287:2815): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=31298 comm="syz.3.7247" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fae00f8e929 code=0x7fc00000
[ 2221.997259][   T30] audit: type=1326 audit(1750897339.287:2816): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=31298 comm="syz.3.7247" exe="/root/syz-executor" sig=0 arch=c000003e syscall=270 compat=0 ip=0x7fae00f8e929 code=0x7fc00000
[ 2222.003219][  T979] ryos 0003:1E7D:31CE.0010: parse failed
[ 2222.033499][  T979] ryos 0003:1E7D:31CE.0010: probe with driver ryos failed with error -22
[ 2222.205073][  T979] usb 5-1: USB disconnect, device number 94
[ 2222.798381][T31308] netlink: 12 bytes leftover after parsing attributes in process `syz.3.7249'.
[ 2223.083658][T30161]  non-paged memory
[ 2223.090033][T30161] list_del corruption, ffff8880308bc900->next is LIST_POISON1 (dead000000000100)
[ 2223.112120][T30161] ------------[ cut here ]------------
[ 2223.117679][T30161] kernel BUG at lib/list_debug.c:58!
[ 2223.154458][T30161] Oops: invalid opcode: 0000 [#1] SMP KASAN PTI
[ 2223.160740][T30161] CPU: 1 UID: 0 PID: 30161 Comm: kworker/u9:0 Not tainted 6.16.0-rc3-syzkaller-00057-g92ca6c498a5e #0 PREEMPT(full) 
[ 2223.172983][T30161] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 2223.183043][T30161] Workqueue: hci2 hci_conn_timeout
[ 2223.188155][T30161] RIP: 0010:__list_del_entry_valid_or_report+0x10e/0x190
[ 2223.195235][T30161] Code: 40 bd e1 8b 48 89 de e8 d0 00 67 fc 90 0f 0b 4c 89 e7 e8 c5 86 40 fd 48 c7 c7 a0 bd e1 8b 48 89 de 4c 89 e2 e8 b3 00 67 fc 90 <0f> 0b 4c 89 e7 e8 a8 86 40 fd 48 c7 c7 00 be e1 8b 48 89 de 4c 89
[ 2223.214834][T30161] RSP: 0018:ffffc9000f0f7980 EFLAGS: 00010246
[ 2223.220894][T30161] RAX: 000000000000004e RBX: ffff8880308bc900 RCX: 24eb1744daac2c00
[ 2223.228856][T30161] RDX: 0000000000000000 RSI: 0000000080000000 RDI: 0000000000000000
[ 2223.236823][T30161] RBP: ffffffff8a6eb2b0 R08: 0000000000000003 R09: 0000000000000004
[ 2223.244871][T30161] R10: dffffc0000000000 R11: fffffbfff1bfaa04 R12: dead000000000100
[ 2223.252827][T30161] R13: dffffc0000000000 R14: dead000000000100 R15: dead000000000122
[ 2223.260789][T30161] FS:  0000000000000000(0000) GS:ffff888125d83000(0000) knlGS:0000000000000000
[ 2223.269706][T30161] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 2223.276271][T30161] CR2: 0000200000003000 CR3: 0000000038756000 CR4: 00000000003526f0
[ 2223.284229][T30161] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 2223.292185][T30161] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 2223.300144][T30161] Call Trace:
[ 2223.303409][T30161]  <TASK>
[ 2223.306327][T30161]  hci_cmd_sync_dequeue_once+0x24a/0x370
[ 2223.311956][T30161]  hci_cancel_connect_sync+0xc8/0x120
[ 2223.317316][T30161]  hci_abort_conn+0x191/0x330
[ 2223.321981][T30161]  ? process_scheduled_works+0x9ef/0x17b0
[ 2223.327688][T30161]  process_scheduled_works+0xade/0x17b0
[ 2223.333247][T30161]  ? __pfx_process_scheduled_works+0x10/0x10
[ 2223.339234][T30161]  worker_thread+0x8a0/0xda0
[ 2223.343827][T30161]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[ 2223.350158][T30161]  ? __kthread_parkme+0x7b/0x200
[ 2223.355102][T30161]  kthread+0x70e/0x8a0
[ 2223.359169][T30161]  ? __pfx_worker_thread+0x10/0x10
[ 2223.364275][T30161]  ? __pfx_kthread+0x10/0x10
[ 2223.368859][T30161]  ? _raw_spin_unlock_irq+0x23/0x50
[ 2223.374049][T30161]  ? lockdep_hardirqs_on+0x9c/0x150
[ 2223.379237][T30161]  ? __pfx_kthread+0x10/0x10
[ 2223.383813][T30161]  ret_from_fork+0x3fc/0x770
[ 2223.388394][T30161]  ? __pfx_ret_from_fork+0x10/0x10
[ 2223.393498][T30161]  ? __switch_to_asm+0x39/0x70
[ 2223.398267][T30161]  ? __switch_to_asm+0x33/0x70
[ 2223.403027][T30161]  ? __pfx_kthread+0x10/0x10
[ 2223.407605][T30161]  ret_from_fork_asm+0x1a/0x30
[ 2223.412360][T30161]  </TASK>
[ 2223.415379][T30161] Modules linked in:
[ 2223.419365][    C1] vkms_vblank_simulate: vblank timer overrun
[ 2223.426509][T30161] ---[ end trace 0000000000000000 ]---
[ 2223.593362][T30161] RIP: 0010:__list_del_entry_valid_or_report+0x10e/0x190
[ 2223.600473][T30161] Code: 40 bd e1 8b 48 89 de e8 d0 00 67 fc 90 0f 0b 4c 89 e7 e8 c5 86 40 fd 48 c7 c7 a0 bd e1 8b 48 89 de 4c 89 e2 e8 b3 00 67 fc 90 <0f> 0b 4c 89 e7 e8 a8 86 40 fd 48 c7 c7 00 be e1 8b 48 89 de 4c 89
[ 2223.620154][T30161] RSP: 0018:ffffc9000f0f7980 EFLAGS: 00010246
[ 2223.626239][T30161] RAX: 000000000000004e RBX: ffff8880308bc900 RCX: 24eb1744daac2c00
[ 2223.634417][T30161] RDX: 0000000000000000 RSI: 0000000080000000 RDI: 0000000000000000
[ 2223.642478][T30161] RBP: ffffffff8a6eb2b0 R08: 0000000000000003 R09: 0000000000000004
[ 2223.650495][T30161] R10: dffffc0000000000 R11: fffffbfff1bfaa04 R12: dead000000000100
[ 2223.658478][T30161] R13: dffffc0000000000 R14: dead000000000100 R15: dead000000000122
[ 2223.666546][T30161] FS:  0000000000000000(0000) GS:ffff888125d83000(0000) knlGS:0000000000000000
[ 2223.675700][T30161] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 2223.682369][T30161] CR2: 0000200000004000 CR3: 0000000038756000 CR4: 00000000003526f0
[ 2223.690382][T30161] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 2223.691371][T31310] overlayfs: failed to verify upper (1385/file1, ino=7268, err=-116)
[ 2223.698348][T30161] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 2223.698373][T30161] Kernel panic - not syncing: Fatal exception
[ 2223.698602][T30161] Kernel Offset: disabled